From f07aa71366bc4a95718422862ed991bba19c1ae4 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 9 Oct 2025 15:43:10 -0300 Subject: [PATCH 001/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dms': 'github:AvengeMedia/DankMaterialShell/97dbd40f07dd3dc38de9bdef1d8f0f3104e555fa?narHash=sha256-STgmLwdIAhEHgBWb949L2VqDz%2BCu7nk%2BHGPLuenjzUE%3D' (2025-10-09) → 'github:AvengeMedia/DankMaterialShell/b06e48a4449734eed6a898d8727e8f8278c8f302?narHash=sha256-Wnx%2Bz35X6hhnqRMquNplQ3F/PPf22EnAMo2RMD7BrxA%3D' (2025-10-09) • Updated input 'home-manager': 'github:nix-community/home-manager/dd026d86420781e84d0732f2fa28e1c051117b59?narHash=sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM%3D' (2025-08-19) → 'github:nix-community/home-manager/5d61767c8dee7f9c66991335795dbca9e801c25a?narHash=sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr%2BjigYR9p4GS0tME%3D' (2025-10-09) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27) → 'github:nix-community/home-manager/3b955f5f0a942f9f60cdc9cacb7844335d0f21c3?narHash=sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA%3D' (2025-09-21) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/f1d16001cb2f32d61cd49e527d111c43c457e629?narHash=sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg%3D' (2025-08-18) → 'github:nix-community/nixos-cli/437b586743c3d06b0a72893097395b10e70a2b7b?narHash=sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg%3D' (2025-10-07) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/8679b16e11becd487b45d568358ddf9d5640d860?narHash=sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7%2BTa4KA%2BBmneDA%3D' (2025-07-31) → 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) → 'github:nixos/nixpkgs/c9b6fb798541223bbb396d287d16f43520250518?narHash=sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH%2B47XEBo%3D' (2025-10-07) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19) → 'github:nixos/nixpkgs/20c4598c84a671783f741e02bf05cbfaf4907cff?narHash=sha256-a0%2Bh02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0%3D' (2025-10-06) --- flake.lock | 384 +++++++++++++---------------------------------------- 1 file changed, 89 insertions(+), 295 deletions(-) diff --git a/flake.lock b/flake.lock index 44d74f1..02edb27 100644 --- a/flake.lock +++ b/flake.lock @@ -23,73 +23,6 @@ "type": "github" } }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -112,6 +45,27 @@ "type": "github" } }, + "dgop": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759769087, + "narHash": "sha256-b4dEAjvIfIkw2/C47aZGDnwhTBEjqptDo8J5PizeTCo=", + "owner": "AvengeMedia", + "repo": "dgop", + "rev": "ad6ad285e8b882c41eb8994ef7c91e151afb9a97", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "dgop", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -133,19 +87,47 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, + "dms": { + "inputs": { + "dgop": "dgop", + "dms-cli": "dms-cli", + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell" + }, "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "lastModified": 1760034643, + "narHash": "sha256-Wnx+z35X6hhnqRMquNplQ3F/PPf22EnAMo2RMD7BrxA=", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "rev": "b06e48a4449734eed6a898d8727e8f8278c8f302", "type": "github" }, "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "type": "github" + } + }, + "dms-cli": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759946376, + "narHash": "sha256-/kQpJPH1y+U6V7N3bbGzvNRGfk9VuxdZev9Os4bS5ZQ=", + "owner": "AvengeMedia", + "repo": "danklinux", + "rev": "98db89ffba290265bc4a886d13b8a27a53fdaca1", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "danklinux", "type": "github" } }, @@ -165,27 +147,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -204,39 +165,6 @@ "type": "github" } }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.2", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -265,11 +193,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -286,11 +214,11 @@ ] }, "locked": { - "lastModified": 1755625756, - "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", + "lastModified": 1760033152, + "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", "owner": "nix-community", "repo": "home-manager", - "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", + "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", "type": "github" }, "original": { @@ -359,11 +287,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1755531224, - "narHash": "sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg=", + "lastModified": 1759846470, + "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "f1d16001cb2f32d61cd49e527d111c43c457e629", + "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", "type": "github" }, "original": { @@ -390,11 +318,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1755593991, - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", + "lastModified": 1759735786, + "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", + "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", "type": "github" }, "original": { @@ -406,11 +334,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753934836, - "narHash": "sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7+Ta4KA+BmneDA=", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8679b16e11becd487b45d568358ddf9d5640d860", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", "type": "github" }, "original": { @@ -422,11 +350,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1759831965, + "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "c9b6fb798541223bbb396d287d16f43520250518", "type": "github" }, "original": { @@ -436,43 +364,39 @@ "type": "github" } }, - "nur": { + "quickshell": { "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], "nixpkgs": [ - "stylix", + "dms", "nixpkgs" ] }, "locked": { - "lastModified": 1751906969, - "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", - "owner": "nix-community", - "repo": "NUR", - "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", - "type": "github" + "lastModified": 1759610621, + "narHash": "sha256-P3UPFd95mS/3aNgy40nCXAmyfR2bEEBd+tX6xfkYFb0=", + "ref": "refs/heads/master", + "rev": "c5c438f1cd1a76660a8658ef929a3d19e968e2ce", + "revCount": 689, + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" } }, "root": { "inputs": { "agenix": "agenix", "disko": "disko", + "dms": "dms", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" + "nixpkgs-stable": "nixpkgs-stable" } }, "rust-overlay": { @@ -497,40 +421,6 @@ "type": "github" } }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts", - "gnome-shell": "gnome-shell", - "nixpkgs": [ - "nixpkgs" - ], - "nur": "nur", - "systems": "systems_3", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1755708361, - "narHash": "sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ=", - "owner": "danth", - "repo": "stylix", - "rev": "2355da455d7188228aaf20ac16ea9386e5aa6f0c", - "type": "github" - }, - "original": { - "owner": "danth", - "repo": "stylix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -560,102 +450,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1750770351, - "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1751159871, - "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1751158968, - "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } } }, "root": "root", From 3614169a29178696389f8c2bd9ee74885ef89d9a Mon Sep 17 00:00:00 2001 From: William Date: Thu, 9 Oct 2025 21:53:56 -0300 Subject: [PATCH 002/129] hyprland and dms --- flake.nix | 14 +-- hosts/modules/default.nix | 1 - hosts/modules/desktop.nix | 10 +- hosts/modules/rotterdam/hardware.nix | 5 +- hosts/modules/stylix.nix | 63 ----------- packages/plasticity.nix | 1 - users/modules/programs.nix | 10 +- users/modules/user/programs.nix | 157 ++++++++++++++++++++++++++- users/user.nix | 3 +- 9 files changed, 169 insertions(+), 95 deletions(-) delete mode 100644 hosts/modules/stylix.nix diff --git a/flake.nix b/flake.nix index 9b13d69..1d808be 100644 --- a/flake.nix +++ b/flake.nix @@ -14,11 +14,6 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - stylix = { - url = "github:danth/stylix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; @@ -29,6 +24,11 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; + dms = { + url = "github:AvengeMedia/DankMaterialShell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; @@ -43,8 +43,8 @@ nixpkgs-stable, home-manager, home-manager-stable, - stylix, disko, + dms, agenix, nixos-cli, nix-flatpak, @@ -91,7 +91,6 @@ hm.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak - stylix.nixosModules.stylix nixos-cli.nixosModules.nixos-cli { nixpkgs.overlays = [ @@ -100,6 +99,7 @@ } ]; workstationModules = [ + dms.nixosModules.greeter { nixpkgs.overlays = [ self.overlays.workstationOverlay diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 64c4aef..99cf017 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -13,7 +13,6 @@ ./programs.nix ./security.nix ./services.nix - ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 6002f3e..45dd1db 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -19,10 +19,6 @@ (lib.mkIf hostType.isWorkstation { services = { displayManager = { - autoLogin = { - enable = true; - user = "user"; - }; sddm = { enable = true; wayland = { @@ -31,7 +27,6 @@ }; }; }; - desktopManager.plasma6.enable = true; pipewire = { enable = true; alsa.enable = true; @@ -42,6 +37,11 @@ }; }; + programs.hyprland = { + enable = true; + withUWSM = true; + }; + hardware = { xpadneo.enable = true; bluetooth.enable = true; diff --git a/hosts/modules/rotterdam/hardware.nix b/hosts/modules/rotterdam/hardware.nix index ba7f866..6f76e99 100644 --- a/hosts/modules/rotterdam/hardware.nix +++ b/hosts/modules/rotterdam/hardware.nix @@ -2,10 +2,7 @@ { hardware = { - amdgpu = { - opencl.enable = true; - amdvlk.enable = true; - }; + amdgpu.opencl.enable = true; graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; }; } diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix deleted file mode 100644 index b0345f2..0000000 --- a/hosts/modules/stylix.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; - size = 24; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 11; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - }; - }) - ]; -} diff --git a/packages/plasticity.nix b/packages/plasticity.nix index 4325e5f..320e314 100644 --- a/packages/plasticity.nix +++ b/packages/plasticity.nix @@ -62,7 +62,6 @@ stdenv.mkDerivation rec { hicolor-icon-theme libdrm libnotify - libsForQt5.kde-cli-tools libxkbcommon nspr nss diff --git a/users/modules/programs.nix b/users/modules/programs.nix index c18c17f..70079c6 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -93,15 +93,7 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { - programs.rio = { - enable = true; - settings = { - window = { - width = 1121; - height = 633; - }; - }; - }; + }) ]; } diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index a024663..bfaff58 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -112,13 +112,9 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { - fonts.fontconfig.enable = true; - programs = { password-store.package = pkgs.pass-wayland; - mangohud.enable = true; - obs-studio = { enable = true; plugins = [ @@ -127,7 +123,160 @@ pkgs.obs-studio-plugins.obs-pipewire-audio-capture ]; }; + dankMaterialShell = { + enable = true; + enableVPN = false; + }; + rio = { + enable = true; + settings = { + window = { + width = 1121; + height = 633; + }; + }; + }; }; + wayland.windowManager.hyprland = { + enable = true; + extraConfig = '' + ################ + ### MONITORS ### + ################ + monitor=,preferred,auto,auto + ################ + ### START-UP ### + ################ + exec-once = bash -c "wl-paste --watch cliphist store &" + exec-once = /usr/lib/mate-polkit/polkit-mate-authentication-agent-1 + exec-once = dms run + ##################### + ### LOOK AND FEEL ### + ##################### + general { + gaps_in = 5 + gaps_out = 20 + border_size = 2 + resize_on_border = true + allow_tearing = false + layout = dwindle + } + decoration { + rounding = 10 + rounding_power = 2 + dim_inactive = true + dim_strength = 0.3 + shadow { + enabled = true + range = 4 + render_power = 3 + } + blur { + enabled = true + size = 8 + passes = 1 + vibrancy = 0.1696 + } + } + animations { + enabled = yes, please :) + bezier = easeOutQuint,0.23,1,0.32,1 + bezier = easeInOutCubic,0.65,0.05,0.36,1 + bezier = linear,0,0,1,1 + bezier = almostLinear,0.5,0.5,0.75,1.0 + bezier = quick,0.15,0,0.1,1 + animation = global, 1, 1, default + animation = border, 1, 1, easeOutQuint + animation = windows, 1, 1, easeOutQuint + animation = windowsIn, 1, 0.3, quick, popin 95% # Much faster: 30ms with quick bezier + animation = windowsOut, 1, 1, linear, popin 87% + animation = fadeIn, 1, 1, almostLinear + animation = fadeOut, 1, 1, almostLinear + animation = fade, 1, 1, quick + animation = layers, 1, 1, easeOutQuint + animation = layersIn, 1, 1, easeOutQuint, fade + animation = layersOut, 1, 1, linear, fade + animation = fadeLayersIn, 1, 1, almostLinear + animation = fadeLayersOut, 1, 1, almostLinear + animation = workspaces, 1, 1, almostLinear, slidevert + } + misc { + force_default_wallpaper = 0 + disable_hyprland_logo = true + } + + ############# + ### INPUT ### + ############# + input { + kb_layout = us + kb_variant = altgr-intl + follow_mouse = 1 + sensitivity = 0 + accel_profile = flat + natural_scroll = true + touchpad { + natural_scroll = true + clickfinger_behavior = true + } + } + + ################### + ### KEYBINDINGS ### + ################### + $mainMod = SUPER + $terminal = rio + $menu = dms ipc call spotlight toggle + # APP SHORTCUTS + bind = ALT, SPACE, exec, $menu + bind = $mainMod, RETURN, exec, $terminal + # SESSION MANAGEMENT + bind = CTRL ALT, DELETE, exit, + bind = $mainMod, mouse_up, exec, hyprnome + bind = $mainMod, mouse_down, exec, hyprnome --previous + bind = CTRL ALT, j, exec, hyprnome + bind = CTRL ALT, k, exec, hyprnome --previous + bind = $mainMod CTRL ALT, j, exec, hyprnome --move + bind = $mainMod CTRL ALT, k, exec, hyprnome --move --previous + bindel = ,XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ + bindel = ,XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- + bindel = ,XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle + bindel = ,XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle + bindel = ,XF86MonBrightnessUp, exec, brightnessctl s 10%+ + bindel = ,XF86MonBrightnessDown, exec, brightnessctl s 10%- + bindl = , XF86AudioNext, exec, playerctl next + bindl = , XF86AudioPause, exec, playerctl play-pause + bindl = , XF86AudioPlay, exec, playerctl play-pause + bindl = , XF86AudioPrev, exec, playerctl previous + bind = CTRL ALT SHIFT, a, exec, bash /home/user/.local/bin/toggle-audio-output.sh + # WINDOW MANAGEMENT + bind = ALT, F4, killactive, + bind = $mainMod, space, togglefloating, + bind = $mainMod, f, fullscreen + bindm = $mainMod, mouse:272, movewindow + bindm = $mainMod, mouse:273, resizewindow + bind = SUPER, h, movefocus, l + bind = SUPER, l, movefocus, r + bind = SUPER, k, movefocus, u + bind = SUPER, j, movefocus, d + bind = $mainMod CTRL, h, movewindow, l + bind = $mainMod CTRL, l, movewindow, r + bind = $mainMod CTRL, k, movewindow, u + bind = $mainMod CTRL, j, movewindow, d + # bind = $mainMod, r, scroller:cyclewidth, next + # bind = $mainMod CTRL, r, scroller:cyclewidth, prev + # bind = $mainMod, p, scroller:pin, + # bind = $mainMod, c, scroller:alignwindow, center + # bind = $mainMod CTRL, f, scroller:fitsize, all + + #################### + ### WINDOW RULES ### + #################### + windowrulev2 = suppressevent maximize, class:.* + windowrulev2 = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0 + ''; + }; + fonts.fontconfig.enable = true; }) ]; } diff --git a/users/user.nix b/users/user.nix index 9950533..a5832cc 100644 --- a/users/user.nix +++ b/users/user.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { home = { @@ -10,5 +10,6 @@ imports = [ ./modules ./modules/user + inputs.dms.homeModules.dankMaterialShell.default ]; } From 92a06e984b8288a3a90e4a4ac821decf15c67737 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 9 Oct 2025 21:55:55 -0300 Subject: [PATCH 003/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/dd026d86420781e84d0732f2fa28e1c051117b59?narHash=sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM%3D' (2025-08-19) → 'github:nix-community/home-manager/5d61767c8dee7f9c66991335795dbca9e801c25a?narHash=sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr%2BjigYR9p4GS0tME%3D' (2025-10-09) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27) → 'github:nix-community/home-manager/3b955f5f0a942f9f60cdc9cacb7844335d0f21c3?narHash=sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA%3D' (2025-09-21) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/f1d16001cb2f32d61cd49e527d111c43c457e629?narHash=sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg%3D' (2025-08-18) → 'github:nix-community/nixos-cli/437b586743c3d06b0a72893097395b10e70a2b7b?narHash=sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg%3D' (2025-10-07) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/8679b16e11becd487b45d568358ddf9d5640d860?narHash=sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7%2BTa4KA%2BBmneDA%3D' (2025-07-31) → 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) → 'github:nixos/nixpkgs/c9b6fb798541223bbb396d287d16f43520250518?narHash=sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH%2B47XEBo%3D' (2025-10-07) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19) → 'github:nixos/nixpkgs/20c4598c84a671783f741e02bf05cbfaf4907cff?narHash=sha256-a0%2Bh02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0%3D' (2025-10-06) • Updated input 'stylix': 'github:danth/stylix/2355da455d7188228aaf20ac16ea9386e5aa6f0c?narHash=sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ%3D' (2025-08-20) → 'github:danth/stylix/09022804b2bcd217f3a41a644d26b23d30375d12?narHash=sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc%3D' (2025-10-05) • Updated input 'stylix/base16': 'github:SenchoPens/base16.nix/806a1777a5db2a1ef9d5d6f493ef2381047f2b89?narHash=sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI%3D' (2025-05-06) → 'github:SenchoPens/base16.nix/75ed5e5e3fce37df22e49125181fa37899c3ccd6?narHash=sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo%3D' (2025-08-21) • Updated input 'stylix/firefox-gnome-theme': 'github:rafaelmardojai/firefox-gnome-theme/4eb2714fbed2b80e234312611a947d6cb7d70caf?narHash=sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA%3D' (2025-05-27) → 'github:rafaelmardojai/firefox-gnome-theme/0909cfe4a2af8d358ad13b20246a350e14c2473d?narHash=sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk%3D' (2025-09-17) • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5?narHash=sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ%3D' (2025-07-01) → 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751?narHash=sha256-%2BuWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw%3D' (2025-09-01) • Updated input 'stylix/nur': 'github:nix-community/NUR/ddb679f4131e819efe3bbc6457ba19d7ad116f25?narHash=sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw%3D' (2025-07-07) → 'github:nix-community/NUR/ba8d9c98f5f4630bcb0e815ab456afd90c930728?narHash=sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV%2B4EnDYjdJhHvUk%3D' (2025-09-27) • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/5a775c6ffd6e6125947b393872cde95867d85a2a?narHash=sha256-LI%2BBnRoFNRa2ffbe3dcuIRYAUcGklBx0%2BEcFxlHj0SY%3D' (2025-06-24) → 'github:tinted-theming/schemes/317a5e10c35825a6c905d912e480dfe8e71c7559?narHash=sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St%2BUrqkM%3D' (2025-09-12) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/bded5e24407cec9d01bd47a317d15b9223a1546c?narHash=sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE%3D' (2025-06-29) → 'github:tinted-theming/tinted-tmux/d217ba31c846006e9e0ae70775b0ee0f00aa6b1e?narHash=sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD%2BX3vEBUGbTi4JiI%3D' (2025-09-14) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/86a470d94204f7652b906ab0d378e4231a5b3384?narHash=sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR%2BC98jX8%3D' (2025-06-29) → 'github:tinted-theming/base16-zed/824fe0aacf82b3c26690d14e8d2cedd56e18404e?narHash=sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w%3D' (2025-09-14) --- flake.lock | 84 +++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index 44d74f1..c6fc6db 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", "type": "github" }, "original": { @@ -136,11 +136,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", "type": "github" }, "original": { @@ -173,11 +173,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -265,11 +265,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -286,11 +286,11 @@ ] }, "locked": { - "lastModified": 1755625756, - "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", + "lastModified": 1760033152, + "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", "owner": "nix-community", "repo": "home-manager", - "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", + "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1755531224, - "narHash": "sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg=", + "lastModified": 1759846470, + "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "f1d16001cb2f32d61cd49e527d111c43c457e629", + "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", "type": "github" }, "original": { @@ -390,11 +390,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1755593991, - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", + "lastModified": 1759735786, + "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", + "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", "type": "github" }, "original": { @@ -406,11 +406,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753934836, - "narHash": "sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7+Ta4KA+BmneDA=", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8679b16e11becd487b45d568358ddf9d5640d860", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", "type": "github" }, "original": { @@ -422,11 +422,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1759831965, + "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "c9b6fb798541223bbb396d287d16f43520250518", "type": "github" }, "original": { @@ -448,11 +448,11 @@ ] }, "locked": { - "lastModified": 1751906969, - "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", "owner": "nix-community", "repo": "NUR", - "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", "type": "github" }, "original": { @@ -518,11 +518,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755708361, - "narHash": "sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ=", + "lastModified": 1759690047, + "narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", "owner": "danth", "repo": "stylix", - "rev": "2355da455d7188228aaf20ac16ea9386e5aa6f0c", + "rev": "09022804b2bcd217f3a41a644d26b23d30375d12", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1750770351, - "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", "owner": "tinted-theming", "repo": "schemes", - "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", "type": "github" }, "original": { @@ -628,11 +628,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1751159871, - "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", "type": "github" }, "original": { @@ -644,11 +644,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1751158968, - "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", "type": "github" }, "original": { From 7f64d4905255bffeff5ac37107b7bd1dbb74702f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 10 Oct 2025 09:41:12 -0300 Subject: [PATCH 004/129] niri + dms; WIP --- flake.lock | 348 ++++++--------------------- flake.nix | 18 +- hosts/modules/default.nix | 1 - hosts/modules/desktop.nix | 26 +- hosts/modules/programs.nix | 15 +- hosts/modules/rotterdam/hardware.nix | 5 +- users/modules/programs.nix | 9 +- users/modules/user/programs.nix | 14 ++ users/user.nix | 3 +- 9 files changed, 122 insertions(+), 317 deletions(-) diff --git a/flake.lock b/flake.lock index c6fc6db..10e0544 100644 --- a/flake.lock +++ b/flake.lock @@ -23,73 +23,6 @@ "type": "github" } }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1755819240, - "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -112,6 +45,27 @@ "type": "github" } }, + "dgop": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760238269, + "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", + "owner": "AvengeMedia", + "repo": "dgop", + "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "dgop", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -133,19 +87,47 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, + "dms": { + "inputs": { + "dgop": "dgop", + "dms-cli": "dms-cli", + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell" + }, "locked": { - "lastModified": 1758112371, - "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "lastModified": 1760401338, + "narHash": "sha256-aN4qiI9R4ByEucFE/zvJFF8Y456nDe1IXCKu0hvEP+U=", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "rev": "07fe2ca4072eb987c8090f388d4979f5006cef52", "type": "github" }, "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "type": "github" + } + }, + "dms-cli": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760241259, + "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", + "owner": "AvengeMedia", + "repo": "danklinux", + "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "danklinux", "type": "github" } }, @@ -165,27 +147,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -204,39 +165,6 @@ "type": "github" } }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.2", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -436,43 +364,39 @@ "type": "github" } }, - "nur": { + "quickshell": { "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], "nixpkgs": [ - "stylix", + "dms", "nixpkgs" ] }, "locked": { - "lastModified": 1758998580, - "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", - "owner": "nix-community", - "repo": "NUR", - "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", - "type": "github" + "lastModified": 1760228179, + "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", + "ref": "refs/heads/master", + "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", + "revCount": 693, + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" } }, "root": { "inputs": { "agenix": "agenix", "disko": "disko", + "dms": "dms", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" + "nixpkgs-stable": "nixpkgs-stable" } }, "rust-overlay": { @@ -497,40 +421,6 @@ "type": "github" } }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts", - "gnome-shell": "gnome-shell", - "nixpkgs": [ - "nixpkgs" - ], - "nur": "nur", - "systems": "systems_3", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1759690047, - "narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", - "owner": "danth", - "repo": "stylix", - "rev": "09022804b2bcd217f3a41a644d26b23d30375d12", - "type": "github" - }, - "original": { - "owner": "danth", - "repo": "stylix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -560,102 +450,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1757716333, - "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1757811970, - "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1757811247, - "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9b13d69..234a747 100644 --- a/flake.nix +++ b/flake.nix @@ -14,11 +14,6 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - stylix = { - url = "github:danth/stylix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; @@ -29,6 +24,11 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; + dms = { + url = "github:AvengeMedia/DankMaterialShell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; @@ -43,8 +43,8 @@ nixpkgs-stable, home-manager, home-manager-stable, - stylix, disko, + dms, agenix, nixos-cli, nix-flatpak, @@ -88,10 +88,10 @@ ./hosts/${hostname}.nix agenix.nixosModules.default disko.nixosModules.default + dms.nixosModules.greeter hm.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak - stylix.nixosModules.stylix nixos-cli.nixosModules.nixos-cli { nixpkgs.overlays = [ @@ -165,7 +165,7 @@ toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; } // nixpkgs.lib.optionalAttrs (system == "x86_64-linux") { - plasticity = pkgs.callPackage ./packages/plasticity.nix { }; + # plasticity = pkgs.callPackage ./packages/plasticity.nix { }; } ); @@ -173,7 +173,7 @@ overlay = final: prev: { }; workstationOverlay = final: prev: { - plasticity = self.packages.${final.system}.plasticity; + # plasticity = self.packages.${final.system}.plasticity; toggleaudiosink = self.packages.${final.system}.toggleaudiosink; }; serverOverlay = final: prev: { diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 64c4aef..99cf017 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -13,7 +13,6 @@ ./programs.nix ./security.nix ./services.nix - ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 6002f3e..ae297e3 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -18,20 +18,6 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { services = { - displayManager = { - autoLogin = { - enable = true; - user = "user"; - }; - sddm = { - enable = true; - wayland = { - enable = true; - compositor = "kwin"; - }; - }; - }; - desktopManager.plasma6.enable = true; pipewire = { enable = true; alsa.enable = true; @@ -40,6 +26,18 @@ jack.enable = true; wireplumber.enable = true; }; + greetd.settings.initial_session = { + command = "niri"; + user = "user"; + }; + }; + + programs = { + dankMaterialShell.greeter = { + enable = true; + compositor.name = "niri"; + }; + niri.enable = true; }; hardware = { diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index ebb43fc..0252863 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -48,6 +48,7 @@ let kdepkgs = with pkgs.kdePackages; [ ark + dolphin dolphin-plugins kolourpaint ]; @@ -72,6 +73,7 @@ [ ### Dev Tools ### bat + claude-code lazygit fd fzf @@ -109,6 +111,7 @@ protonup ### System Utilities ### adwaita-icon-theme + colloid-gtk-theme junction kara kde-rounded-corners @@ -125,15 +128,6 @@ qview ] ++ kdepkgs; - plasma6.excludePackages = with pkgs.kdePackages; [ - discover - elisa - gwenview - kate - khelpcenter - konsole - oxygen - ]; }; programs = { @@ -163,8 +157,9 @@ packages = with pkgs; [ corefonts inter - nerd-fonts.hack + nerd-fonts.fira-code noto-fonts-cjk-sans + noto-fonts-color-emoji roboto ]; }; diff --git a/hosts/modules/rotterdam/hardware.nix b/hosts/modules/rotterdam/hardware.nix index ba7f866..6f76e99 100644 --- a/hosts/modules/rotterdam/hardware.nix +++ b/hosts/modules/rotterdam/hardware.nix @@ -2,10 +2,7 @@ { hardware = { - amdgpu = { - opencl.enable = true; - amdvlk.enable = true; - }; + amdgpu.opencl.enable = true; graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; }; } diff --git a/users/modules/programs.nix b/users/modules/programs.nix index c18c17f..8420dce 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -25,6 +25,7 @@ helix = { enable = true; settings = { + theme = "base16_transparent"; editor = { file-picker.hidden = false; idle-timeout = 0; @@ -84,7 +85,6 @@ ]; }; }; - } # Server specific configuration @@ -96,6 +96,13 @@ programs.rio = { enable = true; settings = { + theme = "catppuccin-mocha"; + fonts = { + family = "FiraCode Nerd Font"; + size = 16.0; + emoji.family = "Noto Color Emoji"; + }; + confirm-before-quit = false; window = { width = 1121; height = 633; diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index a024663..4cebeda 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -115,6 +115,10 @@ fonts.fontconfig.enable = true; programs = { + dankMaterialShell = { + enable = true; + enableVPN = false; + }; password-store.package = pkgs.pass-wayland; mangohud.enable = true; @@ -128,6 +132,16 @@ ]; }; }; + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + kdePackages.xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; }) ]; } diff --git a/users/user.nix b/users/user.nix index 9950533..a5832cc 100644 --- a/users/user.nix +++ b/users/user.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { home = { @@ -10,5 +10,6 @@ imports = [ ./modules ./modules/user + inputs.dms.homeModules.dankMaterialShell.default ]; } From 816496fbab82f2297e35c22099f719fe3b8812ca Mon Sep 17 00:00:00 2001 From: William Date: Tue, 14 Oct 2025 15:43:12 -0300 Subject: [PATCH 005/129] now using flake-parts; refactored nixosConfigurations; using hm standalone --- devShells.nix | 14 ++ flake.lock | 34 +++ flake.nix | 152 +----------- homeConfigurations.nix | 34 +++ hosts/alexandria.nix | 12 - hosts/alexandria/firewall.nix | 11 + hosts/alexandria/forgejo.nix | 21 ++ .../alexandria/hardware-configuration.nix | 0 hosts/alexandria/jellyfin.nix | 8 + hosts/alexandria/librespeed.nix | 14 ++ hosts/alexandria/nginx.nix | 71 ++++++ hosts/alexandria/radicale.nix | 17 ++ hosts/alexandria/rclone-webdav.nix | 82 +++++++ hosts/alexandria/vaultwarden.nix | 12 + hosts/io.nix | 12 - hosts/{modules => }/io/boot.nix | 0 hosts/{modules => }/io/disko.nix | 4 +- .../io/hardware-configuration.nix | 0 hosts/{modules => }/io/programs.nix | 10 - hosts/{modules => }/io/services.nix | 9 + hosts/modules/alexandria/default.nix | 9 - hosts/modules/alexandria/networking.nix | 16 -- hosts/modules/alexandria/services.nix | 225 ------------------ hosts/modules/alexandria/users.nix | 3 - hosts/modules/bluetooth.nix | 5 + hosts/modules/boot.nix | 61 ----- hosts/modules/common/boot.nix | 20 ++ hosts/modules/common/console.nix | 8 + hosts/modules/common/firewall.nix | 8 + hosts/modules/common/locale.nix | 20 ++ hosts/modules/common/nix.nix | 40 ++++ hosts/modules/common/openssh.nix | 8 + hosts/modules/common/programs.nix | 29 +++ hosts/modules/common/security.nix | 13 + hosts/modules/common/services.nix | 9 + hosts/modules/common/tailscale.nix | 8 + hosts/modules/common/users.nix | 29 +++ hosts/modules/console.nix | 21 -- hosts/modules/default.nix | 19 -- hosts/modules/desktop.nix | 64 ----- hosts/modules/desktop/boot.nix | 26 ++ hosts/modules/desktop/desktop.nix | 136 +++++++++++ hosts/modules/desktop/nix.nix | 13 + hosts/modules/desktop/services.nix | 15 ++ hosts/modules/dev.nix | 20 ++ hosts/modules/environment.nix | 4 - hosts/modules/ephermal.nix | 118 ++++----- hosts/modules/fwupd.nix | 5 + hosts/modules/gaming.nix | 36 +++ hosts/modules/impermanence.nix | 43 ---- hosts/modules/io/default.nix | 11 - hosts/modules/libvirtd.nix | 12 + hosts/modules/locale.nix | 33 --- hosts/modules/networking.nix | 29 --- hosts/modules/networkmanager.nix | 10 + hosts/modules/nix.nix | 64 ----- hosts/modules/podman.nix | 14 ++ hosts/modules/programs.nix | 202 ---------------- hosts/modules/rotterdam/default.nix | 11 - hosts/modules/security.nix | 26 -- hosts/modules/server/boot.nix | 5 + hosts/modules/server/nix.nix | 13 + hosts/modules/server/tailscale.nix | 13 + hosts/modules/services.nix | 52 ---- hosts/modules/stylix.nix | 63 ----- hosts/modules/trantor/default.nix | 10 - hosts/modules/users.nix | 81 ------- hosts/modules/virtualisation.nix | 37 --- hosts/rotterdam.nix | 12 - hosts/{modules => }/rotterdam/boot.nix | 0 .../rotterdam/hardware-configuration.nix | 0 hosts/{modules => }/rotterdam/hardware.nix | 0 hosts/{modules => }/rotterdam/programs.nix | 2 - hosts/{modules => }/rotterdam/services.nix | 0 hosts/trantor.nix | 13 - hosts/{modules => }/trantor/boot.nix | 1 - hosts/{modules => }/trantor/disko.nix | 4 +- .../trantor/hardware-configuration.nix | 0 hosts/{modules => }/trantor/networking.nix | 0 modules/qbittorrent.nix | 123 ---------- nixosConfigurations.nix | 50 ++++ overlays.nix | 10 + packages.nix | 11 + packages/plasticity.nix | 122 ---------- users/modules/btop.nix | 12 + users/modules/common/bash.nix | 8 + users/modules/common/fish.nix | 38 +++ users/modules/default.nix | 7 - users/modules/desktop.nix | 55 +++++ users/modules/direnv.nix | 8 + users/modules/gaming.nix | 5 + users/modules/helix.nix | 50 ++++ users/modules/obs-studio.nix | 13 + users/modules/programs.nix | 114 --------- users/modules/root/default.nix | 5 - users/modules/starship.nix | 40 ++++ users/modules/tmux.nix | 11 + users/modules/user/default.nix | 8 - users/modules/user/home.nix | 11 - users/modules/user/programs.nix | 147 ------------ users/root.nix | 14 -- users/user.nix | 15 -- users/user/git.nix | 10 + utils.nix | 171 +++++++++++++ 104 files changed, 1414 insertions(+), 1910 deletions(-) create mode 100644 devShells.nix create mode 100644 homeConfigurations.nix delete mode 100644 hosts/alexandria.nix create mode 100644 hosts/alexandria/firewall.nix create mode 100644 hosts/alexandria/forgejo.nix rename hosts/{modules => }/alexandria/hardware-configuration.nix (100%) create mode 100644 hosts/alexandria/jellyfin.nix create mode 100644 hosts/alexandria/librespeed.nix create mode 100644 hosts/alexandria/nginx.nix create mode 100644 hosts/alexandria/radicale.nix create mode 100644 hosts/alexandria/rclone-webdav.nix create mode 100644 hosts/alexandria/vaultwarden.nix delete mode 100644 hosts/io.nix rename hosts/{modules => }/io/boot.nix (100%) rename hosts/{modules => }/io/disko.nix (97%) rename hosts/{modules => }/io/hardware-configuration.nix (100%) rename hosts/{modules => }/io/programs.nix (73%) rename hosts/{modules => }/io/services.nix (84%) delete mode 100644 hosts/modules/alexandria/default.nix delete mode 100644 hosts/modules/alexandria/networking.nix delete mode 100644 hosts/modules/alexandria/services.nix delete mode 100644 hosts/modules/alexandria/users.nix create mode 100644 hosts/modules/bluetooth.nix delete mode 100644 hosts/modules/boot.nix create mode 100644 hosts/modules/common/boot.nix create mode 100644 hosts/modules/common/console.nix create mode 100644 hosts/modules/common/firewall.nix create mode 100644 hosts/modules/common/locale.nix create mode 100644 hosts/modules/common/nix.nix create mode 100644 hosts/modules/common/openssh.nix create mode 100644 hosts/modules/common/programs.nix create mode 100644 hosts/modules/common/security.nix create mode 100644 hosts/modules/common/services.nix create mode 100644 hosts/modules/common/tailscale.nix create mode 100644 hosts/modules/common/users.nix delete mode 100644 hosts/modules/console.nix delete mode 100644 hosts/modules/default.nix delete mode 100644 hosts/modules/desktop.nix create mode 100644 hosts/modules/desktop/boot.nix create mode 100644 hosts/modules/desktop/desktop.nix create mode 100644 hosts/modules/desktop/nix.nix create mode 100644 hosts/modules/desktop/services.nix create mode 100644 hosts/modules/dev.nix delete mode 100644 hosts/modules/environment.nix create mode 100644 hosts/modules/fwupd.nix create mode 100644 hosts/modules/gaming.nix delete mode 100644 hosts/modules/impermanence.nix delete mode 100644 hosts/modules/io/default.nix create mode 100644 hosts/modules/libvirtd.nix delete mode 100644 hosts/modules/locale.nix delete mode 100644 hosts/modules/networking.nix create mode 100644 hosts/modules/networkmanager.nix delete mode 100644 hosts/modules/nix.nix create mode 100644 hosts/modules/podman.nix delete mode 100644 hosts/modules/programs.nix delete mode 100644 hosts/modules/rotterdam/default.nix delete mode 100644 hosts/modules/security.nix create mode 100644 hosts/modules/server/boot.nix create mode 100644 hosts/modules/server/nix.nix create mode 100644 hosts/modules/server/tailscale.nix delete mode 100644 hosts/modules/services.nix delete mode 100644 hosts/modules/stylix.nix delete mode 100644 hosts/modules/trantor/default.nix delete mode 100644 hosts/modules/users.nix delete mode 100644 hosts/modules/virtualisation.nix delete mode 100644 hosts/rotterdam.nix rename hosts/{modules => }/rotterdam/boot.nix (100%) rename hosts/{modules => }/rotterdam/hardware-configuration.nix (100%) rename hosts/{modules => }/rotterdam/hardware.nix (100%) rename hosts/{modules => }/rotterdam/programs.nix (94%) rename hosts/{modules => }/rotterdam/services.nix (100%) delete mode 100644 hosts/trantor.nix rename hosts/{modules => }/trantor/boot.nix (68%) rename hosts/{modules => }/trantor/disko.nix (91%) rename hosts/{modules => }/trantor/hardware-configuration.nix (100%) rename hosts/{modules => }/trantor/networking.nix (100%) delete mode 100644 modules/qbittorrent.nix create mode 100644 nixosConfigurations.nix create mode 100644 overlays.nix create mode 100644 packages.nix delete mode 100644 packages/plasticity.nix create mode 100644 users/modules/btop.nix create mode 100644 users/modules/common/bash.nix create mode 100644 users/modules/common/fish.nix delete mode 100644 users/modules/default.nix create mode 100644 users/modules/desktop.nix create mode 100644 users/modules/direnv.nix create mode 100644 users/modules/gaming.nix create mode 100644 users/modules/helix.nix create mode 100644 users/modules/obs-studio.nix delete mode 100644 users/modules/programs.nix delete mode 100644 users/modules/root/default.nix create mode 100644 users/modules/starship.nix create mode 100644 users/modules/tmux.nix delete mode 100644 users/modules/user/default.nix delete mode 100644 users/modules/user/home.nix delete mode 100644 users/modules/user/programs.nix delete mode 100644 users/root.nix delete mode 100644 users/user.nix create mode 100644 users/user/git.nix create mode 100644 utils.nix diff --git a/devShells.nix b/devShells.nix new file mode 100644 index 0000000..254d604 --- /dev/null +++ b/devShells.