From 9d12f2ba18d0dcd0f91b5efc51ea672615d50ff7 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Feb 2025 22:22:32 -0300 Subject: [PATCH 001/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/18fa9f323d8adbb0b7b8b98a8488db308210ed93?narHash=sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg%3D' (2025-02-01) → 'github:nix-community/home-manager/433799271274c9f2ab520a49527ebfe2992dcfbd?narHash=sha256-fmhq8B3MvQLawLbMO%2BLWLcdC2ftLMmwSk%2BP29icJ3tE%3D' (2025-02-06) • Updated input 'nix-minecraft': 'github:Infinidoge/nix-minecraft/5b93268c80c3300dbec0fbbb2b50f674f84a474a?narHash=sha256-cc6AfR7W0AavgqA5nHUXRUus4Rr7oPWQNku5nhR4SYs%3D' (2025-02-03) → 'github:Infinidoge/nix-minecraft/e35b9bfe00b0602f57de8f19745c3d91cb45efec?narHash=sha256-NaCd65SqWMROgbJzio9HW5WGNb5sOBfyuGVtccU4YmM%3D' (2025-02-06) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3a228057f5b619feb3186e986dbe76278d707b6e?narHash=sha256-xvTo0Aw0%2Bveek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc%3D' (2025-02-01) → 'github:nixos/nixpkgs/799ba5bffed04ced7067a91798353d360788b30d?narHash=sha256-ooLh%2BXW8jfa%2B91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U%3D' (2025-02-04) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/f6687779bf4c396250831aa5a32cbfeb85bb07a3?narHash=sha256-5%2BHmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo%3D' (2025-02-01) → 'github:nixos/nixpkgs/030ba1976b7c0e1a67d9716b17308ccdab5b381e?narHash=sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M%3D' (2025-02-04) • Updated input 'stylix': 'github:danth/stylix/b00c9f46ae6c27074d24d2db390f0ac5ebcc329f?narHash=sha256-q1SUyXSQ9znHTME53/vPLe%2BGa3V1wW3X3gWfa8JsBUM%3D' (2025-01-30) → 'github:danth/stylix/d513f59da5856978c363d2f82103f708f4a6024d?narHash=sha256-IgjqlYPaS8Bg%2Bjc6a691w27XDFhBeM7gkP4eDcR2EBs%3D' (2025-02-03) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 1541b54..9e99b7d 100644 --- a/flake.lock +++ b/flake.lock @@ -367,11 +367,11 @@ ] }, "locked": { - "lastModified": 1738448366, - "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", + "lastModified": 1738878603, + "narHash": "sha256-fmhq8B3MvQLawLbMO+LWLcdC2ftLMmwSk+P29icJ3tE=", "owner": "nix-community", "repo": "home-manager", - "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", + "rev": "433799271274c9f2ab520a49527ebfe2992dcfbd", "type": "github" }, "original": { @@ -478,11 +478,11 @@ ] }, "locked": { - "lastModified": 1738547119, - "narHash": "sha256-cc6AfR7W0AavgqA5nHUXRUus4Rr7oPWQNku5nhR4SYs=", + "lastModified": 1738806350, + "narHash": "sha256-NaCd65SqWMROgbJzio9HW5WGNb5sOBfyuGVtccU4YmM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "5b93268c80c3300dbec0fbbb2b50f674f84a474a", + "rev": "e35b9bfe00b0602f57de8f19745c3d91cb45efec", "type": "github" }, "original": { @@ -529,11 +529,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738410390, - "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", + "lastModified": 1738680400, + "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", + "rev": "799ba5bffed04ced7067a91798353d360788b30d", "type": "github" }, "original": { @@ -545,11 +545,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1738435198, - "narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=", + "lastModified": 1738702386, + "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3", + "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1738278499, - "narHash": "sha256-q1SUyXSQ9znHTME53/vPLe+Ga3V1wW3X3gWfa8JsBUM=", + "lastModified": 1738611626, + "narHash": "sha256-IgjqlYPaS8Bg+jc6a691w27XDFhBeM7gkP4eDcR2EBs=", "owner": "danth", "repo": "stylix", - "rev": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", + "rev": "d513f59da5856978c363d2f82103f708f4a6024d", "type": "github" }, "original": { From a2eb9fb1d36b6cb0a701a9c5e1d07649210cd86a Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Feb 2025 22:28:02 -0300 Subject: [PATCH 002/267] cherry wallpaper on master --- hosts/desktops/common/stylix.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/desktops/common/stylix.nix b/hosts/desktops/common/stylix.nix index 3c862db..f1760b1 100644 --- a/hosts/desktops/common/stylix.nix +++ b/hosts/desktops/common/stylix.nix @@ -4,8 +4,8 @@ stylix = { enable = true; image = pkgs.fetchurl { - url = "https://images.unsplash.com/photo-1701453831008-ea11046da960?ixlib=rb-4.0.3&q=85&fm=jpg&crop=entropy&cs=srgb&dl=nat-uN9OSpSsw4A-unsplash.jpg"; - sha256 = "sha256-89o5VYI4cMP/O33oCaHi61hUYmIWEdyr8uGf/b2DMUk="; + url = "https://w.wallhaven.cc/full/dp/wallhaven-dpwvl3.jpg"; + sha256 = "sha256-h9UeYj8jSRgSv8XL+zgds4KtooLlJ+IqwxZbQEXdCh4="; }; base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; cursor = { From 82004743f68e6463b4c2f61db53f5e63972ac8d9 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Feb 2025 09:37:19 -0300 Subject: [PATCH 003/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/030ba1976b7c0e1a67d9716b17308ccdab5b381e?narHash=sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M%3D' (2025-02-04) → 'github:nixos/nixpkgs/f5a32fa27df91dfc4b762671a0e0a859a8a0058f?narHash=sha256-7x%2BQ4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i%2BjBHE%3D' (2025-02-06) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9e99b7d..148c21b 100644 --- a/flake.lock +++ b/flake.lock @@ -545,11 +545,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1738702386, - "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=", + "lastModified": 1738843498, + "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e", + "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f", "type": "github" }, "original": { From ddbae84c1a2293b126cc6cd8127ffdee55a7412e Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Feb 2025 18:03:49 -0300 Subject: [PATCH 004/267] downgrade stylix until danth/stylix#835 is resolved --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 148c21b..5eb19e6 100644 --- a/flake.lock +++ b/flake.lock @@ -612,11 +612,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1738611626, - "narHash": "sha256-IgjqlYPaS8Bg+jc6a691w27XDFhBeM7gkP4eDcR2EBs=", + "lastModified": 1738025638, + "narHash": "sha256-nU3JpvIeEmcDHzQK4OTD1KXSoL/GOff6j9kuSO4X8eM=", "owner": "danth", "repo": "stylix", - "rev": "d513f59da5856978c363d2f82103f708f4a6024d", + "rev": "55418e8fc8d4696af619176a22cefcfac56ad2ef", "type": "github" }, "original": { From a52a3b3a2e0703aec2c16186b4659d0b2e740e67 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Feb 2025 18:09:41 -0300 Subject: [PATCH 005/267] added new user --- flake.lock | 7 ++-- flake.nix | 2 +- hosts/desktops/common/packages.nix | 2 +- hosts/desktops/common/services.nix | 56 +++++++++++++++++------------- hosts/desktops/common/users.nix | 29 ++++++++++------ hosts/desktops/rotterdam.nix | 8 ++++- users/desktops/common/programs.nix | 9 +++++ 7 files changed, 72 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index 5eb19e6..af20624 100644 --- a/flake.lock +++ b/flake.lock @@ -612,15 +612,16 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1738025638, - "narHash": "sha256-nU3JpvIeEmcDHzQK4OTD1KXSoL/GOff6j9kuSO4X8eM=", + "lastModified": 1738278499, + "narHash": "sha256-q1SUyXSQ9znHTME53/vPLe+Ga3V1wW3X3gWfa8JsBUM=", "owner": "danth", "repo": "stylix", - "rev": "55418e8fc8d4696af619176a22cefcfac56ad2ef", + "rev": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", "type": "github" }, "original": { "owner": "danth", + "ref": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", "repo": "stylix", "type": "github" } diff --git a/flake.nix b/flake.nix index 81e961a..f47a5b1 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,7 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - stylix.url = "github:danth/stylix"; + stylix.url = "github:danth/stylix?ref=b00c9f46ae6c27074d24d2db390f0ac5ebcc329f"; }; diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix index 842e9a1..544f0e8 100644 --- a/hosts/desktops/common/packages.nix +++ b/hosts/desktops/common/packages.nix @@ -63,6 +63,7 @@ in p7zip plasma-panel-colorizer plasticity + prismlauncher protonup quickemu quickgui @@ -84,7 +85,6 @@ in packages = [ "com.github.k4zmu2a.spacecadetpinball" "com.github.tchx84.Flatseal" - "com.modrinth.ModrinthApp" "com.steamgriddb.SGDBoop" "app.zen_browser.zen" "io.github.Foldex.AdwSteamGtk" diff --git a/hosts/desktops/common/services.nix b/hosts/desktops/common/services.nix index 12a64e9..f0ff244 100644 --- a/hosts/desktops/common/services.nix +++ b/hosts/desktops/common/services.nix @@ -1,6 +1,5 @@ { inputs, - config, pkgs, ... }: @@ -9,6 +8,13 @@ services = { printing.enable = true; udev.packages = with pkgs; [ yubikey-personalization ]; + displayManager.sddm = { + enable = true; + wayland = { + enable = true; + compositor = "kwin"; + }; + }; desktopManager.plasma6.enable = true; tailscale.useRoutingFeatures = "client"; nginx = { @@ -23,30 +29,30 @@ jack.enable = true; wireplumber.enable = true; }; - greetd = { - enable = true; - settings = { - default_session.command = - let - xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions"; - wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions"; - in - '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --remember \ - --asterisks \ - --time \ - --greeting "NixOS" \ - --sessions ${xSessions}:${wlSessions} - ''; - initial_session = { - command = '' - ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null - ''; - user = "user"; - }; - }; - }; + # greetd = { + # enable = true; + # settings = { + # default_session.command = + # let + # xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions"; + # wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions"; + # in + # '' + # ${pkgs.greetd.tuigreet}/bin/tuigreet \ + # --remember \ + # --asterisks \ + # --time \ + # --greeting "NixOS" \ + # --sessions ${xSessions}:${wlSessions} + # ''; + # initial_session = { + # command = '' + # ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null + # ''; + # user = "user"; + # }; + # }; + # }; }; xdg.portal = { diff --git a/hosts/desktops/common/users.nix b/hosts/desktops/common/users.nix index c62d425..7ed7844 100644 --- a/hosts/desktops/common/users.nix +++ b/hosts/desktops/common/users.nix @@ -6,15 +6,24 @@ NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - users.users.user = { - description = "William"; - extraGroups = [ - "uaccess" # Needed for HID dev - "dialout" # Needed for arduino dev - "libvirt" - "libvirtd" - "adbusers" - "i2c" - ]; + users.users = { + user = { + description = "William"; + uid = 1000; + extraGroups = [ + "uaccess" # Needed for HID dev + "dialout" # Needed for arduino dev + "libvirt" + "libvirtd" + "adbusers" + "i2c" + ]; + }; + ewans = { + description = "Ewans"; + isNormalUser = true; + uid = 1001; + hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; + }; }; } diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix index 9294f82..97cd189 100644 --- a/hosts/desktops/rotterdam.nix +++ b/hosts/desktops/rotterdam.nix @@ -55,7 +55,13 @@ in environment.systemPackages = with pkgs; [ reboot-into-qubes ]; - # hardware.graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + hardware = { + amdgpu = { + opencl.enable = true; + amdvlk.enable = true; + }; + graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + }; systemd.targets.hibernate.enable = false; # disable non-functional hibernate diff --git a/users/desktops/common/programs.nix b/users/desktops/common/programs.nix index f1e4665..c2b15d6 100644 --- a/users/desktops/common/programs.nix +++ b/users/desktops/common/programs.nix @@ -25,4 +25,13 @@ }; }; }; + + gtk = { + gtk3.extraConfig = { + gtk-decoration-layout = "appmenu:none"; + }; + gtk4.extraConfig = { + gtk-decoration-layout = "appmenu:none"; + }; + }; } From 12f61f42462e994b11897aee50c0f1f69331a16d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 22 Feb 2025 11:56:01 -0300 Subject: [PATCH 006/267] added some impermanence mounts --- hosts/desktops/common/impermanence.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hosts/desktops/common/impermanence.nix b/hosts/desktops/common/impermanence.nix index d1ceacc..aebf0a1 100644 --- a/hosts/desktops/common/impermanence.nix +++ b/hosts/desktops/common/impermanence.nix @@ -11,13 +11,14 @@ "/etc/ssh/ssh_host_rsa_key.pub" ]; directories = [ - "/var/log" - "/var/lib/bluetooth" - "/var/lib/nixos" - "/var/lib/flatpak" - "/var/lib/tailscale" - "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" ]; }; } From 9f1bcc910ae732c3eca5dc590f01b74afbef9d04 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 22 Feb 2025 12:43:54 -0300 Subject: [PATCH 007/267] added onlyoffice pkg; fixed io screenshot key --- hosts/desktops/common/packages.nix | 1 + hosts/desktops/io.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix index 544f0e8..b83e8de 100644 --- a/hosts/desktops/common/packages.nix +++ b/hosts/desktops/common/packages.nix @@ -59,6 +59,7 @@ in nix-output-monitor obsidian obs-studio + onlyoffice-desktopeditors orca-slicer p7zip plasma-panel-colorizer diff --git a/hosts/desktops/io.nix b/hosts/desktops/io.nix index 1839968..5d9c9ff 100644 --- a/hosts/desktops/io.nix +++ b/hosts/desktops/io.nix @@ -100,7 +100,7 @@ in f9 = "f10"; f10 = "f11"; f13 = "f12"; - u = "sysrq"; + y = "sysrq"; k = "home"; l = "pageup"; "," = "end"; From 2ea7e9b09e3d8e4a275658d491708aad259198db Mon Sep 17 00:00:00 2001 From: William Date: Sun, 23 Feb 2025 19:35:06 -0300 Subject: [PATCH 008/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/433799271274c9f2ab520a49527ebfe2992dcfbd?narHash=sha256-fmhq8B3MvQLawLbMO%2BLWLcdC2ftLMmwSk%2BP29icJ3tE%3D' (2025-02-06) → 'github:nix-community/home-manager/12e26a74e5eb1a31e13daaa08858689e25ebd449?narHash=sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob%2B6M963bwVq74%3D' (2025-02-23) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56?narHash=sha256-dinzAqCjenWDxuy%2BMqUQq0I4zUSfaCvN9rzuCmgMZJY%3D' (2025-01-08) → 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe?narHash=sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA%3D' (2025-02-17) • Updated input 'nix-index-db': 'github:nix-community/nix-index-database/46a8f5fc9552b776bfc5c5c96ea3bede33f68f52?narHash=sha256-PZhUjtvQZOH3PO0EYdTpQvcqkgkq1NkP2A6w9SPHYsk%3D' (2025-02-02) → 'github:nix-community/nix-index-database/465792533d03e6bb9dc849d58ab9d5e31fac9023?narHash=sha256-dZWcbAQ1sF8oVv%2BzjSKkPVY0ebwENQEkz5vc6muXbKY%3D' (2025-02-23) • Updated input 'nix-minecraft': 'github:Infinidoge/nix-minecraft/e35b9bfe00b0602f57de8f19745c3d91cb45efec?narHash=sha256-NaCd65SqWMROgbJzio9HW5WGNb5sOBfyuGVtccU4YmM%3D' (2025-02-06) → 'github:Infinidoge/nix-minecraft/3ebed14b163cedb3f6f44d2d70386cb415e63455?narHash=sha256-UJ0ZsaMDcJk/dafSSdYtOF08Ofc6ZKjVkomocrzwb%2BU%3D' (2025-02-23) • Updated input 'nix-minecraft/flake-compat': 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9?narHash=sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm%2B504Ch3sNKLd8%3D' (2023-01-17) → 'github:edolstra/flake-compat/ff81ac966bb2cae68946d5ed5fc4994f96d0ffec?narHash=sha256-NeCCThCEP3eCl2l/%2B27kNNK7QrwZB1IJCrXfrbv5oqU%3D' (2024-12-04) • Updated input 'nix-minecraft/flake-utils': 'github:numtide/flake-utils/cfacdce06f30d2b68473a46042957675eebb3401?narHash=sha256-H%2BRh19JDwRtpVPAWp64F%2BrlEtxUWBAQW28eAi3SRSzg%3D' (2023-04-11) → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b?narHash=sha256-l0KFg5HjrsfsO/JpG%2Br7fRrqm12kzFHyUHqHCVpMMbI%3D' (2024-11-13) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/799ba5bffed04ced7067a91798353d360788b30d?narHash=sha256-ooLh%2BXW8jfa%2B91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U%3D' (2025-02-04) → 'github:nixos/nixpkgs/32fb99ba93fea2798be0e997ea331dd78167f814?narHash=sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk%3D' (2025-02-21) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/f5a32fa27df91dfc4b762671a0e0a859a8a0058f?narHash=sha256-7x%2BQ4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i%2BjBHE%3D' (2025-02-06) → 'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9?narHash=sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM%3D' (2025-02-21) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index af20624..47ee129 100644 --- a/flake.lock +++ b/flake.lock @@ -169,11 +169,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -203,11 +203,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -346,11 +346,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "type": "github" }, "original": { @@ -367,11 +367,11 @@ ] }, "locked": { - "lastModified": 1738878603, - "narHash": "sha256-fmhq8B3MvQLawLbMO+LWLcdC2ftLMmwSk+P29icJ3tE=", + "lastModified": 1740347597, + "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", "owner": "nix-community", "repo": "home-manager", - "rev": "433799271274c9f2ab520a49527ebfe2992dcfbd", + "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", "type": "github" }, "original": { @@ -456,11 +456,11 @@ ] }, "locked": { - "lastModified": 1738466368, - "narHash": "sha256-PZhUjtvQZOH3PO0EYdTpQvcqkgkq1NkP2A6w9SPHYsk=", + "lastModified": 1740281615, + "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "46a8f5fc9552b776bfc5c5c96ea3bede33f68f52", + "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023", "type": "github" }, "original": { @@ -478,11 +478,11 @@ ] }, "locked": { - "lastModified": 1738806350, - "narHash": "sha256-NaCd65SqWMROgbJzio9HW5WGNb5sOBfyuGVtccU4YmM=", + "lastModified": 1740275590, + "narHash": "sha256-UJ0ZsaMDcJk/dafSSdYtOF08Ofc6ZKjVkomocrzwb+U=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "e35b9bfe00b0602f57de8f19745c3d91cb45efec", + "rev": "3ebed14b163cedb3f6f44d2d70386cb415e63455", "type": "github" }, "original": { @@ -529,11 +529,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738680400, - "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=", + "lastModified": 1740126099, + "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "799ba5bffed04ced7067a91798353d360788b30d", + "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", "type": "github" }, "original": { @@ -545,11 +545,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1738843498, - "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=", + "lastModified": 1740162160, + "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f", + "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9", "type": "github" }, "original": { From 44b1ef9592d6b7ea0069cae452a8e49870ada63f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 23 Feb 2025 20:57:01 -0300 Subject: [PATCH 009/267] removed plasticity --- flake.nix | 1 - hosts/desktops/common/packages.nix | 1 - packages/plasticity.nix | 133 ----------------------------- 3 files changed, 135 deletions(-) delete mode 100644 packages/plasticity.nix diff --git a/flake.nix b/flake.nix index f47a5b1..885ff4c 100644 --- a/flake.nix +++ b/flake.nix @@ -139,7 +139,6 @@ overlays = { custom = final: prev: { - plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; }; }; diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix index b83e8de..5a6d309 100644 --- a/hosts/desktops/common/packages.nix +++ b/hosts/desktops/common/packages.nix @@ -63,7 +63,6 @@ in orca-slicer p7zip plasma-panel-colorizer - plasticity prismlauncher protonup quickemu diff --git a/packages/plasticity.nix b/packages/plasticity.nix deleted file mode 100644 index 5ffbaeb..0000000 --- a/packages/plasticity.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ - alsa-lib, - at-spi2-atk, - autoPatchelfHook, - cairo, - cups, - dbus, - desktop-file-utils, - expat, - fetchurl, - gdk-pixbuf, - gtk3, - gvfs, - hicolor-icon-theme, - lib, - libdrm, - libglvnd, - libnotify, - libsForQt5, - libxkbcommon, - mesa, - nspr, - nss, - openssl, - pango, - rpmextract, - stdenv, - systemd, - trash-cli, - vulkan-loader, - wrapGAppsHook3, - xdg-utils, - xorg, -}: -stdenv.mkDerivation rec { - pname = "plasticity"; - version = "24.2.3"; - - src = fetchurl { - url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm"; - hash = "sha256-iiVh4k5r5PXN1/VJZcropTMu36N2B/ECq2L5e59QxJY="; - }; - - passthru.updateScript = ./update.sh; - - nativeBuildInputs = [ - wrapGAppsHook3 - autoPatchelfHook - rpmextract - mesa - ]; - - buildInputs = [ - alsa-lib - at-spi2-atk - cairo - cups - dbus - desktop-file-utils - expat - gdk-pixbuf - gtk3 - gvfs - hicolor-icon-theme - libdrm - libnotify - libsForQt5.kde-cli-tools - libxkbcommon - nspr - nss - openssl - pango - stdenv.cc.cc.lib - trash-cli - xdg-utils - ]; - - runtimeDependencies = [ - systemd - libglvnd - vulkan-loader # may help with nvidia users - xorg.libX11 - xorg.libxcb - xorg.libXcomposite - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXrandr - xorg.libXtst - ]; - - dontUnpack = true; - - # can't find anything on the internet about these files, no clue what they do - autoPatchelfIgnoreMissingDeps = [ - "ACCAMERA.tx" - "AcMPolygonObj15.tx" - "ATEXT.tx" - "ISM.tx" - "RText.tx" - "SCENEOE.tx" - "TD_DbEntities.tx" - "TD_DbIO.tx" - "WipeOut.tx" - ]; - - installPhase = '' - runHook preInstall - - mkdir $out - cd $out - rpmextract $src - mv $out/usr/* $out - rm -r $out/usr - - runHook postInstall - ''; - - #--use-gl=egl for it to use hardware rendering it seems. Otherwise there are terrible framerates - postInstall = '' - substituteInPlace share/applications/Plasticity.desktop \ - --replace-fail 'Exec=Plasticity %U' "Exec=Plasticity --use-gl=egl %U" - ''; - - meta = with lib; { - description = "CAD for artists"; - homepage = "https://www.plasticity.xyz"; - mainProgram = "Plasticity"; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with maintainers; [ imadnyc ]; - platforms = [ "x86_64-linux" ]; - }; -} From 94f540b2d05198050a1ff6124aa482aa9ee0d4eb Mon Sep 17 00:00:00 2001 From: William Date: Tue, 11 Mar 2025 17:51:59 -0300 Subject: [PATCH 010/267] gtk window buttons --- users/desktops/common/programs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/desktops/common/programs.nix b/users/desktops/common/programs.nix index c2b15d6..141a6eb 100644 --- a/users/desktops/common/programs.nix +++ b/users/desktops/common/programs.nix @@ -28,10 +28,10 @@ gtk = { gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:none"; + gtk-decoration-layout = "appmenu:"; }; gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:none"; + gtk-decoration-layout = "appmenu:"; }; }; } From af1d9ac3684831f89a439c6601d3df1bcd78df7c Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 13:17:31 -0300 Subject: [PATCH 011/267] refactoring for iServer and isWorkstation: part 1 --- flake.nix | 12 ++ hosts/common/boot.nix | 20 --- hosts/common/console.nix | 8 - hosts/common/environment.nix | 10 -- hosts/common/locale.nix | 20 --- hosts/common/networking.nix | 8 - hosts/common/nix.nix | 28 ---- hosts/common/packages.nix | 21 --- hosts/common/security.nix | 13 -- hosts/common/services.nix | 20 --- hosts/common/users.nix | 28 ---- hosts/common/virtualisation.nix | 15 -- hosts/desktops/common/boot.nix | 26 ---- hosts/desktops/common/default.nix | 7 - hosts/desktops/common/hardware.nix | 13 -- hosts/desktops/common/nix.nix | 13 -- hosts/desktops/common/packages.nix | 137 ----------------- hosts/desktops/common/services.nix | 67 -------- hosts/desktops/common/users.nix | 29 ---- hosts/desktops/common/virtualisation.nix | 8 - hosts/desktops/rotterdam.nix | 2 +- hosts/modules/boot.nix | 61 ++++++++ hosts/modules/console.nix | 21 +++ hosts/{common => modules}/default.nix | 4 +- hosts/modules/desktop.nix | 67 ++++++++ hosts/modules/environment.nix | 4 + hosts/modules/locale.nix | 33 ++++ hosts/modules/networking.nix | 45 ++++++ hosts/modules/nix.nix | 64 ++++++++ hosts/modules/programs.nix | 188 +++++++++++++++++++++++ hosts/modules/security.nix | 26 ++++ hosts/modules/services.nix | 30 ++++ hosts/modules/users.nix | 71 +++++++++ hosts/modules/virtualisation.nix | 38 +++++ hosts/servers/common/boot.nix | 1 - hosts/servers/common/nix.nix | 9 -- hosts/servers/common/services.nix | 4 - 37 files changed, 663 insertions(+), 508 deletions(-) delete mode 100644 hosts/common/boot.nix delete mode 100644 hosts/common/console.nix delete mode 100644 hosts/common/environment.nix delete mode 100644 hosts/common/locale.nix delete mode 100644 hosts/common/networking.nix delete mode 100644 hosts/common/nix.nix delete mode 100644 hosts/common/packages.nix delete mode 100644 hosts/common/security.nix delete mode 100644 hosts/common/services.nix delete mode 100644 hosts/common/users.nix delete mode 100644 hosts/common/virtualisation.nix delete mode 100644 hosts/desktops/common/boot.nix delete mode 100644 hosts/desktops/common/hardware.nix delete mode 100644 hosts/desktops/common/nix.nix delete mode 100644 hosts/desktops/common/packages.nix delete mode 100644 hosts/desktops/common/services.nix delete mode 100644 hosts/desktops/common/users.nix delete mode 100644 hosts/desktops/common/virtualisation.nix create mode 100644 hosts/modules/boot.nix create mode 100644 hosts/modules/console.nix rename hosts/{common => modules}/default.nix (82%) create mode 100644 hosts/modules/desktop.nix create mode 100644 hosts/modules/environment.nix create mode 100644 hosts/modules/locale.nix create mode 100644 hosts/modules/networking.nix create mode 100644 hosts/modules/nix.nix create mode 100644 hosts/modules/programs.nix create mode 100644 hosts/modules/security.nix create mode 100644 hosts/modules/services.nix create mode 100644 hosts/modules/users.nix create mode 100644 hosts/modules/virtualisation.nix diff --git a/flake.nix b/flake.nix index 885ff4c..ab27254 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,10 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; + hostType = { + isServer = false; + isWorkstation = true; + }; }; modules = [ ./hosts/desktops/rotterdam.nix @@ -98,6 +102,10 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; + hostType = { + isServer = false; + isWorkstation = true; + }; }; modules = [ ./hosts/desktops/io.nix @@ -120,6 +128,10 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; + hostType = { + isServer = true; + isWorkstation = false; + }; }; modules = [ ./hosts/servers/alexandria.nix diff --git a/hosts/common/boot.nix b/hosts/common/boot.nix deleted file mode 100644 index 651c90c..0000000 --- a/hosts/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/common/console.nix b/hosts/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/common/environment.nix b/hosts/common/environment.nix deleted file mode 100644 index 43d1dee..0000000 --- a/hosts/common/environment.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - environment.shellAliases = { - ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; - neofetch = "fastfetch"; - tree = "ls --tree"; - syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; - }; -} diff --git a/hosts/common/locale.nix b/hosts/common/locale.nix deleted file mode 100644 index 7e07d85..0000000 --- a/hosts/common/locale.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/common/networking.nix b/hosts/common/networking.nix deleted file mode 100644 index fdb6378..0000000 --- a/hosts/common/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; -} diff --git a/hosts/common/nix.nix b/hosts/common/nix.nix deleted file mode 100644 index 4253f7b..0000000 --- a/hosts/common/nix.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/common/packages.nix b/hosts/common/packages.nix deleted file mode 100644 index 16463b3..0000000 --- a/hosts/common/packages.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - agenix - bind - btop - fastfetch - git - helix - killall - sysz - tmux - wget - ]; - - programs = { - fish.enable = true; - command-not-found.enable = false; - }; -} diff --git a/hosts/common/security.nix b/hosts/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/common/services.nix b/hosts/common/services.nix deleted file mode 100644 index 2cfb61e..0000000 --- a/hosts/common/services.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - services = { - fwupd.enable = true; - fstrim.enable = true; - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - openssh.enable = true; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/common/users.nix b/hosts/common/users.nix deleted file mode 100644 index 41d2253..0000000 --- a/hosts/common/users.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "docker" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" - ]; - hashedPassword = "!"; - }; - }; -} diff --git a/hosts/common/virtualisation.nix b/hosts/common/virtualisation.nix deleted file mode 100644 index 1235555..0000000 --- a/hosts/common/virtualisation.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - dockerCompat = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/desktops/common/boot.nix b/hosts/desktops/common/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/desktops/common/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/desktops/common/default.nix b/hosts/desktops/common/default.nix index bc5dc51..e752783 100644 --- a/hosts/desktops/common/default.nix +++ b/hosts/desktops/common/default.nix @@ -2,15 +2,8 @@ { imports = [ - ./boot.nix - ./hardware.nix ./home-manager.nix ./impermanence.nix - ./nix.nix - ./packages.nix - ./services.nix ./stylix.nix - ./users.nix - ./virtualisation.nix ]; } diff --git a/hosts/desktops/common/hardware.nix b/hosts/desktops/common/hardware.nix deleted file mode 100644 index 18cf38f..0000000 --- a/hosts/desktops/common/hardware.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - hardware = { - xpadneo.enable = true; - bluetooth.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - i2c.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority -} diff --git a/hosts/desktops/common/nix.nix b/hosts/desktops/common/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/desktops/common/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix deleted file mode 100644 index 5a6d309..0000000 --- a/hosts/desktops/common/packages.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ inputs, pkgs, ... }: -let - kdepkgs = with pkgs.kdePackages; [ - ark - dolphin-plugins - kolourpaint - ]; - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; -in -{ - environment.systemPackages = - with pkgs; - [ - adwaita-icon-theme - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - bat - bitwarden-desktop - clonehero - deploy-rs - distrobox - fd - firefox - freecad-wayland - fzf - gimp - heroic - inkscape - junction - kara - kde-rounded-corners - kwrite - libfido2 - libreoffice-qt - # lilipod BROKEN - mangohud - microsoft-edge - mission-center - mpv - nextcloud-client - nixfmt-rfc-style - nixos-firewall-tool - nix-init - nix-output-monitor - obsidian - obs-studio - onlyoffice-desktopeditors - orca-slicer - p7zip - plasma-panel-colorizer - prismlauncher - protonup - quickemu - quickgui - qview - qbittorrent - ripgrep - rnote - steam-run - tor-browser - ungoogled-chromium - unrar - ventoy - vesktop - ] - ++ kdepkgs; - - services.flatpak = { - enable = true; - packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.github.tchx84.Flatseal" - "com.steamgriddb.SGDBoop" - "app.zen_browser.zen" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - - programs = { - adb.enable = true; - steam.enable = true; - dconf.enable = true; - nix-ld.enable = true; - kdeconnect.enable = true; - partition-manager.enable = true; - gamemode.enable = true; - nix-index-database.comma.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - nh = { - enable = true; - flake = "/home/user/Projects/personal/nix-config"; - }; - }; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - noto-fonts-cjk-sans - roboto - ]; - }; - - environment.plasma6.excludePackages = ( - with pkgs.kdePackages; - [ - discover - elisa - gwenview - kate - khelpcenter - oxygen - ] - ); -} diff --git a/hosts/desktops/common/services.nix b/hosts/desktops/common/services.nix deleted file mode 100644 index f0ff244..0000000 --- a/hosts/desktops/common/services.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - displayManager.sddm = { - enable = true; - wayland = { - enable = true; - compositor = "kwin"; - }; - }; - desktopManager.plasma6.enable = true; - tailscale.useRoutingFeatures = "client"; - nginx = { - enable = true; - virtualHosts."localhost".root = inputs.homepage; - }; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - # greetd = { - # enable = true; - # settings = { - # default_session.command = - # let - # xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions"; - # wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions"; - # in - # '' - # ${pkgs.greetd.tuigreet}/bin/tuigreet \ - # --remember \ - # --asterisks \ - # --time \ - # --greeting "NixOS" \ - # --sessions ${xSessions}:${wlSessions} - # ''; - # initial_session = { - # command = '' - # ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null - # ''; - # user = "user"; - # }; - # }; - # }; - }; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; -} diff --git a/hosts/desktops/common/users.nix b/hosts/desktops/common/users.nix deleted file mode 100644 index 7ed7844..0000000 --- a/hosts/desktops/common/users.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: - -{ - environment.sessionVariables = rec { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - - users.users = { - user = { - description = "William"; - uid = 1000; - extraGroups = [ - "uaccess" # Needed for HID dev - "dialout" # Needed for arduino dev - "libvirt" - "libvirtd" - "adbusers" - "i2c" - ]; - }; - ewans = { - description = "Ewans"; - isNormalUser = true; - uid = 1001; - hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; - }; - }; -} diff --git a/hosts/desktops/common/virtualisation.nix b/hosts/desktops/common/virtualisation.nix deleted file mode 100644 index 461eb36..0000000 --- a/hosts/desktops/common/virtualisation.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - virtualisation = { - libvirtd.enable = true; - lxd.enable = true; - }; -} diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix index 97cd189..c98696d 100644 --- a/hosts/desktops/rotterdam.nix +++ b/hosts/desktops/rotterdam.nix @@ -31,7 +31,7 @@ in { imports = [ # Host-common imports - ../common + ../modules # Desktop-common imports ./common # Host-specific imports diff --git a/hosts/modules/boot.nix b/hosts/modules/boot.nix new file mode 100644 index 0000000..8677186 --- /dev/null +++ b/hosts/modules/boot.nix @@ -0,0 +1,61 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + boot.kernelPackages = pkgs.linuxPackages_hardened; + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + }) + ]; +} diff --git a/hosts/modules/console.nix b/hosts/modules/console.nix new file mode 100644 index 0000000..042976d --- /dev/null +++ b/hosts/modules/console.nix @@ -0,0 +1,21 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + console = { + useXkbConfig = true; + earlySetup = true; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/hosts/common/default.nix b/hosts/modules/default.nix similarity index 82% rename from hosts/common/default.nix rename to hosts/modules/default.nix index aeb88ef..4d419e6 100644 --- a/hosts/common/default.nix +++ b/hosts/modules/default.nix @@ -4,14 +4,14 @@ imports = [ ./boot.nix ./console.nix + ./desktop.nix ./locale.nix ./networking.nix ./nix.nix - ./packages.nix + ./programs.nix ./security.nix ./services.nix ./users.nix ./virtualisation.nix - ./environment.nix ]; } diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix new file mode 100644 index 0000000..f0c03c8 --- /dev/null +++ b/hosts/modules/desktop.nix @@ -0,0 +1,67 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services = { + displayManager.sddm = { + enable = true; + wayland = { + enable = true; + compositor = "kwin"; + }; + }; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + desktopManager.plasma6.enable = true; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + }; + + hardware = { + xpadneo.enable = true; + bluetooth.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + i2c.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; + }) + ]; +} diff --git a/hosts/modules/environment.nix b/hosts/modules/environment.nix new file mode 100644 index 0000000..a67ca90 --- /dev/null +++ b/hosts/modules/environment.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: + +{ +} diff --git a/hosts/modules/locale.nix b/hosts/modules/locale.nix new file mode 100644 index 0000000..44204d5 --- /dev/null +++ b/hosts/modules/locale.nix @@ -0,0 +1,33 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix new file mode 100644 index 0000000..f567d9b --- /dev/null +++ b/hosts/modules/networking.nix @@ -0,0 +1,45 @@ +{ + hostType, + inputs, + lib, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + networking = { + networkmanager.enable = true; + firewall.enable = true; + }; + + services = { + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + openssh.enable = true; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services = { + tailscale.useRoutingFeatures = "client"; + nginx = { + enable = true; + virtualHosts."localhost".root = inputs.homepage; + }; + }; + }) + ]; +} diff --git a/hosts/modules/nix.nix b/hosts/modules/nix.nix new file mode 100644 index 0000000..ddc3b5b --- /dev/null +++ b/hosts/modules/nix.nix @@ -0,0 +1,64 @@ +{ + inputs, + lib, + hostType, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + system.stateVersion = "22.11"; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }) + ]; +} diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix new file mode 100644 index 0000000..97022b2 --- /dev/null +++ b/hosts/modules/programs.nix @@ -0,0 +1,188 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + environment.systemPackages = with pkgs; [ + ### Dev Tools ### + agenix + git + helix + ### System Utilities ### + btop + fastfetch + nixos-firewall-tool + sysz + wget + tmux + ]; + + programs = { + fish.enable = true; + command-not-found.enable = false; + }; + + environment.shellAliases = { + ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; + neofetch = "fastfetch"; + tree = "ls --tree"; + syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation ( + let + kdepkgs = with pkgs.kdePackages; [ + ark + dolphin-plugins + kolourpaint + ]; + kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; + in + { + environment.systemPackages = + with pkgs; + [ + ### Dev Tools ### + bat + deploy-rs + fd + fzf + nixfmt-rfc-style + nix-init + nix-output-monitor + ripgrep + ### Internet Browsers & Communication ### + firefox + microsoft-edge + nextcloud-client + tor-browser + ungoogled-chromium + vesktop + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + kwrite + libreoffice-qt + obsidian + onlyoffice-desktopeditors + rnote + ### Graphics & Design ### + freecad-wayland + gimp + inkscape + orca-slicer + ### Gaming & Entertainment ### + clonehero + heroic + mangohud + prismlauncher + protonup + ### System Utilities ### + adwaita-icon-theme + distrobox + junction + kara + kde-rounded-corners + libfido2 + # lilipod BROKEN + mission-center + p7zip + plasma-panel-colorizer + qbittorrent + quickemu + quickgui + steam-run + unrar + ventoy + ### Media ### + mpv + obs-studio + qview + ] + ++ kdepkgs; + + services.flatpak = { + enable = true; + packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.github.tchx84.Flatseal" + "com.steamgriddb.SGDBoop" + "app.zen_browser.zen" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + + programs = { + adb.enable = true; + steam.enable = true; + dconf.enable = true; + nix-ld.enable = true; + kdeconnect.enable = true; + partition-manager.enable = true; + gamemode.enable = true; + nix-index-database.comma.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + nh = { + enable = true; + flake = "/home/user/Projects/personal/nix-config"; + }; + }; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + noto-fonts-cjk-sans + roboto + ]; + }; + + environment.plasma6.excludePackages = ( + with pkgs.kdePackages; + [ + discover + elisa + gwenview + kate + khelpcenter + oxygen + ] + ); + } + )) + ]; +} diff --git a/hosts/modules/security.nix b/hosts/modules/security.nix new file mode 100644 index 0000000..5cb1786 --- /dev/null +++ b/hosts/modules/security.nix @@ -0,0 +1,26 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix new file mode 100644 index 0000000..d35bfff --- /dev/null +++ b/hosts/modules/services.nix @@ -0,0 +1,30 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + services = { + fwupd.enable = true; + fstrim.enable = true; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + }; + }) + ]; +} diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix new file mode 100644 index 0000000..fd9ef02 --- /dev/null +++ b/hosts/modules/users.nix @@ -0,0 +1,71 @@ +{ + lib, + hostType, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "docker" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" + ]; + hashedPassword = "!"; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + environment.sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + + users.users = { + user = { + description = "William"; + uid = 1000; + extraGroups = [ + "uaccess" # Needed for HID dev + "dialout" # Needed for arduino dev + "libvirt" + "libvirtd" + "adbusers" + "i2c" + ]; + }; + ewans = { + description = "Ewans"; + isNormalUser = true; + uid = 1001; + hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; + }; + }; + }) + ]; +} diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix new file mode 100644 index 0000000..232459a --- /dev/null +++ b/hosts/modules/virtualisation.nix @@ -0,0 +1,38 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + virtualisation.podman = { + enable = true; + dockerCompat = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; + + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + virtualisation = { + libvirtd.enable = true; + lxd.enable = true; + }; + }) + ]; +} diff --git a/hosts/servers/common/boot.nix b/hosts/servers/common/boot.nix index 5d6e482..a67ca90 100644 --- a/hosts/servers/common/boot.nix +++ b/hosts/servers/common/boot.nix @@ -1,5 +1,4 @@ { pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_hardened; } diff --git a/hosts/servers/common/nix.nix b/hosts/servers/common/nix.nix index af57cae..e0d65f1 100644 --- a/hosts/servers/common/nix.nix +++ b/hosts/servers/common/nix.nix @@ -1,13 +1,4 @@ { inputs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; } diff --git a/hosts/servers/common/services.nix b/hosts/servers/common/services.nix index 035de35..04618ac 100644 --- a/hosts/servers/common/services.nix +++ b/hosts/servers/common/services.nix @@ -1,8 +1,4 @@ { ... }: { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; } From 021ab24e79ecc3ac4abb894afe8fb779b73a3c8a Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 13:33:41 -0300 Subject: [PATCH 012/267] refactoring for iServer and isWorkstation: part 2 --- hosts/desktops/common/default.nix | 9 ---- hosts/desktops/common/home-manager.nix | 10 ---- hosts/desktops/common/impermanence.nix | 24 ---------- hosts/desktops/common/stylix.nix | 47 ------------------ hosts/desktops/io.nix | 5 +- hosts/desktops/rotterdam.nix | 6 +-- hosts/modules/default.nix | 2 + hosts/modules/impermanence.nix | 37 +++++++++++++++ hosts/modules/stylix.nix | 66 ++++++++++++++++++++++++++ hosts/modules/users.nix | 9 ++++ hosts/servers/common/boot.nix | 4 -- hosts/servers/common/default.nix | 10 ---- hosts/servers/common/home-manager.nix | 10 ---- hosts/servers/common/nix.nix | 4 -- hosts/servers/common/services.nix | 4 -- 15 files changed, 116 insertions(+), 131 deletions(-) delete mode 100644 hosts/desktops/common/default.nix delete mode 100644 hosts/desktops/common/home-manager.nix delete mode 100644 hosts/desktops/common/impermanence.nix delete mode 100644 hosts/desktops/common/stylix.nix create mode 100644 hosts/modules/impermanence.nix create mode 100644 hosts/modules/stylix.nix delete mode 100644 hosts/servers/common/boot.nix delete mode 100644 hosts/servers/common/default.nix delete mode 100644 hosts/servers/common/home-manager.nix delete mode 100644 hosts/servers/common/nix.nix delete mode 100644 hosts/servers/common/services.nix diff --git a/hosts/desktops/common/default.nix b/hosts/desktops/common/default.nix deleted file mode 100644 index e752783..0000000 --- a/hosts/desktops/common/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - imports = [ - ./home-manager.nix - ./impermanence.nix - ./stylix.nix - ]; -} diff --git a/hosts/desktops/common/home-manager.nix b/hosts/desktops/common/home-manager.nix deleted file mode 100644 index 6e88ad7..0000000 --- a/hosts/desktops/common/home-manager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - backupFileExtension = "bkp"; - users.user = import ../../../users/desktops/user.nix; - }; -} diff --git a/hosts/desktops/common/impermanence.nix b/hosts/desktops/common/impermanence.nix deleted file mode 100644 index aebf0a1..0000000 --- a/hosts/desktops/common/impermanence.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: - -{ - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/hosts/desktops/common/stylix.nix b/hosts/desktops/common/stylix.nix deleted file mode 100644 index f1760b1..0000000 --- a/hosts/desktops/common/stylix.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: - -{ - stylix = { - enable = true; - image = pkgs.fetchurl { - url = "https://w.wallhaven.cc/full/dp/wallhaven-dpwvl3.jpg"; - sha256 = "sha256-h9UeYj8jSRgSv8XL+zgds4KtooLlJ+IqwxZbQEXdCh4="; - }; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; - size = 24; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - }; -} diff --git a/hosts/desktops/io.nix b/hosts/desktops/io.nix index 5d9c9ff..fccc7f2 100644 --- a/hosts/desktops/io.nix +++ b/hosts/desktops/io.nix @@ -17,10 +17,7 @@ let in { imports = [ - # Host-common imports - ../common - # Desktop-common imports - ./common + ../modules # Host-specific imports ./io ]; diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix index c98696d..8004665 100644 --- a/hosts/desktops/rotterdam.nix +++ b/hosts/desktops/rotterdam.nix @@ -30,12 +30,8 @@ let in { imports = [ - # Host-common imports - ../modules - # Desktop-common imports - ./common - # Host-specific imports ./rotterdam + ../modules ]; networking.hostName = "rotterdam"; diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 4d419e6..1dbed53 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -5,12 +5,14 @@ ./boot.nix ./console.nix ./desktop.nix + ./impermanence.nix ./locale.nix ./networking.nix ./nix.nix ./programs.nix ./security.nix ./services.nix + ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix new file mode 100644 index 0000000..65e6139 --- /dev/null +++ b/hosts/modules/impermanence.nix @@ -0,0 +1,37 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + environment.persistence.main = { + persistentStoragePath = "/persistent"; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + directories = [ + "/etc/NetworkManager/system-connections" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ]; + }; + }) + ]; +} diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix new file mode 100644 index 0000000..b90d621 --- /dev/null +++ b/hosts/modules/stylix.nix @@ -0,0 +1,66 @@ +{ + config, + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + stylix = { + enable = true; + image = pkgs.fetchurl { + url = "https://w.wallhaven.cc/full/dp/wallhaven-dpwvl3.jpg"; + sha256 = "sha256-h9UeYj8jSRgSv8XL+zgds4KtooLlJ+IqwxZbQEXdCh4="; + }; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; + }; + opacity = { + applications = 1.0; + desktop = 0.8; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + }; + }) + ]; +} diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix index fd9ef02..4546cfe 100644 --- a/hosts/modules/users.nix +++ b/hosts/modules/users.nix @@ -33,10 +33,17 @@ hashedPassword = "!"; }; }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "bkp"; + }; } # Server specific configuration (lib.mkIf hostType.isServer { + home-manager.users.user = import ../../users/servers/user.nix; }) # Workstation specific configuration @@ -66,6 +73,8 @@ hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; }; }; + + home-manager.users.user = import ../../users/desktops/user.nix; }) ]; } diff --git a/hosts/servers/common/boot.nix b/hosts/servers/common/boot.nix deleted file mode 100644 index a67ca90..0000000 --- a/hosts/servers/common/boot.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: - -{ -} diff --git a/hosts/servers/common/default.nix b/hosts/servers/common/default.nix deleted file mode 100644 index db2cb46..0000000 --- a/hosts/servers/common/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./home-manager.nix - ./nix.nix - ./services.nix - ]; -} diff --git a/hosts/servers/common/home-manager.nix b/hosts/servers/common/home-manager.nix deleted file mode 100644 index 20186df..0000000 --- a/hosts/servers/common/home-manager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - backupFileExtension = "bkp"; - users.user = import ../../../users/servers/user.nix; - }; -} diff --git a/hosts/servers/common/nix.nix b/hosts/servers/common/nix.nix deleted file mode 100644 index e0d65f1..0000000 --- a/hosts/servers/common/nix.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: - -{ -} diff --git a/hosts/servers/common/services.nix b/hosts/servers/common/services.nix deleted file mode 100644 index 04618ac..0000000 --- a/hosts/servers/common/services.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: - -{ -} From 6addea64c49870e5740e5fea9e6b8a7a2632795e Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 14:33:43 -0300 Subject: [PATCH 013/267] refactoring for iServer and isWorkstation: part 3 --- hosts/{servers => }/alexandria.nix | 6 +- .../alexandria/changedetection.nix | 0 hosts/{servers => }/alexandria/cinny.nix | 0 hosts/{servers => }/alexandria/default.nix | 0 hosts/{servers => }/alexandria/forgejo.nix | 0 .../alexandria/hardware-configuration.nix | 2 - hosts/{servers => }/alexandria/jellyfin.nix | 0 hosts/{servers => }/alexandria/librespeed.nix | 0 hosts/{servers => }/alexandria/memos.nix | 0 hosts/{servers => }/alexandria/minecraft.nix | 0 hosts/{servers => }/alexandria/nextcloud.nix | 0 hosts/{servers => }/alexandria/nginx.nix | 0 hosts/{servers => }/alexandria/paperless.nix | 0 hosts/{servers => }/alexandria/searx.nix | 0 hosts/{servers => }/alexandria/services.nix | 0 hosts/{servers => }/alexandria/users.nix | 0 .../{servers => }/alexandria/vaultwarden.nix | 0 hosts/desktops/io.nix | 110 ------------------ hosts/desktops/rotterdam.nix | 92 --------------- hosts/io.nix | 12 ++ hosts/io/boot.nix | 16 +++ hosts/{desktops => }/io/default.nix | 3 + hosts/{desktops => }/io/ephermal.nix | 0 .../io/hardware-configuration.nix | 0 hosts/io/programs.nix | 34 ++++++ hosts/io/services.nix | 52 +++++++++ hosts/modules/desktop.nix | 7 -- hosts/modules/services.nix | 7 ++ hosts/rotterdam.nix | 12 ++ hosts/rotterdam/boot.nix | 35 ++++++ hosts/{desktops => }/rotterdam/default.nix | 6 +- hosts/{desktops => }/rotterdam/ephermal.nix | 0 .../rotterdam/hardware-configuration.nix | 10 -- hosts/rotterdam/hardware.nix | 13 +++ hosts/rotterdam/programs.nix | 33 ++++++ hosts/rotterdam/services.nix | 13 +++ 36 files changed, 236 insertions(+), 227 deletions(-) rename hosts/{servers => }/alexandria.nix (77%) rename hosts/{servers => }/alexandria/changedetection.nix (100%) rename hosts/{servers => }/alexandria/cinny.nix (100%) rename hosts/{servers => }/alexandria/default.nix (100%) rename hosts/{servers => }/alexandria/forgejo.nix (100%) rename hosts/{servers => }/alexandria/hardware-configuration.nix (97%) rename hosts/{servers => }/alexandria/jellyfin.nix (100%) rename hosts/{servers => }/alexandria/librespeed.nix (100%) rename hosts/{servers => }/alexandria/memos.nix (100%) rename hosts/{servers => }/alexandria/minecraft.nix (100%) rename hosts/{servers => }/alexandria/nextcloud.nix (100%) rename hosts/{servers => }/alexandria/nginx.nix (100%) rename hosts/{servers => }/alexandria/paperless.nix (100%) rename hosts/{servers => }/alexandria/searx.nix (100%) rename hosts/{servers => }/alexandria/services.nix (100%) rename hosts/{servers => }/alexandria/users.nix (100%) rename hosts/{servers => }/alexandria/vaultwarden.nix (100%) delete mode 100644 hosts/desktops/io.nix delete mode 100644 hosts/desktops/rotterdam.nix create mode 100644 hosts/io.nix create mode 100644 hosts/io/boot.nix rename hosts/{desktops => }/io/default.nix (63%) rename hosts/{desktops => }/io/ephermal.nix (100%) rename hosts/{desktops => }/io/hardware-configuration.nix (100%) create mode 100644 hosts/io/programs.nix create mode 100644 hosts/io/services.nix create mode 100644 hosts/rotterdam.nix create mode 100644 hosts/rotterdam/boot.nix rename hosts/{desktops => }/rotterdam/default.nix (54%) rename hosts/{desktops => }/rotterdam/ephermal.nix (100%) rename hosts/{desktops => }/rotterdam/hardware-configuration.nix (88%) create mode 100644 hosts/rotterdam/hardware.nix create mode 100644 hosts/rotterdam/programs.nix create mode 100644 hosts/rotterdam/services.nix diff --git a/hosts/servers/alexandria.nix b/hosts/alexandria.nix similarity index 77% rename from hosts/servers/alexandria.nix rename to hosts/alexandria.nix index 4154097..50920e6 100644 --- a/hosts/servers/alexandria.nix +++ b/hosts/alexandria.nix @@ -2,11 +2,7 @@ { imports = [ - # Host-common imports - ../common - # Server-common imports - ./common - # Host-specific imports + ./modules ./alexandria ]; diff --git a/hosts/servers/alexandria/changedetection.nix b/hosts/alexandria/changedetection.nix similarity index 100% rename from hosts/servers/alexandria/changedetection.nix rename to hosts/alexandria/changedetection.nix diff --git a/hosts/servers/alexandria/cinny.nix b/hosts/alexandria/cinny.nix similarity index 100% rename from hosts/servers/alexandria/cinny.nix rename to hosts/alexandria/cinny.nix diff --git a/hosts/servers/alexandria/default.nix b/hosts/alexandria/default.nix similarity index 100% rename from hosts/servers/alexandria/default.nix rename to hosts/alexandria/default.nix diff --git a/hosts/servers/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix similarity index 100% rename from hosts/servers/alexandria/forgejo.nix rename to hosts/alexandria/forgejo.nix diff --git a/hosts/servers/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix similarity index 97% rename from hosts/servers/alexandria/hardware-configuration.nix rename to hosts/alexandria/hardware-configuration.nix index a5f9767..05eac80 100644 --- a/hosts/servers/alexandria/hardware-configuration.nix +++ b/hosts/alexandria/hardware-configuration.nix @@ -33,8 +33,6 @@ fsType = "vfat"; }; - swapDevices = [ ]; - networking.useDHCP = lib.mkDefault true; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/servers/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix similarity index 100% rename from hosts/servers/alexandria/jellyfin.nix rename to hosts/alexandria/jellyfin.nix diff --git a/hosts/servers/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix similarity index 100% rename from hosts/servers/alexandria/librespeed.nix rename to hosts/alexandria/librespeed.nix diff --git a/hosts/servers/alexandria/memos.nix b/hosts/alexandria/memos.nix similarity index 100% rename from hosts/servers/alexandria/memos.nix rename to hosts/alexandria/memos.nix diff --git a/hosts/servers/alexandria/minecraft.nix b/hosts/alexandria/minecraft.nix similarity index 100% rename from hosts/servers/alexandria/minecraft.nix rename to hosts/alexandria/minecraft.nix diff --git a/hosts/servers/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix similarity index 100% rename from hosts/servers/alexandria/nextcloud.nix rename to hosts/alexandria/nextcloud.nix diff --git a/hosts/servers/alexandria/nginx.nix b/hosts/alexandria/nginx.nix similarity index 100% rename from hosts/servers/alexandria/nginx.nix rename to hosts/alexandria/nginx.nix diff --git a/hosts/servers/alexandria/paperless.nix b/hosts/alexandria/paperless.nix similarity index 100% rename from hosts/servers/alexandria/paperless.nix rename to hosts/alexandria/paperless.nix diff --git a/hosts/servers/alexandria/searx.nix b/hosts/alexandria/searx.nix similarity index 100% rename from hosts/servers/alexandria/searx.nix rename to hosts/alexandria/searx.nix diff --git a/hosts/servers/alexandria/services.nix b/hosts/alexandria/services.nix similarity index 100% rename from hosts/servers/alexandria/services.nix rename to hosts/alexandria/services.nix diff --git a/hosts/servers/alexandria/users.nix b/hosts/alexandria/users.nix similarity index 100% rename from hosts/servers/alexandria/users.nix rename to hosts/alexandria/users.nix diff --git a/hosts/servers/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix similarity index 100% rename from hosts/servers/alexandria/vaultwarden.nix rename to hosts/alexandria/vaultwarden.nix diff --git a/hosts/desktops/io.nix b/hosts/desktops/io.nix deleted file mode 100644 index fccc7f2..0000000 --- a/hosts/desktops/io.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ pkgs, ... }: - -let - cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { - wttsrc = pkgs.fetchFromGitHub { - owner = "WeirdTreeThing"; - repo = "chromebook-ucm-conf"; - rev = "b6ce2a7"; - hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; - }; - postInstall = '' - echo "v0.4.1" > $out/chromebook.patched - cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 - cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d - ''; - }; -in -{ - imports = [ - ../modules - # Host-specific imports - ./io - ]; - - networking.hostName = "io"; - - nix.nixPath = [ "nixos-config=${./io.nix}" ]; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; - - boot = { - # TODO check if future kernel versions fix boot issue with systemd initrd with tpm - initrd.systemd.tpm2.enable = false; - kernelParams = [ - "nosgx" - "i915.fastboot=1" - "mem_sleep_default=deep" - ]; - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=3 - ''; - }; - - environment = { - systemPackages = with pkgs; [ - maliit-keyboard - sof-firmware - ]; - sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; - }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; - - services = { - keyd = { - enable = true; - keyboards.main = { - ids = [ "0001:0001" ]; - settings = { - main = { - meta = "overload(meta, esc)"; - f1 = "back"; - f2 = "forward"; - f3 = "refresh"; - f4 = "M-f11"; - f5 = "M-w"; - f6 = "brightnessdown"; - f7 = "brightnessup"; - f8 = "timeout(mute, 200, micmute)"; - f9 = "play"; - f10 = "timeout(nextsong, 200, previoussong)"; - f13 = "delete"; - "102nd" = "layer(function)"; - }; - shift = { - leftshift = "capslock"; - rightshift = "capslock"; - }; - function = { - escape = "f1"; - f1 = "f2"; - f2 = "f3"; - f3 = "f4"; - f4 = "f5"; - f5 = "f6"; - f6 = "f7"; - f7 = "f8"; - f8 = "f9"; - f9 = "f10"; - f10 = "f11"; - f13 = "f12"; - y = "sysrq"; - k = "home"; - l = "pageup"; - "," = "end"; - "." = "pagedown"; - }; - }; - }; - }; - }; -} diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix deleted file mode 100644 index 8004665..0000000 --- a/hosts/desktops/rotterdam.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ pkgs, ... }: - -let - qubesnsh = pkgs.writeTextFile { - name = "qubes.nsh"; - text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; - }; - - reboot-into-qubes = pkgs.makeDesktopItem { - name = "reboot-into-qubes"; - icon = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; - sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; - }; - desktopName = "Qubes OS"; - genericName = "Reboot into Qubes OS"; - categories = [ "System" ]; - startupNotify = true; - exec = pkgs.writeShellScript "reboot-into-qubes" '' - ${pkgs.yad}/bin/yad --form \ - --title="Qubes OS" \ - --image distributor-logo-qubes \ - --text "Are you sure you want to reboot into Qubes OS?" \ - --button="Yes:0" --button="Cancel:1" - if [ $? -eq 0 ]; then - systemctl reboot --boot-loader-entry=qubes.conf - fi - ''; - }; -in -{ - imports = [ - ./rotterdam - ../modules - ]; - - networking.hostName = "rotterdam"; - - services = { - flatpak.packages = [ "net.retrodeck.retrodeck" ]; - keyd = { - enable = true; - keyboards.main = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; - }; - - environment.systemPackages = with pkgs; [ reboot-into-qubes ]; - - hardware = { - amdgpu = { - opencl.enable = true; - amdvlk.enable = true; - }; - graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; - }; - - systemd.targets.hibernate.enable = false; # disable non-functional hibernate - - nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; - - boot = { - kernelParams = [ - "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state - "clearcpuid=514" - # Fixes amdgpu freezing - "amdgpu.noretry=0" - "amdgpu.ppfeaturemask=0xfffd3fff" - "amdgpu.gpu_recovery=1" - "amdgpu.lockup_timeout=1000" - ]; - # QubesOS boot entry - loader.systemd-boot = { - extraFiles = { - "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; - "qubes.nsh" = qubesnsh; - }; - extraEntries."qubes.conf" = '' - title Qubes OS - efi /efi/edk2-shell/shell.efi - options -nointerrupt qubes.nsh - sort-key ab - ''; - }; - }; - - programs.steam.dedicatedServer.openFirewall = true; -} diff --git a/hosts/io.nix b/hosts/io.nix new file mode 100644 index 0000000..0eba1ed --- /dev/null +++ b/hosts/io.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + networking.hostName = "io"; + + imports = [ + ./modules + ./io + ]; + + nix.nixPath = [ "nixos-config=${./io.nix}" ]; +} diff --git a/hosts/io/boot.nix b/hosts/io/boot.nix new file mode 100644 index 0000000..1580753 --- /dev/null +++ b/hosts/io/boot.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + boot = { + # TODO check if future kernel versions fix boot issue with systemd initrd with tpm + initrd.systemd.tpm2.enable = false; + kernelParams = [ + "nosgx" + "i915.fastboot=1" + "mem_sleep_default=deep" + ]; + extraModprobeConfig = '' + options snd-intel-dspcfg dsp_driver=3 + ''; + }; +} diff --git a/hosts/desktops/io/default.nix b/hosts/io/default.nix similarity index 63% rename from hosts/desktops/io/default.nix rename to hosts/io/default.nix index a480ae0..53179f8 100644 --- a/hosts/desktops/io/default.nix +++ b/hosts/io/default.nix @@ -2,7 +2,10 @@ { imports = [ + ./boot ./ephermal.nix ./hardware-configuration.nix + ./programs.nix + ./services.nix ]; } diff --git a/hosts/desktops/io/ephermal.nix b/hosts/io/ephermal.nix similarity index 100% rename from hosts/desktops/io/ephermal.nix rename to hosts/io/ephermal.nix diff --git a/hosts/desktops/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix similarity index 100% rename from hosts/desktops/io/hardware-configuration.nix rename to hosts/io/hardware-configuration.nix diff --git a/hosts/io/programs.nix b/hosts/io/programs.nix new file mode 100644 index 0000000..0b156f6 --- /dev/null +++ b/hosts/io/programs.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: + +let + cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { + wttsrc = pkgs.fetchFromGitHub { + owner = "WeirdTreeThing"; + repo = "chromebook-ucm-conf"; + rev = "b6ce2a7"; + hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; + }; + postInstall = '' + echo "v0.4.1" > $out/chromebook.patched + cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 + cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d + ''; + }; +in + +{ + environment = { + systemPackages = with pkgs; [ + maliit-keyboard + sof-firmware + ]; + sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; + }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; +} diff --git a/hosts/io/services.nix b/hosts/io/services.nix new file mode 100644 index 0000000..5291695 --- /dev/null +++ b/hosts/io/services.nix @@ -0,0 +1,52 @@ +{ ... }: + +{ + services = { + keyd = { + enable = true; + keyboards.main = { + ids = [ "0001:0001" ]; + settings = { + main = { + meta = "overload(meta, esc)"; + f1 = "back"; + f2 = "forward"; + f3 = "refresh"; + f4 = "M-f11"; + f5 = "M-w"; + f6 = "brightnessdown"; + f7 = "brightnessup"; + f8 = "timeout(mute, 200, micmute)"; + f9 = "play"; + f10 = "timeout(nextsong, 200, previoussong)"; + f13 = "delete"; + "102nd" = "layer(function)"; + }; + shift = { + leftshift = "capslock"; + rightshift = "capslock"; + }; + function = { + escape = "f1"; + f1 = "f2"; + f2 = "f3"; + f3 = "f4"; + f4 = "f5"; + f5 = "f6"; + f6 = "f7"; + f7 = "f8"; + f8 = "f9"; + f9 = "f10"; + f10 = "f11"; + f13 = "f12"; + y = "sysrq"; + k = "home"; + l = "pageup"; + "," = "end"; + "." = "pagedown"; + }; + }; + }; + }; + }; +} diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index f0c03c8..e90ab4d 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -25,13 +25,6 @@ compositor = "kwin"; }; }; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; desktopManager.plasma6.enable = true; pipewire = { enable = true; diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix index d35bfff..b957a97 100644 --- a/hosts/modules/services.nix +++ b/hosts/modules/services.nix @@ -24,6 +24,13 @@ services = { printing.enable = true; udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; }; }) ]; diff --git a/hosts/rotterdam.nix b/hosts/rotterdam.nix new file mode 100644 index 0000000..8e41f04 --- /dev/null +++ b/hosts/rotterdam.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + networking.hostName = "rotterdam"; + + imports = [ + ./rotterdam + ./modules + ]; + + nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; +} diff --git a/hosts/rotterdam/boot.nix b/hosts/rotterdam/boot.nix new file mode 100644 index 0000000..44dd48f --- /dev/null +++ b/hosts/rotterdam/boot.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: + +let + qubesnsh = pkgs.writeTextFile { + name = "qubes.nsh"; + text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; + }; +in + +{ + boot = { + kernelParams = [ + "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state + "clearcpuid=514" + # Fixes amdgpu freezing + "amdgpu.noretry=0" + "amdgpu.ppfeaturemask=0xfffd3fff" + "amdgpu.gpu_recovery=1" + "amdgpu.lockup_timeout=1000" + ]; + # QubesOS boot entry + loader.systemd-boot = { + extraFiles = { + "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; + "qubes.nsh" = qubesnsh; + }; + extraEntries."qubes.conf" = '' + title Qubes OS + efi /efi/edk2-shell/shell.efi + options -nointerrupt qubes.nsh + sort-key ab + ''; + }; + }; +} diff --git a/hosts/desktops/rotterdam/default.nix b/hosts/rotterdam/default.nix similarity index 54% rename from hosts/desktops/rotterdam/default.nix rename to hosts/rotterdam/default.nix index eedd2b4..6671420 100644 --- a/hosts/desktops/rotterdam/default.nix +++ b/hosts/rotterdam/default.nix @@ -2,7 +2,11 @@ { imports = [ - ./hardware-configuration.nix + ./boot.nix ./ephermal.nix + ./hardware-configuration.nix + ./hardware.nix + ./programs.nix + ./services.nix ]; } diff --git a/hosts/desktops/rotterdam/ephermal.nix b/hosts/rotterdam/ephermal.nix similarity index 100% rename from hosts/desktops/rotterdam/ephermal.nix rename to hosts/rotterdam/ephermal.nix diff --git a/hosts/desktops/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix similarity index 88% rename from hosts/desktops/rotterdam/hardware-configuration.nix rename to hosts/rotterdam/hardware-configuration.nix index 524d0ab..169c53f 100644 --- a/hosts/desktops/rotterdam/hardware-configuration.nix +++ b/hosts/rotterdam/hardware-configuration.nix @@ -72,18 +72,8 @@ "compress=zstd" ]; }; - "/swap" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@swap" - "noatime" - ]; - }; }; - swapDevices = [ { device = "/swap/swapfile"; } ]; - networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix new file mode 100644 index 0000000..495a78b --- /dev/null +++ b/hosts/rotterdam/hardware.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +{ + hardware = { + amdgpu = { + opencl.enable = true; + amdvlk.enable = true; + }; + graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + }; + + systemd.targets.hibernate.enable = false; # disable non-functional hibernate +} diff --git a/hosts/rotterdam/programs.nix b/hosts/rotterdam/programs.nix new file mode 100644 index 0000000..9f624a1 --- /dev/null +++ b/hosts/rotterdam/programs.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: + +let + reboot-into-qubes = pkgs.makeDesktopItem { + name = "reboot-into-qubes"; + icon = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; + sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; + }; + desktopName = "Qubes OS"; + genericName = "Reboot into Qubes OS"; + categories = [ "System" ]; + startupNotify = true; + exec = pkgs.writeShellScript "reboot-into-qubes" '' + ${pkgs.yad}/bin/yad --form \ + --title="Qubes OS" \ + --image distributor-logo-qubes \ + --text "Are you sure you want to reboot into Qubes OS?" \ + --button="Yes:0" --button="Cancel:1" + if [ $? -eq 0 ]; then + systemctl reboot --boot-loader-entry=qubes.conf + fi + ''; + }; +in + +{ + environment.systemPackages = [ reboot-into-qubes ]; + + services.flatpak.packages = [ "net.retrodeck.retrodeck" ]; + + programs.steam.dedicatedServer.openFirewall = true; +} diff --git a/hosts/rotterdam/services.nix b/hosts/rotterdam/services.nix new file mode 100644 index 0000000..5483b5d --- /dev/null +++ b/hosts/rotterdam/services.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + services.keyd = { + enable = true; + keyboards.main = { + ids = [ "5653:0001" ]; + settings.main = { + esc = "overload(meta, esc)"; + }; + }; + }; +} From a52ca122863e71064af36e1ec7176fcc91218165 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 15:47:49 -0300 Subject: [PATCH 014/267] refactoring for isServer and isWorkstation: part 4 --- flake.nix | 6 +- hosts/alexandria/services.nix | 4 +- hosts/modules/programs.nix | 1 + hosts/modules/users.nix | 10 +- users/common/default.nix | 8 - users/common/home.nix | 13 -- users/common/programs.nix | 156 -------------------- users/desktops/common/programs.nix | 37 ----- users/desktops/user.nix | 10 -- users/modules/default.nix | 7 + users/modules/programs.nix | 98 ++++++++++++ users/root.nix | 14 ++ users/root/default.nix | 5 + users/servers/user.nix | 8 - users/user.nix | 14 ++ users/{desktops/common => user}/default.nix | 0 users/user/programs.nix | 148 +++++++++++++++++++ 17 files changed, 300 insertions(+), 239 deletions(-) delete mode 100644 users/common/default.nix delete mode 100644 users/common/home.nix delete mode 100644 users/common/programs.nix delete mode 100644 users/desktops/common/programs.nix delete mode 100644 users/desktops/user.nix create mode 100644 users/modules/default.nix create mode 100644 users/modules/programs.nix create mode 100644 users/root.nix create mode 100644 users/root/default.nix delete mode 100644 users/servers/user.nix create mode 100644 users/user.nix rename users/{desktops/common => user}/default.nix (100%) create mode 100644 users/user/programs.nix diff --git a/flake.nix b/flake.nix index ab27254..fd161f8 100644 --- a/flake.nix +++ b/flake.nix @@ -82,7 +82,7 @@ }; }; modules = [ - ./hosts/desktops/rotterdam.nix + ./hosts/rotterdam.nix agenix.nixosModules.default home-manager.nixosModules.default impermanence.nixosModules.impermanence @@ -108,7 +108,7 @@ }; }; modules = [ - ./hosts/desktops/io.nix + ./hosts/io.nix agenix.nixosModules.default home-manager.nixosModules.default impermanence.nixosModules.impermanence @@ -134,7 +134,7 @@ }; }; modules = [ - ./hosts/servers/alexandria.nix + ./hosts/alexandria.nix agenix.nixosModules.default home-manager-stable.nixosModules.default self.nixosModules.qbittorrent diff --git a/hosts/alexandria/services.nix b/hosts/alexandria/services.nix index 08b927a..a9350f6 100644 --- a/hosts/alexandria/services.nix +++ b/hosts/alexandria/services.nix @@ -3,7 +3,9 @@ { services.postgresql.enable = true; - # TODO: remove when bug fux + # TODO: remove when bug fix + # serokell/deploy-rs/issues/57 + # NixOS/nixpkgs/issues/180175 # Workaround for upstream bug in NetworkManager-wait-online.service systemd.services.NetworkManager-wait-online.enable = false; } diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 97022b2..14d4c9c 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -32,6 +32,7 @@ ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; neofetch = "fastfetch"; tree = "ls --tree"; + tsh = "ssh -o RequestTTY=yes $argv tmux -u -CC new -A -s tmux-main"; syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; }; } diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix index 4546cfe..4473061 100644 --- a/hosts/modules/users.nix +++ b/hosts/modules/users.nix @@ -38,12 +38,18 @@ useGlobalPkgs = true; useUserPackages = true; backupFileExtension = "bkp"; + users = { + user = import ../../users/user.nix; + root = import ../../users/root.nix; + }; + extraSpecialArgs = { + inherit hostType; + }; }; } # Server specific configuration (lib.mkIf hostType.isServer { - home-manager.users.user = import ../../users/servers/user.nix; }) # Workstation specific configuration @@ -73,8 +79,6 @@ hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; }; }; - - home-manager.users.user = import ../../users/desktops/user.nix; }) ]; } diff --git a/users/common/default.nix b/users/common/default.nix deleted file mode 100644 index a6eeaf4..0000000 --- a/users/common/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - ./home.nix - ./programs.nix - ]; -} diff --git a/users/common/home.nix b/users/common/home.nix deleted file mode 100644 index 5bafc2f..0000000 --- a/users/common/home.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - sessionVariables = { - EDITOR = "hx"; - }; - packages = with pkgs; [ nix-your-shell ]; - }; -} diff --git a/users/common/programs.nix b/users/common/programs.nix deleted file mode 100644 index 1dc9390..0000000 --- a/users/common/programs.nix +++ /dev/null @@ -1,156 +0,0 @@ -{ pkgs, ... }: - -{ - programs = { - password-store.enable = true; - - bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; - - helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "block"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal.space = { - space = "file_picker"; - w = ":w"; - q = ":q"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; - - direnv = { - enable = true; - nix-direnv.enable = true; - }; - - tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; - - starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; - - git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; - }; - - btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; - - fish = { - enable = true; - interactiveShellInit = "nix-your-shell fish | source"; - loginShellInit = "nix-your-shell fish | source"; - functions = { - fish_greeting = ""; - tsh = "ssh -o RequestTTY=yes $argv tmux -u -CC new -A -s tmux-main"; - }; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; - }; - } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } - ]; - }; - }; -} diff --git a/users/desktops/common/programs.nix b/users/desktops/common/programs.nix deleted file mode 100644 index 141a6eb..0000000 --- a/users/desktops/common/programs.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: - -{ - fonts.fontconfig.enable = true; - - programs = { - password-store.package = pkgs.pass-wayland; - - mangohud.enable = true; - - obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - - fish = { - functions = { - sysrebuild = "nh os switch --ask"; - sysrebuild-boot = "nh os boot --ask"; - sysupdate = "nix flake update --commit-lock-file --flake /home/user/Projects/personal/nix-config"; - }; - }; - }; - - gtk = { - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; -} diff --git a/users/desktops/user.nix b/users/desktops/user.nix deleted file mode 100644 index 80e1f3a..0000000 --- a/users/desktops/user.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - imports = [ - # Host-common imports - ../common - # Desktop-common imports - ./common - ]; -} diff --git a/users/modules/default.nix b/users/modules/default.nix new file mode 100644 index 0000000..adc20f9 --- /dev/null +++ b/users/modules/default.nix @@ -0,0 +1,7 @@ +{...}: + +{ + imports = [ + ./programs.nix + ]; +} diff --git a/users/modules/programs.nix b/users/modules/programs.nix new file mode 100644 index 0000000..03dd7ff --- /dev/null +++ b/users/modules/programs.nix @@ -0,0 +1,98 @@ +{ + config, + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + home = { + sessionVariables = { + EDITOR = "hx"; + }; + }; + + programs = { + bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + + helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal.space = { + space = "file_picker"; + w = ":w"; + q = ":q"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + + fish = { + enable = true; + functions.fish_greeting = ""; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; + sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + }; + } + { + name = "sponge"; + src = pkgs.fetchFromGitHub { + owner = "meaningful-ooo"; + repo = "sponge"; + rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; + sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; + }; + } + ]; + }; + }; + + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/users/root.nix b/users/root.nix new file mode 100644 index 0000000..44b8116 --- /dev/null +++ b/users/root.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + home = { + username = "root"; + homeDirectory = "/root"; + stateVersion = "22.05"; + }; + + imports = [ + ./modules + ./root + ]; +} diff --git a/users/root/default.nix b/users/root/default.nix new file mode 100644 index 0000000..adc92a0 --- /dev/null +++ b/users/root/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ]; +} diff --git a/users/servers/user.nix b/users/servers/user.nix deleted file mode 100644 index 990167f..0000000 --- a/users/servers/user.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - # Host-common imports - ../common - ]; -} diff --git a/users/user.nix b/users/user.nix new file mode 100644 index 0000000..c844a51 --- /dev/null +++ b/users/user.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + + imports = [ + ./modules + ./user + ]; +} diff --git a/users/desktops/common/default.nix b/users/user/default.nix similarity index 100% rename from users/desktops/common/default.nix rename to users/user/default.nix diff --git a/users/user/programs.nix b/users/user/programs.nix new file mode 100644 index 0000000..04ad1c2 --- /dev/null +++ b/users/user/programs.nix @@ -0,0 +1,148 @@ +{ + config, + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + home = { + packages = with pkgs; [ nix-your-shell ]; + }; + + programs = { + helix.languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + + password-store.enable = true; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + fish = { + interactiveShellInit = "nix-your-shell fish | source"; + loginShellInit = "nix-your-shell fish | source"; + }; + + tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + + starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; + + git = { + enable = true; + diff-so-fancy.enable = true; + userName = "William"; + userEmail = "baduhai@proton.me"; + }; + + btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + fonts.fontconfig.enable = true; + + programs = { + password-store.package = pkgs.pass-wayland; + + mangohud.enable = true; + + obs-studio = { + enable = true; + plugins = [ + pkgs.obs-studio-plugins.obs-vkcapture + pkgs.obs-studio-plugins.obs-backgroundremoval + pkgs.obs-studio-plugins.obs-pipewire-audio-capture + ]; + }; + + fish = { + functions = { + sysrebuild = "nh os switch --ask"; + sysrebuild-boot = "nh os boot --ask"; + sysupdate = "nix flake update --commit-lock-file --flake /home/user/Projects/personal/nix-config"; + }; + }; + }; + + gtk = { + gtk3.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + gtk4.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + }; + + }) + ]; +} From 037d68a9d428aa6a8b23e0b28c62b488bd07f45e Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 17:51:04 -0300 Subject: [PATCH 015/267] refactoring for isServer and isWorkstation: part 5 (final?) --- flake.lock | 21 ----------- flake.nix | 8 ----- hosts/alexandria.nix | 36 ++++++++----------- hosts/alexandria/paperless.nix | 30 ---------------- hosts/io.nix | 17 +++++++-- .../alexandria/changedetection.nix | 0 hosts/{ => modules}/alexandria/cinny.nix | 0 hosts/{ => modules}/alexandria/default.nix | 1 - hosts/{ => modules}/alexandria/forgejo.nix | 0 .../alexandria/hardware-configuration.nix | 22 ++++++++---- hosts/{ => modules}/alexandria/jellyfin.nix | 0 hosts/{ => modules}/alexandria/librespeed.nix | 0 hosts/{ => modules}/alexandria/memos.nix | 0 hosts/{ => modules}/alexandria/minecraft.nix | 0 hosts/modules/alexandria/networking.nix | 15 ++++++++ hosts/{ => modules}/alexandria/nextcloud.nix | 0 hosts/{ => modules}/alexandria/nginx.nix | 0 hosts/{ => modules}/alexandria/searx.nix | 0 hosts/{ => modules}/alexandria/services.nix | 0 hosts/{ => modules}/alexandria/users.nix | 0 .../{ => modules}/alexandria/vaultwarden.nix | 0 hosts/modules/default.nix | 5 +-- hosts/modules/flatpak.nix | 35 ++++++++++++++++++ hosts/modules/impermanence.nix | 6 +++- hosts/{ => modules}/io/boot.nix | 0 hosts/{ => modules}/io/default.nix | 2 +- hosts/{ => modules}/io/ephermal.nix | 0 .../io/hardware-configuration.nix | 0 hosts/{ => modules}/io/programs.nix | 0 hosts/{ => modules}/io/services.nix | 0 hosts/modules/programs.nix | 16 --------- hosts/{ => modules}/rotterdam/boot.nix | 0 hosts/{ => modules}/rotterdam/default.nix | 0 hosts/{ => modules}/rotterdam/ephermal.nix | 0 .../rotterdam/hardware-configuration.nix | 0 hosts/{ => modules}/rotterdam/hardware.nix | 0 hosts/{ => modules}/rotterdam/programs.nix | 0 hosts/{ => modules}/rotterdam/services.nix | 0 hosts/rotterdam.nix | 17 +++++++-- users/{ => modules}/root/default.nix | 0 users/{ => modules}/user/default.nix | 0 users/{ => modules}/user/programs.nix | 0 users/root.nix | 2 +- users/user.nix | 2 +- 44 files changed, 120 insertions(+), 115 deletions(-) delete mode 100644 hosts/alexandria/paperless.nix rename hosts/{ => modules}/alexandria/changedetection.nix (100%) rename hosts/{ => modules}/alexandria/cinny.nix (100%) rename hosts/{ => modules}/alexandria/default.nix (98%) rename hosts/{ => modules}/alexandria/forgejo.nix (100%) rename hosts/{ => modules}/alexandria/hardware-configuration.nix (66%) rename hosts/{ => modules}/alexandria/jellyfin.nix (100%) rename hosts/{ => modules}/alexandria/librespeed.nix (100%) rename hosts/{ => modules}/alexandria/memos.nix (100%) rename hosts/{ => modules}/alexandria/minecraft.nix (100%) create mode 100644 hosts/modules/alexandria/networking.nix rename hosts/{ => modules}/alexandria/nextcloud.nix (100%) rename hosts/{ => modules}/alexandria/nginx.nix (100%) rename hosts/{ => modules}/alexandria/searx.nix (100%) rename hosts/{ => modules}/alexandria/services.nix (100%) rename hosts/{ => modules}/alexandria/users.nix (100%) rename hosts/{ => modules}/alexandria/vaultwarden.nix (100%) create mode 100644 hosts/modules/flatpak.nix rename hosts/{ => modules}/io/boot.nix (100%) rename hosts/{ => modules}/io/default.nix (89%) rename hosts/{ => modules}/io/ephermal.nix (100%) rename hosts/{ => modules}/io/hardware-configuration.nix (100%) rename hosts/{ => modules}/io/programs.nix (100%) rename hosts/{ => modules}/io/services.nix (100%) rename hosts/{ => modules}/rotterdam/boot.nix (100%) rename hosts/{ => modules}/rotterdam/default.nix (100%) rename hosts/{ => modules}/rotterdam/ephermal.nix (100%) rename hosts/{ => modules}/rotterdam/hardware-configuration.nix (100%) rename hosts/{ => modules}/rotterdam/hardware.nix (100%) rename hosts/{ => modules}/rotterdam/programs.nix (100%) rename hosts/{ => modules}/rotterdam/services.nix (100%) rename users/{ => modules}/root/default.nix (100%) rename users/{ => modules}/user/default.nix (100%) rename users/{ => modules}/user/programs.nix (100%) diff --git a/flake.lock b/flake.lock index 47ee129..dac8000 100644 --- a/flake.lock +++ b/flake.lock @@ -449,26 +449,6 @@ "type": "github" } }, - "nix-index-db": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740281615, - "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=", - "owner": "nix-community", - "repo": "nix-index-database", - "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-index-database", - "type": "github" - } - }, "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", @@ -584,7 +564,6 @@ "homepage": "homepage", "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", - "nix-index-db": "nix-index-db", "nix-minecraft": "nix-minecraft", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index fd161f8..60f0c76 100644 --- a/flake.nix +++ b/flake.nix @@ -33,11 +33,6 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; - nix-index-db = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nix-minecraft = { url = "github:Infinidoge/nix-minecraft"; inputs.nixpkgs.follows = "nixpkgs"; @@ -64,7 +59,6 @@ homepage, impermanence, nix-flatpak, - nix-index-db, nix-minecraft, nixos-generators, stylix, @@ -86,7 +80,6 @@ agenix.nixosModules.default home-manager.nixosModules.default impermanence.nixosModules.impermanence - nix-index-db.nixosModules.nix-index nix-flatpak.nixosModules.nix-flatpak stylix.nixosModules.stylix { @@ -112,7 +105,6 @@ agenix.nixosModules.default home-manager.nixosModules.default impermanence.nixosModules.impermanence - nix-index-db.nixosModules.nix-index nix-flatpak.nixosModules.nix-flatpak stylix.nixosModules.stylix { diff --git a/hosts/alexandria.nix b/hosts/alexandria.nix index 50920e6..7f5f000 100644 --- a/hosts/alexandria.nix +++ b/hosts/alexandria.nix @@ -1,30 +1,22 @@ { ... }: { + networking.hostName = "alexandria"; + imports = [ - ./modules - ./alexandria + ./modules/alexandria + ./modules/boot.nix + ./modules/console.nix + ./modules/desktop.nix + ./modules/locale.nix + ./modules/networking.nix + ./modules/nix.nix + ./modules/programs.nix + ./modules/security.nix + ./modules/services.nix + ./modules/users.nix + ./modules/virtualisation.nix ]; nix.nixPath = [ "nixos-config=${./alexandria.nix}" ]; - - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - networking = { - hostName = "alexandria"; - firewall = { - allowedTCPPorts = [ - 80 - 443 - 8010 - 9666 - ]; - allowedUDPPorts = [ 24454 ]; - }; - }; } diff --git a/hosts/alexandria/paperless.nix b/hosts/alexandria/paperless.nix deleted file mode 100644 index d78d107..0000000 --- a/hosts/alexandria/paperless.