lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Format
Some checks failed
/ check (push) Failing after 9s
Details

Browse source
This commit is contained in:
Daniel Flanagan 2025-02-14 13:31:18 -06:00
parent 8e8a483e97
commit d21df887fe
51 changed files with 4363 additions and 3873 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.helix/languages.toml
View file

@ -3,6 +3,7 @@ auto-format = true
file-types = ["nix"] file-types = ["nix"]
name = "nix" name = "nix"
scope = "source.nix" scope = "source.nix"
language-servers = ["nixd", "nil"]
[language.formatter] [language.formatter]
args = ["-"] args = ["-"]

21
lib/colors.nix
View file

@ -1,6 +1,9 @@
{lib, ...}: { { lib, ... }:
schemes = let {
mkColorScheme = scheme @ { schemes =
let
mkColorScheme =
scheme@{
scheme-name, scheme-name,
bg, bg,
bg2, bg2,
@ -19,9 +22,9 @@
green, green,
# teal, # teal,
blue, blue,
}: let }:
base = let
{ base = {
text = fg; text = fg;
primary = blue; primary = blue;
urgent = red; urgent = red;
@ -46,14 +49,14 @@
# whites # whites
"7" = fg2; "7" = fg2;
"15" = fg3; "15" = fg3;
} } // scheme;
// scheme;
in in
base base
// { // {
withHashPrefix = lib.mapAttrs (_: value: "#${value}") base; withHashPrefix = lib.mapAttrs (_: value: "#${value}") base;
}; };
in { in
{
donokai = mkColorScheme { donokai = mkColorScheme {
scheme-name = "donokai"; scheme-name = "donokai";
bg = "110f0a"; bg = "110f0a";

22
lib/default.nix
View file

@ -1,11 +1,19 @@
{self, ...}: let { self, ... }:
let
forSelfOverlay = forSelfOverlay =
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays then
then self.overlays.forSelf self.overlays.forSelf
else (_: p: p); else
in rec { (_: p: p);
systems = ["aarch64-linux" "aarch64-darwin" "x86_64-darwin" "x86_64-linux"]; in
rec {
systems = [
"aarch64-linux"
"aarch64-darwin"
"x86_64-darwin"
"x86_64-linux"
];
forSystems = nixpkgs: nixpkgs.lib.genAttrs systems; forSystems = nixpkgs: nixpkgs.lib.genAttrs systems;
pkgsFor = nixpkgs: system: (import nixpkgs {inherit system;}).extend forSelfOverlay; pkgsFor = nixpkgs: system: (import nixpkgs { inherit system; }).extend forSelfOverlay;
genPkgs = nixpkgs: func: (forSystems nixpkgs (system: func (pkgsFor nixpkgs system))); genPkgs = nixpkgs: func: (forSystems nixpkgs (system: func (pkgsFor nixpkgs system)));
} }

88
lib/disko/default.nix
View file

@ -1,8 +1,10 @@
{nixpkgs-unstable, ...}: let { nixpkgs-unstable, ... }:
let
# TODO: This file needs some serious cleaning up. # TODO: This file needs some serious cleaning up.
lib = nixpkgs-unstable.lib; lib = nixpkgs-unstable.lib;
inherit (lib.attrsets) mapAttrs' filterAttrs; inherit (lib.attrsets) mapAttrs' filterAttrs;
ESP = inputs @ { ESP =
inputs@{
size ? "4G", size ? "4G",
label ? "ESP", label ? "ESP",
name ? "ESP", name ? "ESP",
@ -24,8 +26,10 @@
}; };
} }
// inputs; // inputs;
in rec { in
standardWithHibernateSwap = { rec {
standardWithHibernateSwap =
{
esp ? { esp ? {
label = "ESP"; label = "ESP";
size = "4G"; size = "4G";
@ -36,7 +40,8 @@ in rec {
disk, disk,
swapSize, swapSize,
... ...
}: { }:
{
/* /*
this is my standard partitioning scheme for my machines which probably want hibernation capabilities this is my standard partitioning scheme for my machines which probably want hibernation capabilities
a UEFI-compatible boot partition a UEFI-compatible boot partition
@ -73,19 +78,22 @@ in rec {
# additionalKeyFiles = ["/tmp/additionalSecret.key"]; # additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = [ "-f" ];
subvolumes = { subvolumes = {
${rootfsName} = { ${rootfsName} = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
}; };
${homeName} = { ${homeName} = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
}; };
}; };
}; };
@ -109,7 +117,8 @@ in rec {
}; };
}; };
standard = { standard =
{
esp ? { esp ? {
label = "ESP"; label = "ESP";
size = "4G"; size = "4G";
@ -117,7 +126,8 @@ in rec {
}, },
disk, disk,
... ...
}: { }:
{
# this is my standard partitioning scheme for my machines: an LUKS-encrypted # this is my standard partitioning scheme for my machines: an LUKS-encrypted
# btrfs volume # btrfs volume
disko.devices = { disko.devices = {
@ -141,19 +151,22 @@ in rec {
# additionalKeyFiles = ["/tmp/additionalSecret.key"]; # additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = [ "-f" ];
subvolumes = { subvolumes = {
"/root" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
}; };
"/home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
}; };
}; };
}; };
@ -175,7 +188,9 @@ in rec {
}; };
}; };
unencrypted = {disk, ...}: { unencrypted =
{ disk, ... }:
{
disko.devices = { disko.devices = {
disk = { disk = {
primary = { primary = {
@ -184,25 +199,28 @@ in rec {
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
ESP = ESP {size = "5G";}; ESP = ESP { size = "5G"; };
root = { root = {
size = "100%"; size = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = [ "-f" ];
mountpoint = "/partition-root"; mountpoint = "/partition-root";
subvolumes = { subvolumes = {
"/rootfs" = { "/rootfs" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
}; };
"/home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
}; };
}; };
}; };
@ -214,7 +232,8 @@ in rec {
}; };
}; };
beefcake = let beefcake =
let
zpools = { zpools = {
zroot = { zroot = {
/* /*
@ -286,7 +305,7 @@ in rec {
sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage
*/ */
name = "zstorage"; name = "zstorage";
config = {}; config = { };
}; };
}; };
diskClass = { diskClass = {
@ -385,24 +404,33 @@ in rec {
}; };
}; };
diskoBoot = mapAttrs' (device: {name, ...}: { diskoBoot = mapAttrs' (
device:
{ name, ... }:
{
name = "boot-${name}"; name = "boot-${name}";
value = { value = {
inherit device; inherit device;
type = "disk"; type = "disk";
content = diskClass.boot.content; content = diskClass.boot.content;
}; };
}) (filterAttrs (_: {enable, ...}: enable) bootDisks); }
) (filterAttrs (_: { enable, ... }: enable) bootDisks);
diskoStorage = mapAttrs' (device: {name, ...}: { diskoStorage = mapAttrs' (
device:
{ name, ... }:
{
name = "storage-${name}"; name = "storage-${name}";
value = { value = {
inherit device; inherit device;
type = "disk"; type = "disk";
content = diskClass.storage.content; content = diskClass.storage.content;
}; };
}) (filterAttrs (_: {enable, ...}: enable) storageDisks); }
in { ) (filterAttrs (_: { enable, ... }: enable) storageDisks);
in
{
disko.devices = { disko.devices = {
disk = diskoBoot // diskoStorage; disk = diskoBoot // diskoStorage;
zpool = { zpool = {
@ -411,7 +439,9 @@ in rec {
}; };
}; };
legacy = {disks, ...}: { legacy =
{ disks, ... }:
{
disko.devices = { disko.devices = {
disk = { disk = {
primary = { primary = {