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + nil + nixfmt-rfc-style + ]; + }; + }; +} diff --git a/flake.lock b/flake.lock index 10e0544..b19b2ca 100644 --- a/flake.lock +++ b/flake.lock @@ -147,6 +147,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -316,6 +334,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1759735786, @@ -390,6 +423,7 @@ "agenix": "agenix", "disko": "disko", "dms": "dms", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index 234a747..0d826a1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + flake-parts.url = "github:hercules-ci/flake-parts"; + home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -37,151 +39,19 @@ }; outputs = - inputs@{ - self, - nixpkgs, - nixpkgs-stable, - home-manager, - home-manager-stable, - disko, - dms, - agenix, - nixos-cli, - nix-flatpak, - impermanence, - ... - }: - let + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs systems; - forAllSystemsWithPkgs = - f: - forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - f system pkgs - ); - in - { - nixosConfigurations = - let - mkHost = - { - hostname, - type, # workstation|server - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - pkgs = if type == "server" then nixpkgs-stable else nixpkgs; - hm = if type == "server" then home-manager-stable else home-manager; - hostTypeFlags = { - isServer = type == "server"; - isWorkstation = type == "workstation"; - }; - defaultModules = [ - ./hosts/${hostname}.nix - agenix.nixosModules.default - disko.nixosModules.default - dms.nixosModules.greeter - hm.nixosModules.default - impermanence.nixosModules.impermanence - nix-flatpak.nixosModules.nix-flatpak - nixos-cli.nixosModules.nixos-cli - { - nixpkgs.overlays = [ - agenix.overlays.default - ]; - } - ]; - workstationModules = [ - { - nixpkgs.overlays = [ - self.overlays.workstationOverlay - ]; - } - ]; - serverModules = [ - { - nixpkgs.overlays = [ - self.overlays.serverOverlay - ]; - } - ]; - typeModules = if type == "server" then serverModules else workstationModules; - allModules = defaultModules ++ typeModules ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostType = hostTypeFlags; - }; - modules = allModules; - }; - in - { - rotterdam = mkHost { - hostname = "rotterdam"; - type = "workstation"; - }; - io = mkHost { - hostname = "io"; - type = "workstation"; - }; - alexandria = mkHost { - hostname = "alexandria"; - type = "server"; - extraModules = [ - self.nixosModules.qbittorrent - ]; - }; - trantor = mkHost { - hostname = "trantor"; - type = "server"; - system = "aarch64-linux"; - }; - }; - devShells = forAllSystemsWithPkgs ( - system: pkgs: { - default = pkgs.mkShell { - packages = with pkgs; [ - nil - nixfmt-rfc-style - ]; - }; - } - ); - - packages = forAllSystemsWithPkgs ( - system: pkgs: - { - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - } - // nixpkgs.lib.optionalAttrs (system == "x86_64-linux") { - # plasticity = pkgs.callPackage ./packages/plasticity.nix { }; - } - ); - - overlays = { - overlay = final: prev: { - }; - workstationOverlay = final: prev: { - # plasticity = self.packages.${final.system}.plasticity; - toggleaudiosink = self.packages.${final.system}.toggleaudiosink; - }; - serverOverlay = final: prev: { - }; - }; - - nixosModules = { - qbittorrent = import ./modules/qbittorrent.nix; - }; + imports = [ + ./devShells.nix + ./homeConfigurations.nix + ./nixosConfigurations.nix + ./overlays.nix + ./packages.nix + ]; }; } diff --git a/homeConfigurations.nix b/homeConfigurations.nix new file mode 100644 index 0000000..3d3a950 --- /dev/null +++ b/homeConfigurations.nix @@ -0,0 +1,34 @@ +{ inputs, ... }: +let + utils = import ./utils.nix { inherit inputs; }; + inherit (utils) mkUser; +in +{ + flake.homeConfigurations = { + "user@rotterdam" = mkUser { + username = "user"; + tags = [ + "btop" + "desktop" + "direnv" + "gaming" + "helix" + "obs-studio" + "starship" + "tmux" + ]; + }; + + "user@io" = mkUser { + username = "user"; + tags = [ + "btop" + "desktop" + "direnv" + "helix" + "starship" + "tmux" + ]; + }; + }; +} diff --git a/hosts/alexandria.nix b/hosts/alexandria.nix deleted file mode 100644 index 6050904..0000000 --- a/hosts/alexandria.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.hostName = "alexandria"; - - imports = [ - ./modules/alexandria - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./alexandria.nix}" ]; -} diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix new file mode 100644 index 0000000..f6fded2 --- /dev/null +++ b/hosts/alexandria/firewall.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + allowedUDPPorts = [ ]; + }; +} diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix new file mode 100644 index 0000000..0b9908e --- /dev/null +++ b/hosts/alexandria/forgejo.nix @@ -0,0 +1,21 @@ +{ ... }: + +{ + services.forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; +} diff --git a/hosts/modules/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix similarity index 100% rename from hosts/modules/alexandria/hardware-configuration.nix rename to hosts/alexandria/hardware-configuration.nix diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix new file mode 100644 index 0000000..87a825f --- /dev/null +++ b/hosts/alexandria/jellyfin.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.jellyfin = { + enable = true; + openFirewall = true; + }; +} diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix new file mode 100644 index 0000000..09e4768 --- /dev/null +++ b/hosts/alexandria/librespeed.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "America/Bahia"; + }; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; +} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix new file mode 100644 index 0000000..8c20d5d --- /dev/null +++ b/hosts/alexandria/nginx.nix @@ -0,0 +1,71 @@ +{ config, lib, ... }: + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs."baduhai.dev" = { + extraDomainNames = [ "*.baduhai.dev" ]; + }; + }; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = + let + commonVHostConfig = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { + "_".locations."/".return = "444"; + "dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; # Increase timeouts for large file uploads + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; # Allow large file uploads + proxy_buffering off; # Buffer settings for better performance + proxy_request_buffering off; + ''; + }; + }; + "git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + "pass.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; +} diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix new file mode 100644 index 0000000..d81a228 --- /dev/null +++ b/hosts/alexandria/radicale.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + services.radicale = { + enable = true; + settings = { + server = { + hosts = [ "/run/radicale/radicale.sock" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + }; + }; +} diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/rclone-webdav.nix new file mode 100644 index 0000000..8324d31 --- /dev/null +++ b/hosts/alexandria/rclone-webdav.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +let + rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' + #!/bin/bash + + # Configuration + CREDS_FILE="/run/agenix/webdav" + SERVE_DIR="/data/webdav" + SOCKET_PATH="/run/rclone-webdav/webdav.sock" + + # Check if credentials file exists + if [ ! -f "$CREDS_FILE" ]; then + echo "Error: Credentials file $CREDS_FILE not found" + exit 1 + fi + + # Read credentials from file (format: username:password) + CREDENTIALS=$(cat "$CREDS_FILE") + USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) + PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) + + # Validate credentials + if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then + echo "Error: Invalid credentials format. Expected username:password" + exit 1 + fi + + # Ensure serve directory exists + mkdir -p "$SERVE_DIR" + + # Remove existing socket if it exists + rm -f "$SOCKET_PATH" + + # Start rclone serve webdav + exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ + --addr unix://"$SOCKET_PATH" \ + --user "$USERNAME" \ + --pass "$PASSWORD" \ + --config="" \ + --baseurl "/webdav" \ + --verbose + ''; +in + +{ + age.secrets.webdav = { + file = ../../secrets/webdav.age; + owner = "user"; + group = "users"; + }; + + systemd.services.rclone-webdav = { + description = "RClone WebDAV Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "exec"; + User = "user"; + Group = "nginx"; + ExecStart = "${rclone-webdav-start}"; + Restart = "always"; + RestartSec = "10"; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + "/data/webdav" + "/run" + ]; + RuntimeDirectory = "rclone-webdav"; + RuntimeDirectoryMode = "0750"; + UMask = "0002"; + }; + preStart = '' + mkdir -p /data/webdav + chown user:users /data/webdav + chmod 755 /data/webdav + ''; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix new file mode 100644 index 0000000..058c123 --- /dev/null +++ b/hosts/alexandria/vaultwarden.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + }; + }; +} diff --git a/hosts/io.nix b/hosts/io.nix deleted file mode 100644 index 3910dc1..0000000 --- a/hosts/io.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.hostName = "io"; - - imports = [ - ./modules/io - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./io.nix}" ]; -} diff --git a/hosts/modules/io/boot.nix b/hosts/io/boot.nix similarity index 100% rename from hosts/modules/io/boot.nix rename to hosts/io/boot.nix diff --git a/hosts/modules/io/disko.nix b/hosts/io/disko.nix similarity index 97% rename from hosts/modules/io/disko.nix rename to hosts/io/disko.nix index 3dc3b31..edb1418 100644 --- a/hosts/modules/io/disko.nix +++ b/hosts/io/disko.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices = { disk = { main = { diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix similarity index 100% rename from hosts/modules/io/hardware-configuration.nix rename to hosts/io/hardware-configuration.nix diff --git a/hosts/modules/io/programs.nix b/hosts/io/programs.nix similarity index 73% rename from hosts/modules/io/programs.nix rename to hosts/io/programs.nix index f1286c7..e272d22 100644 --- a/hosts/modules/io/programs.nix +++ b/hosts/io/programs.nix @@ -19,19 +19,9 @@ in { environment = { systemPackages = with pkgs; [ - arduino-ide - esptool - # fritzing maliit-keyboard sof-firmware ]; sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; } diff --git a/hosts/modules/io/services.nix b/hosts/io/services.nix similarity index 84% rename from hosts/modules/io/services.nix rename to hosts/io/services.nix index f9f82cf..3703ba3 100644 --- a/hosts/modules/io/services.nix +++ b/hosts/io/services.nix @@ -1,3 +1,5 @@ +{ pkgs, ... }: + { services = { keyd = { @@ -47,4 +49,11 @@ }; }; }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; } diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix deleted file mode 100644 index 40a4da2..0000000 --- a/hosts/modules/alexandria/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./services.nix - ./users.nix - ]; -} diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix deleted file mode 100644 index 2d59cbb..0000000 --- a/hosts/modules/alexandria/networking.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix deleted file mode 100644 index 7de15d5..0000000 --- a/hosts/modules/alexandria/services.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - ports = { - jellyfin = "8096"; - librespeed = "8000"; - radicale = "8001"; - vaultwarden = "8002"; - }; - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in - -{ - services = { - forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - }; - }; - - jellyfin = { - enable = true; - openFirewall = true; - }; - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = - let - commonVHostConfig = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { - "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://127.0.0.1:${ports.radicale}/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; - "git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}/"; - "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}/"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}/"; - }; - }; - - radicale = { - enable = true; - settings = { - server = { - hosts = [ - "127.0.0.1:${ports.radicale}" - "[::]:${ports.radicale}" - ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - - vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "${ports.vaultwarden}"; - }; - }; - }; - - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "${ports.librespeed}:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; - }; - - age.secrets = { - cloudflare = { - file = ../../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; - webdav = { - file = ../../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; - }; - - systemd.services = { - rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; - }; -} diff --git a/hosts/modules/alexandria/users.nix b/hosts/modules/alexandria/users.nix deleted file mode 100644 index 14e34c2..0000000 --- a/hosts/modules/alexandria/users.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - users.users.nginx.extraGroups = [ "acme" ]; -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix new file mode 100644 index 0000000..fb6a06a --- /dev/null +++ b/hosts/modules/bluetooth.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + hardware.bluetooth.enable = true; +} diff --git a/hosts/modules/boot.nix b/hosts/modules/boot.nix deleted file mode 100644 index 049fad7..0000000 --- a/hosts/modules/boot.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; - }) - ]; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix new file mode 100644 index 0000000..fbba278 --- /dev/null +++ b/hosts/modules/common/boot.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; +} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix new file mode 100644 index 0000000..9cb99d4 --- /dev/null +++ b/hosts/modules/common/console.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + console = { + useXkbConfig = true; + earlySetup = true; + }; +} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix new file mode 100644 index 0000000..910e803 --- /dev/null +++ b/hosts/modules/common/firewall.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + networking = { + firewall.enable = true; + nftables.enable = true; + }; +} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix new file mode 100644 index 0000000..7e07d85 --- /dev/null +++ b/hosts/modules/common/locale.nix @@ -0,0 +1,20 @@ +{ ... }: + +{ + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; +} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix new file mode 100644 index 0000000..ff0b474 --- /dev/null +++ b/hosts/modules/common/nix.nix @@ -0,0 +1,40 @@ +{ inputs, ... }: + +{ + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services = { + nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + }; + + system.stateVersion = "22.11"; +} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix new file mode 100644 index 0000000..07108ce --- /dev/null +++ b/hosts/modules/common/openssh.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + }; +} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix new file mode 100644 index 0000000..9820149 --- /dev/null +++ b/hosts/modules/common/programs.nix @@ -0,0 +1,29 @@ +{ lib, pkgs, ... }: + +{ + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; + neofetch = "${lib.getExe pkgs.fastfetch}"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish.enable = true; + }; +} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix new file mode 100644 index 0000000..33d4953 --- /dev/null +++ b/hosts/modules/common/security.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; +} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix new file mode 100644 index 0000000..89ac527 --- /dev/null +++ b/hosts/modules/common/services.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; +} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix new file mode 100644 index 0000000..98bea97 --- /dev/null +++ b/hosts/modules/common/tailscale.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; +} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix new file mode 100644 index 0000000..076eb99 --- /dev/null +++ b/hosts/modules/common/users.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +{ + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ''; + }; +} diff --git a/hosts/modules/console.nix b/hosts/modules/console.nix deleted file mode 100644 index 042976d..0000000 --- a/hosts/modules/console.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ hostType, lib, ... }: - -{ - config = lib.mkMerge [ - # Common configuration - { - console = { - useXkbConfig = true; - earlySetup = true; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix deleted file mode 100644 index 99cf017..0000000 --- a/hosts/modules/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./console.nix - ./desktop.nix - ./ephermal.nix - ./impermanence.nix - ./locale.nix - ./networking.nix - ./nix.nix - ./programs.nix - ./security.nix - ./services.nix - ./users.nix - ./virtualisation.nix - ]; -} diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix deleted file mode 100644 index ae297e3..0000000 --- a/hosts/modules/desktop.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd.settings.initial_session = { - command = "niri"; - user = "user"; - }; - }; - - programs = { - dankMaterialShell.greeter = { - enable = true; - compositor.name = "niri"; - }; - niri.enable = true; - }; - - hardware = { - xpadneo.enable = true; - bluetooth.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - i2c.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; - }) - ]; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix new file mode 100644 index 0000000..0ac4847 --- /dev/null +++ b/hosts/modules/desktop/boot.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: + +{ + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; +} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix new file mode 100644 index 0000000..4a42772 --- /dev/null +++ b/hosts/modules/desktop/desktop.nix @@ -0,0 +1,136 @@ +{ inputs, pkgs, ... }: + +let + kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; +in +{ + imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; + + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = + with pkgs; + [ + ### Web ### + bitwarden-desktop + brave + tor-browser + qbittorrent + vesktop + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + kwrite + libreoffice-qt + onlyoffice-desktopeditors + rnote + ### Graphics & Design ### + gimp + inkscape + plasticity + ### System Utilities ### + adwaita-icon-theme + colloid-gtk-theme + junction + kara + kde-rounded-corners + libfido2 + mission-center + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + mpv + obs-studio + qview + ] + ++ (with pkgs.kdePackages; [ + ark + dolphin + dolphin-plugins + kolourpaint + ]); + }; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + settings = { + default_session.command = ''${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --greeting "Welcome to NixOS" --cmd ${plasma}/bin/plasma''; + initial_session.user = "user"; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Internet Browsers & Communication ### + "app.zen_browser.zen" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + }; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + programs = { + niri.enable = true; + dconf.enable = true; + kdeconnect.enable = true; + partition-manager.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; +} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix new file mode 100644 index 0000000..54a3549 --- /dev/null +++ b/hosts/modules/desktop/nix.nix @@ -0,0 +1,13 @@ +{ inputs, ... }: + +{ + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; +} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix new file mode 100644 index 0000000..66b78f1 --- /dev/null +++ b/hosts/modules/desktop/services.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +{ + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + }; +} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix new file mode 100644 index 0000000..82908f2 --- /dev/null +++ b/hosts/modules/dev.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + bat + claude-code + lazygit + fd + fzf + glow + nixfmt-rfc-style + nix-init + nix-output-monitor + ripgrep + ]; + + programs.adb.enable = true; + + users.users.user.extraGroups = [ "adbusers" ]; +} diff --git a/hosts/modules/environment.nix b/hosts/modules/environment.nix deleted file mode 100644 index a67ca90..0000000 --- a/hosts/modules/environment.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: - -{ -} diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix index ff22557..adaf5af 100644 --- a/hosts/modules/ephermal.nix +++ b/hosts/modules/ephermal.nix @@ -1,64 +1,72 @@ -{ - hostType, - lib, - ... -}: +{ inputs, ... }: { - config = lib.mkMerge [ - # Common configuration - { - } + imports = [ inputs.impermanence.nixosModules.impermanence ]; - # Server specific configuration - (lib.mkIf hostType.isServer { - }) + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount /dev/mapper/cryptroot /btrfs_tmp - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/mapper/cryptroot /btrfs_tmp + if [[ -e /btrfs_tmp/@root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" + fi - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done + btrfs subvolume create /btrfs_tmp/@root + umount /btrfs_tmp + ''; + }; - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; - }) - ]; + environment.persistence.main = { + persistentStoragePath = "/persistent"; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ]; + }; } diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix new file mode 100644 index 0000000..52dc13e --- /dev/null +++ b/hosts/modules/fwupd.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.fwupd.enable = true; +} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix new file mode 100644 index 0000000..cf6217f --- /dev/null +++ b/hosts/modules/gaming.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + clonehero + heroic + mangohud + prismlauncher + protonup + steam-run + ]; + + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; + }; + + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ]; +} diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix deleted file mode 100644 index 7ce822f..0000000 --- a/hosts/modules/impermanence.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - hostType, - lib, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; - }) - ]; -} diff --git a/hosts/modules/io/default.nix b/hosts/modules/io/default.nix deleted file mode 100644 index fb244cc..0000000 --- a/hosts/modules/io/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./disko.nix - ./hardware-configuration.nix - ./programs.nix - ./services.nix - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix new file mode 100644 index 0000000..41cfa27 --- /dev/null +++ b/hosts/modules/libvirtd.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + virtualisation.libvirtd.enable = true; + + programs.virt-manager.enable = true; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; +} diff --git a/hosts/modules/locale.nix b/hosts/modules/locale.nix deleted file mode 100644 index 44204d5..0000000 --- a/hosts/modules/locale.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ hostType, lib, ... }: - -{ - config = lib.mkMerge [ - # Common configuration - { - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix deleted file mode 100644 index d80f42e..0000000 --- a/hosts/modules/networking.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - hostType, - lib, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix new file mode 100644 index 0000000..7634116 --- /dev/null +++ b/hosts/modules/networkmanager.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + + users.users.user.extraGroups = [ "networkmanager" ]; +} diff --git a/hosts/modules/nix.nix b/hosts/modules/nix.nix deleted file mode 100644 index ddc3b5b..0000000 --- a/hosts/modules/nix.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - inputs, - lib, - hostType, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - system.stateVersion = "22.11"; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }) - ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix new file mode 100644 index 0000000..99018cc --- /dev/null +++ b/hosts/modules/podman.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; +} diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix deleted file mode 100644 index 0252863..0000000 --- a/hosts/modules/programs.nix +++ /dev/null @@ -1,202 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - agenix - git - ### System Utilities ### - btop - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; - neofetch = "${pkgs.fastfetch}/bin/fastfetch"; - tree = "ls --tree"; - vi = "${pkgs.evil-helix}/bin/hx"; - vim = "${pkgs.evil-helix}/bin/hx"; - nvim = "${pkgs.evil-helix}/bin/hx"; - }; - }; - - programs = { - fish.enable = true; - command-not-found.enable = false; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation ( - let - kdepkgs = with pkgs.kdePackages; [ - ark - dolphin - dolphin-plugins - kolourpaint - ]; - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; - in - { - environment = { - systemPackages = - with pkgs; - [ - ### Dev Tools ### - bat - claude-code - lazygit - fd - fzf - glow - nixfmt-rfc-style - nix-init - nix-output-monitor - ripgrep - ### Web ### - bitwarden-desktop - brave - tor-browser - qbittorrent - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - obsidian - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### Gaming & Entertainment ### - clonehero - heroic - mangohud - prismlauncher - protonup - ### System Utilities ### - adwaita-icon-theme - colloid-gtk-theme - junction - kara - kde-rounded-corners - libfido2 - mission-center - p7zip - rclone - steam-run - toggleaudiosink - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ kdepkgs; - }; - - programs = { - adb.enable = true; - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - virt-manager.enable = true; - dconf.enable = true; - nix-ld.enable = true; - kdeconnect.enable = true; - partition-manager.enable = true; - gamemode.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - nh = { - enable = true; - flake = "/home/user/Projects/personal/nix-config"; - }; - }; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - services.flatpak = { - enable = true; - packages = [ - ### Dev Tools ### - ### Internet Browsers & Communication ### - "app.zen_browser.zen" - ### Office & Productivity ### - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### Gaming & Entertainment ### - "com.github.k4zmu2a.spacecadetpinball" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - ### Media ### - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - } - )) - ]; -} diff --git a/hosts/modules/rotterdam/default.nix b/hosts/modules/rotterdam/default.nix deleted file mode 100644 index 0bc2cc8..0000000 --- a/hosts/modules/rotterdam/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./hardware-configuration.nix - ./hardware.nix - ./programs.nix - ./services.nix - ]; -} diff --git a/hosts/modules/security.nix b/hosts/modules/security.nix deleted file mode 100644 index 5cb1786..0000000 --- a/hosts/modules/security.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ hostType, lib, ... }: - -{ - config = lib.mkMerge [ - # Common configuration - { - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix new file mode 100644 index 0000000..5d6e482 --- /dev/null +++ b/hosts/modules/server/boot.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_hardened; +} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix new file mode 100644 index 0000000..af57cae --- /dev/null +++ b/hosts/modules/server/nix.nix @@ -0,0 +1,13 @@ +{ inputs, ... }: + +{ + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; +} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix new file mode 100644 index 0000000..1f105ba --- /dev/null +++ b/hosts/modules/server/tailscale.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; +} diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix deleted file mode 100644 index 351e091..0000000 --- a/hosts/modules/services.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - services = { - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - openssh = { - enable = true; - settings.PermitRootLogin = "no"; - }; - nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - fwupd.enable = true; - fstrim.enable = true; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; - }) - ]; -} diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix deleted file mode 100644 index b0345f2..0000000 --- a/hosts/modules/stylix.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; - size = 24; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 11; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - }; - }) - ]; -} diff --git a/hosts/modules/trantor/default.nix b/hosts/modules/trantor/default.nix deleted file mode 100644 index 9bdb292..0000000 --- a/hosts/modules/trantor/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./disko.nix - ./hardware-configuration.nix - ./networking.nix - ]; -} diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix deleted file mode 100644 index 68ac26a..0000000 --- a/hosts/modules/users.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - hostType, - inputs, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - backupFileExtension = "bkp"; - users = { - user = import ../../users/user.nix; - root = import ../../users/root.nix; - }; - extraSpecialArgs = { - inherit hostType; - inherit inputs; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - environment.sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - - users.users = { - user = { - description = "William"; - uid = 1000; - extraGroups = [ - "uaccess" # Needed for HID dev - "dialout" # Needed for arduino dev - "libvirt" - "libvirtd" - "adbusers" - "i2c" - ]; - }; - ewans = { - description = "Ewans"; - isNormalUser = true; - uid = 1001; - hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; - }; - }; - }) - ]; -} diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix deleted file mode 100644 index e55a267..0000000 --- a/hosts/modules/virtualisation.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - virtualisation.podman = { - enable = true; - dockerCompat = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; - - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - virtualisation = { - libvirtd.enable = true; - }; - }) - ]; -} diff --git a/hosts/rotterdam.nix b/hosts/rotterdam.nix deleted file mode 100644 index ad95919..0000000 --- a/hosts/rotterdam.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.hostName = "rotterdam"; - - imports = [ - ./modules/rotterdam - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; -} diff --git a/hosts/modules/rotterdam/boot.nix b/hosts/rotterdam/boot.nix similarity index 100% rename from hosts/modules/rotterdam/boot.nix rename to hosts/rotterdam/boot.nix diff --git a/hosts/modules/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix similarity index 100% rename from hosts/modules/rotterdam/hardware-configuration.nix rename to hosts/rotterdam/hardware-configuration.nix diff --git a/hosts/modules/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix similarity index 100% rename from hosts/modules/rotterdam/hardware.nix rename to hosts/rotterdam/hardware.nix diff --git a/hosts/modules/rotterdam/programs.nix b/hosts/rotterdam/programs.nix similarity index 94% rename from hosts/modules/rotterdam/programs.nix rename to hosts/rotterdam/programs.nix index 9f624a1..b4dcfd9 100644 --- a/hosts/modules/rotterdam/programs.nix +++ b/hosts/rotterdam/programs.nix @@ -27,7 +27,5 @@ in { environment.systemPackages = [ reboot-into-qubes ]; - services.flatpak.packages = [ "net.retrodeck.retrodeck" ]; - programs.steam.dedicatedServer.openFirewall = true; } diff --git a/hosts/modules/rotterdam/services.nix b/hosts/rotterdam/services.nix similarity index 100% rename from hosts/modules/rotterdam/services.nix rename to hosts/rotterdam/services.nix diff --git a/hosts/trantor.nix b/hosts/trantor.nix deleted file mode 100644 index 4a02556..0000000 --- a/hosts/trantor.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - networking.hostName = "trantor"; - - imports = [ - ./modules/trantor - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./trantor.nix}" ]; -} - diff --git a/hosts/modules/trantor/boot.nix b/hosts/trantor/boot.nix similarity index 68% rename from hosts/modules/trantor/boot.nix rename to hosts/trantor/boot.nix index b724550..a031ce9 100644 --- a/hosts/modules/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -2,6 +2,5 @@ boot = { loader.efi.efiSysMountPoint = "/boot"; initrd.systemd.enable = true; - kernel.sysctl."net.ipv4.ip_forward" = 1; }; } diff --git a/hosts/modules/trantor/disko.nix b/hosts/trantor/disko.nix similarity index 91% rename from hosts/modules/trantor/disko.nix rename to hosts/trantor/disko.nix index a535e47..a70383e 100644 --- a/hosts/modules/trantor/disko.nix +++ b/hosts/trantor/disko.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices = { disk = { main = { diff --git a/hosts/modules/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix similarity index 100% rename from hosts/modules/trantor/hardware-configuration.nix rename to hosts/trantor/hardware-configuration.nix diff --git a/hosts/modules/trantor/networking.nix b/hosts/trantor/networking.nix similarity index 100% rename from hosts/modules/trantor/networking.nix rename to hosts/trantor/networking.nix diff --git a/modules/qbittorrent.nix b/modules/qbittorrent.nix deleted file mode 100644 index a496c54..0000000 --- a/modules/qbittorrent.