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, ... }: - -{ - services = { - paperless = { - enable = true; - dataDir = "/data/paperless/data"; - mediaDir = "/data/paperless/media"; - passwordFile = config.age.secrets.paperless.path; - port = lib.toInt "${config.ports.paperless}"; - consumptionDirIsPublic = true; - settings = { - PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; - }; - }; - - nginx.virtualHosts."docs.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}"; - }; - }; - - age.secrets.paperless = { - file = ../../../secrets/paperless.age; - owner = "paperless"; - group = "hosted"; - }; -} diff --git a/hosts/io.nix b/hosts/io.nix index 0eba1ed..ffa4218 100644 --- a/hosts/io.nix +++ b/hosts/io.nix @@ -4,8 +4,21 @@ networking.hostName = "io"; imports = [ - ./modules - ./io + ./modules/io + ./modules/boot.nix + ./modules/console.nix + ./modules/desktop.nix + ./modules/flatpak.nix + ./modules/impermanence.nix + ./modules/locale.nix + ./modules/networking.nix + ./modules/nix.nix + ./modules/programs.nix + ./modules/security.nix + ./modules/services.nix + ./modules/stylix.nix + ./modules/users.nix + ./modules/virtualisation.nix ]; nix.nixPath = [ "nixos-config=${./io.nix}" ]; diff --git a/hosts/alexandria/changedetection.nix b/hosts/modules/alexandria/changedetection.nix similarity index 100% rename from hosts/alexandria/changedetection.nix rename to hosts/modules/alexandria/changedetection.nix diff --git a/hosts/alexandria/cinny.nix b/hosts/modules/alexandria/cinny.nix similarity index 100% rename from hosts/alexandria/cinny.nix rename to hosts/modules/alexandria/cinny.nix diff --git a/hosts/alexandria/default.nix b/hosts/modules/alexandria/default.nix similarity index 98% rename from hosts/alexandria/default.nix rename to hosts/modules/alexandria/default.nix index d5069a1..bb81971 100644 --- a/hosts/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -22,7 +22,6 @@ in ./minecraft.nix ./nextcloud.nix ./nginx.nix - ./paperless.nix ./searx.nix ./services.nix ./users.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/modules/alexandria/forgejo.nix similarity index 100% rename from hosts/alexandria/forgejo.nix rename to hosts/modules/alexandria/forgejo.nix diff --git a/hosts/alexandria/hardware-configuration.nix b/hosts/modules/alexandria/hardware-configuration.nix similarity index 66% rename from hosts/alexandria/hardware-configuration.nix rename to hosts/modules/alexandria/hardware-configuration.nix index 05eac80..63ecba5 100644 --- a/hosts/alexandria/hardware-configuration.nix +++ b/hosts/modules/alexandria/hardware-configuration.nix @@ -23,15 +23,23 @@ extraModulePackages = [ ]; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; - fsType = "ext4"; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/4130-BE54"; + fsType = "vfat"; + }; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/4130-BE54"; - fsType = "vfat"; - }; + swapDevices = [ + { + device = "/swapfile"; + size = 8192; + } + ]; networking.useDHCP = lib.mkDefault true; diff --git a/hosts/alexandria/jellyfin.nix b/hosts/modules/alexandria/jellyfin.nix similarity index 100% rename from hosts/alexandria/jellyfin.nix rename to hosts/modules/alexandria/jellyfin.nix diff --git a/hosts/alexandria/librespeed.nix b/hosts/modules/alexandria/librespeed.nix similarity index 100% rename from hosts/alexandria/librespeed.nix rename to hosts/modules/alexandria/librespeed.nix diff --git a/hosts/alexandria/memos.nix b/hosts/modules/alexandria/memos.nix similarity index 100% rename from hosts/alexandria/memos.nix rename to hosts/modules/alexandria/memos.nix diff --git a/hosts/alexandria/minecraft.nix b/hosts/modules/alexandria/minecraft.nix similarity index 100% rename from hosts/alexandria/minecraft.nix rename to hosts/modules/alexandria/minecraft.nix diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix new file mode 100644 index 0000000..504fce6 --- /dev/null +++ b/hosts/modules/alexandria/networking.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + networking = { + firewall = { + allowedTCPPorts = [ + 80 + 443 + 8010 + 9666 + ]; + allowedUDPPorts = [ 24454 ]; + }; + }; +} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/modules/alexandria/nextcloud.nix similarity index 100% rename from hosts/alexandria/nextcloud.nix rename to hosts/modules/alexandria/nextcloud.nix diff --git a/hosts/alexandria/nginx.nix b/hosts/modules/alexandria/nginx.nix similarity index 100% rename from hosts/alexandria/nginx.nix rename to hosts/modules/alexandria/nginx.nix diff --git a/hosts/alexandria/searx.nix b/hosts/modules/alexandria/searx.nix similarity index 100% rename from hosts/alexandria/searx.nix rename to hosts/modules/alexandria/searx.nix diff --git a/hosts/alexandria/services.nix b/hosts/modules/alexandria/services.nix similarity index 100% rename from hosts/alexandria/services.nix rename to hosts/modules/alexandria/services.nix diff --git a/hosts/alexandria/users.nix b/hosts/modules/alexandria/users.nix similarity index 100% rename from hosts/alexandria/users.nix rename to hosts/modules/alexandria/users.nix diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/modules/alexandria/vaultwarden.nix similarity index 100% rename from hosts/alexandria/vaultwarden.nix rename to hosts/modules/alexandria/vaultwarden.nix diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 1dbed53..37e2863 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -5,14 +5,15 @@ ./boot.nix ./console.nix ./desktop.nix - ./impermanence.nix + # ./flatpak.nix + # ./impermanence.nix ./locale.nix ./networking.nix ./nix.nix ./programs.nix ./security.nix ./services.nix - ./stylix.nix + # ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/flatpak.nix b/hosts/modules/flatpak.nix new file mode 100644 index 0000000..39d57d9 --- /dev/null +++ b/hosts/modules/flatpak.nix @@ -0,0 +1,35 @@ +{ + hostType, + lib, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services.flatpak = { + enable = true; + packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.github.tchx84.Flatseal" + "com.steamgriddb.SGDBoop" + "app.zen_browser.zen" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + }) + ]; +} diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix index 65e6139..7c5c7d6 100644 --- a/hosts/modules/impermanence.nix +++ b/hosts/modules/impermanence.nix @@ -1,4 +1,8 @@ -{ hostType, lib, ... }: +{ + hostType, + lib, + ... +}: { config = lib.mkMerge [ diff --git a/hosts/io/boot.nix b/hosts/modules/io/boot.nix similarity index 100% rename from hosts/io/boot.nix rename to hosts/modules/io/boot.nix diff --git a/hosts/io/default.nix b/hosts/modules/io/default.nix similarity index 89% rename from hosts/io/default.nix rename to hosts/modules/io/default.nix index 53179f8..aac6e12 100644 --- a/hosts/io/default.nix +++ b/hosts/modules/io/default.nix @@ -2,7 +2,7 @@ { imports = [ - ./boot + ./boot.nix ./ephermal.nix ./hardware-configuration.nix ./programs.nix diff --git a/hosts/io/ephermal.nix b/hosts/modules/io/ephermal.nix similarity index 100% rename from hosts/io/ephermal.nix rename to hosts/modules/io/ephermal.nix diff --git a/hosts/io/hardware-configuration.nix b/hosts/modules/io/hardware-configuration.nix similarity index 100% rename from hosts/io/hardware-configuration.nix rename to hosts/modules/io/hardware-configuration.nix diff --git a/hosts/io/programs.nix b/hosts/modules/io/programs.nix similarity index 100% rename from hosts/io/programs.nix rename to hosts/modules/io/programs.nix diff --git a/hosts/io/services.nix b/hosts/modules/io/services.nix similarity index 100% rename from hosts/io/services.nix rename to hosts/modules/io/services.nix diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 14d4c9c..8f2da19 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -129,21 +129,6 @@ ] ++ kdepkgs; - services.flatpak = { - enable = true; - packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.github.tchx84.Flatseal" - "com.steamgriddb.SGDBoop" - "app.zen_browser.zen" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - programs = { adb.enable = true; steam.enable = true; @@ -152,7 +137,6 @@ kdeconnect.enable = true; partition-manager.enable = true; gamemode.enable = true; - nix-index-database.comma.enable = true; appimage = { enable = true; binfmt = true; diff --git a/hosts/rotterdam/boot.nix b/hosts/modules/rotterdam/boot.nix similarity index 100% rename from hosts/rotterdam/boot.nix rename to hosts/modules/rotterdam/boot.nix diff --git a/hosts/rotterdam/default.nix b/hosts/modules/rotterdam/default.nix similarity index 100% rename from hosts/rotterdam/default.nix rename to hosts/modules/rotterdam/default.nix diff --git a/hosts/rotterdam/ephermal.nix b/hosts/modules/rotterdam/ephermal.nix similarity index 100% rename from hosts/rotterdam/ephermal.nix rename to hosts/modules/rotterdam/ephermal.nix diff --git a/hosts/rotterdam/hardware-configuration.nix b/hosts/modules/rotterdam/hardware-configuration.nix similarity index 100% rename from hosts/rotterdam/hardware-configuration.nix rename to hosts/modules/rotterdam/hardware-configuration.nix diff --git a/hosts/rotterdam/hardware.nix b/hosts/modules/rotterdam/hardware.nix similarity index 100% rename from hosts/rotterdam/hardware.nix rename to hosts/modules/rotterdam/hardware.nix diff --git a/hosts/rotterdam/programs.nix b/hosts/modules/rotterdam/programs.nix similarity index 100% rename from hosts/rotterdam/programs.nix rename to hosts/modules/rotterdam/programs.nix diff --git a/hosts/rotterdam/services.nix b/hosts/modules/rotterdam/services.nix similarity index 100% rename from hosts/rotterdam/services.nix rename to hosts/modules/rotterdam/services.nix diff --git a/hosts/rotterdam.nix b/hosts/rotterdam.nix index 8e41f04..8b5fa32 100644 --- a/hosts/rotterdam.nix +++ b/hosts/rotterdam.nix @@ -4,8 +4,21 @@ networking.hostName = "rotterdam"; imports = [ - ./rotterdam - ./modules + ./modules/rotterdam + ./modules/boot.nix + ./modules/console.nix + ./modules/desktop.nix + ./modules/flatpak.nix + ./modules/impermanence.nix + ./modules/locale.nix + ./modules/networking.nix + ./modules/nix.nix + ./modules/programs.nix + ./modules/security.nix + ./modules/services.nix + ./modules/stylix.nix + ./modules/users.nix + ./modules/virtualisation.nix ]; nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; diff --git a/users/root/default.nix b/users/modules/root/default.nix similarity index 100% rename from users/root/default.nix rename to users/modules/root/default.nix diff --git a/users/user/default.nix b/users/modules/user/default.nix similarity index 100% rename from users/user/default.nix rename to users/modules/user/default.nix diff --git a/users/user/programs.nix b/users/modules/user/programs.nix similarity index 100% rename from users/user/programs.nix rename to users/modules/user/programs.nix diff --git a/users/root.nix b/users/root.nix index 44b8116..be5e00b 100644 --- a/users/root.nix +++ b/users/root.nix @@ -9,6 +9,6 @@ imports = [ ./modules - ./root + ./modules/root ]; } diff --git a/users/user.nix b/users/user.nix index c844a51..9950533 100644 --- a/users/user.nix +++ b/users/user.nix @@ -9,6 +9,6 @@ imports = [ ./modules - ./user + ./modules/user ]; } From 3c8cb569fddb3a3acfc179825c60c2743d32d57f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 17:58:48 -0300 Subject: [PATCH 016/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/12e26a74e5eb1a31e13daaa08858689e25ebd449?narHash=sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob%2B6M963bwVq74%3D' (2025-02-23) → 'github:nix-community/home-manager/0b0baed7b2bf6a5e365d4cba042b580a2bc32e34?narHash=sha256-Mu2YXrGr/8Cid6W44AXci/YYnASoXjGrMV9Sjs66oyc%3D' (2025-03-13) • Updated input 'nix-minecraft': 'github:Infinidoge/nix-minecraft/3ebed14b163cedb3f6f44d2d70386cb415e63455?narHash=sha256-UJ0ZsaMDcJk/dafSSdYtOF08Ofc6ZKjVkomocrzwb%2BU%3D' (2025-02-23) → 'github:Infinidoge/nix-minecraft/d5544ae6ceb4e13a3bec77ed99754684a58302b7?narHash=sha256-/VjgJuccz8jDkQbMplhZuJTHf7u3SroXkJUIjOGFlAM%3D' (2025-03-13) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453?narHash=sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL%2BtIBm49vpepwL1MQ%3D' (2025-01-16) → 'github:nix-community/nixos-generators/507911df8c35939050ae324caccc7cf4ffb76565?narHash=sha256-Co2kAD2SZalOm%2B5zoxmzEVZNvZ17TyafuFsD46BwSdY%3D' (2025-03-02) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/32fb99ba93fea2798be0e997ea331dd78167f814?narHash=sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk%3D' (2025-02-21) → 'github:nixos/nixpkgs/6607cf789e541e7873d40d3a8f7815ea92204f32?narHash=sha256-cPfs8qMccim2RBgtKGF%2Bx9IBCduRvd/N5F4nYpU0TVE%3D' (2025-03-13) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9?narHash=sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM%3D' (2025-02-21) → 'github:nixos/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0?narHash=sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB%2Bikn74/xQoNrGQ%3D' (2025-03-13) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index dac8000..8759343 100644 --- a/flake.lock +++ b/flake.lock @@ -367,11 +367,11 @@ ] }, "locked": { - "lastModified": 1740347597, - "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", + "lastModified": 1741894454, + "narHash": "sha256-Mu2YXrGr/8Cid6W44AXci/YYnASoXjGrMV9Sjs66oyc=", "owner": "nix-community", "repo": "home-manager", - "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", + "rev": "0b0baed7b2bf6a5e365d4cba042b580a2bc32e34", "type": "github" }, "original": { @@ -458,11 +458,11 @@ ] }, "locked": { - "lastModified": 1740275590, - "narHash": "sha256-UJ0ZsaMDcJk/dafSSdYtOF08Ofc6ZKjVkomocrzwb+U=", + "lastModified": 1741830767, + "narHash": "sha256-/VjgJuccz8jDkQbMplhZuJTHf7u3SroXkJUIjOGFlAM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "3ebed14b163cedb3f6f44d2d70386cb415e63455", + "rev": "d5544ae6ceb4e13a3bec77ed99754684a58302b7", "type": "github" }, "original": { @@ -494,11 +494,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1740947705, + "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "507911df8c35939050ae324caccc7cf4ffb76565", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740126099, - "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", + "lastModified": 1741851582, + "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", + "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", "type": "github" }, "original": { @@ -525,11 +525,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1740162160, - "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=", + "lastModified": 1741862977, + "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9", + "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", "type": "github" }, "original": { From d7eae1f52cbc75c21cbf475002dd072ef4ce7aed Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 18:35:33 -0300 Subject: [PATCH 017/267] new kde portal package --- hosts/modules/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index e90ab4d..81c25ad 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -50,7 +50,7 @@ enable = true; xdgOpenUsePortal = true; extraPortals = with pkgs; [ - xdg-desktop-portal-kde + kdePackages.xdg-desktop-portal-kde xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; From fc461cbaf4504ad9881cb48dbb5adbaa8d3e8d34 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 14 Mar 2025 09:12:26 -0300 Subject: [PATCH 018/267] Don't use nixos-generators --- flake.lock | 37 ------------------------------------- flake.nix | 7 ------- 2 files changed, 44 deletions(-) diff --git a/flake.lock b/flake.lock index 8759343..6582920 100644 --- a/flake.lock +++ b/flake.lock @@ -471,42 +471,6 @@ "type": "github" } }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1740947705, - "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "507911df8c35939050ae324caccc7cf4ffb76565", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1741851582, @@ -565,7 +529,6 @@ "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nix-minecraft": "nix-minecraft", - "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix" diff --git a/flake.nix b/flake.nix index 60f0c76..b8fae0c 100644 --- a/flake.nix +++ b/flake.nix @@ -38,13 +38,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; - stylix.url = "github:danth/stylix?ref=b00c9f46ae6c27074d24d2db390f0ac5ebcc329f"; - }; outputs = @@ -60,7 +54,6 @@ impermanence, nix-flatpak, nix-minecraft, - nixos-generators, stylix, ... }: From d769bd95c7d2b088e4a12958ce04cfca53682209 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 16 Mar 2025 11:45:50 -0300 Subject: [PATCH 019/267] Added octave --- hosts/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 8f2da19..1449e64 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -92,6 +92,7 @@ kwrite libreoffice-qt obsidian + octaveFull onlyoffice-desktopeditors rnote ### Graphics & Design ### From ad154e9ed149bde968afb34b1cc19e10f4bb8844 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 16 Mar 2025 12:42:53 -0300 Subject: [PATCH 020/267] zramSwap is actually really good --- hosts/modules/io/hardware-configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/modules/io/hardware-configuration.nix index 037a503..020240f 100644 --- a/hosts/modules/io/hardware-configuration.nix +++ b/hosts/modules/io/hardware-configuration.nix @@ -73,6 +73,11 @@ }; }; + zramSwap = { + enable = true; + memoryPercent = 100; + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; networking.useDHCP = lib.mkDefault true; From ac4bcbed6df6b4c2d8a7bfd26e2f1e2654474ede Mon Sep 17 00:00:00 2001 From: William Date: Mon, 17 Mar 2025 22:19:38 -0300 Subject: [PATCH 021/267] hyprland setup --- hosts/modules/desktop.nix | 2 + hosts/modules/programs.nix | 1 + users/modules/user/default.nix | 1 + users/modules/user/hyprland.nix | 289 ++++++++++++++++++++++++++++++++ 4 files changed, 293 insertions(+) create mode 100644 users/modules/user/hyprland.nix diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 81c25ad..3c089cf 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -46,6 +46,8 @@ security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + programs.hyprland.enable = true; + xdg.portal = { enable = true; xdgOpenUsePortal = true; diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 1449e64..7321c57 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -152,6 +152,7 @@ fontDir.enable = true; packages = with pkgs; [ corefonts + material-icons noto-fonts-cjk-sans roboto ]; diff --git a/users/modules/user/default.nix b/users/modules/user/default.nix index 5ef9e0a..86a920c 100644 --- a/users/modules/user/default.nix +++ b/users/modules/user/default.nix @@ -2,6 +2,7 @@ { imports = [ + ./hyprland.nix ./programs.nix ]; } diff --git a/users/modules/user/hyprland.nix b/users/modules/user/hyprland.nix new file mode 100644 index 0000000..8b09d8c --- /dev/null +++ b/users/modules/user/hyprland.nix @@ -0,0 +1,289 @@ +{ lib, pkgs, ... }: + +let + heightfittr = pkgs.writeShellApplication { + name = "heightfittr"; + runtimeInputs = with pkgs; [ + socat + hyprland + ]; + text = '' + function handle { + case "$1" in + *openwindow*) + hyprctl dispatch scroller:fitheight all > /dev/null + ;; + *closewindow*) + hyprctl dispatch scroller:fitheight all > /dev/null + ;; + esac + } + socat - "UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do + handle "$line" + done + ''; + }; + + scrollermodetoggle = pkgs.writeShellApplication { + name = "scrollermodetoggle"; + runtimeInputs = with pkgs; [ hyprland ]; + text = '' + if [ -f "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" ]; then + rm "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" + hyprctl --batch 'dispatch scroller:setmode row; notify 2 1000 0 "Row Mode"' + else + touch "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" + hyprctl --batch 'dispatch scroller:setmode col; notify 2 1000 0 "Column Mode"' + fi + ''; + }; +in + +{ + wayland.windowManager.hyprland = { + enable = true; + plugins = with pkgs.hyprlandPlugins; [ hyprscroller ]; + extraConfig = '' + ################ + ### MONITORS ### + ################ + monitor=,preferred,auto,auto + + ################# + ### AUTOSTART ### + ################# + exec-once = ulauncher --hide-window + exec-once = waybar + exec-once = ${lib.getExe heightfittr} + env = XCURSOR_SIZE,24 + env = HYPRCURSOR_SIZE,24 + + ##################### + ### LOOK AND FEEL ### + ##################### + general { + gaps_in = 5 + gaps_out = 20 + border_size = 2 + resize_on_border = true + allow_tearing = false + layout = scroller + } + misc { + font_family = Inter + } + plugin { + scroller { + column_default_width = onethird + focuswrap = false + column_widths = onethird onehalf twothirds + center_row_if_space_available = true + } + } + decoration { + rounding = 10 + rounding_power = 2 + dim_inactive = true + dim_strength = 0.3 + shadow { + enabled = true + range = 4 + render_power = 3 + } + blur { + enabled = true + size = 8 + passes = 1 + vibrancy = 0.1696 + } + layerrule = blur, waybar + layerrule = ignorealpha 0.5, waybar + layerrule = ignorezero, waybar + } + animations { + enabled = yes, please :) + bezier = easeOutQuint,0.23,1,0.32,1 + bezier = easeInOutCubic,0.65,0.05,0.36,1 + bezier = linear,0,0,1,1 + bezier = almostLinear,0.5,0.5,0.75,1.0 + bezier = quick,0.15,0,0.1,1 + animation = global, 1, 1, default + animation = border, 1, 1, easeOutQuint + animation = windows, 1, 1, easeOutQuint + animation = windowsIn, 1, 1, easeOutQuint, popin 87% + animation = windowsOut, 1, 1, linear, popin 87% + animation = fadeIn, 1, 1, almostLinear + animation = fadeOut, 1, 1, almostLinear + animation = fade, 1, 1, quick + animation = layers, 1, 1, easeOutQuint + animation = layersIn, 1, 1, easeOutQuint, fade + animation = layersOut, 1, 1, linear, fade + animation = fadeLayersIn, 1, 1, almostLinear + animation = fadeLayersOut, 1, 1, almostLinear + animation = workspaces, 1, 1, almostLinear, slidevert + } + misc { + force_default_wallpaper = 0 + disable_hyprland_logo = true + } + + ############# + ### INPUT ### + ############# + input { + kb_layout = us + kb_variant = altgr-intl + follow_mouse = 1 + sensitivity = 0 + accel_profile = flat + natural_scroll = true + touchpad { + natural_scroll = true + clickfinger_behavior = true + } + } + + ################### + ### KEYBINDINGS ### + ################### + $mainMod = SUPER + $terminal = ghostty + $menu = ulauncher-toggle + # APP SHORTCUTS + bind = ALT, SPACE, exec, $menu + bind = $mainMod, RETURN, exec, $terminal + # SESSION MANAGEMENT + bind = CTRL ALT, DELETE, exit, + bind = $mainMod, mouse_up, exec, hyprnome + bind = $mainMod, mouse_down, exec, hyprnome --previous + bind = CTRL ALT, j, exec, hyprnome + bind = CTRL ALT, k, exec, hyprnome --previous + bind = $mainMod CTRL ALT, j, exec, hyprnome --move + bind = $mainMod CTRL ALT, k, exec, hyprnome --move --previous + bindel = ,XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ + bindel = ,XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- + bindel = ,XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle + bindel = ,XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle + bindel = ,XF86MonBrightnessUp, exec, brightnessctl s 10%+ + bindel = ,XF86MonBrightnessDown, exec, brightnessctl s 10%- + bindl = , XF86AudioNext, exec, playerctl next + bindl = , XF86AudioPause, exec, playerctl play-pause + bindl = , XF86AudioPlay, exec, playerctl play-pause + bindl = , XF86AudioPrev, exec, playerctl previous + bind = CTRL ALT SHIFT, a, exec, bash /home/user/.local/bin/toggle-audio-output.sh + # WINDOW MANAGEMENT + bind = ALT, F4, killactive, + bind = $mainMod, space, togglefloating, + bind = $mainMod, f, fullscreen + bindm = $mainMod, mouse:272, movewindow + bindm = $mainMod, mouse:273, resizewindow + bind = SUPER, h, movefocus, l + bind = SUPER, l, movefocus, r + bind = SUPER, k, movefocus, u + bind = SUPER, j, movefocus, d + bind = $mainMod CTRL, h, movewindow, l + bind = $mainMod CTRL, l, movewindow, r + bind = $mainMod CTRL, k, movewindow, u + bind = $mainMod CTRL, j, movewindow, d + bind = $mainMod, v, exec, ${lib.getExe scrollermodetoggle} + bind = $mainMod, r, scroller:cyclewidth, next + bind = $mainMod CTRL, r, scroller:cyclewidth, prev + bind = $mainMod, p, scroller:pin, + bind = $mainMod, c, scroller:alignwindow, center + bind = $mainMod CTRL, f, scroller:fitsize, all + + #################### + ### WINDOW RULES ### + #################### + windowrulev2 = suppressevent maximize, class:.* + windowrulev2 = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0 + # ulauncher + windowrule = float, ulauncher + windowrule = pin, ulauncher + windowrule = noborder, ulauncher + windowrule = noshadow, ulauncher + windowrule = nomaxsize, ulauncher + windowrule = noblur, ulauncher + windowrulev2 = animation slide top, class:^(ulauncher)$ + # firefox + windowrulev2 = plugin:scroller:columnwidth onehalf, class:(firefox) + ''; + }; + + services = { + swaync = { + enable = true; + settings = { + positionX = "left"; + positionY = "top"; + layer = "overlay"; + control-center-layer = "top"; + layer-shell = true; + cssPriority = "application"; + control-center-margin-top = 20; + control-center-margin-bottom = 20; + control-center-margin-right = 20; + control-center-margin-left = 20; + notification-2fa-action = true; + notification-inline-replies = false; + notification-icon-size = 64; + notification-body-image-height = 100; + notification-body-image-width = 200; + timeout = 10; + timeout-low = 5; + timeout-critical = 0; + fit-to-screen = true; + relative-timestamps = true; + control-center-width = 500; + control-center-height = 600; + notification-window-width = 500; + keyboard-shortcuts = true; + image-visibility = "when-available"; + transition-time = 200; + hide-on-clear = false; + hide-on-action = true; + script-fail-notify = true; + widgets = [ + "inhibitors" + "title" + "dnd" + "notifications" + "mpris" + ]; + widget-config = { + inhibitors = { + text = "Inhibitors"; + button-text = "Clear All"; + clear-all-button = true; + }; + title = { + text = "Notifications"; + clear-all-button = true; + button-text = "Clear All"; + }; + dnd = { + text = "Do Not Disturb"; + }; + mpris = { + image-size = 96; + image-radius = 12; + }; + }; + }; + }; + }; + + programs = { + hyprlock.enable = true; + }; + + home.packages = with pkgs; [ + brightnessctl + ghostty + hyprnome + playerctl + swaynotificationcenter + ulauncher + waybar + ]; +} From 4709a389ddfd0cc12c628bc831f74cfc30e87215 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 18 Mar 2025 16:39:21 -0300 Subject: [PATCH 022/267] closer to a good hyprland session --- flake.lock | 114 +++++++++++++++++++++++++++++--- flake.nix | 2 + hosts/modules/users.nix | 4 +- users/modules/user/hyprland.nix | 47 ++++++++++++- 4 files changed, 153 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 6582920..24779d5 100644 --- a/flake.lock +++ b/flake.lock @@ -202,6 +202,24 @@ "inputs": { "systems": "systems_3" }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_4" + }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -216,7 +234,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": [ "stylix", @@ -382,6 +400,27 @@ } }, "home-manager_3": { + "inputs": { + "nixpkgs": [ + "mithril", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { "inputs": { "nixpkgs": [ "stylix", @@ -433,6 +472,27 @@ "type": "github" } }, + "mithril": { + "inputs": { + "flake-utils": "flake-utils", + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1739875665, + "narHash": "sha256-QbGXbBQn6aq/hr0moKyaW3OdJKuH7uZN2zmH4T6+koU=", + "owner": "andreashgk", + "repo": "mithril-shell", + "rev": "7c1a609b86e875c854c5bf8a7da55cb405f43c6c", + "type": "github" + }, + "original": { + "owner": "andreashgk", + "ref": "7c1a609b86e875c854c5bf8a7da55cb405f43c6c", + "repo": "mithril-shell", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1711997201, @@ -452,7 +512,7 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -473,11 +533,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741851582, - "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -504,6 +564,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1741851582, + "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1736798957, "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", @@ -527,9 +603,10 @@ "home-manager-stable": "home-manager-stable", "homepage": "homepage", "impermanence": "impermanence", + "mithril": "mithril", "nix-flatpak": "nix-flatpak", "nix-minecraft": "nix-minecraft", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix" } @@ -542,12 +619,12 @@ "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2", - "systems": "systems_4", + "home-manager": "home-manager_4", + "nixpkgs": "nixpkgs_3", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux", @@ -599,6 +676,21 @@ } }, "systems_3": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -613,7 +705,7 @@ "type": "github" } }, - "systems_4": { + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index b8fae0c..ebf6196 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + mithril.url = "github:andreashgk/mithril-shell?ref=7c1a609b86e875c854c5bf8a7da55cb405f43c6c"; + stylix.url = "github:danth/stylix?ref=b00c9f46ae6c27074d24d2db390f0ac5ebcc329f"; }; diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix index 4473061..96f1ba5 100644 --- a/hosts/modules/users.nix +++ b/hosts/modules/users.nix @@ -1,6 +1,7 @@ { - lib, hostType, + inputs, + lib, pkgs, ... }: @@ -44,6 +45,7 @@ }; extraSpecialArgs = { inherit hostType; + inherit inputs; }; }; } diff --git a/users/modules/user/hyprland.nix b/users/modules/user/hyprland.nix index 8b09d8c..686c062 100644 --- a/users/modules/user/hyprland.nix +++ b/users/modules/user/hyprland.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, ... }: +{ + inputs, + lib, + pkgs, + ... +}: let heightfittr = pkgs.writeShellApplication { @@ -52,8 +57,9 @@ in ################# ### AUTOSTART ### ################# - exec-once = ulauncher --hide-window + exec-once = ${pkgs.gnome-settings-daemon}/libexec/gsd-rfkill exec-once = waybar + exec-once = syshud exec-once = ${lib.getExe heightfittr} env = XCURSOR_SIZE,24 env = HYPRCURSOR_SIZE,24 @@ -206,6 +212,7 @@ in windowrule = noblur, ulauncher windowrulev2 = animation slide top, class:^(ulauncher)$ # firefox + windowrulev2 = float, class:^(firefox)$,title:^(Extension.*)$ windowrulev2 = plugin:scroller:columnwidth onehalf, class:(firefox) ''; }; @@ -271,6 +278,40 @@ in }; }; }; + clipman.enable = true; + }; + + systemd.user.services.ulauncher = { + Unit = { + "Description" = "Ulauncher Application Launcher"; + "PartOf" = [ "graphical-session.target" ]; + }; + Install.WantedBy = [ "graphical-session.target" ]; + Service = { + Type = "simple"; + Environment = + let + pydeps = pkgs.python3.withPackages ( + pp: with pp; [ + parsedatetime # https://github.com/tchar/ulauncher-albert-calculate-anything + pint # https://github.com/tchar/ulauncher-albert-calculate-anything + pydbus + pygobject3 + pytz # https://github.com/tchar/ulauncher-albert-calculate-anything + requests # https://github.com/tchar/ulauncher-albert-calculate-anything + simpleeval # https://github.com/tchar/ulauncher-albert-calculate-anything + ] + ); + in + [ + "PYTHONPATH=${pydeps}/${pydeps.sitePackages}" + ]; + ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' + export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" + export GDK_BACKEND=wayland + exec ${pkgs.ulauncher}/bin/ulauncher --hide-window + ''; + }; }; programs = { @@ -283,7 +324,9 @@ in hyprnome playerctl swaynotificationcenter + syshud ulauncher waybar + inputs.mithril.packages.${pkgs.system}.mithril-control-center ]; } From 5ac3c1cc131629ae323336414d5f5079426e7e56 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 19 Mar 2025 12:47:14 -0300 Subject: [PATCH 023/267] hyprland is awesome, but I need to put in a lot of work to get a useable laptop session --- users/modules/user/default.nix | 2 +- users/modules/user/hyprland.nix | 35 +-------------------------------- users/modules/user/programs.nix | 32 ++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 35 deletions(-) diff --git a/users/modules/user/default.nix b/users/modules/user/default.nix index 86a920c..173f040 100644 --- a/users/modules/user/default.nix +++ b/users/modules/user/default.nix @@ -2,7 +2,7 @@ { imports = [ - ./hyprland.nix + # ./hyprland.nix ./programs.nix ]; } diff --git a/users/modules/user/hyprland.nix b/users/modules/user/hyprland.nix index 686c062..17f6996 100644 --- a/users/modules/user/hyprland.nix +++ b/users/modules/user/hyprland.nix @@ -52,7 +52,7 @@ in ################ ### MONITORS ### ################ - monitor=,preferred,auto,auto + monitor=,preferred,auto,1 ################# ### AUTOSTART ### @@ -281,39 +281,6 @@ in clipman.enable = true; }; - systemd.user.services.ulauncher = { - Unit = { - "Description" = "Ulauncher Application Launcher"; - "PartOf" = [ "graphical-session.target" ]; - }; - Install.WantedBy = [ "graphical-session.target" ]; - Service = { - Type = "simple"; - Environment = - let - pydeps = pkgs.python3.withPackages ( - pp: with pp; [ - parsedatetime # https://github.com/tchar/ulauncher-albert-calculate-anything - pint # https://github.com/tchar/ulauncher-albert-calculate-anything - pydbus - pygobject3 - pytz # https://github.com/tchar/ulauncher-albert-calculate-anything - requests # https://github.com/tchar/ulauncher-albert-calculate-anything - simpleeval # https://github.com/tchar/ulauncher-albert-calculate-anything - ] - ); - in - [ - "PYTHONPATH=${pydeps}/${pydeps.sitePackages}" - ]; - ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' - export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" - export GDK_BACKEND=wayland - exec ${pkgs.ulauncher}/bin/ulauncher --hide-window - ''; - }; - }; - programs = { hyprlock.enable = true; }; diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index 04ad1c2..c8216ec 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -143,6 +143,38 @@ }; }; + systemd.user.services.ulauncher = { + Unit = { + "Description" = "Ulauncher Application Launcher"; + "PartOf" = [ "graphical-session.target" ]; + }; + Install.WantedBy = [ "graphical-session.target" ]; + Service = { + Type = "simple"; + Environment = + let + pydeps = pkgs.python3.withPackages ( + pp: with pp; [ + # https://github.com/tchar/ulauncher-albert-calculate-anything + parsedatetime + pint + pytz + requests + simpleeval + ] + ); + in + [ + "PYTHONPATH=${pydeps}/${pydeps.sitePackages}" + ]; + ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' + export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" + export GDK_BACKEND=wayland + exec ${pkgs.ulauncher}/bin/ulauncher --hide-window + ''; + }; + }; + }) ]; } From 174fa7efd881cf0a88d945b10e0b86168c6bdb14 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 19 Mar 2025 12:56:14 -0300 Subject: [PATCH 024/267] added pkgs --- hosts/modules/programs.nix | 1 + users/modules/user/programs.nix | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 7321c57..7ea6b77 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -77,6 +77,7 @@ nix-output-monitor ripgrep ### Internet Browsers & Communication ### + brave firefox microsoft-edge nextcloud-client diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index c8216ec..f175cd3 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -111,6 +111,10 @@ (lib.mkIf hostType.isWorkstation { fonts.fontconfig.enable = true; + home.packages = with pkgs; [ + ulauncher + ]; + programs = { password-store.package = pkgs.pass-wayland; From 3ee7cb91e1388a28baa5e36679fabecca3ab1c2e Mon Sep 17 00:00:00 2001 From: William Date: Thu, 20 Mar 2025 09:09:48 -0300 Subject: [PATCH 025/267] remove hyprland completely for now --- flake.lock | 114 ++++---------------------------------- flake.nix | 2 - hosts/modules/desktop.nix | 2 - 3 files changed, 11 insertions(+), 107 deletions(-) diff --git a/flake.lock b/flake.lock index 24779d5..6582920 100644 --- a/flake.lock +++ b/flake.lock @@ -202,24 +202,6 @@ "inputs": { "systems": "systems_3" }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_4" - }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -234,7 +216,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { "systems": [ "stylix", @@ -400,27 +382,6 @@ } }, "home-manager_3": { - "inputs": { - "nixpkgs": [ - "mithril", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_4": { "inputs": { "nixpkgs": [ "stylix", @@ -472,27 +433,6 @@ "type": "github" } }, - "mithril": { - "inputs": { - "flake-utils": "flake-utils", - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1739875665, - "narHash": "sha256-QbGXbBQn6aq/hr0moKyaW3OdJKuH7uZN2zmH4T6+koU=", - "owner": "andreashgk", - "repo": "mithril-shell", - "rev": "7c1a609b86e875c854c5bf8a7da55cb405f43c6c", - "type": "github" - }, - "original": { - "owner": "andreashgk", - "ref": "7c1a609b86e875c854c5bf8a7da55cb405f43c6c", - "repo": "mithril-shell", - "type": "github" - } - }, "nix-flatpak": { "locked": { "lastModified": 1711997201, @@ -512,7 +452,7 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] @@ -533,11 +473,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1741851582, + "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", "type": "github" }, "original": { @@ -564,22 +504,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1741851582, - "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1736798957, "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", @@ -603,10 +527,9 @@ "home-manager-stable": "home-manager-stable", "homepage": "homepage", "impermanence": "impermanence", - "mithril": "mithril", "nix-flatpak": "nix-flatpak", "nix-minecraft": "nix-minecraft", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix" } @@ -619,12 +542,12 @@ "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_3", - "systems": "systems_5", + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_2", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux", @@ -676,21 +599,6 @@ } }, "systems_3": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -705,7 +613,7 @@ "type": "github" } }, - "systems_5": { + "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index ebf6196..b8fae0c 100644 --- a/flake.nix +++ b/flake.nix @@ -38,8 +38,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - mithril.url = "github:andreashgk/mithril-shell?ref=7c1a609b86e875c854c5bf8a7da55cb405f43c6c"; - stylix.url = "github:danth/stylix?ref=b00c9f46ae6c27074d24d2db390f0ac5ebcc329f"; }; diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 3c089cf..81c25ad 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -46,8 +46,6 @@ security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - programs.hyprland.enable = true; - xdg.portal = { enable = true; xdgOpenUsePortal = true; From 91e36efb645760f9da11573559f17c2bc8c84738 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 22 Mar 2025 13:19:53 -0300 Subject: [PATCH 026/267] stylix is not the way to go, it's pretty cool, though --- flake.lock | 356 +------------------------------------- flake.nix | 5 - hosts/io.nix | 1 - hosts/modules/default.nix | 5 +- hosts/modules/stylix.nix | 66 ------- hosts/rotterdam.nix | 1 - 6 files changed, 3 insertions(+), 431 deletions(-) delete mode 100644 hosts/modules/stylix.nix diff --git a/flake.lock b/flake.lock index 6582920..955c5cc 100644 --- a/flake.lock +++ b/flake.lock @@ -23,73 +23,6 @@ "type": "github" } }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1732200724, - "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "153d52373b0fb2d343592871009a286ec8837aec", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1736852337, - "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -134,22 +67,6 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, - "locked": { - "lastModified": 1736899990, - "narHash": "sha256-S79Hqn2EtSxU4kp99t8tRschSifWD4p/51++0xNWUxw=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "91ca1f82d717b02ceb03a3f423cbe8082ebbb26d", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -182,22 +99,6 @@ "type": "github" } }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -216,108 +117,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": [ - "stylix", - "systems" - ] - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "stylix", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "stylix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1732369855, - "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "dadd58f630eeea41d645ee225a63f719390829dc", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "47.2", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -381,27 +180,6 @@ "type": "github" } }, - "home-manager_3": { - "inputs": { - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736785676, - "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "homepage": { "flake": false, "locked": { @@ -503,22 +281,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1736798957, - "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -530,42 +292,7 @@ "nix-flatpak": "nix-flatpak", "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" - } - }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_2", - "git-hooks": "git-hooks", - "gnome-shell": "gnome-shell", - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2", - "systems": "systems_4", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1738278499, - "narHash": "sha256-q1SUyXSQ9znHTME53/vPLe+Ga3V1wW3X3gWfa8JsBUM=", - "owner": "danth", - "repo": "stylix", - "rev": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", - "type": "github" - }, - "original": { - "owner": "danth", - "ref": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", - "repo": "stylix", - "type": "github" + "nixpkgs-stable": "nixpkgs-stable" } }, "systems": { @@ -613,87 +340,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1716423189, - "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "eb39e141db14baef052893285df9f266df041ff8", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "eb39e141db14baef052893285df9f266df041ff8", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1735737224, - "narHash": "sha256-FO2hRBkZsjlIRqzNHCPc/52yxg11kHGA8MEtSun9RwE=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "aead506a9930c717ebf81cc83a2126e9ca08fa64", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1725758778, - "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } - }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index b8fae0c..bad6ff3 100644 --- a/flake.nix +++ b/flake.nix @@ -37,8 +37,6 @@ url = "github:Infinidoge/nix-minecraft"; inputs.nixpkgs.follows = "nixpkgs"; }; - - stylix.url = "github:danth/stylix?ref=b00c9f46ae6c27074d24d2db390f0ac5ebcc329f"; }; outputs = @@ -54,7 +52,6 @@ impermanence, nix-flatpak, nix-minecraft, - stylix, ... }: { @@ -74,7 +71,6 @@ home-manager.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak - stylix.nixosModules.stylix { nixpkgs.overlays = [ agenix.overlays.default @@ -99,7 +95,6 @@ home-manager.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak - stylix.nixosModules.stylix { nixpkgs.overlays = [ agenix.overlays.default diff --git a/hosts/io.nix b/hosts/io.nix index ffa4218..88a2f70 100644 --- a/hosts/io.nix +++ b/hosts/io.nix @@ -16,7 +16,6 @@ ./modules/programs.nix ./modules/security.nix ./modules/services.nix - ./modules/stylix.nix ./modules/users.nix ./modules/virtualisation.nix ]; diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 37e2863..c877354 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -5,15 +5,14 @@ ./boot.nix ./console.nix ./desktop.nix - # ./flatpak.nix - # ./impermanence.nix + ./flatpak.nix + ./impermanence.nix ./locale.nix ./networking.nix ./nix.nix ./programs.nix ./security.nix ./services.nix - # ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix deleted file mode 100644 index b90d621..0000000 --- a/hosts/modules/stylix.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - stylix = { - enable = true; - image = pkgs.fetchurl { - url = "https://w.wallhaven.cc/full/dp/wallhaven-dpwvl3.jpg"; - sha256 = "sha256-h9UeYj8jSRgSv8XL+zgds4KtooLlJ+IqwxZbQEXdCh4="; - }; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; - size = 24; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - }; - }) - ]; -} diff --git a/hosts/rotterdam.nix b/hosts/rotterdam.nix index 8b5fa32..ea2de1d 100644 --- a/hosts/rotterdam.nix +++ b/hosts/rotterdam.nix @@ -16,7 +16,6 @@ ./modules/programs.nix ./modules/security.nix ./modules/services.nix - ./modules/stylix.nix ./modules/users.nix ./modules/virtualisation.nix ]; From e73026fe5746590140f38bb8c2c6164816d78255 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 22 Mar 2025 17:13:25 -0300 Subject: [PATCH 027/267] new mkHost function, and dome other changes --- flake.lock | 101 +----------- flake.nix | 214 +++++++++++++++---------- hosts/modules/alexandria/default.nix | 1 - hosts/modules/alexandria/minecraft.nix | 73 --------- hosts/modules/networking.nix | 8 - hosts/modules/programs.nix | 3 +- hosts/rotterdam.nix | 14 +- 7 files changed, 141 insertions(+), 273 deletions(-) delete mode 100644 hosts/modules/alexandria/minecraft.nix diff --git a/flake.lock b/flake.lock index 955c5cc..c98e87e 100644 --- a/flake.lock +++ b/flake.lock @@ -5,7 +5,7 @@ "darwin": "darwin", "home-manager": "home-manager", "nixpkgs": [ - "nixpkgs" + "nixpkgs-stable" ], "systems": "systems" }, @@ -49,7 +49,7 @@ "inputs": { "flake-compat": "flake-compat", "nixpkgs": [ - "nixpkgs" + "nixpkgs-stable" ], "utils": "utils" }, @@ -83,40 +83,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -180,22 +146,6 @@ "type": "github" } }, - "homepage": { - "flake": false, - "locked": { - "lastModified": 1727121984, - "narHash": "sha256-sbpLXaFeyIBrGbuw58jwxDcMupFqlqmPGO5/QUgI9eg=", - "owner": "AlexW00", - "repo": "StartTreeV2", - "rev": "cfb8b97b14b23b094878867bef94e3c17a144f3f", - "type": "github" - }, - "original": { - "owner": "AlexW00", - "repo": "StartTreeV2", - "type": "github" - } - }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -213,42 +163,20 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1711997201, - "narHash": "sha256-J71xzQlVYsjagA4AsVwRazhBh2rZrPpKvxTgs6UzL7c=", + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "b76fa31346db7fc958a9898f3c594696ca71c4fd", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", "type": "github" }, "original": { "owner": "gmodena", - "ref": "v0.4.1", + "ref": "latest", "repo": "nix-flatpak", "type": "github" } }, - "nix-minecraft": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741830767, - "narHash": "sha256-/VjgJuccz8jDkQbMplhZuJTHf7u3SroXkJUIjOGFlAM=", - "owner": "Infinidoge", - "repo": "nix-minecraft", - "rev": "d5544ae6ceb4e13a3bec77ed99754684a58302b7", - "type": "github" - }, - "original": { - "owner": "Infinidoge", - "repo": "nix-minecraft", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1741851582, @@ -287,10 +215,8 @@ "deploy-rs": "deploy-rs", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", - "homepage": "homepage", "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", - "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable" } @@ -325,21 +251,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index bad6ff3..ec68373 100644 --- a/flake.nix +++ b/flake.nix @@ -16,27 +16,17 @@ agenix = { url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-stable"; }; deploy-rs = { url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-stable"; }; - homepage = { - url = "github:AlexW00/StartTreeV2"; - flake = false; - }; + nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; impermanence.url = "github:nix-community/impermanence"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; - - nix-minecraft = { - url = "github:Infinidoge/nix-minecraft"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = @@ -48,86 +38,146 @@ home-manager-stable, agenix, deploy-rs, - homepage, impermanence, nix-flatpak, - nix-minecraft, ... }: { - nixosConfigurations = { - rotterdam = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit inputs; - hostType = { - isServer = false; - isWorkstation = true; - }; - }; - modules = [ - ./hosts/rotterdam.nix - agenix.nixosModules.default - home-manager.nixosModules.default - impermanence.nixosModules.impermanence - nix-flatpak.nixosModules.nix-flatpak + nixosConfigurations = + let + mkHost = { - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.custom + hostname, + type, # workstation|server + system ? "x86_64-linux", + extraModules ? [ ], + }: + let + pkgs = if type == "server" then nixpkgs-stable else nixpkgs; + hm = if type == "server" then home-manager-stable else home-manager; + hostTypeFlags = { + isServer = type == "server"; + isWorkstation = type == "workstation"; + }; + defaultModules = [ + ./hosts/${hostname}.nix + agenix.nixosModules.default + hm.nixosModules.default + impermanence.nixosModules.impermanence + nix-flatpak.nixosModules.nix-flatpak + { + nixpkgs.overlays = [ + agenix.overlays.default + ]; + } ]; - } - ]; - }; - - io = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit inputs; - hostType = { - isServer = false; - isWorkstation = true; + workstationModules = [ + { + nixpkgs.overlays = [ + self.overlays.custom + ]; + } + ]; + serverModules = [ + self.nixosModules.qbittorrent + ]; + typeModules = if type == "server" then serverModules else workstationModules; + allModules = defaultModules ++ typeModules ++ extraModules; + in + pkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs; + hostType = hostTypeFlags; + }; + modules = allModules; }; + in + { + rotterdam = mkHost { + hostname = "rotterdam"; + type = "workstation"; }; - modules = [ - ./hosts/io.nix - agenix.nixosModules.default - home-manager.nixosModules.default - impermanence.nixosModules.impermanence - nix-flatpak.nixosModules.nix-flatpak - { - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.custom - ]; - } - ]; - }; + io = mkHost { + hostname = "io"; + type = "workstation"; + }; + alexandria = mkHost { + hostname = "alexandria"; + type = "server"; + }; + # rotterdam = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; + # specialArgs = { + # inherit inputs; + # hostType = { + # isServer = false; + # isWorkstation = true; + # }; + # }; + # modules = [ + # ./hosts/rotterdam.nix + # agenix.nixosModules.default + # home-manager.nixosModules.default + # impermanence.nixosModules.impermanence + # nix-flatpak.nixosModules.nix-flatpak + # { + # nixpkgs.overlays = [ + # agenix.overlays.default + # self.overlays.custom + # ]; + # } + # ]; + # }; - alexandria = nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit inputs; - hostType = { - isServer = true; - isWorkstation = false; - }; - }; - modules = [ - ./hosts/alexandria.nix - agenix.nixosModules.default - home-manager-stable.nixosModules.default - self.nixosModules.qbittorrent - ({ - nixpkgs.overlays = [ - agenix.overlays.default - nix-minecraft.overlay - ]; - imports = [ nix-minecraft.nixosModules.minecraft-servers ]; - }) - ]; + # io = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; + # specialArgs = { + # inherit inputs; + # hostType = { + # isServer = false; + # isWorkstation = true; + # }; + # }; + # modules = [ + # ./hosts/io.nix + # agenix.nixosModules.default + # home-manager.nixosModules.default + # impermanence.nixosModules.impermanence + # nix-flatpak.nixosModules.nix-flatpak + # { + # nixpkgs.overlays = [ + # agenix.overlays.default + # self.overlays.custom + # ]; + # } + # ]; + # }; + + # alexandria = nixpkgs-stable.lib.nixosSystem { + # system = "x86_64-linux"; + # specialArgs = { + # inherit inputs; + # hostType = { + # isServer = true; + # isWorkstation = false; + # }; + # }; + # modules = [ + # ./hosts/alexandria.nix + # agenix.nixosModules.default + # home-manager-stable.nixosModules.default + # self.nixosModules.qbittorrent + # ({ + # nixpkgs.overlays = [ + # agenix.overlays.default + # nix-minecraft.overlay + # ]; + # imports = [ nix-minecraft.nixosModules.minecraft-servers ]; + # }) + # ]; + # }; }; - }; overlays = { custom = final: prev: { diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix index bb81971..d33bd6d 100644 --- a/hosts/modules/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -19,7 +19,6 @@ in ./jellyfin.nix ./librespeed.nix ./memos.nix - ./minecraft.nix ./nextcloud.nix ./nginx.nix ./searx.nix diff --git a/hosts/modules/alexandria/minecraft.nix b/hosts/modules/alexandria/minecraft.nix deleted file mode 100644 index 2ce951f..0000000 --- a/hosts/modules/alexandria/minecraft.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, ... }: - -{ - services.minecraft-servers = { - enable = true; - eula = true; - dataDir = "/data/minecraft"; - servers."kingdomcums" = { - enable = true; - package = pkgs.fabricServers.fabric-1_20_1; - openFirewall = true; - serverProperties = { - difficulty = "normal"; - gamemode = "survival"; - motd = "Kingdom Cums"; - online-mode = false; - spawn-protection = false; - }; - symlinks."mods" = pkgs.linkFarmFromDrvs "mods" ( - builtins.attrValues { - villagerNames = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/gqRXDo8B/versions/rzXhJ2pH/villagernames-1.20.1-8.1.jar"; - sha256 = "0hcbbp3zi3nnr12kian9l645f22jr7495bcrlbng46nxp9h08pg5"; - }; - lithium = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/ZSNsJrPI/lithium-fabric-mc1.20.1-0.11.2.jar"; - sha256 = "1ycdvrs46bbdxsa6i38sfx70v47nvzzbmblfpy3hq3k8blsrbid0"; - }; - lootr = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/EltpO5cN/versions/fqmzdpE2/lootr-fabric-1.20-0.7.33.81.jar"; - sha256 = "0db0472rb07nbc9i925qp3n7s7nmrq6q3alhprflgc9gqg0j0f14"; - }; - malilib = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/GcWjdA9I/versions/V7yLDtJV/malilib-fabric-1.20.1-0.16.3.jar"; - sha256 = "129m1jnk58p0wid5fmagqx13wp6pw4gja01yx14aljdxgzr8kqas"; - }; - immersivePaintings = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/6txNkua3/versions/UjL11A4h/immersive_paintings-0.6.7%2B1.20.1-fabric.jar"; - sha256 = "1di9a67q372z6lplnsa1kmh86armya83mimn61c8ai7izjlsfnid"; - }; - entityCulling = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/NNAgCjsB/versions/mahLIqpj/entityculling-fabric-1.6.7-mc1.20.1.jar"; - sha256 = "01iz8rgljgzl0d8gcwpmr6wcvv3b0cf1siggp3dn8q5hv9przk9k"; - }; - fabricAPI = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/P7uGFii0/fabric-api-0.92.2%2B1.20.1.jar"; - sha256 = "1z3hcxng2p9ymph1c0k729vxxaasi34n6fcdsqwx0wsmqi2gh025"; - }; - fallingTree = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/Fb4jn8m6/versions/NrtzFkZE/FallingTree-1.20.1-4.3.4.jar"; - sha256 = "0sfv2laxzgmkhmr0kizi7g09r6fkccjhj9p5j0viqywnwx02r7fs"; - }; - carryOn = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/joEfVgkn/versions/Mkla4B3q/carryon-fabric-1.20.1-2.1.2.7.jar"; - sha256 = "1pgbqrjrxw7bgwn6phpywgpjfmf5h341ba93j76ibk649wbgn9cd"; - }; - collective = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/e0M1UDsY/versions/jo7YkyNS/collective-1.20.1-7.84.jar"; - sha256 = "01qvaqmd5kmxq7sins6703xq5ckc47qs5kd62gnjyfq1dbjp2y2b"; - }; - dynamicLights = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/7YjclEGc/versions/eU6PA0pr/dynamiclights-v1.8.3-mc1.17x-1.21x-mod.jar"; - sha256 = "0vdv525gis1vj514iqh4rbl6byp7k0ls3lsyj0c3db8g58d784gm"; - }; - appleSkin = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/EsAfCjCV/versions/xcauwnEB/appleskin-fabric-mc1.20.1-2.5.1.jar"; - sha256 = "1d9qmzjlk763ycmizqpmhcq0hhqw9j8hij6xk8p8l11ljr13mql5"; - }; - } - ); - }; - }; -} diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix index f567d9b..63459d0 100644 --- a/hosts/modules/networking.nix +++ b/hosts/modules/networking.nix @@ -1,6 +1,5 @@ { hostType, - inputs, lib, ... }: @@ -33,13 +32,6 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { - services = { - tailscale.useRoutingFeatures = "client"; - nginx = { - enable = true; - virtualHosts."localhost".root = inputs.homepage; - }; - }; }) ]; } diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 7ea6b77..046354f 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -153,7 +153,8 @@ fontDir.enable = true; packages = with pkgs; [ corefonts - material-icons + inter + nerd-fonts.hack noto-fonts-cjk-sans roboto ]; diff --git a/hosts/rotterdam.nix b/hosts/rotterdam.nix index ea2de1d..ad95919 100644 --- a/hosts/rotterdam.nix +++ b/hosts/rotterdam.nix @@ -5,19 +5,7 @@ imports = [ ./modules/rotterdam - ./modules/boot.nix - ./modules/console.nix - ./modules/desktop.nix - ./modules/flatpak.nix - ./modules/impermanence.nix - ./modules/locale.nix - ./modules/networking.nix - ./modules/nix.nix - ./modules/programs.nix - ./modules/security.nix - ./modules/services.nix - ./modules/users.nix - ./modules/virtualisation.nix + ./modules ]; nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; From fae754891e9f14432933f99dde50cad62d4c4c96 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 22 Mar 2025 17:18:16 -0300 Subject: [PATCH 028/267] changed the way modules are imported on hosts --- hosts/alexandria.nix | 12 +----------- hosts/io.nix | 14 +------------- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/hosts/alexandria.nix b/hosts/alexandria.nix index 7f5f000..6050904 100644 --- a/hosts/alexandria.nix +++ b/hosts/alexandria.nix @@ -5,17 +5,7 @@ imports = [ ./modules/alexandria - ./modules/boot.nix - ./modules/console.nix - ./modules/desktop.nix - ./modules/locale.nix - ./modules/networking.nix - ./modules/nix.nix - ./modules/programs.nix - ./modules/security.nix - ./modules/services.nix - ./modules/users.nix - ./modules/virtualisation.nix + ./modules ]; nix.nixPath = [ "nixos-config=${./alexandria.nix}" ]; diff --git a/hosts/io.nix b/hosts/io.nix index 88a2f70..3910dc1 100644 --- a/hosts/io.nix +++ b/hosts/io.nix @@ -5,19 +5,7 @@ imports = [ ./modules/io - ./modules/boot.nix - ./modules/console.nix - ./modules/desktop.nix - ./modules/flatpak.nix - ./modules/impermanence.nix - ./modules/locale.nix - ./modules/networking.nix - ./modules/nix.nix - ./modules/programs.nix - ./modules/security.nix - ./modules/services.nix - ./modules/users.nix - ./modules/virtualisation.nix + ./modules ]; nix.nixPath = [ "nixos-config=${./io.nix}" ]; From 10a30e27c5020f9ce2da9a3df178ed43127e6844 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 23 Mar 2025 16:40:58 -0300 Subject: [PATCH 029/267] added waydroid, removed hyprland --- hosts/modules/desktop.nix | 2 + hosts/modules/impermanence.nix | 1 + hosts/modules/virtualisation.nix | 1 + users/modules/user/hyprland.nix | 137 +++++++++++++++---------------- 4 files changed, 72 insertions(+), 69 deletions(-) diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 81c25ad..59502ee 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -36,6 +36,8 @@ }; }; + # programs.hyprland.enable = true; + hardware = { xpadneo.enable = true; bluetooth.enable = true; diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix index 7c5c7d6..8999c9c 100644 --- a/hosts/modules/impermanence.nix +++ b/hosts/modules/impermanence.nix @@ -33,6 +33,7 @@ "/var/lib/systemd/coredump" "/var/lib/systemd/timers" "/var/lib/tailscale" + "/var/lib/waydroid" "/var/log" ]; }; diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix index 232459a..fb2c156 100644 --- a/hosts/modules/virtualisation.nix +++ b/hosts/modules/virtualisation.nix @@ -32,6 +32,7 @@ virtualisation = { libvirtd.enable = true; lxd.enable = true; + waydroid.enable = true; }; }) ]; diff --git a/users/modules/user/hyprland.nix b/users/modules/user/hyprland.nix index 17f6996..7477263 100644 --- a/users/modules/user/hyprland.nix +++ b/users/modules/user/hyprland.nix @@ -1,5 +1,4 @@ { - inputs, lib, pkgs, ... @@ -57,9 +56,9 @@ in ################# ### AUTOSTART ### ################# - exec-once = ${pkgs.gnome-settings-daemon}/libexec/gsd-rfkill - exec-once = waybar - exec-once = syshud + # exec-once = ${pkgs.gnome-settings-daemon}/libexec/gsd-rfkill + # exec-once = waybar + # exec-once = syshud exec-once = ${lib.getExe heightfittr} env = XCURSOR_SIZE,24 env = HYPRCURSOR_SIZE,24 @@ -218,72 +217,72 @@ in }; services = { - swaync = { - enable = true; - settings = { - positionX = "left"; - positionY = "top"; - layer = "overlay"; - control-center-layer = "top"; - layer-shell = true; - cssPriority = "application"; - control-center-margin-top = 20; - control-center-margin-bottom = 20; - control-center-margin-right = 20; - control-center-margin-left = 20; - notification-2fa-action = true; - notification-inline-replies = false; - notification-icon-size = 64; - notification-body-image-height = 100; - notification-body-image-width = 200; - timeout = 10; - timeout-low = 5; - timeout-critical = 0; - fit-to-screen = true; - relative-timestamps = true; - control-center-width = 500; - control-center-height = 600; - notification-window-width = 500; - keyboard-shortcuts = true; - image-visibility = "when-available"; - transition-time = 200; - hide-on-clear = false; - hide-on-action = true; - script-fail-notify = true; - widgets = [ - "inhibitors" - "title" - "dnd" - "notifications" - "mpris" - ]; - widget-config = { - inhibitors = { - text = "Inhibitors"; - button-text = "Clear All"; - clear-all-button = true; - }; - title = { - text = "Notifications"; - clear-all-button = true; - button-text = "Clear All"; - }; - dnd = { - text = "Do Not Disturb"; - }; - mpris = { - image-size = 96; - image-radius = 12; - }; - }; - }; - }; - clipman.enable = true; + # swaync = { + # enable = true; + # settings = { + # positionX = "left"; + # positionY = "top"; + # layer = "overlay"; + # control-center-layer = "top"; + # layer-shell = true; + # cssPriority = "application"; + # control-center-margin-top = 20; + # control-center-margin-bottom = 20; + # control-center-margin-right = 20; + # control-center-margin-left = 20; + # notification-2fa-action = true; + # notification-inline-replies = false; + # notification-icon-size = 64; + # notification-body-image-height = 100; + # notification-body-image-width = 200; + # timeout = 10; + # timeout-low = 5; + # timeout-critical = 0; + # fit-to-screen = true; + # relative-timestamps = true; + # control-center-width = 500; + # control-center-height = 600; + # notification-window-width = 500; + # keyboard-shortcuts = true; + # image-visibility = "when-available"; + # transition-time = 200; + # hide-on-clear = false; + # hide-on-action = true; + # script-fail-notify = true; + # widgets = [ + # "inhibitors" + # "title" + # "dnd" + # "notifications" + # "mpris" + # ]; + # widget-config = { + # inhibitors = { + # text = "Inhibitors"; + # button-text = "Clear All"; + # clear-all-button = true; + # }; + # title = { + # text = "Notifications"; + # clear-all-button = true; + # button-text = "Clear All"; + # }; + # dnd = { + # text = "Do Not Disturb"; + # }; + # mpris = { + # image-size = 96; + # image-radius = 12; + # }; + # }; + # }; + # }; + # clipman.enable = true; }; - programs = { - hyprlock.enable = true; - }; + # programs = { + # hyprlock.enable = true; + # }; home.packages = with pkgs; [ brightnessctl @@ -294,6 +293,6 @@ in syshud ulauncher waybar - inputs.mithril.packages.${pkgs.system}.mithril-control-center + # inputs.mithril.packages.${pkgs.system}.mithril-control-center ]; } From 278da1458737afd4ff2a1ea62efa8d9712464ceb Mon Sep 17 00:00:00 2001 From: William Date: Mon, 24 Mar 2025 09:17:40 -0300 Subject: [PATCH 030/267] fix waydroid impermanence --- hosts/modules/impermanence.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix index 8999c9c..5ba5f6e 100644 --- a/hosts/modules/impermanence.nix +++ b/hosts/modules/impermanence.nix @@ -27,6 +27,7 @@ ]; directories = [ "/etc/NetworkManager/system-connections" + "/etc/waydroid-extra/images/" "/var/lib/bluetooth" "/var/lib/flatpak" "/var/lib/nixos" From 31a3c30544f9f9578c84d8a134c255b1944d4e50 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 24 Mar 2025 13:04:36 -0300 Subject: [PATCH 031/267] removed firefox --- hosts/modules/programs.nix | 1 - users/modules/user/hyprland.nix | 5 +++-- users/modules/user/programs.nix | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 046354f..f7526d9 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -78,7 +78,6 @@ ripgrep ### Internet Browsers & Communication ### brave - firefox microsoft-edge nextcloud-client tor-browser diff --git a/users/modules/user/hyprland.nix b/users/modules/user/hyprland.nix index 7477263..e895922 100644 --- a/users/modules/user/hyprland.nix +++ b/users/modules/user/hyprland.nix @@ -210,9 +210,10 @@ in windowrule = nomaxsize, ulauncher windowrule = noblur, ulauncher windowrulev2 = animation slide top, class:^(ulauncher)$ - # firefox - windowrulev2 = float, class:^(firefox)$,title:^(Extension.*)$ + # browsers windowrulev2 = plugin:scroller:columnwidth onehalf, class:(firefox) + windowrulev2 = plugin:scroller:columnwidth onehalf, class:(zen) + windowrulev2 = plugin:scroller:columnwidth onehalf, class:(brave) ''; }; diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index f175cd3..d754e8a 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -159,7 +159,7 @@ let pydeps = pkgs.python3.withPackages ( pp: with pp; [ - # https://github.com/tchar/ulauncher-albert-calculate-anything + # dependencies for ulauncher-albert-calculate-anything parsedatetime pint pytz @@ -178,7 +178,6 @@ ''; }; }; - }) ]; } From 992144c070a8a312f28e1b575f46c17a81924e7e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 24 Mar 2025 13:05:02 -0300 Subject: [PATCH 032/267] removed ungoogled-chromium in favour of brave as secondary forgetful browser --- hosts/modules/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index f7526d9..e6c9a54 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -81,7 +81,6 @@ microsoft-edge nextcloud-client tor-browser - ungoogled-chromium vesktop ### Office & Productivity ### aspell From 440bdf6f3aee3ab249a85e84d1ae47e87d3497d6 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 25 Mar 2025 16:58:01 -0300 Subject: [PATCH 033/267] removed old flake system definitions --- flake.nix | 79 +++----------------------------------- hosts/modules/programs.nix | 1 - 2 files changed, 6 insertions(+), 74 deletions(-) diff --git a/flake.nix b/flake.nix index ec68373..c2b30a0 100644 --- a/flake.nix +++ b/flake.nix @@ -74,7 +74,7 @@ workstationModules = [ { nixpkgs.overlays = [ - self.overlays.custom + self.overlays.workstationOverlay ]; } ]; @@ -106,81 +106,14 @@ hostname = "alexandria"; type = "server"; }; - # rotterdam = nixpkgs.lib.nixosSystem { - # system = "x86_64-linux"; - # specialArgs = { - # inherit inputs; - # hostType = { - # isServer = false; - # isWorkstation = true; - # }; - # }; - # modules = [ - # ./hosts/rotterdam.nix - # agenix.nixosModules.default - # home-manager.nixosModules.default - # impermanence.nixosModules.impermanence - # nix-flatpak.nixosModules.nix-flatpak - # { - # nixpkgs.overlays = [ - # agenix.overlays.default - # self.overlays.custom - # ]; - # } - # ]; - # }; - - # io = nixpkgs.lib.nixosSystem { - # system = "x86_64-linux"; - # specialArgs = { - # inherit inputs; - # hostType = { - # isServer = false; - # isWorkstation = true; - # }; - # }; - # modules = [ - # ./hosts/io.nix - # agenix.nixosModules.default - # home-manager.nixosModules.default - # impermanence.nixosModules.impermanence - # nix-flatpak.nixosModules.nix-flatpak - # { - # nixpkgs.overlays = [ - # agenix.overlays.default - # self.overlays.custom - # ]; - # } - # ]; - # }; - - # alexandria = nixpkgs-stable.lib.nixosSystem { - # system = "x86_64-linux"; - # specialArgs = { - # inherit inputs; - # hostType = { - # isServer = true; - # isWorkstation = false; - # }; - # }; - # modules = [ - # ./hosts/alexandria.nix - # agenix.nixosModules.default - # home-manager-stable.nixosModules.default - # self.nixosModules.qbittorrent - # ({ - # nixpkgs.overlays = [ - # agenix.overlays.default - # nix-minecraft.overlay - # ]; - # imports = [ nix-minecraft.nixosModules.minecraft-servers ]; - # }) - # ]; - # }; }; overlays = { - custom = final: prev: { + overlay = final: prev: { + }; + workstationOverlay = final: prev: { + }; + serverOverlay = final: prev: { }; }; diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index e6c9a54..0192d20 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -115,7 +115,6 @@ # lilipod BROKEN mission-center p7zip - plasma-panel-colorizer qbittorrent quickemu quickgui From 6adffcb00e3a3f18f46b06fc722af4c055be61ce Mon Sep 17 00:00:00 2001 From: William Date: Wed, 26 Mar 2025 13:52:07 -0300 Subject: [PATCH 034/267] Never got distrobox to work --- hosts/modules/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 0192d20..e343f8a 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -107,7 +107,6 @@ protonup ### System Utilities ### adwaita-icon-theme - distrobox junction kara kde-rounded-corners From 124f5423f4b24b730fc2a95d3b7fa55d266d6319 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 1 Apr 2025 19:08:07 -0300 Subject: [PATCH 035/267] I'm too dumb for FreeCAD --- hosts/modules/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index e343f8a..5ce0917 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -95,7 +95,6 @@ onlyoffice-desktopeditors rnote ### Graphics & Design ### - freecad-wayland gimp inkscape orca-slicer From d639c253a36225a6cd314e65df704ec74cfa7bcb Mon Sep 17 00:00:00 2001 From: William Date: Tue, 1 Apr 2025 19:39:45 -0300 Subject: [PATCH 036/267] added plasticity back --- flake.nix | 1 + hosts/modules/programs.nix | 1 + packages/plasticity.nix | 122 +++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100644 packages/plasticity.nix diff --git a/flake.nix b/flake.nix index c2b30a0..8fe5b99 100644 --- a/flake.nix +++ b/flake.nix @@ -112,6 +112,7 @@ overlay = final: prev: { }; workstationOverlay = final: prev: { + plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; }; serverOverlay = final: prev: { }; diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 5ce0917..c8d8395 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -98,6 +98,7 @@ gimp inkscape orca-slicer + plasticity ### Gaming & Entertainment ### clonehero heroic diff --git a/packages/plasticity.nix b/packages/plasticity.nix new file mode 100644 index 0000000..4325e5f --- /dev/null +++ b/packages/plasticity.nix @@ -0,0 +1,122 @@ +{ + alsa-lib, + at-spi2-atk, + autoPatchelfHook, + cairo, + cups, + dbus, + desktop-file-utils, + expat, + fetchurl, + gdk-pixbuf, + gtk3, + gvfs, + hicolor-icon-theme, + lib, + libdrm, + libglvnd, + libnotify, + libsForQt5, + libxkbcommon, + libgbm, + nspr, + nss, + openssl, + pango, + rpmextract, + stdenv, + systemd, + trash-cli, + vulkan-loader, + wrapGAppsHook3, + xdg-utils, + xorg, +}: +stdenv.mkDerivation rec { + pname = "plasticity"; + version = "25.1.8"; + + src = fetchurl { + url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm"; + hash = "sha256-5PjjEsHchryUhmzqyQ4XqwiycNEVCefmpSW/9jZEzpg="; + }; + + nativeBuildInputs = [ + wrapGAppsHook3 + autoPatchelfHook + rpmextract + libgbm + ]; + + buildInputs = [ + alsa-lib + at-spi2-atk + cairo + cups + dbus + desktop-file-utils + expat + gdk-pixbuf + gtk3 + gvfs + hicolor-icon-theme + libdrm + libnotify + libsForQt5.kde-cli-tools + libxkbcommon + nspr + nss + openssl + pango + (lib.getLib stdenv.cc.cc) + trash-cli + xdg-utils + ]; + + runtimeDependencies = [ + systemd + libglvnd + vulkan-loader # may help with nvidia users + xorg.libX11 + xorg.libxcb + xorg.libXcomposite + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXrandr + xorg.libXtst + ]; + + dontUnpack = true; + + # can't find anything on the internet about these files, no clue what they do + autoPatchelfIgnoreMissingDeps = [ + "ACCAMERA.tx" + "AcMPolygonObj15.tx" + "ATEXT.tx" + "ISM.tx" + "RText.tx" + "SCENEOE.tx" + "TD_DbEntities.tx" + "TD_DbIO.tx" + "WipeOut.tx" + ]; + + installPhase = '' + runHook preInstall + + mkdir $out + cd $out + rpmextract $src + mv $out/usr/* $out + rm -r $out/usr + rm -r $out/lib/.build-id + + runHook postInstall + ''; + + #--use-gl=egl for it to use hardware rendering it seems. Otherwise there are terrible framerates + preFixup = '' + gappsWrapperArgs+=(--add-flags "--use-gl=egl") + ''; +} From 9762364df942f1da804478af17d72df7270824cc Mon Sep 17 00:00:00 2001 From: William Date: Wed, 9 Apr 2025 14:14:45 -0300 Subject: [PATCH 037/267] Added arduino-ide and fritzing pkgs --- hosts/modules/programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index c8d8395..8bd51a2 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -68,9 +68,11 @@ with pkgs; [ ### Dev Tools ### + arduino-ide bat deploy-rs fd + fritzing fzf nixfmt-rfc-style nix-init From 55c8b90c2f631fce5d91a16772d7b2a815293129 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Apr 2025 17:00:04 -0300 Subject: [PATCH 038/267] helix theme --- users/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 03dd7ff..7482388 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -25,6 +25,7 @@ helix = { enable = true; settings = { + theme = "catppuccin_mocha"; editor = { file-picker.hidden = false; idle-timeout = 0; From adb193241cd5b90453dca6726e38fe98f8628b27 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Apr 2025 17:03:59 -0300 Subject: [PATCH 039/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/0b0baed7b2bf6a5e365d4cba042b580a2bc32e34?narHash=sha256-Mu2YXrGr/8Cid6W44AXci/YYnASoXjGrMV9Sjs66oyc%3D' (2025-03-13) → 'github:nix-community/home-manager/6899001a762b0e089ad7b8ec7637d0a678640b8e?narHash=sha256-KK0LZX8O73DVIcI5qnxuDeSh3b4RrkDfC6lvIjzEyzc%3D' (2025-04-22) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe?narHash=sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA%3D' (2025-02-17) → 'github:nix-community/home-manager/c61bfe3ae692f42ce688b5865fac9e0de58e1387?narHash=sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg%3D' (2025-04-15) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/6607cf789e541e7873d40d3a8f7815ea92204f32?narHash=sha256-cPfs8qMccim2RBgtKGF%2Bx9IBCduRvd/N5F4nYpU0TVE%3D' (2025-03-13) → 'github:nixos/nixpkgs/c11863f1e964833214b767f4a369c6e6a7aba141?narHash=sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0%3D' (2025-04-21) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0?narHash=sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB%2Bikn74/xQoNrGQ%3D' (2025-03-13) → 'github:nixos/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index c98e87e..003e29d 100644 --- a/flake.lock +++ b/flake.lock @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1741894454, - "narHash": "sha256-Mu2YXrGr/8Cid6W44AXci/YYnASoXjGrMV9Sjs66oyc=", + "lastModified": 1745350245, + "narHash": "sha256-KK0LZX8O73DVIcI5qnxuDeSh3b4RrkDfC6lvIjzEyzc=", "owner": "nix-community", "repo": "home-manager", - "rev": "0b0baed7b2bf6a5e365d4cba042b580a2bc32e34", + "rev": "6899001a762b0e089ad7b8ec7637d0a678640b8e", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741851582, - "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", + "lastModified": 1745234285, + "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", + "rev": "c11863f1e964833214b767f4a369c6e6a7aba141", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1741862977, - "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { From 3d48dca5519a72b9fcbad244555cb578311a5380 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Apr 2025 17:25:05 -0300 Subject: [PATCH 040/267] idk --- hosts/modules/programs.nix | 2 -- hosts/modules/rotterdam/hardware.nix | 2 -- 2 files changed, 4 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 8bd51a2..c8d8395 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -68,11 +68,9 @@ with pkgs; [ ### Dev Tools ### - arduino-ide bat deploy-rs fd - fritzing fzf nixfmt-rfc-style nix-init diff --git a/hosts/modules/rotterdam/hardware.nix b/hosts/modules/rotterdam/hardware.nix index 495a78b..ba7f866 100644 --- a/hosts/modules/rotterdam/hardware.nix +++ b/hosts/modules/rotterdam/hardware.nix @@ -8,6 +8,4 @@ }; graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; }; - - systemd.targets.hibernate.enable = false; # disable non-functional hibernate } From d44a5d904c865eb34e14710309bec505b4dbd4e8 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Apr 2025 18:47:16 -0300 Subject: [PATCH 041/267] octave deps --- hosts/modules/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index c8d8395..13b8611 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -91,7 +91,7 @@ kwrite libreoffice-qt obsidian - octaveFull + (octaveFull.withPackages (octavePackages: with octavePackages; [ signal ])) onlyoffice-desktopeditors rnote ### Graphics & Design ### From c48c9366545b1084eb1d7b6adeb881c17fe85572 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Apr 2025 21:15:02 -0300 Subject: [PATCH 042/267] add beeper pkg --- hosts/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 13b8611..681a2aa 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -77,6 +77,7 @@ nix-output-monitor ripgrep ### Internet Browsers & Communication ### + beeper brave microsoft-edge nextcloud-client From 7109a9caf897e2246ad8562a93e543bb46df4290 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 2 May 2025 15:40:03 -0300 Subject: [PATCH 043/267] added rustdesk --- hosts/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 681a2aa..5ef7a45 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -118,6 +118,7 @@ qbittorrent quickemu quickgui + rustdesk steam-run unrar ventoy From 1796e501af46de970457ed84157d1a58155a444a Mon Sep 17 00:00:00 2001 From: William Date: Fri, 2 May 2025 15:41:29 -0300 Subject: [PATCH 044/267] sleep 3 on ulauncher startup --- users/modules/user/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index d754e8a..43f7223 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -174,6 +174,7 @@ ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" export GDK_BACKEND=wayland + sleep 3 exec ${pkgs.ulauncher}/bin/ulauncher --hide-window ''; }; From 4779cabdc5a53eb4ea5867931ec7c47ab086c6f8 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 2 May 2025 23:46:10 -0300 Subject: [PATCH 045/267] Trying to fix ulauncher service --- users/modules/user/programs.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index 43f7223..c7b8ee6 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -149,10 +149,9 @@ systemd.user.services.ulauncher = { Unit = { - "Description" = "Ulauncher Application Launcher"; - "PartOf" = [ "graphical-session.target" ]; + Description = "Ulauncher Application Launcher"; + After = [ "graphical-session.target" ]; }; - Install.WantedBy = [ "graphical-session.target" ]; Service = { Type = "simple"; Environment = @@ -174,7 +173,6 @@ ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" export GDK_BACKEND=wayland - sleep 3 exec ${pkgs.ulauncher}/bin/ulauncher --hide-window ''; }; From ce0be14dbbbe9991b3acc7fe94ed7d0e4284f2f5 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 2 May 2025 23:56:32 -0300 Subject: [PATCH 046/267] No ulauncher for now, maybe when I finally switch to hyprland --- users/modules/user/programs.nix | 66 ++++++++++++++++----------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index c7b8ee6..65985d8 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -111,9 +111,9 @@ (lib.mkIf hostType.isWorkstation { fonts.fontconfig.enable = true; - home.packages = with pkgs; [ - ulauncher - ]; + # home.packages = with pkgs; [ + # ulauncher + # ]; programs = { password-store.package = pkgs.pass-wayland; @@ -147,36 +147,36 @@ }; }; - systemd.user.services.ulauncher = { - Unit = { - Description = "Ulauncher Application Launcher"; - After = [ "graphical-session.target" ]; - }; - Service = { - Type = "simple"; - Environment = - let - pydeps = pkgs.python3.withPackages ( - pp: with pp; [ - # dependencies for ulauncher-albert-calculate-anything - parsedatetime - pint - pytz - requests - simpleeval - ] - ); - in - [ - "PYTHONPATH=${pydeps}/${pydeps.sitePackages}" - ]; - ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' - export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" - export GDK_BACKEND=wayland - exec ${pkgs.ulauncher}/bin/ulauncher --hide-window - ''; - }; - }; + # systemd.user.services.ulauncher = { + # Unit = { + # Description = "Ulauncher Application Launcher"; + # After = [ "graphical-session.target" ]; + # }; + # Service = { + # Type = "simple"; + # Environment = + # let + # pydeps = pkgs.python3.withPackages ( + # pp: with pp; [ + # # dependencies for ulauncher-albert-calculate-anything + # parsedatetime + # pint + # pytz + # requests + # simpleeval + # ] + # ); + # in + # [ + # "PYTHONPATH=${pydeps}/${pydeps.sitePackages}" + # ]; + # ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' + # export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" + # export GDK_BACKEND=wayland + # exec ${pkgs.ulauncher}/bin/ulauncher --hide-window + # ''; + # }; + # }; }) ]; } From b77aea46488f57e0222435b335262b7fd37c7104 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 4 May 2025 13:55:20 -0300 Subject: [PATCH 047/267] Added embedded dev tools to io --- hosts/modules/io/programs.