9
lib/modules/home/eww/scripts/workspaces/default.nix
View file

@ -1,4 +1,7 @@
{pkgs ? import <nixpkgs> {}}: let {
pkgs ? import <nixpkgs> { },
}:
let
# lock = builtins.fromJSON (builtins.readFile ../../../../../flake.lock); # lock = builtins.fromJSON (builtins.readFile ../../../../../flake.lock);
# nixpkgsRev = lock.nodes.nixpkgs.locked.rev; # nixpkgsRev = lock.nodes.nixpkgs.locked.rev;
# pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgsRev}.tar.gz") {}; # pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgsRev}.tar.gz") {};
@ -6,7 +9,7 @@
version = "1.0.0"; version = "1.0.0";
src = ./src; src = ./src;
in in
pkgs.rustPlatform.buildRustPackage { pkgs.rustPlatform.buildRustPackage {
inherit pname version src; inherit pname version src;
cargoHash = "sha256-6Wl3cOIxlPJjzEuzNhCBZJXayL8runQfAxPruvzh2Vc="; cargoHash = "sha256-6Wl3cOIxlPJjzEuzNhCBZJXayL8runQfAxPruvzh2Vc=";
# cargoHash = pkgs.lib.fakeHash; # cargoHash = pkgs.lib.fakeHash;
@ -17,4 +20,4 @@ in
# ${pkgs.upx}/bin/upx --best --lzma hyprland-workspaces-eww # ${pkgs.upx}/bin/upx --best --lzma hyprland-workspaces-eww
# popd # popd
''; '';
} }

17
lib/modules/home/hyprland.nix
View file

@ -5,9 +5,11 @@
lib, lib,
# font, # font,
... ...
}: let }:
let
inherit (style) colors; inherit (style) colors;
in { in
{
# TODO: Hyprland seems to sometimes use a ton of CPU? # TODO: Hyprland seems to sometimes use a ton of CPU?
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -217,7 +219,10 @@ in {
]; ];
# Move/resize windows with mod + LMB/RMB and dragging # Move/resize windows with mod + LMB/RMB and dragging
bindm = ["$mod, mouse:272, movewindow" "$mod, mouse:273, resizewindow"]; bindm = [
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
}; };
extraConfig = '' extraConfig = ''
@ -376,10 +381,12 @@ in {
}; };
}; };
services.hypridle = let services.hypridle =
let
secondsPerMinute = 60; secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute; lockSeconds = 10 * secondsPerMinute;
in { in
{
enable = true; enable = true;
settings = { settings = {
general = { general = {

5
lib/modules/home/kitty.nix
View file

@ -2,10 +2,11 @@
colors, colors,
font, font,
... ...
}: { }:
{
programs.kitty = { programs.kitty = {
enable = true; enable = true;
darwinLaunchOptions = ["--single-instance"]; darwinLaunchOptions = [ "--single-instance" ];
shellIntegration = { shellIntegration = {
enableFishIntegration = true; enableFishIntegration = true;
}; };