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; -let - cfg = config.services.qbittorrent; - configDir = "${cfg.dataDir}/.config"; - openFilesLimit = 4096; -in -{ - options.services.qbittorrent = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Run qBittorrent headlessly as systemwide daemon - ''; - }; - - dataDir = mkOption { - type = types.path; - default = "/var/lib/qbittorrent"; - description = '' - The directory where qBittorrent will create files. - ''; - }; - - user = mkOption { - type = types.str; - default = "qbittorrent"; - description = '' - User account under which qBittorrent runs. - ''; - }; - - group = mkOption { - type = types.str; - default = "qbittorrent"; - description = '' - Group under which qBittorrent runs. - ''; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = '' - qBittorrent web UI port. - ''; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - description = '' - Open services.qBittorrent.port to the outside network. - ''; - }; - - openFilesLimit = mkOption { - default = openFilesLimit; - description = '' - Number of files to allow qBittorrent to open. - ''; - }; - }; - - config = mkIf cfg.enable { - - environment.systemPackages = [ pkgs.qbittorrent ]; - - nixpkgs.overlays = [ - (final: prev: { - qbittorrent = prev.qbittorrent.override { guiSupport = false; }; - }) - ]; - - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; - }; - - systemd.services.qbittorrent = { - after = [ "network.target" ]; - description = "qBittorrent Daemon"; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.qbittorrent ]; - serviceConfig = { - ExecStart = '' - ${pkgs.qbittorrent}/bin/qbittorrent-nox \ - --profile=${configDir} \ - --webui-port=${toString cfg.port} - ''; - # To prevent "Quit & shutdown daemon" from working; we want systemd to - # manage it! - Restart = "on-success"; - User = cfg.user; - Group = cfg.group; - UMask = "0002"; - LimitNOFILE = cfg.openFilesLimit; - }; - }; - - users.users = mkIf (cfg.user == "qbittorrent") { - qbittorrent = { - inherit group; - home = cfg.dataDir; - createHome = true; - description = "qBittorrent Daemon user"; - }; - }; - - users.groups = mkIf (cfg.group == "qbittorrent") { - qbittorrent = { - gid = null; - }; - }; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix new file mode 100644 index 0000000..65a9e14 --- /dev/null +++ b/nixosConfigurations.nix @@ -0,0 +1,50 @@ +{ inputs, ... }: +let + utils = import ./utils.nix { inherit inputs; }; + inherit (utils) mkHost; +in +{ + flake.nixosConfigurations = { + rotterdam = mkHost { + hostname = "rotterdam"; + tags = [ + "desktop" + "bluetooth" + "dev" + "ephermal" + "fwupd" + "gaming" + "libvirtd" + "networkmanager" + "podman" + ]; + }; + + io = mkHost { + hostname = "io"; + tags = [ + "desktop" + "bluetooth" + "dev" + "ephermal" + "networkmanager" + "podman" + ]; + }; + + alexandria = mkHost { + hostname = "alexandria"; + tags = [ + "fwupd" + "podman" + ]; + }; + + trantor = mkHost { + hostname = "trantor"; + system = "aarch64-linux"; + tags = [ + ]; + }; + }; +} diff --git a/overlays.nix b/overlays.nix new file mode 100644 index 0000000..3bc87b1 --- /dev/null +++ b/overlays.nix @@ -0,0 +1,10 @@ +{ inputs, ... }: + +{ + flake.overlays = { + default = final: prev: { + # plasticity = inputs.self.packages.${final.system}.plasticity; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + }; + }; +} diff --git a/packages.nix b/packages.nix new file mode 100644 index 0000000..4ae6a5e --- /dev/null +++ b/packages.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + perSystem = + { pkgs, system, ... }: + { + packages = { + toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + }; + }; +} diff --git a/packages/plasticity.nix b/packages/plasticity.nix deleted file mode 100644 index 4325e5f..0000000 --- a/packages/plasticity.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ - alsa-lib, - at-spi2-atk, - autoPatchelfHook, - cairo, - cups, - dbus, - desktop-file-utils, - expat, - fetchurl, - gdk-pixbuf, - gtk3, - gvfs, - hicolor-icon-theme, - lib, - libdrm, - libglvnd, - libnotify, - libsForQt5, - libxkbcommon, - libgbm, - nspr, - nss, - openssl, - pango, - rpmextract, - stdenv, - systemd, - trash-cli, - vulkan-loader, - wrapGAppsHook3, - xdg-utils, - xorg, -}: -stdenv.mkDerivation rec { - pname = "plasticity"; - version = "25.1.8"; - - src = fetchurl { - url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm"; - hash = "sha256-5PjjEsHchryUhmzqyQ4XqwiycNEVCefmpSW/9jZEzpg="; - }; - - nativeBuildInputs = [ - wrapGAppsHook3 - autoPatchelfHook - rpmextract - libgbm - ]; - - buildInputs = [ - alsa-lib - at-spi2-atk - cairo - cups - dbus - desktop-file-utils - expat - gdk-pixbuf - gtk3 - gvfs - hicolor-icon-theme - libdrm - libnotify - libsForQt5.kde-cli-tools - libxkbcommon - nspr - nss - openssl - pango - (lib.getLib stdenv.cc.cc) - trash-cli - xdg-utils - ]; - - runtimeDependencies = [ - systemd - libglvnd - vulkan-loader # may help with nvidia users - xorg.libX11 - xorg.libxcb - xorg.libXcomposite - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXrandr - xorg.libXtst - ]; - - dontUnpack = true; - - # can't find anything on the internet about these files, no clue what they do - autoPatchelfIgnoreMissingDeps = [ - "ACCAMERA.tx" - "AcMPolygonObj15.tx" - "ATEXT.tx" - "ISM.tx" - "RText.tx" - "SCENEOE.tx" - "TD_DbEntities.tx" - "TD_DbIO.tx" - "WipeOut.tx" - ]; - - installPhase = '' - runHook preInstall - - mkdir $out - cd $out - rpmextract $src - mv $out/usr/* $out - rm -r $out/usr - rm -r $out/lib/.build-id - - runHook postInstall - ''; - - #--use-gl=egl for it to use hardware rendering it seems. Otherwise there are terrible framerates - preFixup = '' - gappsWrapperArgs+=(--add-flags "--use-gl=egl") - ''; -} diff --git a/users/modules/btop.nix b/users/modules/btop.nix new file mode 100644 index 0000000..c19c4bb --- /dev/null +++ b/users/modules/btop.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; +} \ No newline at end of file diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix new file mode 100644 index 0000000..a5a0823 --- /dev/null +++ b/users/modules/common/bash.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; +} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix new file mode 100644 index 0000000..8de52c3 --- /dev/null +++ b/users/modules/common/fish.nix @@ -0,0 +1,38 @@ +{ pkgs, lib, ... }: + +{ + programs.fish = { + enable = true; + interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "sponge"; + src = pkgs.fetchFromGitHub { + owner = "meaningful-ooo"; + repo = "sponge"; + rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; + sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; + sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + }; + } + ]; + }; +} \ No newline at end of file diff --git a/users/modules/default.nix b/users/modules/default.nix deleted file mode 100644 index 5ef9e0a..0000000 --- a/users/modules/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - imports = [ - ./programs.nix - ]; -} diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix new file mode 100644 index 0000000..d98edc9 --- /dev/null +++ b/users/modules/desktop.nix @@ -0,0 +1,55 @@ +{ inputs, pkgs, ... }: + +{ + imports = [ inputs.dms.homeModules.dankMaterialShell.default ]; + + fonts.fontconfig.enable = true; + + programs = { + dankMaterialShell = { + enable = true; + enableVPN = false; + }; + +rio = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + fonts = { + family = "FiraCode Nerd Font"; + size = 16.0; + emoji.family = "Noto Color Emoji"; + }; + confirm-before-quit = false; + window = { + width = 1121; + height = 633; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + kdePackages.xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; + + gtk = { + enable = true; + gtk3.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + gtk4.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + }; +} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix new file mode 100644 index 0000000..c91d0af --- /dev/null +++ b/users/modules/direnv.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; +} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix new file mode 100644 index 0000000..df33b11 --- /dev/null +++ b/users/modules/gaming.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + programs.mangohud.enable = true; +} diff --git a/users/modules/helix.nix b/users/modules/helix.nix new file mode 100644 index 0000000..b71799b --- /dev/null +++ b/users/modules/helix.nix @@ -0,0 +1,50 @@ +{ pkgs, ... }: + +{ + home.sessionVariables = { + EDITOR = "hx"; + }; + + programs.helix = { + enable = true; + settings = { + theme = "base16_transparent"; + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; +} \ No newline at end of file diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix new file mode 100644 index 0000000..da268c5 --- /dev/null +++ b/users/modules/obs-studio.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + programs.obs-studio = { + enable = true; + plugins = [ + pkgs.obs-studio-plugins.obs-vkcapture + pkgs.obs-studio-plugins.obs-backgroundremoval + pkgs.obs-studio-plugins.obs-pipewire-audio-capture + ]; + }; + +} diff --git a/users/modules/programs.nix b/users/modules/programs.nix deleted file mode 100644 index 8420dce..0000000 --- a/users/modules/programs.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - home = { - sessionVariables = { - EDITOR = "hx"; - }; - }; - - programs = { - bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; - - helix = { - enable = true; - settings = { - theme = "base16_transparent"; - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "block"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - }; - - fish = { - enable = true; - functions.fish_greeting = ""; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; - }; - } - ]; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - programs.rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; - }; - }; - }; - }) - ]; -} diff --git a/users/modules/root/default.nix b/users/modules/root/default.nix deleted file mode 100644 index adc92a0..0000000 --- a/users/modules/root/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - imports = [ ]; -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix new file mode 100644 index 0000000..8b9a14c --- /dev/null +++ b/users/modules/starship.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: + +{ + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = " "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; +} \ No newline at end of file diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix new file mode 100644 index 0000000..4268e7a --- /dev/null +++ b/users/modules/tmux.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; +} \ No newline at end of file diff --git a/users/modules/user/default.nix b/users/modules/user/default.nix deleted file mode 100644 index 660553d..0000000 --- a/users/modules/user/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - ./programs.nix - ./home.nix - ]; -} diff --git a/users/modules/user/home.nix b/users/modules/user/home.nix deleted file mode 100644 index 38311a6..0000000 --- a/users/modules/user/home.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; -} diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix deleted file mode 100644 index 4cebeda..0000000 --- a/users/modules/user/programs.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - home = { - packages = with pkgs; [ nix-your-shell ]; - }; - - programs = { - helix.languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - - password-store.enable = true; - - direnv = { - enable = true; - nix-direnv.enable = true; - }; - - fish = { - interactiveShellInit = "nix-your-shell fish | source"; - loginShellInit = "nix-your-shell fish | source"; - }; - - tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; - - starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = " "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; - - git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; - }; - - btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - fonts.fontconfig.enable = true; - - programs = { - dankMaterialShell = { - enable = true; - enableVPN = false; - }; - password-store.package = pkgs.pass-wayland; - - mangohud.enable = true; - - obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - }; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; - }) - ]; -} diff --git a/users/root.nix b/users/root.nix deleted file mode 100644 index be5e00b..0000000 --- a/users/root.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: - -{ - home = { - username = "root"; - homeDirectory = "/root"; - stateVersion = "22.05"; - }; - - imports = [ - ./modules - ./modules/root - ]; -} diff --git a/users/user.nix b/users/user.nix deleted file mode 100644 index a5832cc..0000000 --- a/users/user.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, ... }: - -{ - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - - imports = [ - ./modules - ./modules/user - inputs.dms.homeModules.dankMaterialShell.default - ]; -} diff --git a/users/user/git.nix b/users/user/git.nix new file mode 100644 index 0000000..fcafc00 --- /dev/null +++ b/users/user/git.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + programs.git = { + enable = true; + diff-so-fancy.enable = true; + userName = "William"; + userEmail = "baduhai@proton.me"; + }; +} \ No newline at end of file diff --git a/utils.nix b/utils.nix new file mode 100644 index 0000000..23f92d0 --- /dev/null +++ b/utils.nix @@ -0,0 +1,171 @@ +{ inputs }: +let + inherit (inputs) + self + nixpkgs + nixpkgs-stable + home-manager + agenix + ; +in +{ + # Tag-based host configuration system + mkHost = + { + hostname, + tags ? [ ], + system ? "x86_64-linux", + extraModules ? [ ], + }: + let + # Validate that server and desktop tags are mutually exclusive + hasServer = builtins.elem "server" tags; + hasDesktop = builtins.elem "desktop" tags; + + # Always include "common" tag implicitly + allTags = + if hasServer && hasDesktop then + throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" + else + [ "common" ] ++ tags; + + # Choose nixpkgs based on server tag + pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; + + # Tag-specific modules: each tag can be either: + # 1. A file: hosts/modules/${tag}.nix + # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) + tagModuleFiles = builtins.concatMap ( + tag: + let + filePath = ./hosts/modules/${tag}.nix; + dirPath = ./hosts/modules/${tag}; + in + # Check if it's a file first + if builtins.pathExists filePath then + [ filePath ] + # Then check if it's a directory + else if builtins.pathExists dirPath then + let + entries = builtins.readDir dirPath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name + ) entries; + in + map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) + else + [ ] + ) allTags; + + # Automatically import all .nix files from hosts/${hostname}/ + hostModulePath = ./hosts/${hostname}; + hostModuleFiles = + if builtins.pathExists hostModulePath then + let + entries = builtins.readDir hostModulePath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" + ) entries; + in + map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) + else + [ ]; + + # Combine all modules + allModules = [ + agenix.nixosModules.default + { + networking.hostName = hostname; + nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; + nixpkgs.overlays = [ + agenix.overlays.default + self.overlays.default + ]; + } + ] + ++ tagModuleFiles + ++ hostModuleFiles + ++ extraModules; + in + pkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs; + hostTags = allTags; + }; + modules = allModules; + }; + + # Tag-based user configuration system + mkUser = + { + username, + homeDirectory ? "/home/${username}", + tags ? [ ], + extraModules ? [ ], + }: + let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + + # Always include "common" tag implicitly + allTags = [ "common" ] ++ tags; + + # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists + tagModuleFiles = builtins.concatMap ( + tag: + let + filePath = ./users/modules/${tag}.nix; + dirPath = ./users/modules/${tag}; + in + # Check if it's a file first + if builtins.pathExists filePath then + [ filePath ] + # Then check if it's a directory + else if builtins.pathExists dirPath then + let + entries = builtins.readDir dirPath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name + ) entries; + in + map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) + else + [ ] + ) allTags; + + # Automatically import all .nix files from users/modules/${username}/ + userModulePath = ./users/${username}; + userModuleFiles = + if builtins.pathExists userModulePath then + let + entries = builtins.readDir userModulePath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name + ) entries; + in + map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) + else + [ ]; + + # Combine all modules + allModules = [ + { + home = { + inherit username homeDirectory; + stateVersion = "22.05"; + }; + } + ] + ++ tagModuleFiles + ++ userModuleFiles + ++ extraModules; + in + home-manager.lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { + inherit inputs; + userTags = allTags; + }; + modules = allModules; + }; +} From 33a9599b2355ae771dfa703952bf276bdea6f9bc Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 14:48:58 -0300 Subject: [PATCH 006/129] fix home-manager config --- users/modules/desktop.nix | 29 +++++++++++++++-------------- users/modules/obs-studio.nix | 2 +- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index d98edc9..1873cc7 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -11,23 +11,24 @@ enableVPN = false; }; -rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; + rio = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + fonts = { + family = "FiraCode Nerd Font"; + size = 16.0; + emoji.family = "Noto Color Emoji"; + }; + confirm-before-quit = false; + window = { + width = 1121; + height = 633; + }; }; }; - password-store = { + password-store = { enable = true; package = pkgs.pass-wayland; }; diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix index da268c5..67e3b8b 100644 --- a/users/modules/obs-studio.nix +++ b/users/modules/obs-studio.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { programs.obs-studio = { From 46387a47454c015358222597cbf4957be5891a8c Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 14:49:09 -0300 Subject: [PATCH 007/129] fix greetd config --- hosts/modules/desktop/desktop.nix | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 4a42772..dd52cda 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -1,4 +1,9 @@ -{ inputs, pkgs, ... }: +{ + inputs, + lib, + pkgs, + ... +}: let kwrite = pkgs.symlinkJoin { @@ -81,9 +86,10 @@ in wireplumber.enable = true; }; greetd = { - settings = { - default_session.command = ''${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --greeting "Welcome to NixOS" --cmd ${plasma}/bin/plasma''; - initial_session.user = "user"; + enable = true; + settings.default_session = { + command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + user = "greeter"; }; }; flatpak = { @@ -109,8 +115,17 @@ in update.auto.enable = true; }; }; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + programs = { niri.enable = true; dconf.enable = true; From f797aedb5b786a51d2e3ed0c724a4a7b804609e9 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 16:10:40 -0300 Subject: [PATCH 008/129] added hm cli utility --- overlays.nix | 2 +- packages.nix | 1 + packages/hm-cli.nix | 101 ++++++++++++++++++++++++++++++++ users/modules/common/hm-cli.nix | 10 ++++ utils.nix | 6 +- 5 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 packages/hm-cli.nix create mode 100644 users/modules/common/hm-cli.nix diff --git a/overlays.nix b/overlays.nix index 3bc87b1..a5ba76c 100644 --- a/overlays.nix +++ b/overlays.nix @@ -3,8 +3,8 @@ { flake.overlays = { default = final: prev: { - # plasticity = inputs.self.packages.${final.system}.plasticity; toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + hm-cli = inputs.self.packages.${final.system}.hm-cli; }; }; } diff --git a/packages.nix b/packages.nix index 4ae6a5e..e83ad26 100644 --- a/packages.nix +++ b/packages.nix @@ -6,6 +6,7 @@ { packages = { toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; }; }; } diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix new file mode 100644 index 0000000..715a1ad --- /dev/null +++ b/packages/hm-cli.nix @@ -0,0 +1,101 @@ +{ + pkgs ? import { }, +}: + +pkgs.writeShellScriptBin "hm" '' + set -e + + HM="${pkgs.lib.getExe pkgs.home-manager}" + FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" + FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" + + show_usage() { + cat < [args] + + Commands: + apply Switch to a new generation + generation list List all generations + generation delete ID... Delete specified generation(s) + generation rollback Rollback to the previous generation + generation switch ID Switch to the specified generation + generation cleanup Delete all but the current generation + + Environment Variables: + HM_PATH Override default flake path (~/.config/home-manager) + Currently set to "$(echo $HM_PATH)" + HM_USER Override default user output ("$(whoami)@$(hostname)") + Currently set to "$(echo $HM_USER)" + EOF + } + + if [[ $# -eq 0 ]]; then + show_usage + exit 1 + fi + + case "$1" in + apply) + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" + ;; + generation) + if [[ $# -lt 2 ]]; then + echo "Error: generation command requires a subcommand" + show_usage + exit 1 + fi + + case "$2" in + list) + "$HM" generations + ;; + delete) + if [[ $# -lt 3 ]]; then + echo "Error: delete requires at least one generation ID" + exit 1 + fi + shift 2 + "$HM" remove-generations "$@" + ;; + rollback) + "$HM" generations | \ + sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ + head -n 2 | tail -n 1 | \ + xargs -I {} "$HM" switch --flake "$FLAKE_PATH" --switch-generation {} + ;; + switch) + if [[ $# -ne 3 ]]; then + echo "Error: switch requires exactly one generation ID" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" + ;; + cleanup) + CURRENT_GEN=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\) (current).*/\1/p') + if [[ -z "$CURRENT_GEN" ]]; then + echo "Error: could not determine current generation" + exit 1 + fi + OLD_GENS=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | grep -v "^$CURRENT_GEN$") + if [[ -z "$OLD_GENS" ]]; then + echo "No old generations to delete" + else + echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" + echo "$OLD_GENS" | xargs "$HM" remove-generations + echo "Cleanup complete. Current generation $CURRENT_GEN preserved." + fi + ;; + *) + echo "Error: unknown generation subcommand '$2'" + show_usage + exit 1 + ;; + esac + ;; + *) + echo "Error: unknown command '$1'" + show_usage + exit 1 + ;; + esac +'' diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix new file mode 100644 index 0000000..d2ed715 --- /dev/null +++ b/users/modules/common/hm-cli.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; + }; +} diff --git a/utils.nix b/utils.nix index 23f92d0..1f30542 100644 --- a/utils.nix +++ b/utils.nix @@ -166,6 +166,10 @@ in inherit inputs; userTags = allTags; }; - modules = allModules; + modules = allModules ++ [ + { + nixpkgs.overlays = [ self.overlays.default ]; + } + ]; }; } From c9209f82d14aa0aec4fb9498e045d7dd73c16050 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 16:12:57 -0300 Subject: [PATCH 009/129] fixed hm generation cleanup --- packages/hm-cli.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 715a1ad..ef3ec30 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -71,12 +71,12 @@ pkgs.writeShellScriptBin "hm" '' "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" ;; cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\) (current).*/\1/p') + CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') if [[ -z "$CURRENT_GEN" ]]; then echo "Error: could not determine current generation" exit 1 fi - OLD_GENS=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | grep -v "^$CURRENT_GEN$") + OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") if [[ -z "$OLD_GENS" ]]; then echo "No old generations to delete" else From 79ecda817ef1893a23636b88b22a1c5772163b2b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 19:35:21 -0300 Subject: [PATCH 010/129] greetd auto login --- hosts/modules/desktop/desktop.nix | 12 +++++++++--- utils.nix | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index dd52cda..2afd7ea 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -87,9 +87,15 @@ in }; greetd = { enable = true; - settings.default_session = { - command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; - user = "greeter"; + settings = { + default_session = { + command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + user = "greeter"; + }; + initial_session = { + command = "${lib.getExe pkgs.niri}"; + user = "user"; + }; }; }; flatpak = { diff --git a/utils.nix b/utils.nix index 1f30542..e56e3c2 100644 --- a/utils.nix +++ b/utils.nix @@ -133,7 +133,7 @@ in [ ] ) allTags; - # Automatically import all .nix files from users/modules/${username}/ + # Automatically import all .nix files from users/${username}/ userModulePath = ./users/${username}; userModuleFiles = if builtins.pathExists userModulePath then From 5edad8b9576958a8b0d39387484217089fcc9f92 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 19:59:31 -0300 Subject: [PATCH 011/129] ephemeral is now a nixosModule --- flake.nix | 1 + hosts/modules/ephemeral.nix | 37 +++++++++++++++++++ hosts/modules/ephermal.nix | 72 ------------------------------------ modules/ephemeral.nix | 74 +++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 4 +- nixosModules.nix | 7 ++++ 6 files changed, 121 insertions(+), 74 deletions(-) create mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/ephermal.nix create mode 100644 modules/ephemeral.nix create mode 100644 nixosModules.nix diff --git a/flake.nix b/flake.nix index 0d826a1..693b17a 100644 --- a/flake.nix +++ b/flake.nix @@ -50,6 +50,7 @@ ./devShells.nix ./homeConfigurations.nix ./nixosConfigurations.nix + ./nixosModules.nix ./overlays.nix ./packages.nix ]; diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix new file mode 100644 index 0000000..a759cf4 --- /dev/null +++ b/hosts/modules/ephemeral.nix @@ -0,0 +1,37 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.nixosModules.ephemeral + ]; + + ephemeral = { + enable = true; + rootDevice = "/dev/mapper/cryptroot"; + rootSubvolume = "@root"; + }; + + environment.persistence.main = { + persistentStoragePath = "/persistent"; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ]; + }; +} diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix deleted file mode 100644 index adaf5af..0000000 --- a/hosts/modules/ephermal.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.impermanence.nixosModules.impermanence ]; - - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/mapper/cryptroot /btrfs_tmp - - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix new file mode 100644 index 0000000..be6fc6b --- /dev/null +++ b/modules/ephemeral.nix @@ -0,0 +1,74 @@ +{ lib, config, ... }: + +let + cfg = config.ephemeral; +in +{ + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + example = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount ${cfg.rootDevice} /btrfs_tmp + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume} + umount /btrfs_tmp + ''; + }; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 65a9e14..6c9cfb9 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -11,7 +11,7 @@ in "desktop" "bluetooth" "dev" - "ephermal" + "ephemeral" "fwupd" "gaming" "libvirtd" @@ -26,7 +26,7 @@ in "desktop" "bluetooth" "dev" - "ephermal" + "ephemeral" "networkmanager" "podman" ]; diff --git a/nixosModules.nix b/nixosModules.nix new file mode 100644 index 0000000..5fd416b --- /dev/null +++ b/nixosModules.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + flake.nixosModules = { + ephemeral = import ./modules/ephemeral.nix; + }; +} From 4b5426885c87d4675e49cae2b454ef9339b86440 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:02:47 -0300 Subject: [PATCH 012/129] added null check to hm-cli --- packages/hm-cli.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index ef3ec30..614f287 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -23,9 +23,9 @@ pkgs.writeShellScriptBin "hm" '' Environment Variables: HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "$(echo $HM_PATH)" + Currently set to "''${HM_PATH:-}" HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "$(echo $HM_USER)" + Currently set to "''${HM_USER:-}" EOF } @@ -58,10 +58,14 @@ pkgs.writeShellScriptBin "hm" '' "$HM" remove-generations "$@" ;; rollback) - "$HM" generations | \ + PREV_GEN=$("$HM" generations | \ sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1 | \ - xargs -I {} "$HM" switch --flake "$FLAKE_PATH" --switch-generation {} + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" ;; switch) if [[ $# -ne 3 ]]; then From d655099d76de16c93302fabaae1ef7e3584b547d Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:07:51 -0300 Subject: [PATCH 013/129] added error handling to ephemeral.nix --- modules/ephemeral.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix index be6fc6b..7403aac 100644 --- a/modules/ephemeral.nix +++ b/modules/ephemeral.nix @@ -45,8 +45,13 @@ in RemainAfterExit = true; }; script = '' + set -euo pipefail + mkdir /btrfs_tmp - mount ${cfg.rootDevice} /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then mkdir -p /btrfs_tmp/old_roots @@ -66,7 +71,12 @@ in delete_subvolume_recursively "$i" done - btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume} + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + umount /btrfs_tmp ''; }; From 8ebab3907ff5e43ab77b9e7714e715df288bf3cd Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:10:06 -0300 Subject: [PATCH 014/129] moved kwrite to its own package definition --- hosts/modules/desktop/desktop.nix | 15 --------------- overlays.nix | 1 + packages.nix | 1 + packages/kwrite.nix | 15 +++++++++++++++ 4 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 packages/kwrite.nix diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 2afd7ea..f4c4570 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -5,21 +5,6 @@ ... }: -let - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; -in { imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; diff --git a/overlays.nix b/overlays.nix index a5ba76c..5e83cc5 100644 --- a/overlays.nix +++ b/overlays.nix @@ -5,6 +5,7 @@ default = final: prev: { toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; hm-cli = inputs.self.packages.${final.system}.hm-cli; + kwrite = inputs.self.packages.${final.system}.kwrite; }; }; } diff --git a/packages.nix b/packages.nix index e83ad26..cb17332 100644 --- a/packages.nix +++ b/packages.nix @@ -7,6 +7,7 @@ packages = { toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; + kwrite = pkgs.callPackage ./packages/kwrite.nix { }; }; }; } diff --git a/packages/kwrite.nix b/packages/kwrite.nix new file mode 100644 index 0000000..14ebce1 --- /dev/null +++ b/packages/kwrite.nix @@ -0,0 +1,15 @@ +{ pkgs }: + +pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; +} From edd0b5ca9cd7ed69521d6cd984f099187c9fb1d7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:15:11 -0300 Subject: [PATCH 015/129] remove fish plugin sponge; updated fish plugin z --- users/modules/common/fish.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index 8de52c3..d95db24 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -15,24 +15,15 @@ sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; }; } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } { name = "z"; src = pkgs.fetchFromGitHub { owner = "jethrokuan"; repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; }; } ]; }; -} \ No newline at end of file +} From f62f34e98faa66a4b39852264fe70ba1fa374f51 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:31:20 -0300 Subject: [PATCH 016/129] fix warnings --- hosts/modules/desktop/desktop.nix | 2 +- users/modules/desktop.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f4c4570..b046031 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -74,7 +74,7 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; user = "greeter"; }; initial_session = { diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 1873cc7..f7d35d0 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -42,6 +42,7 @@ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; + config = "*"; }; gtk = { From 5e686f5bfff1452309acce1f4c063903d4323b1b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:32:40 -0300 Subject: [PATCH 017/129] fix xdg portal config --- users/modules/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index f7d35d0..8d62aa4 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -42,7 +42,7 @@ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; - config = "*"; + config.common.default = "*"; }; gtk = { From d8661561ef8ad4b675cab30582f9d5be96fcb8c4 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:42:00 -0300 Subject: [PATCH 018/129] minor changes to starship --- users/modules/starship.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/users/modules/starship.nix b/users/modules/starship.nix index 8b9a14c..1147f48 100644 --- a/users/modules/starship.nix +++ b/users/modules/starship.nix @@ -13,10 +13,10 @@ ''; right_format = "$cmd_duration$character"; hostname = { - ssh_symbol = " "; + ssh_symbol = "󰖟 "; }; character = { - error_symbol = "[](red)"; + error_symbol = "[](red)"; success_symbol = "[󱐋](green)"; }; cmd_duration = { @@ -37,4 +37,4 @@ }; }; }; -} \ No newline at end of file +} From 9d2804674717475b57307b443ac103817c85368e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 21:37:53 -0300 Subject: [PATCH 019/129] starship symbols --- users/modules/desktop.nix | 5 +++++ users/modules/starship.nix | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 8d62aa4..b482894 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -28,6 +28,11 @@ }; }; + ghostty = { + enable = true; + enableFishIntegration = true; + enableBashIntegration = true; + }; password-store = { enable = true; package = pkgs.pass-wayland; diff --git a/users/modules/starship.nix b/users/modules/starship.nix index 1147f48..c836c51 100644 --- a/users/modules/starship.nix +++ b/users/modules/starship.nix @@ -25,7 +25,7 @@ min_time = 500; }; git_branch = { - symbol = " "; + symbol = " "; style = "purple"; }; git_status.style = "red"; From 79ee8905cd80f35d34411c46142c98555ec17bd5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 09:47:43 -0300 Subject: [PATCH 020/129] some new stuff in gitignore --- .gitignore | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2a47a91..928efae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,10 @@ -result/ +# Nix build outputs result +result-* .direnv/ -.pre-commit-config.yaml + +# Personal notes and temporary files +todo.md +notes.md +scratch/ +tmp/ From 02eb626d336c933d92cfabd24aaaa431c367444c Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:03:29 -0300 Subject: [PATCH 021/129] ghostty settings in hm --- users/modules/desktop.nix | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index b482894..b2661bf 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -11,27 +11,22 @@ enableVPN = false; }; - rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; - }; - }; - }; - ghostty = { enable = true; enableFishIntegration = true; enableBashIntegration = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256-0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + theme = "Banana Blueberry"; + window-theme = "ghostty"; + bell-features = "border"; + }; }; password-store = { enable = true; From ecb290a98984d24dc1f3f49f9e622f71f037f7a8 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:14:47 -0300 Subject: [PATCH 022/129] renamed mkUser to mkHome --- homeConfigurations.nix | 6 +++--- utils.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 3d3a950..7f50059 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,11 +1,11 @@ { inputs, ... }: let utils = import ./utils.nix { inherit inputs; }; - inherit (utils) mkUser; + inherit (utils) mkHome; in { flake.homeConfigurations = { - "user@rotterdam" = mkUser { + "user@rotterdam" = mkHome { username = "user"; tags = [ "btop" @@ -19,7 +19,7 @@ in ]; }; - "user@io" = mkUser { + "user@io" = mkHome { username = "user"; tags = [ "btop" diff --git a/utils.nix b/utils.nix index e56e3c2..0e51125 100644 --- a/utils.nix +++ b/utils.nix @@ -97,7 +97,7 @@ in }; # Tag-based user configuration system - mkUser = + mkHome = { username, homeDirectory ? "/home/${username}", From 9c909ba079e048ffab455ddb1c41d411f28791d5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:30:05 -0300 Subject: [PATCH 023/129] hm-cli now backups files before applying --- packages/hm-cli.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 614f287..f6034ea 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -36,7 +36,7 @@ pkgs.writeShellScriptBin "hm" '' case "$1" in apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; generation) if [[ $# -lt 2 ]]; then @@ -65,14 +65,14 @@ pkgs.writeShellScriptBin "hm" '' echo "Error: could not determine previous generation (possibly only one generation exists)" exit 1 fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp ;; switch) if [[ $# -ne 3 ]]; then echo "Error: switch requires exactly one generation ID" exit 1 fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp ;; cleanup) CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') From 3f2672e4689943dabdacbd6ae626a62f14f5ac28 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:31:25 -0300 Subject: [PATCH 024/129] ghostty shader --- users/modules/desktop.