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/modules/io/programs.nix b/hosts/modules/io/programs.nix index 0b156f6..f1286c7 100644 --- a/hosts/modules/io/programs.nix +++ b/hosts/modules/io/programs.nix @@ -19,6 +19,9 @@ in { environment = { systemPackages = with pkgs; [ + arduino-ide + esptool + # fritzing maliit-keyboard sof-firmware ]; From bd3302860c9d577c40a95b89f0160ee3ebd093c0 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 9 May 2025 15:14:16 -0300 Subject: [PATCH 048/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/e600439ec4c273cf11e06fe4d9d906fb98fa097c?narHash=sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA%3D' (2025-01-15) → 'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded?narHash=sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus%3D' (2025-04-26) • Updated input 'agenix/darwin': 'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d?narHash=sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0%3D' (2023-11-24) → 'github:lnl7/nix-darwin/43975d782b418ebf4969e9ccba82466728c2851b?narHash=sha256-dyN%2BteG9G82G%2Bm%2BPX/aSAagkC%2BvUv0SgUw3XkPhQodQ%3D' (2025-04-12) • Updated input 'agenix/home-manager': 'github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1?narHash=sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE%3D' (2023-12-20) → 'github:nix-community/home-manager/abfad3d2958c9e6300a883bd443512c55dfeb1be?narHash=sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs%3D' (2025-04-24) • Updated input 'home-manager': 'github:nix-community/home-manager/6899001a762b0e089ad7b8ec7637d0a678640b8e?narHash=sha256-KK0LZX8O73DVIcI5qnxuDeSh3b4RrkDfC6lvIjzEyzc%3D' (2025-04-22) → 'github:nix-community/home-manager/e95a7c5b6fa93304cd2fd78cf676c4f6d23c422c?narHash=sha256-axfz/jBEH9XHpS7YSumstV7b2PrPf7L8bhWUtLBv3nA%3D' (2025-05-09) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/c61bfe3ae692f42ce688b5865fac9e0de58e1387?narHash=sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg%3D' (2025-04-15) → 'github:nix-community/home-manager/50eee705bbdbac942074a8c120e8194185633675?narHash=sha256-EyXUNSa%2BH%2BYvGVuQJP1nZskXAowxKYp79RNUsNdQTj4%3D' (2025-05-02) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/c11863f1e964833214b767f4a369c6e6a7aba141?narHash=sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0%3D' (2025-04-21) → 'github:nixos/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54?narHash=sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ%2BTCkTRpRc%3D' (2025-05-08) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) → 'github:nixos/nixpkgs/1d3aeb5a193b9ff13f63f4d9cc169fb88129f860?narHash=sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0%3D' (2025-05-06) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 003e29d..3b34574 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -91,11 +91,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1745350245, - "narHash": "sha256-KK0LZX8O73DVIcI5qnxuDeSh3b4RrkDfC6lvIjzEyzc=", + "lastModified": 1746798521, + "narHash": "sha256-axfz/jBEH9XHpS7YSumstV7b2PrPf7L8bhWUtLBv3nA=", "owner": "nix-community", "repo": "home-manager", - "rev": "6899001a762b0e089ad7b8ec7637d0a678640b8e", + "rev": "e95a7c5b6fa93304cd2fd78cf676c4f6d23c422c", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745234285, - "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=", + "lastModified": 1746663147, + "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c11863f1e964833214b767f4a369c6e6a7aba141", + "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746557022, + "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", "type": "github" }, "original": { From 2ac95bb2d6a61c8e2597c394108e8fedce0d488d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 17 May 2025 23:06:28 -0300 Subject: [PATCH 049/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded?narHash=sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus%3D' (2025-04-26) → 'github:ryantm/agenix/6697e8babbd8f323dfd5e28f160a0128582c128b?narHash=sha256-E1WjB%2BzvDw4x058mg3MIdK5j2huvnNpTEEt2brhg2H8%3D' (2025-05-17) • Updated input 'home-manager': 'github:nix-community/home-manager/e95a7c5b6fa93304cd2fd78cf676c4f6d23c422c?narHash=sha256-axfz/jBEH9XHpS7YSumstV7b2PrPf7L8bhWUtLBv3nA%3D' (2025-05-09) → 'github:nix-community/home-manager/ae755329092c87369b9e9a1510a8cf1ce2b1c708?narHash=sha256-5rCGrnkglKKj4cav1U3HC%2BSIUNJh08pqOK4spQv9RjA%3D' (2025-05-16) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/50eee705bbdbac942074a8c120e8194185633675?narHash=sha256-EyXUNSa%2BH%2BYvGVuQJP1nZskXAowxKYp79RNUsNdQTj4%3D' (2025-05-02) → 'github:nix-community/home-manager/1eec32f0efe3b830927989767a9e6ece0d82d608?narHash=sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8%3D' (2025-05-15) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54?narHash=sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ%2BTCkTRpRc%3D' (2025-05-08) → 'github:nixos/nixpkgs/e06158e58f3adee28b139e9c2bcfcc41f8625b46?narHash=sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4%2BwYK4%3D' (2025-05-15) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/1d3aeb5a193b9ff13f63f4d9cc169fb88129f860?narHash=sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0%3D' (2025-05-06) → 'github:nixos/nixpkgs/ba8b70ee098bc5654c459d6a95dfc498b91ff858?narHash=sha256-IKKIXTSYJMmUtE%2BKav5Rob8SgLPnfnq4Qu8LyT4gdqQ%3D' (2025-05-15) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 3b34574..909ccdc 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747514353, + "narHash": "sha256-E1WjB+zvDw4x058mg3MIdK5j2huvnNpTEEt2brhg2H8=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "6697e8babbd8f323dfd5e28f160a0128582c128b", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1747331121, + "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1746798521, - "narHash": "sha256-axfz/jBEH9XHpS7YSumstV7b2PrPf7L8bhWUtLBv3nA=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "e95a7c5b6fa93304cd2fd78cf676c4f6d23c422c", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746663147, - "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1746557022, - "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { From 222c69b136b252cb8ff5fcd45b0163e8f047e5ab Mon Sep 17 00:00:00 2001 From: William Date: Sat, 17 May 2025 23:07:29 -0300 Subject: [PATCH 050/267] removed ventoy --- hosts/modules/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 5ef7a45..d364637 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -121,7 +121,6 @@ rustdesk steam-run unrar - ventoy ### Media ### mpv obs-studio From a92172bfbcb5817cadd178a4605b08573890fee3 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 18 May 2025 18:24:47 -0300 Subject: [PATCH 051/267] Opened firewall for mc --- hosts/modules/alexandria/networking.nix | 12 +++++++----- hosts/modules/alexandria/users.nix | 1 - hosts/modules/desktop.nix | 18 +++++++++++------- hosts/modules/programs.nix | 22 +++++++++++----------- 4 files changed, 29 insertions(+), 24 deletions(-) diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix index 504fce6..f518b12 100644 --- a/hosts/modules/alexandria/networking.nix +++ b/hosts/modules/alexandria/networking.nix @@ -4,12 +4,14 @@ networking = { firewall = { allowedTCPPorts = [ - 80 - 443 - 8010 - 9666 + 80 # HTTP + 443 # HTTPS + 25565 # Minecraft + ]; + allowedUDPPorts = [ + 24454 # Minecraft Simple Voice Chat + 25565 # Minecraft ]; - allowedUDPPorts = [ 24454 ]; }; }; } diff --git a/hosts/modules/alexandria/users.nix b/hosts/modules/alexandria/users.nix index db3f3ed..353f28f 100644 --- a/hosts/modules/alexandria/users.nix +++ b/hosts/modules/alexandria/users.nix @@ -10,7 +10,6 @@ gid = 1005; members = [ "user" - "minecraft" "paperless" "vaultwarden" ]; diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 59502ee..b850c0c 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -18,14 +18,18 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { services = { - displayManager.sddm = { - enable = true; - wayland = { - enable = true; - compositor = "kwin"; - }; + xserver = { + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; }; - desktopManager.plasma6.enable = true; + # displayManager.sddm = { + # enable = true; + # wayland = { + # enable = true; + # compositor = "kwin"; + # }; + # }; + # desktopManager.plasma6.enable = true; pipewire = { enable = true; alsa.enable = true; diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index d364637..eb8fdf1 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -157,17 +157,17 @@ ]; }; - environment.plasma6.excludePackages = ( - with pkgs.kdePackages; - [ - discover - elisa - gwenview - kate - khelpcenter - oxygen - ] - ); + # environment.plasma6.excludePackages = ( + # with pkgs.kdePackages; + # [ + # discover + # elisa + # gwenview + # kate + # khelpcenter + # oxygen + # ] + # ); } )) ]; From 2efd2c72da4acab23bbddb08bb6270fc76e113b1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 18 May 2025 19:39:48 -0300 Subject: [PATCH 052/267] gnome kinda sucks, going back to plasma --- hosts/modules/desktop.nix | 16 ++++++++-------- hosts/modules/programs.nix | 22 +++++++++++----------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index b850c0c..a9cbe6d 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -22,14 +22,14 @@ displayManager.gdm.enable = true; desktopManager.gnome.enable = true; }; - # displayManager.sddm = { - # enable = true; - # wayland = { - # enable = true; - # compositor = "kwin"; - # }; - # }; - # desktopManager.plasma6.enable = true; + displayManager.sddm = { + enable = true; + wayland = { + enable = true; + compositor = "kwin"; + }; + }; + desktopManager.plasma6.enable = true; pipewire = { enable = true; alsa.enable = true; diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index eb8fdf1..d364637 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -157,17 +157,17 @@ ]; }; - # environment.plasma6.excludePackages = ( - # with pkgs.kdePackages; - # [ - # discover - # elisa - # gwenview - # kate - # khelpcenter - # oxygen - # ] - # ); + environment.plasma6.excludePackages = ( + with pkgs.kdePackages; + [ + discover + elisa + gwenview + kate + khelpcenter + oxygen + ] + ); } )) ]; From fb3f176f2b8eab3be16b2dbf69260e86f500ee8c Mon Sep 17 00:00:00 2001 From: William Date: Sun, 18 May 2025 19:41:25 -0300 Subject: [PATCH 053/267] completely remove gnome --- hosts/modules/desktop.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index a9cbe6d..59502ee 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -18,10 +18,6 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { services = { - xserver = { - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - }; displayManager.sddm = { enable = true; wayland = { From 4d65ec9ae6a542b5bc30ca6044f0dd271e7bf1e9 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 18 May 2025 19:47:33 -0300 Subject: [PATCH 054/267] helix file picker in dir hotkey --- users/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 7482388..55e4488 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -43,6 +43,7 @@ space = "file_picker"; w = ":w"; q = ":q"; + o = "file_picker_in_current_buffer_directory"; esc = [ "collapse_selection" "keep_primary_selection" From 0d3768547046b6c2fcb97cc46534cc1a242a7f97 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 09:26:50 -0300 Subject: [PATCH 055/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/6697e8babbd8f323dfd5e28f160a0128582c128b?narHash=sha256-E1WjB%2BzvDw4x058mg3MIdK5j2huvnNpTEEt2brhg2H8%3D' (2025-05-17) → 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1?narHash=sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY%2BD81k%3D' (2025-05-18) • Updated input 'deploy-rs': 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76?narHash=sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE%2Bne0U%3D' (2024-09-27) → 'github:serokell/deploy-rs/6bc76b872374845ba9d645a2f012b764fecd765f?narHash=sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE%3D' (2025-06-05) • Updated input 'deploy-rs/flake-compat': 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33?narHash=sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U%3D' (2023-10-04) → 'github:edolstra/flake-compat/ff81ac966bb2cae68946d5ed5fc4994f96d0ffec?narHash=sha256-NeCCThCEP3eCl2l/%2B27kNNK7QrwZB1IJCrXfrbv5oqU%3D' (2024-12-04) • Updated input 'deploy-rs/utils': 'github:numtide/flake-utils/4022d587cbbfd70fe950c1e2083a02621806a725?narHash=sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8%3D' (2023-12-04) → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b?narHash=sha256-l0KFg5HjrsfsO/JpG%2Br7fRrqm12kzFHyUHqHCVpMMbI%3D' (2024-11-13) • Updated input 'home-manager': 'github:nix-community/home-manager/ae755329092c87369b9e9a1510a8cf1ce2b1c708?narHash=sha256-5rCGrnkglKKj4cav1U3HC%2BSIUNJh08pqOK4spQv9RjA%3D' (2025-05-16) → 'github:nix-community/home-manager/91287a0e9d42570754487b7e38c6697e15a9aab2?narHash=sha256-bXcEx1aZUNm5hMLVJeuofcOrZyOiapzvQ7K36HYK3YQ%3D' (2025-06-06) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/1eec32f0efe3b830927989767a9e6ece0d82d608?narHash=sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8%3D' (2025-05-15) → 'github:nix-community/home-manager/d5f1f641b289553927b3801580598d200a501863?narHash=sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz%2BAFQF7n9NmNc%3D' (2025-05-19) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e06158e58f3adee28b139e9c2bcfcc41f8625b46?narHash=sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4%2BwYK4%3D' (2025-05-15) → 'github:nixos/nixpkgs/c2a03962b8e24e669fb37b7df10e7c79531ff1a4?narHash=sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj%2BQ%3D' (2025-06-03) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/ba8b70ee098bc5654c459d6a95dfc498b91ff858?narHash=sha256-IKKIXTSYJMmUtE%2BKav5Rob8SgLPnfnq4Qu8LyT4gdqQ%3D' (2025-05-15) → 'github:nixos/nixpkgs/8eb3b6a2366a7095939cd22f0dc0e9991313294b?narHash=sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP%2BZX%2BzthYcml9U%3D' (2025-06-04) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 909ccdc..3bc75a9 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747514353, - "narHash": "sha256-E1WjB+zvDw4x058mg3MIdK5j2huvnNpTEEt2brhg2H8=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "6697e8babbd8f323dfd5e28f160a0128582c128b", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -54,11 +54,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1727447169, - "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "lastModified": 1749105467, + "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", "type": "github" }, "original": { @@ -70,11 +70,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1747331121, - "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", + "lastModified": 1747688870, + "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", + "rev": "d5f1f641b289553927b3801580598d200a501863", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1747439237, - "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", + "lastModified": 1749178927, + "narHash": "sha256-bXcEx1aZUNm5hMLVJeuofcOrZyOiapzvQ7K36HYK3YQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", + "rev": "91287a0e9d42570754487b7e38c6697e15a9aab2", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747327360, - "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", + "lastModified": 1748995628, + "narHash": "sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP+ZX+zthYcml9U=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", + "rev": "8eb3b6a2366a7095939cd22f0dc0e9991313294b", "type": "github" }, "original": { @@ -256,11 +256,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { From 4dcd29bacba0683f08b3d9c6046674401821e4e4 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 10:36:26 -0300 Subject: [PATCH 056/267] back to plasma --- flake.lock | 38 ++- flake.nix | 39 ++- hosts/modules/alexandria/default.nix | 1 - hosts/modules/alexandria/networking.nix | 10 +- hosts/modules/alexandria/nextcloud.nix | 103 ------ hosts/modules/default.nix | 1 - hosts/modules/desktop.nix | 16 +- hosts/modules/flatpak.nix | 35 -- hosts/modules/impermanence.nix | 2 - hosts/modules/networking.nix | 5 +- hosts/modules/programs.nix | 217 +++++++------ hosts/modules/trantor/boot.nix | 9 + hosts/modules/trantor/default.nix | 10 + hosts/modules/trantor/disko.nix | 32 ++ .../trantor/hardware-configuration.nix | 27 ++ hosts/modules/trantor/networking.nix | 10 + hosts/modules/users.nix | 8 +- hosts/modules/virtualisation.nix | 1 - hosts/trantor.nix | 13 + packages/toggleaudiosink.nix | 48 +++ readme.md | 9 +- users/modules/user/default.nix | 2 +- users/modules/user/home.nix | 20 ++ users/modules/user/hyprland.nix | 299 ------------------ users/modules/user/programs.nix | 40 +-- 25 files changed, 385 insertions(+), 610 deletions(-) delete mode 100644 hosts/modules/alexandria/nextcloud.nix delete mode 100644 hosts/modules/flatpak.nix create mode 100644 hosts/modules/trantor/boot.nix create mode 100644 hosts/modules/trantor/default.nix create mode 100644 hosts/modules/trantor/disko.nix create mode 100644 hosts/modules/trantor/hardware-configuration.nix create mode 100644 hosts/modules/trantor/networking.nix create mode 100644 hosts/trantor.nix create mode 100644 packages/toggleaudiosink.nix create mode 100644 users/modules/user/home.nix delete mode 100644 users/modules/user/hyprland.nix diff --git a/flake.lock b/flake.lock index 3bc75a9..bce73e5 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,27 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "owner": "nix-community", + "repo": "disko", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v1.11.0", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -111,16 +132,16 @@ ] }, "locked": { - "lastModified": 1747688870, - "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5f1f641b289553927b3801580598d200a501863", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -195,16 +216,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1748995628, - "narHash": "sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP+ZX+zthYcml9U=", + "lastModified": 1749086602, + "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb3b6a2366a7095939cd22f0dc0e9991313294b", + "rev": "4792576cb003c994bd7cc1edada3129def20b27d", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -213,6 +234,7 @@ "inputs": { "agenix": "agenix", "deploy-rs": "deploy-rs", + "disko": "disko", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index 8fe5b99..a7ea546 100644 --- a/flake.nix +++ b/flake.nix @@ -3,14 +3,14 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager-stable = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; @@ -24,6 +24,11 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; + disko = { + url = "github:nix-community/disko?ref=v1.11.0"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; impermanence.url = "github:nix-community/impermanence"; @@ -36,10 +41,11 @@ nixpkgs-stable, home-manager, home-manager-stable, + disko, agenix, deploy-rs, - impermanence, nix-flatpak, + impermanence, ... }: { @@ -62,6 +68,7 @@ defaultModules = [ ./hosts/${hostname}.nix agenix.nixosModules.default + disko.nixosModules.default hm.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak @@ -80,6 +87,11 @@ ]; serverModules = [ self.nixosModules.qbittorrent + { + nixpkgs.overlays = [ + self.overlays.serverOverlay + ]; + } ]; typeModules = if type == "server" then serverModules else workstationModules; allModules = defaultModules ++ typeModules ++ extraModules; @@ -105,6 +117,12 @@ alexandria = mkHost { hostname = "alexandria"; type = "server"; + extraModules = [ self.nixosModules.qbittorrent ]; + }; + trantor = mkHost { + hostname = "trantor"; + type = "server"; + system = "aarch64-linux"; }; }; @@ -113,6 +131,9 @@ }; workstationOverlay = final: prev: { plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; + toggleaudiosink = + nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/toggleaudiosink.nix + { }; }; serverOverlay = final: prev: { }; @@ -134,6 +155,18 @@ }; }; + trantor = { + hostname = "trantor"; + profiles = { + system = { + user = "root"; + sshUser = "root"; + remoteBuild = true; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + }; + }; + }; + io = { hostname = "io"; profiles = { diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix index d33bd6d..64ab083 100644 --- a/hosts/modules/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -19,7 +19,6 @@ in ./jellyfin.nix ./librespeed.nix ./memos.nix - ./nextcloud.nix ./nginx.nix ./searx.nix ./services.nix diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix index f518b12..0d40f21 100644 --- a/hosts/modules/alexandria/networking.nix +++ b/hosts/modules/alexandria/networking.nix @@ -4,14 +4,10 @@ networking = { firewall = { allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPS - 25565 # Minecraft - ]; - allowedUDPPorts = [ - 24454 # Minecraft Simple Voice Chat - 25565 # Minecraft + 80 + 443 ]; + allowedUDPPorts = [ ]; }; }; } diff --git a/hosts/modules/alexandria/nextcloud.nix b/hosts/modules/alexandria/nextcloud.nix deleted file mode 100644 index 04d7407..0000000 --- a/hosts/modules/alexandria/nextcloud.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: - -{ - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud30; - datadir = "/data/nextcloud"; - hostName = "cloud.baduhai.dev"; - configureRedis = true; - https = true; - autoUpdateApps.enable = true; - secretFile = config.age.secrets."nextcloud-secrets.json".path; - database.createLocally = true; - maxUploadSize = "16G"; - caching = { - apcu = true; - redis = true; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - default_phone_region = "BR"; - maintenance_window_start = "4"; - enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\EMF" - "OC\\Preview\\Font" - "OC\\Preview\\GIF" - "OC\\Preview\\HEIC" - "OC\\Preview\\Illustrator" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\Movie" - "OC\\Preview\\MP3" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PDF" - "OC\\Preview\\Photoshop" - "OC\\Preview\\PNG" - "OC\\Preview\\Postscript" - "OC\\Preview\\SVG" - "OC\\Preview\\TIFF" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - ]; - }; - config = { - dbtype = "pgsql"; - adminpassFile = config.age.secrets.nextcloud-adminpass.path; - }; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - }; - - collabora-online = { - enable = true; - port = lib.strings.toInt config.ports.collabora; - settings.ssl = { - enable = false; - termination = true; - }; - }; - - nginx.virtualHosts = { - ${config.services.nextcloud.hostName} = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - "office.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${config.ports.collabora}"; - proxyWebsockets = true; - }; - }; - }; - }; - - age.secrets = { - "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; - owner = "nextcloud"; - group = "hosted"; - }; - nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; - owner = "nextcloud"; - group = "hosted"; - }; - }; -} diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index c877354..bc290b2 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -5,7 +5,6 @@ ./boot.nix ./console.nix ./desktop.nix - ./flatpak.nix ./impermanence.nix ./locale.nix ./networking.nix diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 59502ee..6002f3e 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -18,11 +18,17 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { services = { - displayManager.sddm = { - enable = true; - wayland = { + displayManager = { + autoLogin = { enable = true; - compositor = "kwin"; + user = "user"; + }; + sddm = { + enable = true; + wayland = { + enable = true; + compositor = "kwin"; + }; }; }; desktopManager.plasma6.enable = true; @@ -36,8 +42,6 @@ }; }; - # programs.hyprland.enable = true; - hardware = { xpadneo.enable = true; bluetooth.enable = true; diff --git a/hosts/modules/flatpak.nix b/hosts/modules/flatpak.nix deleted file mode 100644 index 39d57d9..0000000 --- a/hosts/modules/flatpak.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - hostType, - lib, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - services.flatpak = { - enable = true; - packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.github.tchx84.Flatseal" - "com.steamgriddb.SGDBoop" - "app.zen_browser.zen" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - }) - ]; -} diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix index 5ba5f6e..7c5c7d6 100644 --- a/hosts/modules/impermanence.nix +++ b/hosts/modules/impermanence.nix @@ -27,14 +27,12 @@ ]; directories = [ "/etc/NetworkManager/system-connections" - "/etc/waydroid-extra/images/" "/var/lib/bluetooth" "/var/lib/flatpak" "/var/lib/nixos" "/var/lib/systemd/coredump" "/var/lib/systemd/timers" "/var/lib/tailscale" - "/var/lib/waydroid" "/var/log" ]; }; diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix index 63459d0..30dd7b5 100644 --- a/hosts/modules/networking.nix +++ b/hosts/modules/networking.nix @@ -18,7 +18,10 @@ enable = true; extraUpFlags = [ "--operator=user" ]; }; - openssh.enable = true; + openssh = { + enable = true; + settings.PermitRootLogin = "no"; + }; }; } diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index d364637..f0782f6 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -9,32 +9,32 @@ config = lib.mkMerge [ # Common configuration { - environment.systemPackages = with pkgs; [ - ### Dev Tools ### - agenix - git - helix - ### System Utilities ### - btop - fastfetch - nixos-firewall-tool - sysz - wget - tmux - ]; + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + agenix + git + helix + ### System Utilities ### + btop + fastfetch + nixos-firewall-tool + sysz + wget + tmux + ]; + shellAliases = { + ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; + neofetch = "fastfetch"; + tree = "ls --tree"; + syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; + }; + }; programs = { fish.enable = true; command-not-found.enable = false; }; - - environment.shellAliases = { - ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; - neofetch = "fastfetch"; - tree = "ls --tree"; - tsh = "ssh -o RequestTTY=yes $argv tmux -u -CC new -A -s tmux-main"; - syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; - }; } # Server specific configuration @@ -64,73 +64,86 @@ }; in { - environment.systemPackages = - with pkgs; - [ - ### Dev Tools ### - bat - deploy-rs - fd - fzf - nixfmt-rfc-style - nix-init - nix-output-monitor - ripgrep - ### Internet Browsers & Communication ### - beeper - brave - microsoft-edge - nextcloud-client - tor-browser - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - obsidian - (octaveFull.withPackages (octavePackages: with octavePackages; [ signal ])) - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - orca-slicer - plasticity - ### Gaming & Entertainment ### - clonehero - heroic - mangohud - prismlauncher - protonup - ### System Utilities ### - adwaita-icon-theme - junction - kara - kde-rounded-corners - libfido2 - # lilipod BROKEN - mission-center - p7zip - qbittorrent - quickemu - quickgui - rustdesk - steam-run - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ kdepkgs; + environment = { + systemPackages = + with pkgs; + [ + ### Dev Tools ### + bat + deploy-rs + fd + fzf + nixfmt-rfc-style + nix-init + nix-output-monitor + ripgrep + ### Internet Browsers & Communication ### + beeper + brave + tor-browser + vesktop + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + kwrite + libreoffice-qt + obsidian + onlyoffice-desktopeditors + rnote + ### Graphics & Design ### + gimp + inkscape + orca-slicer + plasticity + ### Gaming & Entertainment ### + clonehero + heroic + mangohud + prismlauncher + protonup + ### System Utilities ### + adwaita-icon-theme + junction + kara + kde-rounded-corners + libfido2 + # lilipod BROKEN + mission-center + p7zip + qbittorrent + quickemu + quickgui + rustdesk + steam-run + unrar + ### Media ### + mpv + obs-studio + qview + ] + ++ kdepkgs; + plasma6.excludePackages = ( + with pkgs.kdePackages; + [ + discover + elisa + gwenview + kate + khelpcenter + oxygen + ] + ); + }; programs = { adb.enable = true; - steam.enable = true; + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; dconf.enable = true; nix-ld.enable = true; kdeconnect.enable = true; @@ -157,17 +170,29 @@ ]; }; - environment.plasma6.excludePackages = ( - with pkgs.kdePackages; - [ - discover - elisa - gwenview - kate - khelpcenter - oxygen - ] - ); + services.flatpak = { + enable = true; + packages = [ + ### Dev Tools ### + ### Internet Browsers & Communication ### + "app.zen_browser.zen" + ### Office & Productivity ### + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + ### Gaming & Entertainment ### + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ### System Utilities ### + "com.github.tchx84.Flatseal" + "io.github.Foldex.AdwSteamGtk" + "com.steamgriddb.SGDBoop" + ### Media ### + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; } )) ]; diff --git a/hosts/modules/trantor/boot.nix b/hosts/modules/trantor/boot.nix new file mode 100644 index 0000000..35b8cb6 --- /dev/null +++ b/hosts/modules/trantor/boot.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + boot = { + loader.efi.efiSysMountPoint = "/boot"; + initrd.systemd.enable = true; + kernel.sysctl."net.ipv4.ip_forward" = 1; + }; +} diff --git a/hosts/modules/trantor/default.nix b/hosts/modules/trantor/default.nix new file mode 100644 index 0000000..9bdb292 --- /dev/null +++ b/hosts/modules/trantor/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./disko.nix + ./hardware-configuration.nix + ./networking.nix + ]; +} diff --git a/hosts/modules/trantor/disko.nix b/hosts/modules/trantor/disko.nix new file mode 100644 index 0000000..39599f4 --- /dev/null +++ b/hosts/modules/trantor/disko.nix @@ -0,0 +1,32 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/modules/trantor/hardware-configuration.nix b/hosts/modules/trantor/hardware-configuration.nix new file mode 100644 index 0000000..d5cc31f --- /dev/null +++ b/hosts/modules/trantor/hardware-configuration.nix @@ -0,0 +1,27 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot = { + kernelModules = [ ]; + extraModulePackages = [ ]; + initrd = { + availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; + kernelModules = [ ]; + }; + }; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/modules/trantor/networking.nix b/hosts/modules/trantor/networking.nix new file mode 100644 index 0000000..cb7b88a --- /dev/null +++ b/hosts/modules/trantor/networking.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking = { + firewall = { + allowedTCPPorts = [ 25566 ]; + allowedUDPPorts = [ 25566 ]; + }; + }; +} diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix index 96f1ba5..e463781 100644 --- a/hosts/modules/users.nix +++ b/hosts/modules/users.nix @@ -20,17 +20,13 @@ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; root = { shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" - ]; hashedPassword = "!"; }; }; diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix index fb2c156..232459a 100644 --- a/hosts/modules/virtualisation.nix +++ b/hosts/modules/virtualisation.nix @@ -32,7 +32,6 @@ virtualisation = { libvirtd.enable = true; lxd.enable = true; - waydroid.enable = true; }; }) ]; diff --git a/hosts/trantor.nix b/hosts/trantor.nix new file mode 100644 index 0000000..4a02556 --- /dev/null +++ b/hosts/trantor.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + networking.hostName = "trantor"; + + imports = [ + ./modules/trantor + ./modules + ]; + + nix.nixPath = [ "nixos-config=${./trantor.nix}" ]; +} + diff --git a/packages/toggleaudiosink.nix b/packages/toggleaudiosink.nix new file mode 100644 index 0000000..623346f --- /dev/null +++ b/packages/toggleaudiosink.nix @@ -0,0 +1,48 @@ +{ + pkgs ? import { }, +}: + +pkgs.writeShellScriptBin "toggleaudiosink" '' + #!/usr/bin/env bash + + sound_server="pipewire" + + # Grab a count of how many audio sinks we have + sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") + # Create an array of the actual sink IDs + sinks=() + mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') + # Get the ID of the active sink + active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') + active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) + + # Get the ID of the last sink in the array + final_sink=''${sinks[$((sink_count - 1))]} + + # Find the index of the active sink + for index in "''${!sinks[@]}"; do + if [[ "''${sinks[$index]}" == "$active_sink" ]]; then + active_sink_index=$index + fi + done + + # Default to the first sink in the list + next_sink=''${sinks[0]} + next_sink_index=0 + + # If we're not at the end of the list, move up the list + if [[ $active_sink -ne $final_sink ]]; then + next_sink_index=$((active_sink_index + 1)) + next_sink=''${sinks[$next_sink_index]} + fi + + # Change the default sink + # Get the name of the next sink + next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) + ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" + + # Move all inputs to the new sink + for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do + ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" + done +'' diff --git a/readme.md b/readme.md index f19ab12..9f3af1e 100644 --- a/readme.md +++ b/readme.md @@ -1,7 +1,8 @@ All my personal Nix and NixOS hosts, in a flake. -|Host|Description|Nixpkgs version| +|Host|Description|System Version| |:---|:---:|---:| -|alexandria|Personal server/NAS|24.05| -|io|Mobile workstation|unstable| -|rotterdam|Workstation|unstable| +|alexandria|Personal server/NAS|NixOS 25.05| +|io|Mobile workstation|NixOS Unstable| +|rotterdam|Workstation|NixOS Unstable| +|trantor|Oracle Cloud VPS|NixOS 25.05| diff --git a/users/modules/user/default.nix b/users/modules/user/default.nix index 173f040..660553d 100644 --- a/users/modules/user/default.nix +++ b/users/modules/user/default.nix @@ -2,7 +2,7 @@ { imports = [ - # ./hyprland.nix ./programs.nix + ./home.nix ]; } diff --git a/users/modules/user/home.nix b/users/modules/user/home.nix new file mode 100644 index 0000000..270db7a --- /dev/null +++ b/users/modules/user/home.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + home.pointerCursor = { + package = pkgs.kdePackages.breeze; + name = "Breeze_Light"; + gtk.enable = true; + x11.enable = true; + }; + + gtk = { + enable = true; + gtk3.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + gtk4.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + }; +} diff --git a/users/modules/user/hyprland.nix b/users/modules/user/hyprland.nix deleted file mode 100644 index e895922..0000000 --- a/users/modules/user/hyprland.nix +++ /dev/null @@ -1,299 +0,0 @@ -{ - lib, - pkgs, - ... -}: - -let - heightfittr = pkgs.writeShellApplication { - name = "heightfittr"; - runtimeInputs = with pkgs; [ - socat - hyprland - ]; - text = '' - function handle { - case "$1" in - *openwindow*) - hyprctl dispatch scroller:fitheight all > /dev/null - ;; - *closewindow*) - hyprctl dispatch scroller:fitheight all > /dev/null - ;; - esac - } - socat - "UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do - handle "$line" - done - ''; - }; - - scrollermodetoggle = pkgs.writeShellApplication { - name = "scrollermodetoggle"; - runtimeInputs = with pkgs; [ hyprland ]; - text = '' - if [ -f "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" ]; then - rm "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" - hyprctl --batch 'dispatch scroller:setmode row; notify 2 1000 0 "Row Mode"' - else - touch "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" - hyprctl --batch 'dispatch scroller:setmode col; notify 2 1000 0 "Column Mode"' - fi - ''; - }; -in - -{ - wayland.windowManager.hyprland = { - enable = true; - plugins = with pkgs.hyprlandPlugins; [ hyprscroller ]; - extraConfig = '' - ################ - ### MONITORS ### - ################ - monitor=,preferred,auto,1 - - ################# - ### AUTOSTART ### - ################# - # exec-once = ${pkgs.gnome-settings-daemon}/libexec/gsd-rfkill - # exec-once = waybar - # exec-once = syshud - exec-once = ${lib.getExe heightfittr} - env = XCURSOR_SIZE,24 - env = HYPRCURSOR_SIZE,24 - - ##################### - ### LOOK AND FEEL ### - ##################### - general { - gaps_in = 5 - gaps_out = 20 - border_size = 2 - resize_on_border = true - allow_tearing = false - layout = scroller - } - misc { - font_family = Inter - } - plugin { - scroller { - column_default_width = onethird - focuswrap = false - column_widths = onethird onehalf twothirds - center_row_if_space_available = true - } - } - decoration { - rounding = 10 - rounding_power = 2 - dim_inactive = true - dim_strength = 0.3 - shadow { - enabled = true - range = 4 - render_power = 3 - } - blur { - enabled = true - size = 8 - passes = 1 - vibrancy = 0.1696 - } - layerrule = blur, waybar - layerrule = ignorealpha 0.5, waybar - layerrule = ignorezero, waybar - } - animations { - enabled = yes, please :) - bezier = easeOutQuint,0.23,1,0.32,1 - bezier = easeInOutCubic,0.65,0.05,0.36,1 - bezier = linear,0,0,1,1 - bezier = almostLinear,0.5,0.5,0.75,1.0 - bezier = quick,0.15,0,0.1,1 - animation = global, 1, 1, default - animation = border, 1, 1, easeOutQuint - animation = windows, 1, 1, easeOutQuint - animation = windowsIn, 1, 1, easeOutQuint, popin 87% - animation = windowsOut, 1, 1, linear, popin 87% - animation = fadeIn, 1, 1, almostLinear - animation = fadeOut, 1, 1, almostLinear - animation = fade, 1, 1, quick - animation = layers, 1, 1, easeOutQuint - animation = layersIn, 1, 1, easeOutQuint, fade - animation = layersOut, 1, 1, linear, fade - animation = fadeLayersIn, 1, 1, almostLinear - animation = fadeLayersOut, 1, 1, almostLinear - animation = workspaces, 1, 1, almostLinear, slidevert - } - misc { - force_default_wallpaper = 0 - disable_hyprland_logo = true - } - - ############# - ### INPUT ### - ############# - input { - kb_layout = us - kb_variant = altgr-intl - follow_mouse = 1 - sensitivity = 0 - accel_profile = flat - natural_scroll = true - touchpad { - natural_scroll = true - clickfinger_behavior = true - } - } - - ################### - ### KEYBINDINGS ### - ################### - $mainMod = SUPER - $terminal = ghostty - $menu = ulauncher-toggle - # APP SHORTCUTS - bind = ALT, SPACE, exec, $menu - bind = $mainMod, RETURN, exec, $terminal - # SESSION MANAGEMENT - bind = CTRL ALT, DELETE, exit, - bind = $mainMod, mouse_up, exec, hyprnome - bind = $mainMod, mouse_down, exec, hyprnome --previous - bind = CTRL ALT, j, exec, hyprnome - bind = CTRL ALT, k, exec, hyprnome --previous - bind = $mainMod CTRL ALT, j, exec, hyprnome --move - bind = $mainMod CTRL ALT, k, exec, hyprnome --move --previous - bindel = ,XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ - bindel = ,XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- - bindel = ,XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle - bindel = ,XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle - bindel = ,XF86MonBrightnessUp, exec, brightnessctl s 10%+ - bindel = ,XF86MonBrightnessDown, exec, brightnessctl s 10%- - bindl = , XF86AudioNext, exec, playerctl next - bindl = , XF86AudioPause, exec, playerctl play-pause - bindl = , XF86AudioPlay, exec, playerctl play-pause - bindl = , XF86AudioPrev, exec, playerctl previous - bind = CTRL ALT SHIFT, a, exec, bash /home/user/.local/bin/toggle-audio-output.sh - # WINDOW MANAGEMENT - bind = ALT, F4, killactive, - bind = $mainMod, space, togglefloating, - bind = $mainMod, f, fullscreen - bindm = $mainMod, mouse:272, movewindow - bindm = $mainMod, mouse:273, resizewindow - bind = SUPER, h, movefocus, l - bind = SUPER, l, movefocus, r - bind = SUPER, k, movefocus, u - bind = SUPER, j, movefocus, d - bind = $mainMod CTRL, h, movewindow, l - bind = $mainMod CTRL, l, movewindow, r - bind = $mainMod CTRL, k, movewindow, u - bind = $mainMod CTRL, j, movewindow, d - bind = $mainMod, v, exec, ${lib.getExe scrollermodetoggle} - bind = $mainMod, r, scroller:cyclewidth, next - bind = $mainMod CTRL, r, scroller:cyclewidth, prev - bind = $mainMod, p, scroller:pin, - bind = $mainMod, c, scroller:alignwindow, center - bind = $mainMod CTRL, f, scroller:fitsize, all - - #################### - ### WINDOW RULES ### - #################### - windowrulev2 = suppressevent maximize, class:.* - windowrulev2 = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0 - # ulauncher - windowrule = float, ulauncher - windowrule = pin, ulauncher - windowrule = noborder, ulauncher - windowrule = noshadow, ulauncher - windowrule = nomaxsize, ulauncher - windowrule = noblur, ulauncher - windowrulev2 = animation slide top, class:^(ulauncher)$ - # browsers - windowrulev2 = plugin:scroller:columnwidth onehalf, class:(firefox) - windowrulev2 = plugin:scroller:columnwidth onehalf, class:(zen) - windowrulev2 = plugin:scroller:columnwidth onehalf, class:(brave) - ''; - }; - - services = { - # swaync = { - # enable = true; - # settings = { - # positionX = "left"; - # positionY = "top"; - # layer = "overlay"; - # control-center-layer = "top"; - # layer-shell = true; - # cssPriority = "application"; - # control-center-margin-top = 20; - # control-center-margin-bottom = 20; - # control-center-margin-right = 20; - # control-center-margin-left = 20; - # notification-2fa-action = true; - # notification-inline-replies = false; - # notification-icon-size = 64; - # notification-body-image-height = 100; - # notification-body-image-width = 200; - # timeout = 10; - # timeout-low = 5; - # timeout-critical = 0; - # fit-to-screen = true; - # relative-timestamps = true; - # control-center-width = 500; - # control-center-height = 600; - # notification-window-width = 500; - # keyboard-shortcuts = true; - # image-visibility = "when-available"; - # transition-time = 200; - # hide-on-clear = false; - # hide-on-action = true; - # script-fail-notify = true; - # widgets = [ - # "inhibitors" - # "title" - # "dnd" - # "notifications" - # "mpris" - # ]; - # widget-config = { - # inhibitors = { - # text = "Inhibitors"; - # button-text = "Clear All"; - # clear-all-button = true; - # }; - # title = { - # text = "Notifications"; - # clear-all-button = true; - # button-text = "Clear All"; - # }; - # dnd = { - # text = "Do Not Disturb"; - # }; - # mpris = { - # image-size = 96; - # image-radius = 12; - # }; - # }; - # }; - # }; - # clipman.enable = true; - }; - - # programs = { - # hyprlock.enable = true; - # }; - - home.packages = with pkgs; [ - brightnessctl - ghostty - hyprnome - playerctl - swaynotificationcenter - syshud - ulauncher - waybar - # inputs.mithril.packages.${pkgs.system}.mithril-control-center - ]; -} diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index 65985d8..ec90f17 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -57,10 +57,13 @@ settings = { add_newline = false; format = '' - $directory$git_branch$git_status$nix_shell + $hostname$directory$git_branch$git_status$nix_shell [ ❯ ](bold green) ''; right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = " "; + }; character = { error_symbol = "[](red)"; success_symbol = "[󱐋](green)"; @@ -111,10 +114,6 @@ (lib.mkIf hostType.isWorkstation { fonts.fontconfig.enable = true; - # home.packages = with pkgs; [ - # ulauncher - # ]; - programs = { password-store.package = pkgs.pass-wayland; @@ -146,37 +145,6 @@ gtk-decoration-layout = "appmenu:"; }; }; - - # systemd.user.services.ulauncher = { - # Unit = { - # Description = "Ulauncher Application Launcher"; - # After = [ "graphical-session.target" ]; - # }; - # Service = { - # Type = "simple"; - # Environment = - # let - # pydeps = pkgs.python3.withPackages ( - # pp: with pp; [ - # # dependencies for ulauncher-albert-calculate-anything - # parsedatetime - # pint - # pytz - # requests - # simpleeval - # ] - # ); - # in - # [ - # "PYTHONPATH=${pydeps}/${pydeps.sitePackages}" - # ]; - # ExecStart = pkgs.writeShellScript "ulauncher-env-wrapper.sh" '' - # export PATH="''${XDG_BIN_HOME}:$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" - # export GDK_BACKEND=wayland - # exec ${pkgs.ulauncher}/bin/ulauncher --hide-window - # ''; - # }; - # }; }) ]; } From 79a3c7164dd7488130305ecd52739ad59d1aa87b Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 12:02:47 -0300 Subject: [PATCH 057/267] stylix once again --- flake.lock | 810 +++++++++++++++++++++++++++++++++++- flake.nix | 13 + hosts/modules/default.nix | 1 + hosts/modules/stylix.nix | 44 ++ users/modules/programs.nix | 1 - users/modules/user/home.nix | 23 +- 6 files changed, 875 insertions(+), 17 deletions(-) create mode 100644 hosts/modules/stylix.nix diff --git a/flake.lock b/flake.lock index bce73e5..69462e0 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,140 @@ "type": "github" } }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-fish_2": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_2": { + "flake": false, + "locked": { + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_2": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16_2": { + "inputs": { + "fromYaml": "fromYaml_2" + }, + "locked": { + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -88,6 +222,38 @@ "type": "github" } }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_2": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -104,6 +270,240 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "stylix-stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_2": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "stylix", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "stylix-stable", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "stylix-stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "stylix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "stylix-stable", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1744584021, + "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.1", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_2": { + "flake": false, + "locked": { + "lastModified": 1744584021, + "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.1", + "repo": "gnome-shell", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -167,6 +567,49 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748737919, + "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "5675a9686851d9626560052a032c4e14e533c1fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { + "inputs": { + "nixpkgs": [ + "stylix-stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -230,6 +673,58 @@ "type": "github" } }, + "nur": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1748730660, + "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_2": { + "inputs": { + "flake-parts": [ + "stylix-stable", + "flake-parts" + ], + "nixpkgs": [ + "stylix-stable", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1748730660, + "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -240,7 +735,84 @@ "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable", + "stylix": "stylix", + "stylix-stable": "stylix-stable" + } + }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "gnome-shell": "gnome-shell", + "home-manager": "home-manager_3", + "nixpkgs": [ + "nixpkgs" + ], + "nur": "nur", + "systems": "systems_3", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1749165619, + "narHash": "sha256-E1KgTswgmzBGv+8WijQRghlyIP6k+LPzj9j8bq9BlLU=", + "owner": "danth", + "repo": "stylix", + "rev": "8456dfa7f60e6b4499b0498fc88e9b8b57d4d7d7", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix-stable": { + "inputs": { + "base16": "base16_2", + "base16-fish": "base16-fish_2", + "base16-helix": "base16-helix_2", + "base16-vim": "base16-vim_2", + "firefox-gnome-theme": "firefox-gnome-theme_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks_2", + "gnome-shell": "gnome-shell_2", + "home-manager": "home-manager_4", + "nixpkgs": [ + "nixpkgs-stable" + ], + "nur": "nur_2", + "systems": "systems_4", + "tinted-foot": "tinted-foot_2", + "tinted-kitty": "tinted-kitty_2", + "tinted-schemes": "tinted-schemes_2", + "tinted-tmux": "tinted-tmux_2", + "tinted-zed": "tinted-zed_2" + }, + "locked": { + "lastModified": 1749166576, + "narHash": "sha256-9VUpw7i1VYaRybn6uOqtYAxKbYPZVi+GEDTBkTFlt1Q=", + "owner": "danth", + "repo": "stylix", + "rev": "3979552fe5fb3627a85cc70ceff6efb770c44531", + "type": "github" + }, + "original": { + "owner": "danth", + "ref": "release-25.05", + "repo": "stylix", + "type": "github" } }, "systems": { @@ -273,6 +845,242 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_2": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_2": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1748180480, + "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_2": { + "flake": false, + "locked": { + "lastModified": 1748180480, + "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1748740859, + "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_2": { + "flake": false, + "locked": { + "lastModified": 1748740859, + "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1725758778, + "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_2": { + "flake": false, + "locked": { + "lastModified": 1725758778, + "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "stylix", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "stylix-stable", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index a7ea546..6f5586b 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,15 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; + stylix = { + url = "github:danth/stylix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + stylix-stable = { + url = "github:danth/stylix/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; @@ -41,6 +50,8 @@ nixpkgs-stable, home-manager, home-manager-stable, + stylix, + stylix-stable, disko, agenix, deploy-rs, @@ -61,6 +72,7 @@ let pkgs = if type == "server" then nixpkgs-stable else nixpkgs; hm = if type == "server" then home-manager-stable else home-manager; + stlx = if type == "server" then stylix-stable else stylix; hostTypeFlags = { isServer = type == "server"; isWorkstation = type == "workstation"; @@ -72,6 +84,7 @@ hm.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak + stlx.nixosModules.stylix { nixpkgs.overlays = [ agenix.overlays.default diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index bc290b2..1dbed53 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -12,6 +12,7 @@ ./programs.nix ./security.nix ./services.nix + ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix new file mode 100644 index 0000000..d27b61c --- /dev/null +++ b/hosts/modules/stylix.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }: + +{ + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; + }; + opacity = { + applications = 1.0; + desktop = 0.8; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + }; +} diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 55e4488..bb15a78 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -25,7 +25,6 @@ helix = { enable = true; settings = { - theme = "catppuccin_mocha"; editor = { file-picker.hidden = false; idle-timeout = 0; diff --git a/users/modules/user/home.nix b/users/modules/user/home.nix index 270db7a..212b239 100644 --- a/users/modules/user/home.nix +++ b/users/modules/user/home.nix @@ -1,20 +1,13 @@ -{ pkgs, ... }: +{ ... }: { - home.pointerCursor = { - package = pkgs.kdePackages.breeze; - name = "Breeze_Light"; - gtk.enable = true; - x11.enable = true; - }; - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; + # enable = true; + # gtk3.extraConfig = { + # gtk-decoration-layout = "appmenu:"; + # }; + # gtk4.extraConfig = { + # gtk-decoration-layout = "appmenu:"; + # }; }; } From c728260d7819cf8c72da77eb67a8024d46dffc60 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 13:15:32 -0300 Subject: [PATCH 058/267] no gtk window buttons --- users/modules/user/home.nix | 14 +++++++------- users/modules/user/programs.nix | 9 --------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/users/modules/user/home.nix b/users/modules/user/home.nix index 212b239..ca73729 100644 --- a/users/modules/user/home.nix +++ b/users/modules/user/home.nix @@ -2,12 +2,12 @@ { gtk = { - # enable = true; - # gtk3.extraConfig = { - # gtk-decoration-layout = "appmenu:"; - # }; - # gtk4.extraConfig = { - # gtk-decoration-layout = "appmenu:"; - # }; + enable = true; + gtk3.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + gtk4.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; }; } diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index ec90f17..4548265 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -136,15 +136,6 @@ }; }; }; - - gtk = { - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; }) ]; } From 3625ee327b31ca3d5cfa420ad8af17032c1922c2 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 15:00:56 -0300 Subject: [PATCH 059/267] qbittorrent module for alexandria only --- flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake.nix b/flake.nix index 6f5586b..de2a6ba 100644 --- a/flake.nix +++ b/flake.nix @@ -99,7 +99,6 @@ } ]; serverModules = [ - self.nixosModules.qbittorrent { nixpkgs.overlays = [ self.overlays.serverOverlay From 481f3d32b37daa6a2dbdd8bd2017dce309c31aa6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 15:34:29 -0300 Subject: [PATCH 060/267] blender stylix fails for trantor --- flake.nix | 22 +++++++++++----------- users/modules/default.nix | 9 +++++---- users/modules/stylix.nix | 7 +++++++ 3 files changed, 23 insertions(+), 15 deletions(-) create mode 100644 users/modules/stylix.nix diff --git a/flake.nix b/flake.nix index de2a6ba..018f548 100644 --- a/flake.nix +++ b/flake.nix @@ -167,17 +167,17 @@ }; }; - trantor = { - hostname = "trantor"; - profiles = { - system = { - user = "root"; - sshUser = "root"; - remoteBuild = true; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - }; - }; - }; + # trantor = { + # hostname = "trantor"; + # profiles = { + # system = { + # user = "root"; + # sshUser = "root"; + # remoteBuild = true; + # path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + # }; + # }; + # }; io = { hostname = "io"; diff --git a/users/modules/default.nix b/users/modules/default.nix index adc20f9..0f3fd3b 100644 --- a/users/modules/default.nix +++ b/users/modules/default.nix @@ -1,7 +1,8 @@ -{...}: +{ ... }: { - imports = [ - ./programs.nix - ]; + imports = [ + ./programs.nix + ./stylix.nix + ]; } diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix new file mode 100644 index 0000000..6b06a7d --- /dev/null +++ b/users/modules/stylix.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + stylix.targets = { + blender.enable = false; + }; +} From d9788a7e28c890eea7456351b4c15d429c44a357 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 20:52:41 -0300 Subject: [PATCH 061/267] stylix for workstations only --- flake.lock | 407 +-------------------------------------- flake.nix | 8 +- hosts/modules/stylix.nix | 99 ++++++---- 3 files changed, 61 insertions(+), 453 deletions(-) diff --git a/flake.lock b/flake.lock index 69462e0..644640b 100644 --- a/flake.lock +++ b/flake.lock @@ -57,22 +57,6 @@ "type": "github" } }, - "base16-fish_2": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, "base16-helix": { "flake": false, "locked": { @@ -89,22 +73,6 @@ "type": "github" } }, - "base16-helix_2": { - "flake": false, - "locked": { - "lastModified": 1748408240, - "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, "base16-vim": { "flake": false, "locked": { @@ -122,41 +90,6 @@ "type": "github" } }, - "base16-vim_2": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, - "base16_2": { - "inputs": { - "fromYaml": "fromYaml_2" - }, - "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -238,22 +171,6 @@ "type": "github" } }, - "firefox-gnome-theme_2": { - "flake": false, - "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -285,21 +202,6 @@ "type": "github" } }, - "flake-compat_3": { - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -321,27 +223,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "stylix-stable", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -358,22 +239,6 @@ "type": "github" } }, - "fromYaml_2": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -400,32 +265,6 @@ "type": "github" } }, - "git-hooks_2": { - "inputs": { - "flake-compat": [ - "stylix-stable", - "flake-compat" - ], - "gitignore": "gitignore_2", - "nixpkgs": [ - "stylix-stable", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -448,28 +287,6 @@ "type": "github" } }, - "gitignore_2": { - "inputs": { - "nixpkgs": [ - "stylix-stable", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gnome-shell": { "flake": false, "locked": { @@ -487,23 +304,6 @@ "type": "github" } }, - "gnome-shell_2": { - "flake": false, - "locked": { - "lastModified": 1744584021, - "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.1", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -588,28 +388,6 @@ "type": "github" } }, - "home-manager_4": { - "inputs": { - "nixpkgs": [ - "stylix-stable", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -699,32 +477,6 @@ "type": "github" } }, - "nur_2": { - "inputs": { - "flake-parts": [ - "stylix-stable", - "flake-parts" - ], - "nixpkgs": [ - "stylix-stable", - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix_2" - }, - "locked": { - "lastModified": 1748730660, - "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", - "owner": "nix-community", - "repo": "NUR", - "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -736,8 +488,7 @@ "nix-flatpak": "nix-flatpak", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix", - "stylix-stable": "stylix-stable" + "stylix": "stylix" } }, "stylix": { @@ -777,44 +528,6 @@ "type": "github" } }, - "stylix-stable": { - "inputs": { - "base16": "base16_2", - "base16-fish": "base16-fish_2", - "base16-helix": "base16-helix_2", - "base16-vim": "base16-vim_2", - "firefox-gnome-theme": "firefox-gnome-theme_2", - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks_2", - "gnome-shell": "gnome-shell_2", - "home-manager": "home-manager_4", - "nixpkgs": [ - "nixpkgs-stable" - ], - "nur": "nur_2", - "systems": "systems_4", - "tinted-foot": "tinted-foot_2", - "tinted-kitty": "tinted-kitty_2", - "tinted-schemes": "tinted-schemes_2", - "tinted-tmux": "tinted-tmux_2", - "tinted-zed": "tinted-zed_2" - }, - "locked": { - "lastModified": 1749166576, - "narHash": "sha256-9VUpw7i1VYaRybn6uOqtYAxKbYPZVi+GEDTBkTFlt1Q=", - "owner": "danth", - "repo": "stylix", - "rev": "3979552fe5fb3627a85cc70ceff6efb770c44531", - "type": "github" - }, - "original": { - "owner": "danth", - "ref": "release-25.05", - "repo": "stylix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -860,21 +573,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { @@ -892,23 +590,6 @@ "type": "github" } }, - "tinted-foot_2": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, "tinted-kitty": { "flake": false, "locked": { @@ -925,22 +606,6 @@ "type": "github" } }, - "tinted-kitty_2": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, "tinted-schemes": { "flake": false, "locked": { @@ -957,22 +622,6 @@ "type": "github" } }, - "tinted-schemes_2": { - "flake": false, - "locked": { - "lastModified": 1748180480, - "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, "tinted-tmux": { "flake": false, "locked": { @@ -989,22 +638,6 @@ "type": "github" } }, - "tinted-tmux_2": { - "flake": false, - "locked": { - "lastModified": 1748740859, - "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, "tinted-zed": { "flake": false, "locked": { @@ -1021,22 +654,6 @@ "type": "github" } }, - "tinted-zed_2": { - "flake": false, - "locked": { - "lastModified": 1725758778, - "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1059,28 +676,6 @@ "type": "github" } }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "stylix-stable", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index 018f548..dc03f08 100644 --- a/flake.nix +++ b/flake.nix @@ -18,10 +18,6 @@ url = "github:danth/stylix"; inputs.nixpkgs.follows = "nixpkgs"; }; - stylix-stable = { - url = "github:danth/stylix/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; agenix = { url = "github:ryantm/agenix"; @@ -51,7 +47,6 @@ home-manager, home-manager-stable, stylix, - stylix-stable, disko, agenix, deploy-rs, @@ -72,7 +67,6 @@ let pkgs = if type == "server" then nixpkgs-stable else nixpkgs; hm = if type == "server" then home-manager-stable else home-manager; - stlx = if type == "server" then stylix-stable else stylix; hostTypeFlags = { isServer = type == "server"; isWorkstation = type == "workstation"; @@ -84,7 +78,7 @@ hm.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak - stlx.nixosModules.stylix + stylix.nixosModules.stylix { nixpkgs.overlays = [ agenix.overlays.default diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix index d27b61c..8d9782c 100644 --- a/hosts/modules/stylix.nix +++ b/hosts/modules/stylix.nix @@ -1,44 +1,63 @@ -{ config, pkgs, ... }: +{ + config, + hostType, + lib, + pkgs, + ... +}: { - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; - size = 24; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; + }; + opacity = { + applications = 1.0; + desktop = 0.8; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - }; + }) + ]; } From 5c592a512338310190ee37aa85e544a78094a324 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Jun 2025 22:07:22 -0300 Subject: [PATCH 062/267] rustdesk flatpak instead --- hosts/modules/programs.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index f0782f6..2097b5f 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -110,13 +110,11 @@ kara kde-rounded-corners libfido2 - # lilipod BROKEN mission-center p7zip qbittorrent quickemu quickgui - rustdesk steam-run unrar ### Media ### @@ -186,8 +184,9 @@ "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" ### System Utilities ### "com.github.tchx84.Flatseal" - "io.github.Foldex.AdwSteamGtk" + "com.rustdesk.RustDesk" "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" ### Media ### ]; uninstallUnmanaged = true; From 89f2ab47a297aa19c240e426967406a31d1a60b9 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 10:17:30 -0300 Subject: [PATCH 063/267] remove changedetection --- hosts/modules/alexandria/changedetection.nix | 20 -------------------- hosts/modules/alexandria/default.nix | 2 -- 2 files changed, 22 deletions(-) delete mode 100644 hosts/modules/alexandria/changedetection.nix diff --git a/hosts/modules/alexandria/changedetection.nix b/hosts/modules/alexandria/changedetection.nix deleted file mode 100644 index 702952f..0000000 --- a/hosts/modules/alexandria/changedetection.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: - -{ - services = { - changedetection-io = { - enable = true; - behindProxy = true; - datastorePath = "/data/changedetection"; - port = lib.toInt "${config.ports.changedetection-io}"; - baseURL = "https://detect.baduhai.dev"; - }; - - nginx.virtualHosts."detect.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.changedetection-io}"; - }; - }; -} diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix index 64ab083..64407bb 100644 --- a/hosts/modules/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -12,7 +12,6 @@ in { imports = [ - ./changedetection.nix ./cinny.nix ./forgejo.nix ./hardware-configuration.nix @@ -30,7 +29,6 @@ in bazaar = mkStringOption "6767"; radarr = mkStringOption "7878"; vaultwarden = mkStringOption "8000"; - changedetection-io = mkStringOption "8001"; cinny = mkStringOption "8002"; librespeed = mkStringOption "8003"; paperless = mkStringOption "8004"; From cfecfb8c1f8a0fff10b4306196059a117d899437 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 12:15:58 -0300 Subject: [PATCH 064/267] rearranging alexadira services --- hosts/modules/alexandria/cinny.nix | 23 ------ hosts/modules/alexandria/default.nix | 34 +------- hosts/modules/alexandria/forgejo.nix | 33 -------- hosts/modules/alexandria/jellyfin.nix | 19 ----- hosts/modules/alexandria/librespeed.nix | 22 ----- hosts/modules/alexandria/memos.nix | 23 ------ hosts/modules/alexandria/networking.nix | 5 ++ hosts/modules/alexandria/nginx.nix | 37 --------- hosts/modules/alexandria/searx.nix | 28 ------- hosts/modules/alexandria/services.nix | 100 ++++++++++++++++++++++- hosts/modules/alexandria/vaultwarden.nix | 22 ----- 11 files changed, 104 insertions(+), 242 deletions(-) delete mode 100644 hosts/modules/alexandria/cinny.nix delete mode 100644 hosts/modules/alexandria/forgejo.nix delete mode 100644 hosts/modules/alexandria/jellyfin.nix delete mode 100644 hosts/modules/alexandria/librespeed.nix delete mode 100644 hosts/modules/alexandria/memos.nix delete mode 100644 hosts/modules/alexandria/nginx.nix delete mode 100644 hosts/modules/alexandria/searx.nix delete mode 100644 hosts/modules/alexandria/vaultwarden.nix diff --git a/hosts/modules/alexandria/cinny.nix b/hosts/modules/alexandria/cinny.nix deleted file mode 100644 index fc4770f..0000000 --- a/hosts/modules/alexandria/cinny.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: - -{ - virtualisation.oci-containers.containers."cinny" = { - image = "ghcr.io/cinnyapp/cinny:latest"; - ports = [ "${config.ports.cinny}:80" ]; - environment = { - TZ = "America/Bahia"; - }; - volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts."matrix.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; - }; -} diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix index 64407bb..7016d1c 100644 --- a/hosts/modules/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -1,46 +1,14 @@ -{ lib, ... }: - -let - mkStringOption = - default: - lib.mkOption { - inherit default; - type = lib.types.str; - }; - -in +{ ... }: { imports = [ - ./cinny.nix ./forgejo.nix ./hardware-configuration.nix ./jellyfin.nix ./librespeed.nix - ./memos.nix ./nginx.nix - ./searx.nix ./services.nix ./users.nix ./vaultwarden.nix ]; - - options.ports = { - bazaar = mkStringOption "6767"; - radarr = mkStringOption "7878"; - vaultwarden = mkStringOption "8000"; - cinny = mkStringOption "8002"; - librespeed = mkStringOption "8003"; - paperless = mkStringOption "8004"; - yousable = mkStringOption "8005"; - cinny2 = mkStringOption "8006"; - searx = mkStringOption "8007"; - qbittorrent = mkStringOption "8008"; - actual = mkStringOption "8009"; - memos = mkStringOption "8010"; - collabora = mkStringOption "8011"; - jellyfin = mkStringOption "8096"; - sonarr = mkStringOption "8989"; - jackett = mkStringOption "9117"; - }; } diff --git a/hosts/modules/alexandria/forgejo.nix b/hosts/modules/alexandria/forgejo.nix deleted file mode 100644 index a51c050..0000000 --- a/hosts/modules/alexandria/forgejo.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -let - domain = "git.baduhai.dev"; -in - -{ - services = { - forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = domain; - ROOT_URL = "https://${domain}"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - }; - }; - nginx.virtualHosts.${domain} = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - }; -} diff --git a/hosts/modules/alexandria/jellyfin.nix b/hosts/modules/alexandria/jellyfin.nix deleted file mode 100644 index 015f4aa..0000000 --- a/hosts/modules/alexandria/jellyfin.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: - -{ - services = { - jellyfin = { - enable = true; - user = "user"; - group = "hosted"; - openFirewall = true; - }; - - nginx.virtualHosts."jellyfin.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; - }; - }; -} diff --git a/hosts/modules/alexandria/librespeed.nix b/hosts/modules/alexandria/librespeed.nix deleted file mode 100644 index 6b830b7..0000000 --- a/hosts/modules/alexandria/librespeed.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: - -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "${config.ports.librespeed}:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts."speed.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}"; - }; -} diff --git a/hosts/modules/alexandria/memos.nix b/hosts/modules/alexandria/memos.nix deleted file mode 100644 index 2d41cc0..0000000 --- a/hosts/modules/alexandria/memos.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: - -{ - virtualisation.oci-containers.containers."memos" = { - image = "docker.io/neosmemo/memos:stable"; - ports = [ "${config.ports.memos}:5230" ]; - environment = { - TZ = "America/Bahia"; - }; - volumes = [ "/data/memos/:/var/opt/memos" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts."notes.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.memos}"; - }; -} diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix index 0d40f21..5bc8c2d 100644 --- a/hosts/modules/alexandria/networking.nix +++ b/hosts/modules/alexandria/networking.nix @@ -10,4 +10,9 @@ allowedUDPPorts = [ ]; }; }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; } diff --git a/hosts/modules/alexandria/nginx.nix b/hosts/modules/alexandria/nginx.nix deleted file mode 100644 index 5075bcf..0000000 --- a/hosts/modules/alexandria/nginx.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: - -{ - services.nginx = { - enable = true; - group = "hosted"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - - age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; - owner = "nginx"; - group = "hosted"; - }; - -} diff --git a/hosts/modules/alexandria/searx.nix b/hosts/modules/alexandria/searx.nix deleted file mode 100644 index 94f3017..0000000 --- a/hosts/modules/alexandria/searx.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -{ - services = { - searx = { - enable = true; - package = pkgs.searxng; - settings.server = { - port = lib.toInt "${config.ports.searx}"; - bind_address = "0.0.0.0"; - secret_key = "&yEf!xLA@y3FdJ5BjKnUnNAkqer$iW!9"; - method = "GET"; - }; - }; - - nginx.virtualHosts."search.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.searx}"; - }; - }; -} diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index a9350f6..24495ac 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -1,7 +1,103 @@ -{ ... }: +{ config, lib, ... }: + +let + ports = { + vaultwarden = "8000"; + librespeed = "8001"; + jellyfin = "8096"; + }; +in { - services.postgresql.enable = true; + services = { + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = + let + commonVHostConfig = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { + "_".locations."/".return = "444"; + "git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; + "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; + "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; + }; + }; + + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; + + jellyfin = { + enable = true; + openFirewall = true; + }; + + vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = "${config.ports.vaultwarden}"; + }; + }; + }; + + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "America/Bahia"; + }; + ports = [ "${config.ports.librespeed}:80" ]; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs."baduhai.dev" = { + extraDomainNames = [ "*.baduhai.dev" ]; + }; + }; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "hosted"; + }; # TODO: remove when bug fix # serokell/deploy-rs/issues/57 diff --git a/hosts/modules/alexandria/vaultwarden.nix b/hosts/modules/alexandria/vaultwarden.nix deleted file mode 100644 index 2207c08..0000000 --- a/hosts/modules/alexandria/vaultwarden.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: - -{ - services = { - vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = true; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "${config.ports.vaultwarden}"; - }; - }; - - nginx.virtualHosts."pass.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; - }; - }; -} From adbbb9c773916afac4c02d17ff00c5b768d9fee1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 12:21:18 -0300 Subject: [PATCH 065/267] disko config now part of hardware-configuration for trantor --- hosts/modules/trantor/disko.nix | 32 ------------------- .../trantor/hardware-configuration.nix | 31 ++++++++++++++++++ 2 files changed, 31 insertions(+), 32 deletions(-) delete mode 100644 hosts/modules/trantor/disko.nix diff --git a/hosts/modules/trantor/disko.nix b/hosts/modules/trantor/disko.nix deleted file mode 100644 index 39599f4..0000000 --- a/hosts/modules/trantor/disko.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/modules/trantor/hardware-configuration.nix b/hosts/modules/trantor/hardware-configuration.nix index d5cc31f..6f36ffa 100644 --- a/hosts/modules/trantor/hardware-configuration.nix +++ b/hosts/modules/trantor/hardware-configuration.nix @@ -24,4 +24,35 @@ networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; } From 2265de999e28d9b3126444ada91adc85093c42f2 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 13:13:17 -0300 Subject: [PATCH 066/267] orca slicer now a flatpak --- flake.lock | 8 ++++---- flake.nix | 2 +- hosts/modules/programs.nix | 10 +++++++++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 644640b..9982928 100644 --- a/flake.lock +++ b/flake.lock @@ -405,16 +405,16 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1739444422, - "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "lastModified": 1749394952, + "narHash": "sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "rev": "64c6e53a3999957c19ab95cda78bde466d8374cc", "type": "github" }, "original": { "owner": "gmodena", - "ref": "latest", + "ref": "main", "repo": "nix-flatpak", "type": "github" } diff --git a/flake.nix b/flake.nix index dc03f08..1c8b862 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,7 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; impermanence.url = "github:nix-community/impermanence"; }; diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 2097b5f..8ef004e 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -96,7 +96,7 @@ ### Graphics & Design ### gimp inkscape - orca-slicer + # orca-slicer plasticity ### Gaming & Entertainment ### clonehero @@ -177,6 +177,14 @@ ### Office & Productivity ### ### Graphics & Design ### "com.boxy_svg.BoxySVG" + { + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + }}"; + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + } ### Gaming & Entertainment ### "com.github.k4zmu2a.spacecadetpinball" "io.itch.itch" From 1185c6bb2d98c3b711f5f457547487bdacc72fff Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 13:14:01 -0300 Subject: [PATCH 067/267] remove orca slicer from package list --- hosts/modules/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 8ef004e..5c2736d 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -96,7 +96,6 @@ ### Graphics & Design ### gimp inkscape - # orca-slicer plasticity ### Gaming & Entertainment ### clonehero From 8d37baaa376c864ad495c817eb1aa3b1e50651d6 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 13:20:51 -0300 Subject: [PATCH 068/267] streamline hash for orca slicer flatpak --- hosts/modules/programs.nix | 68 ++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 32 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 5c2736d..4240485 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -167,38 +167,42 @@ ]; }; - services.flatpak = { - enable = true; - packages = [ - ### Dev Tools ### - ### Internet Browsers & Communication ### - "app.zen_browser.zen" - ### Office & Productivity ### - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - { - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - }}"; - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - } - ### Gaming & Entertainment ### - "com.github.k4zmu2a.spacecadetpinball" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - ### Media ### - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; + services.flatpak = + let + orcahash = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + in + { + enable = true; + packages = [ + ### Dev Tools ### + ### Internet Browsers & Communication ### + "app.zen_browser.zen" + ### Office & Productivity ### + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + { + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + sha256 = orcahash; + }}"; + appId = "io.github.softfever.OrcaSlicer"; + sha256 = orcahash; + } + ### Gaming & Entertainment ### + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + ### Media ### + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; } )) ]; From 968f28581445928f1c94dc072376d2635cdd85c2 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 20:47:59 -0300 Subject: [PATCH 069/267] remove references to deleted files --- hosts/modules/alexandria/default.nix | 5 ----- hosts/modules/alexandria/users.nix | 16 +--------------- 2 files changed, 1 insertion(+), 20 deletions(-) diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix index 7016d1c..40a4da2 100644 --- a/hosts/modules/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -2,13 +2,8 @@ { imports = [ - ./forgejo.nix ./hardware-configuration.nix - ./jellyfin.nix - ./librespeed.nix - ./nginx.nix ./services.nix ./users.nix - ./vaultwarden.nix ]; } diff --git a/hosts/modules/alexandria/users.nix b/hosts/modules/alexandria/users.nix index 353f28f..d0a771b 100644 --- a/hosts/modules/alexandria/users.nix +++ b/hosts/modules/alexandria/users.nix @@ -1,19 +1,5 @@ { ... }: { - users = { - users = { - nginx.extraGroups = [ "acme" ]; - }; - groups = { - hosted = { - gid = 1005; - members = [ - "user" - "paperless" - "vaultwarden" - ]; - }; - }; - }; + users.users.nginx.extraGroups = [ "acme" ]; } From d8c7fec4e5b245f7ec94f5d67bfb5b22d35a5bcf Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 21:04:34 -0300 Subject: [PATCH 070/267] removed referenced to disko file; changed how ports are handled on alexandria services --- hosts/modules/alexandria/services.nix | 4 ++-- hosts/modules/trantor/default.nix | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 24495ac..ff81d85 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -63,7 +63,7 @@ in DOMAIN = "https://pass.baduhai.dev"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "${config.ports.vaultwarden}"; + ROCKET_PORT = "${ports.vaultwarden}"; }; }; }; @@ -73,7 +73,7 @@ in environment = { TZ = "America/Bahia"; }; - ports = [ "${config.ports.librespeed}:80" ]; + ports = [ "${ports.librespeed}:80" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" diff --git a/hosts/modules/trantor/default.nix b/hosts/modules/trantor/default.nix index 9bdb292..39a5b9e 100644 --- a/hosts/modules/trantor/default.nix +++ b/hosts/modules/trantor/default.nix @@ -3,7 +3,6 @@ { imports = [ ./boot.nix - ./disko.nix ./hardware-configuration.nix ./networking.nix ]; From 27edaece34850ca4a5801f72848bbfbc1342453a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 21:06:56 -0300 Subject: [PATCH 071/267] fix starship ssh prompt --- users/modules/user/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index 4548265..9b25dbb 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -62,7 +62,7 @@ ''; right_format = "$cmd_duration$character"; hostname = { - ssh_symbol = " "; + ssh_symbol = " "; }; character = { error_symbol = "[](red)"; From ab6b2a57e9ac553aaeb940c4ce579c9e24a72c29 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 21:08:41 -0300 Subject: [PATCH 072/267] fix nginx group --- hosts/modules/alexandria/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index ff81d85..f4f8acf 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -96,7 +96,7 @@ in age.secrets.cloudflare = { file = ../../../secrets/cloudflare.age; owner = "nginx"; - group = "hosted"; + group = "nginx"; }; # TODO: remove when bug fix From 08ea280ad24eab98485a2a6084778c7f98080be0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 21:17:52 -0300 Subject: [PATCH 073/267] remove useless secrets --- hosts/modules/networking.nix | 11 ----------- hosts/modules/services.nix | 8 ++++++++ secrets/nextcloud-adminpass.age | 13 ------------- secrets/nextcloud-secrets.json.age | 13 ------------- secrets/paperless.age | 13 ------------- secrets/secrets.nix | 7 ++----- 6 files changed, 10 insertions(+), 55 deletions(-) delete mode 100644 secrets/nextcloud-adminpass.age delete mode 100644 secrets/nextcloud-secrets.json.age delete mode 100644 secrets/paperless.age diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix index 30dd7b5..d80f42e 100644 --- a/hosts/modules/networking.nix +++ b/hosts/modules/networking.nix @@ -12,17 +12,6 @@ networkmanager.enable = true; firewall.enable = true; }; - - services = { - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - openssh = { - enable = true; - settings.PermitRootLogin = "no"; - }; - }; } # Server specific configuration diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix index b957a97..85939f7 100644 --- a/hosts/modules/services.nix +++ b/hosts/modules/services.nix @@ -10,6 +10,14 @@ # Common configuration { services = { + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + openssh = { + enable = true; + settings.PermitRootLogin = "no"; + }; fwupd.enable = true; fstrim.enable = true; }; diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age deleted file mode 100644 index 4adb2b1..0000000 --- a/secrets/nextcloud-adminpass.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 -8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI --> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA -xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA --> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 -c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA --> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk -QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 --> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s -seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw ---- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM -]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age deleted file mode 100644 index 3860d4e..0000000 --- a/secrets/nextcloud-secrets.json.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 hi+lKA dt/gmE1ljEV6eiU4cyqy+v49mtjlm/qnkV3D5OCbUFI -LkRedLe6Qf8J5MeH+DNVmeuFyHHjDeYyrjoyzPmqZyI --> ssh-ed25519 SP9f6A rossSD9Dk/BE9ujDcJY/CdVu5Pm5mLyKBFLpBERu+g0 -g6bnR5N9eC50gbd48rijisF6WLYBtoDi4CSLPBkfiw0 --> ssh-ed25519 8YSAiw s+i/kWBUvnSEDN93MCO9QSIXnQi02zT+vdBVB8rbAV4 -n4mWFllh8dCW8DVP9R/m6KIuprZnLRbGQ/wjFmhEZx8 --> ssh-ed25519 3Chb7w c0WkS3MPTAmcHTKMsfoL2mZKF9rJ/oU48noL00UEAjc -AL0b7xrfd9Ll4v/o0dLkic+YsKBiQxyFFKggXsQfM04 --> ssh-ed25519 J6tVTA ZM+AOwYRTovNJnwe2wdUm9KU6Lj44rgBvthwHSFwDng -DJweE//ogMciRmy0GTj8zDRzItRtlfTkBynRSBDr3ks ---- dNCLx3d9i125QQqdsQVnwdN9QMLU+MWx2KjYFKFv5lU -{ 6EjrTg+I?*xu'$>U4QBDĠ"SIqA|v5xJdHھI6$'7(q{[.I*P <Ĭ/_|yx͙p*xX \ No newline at end of file diff --git a/secrets/paperless.age b/secrets/paperless.age deleted file mode 100644 index 01199b7..0000000 --- a/secrets/paperless.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 hi+lKA 3Oayrcg8bbzLNyuFqv8J0W9IJXL9SttFfU9yyysoD2Y -Uoxk9Ns1TwreeCyJ/7Euyqn57DY1spd6j3oZDqL65X0 --> ssh-ed25519 SP9f6A FInq9erSMD008Le4Va/28fAPXnTLSWioYWsTBlkJg2k -SG9fEh+eLnUHcC36PHZbkD+pQVRX4RLJj1vxMeSKdNk --> ssh-ed25519 8YSAiw hOqCc9a6K7RAwD1CY7uQ4se4mynx0z4AmoNhxmWJtQg -j+MYuftCyA7RDlzUciTxFyd/Esqzxpcm+ccKu4NNrmU --> ssh-ed25519 3Chb7w oCX+CYB+fobvBy/5EcUJMxzwkwA+gQOY2tq17Ui68nw -B1feop9p1RDBXCyBCxIMZyd++QM2dnDrU12m6rwz5/4 --> ssh-ed25519 J6tVTA PXVULNtK26OEKApHzOM2o6odRQNa9KbzjmAh2xgkHk4 -GLSEROgoiNVIVUhSpZWlg6q62GJHXRNsi1t7OwRw5MM ---- ddMx67t9wQFDJUlwFCDPvsUAR/JRUNweS28Erojuw8A -5/d}+cZM{-jo(UY{oa|˨~4xPހ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6feadc4..88edf82 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,5 @@ let - io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"; + io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs"; io-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; io = [ io-user @@ -7,7 +7,7 @@ let ]; rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"; - rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7zAxgU8LNi5/O5XgoOcLKjbNMmO2S7jAuCI9Nr/V4v"; + rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL"; rotterdam = [ rotterdam-user rotterdam-host @@ -21,8 +21,5 @@ let all-hosts = desktops ++ servers; in { - "nextcloud-secrets.json.age".publicKeys = all-hosts; - "nextcloud-adminpass.age".publicKeys = all-hosts; "cloudflare.age".publicKeys = all-hosts; - "paperless.age".publicKeys = all-hosts; } From b2f90956d2b5affb1436187bb5ed6a7e3580de42 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 21:19:56 -0300 Subject: [PATCH 074/267] add trantor key for secrets; rekey secrets --- secrets/cloudflare.age | Bin 753 -> 863 bytes secrets/secrets.nix | 5 ++++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index a2ea31fe1f3e7db913b23efc692fc7200c10c4ba..11cfac6483edb104e0d5f5c57171c1e96f924f86 100644 GIT binary patch delta 800 zcmey!dY^5AYQ1+_N?v}tf`@NGj=phjlBs2IacEh#OGHG4zjl6#lV5PMVMK#sd7mq}Vcwn1cxdxd{~VT4Osh@WM4V2+1DK)O+8qE|#{l&fiKv00k2p}CI< zm#&>cadC!jYKoDmsiCDpaDZi+nWI91VRnXDsK1++iEl-DX^u~%rDs8sUzDepxmR$0 zX^@e5mYGMow|+!WYPv61k(YCopLURQN?>}veuZzTRm`xq)e+Q5F$CDIrc3e#N1_K}I?LrKypn$w8*tNs;J2F;C9V z3JFxm^l_^$t(T$uM{G4{*1be3ntX-mBcOAh^KI z(90+^#l+0XB_k!sIl#3jJv22l*P^sMydu-d(AC%})62<%E5kj--7V9^EVIzt%g-RN zEYsbvBFHbzD7!o-r`Vv#*EHMMC)+Wz+#(CZE8aP#l_7x&l@WQ~&c$ASSs}rJk(mLd zW%Xt$j&5c}iB86@ZprCJ`HAU<$xdO}DP`r^Tm~8CSw&F=$vGiKZs8?Gre1}PN#zlq zxsg>-|zWTxGSsCVzToTHCE2VvO3v1u+?9M1!`(0jb`CqN04>MR6Efn`Vl(cSk z;iWsvJdQ4Kw{`gTXn$#HJ4{PfbZ?924F0{T({_r+F-g_pdn?*LFF*c% G@qGZSq#6kT delta 690 zcmcc5_K|ghYJEngc8<5BLTQAtV|kRHvty`bRd#NscVxCnWwEz@VupTTx^Y=vc~!Qd zWu9R~sIze~SFX9CVO5oRVtS%qqNjdfenq~Ud1yvXvb%+kxqez|afW}1X?jp_NI-BT zm#&>cadC!jYKoDmsiCDpaDZi+nWI94xlw*`gk_MSiLY0hTYgHFk$0$TsJE%Hp{HSh zmrtdCK%hxfnrm`ZgrfylhIe6*SwU(^PIyUJVy=giL4J-?x`ku8vqhpwhGmMSzqxsp zUt)HZVOZ$IkK*;(VYxnKLHW7<6~@U$`ub^w8RY>LA%^~m#-$NC>7i8yh3TOwj!