70
lib/modules/home/plasma-manager.nix
View file

@ -2,7 +2,7 @@
programs.plasma = { programs.plasma = {
enable = true; enable = true;
shortcuts = { shortcuts = {
"ActivityManager"."switch-to-activity-851c180f-d52d-4fe4-b7ed-a10e70cf4ce8" = []; "ActivityManager"."switch-to-activity-851c180f-d52d-4fe4-b7ed-a10e70cf4ce8" = [ ];
# "KDE Keyboard Layout Switcher"."Switch to Last-Used Keyboard Layout" = "Meta+Alt+L"; # "KDE Keyboard Layout Switcher"."Switch to Last-Used Keyboard Layout" = "Meta+Alt+L";
# "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+Alt+K"; # "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+Alt+K";
# "kaccess"."Toggle Screen Reader On and Off" = "Meta+Alt+S"; # "kaccess"."Toggle Screen Reader On and Off" = "Meta+Alt+S";
@ -15,10 +15,19 @@
"kmix"."increase_microphone_volume" = "Microphone Volume Up"; "kmix"."increase_microphone_volume" = "Microphone Volume Up";
"kmix"."increase_volume" = "Volume Up"; "kmix"."increase_volume" = "Volume Up";
"kmix"."increase_volume_small" = "Shift+Volume Up"; "kmix"."increase_volume_small" = "Shift+Volume Up";
"kmix"."mic_mute" = ["Microphone Mute" "Meta+Volume Mute,Microphone Mute" "Meta+Shift+V" "Meta+Volume Mute,Mute Microphone"]; "kmix"."mic_mute" = [
"Microphone Mute"
"Meta+Volume Mute,Microphone Mute"
"Meta+Shift+V"
"Meta+Volume Mute,Mute Microphone"
];
"kmix"."mute" = "Volume Mute"; "kmix"."mute" = "Volume Mute";
# "ksmserver"."Halt Without Confirmation" = "none,,Shut Down Without Confirmation"; # "ksmserver"."Halt Without Confirmation" = "none,,Shut Down Without Confirmation";
"ksmserver"."Lock Session" = ["Meta+Ctrl+Shift+L" "Screensaver,Meta+L" "Screensaver,Lock Session"]; "ksmserver"."Lock Session" = [
"Meta+Ctrl+Shift+L"
"Screensaver,Meta+L"
"Screensaver,Lock Session"
];
# "ksmserver"."Log Out" = "Ctrl+Alt+Del"; # "ksmserver"."Log Out" = "Ctrl+Alt+Del";
# "ksmserver"."Log Out Without Confirmation" = "none,,Log Out Without Confirmation"; # "ksmserver"."Log Out Without Confirmation" = "none,,Log Out Without Confirmation";
# "ksmserver"."LogOut" = "none,,Log Out"; # "ksmserver"."LogOut" = "none,,Log Out";
@ -31,19 +40,23 @@
# "kwin"."Decrease Opacity" = "none,,Decrease Opacity of Active Window by 5%"; # "kwin"."Decrease Opacity" = "none,,Decrease Opacity of Active Window by 5%";
# "kwin"."Edit Tiles" = "Meta+T"; # "kwin"."Edit Tiles" = "Meta+T";
"kwin"."Expose" = "Ctrl+F9"; "kwin"."Expose" = "Ctrl+F9";
"kwin"."ExposeAll" = ["Ctrl+F10" "Launch (C),Ctrl+F10" "Launch (C),Toggle Present Windows (All desktops)"]; "kwin"."ExposeAll" = [
"Ctrl+F10"
"Launch (C),Ctrl+F10"
"Launch (C),Toggle Present Windows (All desktops)"
];
"kwin"."ExposeClass" = "Ctrl+F7"; "kwin"."ExposeClass" = "Ctrl+F7";
"kwin"."ExposeClassCurrentDesktop" = []; "kwin"."ExposeClassCurrentDesktop" = [ ];
"kwin"."Grid View" = "Meta+G"; "kwin"."Grid View" = "Meta+G";
"kwin"."Increase Opacity" = "none,,Increase Opacity of Active Window by 5%"; "kwin"."Increase Opacity" = "none,,Increase Opacity of Active Window by 5%";
"kwin"."Kill Window" = "Meta+Ctrl+Esc"; "kwin"."Kill Window" = "Meta+Ctrl+Esc";
"kwin"."Move Tablet to Next Output" = []; "kwin"."Move Tablet to Next Output" = [ ];
"kwin"."MoveMouseToCenter" = "Meta+F6"; "kwin"."MoveMouseToCenter" = "Meta+F6";
"kwin"."MoveMouseToFocus" = "Meta+F5"; "kwin"."MoveMouseToFocus" = "Meta+F5";
"kwin"."MoveZoomDown" = []; "kwin"."MoveZoomDown" = [ ];
"kwin"."MoveZoomLeft" = []; "kwin"."MoveZoomLeft" = [ ];
"kwin"."MoveZoomRight" = []; "kwin"."MoveZoomRight" = [ ];
"kwin"."MoveZoomUp" = []; "kwin"."MoveZoomUp" = [ ];
"kwin"."Overview" = "Meta+W"; "kwin"."Overview" = "Meta+W";
"kwin"."Setup Window Shortcut" = "none,,Setup Window Shortcut"; "kwin"."Setup Window Shortcut" = "none,,Setup Window Shortcut";
"kwin"."Show Desktop" = "Meta+D"; "kwin"."Show Desktop" = "Meta+D";
@ -91,16 +104,19 @@
"kwin"."Switch to Screen Below" = "none,,Switch to Screen Below"; "kwin"."Switch to Screen Below" = "none,,Switch to Screen Below";
"kwin"."Switch to Screen to the Left" = "none,,Switch to Screen to the Left"; "kwin"."Switch to Screen to the Left" = "none,,Switch to Screen to the Left";
"kwin"."Switch to Screen to the Right" = "none,,Switch to Screen to the Right"; "kwin"."Switch to Screen to the Right" = "none,,Switch to Screen to the Right";
"kwin"."Toggle Night Color" = []; "kwin"."Toggle Night Color" = [ ];
"kwin"."Toggle Window Raise/Lower" = "none,,Toggle Window Raise/Lower"; "kwin"."Toggle Window Raise/Lower" = "none,,Toggle Window Raise/Lower";
"kwin"."Walk Through Windows" = "Alt+Tab"; "kwin"."Walk Through Windows" = "Alt+Tab";
"kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab"; "kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
"kwin"."Walk Through Windows Alternative" = "none,,Walk Through Windows Alternative"; "kwin"."Walk Through Windows Alternative" = "none,,Walk Through Windows Alternative";
"kwin"."Walk Through Windows Alternative (Reverse)" = "none,,Walk Through Windows Alternative (Reverse)"; "kwin"."Walk Through Windows Alternative (Reverse)" =
"none,,Walk Through Windows Alternative (Reverse)";
"kwin"."Walk Through Windows of Current Application" = "Alt+`"; "kwin"."Walk Through Windows of Current Application" = "Alt+`";
"kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~"; "kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~";
"kwin"."Walk Through Windows of Current Application Alternative" = "none,,Walk Through Windows of Current Application Alternative"; "kwin"."Walk Through Windows of Current Application Alternative" =