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index b2661bf..e914cc0 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -13,15 +13,13 @@ ghostty = { enable = true; - enableFishIntegration = true; - enableBashIntegration = true; settings = { cursor-style = "block"; shell-integration-features = "no-cursor"; cursor-style-blink = false; custom-shader = "${builtins.fetchurl { url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256-0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; theme = "Banana Blueberry"; window-theme = "ghostty"; From 8e5a0ff6206197f347e35d48ed3304871dbdd842 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 11:44:11 -0300 Subject: [PATCH 025/129] stylix on hm --- flake.lock | 310 +++++++++++++++++++++++++++++++++++- flake.nix | 2 + homeConfigurations.nix | 2 + overlays.nix | 1 + packages.nix | 1 + packages/base16-schemes.nix | 32 ++++ users/modules/desktop.nix | 3 +- users/modules/helix.nix | 5 +- users/modules/stylix.nix | 57 +++++++ 9 files changed, 407 insertions(+), 6 deletions(-) create mode 100644 packages/base16-schemes.nix create mode 100644 users/modules/stylix.nix diff --git a/flake.lock b/flake.lock index b19b2ca..17a379b 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,74 @@ "type": "github" } }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -131,6 +199,22 @@ "type": "github" } }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -165,6 +249,27 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -183,6 +288,39 @@ "type": "github" } }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -397,6 +535,47 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "quickshell": { "inputs": { "nixpkgs": [ @@ -430,7 +609,8 @@ "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable", + "stylix": "stylix" } }, "rust-overlay": { @@ -455,6 +635,38 @@ "type": "github" } }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_2", + "gnome-shell": "gnome-shell", + "nixpkgs": "nixpkgs_4", + "nur": "nur", + "systems": "systems_3", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1760472212, + "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "owner": "danth", + "repo": "stylix", + "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -484,6 +696,102 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 693b17a..d74d9ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + stylix.url = "github:danth/stylix"; + nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 7f50059..db44b76 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -15,6 +15,7 @@ in "helix" "obs-studio" "starship" + "stylix" "tmux" ]; }; @@ -27,6 +28,7 @@ in "direnv" "helix" "starship" + "stylix" "tmux" ]; }; diff --git a/overlays.nix b/overlays.nix index 5e83cc5..2732f0e 100644 --- a/overlays.nix +++ b/overlays.nix @@ -6,6 +6,7 @@ toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; }; }; } diff --git a/packages.nix b/packages.nix index cb17332..2cd7661 100644 --- a/packages.nix +++ b/packages.nix @@ -8,6 +8,7 @@ toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; + base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; }; }; } diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix new file mode 100644 index 0000000..ffd6c04 --- /dev/null +++ b/packages/base16-schemes.nix @@ -0,0 +1,32 @@ +{ + lib, + stdenv, + fetchFromGitHub, +}: +stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; + + src = fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ + + runHook postInstall + ''; + + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ lib.maintainers.DamienCassou ]; + license = lib.licenses.mit; + }; +}) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index e914cc0..a1f8df1 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -21,9 +21,8 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - theme = "Banana Blueberry"; - window-theme = "ghostty"; bell-features = "border"; + keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; password-store = { diff --git a/users/modules/helix.nix b/users/modules/helix.nix index b71799b..e6e1cd1 100644 --- a/users/modules/helix.nix +++ b/users/modules/helix.nix @@ -8,13 +8,12 @@ programs.helix = { enable = true; settings = { - theme = "base16_transparent"; editor = { file-picker.hidden = false; idle-timeout = 0; line-number = "relative"; cursor-shape = { - normal = "block"; + normal = "bar"; insert = "bar"; select = "underline"; }; @@ -47,4 +46,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix new file mode 100644 index 0000000..5ab0431 --- /dev/null +++ b/users/modules/stylix.nix @@ -0,0 +1,57 @@ +{ + config, + inputs, + pkgs, + ... +}: + +{ + imports = [ inputs.stylix.homeModules.stylix ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "adwaita"; + dark = "adwaita-dark"; + }; + opacity = { + applications = 1.0; + desktop = 0.8; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + }; +} From a34c15d72fbd21d5b4eebfcc2bc70930a022816b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 13:44:52 -0300 Subject: [PATCH 026/129] stylix and zen-browser --- flake.lock | 59 +++++++++++++++++++- flake.nix | 2 + hosts/modules/desktop/desktop.nix | 89 ++++++++++++++----------------- users/modules/desktop.nix | 12 +++-- users/modules/helix.nix | 2 +- users/modules/stylix.nix | 4 ++ 6 files changed, 114 insertions(+), 54 deletions(-) diff --git a/flake.lock b/flake.lock index 17a379b..e319173 100644 --- a/flake.lock +++ b/flake.lock @@ -384,6 +384,27 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "zen-browser", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -551,6 +572,22 @@ "type": "github" } }, + "nixpkgs_5": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -610,7 +647,8 @@ "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" + "stylix": "stylix", + "zen-browser": "zen-browser" } }, "rust-overlay": { @@ -792,6 +830,25 @@ "repo": "base16-zed", "type": "github" } + }, + "zen-browser": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1760588585, + "narHash": "sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c", + "type": "github" + }, + "original": { + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d74d9ba..4ec8da1 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,8 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/main"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + impermanence.url = "github:nix-community/impermanence"; }; diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index b046031..5012d7e 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -13,52 +13,46 @@ KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - systemPackages = - with pkgs; - [ - ### Web ### - bitwarden-desktop - brave - tor-browser - qbittorrent - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - colloid-gtk-theme - junction - kara - kde-rounded-corners - libfido2 - mission-center - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ (with pkgs.kdePackages; [ - ark - dolphin - dolphin-plugins - kolourpaint - ]); + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + brave + tor-browser + qbittorrent + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + libreoffice + onlyoffice-desktopeditors + papers + rnote + ### Graphics & Design ### + gimp + inkscape + loupe + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + mpv + obs-studio + qview + ]; }; services = { @@ -86,8 +80,6 @@ flatpak = { enable = true; packages = [ - ### Internet Browsers & Communication ### - "app.zen_browser.zen" ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { @@ -121,7 +113,6 @@ niri.enable = true; dconf.enable = true; kdeconnect.enable = true; - partition-manager.enable = true; appimage = { enable = true; binfmt = true; diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index a1f8df1..3f7545a 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -1,7 +1,10 @@ { inputs, pkgs, ... }: { - imports = [ inputs.dms.homeModules.dankMaterialShell.default ]; + imports = [ + inputs.dms.homeModules.dankMaterialShell.default + inputs.zen-browser.homeModules.beta + ]; fonts.fontconfig.enable = true; @@ -11,6 +14,11 @@ enableVPN = false; }; + zen-browser = { + enable = true; + profiles.william = { }; + }; + ghostty = { enable = true; settings = { @@ -35,9 +43,7 @@ enable = true; xdgOpenUsePortal = true; extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde xdg-desktop-portal-gtk - xdg-desktop-portal-gnome ]; config.common.default = "*"; }; diff --git a/users/modules/helix.nix b/users/modules/helix.nix index e6e1cd1..a72ead3 100644 --- a/users/modules/helix.nix +++ b/users/modules/helix.nix @@ -13,7 +13,7 @@ idle-timeout = 0; line-number = "relative"; cursor-shape = { - normal = "bar"; + normal = "underline"; insert = "bar"; select = "underline"; }; diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 5ab0431..1c3712a 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -53,5 +53,9 @@ terminal = 12; }; }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; }; } From b03a6f141046f6b1dc204fe305cc64c4d610c36a Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 14:28:08 -0300 Subject: [PATCH 027/129] nextcloud in; radicale+rclone out --- hosts/alexandria/nextcloud.nix | 91 ++++++++++++++++++++++++++++++ hosts/alexandria/nginx.nix | 27 ++------- hosts/alexandria/radicale.nix | 17 ------ hosts/alexandria/rclone-webdav.nix | 82 --------------------------- secrets/nextcloud-adminpass.age | 13 +++++ secrets/nextcloud-secrets.json.age | 13 +++++ 6 files changed, 122 insertions(+), 121 deletions(-) create mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/radicale.nix delete mode 100644 hosts/alexandria/rclone-webdav.nix create mode 100644 secrets/nextcloud-adminpass.age create mode 100644 secrets/nextcloud-secrets.json.age diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix new file mode 100644 index 0000000..4392323 --- /dev/null +++ b/hosts/alexandria/nextcloud.nix @@ -0,0 +1,91 @@ +{ + lib, + config, + pkgs, + ... +}: + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + autoUpdateApps.enable = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + collabora-online = { + enable = true; + settings = { + ssl = { + enable = false; + termination = true; + }; + net = { + listen = "unix"; + frame_ancestors = "cloud.baduhai.dev"; + }; + }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = ../../../secrets/nextcloud-secrets.json.age; + owner = "nextcloud"; + group = "hosted"; + }; + nextcloud-adminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "hosted"; + }; + }; +} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 8c20d5d..654035b 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -36,31 +36,14 @@ in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; + "cloud.baduhai.dev" = { }; "git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + "office.baduhai.dev".locations."/" = { + proxyPass = "http://unix:/run/coolwsd/coolwsd.sock"; + proxyWebsockets = true; + }; "pass.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix deleted file mode 100644 index d81a228..0000000 --- a/hosts/alexandria/radicale.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; -} diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/rclone-webdav.nix deleted file mode 100644 index 8324d31..0000000 --- a/hosts/alexandria/rclone-webdav.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, pkgs, ... }: - -let - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in - -{ - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; - - systemd.services.rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; -} diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age new file mode 100644 index 0000000..4adb2b1 --- /dev/null +++ b/secrets/nextcloud-adminpass.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 +8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI +-> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA +xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA +-> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 +c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA +-> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk +QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 +-> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s +seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw +--- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM +]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age new file mode 100644 index 0000000..3860d4e --- /dev/null +++ b/secrets/nextcloud-secrets.json.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA dt/gmE1ljEV6eiU4cyqy+v49mtjlm/qnkV3D5OCbUFI +LkRedLe6Qf8J5MeH+DNVmeuFyHHjDeYyrjoyzPmqZyI +-> ssh-ed25519 SP9f6A rossSD9Dk/BE9ujDcJY/CdVu5Pm5mLyKBFLpBERu+g0 +g6bnR5N9eC50gbd48rijisF6WLYBtoDi4CSLPBkfiw0 +-> ssh-ed25519 8YSAiw s+i/kWBUvnSEDN93MCO9QSIXnQi02zT+vdBVB8rbAV4 +n4mWFllh8dCW8DVP9R/m6KIuprZnLRbGQ/wjFmhEZx8 +-> ssh-ed25519 3Chb7w c0WkS3MPTAmcHTKMsfoL2mZKF9rJ/oU48noL00UEAjc +AL0b7xrfd9Ll4v/o0dLkic+YsKBiQxyFFKggXsQfM04 +-> ssh-ed25519 J6tVTA ZM+AOwYRTovNJnwe2wdUm9KU6Lj44rgBvthwHSFwDng +DJweE//ogMciRmy0GTj8zDRzItRtlfTkBynRSBDr3ks +--- dNCLx3d9i125QQqdsQVnwdN9QMLU+MWx2KjYFKFv5lU +{ 6EjrTg+I?*xu'$>U4QBDĠ"SIqA|v5xJdHھI6$'7(q{[.I*P <Ĭ/_|yx͙p*xX \ No newline at end of file From 3f9e2e384484014c0c11362076a757e7656df6f5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:05:42 -0300 Subject: [PATCH 028/129] add deploy-rs --- deploy.nix | 41 +++++++++++++ flake.lock | 168 ++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 3 + 3 files changed, 171 insertions(+), 41 deletions(-) create mode 100644 deploy.nix diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..865e4c9 --- /dev/null +++ b/deploy.nix @@ -0,0 +1,41 @@ +{ inputs, self, ... }: +{ + flake.deploy.nodes = { + alexandria = { + hostname = "alexandria"; + profiles.system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + user = "root"; + }; + }; + + trantor = { + hostname = "trantor"; + profiles.system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + }; + user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + }; + }; + }; + }; + + # Optional: Add deploy-rs checks + flake.checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; +} diff --git a/flake.lock b/flake.lock index e319173..3e04b70 100644 --- a/flake.lock +++ b/flake.lock @@ -113,6 +113,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1756719547, + "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "dgop": { "inputs": { "nixpkgs": [ @@ -165,11 +185,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1760401338, - "narHash": "sha256-aN4qiI9R4ByEucFE/zvJFF8Y456nDe1IXCKu0hvEP+U=", + "lastModified": 1760637129, + "narHash": "sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "07fe2ca4072eb987c8090f388d4979f5006cef52", + "rev": "5c816463973d52010839a882d95ea1a44d80c52a", "type": "github" }, "original": { @@ -216,6 +236,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -272,7 +308,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -370,11 +406,11 @@ ] }, "locked": { - "lastModified": 1760033152, - "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", + "lastModified": 1760500983, + "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", "owner": "nix-community", "repo": "home-manager", - "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", + "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", "type": "github" }, "original": { @@ -439,7 +475,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -459,9 +495,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1759846470, @@ -479,16 +515,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", - "owner": "nixos", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -510,11 +546,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1759735786, - "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", + "lastModified": 1760423683, + "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", + "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", "type": "github" }, "original": { @@ -525,6 +561,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1740695751, + "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -540,39 +592,39 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1759831965, - "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c9b6fb798541223bbb396d287d16f43520250518", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_4": { "locked": { "lastModified": 1760524057, "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", - "owner": "NixOS", + "owner": "nixos", "repo": "nixpkgs", "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { + "locked": { + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -637,6 +689,7 @@ "root": { "inputs": { "agenix": "agenix", + "deploy-rs": "deploy-rs", "disko": "disko", "dms": "dms", "flake-parts": "flake-parts", @@ -645,7 +698,7 @@ "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix", "zen-browser": "zen-browser" @@ -682,9 +735,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur": "nur", - "systems": "systems_3", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -750,6 +803,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -831,10 +899,28 @@ "type": "github" } }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1760588585, diff --git a/flake.nix b/flake.nix index 4ec8da1..4f3fac0 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,8 @@ zen-browser.url = "github:0xc000022070/zen-browser-flake"; impermanence.url = "github:nix-community/impermanence"; + + deploy-rs.url = "github:serokell/deploy-rs"; }; outputs = @@ -57,6 +59,7 @@ ./nixosModules.nix ./overlays.nix ./packages.nix + ./deploy.nix ]; }; } From af7467554f8a605b521aae47238d19cfb40b17b5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:05:58 -0300 Subject: [PATCH 029/129] update nextcloud --- hosts/alexandria/nextcloud.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 4392323..2b7670d 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud32; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; @@ -78,12 +78,12 @@ age.secrets = { "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; + file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; group = "hosted"; }; nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; + file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; group = "hosted"; }; From 3792c11bf0a5ac033b63e795b2b23a7a3284ae09 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:07:49 -0300 Subject: [PATCH 030/129] add deploy-rs to devshell --- devShells.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index 254d604..25ee80d 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { perSystem = @@ -8,6 +8,7 @@ packages = with pkgs; [ nil nixfmt-rfc-style + inputs.deploy-rs.packages.${pkgs.system}.default ]; }; }; From 0cf06f8541ef62a5a15f6b51e92c4ed96752d9b4 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:30:01 -0300 Subject: [PATCH 031/129] som more deploy-rs mods --- deploy.nix | 15 +++++++++------ devShells.nix | 4 +++- hosts/modules/common/nix.nix | 12 +++++------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/deploy.nix b/deploy.nix index 865e4c9..2e69377 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,10 +1,11 @@ { inputs, self, ... }: { flake.deploy.nodes = { + remoteBuild = true; alexandria = { hostname = "alexandria"; profiles.system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; user = "root"; }; @@ -13,7 +14,7 @@ trantor = { hostname = "trantor"; profiles.system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; user = "root"; }; @@ -23,7 +24,7 @@ hostname = "io"; profiles = { system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; user = "root"; }; @@ -35,7 +36,9 @@ }; }; }; - - # Optional: Add deploy-rs checks - flake.checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; + perSystem = + { system, ... }: + { + checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; + }; } diff --git a/devShells.nix b/devShells.nix index 25ee80d..82f97e9 100644 --- a/devShells.nix +++ b/devShells.nix @@ -8,8 +8,10 @@ packages = with pkgs; [ nil nixfmt-rfc-style - inputs.deploy-rs.packages.${pkgs.system}.default ]; + shellHook = '' + alias deploy='${inputs.deploy-rs.packages.${pkgs.system}.default}/bin/deploy --skip-checks' + ''; }; }; } diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix index ff0b474..5ef9c4c 100644 --- a/hosts/modules/common/nix.nix +++ b/hosts/modules/common/nix.nix @@ -26,13 +26,11 @@ buildDocs = false; }; - services = { - nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; }; }; From 0adbcc838bb2d87fa12591b4ade4ad70677955d9 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:16:24 -0300 Subject: [PATCH 032/129] merged rclone-webdav with radicale --- .../alexandria/{rclone-webdav.nix => dav.nix} | 59 ++++++++++++++++--- hosts/alexandria/radicale.nix | 17 ------ 2 files changed, 52 insertions(+), 24 deletions(-) rename hosts/alexandria/{rclone-webdav.nix => dav.nix} (59%) delete mode 100644 hosts/alexandria/radicale.nix diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/dav.nix similarity index 59% rename from hosts/alexandria/rclone-webdav.nix rename to hosts/alexandria/dav.nix index 8324d31..8cb510f 100644 --- a/hosts/alexandria/rclone-webdav.nix +++ b/hosts/alexandria/dav.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - +{ lib, inputs, ... }: let + utils = import ../../utils.nix { inherit inputs; }; + inherit (utils) mkNginxVhosts; + rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' #!/bin/bash @@ -42,12 +44,49 @@ let --verbose ''; in - { - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; + services = { + nginx.virtualHosts = mkNginxVhosts { + inherit lib; + acmeHost = "baduhai.dev"; + domains = { + "dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; + proxy_buffering off; + proxy_request_buffering off; + ''; + }; + }; + }; + }; + radicale = { + enable = true; + settings = { + server = { + hosts = [ "/run/radicale/radicale.sock" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + }; + }; }; systemd.services.rclone-webdav = { @@ -79,4 +118,10 @@ in chmod 755 /data/webdav ''; }; + + age.secrets.webdav = { + file = ../../secrets/webdav.age; + owner = "user"; + group = "users"; + }; } diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix deleted file mode 100644 index d81a228..0000000 --- a/hosts/alexandria/radicale.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; -} From 51b6a62f912c1341728e96de56e9b8b9ca15b6cd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:36:46 -0300 Subject: [PATCH 033/129] new mkNginxVHosts function --- homeConfigurations.nix | 3 +- hosts/alexandria/dav.nix | 49 +++++++++++++--------------- hosts/alexandria/forgejo.nix | 18 +++++++++-- hosts/alexandria/jellyfin.nix | 12 +++++-- hosts/alexandria/librespeed.nix | 12 +++++-- hosts/alexandria/nginx.nix | 55 ++++++++------------------------ hosts/alexandria/vaultwarden.nix | 18 +++++++++-- nixosConfigurations.nix | 3 +- utils.nix | 17 +++++++++- 9 files changed, 109 insertions(+), 78 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 3d3a950..112783f 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkUser; in { diff --git a/hosts/alexandria/dav.nix b/hosts/alexandria/dav.nix index 8cb510f..a300e84 100644 --- a/hosts/alexandria/dav.nix +++ b/hosts/alexandria/dav.nix @@ -1,7 +1,7 @@ { lib, inputs, ... }: let - utils = import ../../utils.nix { inherit inputs; }; - inherit (utils) mkNginxVhosts; + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' #!/bin/bash @@ -46,31 +46,28 @@ let in { services = { - nginx.virtualHosts = mkNginxVhosts { - inherit lib; + nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains = { - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; - proxy_buffering off; - proxy_request_buffering off; - ''; - }; + domains."dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; + proxy_buffering off; + proxy_request_buffering off; + ''; }; }; }; diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 0b9908e..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.forgejo = { enable = true; @@ -18,4 +26,10 @@ actions.ENABLED = false; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 87a825f..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -1,8 +1,16 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.jellyfin = { enable = true; openFirewall = true; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 09e4768..79353bd 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,5 +1,8 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; @@ -11,4 +14,9 @@ "--label=io.containers.autoupdate=registry" ]; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 8c20d5d..192dbda 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -1,5 +1,13 @@ -{ config, lib, ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { security.acme = { acceptTerms = true; @@ -26,45 +34,10 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = - let - commonVHostConfig = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { - "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; - "git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - "pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; - }; + virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."_".locations."/".return = "444"; + }; }; users.users.nginx.extraGroups = [ "acme" ]; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 058c123..21f7d46 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.vaultwarden = { enable = true; @@ -9,4 +17,10 @@ ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 65a9e14..f32f422 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkHost; in { diff --git a/utils.nix b/utils.nix index e56e3c2..f25a821 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,4 @@ -{ inputs }: +{ inputs, lib }: let inherit (inputs) self @@ -172,4 +172,19 @@ in } ]; }; + + # Nginx virtual host utilities + mkNginxVHosts = + { + acmeHost, + domains, + }: + let + commonVHostConfig = { + useACMEHost = acmeHost; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; } From f7b173457652b7432ae59d3c33da8be2197389fe Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:37:06 -0300 Subject: [PATCH 034/129] no more dav --- hosts/alexandria/dav.nix | 124 --------------------------------------- 1 file changed, 124 deletions(-) delete mode 100644 hosts/alexandria/dav.nix diff --git a/hosts/alexandria/dav.nix b/hosts/alexandria/dav.nix deleted file mode 100644 index a300e84..0000000 --- a/hosts/alexandria/dav.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in -{ - services = { - nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; - proxy_buffering off; - proxy_request_buffering off; - ''; - }; - }; - }; - radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - }; - - systemd.services.rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; - - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; -} From c8f1b3a5e0f894584cf8bcf08b46f6eeddcffabb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 08:37:09 -0300 Subject: [PATCH 035/129] fix mkNginxVHosts usage; fix librespeed proxy; fix vaultwarden proxy --- hosts/alexandria/librespeed.nix | 25 ++++++++++++++++++++++++- hosts/alexandria/nextcloud.nix | 4 ++-- hosts/alexandria/nginx.nix | 14 ++++++++------ hosts/alexandria/vaultwarden.nix | 5 +++-- utils.nix | 2 ++ 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 79353bd..aeb8db3 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,14 +1,37 @@ -{ lib, inputs, ... }: +{ + config, + lib, + inputs, + ... +}: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { + systemd.services.init-librespeed-network = { + description = "Create the network bridge for librespeed."; + after = [ "network.target" ]; + wantedBy = [ "podman-librespeed.service" ]; + serviceConfig.Type = "oneshot"; + script = '' + check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) + if [ -z "$check" ]; then + ${config.virtualisation.podman.package}/bin/podman network create librespeed + else + echo "librespeed network already exists" + fi + ''; + }; + virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; + networks = [ "librespeed" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2b7670d..b097616 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -80,12 +80,12 @@ "nextcloud-secrets.json" = { file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; nextcloud-adminpass = { file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 192dbda..0a0a261 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -4,10 +4,12 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { security.acme = { acceptTerms = true; @@ -22,12 +24,6 @@ in }; }; - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; - services.nginx = { enable = true; recommendedGzipSettings = true; @@ -41,4 +37,10 @@ in }; users.users.nginx.extraGroups = [ "acme" ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; } diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 21f7d46..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -14,13 +14,14 @@ in config = { DOMAIN = "https://pass.baduhai.dev"; SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; }; }; services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; } diff --git a/utils.nix b/utils.nix index 7b8e502..1f2c66c 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,5 @@ { inputs, lib }: + let inherit (inputs) self @@ -8,6 +9,7 @@ let agenix ; in + { # Tag-based host configuration system mkHost = From 681f68d7903101de8dcc05a8bcf07a244eef59eb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 09:47:40 -0300 Subject: [PATCH 036/129] nexcloud on 25.05 is still at version 31 --- hosts/alexandria/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index b097616..603c85f 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud31; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; From 6d41eeaf885090d66eaac60e1659e7f4b9d6a9be Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 09:51:49 -0300 Subject: [PATCH 037/129] mkHome instead of mkUser --- homeConfigurations.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index cbd1e6c..422681d 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -3,12 +3,12 @@ let lib = inputs.nixpkgs.lib; utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkUser; + inherit (utils) mkHome; in { flake.homeConfigurations = { - "user@rotterdam" = mkUser { + "user@rotterdam" = mkHome { username = "user"; tags = [ "btop" @@ -23,7 +23,7 @@ in ]; }; - "user@io" = mkUser { + "user@io" = mkHome { username = "user"; tags = [ "btop" From 64379d7ab48da9269f6c628473f50b3bcbbc1080 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:01:11 -0300 Subject: [PATCH 038/129] fixed some stuff --- deploy.nix | 6 ++++-- devShells.nix | 6 ++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy.nix b/deploy.nix index 2e69377..40a21e9 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,8 +1,9 @@ { inputs, self, ... }: { - flake.deploy.nodes = { + flake.deploy = { remoteBuild = true; - alexandria = { + nodes = { + alexandria = { hostname = "alexandria"; profiles.system = { sshUser = "user"; @@ -36,6 +37,7 @@ }; }; }; +}; perSystem = { system, ... }: { diff --git a/devShells.nix b/devShells.nix index 82f97e9..e5c4a33 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ ... }: { perSystem = @@ -8,10 +8,8 @@ packages = with pkgs; [ nil nixfmt-rfc-style + deploy-rs ]; - shellHook = '' - alias deploy='${inputs.deploy-rs.packages.${pkgs.system}.default}/bin/deploy --skip-checks' - ''; }; }; } From c6b5cc16c13c9b972d12adafff8719ce821a319d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:01:23 -0300 Subject: [PATCH 039/129] don't touch nextcloud apps --- hosts/alexandria/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 603c85f..84853dc 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -14,7 +14,6 @@ hostName = "cloud.baduhai.dev"; configureRedis = true; https = true; - autoUpdateApps.enable = true; secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; From d0793fb1256d32607005479f8f8ea7588a6bc41e Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:07:55 -0300 Subject: [PATCH 040/129] I'm forced to map a port in librespeed --- hosts/alexandria/librespeed.nix | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index aeb8db3..e36a81d 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -11,27 +11,12 @@ let in { - systemd.services.init-librespeed-network = { - description = "Create the network bridge for librespeed."; - after = [ "network.target" ]; - wantedBy = [ "podman-librespeed.service" ]; - serviceConfig.Type = "oneshot"; - script = '' - check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) - if [ -z "$check" ]; then - ${config.virtualisation.podman.package}/bin/podman network create librespeed - else - echo "librespeed network already exists" - fi - ''; - }; - virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; - networks = [ "librespeed" ]; + ports = [ "127.0.0.1:58080:80" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" @@ -40,6 +25,6 @@ in services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; } From f9874296ae3b06a744633cc1632f63d29b6724a1 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:47:04 -0300 Subject: [PATCH 041/129] expose nextcloud and collabora on proxy --- hosts/alexandria/nextcloud.nix | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 84853dc..373b0e5 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -2,9 +2,15 @@ lib, config, pkgs, + inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + { services = { nextcloud = { @@ -62,17 +68,35 @@ collabora-online = { enable = true; + port = 9980; settings = { ssl = { enable = false; termination = true; }; net = { - listen = "unix"; + listen = "loopback"; frame_ancestors = "cloud.baduhai.dev"; }; }; }; + + nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains = { + "cloud.baduhai.dev" = { }; + "office.baduhai.dev".locations = { + "/".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; + "~ ^/cool/(.*)/ws$".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; + "~ ^/cool/(.*)/ws$".extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + ''; + }; + }; + }; }; age.secrets = { From f5a7377b1f5c88ba29f3bb56deea3bed1eb9e2ef Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:49:44 -0300 Subject: [PATCH 042/129] nextcloud desktop client --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5012d7e..ebffd49 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -17,6 +17,7 @@ ### Web ### bitwarden-desktop brave + nextcloud-client tor-browser qbittorrent vesktop From 265dc9947650bebfc4c6068752152280218d18e8 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 15:23:13 -0300 Subject: [PATCH 043/129] add agenix to shell --- devShells.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index e5c4a33..acf63f8 100644 --- a/devShells.nix +++ b/devShells.nix @@ -6,9 +6,10 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ + agenix + deploy-rs nil nixfmt-rfc-style - deploy-rs ]; }; }; From 7e02970b56c5da72ce06e9e44eba86054fc63b0f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 15:39:56 -0300 Subject: [PATCH 044/129] fix up secrets --- secrets/cloudflare.age | 22 ++++++--------- secrets/nextcloud-adminpass.age | 20 ++++++------- secrets/nextcloud-secrets.json.age | Bin 757 -> 537 bytes secrets/secrets.nix | 44 ++++++++++++++--------------- secrets/webdav.age | 15 ---------- 5 files changed, 38 insertions(+), 63 deletions(-) delete mode 100644 secrets/webdav.age diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 11cfac6..9e989ec 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,15 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog HMpl/3mb59SsUvkDXXxO+odBNSc1dZS1nQtC8/BPlGI -4fPk0YtGxOoqXDfTN9kQlH0Pg2iaJXUZE5es6f317L4 --> ssh-ed25519 SP9f6A p1kh6UOFJ4xwulLY9IpbNZIJ7JSouR27j6HgK/XRegM -rJCzN+RCdQgo/xCkAmcdN6GfXsoQhpmE1HuGwYs/2CI --> ssh-ed25519 8YSAiw cCbMOE3PMa3bzGGQSeQZuq074iwt4p4HLDu8uiHhWRY -U6wR/DuBdMKfbmQfUZ8XLdTBxNsUMR2lOueYucR5+bY --> ssh-ed25519 7cojTQ iLDzC79YtZcrqldzCyIFHrpsEapOXYD5AXuNoQ+3ulI -v2NiE3pA+J8Po+PqTTUU9XYKy37AIyj5KWdlh7FOPG8 --> ssh-ed25519 J6tVTA Jw1pSpF1J2Ud46BDhdRCPErgUeim8uwWxiB1E3BiJB8 -hGdGFi46iqKJN0QviG1xRNf2kwlls0rM5k3LkAiw8jY --> ssh-ed25519 Kl5yTQ yXnKCsJNjTSQYiPuv6dAF6raB3EFcg2oag1cBVkdvwk -0hwjrZpclTrFWtr5JqAbwXImYzZwTJOJPkhNnlHmPeo ---- k97ZU6FfTWVqBwNcrF9QeEbnqnuQUQ9pR1qM/Sgjh7A -#L-q﹋hr&*hNbqܦHŠG=@uaku|Er^BOo}:5ju$%".A1qP\2C R_ S=(%sި \ No newline at end of file +-> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY +NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc +-> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU +6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg +-> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s +WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U +--- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE +_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 4adb2b1..3b6ff2a 100644 --- a/secrets/nextcloud-adminpass.age +++ b/secrets/nextcloud-adminpass.age @@ -1,13 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 -8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI --> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA -xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA --> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 -c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA --> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk -QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 --> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s -seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw ---- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM -]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file +-> ssh-ed25519 Kfdnog aE5/4P3r4e4fh7fFYI+0ci4n5egCI9XxMUsVUQJvmjE +ILlTNB342CLNpdX8SEnSnzEqjvSj8smDjGBQXjQ3pVc +-> ssh-ed25519 8YSAiw tedtmECa3YP0wjOZsCJKAU/izbPcPHWnL++PRSjBIA4 +Rk4E8SbG5ThaBKvtOEe+MWB1JrzFnQAgH/TJGv3+hT8 +-> ssh-ed25519 J6tVTA gozo087SB3PrKK3dTRpmLfUH+pWA67TEHJOmgj1+ASY +pdLnZWvQHyN9lZuS4jjvsnGne+TMZ0PagvfvQJXJW2w +--- hJpVSU9xNlac99VD26i0uW6Jw/U/CoOcAwHSUCk0acs +?hš) IסЇKx::<J BVMx0L \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 3860d4e3352a711b3c6e1aa60cdbc562c6ca04ae..473f3cb97a38fcb01d2d7512306b9576963b2754 100644 GIT binary patch delta 472 zcmey$I+JCBYMggkN?v}tLZ(@Xu}g@*Wrc4^Vy=m0L{7e^aX_YJd8J#5lbL~uNw7g! zZit6jVUAlmSDJp7e_CpAQAJ|0e~M3vg-d3Yb4iXzwo6u|Z$@!}r%|$HX1IG!fwrON z#E;_PMme6DrNud=j-}ylmZ_!5sgWjm#znzCrRB~!hNU?LrYQxU{t+4Bx!JBmgg;!YQIcFpmhoo6#dKpzDyLpDY`(^nh=ll3NSGlEgm75g>hI)kM>05?*>KAyL zn-=?)Rg{~0N9dOaW(Ow~8s_*{xFi|`g(oL->FVk#xETb8mgbeEMOnIO=jVB(yZV}% zl^XfFRX7EES_JwQ8wQxwJEjGsmFb&>a(!53p;qHcGzOhHdr?!)Yy?)B}jRjm0}ob&b+NbC~!2$`=~ U*|Bd)>My+|#f!Ip+dAn605j{k7XSbN delta 713 zcmbQq@|AUhYJEngc8<5BLQ08#dakQsPL^w!S!!meNpfXjrFNN#Wo}7UPOg4oUUrzV zi>beJQmC6Jmrr(3YKl*)Szwxlm#J^6hqjAfSZ->mTcw9bmP=}6Wl>gsWmQ0KVN|6j zm#&>cadC!jYKoDmsiCDpaDZi+nWI8cesOWIi=|7pe!Y{cWoed6vR9-_Qkg1<#sE|1y_+)1$YeyD)J7oq|RJyr&r>9302d4QNm`waAULWPF z?dV?~85ELV=I51Ho@!K{5}Ir29ct#2Wnxm4?o?KiQSK4!R_>CQ&gJ4&p6aTvpP%lV zoEel`Y2Y4`Wl`l4ROML`RFabxlI>KP7ZmK|Qe>Q6%%!WVtB~U7>{DT!Vwq`ZWEvP) zm{J@VmRFwQXBp`06RPbSUSZ^&RUhf*?N(-*6UsGfMfL0LylgMbT(gQoezZ5IKhYNJ zy!hU8=c@UicG+*cc1nw}g0)nAi^?mzP&t#CZvvfMjx10L_MBKan_t?o=GBif({C01 zUVJGJyZ?CH+UIE|d-SZzYV|Jj#Ts`CtG~?r7X5vS-m|uco>~EIJ63Qv*c@4N@wmS5 YR{r>!