}lL zK_*<~VL`$9kzx9-RY9qxg*mQSSwRu0VS)Mv9wA}=Md2C#L5azk9?9BS1{UZ(F?P;K zGA~yM$<41QbavBraxXJ*&vr7-aP!voPWSZm^-7OS4@}JWEzC5_buA7Lh{_4&GEcIs z$n(qaOi#>nEOIS(N=&x&O$|vk)6R19G7WL}a>>qdbutL5DDf(ue3ntXzT7>?B`iG2 zEIZlVv@|g&ElA(lEYu@EEl)quGNjZe+^HTD={#F z(j_X`s4_e_C8J6|)gsI{(jY0sGO(h|BD36tOIKG{q0Go9x1cJ_H9Wt{$t5(~GON-* z$IClQ+h5zo#n8|+&)m(mKEEotfD3YpnjsJxu+0J=Fcv4WCN+#~h3QvmC#waZ-z4C`zEd QN9OjK+fRSrvb-Y=09T><%m4rY diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 88edf82..e15c3fa 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,8 +16,11 @@ let alexandria-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; alexandria = [ alexandria-host ]; + trantor-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7"; + trantor = [ trantor-host ]; + desktops = io ++ rotterdam; - servers = alexandria; + servers = alexandria ++ trantor; all-hosts = desktops ++ servers; in { From c3cfd43684318b9d39ea0b0fce46e43f5f33c76d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 9 Jun 2025 16:22:57 -0300 Subject: [PATCH 075/267] better remote flatpak bundle definition --- hosts/modules/programs.nix | 68 ++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 36 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 4240485..afd9c1d 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -167,42 +167,38 @@ ]; }; - services.flatpak = - let - orcahash = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - in - { - enable = true; - packages = [ - ### Dev Tools ### - ### Internet Browsers & Communication ### - "app.zen_browser.zen" - ### Office & Productivity ### - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - { - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - sha256 = orcahash; - }}"; - appId = "io.github.softfever.OrcaSlicer"; - sha256 = orcahash; - } - ### Gaming & Entertainment ### - "com.github.k4zmu2a.spacecadetpinball" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - ### Media ### - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; + services.flatpak = { + enable = true; + packages = [ + ### Dev Tools ### + ### Internet Browsers & Communication ### + "app.zen_browser.zen" + ### Office & Productivity ### + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + sha256 = sha256; # References the sha256 attribute above + }}"; + appId = "io.github.softfever.OrcaSlicer"; + } + ### Gaming & Entertainment ### + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + ### Media ### + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; } )) ]; From 58a415aff7717e4aab28e3f4ee06584590597533 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 10 Jun 2025 17:19:33 -0300 Subject: [PATCH 076/267] add toggleaudiosink to installed packages --- hosts/modules/programs.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index afd9c1d..10b9c1f 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -115,6 +115,7 @@ quickemu quickgui steam-run + toggleaudiosink unrar ### Media ### mpv @@ -177,12 +178,12 @@ ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { + appId = "io.github.softfever.OrcaSlicer"; sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; bundle = "${pkgs.fetchurl { url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - sha256 = sha256; # References the sha256 attribute above + sha256 = sha256; }}"; - appId = "io.github.softfever.OrcaSlicer"; } ### Gaming & Entertainment ### "com.github.k4zmu2a.spacecadetpinball" From 2af2fd476c0af9e38baad0c78a9a8486a8e71b11 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 10 Jun 2025 17:45:50 -0300 Subject: [PATCH 077/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/91287a0e9d42570754487b7e38c6697e15a9aab2?narHash=sha256-bXcEx1aZUNm5hMLVJeuofcOrZyOiapzvQ7K36HYK3YQ%3D' (2025-06-06) → 'github:nix-community/home-manager/427c96044f11a5da50faf6adaf38c9fa47e6d044?narHash=sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo%3D' (2025-06-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/c2a03962b8e24e669fb37b7df10e7c79531ff1a4?narHash=sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj%2BQ%3D' (2025-06-03) → 'github:nixos/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f?narHash=sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU%3D' (2025-06-07) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/4792576cb003c994bd7cc1edada3129def20b27d?narHash=sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU%3D' (2025-06-05) → 'github:nixos/nixpkgs/88331c17ba434359491e8d5889cce872464052c2?narHash=sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc%3D' (2025-06-09) • Updated input 'stylix': 'github:danth/stylix/8456dfa7f60e6b4499b0498fc88e9b8b57d4d7d7?narHash=sha256-E1KgTswgmzBGv%2B8WijQRghlyIP6k%2BLPzj9j8bq9BlLU%3D' (2025-06-05) → 'github:danth/stylix/6d72fc259b6f595f5bcf9634bf2f82b76f939a0d?narHash=sha256-II57ap6MGkArooZFaSDrgNgi24T5Dkdkzhe%2BxUHdybQ%3D' (2025-06-10) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9982928..f9250b7 100644 --- a/flake.lock +++ b/flake.lock @@ -353,11 +353,11 @@ ] }, "locked": { - "lastModified": 1749178927, - "narHash": "sha256-bXcEx1aZUNm5hMLVJeuofcOrZyOiapzvQ7K36HYK3YQ=", + "lastModified": 1749526396, + "narHash": "sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo=", "owner": "nix-community", "repo": "home-manager", - "rev": "91287a0e9d42570754487b7e38c6697e15a9aab2", + "rev": "427c96044f11a5da50faf6adaf38c9fa47e6d044", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -437,11 +437,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1749086602, - "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", + "lastModified": 1749494155, + "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4792576cb003c994bd7cc1edada3129def20b27d", + "rev": "88331c17ba434359491e8d5889cce872464052c2", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1749165619, - "narHash": "sha256-E1KgTswgmzBGv+8WijQRghlyIP6k+LPzj9j8bq9BlLU=", + "lastModified": 1749576521, + "narHash": "sha256-II57ap6MGkArooZFaSDrgNgi24T5Dkdkzhe+xUHdybQ=", "owner": "danth", "repo": "stylix", - "rev": "8456dfa7f60e6b4499b0498fc88e9b8b57d4d7d7", + "rev": "6d72fc259b6f595f5bcf9634bf2f82b76f939a0d", "type": "github" }, "original": { From 700db4d5783d66c68e73d7835daeeb5cb25aa25b Mon Sep 17 00:00:00 2001 From: William Date: Tue, 10 Jun 2025 17:50:07 -0300 Subject: [PATCH 078/267] no longer required kernel params --- hosts/modules/rotterdam/boot.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/hosts/modules/rotterdam/boot.nix b/hosts/modules/rotterdam/boot.nix index 44dd48f..d038ede 100644 --- a/hosts/modules/rotterdam/boot.nix +++ b/hosts/modules/rotterdam/boot.nix @@ -12,11 +12,7 @@ in kernelParams = [ "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state "clearcpuid=514" - # Fixes amdgpu freezing - "amdgpu.noretry=0" - "amdgpu.ppfeaturemask=0xfffd3fff" - "amdgpu.gpu_recovery=1" - "amdgpu.lockup_timeout=1000" + "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing ]; # QubesOS boot entry loader.systemd-boot = { From fb3ed685496880211b0f732f2b27b9772a60ae10 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 14 Jun 2025 20:15:15 -0300 Subject: [PATCH 079/267] konsole -> foot; added zellij --- hosts/modules/programs.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 10b9c1f..475fa89 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -105,6 +105,7 @@ protonup ### System Utilities ### adwaita-icon-theme + foot junction kara kde-rounded-corners @@ -117,6 +118,7 @@ steam-run toggleaudiosink unrar + zellij ### Media ### mpv obs-studio @@ -131,6 +133,7 @@ gwenview kate khelpcenter + konsole oxygen ] ); From dd2dcb9cb33c7b5d256ba5149678d975d711e76d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 14 Jun 2025 20:20:27 -0300 Subject: [PATCH 080/267] tmux -> zellij --- hosts/modules/programs.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 475fa89..603c9eb 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -21,7 +21,7 @@ nixos-firewall-tool sysz wget - tmux + zellij ]; shellAliases = { ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; @@ -118,7 +118,6 @@ steam-run toggleaudiosink unrar - zellij ### Media ### mpv obs-studio From 76b5c5e95363c076566301120ab9674f6768a4ca Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Jun 2025 10:29:45 -0300 Subject: [PATCH 081/267] back to tmux --- hosts/modules/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 603c9eb..970d253 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -20,8 +20,8 @@ fastfetch nixos-firewall-tool sysz + tmux wget - zellij ]; shellAliases = { ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; From 6f604f375ad2486a8ace77e0dee84bf0faeb9253 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Jun 2025 12:55:03 -0300 Subject: [PATCH 082/267] now on alacritty --- hosts/modules/programs.nix | 2 +- hosts/modules/stylix.nix | 2 +- users/modules/programs.nix | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 970d253..2fa4a63 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -105,7 +105,7 @@ protonup ### System Utilities ### adwaita-icon-theme - foot + alacritty junction kara kde-rounded-corners diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix index 8d9782c..b0345f2 100644 --- a/hosts/modules/stylix.nix +++ b/hosts/modules/stylix.nix @@ -51,7 +51,7 @@ name = "Noto Color Emoji"; }; sizes = { - applications = 10; + applications = 11; desktop = config.stylix.fonts.sizes.applications; popups = config.stylix.fonts.sizes.applications; terminal = 12; diff --git a/users/modules/programs.nix b/users/modules/programs.nix index bb15a78..0ee976a 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -94,6 +94,17 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { + programs.alacritty = { + enable = true; + settings = { + window = { + padding = { + x = 8; + y = 8; + }; + }; + }; + }; }) ]; } From 93cf3d5322e99e1ef527323ef5b8d8e333444ea7 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Jun 2025 21:17:21 -0300 Subject: [PATCH 083/267] fastfetch in place switch for neofetch --- hosts/modules/programs.nix | 3 +-- users/modules/programs.nix | 18 +++++++++--------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 2fa4a63..c544436 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -17,7 +17,6 @@ helix ### System Utilities ### btop - fastfetch nixos-firewall-tool sysz tmux @@ -25,7 +24,7 @@ ]; shellAliases = { ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; - neofetch = "fastfetch"; + neofetch = "${pkgs.fastfetch}/bin/fastfetch"; tree = "ls --tree"; syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; }; diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 0ee976a..bb5b2aa 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -64,15 +64,6 @@ sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; }; } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; - }; - } { name = "sponge"; src = pkgs.fetchFromGitHub { @@ -82,6 +73,15 @@ sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; }; } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; + sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + }; + } ]; }; }; From 98c64ea77330fcfcbb15c0fd1b109331c8d96e40 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Jun 2025 20:53:16 -0300 Subject: [PATCH 084/267] statix linted the shit out of my code --- hosts/modules/alexandria/networking.nix | 2 -- hosts/modules/alexandria/users.nix | 2 -- hosts/modules/io/boot.nix | 2 -- hosts/modules/io/ephermal.nix | 2 -- hosts/modules/io/services.nix | 2 -- hosts/modules/programs.nix | 23 ++++++++++------------- hosts/modules/rotterdam/ephermal.nix | 2 -- hosts/modules/rotterdam/services.nix | 2 -- hosts/modules/trantor/boot.nix | 2 -- hosts/modules/trantor/networking.nix | 2 -- modules/qbittorrent.nix | 2 +- users/modules/stylix.nix | 2 -- users/modules/user/home.nix | 2 -- 13 files changed, 11 insertions(+), 36 deletions(-) diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix index 5bc8c2d..2d59cbb 100644 --- a/hosts/modules/alexandria/networking.nix +++ b/hosts/modules/alexandria/networking.nix @@ -1,5 +1,3 @@ -{ ... }: - { networking = { firewall = { diff --git a/hosts/modules/alexandria/users.nix b/hosts/modules/alexandria/users.nix index d0a771b..14e34c2 100644 --- a/hosts/modules/alexandria/users.nix +++ b/hosts/modules/alexandria/users.nix @@ -1,5 +1,3 @@ -{ ... }: - { users.users.nginx.extraGroups = [ "acme" ]; } diff --git a/hosts/modules/io/boot.nix b/hosts/modules/io/boot.nix index 1580753..326f7dc 100644 --- a/hosts/modules/io/boot.nix +++ b/hosts/modules/io/boot.nix @@ -1,5 +1,3 @@ -{ ... }: - { boot = { # TODO check if future kernel versions fix boot issue with systemd initrd with tpm diff --git a/hosts/modules/io/ephermal.nix b/hosts/modules/io/ephermal.nix index 35542f8..9ab97f2 100644 --- a/hosts/modules/io/ephermal.nix +++ b/hosts/modules/io/ephermal.nix @@ -1,5 +1,3 @@ -{ ... }: - { boot.initrd.systemd.services.recreate-root = { description = "Rolling over and creating new filesystem root"; diff --git a/hosts/modules/io/services.nix b/hosts/modules/io/services.nix index 5291695..f9f82cf 100644 --- a/hosts/modules/io/services.nix +++ b/hosts/modules/io/services.nix @@ -1,5 +1,3 @@ -{ ... }: - { services = { keyd = { diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index c544436..40f3694 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -123,18 +123,15 @@ qview ] ++ kdepkgs; - plasma6.excludePackages = ( - with pkgs.kdePackages; - [ - discover - elisa - gwenview - kate - khelpcenter - konsole - oxygen - ] - ); + plasma6.excludePackages = with pkgs.kdePackages; [ + discover + elisa + gwenview + kate + khelpcenter + konsole + oxygen + ]; }; programs = { @@ -183,7 +180,7 @@ sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; bundle = "${pkgs.fetchurl { url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - sha256 = sha256; + inherit sha256; }}"; } ### Gaming & Entertainment ### diff --git a/hosts/modules/rotterdam/ephermal.nix b/hosts/modules/rotterdam/ephermal.nix index 8161a99..8e9c708 100644 --- a/hosts/modules/rotterdam/ephermal.nix +++ b/hosts/modules/rotterdam/ephermal.nix @@ -1,5 +1,3 @@ -{ ... }: - { boot.initrd.systemd.services.recreate-root = { description = "Rolling over and creating new filesystem root"; diff --git a/hosts/modules/rotterdam/services.nix b/hosts/modules/rotterdam/services.nix index 5483b5d..0bf276f 100644 --- a/hosts/modules/rotterdam/services.nix +++ b/hosts/modules/rotterdam/services.nix @@ -1,5 +1,3 @@ -{ ... }: - { services.keyd = { enable = true; diff --git a/hosts/modules/trantor/boot.nix b/hosts/modules/trantor/boot.nix index 35b8cb6..b724550 100644 --- a/hosts/modules/trantor/boot.nix +++ b/hosts/modules/trantor/boot.nix @@ -1,5 +1,3 @@ -{ ... }: - { boot = { loader.efi.efiSysMountPoint = "/boot"; diff --git a/hosts/modules/trantor/networking.nix b/hosts/modules/trantor/networking.nix index cb7b88a..4dcbe1e 100644 --- a/hosts/modules/trantor/networking.nix +++ b/hosts/modules/trantor/networking.nix @@ -1,5 +1,3 @@ -{ ... }: - { networking = { firewall = { diff --git a/modules/qbittorrent.nix b/modules/qbittorrent.nix index 09123a5..a496c54 100644 --- a/modules/qbittorrent.nix +++ b/modules/qbittorrent.nix @@ -107,7 +107,7 @@ in users.users = mkIf (cfg.user == "qbittorrent") { qbittorrent = { - group = cfg.group; + inherit group; home = cfg.dataDir; createHome = true; description = "qBittorrent Daemon user"; diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 6b06a7d..56a36f6 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -1,5 +1,3 @@ -{ ... }: - { stylix.targets = { blender.enable = false; diff --git a/users/modules/user/home.nix b/users/modules/user/home.nix index ca73729..38311a6 100644 --- a/users/modules/user/home.nix +++ b/users/modules/user/home.nix @@ -1,5 +1,3 @@ -{ ... }: - { gtk = { enable = true; From 98c46ded573d42a22a70d095847412917be4f84e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 2 Jul 2025 15:43:31 -0300 Subject: [PATCH 085/267] moving to stable kernel --- hosts/modules/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/boot.nix b/hosts/modules/boot.nix index 8677186..4a3a160 100644 --- a/hosts/modules/boot.nix +++ b/hosts/modules/boot.nix @@ -38,7 +38,7 @@ plymouth.enable = true; initrd.systemd.enable = true; loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; + kernelPackages = pkgs.linuxPackages_xanmod_stable; extraModprobeConfig = '' options bluetooth disable_ertm=1 ''; From 3b0d3ee40c56e87b20b57c093e2e70860609551d Mon Sep 17 00:00:00 2001 From: William Date: Wed, 2 Jul 2025 15:44:39 -0300 Subject: [PATCH 086/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1?narHash=sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY%2BD81k%3D' (2025-05-18) → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf?narHash=sha256-9P1FziAwl5%2B3edkfFcr5HeGtQUtrSdk/MksX39GieoA%3D' (2025-06-17) • Updated input 'home-manager': 'github:nix-community/home-manager/427c96044f11a5da50faf6adaf38c9fa47e6d044?narHash=sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo%3D' (2025-06-10) → 'github:nix-community/home-manager/9347c61bc0cbed0d2062b930144c2cbd557f9189?narHash=sha256-eX6wMGQjaTzedR6lz2IpEnAMgLcuQLQezBJNil7yG3s%3D' (2025-07-02) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/7aae0ee71a17b19708b93b3ed448a1a0952bf111?narHash=sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg%3D' (2025-06-05) → 'github:nix-community/home-manager/501cfec8277f931a9c9af9f23d3105c537faeafe?narHash=sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA%3D' (2025-07-02) • Updated input 'nix-flatpak': 'github:gmodena/nix-flatpak/64c6e53a3999957c19ab95cda78bde466d8374cc?narHash=sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE%3D' (2025-06-08) → 'github:gmodena/nix-flatpak/59adb9ad1cbd915494fc35cd0e0a9d582ca9de74?narHash=sha256-oOYrnKStMsOXST%2BwKnzuSZ49h8Dr1Q3mIn2f5Kb5GAw%3D' (2025-06-30) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f?narHash=sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU%3D' (2025-06-07) → 'github:nixos/nixpkgs/3016b4b15d13f3089db8a41ef937b13a9e33a8df?narHash=sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU%2Btt4YY%3D' (2025-06-30) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/88331c17ba434359491e8d5889cce872464052c2?narHash=sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc%3D' (2025-06-09) → 'github:nixos/nixpkgs/b43c397f6c213918d6cfe6e3550abfe79b5d1c51?narHash=sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y%3D' (2025-06-29) • Updated input 'stylix': 'github:danth/stylix/6d72fc259b6f595f5bcf9634bf2f82b76f939a0d?narHash=sha256-II57ap6MGkArooZFaSDrgNgi24T5Dkdkzhe%2BxUHdybQ%3D' (2025-06-10) → 'github:danth/stylix/3f71d154867b457adbef04b4982e78b5dc225e62?narHash=sha256-fzU40SfJxDQlsWabd7ApiGiJHJVLe%2BvjCm8JtJU9mwc%3D' (2025-07-02) • Updated input 'stylix/gnome-shell': 'github:GNOME/gnome-shell/52c517c8f6c199a1d6f5118fae500ef69ea845ae?narHash=sha256-0RJ4mJzf%2BklKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew%3D' (2025-04-13) → 'github:GNOME/gnome-shell/8c88f917db0f1f0d80fa55206c863d3746fa18d0?narHash=sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0%3D' (2025-05-25) • Updated input 'stylix/home-manager': 'github:nix-community/home-manager/5675a9686851d9626560052a032c4e14e533c1fa?narHash=sha256-5kvBbLYdp%2Bn7Ftanjcs6Nv%2BUO6sBhelp6MIGJ9nWmjQ%3D' (2025-06-01) → 'github:nix-community/home-manager/76d0c31fce2aa0c71409de953e2f9113acd5b656?narHash=sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU%3D' (2025-06-28) --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index f9250b7..7e80c31 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -290,16 +290,16 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1744584021, - "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", "type": "github" }, "original": { "owner": "GNOME", - "ref": "48.1", + "ref": "48.2", "repo": "gnome-shell", "type": "github" } @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1751468302, + "narHash": "sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "501cfec8277f931a9c9af9f23d3105c537faeafe", "type": "github" }, "original": { @@ -353,11 +353,11 @@ ] }, "locked": { - "lastModified": 1749526396, - "narHash": "sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo=", + "lastModified": 1751476662, + "narHash": "sha256-eX6wMGQjaTzedR6lz2IpEnAMgLcuQLQezBJNil7yG3s=", "owner": "nix-community", "repo": "home-manager", - "rev": "427c96044f11a5da50faf6adaf38c9fa47e6d044", + "rev": "9347c61bc0cbed0d2062b930144c2cbd557f9189", "type": "github" }, "original": { @@ -375,11 +375,11 @@ ] }, "locked": { - "lastModified": 1748737919, - "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", + "lastModified": 1751146119, + "narHash": "sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU=", "owner": "nix-community", "repo": "home-manager", - "rev": "5675a9686851d9626560052a032c4e14e533c1fa", + "rev": "76d0c31fce2aa0c71409de953e2f9113acd5b656", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1749394952, - "narHash": "sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE=", + "lastModified": 1751276396, + "narHash": "sha256-oOYrnKStMsOXST+wKnzuSZ49h8Dr1Q3mIn2f5Kb5GAw=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "64c6e53a3999957c19ab95cda78bde466d8374cc", + "rev": "59adb9ad1cbd915494fc35cd0e0a9d582ca9de74", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { @@ -437,11 +437,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1749494155, - "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", + "lastModified": 1751211869, + "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "88331c17ba434359491e8d5889cce872464052c2", + "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1749576521, - "narHash": "sha256-II57ap6MGkArooZFaSDrgNgi24T5Dkdkzhe+xUHdybQ=", + "lastModified": 1751478235, + "narHash": "sha256-fzU40SfJxDQlsWabd7ApiGiJHJVLe+vjCm8JtJU9mwc=", "owner": "danth", "repo": "stylix", - "rev": "6d72fc259b6f595f5bcf9634bf2f82b76f939a0d", + "rev": "3f71d154867b457adbef04b4982e78b5dc225e62", "type": "github" }, "original": { From 679ff9a32866f18b6ec74d0221f9b8e5ce7508b2 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 2 Jul 2025 16:11:00 -0300 Subject: [PATCH 087/267] turns out stable isn't lts, I want lts --- hosts/modules/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/boot.nix b/hosts/modules/boot.nix index 4a3a160..049fad7 100644 --- a/hosts/modules/boot.nix +++ b/hosts/modules/boot.nix @@ -38,7 +38,7 @@ plymouth.enable = true; initrd.systemd.enable = true; loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_stable; + kernelPackages = pkgs.linuxPackages_xanmod; extraModprobeConfig = '' options bluetooth disable_ertm=1 ''; From ab9314be6d9b46cef68caaafdf4f55dbca82d38f Mon Sep 17 00:00:00 2001 From: William Date: Wed, 2 Jul 2025 16:14:42 -0300 Subject: [PATCH 088/267] add radicale service --- hosts/modules/alexandria/services.nix | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index f4f8acf..0f8303d 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -2,9 +2,10 @@ let ports = { - vaultwarden = "8000"; - librespeed = "8001"; jellyfin = "8096"; + librespeed = "8000"; + radicale = "8001"; + vaultwarden = "8002"; }; in @@ -26,6 +27,10 @@ in in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { "_".locations."/".return = "444"; + "dav.baduhai.dev".locations."/" = { + proxyPass = "http://127.0.0.1:${ports.radicale}"; + extraConfig = "proxy_pass_header Authorization;"; + }; "git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; @@ -57,6 +62,23 @@ in openFirewall = true; }; + radicale = { + enable = true; + settings = { + server = { + hosts = [ + "127.0.0.1:5232" + "[::]:5232" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + }; + }; + vaultwarden = { enable = true; config = { From d93eca8d09eca564e9c5474e16ba7e7dea49ec98 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 2 Jul 2025 16:26:15 -0300 Subject: [PATCH 089/267] some changes to radicale; remove stylix mention for root user --- hosts/modules/alexandria/services.nix | 4 ++-- users/modules/default.nix | 1 - users/modules/stylix.nix | 5 ----- 3 files changed, 2 insertions(+), 8 deletions(-) delete mode 100644 users/modules/stylix.nix diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 0f8303d..e2e5533 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -67,8 +67,8 @@ in settings = { server = { hosts = [ - "127.0.0.1:5232" - "[::]:5232" + "127.0.0.1:${ports.radicale}" + "[::]:${ports.radicale}" ]; }; auth = { diff --git a/users/modules/default.nix b/users/modules/default.nix index 0f3fd3b..5ef9e0a 100644 --- a/users/modules/default.nix +++ b/users/modules/default.nix @@ -3,6 +3,5 @@ { imports = [ ./programs.nix - ./stylix.nix ]; } diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix deleted file mode 100644 index 56a36f6..0000000 --- a/users/modules/stylix.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - stylix.targets = { - blender.enable = false; - }; -} From c9eeb6c5fc8d7fe71f4c12a9dca38c62e3ea9295 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 6 Jul 2025 16:59:19 -0300 Subject: [PATCH 090/267] enable and configrue webdav --- hosts/modules/alexandria/services.nix | 36 ++++++++++++++++++++++++--- secrets/secrets.nix | 1 + secrets/webdav.env.age | 15 +++++++++++ 3 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 secrets/webdav.env.age diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index e2e5533..e2d6cb4 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -6,6 +6,7 @@ let librespeed = "8000"; radicale = "8001"; vaultwarden = "8002"; + webdav = "8003"; }; in @@ -36,6 +37,7 @@ in "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; + "webdav.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.webdav}"; }; }; @@ -88,6 +90,25 @@ in ROCKET_PORT = "${ports.vaultwarden}"; }; }; + + webdav = { + enable = true; + settings = { + address = "127.0.0.1"; + port = lib.toInt ports.webdav; + scope = "/data/webdav"; + modify = true; + auth = true; + users = [ + { + username = "{env}USERNAME_1"; + password = "{env}PASSWORD_1"; + directory = "{env}USERNAME_1"; + } + ]; + }; + environmentFile = config.age.secrets."webdav.env".path; + }; }; virtualisation.oci-containers.containers."librespeed" = { @@ -115,10 +136,17 @@ in }; }; - age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; + age.secrets = { + cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; + "webdav.env" = { + file = ../../../secrets/webdav.env.age; + owner = "webdav"; + group = "webdav"; + }; }; # TODO: remove when bug fix diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e15c3fa..8ffe939 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,4 +25,5 @@ let in { "cloudflare.age".publicKeys = all-hosts; + "webdav.env.age".publicKeys = all-hosts; } diff --git a/secrets/webdav.env.age b/secrets/webdav.env.age new file mode 100644 index 0000000..790cbe8 --- /dev/null +++ b/secrets/webdav.env.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 Kfdnog iYAk0YU1ekpdPEzhPKPBDeF2oM2XT6ZIqe/6xoJafSA +W0aPLLAsCUOIBqWtxzyZw5l4I72n1BFD/E9Oalz7lYg +-> ssh-ed25519 SP9f6A VzaqzMWrKJ5Iuj/A2EnBnEJNApQ0wx6ktNzhqMhxkx4 +0/qTjEcQXanCLODi8pGEYWR6JX2QZU2fHy5REIw0bA8 +-> ssh-ed25519 8YSAiw I+aTRniv+tTMrQQiTVONh4ziisdqGbE1Ntyy7zYFe3Y +tc4yyoNsPQum5lPc2/eKY6CXl+bYst9JqsXHJmt2RPo +-> ssh-ed25519 7cojTQ 96asBSxBQWOxMaKdvBUXCro5fqpeZnpWSXapjCmxqF8 +m0MBushdOMI9zp7R7VYzPibRXRfsSX9m3HTDaiv3oYQ +-> ssh-ed25519 J6tVTA uAW/2s8wHouV06Cf8XOl1MVVniZDU0STJDMyziG1x2E +BpwvevoU5w8m32KssiBUwuQXkvxl3LRjWN8u5dpDdS0 +-> ssh-ed25519 Kl5yTQ p6rLLWT7Ey5RhYl4xrFI5blBXtNPMHYj8OezuQEWPU8 +Ao9FmLXhWaCirDOCHM3pVZEdKy0lQs4aNkSj0gtjRvM +--- 6EArX870mq5cAeKEJZfqwVZJ1CLMG2Od7ndZYVOrpfc +v˲1׹sH]Ck+ )˚ZVKnM-, R&>W2 Date: Sun, 6 Jul 2025 17:44:56 -0300 Subject: [PATCH 091/267] webdav service modifications --- hosts/modules/alexandria/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index e2d6cb4..ebf12b1 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -94,7 +94,7 @@ in webdav = { enable = true; settings = { - address = "127.0.0.1"; + address = "0.0.0.0"; port = lib.toInt ports.webdav; scope = "/data/webdav"; modify = true; From 5e06bcc3c32d44e9ed667db3fc69a4488c680994 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 6 Jul 2025 17:46:54 -0300 Subject: [PATCH 092/267] more webdav changes --- hosts/modules/alexandria/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index ebf12b1..3cbe4dc 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -96,7 +96,7 @@ in settings = { address = "0.0.0.0"; port = lib.toInt ports.webdav; - scope = "/data/webdav"; + behindProxy = true; modify = true; auth = true; users = [ From 964aef3e193a85490e079d0aea8aaccabdfd4c07 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 6 Jul 2025 19:37:18 -0300 Subject: [PATCH 093/267] rclone-webdav begins --- hosts/modules/alexandria/services.nix | 83 ++++---- modules/rclone-webdav.nix | 267 ++++++++++++++++++++++++++ secrets/secrets.nix | 2 +- secrets/webdav.age | 15 ++ secrets/webdav.env.age | 15 -- 5 files changed, 321 insertions(+), 61 deletions(-) create mode 100644 modules/rclone-webdav.nix create mode 100644 secrets/webdav.age delete mode 100644 secrets/webdav.env.age diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 3cbe4dc..f872300 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -12,6 +12,29 @@ in { services = { + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; + + jellyfin = { + enable = true; + openFirewall = true; + }; + nginx = { enable = true; recommendedGzipSettings = true; @@ -37,33 +60,13 @@ in "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; - "webdav.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.webdav}"; + # "webdav.baduhai.dev".locations."/" = { + # proxyPass = "http://127.0.0.1:${ports.webdav}"; + # proxyNoTimeout = true; + # }; }; }; - forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - }; - }; - - jellyfin = { - enable = true; - openFirewall = true; - }; - radicale = { enable = true; settings = { @@ -81,6 +84,15 @@ in }; }; + rclone-webdav = { + enable = true; + authFile = config.age.secrets.wevdav.path; + dataDirectory = "/data/webdav"; + maxFileSize = "5G"; + listenAddresses = [ "0.0.0.0" ]; + port = lib.toInt ports.webdav; + }; + vaultwarden = { enable = true; config = { @@ -90,25 +102,6 @@ in ROCKET_PORT = "${ports.vaultwarden}"; }; }; - - webdav = { - enable = true; - settings = { - address = "0.0.0.0"; - port = lib.toInt ports.webdav; - behindProxy = true; - modify = true; - auth = true; - users = [ - { - username = "{env}USERNAME_1"; - password = "{env}PASSWORD_1"; - directory = "{env}USERNAME_1"; - } - ]; - }; - environmentFile = config.age.secrets."webdav.env".path; - }; }; virtualisation.oci-containers.containers."librespeed" = { @@ -142,8 +135,8 @@ in owner = "nginx"; group = "nginx"; }; - "webdav.env" = { - file = ../../../secrets/webdav.env.age; + webdav = { + file = ../../../secrets/webdav.age; owner = "webdav"; group = "webdav"; }; diff --git a/modules/rclone-webdav.nix b/modules/rclone-webdav.nix new file mode 100644 index 0000000..097537c --- /dev/null +++ b/modules/rclone-webdav.nix @@ -0,0 +1,267 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.rclone-webdav; + + parseUserFile = + userFile: + let + content = builtins.readFile userFile; + lines = filter (line: line != "" && !hasPrefix "#" line) (splitString "\n" content); + parseUser = + line: + let + parts = splitString ":" line; + in + { + username = elemAt parts 0; + password = elemAt parts 1; + }; + in + map parseUser lines; + + users = if cfg.authFile != null then parseUserFile cfg.authFile else [ ]; + usernames = map (u: u.username) users; + + socketDirectory = "/var/lib/webdav"; + + # Generate rclone service for each user + mkRcloneService = + user: + nameValuePair "rclone-webdav-${user.username}" { + description = "rclone WebDAV service for ${user.username}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + Restart = "always"; + RestartSec = "5s"; + + # Ensure directories exist + ExecStartPre = [ + "${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDirectory}/${user.username}" + "${pkgs.coreutils}/bin/mkdir -p ${socketDirectory}" + "${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.dataDirectory}/${user.username}" + "${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${socketDirectory}" + ]; + + ExecStart = '' + ${pkgs.rclone}/bin/rclone serve webdav ${cfg.dataDirectory}/${user.username} \ + --addr unix:${socketDirectory}/rclone-${user.username}.sock \ + --user ${user.username} \ + --pass ${user.password} \ + --log-level INFO + ''; + + # Security settings + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + cfg.dataDirectory + socketDirectory + ]; + }; + }; + + # Generate nginx upstream for each user + mkNginxUpstream = user: { + name = "rclone-${user.username}"; + value = { + servers = { + "unix:${socketDirectory}/rclone-${user.username}.sock" = { }; + }; + }; + }; + + # Generate nginx location for each user + mkNginxLocation = user: { + name = "/${user.username}/"; + value = { + proxyPass = "http://rclone-${user.username}"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Remove the username prefix from the path + rewrite ^/${user.username}/(.*) /$1 break; + + # WebDAV specific headers + proxy_set_header Destination $http_destination; + proxy_set_header Depth $http_depth; + proxy_set_header Overwrite $http_overwrite; + proxy_set_header Lock-Token $http_lock_token; + proxy_set_header If $http_if; + + # Allow WebDAV methods + proxy_method $request_method; + + # Increase timeouts for large file uploads + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + + # Set maximum file size for this location + client_max_body_size ${cfg.maxFileSize}; + ''; + }; + }; + +in +{ + options.services.rclone-webdav = { + enable = mkEnableOption "rclone WebDAV multi-user service"; + + authFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Path to file containing username:password pairs, one per line"; + example = "/etc/rclone-webdav-users"; + }; + + dataDirectory = mkOption { + type = types.str; + default = "/srv/webdav"; + description = "Base directory where user subdirectories will be created"; + }; + + user = mkOption { + type = types.str; + default = "webdav"; + description = "User to run rclone services as"; + }; + + group = mkOption { + type = types.str; + default = "webdav"; + description = "Group to run rclone services as"; + }; + + listenAddresses = mkOption { + type = types.listOf types.str; + default = [ "localhost" ]; + description = "List of addresses for nginx to listen on"; + example = [ + "localhost" + "127.0.0.1" + "::1" + ]; + }; + + port = mkOption { + type = types.port; + default = 8000; + description = "Port for nginx to listen on"; + }; + + maxFileSize = mkOption { + type = types.str; + default = "0"; + description = "Maximum file size for uploads (nginx client_max_body_size). Use '0' for unlimited."; + example = "100M"; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.authFile != null; + message = "services.rclone-webdav.authFile must be specified"; + } + { + assertion = users != [ ]; + message = "Auth file must contain at least one user"; + } + ]; + + # Create user and group + users.users = mkIf (cfg.user == "webdav") { + webdav = { + isSystemUser = true; + group = cfg.group; + description = "rclone WebDAV service user"; + home = cfg.dataDirectory; + createHome = true; + }; + }; + + users.groups = mkIf (cfg.group == "webdav") { + webdav = { + gid = null; + }; + }; + + # Create systemd services for each user + systemd.services = listToAttrs (map mkRcloneService users); + + # Configure nginx + services.nginx = { + enable = true; + + upstreams = listToAttrs (map mkNginxUpstream users); + + virtualHosts."rclone-webdav" = { + listen = map (addr: { + addr = addr; + port = cfg.port; + }) cfg.listenAddresses; + + locations = listToAttrs (map mkNginxLocation users) // { + "/" = { + return = "200 'rclone WebDAV Multi-user Server'"; + extraConfig = '' + add_header Content-Type text/plain; + ''; + }; + + # Catch-all location for non-existent users - return 400 + "~* ^/([^/]+)/" = { + extraConfig = '' + # Check if the requested user exists + set $user_exists 0; + ${concatStringsSep "\n" ( + map (username: "if ($1 = \"${username}\") { set $user_exists 1; }") usernames + )} + + # If user doesn't exist, return 400 + if ($user_exists = 0) { + return 400 "User not found"; + } + + # This should not be reached for valid users + return 404; + ''; + }; + }; + + extraConfig = '' + # Enable WebDAV methods + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND PROPPATCH LOCK UNLOCK; + + # Set default maximum file size + client_max_body_size ${cfg.maxFileSize}; + ''; + }; + }; + + # Ensure directories exist + systemd.tmpfiles.rules = [ + "d ${cfg.dataDirectory} 0755 ${cfg.user} ${cfg.group} -" + "d ${socketDirectory} 0755 ${cfg.user} ${cfg.group} -" + ] ++ map (user: "d ${cfg.dataDirectory}/${user.username} 0755 ${cfg.user} ${cfg.group} -") users; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 8ffe939..ba71b7a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,5 +25,5 @@ let in { "cloudflare.age".publicKeys = all-hosts; - "webdav.env.age".publicKeys = all-hosts; + "webdav.age".publicKeys = all-hosts; } diff --git a/secrets/webdav.age b/secrets/webdav.age new file mode 100644 index 0000000..93bd850 --- /dev/null +++ b/secrets/webdav.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 Kfdnog 9oKx6Oz/J/QJ0mmgoLX5AUx0sFdxnPVnjF42bElPSXA +BJ6h4lHGDsf1Npc4bwkvz5htGRT/x/b2bs9WFM2W/pc +-> ssh-ed25519 SP9f6A T5t4apynXLYN/4YEvaHRCI28rrKzet4r6LrbAye5VGk +BsXkZYBxG9zcfLYCd9H0+LW078oCDyYx9zG+DPfE7bA +-> ssh-ed25519 8YSAiw RY0YR30qyJPvhy7eTJLoj2JXpH9qHP43fJaHilJykXM +E5/P0Egz/LKwEhYLYd5Cnrat47gnYn93yDSeYgLi934 +-> ssh-ed25519 7cojTQ qTCTw7CjilThFLmXYph4YhVBhnk1DpnFCGwgioo/XB0 +N31nZ8nInQuddLD3b0bxI5Es/pTvTQD8nz0f/AZtNFg +-> ssh-ed25519 J6tVTA 7OawDsWwtVxu76ZgF0dFclMr19sBNdtu7H+Tr7Pd+SQ +hhVKcscIKIH1WChhRo/RYqUWy1rgs/EKnlHr9uY7QrQ +-> ssh-ed25519 Kl5yTQ +i2Q3uNHw1jAVH76NHy4QbjCc6sBBYjsbr7w4mLaHW4 +JOJ02zU0+IxlbXMBsW4UrvzvLUbifdzABBNL+bc0bBs +--- W40oEFdBUKbi0teNTc6B1sX0ReHDvkIJcBm1dlROnk8 +zҼCn箱e7{{N6az"EHB/BYbD \ No newline at end of file diff --git a/secrets/webdav.env.age b/secrets/webdav.env.age deleted file mode 100644 index 790cbe8..0000000 --- a/secrets/webdav.env.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 Kfdnog iYAk0YU1ekpdPEzhPKPBDeF2oM2XT6ZIqe/6xoJafSA -W0aPLLAsCUOIBqWtxzyZw5l4I72n1BFD/E9Oalz7lYg --> ssh-ed25519 SP9f6A VzaqzMWrKJ5Iuj/A2EnBnEJNApQ0wx6ktNzhqMhxkx4 -0/qTjEcQXanCLODi8pGEYWR6JX2QZU2fHy5REIw0bA8 --> ssh-ed25519 8YSAiw I+aTRniv+tTMrQQiTVONh4ziisdqGbE1Ntyy7zYFe3Y -tc4yyoNsPQum5lPc2/eKY6CXl+bYst9JqsXHJmt2RPo --> ssh-ed25519 7cojTQ 96asBSxBQWOxMaKdvBUXCro5fqpeZnpWSXapjCmxqF8 -m0MBushdOMI9zp7R7VYzPibRXRfsSX9m3HTDaiv3oYQ --> ssh-ed25519 J6tVTA uAW/2s8wHouV06Cf8XOl1MVVniZDU0STJDMyziG1x2E -BpwvevoU5w8m32KssiBUwuQXkvxl3LRjWN8u5dpDdS0 --> ssh-ed25519 Kl5yTQ p6rLLWT7Ey5RhYl4xrFI5blBXtNPMHYj8OezuQEWPU8 -Ao9FmLXhWaCirDOCHM3pVZEdKy0lQs4aNkSj0gtjRvM ---- 6EArX870mq5cAeKEJZfqwVZJ1CLMG2Od7ndZYVOrpfc -v˲1׹sH]Ck+ )˚ZVKnM-, R&>W2 Date: Sun, 6 Jul 2025 19:41:08 -0300 Subject: [PATCH 094/267] export rclone-webdav module --- flake.nix | 10 ++++++++-- hosts/modules/alexandria/services.nix | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 1c8b862..b805c8a 100644 --- a/flake.nix +++ b/flake.nix @@ -123,7 +123,10 @@ alexandria = mkHost { hostname = "alexandria"; type = "server"; - extraModules = [ self.nixosModules.qbittorrent ]; + extraModules = [ + self.nixosModules.qbittorrent + self.nixosModules.rclone-webdav + ]; }; trantor = mkHost { hostname = "trantor"; @@ -196,6 +199,9 @@ ]; }; - nixosModules.qbittorrent = import ./modules/qbittorrent.nix; + nixosModules = { + qbittorrent = import ./modules/qbittorrent.nix; + rclone-webdav = import ./modules/rclone-webdav.nix; + }; }; } diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index f872300..3fdcb2d 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -86,7 +86,7 @@ in rclone-webdav = { enable = true; - authFile = config.age.secrets.wevdav.path; + authFile = config.age.secrets.webdav.path; dataDirectory = "/data/webdav"; maxFileSize = "5G"; listenAddresses = [ "0.0.0.0" ]; From d603d83d7705188f0002e8013104421e0c8e74ff Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 15:56:59 -0300 Subject: [PATCH 095/267] smaller, simpler webdav service --- flake.nix | 2 - hosts/modules/alexandria/services.nix | 103 ++++++++-- modules/rclone-webdav.nix | 267 -------------------------- 3 files changed, 87 insertions(+), 285 deletions(-) delete mode 100644 modules/rclone-webdav.nix diff --git a/flake.nix b/flake.nix index b805c8a..fc1c8be 100644 --- a/flake.nix +++ b/flake.nix @@ -125,7 +125,6 @@ type = "server"; extraModules = [ self.nixosModules.qbittorrent - self.nixosModules.rclone-webdav ]; }; trantor = mkHost { @@ -201,7 +200,6 @@ nixosModules = { qbittorrent = import ./modules/qbittorrent.nix; - rclone-webdav = import ./modules/rclone-webdav.nix; }; }; } diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 3fdcb2d..709dd6d 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let ports = { @@ -6,8 +11,45 @@ let librespeed = "8000"; radicale = "8001"; vaultwarden = "8002"; - webdav = "8003"; }; + rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' + #!/bin/bash + + # Configuration + CREDS_FILE="/run/agenix/webdav" + SERVE_DIR="/data/webdav" + SOCKET_PATH="/run/rclone-webdav/webdav.sock" + + # Check if credentials file exists + if [ ! -f "$CREDS_FILE" ]; then + echo "Error: Credentials file $CREDS_FILE not found" + exit 1 + fi + + # Read credentials from file (format: username:password) + CREDENTIALS=$(cat "$CREDS_FILE") + USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) + PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) + + # Validate credentials + if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then + echo "Error: Invalid credentials format. Expected username:password" + exit 1 + fi + + # Ensure serve directory exists + mkdir -p "$SERVE_DIR" + + # Remove existing socket if it exists + rm -f "$SOCKET_PATH" + + # Start rclone serve webdav + exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ + --addr unix://"$SOCKET_PATH" \ + --user "$USERNAME" \ + --pass "$PASSWORD" \ + --verbose + ''; in { @@ -84,15 +126,6 @@ in }; }; - rclone-webdav = { - enable = true; - authFile = config.age.secrets.webdav.path; - dataDirectory = "/data/webdav"; - maxFileSize = "5G"; - listenAddresses = [ "0.0.0.0" ]; - port = lib.toInt ports.webdav; - }; - vaultwarden = { enable = true; config = { @@ -142,9 +175,47 @@ in }; }; - # TODO: remove when bug fix - # serokell/deploy-rs/issues/57 - # NixOS/nixpkgs/issues/180175 - # Workaround for upstream bug in NetworkManager-wait-online.service - systemd.services.NetworkManager-wait-online.enable = false; + systemd.services = { + # TODO: remove when bug fix + # serokell/deploy-rs/issues/57 + # NixOS/nixpkgs/issues/180175 + # Workaround for upstream bug in NetworkManager-wait-online.service + NetworkManager-wait-online.enable = false; + rclone-webdav = { + description = "RClone WebDAV Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "exec"; + User = "user"; + Group = "users"; + ExecStart = "${rclone-webdav-start}"; + Restart = "always"; + RestartSec = "10"; + + # Security settings + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + "/data/webdav" + "/run" + ]; + + # Create runtime directory for socket + RuntimeDirectory = "rclone-webdav"; + RuntimeDirectoryMode = "0755"; + }; + + # Ensure the user exists + preStart = '' + # Create webdav directory if it doesn't exist + mkdir -p /data/webdav + chown user:users /data/webdav + chmod 755 /data/webdav + ''; + }; + }; } diff --git a/modules/rclone-webdav.nix b/modules/rclone-webdav.nix deleted file mode 100644 index 097537c..0000000 --- a/modules/rclone-webdav.nix +++ /dev/null @@ -1,267 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; - -let - cfg = config.services.rclone-webdav; - - parseUserFile = - userFile: - let - content = builtins.readFile userFile; - lines = filter (line: line != "" && !hasPrefix "#" line) (splitString "\n" content); - parseUser = - line: - let - parts = splitString ":" line; - in - { - username = elemAt parts 0; - password = elemAt parts 1; - }; - in - map parseUser lines; - - users = if cfg.authFile != null then parseUserFile cfg.authFile else [ ]; - usernames = map (u: u.username) users; - - socketDirectory = "/var/lib/webdav"; - - # Generate rclone service for each user - mkRcloneService = - user: - nameValuePair "rclone-webdav-${user.username}" { - description = "rclone WebDAV service for ${user.username}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - Restart = "always"; - RestartSec = "5s"; - - # Ensure directories exist - ExecStartPre = [ - "${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDirectory}/${user.username}" - "${pkgs.coreutils}/bin/mkdir -p ${socketDirectory}" - "${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.dataDirectory}/${user.username}" - "${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${socketDirectory}" - ]; - - ExecStart = '' - ${pkgs.rclone}/bin/rclone serve webdav ${cfg.dataDirectory}/${user.username} \ - --addr unix:${socketDirectory}/rclone-${user.username}.sock \ - --user ${user.username} \ - --pass ${user.password} \ - --log-level INFO - ''; - - # Security settings - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - cfg.dataDirectory - socketDirectory - ]; - }; - }; - - # Generate nginx upstream for each user - mkNginxUpstream = user: { - name = "rclone-${user.username}"; - value = { - servers = { - "unix:${socketDirectory}/rclone-${user.username}.sock" = { }; - }; - }; - }; - - # Generate nginx location for each user - mkNginxLocation = user: { - name = "/${user.username}/"; - value = { - proxyPass = "http://rclone-${user.username}"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Remove the username prefix from the path - rewrite ^/${user.username}/(.*) /$1 break; - - # WebDAV specific headers - proxy_set_header Destination $http_destination; - proxy_set_header Depth $http_depth; - proxy_set_header Overwrite $http_overwrite; - proxy_set_header Lock-Token $http_lock_token; - proxy_set_header If $http_if; - - # Allow WebDAV methods - proxy_method $request_method; - - # Increase timeouts for large file uploads - proxy_connect_timeout 300s; - proxy_send_timeout 300s; - proxy_read_timeout 300s; - - # Set maximum file size for this location - client_max_body_size ${cfg.maxFileSize}; - ''; - }; - }; - -in -{ - options.services.rclone-webdav = { - enable = mkEnableOption "rclone WebDAV multi-user service"; - - authFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to file containing username:password pairs, one per line"; - example = "/etc/rclone-webdav-users"; - }; - - dataDirectory = mkOption { - type = types.str; - default = "/srv/webdav"; - description = "Base directory where user subdirectories will be created"; - }; - - user = mkOption { - type = types.str; - default = "webdav"; - description = "User to run rclone services as"; - }; - - group = mkOption { - type = types.str; - default = "webdav"; - description = "Group to run rclone services as"; - }; - - listenAddresses = mkOption { - type = types.listOf types.str; - default = [ "localhost" ]; - description = "List of addresses for nginx to listen on"; - example = [ - "localhost" - "127.0.0.1" - "::1" - ]; - }; - - port = mkOption { - type = types.port; - default = 8000; - description = "Port for nginx to listen on"; - }; - - maxFileSize = mkOption { - type = types.str; - default = "0"; - description = "Maximum file size for uploads (nginx client_max_body_size). Use '0' for unlimited."; - example = "100M"; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.authFile != null; - message = "services.rclone-webdav.authFile must be specified"; - } - { - assertion = users != [ ]; - message = "Auth file must contain at least one user"; - } - ]; - - # Create user and group - users.users = mkIf (cfg.user == "webdav") { - webdav = { - isSystemUser = true; - group = cfg.group; - description = "rclone WebDAV service user"; - home = cfg.dataDirectory; - createHome = true; - }; - }; - - users.groups = mkIf (cfg.group == "webdav") { - webdav = { - gid = null; - }; - }; - - # Create systemd services for each user - systemd.services = listToAttrs (map mkRcloneService users); - - # Configure nginx - services.nginx = { - enable = true; - - upstreams = listToAttrs (map mkNginxUpstream users); - - virtualHosts."rclone-webdav" = { - listen = map (addr: { - addr = addr; - port = cfg.port; - }) cfg.listenAddresses; - - locations = listToAttrs (map mkNginxLocation users) // { - "/" = { - return = "200 'rclone WebDAV Multi-user Server'"; - extraConfig = '' - add_header Content-Type text/plain; - ''; - }; - - # Catch-all location for non-existent users - return 400 - "~* ^/([^/]+)/" = { - extraConfig = '' - # Check if the requested user exists - set $user_exists 0; - ${concatStringsSep "\n" ( - map (username: "if ($1 = \"${username}\") { set $user_exists 1; }") usernames - )} - - # If user doesn't exist, return 400 - if ($user_exists = 0) { - return 400 "User not found"; - } - - # This should not be reached for valid users - return 404; - ''; - }; - }; - - extraConfig = '' - # Enable WebDAV methods - dav_methods PUT DELETE MKCOL COPY MOVE; - dav_ext_methods PROPFIND PROPPATCH LOCK UNLOCK; - - # Set default maximum file size - client_max_body_size ${cfg.maxFileSize}; - ''; - }; - }; - - # Ensure directories exist - systemd.tmpfiles.rules = [ - "d ${cfg.dataDirectory} 0755 ${cfg.user} ${cfg.group} -" - "d ${socketDirectory} 0755 ${cfg.user} ${cfg.group} -" - ] ++ map (user: "d ${cfg.dataDirectory}/${user.username} 0755 ${cfg.user} ${cfg.group} -") users; - }; -} From deb62f4a7369e1e793b6b9c8cb2def5b4c0bc6ac Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 16:02:35 -0300 Subject: [PATCH 096/267] webdav credentials belong to wrong user --- hosts/modules/alexandria/services.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 709dd6d..21047da 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -170,8 +170,8 @@ in }; webdav = { file = ../../../secrets/webdav.age; - owner = "webdav"; - group = "webdav"; + owner = "user"; + group = "users"; }; }; From 47ff3a180226c6b66dde21b76d75f2ca9d2cad24 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 16:09:47 -0300 Subject: [PATCH 097/267] dummy rclone config file --- hosts/modules/alexandria/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 21047da..7dfcf91 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -48,6 +48,7 @@ let --addr unix://"$SOCKET_PATH" \ --user "$USERNAME" \ --pass "$PASSWORD" \ + --config="" \ --verbose ''; in From aa4caeea9f4c657e6a7ba84f33c54f72cfc2489b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 16:16:45 -0300 Subject: [PATCH 098/267] reverse proxy the webdav share --- hosts/modules/alexandria/services.nix | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 7dfcf91..5ba6480 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -103,10 +103,22 @@ in "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; - # "webdav.baduhai.dev".locations."/" = { - # proxyPass = "http://127.0.0.1:${ports.webdav}"; - # proxyNoTimeout = true; - # }; + "webdav.baduhai.dev".locations."/" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/"; + extraConfig = '' + # WebDAV specific headers + proxy_pass_header Authorization; + # Increase timeouts for large file uploads + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + # Allow large file uploads + client_max_body_size 10G; + # Buffer settings for better performance + proxy_buffering off; + proxy_request_buffering off; + ''; + }; }; }; From d79fbeb4196351046611c7140c026548aaae06d1 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 16:29:46 -0300 Subject: [PATCH 099/267] nginx needs access to the webdav socket --- hosts/modules/alexandria/services.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 5ba6480..cced543 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -219,7 +219,8 @@ in # Create runtime directory for socket RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0755"; + RuntimeDirectoryMode = "0750"; + UMask = "0002"; }; # Ensure the user exists @@ -228,6 +229,10 @@ in mkdir -p /data/webdav chown user:users /data/webdav chmod 755 /data/webdav + # Ensure nginx can access the socket directory + mkdir -p /run/rclone-webdav + chown user:nginx /run/rclone-webdav + chmod 750 /run/rclone-webdav ''; }; }; From dc515dd29fc5963e89e73eac799d19d5a266d4d6 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 16:35:02 -0300 Subject: [PATCH 100/267] proper handling of rwebdav socket permissions --- hosts/modules/alexandria/services.nix | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index cced543..8c006df 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -189,25 +189,17 @@ in }; systemd.services = { - # TODO: remove when bug fix - # serokell/deploy-rs/issues/57 - # NixOS/nixpkgs/issues/180175 - # Workaround for upstream bug in NetworkManager-wait-online.service - NetworkManager-wait-online.enable = false; rclone-webdav = { description = "RClone WebDAV Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig = { Type = "exec"; User = "user"; - Group = "users"; + Group = "nginx"; ExecStart = "${rclone-webdav-start}"; Restart = "always"; RestartSec = "10"; - - # Security settings NoNewPrivileges = true; PrivateTmp = true; ProtectSystem = "strict"; @@ -216,24 +208,20 @@ in "/data/webdav" "/run" ]; - - # Create runtime directory for socket RuntimeDirectory = "rclone-webdav"; RuntimeDirectoryMode = "0750"; UMask = "0002"; }; - - # Ensure the user exists preStart = '' - # Create webdav directory if it doesn't exist mkdir -p /data/webdav chown user:users /data/webdav chmod 755 /data/webdav - # Ensure nginx can access the socket directory - mkdir -p /run/rclone-webdav - chown user:nginx /run/rclone-webdav - chmod 750 /run/rclone-webdav ''; }; + # TODO: remove when bug fix + # serokell/deploy-rs/issues/57 + # NixOS/nixpkgs/issues/180175 + # Workaround for upstream bug in NetworkManager-wait-online.service + NetworkManager-wait-online.enable = false; }; } From 8ec9bab6baa2a4156d51d637dd43c01d4fb1d796 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 12 Jul 2025 16:54:21 -0300 Subject: [PATCH 101/267] added rclone pkg to desktops --- hosts/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 40f3694..e7c9927 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -114,6 +114,7 @@ qbittorrent quickemu quickgui + rclone steam-run toggleaudiosink unrar From 13d75db8cb29df91e81a54133c05eba6cb6672fd Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 12:41:28 -0300 Subject: [PATCH 102/267] added git-pull-timer service --- flake.nix | 2 + hosts/modules/services.nix | 9 +++ modules/git-pull-timer.nix | 158 +++++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 modules/git-pull-timer.nix diff --git a/flake.nix b/flake.nix index fc1c8be..a6309e0 100644 --- a/flake.nix +++ b/flake.nix @@ -79,6 +79,7 @@ impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak stylix.nixosModules.stylix + self.nixosModules.git-pull-timer { nixpkgs.overlays = [ agenix.overlays.default @@ -200,6 +201,7 @@ nixosModules = { qbittorrent = import ./modules/qbittorrent.nix; + git-pull-timer = import ./modules/git-pull-timer.nix; }; }; } diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix index 85939f7..a63e75d 100644 --- a/hosts/modules/services.nix +++ b/hosts/modules/services.nix @@ -18,6 +18,15 @@ enable = true; settings.PermitRootLogin = "no"; }; + git-pull-timer = { + enable = true; + remoteAddresses = [ + "git@github.com:baduhai/nix-config.git" + "https://github.com/baduhai/nix-config.git" + ]; + user = "user"; + group = "users"; + }; fwupd.enable = true; fstrim.enable = true; }; diff --git a/modules/git-pull-timer.nix b/modules/git-pull-timer.nix new file mode 100644 index 0000000..69efd8b --- /dev/null +++ b/modules/git-pull-timer.nix @@ -0,0 +1,158 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.git-pull-timer; +in +{ + options.services.git-pull-timer = { + enable = mkEnableOption "git pull timer service"; + + onCalendar = mkOption { + type = types.listOf types.str; + default = [ "daily" ]; + description = "OnCalendar options for the timer (systemd calendar format)"; + example = [ + "hourly" + "daily" + "*:0/30" + ]; + }; + + onBoot = mkOption { + type = types.bool; + default = false; + description = "Enable OnBootSec = 5min option for the timer"; + }; + + persistent = mkOption { + type = types.bool; + default = true; + description = "Persistent option for the timer (catch up missed runs)"; + }; + + remoteAddresses = mkOption { + type = types.listOf types.str; + default = null; + description = "List of git remote addresses to try in order"; + example = [ + "git@github.com:user/repo.git" + "https://github.com/user/repo.git" + ]; + }; + + directory = mkOption { + type = types.str; + default = "/etc/nixos"; + description = "Directory where the git repository should be located"; + }; + + user = mkOption { + type = types.str; + default = null; + description = "User to run the git operations as"; + }; + + group = mkOption { + type = types.str; + default = null; + description = "Group to run the git operations as"; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.remoteAddresses != null && cfg.remoteAddresses != [ ]; + message = "services.git-pull-timer.remoteAddresses must be set and non-empty"; + } + { + assertion = cfg.user != null; + message = "services.git-pull-timer.user must be set"; + } + { + assertion = cfg.group != null; + message = "services.git-pull-timer.group must be set"; + } + ]; + + systemd.services.git-pull-timer = { + description = "Pull git repository"; + serviceConfig = { + Type = "oneshot"; + ExecStartPre = [ + "+${pkgs.coreutils}/bin/mkdir -p ${cfg.directory}" + "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.directory}" + ]; + ExecStart = pkgs.writeShellScript "git-pull-script" '' + set -e + cd ${cfg.directory} + + # Check if this is a git repository + if ! ${pkgs.git}/bin/git rev-parse --git-dir > /dev/null 2>&1; then + echo "No git repository found, attempting to clone..." + + # Try each remote address in order + success=false + ${concatMapStringsSep "\n" (addr: '' + if [ "$success" = "false" ]; then + echo "Trying to clone from: ${addr}" + if ${pkgs.git}/bin/git clone ${addr} . 2>/dev/null; then + echo "Successfully cloned from: ${addr}" + success=true + else + echo "Failed to clone from: ${addr}" + fi + fi + '') cfg.remoteAddresses} + + if [ "$success" = "false" ]; then + echo "All clone attempts failed" + exit 1 + fi + else + echo "Git repository exists, pulling updates..." + + # Check if there are unstaged changes + if ! ${pkgs.git}/bin/git diff --quiet; then + echo "Unstaged changes detected, stashing..." + ${pkgs.git}/bin/git stash push -m "Auto-stash before pull $(date)" + fi + + # Check if there are staged changes + if ! ${pkgs.git}/bin/git diff --cached --quiet; then + echo "Staged changes detected, pulling with rebase..." + ${pkgs.git}/bin/git pull --rebase + else + echo "No staged changes, doing regular pull..." + ${pkgs.git}/bin/git pull + fi + fi + ''; + User = cfg.user; + Group = cfg.group; + }; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + }; + + systemd.timers.git-pull-timer = { + description = "Timer for git pull service"; + timerConfig = + { + OnCalendar = cfg.onCalendar; + Persistent = cfg.persistent; + } + // optionalAttrs cfg.onBoot { + OnBootSec = "5min"; + }; + wantedBy = [ "timers.target" ]; + }; + }; +} From 7e0a0693549605afec672f51823b8f4d4b97d828 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 12:53:04 -0300 Subject: [PATCH 103/267] /etc/nixos needs to be persistent --- hosts/modules/impermanence.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix index 7c5c7d6..b2182a6 100644 --- a/hosts/modules/impermanence.nix +++ b/hosts/modules/impermanence.nix @@ -27,6 +27,7 @@ ]; directories = [ "/etc/NetworkManager/system-connections" + "/etc/nixos" "/var/lib/bluetooth" "/var/lib/flatpak" "/var/lib/nixos" From 122b36204c5852a349fb6d8a1c98c4344815489f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 13:16:29 -0300 Subject: [PATCH 104/267] use nixos-cli --- flake.lock | 157 +++++++++++++++++++++++++++++++++++-- flake.nix | 4 + hosts/modules/programs.nix | 1 + hosts/modules/services.nix | 7 ++ 4 files changed, 163 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7e80c31..70aca9c 100644 --- a/flake.lock +++ b/flake.lock @@ -188,6 +188,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "locked": { "lastModified": 1747046372, "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", @@ -223,6 +239,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -419,13 +453,54 @@ "type": "github" } }, + "nix-options-doc": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1742115705, + "narHash": "sha256-RfXwJPWBoWswIU68+y/XZfTWtFHd/fK14bKvOlRmfPo=", + "owner": "Thunderbottom", + "repo": "nix-options-doc", + "rev": "2caa4b5756a8666d65d70122f413e295f56886e7", + "type": "github" + }, + "original": { + "owner": "Thunderbottom", + "ref": "v0.2.0", + "repo": "nix-options-doc", + "type": "github" + } + }, + "nixos-cli": { + "inputs": { + "flake-compat": "flake-compat_2", + "nix-options-doc": "nix-options-doc", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1752359519, + "narHash": "sha256-ksd2Gu1JpKU3rKvbkpiUlrkY72M8VAln1w4W7pj77WQ=", + "owner": "nix-community", + "repo": "nixos-cli", + "rev": "c2778572d75bc27ae2234653c5ce9489930d0c7d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-cli", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1740695751, + "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", "type": "github" }, "original": { @@ -451,6 +526,38 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1751625545, + "narHash": "sha256-4E7wWftF1ExK5ZEDzj41+9mVgxtuRV3wWCId7QAYMAU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c860cf0b3a0829f0f6cf344ca8de83a2bbfab428", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -486,11 +593,34 @@ "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs", + "nixos-cli": "nixos-cli", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixos-cli", + "nix-options-doc", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740796337, + "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -498,7 +628,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", @@ -507,7 +637,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems_3", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -573,6 +703,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index a6309e0..9dfb40c 100644 --- a/flake.nix +++ b/flake.nix @@ -34,6 +34,8 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; + nixos-cli.url = "github:nix-community/nixos-cli"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; impermanence.url = "github:nix-community/impermanence"; @@ -50,6 +52,7 @@ disko, agenix, deploy-rs, + nixos-cli, nix-flatpak, impermanence, ... @@ -79,6 +82,7 @@ impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak stylix.nixosModules.stylix + nixos-cli.nixosModules.nixos-cli self.nixosModules.git-pull-timer { nixpkgs.overlays = [ diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index e7c9927..8715d07 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -18,6 +18,7 @@ ### System Utilities ### btop nixos-firewall-tool + nvd sysz tmux wget diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix index a63e75d..e6ca3f1 100644 --- a/hosts/modules/services.nix +++ b/hosts/modules/services.nix @@ -27,6 +27,13 @@ user = "user"; group = "users"; }; + nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; fwupd.enable = true; fstrim.enable = true; }; From 141a7e8be650be8a1da721b84a7560639886955c Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 14:24:31 -0300 Subject: [PATCH 105/267] sys aliases no longer needed --- users/modules/user/programs.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index 9b25dbb..a024663 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -127,14 +127,6 @@ pkgs.obs-studio-plugins.obs-pipewire-audio-capture ]; }; - - fish = { - functions = { - sysrebuild = "nh os switch --ask"; - sysrebuild-boot = "nh os boot --ask"; - sysupdate = "nix flake update --commit-lock-file --flake /home/user/Projects/personal/nix-config"; - }; - }; }; }) ]; From 8a1af741dd358ce1c7542294717253a54c47af32 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 18:39:01 -0300 Subject: [PATCH 106/267] add nixos-deploy wrapper --- flake.nix | 1 + hosts/modules/programs.nix | 1 + packages/nixos-deploy.nix | 111 +++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 packages/nixos-deploy.nix diff --git a/flake.nix b/flake.nix index 9dfb40c..f465c91 100644 --- a/flake.nix +++ b/flake.nix @@ -143,6 +143,7 @@ overlay = final: prev: { }; workstationOverlay = final: prev: { + nixos-deploy = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/nixos-deploy.nix { }; plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; toggleaudiosink = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/toggleaudiosink.nix diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 8715d07..e3e9091 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -111,6 +111,7 @@ kde-rounded-corners libfido2 mission-center + nixos-deploy p7zip qbittorrent quickemu diff --git a/packages/nixos-deploy.nix b/packages/nixos-deploy.nix new file mode 100644 index 0000000..160c628 --- /dev/null +++ b/packages/nixos-deploy.nix @@ -0,0 +1,111 @@ +{ + lib, + writeShellScript, + nixos-rebuild, + openssh, + coreutils, + gnugrep, + gawk, +}: + +writeShellScript "nixos-deploy" '' + set -euo pipefail + + LOCAL_BUILD=false + ACTION="switch" + FLAKE_URI="" + TARGET_HOST="" + SSH_USER="" + SSH_HOST="" + + show_usage() { + echo -e "Usage: nixos-deploy [--local-build] [--boot] [user@]host" + echo "" + echo -e "Arguments:" + echo " flake-uri Flake URI (e.g., .#hostname)" + echo " [user@]host Target host, optionally with user" + echo "" + echo -e "Options:" + echo " --local-build Build locally instead of on remote" + echo " --boot Use 'boot' instead of 'switch' action" + echo "" + echo -e "Examples:" + echo " nixos-deploy .#hostname user@192.168.1.10" + echo " nixos-deploy --local-build .#hostname 192.168.1.10" + echo " nixos-deploy --boot .#hostname 192.168.1.10" + echo " nixos-deploy .#hostname 192.168.1.10 # uses current user" + exit 1 + } + + while [[ $# -gt 0 ]]; do + case $1 in + --local-build) + LOCAL_BUILD=true + shift + ;; + --boot) + ACTION="boot" + shift + ;; + --help|-h) + show_usage + ;; + -*) + echo -e "Unknown option: $1" + show_usage + ;; + *) + if [[ -z "$FLAKE_URI" ]]; then + FLAKE_URI="$1" + elif [[ -z "$TARGET_HOST" ]]; then + TARGET_HOST="$1" + else + echo -e "Too many arguments" + show_usage + fi + shift + ;; + esac + done + + if [[ -z "$FLAKE_URI" ]]; then + echo -e "flake-uri is required" + show_usage + fi + + if [[ -z "$TARGET_HOST" ]]; then + echo -e "target host is required" + show_usage + fi + + if [[ "$TARGET_HOST" == *"@"* ]]; then + SSH_USER="''${TARGET_HOST%@*}" + SSH_HOST="''${TARGET_HOST#*@}" + else + SSH_USER="$(${coreutils}/bin/whoami)" + SSH_HOST="$TARGET_HOST" + fi + + echo "Deploying $FLAKE_URI to $SSH_HOST as user $SSH_USER (action: $ACTION)" + + if [[ "$LOCAL_BUILD" != "true" ]]; then + GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$" + fi + + REBUILD_CMD="${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" + + if [[ "$LOCAL_BUILD" == "true" ]]; then + echo -e "Building locally and deploying to remote host" + else + REBUILD_CMD="$REBUILD_CMD --build-host $SSH_HOST" + echo -e "Building on remote host" + fi + + if [[ "$SSH_USER" != "root" ]]; then + REBUILD_CMD="$REBUILD_CMD --use-remote-sudo" + echo -e "Using remote sudo for non-root user" + fi + + echo -e "Running: $REBUILD_CMD" + exec $REBUILD_CMD +'' From 79a2576dfd189cadceaefd4821952635642666c9 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 18:44:55 -0300 Subject: [PATCH 107/267] use stdenv on nixos-deploy derivation --- packages/nixos-deploy.nix | 217 +++++++++++++++++++++----------------- 1 file changed, 120 insertions(+), 97 deletions(-) diff --git a/packages/nixos-deploy.nix b/packages/nixos-deploy.nix index 160c628..227ea4e 100644 --- a/packages/nixos-deploy.nix +++ b/packages/nixos-deploy.nix @@ -1,111 +1,134 @@ -{ - lib, - writeShellScript, - nixos-rebuild, - openssh, - coreutils, - gnugrep, - gawk, +{ lib +, stdenv +, nixos-rebuild +, openssh +, coreutils +, gnugrep +, gawk }: -writeShellScript "nixos-deploy" '' - set -euo pipefail +stdenv.mkDerivation rec { + pname = "nixos-deploy"; + version = "1.0"; - LOCAL_BUILD=false - ACTION="switch" - FLAKE_URI="" - TARGET_HOST="" - SSH_USER="" - SSH_HOST="" + src = lib.fakeSha256; # will be ignored since we're using `installPhase` - show_usage() { - echo -e "Usage: nixos-deploy [--local-build] [--boot] [user@]host" - echo "" - echo -e "Arguments:" - echo " flake-uri Flake URI (e.g., .#hostname)" - echo " [user@]host Target host, optionally with user" - echo "" - echo -e "Options:" - echo " --local-build Build locally instead of on remote" - echo " --boot Use 'boot' instead of 'switch' action" - echo "" - echo -e "Examples:" - echo " nixos-deploy .#hostname user@192.168.1.10" - echo " nixos-deploy --local-build .#hostname 192.168.1.10" - echo " nixos-deploy --boot .#hostname 192.168.1.10" - echo " nixos-deploy .#hostname 192.168.1.10 # uses current user" - exit 1 - } + dontUnpack = true; - while [[ $# -gt 0 ]]; do - case $1 in - --local-build) - LOCAL_BUILD=true - shift - ;; - --boot) - ACTION="boot" - shift - ;; - --help|-h) - show_usage - ;; - -*) - echo -e "Unknown option: $1" - show_usage - ;; - *) - if [[ -z "$FLAKE_URI" ]]; then - FLAKE_URI="$1" - elif [[ -z "$TARGET_HOST" ]]; then - TARGET_HOST="$1" - else - echo -e "Too many arguments" - show_usage - fi - shift - ;; - esac - done + buildInputs = [ ]; - if [[ -z "$FLAKE_URI" ]]; then - echo -e "flake-uri is required" - show_usage - fi + installPhase = '' + mkdir -p $out/bin + cat > $out/bin/nixos-deploy << 'EOF' +#!/usr/bin/env bash +set -euo pipefail - if [[ -z "$TARGET_HOST" ]]; then - echo -e "target host is required" - show_usage - fi +LOCAL_BUILD=false +ACTION="switch" +FLAKE_URI="" +TARGET_HOST="" +SSH_USER="" +SSH_HOST="" - if [[ "$TARGET_HOST" == *"@"* ]]; then - SSH_USER="''${TARGET_HOST%@*}" - SSH_HOST="''${TARGET_HOST#*@}" - else - SSH_USER="$(${coreutils}/bin/whoami)" - SSH_HOST="$TARGET_HOST" - fi +show_usage() { + echo -e "Usage: nixos-deploy [--local-build] [--boot] [user@]host" + echo "" + echo -e "Arguments:" + echo " flake-uri Flake URI (e.g., .#hostname)" + echo " [user@]host Target host, optionally with user" + echo "" + echo -e "Options:" + echo " --local-build Build locally instead of on remote" + echo " --boot Use 'boot' instead of 'switch' action" + echo "" + echo -e "Examples:" + echo " nixos-deploy .#hostname user@192.168.1.10" + echo " nixos-deploy --local-build .#hostname 192.168.1.10" + echo " nixos-deploy --boot .#hostname 192.168.1.10" + echo " nixos-deploy .#hostname 192.168.1.10 # uses current user" + exit 1 +} - echo "Deploying $FLAKE_URI to $SSH_HOST as user $SSH_USER (action: $ACTION)" +while [[ $# -gt 0 ]]; do + case $1 in + --local-build) + LOCAL_BUILD=true + shift + ;; + --boot) + ACTION="boot" + shift + ;; + --help|-h) + show_usage + ;; + -*) + echo -e "Unknown option: $1" + show_usage + ;; + *) + if [[ -z "$FLAKE_URI" ]]; then + FLAKE_URI="$1" + elif [[ -z "$TARGET_HOST" ]]; then + TARGET_HOST="$1" + else + echo -e "Too many arguments" + show_usage + fi + shift + ;; + esac +done - if [[ "$LOCAL_BUILD" != "true" ]]; then - GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$" - fi +if [[ -z "$FLAKE_URI" ]]; then + echo -e "flake-uri is required" + show_usage +fi - REBUILD_CMD="${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" +if [[ -z "$TARGET_HOST" ]]; then + echo -e "target host is required" + show_usage +fi - if [[ "$LOCAL_BUILD" == "true" ]]; then - echo -e "Building locally and deploying to remote host" - else - REBUILD_CMD="$REBUILD_CMD --build-host $SSH_HOST" - echo -e "Building on remote host" - fi +if [[ "$TARGET_HOST" == *"@"* ]]; then + SSH_USER="${TARGET_HOST%@*}" + SSH_HOST="${TARGET_HOST#*@}" +else + SSH_USER="$("${coreutils}/bin/whoami")" + SSH_HOST="$TARGET_HOST" +fi - if [[ "$SSH_USER" != "root" ]]; then - REBUILD_CMD="$REBUILD_CMD --use-remote-sudo" - echo -e "Using remote sudo for non-root user" - fi +echo "Deploying $FLAKE_URI to $SSH_HOST as user $SSH_USER (action: $ACTION)" + +if [[ "$LOCAL_BUILD" != "true" ]]; then + GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$$" +fi + +REBUILD_CMD="${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" + +if [[ "$LOCAL_BUILD" == "true" ]]; then + echo -e "Building locally and deploying to remote host" +else + REBUILD_CMD="$REBUILD_CMD --build-host $SSH_HOST" + echo -e "Building on remote host" +fi + +if [[ "$SSH_USER" != "root" ]]; then + REBUILD_CMD="$REBUILD_CMD --use-remote-sudo" + echo -e "Using remote sudo for non-root user" +fi + +echo -e "Running: $REBUILD_CMD" +exec $REBUILD_CMD +EOF + chmod +x $out/bin/nixos-deploy + ''; + + meta = with lib; { + description = "Tool to deploy a NixOS flake to a remote host using nixos-rebuild"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + platforms = platforms.unix; + }; +} - echo -e "Running: $REBUILD_CMD" - exec $REBUILD_CMD -'' From 1ebbb7937ddd8b5e5d8d04189dc2283a16c12f9e Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 18:46:39 -0300 Subject: [PATCH 108/267] fix character escaping in nixos-deploy --- packages/nixos-deploy.nix | 205 +++++++++++++++++++------------------- 1 file changed, 101 insertions(+), 104 deletions(-) diff --git a/packages/nixos-deploy.nix b/packages/nixos-deploy.nix index 227ea4e..e9c90f2 100644 --- a/packages/nixos-deploy.nix +++ b/packages/nixos-deploy.nix @@ -1,134 +1,131 @@ -{ lib -, stdenv -, nixos-rebuild -, openssh -, coreutils -, gnugrep -, gawk +{ + lib, + stdenv, + nixos-rebuild, + openssh, + coreutils, + gnugrep, + gawk, }: stdenv.mkDerivation rec { pname = "nixos-deploy"; version = "1.0"; - src = lib.fakeSha256; # will be ignored since we're using `installPhase` - + src = null; dontUnpack = true; - buildInputs = [ ]; - installPhase = '' - mkdir -p $out/bin - cat > $out/bin/nixos-deploy << 'EOF' -#!/usr/bin/env bash -set -euo pipefail + mkdir -p $out/bin + cat > $out/bin/nixos-deploy << 'EOF' + #!/usr/bin/env bash + set -euo pipefail -LOCAL_BUILD=false -ACTION="switch" -FLAKE_URI="" -TARGET_HOST="" -SSH_USER="" -SSH_HOST="" + LOCAL_BUILD=false + ACTION="switch" + FLAKE_URI="" + TARGET_HOST="" + SSH_USER="" + SSH_HOST="" -show_usage() { - echo -e "Usage: nixos-deploy [--local-build] [--boot] [user@]host" - echo "" - echo -e "Arguments:" - echo " flake-uri Flake URI (e.g., .#hostname)" - echo " [user@]host Target host, optionally with user" - echo "" - echo -e "Options:" - echo " --local-build Build locally instead of on remote" - echo " --boot Use 'boot' instead of 'switch' action" - echo "" - echo -e "Examples:" - echo " nixos-deploy .#hostname user@192.168.1.10" - echo " nixos-deploy --local-build .#hostname 192.168.1.10" - echo " nixos-deploy --boot .#hostname 192.168.1.10" - echo " nixos-deploy .#hostname 192.168.1.10 # uses current user" - exit 1 -} + show_usage() { + echo -e "Usage: nixos-deploy [--local-build] [--boot] [user@]host" + echo "" + echo -e "Arguments:" + echo " flake-uri Flake URI (e.g., .#hostname)" + echo " [user@]host Target host, optionally with user" + echo "" + echo -e "Options:" + echo " --local-build Build locally instead of on remote" + echo " --boot Use 'boot' instead of 'switch' action" + echo "" + echo -e "Examples:" + echo " nixos-deploy .#hostname user@192.168.1.10" + echo " nixos-deploy --local-build .#hostname 192.168.1.10" + echo " nixos-deploy --boot .#hostname 192.168.1.10" + echo " nixos-deploy .#hostname 192.168.1.10 # uses current user" + exit 1 + } -while [[ $# -gt 0 ]]; do - case $1 in - --local-build) - LOCAL_BUILD=true - shift - ;; - --boot) - ACTION="boot" - shift - ;; - --help|-h) - show_usage - ;; - -*) - echo -e "Unknown option: $1" - show_usage - ;; - *) - if [[ -z "$FLAKE_URI" ]]; then - FLAKE_URI="$1" - elif [[ -z "$TARGET_HOST" ]]; then - TARGET_HOST="$1" - else - echo -e "Too many arguments" + while [[ $# -gt 0 ]]; do + case $1 in + --local-build) + LOCAL_BUILD=true + shift + ;; + --boot) + ACTION="boot" + shift + ;; + --help|-h) show_usage - fi - shift - ;; - esac -done + ;; + -*) + echo -e "Unknown option: $1" + show_usage + ;; + *) + if [[ -z "$FLAKE_URI" ]]; then + FLAKE_URI="$1" + elif [[ -z "$TARGET_HOST" ]]; then + TARGET_HOST="$1" + else + echo -e "Too many arguments" + show_usage + fi + shift + ;; + esac + done -if [[ -z "$FLAKE_URI" ]]; then - echo -e "flake-uri is required" - show_usage -fi + if [[ -z "$FLAKE_URI" ]]; then + echo -e "flake-uri is required" + show_usage + fi -if [[ -z "$TARGET_HOST" ]]; then - echo -e "target host is required" - show_usage -fi + if [[ -z "$TARGET_HOST" ]]; then + echo -e "target host is required" + show_usage + fi -if [[ "$TARGET_HOST" == *"@"* ]]; then - SSH_USER="${TARGET_HOST%@*}" - SSH_HOST="${TARGET_HOST#*@}" -else - SSH_USER="$("${coreutils}/bin/whoami")" - SSH_HOST="$TARGET_HOST" -fi + if [[ "$TARGET_HOST" == *"@"* ]]; then + SSH_USER="''${TARGET_HOST%@*}" + SSH_HOST="''${TARGET_HOST#*@}" + else + SSH_USER="$("''${coreutils}/bin/whoami")" + SSH_HOST="$TARGET_HOST" + fi -echo "Deploying $FLAKE_URI to $SSH_HOST as user $SSH_USER (action: $ACTION)" + echo "Deploying $FLAKE_URI to $SSH_HOST as user $SSH_USER (action: $ACTION)" -if [[ "$LOCAL_BUILD" != "true" ]]; then - GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$$" -fi + if [[ "$LOCAL_BUILD" != "true" ]]; then + GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$$" + fi -REBUILD_CMD="${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" + REBUILD_CMD="''${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" -if [[ "$LOCAL_BUILD" == "true" ]]; then - echo -e "Building locally and deploying to remote host" -else - REBUILD_CMD="$REBUILD_CMD --build-host $SSH_HOST" - echo -e "Building on remote host" -fi + if [[ "$LOCAL_BUILD" == "true" ]]; then + echo -e "Building locally and deploying to remote host" + else + REBUILD_CMD="$REBUILD_CMD --build-host $SSH_HOST" + echo -e "Building on remote host" + fi -if [[ "$SSH_USER" != "root" ]]; then - REBUILD_CMD="$REBUILD_CMD --use-remote-sudo" - echo -e "Using remote sudo for non-root user" -fi + if [[ "$SSH_USER" != "root" ]]; then + REBUILD_CMD="$REBUILD_CMD --use-remote-sudo" + echo -e "Using remote sudo for non-root user" + fi -echo -e "Running: $REBUILD_CMD" -exec $REBUILD_CMD -EOF - chmod +x $out/bin/nixos-deploy + echo -e "Running: $REBUILD_CMD" + exec $REBUILD_CMD + EOF + + chmod +x $out/bin/nixos-deploy ''; meta = with lib; { description = "Tool to deploy a NixOS flake to a remote host using nixos-rebuild"; license = licenses.mit; - maintainers = with maintainers; [ ]; platforms = platforms.unix; }; } - From df4aa25984288af4f7e15f064790bd2360ed7231 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 13 Jul 2025 19:03:02 -0300 Subject: [PATCH 109/267] bash interpolation whithin nix interpolation is hard --- packages/nixos-deploy.nix | 31 ++++++++++++++----------------- result | 1 + 2 files changed, 15 insertions(+), 17 deletions(-) create mode 120000 result diff --git a/packages/nixos-deploy.nix b/packages/nixos-deploy.nix index e9c90f2..a6d3b7a 100644 --- a/packages/nixos-deploy.nix +++ b/packages/nixos-deploy.nix @@ -1,24 +1,16 @@ { lib, stdenv, + writeShellScriptBin, nixos-rebuild, - openssh, coreutils, - gnugrep, - gawk, }: stdenv.mkDerivation rec { pname = "nixos-deploy"; version = "1.0"; - src = null; - dontUnpack = true; - - installPhase = '' - mkdir -p $out/bin - cat > $out/bin/nixos-deploy << 'EOF' - #!/usr/bin/env bash + passthru.script = writeShellScriptBin "nixos-deploy" '' set -euo pipefail LOCAL_BUILD=false @@ -89,10 +81,10 @@ stdenv.mkDerivation rec { fi if [[ "$TARGET_HOST" == *"@"* ]]; then - SSH_USER="''${TARGET_HOST%@*}" - SSH_HOST="''${TARGET_HOST#*@}" + SSH_USER=${"\${TARGET_HOST%@*}"} + SSH_HOST=${"\${TARGET_HOST#*@}"} else - SSH_USER="$("''${coreutils}/bin/whoami")" + SSH_USER="$(${coreutils}/bin/whoami)" SSH_HOST="$TARGET_HOST" fi @@ -102,7 +94,7 @@ stdenv.mkDerivation rec { GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$$" fi - REBUILD_CMD="''${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" + REBUILD_CMD="${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" if [[ "$LOCAL_BUILD" == "true" ]]; then echo -e "Building locally and deploying to remote host" @@ -118,14 +110,19 @@ stdenv.mkDerivation rec { echo -e "Running: $REBUILD_CMD" exec $REBUILD_CMD - EOF + ''; - chmod +x $out/bin/nixos-deploy + dontUnpack = true; + + installPhase = '' + mkdir -p $out/bin + cp ${passthru.script}/bin/nixos-deploy $out/bin/ ''; meta = with lib; { - description = "Tool to deploy a NixOS flake to a remote host using nixos-rebuild"; + description = "Deploy a NixOS flake to a remote host using nixos-rebuild"; license = licenses.mit; platforms = platforms.unix; + maintainers = with maintainers; [ ]; }; } diff --git a/result b/result new file mode 120000 index 0000000..b0984f3 --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/4mca2jn3fhpr86w88dnlpypdllsy9f3r-nixos-deploy-1.0 \ No newline at end of file From 406009f34067dddfa95ba961c36c137510ce3ed8 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 19 Jul 2025 15:20:35 -0300 Subject: [PATCH 110/267] Added claude-code package --- hosts/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index e3e9091..d50cb36 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -71,6 +71,7 @@ ### Dev Tools ### bat deploy-rs + claude-code fd fzf nixfmt-rfc-style From 754ece9fa26964537f2c982dc5f787a460dc720f Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Jul 2025 11:32:21 -0300 Subject: [PATCH 111/267] different dav paths --- hosts/modules/alexandria/services.nix | 36 +++++++++++++-------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 8c006df..703530e 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -94,31 +94,29 @@ in in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { "_".locations."/".return = "444"; - "dav.baduhai.dev".locations."/" = { - proxyPass = "http://127.0.0.1:${ports.radicale}"; - extraConfig = "proxy_pass_header Authorization;"; + "dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://127.0.0.1:${ports.radicale}"; + extraConfig = "proxy_pass_header Authorization;"; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/"; + extraConfig = '' + proxy_pass_header Authorization; + proxy_connect_timeout 300; # Increase timeouts for large file uploads + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; # Allow large file uploads + proxy_buffering off; # Buffer settings for better performance + proxy_request_buffering off; + ''; + }; }; "git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; - "webdav.baduhai.dev".locations."/" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/"; - extraConfig = '' - # WebDAV specific headers - proxy_pass_header Authorization; - # Increase timeouts for large file uploads - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_read_timeout 300; - # Allow large file uploads - client_max_body_size 10G; - # Buffer settings for better performance - proxy_buffering off; - proxy_request_buffering off; - ''; - }; }; }; From ee54cdecdbdbd14395959948f2ba46ca60664913 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Jul 2025 11:47:43 -0300 Subject: [PATCH 112/267] fix dav reverse proxying --- hosts/modules/alexandria/services.nix | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index 703530e..c54694c 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -96,12 +96,21 @@ in "_".locations."