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" = "none,,Walk Through Windows of Current Application Alternative (Reverse)"; "none,,Walk Through Windows of Current Application Alternative";
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" =
"none,,Walk Through Windows of Current Application Alternative (Reverse)";
"kwin"."Window Above Other Windows" = "none,,Keep Window Above Others"; "kwin"."Window Above Other Windows" = "none,,Keep Window Above Others";
"kwin"."Window Below Other Windows" = "none,,Keep Window Below Others"; "kwin"."Window Below Other Windows" = "none,,Keep Window Below Others";
"kwin"."Window Close" = "Alt+F4"; "kwin"."Window Close" = "Alt+F4";
@ -175,7 +191,11 @@
"kwin"."Window to Screen 6" = "none,,Move Window to Screen 6"; "kwin"."Window to Screen 6" = "none,,Move Window to Screen 6";
"kwin"."Window to Screen 7" = "none,,Move Window to Screen 7"; "kwin"."Window to Screen 7" = "none,,Move Window to Screen 7";
"kwin"."view_actual_size" = "Meta+0"; "kwin"."view_actual_size" = "Meta+0";
"kwin"."view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"]; "kwin"."view_zoom_in" = [
"Meta++"
"Meta+=,Meta++"
"Meta+=,Zoom In"
];
"kwin"."view_zoom_out" = "Meta+-"; "kwin"."view_zoom_out" = "Meta+-";
"mediacontrol"."mediavolumedown" = "none,,Media volume down"; "mediacontrol"."mediavolumedown" = "none,,Media volume down";
"mediacontrol"."mediavolumeup" = "none,,Media volume up"; "mediacontrol"."mediavolumeup" = "none,,Media volume up";
@ -196,9 +216,17 @@
"org_kde_powerdevil"."PowerOff" = "Power Off"; "org_kde_powerdevil"."PowerOff" = "Power Off";
"org_kde_powerdevil"."Sleep" = "Sleep"; "org_kde_powerdevil"."Sleep" = "Sleep";
"org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off"; "org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off";
"org_kde_powerdevil"."Turn Off Screen" = []; "org_kde_powerdevil"."Turn Off Screen" = [ ];
"org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"]; "org_kde_powerdevil"."powerProfile" = [
"plasmashell"."activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"]; "Battery"
"Meta+B,Battery"
"Meta+B,Switch Power Profile"
];
"plasmashell"."activate application launcher" = [
"Meta"
"Alt+F1,Meta"
"Alt+F1,Activate Application Launcher"
];
"plasmashell"."activate task manager entry 1" = "Meta+1"; "plasmashell"."activate task manager entry 1" = "Meta+1";
"plasmashell"."activate task manager entry 10" = "none,Meta+0,Activate Task Manager Entry 10"; "plasmashell"."activate task manager entry 10" = "none,Meta+0,Activate Task Manager Entry 10";
"plasmashell"."activate task manager entry 2" = "Meta+2"; "plasmashell"."activate task manager entry 2" = "Meta+2";
@ -228,7 +256,8 @@
}; };
configFile = { configFile = {
"baloofilerc"."General"."dbVersion" = 2; "baloofilerc"."General"."dbVersion" = 2;
"baloofilerc"."General"."exclude filters" = "*~,*.part,*.o,*.la,*.lo,*.loT,*.moc,moc_*.cpp,qrc_*.cpp,ui_*.h,cmake_install.cmake,CMakeCache.txt,CTestTestfile.cmake,libtool,config.status,confdefs.h,autom4te,conftest,confstat,Makefile.am,*.gcode,.ninja_deps,.ninja_log,build.ninja,*.csproj,*.m4,*.rej,*.gmo,*.pc,*.omf,*.aux,*.tmp,*.po,*.vm*,*.nvram,*.rcore,*.swp,*.swap,lzo,litmain.sh,*.orig,.histfile.*,.xsession-errors*,*.map,*.so,*.a,*.db,*.qrc,*.ini,*.init,*.img,*.vdi,*.vbox*,vbox.log,*.qcow2,*.vmdk,*.vhd,*.vhdx,*.sql,*.sql.gz,*.ytdl,*.tfstate*,*.class,*.pyc,*.pyo,*.elc,*.qmlc,*.jsc,*.fastq,*.fq,*.gb,*.fasta,*.fna,*.gbff,*.faa,po,CVS,.svn,.git,_darcs,.bzr,.hg,CMakeFiles,CMakeTmp,CMakeTmpQmake,.moc,.obj,.pch,.uic,.npm,.yarn,.yarn-cache,__pycache__,node_modules,node_packages,nbproject,.terraform,.venv,venv,core-dumps,lost+found"; "baloofilerc"."General"."exclude filters" =
"*~,*.part,*.o,*.la,*.lo,*.loT,*.moc,moc_*.cpp,qrc_*.cpp,ui_*.h,cmake_install.cmake,CMakeCache.txt,CTestTestfile.cmake,libtool,config.status,confdefs.h,autom4te,conftest,confstat,Makefile.am,*.gcode,.ninja_deps,.ninja_log,build.ninja,*.csproj,*.m4,*.rej,*.gmo,*.pc,*.omf,*.aux,*.tmp,*.po,*.vm*,*.nvram,*.rcore,*.swp,*.swap,lzo,litmain.sh,*.orig,.histfile.*,.xsession-errors*,*.map,*.so,*.a,*.db,*.qrc,*.ini,*.init,*.img,*.vdi,*.vbox*,vbox.log,*.qcow2,*.vmdk,*.vhd,*.vhdx,*.sql,*.sql.gz,*.ytdl,*.tfstate*,*.class,*.pyc,*.pyo,*.elc,*.qmlc,*.jsc,*.fastq,*.fq,*.gb,*.fasta,*.fna,*.gbff,*.faa,po,CVS,.svn,.git,_darcs,.bzr,.hg,CMakeFiles,CMakeTmp,CMakeTmpQmake,.moc,.obj,.pch,.uic,.npm,.yarn,.yarn-cache,__pycache__,node_modules,node_packages,nbproject,.terraform,.venv,venv,core-dumps,lost+found";
"baloofilerc"."General"."exclude filters version" = 9; "baloofilerc"."General"."exclude filters version" = 9;
"dolphinrc"."General"."ViewPropsTimestamp" = "2025,1,11,13,50,1.5779999999999998"; "dolphinrc"."General"."ViewPropsTimestamp" = "2025,1,11,13,50,1.5779999999999998";
"dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false; "dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false;
@ -247,7 +276,8 @@
"kwinrc"."Desktops"."Number" = 1; "kwinrc"."Desktops"."Number" = 1;
"kwinrc"."Desktops"."Rows" = 1; "kwinrc"."Desktops"."Rows" = 1;
"kwinrc"."Tiling"."padding" = 4; "kwinrc"."Tiling"."padding" = 4;
"kwinrc"."Tiling/f18ce12b-2106-508f-9542-e4e6c6fbf75f"."tiles" = "{\"layoutDirection\":\"horizontal\",\"tiles\":[{\"width\":0.25},{\"width\":0.5},{\"width\":0.25}]}"; "kwinrc"."Tiling/f18ce12b-2106-508f-9542-e4e6c6fbf75f"."tiles" =
"{\"layoutDirection\":\"horizontal\",\"tiles\":[{\"width\":0.25},{\"width\":0.5},{\"width\":0.25}]}";
"kwinrc"."Xwayland"."Scale" = 1.75; "kwinrc"."Xwayland"."Scale" = 1.75;
"plasma-localerc"."Formats"."LANG" = "en_US.UTF-8"; "plasma-localerc"."Formats"."LANG" = "en_US.UTF-8";
}; };