%HJXtXJ>X5X#Ja0vFm390H{Fzn*aa+ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ba71b7a..d47309f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,29 +1,29 @@ let - io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs"; - io-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; - io = [ - io-user - io-host - ]; + io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"; + io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA root@io"; - rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"; - rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL"; - rotterdam = [ - rotterdam-user - rotterdam-host - ]; + rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"; + rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL root@rotterdam"; - alexandria-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; - alexandria = [ alexandria-host ]; + alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7"; - trantor = [ trantor-host ]; - - desktops = io ++ rotterdam; - servers = alexandria ++ trantor; - all-hosts = desktops ++ servers; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; in + { - "cloudflare.age".publicKeys = all-hosts; - "webdav.age".publicKeys = all-hosts; + "cloudflare.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-adminpass.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-secrets.json.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; } diff --git a/secrets/webdav.age b/secrets/webdav.age deleted file mode 100644 index 93bd850..0000000 --- a/secrets/webdav.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 Kfdnog 9oKx6Oz/J/QJ0mmgoLX5AUx0sFdxnPVnjF42bElPSXA -BJ6h4lHGDsf1Npc4bwkvz5htGRT/x/b2bs9WFM2W/pc --> ssh-ed25519 SP9f6A T5t4apynXLYN/4YEvaHRCI28rrKzet4r6LrbAye5VGk -BsXkZYBxG9zcfLYCd9H0+LW078oCDyYx9zG+DPfE7bA --> ssh-ed25519 8YSAiw RY0YR30qyJPvhy7eTJLoj2JXpH9qHP43fJaHilJykXM -E5/P0Egz/LKwEhYLYd5Cnrat47gnYn93yDSeYgLi934 --> ssh-ed25519 7cojTQ qTCTw7CjilThFLmXYph4YhVBhnk1DpnFCGwgioo/XB0 -N31nZ8nInQuddLD3b0bxI5Es/pTvTQD8nz0f/AZtNFg --> ssh-ed25519 J6tVTA 7OawDsWwtVxu76ZgF0dFclMr19sBNdtu7H+Tr7Pd+SQ -hhVKcscIKIH1WChhRo/RYqUWy1rgs/EKnlHr9uY7QrQ --> ssh-ed25519 Kl5yTQ +i2Q3uNHw1jAVH76NHy4QbjCc6sBBYjsbr7w4mLaHW4 -JOJ02zU0+IxlbXMBsW4UrvzvLUbifdzABBNL+bc0bBs ---- W40oEFdBUKbi0teNTc6B1sX0ReHDvkIJcBm1dlROnk8 -zҼCn箱e7{{N6az"EHB/BYbD \ No newline at end of file From 7da7b7167aa9bef30232bc03a9098575e62ccc52 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:26:32 -0300 Subject: [PATCH 045/129] i give up on nextcloud office --- hosts/alexandria/nextcloud.nix | 39 +++++++++------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 373b0e5..84de9fc 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -15,7 +15,7 @@ in services = { nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; @@ -23,6 +23,14 @@ in secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + ; + }; + extraAppsEnable = true; caching = { apcu = true; redis = true; @@ -66,36 +74,9 @@ in }; }; - collabora-online = { - enable = true; - port = 9980; - settings = { - ssl = { - enable = false; - termination = true; - }; - net = { - listen = "loopback"; - frame_ancestors = "cloud.baduhai.dev"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains = { - "cloud.baduhai.dev" = { }; - "office.baduhai.dev".locations = { - "/".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; - "~ ^/cool/(.*)/ws$".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; - "~ ^/cool/(.*)/ws$".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_read_timeout 36000s; - ''; - }; - }; + domains."cloud.baduhai.dev" = { }; }; }; From 14457d1ec21d93672c84a95047fab7c6febc022b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:55:37 -0300 Subject: [PATCH 046/129] modifications to nextcloud apps --- hosts/alexandria/nextcloud.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 84de9fc..599b832 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,13 +24,10 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - ; + inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; + appstoreEnable = true; caching = { apcu = true; redis = true; From 3164e1ebf2874d2ae01f46e9334e158d0df8a1b4 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:55:52 -0300 Subject: [PATCH 047/129] add helix editor to all systems --- hosts/modules/common/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index 9820149..e0cc2c9 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -7,6 +7,7 @@ git ### System Utilities ### btop + helix nixos-firewall-tool nvd sysz From 0b17f03ddea318d0062819dcc1c1b9a452418379 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 16:17:08 -0300 Subject: [PATCH 048/129] disable nextcloud appstore --- hosts/alexandria/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 599b832..68d4875 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -27,7 +27,6 @@ in inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; - appstoreEnable = true; caching = { apcu = true; redis = true; From 1b1f30180ee1fd5d96e1abe38bd15fd16b51aeb3 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 16:20:43 -0300 Subject: [PATCH 049/129] fix agenix in devshell --- devShells.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index acf63f8..72b2695 100644 --- a/devShells.nix +++ b/devShells.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix + agenix-cli deploy-rs nil nixfmt-rfc-style From ce1af87bdfa210ec34cb382f263f8b8f271030e1 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 18:43:23 -0300 Subject: [PATCH 050/129] finally, niri is finished --- flake.lock | 142 +++++++++++++++++++++++++++--- flake.nix | 2 + hosts/modules/desktop/desktop.nix | 14 ++- users/modules/desktop.nix | 12 +-- users/modules/stylix.nix | 8 +- 5 files changed, 152 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 3e04b70..64bae33 100644 --- a/flake.lock +++ b/flake.lock @@ -456,6 +456,62 @@ "type": "github" } }, + "niri": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1760774008, + "narHash": "sha256-NchPYxFkN9XOOuocGXBmRFAh9NVFybmAev62zG1nL2A=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "27e012b4cd49e9ac438573ec7a6db3e5835828c3", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1760768097, + "narHash": "sha256-RvlONuKFKu+v7h/MorLONcPzXMMe6zs8aJUDOsfjr1I=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "8c8447918f4fd7bc6c86a8622b1db52417fbbbbd", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -475,7 +531,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -497,7 +553,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1759846470, @@ -545,6 +601,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1760580664, + "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1760423683, "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", @@ -561,6 +633,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -576,7 +664,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -592,7 +680,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1760524057, "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", @@ -608,7 +696,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -624,7 +712,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -696,10 +784,11 @@ "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", + "niri": "niri", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_2", "stylix": "stylix", "zen-browser": "zen-browser" } @@ -735,7 +824,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nur": "nur", "systems": "systems_4", "tinted-foot": "tinted-foot", @@ -917,10 +1006,43 @@ "type": "github" } }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1759707084, + "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1760588585, diff --git a/flake.nix b/flake.nix index 4f3fac0..b9ca962 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,8 @@ impermanence.url = "github:nix-community/impermanence"; deploy-rs.url = "github:serokell/deploy-rs"; + + niri.url = "github:sodiboo/niri-flake"; }; outputs = diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index ebffd49..045c088 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -6,7 +6,10 @@ }: { - imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; + imports = [ + inputs.niri.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; environment = { sessionVariables = { @@ -69,7 +72,7 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${pkgs.niri}/bin/niri-session"; user = "greeter"; }; initial_session = { @@ -111,7 +114,10 @@ }; programs = { - niri.enable = true; + niri = { + enable = true; + package = pkgs.niri; + }; dconf.enable = true; kdeconnect.enable = true; appimage = { @@ -120,6 +126,8 @@ }; }; + niri-flake.cache.enable = false; + fonts = { fontDir.enable = true; packages = with pkgs; [ diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 3f7545a..f2517f3 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -8,6 +8,8 @@ fonts.fontconfig.enable = true; + home.packages = with pkgs; [ xwayland-satellite ]; + programs = { dankMaterialShell = { enable = true; @@ -33,21 +35,13 @@ keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; + password-store = { enable = true; package = pkgs.pass-wayland; }; }; - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; - config.common.default = "*"; - }; - gtk = { enable = true; gtk3.extraConfig = { diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 1c3712a..2c2d39f 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -13,15 +13,15 @@ polarity = "dark"; base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; size = 24; }; icons = { enable = true; package = pkgs.morewaita-icon-theme; - light = "adwaita"; - dark = "adwaita-dark"; + light = "MoreWaita"; + dark = "MoreWaita"; }; opacity = { applications = 1.0; From f2921c030b794230d869ec939b097c2d2ce6d18c Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:08:52 -0300 Subject: [PATCH 051/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d?narHash=sha256-NA/FT2hVhKDftbHSwVnoRTFhes62%2B7dxZbxj5Gxvghs%3D' (2025-08-05) → 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) • Updated input 'dms': 'github:AvengeMedia/DankMaterialShell/5c816463973d52010839a882d95ea1a44d80c52a?narHash=sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues%3D' (2025-10-16) → 'github:AvengeMedia/DankMaterialShell/d38b98459a157a854cdcb14b8493a517c6416bac?narHash=sha256-mBK9Gwbslo7HASfFkfi%2B5RUEAYJ3SLeEdSZvpRBbsWM%3D' (2025-10-20) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/758cf7296bee11f1706a574c77d072b8a7baa881?narHash=sha256-wfG0S7pltlYyZTM%2BqqlhJ7GMw2fTF4mLKCIVhLii/4M%3D' (2025-10-01) → 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) • Updated input 'home-manager': 'github:nix-community/home-manager/c53e65ec92f38d30e3c14f8d628ab55d462947aa?narHash=sha256-zfY4F4CpeUjTGgecIJZ%2BM7vFpwLc0Gm9epM/iMQd4w8%3D' (2025-10-15) → 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/437b586743c3d06b0a72893097395b10e70a2b7b?narHash=sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg%3D' (2025-10-07) → 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/544961dfcce86422ba200ed9a0b00dd4b1486ec5?narHash=sha256-EVAqOteLBFmd7pKkb0%2BFIUyzTF61VKi7YmvP1tw4nEw%3D' (2025-10-15) → 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2?narHash=sha256-Tb%2BNYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8%3D' (2025-10-14) → 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c?narHash=sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus%3D' (2025-10-16) → 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) --- flake.lock | 154 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 106 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 64bae33..d5792a2 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1760637129, - "narHash": "sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues=", + "lastModified": 1760965677, + "narHash": "sha256-mBK9Gwbslo7HASfFkfi+5RUEAYJ3SLeEdSZvpRBbsWM=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "5c816463973d52010839a882d95ea1a44d80c52a", + "rev": "d38b98459a157a854cdcb14b8493a517c6416bac", "type": "github" }, "original": { @@ -272,11 +272,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -406,11 +406,11 @@ ] }, "locked": { - "lastModified": 1760500983, - "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", + "lastModified": 1760929667, + "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", "owner": "nix-community", "repo": "home-manager", - "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", + "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", "type": "github" }, "original": { @@ -457,20 +457,40 @@ } }, "niri": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1760963745, + "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", + "owner": "baduhai", + "repo": "niri", + "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", + "type": "github" + }, + "original": { + "owner": "baduhai", + "ref": "auto-center-when-space-available", + "repo": "niri", + "type": "github" + } + }, + "niri-flake": { "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760774008, - "narHash": "sha256-NchPYxFkN9XOOuocGXBmRFAh9NVFybmAev62zG1nL2A=", + "lastModified": 1760950171, + "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "27e012b4cd49e9ac438573ec7a6db3e5835828c3", + "rev": "f851a923137c0a54719412146fd63d24b3214e60", "type": "github" }, "original": { @@ -499,11 +519,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760768097, - "narHash": "sha256-RvlONuKFKu+v7h/MorLONcPzXMMe6zs8aJUDOsfjr1I=", + "lastModified": 1760940149, + "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", "owner": "YaLTeR", "repo": "niri", - "rev": "8c8447918f4fd7bc6c86a8622b1db52417fbbbbd", + "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", "type": "github" }, "original": { @@ -531,8 +551,8 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_4", + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1742115705, @@ -553,14 +573,14 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1759846470, - "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", + "lastModified": 1760856139, + "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", + "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", "type": "github" }, "original": { @@ -602,11 +622,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760580664, - "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -618,11 +638,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760423683, - "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -634,11 +654,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1757967192, + "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -648,7 +684,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -664,7 +700,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -680,13 +716,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -696,7 +732,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -712,7 +748,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -785,15 +821,37 @@ "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "niri": "niri", + "niri-flake": "niri-flake", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "stylix": "stylix", "zen-browser": "zen-browser" } }, "rust-overlay": { + "inputs": { + "nixpkgs": [ + "niri", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757989933, + "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "nixpkgs": [ "nixos-cli", @@ -824,7 +882,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_4", "tinted-foot": "tinted-foot", @@ -1042,14 +1100,14 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1760588585, - "narHash": "sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus=", + "lastModified": 1760934351, + "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c", + "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", "type": "github" }, "original": { From 0758864078ceed3b767efb0e7997de933201d267 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:29:16 -0300 Subject: [PATCH 052/129] niri fully in home manager now --- flake.nix | 4 +- homeConfigurations.nix | 2 + hosts/modules/desktop/desktop.nix | 10 +- users/modules/{ => desktop}/desktop.nix | 19 +- users/modules/desktop/niri.nix | 222 ++++++++++++++++++++++++ users/modules/stylix.nix | 10 +- utils.nix | 3 +- 7 files changed, 248 insertions(+), 22 deletions(-) rename users/modules/{ => desktop}/desktop.nix (78%) create mode 100644 users/modules/desktop/niri.nix diff --git a/flake.nix b/flake.nix index b9ca962..fc1c117 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,9 @@ deploy-rs.url = "github:serokell/deploy-rs"; - niri.url = "github:sodiboo/niri-flake"; + niri-flake.url = "github:sodiboo/niri-flake"; + + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 422681d..a6866c8 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -10,6 +10,7 @@ in flake.homeConfigurations = { "user@rotterdam" = mkHome { username = "user"; + hostname = "rotterdam"; tags = [ "btop" "desktop" @@ -25,6 +26,7 @@ in "user@io" = mkHome { username = "user"; + hostname = "io"; tags = [ "btop" "desktop" diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 045c088..f3a9f3a 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -1,4 +1,5 @@ { + config, inputs, lib, pkgs, @@ -7,7 +8,7 @@ { imports = [ - inputs.niri.nixosModules.niri + inputs.niri-flake.nixosModules.niri inputs.nix-flatpak.nixosModules.nix-flatpak ]; @@ -72,11 +73,11 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${pkgs.niri}/bin/niri-session"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; user = "greeter"; }; initial_session = { - command = "${lib.getExe pkgs.niri}"; + command = "${config.programs.niri.package}/bin/niri-session"; user = "user"; }; }; @@ -116,10 +117,9 @@ programs = { niri = { enable = true; - package = pkgs.niri; + package = inputs.niri.packages.${pkgs.system}.niri; }; dconf.enable = true; - kdeconnect.enable = true; appimage = { enable = true; binfmt = true; diff --git a/users/modules/desktop.nix b/users/modules/desktop/desktop.nix similarity index 78% rename from users/modules/desktop.nix rename to users/modules/desktop/desktop.nix index f2517f3..ab84c77 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,25 +1,11 @@ { inputs, pkgs, ... }: { - imports = [ - inputs.dms.homeModules.dankMaterialShell.default - inputs.zen-browser.homeModules.beta - ]; - fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; programs = { - dankMaterialShell = { - enable = true; - enableVPN = false; - }; - - zen-browser = { - enable = true; - profiles.william = { }; - }; ghostty = { enable = true; @@ -42,6 +28,11 @@ }; }; + services.kdeconnect = { + enable = true; + indicator = true; + }; + gtk = { enable = true; gtk3.extraConfig = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix new file mode 100644 index 0000000..07ce11e --- /dev/null +++ b/users/modules/desktop/niri.nix @@ -0,0 +1,222 @@ +{ + inputs, + pkgs, + hostname ? null, + ... +}: + +let + isRotterdam = hostname == "rotterdam"; +in + +{ + imports = [ + inputs.dms.homeModules.dankMaterialShell.default + ]; + + home.packages = with pkgs; [ xwayland-satellite ]; + + programs.dankMaterialShell = { + enable = true; + enableVPN = false; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + struts { + left 8 + right 8 + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" + spawn-at-startup "dms" "run" + layer-rule { + match namespace="^wallpaper$" + place-within-backdrop true + } + + spawn-at-startup "xwayland-satellite" + environment { + DISPLAY ":0" + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + // open zen at half window width + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Mod+Return { spawn "ghostty"; } + Alt+Space { spawn "dms" "ipc" "call" "spotlight" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "increment" "5"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "decrement" "5"; } + XF86AudioMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "mute"; } + XF86AudioMicMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "micmute"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } + XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } + Mod+Shift+Q { close-window; } + Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } + Mod+M hotkey-overlay-title="Task Manager" { spawn "dms" "ipc" "call" "processlist" "toggle"; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Shift+E { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Ctrl+Alt+Delete { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; +} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 2c2d39f..d59e355 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -6,7 +6,10 @@ }: { - imports = [ inputs.stylix.homeModules.stylix ]; + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; stylix = { enable = true; @@ -58,4 +61,9 @@ profileNames = [ "william" ]; }; }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; } diff --git a/utils.nix b/utils.nix index 1f2c66c..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -102,6 +102,7 @@ in mkHome = { username, + hostname ? null, homeDirectory ? "/home/${username}", tags ? [ ], extraModules ? [ ], @@ -165,7 +166,7 @@ in home-manager.lib.homeManagerConfiguration { inherit pkgs; extraSpecialArgs = { - inherit inputs; + inherit inputs hostname; userTags = allTags; }; modules = allModules ++ [ From d931282a3575dd1e7432b55a11caf8d5b967cccc Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:34:38 -0300 Subject: [PATCH 053/129] fix niri config spacing --- users/modules/desktop/niri.nix | 7 +++---- users/user/git.nix | 19 +++++++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 07ce11e..321f701 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -58,13 +58,13 @@ in if isRotterdam then '' proportion 0.33333 - proportion 0.5 - proportion 0.66667 + proportion 0.5 + proportion 0.66667 '' else '' proportion 0.5 - proportion 1 + proportion 1 '' } } @@ -116,7 +116,6 @@ in slowdown 0.3 } - // open zen at half window width window-rule { match app-id="zen" default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } diff --git a/users/user/git.nix b/users/user/git.nix index fcafc00..9c1fb20 100644 --- a/users/user/git.nix +++ b/users/user/git.nix @@ -1,10 +1,17 @@ { pkgs, ... }: { - programs.git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; }; -} \ No newline at end of file +} From 5006f6fc95b9b4a00e660cbceeca075d6e5d6b51 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 11:41:15 -0300 Subject: [PATCH 054/129] local build on io deploy --- deploy.nix | 54 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/deploy.nix b/deploy.nix index 40a21e9..187c92f 100644 --- a/deploy.nix +++ b/deploy.nix @@ -4,40 +4,42 @@ remoteBuild = true; nodes = { alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { + hostname = "alexandria"; + profiles.system = { sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; user = "root"; }; - user = { + }; + + trantor = { + hostname = "trantor"; + profiles.system = { sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + remoteBuild = false; + }; + user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + remoteBuild = false; + }; }; }; }; }; -}; perSystem = { system, ... }: { From 8600145275f81860d1e4074ad89735061f12097d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 11:58:43 -0300 Subject: [PATCH 055/129] niri proportions and scaling --- users/modules/desktop/niri.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 321f701..d7c4df2 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -22,6 +22,14 @@ in }; xdg.configFile."niri/config.kdl".text = '' + output "eDP-1" { + scale 1.0 + } + + output "DP-3" { + scale 1.0 + } + input { keyboard { xkb { @@ -64,7 +72,7 @@ in else '' proportion 0.5 - proportion 1 + proportion 1.0 '' } } @@ -118,7 +126,7 @@ in window-rule { match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } window-rule { From 6d3ceccf934762ace497e0e80032579c0c99c82e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 14:10:18 -0300 Subject: [PATCH 056/129] finalising niri config on io --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 5 +++++ homeConfigurations.nix | 6 ++++-- hosts/modules/desktop/desktop.nix | 1 + users/modules/comma.nix | 7 +++++++ users/modules/desktop/desktop.nix | 13 ++++++++++++- users/modules/desktop/niri.nix | 1 + 7 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 users/modules/comma.nix diff --git a/flake.lock b/flake.lock index d5792a2..a742089 100644 --- a/flake.lock +++ b/flake.lock @@ -548,6 +548,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760846226, + "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", @@ -823,6 +843,7 @@ "niri": "niri", "niri-flake": "niri-flake", "nix-flatpak": "nix-flatpak", + "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", diff --git a/flake.nix b/flake.nix index fc1c117..07e2353 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,11 @@ niri-flake.url = "github:sodiboo/niri-flake"; niri.url = "github:baduhai/niri/auto-center-when-space-available"; + + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/homeConfigurations.nix b/homeConfigurations.nix index a6866c8..296abfa 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -12,8 +12,9 @@ in username = "user"; hostname = "rotterdam"; tags = [ - "btop" "desktop" + "btop" + "comma" "direnv" "gaming" "helix" @@ -28,8 +29,9 @@ in username = "user"; hostname = "io"; tags = [ - "btop" "desktop" + "btop" + "comma" "direnv" "helix" "starship" diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f3a9f3a..1c1b6c9 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -102,6 +102,7 @@ uninstallUnmanaged = true; update.auto.enable = true; }; + gvfs.enable = true; }; security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority diff --git a/users/modules/comma.nix b/users/modules/comma.nix new file mode 100644 index 0000000..0aad530 --- /dev/null +++ b/users/modules/comma.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: + +{ + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; +} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ab84c77..21a9451 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,4 +1,9 @@ -{ inputs, pkgs, ... }: +{ + config, + inputs, + pkgs, + ... +}: { fonts.fontconfig.enable = true; @@ -18,6 +23,7 @@ sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; bell-features = "border"; + gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; @@ -42,4 +48,9 @@ gtk-decoration-layout = "appmenu:"; }; }; + + xdg = { + enable = true; + userDirs.enable = true; + }; } diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index d7c4df2..4bab001 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -150,6 +150,7 @@ in Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } Mod+Q { close-window; } + Alt+Shift+Q { close-window;} Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } Mod+Shift+Q { close-window; } Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } From 831b9c95cdd4d9b27218045ebdd7b121550d778d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 17:38:05 -0300 Subject: [PATCH 057/129] better-control for desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 1c1b6c9..d3e8083 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -43,6 +43,7 @@ plasticity ### System Utilities ### adwaita-icon-theme + better-control ghostty gnome-disk-utility junction From a6aa171a4d8fb9e2ec954ac5af85971428e7c7a5 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 19:49:28 -0300 Subject: [PATCH 058/129] nocatlia > dankMaterialShell --- flake.lock | 120 +++++++++++++-------------------- flake.nix | 4 +- users/modules/desktop/niri.nix | 39 +++++------ 3 files changed, 65 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index a742089..8271d66 100644 --- a/flake.lock +++ b/flake.lock @@ -133,27 +133,6 @@ "type": "github" } }, - "dgop": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760238269, - "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", - "owner": "AvengeMedia", - "repo": "dgop", - "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "dgop", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -175,50 +154,6 @@ "type": "github" } }, - "dms": { - "inputs": { - "dgop": "dgop", - "dms-cli": "dms-cli", - "nixpkgs": [ - "nixpkgs" - ], - "quickshell": "quickshell" - }, - "locked": { - "lastModified": 1760965677, - "narHash": "sha256-mBK9Gwbslo7HASfFkfi+5RUEAYJ3SLeEdSZvpRBbsWM=", - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "rev": "d38b98459a157a854cdcb14b8493a517c6416bac", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "type": "github" - } - }, - "dms-cli": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760241259, - "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", - "owner": "AvengeMedia", - "repo": "danklinux", - "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "danklinux", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -784,6 +719,28 @@ "type": "github" } }, + "noctalia": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell", + "systems": "systems_4" + }, + "locked": { + "lastModified": 1760981626, + "narHash": "sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0=", + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "rev": "73267d1d37b60c963fc4f938acab1eef8a655fe7", + "type": "github" + }, + "original": { + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -812,22 +769,22 @@ "quickshell": { "inputs": { "nixpkgs": [ - "dms", + "noctalia", "nixpkgs" ] }, "locked": { - "lastModified": 1760228179, - "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", + "lastModified": 1753595452, + "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", "ref": "refs/heads/master", - "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", - "revCount": 693, + "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", + "revCount": 665, "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, "original": { "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" } }, "root": { @@ -835,7 +792,6 @@ "agenix": "agenix", "deploy-rs": "deploy-rs", "disko": "disko", - "dms": "dms", "flake-parts": "flake-parts", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", @@ -847,6 +803,7 @@ "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", + "noctalia": "noctalia", "stylix": "stylix", "zen-browser": "zen-browser" } @@ -905,7 +862,7 @@ "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_7", "nur": "nur", - "systems": "systems_4", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,6 +943,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 07e2353..78ff944 100644 --- a/flake.nix +++ b/flake.nix @@ -26,8 +26,8 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - dms = { - url = "github:AvengeMedia/DankMaterialShell"; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4bab001..517805f 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -1,5 +1,6 @@ { inputs, + lib, pkgs, hostname ? null, ... @@ -7,20 +8,12 @@ let isRotterdam = hostname == "rotterdam"; + noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { - imports = [ - inputs.dms.homeModules.dankMaterialShell.default - ]; - home.packages = with pkgs; [ xwayland-satellite ]; - programs.dankMaterialShell = { - enable = true; - enableVPN = false; - }; - xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { scale 1.0 @@ -102,11 +95,15 @@ in } spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" - spawn-at-startup "dms" "run" + spawn-at-startup "${noctalia}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true } + layer-rule { + match namespace="^quickshell-overview$" + place-within-backdrop true + } spawn-at-startup "xwayland-satellite" environment { @@ -139,22 +136,20 @@ in } binds { + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } - Alt+Space { spawn "dms" "ipc" "call" "spotlight" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "increment" "5"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "decrement" "5"; } - XF86AudioMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "mute"; } - XF86AudioMicMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "micmute"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } - XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } Mod+Q { close-window; } Alt+Shift+Q { close-window;} - Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } Mod+Shift+Q { close-window; } - Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } - Mod+M hotkey-overlay-title="Task Manager" { spawn "dms" "ipc" "call" "processlist" "toggle"; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } Mod+Down { focus-window-down; } @@ -222,8 +217,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Shift+E { spawn "dms" "ipc" "call" "powermenu" "toggle"; } - Ctrl+Alt+Delete { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 8fc3e89e56bf0c68dd6083086008a53aeafa0da2 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 07:15:35 -0300 Subject: [PATCH 059/129] noctalia variable for icons pack --- users/modules/desktop/niri.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 517805f..fe40e1c 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,6 +14,10 @@ in { home.packages = with pkgs; [ xwayland-satellite ]; + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gtk3"; + }; + xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { scale 1.0 From c32c37596fec2710cc6b5a4de616ab68f341e815 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 07:22:35 -0300 Subject: [PATCH 060/129] io needs battery management --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 3703ba3..90fb737 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -48,6 +48,7 @@ }; }; }; + upower.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 5969f2ba9fda4666fdcda8493f26e3fb5796e873 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 10:22:05 -0300 Subject: [PATCH 061/129] default desktop programs --- hosts/modules/desktop/desktop.nix | 8 +- users/modules/desktop/desktop.nix | 118 +++++++++++++++++++++++++++--- 2 files changed, 112 insertions(+), 14 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index d3e8083..c265af7 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -21,9 +21,9 @@ ### Web ### bitwarden-desktop brave + fragments nextcloud-client tor-browser - qbittorrent vesktop inputs.zen-browser.packages."${system}".default ### Office & Productivity ### @@ -39,7 +39,6 @@ ### Graphics & Design ### gimp inkscape - loupe plasticity ### System Utilities ### adwaita-icon-theme @@ -55,9 +54,10 @@ toggleaudiosink unrar ### Media ### - mpv + decibels + loupe obs-studio - qview + showtime ]; }; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 21a9451..16e2a82 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -39,18 +39,116 @@ indicator = true; }; - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; - xdg = { enable = true; userDirs.enable = true; + + mimeApps = { + enable = true; + defaultApplications = { + # Web browsing (priority: Junction > Zen > Brave > Tor) + "text/html" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + + # Images + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + + # Video + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + + # Audio + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + + # PDF and documents (priority: Papers > Zen Browser) + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + + # Text files (Ghostty + Helix) + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + + # Office documents + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "onlyoffice-desktopeditors.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "onlyoffice-desktopeditors.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "onlyoffice-desktopeditors.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; # ODP + "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC + "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS + "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT + + # Archives + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + + # File manager + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; }; } From 30ca5f6b29963d2741d488adaf8719eac0747091 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 13:12:40 -0300 Subject: [PATCH 062/129] kde connect needs to be enabled both in the user as the host --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index c265af7..3be98a6 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -121,6 +121,7 @@ enable = true; package = inputs.niri.packages.${pkgs.system}.niri; }; + kdeconnect.enable = true; dconf.enable = true; appimage = { enable = true; From 66d5275f7d09417e9becd0d1ddfc277f03e30233 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 13:57:49 -0300 Subject: [PATCH 063/129] no more better-control; niri config spacing --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/niri.nix | 309 +++++++++++++++--------------- 2 files changed, 152 insertions(+), 158 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 3be98a6..81ecb85 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -42,7 +42,6 @@ plasticity ### System Utilities ### adwaita-icon-theme - better-control ghostty gnome-disk-utility junction diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index fe40e1c..0e8eaab 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -12,6 +12,7 @@ let in { + imports = [ inputs.noctalia.homeModules.default ]; home.packages = with pkgs; [ xwayland-satellite ]; home.sessionVariables = { @@ -20,210 +21,204 @@ in xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { - scale 1.0 + scale 1.0 } - output "DP-3" { - scale 1.0 + scale 1.0 } input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } + keyboard { + xkb { + layout "us" + variant "altgr-intl" } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse } layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } tab-indicator { - width 4 - gap 4 - place-within-column + width 4 + gap 4 + place-within-column } struts { - left 8 - right 8 + left 8 + right 8 } } overview { - zoom 0.65 + zoom 0.65 } spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" spawn-at-startup "${noctalia}" layer-rule { - match namespace="^wallpaper$" + match namespace="^wallpaper$" place-within-backdrop true } layer-rule { - match namespace="^quickshell-overview$" - place-within-backdrop true - } - - spawn-at-startup "xwayland-satellite" - environment { - DISPLAY ":0" + match namespace="^quickshell-overview$" + place-within-backdrop true } hotkey-overlay { - skip-at-startup + skip-at-startup } prefer-no-csd screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" animations { - slowdown 0.3 + slowdown 0.3 } window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } window-rule { - geometry-corner-radius 12 - clip-to-geometry true + geometry-corner-radius 12 + clip-to-geometry true } config-notification { - disable-failed + disable-failed } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } } ''; } From 602fec023555c93f2020967bc643c94d5a6cc098 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 17:18:17 -0300 Subject: [PATCH 064/129] no more home manager stable --- flake.lock | 22 ---------------------- flake.nix | 8 ++------ 2 files changed, 2 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 8271d66..7e20e22 100644 --- a/flake.lock +++ b/flake.lock @@ -313,27 +313,6 @@ "type": "github" } }, - "home-manager-stable": { - "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -794,7 +773,6 @@ "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", diff --git a/flake.nix b/flake.nix index 78ff944..72aa094 100644 --- a/flake.nix +++ b/flake.nix @@ -2,19 +2,15 @@ description = "My nix hosts"; inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; - flake-parts.url = "github:hercules-ci/flake-parts"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - home-manager-stable = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; agenix = { url = "github:ryantm/agenix"; From 14d08d6d70cb82e7078c70cd5421416b6143501e Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 17:21:14 -0300 Subject: [PATCH 065/129] specify server hosts --- nixosConfigurations.