/".return = "444"; "dav.baduhai.dev".locations = { "/caldav" = { - proxyPass = "http://127.0.0.1:${ports.radicale}"; - extraConfig = "proxy_pass_header Authorization;"; + proxyPass = "http://127.0.0.1:${ports.radicale}/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_pass_header Authorization; + ''; }; "/webdav" = { proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/"; extraConfig = '' + proxy_set_header X-Script-Name /webdav; proxy_pass_header Authorization; proxy_connect_timeout 300; # Increase timeouts for large file uploads proxy_send_timeout 300; @@ -114,9 +123,9 @@ in }; "git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; - "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; + "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}/"; + "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}/"; + "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}/"; }; }; From aafdb8daba3336b2be792a8350675b74c2457390 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Jul 2025 11:57:20 -0300 Subject: [PATCH 113/267] remove redundant proxy configs --- hosts/modules/alexandria/services.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index c54694c..e79b4a4 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -99,11 +99,6 @@ in proxyPass = "http://127.0.0.1:${ports.radicale}/"; extraConfig = '' proxy_set_header X-Script-Name /caldav; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; proxy_pass_header Authorization; ''; }; From 2e09597dc94cc9a0781435ea2e33a15eec0a02d1 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 22 Jul 2025 12:11:51 -0300 Subject: [PATCH 114/267] base url for webdav share --- hosts/modules/alexandria/services.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index e79b4a4..b238cfd 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -49,6 +49,7 @@ let --user "$USERNAME" \ --pass "$PASSWORD" \ --config="" \ + --baseurl "/webdav" \ --verbose ''; in @@ -103,7 +104,7 @@ in ''; }; "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/"; + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; extraConfig = '' proxy_set_header X-Script-Name /webdav; proxy_pass_header Authorization; From e49cc9779fe618afe6af818802e730714c509c15 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 26 Jul 2025 19:06:50 -0300 Subject: [PATCH 115/267] removed previous attempts at deployment --- flake.lock | 82 ++----------------- flake.nix | 51 ------------ hosts/modules/services.nix | 9 --- modules/git-pull-timer.nix | 158 ------------------------------------- packages/nixos-deploy.nix | 128 ------------------------------ 5 files changed, 5 insertions(+), 423 deletions(-) delete mode 100644 modules/git-pull-timer.nix delete mode 100644 packages/nixos-deploy.nix diff --git a/flake.lock b/flake.lock index 70aca9c..4723329 100644 --- a/flake.lock +++ b/flake.lock @@ -112,28 +112,6 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs-stable" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1749105467, - "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -172,22 +150,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -203,7 +165,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "locked": { "lastModified": 1747046372, "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", @@ -241,7 +203,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -476,7 +438,7 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "nix-options-doc": "nix-options-doc", "nixpkgs": "nixpkgs_2" }, @@ -587,7 +549,6 @@ "root": { "inputs": { "agenix": "agenix", - "deploy-rs": "deploy-rs", "disko": "disko", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", @@ -628,7 +589,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", @@ -637,7 +598,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -703,21 +664,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { @@ -820,24 +766,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f465c91..119a875 100644 --- a/flake.nix +++ b/flake.nix @@ -24,11 +24,6 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - deploy-rs = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; - disko = { url = "github:nix-community/disko?ref=v1.11.0"; inputs.nixpkgs.follows = "nixpkgs-stable"; @@ -51,7 +46,6 @@ stylix, disko, agenix, - deploy-rs, nixos-cli, nix-flatpak, impermanence, @@ -83,7 +77,6 @@ nix-flatpak.nixosModules.nix-flatpak stylix.nixosModules.stylix nixos-cli.nixosModules.nixos-cli - self.nixosModules.git-pull-timer { nixpkgs.overlays = [ agenix.overlays.default @@ -143,7 +136,6 @@ overlay = final: prev: { }; workstationOverlay = final: prev: { - nixos-deploy = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/nixos-deploy.nix { }; plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; toggleaudiosink = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/toggleaudiosink.nix @@ -153,48 +145,6 @@ }; }; - deploy = { - autoRollback = true; - magicRollback = false; - nodes = { - alexandria = { - hostname = "alexandria"; - profiles = { - system = { - user = "root"; - sshUser = "root"; - remoteBuild = true; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - }; - }; - }; - - # trantor = { - # hostname = "trantor"; - # profiles = { - # system = { - # user = "root"; - # sshUser = "root"; - # remoteBuild = true; - # path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - # }; - # }; - # }; - - io = { - hostname = "io"; - profiles = { - system = { - user = "root"; - sshUser = "root"; - remoteBuild = false; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - }; - }; - }; - }; - }; - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; devShells."x86_64-linux".default = nixpkgs.legacyPackages."x86_64-linux".mkShell { @@ -206,7 +156,6 @@ nixosModules = { qbittorrent = import ./modules/qbittorrent.nix; - git-pull-timer = import ./modules/git-pull-timer.nix; }; }; } diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix index e6ca3f1..351e091 100644 --- a/hosts/modules/services.nix +++ b/hosts/modules/services.nix @@ -18,15 +18,6 @@ enable = true; settings.PermitRootLogin = "no"; }; - git-pull-timer = { - enable = true; - remoteAddresses = [ - "git@github.com:baduhai/nix-config.git" - "https://github.com/baduhai/nix-config.git" - ]; - user = "user"; - group = "users"; - }; nixos-cli = { enable = true; config = { diff --git a/modules/git-pull-timer.nix b/modules/git-pull-timer.nix deleted file mode 100644 index 69efd8b..0000000 --- a/modules/git-pull-timer.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; - -let - cfg = config.services.git-pull-timer; -in -{ - options.services.git-pull-timer = { - enable = mkEnableOption "git pull timer service"; - - onCalendar = mkOption { - type = types.listOf types.str; - default = [ "daily" ]; - description = "OnCalendar options for the timer (systemd calendar format)"; - example = [ - "hourly" - "daily" - "*:0/30" - ]; - }; - - onBoot = mkOption { - type = types.bool; - default = false; - description = "Enable OnBootSec = 5min option for the timer"; - }; - - persistent = mkOption { - type = types.bool; - default = true; - description = "Persistent option for the timer (catch up missed runs)"; - }; - - remoteAddresses = mkOption { - type = types.listOf types.str; - default = null; - description = "List of git remote addresses to try in order"; - example = [ - "git@github.com:user/repo.git" - "https://github.com/user/repo.git" - ]; - }; - - directory = mkOption { - type = types.str; - default = "/etc/nixos"; - description = "Directory where the git repository should be located"; - }; - - user = mkOption { - type = types.str; - default = null; - description = "User to run the git operations as"; - }; - - group = mkOption { - type = types.str; - default = null; - description = "Group to run the git operations as"; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.remoteAddresses != null && cfg.remoteAddresses != [ ]; - message = "services.git-pull-timer.remoteAddresses must be set and non-empty"; - } - { - assertion = cfg.user != null; - message = "services.git-pull-timer.user must be set"; - } - { - assertion = cfg.group != null; - message = "services.git-pull-timer.group must be set"; - } - ]; - - systemd.services.git-pull-timer = { - description = "Pull git repository"; - serviceConfig = { - Type = "oneshot"; - ExecStartPre = [ - "+${pkgs.coreutils}/bin/mkdir -p ${cfg.directory}" - "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.directory}" - ]; - ExecStart = pkgs.writeShellScript "git-pull-script" '' - set -e - cd ${cfg.directory} - - # Check if this is a git repository - if ! ${pkgs.git}/bin/git rev-parse --git-dir > /dev/null 2>&1; then - echo "No git repository found, attempting to clone..." - - # Try each remote address in order - success=false - ${concatMapStringsSep "\n" (addr: '' - if [ "$success" = "false" ]; then - echo "Trying to clone from: ${addr}" - if ${pkgs.git}/bin/git clone ${addr} . 2>/dev/null; then - echo "Successfully cloned from: ${addr}" - success=true - else - echo "Failed to clone from: ${addr}" - fi - fi - '') cfg.remoteAddresses} - - if [ "$success" = "false" ]; then - echo "All clone attempts failed" - exit 1 - fi - else - echo "Git repository exists, pulling updates..." - - # Check if there are unstaged changes - if ! ${pkgs.git}/bin/git diff --quiet; then - echo "Unstaged changes detected, stashing..." - ${pkgs.git}/bin/git stash push -m "Auto-stash before pull $(date)" - fi - - # Check if there are staged changes - if ! ${pkgs.git}/bin/git diff --cached --quiet; then - echo "Staged changes detected, pulling with rebase..." - ${pkgs.git}/bin/git pull --rebase - else - echo "No staged changes, doing regular pull..." - ${pkgs.git}/bin/git pull - fi - fi - ''; - User = cfg.user; - Group = cfg.group; - }; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - }; - - systemd.timers.git-pull-timer = { - description = "Timer for git pull service"; - timerConfig = - { - OnCalendar = cfg.onCalendar; - Persistent = cfg.persistent; - } - // optionalAttrs cfg.onBoot { - OnBootSec = "5min"; - }; - wantedBy = [ "timers.target" ]; - }; - }; -} diff --git a/packages/nixos-deploy.nix b/packages/nixos-deploy.nix deleted file mode 100644 index a6d3b7a..0000000 --- a/packages/nixos-deploy.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - stdenv, - writeShellScriptBin, - nixos-rebuild, - coreutils, -}: - -stdenv.mkDerivation rec { - pname = "nixos-deploy"; - version = "1.0"; - - passthru.script = writeShellScriptBin "nixos-deploy" '' - set -euo pipefail - - LOCAL_BUILD=false - ACTION="switch" - FLAKE_URI="" - TARGET_HOST="" - SSH_USER="" - SSH_HOST="" - - show_usage() { - echo -e "Usage: nixos-deploy [--local-build] [--boot] [user@]host" - echo "" - echo -e "Arguments:" - echo " flake-uri Flake URI (e.g., .#hostname)" - echo " [user@]host Target host, optionally with user" - echo "" - echo -e "Options:" - echo " --local-build Build locally instead of on remote" - echo " --boot Use 'boot' instead of 'switch' action" - echo "" - echo -e "Examples:" - echo " nixos-deploy .#hostname user@192.168.1.10" - echo " nixos-deploy --local-build .#hostname 192.168.1.10" - echo " nixos-deploy --boot .#hostname 192.168.1.10" - echo " nixos-deploy .#hostname 192.168.1.10 # uses current user" - exit 1 - } - - while [[ $# -gt 0 ]]; do - case $1 in - --local-build) - LOCAL_BUILD=true - shift - ;; - --boot) - ACTION="boot" - shift - ;; - --help|-h) - show_usage - ;; - -*) - echo -e "Unknown option: $1" - show_usage - ;; - *) - if [[ -z "$FLAKE_URI" ]]; then - FLAKE_URI="$1" - elif [[ -z "$TARGET_HOST" ]]; then - TARGET_HOST="$1" - else - echo -e "Too many arguments" - show_usage - fi - shift - ;; - esac - done - - if [[ -z "$FLAKE_URI" ]]; then - echo -e "flake-uri is required" - show_usage - fi - - if [[ -z "$TARGET_HOST" ]]; then - echo -e "target host is required" - show_usage - fi - - if [[ "$TARGET_HOST" == *"@"* ]]; then - SSH_USER=${"\${TARGET_HOST%@*}"} - SSH_HOST=${"\${TARGET_HOST#*@}"} - else - SSH_USER="$(${coreutils}/bin/whoami)" - SSH_HOST="$TARGET_HOST" - fi - - echo "Deploying $FLAKE_URI to $SSH_HOST as user $SSH_USER (action: $ACTION)" - - if [[ "$LOCAL_BUILD" != "true" ]]; then - GC_ROOT_PATH="/tmp/nixos-deploy-$SSH_HOST-$$" - fi - - REBUILD_CMD="${nixos-rebuild}/bin/nixos-rebuild $ACTION --flake $FLAKE_URI --target-host $TARGET_HOST" - - if [[ "$LOCAL_BUILD" == "true" ]]; then - echo -e "Building locally and deploying to remote host" - else - REBUILD_CMD="$REBUILD_CMD --build-host $SSH_HOST" - echo -e "Building on remote host" - fi - - if [[ "$SSH_USER" != "root" ]]; then - REBUILD_CMD="$REBUILD_CMD --use-remote-sudo" - echo -e "Using remote sudo for non-root user" - fi - - echo -e "Running: $REBUILD_CMD" - exec $REBUILD_CMD - ''; - - dontUnpack = true; - - installPhase = '' - mkdir -p $out/bin - cp ${passthru.script}/bin/nixos-deploy $out/bin/ - ''; - - meta = with lib; { - description = "Deploy a NixOS flake to a remote host using nixos-rebuild"; - license = licenses.mit; - platforms = platforms.unix; - maintainers = with maintainers; [ ]; - }; -} From 3bd1babf331094fa801324c16bfcd233365bd1fd Mon Sep 17 00:00:00 2001 From: William Date: Sat, 26 Jul 2025 22:52:32 -0300 Subject: [PATCH 116/267] finish removing previous deploy attempts --- hosts/modules/alexandria/services.nix | 5 ----- hosts/modules/programs.nix | 2 -- 2 files changed, 7 deletions(-) diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index b238cfd..7de15d5 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -221,10 +221,5 @@ in chmod 755 /data/webdav ''; }; - # TODO: remove when bug fix - # serokell/deploy-rs/issues/57 - # NixOS/nixpkgs/issues/180175 - # Workaround for upstream bug in NetworkManager-wait-online.service - NetworkManager-wait-online.enable = false; }; } diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index d50cb36..0d943e8 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -70,7 +70,6 @@ [ ### Dev Tools ### bat - deploy-rs claude-code fd fzf @@ -112,7 +111,6 @@ kde-rounded-corners libfido2 mission-center - nixos-deploy p7zip qbittorrent quickemu From 5c13eb7c98b6bef4169167a105da77655b3b4cff Mon Sep 17 00:00:00 2001 From: William Date: Sat, 26 Jul 2025 22:52:51 -0300 Subject: [PATCH 117/267] outputs are now generally architecture agnostic --- flake.nix | 52 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/flake.nix b/flake.nix index 119a875..9b13d69 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,22 @@ impermanence, ... }: + let + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + forAllSystems = nixpkgs.lib.genAttrs systems; + forAllSystemsWithPkgs = + f: + forAllSystems ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + f system pkgs + ); + in { nixosConfigurations = let @@ -132,28 +148,38 @@ }; }; + devShells = forAllSystemsWithPkgs ( + system: pkgs: { + default = pkgs.mkShell { + packages = with pkgs; [ + nil + nixfmt-rfc-style + ]; + }; + } + ); + + packages = forAllSystemsWithPkgs ( + system: pkgs: + { + toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + } + // nixpkgs.lib.optionalAttrs (system == "x86_64-linux") { + plasticity = pkgs.callPackage ./packages/plasticity.nix { }; + } + ); + overlays = { overlay = final: prev: { }; workstationOverlay = final: prev: { - plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; - toggleaudiosink = - nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/toggleaudiosink.nix - { }; + plasticity = self.packages.${final.system}.plasticity; + toggleaudiosink = self.packages.${final.system}.toggleaudiosink; }; serverOverlay = final: prev: { }; }; - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; - - devShells."x86_64-linux".default = nixpkgs.legacyPackages."x86_64-linux".mkShell { - packages = with nixpkgs.legacyPackages."x86_64-linux"; [ - nil - nixfmt-rfc-style - ]; - }; - nixosModules = { qbittorrent = import ./modules/qbittorrent.nix; }; From 6cdbee137956e13e25a937de5c6a3879e94f64d0 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 26 Jul 2025 22:57:28 -0300 Subject: [PATCH 118/267] remove result --- .gitignore | 1 + result | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 120000 result diff --git a/.gitignore b/.gitignore index 21fb0b6..2a47a91 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ result/ +result .direnv/ .pre-commit-config.yaml diff --git a/result b/result deleted file mode 120000 index b0984f3..0000000 --- a/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/4mca2jn3fhpr86w88dnlpypdllsy9f3r-nixos-deploy-1.0 \ No newline at end of file From ff9eb3b6facd8818dbc7b67263c9ee63d573cfcc Mon Sep 17 00:00:00 2001 From: William Date: Sun, 3 Aug 2025 20:44:23 -0300 Subject: [PATCH 119/267] ephermal systemd unit is now for host agnostic; moved io to disko disk management --- hosts/modules/ephermal.nix | 64 +++++++++ hosts/modules/io/ephermal.nix | 44 ------- hosts/modules/io/hardware-configuration.nix | 139 +++++++++++++------- hosts/modules/rotterdam/ephermal.nix | 45 ------- 4 files changed, 152 insertions(+), 140 deletions(-) create mode 100644 hosts/modules/ephermal.nix delete mode 100644 hosts/modules/io/ephermal.nix delete mode 100644 hosts/modules/rotterdam/ephermal.nix diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix new file mode 100644 index 0000000..ff22557 --- /dev/null +++ b/hosts/modules/ephermal.nix @@ -0,0 +1,64 @@ +{ + hostType, + lib, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount /dev/mapper/cryptroot /btrfs_tmp + + if [[ -e /btrfs_tmp/@root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/@root + umount /btrfs_tmp + ''; + }; + }) + ]; +} diff --git a/hosts/modules/io/ephermal.nix b/hosts/modules/io/ephermal.nix deleted file mode 100644 index 9ab97f2..0000000 --- a/hosts/modules/io/ephermal.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f /btrfs_tmp - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; -} diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/modules/io/hardware-configuration.nix index 020240f..7d73811 100644 --- a/hosts/modules/io/hardware-configuration.nix +++ b/hosts/modules/io/hardware-configuration.nix @@ -17,59 +17,10 @@ "sd_mod" "sdhci_pci" ]; - luks.devices."enc" = { - device = "/dev/disk/by-uuid/8018720e-42dd-453c-b374-adaa02eb48c9"; - keyFile = "/dev/disk/by-partuuid/cbc7e305-d32d-4250-b6ae-6a8264ea096e"; - }; }; kernelModules = [ "kvm-intel" ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; - fsType = "btrfs"; - options = [ - "subvol=@root" - "noatime" - "compress=zstd" - ]; - }; - "/home" = { - device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; - fsType = "btrfs"; - options = [ - "subvol=@home" - "noatime" - "compress=zstd" - ]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; - fsType = "btrfs"; - options = [ - "subvol=@nix" - "noatime" - "compress=zstd" - ]; - }; - "/persistent" = { - device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; - fsType = "btrfs"; - options = [ - "subvol=@persistent" - "noatime" - "compress=zstd" - ]; - }; - "/boot/efi" = { - device = "/dev/disk/by-uuid/31C9-08FF"; - fsType = "vfat"; - options = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; + luks.devices.cryptroot = { + device = "/dev/mmcblk1p3"; }; }; @@ -85,4 +36,90 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/mmcblk1"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + swap = { + priority = 2; + name = "swap"; + size = "12G"; + content = { + type = "swap"; + }; + }; + cryptroot = { + priority = 3; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; } diff --git a/hosts/modules/rotterdam/ephermal.nix b/hosts/modules/rotterdam/ephermal.nix deleted file mode 100644 index 8e9c708..0000000 --- a/hosts/modules/rotterdam/ephermal.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8 /btrfs_tmp - - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; -} From 020e3625923a978405f9e2c588a5f06647651bf1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 3 Aug 2025 20:47:22 -0300 Subject: [PATCH 120/267] removed old ephermal.nix metions and added new one --- hosts/modules/default.nix | 1 + hosts/modules/io/default.nix | 1 - hosts/modules/rotterdam/default.nix | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 1dbed53..64c4aef 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -5,6 +5,7 @@ ./boot.nix ./console.nix ./desktop.nix + ./ephermal.nix ./impermanence.nix ./locale.nix ./networking.nix diff --git a/hosts/modules/io/default.nix b/hosts/modules/io/default.nix index aac6e12..5975294 100644 --- a/hosts/modules/io/default.nix +++ b/hosts/modules/io/default.nix @@ -3,7 +3,6 @@ { imports = [ ./boot.nix - ./ephermal.nix ./hardware-configuration.nix ./programs.nix ./services.nix diff --git a/hosts/modules/rotterdam/default.nix b/hosts/modules/rotterdam/default.nix index 6671420..0bc2cc8 100644 --- a/hosts/modules/rotterdam/default.nix +++ b/hosts/modules/rotterdam/default.nix @@ -3,7 +3,6 @@ { imports = [ ./boot.nix - ./ephermal.nix ./hardware-configuration.nix ./hardware.nix ./programs.nix From 4d27ab9902910906a3dfd03e2b341c0afb5f42aa Mon Sep 17 00:00:00 2001 From: William Date: Mon, 4 Aug 2025 10:13:13 -0300 Subject: [PATCH 121/267] use disk id instead of mmcblk --- hosts/modules/io/hardware-configuration.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/modules/io/hardware-configuration.nix index 7d73811..4497d99 100644 --- a/hosts/modules/io/hardware-configuration.nix +++ b/hosts/modules/io/hardware-configuration.nix @@ -19,9 +19,6 @@ ]; }; kernelModules = [ "kvm-intel" ]; - luks.devices.cryptroot = { - device = "/dev/mmcblk1p3"; - }; }; zramSwap = { @@ -41,7 +38,7 @@ disk = { main = { type = "disk"; - device = "/dev/mmcblk1"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; content = { type = "gpt"; partitions = { From 5c65c5308c0b5745affea26bbb8e6b2c81398445 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 5 Aug 2025 17:05:10 -0300 Subject: [PATCH 122/267] add cisco packet tracer package --- hosts/modules/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 0d943e8..dc5bc11 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -70,6 +70,7 @@ [ ### Dev Tools ### bat + ciscoPacketTracer8 claude-code fd fzf From 4858d0745f07ebbdb880c6285a5ae22ac4f4d35b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 6 Aug 2025 17:32:56 -0300 Subject: [PATCH 123/267] no swap partition on io --- hosts/modules/io/hardware-configuration.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/modules/io/hardware-configuration.nix index 4497d99..8a71aca 100644 --- a/hosts/modules/io/hardware-configuration.nix +++ b/hosts/modules/io/hardware-configuration.nix @@ -59,14 +59,6 @@ ]; }; }; - swap = { - priority = 2; - name = "swap"; - size = "12G"; - content = { - type = "swap"; - }; - }; cryptroot = { priority = 3; name = "root"; From 9fe6c75d0a9f895e0ca37b96493f3e2e060f171b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 6 Aug 2025 17:53:49 -0300 Subject: [PATCH 124/267] moved disko config out of hardware-config --- hosts/modules/io/default.nix | 1 + hosts/modules/io/disko.nix | 81 +++++++++++++++++++ hosts/modules/io/hardware-configuration.nix | 78 ------------------ hosts/modules/trantor/default.nix | 1 + hosts/modules/trantor/disko.nix | 34 ++++++++ .../trantor/hardware-configuration.nix | 31 ------- 6 files changed, 117 insertions(+), 109 deletions(-) create mode 100644 hosts/modules/io/disko.nix create mode 100644 hosts/modules/trantor/disko.nix diff --git a/hosts/modules/io/default.nix b/hosts/modules/io/default.nix index 5975294..fb244cc 100644 --- a/hosts/modules/io/default.nix +++ b/hosts/modules/io/default.nix @@ -3,6 +3,7 @@ { imports = [ ./boot.nix + ./disko.nix ./hardware-configuration.nix ./programs.nix ./services.nix diff --git a/hosts/modules/io/disko.nix b/hosts/modules/io/disko.nix new file mode 100644 index 0000000..17cdbcd --- /dev/null +++ b/hosts/modules/io/disko.nix @@ -0,0 +1,81 @@ +{ ... }: + +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 3; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/modules/io/hardware-configuration.nix index 8a71aca..56f0d0d 100644 --- a/hosts/modules/io/hardware-configuration.nix +++ b/hosts/modules/io/hardware-configuration.nix @@ -33,82 +33,4 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 3; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; } diff --git a/hosts/modules/trantor/default.nix b/hosts/modules/trantor/default.nix index 39a5b9e..9bdb292 100644 --- a/hosts/modules/trantor/default.nix +++ b/hosts/modules/trantor/default.nix @@ -3,6 +3,7 @@ { imports = [ ./boot.nix + ./disko.nix ./hardware-configuration.nix ./networking.nix ]; diff --git a/hosts/modules/trantor/disko.nix b/hosts/modules/trantor/disko.nix new file mode 100644 index 0000000..1b2b66c --- /dev/null +++ b/hosts/modules/trantor/disko.nix @@ -0,0 +1,34 @@ +{ ... }: + +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/modules/trantor/hardware-configuration.nix b/hosts/modules/trantor/hardware-configuration.nix index 6f36ffa..d5cc31f 100644 --- a/hosts/modules/trantor/hardware-configuration.nix +++ b/hosts/modules/trantor/hardware-configuration.nix @@ -24,35 +24,4 @@ networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; } From 18a1c58ed38a4c68c77ee7f5b8c40c40f055e7d7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 6 Aug 2025 19:42:33 -0300 Subject: [PATCH 125/267] fix io disk priority --- hosts/modules/io/disko.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/io/disko.nix b/hosts/modules/io/disko.nix index 17cdbcd..3dc3b31 100644 --- a/hosts/modules/io/disko.nix +++ b/hosts/modules/io/disko.nix @@ -27,7 +27,7 @@ }; }; cryptroot = { - priority = 3; + priority = 2; name = "root"; size = "100%"; content = { From 2f150d08c1ed976e9a2f365104a25dc294df643d Mon Sep 17 00:00:00 2001 From: William Date: Wed, 6 Aug 2025 19:42:45 -0300 Subject: [PATCH 126/267] trantor define disk by id --- hosts/modules/trantor/disko.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/trantor/disko.nix b/hosts/modules/trantor/disko.nix index 1b2b66c..a535e47 100644 --- a/hosts/modules/trantor/disko.nix +++ b/hosts/modules/trantor/disko.nix @@ -5,7 +5,7 @@ disk = { main = { type = "disk"; - device = "/dev/sda"; + device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b"; content = { type = "gpt"; partitions = { From 18392317e58020fb309173baebcf13e9b2fc1a6c Mon Sep 17 00:00:00 2001 From: William Date: Mon, 11 Aug 2025 20:35:57 -0300 Subject: [PATCH 127/267] new terminal emulator --- hosts/modules/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index dc5bc11..667ed03 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -106,7 +106,6 @@ protonup ### System Utilities ### adwaita-icon-theme - alacritty junction kara kde-rounded-corners @@ -117,6 +116,7 @@ quickemu quickgui rclone + sakura steam-run toggleaudiosink unrar From 584ee8af2382f77094ae4e2dadfb527e8ae5c403 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 11 Aug 2025 20:42:07 -0300 Subject: [PATCH 128/267] actually remove alacrity now --- users/modules/programs.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/users/modules/programs.nix b/users/modules/programs.nix index bb5b2aa..24d5ccd 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -94,17 +94,6 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { - programs.alacritty = { - enable = true; - settings = { - window = { - padding = { - x = 8; - y = 8; - }; - }; - }; - }; }) ]; } From d1851d8299320d869782dcaf131554fa9d6e083f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 15 Aug 2025 16:12:05 -0300 Subject: [PATCH 129/267] sakura --> rio; helix --> evil-helix --- hosts/modules/programs.nix | 4 +++- users/modules/programs.nix | 18 +++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 667ed03..b79042d 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -28,6 +28,9 @@ neofetch = "${pkgs.fastfetch}/bin/fastfetch"; tree = "ls --tree"; syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; + vi = "${pkgs.evil-helix}/bin/hx"; + vim = "${pkgs.evil-helix}/bin/hx"; + nvim = "${pkgs.evil-helix}/bin/hx"; }; }; @@ -116,7 +119,6 @@ quickemu quickgui rclone - sakura steam-run toggleaudiosink unrar diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 24d5ccd..90231a2 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -24,6 +24,7 @@ helix = { enable = true; + package = pkgs.evil-helix; settings = { editor = { file-picker.hidden = false; @@ -39,14 +40,7 @@ indent-guides.render = true; }; keys.normal.space = { - space = "file_picker"; - w = ":w"; - q = ":q"; o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; }; }; }; @@ -94,6 +88,16 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { + programs.rio = { + enable = true; + settings = { + padding-x = 8; + padding-y = [ + 8 + 8 + ]; + }; + }; }) ]; } From e0183a83003c1d610b7c84cc4db30b43e7ae4685 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 15 Aug 2025 16:16:20 -0300 Subject: [PATCH 130/267] rio: no x padding --- users/modules/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 90231a2..8bccdf7 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -91,7 +91,6 @@ programs.rio = { enable = true; settings = { - padding-x = 8; padding-y = [ 8 8 From bcfa8465bfe01d0b01e86a64854a6cf527e9744c Mon Sep 17 00:00:00 2001 From: William Date: Fri, 15 Aug 2025 18:03:21 -0300 Subject: [PATCH 131/267] rio: default size --- users/modules/programs.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 8bccdf7..0bcb875 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -91,10 +91,10 @@ programs.rio = { enable = true; settings = { - padding-y = [ - 8 - 8 - ]; + window = { + width = 1121; + height = 633; + }; }; }; }) From 4f95d87d7be83f8cb5ee4d321bc6d9d87842c593 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 16 Aug 2025 18:56:07 -0300 Subject: [PATCH 132/267] added glow pkg --- hosts/modules/programs.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index b79042d..2249baf 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -14,7 +14,6 @@ ### Dev Tools ### agenix git - helix ### System Utilities ### btop nixos-firewall-tool @@ -27,7 +26,6 @@ ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; neofetch = "${pkgs.fastfetch}/bin/fastfetch"; tree = "ls --tree"; - syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; vi = "${pkgs.evil-helix}/bin/hx"; vim = "${pkgs.evil-helix}/bin/hx"; nvim = "${pkgs.evil-helix}/bin/hx"; @@ -77,6 +75,7 @@ claude-code fd fzf + glow nixfmt-rfc-style nix-init nix-output-monitor From 8bb3b0e4c850b03e4664e88c04c326fb5c18deff Mon Sep 17 00:00:00 2001 From: William Date: Sun, 17 Aug 2025 09:43:48 -0300 Subject: [PATCH 133/267] no more evil-helix --- users/modules/programs.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 0bcb875..6d52771 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -24,7 +24,6 @@ helix = { enable = true; - package = pkgs.evil-helix; settings = { editor = { file-picker.hidden = false; @@ -40,7 +39,14 @@ indent-guides.render = true; }; keys.normal.space = { + space = "file_picker"; + w = ":w"; + q = ":q"; o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; }; }; }; From 07f1ad1617990b879d0fe5d843400a96334ac30b Mon Sep 17 00:00:00 2001 From: William Date: Sun, 17 Aug 2025 17:50:44 -0300 Subject: [PATCH 134/267] pkgs remove: claude-code, beeper --- hosts/modules/programs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 2249baf..7a8f66b 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -72,7 +72,6 @@ ### Dev Tools ### bat ciscoPacketTracer8 - claude-code fd fzf glow @@ -81,7 +80,6 @@ nix-output-monitor ripgrep ### Internet Browsers & Communication ### - beeper brave tor-browser vesktop From 27f0dfa43838cbb4717cfae7b4efd1e651839f7b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 20 Aug 2025 14:03:54 -0300 Subject: [PATCH 135/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf?narHash=sha256-9P1FziAwl5%2B3edkfFcr5HeGtQUtrSdk/MksX39GieoA%3D' (2025-06-17) → 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d?narHash=sha256-NA/FT2hVhKDftbHSwVnoRTFhes62%2B7dxZbxj5Gxvghs%3D' (2025-08-05) • Updated input 'home-manager': 'github:nix-community/home-manager/9347c61bc0cbed0d2062b930144c2cbd557f9189?narHash=sha256-eX6wMGQjaTzedR6lz2IpEnAMgLcuQLQezBJNil7yG3s%3D' (2025-07-02) → 'github:nix-community/home-manager/dd026d86420781e84d0732f2fa28e1c051117b59?narHash=sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM%3D' (2025-08-19) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/501cfec8277f931a9c9af9f23d3105c537faeafe?narHash=sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA%3D' (2025-07-02) → 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27) • Updated input 'nix-flatpak': 'github:gmodena/nix-flatpak/59adb9ad1cbd915494fc35cd0e0a9d582ca9de74?narHash=sha256-oOYrnKStMsOXST%2BwKnzuSZ49h8Dr1Q3mIn2f5Kb5GAw%3D' (2025-06-30) → 'github:gmodena/nix-flatpak/62f636b87ef6050760a8cb325cadb90674d1e23e?narHash=sha256-0bBqT%2B3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs%3D' (2025-08-09) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/c2778572d75bc27ae2234653c5ce9489930d0c7d?narHash=sha256-ksd2Gu1JpKU3rKvbkpiUlrkY72M8VAln1w4W7pj77WQ%3D' (2025-07-12) → 'github:nix-community/nixos-cli/f1d16001cb2f32d61cd49e527d111c43c457e629?narHash=sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg%3D' (2025-08-18) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/c860cf0b3a0829f0f6cf344ca8de83a2bbfab428?narHash=sha256-4E7wWftF1ExK5ZEDzj41%2B9mVgxtuRV3wWCId7QAYMAU%3D' (2025-07-04) → 'github:NixOS/nixpkgs/8679b16e11becd487b45d568358ddf9d5640d860?narHash=sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7%2BTa4KA%2BBmneDA%3D' (2025-07-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3016b4b15d13f3089db8a41ef937b13a9e33a8df?narHash=sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU%2Btt4YY%3D' (2025-06-30) → 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/b43c397f6c213918d6cfe6e3550abfe79b5d1c51?narHash=sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y%3D' (2025-06-29) → 'github:nixos/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19) • Updated input 'stylix': 'github:danth/stylix/3f71d154867b457adbef04b4982e78b5dc225e62?narHash=sha256-fzU40SfJxDQlsWabd7ApiGiJHJVLe%2BvjCm8JtJU9mwc%3D' (2025-07-02) → 'github:danth/stylix/2355da455d7188228aaf20ac16ea9386e5aa6f0c?narHash=sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ%3D' (2025-08-20) • Updated input 'stylix/base16-helix': 'github:tinted-theming/base16-helix/6c711ab1a9db6f51e2f6887cc3345530b33e152e?narHash=sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm%2Bg%3D' (2025-05-28) → 'github:tinted-theming/base16-helix/27cf1e66e50abc622fb76a3019012dc07c678fac?narHash=sha256-0CQM%2BFkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM%3D' (2025-07-20) • Removed input 'stylix/flake-compat' • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01) → 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5?narHash=sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ%3D' (2025-07-01) • Removed input 'stylix/git-hooks' • Removed input 'stylix/git-hooks/flake-compat' • Removed input 'stylix/git-hooks/gitignore' • Removed input 'stylix/git-hooks/gitignore/nixpkgs' • Removed input 'stylix/git-hooks/nixpkgs' • Removed input 'stylix/home-manager' • Removed input 'stylix/home-manager/nixpkgs' • Updated input 'stylix/nur': 'github:nix-community/NUR/2c0bc52fe14681e9ef60e3553888c4f086e46ecb?narHash=sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0%3D' (2025-05-31) → 'github:nix-community/NUR/ddb679f4131e819efe3bbc6457ba19d7ad116f25?narHash=sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw%3D' (2025-07-07) • Removed input 'stylix/nur/treefmt-nix' • Removed input 'stylix/nur/treefmt-nix/nixpkgs' • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/87d652edd26f5c0c99deda5ae13dfb8ece2ffe31?narHash=sha256-7n0XiZiEHl2zRhDwZd/g%2Bp38xwEoWtT0/aESwTMXWG4%3D' (2025-05-25) → 'github:tinted-theming/schemes/5a775c6ffd6e6125947b393872cde95867d85a2a?narHash=sha256-LI%2BBnRoFNRa2ffbe3dcuIRYAUcGklBx0%2BEcFxlHj0SY%3D' (2025-06-24) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/57d5f9683ff9a3b590643beeaf0364da819aedda?narHash=sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4%3D' (2025-06-01) → 'github:tinted-theming/tinted-tmux/bded5e24407cec9d01bd47a317d15b9223a1546c?narHash=sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE%3D' (2025-06-29) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/122c9e5c0e6f27211361a04fae92df97940eccf9?narHash=sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4%3D' (2024-09-08) → 'github:tinted-theming/base16-zed/86a470d94204f7652b906ab0d378e4231a5b3384?narHash=sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR%2BC98jX8%3D' (2025-06-29) --- flake.lock | 202 ++++++++++++----------------------------------------- 1 file changed, 46 insertions(+), 156 deletions(-) diff --git a/flake.lock b/flake.lock index 4723329..44d74f1 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -60,11 +60,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1748408240, - "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", "type": "github" }, "original": { @@ -165,21 +165,6 @@ "type": "github" } }, - "flake-compat_2": { - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -188,11 +173,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -235,54 +220,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "stylix", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "stylix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gnome-shell": { "flake": false, "locked": { @@ -328,11 +265,11 @@ ] }, "locked": { - "lastModified": 1751468302, - "narHash": "sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "501cfec8277f931a9c9af9f23d3105c537faeafe", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -349,11 +286,11 @@ ] }, "locked": { - "lastModified": 1751476662, - "narHash": "sha256-eX6wMGQjaTzedR6lz2IpEnAMgLcuQLQezBJNil7yG3s=", + "lastModified": 1755625756, + "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", "owner": "nix-community", "repo": "home-manager", - "rev": "9347c61bc0cbed0d2062b930144c2cbd557f9189", + "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", "type": "github" }, "original": { @@ -363,27 +300,6 @@ "type": "github" } }, - "home-manager_3": { - "inputs": { - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751146119, - "narHash": "sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "76d0c31fce2aa0c71409de953e2f9113acd5b656", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -401,11 +317,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1751276396, - "narHash": "sha256-oOYrnKStMsOXST+wKnzuSZ49h8Dr1Q3mIn2f5Kb5GAw=", + "lastModified": 1754777568, + "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "59adb9ad1cbd915494fc35cd0e0a9d582ca9de74", + "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e", "type": "github" }, "original": { @@ -443,11 +359,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1752359519, - "narHash": "sha256-ksd2Gu1JpKU3rKvbkpiUlrkY72M8VAln1w4W7pj77WQ=", + "lastModified": 1755531224, + "narHash": "sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "c2778572d75bc27ae2234653c5ce9489930d0c7d", + "rev": "f1d16001cb2f32d61cd49e527d111c43c457e629", "type": "github" }, "original": { @@ -474,11 +390,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1751211869, - "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", + "lastModified": 1755593991, + "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", + "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", "type": "github" }, "original": { @@ -490,11 +406,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751625545, - "narHash": "sha256-4E7wWftF1ExK5ZEDzj41+9mVgxtuRV3wWCId7QAYMAU=", + "lastModified": 1753934836, + "narHash": "sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7+Ta4KA+BmneDA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c860cf0b3a0829f0f6cf344ca8de83a2bbfab428", + "rev": "8679b16e11becd487b45d568358ddf9d5640d860", "type": "github" }, "original": { @@ -506,11 +422,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -529,15 +445,14 @@ "nixpkgs": [ "stylix", "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1748730660, - "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", + "lastModified": 1751906969, + "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", "owner": "nix-community", "repo": "NUR", - "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", + "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", "type": "github" }, "original": { @@ -589,11 +504,8 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "home-manager": "home-manager_3", "nixpkgs": [ "nixpkgs" ], @@ -606,11 +518,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1751478235, - "narHash": "sha256-fzU40SfJxDQlsWabd7ApiGiJHJVLe+vjCm8JtJU9mwc=", + "lastModified": 1755708361, + "narHash": "sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ=", "owner": "danth", "repo": "stylix", - "rev": "3f71d154867b457adbef04b4982e78b5dc225e62", + "rev": "2355da455d7188228aaf20ac16ea9386e5aa6f0c", "type": "github" }, "original": { @@ -700,11 +612,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1748180480, - "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", + "lastModified": 1750770351, + "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", "owner": "tinted-theming", "repo": "schemes", - "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", + "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", "type": "github" }, "original": { @@ -716,11 +628,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1748740859, - "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", + "lastModified": 1751159871, + "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", + "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", "type": "github" }, "original": { @@ -732,11 +644,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1725758778, - "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", + "lastModified": 1751158968, + "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", + "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", "type": "github" }, "original": { @@ -744,28 +656,6 @@ "repo": "base16-zed", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "stylix", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From b4a8a9f7acedbf2cf7b8c903a6932ca13d540a4d Mon Sep 17 00:00:00 2001 From: William Date: Wed, 20 Aug 2025 16:13:16 -0300 Subject: [PATCH 136/267] helix: remove redundant hotkeys; pkgs: add yazi, lazygit, remove insecure cicsopackettracer --- hosts/modules/programs.nix | 4 +++- users/modules/programs.nix | 17 ++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 7a8f66b..f0871d5 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -21,6 +21,7 @@ sysz tmux wget + yazi ]; shellAliases = { ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; @@ -71,7 +72,8 @@ [ ### Dev Tools ### bat - ciscoPacketTracer8 + lazygit + # ciscoPacketTracer8 fd fzf glow diff --git a/users/modules/programs.nix b/users/modules/programs.nix index 6d52771..c18c17f 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -38,15 +38,14 @@ auto-format = true; indent-guides.render = true; }; - keys.normal.space = { - space = "file_picker"; - w = ":w"; - q = ":q"; - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; }; }; }; From 3d460879d87965f834a42779f31a50e3e40fe496 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 2 Sep 2025 19:00:06 -0300 Subject: [PATCH 137/267] preserve lxd across reboots --- hosts/modules/impermanence.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix index b2182a6..7ce822f 100644 --- a/hosts/modules/impermanence.nix +++ b/hosts/modules/impermanence.nix @@ -30,6 +30,7 @@ "/etc/nixos" "/var/lib/bluetooth" "/var/lib/flatpak" + "/var/lib/lxd" "/var/lib/nixos" "/var/lib/systemd/coredump" "/var/lib/systemd/timers" From 563d9bdbe131ac2e9864c8ad7507a1c95ca829d8 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 6 Sep 2025 16:00:09 -0300 Subject: [PATCH 138/267] pkgs: added bitwarden-desktop --- hosts/modules/programs.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index f0871d5..c1fe6a9 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -73,7 +73,6 @@ ### Dev Tools ### bat lazygit - # ciscoPacketTracer8 fd fzf glow @@ -81,9 +80,11 @@ nix-init nix-output-monitor ripgrep - ### Internet Browsers & Communication ### + ### Web ### + bitwarden-desktop brave tor-browser + qbittorrent vesktop ### Office & Productivity ### aspell @@ -114,7 +115,6 @@ libfido2 mission-center p7zip - qbittorrent quickemu quickgui rclone From 837f78e58fa77237760ced37a76f75b673de9f08 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 6 Sep 2025 16:11:59 -0300 Subject: [PATCH 139/267] removed lxd; added virt-manager --- hosts/modules/programs.nix | 1 + hosts/modules/users.nix | 1 - hosts/modules/virtualisation.nix | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index c1fe6a9..8b21c82 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -144,6 +144,7 @@ enable = true; extraCompatPackages = [ pkgs.proton-ge-bin ]; }; + virt-manager.enable = true; dconf.enable = true; nix-ld.enable = true; kdeconnect.enable = true; diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix index e463781..68ac26a 100644 --- a/hosts/modules/users.nix +++ b/hosts/modules/users.nix @@ -16,7 +16,6 @@ shell = pkgs.fish; extraGroups = [ "networkmanager" - "docker" "wheel" ]; openssh.authorizedKeys.keys = [ diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix index 232459a..e55a267 100644 --- a/hosts/modules/virtualisation.nix +++ b/hosts/modules/virtualisation.nix @@ -31,7 +31,6 @@ (lib.mkIf hostType.isWorkstation { virtualisation = { libvirtd.enable = true; - lxd.enable = true; }; }) ]; From 09915144d60af35f9da399f2f3827b99be036f14 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 6 Sep 2025 16:20:08 -0300 Subject: [PATCH 140/267] remove guickemu --- hosts/modules/programs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index 8b21c82..ebb43fc 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -115,8 +115,6 @@ libfido2 mission-center p7zip - quickemu - quickgui rclone steam-run toggleaudiosink From 92a06e984b8288a3a90e4a4ac821decf15c67737 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 9 Oct 2025 21:55:55 -0300 Subject: [PATCH 141/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/dd026d86420781e84d0732f2fa28e1c051117b59?narHash=sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM%3D' (2025-08-19) → 'github:nix-community/home-manager/5d61767c8dee7f9c66991335795dbca9e801c25a?narHash=sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr%2BjigYR9p4GS0tME%3D' (2025-10-09) • Updated input 'home-manager-stable': 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27) → 'github:nix-community/home-manager/3b955f5f0a942f9f60cdc9cacb7844335d0f21c3?narHash=sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA%3D' (2025-09-21) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/f1d16001cb2f32d61cd49e527d111c43c457e629?narHash=sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg%3D' (2025-08-18) → 'github:nix-community/nixos-cli/437b586743c3d06b0a72893097395b10e70a2b7b?narHash=sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg%3D' (2025-10-07) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/8679b16e11becd487b45d568358ddf9d5640d860?narHash=sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7%2BTa4KA%2BBmneDA%3D' (2025-07-31) → 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) → 'github:nixos/nixpkgs/c9b6fb798541223bbb396d287d16f43520250518?narHash=sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH%2B47XEBo%3D' (2025-10-07) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19) → 'github:nixos/nixpkgs/20c4598c84a671783f741e02bf05cbfaf4907cff?narHash=sha256-a0%2Bh02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0%3D' (2025-10-06) • Updated input 'stylix': 'github:danth/stylix/2355da455d7188228aaf20ac16ea9386e5aa6f0c?narHash=sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ%3D' (2025-08-20) → 'github:danth/stylix/09022804b2bcd217f3a41a644d26b23d30375d12?narHash=sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc%3D' (2025-10-05) • Updated input 'stylix/base16': 'github:SenchoPens/base16.nix/806a1777a5db2a1ef9d5d6f493ef2381047f2b89?narHash=sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI%3D' (2025-05-06) → 'github:SenchoPens/base16.nix/75ed5e5e3fce37df22e49125181fa37899c3ccd6?narHash=sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo%3D' (2025-08-21) • Updated input 'stylix/firefox-gnome-theme': 'github:rafaelmardojai/firefox-gnome-theme/4eb2714fbed2b80e234312611a947d6cb7d70caf?narHash=sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA%3D' (2025-05-27) → 'github:rafaelmardojai/firefox-gnome-theme/0909cfe4a2af8d358ad13b20246a350e14c2473d?narHash=sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk%3D' (2025-09-17) • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5?narHash=sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ%3D' (2025-07-01) → 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751?narHash=sha256-%2BuWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw%3D' (2025-09-01) • Updated input 'stylix/nur': 'github:nix-community/NUR/ddb679f4131e819efe3bbc6457ba19d7ad116f25?narHash=sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw%3D' (2025-07-07) → 'github:nix-community/NUR/ba8d9c98f5f4630bcb0e815ab456afd90c930728?narHash=sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV%2B4EnDYjdJhHvUk%3D' (2025-09-27) • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/5a775c6ffd6e6125947b393872cde95867d85a2a?narHash=sha256-LI%2BBnRoFNRa2ffbe3dcuIRYAUcGklBx0%2BEcFxlHj0SY%3D' (2025-06-24) → 'github:tinted-theming/schemes/317a5e10c35825a6c905d912e480dfe8e71c7559?narHash=sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St%2BUrqkM%3D' (2025-09-12) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/bded5e24407cec9d01bd47a317d15b9223a1546c?narHash=sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE%3D' (2025-06-29) → 'github:tinted-theming/tinted-tmux/d217ba31c846006e9e0ae70775b0ee0f00aa6b1e?narHash=sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD%2BX3vEBUGbTi4JiI%3D' (2025-09-14) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/86a470d94204f7652b906ab0d378e4231a5b3384?narHash=sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR%2BC98jX8%3D' (2025-06-29) → 'github:tinted-theming/base16-zed/824fe0aacf82b3c26690d14e8d2cedd56e18404e?narHash=sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w%3D' (2025-09-14) --- flake.lock | 84 +++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index 44d74f1..c6fc6db 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", "type": "github" }, "original": { @@ -136,11 +136,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", "type": "github" }, "original": { @@ -173,11 +173,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -265,11 +265,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -286,11 +286,11 @@ ] }, "locked": { - "lastModified": 1755625756, - "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", + "lastModified": 1760033152, + "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", "owner": "nix-community", "repo": "home-manager", - "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", + "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1755531224, - "narHash": "sha256-gy3E/WgenQbZUWH/DRgnDvAb//fr6iiG6PPnL7OFtZg=", + "lastModified": 1759846470, + "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "f1d16001cb2f32d61cd49e527d111c43c457e629", + "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", "type": "github" }, "original": { @@ -390,11 +390,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1755593991, - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", + "lastModified": 1759735786, + "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", + "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", "type": "github" }, "original": { @@ -406,11 +406,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753934836, - "narHash": "sha256-G06FmIBj0I5bMW1Q8hAEIl5N7IHMK7+Ta4KA+BmneDA=", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8679b16e11becd487b45d568358ddf9d5640d860", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", "type": "github" }, "original": { @@ -422,11 +422,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1759831965, + "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "c9b6fb798541223bbb396d287d16f43520250518", "type": "github" }, "original": { @@ -448,11 +448,11 @@ ] }, "locked": { - "lastModified": 1751906969, - "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", "owner": "nix-community", "repo": "NUR", - "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", "type": "github" }, "original": { @@ -518,11 +518,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755708361, - "narHash": "sha256-RmqBx2EamhIk0WVhQSNb8iehaVhilO7D0YAnMoFPqJQ=", + "lastModified": 1759690047, + "narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", "owner": "danth", "repo": "stylix", - "rev": "2355da455d7188228aaf20ac16ea9386e5aa6f0c", + "rev": "09022804b2bcd217f3a41a644d26b23d30375d12", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1750770351, - "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", "owner": "tinted-theming", "repo": "schemes", - "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", "type": "github" }, "original": { @@ -628,11 +628,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1751159871, - "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", "type": "github" }, "original": { @@ -644,11 +644,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1751158968, - "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", "type": "github" }, "original": { From 7f64d4905255bffeff5ac37107b7bd1dbb74702f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 10 Oct 2025 09:41:12 -0300 Subject: [PATCH 142/267] niri + dms; WIP --- flake.lock | 348 ++++++--------------------- flake.nix | 18 +- hosts/modules/default.nix | 1 - hosts/modules/desktop.nix | 26 +- hosts/modules/programs.nix | 15 +- hosts/modules/rotterdam/hardware.nix | 5 +- users/modules/programs.nix | 9 +- users/modules/user/programs.nix | 14 ++ users/user.nix | 3 +- 9 files changed, 122 insertions(+), 317 deletions(-) diff --git a/flake.lock b/flake.lock index c6fc6db..10e0544 100644 --- a/flake.lock +++ b/flake.lock @@ -23,73 +23,6 @@ "type": "github" } }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1755819240, - "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -112,6 +45,27 @@ "type": "github" } }, + "dgop": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760238269, + "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", + "owner": "AvengeMedia", + "repo": "dgop", + "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "dgop", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -133,19 +87,47 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, + "dms": { + "inputs": { + "dgop": "dgop", + "dms-cli": "dms-cli", + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell" + }, "locked": { - "lastModified": 1758112371, - "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "lastModified": 1760401338, + "narHash": "sha256-aN4qiI9R4ByEucFE/zvJFF8Y456nDe1IXCKu0hvEP+U=", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "rev": "07fe2ca4072eb987c8090f388d4979f5006cef52", "type": "github" }, "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "type": "github" + } + }, + "dms-cli": { + "inputs": { + "nixpkgs": [ + "dms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760241259, + "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", + "owner": "AvengeMedia", + "repo": "danklinux", + "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "danklinux", "type": "github" } }, @@ -165,27 +147,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -204,39 +165,6 @@ "type": "github" } }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.2", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -436,43 +364,39 @@ "type": "github" } }, - "nur": { + "quickshell": { "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], "nixpkgs": [ - "stylix", + "dms", "nixpkgs" ] }, "locked": { - "lastModified": 1758998580, - "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", - "owner": "nix-community", - "repo": "NUR", - "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", - "type": "github" + "lastModified": 1760228179, + "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", + "ref": "refs/heads/master", + "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", + "revCount": 693, + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" } }, "root": { "inputs": { "agenix": "agenix", "disko": "disko", + "dms": "dms", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" + "nixpkgs-stable": "nixpkgs-stable" } }, "rust-overlay": { @@ -497,40 +421,6 @@ "type": "github" } }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts", - "gnome-shell": "gnome-shell", - "nixpkgs": [ - "nixpkgs" - ], - "nur": "nur", - "systems": "systems_3", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1759690047, - "narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", - "owner": "danth", - "repo": "stylix", - "rev": "09022804b2bcd217f3a41a644d26b23d30375d12", - "type": "github" - }, - "original": { - "owner": "danth", - "repo": "stylix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -560,102 +450,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1757716333, - "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1757811970, - "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1757811247, - "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9b13d69..234a747 100644 --- a/flake.nix +++ b/flake.nix @@ -14,11 +14,6 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - stylix = { - url = "github:danth/stylix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; @@ -29,6 +24,11 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; + dms = { + url = "github:AvengeMedia/DankMaterialShell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; @@ -43,8 +43,8 @@ nixpkgs-stable, home-manager, home-manager-stable, - stylix, disko, + dms, agenix, nixos-cli, nix-flatpak, @@ -88,10 +88,10 @@ ./hosts/${hostname}.nix agenix.nixosModules.default disko.nixosModules.default + dms.nixosModules.greeter hm.nixosModules.default impermanence.nixosModules.impermanence nix-flatpak.nixosModules.nix-flatpak - stylix.nixosModules.stylix nixos-cli.nixosModules.nixos-cli { nixpkgs.overlays = [ @@ -165,7 +165,7 @@ toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; } // nixpkgs.lib.optionalAttrs (system == "x86_64-linux") { - plasticity = pkgs.callPackage ./packages/plasticity.nix { }; + # plasticity = pkgs.callPackage ./packages/plasticity.nix { }; } ); @@ -173,7 +173,7 @@ overlay = final: prev: { }; workstationOverlay = final: prev: { - plasticity = self.packages.${final.system}.plasticity; + # plasticity = self.packages.${final.system}.plasticity; toggleaudiosink = self.packages.${final.system}.toggleaudiosink; }; serverOverlay = final: prev: { diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix index 64c4aef..99cf017 100644 --- a/hosts/modules/default.nix +++ b/hosts/modules/default.nix @@ -13,7 +13,6 @@ ./programs.nix ./security.nix ./services.nix - ./stylix.nix ./users.nix ./virtualisation.nix ]; diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix index 6002f3e..ae297e3 100644 --- a/hosts/modules/desktop.nix +++ b/hosts/modules/desktop.nix @@ -18,20 +18,6 @@ # Workstation specific configuration (lib.mkIf hostType.isWorkstation { services = { - displayManager = { - autoLogin = { - enable = true; - user = "user"; - }; - sddm = { - enable = true; - wayland = { - enable = true; - compositor = "kwin"; - }; - }; - }; - desktopManager.plasma6.enable = true; pipewire = { enable = true; alsa.enable = true; @@ -40,6 +26,18 @@ jack.enable = true; wireplumber.enable = true; }; + greetd.settings.initial_session = { + command = "niri"; + user = "user"; + }; + }; + + programs = { + dankMaterialShell.greeter = { + enable = true; + compositor.name = "niri"; + }; + niri.enable = true; }; hardware = { diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix index ebb43fc..0252863 100644 --- a/hosts/modules/programs.nix +++ b/hosts/modules/programs.nix @@ -48,6 +48,7 @@ let kdepkgs = with pkgs.kdePackages; [ ark + dolphin dolphin-plugins kolourpaint ]; @@ -72,6 +73,7 @@ [ ### Dev Tools ### bat + claude-code lazygit fd fzf @@ -109,6 +111,7 @@ protonup ### System Utilities ### adwaita-icon-theme + colloid-gtk-theme junction kara kde-rounded-corners @@ -125,15 +128,6 @@ qview ] ++ kdepkgs; - plasma6.excludePackages = with pkgs.kdePackages; [ - discover - elisa - gwenview - kate - khelpcenter - konsole - oxygen - ]; }; programs = { @@ -163,8 +157,9 @@ packages = with pkgs; [ corefonts inter - nerd-fonts.hack + nerd-fonts.fira-code noto-fonts-cjk-sans + noto-fonts-color-emoji roboto ]; }; diff --git a/hosts/modules/rotterdam/hardware.nix b/hosts/modules/rotterdam/hardware.nix index ba7f866..6f76e99 100644 --- a/hosts/modules/rotterdam/hardware.nix +++ b/hosts/modules/rotterdam/hardware.nix @@ -2,10 +2,7 @@ { hardware = { - amdgpu = { - opencl.enable = true; - amdvlk.enable = true; - }; + amdgpu.opencl.enable = true; graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; }; } diff --git a/users/modules/programs.nix b/users/modules/programs.nix index c18c17f..8420dce 100644 --- a/users/modules/programs.nix +++ b/users/modules/programs.nix @@ -25,6 +25,7 @@ helix = { enable = true; settings = { + theme = "base16_transparent"; editor = { file-picker.hidden = false; idle-timeout = 0; @@ -84,7 +85,6 @@ ]; }; }; - } # Server specific configuration @@ -96,6 +96,13 @@ programs.rio = { enable = true; settings = { + theme = "catppuccin-mocha"; + fonts = { + family = "FiraCode Nerd Font"; + size = 16.0; + emoji.family = "Noto Color Emoji"; + }; + confirm-before-quit = false; window = { width = 1121; height = 633; diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix index a024663..4cebeda 100644 --- a/users/modules/user/programs.nix +++ b/users/modules/user/programs.nix @@ -115,6 +115,10 @@ fonts.fontconfig.enable = true; programs = { + dankMaterialShell = { + enable = true; + enableVPN = false; + }; password-store.package = pkgs.pass-wayland; mangohud.enable = true; @@ -128,6 +132,16 @@ ]; }; }; + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + kdePackages.xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; }) ]; } diff --git a/users/user.nix b/users/user.nix index 9950533..a5832cc 100644 --- a/users/user.nix +++ b/users/user.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { home = { @@ -10,5 +10,6 @@ imports = [ ./modules ./modules/user + inputs.dms.homeModules.dankMaterialShell.default ]; } From 816496fbab82f2297e35c22099f719fe3b8812ca Mon Sep 17 00:00:00 2001 From: William Date: Tue, 14 Oct 2025 15:43:12 -0300 Subject: [PATCH 143/267] now using flake-parts; refactored nixosConfigurations; using hm standalone --- devShells.nix | 14 ++ flake.lock | 34 +++ flake.nix | 152 +----------- homeConfigurations.nix | 34 +++ hosts/alexandria.nix | 12 - hosts/alexandria/firewall.nix | 11 + hosts/alexandria/forgejo.nix | 21 ++ .../alexandria/hardware-configuration.nix | 0 hosts/alexandria/jellyfin.nix | 8 + hosts/alexandria/librespeed.nix | 14 ++ hosts/alexandria/nginx.nix | 71 ++++++ hosts/alexandria/radicale.nix | 17 ++ hosts/alexandria/rclone-webdav.nix | 82 +++++++ hosts/alexandria/vaultwarden.nix | 12 + hosts/io.nix | 12 - hosts/{modules => }/io/boot.nix | 0 hosts/{modules => }/io/disko.nix | 4 +- .../io/hardware-configuration.nix | 0 hosts/{modules => }/io/programs.nix | 10 - hosts/{modules => }/io/services.nix | 9 + hosts/modules/alexandria/default.nix | 9 - hosts/modules/alexandria/networking.nix | 16 -- hosts/modules/alexandria/services.nix | 225 ------------------ hosts/modules/alexandria/users.nix | 3 - hosts/modules/bluetooth.nix | 5 + hosts/modules/boot.nix | 61 ----- hosts/modules/common/boot.nix | 20 ++ hosts/modules/common/console.nix | 8 + hosts/modules/common/firewall.nix | 8 + hosts/modules/common/locale.nix | 20 ++ hosts/modules/common/nix.nix | 40 ++++ hosts/modules/common/openssh.nix | 8 + hosts/modules/common/programs.nix | 29 +++ hosts/modules/common/security.nix | 13 + hosts/modules/common/services.nix | 9 + hosts/modules/common/tailscale.nix | 8 + hosts/modules/common/users.nix | 29 +++ hosts/modules/console.nix | 21 -- hosts/modules/default.nix | 19 -- hosts/modules/desktop.nix | 64 ----- hosts/modules/desktop/boot.nix | 26 ++ hosts/modules/desktop/desktop.nix | 136 +++++++++++ hosts/modules/desktop/nix.nix | 13 + hosts/modules/desktop/services.nix | 15 ++ hosts/modules/dev.nix | 20 ++ hosts/modules/environment.nix | 4 - hosts/modules/ephermal.nix | 118 ++++----- hosts/modules/fwupd.nix | 5 + hosts/modules/gaming.nix | 36 +++ hosts/modules/impermanence.nix | 43 ---- hosts/modules/io/default.nix | 11 - hosts/modules/libvirtd.nix | 12 + hosts/modules/locale.nix | 33 --- hosts/modules/networking.nix | 29 --- hosts/modules/networkmanager.nix | 10 + hosts/modules/nix.nix | 64 ----- hosts/modules/podman.nix | 14 ++ hosts/modules/programs.nix | 202 ---------------- hosts/modules/rotterdam/default.nix | 11 - hosts/modules/security.nix | 26 -- hosts/modules/server/boot.nix | 5 + hosts/modules/server/nix.nix | 13 + hosts/modules/server/tailscale.nix | 13 + hosts/modules/services.nix | 52 ---- hosts/modules/stylix.nix | 63 ----- hosts/modules/trantor/default.nix | 10 - hosts/modules/users.nix | 81 ------- hosts/modules/virtualisation.nix | 37 --- hosts/rotterdam.nix | 12 - hosts/{modules => }/rotterdam/boot.nix | 0 .../rotterdam/hardware-configuration.nix | 0 hosts/{modules => }/rotterdam/hardware.nix | 0 hosts/{modules => }/rotterdam/programs.nix | 2 - hosts/{modules => }/rotterdam/services.nix | 0 hosts/trantor.nix | 13 - hosts/{modules => }/trantor/boot.nix | 1 - hosts/{modules => }/trantor/disko.nix | 4 +- .../trantor/hardware-configuration.nix | 0 hosts/{modules => }/trantor/networking.nix | 0 modules/qbittorrent.nix | 123 ---------- nixosConfigurations.nix | 50 ++++ overlays.nix | 10 + packages.nix | 11 + packages/plasticity.nix | 122 ---------- users/modules/btop.nix | 12 + users/modules/common/bash.nix | 8 + users/modules/common/fish.nix | 38 +++ users/modules/default.nix | 7 - users/modules/desktop.nix | 55 +++++ users/modules/direnv.nix | 8 + users/modules/gaming.nix | 5 + users/modules/helix.nix | 50 ++++ users/modules/obs-studio.nix | 13 + users/modules/programs.nix | 114 --------- users/modules/root/default.nix | 5 - users/modules/starship.nix | 40 ++++ users/modules/tmux.nix | 11 + users/modules/user/default.nix | 8 - users/modules/user/home.nix | 11 - users/modules/user/programs.nix | 147 ------------ users/root.nix | 14 -- users/user.nix | 15 -- users/user/git.nix | 10 + utils.nix | 171 +++++++++++++ 104 files changed, 1414 insertions(+), 1910 deletions(-) create mode 100644 devShells.nix create mode 100644 homeConfigurations.nix delete mode 100644 hosts/alexandria.nix create mode 100644 hosts/alexandria/firewall.nix create mode 100644 hosts/alexandria/forgejo.nix rename hosts/{modules => }/alexandria/hardware-configuration.nix (100%) create mode 100644 hosts/alexandria/jellyfin.nix create mode 100644 hosts/alexandria/librespeed.nix create mode 100644 hosts/alexandria/nginx.nix create mode 100644 hosts/alexandria/radicale.nix create mode 100644 hosts/alexandria/rclone-webdav.nix create mode 100644 hosts/alexandria/vaultwarden.nix delete mode 100644 hosts/io.nix rename hosts/{modules => }/io/boot.nix (100%) rename hosts/{modules => }/io/disko.nix (97%) rename hosts/{modules => }/io/hardware-configuration.nix (100%) rename hosts/{modules => }/io/programs.nix (73%) rename hosts/{modules => }/io/services.nix (84%) delete mode 100644 hosts/modules/alexandria/default.nix delete mode 100644 hosts/modules/alexandria/networking.nix delete mode 100644 hosts/modules/alexandria/services.nix delete mode 100644 hosts/modules/alexandria/users.nix create mode 100644 hosts/modules/bluetooth.nix delete mode 100644 hosts/modules/boot.nix create mode 100644 hosts/modules/common/boot.nix create mode 100644 hosts/modules/common/console.nix create mode 100644 hosts/modules/common/firewall.nix create mode 100644 hosts/modules/common/locale.nix create mode 100644 hosts/modules/common/nix.nix create mode 100644 hosts/modules/common/openssh.nix create mode 100644 hosts/modules/common/programs.nix create mode 100644 hosts/modules/common/security.nix create mode 100644 hosts/modules/common/services.nix create mode 100644 hosts/modules/common/tailscale.nix create mode 100644 hosts/modules/common/users.nix delete mode 100644 hosts/modules/console.nix delete mode 100644 hosts/modules/default.nix delete mode 100644 hosts/modules/desktop.nix create mode 100644 hosts/modules/desktop/boot.nix create mode 100644 hosts/modules/desktop/desktop.nix create mode 100644 hosts/modules/desktop/nix.nix create mode 100644 hosts/modules/desktop/services.nix create mode 100644 hosts/modules/dev.nix delete mode 100644 hosts/modules/environment.nix create mode 100644 hosts/modules/fwupd.nix create mode 100644 hosts/modules/gaming.nix delete mode 100644 hosts/modules/impermanence.nix delete mode 100644 hosts/modules/io/default.nix create mode 100644 hosts/modules/libvirtd.nix delete mode 100644 hosts/modules/locale.nix delete mode 100644 hosts/modules/networking.nix create mode 100644 hosts/modules/networkmanager.nix delete mode 100644 hosts/modules/nix.nix create mode 100644 hosts/modules/podman.nix delete mode 100644 hosts/modules/programs.nix delete mode 100644 hosts/modules/rotterdam/default.nix delete mode 100644 hosts/modules/security.nix create mode 100644 hosts/modules/server/boot.nix create mode 100644 hosts/modules/server/nix.nix create mode 100644 hosts/modules/server/tailscale.nix delete mode 100644 hosts/modules/services.nix delete mode 100644 hosts/modules/stylix.nix delete mode 100644 hosts/modules/trantor/default.nix delete mode 100644 hosts/modules/users.nix delete mode 100644 hosts/modules/virtualisation.nix delete mode 100644 hosts/rotterdam.nix rename hosts/{modules => }/rotterdam/boot.nix (100%) rename hosts/{modules => }/rotterdam/hardware-configuration.nix (100%) rename hosts/{modules => }/rotterdam/hardware.nix (100%) rename hosts/{modules => }/rotterdam/programs.nix (94%) rename hosts/{modules => }/rotterdam/services.nix (100%) delete mode 100644 hosts/trantor.nix rename hosts/{modules => }/trantor/boot.nix (68%) rename hosts/{modules => }/trantor/disko.nix (91%) rename hosts/{modules => }/trantor/hardware-configuration.nix (100%) rename hosts/{modules => }/trantor/networking.nix (100%) delete mode 100644 modules/qbittorrent.nix create mode 100644 nixosConfigurations.nix create mode 100644 overlays.nix create mode 100644 packages.nix delete mode 100644 packages/plasticity.nix create mode 100644 users/modules/btop.nix create mode 100644 users/modules/common/bash.nix create mode 100644 users/modules/common/fish.nix delete mode 100644 users/modules/default.nix create mode 100644 users/modules/desktop.nix create mode 100644 users/modules/direnv.nix create mode 100644 users/modules/gaming.nix create mode 100644 users/modules/helix.nix create mode 100644 users/modules/obs-studio.nix delete mode 100644 users/modules/programs.nix delete mode 100644 users/modules/root/default.nix create mode 100644 users/modules/starship.nix create mode 100644 users/modules/tmux.nix delete mode 100644 users/modules/user/default.nix delete mode 100644 users/modules/user/home.nix delete mode 100644 users/modules/user/programs.nix delete mode 100644 users/root.nix delete mode 100644 users/user.nix create mode 100644 users/user/git.nix create mode 100644 utils.nix diff --git a/devShells.nix b/devShells.nix new file mode 100644 index 0000000..254d604 --- /dev/null +++ b/devShells.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + nil + nixfmt-rfc-style + ]; + }; + }; +} diff --git a/flake.lock b/flake.lock index 10e0544..b19b2ca 100644 --- a/flake.lock +++ b/flake.lock @@ -147,6 +147,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -316,6 +334,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1759735786, @@ -390,6 +423,7 @@ "agenix": "agenix", "disko": "disko", "dms": "dms", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index 234a747..0d826a1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + flake-parts.url = "github:hercules-ci/flake-parts"; + home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -37,151 +39,19 @@ }; outputs = - inputs@{ - self, - nixpkgs, - nixpkgs-stable, - home-manager, - home-manager-stable, - disko, - dms, - agenix, - nixos-cli, - nix-flatpak, - impermanence, - ... - }: - let + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs systems; - forAllSystemsWithPkgs = - f: - forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - f system pkgs - ); - in - { - nixosConfigurations = - let - mkHost = - { - hostname, - type, # workstation|server - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - pkgs = if type == "server" then nixpkgs-stable else nixpkgs; - hm = if type == "server" then home-manager-stable else home-manager; - hostTypeFlags = { - isServer = type == "server"; - isWorkstation = type == "workstation"; - }; - defaultModules = [ - ./hosts/${hostname}.nix - agenix.nixosModules.default - disko.nixosModules.default - dms.nixosModules.greeter - hm.nixosModules.default - impermanence.nixosModules.impermanence - nix-flatpak.nixosModules.nix-flatpak - nixos-cli.nixosModules.nixos-cli - { - nixpkgs.overlays = [ - agenix.overlays.default - ]; - } - ]; - workstationModules = [ - { - nixpkgs.overlays = [ - self.overlays.workstationOverlay - ]; - } - ]; - serverModules = [ - { - nixpkgs.overlays = [ - self.overlays.serverOverlay - ]; - } - ]; - typeModules = if type == "server" then serverModules else workstationModules; - allModules = defaultModules ++ typeModules ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostType = hostTypeFlags; - }; - modules = allModules; - }; - in - { - rotterdam = mkHost { - hostname = "rotterdam"; - type = "workstation"; - }; - io = mkHost { - hostname = "io"; - type = "workstation"; - }; - alexandria = mkHost { - hostname = "alexandria"; - type = "server"; - extraModules = [ - self.nixosModules.qbittorrent - ]; - }; - trantor = mkHost { - hostname = "trantor"; - type = "server"; - system = "aarch64-linux"; - }; - }; - devShells = forAllSystemsWithPkgs ( - system: pkgs: { - default = pkgs.mkShell { - packages = with pkgs; [ - nil - nixfmt-rfc-style - ]; - }; - } - ); - - packages = forAllSystemsWithPkgs ( - system: pkgs: - { - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - } - // nixpkgs.lib.optionalAttrs (system == "x86_64-linux") { - # plasticity = pkgs.callPackage ./packages/plasticity.nix { }; - } - ); - - overlays = { - overlay = final: prev: { - }; - workstationOverlay = final: prev: { - # plasticity = self.packages.${final.system}.plasticity; - toggleaudiosink = self.packages.${final.system}.toggleaudiosink; - }; - serverOverlay = final: prev: { - }; - }; - - nixosModules = { - qbittorrent = import ./modules/qbittorrent.nix; - }; + imports = [ + ./devShells.nix + ./homeConfigurations.nix + ./nixosConfigurations.nix + ./overlays.nix + ./packages.nix + ]; }; } diff --git a/homeConfigurations.nix b/homeConfigurations.nix new file mode 100644 index 0000000..3d3a950 --- /dev/null +++ b/homeConfigurations.nix @@ -0,0 +1,34 @@ +{ inputs, ... }: +let + utils = import ./utils.nix { inherit inputs; }; + inherit (utils) mkUser; +in +{ + flake.homeConfigurations = { + "user@rotterdam" = mkUser { + username = "user"; + tags = [ + "btop" + "desktop" + "direnv" + "gaming" + "helix" + "obs-studio" + "starship" + "tmux" + ]; + }; + + "user@io" = mkUser { + username = "user"; + tags = [ + "btop" + "desktop" + "direnv" + "helix" + "starship" + "tmux" + ]; + }; + }; +} diff --git a/hosts/alexandria.nix b/hosts/alexandria.nix deleted file mode 100644 index 6050904..0000000 --- a/hosts/alexandria.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.hostName = "alexandria"; - - imports = [ - ./modules/alexandria - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./alexandria.nix}" ]; -} diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix new file mode 100644 index 0000000..f6fded2 --- /dev/null +++ b/hosts/alexandria/firewall.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + allowedUDPPorts = [ ]; + }; +} diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix new file mode 100644 index 0000000..0b9908e --- /dev/null +++ b/hosts/alexandria/forgejo.nix @@ -0,0 +1,21 @@ +{ ... }: + +{ + services.forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; +} diff --git a/hosts/modules/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix similarity index 100% rename from hosts/modules/alexandria/hardware-configuration.nix rename to hosts/alexandria/hardware-configuration.nix diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix new file mode 100644 index 0000000..87a825f --- /dev/null +++ b/hosts/alexandria/jellyfin.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.jellyfin = { + enable = true; + openFirewall = true; + }; +} diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix new file mode 100644 index 0000000..09e4768 --- /dev/null +++ b/hosts/alexandria/librespeed.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "America/Bahia"; + }; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; +} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix new file mode 100644 index 0000000..8c20d5d --- /dev/null +++ b/hosts/alexandria/nginx.nix @@ -0,0 +1,71 @@ +{ config, lib, ... }: + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs."baduhai.dev" = { + extraDomainNames = [ "*.baduhai.dev" ]; + }; + }; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = + let + commonVHostConfig = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { + "_".locations."/".return = "444"; + "dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; # Increase timeouts for large file uploads + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; # Allow large file uploads + proxy_buffering off; # Buffer settings for better performance + proxy_request_buffering off; + ''; + }; + }; + "git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + "pass.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; +} diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix new file mode 100644 index 0000000..d81a228 --- /dev/null +++ b/hosts/alexandria/radicale.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + services.radicale = { + enable = true; + settings = { + server = { + hosts = [ "/run/radicale/radicale.sock" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + }; + }; +} diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/rclone-webdav.nix new file mode 100644 index 0000000..8324d31 --- /dev/null +++ b/hosts/alexandria/rclone-webdav.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +let + rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' + #!/bin/bash + + # Configuration + CREDS_FILE="/run/agenix/webdav" + SERVE_DIR="/data/webdav" + SOCKET_PATH="/run/rclone-webdav/webdav.sock" + + # Check if credentials file exists + if [ ! -f "$CREDS_FILE" ]; then + echo "Error: Credentials file $CREDS_FILE not found" + exit 1 + fi + + # Read credentials from file (format: username:password) + CREDENTIALS=$(cat "$CREDS_FILE") + USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) + PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) + + # Validate credentials + if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then + echo "Error: Invalid credentials format. Expected username:password" + exit 1 + fi + + # Ensure serve directory exists + mkdir -p "$SERVE_DIR" + + # Remove existing socket if it exists + rm -f "$SOCKET_PATH" + + # Start rclone serve webdav + exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ + --addr unix://"$SOCKET_PATH" \ + --user "$USERNAME" \ + --pass "$PASSWORD" \ + --config="" \ + --baseurl "/webdav" \ + --verbose + ''; +in + +{ + age.secrets.webdav = { + file = ../../secrets/webdav.age; + owner = "user"; + group = "users"; + }; + + systemd.services.rclone-webdav = { + description = "RClone WebDAV Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "exec"; + User = "user"; + Group = "nginx"; + ExecStart = "${rclone-webdav-start}"; + Restart = "always"; + RestartSec = "10"; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + "/data/webdav" + "/run" + ]; + RuntimeDirectory = "rclone-webdav"; + RuntimeDirectoryMode = "0750"; + UMask = "0002"; + }; + preStart = '' + mkdir -p /data/webdav + chown user:users /data/webdav + chmod 755 /data/webdav + ''; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix new file mode 100644 index 0000000..058c123 --- /dev/null +++ b/hosts/alexandria/vaultwarden.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + }; + }; +} diff --git a/hosts/io.nix b/hosts/io.nix deleted file mode 100644 index 3910dc1..0000000 --- a/hosts/io.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.hostName = "io"; - - imports = [ - ./modules/io - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./io.nix}" ]; -} diff --git a/hosts/modules/io/boot.nix b/hosts/io/boot.nix similarity index 100% rename from hosts/modules/io/boot.nix rename to hosts/io/boot.nix diff --git a/hosts/modules/io/disko.nix b/hosts/io/disko.nix similarity index 97% rename from hosts/modules/io/disko.nix rename to hosts/io/disko.nix index 3dc3b31..edb1418 100644 --- a/hosts/modules/io/disko.nix +++ b/hosts/io/disko.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices = { disk = { main = { diff --git a/hosts/modules/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix similarity index 100% rename from hosts/modules/io/hardware-configuration.nix rename to hosts/io/hardware-configuration.nix diff --git a/hosts/modules/io/programs.nix b/hosts/io/programs.nix similarity index 73% rename from hosts/modules/io/programs.nix rename to hosts/io/programs.nix index f1286c7..e272d22 100644 --- a/hosts/modules/io/programs.nix +++ b/hosts/io/programs.nix @@ -19,19 +19,9 @@ in { environment = { systemPackages = with pkgs; [ - arduino-ide - esptool - # fritzing maliit-keyboard sof-firmware ]; sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; } diff --git a/hosts/modules/io/services.nix b/hosts/io/services.nix similarity index 84% rename from hosts/modules/io/services.nix rename to hosts/io/services.nix index f9f82cf..3703ba3 100644 --- a/hosts/modules/io/services.nix +++ b/hosts/io/services.nix @@ -1,3 +1,5 @@ +{ pkgs, ... }: + { services = { keyd = { @@ -47,4 +49,11 @@ }; }; }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; } diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix deleted file mode 100644 index 40a4da2..0000000 --- a/hosts/modules/alexandria/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./services.nix - ./users.nix - ]; -} diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix deleted file mode 100644 index 2d59cbb..0000000 --- a/hosts/modules/alexandria/networking.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix deleted file mode 100644 index 7de15d5..0000000 --- a/hosts/modules/alexandria/services.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - ports = { - jellyfin = "8096"; - librespeed = "8000"; - radicale = "8001"; - vaultwarden = "8002"; - }; - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in - -{ - services = { - forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - }; - }; - - jellyfin = { - enable = true; - openFirewall = true; - }; - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = - let - commonVHostConfig = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { - "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://127.0.0.1:${ports.radicale}/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; - "git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}/"; - "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}/"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}/"; - }; - }; - - radicale = { - enable = true; - settings = { - server = { - hosts = [ - "127.0.0.1:${ports.radicale}" - "[::]:${ports.radicale}" - ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - - vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "${ports.vaultwarden}"; - }; - }; - }; - - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "${ports.librespeed}:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; - }; - - age.secrets = { - cloudflare = { - file = ../../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; - webdav = { - file = ../../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; - }; - - systemd.services = { - rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; - }; -} diff --git a/hosts/modules/alexandria/users.nix b/hosts/modules/alexandria/users.nix deleted file mode 100644 index 14e34c2..0000000 --- a/hosts/modules/alexandria/users.