17
lib/modules/home/sway.nix
View file

@ -3,7 +3,8 @@
lib, lib,
config, config,
... ...
}: { }:
{
programs.foot = { programs.foot = {
enable = true; enable = true;
}; };
@ -100,8 +101,8 @@
}; };
startup = [ startup = [
{command = "kdeconnect-indicator";} { command = "kdeconnect-indicator"; }
{command = "mako";} { command = "mako"; }
{ {
command = "swaybg -i $HOME/.wallpaper"; command = "swaybg -i $HOME/.wallpaper";
} }
@ -175,10 +176,12 @@
# pointer_accel # pointer_accel
}; };
}; };
keybindings = let keybindings =
let
mod = config.wayland.windowManager.sway.config.modifier; mod = config.wayland.windowManager.sway.config.modifier;
menu = "tofi-run | xargs swaymsg exec --"; menu = "tofi-run | xargs swaymsg exec --";
in { in
{
"${mod}+control+space" = "exec makoctl dismiss"; "${mod}+control+space" = "exec makoctl dismiss";
"${mod}+shift+space" = "exec makoctl invoke"; "${mod}+shift+space" = "exec makoctl invoke";
# "${mod}+return" = "exec kitty --single-instance"; # "${mod}+return" = "exec kitty --single-instance";
@ -319,8 +322,8 @@
"${mod}+shift+alt+f" = "for_window [class=$tilers] floating toggle"; "${mod}+shift+alt+f" = "for_window [class=$tilers] floating toggle";
}; };
assigns = {}; assigns = { };
bars = []; bars = [ ];
colors = with style.colors; { colors = with style.colors; {
background = bg; background = bg;
focused = { focused = {

3
lib/modules/home/swaylock.nix
View file

@ -1,4 +1,5 @@
{style, ...}: { { style, ... }:
{
programs.swaylock = { programs.swaylock = {
enable = true; enable = true;
settings = { settings = {

21
lib/modules/home/waybar.nix
View file

@ -2,21 +2,25 @@
pkgs, pkgs,
style, style,
... ...
}: { }:
{
programs.waybar = { programs.waybar = {
enable = true; enable = true;
settings = { settings = {
mainBar = { mainBar = {
"layer" = "top"; "layer" = "top";
"position" = "bottom"; "position" = "bottom";
"output" = ["eDP-1" "DP-3"]; "output" = [
"eDP-1"
"DP-3"
];
"height" = 50; "height" = 50;
"modules-left" = [ "modules-left" = [
"idle_inhibitor" "idle_inhibitor"
"sway/workspaces" "sway/workspaces"
"sway/window" "sway/window"
]; ];
"modules-center" = []; "modules-center" = [ ];
"modules-right" = [ "modules-right" = [
"privacy" "privacy"
"power-profiles-daemon" "power-profiles-daemon"
@ -94,7 +98,10 @@
"backlight" = { "backlight" = {
# "device" = "acpi_video1"; # "device" = "acpi_video1";
"format" = "{percent}%\n{icon}"; "format" = "{percent}%\n{icon}";
"format-icons" = ["" ""]; "format-icons" = [
""
""
];
"justify" = "center"; "justify" = "center";
}; };
"battery" = { "battery" = {
@ -145,10 +152,12 @@
}; };
}; };
}; };
style = let style =
let
border-width = "0px"; border-width = "0px";
in in
with style.colors.withHashPrefix; '' with style.colors.withHashPrefix;
''
* { * {
border-radius: 0; border-radius: 0;
font-family: "${style.font.name}", "Symbols Nerd Font Mono", sans-serif; font-family: "${style.font.name}", "Symbols Nerd Font Mono", sans-serif;

32
lib/modules/nixos/conduwuit.nix
View file

@ -4,14 +4,16 @@
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
cfg = config.services.conduwuit; cfg = config.services.conduwuit;
defaultUser = "conduwuit"; defaultUser = "conduwuit";
defaultGroup = "conduwuit"; defaultGroup = "conduwuit";
format = pkgs.formats.toml {}; format = pkgs.formats.toml { };
configFile = format.generate "conduwuit.toml" cfg.settings; configFile = format.generate "conduwuit.toml" cfg.settings;
in { in
meta.maintainers = with lib.maintainers; [niklaskorz]; {
meta.maintainers = with lib.maintainers; [ niklaskorz ];
options.services.conduwuit = { options.services.conduwuit = {
enable = lib.mkEnableOption "conduwuit"; enable = lib.mkEnableOption "conduwuit";
@ -34,13 +36,13 @@ in {
extraEnvironment = lib.mkOption { extraEnvironment = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "Extra Environment variables to pass to the conduwuit server."; description = "Extra Environment variables to pass to the conduwuit server.";
default = {}; default = { };
example = { example = {
RUST_BACKTRACE = "yes"; RUST_BACKTRACE = "yes";
}; };
}; };
package = lib.mkPackageOption pkgs.unstable-packages "conduwuit" {}; package = lib.mkPackageOption pkgs.unstable-packages "conduwuit" { };
settings = lib.mkOption { settings = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {
@ -66,7 +68,7 @@ in {
}; };
global.port = lib.mkOption { global.port = lib.mkOption {
type = lib.types.listOf lib.types.port; type = lib.types.listOf lib.types.port;
default = [6167]; default = [ 6167 ];
description = '' description = ''
The port(s) conduwuit will be running on. The port(s) conduwuit will be running on.
You need to set up a reverse proxy in your web server (e.g. apache or nginx), You need to set up a reverse proxy in your web server (e.g. apache or nginx),
@ -125,7 +127,7 @@ in {
}; };
global.trusted_servers = lib.mkOption { global.trusted_servers = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr; type = lib.types.listOf lib.types.nonEmptyStr;
default = ["matrix.org"]; default = [ "matrix.org" ];
description = '' description = ''
Servers listed here will be used to gather public keys of other servers Servers listed here will be used to gather public keys of other servers
(notary trusted key servers). (notary trusted key servers).
@ -158,7 +160,7 @@ in {
}; };
}; };
}; };
default = {}; default = { };
# TOML does not allow null values, so we use null to omit those fields # TOML does not allow null values, so we use null to omit those fields
apply = lib.filterAttrsRecursive (_: v: v != null); apply = lib.filterAttrsRecursive (_: v: v != null);
description = '' description = ''
@ -198,17 +200,17 @@ in {
}; };
users.groups = lib.mkIf (cfg.group == defaultGroup) { users.groups = lib.mkIf (cfg.group == defaultGroup) {
${defaultGroup} = {}; ${defaultGroup} = { };
}; };
systemd.services.conduwuit = { systemd.services.conduwuit = {
description = "Conduwuit Matrix Server"; description = "Conduwuit Matrix Server";
documentation = ["https://conduwuit.puppyirl.gay/"]; documentation = [ "https://conduwuit.puppyirl.gay/" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
wants = ["network-online.target"]; wants = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
environment = lib.mkMerge [ environment = lib.mkMerge [
{CONDUWUIT_CONFIG = configFile;} { CONDUWUIT_CONFIG = configFile; }
cfg.extraEnvironment cfg.extraEnvironment
]; ];
startLimitBurst = 5; startLimitBurst = 5;