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 16433bd..9a0a09d 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -36,6 +36,7 @@ in alexandria = mkHost { hostname = "alexandria"; tags = [ + # "server" TODO: uncomment when 25.11 is out. "fwupd" "podman" ]; @@ -45,6 +46,7 @@ in hostname = "trantor"; system = "aarch64-linux"; tags = [ + "server" ]; }; }; From 025bd2ccf83302d6ca4c15a6d65d891bb008390a Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 22:01:34 -0300 Subject: [PATCH 066/129] readme glowup --- readme.md | 129 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 122 insertions(+), 7 deletions(-) diff --git a/readme.md b/readme.md index 9f3af1e..2804237 100644 --- a/readme.md +++ b/readme.md @@ -1,8 +1,123 @@ -All my personal Nix and NixOS hosts, in a flake. +# NixOS Configuration -|Host|Description|System Version| -|:---|:---:|---:| -|alexandria|Personal server/NAS|NixOS 25.05| -|io|Mobile workstation|NixOS Unstable| -|rotterdam|Workstation|NixOS Unstable| -|trantor|Oracle Cloud VPS|NixOS 25.05| +A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. + +## Hosts + +| Host | Type | System | Version | Description | +|------|------|--------|---------|-------------| +| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | +| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | +| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | +| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | + +## Key Features + +### Architecture +- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance +- **Flake-based** - Fully reproducible builds with locked dependencies +- **Multi-platform** - Supports both x86_64 and aarch64 architectures +- **Deployment automation** - Remote deployment via deploy-rs + +### Desktop Experience +- **Niri compositor** - Custom fork with auto-centering window columns +- **Unified theming** - Stylix-based theming +- **Wayland-native** - Full Wayland support +- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability + +### Self-Hosted Services +- **Nextcloud** - Cloud storage with calendar, contacts, and notes +- **Forgejo** - Self-hosted Git server +- **Jellyfin** - Media streaming +- **Vaultwarden** - Password manager backend +- **LibreSpeed** - Network speed testing +- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt + +### Security +- **Agenix** - Encrypted secrets management +- **Tailscale** - Zero-config VPN mesh network +- **Firewall** - Configured on all hosts +- SSH key-based authentication + +## Repository Structure + +``` +. +├── flake.nix # Main flake definition +├── utils.nix # Tag-based module system utilities +├── nixosConfigurations.nix # Host definitions with tags +├── homeConfigurations.nix # User configurations +├── deploy.nix # Remote deployment configuration +├── hosts/ +│ ├── alexandria/ # Server-specific config +│ ├── io/ # Laptop-specific config +│ ├── rotterdam/ # Desktop-specific config +│ ├── trantor/ # VPS-specific config +│ └── modules/ +│ ├── common/ # Shared base configuration +│ ├── desktop/ # Desktop environment setup +│ ├── server/ # Server-specific modules +│ └── [tag].nix # Optional feature modules +├── users/ +│ └── modules/ # Home Manager configurations +│ └── [tag].nix # Optional feature modules +├── packages/ # Custom package definitions +└── secrets/ # Encrypted secrets (agenix) +``` + +## Tag System + +Configurations are composed using tags that map to modules: + +**Common Tags** (all hosts): +- `common` - Base system configuration (automatically applied) + +**General Tags**: +- `desktop` - *Mostly* full desktop environment with Niri WM +- `dev` - Development tools and environments +- `gaming` - Steam, Heroic, gamemode, controller support +- `ephemeral` - Impermanent root filesystem +- `networkmanager` - WiFi and network management +- `libvirtd` - KVM/QEMU virtualization +- `podman` - Container runtime +- `bluetooth` - Bluetooth support +- `fwupd` - Firmware update daemon + +**Server Tags**: +- `server` - Server-specific configuration + +## Usage + +### Rebuilding a Configuration + +```bash +# Local rebuild +sudo nixos-rebuild switch --flake .#hostname + +# Remote deployment +deploy .#hostname +``` + +### Updating Dependencies + +```bash +nix flake update +``` + +### Adding a New Host + +1. Create host directory in `hosts/` +2. Define configuration in `nixosConfigurations.nix` with appropriate tags +3. Add deployment profile in `deploy.nix` if needed + +## Dependencies + +- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels +- [home-manager](https://github.com/nix-community/home-manager) - User configuration +- [agenix](https://github.com/ryantm/agenix) - Secrets management +- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning +- [stylix](https://github.com/danth/stylix) - System-wide theming +- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) +- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support +- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment +- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management From ccd4d5314caf430b0b2d4e89e776c1c3ab4bc674 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 22:39:25 -0300 Subject: [PATCH 067/129] new stylix theme --- users/modules/stylix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index d59e355..13ba8b6 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -14,7 +14,7 @@ stylix = { enable = true; polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; cursor = { package = pkgs.kdePackages.breeze; name = "breeze_cursors"; From 39d16028645efff3278a9bcab75056372fa67c2e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 11:58:03 -0300 Subject: [PATCH 068/129] xdg portals --- hosts/modules/desktop/desktop.nix | 8 ++++++++ users/modules/desktop/desktop.nix | 18 ------------------ 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 81ecb85..24ead6a 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -141,4 +141,12 @@ roboto ]; }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config.common.default = "*"; + }; } diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 16e2a82..a962923 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -42,11 +42,9 @@ xdg = { enable = true; userDirs.enable = true; - mimeApps = { enable = true; defaultApplications = { - # Web browsing (priority: Junction > Zen > Brave > Tor) "text/html" = [ "com.github.timecraft.junction.desktop" "zen-browser.desktop" @@ -77,8 +75,6 @@ "brave-browser.desktop" "torbrowser.desktop" ]; - - # Images "image/jpeg" = "org.gnome.Loupe.desktop"; "image/png" = "org.gnome.Loupe.desktop"; "image/gif" = "org.gnome.Loupe.desktop"; @@ -86,8 +82,6 @@ "image/bmp" = "org.gnome.Loupe.desktop"; "image/svg+xml" = "org.gnome.Loupe.desktop"; "image/tiff" = "org.gnome.Loupe.desktop"; - - # Video "video/mp4" = "io.bassi.Showtime.desktop"; "video/x-matroska" = "io.bassi.Showtime.desktop"; "video/webm" = "io.bassi.Showtime.desktop"; @@ -95,28 +89,20 @@ "video/x-msvideo" = "io.bassi.Showtime.desktop"; "video/quicktime" = "io.bassi.Showtime.desktop"; "video/x-flv" = "io.bassi.Showtime.desktop"; - - # Audio "audio/mpeg" = "io.bassi.Showtime.desktop"; "audio/flac" = "io.bassi.Showtime.desktop"; "audio/ogg" = "io.bassi.Showtime.desktop"; "audio/wav" = "io.bassi.Showtime.desktop"; "audio/mp4" = "io.bassi.Showtime.desktop"; "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - - # PDF and documents (priority: Papers > Zen Browser) "application/pdf" = [ "org.gnome.Papers.desktop" "zen-browser.desktop" ]; - - # Text files (Ghostty + Helix) "text/plain" = "Helix.desktop"; "text/markdown" = "Helix.desktop"; "text/x-log" = "Helix.desktop"; "application/x-shellscript" = "Helix.desktop"; - - # Office documents "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "onlyoffice-desktopeditors.desktop"; # DOCX "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = @@ -129,8 +115,6 @@ "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT - - # Archives "application/zip" = "org.gnome.FileRoller.desktop"; "application/x-tar" = "org.gnome.FileRoller.desktop"; "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; @@ -140,8 +124,6 @@ "application/x-rar" = "org.gnome.FileRoller.desktop"; "application/gzip" = "org.gnome.FileRoller.desktop"; "application/x-bzip" = "org.gnome.FileRoller.desktop"; - - # File manager "inode/directory" = "org.gnome.Nautilus.desktop"; }; }; From db4b93273e354b97cfbdc9345468f356f8329b25 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 14:16:52 -0300 Subject: [PATCH 069/129] kdeconnect: use valent instead; ghostty: set up shift+enter --- hosts/modules/desktop/desktop.nix | 5 ++++- users/modules/desktop/desktop.nix | 7 +------ users/modules/desktop/niri.nix | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 24ead6a..192932c 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -120,7 +120,10 @@ enable = true; package = inputs.niri.packages.${pkgs.system}.niri; }; - kdeconnect.enable = true; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; dconf.enable = true; appimage = { enable = true; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index a962923..ba30852 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -24,7 +24,7 @@ }}"; bell-features = "border"; gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; + keybind = [ "shift+enter=text:\\x1b\\r" ]; }; }; @@ -34,11 +34,6 @@ }; }; - services.kdeconnect = { - enable = true; - indicator = true; - }; - xdg = { enable = true; userDirs.enable = true; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0e8eaab..8da284f 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -98,8 +98,8 @@ in zoom 0.65 } - spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" spawn-at-startup "${noctalia}" + spawn-at-startup "${lib.getExe pkgs.valent}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true From d3c3c78cdd20b1b111a354d7b200f519cab66307 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 18:43:05 -0300 Subject: [PATCH 070/129] niri: struts only for rotterdam --- users/modules/desktop/niri.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 8da284f..dc9793a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -88,10 +88,11 @@ in gap 4 place-within-column } - struts { - left 8 - right 8 - } + ${lib.optionalString isRotterdam '' + struts { + left 8 + right 8 + }''} } overview { From 8254683b5f8a2aaa15cd5fa0a6eb809928f4ed5b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 18:58:20 -0300 Subject: [PATCH 071/129] set collate locale option --- hosts/modules/common/locale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix index 7e07d85..1171a32 100644 --- a/hosts/modules/common/locale.nix +++ b/hosts/modules/common/locale.nix @@ -7,6 +7,7 @@ defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; LC_IDENTIFICATION = "pt_BR.utf8"; LC_MEASUREMENT = "pt_BR.utf8"; LC_MONETARY = "pt_BR.utf8"; From dd067449290bee1e04351b4b51d978680396259d Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 15:34:03 -0300 Subject: [PATCH 072/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/73267d1d37b60c963fc4f938acab1eef8a655fe7?narHash=sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0%3D' (2025-10-20) → 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7e20e22..feb5089 100644 --- a/flake.lock +++ b/flake.lock @@ -707,11 +707,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1760981626, - "narHash": "sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0=", + "lastModified": 1761190730, + "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "73267d1d37b60c963fc4f938acab1eef8a655fe7", + "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", "type": "github" }, "original": { From 2d2d27a6fc2d8fcc7133313a1a0cc030d467c729 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 21:18:44 -0300 Subject: [PATCH 073/129] don't autostart valent --- users/modules/desktop/niri.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index dc9793a..d603838 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -100,7 +100,6 @@ in } spawn-at-startup "${noctalia}" - spawn-at-startup "${lib.getExe pkgs.valent}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true From 98b2d1f44c70619ae837e16180ea1a116c003116 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 24 Oct 2025 17:55:55 -0300 Subject: [PATCH 074/129] niri xdg desktop portal config --- hosts/modules/desktop/desktop.nix | 8 +++++++- users/modules/desktop/niri.nix | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 192932c..816745c 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -150,6 +150,12 @@ xdg-desktop-portal-gnome xdg-desktop-portal-gtk ]; - config.common.default = "*"; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; }; } diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index d603838..47ad561 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -13,10 +13,10 @@ in { imports = [ inputs.noctalia.homeModules.default ]; - home.packages = with pkgs; [ xwayland-satellite ]; - home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "gtk3"; + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' From 8a64636cc596b114b086231ca9f6d9ef1d8f0fe9 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 25 Oct 2025 09:10:17 -0300 Subject: [PATCH 075/129] niri media keys --- users/modules/desktop/niri.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 47ad561..16955d9 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -136,11 +136,15 @@ in binds { Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } From a8977d7dfbb85cb7e955a133551ed84a6073def3 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 11:00:50 -0300 Subject: [PATCH 076/129] greetd only autologin on io --- hosts/modules/desktop/desktop.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 816745c..5258442 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -73,9 +73,11 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; user = "greeter"; }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { initial_session = { command = "${config.programs.niri.package}/bin/niri-session"; user = "user"; From 90cdc7b8a5029a9c039b97b6b06b56bdbaa71350 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 18:14:02 -0300 Subject: [PATCH 077/129] begin configuring terranix --- flake.lock | 59 +++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ terranixConfigurations.nix | 22 +++++++++++++ utils.nix | 63 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 150 insertions(+) create mode 100644 terranixConfigurations.nix diff --git a/flake.lock b/flake.lock index feb5089..f9d54f9 100644 --- a/flake.lock +++ b/flake.lock @@ -241,6 +241,27 @@ "type": "github" } }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "terranix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -783,6 +804,7 @@ "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", + "terranix": "terranix", "zen-browser": "zen-browser" } }, @@ -936,6 +958,43 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_6" + }, + "locked": { + "lastModified": 1757278723, + "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "owner": "terranix", + "repo": "terranix", + "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 72aa094..ccbec85 100644 --- a/flake.nix +++ b/flake.nix @@ -47,6 +47,11 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -65,6 +70,7 @@ ./overlays.nix ./packages.nix ./deploy.nix + ./terranixConfigurations.nix ]; }; } diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix new file mode 100644 index 0000000..9dd1c8f --- /dev/null +++ b/terranixConfigurations.nix @@ -0,0 +1,22 @@ +{ inputs, ... }: + +let + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; + inherit (utils) mkTerranixDerivation; + + configs = { + # Example: + # myconfig = { + # modules = [ ./terraform/myconfig.nix ]; + # }; + }; +in + +{ + perSystem = + { system, ... }: + { + packages = mkTerranixDerivation { inherit system configs; }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..fb92954 100644 --- a/utils.nix +++ b/utils.nix @@ -7,6 +7,7 @@ let nixpkgs-stable home-manager agenix + terranix ; in @@ -190,4 +191,66 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Terranix configuration system + mkTerranixDerivation = + { + system, + configs, + }: + lib.mapAttrs ( + name: cfg: + let + pkgs = nixpkgs.legacyPackages.${system}; + modules = cfg.modules; + extraArgs = cfg.extraArgs or { }; + + terraformConfiguration = terranix.lib.terranixConfiguration { + inherit system modules; + extraArgs = { + inherit lib pkgs; + } // extraArgs; + }; + + tf-json = pkgs.writeShellScriptBin "default" '' + cat ${terraformConfiguration} | ${pkgs.jq}/bin/jq + ''; + + apply = pkgs.writeShellScriptBin "apply" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform apply + ''; + + plan = pkgs.writeShellScriptBin "plan" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform plan + ''; + + destroy = pkgs.writeShellScriptBin "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform destroy + ''; + + create-state-bucket = pkgs.writeShellScriptBin "create-state-bucket" '' + BUCKET_NAME=''${1:-"terraform-state-bucket"} + ACCOUNT_ID=''${2:?"Error: Cloudflare account ID required as second argument"} + R2_ENDPOINT="https://$ACCOUNT_ID.r2.cloudflarestorage.com" + + echo "Creating R2 bucket $BUCKET_NAME..." + ${pkgs.awscli}/bin/aws s3api create-bucket \ + --bucket "$BUCKET_NAME" \ + --endpoint-url "$R2_ENDPOINT" + echo "Bucket created successfully at $R2_ENDPOINT" + ''; + in + tf-json // { + inherit apply plan destroy create-state-bucket; + } + ) configs; } From b75f9752d1455be5a437b952b46ba68310e8b01f Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 11:14:52 -0300 Subject: [PATCH 078/129] use terranix flake parts module directly --- terranixConfigurations.nix | 29 ++++++++---------- utils.nix | 63 -------------------------------------- 2 files changed, 12 insertions(+), 80 deletions(-) diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 9dd1c8f..c546cbf 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -1,22 +1,17 @@ { inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkTerranixDerivation; - - configs = { - # Example: - # myconfig = { - # modules = [ ./terraform/myconfig.nix ]; - # }; - }; -in - { - perSystem = - { system, ... }: - { - packages = mkTerranixDerivation { inherit system configs; }; + imports = [ + inputs.terranix.flakeModule + ]; + + perSystem = { + terranix.terranixConfigurations = { + # Example: + # myconfig = { + # modules = [ ./terraform/myconfig.nix ]; + # extraArgs = { }; # optional + # }; }; + }; } diff --git a/utils.nix b/utils.nix index fb92954..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -7,7 +7,6 @@ let nixpkgs-stable home-manager agenix - terranix ; in @@ -191,66 +190,4 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; - - # Terranix configuration system - mkTerranixDerivation = - { - system, - configs, - }: - lib.mapAttrs ( - name: cfg: - let - pkgs = nixpkgs.legacyPackages.${system}; - modules = cfg.modules; - extraArgs = cfg.extraArgs or { }; - - terraformConfiguration = terranix.lib.terranixConfiguration { - inherit system modules; - extraArgs = { - inherit lib pkgs; - } // extraArgs; - }; - - tf-json = pkgs.writeShellScriptBin "default" '' - cat ${terraformConfiguration} | ${pkgs.jq}/bin/jq - ''; - - apply = pkgs.writeShellScriptBin "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform apply - ''; - - plan = pkgs.writeShellScriptBin "plan" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform plan - ''; - - destroy = pkgs.writeShellScriptBin "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform destroy - ''; - - create-state-bucket = pkgs.writeShellScriptBin "create-state-bucket" '' - BUCKET_NAME=''${1:-"terraform-state-bucket"} - ACCOUNT_ID=''${2:?"Error: Cloudflare account ID required as second argument"} - R2_ENDPOINT="https://$ACCOUNT_ID.r2.cloudflarestorage.com" - - echo "Creating R2 bucket $BUCKET_NAME..." - ${pkgs.awscli}/bin/aws s3api create-bucket \ - --bucket "$BUCKET_NAME" \ - --endpoint-url "$R2_ENDPOINT" - echo "Bucket created successfully at $R2_ENDPOINT" - ''; - in - tf-json // { - inherit apply plan destroy create-state-bucket; - } - ) configs; } From 5899e42fa427bf8346d9b8b21a0ca239b64d74cf Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 16:04:31 -0300 Subject: [PATCH 079/129] started oci terranix config --- terranix/oci/homelab.nix | 196 +++++++++++++++++++++++++++++++++++++ terranixConfigurations.nix | 8 +- 2 files changed, 199 insertions(+), 5 deletions(-) create mode 100644 terranix/oci/homelab.nix diff --git a/terranix/oci/homelab.nix b/terranix/oci/homelab.nix new file mode 100644 index 0000000..12c15b4 --- /dev/null +++ b/terranix/oci/homelab.nix @@ -0,0 +1,196 @@ +{ config, ... }: + +{ + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 5.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/homelab.tfstate"; + region = "auto"; + endpoint = "https://.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + compartment_name = { + default = "homelab"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_tenancy.tenancy = { }; + + oci_identity_availability_domains.ads = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.homelab = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + description = "Homelab infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "homelab-vcn"; + dns_label = "homelab"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig.id; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + cidr_block = config.variable.vcn_cidr.default; + display_name = "homelab-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt.id; + security_list_ids = [ config.resource.oci_core_security_list.sl.id ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name; + compartment_id = config.resource.oci_identity_compartment.homelab.id; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm.images .0.id; + boot_volume_size_in_gbs = 50; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet.id; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.homelab.id; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor.public_ip; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index c546cbf..8606b2c 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -7,11 +7,9 @@ perSystem = { terranix.terranixConfigurations = { - # Example: - # myconfig = { - # modules = [ ./terraform/myconfig.nix ]; - # extraArgs = { }; # optional - # }; + oci-homelab = { + modules = [ ./terranix/oci/homelab.nix ]; + }; }; }; } From 716ed5cc5347b6a564425fbfa5d49e702103e208 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 2 Nov 2025 22:01:43 -0300 Subject: [PATCH 080/129] trator terranix config functional; move disko configs to individual outputs; touching up trantor --- .gitignore | 1 + disko/io.nix | 75 +++++++++++++ disko/trantor.nix | 61 +++++++++++ diskoConfigurations.nix | 12 +++ flake.lock | 53 ++++++---- flake.nix | 8 +- hosts/io/disko.nix | 83 --------------- hosts/io/hardware-configuration.nix | 6 +- hosts/modules/ephemeral.nix | 8 +- hosts/trantor/boot.nix | 5 +- hosts/trantor/disko.nix | 36 ------- hosts/trantor/hardware-configuration.nix | 6 +- nixosConfigurations.nix | 1 + terranix/cloudflare/baduhai.dev.nix | 0 terranix/cloudflare/kernelpanic.space.nix | 0 terranix/oci/terminus.nix | 0 terranix/oci/{homelab.nix => trantor.nix} | 122 +++++++++++++++------- terranix/tailscale/tailnet.nix | 0 terranixConfigurations.nix | 14 ++- 19 files changed, 298 insertions(+), 193 deletions(-) create mode 100644 disko/io.nix create mode 100644 disko/trantor.nix create mode 100644 diskoConfigurations.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/trantor/disko.nix create mode 100644 terranix/cloudflare/baduhai.dev.nix create mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/oci/terminus.nix rename terranix/oci/{homelab.nix => trantor.nix} (56%) create mode 100644 terranix/tailscale/tailnet.nix diff --git a/.gitignore b/.gitignore index 928efae..b59fd44 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ result result-* .direnv/ +oci-trantor/ # Personal notes and temporary files todo.md diff --git a/disko/io.nix b/disko/io.nix new file mode 100644 index 0000000..37f3160 --- /dev/null +++ b/disko/io.nix @@ -0,0 +1,75 @@ +{ + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/disko/trantor.nix b/disko/trantor.nix new file mode 100644 index 0000000..db1397e --- /dev/null +++ b/disko/trantor.nix @@ -0,0 +1,61 @@ +{ + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix new file mode 100644 index 0000000..511eddc --- /dev/null +++ b/diskoConfigurations.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.disko.flakeModule + ]; + + flake.diskoConfigurations = { + io.modules = [ ./disko/io.nix ]; + trantor.modules = [ ./disko/trantor.nix ]; + }; +} diff --git a/flake.lock b/flake.lock index f9d54f9..5993cdf 100644 --- a/flake.lock +++ b/flake.lock @@ -135,21 +135,18 @@ }, "disko": { "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v1.11.0", "repo": "disko", "type": "github" } @@ -393,7 +390,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -415,7 +412,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -506,7 +503,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -528,7 +525,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1760856139, @@ -608,6 +605,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -623,7 +636,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1760878510, "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", @@ -639,7 +652,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -655,7 +668,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -671,7 +684,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1760878510, "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", @@ -687,7 +700,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -703,7 +716,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -800,7 +813,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -860,7 +873,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nur": "nur", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -1130,7 +1143,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1760934351, diff --git a/flake.nix b/flake.nix index ccbec85..c9d5076 100644 --- a/flake.nix +++ b/flake.nix @@ -17,10 +17,7 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko = { - url = "github:nix-community/disko?ref=v1.11.0"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; + disko.url = "github:nix-community/disko"; noctalia = { url = "github:noctalia-dev/noctalia-shell"; @@ -63,13 +60,14 @@ ]; imports = [ + ./deploy.nix ./devShells.nix + ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix ./overlays.nix ./packages.nix - ./deploy.nix ./terranixConfigurations.nix ]; }; diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index edb1418..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index 56f0d0d..cb114a1 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,11 +2,15 @@ config, lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + self.diskoConfigurations.io + ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index a759cf4..8ed08bc 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ config, inputs, ... }: { imports = [ @@ -8,7 +8,11 @@ ephemeral = { enable = true; - rootDevice = "/dev/mapper/cryptroot"; + rootDevice = + if config.networking.hostName == "trantor" then + "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + else + "/dev/mapper/cryptroot"; rootSubvolume = "@root"; }; diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index a031ce9..67ac124 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,6 +1,3 @@ { - boot = { - loader.efi.efiSysMountPoint = "/boot"; - initrd.systemd.enable = true; - }; + boot.initrd.systemd.enable = true; } diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index a70383e..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index d5cc31f..4a9503f 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,11 +1,15 @@ { lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + self.diskoConfigurations.trantor + ]; boot = { kernelModules = [ ]; diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 9a0a09d..ced8851 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -47,6 +47,7 @@ in system = "aarch64-linux"; tags = [ "server" + "ephemeral" ]; }; }; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/oci/homelab.nix b/terranix/oci/trantor.nix similarity index 56% rename from terranix/oci/homelab.nix rename to terranix/oci/trantor.nix index 12c15b4..37c12ae 100644 --- a/terranix/oci/homelab.nix +++ b/terranix/oci/trantor.nix @@ -3,16 +3,16 @@ { terraform.required_providers.oci = { source = "oracle/oci"; - version = "~> 5.0"; + version = "~> 7.0"; }; provider.oci.region = "sa-saopaulo-1"; terraform.backend.s3 = { bucket = "terraform-state"; - key = "oci/homelab.tfstate"; + key = "oci/trantor.tfstate"; region = "auto"; - endpoint = "https://.r2.cloudflarestorage.com"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; skip_credentials_validation = true; skip_metadata_api_check = true; skip_region_validation = true; @@ -21,8 +21,13 @@ }; variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + compartment_name = { - default = "homelab"; + default = "trantor"; type = "string"; }; @@ -46,14 +51,12 @@ }; data = { - oci_identity_tenancy.tenancy = { }; - oci_identity_availability_domains.ads = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; + compartment_id = config.variable.tenancy_ocid.default; }; oci_core_images.ubuntu_arm = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; + compartment_id = config.variable.tenancy_ocid.default; operating_system = "Canonical Ubuntu"; operating_system_version = "24.04"; shape = "VM.Standard.A1.Flex"; @@ -63,34 +66,34 @@ }; resource = { - oci_identity_compartment.homelab = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; - description = "Homelab infrastructure compartment"; + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; name = config.variable.compartment_name.default; }; oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "homelab-vcn"; - dns_label = "homelab"; + display_name = "trantor-vcn"; + dns_label = "trantor"; }; oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-ig"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; enabled = true; }; oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-rt"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; route_rules = [ { - network_entity_id = config.resource.oci_core_internet_gateway.ig.id; + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; destination = "0.0.0.0/0"; destination_type = "CIDR_BLOCK"; } @@ -98,9 +101,9 @@ }; oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-sl"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; egress_security_rules = [ { @@ -138,23 +141,50 @@ max = 443; }; } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } ]; }; oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; cidr_block = config.variable.vcn_cidr.default; - display_name = "homelab-subnet"; + display_name = "trantor-subnet"; dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt.id; - security_list_ids = [ config.resource.oci_core_security_list.sl.id ]; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; prohibit_public_ip_on_vnic = false; }; oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name; - compartment_id = config.resource.oci_identity_compartment.homelab.id; + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; display_name = config.variable.instance_name.default; shape = "VM.Standard.A1.Flex"; @@ -165,12 +195,12 @@ source_details = { source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm.images .0.id; - boot_volume_size_in_gbs = 50; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; }; create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet.id; + subnet_id = config.resource.oci_core_subnet.subnet "id"; display_name = "trantor-vnic"; assign_public_ip = true; hostname_label = config.variable.instance_name.default; @@ -182,15 +212,35 @@ preserve_boot_volume = false; }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; }; output = { compartment_id = { - value = config.resource.oci_identity_compartment.homelab.id; + value = config.resource.oci_identity_compartment.trantor "id"; }; instance_public_ip = { - value = config.resource.oci_core_instance.trantor.public_ip; + value = config.resource.oci_core_instance.trantor "public_ip"; }; }; } diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 8606b2c..fc84f17 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -5,11 +5,15 @@ inputs.terranix.flakeModule ]; - perSystem = { - terranix.terranixConfigurations = { - oci-homelab = { - modules = [ ./terranix/oci/homelab.nix ]; + perSystem = + { pkgs, ... }: + + { + terranix.terranixConfigurations = { + oci-trantor = { + modules = [ ./terranix/oci/trantor.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; - }; } From 697a9f2cabb4a7699bb747bcc87d6ada86100183 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 10:55:14 -0300 Subject: [PATCH 081/129] wrap fastfetch with config; run fastfetch on ssh login --- hosts/modules/common/openssh.nix | 5 ++ hosts/modules/common/programs.nix | 2 +- hosts/modules/common/users.nix | 6 --- overlays.nix | 5 +- packages.nix | 5 +- packages/fastfetch.nix | 81 +++++++++++++++++++++++++++++++ 6 files changed, 93 insertions(+), 11 deletions(-) create mode 100644 packages/fastfetch.nix diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 07108ce..63422b3 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -5,4 +5,9 @@ enable = true; settings.PermitRootLogin = "no"; }; + programs.fish.interactiveShellInit = '' + if set -q SSH_CONNECTION + neofetch + end + ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index e0cc2c9..be57b69 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -7,6 +7,7 @@ git ### System Utilities ### btop + fastfetch helix nixos-firewall-tool nvd @@ -18,7 +19,6 @@ shellAliases = { cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - neofetch = "${lib.getExe pkgs.fastfetch}"; tree = "ls --tree"; }; }; diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 076eb99..0572153 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -20,10 +20,4 @@ hashedPassword = "!"; }; }; - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ''; - }; } diff --git a/overlays.nix b/overlays.nix index 2732f0e..eab4edf 100644 --- a/overlays.nix +++ b/overlays.nix @@ -3,10 +3,11 @@ { flake.overlays = { default = final: prev: { - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + fastfetch = inputs.self.packages.