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - users.users.nginx.extraGroups = [ "acme" ]; -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix new file mode 100644 index 0000000..fb6a06a --- /dev/null +++ b/hosts/modules/bluetooth.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + hardware.bluetooth.enable = true; +} diff --git a/hosts/modules/boot.nix b/hosts/modules/boot.nix deleted file mode 100644 index 049fad7..0000000 --- a/hosts/modules/boot.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; - }) - ]; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix new file mode 100644 index 0000000..fbba278 --- /dev/null +++ b/hosts/modules/common/boot.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; +} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix new file mode 100644 index 0000000..9cb99d4 --- /dev/null +++ b/hosts/modules/common/console.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + console = { + useXkbConfig = true; + earlySetup = true; + }; +} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix new file mode 100644 index 0000000..910e803 --- /dev/null +++ b/hosts/modules/common/firewall.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + networking = { + firewall.enable = true; + nftables.enable = true; + }; +} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix new file mode 100644 index 0000000..7e07d85 --- /dev/null +++ b/hosts/modules/common/locale.nix @@ -0,0 +1,20 @@ +{ ... }: + +{ + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; +} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix new file mode 100644 index 0000000..ff0b474 --- /dev/null +++ b/hosts/modules/common/nix.nix @@ -0,0 +1,40 @@ +{ inputs, ... }: + +{ + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services = { + nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + }; + + system.stateVersion = "22.11"; +} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix new file mode 100644 index 0000000..07108ce --- /dev/null +++ b/hosts/modules/common/openssh.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + }; +} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix new file mode 100644 index 0000000..9820149 --- /dev/null +++ b/hosts/modules/common/programs.nix @@ -0,0 +1,29 @@ +{ lib, pkgs, ... }: + +{ + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; + neofetch = "${lib.getExe pkgs.fastfetch}"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish.enable = true; + }; +} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix new file mode 100644 index 0000000..33d4953 --- /dev/null +++ b/hosts/modules/common/security.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; +} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix new file mode 100644 index 0000000..89ac527 --- /dev/null +++ b/hosts/modules/common/services.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; +} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix new file mode 100644 index 0000000..98bea97 --- /dev/null +++ b/hosts/modules/common/tailscale.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; +} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix new file mode 100644 index 0000000..076eb99 --- /dev/null +++ b/hosts/modules/common/users.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +{ + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ''; + }; +} diff --git a/hosts/modules/console.nix b/hosts/modules/console.nix deleted file mode 100644 index 042976d..0000000 --- a/hosts/modules/console.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ hostType, lib, ... }: - -{ - config = lib.mkMerge [ - # Common configuration - { - console = { - useXkbConfig = true; - earlySetup = true; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/default.nix b/hosts/modules/default.nix deleted file mode 100644 index 99cf017..0000000 --- a/hosts/modules/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./console.nix - ./desktop.nix - ./ephermal.nix - ./impermanence.nix - ./locale.nix - ./networking.nix - ./nix.nix - ./programs.nix - ./security.nix - ./services.nix - ./users.nix - ./virtualisation.nix - ]; -} diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix deleted file mode 100644 index ae297e3..0000000 --- a/hosts/modules/desktop.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd.settings.initial_session = { - command = "niri"; - user = "user"; - }; - }; - - programs = { - dankMaterialShell.greeter = { - enable = true; - compositor.name = "niri"; - }; - niri.enable = true; - }; - - hardware = { - xpadneo.enable = true; - bluetooth.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - i2c.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; - }) - ]; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix new file mode 100644 index 0000000..0ac4847 --- /dev/null +++ b/hosts/modules/desktop/boot.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: + +{ + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; +} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix new file mode 100644 index 0000000..4a42772 --- /dev/null +++ b/hosts/modules/desktop/desktop.nix @@ -0,0 +1,136 @@ +{ inputs, pkgs, ... }: + +let + kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; +in +{ + imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; + + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = + with pkgs; + [ + ### Web ### + bitwarden-desktop + brave + tor-browser + qbittorrent + vesktop + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + kwrite + libreoffice-qt + onlyoffice-desktopeditors + rnote + ### Graphics & Design ### + gimp + inkscape + plasticity + ### System Utilities ### + adwaita-icon-theme + colloid-gtk-theme + junction + kara + kde-rounded-corners + libfido2 + mission-center + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + mpv + obs-studio + qview + ] + ++ (with pkgs.kdePackages; [ + ark + dolphin + dolphin-plugins + kolourpaint + ]); + }; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + settings = { + default_session.command = ''${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --greeting "Welcome to NixOS" --cmd ${plasma}/bin/plasma''; + initial_session.user = "user"; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Internet Browsers & Communication ### + "app.zen_browser.zen" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + }; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + programs = { + niri.enable = true; + dconf.enable = true; + kdeconnect.enable = true; + partition-manager.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; +} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix new file mode 100644 index 0000000..54a3549 --- /dev/null +++ b/hosts/modules/desktop/nix.nix @@ -0,0 +1,13 @@ +{ inputs, ... }: + +{ + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; +} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix new file mode 100644 index 0000000..66b78f1 --- /dev/null +++ b/hosts/modules/desktop/services.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +{ + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + }; +} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix new file mode 100644 index 0000000..82908f2 --- /dev/null +++ b/hosts/modules/dev.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + bat + claude-code + lazygit + fd + fzf + glow + nixfmt-rfc-style + nix-init + nix-output-monitor + ripgrep + ]; + + programs.adb.enable = true; + + users.users.user.extraGroups = [ "adbusers" ]; +} diff --git a/hosts/modules/environment.nix b/hosts/modules/environment.nix deleted file mode 100644 index a67ca90..0000000 --- a/hosts/modules/environment.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: - -{ -} diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix index ff22557..adaf5af 100644 --- a/hosts/modules/ephermal.nix +++ b/hosts/modules/ephermal.nix @@ -1,64 +1,72 @@ -{ - hostType, - lib, - ... -}: +{ inputs, ... }: { - config = lib.mkMerge [ - # Common configuration - { - } + imports = [ inputs.impermanence.nixosModules.impermanence ]; - # Server specific configuration - (lib.mkIf hostType.isServer { - }) + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount /dev/mapper/cryptroot /btrfs_tmp - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/mapper/cryptroot /btrfs_tmp + if [[ -e /btrfs_tmp/@root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" + fi - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done + btrfs subvolume create /btrfs_tmp/@root + umount /btrfs_tmp + ''; + }; - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; - }) - ]; + environment.persistence.main = { + persistentStoragePath = "/persistent"; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ]; + }; } diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix new file mode 100644 index 0000000..52dc13e --- /dev/null +++ b/hosts/modules/fwupd.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.fwupd.enable = true; +} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix new file mode 100644 index 0000000..cf6217f --- /dev/null +++ b/hosts/modules/gaming.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + clonehero + heroic + mangohud + prismlauncher + protonup + steam-run + ]; + + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; + }; + + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ]; +} diff --git a/hosts/modules/impermanence.nix b/hosts/modules/impermanence.nix deleted file mode 100644 index 7ce822f..0000000 --- a/hosts/modules/impermanence.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - hostType, - lib, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; - }) - ]; -} diff --git a/hosts/modules/io/default.nix b/hosts/modules/io/default.nix deleted file mode 100644 index fb244cc..0000000 --- a/hosts/modules/io/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./disko.nix - ./hardware-configuration.nix - ./programs.nix - ./services.nix - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix new file mode 100644 index 0000000..41cfa27 --- /dev/null +++ b/hosts/modules/libvirtd.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + virtualisation.libvirtd.enable = true; + + programs.virt-manager.enable = true; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; +} diff --git a/hosts/modules/locale.nix b/hosts/modules/locale.nix deleted file mode 100644 index 44204d5..0000000 --- a/hosts/modules/locale.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ hostType, lib, ... }: - -{ - config = lib.mkMerge [ - # Common configuration - { - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix deleted file mode 100644 index d80f42e..0000000 --- a/hosts/modules/networking.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - hostType, - lib, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix new file mode 100644 index 0000000..7634116 --- /dev/null +++ b/hosts/modules/networkmanager.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + + users.users.user.extraGroups = [ "networkmanager" ]; +} diff --git a/hosts/modules/nix.nix b/hosts/modules/nix.nix deleted file mode 100644 index ddc3b5b..0000000 --- a/hosts/modules/nix.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - inputs, - lib, - hostType, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - system.stateVersion = "22.11"; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }) - ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix new file mode 100644 index 0000000..99018cc --- /dev/null +++ b/hosts/modules/podman.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; +} diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix deleted file mode 100644 index 0252863..0000000 --- a/hosts/modules/programs.nix +++ /dev/null @@ -1,202 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - agenix - git - ### System Utilities ### - btop - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; - neofetch = "${pkgs.fastfetch}/bin/fastfetch"; - tree = "ls --tree"; - vi = "${pkgs.evil-helix}/bin/hx"; - vim = "${pkgs.evil-helix}/bin/hx"; - nvim = "${pkgs.evil-helix}/bin/hx"; - }; - }; - - programs = { - fish.enable = true; - command-not-found.enable = false; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation ( - let - kdepkgs = with pkgs.kdePackages; [ - ark - dolphin - dolphin-plugins - kolourpaint - ]; - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; - in - { - environment = { - systemPackages = - with pkgs; - [ - ### Dev Tools ### - bat - claude-code - lazygit - fd - fzf - glow - nixfmt-rfc-style - nix-init - nix-output-monitor - ripgrep - ### Web ### - bitwarden-desktop - brave - tor-browser - qbittorrent - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - obsidian - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### Gaming & Entertainment ### - clonehero - heroic - mangohud - prismlauncher - protonup - ### System Utilities ### - adwaita-icon-theme - colloid-gtk-theme - junction - kara - kde-rounded-corners - libfido2 - mission-center - p7zip - rclone - steam-run - toggleaudiosink - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ kdepkgs; - }; - - programs = { - adb.enable = true; - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - virt-manager.enable = true; - dconf.enable = true; - nix-ld.enable = true; - kdeconnect.enable = true; - partition-manager.enable = true; - gamemode.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - nh = { - enable = true; - flake = "/home/user/Projects/personal/nix-config"; - }; - }; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - services.flatpak = { - enable = true; - packages = [ - ### Dev Tools ### - ### Internet Browsers & Communication ### - "app.zen_browser.zen" - ### Office & Productivity ### - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### Gaming & Entertainment ### - "com.github.k4zmu2a.spacecadetpinball" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - ### Media ### - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - } - )) - ]; -} diff --git a/hosts/modules/rotterdam/default.nix b/hosts/modules/rotterdam/default.nix deleted file mode 100644 index 0bc2cc8..0000000 --- a/hosts/modules/rotterdam/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./hardware-configuration.nix - ./hardware.nix - ./programs.nix - ./services.nix - ]; -} diff --git a/hosts/modules/security.nix b/hosts/modules/security.nix deleted file mode 100644 index 5cb1786..0000000 --- a/hosts/modules/security.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ hostType, lib, ... }: - -{ - config = lib.mkMerge [ - # Common configuration - { - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - }) - ]; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix new file mode 100644 index 0000000..5d6e482 --- /dev/null +++ b/hosts/modules/server/boot.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_hardened; +} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix new file mode 100644 index 0000000..af57cae --- /dev/null +++ b/hosts/modules/server/nix.nix @@ -0,0 +1,13 @@ +{ inputs, ... }: + +{ + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; +} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix new file mode 100644 index 0000000..1f105ba --- /dev/null +++ b/hosts/modules/server/tailscale.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; +} diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix deleted file mode 100644 index 351e091..0000000 --- a/hosts/modules/services.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - services = { - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - openssh = { - enable = true; - settings.PermitRootLogin = "no"; - }; - nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - fwupd.enable = true; - fstrim.enable = true; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; - }) - ]; -} diff --git a/hosts/modules/stylix.nix b/hosts/modules/stylix.nix deleted file mode 100644 index b0345f2..0000000 --- a/hosts/modules/stylix.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; - size = 24; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 11; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - }; - }) - ]; -} diff --git a/hosts/modules/trantor/default.nix b/hosts/modules/trantor/default.nix deleted file mode 100644 index 9bdb292..0000000 --- a/hosts/modules/trantor/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - imports = [ - ./boot.nix - ./disko.nix - ./hardware-configuration.nix - ./networking.nix - ]; -} diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix deleted file mode 100644 index 68ac26a..0000000 --- a/hosts/modules/users.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - hostType, - inputs, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - backupFileExtension = "bkp"; - users = { - user = import ../../users/user.nix; - root = import ../../users/root.nix; - }; - extraSpecialArgs = { - inherit hostType; - inherit inputs; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - environment.sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - - users.users = { - user = { - description = "William"; - uid = 1000; - extraGroups = [ - "uaccess" # Needed for HID dev - "dialout" # Needed for arduino dev - "libvirt" - "libvirtd" - "adbusers" - "i2c" - ]; - }; - ewans = { - description = "Ewans"; - isNormalUser = true; - uid = 1001; - hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; - }; - }; - }) - ]; -} diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix deleted file mode 100644 index e55a267..0000000 --- a/hosts/modules/virtualisation.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - virtualisation.podman = { - enable = true; - dockerCompat = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; - - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - virtualisation = { - libvirtd.enable = true; - }; - }) - ]; -} diff --git a/hosts/rotterdam.nix b/hosts/rotterdam.nix deleted file mode 100644 index ad95919..0000000 --- a/hosts/rotterdam.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.hostName = "rotterdam"; - - imports = [ - ./modules/rotterdam - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; -} diff --git a/hosts/modules/rotterdam/boot.nix b/hosts/rotterdam/boot.nix similarity index 100% rename from hosts/modules/rotterdam/boot.nix rename to hosts/rotterdam/boot.nix diff --git a/hosts/modules/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix similarity index 100% rename from hosts/modules/rotterdam/hardware-configuration.nix rename to hosts/rotterdam/hardware-configuration.nix diff --git a/hosts/modules/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix similarity index 100% rename from hosts/modules/rotterdam/hardware.nix rename to hosts/rotterdam/hardware.nix diff --git a/hosts/modules/rotterdam/programs.nix b/hosts/rotterdam/programs.nix similarity index 94% rename from hosts/modules/rotterdam/programs.nix rename to hosts/rotterdam/programs.nix index 9f624a1..b4dcfd9 100644 --- a/hosts/modules/rotterdam/programs.nix +++ b/hosts/rotterdam/programs.nix @@ -27,7 +27,5 @@ in { environment.systemPackages = [ reboot-into-qubes ]; - services.flatpak.packages = [ "net.retrodeck.retrodeck" ]; - programs.steam.dedicatedServer.openFirewall = true; } diff --git a/hosts/modules/rotterdam/services.nix b/hosts/rotterdam/services.nix similarity index 100% rename from hosts/modules/rotterdam/services.nix rename to hosts/rotterdam/services.nix diff --git a/hosts/trantor.nix b/hosts/trantor.nix deleted file mode 100644 index 4a02556..0000000 --- a/hosts/trantor.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - networking.hostName = "trantor"; - - imports = [ - ./modules/trantor - ./modules - ]; - - nix.nixPath = [ "nixos-config=${./trantor.nix}" ]; -} - diff --git a/hosts/modules/trantor/boot.nix b/hosts/trantor/boot.nix similarity index 68% rename from hosts/modules/trantor/boot.nix rename to hosts/trantor/boot.nix index b724550..a031ce9 100644 --- a/hosts/modules/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -2,6 +2,5 @@ boot = { loader.efi.efiSysMountPoint = "/boot"; initrd.systemd.enable = true; - kernel.sysctl."net.ipv4.ip_forward" = 1; }; } diff --git a/hosts/modules/trantor/disko.nix b/hosts/trantor/disko.nix similarity index 91% rename from hosts/modules/trantor/disko.nix rename to hosts/trantor/disko.nix index a535e47..a70383e 100644 --- a/hosts/modules/trantor/disko.nix +++ b/hosts/trantor/disko.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices = { disk = { main = { diff --git a/hosts/modules/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix similarity index 100% rename from hosts/modules/trantor/hardware-configuration.nix rename to hosts/trantor/hardware-configuration.nix diff --git a/hosts/modules/trantor/networking.nix b/hosts/trantor/networking.nix similarity index 100% rename from hosts/modules/trantor/networking.nix rename to hosts/trantor/networking.nix diff --git a/modules/qbittorrent.nix b/modules/qbittorrent.nix deleted file mode 100644 index a496c54..0000000 --- a/modules/qbittorrent.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; -let - cfg = config.services.qbittorrent; - configDir = "${cfg.dataDir}/.config"; - openFilesLimit = 4096; -in -{ - options.services.qbittorrent = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Run qBittorrent headlessly as systemwide daemon - ''; - }; - - dataDir = mkOption { - type = types.path; - default = "/var/lib/qbittorrent"; - description = '' - The directory where qBittorrent will create files. - ''; - }; - - user = mkOption { - type = types.str; - default = "qbittorrent"; - description = '' - User account under which qBittorrent runs. - ''; - }; - - group = mkOption { - type = types.str; - default = "qbittorrent"; - description = '' - Group under which qBittorrent runs. - ''; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = '' - qBittorrent web UI port. - ''; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - description = '' - Open services.qBittorrent.port to the outside network. - ''; - }; - - openFilesLimit = mkOption { - default = openFilesLimit; - description = '' - Number of files to allow qBittorrent to open. - ''; - }; - }; - - config = mkIf cfg.enable { - - environment.systemPackages = [ pkgs.qbittorrent ]; - - nixpkgs.overlays = [ - (final: prev: { - qbittorrent = prev.qbittorrent.override { guiSupport = false; }; - }) - ]; - - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; - }; - - systemd.services.qbittorrent = { - after = [ "network.target" ]; - description = "qBittorrent Daemon"; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.qbittorrent ]; - serviceConfig = { - ExecStart = '' - ${pkgs.qbittorrent}/bin/qbittorrent-nox \ - --profile=${configDir} \ - --webui-port=${toString cfg.port} - ''; - # To prevent "Quit & shutdown daemon" from working; we want systemd to - # manage it! - Restart = "on-success"; - User = cfg.user; - Group = cfg.group; - UMask = "0002"; - LimitNOFILE = cfg.openFilesLimit; - }; - }; - - users.users = mkIf (cfg.user == "qbittorrent") { - qbittorrent = { - inherit group; - home = cfg.dataDir; - createHome = true; - description = "qBittorrent Daemon user"; - }; - }; - - users.groups = mkIf (cfg.group == "qbittorrent") { - qbittorrent = { - gid = null; - }; - }; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix new file mode 100644 index 0000000..65a9e14 --- /dev/null +++ b/nixosConfigurations.nix @@ -0,0 +1,50 @@ +{ inputs, ... }: +let + utils = import ./utils.nix { inherit inputs; }; + inherit (utils) mkHost; +in +{ + flake.nixosConfigurations = { + rotterdam = mkHost { + hostname = "rotterdam"; + tags = [ + "desktop" + "bluetooth" + "dev" + "ephermal" + "fwupd" + "gaming" + "libvirtd" + "networkmanager" + "podman" + ]; + }; + + io = mkHost { + hostname = "io"; + tags = [ + "desktop" + "bluetooth" + "dev" + "ephermal" + "networkmanager" + "podman" + ]; + }; + + alexandria = mkHost { + hostname = "alexandria"; + tags = [ + "fwupd" + "podman" + ]; + }; + + trantor = mkHost { + hostname = "trantor"; + system = "aarch64-linux"; + tags = [ + ]; + }; + }; +} diff --git a/overlays.nix b/overlays.nix new file mode 100644 index 0000000..3bc87b1 --- /dev/null +++ b/overlays.nix @@ -0,0 +1,10 @@ +{ inputs, ... }: + +{ + flake.overlays = { + default = final: prev: { + # plasticity = inputs.self.packages.${final.system}.plasticity; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + }; + }; +} diff --git a/packages.nix b/packages.nix new file mode 100644 index 0000000..4ae6a5e --- /dev/null +++ b/packages.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + perSystem = + { pkgs, system, ... }: + { + packages = { + toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + }; + }; +} diff --git a/packages/plasticity.nix b/packages/plasticity.nix deleted file mode 100644 index 4325e5f..0000000 --- a/packages/plasticity.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ - alsa-lib, - at-spi2-atk, - autoPatchelfHook, - cairo, - cups, - dbus, - desktop-file-utils, - expat, - fetchurl, - gdk-pixbuf, - gtk3, - gvfs, - hicolor-icon-theme, - lib, - libdrm, - libglvnd, - libnotify, - libsForQt5, - libxkbcommon, - libgbm, - nspr, - nss, - openssl, - pango, - rpmextract, - stdenv, - systemd, - trash-cli, - vulkan-loader, - wrapGAppsHook3, - xdg-utils, - xorg, -}: -stdenv.mkDerivation rec { - pname = "plasticity"; - version = "25.1.8"; - - src = fetchurl { - url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm"; - hash = "sha256-5PjjEsHchryUhmzqyQ4XqwiycNEVCefmpSW/9jZEzpg="; - }; - - nativeBuildInputs = [ - wrapGAppsHook3 - autoPatchelfHook - rpmextract - libgbm - ]; - - buildInputs = [ - alsa-lib - at-spi2-atk - cairo - cups - dbus - desktop-file-utils - expat - gdk-pixbuf - gtk3 - gvfs - hicolor-icon-theme - libdrm - libnotify - libsForQt5.kde-cli-tools - libxkbcommon - nspr - nss - openssl - pango - (lib.getLib stdenv.cc.cc) - trash-cli - xdg-utils - ]; - - runtimeDependencies = [ - systemd - libglvnd - vulkan-loader # may help with nvidia users - xorg.libX11 - xorg.libxcb - xorg.libXcomposite - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXrandr - xorg.libXtst - ]; - - dontUnpack = true; - - # can't find anything on the internet about these files, no clue what they do - autoPatchelfIgnoreMissingDeps = [ - "ACCAMERA.tx" - "AcMPolygonObj15.tx" - "ATEXT.tx" - "ISM.tx" - "RText.tx" - "SCENEOE.tx" - "TD_DbEntities.tx" - "TD_DbIO.tx" - "WipeOut.tx" - ]; - - installPhase = '' - runHook preInstall - - mkdir $out - cd $out - rpmextract $src - mv $out/usr/* $out - rm -r $out/usr - rm -r $out/lib/.build-id - - runHook postInstall - ''; - - #--use-gl=egl for it to use hardware rendering it seems. Otherwise there are terrible framerates - preFixup = '' - gappsWrapperArgs+=(--add-flags "--use-gl=egl") - ''; -} diff --git a/users/modules/btop.nix b/users/modules/btop.nix new file mode 100644 index 0000000..c19c4bb --- /dev/null +++ b/users/modules/btop.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; +} \ No newline at end of file diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix new file mode 100644 index 0000000..a5a0823 --- /dev/null +++ b/users/modules/common/bash.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; +} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix new file mode 100644 index 0000000..8de52c3 --- /dev/null +++ b/users/modules/common/fish.nix @@ -0,0 +1,38 @@ +{ pkgs, lib, ... }: + +{ + programs.fish = { + enable = true; + interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "sponge"; + src = pkgs.fetchFromGitHub { + owner = "meaningful-ooo"; + repo = "sponge"; + rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; + sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; + sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + }; + } + ]; + }; +} \ No newline at end of file diff --git a/users/modules/default.nix b/users/modules/default.nix deleted file mode 100644 index 5ef9e0a..0000000 --- a/users/modules/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - imports = [ - ./programs.nix - ]; -} diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix new file mode 100644 index 0000000..d98edc9 --- /dev/null +++ b/users/modules/desktop.nix @@ -0,0 +1,55 @@ +{ inputs, pkgs, ... }: + +{ + imports = [ inputs.dms.homeModules.dankMaterialShell.default ]; + + fonts.fontconfig.enable = true; + + programs = { + dankMaterialShell = { + enable = true; + enableVPN = false; + }; + +rio = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + fonts = { + family = "FiraCode Nerd Font"; + size = 16.0; + emoji.family = "Noto Color Emoji"; + }; + confirm-before-quit = false; + window = { + width = 1121; + height = 633; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + kdePackages.xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; + + gtk = { + enable = true; + gtk3.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + gtk4.extraConfig = { + gtk-decoration-layout = "appmenu:"; + }; + }; +} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix new file mode 100644 index 0000000..c91d0af --- /dev/null +++ b/users/modules/direnv.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; +} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix new file mode 100644 index 0000000..df33b11 --- /dev/null +++ b/users/modules/gaming.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + programs.mangohud.enable = true; +} diff --git a/users/modules/helix.nix b/users/modules/helix.nix new file mode 100644 index 0000000..b71799b --- /dev/null +++ b/users/modules/helix.nix @@ -0,0 +1,50 @@ +{ pkgs, ... }: + +{ + home.sessionVariables = { + EDITOR = "hx"; + }; + + programs.helix = { + enable = true; + settings = { + theme = "base16_transparent"; + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; +} \ No newline at end of file diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix new file mode 100644 index 0000000..da268c5 --- /dev/null +++ b/users/modules/obs-studio.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + programs.obs-studio = { + enable = true; + plugins = [ + pkgs.obs-studio-plugins.obs-vkcapture + pkgs.obs-studio-plugins.obs-backgroundremoval + pkgs.obs-studio-plugins.obs-pipewire-audio-capture + ]; + }; + +} diff --git a/users/modules/programs.nix b/users/modules/programs.nix deleted file mode 100644 index 8420dce..0000000 --- a/users/modules/programs.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - home = { - sessionVariables = { - EDITOR = "hx"; - }; - }; - - programs = { - bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; - - helix = { - enable = true; - settings = { - theme = "base16_transparent"; - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "block"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - }; - - fish = { - enable = true; - functions.fish_greeting = ""; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; - }; - } - ]; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - programs.rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; - }; - }; - }; - }) - ]; -} diff --git a/users/modules/root/default.nix b/users/modules/root/default.nix deleted file mode 100644 index adc92a0..0000000 --- a/users/modules/root/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - imports = [ ]; -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix new file mode 100644 index 0000000..8b9a14c --- /dev/null +++ b/users/modules/starship.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: + +{ + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = " "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; +} \ No newline at end of file diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix new file mode 100644 index 0000000..4268e7a --- /dev/null +++ b/users/modules/tmux.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; +} \ No newline at end of file diff --git a/users/modules/user/default.nix b/users/modules/user/default.nix deleted file mode 100644 index 660553d..0000000 --- a/users/modules/user/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - ./programs.nix - ./home.nix - ]; -} diff --git a/users/modules/user/home.nix b/users/modules/user/home.nix deleted file mode 100644 index 38311a6..0000000 --- a/users/modules/user/home.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; -} diff --git a/users/modules/user/programs.nix b/users/modules/user/programs.nix deleted file mode 100644 index 4cebeda..0000000 --- a/users/modules/user/programs.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - config, - hostType, - lib, - pkgs, - ... -}: - -{ - config = lib.mkMerge [ - # Common configuration - { - home = { - packages = with pkgs; [ nix-your-shell ]; - }; - - programs = { - helix.languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - - password-store.enable = true; - - direnv = { - enable = true; - nix-direnv.enable = true; - }; - - fish = { - interactiveShellInit = "nix-your-shell fish | source"; - loginShellInit = "nix-your-shell fish | source"; - }; - - tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; - - starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = " "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; - - git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; - }; - - btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; - }; - } - - # Server specific configuration - (lib.mkIf hostType.isServer { - - }) - - # Workstation specific configuration - (lib.mkIf hostType.isWorkstation { - fonts.fontconfig.enable = true; - - programs = { - dankMaterialShell = { - enable = true; - enableVPN = false; - }; - password-store.package = pkgs.pass-wayland; - - mangohud.enable = true; - - obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - }; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; - }) - ]; -} diff --git a/users/root.nix b/users/root.nix deleted file mode 100644 index be5e00b..0000000 --- a/users/root.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: - -{ - home = { - username = "root"; - homeDirectory = "/root"; - stateVersion = "22.05"; - }; - - imports = [ - ./modules - ./modules/root - ]; -} diff --git a/users/user.nix b/users/user.nix deleted file mode 100644 index a5832cc..0000000 --- a/users/user.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, ... }: - -{ - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - - imports = [ - ./modules - ./modules/user - inputs.dms.homeModules.dankMaterialShell.default - ]; -} diff --git a/users/user/git.nix b/users/user/git.nix new file mode 100644 index 0000000..fcafc00 --- /dev/null +++ b/users/user/git.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + programs.git = { + enable = true; + diff-so-fancy.enable = true; + userName = "William"; + userEmail = "baduhai@proton.me"; + }; +} \ No newline at end of file diff --git a/utils.nix b/utils.nix new file mode 100644 index 0000000..23f92d0 --- /dev/null +++ b/utils.nix @@ -0,0 +1,171 @@ +{ inputs }: +let + inherit (inputs) + self + nixpkgs + nixpkgs-stable + home-manager + agenix + ; +in +{ + # Tag-based host configuration system + mkHost = + { + hostname, + tags ? [ ], + system ? "x86_64-linux", + extraModules ? [ ], + }: + let + # Validate that server and desktop tags are mutually exclusive + hasServer = builtins.elem "server" tags; + hasDesktop = builtins.elem "desktop" tags; + + # Always include "common" tag implicitly + allTags = + if hasServer && hasDesktop then + throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" + else + [ "common" ] ++ tags; + + # Choose nixpkgs based on server tag + pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; + + # Tag-specific modules: each tag can be either: + # 1. A file: hosts/modules/${tag}.nix + # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) + tagModuleFiles = builtins.concatMap ( + tag: + let + filePath = ./hosts/modules/${tag}.nix; + dirPath = ./hosts/modules/${tag}; + in + # Check if it's a file first + if builtins.pathExists filePath then + [ filePath ] + # Then check if it's a directory + else if builtins.pathExists dirPath then + let + entries = builtins.readDir dirPath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name + ) entries; + in + map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) + else + [ ] + ) allTags; + + # Automatically import all .nix files from hosts/${hostname}/ + hostModulePath = ./hosts/${hostname}; + hostModuleFiles = + if builtins.pathExists hostModulePath then + let + entries = builtins.readDir hostModulePath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" + ) entries; + in + map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) + else + [ ]; + + # Combine all modules + allModules = [ + agenix.nixosModules.default + { + networking.hostName = hostname; + nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; + nixpkgs.overlays = [ + agenix.overlays.default + self.overlays.default + ]; + } + ] + ++ tagModuleFiles + ++ hostModuleFiles + ++ extraModules; + in + pkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs; + hostTags = allTags; + }; + modules = allModules; + }; + + # Tag-based user configuration system + mkUser = + { + username, + homeDirectory ? "/home/${username}", + tags ? [ ], + extraModules ? [ ], + }: + let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + + # Always include "common" tag implicitly + allTags = [ "common" ] ++ tags; + + # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists + tagModuleFiles = builtins.concatMap ( + tag: + let + filePath = ./users/modules/${tag}.nix; + dirPath = ./users/modules/${tag}; + in + # Check if it's a file first + if builtins.pathExists filePath then + [ filePath ] + # Then check if it's a directory + else if builtins.pathExists dirPath then + let + entries = builtins.readDir dirPath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name + ) entries; + in + map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) + else + [ ] + ) allTags; + + # Automatically import all .nix files from users/modules/${username}/ + userModulePath = ./users/${username}; + userModuleFiles = + if builtins.pathExists userModulePath then + let + entries = builtins.readDir userModulePath; + nixFiles = pkgs.lib.filterAttrs ( + name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name + ) entries; + in + map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) + else + [ ]; + + # Combine all modules + allModules = [ + { + home = { + inherit username homeDirectory; + stateVersion = "22.05"; + }; + } + ] + ++ tagModuleFiles + ++ userModuleFiles + ++ extraModules; + in + home-manager.lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { + inherit inputs; + userTags = allTags; + }; + modules = allModules; + }; +} From 33a9599b2355ae771dfa703952bf276bdea6f9bc Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 14:48:58 -0300 Subject: [PATCH 144/267] fix home-manager config --- users/modules/desktop.nix | 29 +++++++++++++++-------------- users/modules/obs-studio.nix | 2 +- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index d98edc9..1873cc7 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -11,23 +11,24 @@ enableVPN = false; }; -rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; + rio = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + fonts = { + family = "FiraCode Nerd Font"; + size = 16.0; + emoji.family = "Noto Color Emoji"; + }; + confirm-before-quit = false; + window = { + width = 1121; + height = 633; + }; }; }; - password-store = { + password-store = { enable = true; package = pkgs.pass-wayland; }; diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix index da268c5..67e3b8b 100644 --- a/users/modules/obs-studio.nix +++ b/users/modules/obs-studio.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { programs.obs-studio = { From 46387a47454c015358222597cbf4957be5891a8c Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 14:49:09 -0300 Subject: [PATCH 145/267] fix greetd config --- hosts/modules/desktop/desktop.nix | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 4a42772..dd52cda 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -1,4 +1,9 @@ -{ inputs, pkgs, ... }: +{ + inputs, + lib, + pkgs, + ... +}: let kwrite = pkgs.symlinkJoin { @@ -81,9 +86,10 @@ in wireplumber.enable = true; }; greetd = { - settings = { - default_session.command = ''${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --greeting "Welcome to NixOS" --cmd ${plasma}/bin/plasma''; - initial_session.user = "user"; + enable = true; + settings.default_session = { + command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + user = "greeter"; }; }; flatpak = { @@ -109,8 +115,17 @@ in update.auto.enable = true; }; }; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + programs = { niri.enable = true; dconf.enable = true; From f797aedb5b786a51d2e3ed0c724a4a7b804609e9 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 16:10:40 -0300 Subject: [PATCH 146/267] added hm cli utility --- overlays.nix | 2 +- packages.nix | 1 + packages/hm-cli.nix | 101 ++++++++++++++++++++++++++++++++ users/modules/common/hm-cli.nix | 10 ++++ utils.nix | 6 +- 5 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 packages/hm-cli.nix create mode 100644 users/modules/common/hm-cli.nix diff --git a/overlays.nix b/overlays.nix index 3bc87b1..a5ba76c 100644 --- a/overlays.nix +++ b/overlays.nix @@ -3,8 +3,8 @@ { flake.overlays = { default = final: prev: { - # plasticity = inputs.self.packages.${final.system}.plasticity; toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + hm-cli = inputs.self.packages.${final.system}.hm-cli; }; }; } diff --git a/packages.nix b/packages.nix index 4ae6a5e..e83ad26 100644 --- a/packages.nix +++ b/packages.nix @@ -6,6 +6,7 @@ { packages = { toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; }; }; } diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix new file mode 100644 index 0000000..715a1ad --- /dev/null +++ b/packages/hm-cli.nix @@ -0,0 +1,101 @@ +{ + pkgs ? import { }, +}: + +pkgs.writeShellScriptBin "hm" '' + set -e + + HM="${pkgs.lib.getExe pkgs.home-manager}" + FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" + FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" + + show_usage() { + cat < [args] + + Commands: + apply Switch to a new generation + generation list List all generations + generation delete ID... Delete specified generation(s) + generation rollback Rollback to the previous generation + generation switch ID Switch to the specified generation + generation cleanup Delete all but the current generation + + Environment Variables: + HM_PATH Override default flake path (~/.config/home-manager) + Currently set to "$(echo $HM_PATH)" + HM_USER Override default user output ("$(whoami)@$(hostname)") + Currently set to "$(echo $HM_USER)" + EOF + } + + if [[ $# -eq 0 ]]; then + show_usage + exit 1 + fi + + case "$1" in + apply) + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" + ;; + generation) + if [[ $# -lt 2 ]]; then + echo "Error: generation command requires a subcommand" + show_usage + exit 1 + fi + + case "$2" in + list) + "$HM" generations + ;; + delete) + if [[ $# -lt 3 ]]; then + echo "Error: delete requires at least one generation ID" + exit 1 + fi + shift 2 + "$HM" remove-generations "$@" + ;; + rollback) + "$HM" generations | \ + sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ + head -n 2 | tail -n 1 | \ + xargs -I {} "$HM" switch --flake "$FLAKE_PATH" --switch-generation {} + ;; + switch) + if [[ $# -ne 3 ]]; then + echo "Error: switch requires exactly one generation ID" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" + ;; + cleanup) + CURRENT_GEN=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\) (current).*/\1/p') + if [[ -z "$CURRENT_GEN" ]]; then + echo "Error: could not determine current generation" + exit 1 + fi + OLD_GENS=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | grep -v "^$CURRENT_GEN$") + if [[ -z "$OLD_GENS" ]]; then + echo "No old generations to delete" + else + echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" + echo "$OLD_GENS" | xargs "$HM" remove-generations + echo "Cleanup complete. Current generation $CURRENT_GEN preserved." + fi + ;; + *) + echo "Error: unknown generation subcommand '$2'" + show_usage + exit 1 + ;; + esac + ;; + *) + echo "Error: unknown command '$1'" + show_usage + exit 1 + ;; + esac +'' diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix new file mode 100644 index 0000000..d2ed715 --- /dev/null +++ b/users/modules/common/hm-cli.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; + }; +} diff --git a/utils.nix b/utils.nix index 23f92d0..1f30542 100644 --- a/utils.nix +++ b/utils.nix @@ -166,6 +166,10 @@ in inherit inputs; userTags = allTags; }; - modules = allModules; + modules = allModules ++ [ + { + nixpkgs.overlays = [ self.overlays.default ]; + } + ]; }; } From c9209f82d14aa0aec4fb9498e045d7dd73c16050 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 16:12:57 -0300 Subject: [PATCH 147/267] fixed hm generation cleanup --- packages/hm-cli.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 715a1ad..ef3ec30 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -71,12 +71,12 @@ pkgs.writeShellScriptBin "hm" '' "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" ;; cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\) (current).*/\1/p') + CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') if [[ -z "$CURRENT_GEN" ]]; then echo "Error: could not determine current generation" exit 1 fi - OLD_GENS=$("$HM" generations | sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | grep -v "^$CURRENT_GEN$") + OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") if [[ -z "$OLD_GENS" ]]; then echo "No old generations to delete" else From 79ecda817ef1893a23636b88b22a1c5772163b2b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 19:35:21 -0300 Subject: [PATCH 148/267] greetd auto login --- hosts/modules/desktop/desktop.nix | 12 +++++++++--- utils.nix | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index dd52cda..2afd7ea 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -87,9 +87,15 @@ in }; greetd = { enable = true; - settings.default_session = { - command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; - user = "greeter"; + settings = { + default_session = { + command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + user = "greeter"; + }; + initial_session = { + command = "${lib.getExe pkgs.niri}"; + user = "user"; + }; }; }; flatpak = { diff --git a/utils.nix b/utils.nix index 1f30542..e56e3c2 100644 --- a/utils.nix +++ b/utils.nix @@ -133,7 +133,7 @@ in [ ] ) allTags; - # Automatically import all .nix files from users/modules/${username}/ + # Automatically import all .nix files from users/${username}/ userModulePath = ./users/${username}; userModuleFiles = if builtins.pathExists userModulePath then From 5edad8b9576958a8b0d39387484217089fcc9f92 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 19:59:31 -0300 Subject: [PATCH 149/267] ephemeral is now a nixosModule --- flake.nix | 1 + hosts/modules/ephemeral.nix | 37 +++++++++++++++++++ hosts/modules/ephermal.nix | 72 ------------------------------------ modules/ephemeral.nix | 74 +++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 4 +- nixosModules.nix | 7 ++++ 6 files changed, 121 insertions(+), 74 deletions(-) create mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/ephermal.nix create mode 100644 modules/ephemeral.nix create mode 100644 nixosModules.nix diff --git a/flake.nix b/flake.nix index 0d826a1..693b17a 100644 --- a/flake.nix +++ b/flake.nix @@ -50,6 +50,7 @@ ./devShells.nix ./homeConfigurations.nix ./nixosConfigurations.nix + ./nixosModules.nix ./overlays.nix ./packages.nix ]; diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix new file mode 100644 index 0000000..a759cf4 --- /dev/null +++ b/hosts/modules/ephemeral.nix @@ -0,0 +1,37 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.nixosModules.ephemeral + ]; + + ephemeral = { + enable = true; + rootDevice = "/dev/mapper/cryptroot"; + rootSubvolume = "@root"; + }; + + environment.persistence.main = { + persistentStoragePath = "/persistent"; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ]; + }; +} diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix deleted file mode 100644 index adaf5af..0000000 --- a/hosts/modules/ephermal.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.impermanence.nixosModules.impermanence ]; - - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/mapper/cryptroot /btrfs_tmp - - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix new file mode 100644 index 0000000..be6fc6b --- /dev/null +++ b/modules/ephemeral.nix @@ -0,0 +1,74 @@ +{ lib, config, ... }: + +let + cfg = config.ephemeral; +in +{ + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + example = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount ${cfg.rootDevice} /btrfs_tmp + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume} + umount /btrfs_tmp + ''; + }; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 65a9e14..6c9cfb9 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -11,7 +11,7 @@ in "desktop" "bluetooth" "dev" - "ephermal" + "ephemeral" "fwupd" "gaming" "libvirtd" @@ -26,7 +26,7 @@ in "desktop" "bluetooth" "dev" - "ephermal" + "ephemeral" "networkmanager" "podman" ]; diff --git a/nixosModules.nix b/nixosModules.nix new file mode 100644 index 0000000..5fd416b --- /dev/null +++ b/nixosModules.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + flake.nixosModules = { + ephemeral = import ./modules/ephemeral.nix; + }; +} From 4b5426885c87d4675e49cae2b454ef9339b86440 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:02:47 -0300 Subject: [PATCH 150/267] added null check to hm-cli --- packages/hm-cli.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index ef3ec30..614f287 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -23,9 +23,9 @@ pkgs.writeShellScriptBin "hm" '' Environment Variables: HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "$(echo $HM_PATH)" + Currently set to "''${HM_PATH:-}" HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "$(echo $HM_USER)" + Currently set to "''${HM_USER:-}" EOF } @@ -58,10 +58,14 @@ pkgs.writeShellScriptBin "hm" '' "$HM" remove-generations "$@" ;; rollback) - "$HM" generations | \ + PREV_GEN=$("$HM" generations | \ sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1 | \ - xargs -I {} "$HM" switch --flake "$FLAKE_PATH" --switch-generation {} + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" ;; switch) if [[ $# -ne 3 ]]; then From d655099d76de16c93302fabaae1ef7e3584b547d Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:07:51 -0300 Subject: [PATCH 151/267] added error handling to ephemeral.nix --- modules/ephemeral.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix index be6fc6b..7403aac 100644 --- a/modules/ephemeral.nix +++ b/modules/ephemeral.nix @@ -45,8 +45,13 @@ in RemainAfterExit = true; }; script = '' + set -euo pipefail + mkdir /btrfs_tmp - mount ${cfg.rootDevice} /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then mkdir -p /btrfs_tmp/old_roots @@ -66,7 +71,12 @@ in delete_subvolume_recursively "$i" done - btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume} + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + umount /btrfs_tmp ''; }; From 8ebab3907ff5e43ab77b9e7714e715df288bf3cd Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:10:06 -0300 Subject: [PATCH 152/267] moved kwrite to its own package definition --- hosts/modules/desktop/desktop.nix | 15 --------------- overlays.nix | 1 + packages.nix | 1 + packages/kwrite.nix | 15 +++++++++++++++ 4 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 packages/kwrite.nix diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 2afd7ea..f4c4570 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -5,21 +5,6 @@ ... }: -let - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; -in { imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; diff --git a/overlays.nix b/overlays.nix index a5ba76c..5e83cc5 100644 --- a/overlays.nix +++ b/overlays.nix @@ -5,6 +5,7 @@ default = final: prev: { toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; hm-cli = inputs.self.packages.${final.system}.hm-cli; + kwrite = inputs.self.packages.${final.system}.kwrite; }; }; } diff --git a/packages.nix b/packages.nix index e83ad26..cb17332 100644 --- a/packages.nix +++ b/packages.nix @@ -7,6 +7,7 @@ packages = { toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; + kwrite = pkgs.callPackage ./packages/kwrite.nix { }; }; }; } diff --git a/packages/kwrite.nix b/packages/kwrite.nix new file mode 100644 index 0000000..14ebce1 --- /dev/null +++ b/packages/kwrite.nix @@ -0,0 +1,15 @@ +{ pkgs }: + +pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; +} From edd0b5ca9cd7ed69521d6cd984f099187c9fb1d7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:15:11 -0300 Subject: [PATCH 153/267] remove fish plugin sponge; updated fish plugin z --- users/modules/common/fish.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index 8de52c3..d95db24 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -15,24 +15,15 @@ sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; }; } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } { name = "z"; src = pkgs.fetchFromGitHub { owner = "jethrokuan"; repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; }; } ]; }; -} \ No newline at end of file +} From f62f34e98faa66a4b39852264fe70ba1fa374f51 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:31:20 -0300 Subject: [PATCH 154/267] fix warnings --- hosts/modules/desktop/desktop.nix | 2 +- users/modules/desktop.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f4c4570..b046031 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -74,7 +74,7 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; user = "greeter"; }; initial_session = { diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 1873cc7..f7d35d0 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -42,6 +42,7 @@ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; + config = "*"; }; gtk = { From 5e686f5bfff1452309acce1f4c063903d4323b1b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:32:40 -0300 Subject: [PATCH 155/267] fix xdg portal config --- users/modules/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index f7d35d0..8d62aa4 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -42,7 +42,7 @@ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; - config = "*"; + config.common.default = "*"; }; gtk = { From d8661561ef8ad4b675cab30582f9d5be96fcb8c4 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:42:00 -0300 Subject: [PATCH 156/267] minor changes to starship --- users/modules/starship.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/users/modules/starship.nix b/users/modules/starship.nix index 8b9a14c..1147f48 100644 --- a/users/modules/starship.nix +++ b/users/modules/starship.nix @@ -13,10 +13,10 @@ ''; right_format = "$cmd_duration$character"; hostname = { - ssh_symbol = " "; + ssh_symbol = "󰖟 "; }; character = { - error_symbol = "[](red)"; + error_symbol = "[](red)"; success_symbol = "[󱐋](green)"; }; cmd_duration = { @@ -37,4 +37,4 @@ }; }; }; -} \ No newline at end of file +} From 9d2804674717475b57307b443ac103817c85368e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 21:37:53 -0300 Subject: [PATCH 157/267] starship symbols --- users/modules/desktop.nix | 5 +++++ users/modules/starship.nix | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 8d62aa4..b482894 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -28,6 +28,11 @@ }; }; + ghostty = { + enable = true; + enableFishIntegration = true; + enableBashIntegration = true; + }; password-store = { enable = true; package = pkgs.pass-wayland; diff --git a/users/modules/starship.nix b/users/modules/starship.nix index 1147f48..c836c51 100644 --- a/users/modules/starship.nix +++ b/users/modules/starship.nix @@ -25,7 +25,7 @@ min_time = 500; }; git_branch = { - symbol = " "; + symbol = " "; style = "purple"; }; git_status.style = "red"; From 79ee8905cd80f35d34411c46142c98555ec17bd5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 09:47:43 -0300 Subject: [PATCH 158/267] some new stuff in gitignore --- .gitignore | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2a47a91..928efae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,10 @@ -result/ +# Nix build outputs result +result-* .direnv/ -.pre-commit-config.yaml + +# Personal notes and temporary files +todo.md +notes.md +scratch/ +tmp/ From 02eb626d336c933d92cfabd24aaaa431c367444c Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:03:29 -0300 Subject: [PATCH 159/267] ghostty settings in hm --- users/modules/desktop.nix | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index b482894..b2661bf 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -11,27 +11,22 @@ enableVPN = false; }; - rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; - }; - }; - }; - ghostty = { enable = true; enableFishIntegration = true; enableBashIntegration = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256-0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + theme = "Banana Blueberry"; + window-theme = "ghostty"; + bell-features = "border"; + }; }; password-store = { enable = true; From ecb290a98984d24dc1f3f49f9e622f71f037f7a8 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:14:47 -0300 Subject: [PATCH 160/267] renamed mkUser to mkHome --- homeConfigurations.nix | 6 +++--- utils.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 3d3a950..7f50059 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,11 +1,11 @@ { inputs, ... }: let utils = import ./utils.nix { inherit inputs; }; - inherit (utils) mkUser; + inherit (utils) mkHome; in { flake.homeConfigurations = { - "user@rotterdam" = mkUser { + "user@rotterdam" = mkHome { username = "user"; tags = [ "btop" @@ -19,7 +19,7 @@ in ]; }; - "user@io" = mkUser { + "user@io" = mkHome { username = "user"; tags = [ "btop" diff --git a/utils.nix b/utils.nix index e56e3c2..0e51125 100644 --- a/utils.nix +++ b/utils.nix @@ -97,7 +97,7 @@ in }; # Tag-based user configuration system - mkUser = + mkHome = { username, homeDirectory ? "/home/${username}", From 9c909ba079e048ffab455ddb1c41d411f28791d5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:30:05 -0300 Subject: [PATCH 161/267] hm-cli now backups files before applying --- packages/hm-cli.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 614f287..f6034ea 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -36,7 +36,7 @@ pkgs.writeShellScriptBin "hm" '' case "$1" in apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; generation) if [[ $# -lt 2 ]]; then @@ -65,14 +65,14 @@ pkgs.writeShellScriptBin "hm" '' echo "Error: could not determine previous generation (possibly only one generation exists)" exit 1 fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp ;; switch) if [[ $# -ne 3 ]]; then echo "Error: switch requires exactly one generation ID" exit 1 fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp ;; cleanup) CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') From 3f2672e4689943dabdacbd6ae626a62f14f5ac28 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:31:25 -0300 Subject: [PATCH 162/267] ghostty shader --- users/modules/desktop.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index b2661bf..e914cc0 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -13,15 +13,13 @@ ghostty = { enable = true; - enableFishIntegration = true; - enableBashIntegration = true; settings = { cursor-style = "block"; shell-integration-features = "no-cursor"; cursor-style-blink = false; custom-shader = "${builtins.fetchurl { url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256-0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; theme = "Banana Blueberry"; window-theme = "ghostty"; From 8e5a0ff6206197f347e35d48ed3304871dbdd842 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 11:44:11 -0300 Subject: [PATCH 163/267] stylix on hm --- flake.lock | 310 +++++++++++++++++++++++++++++++++++- flake.nix | 2 + homeConfigurations.nix | 2 + overlays.nix | 1 + packages.nix | 1 + packages/base16-schemes.nix | 32 ++++ users/modules/desktop.nix | 3 +- users/modules/helix.nix | 5 +- users/modules/stylix.nix | 57 +++++++ 9 files changed, 407 insertions(+), 6 deletions(-) create mode 100644 packages/base16-schemes.nix create mode 100644 users/modules/stylix.nix diff --git a/flake.lock b/flake.lock index b19b2ca..17a379b 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,74 @@ "type": "github" } }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -131,6 +199,22 @@ "type": "github" } }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -165,6 +249,27 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -183,6 +288,39 @@ "type": "github" } }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -397,6 +535,47 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "quickshell": { "inputs": { "nixpkgs": [ @@ -430,7 +609,8 @@ "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable", + "stylix": "stylix" } }, "rust-overlay": { @@ -455,6 +635,38 @@ "type": "github" } }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_2", + "gnome-shell": "gnome-shell", + "nixpkgs": "nixpkgs_4", + "nur": "nur", + "systems": "systems_3", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1760472212, + "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "owner": "danth", + "repo": "stylix", + "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -484,6 +696,102 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 693b17a..d74d9ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + stylix.url = "github:danth/stylix"; + nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 7f50059..db44b76 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -15,6 +15,7 @@ in "helix" "obs-studio" "starship" + "stylix" "tmux" ]; }; @@ -27,6 +28,7 @@ in "direnv" "helix" "starship" + "stylix" "tmux" ]; }; diff --git a/overlays.nix b/overlays.nix index 5e83cc5..2732f0e 100644 --- a/overlays.nix +++ b/overlays.nix @@ -6,6 +6,7 @@ toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; }; }; } diff --git a/packages.nix b/packages.nix index cb17332..2cd7661 100644 --- a/packages.nix +++ b/packages.nix @@ -8,6 +8,7 @@ toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; + base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; }; }; } diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix new file mode 100644 index 0000000..ffd6c04 --- /dev/null +++ b/packages/base16-schemes.nix @@ -0,0 +1,32 @@ +{ + lib, + stdenv, + fetchFromGitHub, +}: +stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; + + src = fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ + + runHook postInstall + ''; + + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ lib.maintainers.DamienCassou ]; + license = lib.licenses.mit; + }; +}) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index e914cc0..a1f8df1 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -21,9 +21,8 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - theme = "Banana Blueberry"; - window-theme = "ghostty"; bell-features = "border"; + keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; password-store = { diff --git a/users/modules/helix.nix b/users/modules/helix.nix index b71799b..e6e1cd1 100644 --- a/users/modules/helix.nix +++ b/users/modules/helix.nix @@ -8,13 +8,12 @@ programs.helix = { enable = true; settings = { - theme = "base16_transparent"; editor = { file-picker.hidden = false; idle-timeout = 0; line-number = "relative"; cursor-shape = { - normal = "block"; + normal = "bar"; insert = "bar"; select = "underline"; }; @@ -47,4 +46,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix new file mode 100644 index 0000000..5ab0431 --- /dev/null +++ b/users/modules/stylix.nix @@ -0,0 +1,57 @@ +{ + config, + inputs, + pkgs, + ... +}: + +{ + imports = [ inputs.stylix.homeModules.stylix ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "adwaita"; + dark = "adwaita-dark"; + }; + opacity = { + applications = 1.0; + desktop = 0.8; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + }; +} From a34c15d72fbd21d5b4eebfcc2bc70930a022816b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 13:44:52 -0300 Subject: [PATCH 164/267] stylix and zen-browser --- flake.lock | 59 +++++++++++++++++++- flake.nix | 2 + hosts/modules/desktop/desktop.nix | 89 ++++++++++++++----------------- users/modules/desktop.nix | 12 +++-- users/modules/helix.nix | 2 +- users/modules/stylix.nix | 4 ++ 6 files changed, 114 insertions(+), 54 deletions(-) diff --git a/flake.lock b/flake.lock index 17a379b..e319173 100644 --- a/flake.lock +++ b/flake.lock @@ -384,6 +384,27 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "zen-browser", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -551,6 +572,22 @@ "type": "github" } }, + "nixpkgs_5": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -610,7 +647,8 @@ "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" + "stylix": "stylix", + "zen-browser": "zen-browser" } }, "rust-overlay": { @@ -792,6 +830,25 @@ "repo": "base16-zed", "type": "github" } + }, + "zen-browser": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1760588585, + "narHash": "sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c", + "type": "github" + }, + "original": { + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d74d9ba..4ec8da1 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,8 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/main"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + impermanence.url = "github:nix-community/impermanence"; }; diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index b046031..5012d7e 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -13,52 +13,46 @@ KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - systemPackages = - with pkgs; - [ - ### Web ### - bitwarden-desktop - brave - tor-browser - qbittorrent - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - colloid-gtk-theme - junction - kara - kde-rounded-corners - libfido2 - mission-center - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ (with pkgs.kdePackages; [ - ark - dolphin - dolphin-plugins - kolourpaint - ]); + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + brave + tor-browser + qbittorrent + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + libreoffice + onlyoffice-desktopeditors + papers + rnote + ### Graphics & Design ### + gimp + inkscape + loupe + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + mpv + obs-studio + qview + ]; }; services = { @@ -86,8 +80,6 @@ flatpak = { enable = true; packages = [ - ### Internet Browsers & Communication ### - "app.zen_browser.zen" ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { @@ -121,7 +113,6 @@ niri.enable = true; dconf.enable = true; kdeconnect.enable = true; - partition-manager.enable = true; appimage = { enable = true; binfmt = true; diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index a1f8df1..3f7545a 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -1,7 +1,10 @@ { inputs, pkgs, ... }: { - imports = [ inputs.dms.homeModules.dankMaterialShell.default ]; + imports = [ + inputs.dms.homeModules.dankMaterialShell.default + inputs.zen-browser.homeModules.beta + ]; fonts.fontconfig.enable = true; @@ -11,6 +14,11 @@ enableVPN = false; }; + zen-browser = { + enable = true; + profiles.william = { }; + }; + ghostty = { enable = true; settings = { @@ -35,9 +43,7 @@ enable = true; xdgOpenUsePortal = true; extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde xdg-desktop-portal-gtk - xdg-desktop-portal-gnome ]; config.common.default = "*"; }; diff --git a/users/modules/helix.nix b/users/modules/helix.nix index e6e1cd1..a72ead3 100644 --- a/users/modules/helix.nix +++ b/users/modules/helix.nix @@ -13,7 +13,7 @@ idle-timeout = 0; line-number = "relative"; cursor-shape = { - normal = "bar"; + normal = "underline"; insert = "bar"; select = "underline"; }; diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 5ab0431..1c3712a 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -53,5 +53,9 @@ terminal = 12; }; }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; }; } From b03a6f141046f6b1dc204fe305cc64c4d610c36a Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 14:28:08 -0300 Subject: [PATCH 165/267] nextcloud in; radicale+rclone out --- hosts/alexandria/nextcloud.nix | 91 ++++++++++++++++++++++++++++++ hosts/alexandria/nginx.nix | 27 ++------- hosts/alexandria/radicale.nix | 17 ------ hosts/alexandria/rclone-webdav.nix | 82 --------------------------- secrets/nextcloud-adminpass.age | 13 +++++ secrets/nextcloud-secrets.json.age | 13 +++++ 6 files changed, 122 insertions(+), 121 deletions(-) create mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/radicale.nix delete mode 100644 hosts/alexandria/rclone-webdav.nix create mode 100644 secrets/nextcloud-adminpass.age create mode 100644 secrets/nextcloud-secrets.json.age diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix new file mode 100644 index 0000000..4392323 --- /dev/null +++ b/hosts/alexandria/nextcloud.nix @@ -0,0 +1,91 @@ +{ + lib, + config, + pkgs, + ... +}: + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + autoUpdateApps.enable = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + collabora-online = { + enable = true; + settings = { + ssl = { + enable = false; + termination = true; + }; + net = { + listen = "unix"; + frame_ancestors = "cloud.baduhai.dev"; + }; + }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = ../../../secrets/nextcloud-secrets.json.age; + owner = "nextcloud"; + group = "hosted"; + }; + nextcloud-adminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "hosted"; + }; + }; +} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 8c20d5d..654035b 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -36,31 +36,14 @@ in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; + "cloud.baduhai.dev" = { }; "git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + "office.baduhai.dev".locations."/" = { + proxyPass = "http://unix:/run/coolwsd/coolwsd.sock"; + proxyWebsockets = true; + }; "pass.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix deleted file mode 100644 index d81a228..0000000 --- a/hosts/alexandria/radicale.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; -} diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/rclone-webdav.nix deleted file mode 100644 index 8324d31..0000000 --- a/hosts/alexandria/rclone-webdav.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, pkgs, ... }: - -let - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in - -{ - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; - - systemd.services.rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; -} diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age new file mode 100644 index 0000000..4adb2b1 --- /dev/null +++ b/secrets/nextcloud-adminpass.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 +8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI +-> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA +xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA +-> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 +c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA +-> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk +QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 +-> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s +seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw +--- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM +]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age new file mode 100644 index 0000000..3860d4e --- /dev/null +++ b/secrets/nextcloud-secrets.json.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA dt/gmE1ljEV6eiU4cyqy+v49mtjlm/qnkV3D5OCbUFI +LkRedLe6Qf8J5MeH+DNVmeuFyHHjDeYyrjoyzPmqZyI +-> ssh-ed25519 SP9f6A rossSD9Dk/BE9ujDcJY/CdVu5Pm5mLyKBFLpBERu+g0 +g6bnR5N9eC50gbd48rijisF6WLYBtoDi4CSLPBkfiw0 +-> ssh-ed25519 8YSAiw s+i/kWBUvnSEDN93MCO9QSIXnQi02zT+vdBVB8rbAV4 +n4mWFllh8dCW8DVP9R/m6KIuprZnLRbGQ/wjFmhEZx8 +-> ssh-ed25519 3Chb7w c0WkS3MPTAmcHTKMsfoL2mZKF9rJ/oU48noL00UEAjc +AL0b7xrfd9Ll4v/o0dLkic+YsKBiQxyFFKggXsQfM04 +-> ssh-ed25519 J6tVTA ZM+AOwYRTovNJnwe2wdUm9KU6Lj44rgBvthwHSFwDng +DJweE//ogMciRmy0GTj8zDRzItRtlfTkBynRSBDr3ks +--- dNCLx3d9i125QQqdsQVnwdN9QMLU+MWx2KjYFKFv5lU +{ 6EjrTg+I?*xu'$>U4QBDĠ"SIqA|v5xJdHھI6$'7(q{[.I*P <Ĭ/_|yx͙p*xX \ No newline at end of file From 3f9e2e384484014c0c11362076a757e7656df6f5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:05:42 -0300 Subject: [PATCH 166/267] add deploy-rs --- deploy.nix | 41 +++++++++++++ flake.lock | 168 ++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 3 + 3 files changed, 171 insertions(+), 41 deletions(-) create mode 100644 deploy.nix diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..865e4c9 --- /dev/null +++ b/deploy.nix @@ -0,0 +1,41 @@ +{ inputs, self, ... }: +{ + flake.deploy.nodes = { + alexandria = { + hostname = "alexandria"; + profiles.system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + user = "root"; + }; + }; + + trantor = { + hostname = "trantor"; + profiles.system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + }; + user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + }; + }; + }; + }; + + # Optional: Add deploy-rs checks + flake.checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; +} diff --git a/flake.lock b/flake.lock index e319173..3e04b70 100644 --- a/flake.lock +++ b/flake.lock @@ -113,6 +113,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1756719547, + "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "dgop": { "inputs": { "nixpkgs": [ @@ -165,11 +185,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1760401338, - "narHash": "sha256-aN4qiI9R4ByEucFE/zvJFF8Y456nDe1IXCKu0hvEP+U=", + "lastModified": 1760637129, + "narHash": "sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "07fe2ca4072eb987c8090f388d4979f5006cef52", + "rev": "5c816463973d52010839a882d95ea1a44d80c52a", "type": "github" }, "original": { @@ -216,6 +236,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -272,7 +308,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -370,11 +406,11 @@ ] }, "locked": { - "lastModified": 1760033152, - "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", + "lastModified": 1760500983, + "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", "owner": "nix-community", "repo": "home-manager", - "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", + "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", "type": "github" }, "original": { @@ -439,7 +475,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -459,9 +495,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1759846470, @@ -479,16 +515,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", - "owner": "nixos", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -510,11 +546,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1759735786, - "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", + "lastModified": 1760423683, + "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", + "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", "type": "github" }, "original": { @@ -525,6 +561,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1740695751, + "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -540,39 +592,39 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1759831965, - "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c9b6fb798541223bbb396d287d16f43520250518", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_4": { "locked": { "lastModified": 1760524057, "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", - "owner": "NixOS", + "owner": "nixos", "repo": "nixpkgs", "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { + "locked": { + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -637,6 +689,7 @@ "root": { "inputs": { "agenix": "agenix", + "deploy-rs": "deploy-rs", "disko": "disko", "dms": "dms", "flake-parts": "flake-parts", @@ -645,7 +698,7 @@ "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix", "zen-browser": "zen-browser" @@ -682,9 +735,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur": "nur", - "systems": "systems_3", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -750,6 +803,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -831,10 +899,28 @@ "type": "github" } }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1760588585, diff --git a/flake.nix b/flake.nix index 4ec8da1..4f3fac0 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,8 @@ zen-browser.url = "github:0xc000022070/zen-browser-flake"; impermanence.url = "github:nix-community/impermanence"; + + deploy-rs.url = "github:serokell/deploy-rs"; }; outputs = @@ -57,6 +59,7 @@ ./nixosModules.nix ./overlays.nix ./packages.nix + ./deploy.nix ]; }; } From af7467554f8a605b521aae47238d19cfb40b17b5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:05:58 -0300 Subject: [PATCH 167/267] update nextcloud --- hosts/alexandria/nextcloud.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 4392323..2b7670d 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud32; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; @@ -78,12 +78,12 @@ age.secrets = { "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; + file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; group = "hosted"; }; nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; + file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; group = "hosted"; }; From 3792c11bf0a5ac033b63e795b2b23a7a3284ae09 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:07:49 -0300 Subject: [PATCH 168/267] add deploy-rs to devshell --- devShells.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index 254d604..25ee80d 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { perSystem = @@ -8,6 +8,7 @@ packages = with pkgs; [ nil nixfmt-rfc-style + inputs.deploy-rs.packages.${pkgs.system}.default ]; }; }; From 0cf06f8541ef62a5a15f6b51e92c4ed96752d9b4 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:30:01 -0300 Subject: [PATCH 169/267] som more deploy-rs mods --- deploy.nix | 15 +++++++++------ devShells.nix | 4 +++- hosts/modules/common/nix.nix | 12 +++++------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/deploy.nix b/deploy.nix index 865e4c9..2e69377 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,10 +1,11 @@ { inputs, self, ... }: { flake.deploy.nodes = { + remoteBuild = true; alexandria = { hostname = "alexandria"; profiles.system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; user = "root"; }; @@ -13,7 +14,7 @@ trantor = { hostname = "trantor"; profiles.system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; user = "root"; }; @@ -23,7 +24,7 @@ hostname = "io"; profiles = { system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; user = "root"; }; @@ -35,7 +36,9 @@ }; }; }; - - # Optional: Add deploy-rs checks - flake.checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; + perSystem = + { system, ... }: + { + checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; + }; } diff --git a/devShells.nix b/devShells.nix index 25ee80d..82f97e9 100644 --- a/devShells.nix +++ b/devShells.nix @@ -8,8 +8,10 @@ packages = with pkgs; [ nil nixfmt-rfc-style - inputs.deploy-rs.packages.${pkgs.system}.default ]; + shellHook = '' + alias deploy='${inputs.deploy-rs.packages.${pkgs.system}.default}/bin/deploy --skip-checks' + ''; }; }; } diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix index ff0b474..5ef9c4c 100644 --- a/hosts/modules/common/nix.nix +++ b/hosts/modules/common/nix.nix @@ -26,13 +26,11 @@ buildDocs = false; }; - services = { - nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; }; }; From 0adbcc838bb2d87fa12591b4ade4ad70677955d9 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:16:24 -0300 Subject: [PATCH 170/267] merged rclone-webdav with radicale --- .../alexandria/{rclone-webdav.nix => dav.nix} | 59 ++++++++++++++++--- hosts/alexandria/radicale.nix | 17 ------ 2 files changed, 52 insertions(+), 24 deletions(-) rename hosts/alexandria/{rclone-webdav.nix => dav.nix} (59%) delete mode 100644 hosts/alexandria/radicale.nix diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/dav.nix similarity index 59% rename from hosts/alexandria/rclone-webdav.nix rename to hosts/alexandria/dav.nix index 8324d31..8cb510f 100644 --- a/hosts/alexandria/rclone-webdav.nix +++ b/hosts/alexandria/dav.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - +{ lib, inputs, ... }: let + utils = import ../../utils.nix { inherit inputs; }; + inherit (utils) mkNginxVhosts; + rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' #!/bin/bash @@ -42,12 +44,49 @@ let --verbose ''; in - { - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; + services = { + nginx.virtualHosts = mkNginxVhosts { + inherit lib; + acmeHost = "baduhai.dev"; + domains = { + "dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; + proxy_buffering off; + proxy_request_buffering off; + ''; + }; + }; + }; + }; + radicale = { + enable = true; + settings = { + server = { + hosts = [ "/run/radicale/radicale.sock" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + }; + }; }; systemd.services.rclone-webdav = { @@ -79,4 +118,10 @@ in chmod 755 /data/webdav ''; }; + + age.secrets.webdav = { + file = ../../secrets/webdav.age; + owner = "user"; + group = "users"; + }; } diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix deleted file mode 100644 index d81a228..0000000 --- a/hosts/alexandria/radicale.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; -} From 51b6a62f912c1341728e96de56e9b8b9ca15b6cd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:36:46 -0300 Subject: [PATCH 171/267] new mkNginxVHosts function --- homeConfigurations.nix | 3 +- hosts/alexandria/dav.nix | 49 +++++++++++++--------------- hosts/alexandria/forgejo.nix | 18 +++++++++-- hosts/alexandria/jellyfin.nix | 12 +++++-- hosts/alexandria/librespeed.nix | 12 +++++-- hosts/alexandria/nginx.nix | 55 ++++++++------------------------ hosts/alexandria/vaultwarden.nix | 18 +++++++++-- nixosConfigurations.nix | 3 +- utils.nix | 17 +++++++++- 9 files changed, 109 insertions(+), 78 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 3d3a950..112783f 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkUser; in { diff --git a/hosts/alexandria/dav.nix b/hosts/alexandria/dav.nix index 8cb510f..a300e84 100644 --- a/hosts/alexandria/dav.nix +++ b/hosts/alexandria/dav.nix @@ -1,7 +1,7 @@ { lib, inputs, ... }: let - utils = import ../../utils.nix { inherit inputs; }; - inherit (utils) mkNginxVhosts; + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' #!/bin/bash @@ -46,31 +46,28 @@ let in { services = { - nginx.virtualHosts = mkNginxVhosts { - inherit lib; + nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains = { - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; - proxy_buffering off; - proxy_request_buffering off; - ''; - }; + domains."dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; + proxy_buffering off; + proxy_request_buffering off; + ''; }; }; }; diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 0b9908e..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.forgejo = { enable = true; @@ -18,4 +26,10 @@ actions.ENABLED = false; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 87a825f..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -1,8 +1,16 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.jellyfin = { enable = true; openFirewall = true; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 09e4768..79353bd 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,5 +1,8 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; @@ -11,4 +14,9 @@ "--label=io.containers.autoupdate=registry" ]; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 8c20d5d..192dbda 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -1,5 +1,13 @@ -{ config, lib, ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { security.acme = { acceptTerms = true; @@ -26,45 +34,10 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = - let - commonVHostConfig = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { - "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; - "git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - "pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; - }; + virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."