291
lib/modules/nixos/default.nix
View file

@ -1,8 +1,15 @@
{self, ...}: let { self, ... }:
let
inherit (self) outputs; inherit (self) outputs;
inherit (outputs) nixosModules homeManagerModules overlays constants; inherit (outputs)
nixosModules
homeManagerModules
overlays
constants
;
inherit (constants) pubkey; inherit (constants) pubkey;
in { in
{
shell-defaults-and-applications = import ./shell-config.nix; shell-defaults-and-applications = import ./shell-config.nix;
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix; deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
@ -48,21 +55,29 @@ in {
# }; # };
# }; # };
ewwbar = {pkgs, ...}: { ewwbar =
{ pkgs, ... }:
{
# imports = with nixosModules; []; # imports = with nixosModules; [];
environment.systemPackages = with pkgs; [eww upower jq]; environment.systemPackages = with pkgs; [
eww
upower
jq
];
# TODO: include the home-manager modules for daniel? # TODO: include the home-manager modules for daniel?
}; };
niri = {pkgs, ...}: { niri =
environment.systemPackages = with pkgs; [niri]; { pkgs, ... }:
{
environment.systemPackages = with pkgs; [ niri ];
systemd.user.services.polkit = { systemd.user.services.polkit = {
description = "PolicyKit Authentication Agent"; description = "PolicyKit Authentication Agent";
wantedBy = ["niri.service"]; wantedBy = [ "niri.service" ];
after = ["graphical-session.target"]; after = [ "graphical-session.target" ];
partOf = ["graphical-session.target"]; partOf = [ "graphical-session.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.libsForQt5.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1"; ExecStart = "${pkgs.libsForQt5.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1";
@ -79,7 +94,9 @@ in {
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
}; };
hyprland = {pkgs, ...}: { hyprland =
{ pkgs, ... }:
{
imports = with nixosModules; [ imports = with nixosModules; [
ewwbar ewwbar
pipewire pipewire
@ -88,7 +105,11 @@ in {
programs.hyprland = { programs.hyprland = {
enable = true; enable = true;
}; };
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge netcat-openbsd]; environment.systemPackages = with pkgs; [
hyprpaper
xwaylandvideobridge
netcat-openbsd
];
home-manager.users.daniel = { home-manager.users.daniel = {
imports = with homeManagerModules; [ imports = with homeManagerModules; [
@ -99,16 +120,22 @@ in {
# TODO: include the home-manager modules for daniel? # TODO: include the home-manager modules for daniel?
}; };
sway = {pkgs, ...}: { sway =
{ pkgs, ... }:
{
imports = with nixosModules; [ imports = with nixosModules; [
pipewire pipewire
]; ];
systemd.user.services."wait-for-full-path" = { systemd.user.services."wait-for-full-path" = {
description = "wait for systemd units to have full PATH"; description = "wait for systemd units to have full PATH";
wantedBy = ["xdg-desktop-portal.service"]; wantedBy = [ "xdg-desktop-portal.service" ];
before = ["xdg-desktop-portal.service"]; before = [ "xdg-desktop-portal.service" ];
path = with pkgs; [systemd coreutils gnugrep]; path = with pkgs; [
systemd
coreutils
gnugrep
];
script = '' script = ''
ispresent () { ispresent () {
systemctl --user show-environment | grep -E '^PATH=.*/.nix-profile/bin' systemctl --user show-environment | grep -E '^PATH=.*/.nix-profile/bin'
@ -156,7 +183,10 @@ in {
programs.thunar = { programs.thunar = {
enable = true; enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman]; plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
}; };
services.gvfs = { services.gvfs = {
@ -211,17 +241,19 @@ in {
}; };
}; };
remote-disk-key-entry-on-boot = { remote-disk-key-entry-on-boot =
{
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
/* /*
https://nixos.wiki/wiki/Remote_disk_unlocking https://nixos.wiki/wiki/Remote_disk_unlocking
"When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang." "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
^ seems less than ideal ^ seems less than ideal
*/ */
boot.kernelParams = ["ip=dhcp"]; boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = { boot.initrd = {
# availableKernelModules = ["r8169"]; # ethernet drivers # availableKernelModules = ["r8169"]; # ethernet drivers
systemd.users.root.shell = "/bin/cryptsetup-askpass"; systemd.users.root.shell = "/bin/cryptsetup-askpass";
@ -230,14 +262,16 @@ in {
ssh = { ssh = {
enable = true; enable = true;
port = 22; port = 22;
authorizedKeys = [pubkey]; authorizedKeys = [ pubkey ];
hostKeys = ["/etc/secrets/initrd/ssh_host_rsa_key"]; hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
}; };
}; };
}; };
}; };
laptop = {pkgs, ...}: { laptop =
{ pkgs, ... }:
{
imports = with nixosModules; [ imports = with nixosModules; [
family-users family-users
wifi wifi
@ -277,7 +311,9 @@ in {
}; };
}; };
touchscreen = {pkgs, ...}: { touchscreen =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wvkbd # on-screen keyboard wvkbd # on-screen keyboard
flakeInputs.iio-hyprland.outputs.packages.${system}.default # auto-rotate hyprland displays flakeInputs.iio-hyprland.outputs.packages.${system}.default # auto-rotate hyprland displays
@ -285,7 +321,9 @@ in {
]; ];
}; };
emacs = {pkgs, ...}: { emacs =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
emacs emacs
]; ];
@ -297,11 +335,13 @@ in {
}; };
}; };
development-tools = { development-tools =
{
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
imports = with nixosModules; [ imports = with nixosModules; [
postgres postgres
podman podman
@ -385,7 +425,9 @@ in {
}; };
}; };
troubleshooting-tools = {pkgs, ...}: { troubleshooting-tools =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
iftop iftop
bottom bottom
@ -403,7 +445,9 @@ in {
]; ];
}; };
music-consumption = {pkgs, ...}: { music-consumption =
{ pkgs, ... }:
{
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
spotube spotube
@ -412,7 +456,9 @@ in {
}; };
}; };
video-tools = {pkgs, ...}: { video-tools =
{ pkgs, ... }:
{
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
ffmpeg-full ffmpeg-full
@ -428,13 +474,15 @@ in {
# environment.systemPackages = [pkgs.android-studio]; # environment.systemPackages = [pkgs.android-studio];
# }; # };
graphical-workstation = { graphical-workstation =
{
pkgs, pkgs,
lib, lib,
options, options,
config, config,
... ...
}: { }:
{
imports = with nixosModules; [ imports = with nixosModules; [
sway sway
# hyprland # hyprland
@ -454,8 +502,8 @@ in {
xdg.portal.enable = true; xdg.portal.enable = true;
hardware = hardware =
if builtins.hasAttr "graphics" options.hardware if builtins.hasAttr "graphics" options.hardware then
then { {
graphics = { graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@ -465,7 +513,8 @@ in {
*/ */
}; };
} }
else { else
{
opengl = { opengl = {
enable = true; enable = true;
driSupport32Bit = true; driSupport32Bit = true;
@ -490,12 +539,14 @@ in {
}; };
}; };
gnome = { gnome =
{
pkgs, pkgs,
lib, lib,
... ...
}: { }:
imports = with nixosModules; [pipewire]; {
imports = with nixosModules; [ pipewire ];
services = { services = {
xserver = { xserver = {
@ -503,7 +554,7 @@ in {
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
}; };
udev.packages = [pkgs.gnome-settings-daemon]; udev.packages = [ pkgs.gnome-settings-daemon ];
}; };
environment = { environment = {
@ -548,7 +599,9 @@ in {
}; };
}; };
radio-tools = {pkgs, ...}: { radio-tools =
{ pkgs, ... }:
{
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
chirp chirp
@ -568,23 +621,28 @@ in {
*/ */
}; };
fonts = {pkgs, ...}: { fonts =
{ pkgs, ... }:
{