${final.system}.fastfetch; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; }; }; } diff --git a/packages.nix b/packages.nix index 2cd7661..46979f8 100644 --- a/packages.nix +++ b/packages.nix @@ -5,10 +5,11 @@ { pkgs, system, ... }: { packages = { - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; }; }; } diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix new file mode 100644 index 0000000..fa8e0ea --- /dev/null +++ b/packages/fastfetch.nix @@ -0,0 +1,81 @@ +{ + lib, + pkgs ? import { }, +}: + +let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; + + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; + } + ); +in +pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' From 447778eb46bafd81477e66857f828b3d09ebaf31 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 11:13:56 -0300 Subject: [PATCH 082/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) → 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) → 'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) → 'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6?narHash=sha256-x2rJ%2BOvzq0sCMpgfgGaaqgBSwY%2BLST%2BWbZ6TytnT9Rk%3D' (2025-08-10) → 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) • Updated input 'home-manager': 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) → 'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/f851a923137c0a54719412146fd63d24b3214e60?narHash=sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00%3D' (2025-10-20) → 'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/b3245b81a6ed8edfaf5388a74d2e0a23c24941e5?narHash=sha256-KbM47vD6E0cx%2Bv4jYQZ8mD5N186AKm2CQlyh34TW58U%3D' (2025-10-20) → 'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/a9188e70bd748118b4d56a529871b9de5adb9988?narHash=sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70%3D' (2025-10-05) → 'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/5024e1901239a76b7bf94a4cd27f3507e639d49e?narHash=sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc%3D' (2025-10-19) → 'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) → 'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01) • Updated input 'nixos-cli/flake-compat': 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) → 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) → 'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03) • Updated input 'noctalia/quickshell': 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=a5431dd02dc23d9ef1680e67777fed00fe5f7cda' (2025-07-27) → 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=db1777c20b936a86528c1095cbcb1ebd92801402' (2025-10-30) • Updated input 'stylix': 'github:danth/stylix/8d008296a1b3be9b57ad570f7acea00dd2fc92db?narHash=sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx%2BMUkuE%2BE%3D' (2025-10-14) → 'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02) • Updated input 'terranix': 'github:terranix/terranix/924573fa6587ac57b0d15037fbd2d3f0fcdf17fb?narHash=sha256-hTMi6oGU%2B6VRnW9SZZ%2BmuFcbfMEf2ajjOp7Z2KM5MMY%3D' (2025-09-07) → 'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) → 'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03) --- flake.lock | 128 ++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index 5993cdf..429e817 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -204,11 +204,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1760929667, - "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", + "lastModified": 1762178366, + "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", "owner": "nix-community", "repo": "home-manager", - "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", + "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760950171, - "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", + "lastModified": 1762152856, + "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f851a923137c0a54719412146fd63d24b3214e60", + "rev": "df17789929ac80f4157b15724450db6a303a6dc9", "type": "github" }, "original": { @@ -451,11 +451,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760940149, - "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", + "lastModified": 1762146685, + "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", "owner": "YaLTeR", "repo": "niri", - "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", + "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", "type": "github" }, "original": { @@ -487,11 +487,11 @@ ] }, "locked": { - "lastModified": 1760846226, - "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "lastModified": 1762055842, + "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", "type": "github" }, "original": { @@ -528,11 +528,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1760856139, - "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", + "lastModified": 1761970410, + "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", + "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -574,11 +574,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -590,11 +590,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1752596105, + "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "type": "github" }, "original": { @@ -638,11 +638,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -686,11 +686,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -741,11 +741,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1761190730, - "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", + "lastModified": 1762156721, + "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", + "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", "type": "github" }, "original": { @@ -787,11 +787,11 @@ ] }, "locked": { - "lastModified": 1753595452, - "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", + "lastModified": 1761821581, + "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", "ref": "refs/heads/master", - "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", - "revCount": 665, + "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", + "revCount": 699, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -883,11 +883,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1760472212, - "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "lastModified": 1762101397, + "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", "owner": "danth", "repo": "stylix", - "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", "type": "github" }, "original": { @@ -995,11 +995,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1757278723, - "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "lastModified": 1762161791, + "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", "owner": "terranix", "repo": "terranix", - "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", "type": "github" }, "original": { @@ -1127,11 +1127,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1759707084, - "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "lastModified": 1761622056, + "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", "type": "github" }, "original": { @@ -1146,11 +1146,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1760934351, - "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", + "lastModified": 1762131860, + "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", + "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", "type": "github" }, "original": { From fe091504d08430563e0e6c42678ea991df2e3656 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 12:34:40 -0300 Subject: [PATCH 083/129] openssh greeting fixes --- hosts/alexandria/nextcloud.nix | 7 ++++++- hosts/modules/common/openssh.nix | 8 +++----- hosts/modules/common/programs.nix | 12 +++++++++++- users/modules/common/fish.nix | 5 ++++- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 68d4875..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,7 +24,12 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + ; }; extraAppsEnable = true; caching = { diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 63422b3..df70bdd 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -4,10 +4,8 @@ services.openssh = { enable = true; settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; }; - programs.fish.interactiveShellInit = '' - if set -q SSH_CONNECTION - neofetch - end - ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index be57b69..fd10953 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -25,6 +25,16 @@ programs = { command-not-found.enable = false; - fish.enable = true; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; } diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index d95db24..c753297 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -3,7 +3,10 @@ { programs.fish = { enable = true; - interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; plugins = [ { From 4622f2b299704e0458c48c69a27410ba39bd228e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 16:42:18 -0300 Subject: [PATCH 084/129] fix trantor disko config --- disko/trantor.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/disko/trantor.nix b/disko/trantor.nix index db1397e..0791308 100644 --- a/disko/trantor.nix +++ b/disko/trantor.nix @@ -27,8 +27,7 @@ name = "root"; size = "100%"; content = { - type = "filesystem"; - format = "btrfs"; + type = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { "@root" = { From f5f1541aec620f879d7b1768d0b1e18abf96cb0a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 17:19:21 -0300 Subject: [PATCH 085/129] fixing trantor --- hosts/io/hardware-configuration.nix | 5 ++--- hosts/trantor/boot.nix | 5 ++++- hosts/trantor/hardware-configuration.nix | 7 ++++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index cb114a1..a17fe24 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,15 +2,14 @@ config, lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - self.diskoConfigurations.io - ]; + ] ++ inputs.self.diskoConfigurations.io.modules; boot = { initrd = { diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index 67ac124..0498818 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,3 +1,6 @@ { - boot.initrd.systemd.enable = true; + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; } diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 4a9503f..94568f6 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,15 +1,16 @@ { lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - self.diskoConfigurations.trantor - ]; + inputs.disko.nixosModules.disko + ] + ++ inputs.self.diskoConfigurations.trantor.modules; boot = { kernelModules = [ ]; From d6f582fffd2df08649cc609f180f9ed5d619e5cd Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 21:37:03 -0300 Subject: [PATCH 086/129] no diskoConfirations outputs --- diskoConfigurations.nix | 12 --------- flake.nix | 1 - disko/io.nix => hosts/io/disko.nix | 0 hosts/io/hardware-configuration.nix | 4 +-- hosts/modules/ephemeral.nix | 2 +- disko/trantor.nix => hosts/trantor/disko.nix | 6 ++++- hosts/trantor/hardware-configuration.nix | 26 ++++++-------------- 7 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 diskoConfigurations.nix rename disko/io.nix => hosts/io/disko.nix (100%) rename disko/trantor.nix => hosts/trantor/disko.nix (90%) diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix deleted file mode 100644 index 511eddc..0000000 --- a/diskoConfigurations.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.disko.flakeModule - ]; - - flake.diskoConfigurations = { - io.modules = [ ./disko/io.nix ]; - trantor.modules = [ ./disko/trantor.nix ]; - }; -} diff --git a/flake.nix b/flake.nix index c9d5076..07d4a02 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,6 @@ imports = [ ./deploy.nix ./devShells.nix - ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix diff --git a/disko/io.nix b/hosts/io/disko.nix similarity index 100% rename from disko/io.nix rename to hosts/io/disko.nix diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index a17fe24..8e4dae4 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -7,9 +7,7 @@ }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ] ++ inputs.self.diskoConfigurations.io.modules; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index 8ed08bc..cad5f41 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -10,7 +10,7 @@ enable = true; rootDevice = if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" else "/dev/mapper/cryptroot"; rootSubvolume = "@root"; diff --git a/disko/trantor.nix b/hosts/trantor/disko.nix similarity index 90% rename from disko/trantor.nix rename to hosts/trantor/disko.nix index 0791308..0e47058 100644 --- a/disko/trantor.nix +++ b/hosts/trantor/disko.nix @@ -1,7 +1,11 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; - device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; content = { type = "gpt"; partitions = { diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 94568f6..039129e 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,30 +1,18 @@ { lib, modulesPath, - inputs, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - inputs.disko.nixosModules.disko - ] - ++ inputs.self.diskoConfigurations.trantor.modules; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot = { - kernelModules = [ ]; - extraModulePackages = [ ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - kernelModules = [ ]; - }; - }; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; networking.useDHCP = lib.mkDefault true; From 97450f0057a4a4e488ba0f79105105e27697d67b Mon Sep 17 00:00:00 2001 From: William Date: Tue, 4 Nov 2025 08:13:16 -0300 Subject: [PATCH 087/129] no more protonup --- hosts/modules/gaming.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index cf6217f..5aef14e 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -6,7 +6,6 @@ heroic mangohud prismlauncher - protonup steam-run ]; From cb59a911d63f70a6502ffa3e25aee7e2dfb9dd7f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:57:04 -0300 Subject: [PATCH 088/129] added ai tag for desktop hosts --- flake.lock | 151 ++++++++++++++++++++++++++++++++-------- flake.nix | 2 + hosts/modules/ai.nix | 9 +++ hosts/modules/dev.nix | 1 - nixosConfigurations.nix | 2 + 5 files changed, 136 insertions(+), 29 deletions(-) create mode 100644 hosts/modules/ai.nix diff --git a/flake.lock b/flake.lock index 429e817..3b994bf 100644 --- a/flake.lock +++ b/flake.lock @@ -91,6 +91,28 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ], + "systems": "systems_3" + }, + "locked": { + "lastModified": 1761645416, + "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "owner": "numtide", + "repo": "blueprint", + "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -261,7 +283,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -464,6 +486,26 @@ "type": "github" } }, + "nix-ai-tools": { + "inputs": { + "blueprint": "blueprint", + "nixpkgs": "nixpkgs_5", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1762442079, + "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "owner": "numtide", + "repo": "nix-ai-tools", + "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-ai-tools", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -503,7 +545,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -525,7 +567,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1761970410, @@ -604,6 +646,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1752596105, @@ -653,6 +711,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -668,7 +742,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1761880412, "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", @@ -684,7 +758,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -700,7 +774,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -716,29 +790,13 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "noctalia": { "inputs": { "nixpkgs": [ "nixpkgs" ], "quickshell": "quickshell", - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1762156721, @@ -810,10 +868,11 @@ "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", + "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -873,9 +932,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_5", + "systems": "systems_6", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,13 +1045,28 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1762161791, @@ -1089,6 +1163,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762410071, + "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" @@ -1143,7 +1238,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index 07d4a02..af148c1 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,8 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nix-ai-tools.url = "github:numtide/nix-ai-tools"; }; outputs = diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix new file mode 100644 index 0000000..ddf4fca --- /dev/null +++ b/hosts/modules/ai.nix @@ -0,0 +1,9 @@ +{ inputs, pkgs, ... }: + +{ + environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-desktop + claudebox + opencode + ]; +} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index 82908f2..c4cca78 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -3,7 +3,6 @@ { environment.systemPackages = with pkgs; [ bat - claude-code lazygit fd fzf diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index ced8851..85fd378 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -10,6 +10,7 @@ in hostname = "rotterdam"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" @@ -25,6 +26,7 @@ in hostname = "io"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" From 6ec815a7668b8af89d2ff800ecee32253c916cfd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:59:58 -0300 Subject: [PATCH 089/129] fix disko usage for io --- hosts/io/disko.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix index 37f3160..4e6c9d5 100644 --- a/hosts/io/disko.nix +++ b/hosts/io/disko.nix @@ -1,4 +1,8 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; From 59cda1884dfd49bed2852fca8ca1af82e1fcfcd3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 06:17:28 -0300 Subject: [PATCH 090/129] add recipient to oci alert --- terranix/oci/trantor.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 37c12ae..2037d87 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -229,6 +229,7 @@ threshold = 5; threshold_type = "PERCENTAGE"; display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; description = "Alert when daily spending exceeds $0.05"; message = "Daily spending has exceeded $0.05 in the trantor compartment"; }; From 45f89a1663187983364c38e04a1f5c857d21a3bb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 07:15:12 -0300 Subject: [PATCH 091/129] add claude-code back --- hosts/modules/ai.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix index ddf4fca..e2dd9d2 100644 --- a/hosts/modules/ai.nix +++ b/hosts/modules/ai.nix @@ -3,6 +3,7 @@ { environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-desktop + claude-code claudebox opencode ]; From d3ef56c724a2eed6b0544e0a01f69ceb33adb70d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 11:55:27 -0300 Subject: [PATCH 092/129] add presenterm to desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5258442..f2418ce 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -35,6 +35,7 @@ libreoffice onlyoffice-desktopeditors papers + presenterm rnote ### Graphics & Design ### gimp From 5baff5a68e44900d13e0579a3479cfcf5ab92b2f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 12:13:47 -0300 Subject: [PATCH 093/129] added kanshi to manage displays --- users/modules/desktop/niri.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 16955d9..283d940 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,19 +14,27 @@ in { imports = [ inputs.noctalia.homeModules.default ]; + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + home = { packages = with pkgs; [ xwayland-satellite ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' - output "eDP-1" { - scale 1.0 - } - output "DP-3" { - scale 1.0 - } - input { keyboard { xkb { From 52eaf14b0950fa725e86bfb521a40fbdabe4969f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 13:02:22 -0300 Subject: [PATCH 094/129] noto emoji font name change; niri window/workspace up/down keybind --- users/modules/desktop/niri.nix | 8 ++++---- users/modules/stylix.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 283d940..1f6a1bf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -163,13 +163,13 @@ in Mod+Shift+Q { close-window; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } Mod+Right { focus-column-right; } Mod+H { focus-column-left; } Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } Ctrl+Alt+J { focus-workspace-down; } Ctrl+Alt+K { focus-workspace-up; } Ctrl+Alt+Down { focus-workspace-down; } diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 13ba8b6..f1c7e44 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -46,7 +46,7 @@ name = "FiraCode Nerd Font"; }; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; sizes = { From a1369e5818cd0bf26ae7dfd5970b81e81272d682 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:46:38 -0300 Subject: [PATCH 095/129] rekeyd secrets --- hosts/alexandria/firewall.nix | 11 ----------- secrets/cloudflare.age | 18 ++++++++++-------- secrets/nextcloud-adminpass.age | Bin 465 -> 465 bytes secrets/nextcloud-secrets.json.age | Bin 537 -> 537 bytes secrets/secrets.nix | 3 ++- 5 files changed, 12 insertions(+), 20 deletions(-) delete mode 100644 hosts/alexandria/firewall.nix diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix deleted file mode 100644 index f6fded2..0000000 --- a/hosts/alexandria/firewall.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - networking.firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; -} diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 9e989ec..028e964 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY -NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc --> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU -6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg --> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s -WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U ---- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE -_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file +-> ssh-ed25519 Kfdnog IHXv4c5we36dCUsB1v8uEF23tIRlDQ/8WR1hX4GQ+Uc +Cwccw64BYBdSZUdkSqKESIU7E17cLNtiAZZ3Y1xV87A +-> ssh-ed25519 8YSAiw Ce3vdMG111ubjcFgd3+q2Qw2+7dsoUz7SiudtuLDr0Y +JUodwFsKfOTZXxFyRrEk/4gxJ4goPkwvYeThi893M0U +-> ssh-ed25519 J6tVTA bExFuITTGXkTvhW25nushN7zT/PJGDoezsqu7fLKemI +4a90v0F4wgcZeqWBQ/EpqOZ9OCgT7qruwVvlGZeFmN8 +-> ssh-ed25519 Qt3Q+A j1oo46pNh1+yPEtxpgj+QPQPf5m82jL0DHGMacY8UFA +vy52Hl1WLTdKNA8+4p7A48Sg9+QkMXbECf/uxVMCLYk +--- 429vzgFnmFbEqDMwdvC0/EYDJlKU64YEGgE0AqPqlBs +b/!8O3Df/&kNQhurt%&]ucjH]_5@D$>N8Ϧ >9:CvѦ69W'X]X^ƻ$}|c/ ߸={uɳs \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 3b6ff2affb50a87f4b2cf91edf585c73272a134f..b4a29fa2568f59e840bde1dbd55ace544626f3b8 100644 GIT binary patch delta 411 zcmcb}e35yAPJLc}VR4C}dq`2WO`Myv3IVvL6L8scd>U?K~-UTm4BX#r?KG0mcUv|0t$UXy zYw%v)XTN@Qb=HR#cxf*wE0#>Rwz7U4vS89VhUCO=pI6L?lj>d;)?c@4p5y5@N3J!G G_5lEIGm+c? delta 411 zcmcb}e35yAPJN=QslG{oagj-?Nm_<^np>o&wn1{HNuFtHy0fQcM1^l?aad@eS6ObB zE0?EFPKckAv5Aqhk6%GbghjAxUT|KOYhhMdaF#`Ju1l7?Q(#0^pm9N1GMBEMLUD11 zZfc5=si~o*f<r!^a)3v8o{zS6 zKu~a&lc%EzS5UTzt3_~G@Up1{UVQPR0R6-rmM3AwdPXK53yI+6Cc`X67NT9$x;r=~;%_j=_;!1t~sx zQQ>8Q9+iHUIZ>s-CRtf!#d+>|soEjFQ3e5t>1AnUfnE__;YQ_Ly1Kdw8D0fp!J(EF zemRNBmX={IMrN4?rQv2?<@%xe&iVeyj^!R+!J*FC28qeVT=(tk|74sxcJ}$9S=Tr| zUC=zrvWa)yQ#P5uo^SfEFZ_L>-MeDyY#FQdRyLBIo4j}xE;xlv{`2(FH{WY-E9QK> HX5a$=F~*Zs diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 473f3cb97a38fcb01d2d7512306b9576963b2754..02d170dce9315c545774f3510a4f81541ea6137b 100644 GIT binary patch delta 484 zcmbQqGLvP3PQ6z|j%%7%ieq-3zL8r*x=V;jQD#MOc$%-Lvt?CaMxuU5o>_WoWx0`K zD3@1ZMWTClMs`7Rv1Nuum7{xPxxYtAQGS|5dUjcaafz#^OF?i-Xhm41374*&LUD11 zZfc5=si~o*f< zX0BmgWnNf5SDIx~g^9aSPx`V~&;o}nqJ!ByE@KHC1S zWzH3;5ozv~mZ{oK`X(V&AucJ!kshU9Zk_>&`V}R~X+D<8hIxTpy1KdwQKd;0Ri)a# zzMh5UMyc-Ef&OMCIjIqr&fccJk)h@Rj()!NK_%sep8f^NTp_t{KN=*=`v32=CU@f6 zb#FN=XRdnX61Z;tXEo;=u{B8>C9)d2%j>GzX8&-0mcX=iT4s;Z!JaS{UQVIjmu}Dg`A2*!eD> delta 484 zcmbQqGLvP3PJO0XiLpzFzh#AQNn);vWkgQCr*S~0WqGArij$dviAk_QSZ;`iSz(S_ zI#-&0mVa7ma8X5Kv44tBiiJyNm2*jsN485=q;E!Xfu~WjWoEd0PJym@eV`;dXWol`1s#~N8Yibt+vabaO-L10yezH4OQ z#E;_j>DfLeVL4vq0YAn`FS4cuD+&brAEGP6;8pP7JI(# g=e#`y61#*wLgp)0cI;b{`b%#~@#5{@wobYM08OvE1ONa4 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d47309f..84b14d6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; in { @@ -15,6 +15,7 @@ in io-user rotterdam-user alexandria + trantor ]; "nextcloud-adminpass.age".publicKeys = [ io-user From 2289f0e6e46b5adabb087b2dad5b35cb281fd03a Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:47:21 -0300 Subject: [PATCH 096/129] beginnings of split dns --- devShells.nix | 6 +-- hosts/alexandria/forgejo.nix | 9 +++++ hosts/alexandria/jellyfin.nix | 9 +++++ hosts/alexandria/librespeed.nix | 9 +++++ hosts/alexandria/nextcloud.nix | 9 +++++ hosts/alexandria/nginx.nix | 5 +++ hosts/alexandria/unbound.nix | 67 ++++++++++++++++++++++++++++++++ hosts/alexandria/vaultwarden.nix | 9 +++++ hosts/modules/split-dns.nix | 28 +++++++++++++ utils.nix | 29 ++++++++++++++ 10 files changed, 177 insertions(+), 3 deletions(-) create mode 100644 hosts/alexandria/unbound.nix create mode 100644 hosts/modules/split-dns.nix diff --git a/devShells.nix b/devShells.nix index 72b2695..f7e9627 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,12 +1,12 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, ... }: + { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix-cli + inputs.agenix.packages.${system}.default deploy-rs nil nixfmt-rfc-style diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 909d1d1..d9860f6 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,4 +32,13 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "git.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..994f972 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,4 +13,13 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "jellyfin.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index e36a81d..9b59685 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -27,4 +27,13 @@ in acmeHost = "baduhai.dev"; domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "speedtest.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..e12d12b 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,6 +79,15 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; + + # Register this domain for split DNS + splitDNS.entries = [ + { + domain = "cloud.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; }; age.secrets = { diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 0a0a261..54640c1 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -38,6 +38,11 @@ in users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + age.secrets.cloudflare = { file = ../../secrets/cloudflare.age; owner = "nginx"; diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix new file mode 100644 index 0000000..e923318 --- /dev/null +++ b/hosts/alexandria/unbound.nix @@ -0,0 +1,67 @@ +{ config, inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkSplitDNS; +in + +{ + imports = [ ../modules/split-dns.nix ]; + + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + # Enable views for split DNS + access-control-view = [ + "100.64.0.0/10 tailscale" + "fd7a:115c:a1e0::/48 tailscale" + "192.168.0.0/16 lan" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + }; + # Split DNS views - automatically collected from all service files + view = mkSplitDNS config.services.splitDNS.entries; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..68387ee 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,4 +24,13 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "pass.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix new file mode 100644 index 0000000..0998816 --- /dev/null +++ b/hosts/modules/split-dns.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: + +{ + options.services.splitDNS = { + entries = lib.mkOption { + type = lib.types.listOf ( + lib.types.submodule { + options = { + domain = lib.mkOption { + type = lib.types.str; + description = "The domain name to configure"; + }; + lanIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for LAN requests"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for Tailscale requests"; + }; + }; + } + ); + default = [ ]; + description = "List of domains to configure for split DNS"; + }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..c803fe5 100644 --- a/utils.nix +++ b/utils.nix @@ -190,4 +190,33 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = + entries: + let + # Generate view entries for a single domain + mkEntry = + { + domain, + lanIP, + tailscaleIP, + }: + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${tailscaleIP}"''; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${lanIP}"''; + } + ]; + in + builtins.concatMap mkEntry entries; } From af444584d09eda850d4327af2d74874be3028a75 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:13 -0300 Subject: [PATCH 097/129] Add shared services infrastructure for cross-host data Created centralized service definitions in shared/services.nix to store service metadata (domains, IPs, ports) that need to be accessible across multiple hosts. This replaces the per-service split DNS module approach with a single source of truth. Services are now exported through utils.nix for easy access in host configs. --- hosts/alexandria/librespeed.nix | 39 ---------------------------- shared/services.nix | 39 ++++++++++++++++++++++++++++ utils.nix | 46 +++++++++++++++++---------------- 3 files changed, 63 insertions(+), 61 deletions(-) delete mode 100644 hosts/alexandria/librespeed.nix create mode 100644 shared/services.nix diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix deleted file mode 100644 index 9b59685..0000000 --- a/hosts/alexandria/librespeed.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "127.0.0.1:58080:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; - }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "speedtest.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; -} diff --git a/shared/services.nix b/shared/services.nix new file mode 100644 index 0000000..f55e4d2 --- /dev/null +++ b/shared/services.nix @@ -0,0 +1,39 @@ +# Shared service definitions for cross-host configuration +# Used by: +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - trantor: DNS server (Tailnet) + service hosting (forgejo) +{ + services = [ + { + name = "vaultwarden"; + domain = "vault.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8222; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + tailscaleIP = "100.108.5.90"; + port = 3000; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 443; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8096; + } + ]; +} diff --git a/utils.nix b/utils.nix index c803fe5..740bad0 100644 --- a/utils.nix +++ b/utils.nix @@ -8,9 +8,14 @@ let home-manager agenix ; + + # Import shared service definitions + sharedServices = import ./shared/services.nix; in { + # Re-export shared services for use in host configs + inherit (sharedServices) services; # Tag-based host configuration system mkHost = { @@ -196,27 +201,24 @@ in mkSplitDNS = entries: let - # Generate view entries for a single domain - mkEntry = - { - domain, - lanIP, - tailscaleIP, - }: - [ - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${tailscaleIP}"''; - } - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${lanIP}"''; - } - ]; + # Generate local-data entries for all domains + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; in - builtins.concatMap mkEntry entries; + [ + # Single Tailscale view with all domains + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + # Single LAN view with all domains + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; } From 8d8847e2fbbe3a88b8b50e5d050be86c89cb745d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:33 -0300 Subject: [PATCH 098/129] Remove split DNS module and per-service entries Removed the split-dns.nix module and all service-specific splitDNS.entries configurations. Service DNS records are now sourced from the centralized shared/services.nix file instead of being declared individually in each service configuration. --- hosts/alexandria/forgejo.nix | 9 --------- hosts/alexandria/jellyfin.nix | 9 --------- hosts/alexandria/nextcloud.nix | 9 --------- hosts/alexandria/vaultwarden.nix | 9 --------- hosts/modules/split-dns.nix | 28 ---------------------------- 5 files changed, 64 deletions(-) delete mode 100644 hosts/modules/split-dns.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index d9860f6..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,13 +32,4 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "git.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 994f972..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,13 +13,4 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "jellyfin.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index e12d12b..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,15 +79,6 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; - - # Register this domain for split DNS - splitDNS.entries = [ - { - domain = "cloud.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; }; age.secrets = { diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 68387ee..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,13 +24,4 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "pass.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix deleted file mode 100644 index 0998816..0000000 --- a/hosts/modules/split-dns.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, ... }: - -{ - options.services.splitDNS = { - entries = lib.mkOption { - type = lib.types.listOf ( - lib.types.submodule { - options = { - domain = lib.mkOption { - type = lib.types.str; - description = "The domain name to configure"; - }; - lanIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for LAN requests"; - }; - tailscaleIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for Tailscale requests"; - }; - }; - } - ); - default = [ ]; - description = "List of domains to configure for split DNS"; - }; - }; -} From ee1a7c4d180bf9bff5d0261cf3708d1374f78093 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:53 -0300 Subject: [PATCH 099/129] Split DNS servers: alexandria for LAN, trantor for tailnet Alexandria's unbound now only serves LAN clients (192.168.0.0/16) and returns LAN IPs for service domains. Created new unbound instance on trantor to serve Tailscale clients (100.64.0.0/10) and return tailscale IPs for service domains. Both configurations pull service records from shared/services.nix. --- hosts/alexandria/unbound.nix | 21 ++++--------- hosts/trantor/unbound.nix | 58 ++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 1 - 3 files changed, 64 insertions(+), 16 deletions(-) create mode 100644 hosts/trantor/unbound.nix diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix index e923318..31363aa 100644 --- a/hosts/alexandria/unbound.nix +++ b/hosts/alexandria/unbound.nix @@ -1,13 +1,10 @@ -{ config, inputs, lib, ... }: +{ inputs, lib, ... }: let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkSplitDNS; in { - imports = [ ../modules/split-dns.nix ]; - services.unbound = { enable = true; enableRootTrustAnchor = true; @@ -20,16 +17,7 @@ in access-control = [ "127.0.0.0/8 allow" "192.168.0.0/16 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - # Enable views for split DNS - access-control-view = [ - "100.64.0.0/10 tailscale" - "fd7a:115c:a1e0::/48 tailscale" - "192.168.0.0/16 lan" ]; num-threads = 2; @@ -43,9 +31,12 @@ in hide-version = true; so-rcvbuf = "1m"; so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); }; - # Split DNS views - automatically collected from all service files - view = mkSplitDNS config.services.splitDNS.entries; forward-zone = [ { diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix new file mode 100644 index 0000000..46808c6 --- /dev/null +++ b/hosts/trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 85fd378..c4969c1 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -40,7 +40,6 @@ in tags = [ # "server" TODO: uncomment when 25.11 is out. "fwupd" - "podman" ]; }; From 34622a05cbf2308e27f692efc8f3e04aa84b3942 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:16 -0300 Subject: [PATCH 100/129] Move forgejo from alexandria to trantor Migrated forgejo service and configuration to trantor. Added nginx reverse proxy support on trantor with ACME configuration for SSL certificates. Fixed vaultwarden domain in shared services from vault.baduhai.dev to pass.baduhai.dev to match actual nginx configuration. --- hosts/{alexandria => trantor}/forgejo.nix | 1 - hosts/trantor/nginx.nix | 50 +++++++++++++++++++++++ shared/services.nix | 2 +- 3 files changed, 51 insertions(+), 2 deletions(-) rename hosts/{alexandria => trantor}/forgejo.nix (96%) create mode 100644 hosts/trantor/nginx.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/trantor/forgejo.nix similarity index 96% rename from hosts/alexandria/forgejo.nix rename to hosts/trantor/forgejo.nix index 909d1d1..c11573e 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -28,7 +28,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix new file mode 100644 index 0000000..6879bfc --- /dev/null +++ b/hosts/trantor/nginx.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/shared/services.nix b/shared/services.nix index f55e4d2..fd4e440 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -6,7 +6,7 @@ services = [ { name = "vaultwarden"; - domain = "vault.baduhai.dev"; + domain = "pass.baduhai.dev"; host = "alexandria"; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; From 73db53426937916050da864ee45e53520da34294 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:41 -0300 Subject: [PATCH 101/129] Switch from wildcard to per-domain SSL certificates Updated mkNginxVHosts to use per-domain certificates (enableACME) instead of shared wildcard certificates (useACMEHost). Each service now requests its own certificate, avoiding conflicts between hosts and following the principle of least privilege. Removed wildcard certificate configuration from both alexandria and trantor. Each host now only obtains certificates for domains it actually serves: - Alexandria: pass.baduhai.dev, cloud.baduhai.dev, jellyfin.baduhai.dev - Trantor: git.baduhai.dev --- hosts/alexandria/jellyfin.nix | 1 - hosts/alexandria/nextcloud.nix | 1 - hosts/alexandria/nginx.nix | 11 +++++------ hosts/alexandria/vaultwarden.nix | 1 - utils.nix | 7 ++----- 5 files changed, 7 insertions(+), 14 deletions(-) diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..6ceac09 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -10,7 +10,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..2368a3c 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -76,7 +76,6 @@ in }; nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; }; diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 54640c1..6879bfc 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -19,9 +19,6 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; }; services.nginx = { @@ -30,9 +27,11 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."_".locations."