_".locations."/".return = "444"; + }; }; users.users.nginx.extraGroups = [ "acme" ]; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 058c123..21f7d46 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.vaultwarden = { enable = true; @@ -9,4 +17,10 @@ ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 65a9e14..f32f422 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkHost; in { diff --git a/utils.nix b/utils.nix index e56e3c2..f25a821 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,4 @@ -{ inputs }: +{ inputs, lib }: let inherit (inputs) self @@ -172,4 +172,19 @@ in } ]; }; + + # Nginx virtual host utilities + mkNginxVHosts = + { + acmeHost, + domains, + }: + let + commonVHostConfig = { + useACMEHost = acmeHost; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; } From f7b173457652b7432ae59d3c33da8be2197389fe Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:37:06 -0300 Subject: [PATCH 172/267] no more dav --- hosts/alexandria/dav.nix | 124 --------------------------------------- 1 file changed, 124 deletions(-) delete mode 100644 hosts/alexandria/dav.nix diff --git a/hosts/alexandria/dav.nix b/hosts/alexandria/dav.nix deleted file mode 100644 index a300e84..0000000 --- a/hosts/alexandria/dav.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in -{ - services = { - nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; - proxy_buffering off; - proxy_request_buffering off; - ''; - }; - }; - }; - radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - }; - - systemd.services.rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; - - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; -} From c8f1b3a5e0f894584cf8bcf08b46f6eeddcffabb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 08:37:09 -0300 Subject: [PATCH 173/267] fix mkNginxVHosts usage; fix librespeed proxy; fix vaultwarden proxy --- hosts/alexandria/librespeed.nix | 25 ++++++++++++++++++++++++- hosts/alexandria/nextcloud.nix | 4 ++-- hosts/alexandria/nginx.nix | 14 ++++++++------ hosts/alexandria/vaultwarden.nix | 5 +++-- utils.nix | 2 ++ 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 79353bd..aeb8db3 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,14 +1,37 @@ -{ lib, inputs, ... }: +{ + config, + lib, + inputs, + ... +}: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { + systemd.services.init-librespeed-network = { + description = "Create the network bridge for librespeed."; + after = [ "network.target" ]; + wantedBy = [ "podman-librespeed.service" ]; + serviceConfig.Type = "oneshot"; + script = '' + check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) + if [ -z "$check" ]; then + ${config.virtualisation.podman.package}/bin/podman network create librespeed + else + echo "librespeed network already exists" + fi + ''; + }; + virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; + networks = [ "librespeed" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2b7670d..b097616 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -80,12 +80,12 @@ "nextcloud-secrets.json" = { file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; nextcloud-adminpass = { file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 192dbda..0a0a261 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -4,10 +4,12 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { security.acme = { acceptTerms = true; @@ -22,12 +24,6 @@ in }; }; - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; - services.nginx = { enable = true; recommendedGzipSettings = true; @@ -41,4 +37,10 @@ in }; users.users.nginx.extraGroups = [ "acme" ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; } diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 21f7d46..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -14,13 +14,14 @@ in config = { DOMAIN = "https://pass.baduhai.dev"; SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; }; }; services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; } diff --git a/utils.nix b/utils.nix index 7b8e502..1f2c66c 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,5 @@ { inputs, lib }: + let inherit (inputs) self @@ -8,6 +9,7 @@ let agenix ; in + { # Tag-based host configuration system mkHost = From 681f68d7903101de8dcc05a8bcf07a244eef59eb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 09:47:40 -0300 Subject: [PATCH 174/267] nexcloud on 25.05 is still at version 31 --- hosts/alexandria/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index b097616..603c85f 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud31; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; From 6d41eeaf885090d66eaac60e1659e7f4b9d6a9be Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 09:51:49 -0300 Subject: [PATCH 175/267] mkHome instead of mkUser --- homeConfigurations.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index cbd1e6c..422681d 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -3,12 +3,12 @@ let lib = inputs.nixpkgs.lib; utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkUser; + inherit (utils) mkHome; in { flake.homeConfigurations = { - "user@rotterdam" = mkUser { + "user@rotterdam" = mkHome { username = "user"; tags = [ "btop" @@ -23,7 +23,7 @@ in ]; }; - "user@io" = mkUser { + "user@io" = mkHome { username = "user"; tags = [ "btop" From 64379d7ab48da9269f6c628473f50b3bcbbc1080 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:01:11 -0300 Subject: [PATCH 176/267] fixed some stuff --- deploy.nix | 6 ++++-- devShells.nix | 6 ++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy.nix b/deploy.nix index 2e69377..40a21e9 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,8 +1,9 @@ { inputs, self, ... }: { - flake.deploy.nodes = { + flake.deploy = { remoteBuild = true; - alexandria = { + nodes = { + alexandria = { hostname = "alexandria"; profiles.system = { sshUser = "user"; @@ -36,6 +37,7 @@ }; }; }; +}; perSystem = { system, ... }: { diff --git a/devShells.nix b/devShells.nix index 82f97e9..e5c4a33 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ ... }: { perSystem = @@ -8,10 +8,8 @@ packages = with pkgs; [ nil nixfmt-rfc-style + deploy-rs ]; - shellHook = '' - alias deploy='${inputs.deploy-rs.packages.${pkgs.system}.default}/bin/deploy --skip-checks' - ''; }; }; } From c6b5cc16c13c9b972d12adafff8719ce821a319d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:01:23 -0300 Subject: [PATCH 177/267] don't touch nextcloud apps --- hosts/alexandria/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 603c85f..84853dc 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -14,7 +14,6 @@ hostName = "cloud.baduhai.dev"; configureRedis = true; https = true; - autoUpdateApps.enable = true; secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; From d0793fb1256d32607005479f8f8ea7588a6bc41e Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:07:55 -0300 Subject: [PATCH 178/267] I'm forced to map a port in librespeed --- hosts/alexandria/librespeed.nix | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index aeb8db3..e36a81d 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -11,27 +11,12 @@ let in { - systemd.services.init-librespeed-network = { - description = "Create the network bridge for librespeed."; - after = [ "network.target" ]; - wantedBy = [ "podman-librespeed.service" ]; - serviceConfig.Type = "oneshot"; - script = '' - check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) - if [ -z "$check" ]; then - ${config.virtualisation.podman.package}/bin/podman network create librespeed - else - echo "librespeed network already exists" - fi - ''; - }; - virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; - networks = [ "librespeed" ]; + ports = [ "127.0.0.1:58080:80" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" @@ -40,6 +25,6 @@ in services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; } From f9874296ae3b06a744633cc1632f63d29b6724a1 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:47:04 -0300 Subject: [PATCH 179/267] expose nextcloud and collabora on proxy --- hosts/alexandria/nextcloud.nix | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 84853dc..373b0e5 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -2,9 +2,15 @@ lib, config, pkgs, + inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + { services = { nextcloud = { @@ -62,17 +68,35 @@ collabora-online = { enable = true; + port = 9980; settings = { ssl = { enable = false; termination = true; }; net = { - listen = "unix"; + listen = "loopback"; frame_ancestors = "cloud.baduhai.dev"; }; }; }; + + nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains = { + "cloud.baduhai.dev" = { }; + "office.baduhai.dev".locations = { + "/".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; + "~ ^/cool/(.*)/ws$".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; + "~ ^/cool/(.*)/ws$".extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + ''; + }; + }; + }; }; age.secrets = { From f5a7377b1f5c88ba29f3bb56deea3bed1eb9e2ef Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:49:44 -0300 Subject: [PATCH 180/267] nextcloud desktop client --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5012d7e..ebffd49 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -17,6 +17,7 @@ ### Web ### bitwarden-desktop brave + nextcloud-client tor-browser qbittorrent vesktop From 265dc9947650bebfc4c6068752152280218d18e8 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 15:23:13 -0300 Subject: [PATCH 181/267] add agenix to shell --- devShells.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index e5c4a33..acf63f8 100644 --- a/devShells.nix +++ b/devShells.nix @@ -6,9 +6,10 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ + agenix + deploy-rs nil nixfmt-rfc-style - deploy-rs ]; }; }; From 7e02970b56c5da72ce06e9e44eba86054fc63b0f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 15:39:56 -0300 Subject: [PATCH 182/267] fix up secrets --- secrets/cloudflare.age | 22 ++++++--------- secrets/nextcloud-adminpass.age | 20 ++++++------- secrets/nextcloud-secrets.json.age | Bin 757 -> 537 bytes secrets/secrets.nix | 44 ++++++++++++++--------------- secrets/webdav.age | 15 ---------- 5 files changed, 38 insertions(+), 63 deletions(-) delete mode 100644 secrets/webdav.age diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 11cfac6..9e989ec 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,15 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog HMpl/3mb59SsUvkDXXxO+odBNSc1dZS1nQtC8/BPlGI -4fPk0YtGxOoqXDfTN9kQlH0Pg2iaJXUZE5es6f317L4 --> ssh-ed25519 SP9f6A p1kh6UOFJ4xwulLY9IpbNZIJ7JSouR27j6HgK/XRegM -rJCzN+RCdQgo/xCkAmcdN6GfXsoQhpmE1HuGwYs/2CI --> ssh-ed25519 8YSAiw cCbMOE3PMa3bzGGQSeQZuq074iwt4p4HLDu8uiHhWRY -U6wR/DuBdMKfbmQfUZ8XLdTBxNsUMR2lOueYucR5+bY --> ssh-ed25519 7cojTQ iLDzC79YtZcrqldzCyIFHrpsEapOXYD5AXuNoQ+3ulI -v2NiE3pA+J8Po+PqTTUU9XYKy37AIyj5KWdlh7FOPG8 --> ssh-ed25519 J6tVTA Jw1pSpF1J2Ud46BDhdRCPErgUeim8uwWxiB1E3BiJB8 -hGdGFi46iqKJN0QviG1xRNf2kwlls0rM5k3LkAiw8jY --> ssh-ed25519 Kl5yTQ yXnKCsJNjTSQYiPuv6dAF6raB3EFcg2oag1cBVkdvwk -0hwjrZpclTrFWtr5JqAbwXImYzZwTJOJPkhNnlHmPeo ---- k97ZU6FfTWVqBwNcrF9QeEbnqnuQUQ9pR1qM/Sgjh7A -#L-q﹋hr&*hNbqܦHŠG=@uaku|Er^BOo}:5ju$%".A1qP\2C R_ S=(%sި \ No newline at end of file +-> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY +NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc +-> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU +6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg +-> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s +WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U +--- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE +_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 4adb2b1..3b6ff2a 100644 --- a/secrets/nextcloud-adminpass.age +++ b/secrets/nextcloud-adminpass.age @@ -1,13 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 -8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI --> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA -xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA --> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 -c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA --> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk -QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 --> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s -seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw ---- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM -]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file +-> ssh-ed25519 Kfdnog aE5/4P3r4e4fh7fFYI+0ci4n5egCI9XxMUsVUQJvmjE +ILlTNB342CLNpdX8SEnSnzEqjvSj8smDjGBQXjQ3pVc +-> ssh-ed25519 8YSAiw tedtmECa3YP0wjOZsCJKAU/izbPcPHWnL++PRSjBIA4 +Rk4E8SbG5ThaBKvtOEe+MWB1JrzFnQAgH/TJGv3+hT8 +-> ssh-ed25519 J6tVTA gozo087SB3PrKK3dTRpmLfUH+pWA67TEHJOmgj1+ASY +pdLnZWvQHyN9lZuS4jjvsnGne+TMZ0PagvfvQJXJW2w +--- hJpVSU9xNlac99VD26i0uW6Jw/U/CoOcAwHSUCk0acs +?hš) IסЇKx::<J BVMx0L \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 3860d4e3352a711b3c6e1aa60cdbc562c6ca04ae..473f3cb97a38fcb01d2d7512306b9576963b2754 100644 GIT binary patch delta 472 zcmey$I+JCBYMggkN?v}tLZ(@Xu}g@*Wrc4^Vy=m0L{7e^aX_YJd8J#5lbL~uNw7g! zZit6jVUAlmSDJp7e_CpAQAJ|0e~M3vg-d3Yb4iXzwo6u|Z$@!}r%|$HX1IG!fwrON z#E;_PMme6DrNud=j-}ylmZ_!5sgWjm#znzCrRB~!hNU?LrYQxU{t+4Bx!JBmgg;!YQIcFpmhoo6#dKpzDyLpDY`(^nh=ll3NSGlEgm75g>hI)kM>05?*>KAyL zn-=?)Rg{~0N9dOaW(Ow~8s_*{xFi|`g(oL->FVk#xETb8mgbeEMOnIO=jVB(yZV}% zl^XfFRX7EES_JwQ8wQxwJEjGsmFb&>a(!53p;qHcGzOhHdr?!)Yy?)B}jRjm0}ob&b+NbC~!2$`=~ U*|Bd)>My+|#f!Ip+dAn605j{k7XSbN delta 713 zcmbQq@|AUhYJEngc8<5BLQ08#dakQsPL^w!S!!meNpfXjrFNN#Wo}7UPOg4oUUrzV zi>beJQmC6Jmrr(3YKl*)Szwxlm#J^6hqjAfSZ->mTcw9bmP=}6Wl>gsWmQ0KVN|6j zm#&>cadC!jYKoDmsiCDpaDZi+nWI8cesOWIi=|7pe!Y{cWoed6vR9-_Qkg1<#sE|1y_+)1$YeyD)J7oq|RJyr&r>9302d4QNm`waAULWPF z?dV?~85ELV=I51Ho@!K{5}Ir29ct#2Wnxm4?o?KiQSK4!R_>CQ&gJ4&p6aTvpP%lV zoEel`Y2Y4`Wl`l4ROML`RFabxlI>KP7ZmK|Qe>Q6%%!WVtB~U7>{DT!Vwq`ZWEvP) zm{J@VmRFwQXBp`06RPbSUSZ^&RUhf*?N(-*6UsGfMfL0LylgMbT(gQoezZ5IKhYNJ zy!hU8=c@UicG+*cc1nw}g0)nAi^?mzP&t#CZvvfMjx10L_MBKan_t?o=GBif({C01 zUVJGJyZ?CH+UIE|d-SZzYV|Jj#Ts`CtG~?r7X5vS-m|uco>~EIJ63Qv*c@4N@wmS5 YR{r>!%HJXtXJ>X5X#Ja0vFm390H{Fzn*aa+ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ba71b7a..d47309f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,29 +1,29 @@ let - io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs"; - io-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; - io = [ - io-user - io-host - ]; + io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"; + io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA root@io"; - rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"; - rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL"; - rotterdam = [ - rotterdam-user - rotterdam-host - ]; + rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"; + rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL root@rotterdam"; - alexandria-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; - alexandria = [ alexandria-host ]; + alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7"; - trantor = [ trantor-host ]; - - desktops = io ++ rotterdam; - servers = alexandria ++ trantor; - all-hosts = desktops ++ servers; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; in + { - "cloudflare.age".publicKeys = all-hosts; - "webdav.age".publicKeys = all-hosts; + "cloudflare.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-adminpass.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-secrets.json.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; } diff --git a/secrets/webdav.age b/secrets/webdav.age deleted file mode 100644 index 93bd850..0000000 --- a/secrets/webdav.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 Kfdnog 9oKx6Oz/J/QJ0mmgoLX5AUx0sFdxnPVnjF42bElPSXA -BJ6h4lHGDsf1Npc4bwkvz5htGRT/x/b2bs9WFM2W/pc --> ssh-ed25519 SP9f6A T5t4apynXLYN/4YEvaHRCI28rrKzet4r6LrbAye5VGk -BsXkZYBxG9zcfLYCd9H0+LW078oCDyYx9zG+DPfE7bA --> ssh-ed25519 8YSAiw RY0YR30qyJPvhy7eTJLoj2JXpH9qHP43fJaHilJykXM -E5/P0Egz/LKwEhYLYd5Cnrat47gnYn93yDSeYgLi934 --> ssh-ed25519 7cojTQ qTCTw7CjilThFLmXYph4YhVBhnk1DpnFCGwgioo/XB0 -N31nZ8nInQuddLD3b0bxI5Es/pTvTQD8nz0f/AZtNFg --> ssh-ed25519 J6tVTA 7OawDsWwtVxu76ZgF0dFclMr19sBNdtu7H+Tr7Pd+SQ -hhVKcscIKIH1WChhRo/RYqUWy1rgs/EKnlHr9uY7QrQ --> ssh-ed25519 Kl5yTQ +i2Q3uNHw1jAVH76NHy4QbjCc6sBBYjsbr7w4mLaHW4 -JOJ02zU0+IxlbXMBsW4UrvzvLUbifdzABBNL+bc0bBs ---- W40oEFdBUKbi0teNTc6B1sX0ReHDvkIJcBm1dlROnk8 -zҼCn箱e7{{N6az"EHB/BYbD \ No newline at end of file From 7da7b7167aa9bef30232bc03a9098575e62ccc52 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:26:32 -0300 Subject: [PATCH 183/267] i give up on nextcloud office --- hosts/alexandria/nextcloud.nix | 39 +++++++++------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 373b0e5..84de9fc 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -15,7 +15,7 @@ in services = { nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; @@ -23,6 +23,14 @@ in secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + ; + }; + extraAppsEnable = true; caching = { apcu = true; redis = true; @@ -66,36 +74,9 @@ in }; }; - collabora-online = { - enable = true; - port = 9980; - settings = { - ssl = { - enable = false; - termination = true; - }; - net = { - listen = "loopback"; - frame_ancestors = "cloud.baduhai.dev"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains = { - "cloud.baduhai.dev" = { }; - "office.baduhai.dev".locations = { - "/".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; - "~ ^/cool/(.*)/ws$".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; - "~ ^/cool/(.*)/ws$".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_read_timeout 36000s; - ''; - }; - }; + domains."cloud.baduhai.dev" = { }; }; }; From 14457d1ec21d93672c84a95047fab7c6febc022b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:55:37 -0300 Subject: [PATCH 184/267] modifications to nextcloud apps --- hosts/alexandria/nextcloud.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 84de9fc..599b832 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,13 +24,10 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - ; + inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; + appstoreEnable = true; caching = { apcu = true; redis = true; From 3164e1ebf2874d2ae01f46e9334e158d0df8a1b4 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:55:52 -0300 Subject: [PATCH 185/267] add helix editor to all systems --- hosts/modules/common/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index 9820149..e0cc2c9 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -7,6 +7,7 @@ git ### System Utilities ### btop + helix nixos-firewall-tool nvd sysz From 0b17f03ddea318d0062819dcc1c1b9a452418379 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 16:17:08 -0300 Subject: [PATCH 186/267] disable nextcloud appstore --- hosts/alexandria/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 599b832..68d4875 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -27,7 +27,6 @@ in inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; - appstoreEnable = true; caching = { apcu = true; redis = true; From 1b1f30180ee1fd5d96e1abe38bd15fd16b51aeb3 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 16:20:43 -0300 Subject: [PATCH 187/267] fix agenix in devshell --- devShells.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index acf63f8..72b2695 100644 --- a/devShells.nix +++ b/devShells.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix + agenix-cli deploy-rs nil nixfmt-rfc-style From ce1af87bdfa210ec34cb382f263f8b8f271030e1 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 18:43:23 -0300 Subject: [PATCH 188/267] finally, niri is finished --- flake.lock | 142 +++++++++++++++++++++++++++--- flake.nix | 2 + hosts/modules/desktop/desktop.nix | 14 ++- users/modules/desktop.nix | 12 +-- users/modules/stylix.nix | 8 +- 5 files changed, 152 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 3e04b70..64bae33 100644 --- a/flake.lock +++ b/flake.lock @@ -456,6 +456,62 @@ "type": "github" } }, + "niri": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1760774008, + "narHash": "sha256-NchPYxFkN9XOOuocGXBmRFAh9NVFybmAev62zG1nL2A=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "27e012b4cd49e9ac438573ec7a6db3e5835828c3", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1760768097, + "narHash": "sha256-RvlONuKFKu+v7h/MorLONcPzXMMe6zs8aJUDOsfjr1I=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "8c8447918f4fd7bc6c86a8622b1db52417fbbbbd", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -475,7 +531,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -497,7 +553,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1759846470, @@ -545,6 +601,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1760580664, + "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1760423683, "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", @@ -561,6 +633,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -576,7 +664,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -592,7 +680,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1760524057, "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", @@ -608,7 +696,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -624,7 +712,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -696,10 +784,11 @@ "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", + "niri": "niri", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_2", "stylix": "stylix", "zen-browser": "zen-browser" } @@ -735,7 +824,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nur": "nur", "systems": "systems_4", "tinted-foot": "tinted-foot", @@ -917,10 +1006,43 @@ "type": "github" } }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1759707084, + "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1760588585, diff --git a/flake.nix b/flake.nix index 4f3fac0..b9ca962 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,8 @@ impermanence.url = "github:nix-community/impermanence"; deploy-rs.url = "github:serokell/deploy-rs"; + + niri.url = "github:sodiboo/niri-flake"; }; outputs = diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index ebffd49..045c088 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -6,7 +6,10 @@ }: { - imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; + imports = [ + inputs.niri.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; environment = { sessionVariables = { @@ -69,7 +72,7 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${pkgs.niri}/bin/niri-session"; user = "greeter"; }; initial_session = { @@ -111,7 +114,10 @@ }; programs = { - niri.enable = true; + niri = { + enable = true; + package = pkgs.niri; + }; dconf.enable = true; kdeconnect.enable = true; appimage = { @@ -120,6 +126,8 @@ }; }; + niri-flake.cache.enable = false; + fonts = { fontDir.enable = true; packages = with pkgs; [ diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 3f7545a..f2517f3 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -8,6 +8,8 @@ fonts.fontconfig.enable = true; + home.packages = with pkgs; [ xwayland-satellite ]; + programs = { dankMaterialShell = { enable = true; @@ -33,21 +35,13 @@ keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; + password-store = { enable = true; package = pkgs.pass-wayland; }; }; - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; - config.common.default = "*"; - }; - gtk = { enable = true; gtk3.extraConfig = { diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 1c3712a..2c2d39f 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -13,15 +13,15 @@ polarity = "dark"; base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; size = 24; }; icons = { enable = true; package = pkgs.morewaita-icon-theme; - light = "adwaita"; - dark = "adwaita-dark"; + light = "MoreWaita"; + dark = "MoreWaita"; }; opacity = { applications = 1.0; From f2921c030b794230d869ec939b097c2d2ce6d18c Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:08:52 -0300 Subject: [PATCH 189/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d?narHash=sha256-NA/FT2hVhKDftbHSwVnoRTFhes62%2B7dxZbxj5Gxvghs%3D' (2025-08-05) → 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) • Updated input 'dms': 'github:AvengeMedia/DankMaterialShell/5c816463973d52010839a882d95ea1a44d80c52a?narHash=sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues%3D' (2025-10-16) → 'github:AvengeMedia/DankMaterialShell/d38b98459a157a854cdcb14b8493a517c6416bac?narHash=sha256-mBK9Gwbslo7HASfFkfi%2B5RUEAYJ3SLeEdSZvpRBbsWM%3D' (2025-10-20) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/758cf7296bee11f1706a574c77d072b8a7baa881?narHash=sha256-wfG0S7pltlYyZTM%2BqqlhJ7GMw2fTF4mLKCIVhLii/4M%3D' (2025-10-01) → 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) • Updated input 'home-manager': 'github:nix-community/home-manager/c53e65ec92f38d30e3c14f8d628ab55d462947aa?narHash=sha256-zfY4F4CpeUjTGgecIJZ%2BM7vFpwLc0Gm9epM/iMQd4w8%3D' (2025-10-15) → 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/437b586743c3d06b0a72893097395b10e70a2b7b?narHash=sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg%3D' (2025-10-07) → 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/544961dfcce86422ba200ed9a0b00dd4b1486ec5?narHash=sha256-EVAqOteLBFmd7pKkb0%2BFIUyzTF61VKi7YmvP1tw4nEw%3D' (2025-10-15) → 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2?narHash=sha256-Tb%2BNYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8%3D' (2025-10-14) → 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c?narHash=sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus%3D' (2025-10-16) → 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) --- flake.lock | 154 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 106 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 64bae33..d5792a2 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1760637129, - "narHash": "sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues=", + "lastModified": 1760965677, + "narHash": "sha256-mBK9Gwbslo7HASfFkfi+5RUEAYJ3SLeEdSZvpRBbsWM=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "5c816463973d52010839a882d95ea1a44d80c52a", + "rev": "d38b98459a157a854cdcb14b8493a517c6416bac", "type": "github" }, "original": { @@ -272,11 +272,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -406,11 +406,11 @@ ] }, "locked": { - "lastModified": 1760500983, - "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", + "lastModified": 1760929667, + "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", "owner": "nix-community", "repo": "home-manager", - "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", + "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", "type": "github" }, "original": { @@ -457,20 +457,40 @@ } }, "niri": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1760963745, + "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", + "owner": "baduhai", + "repo": "niri", + "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", + "type": "github" + }, + "original": { + "owner": "baduhai", + "ref": "auto-center-when-space-available", + "repo": "niri", + "type": "github" + } + }, + "niri-flake": { "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760774008, - "narHash": "sha256-NchPYxFkN9XOOuocGXBmRFAh9NVFybmAev62zG1nL2A=", + "lastModified": 1760950171, + "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "27e012b4cd49e9ac438573ec7a6db3e5835828c3", + "rev": "f851a923137c0a54719412146fd63d24b3214e60", "type": "github" }, "original": { @@ -499,11 +519,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760768097, - "narHash": "sha256-RvlONuKFKu+v7h/MorLONcPzXMMe6zs8aJUDOsfjr1I=", + "lastModified": 1760940149, + "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", "owner": "YaLTeR", "repo": "niri", - "rev": "8c8447918f4fd7bc6c86a8622b1db52417fbbbbd", + "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", "type": "github" }, "original": { @@ -531,8 +551,8 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_4", + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1742115705, @@ -553,14 +573,14 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1759846470, - "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", + "lastModified": 1760856139, + "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", + "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", "type": "github" }, "original": { @@ -602,11 +622,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760580664, - "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -618,11 +638,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760423683, - "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -634,11 +654,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1757967192, + "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -648,7 +684,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -664,7 +700,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -680,13 +716,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -696,7 +732,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -712,7 +748,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -785,15 +821,37 @@ "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "niri": "niri", + "niri-flake": "niri-flake", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "stylix": "stylix", "zen-browser": "zen-browser" } }, "rust-overlay": { + "inputs": { + "nixpkgs": [ + "niri", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757989933, + "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "nixpkgs": [ "nixos-cli", @@ -824,7 +882,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_4", "tinted-foot": "tinted-foot", @@ -1042,14 +1100,14 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1760588585, - "narHash": "sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus=", + "lastModified": 1760934351, + "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c", + "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", "type": "github" }, "original": { From 0758864078ceed3b767efb0e7997de933201d267 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:29:16 -0300 Subject: [PATCH 190/267] niri fully in home manager now --- flake.nix | 4 +- homeConfigurations.nix | 2 + hosts/modules/desktop/desktop.nix | 10 +- users/modules/{ => desktop}/desktop.nix | 19 +- users/modules/desktop/niri.nix | 222 ++++++++++++++++++++++++ users/modules/stylix.nix | 10 +- utils.nix | 3 +- 7 files changed, 248 insertions(+), 22 deletions(-) rename users/modules/{ => desktop}/desktop.nix (78%) create mode 100644 users/modules/desktop/niri.nix diff --git a/flake.nix b/flake.nix index b9ca962..fc1c117 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,9 @@ deploy-rs.url = "github:serokell/deploy-rs"; - niri.url = "github:sodiboo/niri-flake"; + niri-flake.url = "github:sodiboo/niri-flake"; + + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 422681d..a6866c8 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -10,6 +10,7 @@ in flake.homeConfigurations = { "user@rotterdam" = mkHome { username = "user"; + hostname = "rotterdam"; tags = [ "btop" "desktop" @@ -25,6 +26,7 @@ in "user@io" = mkHome { username = "user"; + hostname = "io"; tags = [ "btop" "desktop" diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 045c088..f3a9f3a 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -1,4 +1,5 @@ { + config, inputs, lib, pkgs, @@ -7,7 +8,7 @@ { imports = [ - inputs.niri.nixosModules.niri + inputs.niri-flake.nixosModules.niri inputs.nix-flatpak.nixosModules.nix-flatpak ]; @@ -72,11 +73,11 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${pkgs.niri}/bin/niri-session"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; user = "greeter"; }; initial_session = { - command = "${lib.getExe pkgs.niri}"; + command = "${config.programs.niri.package}/bin/niri-session"; user = "user"; }; }; @@ -116,10 +117,9 @@ programs = { niri = { enable = true; - package = pkgs.niri; + package = inputs.niri.packages.${pkgs.system}.niri; }; dconf.enable = true; - kdeconnect.enable = true; appimage = { enable = true; binfmt = true; diff --git a/users/modules/desktop.nix b/users/modules/desktop/desktop.nix similarity index 78% rename from users/modules/desktop.nix rename to users/modules/desktop/desktop.nix index f2517f3..ab84c77 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,25 +1,11 @@ { inputs, pkgs, ... }: { - imports = [ - inputs.dms.homeModules.dankMaterialShell.default - inputs.zen-browser.homeModules.beta - ]; - fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; programs = { - dankMaterialShell = { - enable = true; - enableVPN = false; - }; - - zen-browser = { - enable = true; - profiles.william = { }; - }; ghostty = { enable = true; @@ -42,6 +28,11 @@ }; }; + services.kdeconnect = { + enable = true; + indicator = true; + }; + gtk = { enable = true; gtk3.extraConfig = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix new file mode 100644 index 0000000..07ce11e --- /dev/null +++ b/users/modules/desktop/niri.nix @@ -0,0 +1,222 @@ +{ + inputs, + pkgs, + hostname ? null, + ... +}: + +let + isRotterdam = hostname == "rotterdam"; +in + +{ + imports = [ + inputs.dms.homeModules.dankMaterialShell.default + ]; + + home.packages = with pkgs; [ xwayland-satellite ]; + + programs.dankMaterialShell = { + enable = true; + enableVPN = false; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + struts { + left 8 + right 8 + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" + spawn-at-startup "dms" "run" + layer-rule { + match namespace="^wallpaper$" + place-within-backdrop true + } + + spawn-at-startup "xwayland-satellite" + environment { + DISPLAY ":0" + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + // open zen at half window width + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Mod+Return { spawn "ghostty"; } + Alt+Space { spawn "dms" "ipc" "call" "spotlight" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "increment" "5"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "decrement" "5"; } + XF86AudioMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "mute"; } + XF86AudioMicMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "micmute"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } + XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } + Mod+Shift+Q { close-window; } + Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } + Mod+M hotkey-overlay-title="Task Manager" { spawn "dms" "ipc" "call" "processlist" "toggle"; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Shift+E { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Ctrl+Alt+Delete { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; +} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 2c2d39f..d59e355 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -6,7 +6,10 @@ }: { - imports = [ inputs.stylix.homeModules.stylix ]; + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; stylix = { enable = true; @@ -58,4 +61,9 @@ profileNames = [ "william" ]; }; }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; } diff --git a/utils.nix b/utils.nix index 1f2c66c..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -102,6 +102,7 @@ in mkHome = { username, + hostname ? null, homeDirectory ? "/home/${username}", tags ? [ ], extraModules ? [ ], @@ -165,7 +166,7 @@ in home-manager.lib.homeManagerConfiguration { inherit pkgs; extraSpecialArgs = { - inherit inputs; + inherit inputs hostname; userTags = allTags; }; modules = allModules ++ [ From d931282a3575dd1e7432b55a11caf8d5b967cccc Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:34:38 -0300 Subject: [PATCH 191/267] fix niri config spacing --- users/modules/desktop/niri.nix | 7 +++---- users/user/git.nix | 19 +++++++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 07ce11e..321f701 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -58,13 +58,13 @@ in if isRotterdam then '' proportion 0.33333 - proportion 0.5 - proportion 0.66667 + proportion 0.5 + proportion 0.66667 '' else '' proportion 0.5 - proportion 1 + proportion 1 '' } } @@ -116,7 +116,6 @@ in slowdown 0.3 } - // open zen at half window width window-rule { match app-id="zen" default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } diff --git a/users/user/git.nix b/users/user/git.nix index fcafc00..9c1fb20 100644 --- a/users/user/git.nix +++ b/users/user/git.nix @@ -1,10 +1,17 @@ { pkgs, ... }: { - programs.git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; }; -} \ No newline at end of file +} From 5006f6fc95b9b4a00e660cbceeca075d6e5d6b51 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 11:41:15 -0300 Subject: [PATCH 192/267] local build on io deploy --- deploy.nix | 54 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/deploy.nix b/deploy.nix index 40a21e9..187c92f 100644 --- a/deploy.nix +++ b/deploy.nix @@ -4,40 +4,42 @@ remoteBuild = true; nodes = { alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { + hostname = "alexandria"; + profiles.system = { sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; user = "root"; }; - user = { + }; + + trantor = { + hostname = "trantor"; + profiles.system = { sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + remoteBuild = false; + }; + user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + remoteBuild = false; + }; }; }; }; }; -}; perSystem = { system, ... }: { From 8600145275f81860d1e4074ad89735061f12097d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 11:58:43 -0300 Subject: [PATCH 193/267] niri proportions and scaling --- users/modules/desktop/niri.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 321f701..d7c4df2 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -22,6 +22,14 @@ in }; xdg.configFile."niri/config.kdl".text = '' + output "eDP-1" { + scale 1.0 + } + + output "DP-3" { + scale 1.0 + } + input { keyboard { xkb { @@ -64,7 +72,7 @@ in else '' proportion 0.5 - proportion 1 + proportion 1.0 '' } } @@ -118,7 +126,7 @@ in window-rule { match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } window-rule { From 6d3ceccf934762ace497e0e80032579c0c99c82e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 14:10:18 -0300 Subject: [PATCH 194/267] finalising niri config on io --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 5 +++++ homeConfigurations.nix | 6 ++++-- hosts/modules/desktop/desktop.nix | 1 + users/modules/comma.nix | 7 +++++++ users/modules/desktop/desktop.nix | 13 ++++++++++++- users/modules/desktop/niri.nix | 1 + 7 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 users/modules/comma.nix diff --git a/flake.lock b/flake.lock index d5792a2..a742089 100644 --- a/flake.lock +++ b/flake.lock @@ -548,6 +548,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760846226, + "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", @@ -823,6 +843,7 @@ "niri": "niri", "niri-flake": "niri-flake", "nix-flatpak": "nix-flatpak", + "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", diff --git a/flake.nix b/flake.nix index fc1c117..07e2353 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,11 @@ niri-flake.url = "github:sodiboo/niri-flake"; niri.url = "github:baduhai/niri/auto-center-when-space-available"; + + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/homeConfigurations.nix b/homeConfigurations.nix index a6866c8..296abfa 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -12,8 +12,9 @@ in username = "user"; hostname = "rotterdam"; tags = [ - "btop" "desktop" + "btop" + "comma" "direnv" "gaming" "helix" @@ -28,8 +29,9 @@ in username = "user"; hostname = "io"; tags = [ - "btop" "desktop" + "btop" + "comma" "direnv" "helix" "starship" diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f3a9f3a..1c1b6c9 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -102,6 +102,7 @@ uninstallUnmanaged = true; update.auto.enable = true; }; + gvfs.enable = true; }; security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority diff --git a/users/modules/comma.nix b/users/modules/comma.nix new file mode 100644 index 0000000..0aad530 --- /dev/null +++ b/users/modules/comma.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: + +{ + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; +} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ab84c77..21a9451 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,4 +1,9 @@ -{ inputs, pkgs, ... }: +{ + config, + inputs, + pkgs, + ... +}: { fonts.fontconfig.enable = true; @@ -18,6 +23,7 @@ sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; bell-features = "border"; + gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; @@ -42,4 +48,9 @@ gtk-decoration-layout = "appmenu:"; }; }; + + xdg = { + enable = true; + userDirs.enable = true; + }; } diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index d7c4df2..4bab001 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -150,6 +150,7 @@ in Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } Mod+Q { close-window; } + Alt+Shift+Q { close-window;} Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } Mod+Shift+Q { close-window; } Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } From 831b9c95cdd4d9b27218045ebdd7b121550d778d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 17:38:05 -0300 Subject: [PATCH 195/267] better-control for desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 1c1b6c9..d3e8083 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -43,6 +43,7 @@ plasticity ### System Utilities ### adwaita-icon-theme + better-control ghostty gnome-disk-utility junction From a6aa171a4d8fb9e2ec954ac5af85971428e7c7a5 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 19:49:28 -0300 Subject: [PATCH 196/267] nocatlia > dankMaterialShell --- flake.lock | 120 +++++++++++++-------------------- flake.nix | 4 +- users/modules/desktop/niri.nix | 39 +++++------ 3 files changed, 65 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index a742089..8271d66 100644 --- a/flake.lock +++ b/flake.lock @@ -133,27 +133,6 @@ "type": "github" } }, - "dgop": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760238269, - "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", - "owner": "AvengeMedia", - "repo": "dgop", - "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "dgop", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -175,50 +154,6 @@ "type": "github" } }, - "dms": { - "inputs": { - "dgop": "dgop", - "dms-cli": "dms-cli", - "nixpkgs": [ - "nixpkgs" - ], - "quickshell": "quickshell" - }, - "locked": { - "lastModified": 1760965677, - "narHash": "sha256-mBK9Gwbslo7HASfFkfi+5RUEAYJ3SLeEdSZvpRBbsWM=", - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "rev": "d38b98459a157a854cdcb14b8493a517c6416bac", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "type": "github" - } - }, - "dms-cli": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760241259, - "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", - "owner": "AvengeMedia", - "repo": "danklinux", - "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "danklinux", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -784,6 +719,28 @@ "type": "github" } }, + "noctalia": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell", + "systems": "systems_4" + }, + "locked": { + "lastModified": 1760981626, + "narHash": "sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0=", + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "rev": "73267d1d37b60c963fc4f938acab1eef8a655fe7", + "type": "github" + }, + "original": { + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -812,22 +769,22 @@ "quickshell": { "inputs": { "nixpkgs": [ - "dms", + "noctalia", "nixpkgs" ] }, "locked": { - "lastModified": 1760228179, - "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", + "lastModified": 1753595452, + "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", "ref": "refs/heads/master", - "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", - "revCount": 693, + "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", + "revCount": 665, "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, "original": { "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" } }, "root": { @@ -835,7 +792,6 @@ "agenix": "agenix", "deploy-rs": "deploy-rs", "disko": "disko", - "dms": "dms", "flake-parts": "flake-parts", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", @@ -847,6 +803,7 @@ "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", + "noctalia": "noctalia", "stylix": "stylix", "zen-browser": "zen-browser" } @@ -905,7 +862,7 @@ "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_7", "nur": "nur", - "systems": "systems_4", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,6 +943,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 07e2353..78ff944 100644 --- a/flake.nix +++ b/flake.nix @@ -26,8 +26,8 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - dms = { - url = "github:AvengeMedia/DankMaterialShell"; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4bab001..517805f 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -1,5 +1,6 @@ { inputs, + lib, pkgs, hostname ? null, ... @@ -7,20 +8,12 @@ let isRotterdam = hostname == "rotterdam"; + noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { - imports = [ - inputs.dms.homeModules.dankMaterialShell.default - ]; - home.packages = with pkgs; [ xwayland-satellite ]; - programs.dankMaterialShell = { - enable = true; - enableVPN = false; - }; - xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { scale 1.0 @@ -102,11 +95,15 @@ in } spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" - spawn-at-startup "dms" "run" + spawn-at-startup "${noctalia}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true } + layer-rule { + match namespace="^quickshell-overview$" + place-within-backdrop true + } spawn-at-startup "xwayland-satellite" environment { @@ -139,22 +136,20 @@ in } binds { + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } - Alt+Space { spawn "dms" "ipc" "call" "spotlight" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "increment" "5"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "decrement" "5"; } - XF86AudioMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "mute"; } - XF86AudioMicMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "micmute"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } - XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } Mod+Q { close-window; } Alt+Shift+Q { close-window;} - Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } Mod+Shift+Q { close-window; } - Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } - Mod+M hotkey-overlay-title="Task Manager" { spawn "dms" "ipc" "call" "processlist" "toggle"; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } Mod+Down { focus-window-down; } @@ -222,8 +217,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Shift+E { spawn "dms" "ipc" "call" "powermenu" "toggle"; } - Ctrl+Alt+Delete { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 8fc3e89e56bf0c68dd6083086008a53aeafa0da2 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 07:15:35 -0300 Subject: [PATCH 197/267] noctalia variable for icons pack --- users/modules/desktop/niri.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 517805f..fe40e1c 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,6 +14,10 @@ in { home.packages = with pkgs; [ xwayland-satellite ]; + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gtk3"; + }; + xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { scale 1.0 From c32c37596fec2710cc6b5a4de616ab68f341e815 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 07:22:35 -0300 Subject: [PATCH 198/267] io needs battery management --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 3703ba3..90fb737 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -48,6 +48,7 @@ }; }; }; + upower.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 5969f2ba9fda4666fdcda8493f26e3fb5796e873 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 10:22:05 -0300 Subject: [PATCH 199/267] default desktop programs --- hosts/modules/desktop/desktop.nix | 8 +- users/modules/desktop/desktop.nix | 118 +++++++++++++++++++++++++++--- 2 files changed, 112 insertions(+), 14 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index d3e8083..c265af7 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -21,9 +21,9 @@ ### Web ### bitwarden-desktop brave + fragments nextcloud-client tor-browser - qbittorrent vesktop inputs.zen-browser.packages."${system}".default ### Office & Productivity ### @@ -39,7 +39,6 @@ ### Graphics & Design ### gimp inkscape - loupe plasticity ### System Utilities ### adwaita-icon-theme @@ -55,9 +54,10 @@ toggleaudiosink unrar ### Media ### - mpv + decibels + loupe obs-studio - qview + showtime ]; }; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 21a9451..16e2a82 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -39,18 +39,116 @@ indicator = true; }; - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; - xdg = { enable = true; userDirs.enable = true; + + mimeApps = { + enable = true; + defaultApplications = { + # Web browsing (priority: Junction > Zen > Brave > Tor) + "text/html" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + + # Images + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + + # Video + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + + # Audio + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + + # PDF and documents (priority: Papers > Zen Browser) + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + + # Text files (Ghostty + Helix) + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + + # Office documents + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "onlyoffice-desktopeditors.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "onlyoffice-desktopeditors.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "onlyoffice-desktopeditors.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; # ODP + "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC + "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS + "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT + + # Archives + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + + # File manager + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; }; } From 30ca5f6b29963d2741d488adaf8719eac0747091 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 13:12:40 -0300 Subject: [PATCH 200/267] kde connect needs to be enabled both in the user as the host --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index c265af7..3be98a6 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -121,6 +121,7 @@ enable = true; package = inputs.niri.packages.${pkgs.system}.niri; }; + kdeconnect.enable = true; dconf.enable = true; appimage = { enable = true; From 66d5275f7d09417e9becd0d1ddfc277f03e30233 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 13:57:49 -0300 Subject: [PATCH 201/267] no more better-control; niri config spacing --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/niri.nix | 309 +++++++++++++++--------------- 2 files changed, 152 insertions(+), 158 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 3be98a6..81ecb85 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -42,7 +42,6 @@ plasticity ### System Utilities ### adwaita-icon-theme - better-control ghostty gnome-disk-utility junction diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index fe40e1c..0e8eaab 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -12,6 +12,7 @@ let in { + imports = [ inputs.noctalia.homeModules.default ]; home.packages = with pkgs; [ xwayland-satellite ]; home.sessionVariables = { @@ -20,210 +21,204 @@ in xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { - scale 1.0 + scale 1.0 } - output "DP-3" { - scale 1.0 + scale 1.0 } input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } + keyboard { + xkb { + layout "us" + variant "altgr-intl" } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse } layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } tab-indicator { - width 4 - gap 4 - place-within-column + width 4 + gap 4 + place-within-column } struts { - left 8 - right 8 + left 8 + right 8 } } overview { - zoom 0.65 + zoom 0.65 } spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" spawn-at-startup "${noctalia}" layer-rule { - match namespace="^wallpaper$" + match namespace="^wallpaper$" place-within-backdrop true } layer-rule { - match namespace="^quickshell-overview$" - place-within-backdrop true - } - - spawn-at-startup "xwayland-satellite" - environment { - DISPLAY ":0" + match namespace="^quickshell-overview$" + place-within-backdrop true } hotkey-overlay { - skip-at-startup + skip-at-startup } prefer-no-csd screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" animations { - slowdown 0.3 + slowdown 0.3 } window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } window-rule { - geometry-corner-radius 12 - clip-to-geometry true + geometry-corner-radius 12 + clip-to-geometry true } config-notification { - disable-failed + disable-failed } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } } ''; } From 602fec023555c93f2020967bc643c94d5a6cc098 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 17:18:17 -0300 Subject: [PATCH 202/267] no more home manager stable --- flake.lock | 22 ---------------------- flake.nix | 8 ++------ 2 files changed, 2 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 8271d66..7e20e22 100644 --- a/flake.lock +++ b/flake.lock @@ -313,27 +313,6 @@ "type": "github" } }, - "home-manager-stable": { - "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -794,7 +773,6 @@ "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", diff --git a/flake.nix b/flake.nix index 78ff944..72aa094 100644 --- a/flake.nix +++ b/flake.nix @@ -2,19 +2,15 @@ description = "My nix hosts"; inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; - flake-parts.url = "github:hercules-ci/flake-parts"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - home-manager-stable = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; agenix = { url = "github:ryantm/agenix"; From 14d08d6d70cb82e7078c70cd5421416b6143501e Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 17:21:14 -0300 Subject: [PATCH 203/267] specify server hosts --- nixosConfigurations.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 16433bd..9a0a09d 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -36,6 +36,7 @@ in alexandria = mkHost { hostname = "alexandria"; tags = [ + # "server" TODO: uncomment when 25.11 is out. "fwupd" "podman" ]; @@ -45,6 +46,7 @@ in hostname = "trantor"; system = "aarch64-linux"; tags = [ + "server" ]; }; }; From 025bd2ccf83302d6ca4c15a6d65d891bb008390a Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 22:01:34 -0300 Subject: [PATCH 204/267] readme glowup --- readme.md | 129 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 122 insertions(+), 7 deletions(-) diff --git a/readme.md b/readme.md index 9f3af1e..2804237 100644 --- a/readme.md +++ b/readme.md @@ -1,8 +1,123 @@ -All my personal Nix and NixOS hosts, in a flake. +# NixOS Configuration -|Host|Description|System Version| -|:---|:---:|---:| -|alexandria|Personal server/NAS|NixOS 25.05| -|io|Mobile workstation|NixOS Unstable| -|rotterdam|Workstation|NixOS Unstable| -|trantor|Oracle Cloud VPS|NixOS 25.05| +A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. + +## Hosts + +| Host | Type | System | Version | Description | +|------|------|--------|---------|-------------| +| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | +| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | +| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | +| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | + +## Key Features + +### Architecture +- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance +- **Flake-based** - Fully reproducible builds with locked dependencies +- **Multi-platform** - Supports both x86_64 and aarch64 architectures +- **Deployment automation** - Remote deployment via deploy-rs + +### Desktop Experience +- **Niri compositor** - Custom fork with auto-centering window columns +- **Unified theming** - Stylix-based theming +- **Wayland-native** - Full Wayland support +- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability + +### Self-Hosted Services +- **Nextcloud** - Cloud storage with calendar, contacts, and notes +- **Forgejo** - Self-hosted Git server +- **Jellyfin** - Media streaming +- **Vaultwarden** - Password manager backend +- **LibreSpeed** - Network speed testing +- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt + +### Security +- **Agenix** - Encrypted secrets management +- **Tailscale** - Zero-config VPN mesh network +- **Firewall** - Configured on all hosts +- SSH key-based authentication + +## Repository Structure + +``` +. +├── flake.nix # Main flake definition +├── utils.nix # Tag-based module system utilities +├── nixosConfigurations.nix # Host definitions with tags +├── homeConfigurations.nix # User configurations +├── deploy.nix # Remote deployment configuration +├── hosts/ +│ ├── alexandria/ # Server-specific config +│ ├── io/ # Laptop-specific config +│ ├── rotterdam/ # Desktop-specific config +│ ├── trantor/ # VPS-specific config +│ └── modules/ +│ ├── common/ # Shared base configuration +│ ├── desktop/ # Desktop environment setup +│ ├── server/ # Server-specific modules +│ └── [tag].nix # Optional feature modules +├── users/ +│ └── modules/ # Home Manager configurations +│ └── [tag].nix # Optional feature modules +├── packages/ # Custom package definitions +└── secrets/ # Encrypted secrets (agenix) +``` + +## Tag System + +Configurations are composed using tags that map to modules: + +**Common Tags** (all hosts): +- `common` - Base system configuration (automatically applied) + +**General Tags**: +- `desktop` - *Mostly* full desktop environment with Niri WM +- `dev` - Development tools and environments +- `gaming` - Steam, Heroic, gamemode, controller support +- `ephemeral` - Impermanent root filesystem +- `networkmanager` - WiFi and network management +- `libvirtd` - KVM/QEMU virtualization +- `podman` - Container runtime +- `bluetooth` - Bluetooth support +- `fwupd` - Firmware update daemon + +**Server Tags**: +- `server` - Server-specific configuration + +## Usage + +### Rebuilding a Configuration + +```bash +# Local rebuild +sudo nixos-rebuild switch --flake .#hostname + +# Remote deployment +deploy .#hostname +``` + +### Updating Dependencies + +```bash +nix flake update +``` + +### Adding a New Host + +1. Create host directory in `hosts/` +2. Define configuration in `nixosConfigurations.nix` with appropriate tags +3. Add deployment profile in `deploy.nix` if needed + +## Dependencies + +- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels +- [home-manager](https://github.com/nix-community/home-manager) - User configuration +- [agenix](https://github.com/ryantm/agenix) - Secrets management +- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning +- [stylix](https://github.com/danth/stylix) - System-wide theming +- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) +- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support +- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment +- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management From ccd4d5314caf430b0b2d4e89e776c1c3ab4bc674 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 22:39:25 -0300 Subject: [PATCH 205/267] new stylix theme --- users/modules/stylix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index d59e355..13ba8b6 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -14,7 +14,7 @@ stylix = { enable = true; polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; cursor = { package = pkgs.kdePackages.breeze; name = "breeze_cursors"; From 39d16028645efff3278a9bcab75056372fa67c2e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 11:58:03 -0300 Subject: [PATCH 206/267] xdg portals --- hosts/modules/desktop/desktop.nix | 8 ++++++++ users/modules/desktop/desktop.nix | 18 ------------------ 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 81ecb85..24ead6a 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -141,4 +141,12 @@ roboto ]; }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config.common.default = "*"; + }; } diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 16e2a82..a962923 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -42,11 +42,9 @@ xdg = { enable = true; userDirs.enable = true; - mimeApps = { enable = true; defaultApplications = { - # Web browsing (priority: Junction > Zen > Brave > Tor) "text/html" = [ "com.github.timecraft.junction.desktop" "zen-browser.desktop" @@ -77,8 +75,6 @@ "brave-browser.desktop" "torbrowser.desktop" ]; - - # Images "image/jpeg" = "org.gnome.Loupe.desktop"; "image/png" = "org.gnome.Loupe.desktop"; "image/gif" = "org.gnome.Loupe.desktop"; @@ -86,8 +82,6 @@ "image/bmp" = "org.gnome.Loupe.desktop"; "image/svg+xml" = "org.gnome.Loupe.desktop"; "image/tiff" = "org.gnome.Loupe.desktop"; - - # Video "video/mp4" = "io.bassi.Showtime.desktop"; "video/x-matroska" = "io.bassi.Showtime.desktop"; "video/webm" = "io.bassi.Showtime.desktop"; @@ -95,28 +89,20 @@ "video/x-msvideo" = "io.bassi.Showtime.desktop"; "video/quicktime" = "io.bassi.Showtime.desktop"; "video/x-flv" = "io.bassi.Showtime.desktop"; - - # Audio "audio/mpeg" = "io.bassi.Showtime.desktop"; "audio/flac" = "io.bassi.Showtime.desktop"; "audio/ogg" = "io.bassi.Showtime.desktop"; "audio/wav" = "io.bassi.Showtime.desktop"; "audio/mp4" = "io.bassi.Showtime.desktop"; "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - - # PDF and documents (priority: Papers > Zen Browser) "application/pdf" = [ "org.gnome.Papers.desktop" "zen-browser.desktop" ]; - - # Text files (Ghostty + Helix) "text/plain" = "Helix.desktop"; "text/markdown" = "Helix.desktop"; "text/x-log" = "Helix.desktop"; "application/x-shellscript" = "Helix.desktop"; - - # Office documents "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "onlyoffice-desktopeditors.desktop"; # DOCX "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = @@ -129,8 +115,6 @@ "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT - - # Archives "application/zip" = "org.gnome.FileRoller.desktop"; "application/x-tar" = "org.gnome.FileRoller.desktop"; "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; @@ -140,8 +124,6 @@ "application/x-rar" = "org.gnome.FileRoller.desktop"; "application/gzip" = "org.gnome.FileRoller.desktop"; "application/x-bzip" = "org.gnome.FileRoller.desktop"; - - # File manager "inode/directory" = "org.gnome.Nautilus.desktop"; }; }; From db4b93273e354b97cfbdc9345468f356f8329b25 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 14:16:52 -0300 Subject: [PATCH 207/267] kdeconnect: use valent instead; ghostty: set up shift+enter --- hosts/modules/desktop/desktop.nix | 5 ++++- users/modules/desktop/desktop.nix | 7 +------ users/modules/desktop/niri.nix | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 24ead6a..192932c 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -120,7 +120,10 @@ enable = true; package = inputs.niri.packages.${pkgs.system}.niri; }; - kdeconnect.enable = true; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; dconf.enable = true; appimage = { enable = true; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index a962923..ba30852 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -24,7 +24,7 @@ }}"; bell-features = "border"; gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; + keybind = [ "shift+enter=text:\\x1b\\r" ]; }; }; @@ -34,11 +34,6 @@ }; }; - services.kdeconnect = { - enable = true; - indicator = true; - }; - xdg = { enable = true; userDirs.enable = true; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0e8eaab..8da284f 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -98,8 +98,8 @@ in zoom 0.65 } - spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" spawn-at-startup "${noctalia}" + spawn-at-startup "${lib.getExe pkgs.valent}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true From d3c3c78cdd20b1b111a354d7b200f519cab66307 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 18:43:05 -0300 Subject: [PATCH 208/267] niri: struts only for rotterdam --- users/modules/desktop/niri.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 8da284f..dc9793a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -88,10 +88,11 @@ in gap 4 place-within-column } - struts { - left 8 - right 8 - } + ${lib.optionalString isRotterdam '' + struts { + left 8 + right 8 + }''} } overview { From 8254683b5f8a2aaa15cd5fa0a6eb809928f4ed5b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 18:58:20 -0300 Subject: [PATCH 209/267] set collate locale option --- hosts/modules/common/locale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix index 7e07d85..1171a32 100644 --- a/hosts/modules/common/locale.nix +++ b/hosts/modules/common/locale.nix @@ -7,6 +7,7 @@ defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; LC_IDENTIFICATION = "pt_BR.utf8"; LC_MEASUREMENT = "pt_BR.utf8"; LC_MONETARY = "pt_BR.utf8"; From dd067449290bee1e04351b4b51d978680396259d Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 15:34:03 -0300 Subject: [PATCH 210/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/73267d1d37b60c963fc4f938acab1eef8a655fe7?narHash=sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0%3D' (2025-10-20) → 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7e20e22..feb5089 100644 --- a/flake.lock +++ b/flake.lock @@ -707,11 +707,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1760981626, - "narHash": "sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0=", + "lastModified": 1761190730, + "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "73267d1d37b60c963fc4f938acab1eef8a655fe7", + "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", "type": "github" }, "original": { From 2d2d27a6fc2d8fcc7133313a1a0cc030d467c729 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 21:18:44 -0300 Subject: [PATCH 211/267] don't autostart valent --- users/modules/desktop/niri.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index dc9793a..d603838 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -100,7 +100,6 @@ in } spawn-at-startup "${noctalia}" - spawn-at-startup "${lib.getExe pkgs.valent}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true From 98b2d1f44c70619ae837e16180ea1a116c003116 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 24 Oct 2025 17:55:55 -0300 Subject: [PATCH 212/267] niri xdg desktop portal config --- hosts/modules/desktop/desktop.nix | 8 +++++++- users/modules/desktop/niri.nix | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 192932c..816745c 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -150,6 +150,12 @@ xdg-desktop-portal-gnome xdg-desktop-portal-gtk ]; - config.common.default = "*"; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; }; } diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index d603838..47ad561 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -13,10 +13,10 @@ in { imports = [ inputs.noctalia.homeModules.default ]; - home.packages = with pkgs; [ xwayland-satellite ]; - home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "gtk3"; + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' From 8a64636cc596b114b086231ca9f6d9ef1d8f0fe9 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 25 Oct 2025 09:10:17 -0300 Subject: [PATCH 213/267] niri media keys --- users/modules/desktop/niri.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 47ad561..16955d9 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -136,11 +136,15 @@ in binds { Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } From a8977d7dfbb85cb7e955a133551ed84a6073def3 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 11:00:50 -0300 Subject: [PATCH 214/267] greetd only autologin on io --- hosts/modules/desktop/desktop.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 816745c..5258442 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -73,9 +73,11 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; user = "greeter"; }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { initial_session = { command = "${config.programs.niri.package}/bin/niri-session"; user = "user"; From 90cdc7b8a5029a9c039b97b6b06b56bdbaa71350 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 18:14:02 -0300 Subject: [PATCH 215/267] begin configuring terranix --- flake.lock | 59 +++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ terranixConfigurations.nix | 22 +++++++++++++ utils.nix | 63 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 150 insertions(+) create mode 100644 terranixConfigurations.nix diff --git a/flake.lock b/flake.lock index feb5089..f9d54f9 100644 --- a/flake.lock +++ b/flake.lock @@ -241,6 +241,27 @@ "type": "github" } }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "terranix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -783,6 +804,7 @@ "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", + "terranix": "terranix", "zen-browser": "zen-browser" } }, @@ -936,6 +958,43 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_6" + }, + "locked": { + "lastModified": 1757278723, + "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "owner": "terranix", + "repo": "terranix", + "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 72aa094..ccbec85 100644 --- a/flake.nix +++ b/flake.nix @@ -47,6 +47,11 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -65,6 +70,7 @@ ./overlays.nix ./packages.nix ./deploy.nix + ./terranixConfigurations.nix ]; }; } diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix new file mode 100644 index 0000000..9dd1c8f --- /dev/null +++ b/terranixConfigurations.nix @@ -0,0 +1,22 @@ +{ inputs, ... }: + +let + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; + inherit (utils) mkTerranixDerivation; + + configs = { + # Example: + # myconfig = { + # modules = [ ./terraform/myconfig.nix ]; + # }; + }; +in + +{ + perSystem = + { system, ... }: + { + packages = mkTerranixDerivation { inherit system configs; }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..fb92954 100644 --- a/utils.nix +++ b/utils.nix @@ -7,6 +7,7 @@ let nixpkgs-stable home-manager agenix + terranix ; in @@ -190,4 +191,66 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Terranix configuration system + mkTerranixDerivation = + { + system, + configs, + }: + lib.mapAttrs ( + name: cfg: + let + pkgs = nixpkgs.legacyPackages.${system}; + modules = cfg.modules; + extraArgs = cfg.extraArgs or { }; + + terraformConfiguration = terranix.lib.terranixConfiguration { + inherit system modules; + extraArgs = { + inherit lib pkgs; + } // extraArgs; + }; + + tf-json = pkgs.writeShellScriptBin "default" '' + cat ${terraformConfiguration} | ${pkgs.jq}/bin/jq + ''; + + apply = pkgs.writeShellScriptBin "apply" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform apply + ''; + + plan = pkgs.writeShellScriptBin "plan" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform plan + ''; + + destroy = pkgs.writeShellScriptBin "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform destroy + ''; + + create-state-bucket = pkgs.writeShellScriptBin "create-state-bucket" '' + BUCKET_NAME=''${1:-"terraform-state-bucket"} + ACCOUNT_ID=''${2:?"Error: Cloudflare account ID required as second argument"} + R2_ENDPOINT="https://$ACCOUNT_ID.r2.cloudflarestorage.com" + + echo "Creating R2 bucket $BUCKET_NAME..." + ${pkgs.awscli}/bin/aws s3api create-bucket \ + --bucket "$BUCKET_NAME" \ + --endpoint-url "$R2_ENDPOINT" + echo "Bucket created successfully at $R2_ENDPOINT" + ''; + in + tf-json // { + inherit apply plan destroy create-state-bucket; + } + ) configs; } From b75f9752d1455be5a437b952b46ba68310e8b01f Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 11:14:52 -0300 Subject: [PATCH 216/267] use terranix flake parts module directly --- terranixConfigurations.nix | 29 ++++++++---------- utils.nix | 63 -------------------------------------- 2 files changed, 12 insertions(+), 80 deletions(-) diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 9dd1c8f..c546cbf 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -1,22 +1,17 @@ { inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkTerranixDerivation; - - configs = { - # Example: - # myconfig = { - # modules = [ ./terraform/myconfig.nix ]; - # }; - }; -in - { - perSystem = - { system, ... }: - { - packages = mkTerranixDerivation { inherit system configs; }; + imports = [ + inputs.terranix.flakeModule + ]; + + perSystem = { + terranix.terranixConfigurations = { + # Example: + # myconfig = { + # modules = [ ./terraform/myconfig.nix ]; + # extraArgs = { }; # optional + # }; }; + }; } diff --git a/utils.nix b/utils.nix index fb92954..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -7,7 +7,6 @@ let nixpkgs-stable home-manager agenix - terranix ; in @@ -191,66 +190,4 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; - - # Terranix configuration system - mkTerranixDerivation = - { - system, - configs, - }: - lib.mapAttrs ( - name: cfg: - let - pkgs = nixpkgs.legacyPackages.${system}; - modules = cfg.modules; - extraArgs = cfg.extraArgs or { }; - - terraformConfiguration = terranix.lib.terranixConfiguration { - inherit system modules; - extraArgs = { - inherit lib pkgs; - } // extraArgs; - }; - - tf-json = pkgs.writeShellScriptBin "default" '' - cat ${terraformConfiguration} | ${pkgs.jq}/bin/jq - ''; - - apply = pkgs.writeShellScriptBin "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform apply - ''; - - plan = pkgs.writeShellScriptBin "plan" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform plan - ''; - - destroy = pkgs.writeShellScriptBin "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform destroy - ''; - - create-state-bucket = pkgs.writeShellScriptBin "create-state-bucket" '' - BUCKET_NAME=''${1:-"terraform-state-bucket"} - ACCOUNT_ID=''${2:?"Error: Cloudflare account ID required as second argument"} - R2_ENDPOINT="https://$ACCOUNT_ID.r2.cloudflarestorage.com" - - echo "Creating R2 bucket $BUCKET_NAME..." - ${pkgs.awscli}/bin/aws s3api create-bucket \ - --bucket "$BUCKET_NAME" \ - --endpoint-url "$R2_ENDPOINT" - echo "Bucket created successfully at $R2_ENDPOINT" - ''; - in - tf-json // { - inherit apply plan destroy create-state-bucket; - } - ) configs; } From 5899e42fa427bf8346d9b8b21a0ca239b64d74cf Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 16:04:31 -0300 Subject: [PATCH 217/267] started oci terranix config --- terranix/oci/homelab.nix | 196 +++++++++++++++++++++++++++++++++++++ terranixConfigurations.nix | 8 +- 2 files changed, 199 insertions(+), 5 deletions(-) create mode 100644 terranix/oci/homelab.nix diff --git a/terranix/oci/homelab.nix b/terranix/oci/homelab.nix new file mode 100644 index 0000000..12c15b4 --- /dev/null +++ b/terranix/oci/homelab.nix @@ -0,0 +1,196 @@ +{ config, ... }: + +{ + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 5.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/homelab.tfstate"; + region = "auto"; + endpoint = "https://.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + compartment_name = { + default = "homelab"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_tenancy.tenancy = { }; + + oci_identity_availability_domains.ads = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.homelab = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + description = "Homelab infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "homelab-vcn"; + dns_label = "homelab"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig.id; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + cidr_block = config.variable.vcn_cidr.default; + display_name = "homelab-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt.id; + security_list_ids = [ config.resource.oci_core_security_list.sl.id ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name; + compartment_id = config.resource.oci_identity_compartment.homelab.id; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm.images .0.id; + boot_volume_size_in_gbs = 50; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet.id; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.homelab.id; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor.public_ip; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index c546cbf..8606b2c 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -7,11 +7,9 @@ perSystem = { terranix.terranixConfigurations = { - # Example: - # myconfig = { - # modules = [ ./terraform/myconfig.nix ]; - # extraArgs = { }; # optional - # }; + oci-homelab = { + modules = [ ./terranix/oci/homelab.nix ]; + }; }; }; } From 716ed5cc5347b6a564425fbfa5d49e702103e208 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 2 Nov 2025 22:01:43 -0300 Subject: [PATCH 218/267] trator terranix config functional; move disko configs to individual outputs; touching up trantor --- .gitignore | 1 + disko/io.nix | 75 +++++++++++++ disko/trantor.nix | 61 +++++++++++ diskoConfigurations.nix | 12 +++ flake.lock | 53 ++++++---- flake.nix | 8 +- hosts/io/disko.nix | 83 --------------- hosts/io/hardware-configuration.nix | 6 +- hosts/modules/ephemeral.nix | 8 +- hosts/trantor/boot.nix | 5 +- hosts/trantor/disko.nix | 36 ------- hosts/trantor/hardware-configuration.nix | 6 +- nixosConfigurations.nix | 1 + terranix/cloudflare/baduhai.dev.nix | 0 terranix/cloudflare/kernelpanic.space.nix | 0 terranix/oci/terminus.nix | 0 terranix/oci/{homelab.nix => trantor.nix} | 122 +++++++++++++++------- terranix/tailscale/tailnet.nix | 0 terranixConfigurations.nix | 14 ++- 19 files changed, 298 insertions(+), 193 deletions(-) create mode 100644 disko/io.nix create mode 100644 disko/trantor.nix create mode 100644 diskoConfigurations.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/trantor/disko.nix create mode 100644 terranix/cloudflare/baduhai.dev.nix create mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/oci/terminus.nix rename terranix/oci/{homelab.nix => trantor.nix} (56%) create mode 100644 terranix/tailscale/tailnet.nix diff --git a/.gitignore b/.gitignore index 928efae..b59fd44 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ result result-* .direnv/ +oci-trantor/ # Personal notes and temporary files todo.md diff --git a/disko/io.nix b/disko/io.nix new file mode 100644 index 0000000..37f3160 --- /dev/null +++ b/disko/io.nix @@ -0,0 +1,75 @@ +{ + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/disko/trantor.nix b/disko/trantor.nix new file mode 100644 index 0000000..db1397e --- /dev/null +++ b/disko/trantor.nix @@ -0,0 +1,61 @@ +{ + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix new file mode 100644 index 0000000..511eddc --- /dev/null +++ b/diskoConfigurations.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.disko.flakeModule + ]; + + flake.diskoConfigurations = { + io.modules = [ ./disko/io.nix ]; + trantor.modules = [ ./disko/trantor.nix ]; + }; +} diff --git a/flake.lock b/flake.lock index f9d54f9..5993cdf 100644 --- a/flake.lock +++ b/flake.lock @@ -135,21 +135,18 @@ }, "disko": { "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v1.11.0", "repo": "disko", "type": "github" } @@ -393,7 +390,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -415,7 +412,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -506,7 +503,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -528,7 +525,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1760856139, @@ -608,6 +605,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -623,7 +636,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1760878510, "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", @@ -639,7 +652,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -655,7 +668,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -671,7 +684,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1760878510, "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", @@ -687,7 +700,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -703,7 +716,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -800,7 +813,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -860,7 +873,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nur": "nur", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -1130,7 +1143,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1760934351, diff --git a/flake.nix b/flake.nix index ccbec85..c9d5076 100644 --- a/flake.nix +++ b/flake.nix @@ -17,10 +17,7 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko = { - url = "github:nix-community/disko?ref=v1.11.0"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; + disko.url = "github:nix-community/disko"; noctalia = { url = "github:noctalia-dev/noctalia-shell"; @@ -63,13 +60,14 @@ ]; imports = [ + ./deploy.nix ./devShells.nix + ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix ./overlays.nix ./packages.nix - ./deploy.nix ./terranixConfigurations.nix ]; }; diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index edb1418..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index 56f0d0d..cb114a1 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,11 +2,15 @@ config, lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + self.diskoConfigurations.io + ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index a759cf4..8ed08bc 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ config, inputs, ... }: { imports = [ @@ -8,7 +8,11 @@ ephemeral = { enable = true; - rootDevice = "/dev/mapper/cryptroot"; + rootDevice = + if config.networking.hostName == "trantor" then + "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + else + "/dev/mapper/cryptroot"; rootSubvolume = "@root"; }; diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index a031ce9..67ac124 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,6 +1,3 @@ { - boot = { - loader.efi.efiSysMountPoint = "/boot"; - initrd.systemd.enable = true; - }; + boot.initrd.systemd.enable = true; } diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index a70383e..