fonts.packages = [ fonts.packages = [
( (
# allow nixpkgs 24.11 and unstable to both work # allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs if builtins.hasAttr "nerd-fonts" pkgs then
then (pkgs.nerd-fonts.symbols-only) (pkgs.nerd-fonts.symbols-only)
else (pkgs.nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];}) else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
) )
pkgs.iosevkaLyteTerm pkgs.iosevkaLyteTerm
]; ];
}; };
plasma6 = { plasma6 =
{
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
imports = with nixosModules; [ imports = with nixosModules; [
kde-connect kde-connect
pipewire pipewire
@ -595,7 +653,7 @@ in {
services.displayManager.sddm = { services.displayManager.sddm = {
enable = true; enable = true;
# package = lib.mkForce pkgs.kdePackages.sddm; # package = lib.mkForce pkgs.kdePackages.sddm;
settings = {}; settings = { };
# theme = ""; # theme = "";
enableHidpi = true; enableHidpi = true;
wayland = { wayland = {
@ -647,7 +705,9 @@ in {
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt; programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
}; };
lutris = {pkgs, ...}: { lutris =
{ pkgs, ... }:
{
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
wineWowPackages.waylandFull wineWowPackages.waylandFull
@ -657,7 +717,9 @@ in {
}; };
}; };
gaming = {pkgs, ...}: { gaming =
{ pkgs, ... }:
{
imports = with nixosModules; [ imports = with nixosModules; [
# lutris # use the flatpak # lutris # use the flatpak
steam # TODO: use the flatpak? steam # TODO: use the flatpak?
@ -685,7 +747,12 @@ in {
"bluez5.enable-sbc-xq" = true; "bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true; "bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true; "bluez5.enable-hw-volume" = true;
"bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"]; "bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
}; };
}; };
extraConfig.pipewire."91-null-sinks" = { extraConfig.pipewire."91-null-sinks" = {
@ -767,12 +834,14 @@ in {
*/ */
}; };
podman = { podman =
{
pkgs, pkgs,
config, config,
lib, lib,
... ...
}: { }:
{
config = lib.mkIf config.virtualisation.podman.enable { config = lib.mkIf config.virtualisation.podman.enable {
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
@ -803,27 +872,31 @@ in {
}; };
}; };
virtual-machines = { virtual-machines =
{
pkgs, pkgs,
lib, lib,
config, config,
... ...
}: { }:
{
config = lib.mkIf config.virtualisation.libvirtd.enable { config = lib.mkIf config.virtualisation.libvirtd.enable {
users.users.daniel.extraGroups = ["libvirtd"]; users.users.daniel.extraGroups = [ "libvirtd" ];
}; };
}; };
postgres = { postgres =
{
pkgs, pkgs,
lib, lib,
config, config,
... ...
}: { }:
{
config = lib.mkIf config.services.postgresql.enable { config = lib.mkIf config.services.postgresql.enable {
# this is really just for development usage # this is really just for development usage
services.postgresql = { services.postgresql = {
ensureDatabases = ["daniel"]; ensureDatabases = [ "daniel" ];
ensureUsers = [ ensureUsers = [
{ {
name = "daniel"; name = "daniel";
@ -863,14 +936,17 @@ in {
}; };
}; };
desktop = { desktop =
{
pkgs, pkgs,
lib, lib,
config, config,
... ...
}: let }:
let
cfg = config.lyte.desktop; cfg = config.lyte.desktop;
in { in
{
options = { options = {
lyte = { lyte = {
desktop = { desktop = {
@ -892,12 +968,14 @@ in {
}; };
}; };
printing = { printing =
{
pkgs, pkgs,
lib, lib,
config, config,
... ...
}: { }:
{
config = lib.mkIf config.services.printing.enable { config = lib.mkIf config.services.printing.enable {
services.printing.browsing = true; services.printing.browsing = true;
services.printing.browsedConf = '' services.printing.browsedConf = ''
@ -908,18 +986,21 @@ in {
BrowseProtocols all BrowseProtocols all
''; '';
services.printing.drivers = [pkgs.gutenprint]; services.printing.drivers = [ pkgs.gutenprint ];
}; };
}; };
wifi = { wifi =
{
lib, lib,
config, config,
... ...
}: let }:
let
inherit (lib) mkDefault; inherit (lib) mkDefault;
cfg = config.networking.wifi; cfg = config.networking.wifi;
in { in
{
options = { options = {
networking.wifi.enable = lib.mkEnableOption "Enable wifi via NetworkManager"; networking.wifi.enable = lib.mkEnableOption "Enable wifi via NetworkManager";
}; };
@ -958,7 +1039,9 @@ in {
}; };
}; };
steam = {pkgs, ...}: { steam =
{ pkgs, ... }:
{
programs.gamescope.enable = true; programs.gamescope.enable = true;
programs.steam = { programs.steam = {
@ -980,7 +1063,7 @@ in {
}; };
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
services.udev.packages = with pkgs; [steam]; services.udev.packages = with pkgs; [ steam ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
dualsensectl # for interfacing with dualsense controllers programmatically dualsensectl # for interfacing with dualsense controllers programmatically
@ -993,19 +1076,21 @@ in {
*/ */
}; };
root = { root =
{
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
users.users.root = { users.users.root = {
home = "/root"; home = "/root";
createHome = true; createHome = true;
openssh.authorizedKeys.keys = [pubkey]; openssh.authorizedKeys.keys = [ pubkey ];
shell = lib.mkForce pkgs.fish; shell = lib.mkForce pkgs.fish;
}; };
home-manager.users.root = { home-manager.users.root = {
imports = [homeManagerModules.common]; imports = [ homeManagerModules.common ];
home = { home = {
username = "root"; username = "root";
@ -1015,14 +1100,17 @@ in {
}; };
}; };
daniel = { daniel =
{
pkgs, pkgs,
lib, lib,
config, config,
... ...
}: let }:
let
username = "daniel"; username = "daniel";
in { in
{
imports = [ imports = [
{ {
config = lib.mkIf config.lyte.shell.enable { config = lib.mkIf config.lyte.shell.enable {
@ -1036,18 +1124,25 @@ in {
}; };
} }
]; ];
users.groups.${username} = {}; users.groups.${username} = { };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
home = "/home/${username}/.home"; home = "/home/${username}/.home";
createHome = true; createHome = true;
openssh.authorizedKeys.keys = [pubkey]; openssh.authorizedKeys.keys = [ pubkey ];
group = username; group = username;
extraGroups = ["users" "wheel" "video" "dialout" "uucp" "kvm"]; extraGroups = [
packages = []; "users"
"wheel"
"video"
"dialout"
"uucp"
"kvm"
];
packages = [ ];
}; };
home-manager.users.daniel = { home-manager.users.daniel = {
imports = [homeManagerModules.common]; imports = [ homeManagerModules.common ];
home = { home = {
username = "daniel"; username = "daniel";
@ -1071,33 +1166,43 @@ in {
}; };
}; };
valerie = let valerie =
let
username = "valerie"; username = "valerie";
in { in
users.groups.${username} = {}; {
users.groups.${username} = { };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
home = "/home/${username}"; home = "/home/${username}";
createHome = true; createHome = true;
openssh.authorizedKeys.keys = [pubkey]; openssh.authorizedKeys.keys = [ pubkey ];
group = username; group = username;
extraGroups = ["users" "video"]; extraGroups = [
packages = []; "users"
"video"
];
packages = [ ];
}; };
}; };
flanfam = let flanfam =
let
username = "flanfam"; username = "flanfam";
in { in
users.groups.${username} = {}; {
users.groups.${username} = { };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
home = "/home/${username}"; home = "/home/${username}";
createHome = true; createHome = true;
openssh.authorizedKeys.keys = [pubkey]; openssh.authorizedKeys.keys = [ pubkey ];
group = username; group = username;
extraGroups = ["users" "video"]; extraGroups = [
packages = []; "users"
"video"
];
packages = [ ];
}; };
}; };