/".return = "444"; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; }; }; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..2335ee0 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -20,7 +20,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; diff --git a/utils.nix b/utils.nix index 740bad0..7a81af7 100644 --- a/utils.nix +++ b/utils.nix @@ -183,13 +183,10 @@ in # Nginx virtual host utilities mkNginxVHosts = - { - acmeHost, - domains, - }: + { domains }: let commonVHostConfig = { - useACMEHost = acmeHost; + enableACME = true; forceSSL = true; kTLS = true; }; From 952a55f03d392d504728065191f5edddebc453ba Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:57:27 -0300 Subject: [PATCH 102/129] Add Kanidm identity provider to alexandria Added Kanidm server configuration to serve as central identity provider for all services. Configuration includes: - Server on auth.baduhai.dev with HTTPS - LDAP support on port 636 for legacy integrations - Nginx reverse proxy with SSL termination - Added to shared services for DNS resolution Kanidm will provide OAuth2/OIDC authentication for Nextcloud, Vaultwarden, Forgejo, and other services. --- hosts/alexandria/kanidm.nix | 78 +++++++++++++++++++++++++++++++++++++ shared/services.nix | 10 ++++- 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 hosts/alexandria/kanidm.nix diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix new file mode 100644 index 0000000..ee56bc1 --- /dev/null +++ b/hosts/alexandria/kanidm.nix @@ -0,0 +1,78 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/shared/services.nix b/shared/services.nix index fd4e440..8870258 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -1,9 +1,17 @@ # Shared service definitions for cross-host configuration # Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) # - trantor: DNS server (Tailnet) + service hosting (forgejo) { services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8443; + } { name = "vaultwarden"; domain = "pass.baduhai.dev"; From 58fec035791726b213ac648902513589fa11ab7e Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 22:53:18 -0300 Subject: [PATCH 103/129] Switch ACME to DNS-01 challenge with auto-configured certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed certificate generation from HTTP-01 to DNS-01 challenge to support services behind Tailscale/CGNAT IPs. HTTP-01 challenges fail because Let's Encrypt cannot reach private Tailscale IPs (100.x.x.x) that Cloudflare DNS points to. Changes: - Pre-configure certificates in security.acme.certs using DNS-01 via Cloudflare - Auto-generate certificate configs from shared/services.nix - Alexandria: filters services with host == "alexandria" - Trantor: filters services with host == "trantor" - Updated mkNginxVHosts to use useACMEHost instead of enableACME - Each domain gets its own certificate configured with DNS-01 challenge This ensures all services get valid Let's Encrypt certificates even when accessible only through Tailscale or private networks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/nginx.nix | 11 ++++++++++- hosts/trantor/nginx.nix | 13 ++++++++++++- utils.nix | 14 ++++++++------ 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 6879bfc..274f645 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -7,7 +7,15 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +27,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix index 6879bfc..56eed7c 100644 --- a/hosts/trantor/nginx.nix +++ b/hosts/trantor/nginx.nix @@ -7,7 +7,17 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +29,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/utils.nix b/utils.nix index 7a81af7..8c20ab9 100644 --- a/utils.nix +++ b/utils.nix @@ -185,13 +185,15 @@ in mkNginxVHosts = { domains }: let - commonVHostConfig = { - enableACME = true; - forceSSL = true; - kTLS = true; - }; + # Extract domain name and apply it as useACMEHost + mkVHostConfig = domain: config: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } config; in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + lib.mapAttrs mkVHostConfig domains; # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries From 258bcac59750a5ef585ab28c39d1972b9479326d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 23:56:40 -0300 Subject: [PATCH 104/129] Integrate Kanidm with Nextcloud via OIDC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added Kanidm identity provider integration with Nextcloud: - Enabled Kanidm client in kanidm.nix for CLI access - Added user_oidc app to Nextcloud for OpenID Connect authentication - Configured allow_local_remote_servers to permit Nextcloud to reach Kanidm at auth.baduhai.dev (resolves to local IP 192.168.15.142) OAuth2 client configuration (done via kanidm CLI): - Client ID: nextcloud - Scopes: openid, email, profile mapped to idm_all_accounts group - Redirect URI: https://cloud.baduhai.dev/apps/user_oidc/code - User mapping: name claim maps to Nextcloud username This allows users to authenticate to Nextcloud using their Kanidm credentials, with existing Nextcloud accounts linked via username. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/kanidm.nix | 5 +++++ hosts/alexandria/nextcloud.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix index ee56bc1..eaaa9b9 100644 --- a/hosts/alexandria/kanidm.nix +++ b/hosts/alexandria/kanidm.nix @@ -15,6 +15,7 @@ in { services.kanidm = { enableServer = true; + enableClient = true; package = pkgs.kanidm; serverSettings = { @@ -27,6 +28,10 @@ in tls_chain = "${kanidmCertDir}/cert.pem"; tls_key = "${kanidmCertDir}/key.pem"; }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; }; services.nginx.virtualHosts = mkNginxVHosts { diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2368a3c..c449cce 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -29,6 +29,7 @@ in contacts notes tasks + user_oidc ; }; extraAppsEnable = true; @@ -40,6 +41,7 @@ in trusted_proxies = [ "127.0.0.1" ]; default_phone_region = "BR"; maintenance_window_start = "4"; + allow_local_remote_servers = true; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\EMF" From 095d881ad995325d8a1ad1ecd40c510941562df0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 00:00:00 -0300 Subject: [PATCH 105/129] no ghostty notifications --- users/modules/desktop/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ba30852..742a6ea 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -22,7 +22,7 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - bell-features = "border"; + bell-features = ""; gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=text:\\x1b\\r" ]; }; From 92f5593611ac78e163ebff7292656759e393218d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 07:55:42 -0300 Subject: [PATCH 106/129] junction default browser; remove brave --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/desktop.nix | 15 +++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f2418ce..03ec04b 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -20,7 +20,6 @@ systemPackages = with pkgs; [ ### Web ### bitwarden-desktop - brave fragments nextcloud-client tor-browser diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 742a6ea..df6f380 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -41,33 +41,28 @@ enable = true; defaultApplications = { "text/html" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/http" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/https" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/about" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/unknown" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "image/jpeg" = "org.gnome.Loupe.desktop"; From 808bccf0a2665dadd303e309d9f061c360723e8b Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:45 -0300 Subject: [PATCH 107/129] Add Tailscale tailnet DNS configuration via Terranix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Configure global DNS nameservers for the Tailscale tailnet, setting trantor as the primary DNS server with Cloudflare as fallback. This enables custom DNS resolution across the entire tailnet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 77 +++++++++++++++++++++++++++++ terranix/tailscale/tailnet.nix | 43 ++++++++++++++++ terranixConfigurations.nix | 8 +++ 3 files changed, 128 insertions(+) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index e69de29..56d25ad 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -0,0 +1,77 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + description = "Cloudflare zone ID for baduhai.dev"; + type = "string"; + sensitive = true; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource = { + cloudflare_record.root = { + zone_id = config.variable.zone_id; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.www = { + zone_id = config.variable.zone_id; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.wildcard = { + zone_id = config.variable.zone_id; + name = "*"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix index e69de29..929e79b 100644 --- a/terranix/tailscale/tailnet.nix +++ b/terranix/tailscale/tailnet.nix @@ -0,0 +1,43 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index fc84f17..12c90d1 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -14,6 +14,14 @@ modules = [ ./terranix/oci/trantor.nix ]; terraformWrapper.package = pkgs.opentofu; }; + cloudflare-baduhaidev = { + modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; + tailscale-tailnet = { + modules = [ ./terranix/tailscale/tailnet.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; } From 1b1d7896e6c9fbe87d64ea02b5adbc89b34bd685 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:54 -0300 Subject: [PATCH 108/129] Document required environment variables for OCI configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add documentation about required OCI and AWS credentials for the trantor configuration, clarifying that ~/.oci/config can be used as an alternative to environment variables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/oci/trantor.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 2037d87..bb06585 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -1,3 +1,13 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + { config, ... }: { From 1921aad1bdd51292baaf18187106b42a874aa28c Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:30:02 -0300 Subject: [PATCH 109/129] Update Cloudflare DNS configuration with explicit zone ID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace sensitive zone_id variable with hardcoded value and update DNS record configuration to use cloudflare_dns_record resource type. Disable proxying and set explicit TTL for better control over DNS propagation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 31 +++++++++++++++-------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 56d25ad..b74484c 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -1,6 +1,5 @@ # Required environment variables: # CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage @@ -26,9 +25,8 @@ variable = { zone_id = { - description = "Cloudflare zone ID for baduhai.dev"; + default = "c63a8332fdddc4a8e5612ddc54557044"; type = "string"; - sensitive = true; }; }; @@ -50,28 +48,31 @@ }; resource = { - cloudflare_record.root = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.root = { + zone_id = config.variable.zone_id.default; name = "@"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.www = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.www = { + zone_id = config.variable.zone_id.default; name = "www"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.wildcard = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.wildcard = { + zone_id = config.variable.zone_id.default; name = "*"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; }; } From 14c4440dd1fa31f0589ed6c3a8f91cfa6fab2f20 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:34:57 -0300 Subject: [PATCH 110/129] forgejo: disable singup; document root password --- hosts/trantor/forgejo.nix | 1 + secrets/forgejo-root-password.age | Bin 0 -> 465 bytes secrets/secrets.nix | 5 +++++ 3 files changed, 6 insertions(+) create mode 100644 secrets/forgejo-root-password.age diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index c11573e..a89526d 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -24,6 +24,7 @@ in log.LEVEL = "Warn"; mailer.ENABLED = false; actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; }; }; diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age new file mode 100644 index 0000000000000000000000000000000000000000..90be612af57adcc9b8db836f5f02ed55ff0377b3 GIT binary patch literal 465 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlPD{zlPge*@GRiN@ zHVXH)D2u9$DhM{M@-y(LEGW&3(66X4_6rKl3(GSP49cuB_T(z{3yw514D|_h%SlNs ztnlzRGPg7fb#pc;&#KTb&aTSNkF+R{NHj0fH$k_}A~M)9vs|Gf%AnB8#VIu0(=EKn zqd;5R$EncB)6_WIH7YgS$uuv|JkKPoB0xVl!-6X{#XrN(AS=QnDX*%+G$hC@E6*`M zG^jYpJU3t4Ei=p2FW0!ZJkLGQ&jQ`Hz!Kv?ZAXQaLU)6RLf5nsSAYG)l3YhW-w59b zzyEz)TZU*ATZz{cZdy`tCv literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 84b14d6..a90cd74 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -27,4 +27,9 @@ in rotterdam-user alexandria ]; + "forgejo-root-password.age".publicKeys = [ + io-user + rotterdam-user + trantor + ]; } From 6f1aca7b01a825e71bb7db10e9968ade435e57b0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:11:55 -0300 Subject: [PATCH 111/129] Configure Forgejo OAuth2 and disable public registration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add OAuth2 client configuration to enable auto-registration via SSO with Kanidm, while disabling direct public registration. Users can now authenticate through the identity provider with automatic account creation and avatar syncing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/forgejo.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index a89526d..9688458 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -25,6 +25,12 @@ in mailer.ENABLED = false; actions.ENABLED = false; service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; }; From 878c4aa3ea7d8c642c2979895c33bf533094f54f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:12:06 -0300 Subject: [PATCH 112/129] Add public visibility flags to service definitions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark services as public or private to control external access: - Public: vaultwarden, forgejo, nextcloud - Private: kanidm, jellyfin This enables proper routing and firewall configuration based on intended service visibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/shared/services.nix b/shared/services.nix index 8870258..ebd51de 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,6 +8,7 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -16,6 +17,7 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -24,6 +26,7 @@ name = "forgejo"; domain = "git.baduhai.dev"; host = "trantor"; + public = true; tailscaleIP = "100.108.5.90"; port = 3000; } @@ -31,6 +34,7 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; @@ -39,6 +43,7 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; From ad9d565a8f365d2530b0889edb15613dc6ea330a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:20:21 -0300 Subject: [PATCH 113/129] Route DNS based on service visibility flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace wildcard DNS with dynamic service-based routing that reads from shared/services.nix. Public services (forgejo, vaultwarden, nextcloud) point to trantor's public IP for external access, while private services (kanidm, jellyfin) point to tailscale IPs for internal-only access. This provides granular control over service exposure without manual DNS management. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 2 - terranix/cloudflare/baduhai.dev.nix | 74 +++++++++++++++++++---------- 2 files changed, 49 insertions(+), 27 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index ebd51de..d267792 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,7 +8,6 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -43,7 +42,6 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index b74484c..3a5e6ee 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -3,7 +3,38 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ config, ... }: +{ config, lib, ... }: + +let + inherit (import ../../shared/services.nix) services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 (i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = if svc.public or false + then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else svc.tailscaleIP; + in { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); +in { terraform.required_providers.cloudflare = { @@ -48,31 +79,24 @@ }; resource = { - cloudflare_dns_record.root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; + cloudflare_dns_record = mkServiceRecords // { + root = { + zone_id = config.variable.zone_id.default; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; - cloudflare_dns_record.www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - cloudflare_dns_record.wildcard = { - zone_id = config.variable.zone_id.default; - name = "*"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; + www = { + zone_id = config.variable.zone_id.default; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; }; }; } From cd17bf25617f3922b7ccbdfd5a1bfdb9b7b10002 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 12:36:43 -0300 Subject: [PATCH 114/129] only forgejo is public for now --- shared/services.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index d267792..44f9208 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -16,7 +16,6 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -33,7 +32,6 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; From f1b6be6f3ff1311d7041b194ebdd3956a70fb71d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:00:17 -0300 Subject: [PATCH 115/129] Add fail2ban configuration for SSH and Forgejo on Trantor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Configure fail2ban with progressive ban times (1h base, up to 10000h max) - Add SSH jail with password authentication disabled - Add Forgejo jail using systemd journal backend - Ignore private networks and Tailscale IPs - Set Forgejo to 10 retries per hour, 15min initial ban 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/fail2ban.nix | 43 +++++++++++++++++++++++++ hosts/trantor/forgejo.nix | 65 ++++++++++++++++++++++++-------------- hosts/trantor/openssh.nix | 23 ++++++++++++++ 3 files changed, 107 insertions(+), 24 deletions(-) create mode 100644 hosts/trantor/fail2ban.nix create mode 100644 hosts/trantor/openssh.nix diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix new file mode 100644 index 0000000..4ef1bbc --- /dev/null +++ b/hosts/trantor/fail2ban.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + + jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + backend = "systemd"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; + }; + }; + }; + + # Custom fail2ban filter for Forgejo using systemd journal + environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + journalmatch = _SYSTEMD_UNIT=forgejo.service + failregex = Failed authentication attempt for .+ from :\d+: + ignoreregex = + ''); +} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 9688458..227bcb4 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -9,33 +9,50 @@ let inherit (utils) mkNginxVHosts; in { - services.forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + services = { + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; }; }; }; - services.nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; + environment.etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + ''; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix new file mode 100644 index 0000000..51d8795 --- /dev/null +++ b/hosts/trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 5; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} From f979314a3cc34dc37c99f2928cd163f0327907d1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:15:12 -0300 Subject: [PATCH 116/129] new readme --- readme.md | 184 ++++++++++++++++++++++-------------------------------- 1 file changed, 74 insertions(+), 110 deletions(-) diff --git a/readme.md b/readme.md index 2804237..1f44455 100644 --- a/readme.md +++ b/readme.md @@ -1,123 +1,87 @@ # NixOS Configuration -A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. +My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. ## Hosts -| Host | Type | System | Version | Description | -|------|------|--------|---------|-------------| -| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | -| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | -| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | -| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | +### Desktop Systems +- **rotterdam** - Main desktop workstation (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman + - Storage: Ephemeral root with LUKS encryption -## Key Features +- **io** - Secondary desktop (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman + - Storage: Ephemeral root with LUKS encryption -### Architecture -- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance -- **Flake-based** - Fully reproducible builds with locked dependencies -- **Multi-platform** - Supports both x86_64 and aarch64 architectures -- **Deployment automation** - Remote deployment via deploy-rs +### Servers +- **alexandria** - Home server (x86_64) + - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm -### Desktop Experience -- **Niri compositor** - Custom fork with auto-centering window columns -- **Unified theming** - Stylix-based theming -- **Wayland-native** - Full Wayland support -- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability +- **trantor** - Cloud server (aarch64) + - Hosts: Forgejo + - Cloud provider: Oracle Cloud Infrastructure + - Storage: Ephemeral root with btrfs -### Self-Hosted Services -- **Nextcloud** - Cloud storage with calendar, contacts, and notes -- **Forgejo** - Self-hosted Git server -- **Jellyfin** - Media streaming -- **Vaultwarden** - Password manager backend -- **LibreSpeed** - Network speed testing -- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt +## Home Manager Configurations + +- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment +- **user@io** - Lightweight desktop setup + +Both configurations include: +- btop, direnv, helix, starship, tmux +- Stylix theme management +- Fish shell with custom configurations + +## Terranix Configurations + +Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): + +- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server +- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain +- **tailscale-tailnet** - Tailscale network ACL and device management + +## Services + +All services are accessible via custom domains under baduhai.dev: + +- **Kanidm** (auth.baduhai.dev) - Identity and access management +- **Vaultwarden** (pass.baduhai.dev) - Password manager +- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) +- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration +- **Jellyfin** (jellyfin.baduhai.dev) - Media server + +Services are accessible via: +- LAN for alexandria-hosted services +- Tailscale VPN for all services +- Public internet for Forgejo only + +## Notable Features + +### Ephemeral Root +Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: +- Root filesystem is automatically rolled back using btrfs snapshots +- Old snapshots retained for 30 days +- Persistent data stored in dedicated subvolumes +- Implements truly stateless systems + +### Custom DNS Architecture +- Unbound DNS servers on both alexandria and trantor +- Service routing based on visibility flags (public/LAN/Tailscale) +- Split-horizon DNS for optimal access paths ### Security -- **Agenix** - Encrypted secrets management -- **Tailscale** - Zero-config VPN mesh network -- **Firewall** - Configured on all hosts -- SSH key-based authentication +- LUKS full-disk encryption on desktop systems +- Fail2ban on public-facing servers +- agenix for secrets management +- Tailscale for secure remote access -## Repository Structure +### Desktop Environment +- Custom Niri window manager (Wayland compositor) +- Using forked version with auto-centering feature +- Stylix for consistent theming -``` -. -├── flake.nix # Main flake definition -├── utils.nix # Tag-based module system utilities -├── nixosConfigurations.nix # Host definitions with tags -├── homeConfigurations.nix # User configurations -├── deploy.nix # Remote deployment configuration -├── hosts/ -│ ├── alexandria/ # Server-specific config -│ ├── io/ # Laptop-specific config -│ ├── rotterdam/ # Desktop-specific config -│ ├── trantor/ # VPS-specific config -│ └── modules/ -│ ├── common/ # Shared base configuration -│ ├── desktop/ # Desktop environment setup -│ ├── server/ # Server-specific modules -│ └── [tag].nix # Optional feature modules -├── users/ -│ └── modules/ # Home Manager configurations -│ └── [tag].nix # Optional feature modules -├── packages/ # Custom package definitions -└── secrets/ # Encrypted secrets (agenix) -``` - -## Tag System - -Configurations are composed using tags that map to modules: - -**Common Tags** (all hosts): -- `common` - Base system configuration (automatically applied) - -**General Tags**: -- `desktop` - *Mostly* full desktop environment with Niri WM -- `dev` - Development tools and environments -- `gaming` - Steam, Heroic, gamemode, controller support -- `ephemeral` - Impermanent root filesystem -- `networkmanager` - WiFi and network management -- `libvirtd` - KVM/QEMU virtualization -- `podman` - Container runtime -- `bluetooth` - Bluetooth support -- `fwupd` - Firmware update daemon - -**Server Tags**: -- `server` - Server-specific configuration - -## Usage - -### Rebuilding a Configuration - -```bash -# Local rebuild -sudo nixos-rebuild switch --flake .#hostname - -# Remote deployment -deploy .#hostname -``` - -### Updating Dependencies - -```bash -nix flake update -``` - -### Adding a New Host - -1. Create host directory in `hosts/` -2. Define configuration in `nixosConfigurations.nix` with appropriate tags -3. Add deployment profile in `deploy.nix` if needed - -## Dependencies - -- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels -- [home-manager](https://github.com/nix-community/home-manager) - User configuration -- [agenix](https://github.com/ryantm/agenix) - Secrets management -- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning -- [stylix](https://github.com/danth/stylix) - System-wide theming -- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) -- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support -- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment -- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management +### Development Setup +- Nix flakes for reproducible builds +- deploy-rs for automated deployments +- Podman for containerization +- Complete AI tooling integration From 0961eb8f767d8be58798df36fbac01522f187745 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:37:04 -0300 Subject: [PATCH 117/129] dns records only for actual services --- .gitignore | 2 ++ terranix/cloudflare/baduhai.dev.nix | 36 ++++++++--------------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/.gitignore b/.gitignore index b59fd44..73105bb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ result result-* .direnv/ oci-trantor/ +tailscale-tailnet/ +cloudflare-baduhaidev # Personal notes and temporary files todo.md diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 3a5e6ee..1b456f3 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -15,13 +15,17 @@ let # Public services point to trantor's public IP # Private services point to their tailscale IP mkServiceRecords = lib.listToAttrs ( - lib.imap0 (i: svc: + lib.imap0 ( + i: svc: let subdomain = getSubdomain svc.domain; - targetIP = if svc.public or false - then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else svc.tailscaleIP; - in { + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { name = "service_${toString i}"; value = { zone_id = config.variable.zone_id.default; @@ -78,25 +82,5 @@ in }; }; - resource = { - cloudflare_dns_record = mkServiceRecords // { - root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - }; - }; + resource.cloudflare_dns_record = mkServiceRecords; } From 3d71b8c1b849fa6b31ae1480a03f66f0a26b3d01 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:41:41 -0300 Subject: [PATCH 118/129] update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 1f44455..7de1cbe 100644 --- a/readme.md +++ b/readme.md @@ -1,6 +1,6 @@ -# NixOS Configuration +# Nix Configuration -My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. +My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. ## Hosts From 09a4092b92ad0492d486a893232352775cff3105 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:56:57 -0300 Subject: [PATCH 119/129] better noctalia integration for niri --- users/modules/desktop/niri.nix | 43 ++++++++++++++++------------------ 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 1f6a1bf..4d18e6a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -8,7 +8,6 @@ let isRotterdam = hostname == "rotterdam"; - noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { @@ -30,7 +29,10 @@ in }; home = { - packages = with pkgs; [ xwayland-satellite ]; + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; @@ -91,23 +93,18 @@ in inactive-color "#505050" urgent-color "#9b0000" } - tab-indicator { - width 4 - gap 4 - place-within-column - } - ${lib.optionalString isRotterdam '' - struts { - left 8 - right 8 - }''} + tab-indicator { + width 4 + gap 4 + place-within-column + } } overview { zoom 0.65 } - spawn-at-startup "${noctalia}" + spawn-at-startup "noctalia-shell" "-d" layer-rule { match namespace="^wallpaper$" place-within-backdrop true @@ -143,18 +140,18 @@ in } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } @@ -228,8 +225,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 5af6c53d817710c3a26e403b9b9c3d0439311efd Mon Sep 17 00:00:00 2001 From: william Date: Sun, 9 Nov 2025 16:28:17 -0300 Subject: [PATCH 120/129] Update readme.md --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 7de1cbe..a2b815f 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ My personal Nix configuration for multiple NixOS hosts, home-manager users, misc - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - Storage: Ephemeral root with LUKS encryption -- **io** - Secondary desktop (x86_64) +- **io** - Laptop workstation (x86_64) - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - Storage: Ephemeral root with LUKS encryption From 5906fa6f3656db778ff9e9e09b510b5091286fa7 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:31:52 -0300 Subject: [PATCH 121/129] fix forgejo's ssh domain --- hosts/trantor/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 227bcb4..25acf4e 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -20,7 +20,7 @@ in DOMAIN = "git.baduhai.dev"; ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + SSH_DOMAIN = "git.baduhai.dev"; }; log.LEVEL = "Warn"; mailer.ENABLED = false; From ae6d46012baec67e00c58328fbb5148da6cfad53 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:57:17 -0300 Subject: [PATCH 122/129] fail2ban: fix config; forgejo: repository path and persistency --- hosts/trantor/fail2ban.nix | 20 -------------------- hosts/trantor/forgejo.nix | 34 ++++++++++++++++++++++++---------- hosts/trantor/openssh.nix | 2 +- 3 files changed, 25 insertions(+), 31 deletions(-) diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix index 4ef1bbc..bc05139 100644 --- a/hosts/trantor/fail2ban.nix +++ b/hosts/trantor/fail2ban.nix @@ -12,7 +12,6 @@ "192.168.0.0/16" "100.64.0.0/10" ]; - bantime = "1h"; bantime-increment = { enable = true; @@ -20,24 +19,5 @@ maxtime = "10000h"; overalljails = true; }; - - jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - backend = "systemd"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; - }; - }; }; - - # Custom fail2ban filter for Forgejo using systemd journal - environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - journalmatch = _SYSTEMD_UNIT=forgejo.service - failregex = Failed authentication attempt for .+ from :\d+: - ignoreregex = - ''); } diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 25acf4e..fdfa64a 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -4,15 +4,16 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { services = { forgejo = { enable = true; - repositoryRoot = "/data/forgejo"; settings = { session.COOKIE_SECURE = true; server = { @@ -42,17 +43,30 @@ in settings = { enabled = true; filter = "forgejo"; - logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; }; }; }; - environment.etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - ''; + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix index 51d8795..704b3df 100644 --- a/hosts/trantor/openssh.nix +++ b/hosts/trantor/openssh.nix @@ -14,7 +14,7 @@ port = "ssh"; filter = "sshd"; logpath = "/var/log/auth.log"; - maxretry = 5; + maxretry = 3; findtime = "10m"; bantime = "1h"; }; From bb0ea2769656f6278e632ad65310bc57d6569513 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 19:01:37 -0300 Subject: [PATCH 123/129] niri keybinds --- users/modules/desktop/niri.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4d18e6a..08bcc4a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -167,10 +167,6 @@ in Mod+L { focus-column-right; } Mod+J { focus-window-or-workspace-down; } Mod+K { focus-window-or-workspace-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } Mod+Ctrl+Left { move-column-left; } Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } From b602a78bb33f941deaa4d74c911ab9b8e8574f82 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 07:51:29 -0300 Subject: [PATCH 124/129] vicinae as a launcher --- flake.lock | 71 ++++++++++++++++++++++++++++++- flake.nix | 2 + users/modules/desktop/desktop.nix | 8 +++- users/modules/desktop/niri.nix | 4 +- 4 files changed, 81 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3b994bf..893a87d 100644 --- a/flake.lock +++ b/flake.lock @@ -299,6 +299,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -647,6 +665,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -877,6 +911,7 @@ "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", + "vicinae": "vicinae", "zen-browser": "zen-browser" } }, @@ -1060,6 +1095,21 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", @@ -1202,6 +1252,25 @@ "type": "github" } }, + "vicinae": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1762709887, + "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", + "owner": "vicinaehq", + "repo": "vicinae", + "rev": "54722e36137d8273ef0a5db37776fb8302c79238", + "type": "github" + }, + "original": { + "owner": "vicinaehq", + "repo": "vicinae", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { @@ -1238,7 +1307,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index af148c1..c5c3880 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,8 @@ }; nix-ai-tools.url = "github:numtide/nix-ai-tools"; + + vicinae.url = "github:vicinaehq/vicinae"; }; outputs = diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index df6f380..6940e1f 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,15 +1,21 @@ { - config, inputs, pkgs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; + services.vicinae = { + enable = true; + autoStart = true; + }; + programs = { ghostty = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 08bcc4a..09767e6 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -140,7 +140,7 @@ in } binds { - Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + Alt+Space repeat=false { spawn "vicinae" "toggle"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } @@ -150,7 +150,7 @@ in XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } From e95ba0215b47cdabb5a05749baea80146bea95ec Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:04:55 -0300 Subject: [PATCH 125/129] new ssh key for himalia --- hosts/modules/common/users.nix | 3 ++- terranix/oci/trantor.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 0572153..7dd6490 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -10,8 +10,9 @@ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index bb06585..170ad04 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -53,6 +53,7 @@ ssh_public_keys = { default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; From 489af5a79fe4b563018c39b9d1862a816eebec6b Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:46:54 -0300 Subject: [PATCH 126/129] new noctalia ipc command --- users/modules/desktop/niri.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 09767e6..0cb5db8 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -151,7 +151,7 @@ in XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } From 0925a66f2218434b3bb70cd0f14b440db7b5fbc7 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 14:26:35 -0300 Subject: [PATCH 127/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/aaee8f2df1325c7f212d769515092162bcac31a7?narHash=sha256-aWt5CgOsQiiq%2BcaxF0iqp56kfHRkv8Tnz0X9DhJeBEE%3D' (2025-11-06) → 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4?narHash=sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw%3D' (2025-11-02) → 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/97a30861b13c3731a84e09405414398fbf3e109f?narHash=sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g%2BmjR/p5TEg%3D' (2025-11-06) → 'github:numtide/treefmt-nix/5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4?narHash=sha256-AlEObg0syDl%2BSpi4LsZIBrjw%2BsnSVU4T8MOeuZJUJjM%3D' (2025-11-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 893a87d..1a520bd 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1762442079, - "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "lastModified": 1763040477, + "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", "type": "github" }, "original": { @@ -746,11 +746,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762844143, + "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", "type": "github" }, "original": { @@ -1221,11 +1221,11 @@ ] }, "locked": { - "lastModified": 1762410071, - "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { From eebacb0f1fb1107076f5bd3cebafd95216ab1bad Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 19:16:08 -0300 Subject: [PATCH 128/129] add power profiles daemon to io --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 90fb737..df41a6f 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -49,6 +49,7 @@ }; }; upower.enable = true; + power-profiles-daemon.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 1dc55be5e1c4784b14e6eb655029528abf0cdcd1 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 18 Nov 2025 19:09:57 -0300 Subject: [PATCH 129/129] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) → 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/633af1961cae8e02bc6195e6e599a6b09bf75217?narHash=sha256-wTQzbbQ6XHtvNJVuhJj%2BytZDRyNtwUKbrIfIvMvKNfQ%3D' (2025-10-28) → 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) → 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 1a520bd..27c3580 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1761645416, - "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "lastModified": 1763308703, + "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", "owner": "numtide", "repo": "blueprint", - "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763040477, - "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", + "lastModified": 1763412165, + "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", + "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", "type": "github" }, "original": { @@ -746,16 +746,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762844143, - "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", + "lastModified": 1763312402, + "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", + "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" }