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index d5cc31f..4a9503f 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,11 +1,15 @@ { lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + self.diskoConfigurations.trantor + ]; boot = { kernelModules = [ ]; diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 9a0a09d..ced8851 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -47,6 +47,7 @@ in system = "aarch64-linux"; tags = [ "server" + "ephemeral" ]; }; }; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/oci/homelab.nix b/terranix/oci/trantor.nix similarity index 56% rename from terranix/oci/homelab.nix rename to terranix/oci/trantor.nix index 12c15b4..37c12ae 100644 --- a/terranix/oci/homelab.nix +++ b/terranix/oci/trantor.nix @@ -3,16 +3,16 @@ { terraform.required_providers.oci = { source = "oracle/oci"; - version = "~> 5.0"; + version = "~> 7.0"; }; provider.oci.region = "sa-saopaulo-1"; terraform.backend.s3 = { bucket = "terraform-state"; - key = "oci/homelab.tfstate"; + key = "oci/trantor.tfstate"; region = "auto"; - endpoint = "https://.r2.cloudflarestorage.com"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; skip_credentials_validation = true; skip_metadata_api_check = true; skip_region_validation = true; @@ -21,8 +21,13 @@ }; variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + compartment_name = { - default = "homelab"; + default = "trantor"; type = "string"; }; @@ -46,14 +51,12 @@ }; data = { - oci_identity_tenancy.tenancy = { }; - oci_identity_availability_domains.ads = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; + compartment_id = config.variable.tenancy_ocid.default; }; oci_core_images.ubuntu_arm = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; + compartment_id = config.variable.tenancy_ocid.default; operating_system = "Canonical Ubuntu"; operating_system_version = "24.04"; shape = "VM.Standard.A1.Flex"; @@ -63,34 +66,34 @@ }; resource = { - oci_identity_compartment.homelab = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; - description = "Homelab infrastructure compartment"; + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; name = config.variable.compartment_name.default; }; oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "homelab-vcn"; - dns_label = "homelab"; + display_name = "trantor-vcn"; + dns_label = "trantor"; }; oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-ig"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; enabled = true; }; oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-rt"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; route_rules = [ { - network_entity_id = config.resource.oci_core_internet_gateway.ig.id; + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; destination = "0.0.0.0/0"; destination_type = "CIDR_BLOCK"; } @@ -98,9 +101,9 @@ }; oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-sl"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; egress_security_rules = [ { @@ -138,23 +141,50 @@ max = 443; }; } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } ]; }; oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; cidr_block = config.variable.vcn_cidr.default; - display_name = "homelab-subnet"; + display_name = "trantor-subnet"; dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt.id; - security_list_ids = [ config.resource.oci_core_security_list.sl.id ]; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; prohibit_public_ip_on_vnic = false; }; oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name; - compartment_id = config.resource.oci_identity_compartment.homelab.id; + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; display_name = config.variable.instance_name.default; shape = "VM.Standard.A1.Flex"; @@ -165,12 +195,12 @@ source_details = { source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm.images .0.id; - boot_volume_size_in_gbs = 50; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; }; create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet.id; + subnet_id = config.resource.oci_core_subnet.subnet "id"; display_name = "trantor-vnic"; assign_public_ip = true; hostname_label = config.variable.instance_name.default; @@ -182,15 +212,35 @@ preserve_boot_volume = false; }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; }; output = { compartment_id = { - value = config.resource.oci_identity_compartment.homelab.id; + value = config.resource.oci_identity_compartment.trantor "id"; }; instance_public_ip = { - value = config.resource.oci_core_instance.trantor.public_ip; + value = config.resource.oci_core_instance.trantor "public_ip"; }; }; } diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 8606b2c..fc84f17 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -5,11 +5,15 @@ inputs.terranix.flakeModule ]; - perSystem = { - terranix.terranixConfigurations = { - oci-homelab = { - modules = [ ./terranix/oci/homelab.nix ]; + perSystem = + { pkgs, ... }: + + { + terranix.terranixConfigurations = { + oci-trantor = { + modules = [ ./terranix/oci/trantor.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; - }; } From 697a9f2cabb4a7699bb747bcc87d6ada86100183 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 10:55:14 -0300 Subject: [PATCH 219/267] wrap fastfetch with config; run fastfetch on ssh login --- hosts/modules/common/openssh.nix | 5 ++ hosts/modules/common/programs.nix | 2 +- hosts/modules/common/users.nix | 6 --- overlays.nix | 5 +- packages.nix | 5 +- packages/fastfetch.nix | 81 +++++++++++++++++++++++++++++++ 6 files changed, 93 insertions(+), 11 deletions(-) create mode 100644 packages/fastfetch.nix diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 07108ce..63422b3 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -5,4 +5,9 @@ enable = true; settings.PermitRootLogin = "no"; }; + programs.fish.interactiveShellInit = '' + if set -q SSH_CONNECTION + neofetch + end + ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index e0cc2c9..be57b69 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -7,6 +7,7 @@ git ### System Utilities ### btop + fastfetch helix nixos-firewall-tool nvd @@ -18,7 +19,6 @@ shellAliases = { cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - neofetch = "${lib.getExe pkgs.fastfetch}"; tree = "ls --tree"; }; }; diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 076eb99..0572153 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -20,10 +20,4 @@ hashedPassword = "!"; }; }; - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ''; - }; } diff --git a/overlays.nix b/overlays.nix index 2732f0e..eab4edf 100644 --- a/overlays.nix +++ b/overlays.nix @@ -3,10 +3,11 @@ { flake.overlays = { default = final: prev: { - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + fastfetch = inputs.self.packages.${final.system}.fastfetch; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; }; }; } diff --git a/packages.nix b/packages.nix index 2cd7661..46979f8 100644 --- a/packages.nix +++ b/packages.nix @@ -5,10 +5,11 @@ { pkgs, system, ... }: { packages = { - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; }; }; } diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix new file mode 100644 index 0000000..fa8e0ea --- /dev/null +++ b/packages/fastfetch.nix @@ -0,0 +1,81 @@ +{ + lib, + pkgs ? import { }, +}: + +let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; + + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; + } + ); +in +pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' From 447778eb46bafd81477e66857f828b3d09ebaf31 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 11:13:56 -0300 Subject: [PATCH 220/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) → 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) → 'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) → 'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6?narHash=sha256-x2rJ%2BOvzq0sCMpgfgGaaqgBSwY%2BLST%2BWbZ6TytnT9Rk%3D' (2025-08-10) → 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) • Updated input 'home-manager': 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) → 'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/f851a923137c0a54719412146fd63d24b3214e60?narHash=sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00%3D' (2025-10-20) → 'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/b3245b81a6ed8edfaf5388a74d2e0a23c24941e5?narHash=sha256-KbM47vD6E0cx%2Bv4jYQZ8mD5N186AKm2CQlyh34TW58U%3D' (2025-10-20) → 'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/a9188e70bd748118b4d56a529871b9de5adb9988?narHash=sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70%3D' (2025-10-05) → 'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/5024e1901239a76b7bf94a4cd27f3507e639d49e?narHash=sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc%3D' (2025-10-19) → 'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) → 'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01) • Updated input 'nixos-cli/flake-compat': 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) → 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) → 'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03) • Updated input 'noctalia/quickshell': 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=a5431dd02dc23d9ef1680e67777fed00fe5f7cda' (2025-07-27) → 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=db1777c20b936a86528c1095cbcb1ebd92801402' (2025-10-30) • Updated input 'stylix': 'github:danth/stylix/8d008296a1b3be9b57ad570f7acea00dd2fc92db?narHash=sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx%2BMUkuE%2BE%3D' (2025-10-14) → 'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02) • Updated input 'terranix': 'github:terranix/terranix/924573fa6587ac57b0d15037fbd2d3f0fcdf17fb?narHash=sha256-hTMi6oGU%2B6VRnW9SZZ%2BmuFcbfMEf2ajjOp7Z2KM5MMY%3D' (2025-09-07) → 'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) → 'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03) --- flake.lock | 128 ++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index 5993cdf..429e817 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -204,11 +204,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1760929667, - "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", + "lastModified": 1762178366, + "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", "owner": "nix-community", "repo": "home-manager", - "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", + "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760950171, - "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", + "lastModified": 1762152856, + "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f851a923137c0a54719412146fd63d24b3214e60", + "rev": "df17789929ac80f4157b15724450db6a303a6dc9", "type": "github" }, "original": { @@ -451,11 +451,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760940149, - "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", + "lastModified": 1762146685, + "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", "owner": "YaLTeR", "repo": "niri", - "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", + "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", "type": "github" }, "original": { @@ -487,11 +487,11 @@ ] }, "locked": { - "lastModified": 1760846226, - "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "lastModified": 1762055842, + "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", "type": "github" }, "original": { @@ -528,11 +528,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1760856139, - "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", + "lastModified": 1761970410, + "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", + "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -574,11 +574,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -590,11 +590,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1752596105, + "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "type": "github" }, "original": { @@ -638,11 +638,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -686,11 +686,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -741,11 +741,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1761190730, - "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", + "lastModified": 1762156721, + "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", + "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", "type": "github" }, "original": { @@ -787,11 +787,11 @@ ] }, "locked": { - "lastModified": 1753595452, - "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", + "lastModified": 1761821581, + "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", "ref": "refs/heads/master", - "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", - "revCount": 665, + "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", + "revCount": 699, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -883,11 +883,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1760472212, - "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "lastModified": 1762101397, + "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", "owner": "danth", "repo": "stylix", - "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", "type": "github" }, "original": { @@ -995,11 +995,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1757278723, - "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "lastModified": 1762161791, + "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", "owner": "terranix", "repo": "terranix", - "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", "type": "github" }, "original": { @@ -1127,11 +1127,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1759707084, - "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "lastModified": 1761622056, + "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", "type": "github" }, "original": { @@ -1146,11 +1146,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1760934351, - "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", + "lastModified": 1762131860, + "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", + "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", "type": "github" }, "original": { From fe091504d08430563e0e6c42678ea991df2e3656 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 12:34:40 -0300 Subject: [PATCH 221/267] openssh greeting fixes --- hosts/alexandria/nextcloud.nix | 7 ++++++- hosts/modules/common/openssh.nix | 8 +++----- hosts/modules/common/programs.nix | 12 +++++++++++- users/modules/common/fish.nix | 5 ++++- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 68d4875..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,7 +24,12 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + ; }; extraAppsEnable = true; caching = { diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 63422b3..df70bdd 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -4,10 +4,8 @@ services.openssh = { enable = true; settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; }; - programs.fish.interactiveShellInit = '' - if set -q SSH_CONNECTION - neofetch - end - ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index be57b69..fd10953 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -25,6 +25,16 @@ programs = { command-not-found.enable = false; - fish.enable = true; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; } diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index d95db24..c753297 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -3,7 +3,10 @@ { programs.fish = { enable = true; - interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; plugins = [ { From 4622f2b299704e0458c48c69a27410ba39bd228e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 16:42:18 -0300 Subject: [PATCH 222/267] fix trantor disko config --- disko/trantor.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/disko/trantor.nix b/disko/trantor.nix index db1397e..0791308 100644 --- a/disko/trantor.nix +++ b/disko/trantor.nix @@ -27,8 +27,7 @@ name = "root"; size = "100%"; content = { - type = "filesystem"; - format = "btrfs"; + type = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { "@root" = { From f5f1541aec620f879d7b1768d0b1e18abf96cb0a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 17:19:21 -0300 Subject: [PATCH 223/267] fixing trantor --- hosts/io/hardware-configuration.nix | 5 ++--- hosts/trantor/boot.nix | 5 ++++- hosts/trantor/hardware-configuration.nix | 7 ++++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index cb114a1..a17fe24 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,15 +2,14 @@ config, lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - self.diskoConfigurations.io - ]; + ] ++ inputs.self.diskoConfigurations.io.modules; boot = { initrd = { diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index 67ac124..0498818 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,3 +1,6 @@ { - boot.initrd.systemd.enable = true; + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; } diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 4a9503f..94568f6 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,15 +1,16 @@ { lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - self.diskoConfigurations.trantor - ]; + inputs.disko.nixosModules.disko + ] + ++ inputs.self.diskoConfigurations.trantor.modules; boot = { kernelModules = [ ]; From d6f582fffd2df08649cc609f180f9ed5d619e5cd Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 21:37:03 -0300 Subject: [PATCH 224/267] no diskoConfirations outputs --- diskoConfigurations.nix | 12 --------- flake.nix | 1 - disko/io.nix => hosts/io/disko.nix | 0 hosts/io/hardware-configuration.nix | 4 +-- hosts/modules/ephemeral.nix | 2 +- disko/trantor.nix => hosts/trantor/disko.nix | 6 ++++- hosts/trantor/hardware-configuration.nix | 26 ++++++-------------- 7 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 diskoConfigurations.nix rename disko/io.nix => hosts/io/disko.nix (100%) rename disko/trantor.nix => hosts/trantor/disko.nix (90%) diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix deleted file mode 100644 index 511eddc..0000000 --- a/diskoConfigurations.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.disko.flakeModule - ]; - - flake.diskoConfigurations = { - io.modules = [ ./disko/io.nix ]; - trantor.modules = [ ./disko/trantor.nix ]; - }; -} diff --git a/flake.nix b/flake.nix index c9d5076..07d4a02 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,6 @@ imports = [ ./deploy.nix ./devShells.nix - ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix diff --git a/disko/io.nix b/hosts/io/disko.nix similarity index 100% rename from disko/io.nix rename to hosts/io/disko.nix diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index a17fe24..8e4dae4 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -7,9 +7,7 @@ }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ] ++ inputs.self.diskoConfigurations.io.modules; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index 8ed08bc..cad5f41 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -10,7 +10,7 @@ enable = true; rootDevice = if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" else "/dev/mapper/cryptroot"; rootSubvolume = "@root"; diff --git a/disko/trantor.nix b/hosts/trantor/disko.nix similarity index 90% rename from disko/trantor.nix rename to hosts/trantor/disko.nix index 0791308..0e47058 100644 --- a/disko/trantor.nix +++ b/hosts/trantor/disko.nix @@ -1,7 +1,11 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; - device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; content = { type = "gpt"; partitions = { diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 94568f6..039129e 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,30 +1,18 @@ { lib, modulesPath, - inputs, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - inputs.disko.nixosModules.disko - ] - ++ inputs.self.diskoConfigurations.trantor.modules; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot = { - kernelModules = [ ]; - extraModulePackages = [ ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - kernelModules = [ ]; - }; - }; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; networking.useDHCP = lib.mkDefault true; From 97450f0057a4a4e488ba0f79105105e27697d67b Mon Sep 17 00:00:00 2001 From: William Date: Tue, 4 Nov 2025 08:13:16 -0300 Subject: [PATCH 225/267] no more protonup --- hosts/modules/gaming.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index cf6217f..5aef14e 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -6,7 +6,6 @@ heroic mangohud prismlauncher - protonup steam-run ]; From cb59a911d63f70a6502ffa3e25aee7e2dfb9dd7f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:57:04 -0300 Subject: [PATCH 226/267] added ai tag for desktop hosts --- flake.lock | 151 ++++++++++++++++++++++++++++++++-------- flake.nix | 2 + hosts/modules/ai.nix | 9 +++ hosts/modules/dev.nix | 1 - nixosConfigurations.nix | 2 + 5 files changed, 136 insertions(+), 29 deletions(-) create mode 100644 hosts/modules/ai.nix diff --git a/flake.lock b/flake.lock index 429e817..3b994bf 100644 --- a/flake.lock +++ b/flake.lock @@ -91,6 +91,28 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ], + "systems": "systems_3" + }, + "locked": { + "lastModified": 1761645416, + "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "owner": "numtide", + "repo": "blueprint", + "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -261,7 +283,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -464,6 +486,26 @@ "type": "github" } }, + "nix-ai-tools": { + "inputs": { + "blueprint": "blueprint", + "nixpkgs": "nixpkgs_5", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1762442079, + "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "owner": "numtide", + "repo": "nix-ai-tools", + "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-ai-tools", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -503,7 +545,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -525,7 +567,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1761970410, @@ -604,6 +646,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1752596105, @@ -653,6 +711,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -668,7 +742,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1761880412, "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", @@ -684,7 +758,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -700,7 +774,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -716,29 +790,13 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "noctalia": { "inputs": { "nixpkgs": [ "nixpkgs" ], "quickshell": "quickshell", - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1762156721, @@ -810,10 +868,11 @@ "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", + "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -873,9 +932,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_5", + "systems": "systems_6", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,13 +1045,28 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1762161791, @@ -1089,6 +1163,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762410071, + "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" @@ -1143,7 +1238,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index 07d4a02..af148c1 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,8 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nix-ai-tools.url = "github:numtide/nix-ai-tools"; }; outputs = diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix new file mode 100644 index 0000000..ddf4fca --- /dev/null +++ b/hosts/modules/ai.nix @@ -0,0 +1,9 @@ +{ inputs, pkgs, ... }: + +{ + environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-desktop + claudebox + opencode + ]; +} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index 82908f2..c4cca78 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -3,7 +3,6 @@ { environment.systemPackages = with pkgs; [ bat - claude-code lazygit fd fzf diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index ced8851..85fd378 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -10,6 +10,7 @@ in hostname = "rotterdam"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" @@ -25,6 +26,7 @@ in hostname = "io"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" From 6ec815a7668b8af89d2ff800ecee32253c916cfd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:59:58 -0300 Subject: [PATCH 227/267] fix disko usage for io --- hosts/io/disko.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix index 37f3160..4e6c9d5 100644 --- a/hosts/io/disko.nix +++ b/hosts/io/disko.nix @@ -1,4 +1,8 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; From 59cda1884dfd49bed2852fca8ca1af82e1fcfcd3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 06:17:28 -0300 Subject: [PATCH 228/267] add recipient to oci alert --- terranix/oci/trantor.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 37c12ae..2037d87 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -229,6 +229,7 @@ threshold = 5; threshold_type = "PERCENTAGE"; display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; description = "Alert when daily spending exceeds $0.05"; message = "Daily spending has exceeded $0.05 in the trantor compartment"; }; From 45f89a1663187983364c38e04a1f5c857d21a3bb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 07:15:12 -0300 Subject: [PATCH 229/267] add claude-code back --- hosts/modules/ai.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix index ddf4fca..e2dd9d2 100644 --- a/hosts/modules/ai.nix +++ b/hosts/modules/ai.nix @@ -3,6 +3,7 @@ { environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-desktop + claude-code claudebox opencode ]; From d3ef56c724a2eed6b0544e0a01f69ceb33adb70d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 11:55:27 -0300 Subject: [PATCH 230/267] add presenterm to desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5258442..f2418ce 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -35,6 +35,7 @@ libreoffice onlyoffice-desktopeditors papers + presenterm rnote ### Graphics & Design ### gimp From 5baff5a68e44900d13e0579a3479cfcf5ab92b2f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 12:13:47 -0300 Subject: [PATCH 231/267] added kanshi to manage displays --- users/modules/desktop/niri.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 16955d9..283d940 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,19 +14,27 @@ in { imports = [ inputs.noctalia.homeModules.default ]; + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + home = { packages = with pkgs; [ xwayland-satellite ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' - output "eDP-1" { - scale 1.0 - } - output "DP-3" { - scale 1.0 - } - input { keyboard { xkb { From 52eaf14b0950fa725e86bfb521a40fbdabe4969f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 13:02:22 -0300 Subject: [PATCH 232/267] noto emoji font name change; niri window/workspace up/down keybind --- users/modules/desktop/niri.nix | 8 ++++---- users/modules/stylix.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 283d940..1f6a1bf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -163,13 +163,13 @@ in Mod+Shift+Q { close-window; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } Mod+Right { focus-column-right; } Mod+H { focus-column-left; } Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } Ctrl+Alt+J { focus-workspace-down; } Ctrl+Alt+K { focus-workspace-up; } Ctrl+Alt+Down { focus-workspace-down; } diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 13ba8b6..f1c7e44 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -46,7 +46,7 @@ name = "FiraCode Nerd Font"; }; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; sizes = { From a1369e5818cd0bf26ae7dfd5970b81e81272d682 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:46:38 -0300 Subject: [PATCH 233/267] rekeyd secrets --- hosts/alexandria/firewall.nix | 11 ----------- secrets/cloudflare.age | 18 ++++++++++-------- secrets/nextcloud-adminpass.age | Bin 465 -> 465 bytes secrets/nextcloud-secrets.json.age | Bin 537 -> 537 bytes secrets/secrets.nix | 3 ++- 5 files changed, 12 insertions(+), 20 deletions(-) delete mode 100644 hosts/alexandria/firewall.nix diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix deleted file mode 100644 index f6fded2..0000000 --- a/hosts/alexandria/firewall.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - networking.firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; -} diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 9e989ec..028e964 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY -NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc --> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU -6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg --> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s -WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U ---- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE -_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file +-> ssh-ed25519 Kfdnog IHXv4c5we36dCUsB1v8uEF23tIRlDQ/8WR1hX4GQ+Uc +Cwccw64BYBdSZUdkSqKESIU7E17cLNtiAZZ3Y1xV87A +-> ssh-ed25519 8YSAiw Ce3vdMG111ubjcFgd3+q2Qw2+7dsoUz7SiudtuLDr0Y +JUodwFsKfOTZXxFyRrEk/4gxJ4goPkwvYeThi893M0U +-> ssh-ed25519 J6tVTA bExFuITTGXkTvhW25nushN7zT/PJGDoezsqu7fLKemI +4a90v0F4wgcZeqWBQ/EpqOZ9OCgT7qruwVvlGZeFmN8 +-> ssh-ed25519 Qt3Q+A j1oo46pNh1+yPEtxpgj+QPQPf5m82jL0DHGMacY8UFA +vy52Hl1WLTdKNA8+4p7A48Sg9+QkMXbECf/uxVMCLYk +--- 429vzgFnmFbEqDMwdvC0/EYDJlKU64YEGgE0AqPqlBs +b/!8O3Df/&kNQhurt%&]ucjH]_5@D$>N8Ϧ >9:CvѦ69W'X]X^ƻ$}|c/ ߸={uɳs \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 3b6ff2affb50a87f4b2cf91edf585c73272a134f..b4a29fa2568f59e840bde1dbd55ace544626f3b8 100644 GIT binary patch delta 411 zcmcb}e35yAPJLc}VR4C}dq`2WO`Myv3IVvL6L8scd>U?K~-UTm4BX#r?KG0mcUv|0t$UXy zYw%v)XTN@Qb=HR#cxf*wE0#>Rwz7U4vS89VhUCO=pI6L?lj>d;)?c@4p5y5@N3J!G G_5lEIGm+c? delta 411 zcmcb}e35yAPJN=QslG{oagj-?Nm_<^np>o&wn1{HNuFtHy0fQcM1^l?aad@eS6ObB zE0?EFPKckAv5Aqhk6%GbghjAxUT|KOYhhMdaF#`Ju1l7?Q(#0^pm9N1GMBEMLUD11 zZfc5=si~o*f<r!^a)3v8o{zS6 zKu~a&lc%EzS5UTzt3_~G@Up1{UVQPR0R6-rmM3AwdPXK53yI+6Cc`X67NT9$x;r=~;%_j=_;!1t~sx zQQ>8Q9+iHUIZ>s-CRtf!#d+>|soEjFQ3e5t>1AnUfnE__;YQ_Ly1Kdw8D0fp!J(EF zemRNBmX={IMrN4?rQv2?<@%xe&iVeyj^!R+!J*FC28qeVT=(tk|74sxcJ}$9S=Tr| zUC=zrvWa)yQ#P5uo^SfEFZ_L>-MeDyY#FQdRyLBIo4j}xE;xlv{`2(FH{WY-E9QK> HX5a$=F~*Zs diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 473f3cb97a38fcb01d2d7512306b9576963b2754..02d170dce9315c545774f3510a4f81541ea6137b 100644 GIT binary patch delta 484 zcmbQqGLvP3PQ6z|j%%7%ieq-3zL8r*x=V;jQD#MOc$%-Lvt?CaMxuU5o>_WoWx0`K zD3@1ZMWTClMs`7Rv1Nuum7{xPxxYtAQGS|5dUjcaafz#^OF?i-Xhm41374*&LUD11 zZfc5=si~o*f< zX0BmgWnNf5SDIx~g^9aSPx`V~&;o}nqJ!ByE@KHC1S zWzH3;5ozv~mZ{oK`X(V&AucJ!kshU9Zk_>&`V}R~X+D<8hIxTpy1KdwQKd;0Ri)a# zzMh5UMyc-Ef&OMCIjIqr&fccJk)h@Rj()!NK_%sep8f^NTp_t{KN=*=`v32=CU@f6 zb#FN=XRdnX61Z;tXEo;=u{B8>C9)d2%j>GzX8&-0mcX=iT4s;Z!JaS{UQVIjmu}Dg`A2*!eD> delta 484 zcmbQqGLvP3PJO0XiLpzFzh#AQNn);vWkgQCr*S~0WqGArij$dviAk_QSZ;`iSz(S_ zI#-&0mVa7ma8X5Kv44tBiiJyNm2*jsN485=q;E!Xfu~WjWoEd0PJym@eV`;dXWol`1s#~N8Yibt+vabaO-L10yezH4OQ z#E;_j>DfLeVL4vq0YAn`FS4cuD+&brAEGP6;8pP7JI(# g=e#`y61#*wLgp)0cI;b{`b%#~@#5{@wobYM08OvE1ONa4 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d47309f..84b14d6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; in { @@ -15,6 +15,7 @@ in io-user rotterdam-user alexandria + trantor ]; "nextcloud-adminpass.age".publicKeys = [ io-user From 2289f0e6e46b5adabb087b2dad5b35cb281fd03a Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:47:21 -0300 Subject: [PATCH 234/267] beginnings of split dns --- devShells.nix | 6 +-- hosts/alexandria/forgejo.nix | 9 +++++ hosts/alexandria/jellyfin.nix | 9 +++++ hosts/alexandria/librespeed.nix | 9 +++++ hosts/alexandria/nextcloud.nix | 9 +++++ hosts/alexandria/nginx.nix | 5 +++ hosts/alexandria/unbound.nix | 67 ++++++++++++++++++++++++++++++++ hosts/alexandria/vaultwarden.nix | 9 +++++ hosts/modules/split-dns.nix | 28 +++++++++++++ utils.nix | 29 ++++++++++++++ 10 files changed, 177 insertions(+), 3 deletions(-) create mode 100644 hosts/alexandria/unbound.nix create mode 100644 hosts/modules/split-dns.nix diff --git a/devShells.nix b/devShells.nix index 72b2695..f7e9627 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,12 +1,12 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, ... }: + { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix-cli + inputs.agenix.packages.${system}.default deploy-rs nil nixfmt-rfc-style diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 909d1d1..d9860f6 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,4 +32,13 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "git.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..994f972 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,4 +13,13 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "jellyfin.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index e36a81d..9b59685 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -27,4 +27,13 @@ in acmeHost = "baduhai.dev"; domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "speedtest.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..e12d12b 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,6 +79,15 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; + + # Register this domain for split DNS + splitDNS.entries = [ + { + domain = "cloud.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; }; age.secrets = { diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 0a0a261..54640c1 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -38,6 +38,11 @@ in users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + age.secrets.cloudflare = { file = ../../secrets/cloudflare.age; owner = "nginx"; diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix new file mode 100644 index 0000000..e923318 --- /dev/null +++ b/hosts/alexandria/unbound.nix @@ -0,0 +1,67 @@ +{ config, inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkSplitDNS; +in + +{ + imports = [ ../modules/split-dns.nix ]; + + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + # Enable views for split DNS + access-control-view = [ + "100.64.0.0/10 tailscale" + "fd7a:115c:a1e0::/48 tailscale" + "192.168.0.0/16 lan" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + }; + # Split DNS views - automatically collected from all service files + view = mkSplitDNS config.services.splitDNS.entries; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..68387ee 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,4 +24,13 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "pass.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix new file mode 100644 index 0000000..0998816 --- /dev/null +++ b/hosts/modules/split-dns.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: + +{ + options.services.splitDNS = { + entries = lib.mkOption { + type = lib.types.listOf ( + lib.types.submodule { + options = { + domain = lib.mkOption { + type = lib.types.str; + description = "The domain name to configure"; + }; + lanIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for LAN requests"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for Tailscale requests"; + }; + }; + } + ); + default = [ ]; + description = "List of domains to configure for split DNS"; + }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..c803fe5 100644 --- a/utils.nix +++ b/utils.nix @@ -190,4 +190,33 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = + entries: + let + # Generate view entries for a single domain + mkEntry = + { + domain, + lanIP, + tailscaleIP, + }: + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${tailscaleIP}"''; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${lanIP}"''; + } + ]; + in + builtins.concatMap mkEntry entries; } From af444584d09eda850d4327af2d74874be3028a75 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:13 -0300 Subject: [PATCH 235/267] Add shared services infrastructure for cross-host data Created centralized service definitions in shared/services.nix to store service metadata (domains, IPs, ports) that need to be accessible across multiple hosts. This replaces the per-service split DNS module approach with a single source of truth. Services are now exported through utils.nix for easy access in host configs. --- hosts/alexandria/librespeed.nix | 39 ---------------------------- shared/services.nix | 39 ++++++++++++++++++++++++++++ utils.nix | 46 +++++++++++++++++---------------- 3 files changed, 63 insertions(+), 61 deletions(-) delete mode 100644 hosts/alexandria/librespeed.nix create mode 100644 shared/services.nix diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix deleted file mode 100644 index 9b59685..0000000 --- a/hosts/alexandria/librespeed.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "127.0.0.1:58080:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; - }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "speedtest.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; -} diff --git a/shared/services.nix b/shared/services.nix new file mode 100644 index 0000000..f55e4d2 --- /dev/null +++ b/shared/services.nix @@ -0,0 +1,39 @@ +# Shared service definitions for cross-host configuration +# Used by: +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - trantor: DNS server (Tailnet) + service hosting (forgejo) +{ + services = [ + { + name = "vaultwarden"; + domain = "vault.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8222; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + tailscaleIP = "100.108.5.90"; + port = 3000; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 443; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8096; + } + ]; +} diff --git a/utils.nix b/utils.nix index c803fe5..740bad0 100644 --- a/utils.nix +++ b/utils.nix @@ -8,9 +8,14 @@ let home-manager agenix ; + + # Import shared service definitions + sharedServices = import ./shared/services.nix; in { + # Re-export shared services for use in host configs + inherit (sharedServices) services; # Tag-based host configuration system mkHost = { @@ -196,27 +201,24 @@ in mkSplitDNS = entries: let - # Generate view entries for a single domain - mkEntry = - { - domain, - lanIP, - tailscaleIP, - }: - [ - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${tailscaleIP}"''; - } - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${lanIP}"''; - } - ]; + # Generate local-data entries for all domains + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; in - builtins.concatMap mkEntry entries; + [ + # Single Tailscale view with all domains + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + # Single LAN view with all domains + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; } From 8d8847e2fbbe3a88b8b50e5d050be86c89cb745d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:33 -0300 Subject: [PATCH 236/267] Remove split DNS module and per-service entries Removed the split-dns.nix module and all service-specific splitDNS.entries configurations. Service DNS records are now sourced from the centralized shared/services.nix file instead of being declared individually in each service configuration. --- hosts/alexandria/forgejo.nix | 9 --------- hosts/alexandria/jellyfin.nix | 9 --------- hosts/alexandria/nextcloud.nix | 9 --------- hosts/alexandria/vaultwarden.nix | 9 --------- hosts/modules/split-dns.nix | 28 ---------------------------- 5 files changed, 64 deletions(-) delete mode 100644 hosts/modules/split-dns.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index d9860f6..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,13 +32,4 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "git.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 994f972..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,13 +13,4 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "jellyfin.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index e12d12b..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,15 +79,6 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; - - # Register this domain for split DNS - splitDNS.entries = [ - { - domain = "cloud.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; }; age.secrets = { diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 68387ee..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,13 +24,4 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "pass.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix deleted file mode 100644 index 0998816..0000000 --- a/hosts/modules/split-dns.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, ... }: - -{ - options.services.splitDNS = { - entries = lib.mkOption { - type = lib.types.listOf ( - lib.types.submodule { - options = { - domain = lib.mkOption { - type = lib.types.str; - description = "The domain name to configure"; - }; - lanIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for LAN requests"; - }; - tailscaleIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for Tailscale requests"; - }; - }; - } - ); - default = [ ]; - description = "List of domains to configure for split DNS"; - }; - }; -} From ee1a7c4d180bf9bff5d0261cf3708d1374f78093 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:53 -0300 Subject: [PATCH 237/267] Split DNS servers: alexandria for LAN, trantor for tailnet Alexandria's unbound now only serves LAN clients (192.168.0.0/16) and returns LAN IPs for service domains. Created new unbound instance on trantor to serve Tailscale clients (100.64.0.0/10) and return tailscale IPs for service domains. Both configurations pull service records from shared/services.nix. --- hosts/alexandria/unbound.nix | 21 ++++--------- hosts/trantor/unbound.nix | 58 ++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 1 - 3 files changed, 64 insertions(+), 16 deletions(-) create mode 100644 hosts/trantor/unbound.nix diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix index e923318..31363aa 100644 --- a/hosts/alexandria/unbound.nix +++ b/hosts/alexandria/unbound.nix @@ -1,13 +1,10 @@ -{ config, inputs, lib, ... }: +{ inputs, lib, ... }: let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkSplitDNS; in { - imports = [ ../modules/split-dns.nix ]; - services.unbound = { enable = true; enableRootTrustAnchor = true; @@ -20,16 +17,7 @@ in access-control = [ "127.0.0.0/8 allow" "192.168.0.0/16 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - # Enable views for split DNS - access-control-view = [ - "100.64.0.0/10 tailscale" - "fd7a:115c:a1e0::/48 tailscale" - "192.168.0.0/16 lan" ]; num-threads = 2; @@ -43,9 +31,12 @@ in hide-version = true; so-rcvbuf = "1m"; so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); }; - # Split DNS views - automatically collected from all service files - view = mkSplitDNS config.services.splitDNS.entries; forward-zone = [ { diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix new file mode 100644 index 0000000..46808c6 --- /dev/null +++ b/hosts/trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 85fd378..c4969c1 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -40,7 +40,6 @@ in tags = [ # "server" TODO: uncomment when 25.11 is out. "fwupd" - "podman" ]; }; From 34622a05cbf2308e27f692efc8f3e04aa84b3942 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:16 -0300 Subject: [PATCH 238/267] Move forgejo from alexandria to trantor Migrated forgejo service and configuration to trantor. Added nginx reverse proxy support on trantor with ACME configuration for SSL certificates. Fixed vaultwarden domain in shared services from vault.baduhai.dev to pass.baduhai.dev to match actual nginx configuration. --- hosts/{alexandria => trantor}/forgejo.nix | 1 - hosts/trantor/nginx.nix | 50 +++++++++++++++++++++++ shared/services.nix | 2 +- 3 files changed, 51 insertions(+), 2 deletions(-) rename hosts/{alexandria => trantor}/forgejo.nix (96%) create mode 100644 hosts/trantor/nginx.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/trantor/forgejo.nix similarity index 96% rename from hosts/alexandria/forgejo.nix rename to hosts/trantor/forgejo.nix index 909d1d1..c11573e 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -28,7 +28,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix new file mode 100644 index 0000000..6879bfc --- /dev/null +++ b/hosts/trantor/nginx.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/shared/services.nix b/shared/services.nix index f55e4d2..fd4e440 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -6,7 +6,7 @@ services = [ { name = "vaultwarden"; - domain = "vault.baduhai.dev"; + domain = "pass.baduhai.dev"; host = "alexandria"; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; From 73db53426937916050da864ee45e53520da34294 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:41 -0300 Subject: [PATCH 239/267] Switch from wildcard to per-domain SSL certificates Updated mkNginxVHosts to use per-domain certificates (enableACME) instead of shared wildcard certificates (useACMEHost). Each service now requests its own certificate, avoiding conflicts between hosts and following the principle of least privilege. Removed wildcard certificate configuration from both alexandria and trantor. Each host now only obtains certificates for domains it actually serves: - Alexandria: pass.baduhai.dev, cloud.baduhai.dev, jellyfin.baduhai.dev - Trantor: git.baduhai.dev --- hosts/alexandria/jellyfin.nix | 1 - hosts/alexandria/nextcloud.nix | 1 - hosts/alexandria/nginx.nix | 11 +++++------ hosts/alexandria/vaultwarden.nix | 1 - utils.nix | 7 ++----- 5 files changed, 7 insertions(+), 14 deletions(-) diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..6ceac09 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -10,7 +10,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..2368a3c 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -76,7 +76,6 @@ in }; nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; }; diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 54640c1..6879bfc 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -19,9 +19,6 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; }; services.nginx = { @@ -30,9 +27,11 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."_".locations."/".return = "444"; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; }; }; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..2335ee0 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -20,7 +20,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; diff --git a/utils.nix b/utils.nix index 740bad0..7a81af7 100644 --- a/utils.nix +++ b/utils.nix @@ -183,13 +183,10 @@ in # Nginx virtual host utilities mkNginxVHosts = - { - acmeHost, - domains, - }: + { domains }: let commonVHostConfig = { - useACMEHost = acmeHost; + enableACME = true; forceSSL = true; kTLS = true; }; From 952a55f03d392d504728065191f5edddebc453ba Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:57:27 -0300 Subject: [PATCH 240/267] Add Kanidm identity provider to alexandria Added Kanidm server configuration to serve as central identity provider for all services. Configuration includes: - Server on auth.baduhai.dev with HTTPS - LDAP support on port 636 for legacy integrations - Nginx reverse proxy with SSL termination - Added to shared services for DNS resolution Kanidm will provide OAuth2/OIDC authentication for Nextcloud, Vaultwarden, Forgejo, and other services. --- hosts/alexandria/kanidm.nix | 78 +++++++++++++++++++++++++++++++++++++ shared/services.nix | 10 ++++- 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 hosts/alexandria/kanidm.nix diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix new file mode 100644 index 0000000..ee56bc1 --- /dev/null +++ b/hosts/alexandria/kanidm.nix @@ -0,0 +1,78 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/shared/services.nix b/shared/services.nix index fd4e440..8870258 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -1,9 +1,17 @@ # Shared service definitions for cross-host configuration # Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) # - trantor: DNS server (Tailnet) + service hosting (forgejo) { services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8443; + } { name = "vaultwarden"; domain = "pass.baduhai.dev"; From 58fec035791726b213ac648902513589fa11ab7e Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 22:53:18 -0300 Subject: [PATCH 241/267] Switch ACME to DNS-01 challenge with auto-configured certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed certificate generation from HTTP-01 to DNS-01 challenge to support services behind Tailscale/CGNAT IPs. HTTP-01 challenges fail because Let's Encrypt cannot reach private Tailscale IPs (100.x.x.x) that Cloudflare DNS points to. Changes: - Pre-configure certificates in security.acme.certs using DNS-01 via Cloudflare - Auto-generate certificate configs from shared/services.nix - Alexandria: filters services with host == "alexandria" - Trantor: filters services with host == "trantor" - Updated mkNginxVHosts to use useACMEHost instead of enableACME - Each domain gets its own certificate configured with DNS-01 challenge This ensures all services get valid Let's Encrypt certificates even when accessible only through Tailscale or private networks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/nginx.nix | 11 ++++++++++- hosts/trantor/nginx.nix | 13 ++++++++++++- utils.nix | 14 ++++++++------ 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 6879bfc..274f645 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -7,7 +7,15 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +27,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix index 6879bfc..56eed7c 100644 --- a/hosts/trantor/nginx.nix +++ b/hosts/trantor/nginx.nix @@ -7,7 +7,17 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +29,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/utils.nix b/utils.nix index 7a81af7..8c20ab9 100644 --- a/utils.nix +++ b/utils.nix @@ -185,13 +185,15 @@ in mkNginxVHosts = { domains }: let - commonVHostConfig = { - enableACME = true; - forceSSL = true; - kTLS = true; - }; + # Extract domain name and apply it as useACMEHost + mkVHostConfig = domain: config: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } config; in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + lib.mapAttrs mkVHostConfig domains; # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries From 258bcac59750a5ef585ab28c39d1972b9479326d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 23:56:40 -0300 Subject: [PATCH 242/267] Integrate Kanidm with Nextcloud via OIDC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added Kanidm identity provider integration with Nextcloud: - Enabled Kanidm client in kanidm.nix for CLI access - Added user_oidc app to Nextcloud for OpenID Connect authentication - Configured allow_local_remote_servers to permit Nextcloud to reach Kanidm at auth.baduhai.dev (resolves to local IP 192.168.15.142) OAuth2 client configuration (done via kanidm CLI): - Client ID: nextcloud - Scopes: openid, email, profile mapped to idm_all_accounts group - Redirect URI: https://cloud.baduhai.dev/apps/user_oidc/code - User mapping: name claim maps to Nextcloud username This allows users to authenticate to Nextcloud using their Kanidm credentials, with existing Nextcloud accounts linked via username. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/kanidm.nix | 5 +++++ hosts/alexandria/nextcloud.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix index ee56bc1..eaaa9b9 100644 --- a/hosts/alexandria/kanidm.nix +++ b/hosts/alexandria/kanidm.nix @@ -15,6 +15,7 @@ in { services.kanidm = { enableServer = true; + enableClient = true; package = pkgs.kanidm; serverSettings = { @@ -27,6 +28,10 @@ in tls_chain = "${kanidmCertDir}/cert.pem"; tls_key = "${kanidmCertDir}/key.pem"; }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; }; services.nginx.virtualHosts = mkNginxVHosts { diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2368a3c..c449cce 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -29,6 +29,7 @@ in contacts notes tasks + user_oidc ; }; extraAppsEnable = true; @@ -40,6 +41,7 @@ in trusted_proxies = [ "127.0.0.1" ]; default_phone_region = "BR"; maintenance_window_start = "4"; + allow_local_remote_servers = true; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\EMF" From 095d881ad995325d8a1ad1ecd40c510941562df0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 00:00:00 -0300 Subject: [PATCH 243/267] no ghostty notifications --- users/modules/desktop/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ba30852..742a6ea 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -22,7 +22,7 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - bell-features = "border"; + bell-features = ""; gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=text:\\x1b\\r" ]; }; From 92f5593611ac78e163ebff7292656759e393218d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 07:55:42 -0300 Subject: [PATCH 244/267] junction default browser; remove brave --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/desktop.nix | 15 +++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f2418ce..03ec04b 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -20,7 +20,6 @@ systemPackages = with pkgs; [ ### Web ### bitwarden-desktop - brave fragments nextcloud-client tor-browser diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 742a6ea..df6f380 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -41,33 +41,28 @@ enable = true; defaultApplications = { "text/html" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/http" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/https" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/about" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/unknown" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "image/jpeg" = "org.gnome.Loupe.desktop"; From 808bccf0a2665dadd303e309d9f061c360723e8b Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:45 -0300 Subject: [PATCH 245/267] Add Tailscale tailnet DNS configuration via Terranix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Configure global DNS nameservers for the Tailscale tailnet, setting trantor as the primary DNS server with Cloudflare as fallback. This enables custom DNS resolution across the entire tailnet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 77 +++++++++++++++++++++++++++++ terranix/tailscale/tailnet.nix | 43 ++++++++++++++++ terranixConfigurations.nix | 8 +++ 3 files changed, 128 insertions(+) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index e69de29..56d25ad 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -0,0 +1,77 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + description = "Cloudflare zone ID for baduhai.dev"; + type = "string"; + sensitive = true; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource = { + cloudflare_record.root = { + zone_id = config.variable.zone_id; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.www = { + zone_id = config.variable.zone_id; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.wildcard = { + zone_id = config.variable.zone_id; + name = "*"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix index e69de29..929e79b 100644 --- a/terranix/tailscale/tailnet.nix +++ b/terranix/tailscale/tailnet.nix @@ -0,0 +1,43 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index fc84f17..12c90d1 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -14,6 +14,14 @@ modules = [ ./terranix/oci/trantor.nix ]; terraformWrapper.package = pkgs.opentofu; }; + cloudflare-baduhaidev = { + modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; + tailscale-tailnet = { + modules = [ ./terranix/tailscale/tailnet.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; } From 1b1d7896e6c9fbe87d64ea02b5adbc89b34bd685 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:54 -0300 Subject: [PATCH 246/267] Document required environment variables for OCI configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add documentation about required OCI and AWS credentials for the trantor configuration, clarifying that ~/.oci/config can be used as an alternative to environment variables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/oci/trantor.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 2037d87..bb06585 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -1,3 +1,13 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + { config, ... }: { From 1921aad1bdd51292baaf18187106b42a874aa28c Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:30:02 -0300 Subject: [PATCH 247/267] Update Cloudflare DNS configuration with explicit zone ID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace sensitive zone_id variable with hardcoded value and update DNS record configuration to use cloudflare_dns_record resource type. Disable proxying and set explicit TTL for better control over DNS propagation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 31 +++++++++++++++-------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 56d25ad..b74484c 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -1,6 +1,5 @@ # Required environment variables: # CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage @@ -26,9 +25,8 @@ variable = { zone_id = { - description = "Cloudflare zone ID for baduhai.dev"; + default = "c63a8332fdddc4a8e5612ddc54557044"; type = "string"; - sensitive = true; }; }; @@ -50,28 +48,31 @@ }; resource = { - cloudflare_record.root = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.root = { + zone_id = config.variable.zone_id.default; name = "@"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.www = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.www = { + zone_id = config.variable.zone_id.default; name = "www"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.wildcard = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.wildcard = { + zone_id = config.variable.zone_id.default; name = "*"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; }; } From 14c4440dd1fa31f0589ed6c3a8f91cfa6fab2f20 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:34:57 -0300 Subject: [PATCH 248/267] forgejo: disable singup; document root password --- hosts/trantor/forgejo.nix | 1 + secrets/forgejo-root-password.age | Bin 0 -> 465 bytes secrets/secrets.nix | 5 +++++ 3 files changed, 6 insertions(+) create mode 100644 secrets/forgejo-root-password.age diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index c11573e..a89526d 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -24,6 +24,7 @@ in log.LEVEL = "Warn"; mailer.ENABLED = false; actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; }; }; diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age new file mode 100644 index 0000000000000000000000000000000000000000..90be612af57adcc9b8db836f5f02ed55ff0377b3 GIT binary patch literal 465 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlPD{zlPge*@GRiN@ zHVXH)D2u9$DhM{M@-y(LEGW&3(66X4_6rKl3(GSP49cuB_T(z{3yw514D|_h%SlNs ztnlzRGPg7fb#pc;&#KTb&aTSNkF+R{NHj0fH$k_}A~M)9vs|Gf%AnB8#VIu0(=EKn zqd;5R$EncB)6_WIH7YgS$uuv|JkKPoB0xVl!-6X{#XrN(AS=QnDX*%+G$hC@E6*`M zG^jYpJU3t4Ei=p2FW0!ZJkLGQ&jQ`Hz!Kv?ZAXQaLU)6RLf5nsSAYG)l3YhW-w59b zzyEz)TZU*ATZz{cZdy`tCv literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 84b14d6..a90cd74 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -27,4 +27,9 @@ in rotterdam-user alexandria ]; + "forgejo-root-password.age".publicKeys = [ + io-user + rotterdam-user + trantor + ]; } From 6f1aca7b01a825e71bb7db10e9968ade435e57b0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:11:55 -0300 Subject: [PATCH 249/267] Configure Forgejo OAuth2 and disable public registration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add OAuth2 client configuration to enable auto-registration via SSO with Kanidm, while disabling direct public registration. Users can now authenticate through the identity provider with automatic account creation and avatar syncing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/forgejo.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index a89526d..9688458 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -25,6 +25,12 @@ in mailer.ENABLED = false; actions.ENABLED = false; service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; }; From 878c4aa3ea7d8c642c2979895c33bf533094f54f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:12:06 -0300 Subject: [PATCH 250/267] Add public visibility flags to service definitions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark services as public or private to control external access: - Public: vaultwarden, forgejo, nextcloud - Private: kanidm, jellyfin This enables proper routing and firewall configuration based on intended service visibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/shared/services.nix b/shared/services.nix index 8870258..ebd51de 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,6 +8,7 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -16,6 +17,7 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -24,6 +26,7 @@ name = "forgejo"; domain = "git.baduhai.dev"; host = "trantor"; + public = true; tailscaleIP = "100.108.5.90"; port = 3000; } @@ -31,6 +34,7 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; @@ -39,6 +43,7 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; From ad9d565a8f365d2530b0889edb15613dc6ea330a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:20:21 -0300 Subject: [PATCH 251/267] Route DNS based on service visibility flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace wildcard DNS with dynamic service-based routing that reads from shared/services.nix. Public services (forgejo, vaultwarden, nextcloud) point to trantor's public IP for external access, while private services (kanidm, jellyfin) point to tailscale IPs for internal-only access. This provides granular control over service exposure without manual DNS management. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 2 - terranix/cloudflare/baduhai.dev.nix | 74 +++++++++++++++++++---------- 2 files changed, 49 insertions(+), 27 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index ebd51de..d267792 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,7 +8,6 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -43,7 +42,6 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index b74484c..3a5e6ee 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -3,7 +3,38 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ config, ... }: +{ config, lib, ... }: + +let + inherit (import ../../shared/services.nix) services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 (i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = if svc.public or false + then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else svc.tailscaleIP; + in { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); +in { terraform.required_providers.cloudflare = { @@ -48,31 +79,24 @@ }; resource = { - cloudflare_dns_record.root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; + cloudflare_dns_record = mkServiceRecords // { + root = { + zone_id = config.variable.zone_id.default; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; - cloudflare_dns_record.www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - cloudflare_dns_record.wildcard = { - zone_id = config.variable.zone_id.default; - name = "*"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; + www = { + zone_id = config.variable.zone_id.default; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; }; }; } From cd17bf25617f3922b7ccbdfd5a1bfdb9b7b10002 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 12:36:43 -0300 Subject: [PATCH 252/267] only forgejo is public for now --- shared/services.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index d267792..44f9208 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -16,7 +16,6 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -33,7 +32,6 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; From f1b6be6f3ff1311d7041b194ebdd3956a70fb71d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:00:17 -0300 Subject: [PATCH 253/267] Add fail2ban configuration for SSH and Forgejo on Trantor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Configure fail2ban with progressive ban times (1h base, up to 10000h max) - Add SSH jail with password authentication disabled - Add Forgejo jail using systemd journal backend - Ignore private networks and Tailscale IPs - Set Forgejo to 10 retries per hour, 15min initial ban 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/fail2ban.nix | 43 +++++++++++++++++++++++++ hosts/trantor/forgejo.nix | 65 ++++++++++++++++++++++++-------------- hosts/trantor/openssh.nix | 23 ++++++++++++++ 3 files changed, 107 insertions(+), 24 deletions(-) create mode 100644 hosts/trantor/fail2ban.nix create mode 100644 hosts/trantor/openssh.nix diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix new file mode 100644 index 0000000..4ef1bbc --- /dev/null +++ b/hosts/trantor/fail2ban.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + + jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + backend = "systemd"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; + }; + }; + }; + + # Custom fail2ban filter for Forgejo using systemd journal + environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + journalmatch = _SYSTEMD_UNIT=forgejo.service + failregex = Failed authentication attempt for .+ from :\d+: + ignoreregex = + ''); +} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 9688458..227bcb4 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -9,33 +9,50 @@ let inherit (utils) mkNginxVHosts; in { - services.forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + services = { + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; }; }; }; - services.nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; + environment.etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + ''; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix new file mode 100644 index 0000000..51d8795 --- /dev/null +++ b/hosts/trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 5; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} From f979314a3cc34dc37c99f2928cd163f0327907d1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:15:12 -0300 Subject: [PATCH 254/267] new readme --- readme.md | 184 ++++++++++++++++++++++-------------------------------- 1 file changed, 74 insertions(+), 110 deletions(-) diff --git a/readme.md b/readme.md index 2804237..1f44455 100644 --- a/readme.md +++ b/readme.md @@ -1,123 +1,87 @@ # NixOS Configuration -A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. +My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. ## Hosts -| Host | Type | System | Version | Description | -|------|------|--------|---------|-------------| -| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | -| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | -| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | -| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | +### Desktop Systems +- **rotterdam** - Main desktop workstation (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman + - Storage: Ephemeral root with LUKS encryption -## Key Features +- **io** - Secondary desktop (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman + - Storage: Ephemeral root with LUKS encryption -### Architecture -- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance -- **Flake-based** - Fully reproducible builds with locked dependencies -- **Multi-platform** - Supports both x86_64 and aarch64 architectures -- **Deployment automation** - Remote deployment via deploy-rs +### Servers +- **alexandria** - Home server (x86_64) + - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm -### Desktop Experience -- **Niri compositor** - Custom fork with auto-centering window columns -- **Unified theming** - Stylix-based theming -- **Wayland-native** - Full Wayland support -- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability +- **trantor** - Cloud server (aarch64) + - Hosts: Forgejo + - Cloud provider: Oracle Cloud Infrastructure + - Storage: Ephemeral root with btrfs -### Self-Hosted Services -- **Nextcloud** - Cloud storage with calendar, contacts, and notes -- **Forgejo** - Self-hosted Git server -- **Jellyfin** - Media streaming -- **Vaultwarden** - Password manager backend -- **LibreSpeed** - Network speed testing -- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt +## Home Manager Configurations + +- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment +- **user@io** - Lightweight desktop setup + +Both configurations include: +- btop, direnv, helix, starship, tmux +- Stylix theme management +- Fish shell with custom configurations + +## Terranix Configurations + +Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): + +- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server +- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain +- **tailscale-tailnet** - Tailscale network ACL and device management + +## Services + +All services are accessible via custom domains under baduhai.dev: + +- **Kanidm** (auth.baduhai.dev) - Identity and access management +- **Vaultwarden** (pass.baduhai.dev) - Password manager +- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) +- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration +- **Jellyfin** (jellyfin.baduhai.dev) - Media server + +Services are accessible via: +- LAN for alexandria-hosted services +- Tailscale VPN for all services +- Public internet for Forgejo only + +## Notable Features + +### Ephemeral Root +Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: +- Root filesystem is automatically rolled back using btrfs snapshots +- Old snapshots retained for 30 days +- Persistent data stored in dedicated subvolumes +- Implements truly stateless systems + +### Custom DNS Architecture +- Unbound DNS servers on both alexandria and trantor +- Service routing based on visibility flags (public/LAN/Tailscale) +- Split-horizon DNS for optimal access paths ### Security -- **Agenix** - Encrypted secrets management -- **Tailscale** - Zero-config VPN mesh network -- **Firewall** - Configured on all hosts -- SSH key-based authentication +- LUKS full-disk encryption on desktop systems +- Fail2ban on public-facing servers +- agenix for secrets management +- Tailscale for secure remote access -## Repository Structure +### Desktop Environment +- Custom Niri window manager (Wayland compositor) +- Using forked version with auto-centering feature +- Stylix for consistent theming -``` -. -├── flake.nix # Main flake definition -├── utils.nix # Tag-based module system utilities -├── nixosConfigurations.nix # Host definitions with tags -├── homeConfigurations.nix # User configurations -├── deploy.nix # Remote deployment configuration -├── hosts/ -│ ├── alexandria/ # Server-specific config -│ ├── io/ # Laptop-specific config -│ ├── rotterdam/ # Desktop-specific config -│ ├── trantor/ # VPS-specific config -│ └── modules/ -│ ├── common/ # Shared base configuration -│ ├── desktop/ # Desktop environment setup -│ ├── server/ # Server-specific modules -│ └── [tag].nix # Optional feature modules -├── users/ -│ └── modules/ # Home Manager configurations -│ └── [tag].nix # Optional feature modules -├── packages/ # Custom package definitions -└── secrets/ # Encrypted secrets (agenix) -``` - -## Tag System - -Configurations are composed using tags that map to modules: - -**Common Tags** (all hosts): -- `common` - Base system configuration (automatically applied) - -**General Tags**: -- `desktop` - *Mostly* full desktop environment with Niri WM -- `dev` - Development tools and environments -- `gaming` - Steam, Heroic, gamemode, controller support -- `ephemeral` - Impermanent root filesystem -- `networkmanager` - WiFi and network management -- `libvirtd` - KVM/QEMU virtualization -- `podman` - Container runtime -- `bluetooth` - Bluetooth support -- `fwupd` - Firmware update daemon - -**Server Tags**: -- `server` - Server-specific configuration - -## Usage - -### Rebuilding a Configuration - -```bash -# Local rebuild -sudo nixos-rebuild switch --flake .#hostname - -# Remote deployment -deploy .#hostname -``` - -### Updating Dependencies - -```bash -nix flake update -``` - -### Adding a New Host - -1. Create host directory in `hosts/` -2. Define configuration in `nixosConfigurations.nix` with appropriate tags -3. Add deployment profile in `deploy.nix` if needed - -## Dependencies - -- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels -- [home-manager](https://github.com/nix-community/home-manager) - User configuration -- [agenix](https://github.com/ryantm/agenix) - Secrets management -- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning -- [stylix](https://github.com/danth/stylix) - System-wide theming -- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) -- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support -- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment -- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management +### Development Setup +- Nix flakes for reproducible builds +- deploy-rs for automated deployments +- Podman for containerization +- Complete AI tooling integration From 0961eb8f767d8be58798df36fbac01522f187745 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:37:04 -0300 Subject: [PATCH 255/267] dns records only for actual services --- .gitignore | 2 ++ terranix/cloudflare/baduhai.dev.nix | 36 ++++++++--------------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/.gitignore b/.gitignore index b59fd44..73105bb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ result result-* .direnv/ oci-trantor/ +tailscale-tailnet/ +cloudflare-baduhaidev # Personal notes and temporary files todo.md diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 3a5e6ee..1b456f3 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -15,13 +15,17 @@ let # Public services point to trantor's public IP # Private services point to their tailscale IP mkServiceRecords = lib.listToAttrs ( - lib.imap0 (i: svc: + lib.imap0 ( + i: svc: let subdomain = getSubdomain svc.domain; - targetIP = if svc.public or false - then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else svc.tailscaleIP; - in { + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { name = "service_${toString i}"; value = { zone_id = config.variable.zone_id.default; @@ -78,25 +82,5 @@ in }; }; - resource = { - cloudflare_dns_record = mkServiceRecords // { - root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - }; - }; + resource.cloudflare_dns_record = mkServiceRecords; } From 3d71b8c1b849fa6b31ae1480a03f66f0a26b3d01 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:41:41 -0300 Subject: [PATCH 256/267] update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 1f44455..7de1cbe 100644 --- a/readme.md +++ b/readme.md @@ -1,6 +1,6 @@ -# NixOS Configuration +# Nix Configuration -My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. +My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. ## Hosts From 09a4092b92ad0492d486a893232352775cff3105 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:56:57 -0300 Subject: [PATCH 257/267] better noctalia integration for niri --- users/modules/desktop/niri.nix | 43 ++++++++++++++++------------------ 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 1f6a1bf..4d18e6a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -8,7 +8,6 @@ let isRotterdam = hostname == "rotterdam"; - noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { @@ -30,7 +29,10 @@ in }; home = { - packages = with pkgs; [ xwayland-satellite ]; + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; @@ -91,23 +93,18 @@ in inactive-color "#505050" urgent-color "#9b0000" } - tab-indicator { - width 4 - gap 4 - place-within-column - } - ${lib.optionalString isRotterdam '' - struts { - left 8 - right 8 - }''} + tab-indicator { + width 4 + gap 4 + place-within-column + } } overview { zoom 0.65 } - spawn-at-startup "${noctalia}" + spawn-at-startup "noctalia-shell" "-d" layer-rule { match namespace="^wallpaper$" place-within-backdrop true @@ -143,18 +140,18 @@ in } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } @@ -228,8 +225,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 5af6c53d817710c3a26e403b9b9c3d0439311efd Mon Sep 17 00:00:00 2001 From: william Date: Sun, 9 Nov 2025 16:28:17 -0300 Subject: [PATCH 258/267] Update readme.md --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 7de1cbe..a2b815f 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ My personal Nix configuration for multiple NixOS hosts, home-manager users, misc - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - Storage: Ephemeral root with LUKS encryption -- **io** - Secondary desktop (x86_64) +- **io** - Laptop workstation (x86_64) - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - Storage: Ephemeral root with LUKS encryption From 5906fa6f3656db778ff9e9e09b510b5091286fa7 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:31:52 -0300 Subject: [PATCH 259/267] fix forgejo's ssh domain --- hosts/trantor/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 227bcb4..25acf4e 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -20,7 +20,7 @@ in DOMAIN = "git.baduhai.dev"; ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + SSH_DOMAIN = "git.baduhai.dev"; }; log.LEVEL = "Warn"; mailer.ENABLED = false; From ae6d46012baec67e00c58328fbb5148da6cfad53 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:57:17 -0300 Subject: [PATCH 260/267] fail2ban: fix config; forgejo: repository path and persistency --- hosts/trantor/fail2ban.nix | 20 -------------------- hosts/trantor/forgejo.nix | 34 ++++++++++++++++++++++++---------- hosts/trantor/openssh.nix | 2 +- 3 files changed, 25 insertions(+), 31 deletions(-) diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix index 4ef1bbc..bc05139 100644 --- a/hosts/trantor/fail2ban.nix +++ b/hosts/trantor/fail2ban.nix @@ -12,7 +12,6 @@ "192.168.0.0/16" "100.64.0.0/10" ]; - bantime = "1h"; bantime-increment = { enable = true; @@ -20,24 +19,5 @@ maxtime = "10000h"; overalljails = true; }; - - jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - backend = "systemd"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; - }; - }; }; - - # Custom fail2ban filter for Forgejo using systemd journal - environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - journalmatch = _SYSTEMD_UNIT=forgejo.service - failregex = Failed authentication attempt for .+ from :\d+: - ignoreregex = - ''); } diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 25acf4e..fdfa64a 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -4,15 +4,16 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { services = { forgejo = { enable = true; - repositoryRoot = "/data/forgejo"; settings = { session.COOKIE_SECURE = true; server = { @@ -42,17 +43,30 @@ in settings = { enabled = true; filter = "forgejo"; - logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; }; }; }; - environment.etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - ''; + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix index 51d8795..704b3df 100644 --- a/hosts/trantor/openssh.nix +++ b/hosts/trantor/openssh.nix @@ -14,7 +14,7 @@ port = "ssh"; filter = "sshd"; logpath = "/var/log/auth.log"; - maxretry = 5; + maxretry = 3; findtime = "10m"; bantime = "1h"; }; From bb0ea2769656f6278e632ad65310bc57d6569513 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 19:01:37 -0300 Subject: [PATCH 261/267] niri keybinds --- users/modules/desktop/niri.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4d18e6a..08bcc4a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -167,10 +167,6 @@ in Mod+L { focus-column-right; } Mod+J { focus-window-or-workspace-down; } Mod+K { focus-window-or-workspace-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } Mod+Ctrl+Left { move-column-left; } Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } From b602a78bb33f941deaa4d74c911ab9b8e8574f82 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 07:51:29 -0300 Subject: [PATCH 262/267] vicinae as a launcher --- flake.lock | 71 ++++++++++++++++++++++++++++++- flake.nix | 2 + users/modules/desktop/desktop.nix | 8 +++- users/modules/desktop/niri.nix | 4 +- 4 files changed, 81 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3b994bf..893a87d 100644 --- a/flake.lock +++ b/flake.lock @@ -299,6 +299,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -647,6 +665,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -877,6 +911,7 @@ "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", + "vicinae": "vicinae", "zen-browser": "zen-browser" } }, @@ -1060,6 +1095,21 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", @@ -1202,6 +1252,25 @@ "type": "github" } }, + "vicinae": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1762709887, + "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", + "owner": "vicinaehq", + "repo": "vicinae", + "rev": "54722e36137d8273ef0a5db37776fb8302c79238", + "type": "github" + }, + "original": { + "owner": "vicinaehq", + "repo": "vicinae", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { @@ -1238,7 +1307,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index af148c1..c5c3880 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,8 @@ }; nix-ai-tools.url = "github:numtide/nix-ai-tools"; + + vicinae.url = "github:vicinaehq/vicinae"; }; outputs = diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index df6f380..6940e1f 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,15 +1,21 @@ { - config, inputs, pkgs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; + services.vicinae = { + enable = true; + autoStart = true; + }; + programs = { ghostty = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 08bcc4a..09767e6 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -140,7 +140,7 @@ in } binds { - Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + Alt+Space repeat=false { spawn "vicinae" "toggle"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } @@ -150,7 +150,7 @@ in XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } From e95ba0215b47cdabb5a05749baea80146bea95ec Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:04:55 -0300 Subject: [PATCH 263/267] new ssh key for himalia --- hosts/modules/common/users.nix | 3 ++- terranix/oci/trantor.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 0572153..7dd6490 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -10,8 +10,9 @@ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index bb06585..170ad04 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -53,6 +53,7 @@ ssh_public_keys = { default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; From 489af5a79fe4b563018c39b9d1862a816eebec6b Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:46:54 -0300 Subject: [PATCH 264/267] new noctalia ipc command --- users/modules/desktop/niri.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 09767e6..0cb5db8 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -151,7 +151,7 @@ in XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } From 0925a66f2218434b3bb70cd0f14b440db7b5fbc7 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 14:26:35 -0300 Subject: [PATCH 265/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/aaee8f2df1325c7f212d769515092162bcac31a7?narHash=sha256-aWt5CgOsQiiq%2BcaxF0iqp56kfHRkv8Tnz0X9DhJeBEE%3D' (2025-11-06) → 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4?narHash=sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw%3D' (2025-11-02) → 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/97a30861b13c3731a84e09405414398fbf3e109f?narHash=sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g%2BmjR/p5TEg%3D' (2025-11-06) → 'github:numtide/treefmt-nix/5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4?narHash=sha256-AlEObg0syDl%2BSpi4LsZIBrjw%2BsnSVU4T8MOeuZJUJjM%3D' (2025-11-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 893a87d..1a520bd 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1762442079, - "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "lastModified": 1763040477, + "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", "type": "github" }, "original": { @@ -746,11 +746,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762844143, + "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", "type": "github" }, "original": { @@ -1221,11 +1221,11 @@ ] }, "locked": { - "lastModified": 1762410071, - "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { From eebacb0f1fb1107076f5bd3cebafd95216ab1bad Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 19:16:08 -0300 Subject: [PATCH 266/267] add power profiles daemon to io --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 90fb737..df41a6f 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -49,6 +49,7 @@ }; }; upower.enable = true; + power-profiles-daemon.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 1dc55be5e1c4784b14e6eb655029528abf0cdcd1 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 18 Nov 2025 19:09:57 -0300 Subject: [PATCH 267/267] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) → 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/633af1961cae8e02bc6195e6e599a6b09bf75217?narHash=sha256-wTQzbbQ6XHtvNJVuhJj%2BytZDRyNtwUKbrIfIvMvKNfQ%3D' (2025-10-28) → 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) → 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 1a520bd..27c3580 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1761645416, - "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "lastModified": 1763308703, + "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", "owner": "numtide", "repo": "blueprint", - "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763040477, - "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", + "lastModified": 1763412165, + "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", + "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", "type": "github" }, "original": { @@ -746,16 +746,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762844143, - "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", + "lastModified": 1763312402, + "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", + "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" }