19
lib/modules/nixos/deno-netlify-ddns-client.nix
View file

@ -3,11 +3,18 @@
config, config,
pkgs, pkgs,
... ...
}: let }:
inherit (lib) mkEnableOption mkOption types mkIf; let
inherit (lib)
mkEnableOption
mkOption
types
mkIf
;
inherit (lib.strings) optionalString; inherit (lib.strings) optionalString;
cfg = config.services.deno-netlify-ddns-client; cfg = config.services.deno-netlify-ddns-client;
in { in
{
options.services.deno-netlify-ddns-client = { options.services.deno-netlify-ddns-client = {
enable = mkEnableOption "Enable the deno-netlify-ddns client."; enable = mkEnableOption "Enable the deno-netlify-ddns client.";
username = mkOption { username = mkOption {
@ -48,8 +55,8 @@ in {
config = { config = {
systemd.timers.deno-netlify-ddns-client = { systemd.timers.deno-netlify-ddns-client = {
enable = mkIf cfg.enable true; enable = mkIf cfg.enable true;
after = ["network.target"]; after = [ "network.target" ];
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnBootSec = cfg.afterBootTime; OnBootSec = cfg.afterBootTime;
OnUnitActiveSec = cfg.every; OnUnitActiveSec = cfg.every;
@ -59,7 +66,7 @@ in {
systemd.services.deno-netlify-ddns-client = { systemd.services.deno-netlify-ddns-client = {
enable = mkIf cfg.enable true; enable = mkIf cfg.enable true;
after = ["network.target"]; after = [ "network.target" ];
script = '' script = ''
set -eu set -eu
password="$(cat "${cfg.passwordFile}")" password="$(cat "${cfg.passwordFile}")"

7
lib/modules/nixos/gnome.nix
View file

@ -2,8 +2,9 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }:
imports = [./pipewire.nix]; {
imports = [ ./pipewire.nix ];
# mkForce is used liberally to take precedence over KDE Plasma # mkForce is used liberally to take precedence over KDE Plasma
# so I can have both "usable" at once # so I can have both "usable" at once
@ -21,7 +22,7 @@
services.xserver.desktopManager.gnome = { services.xserver.desktopManager.gnome = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
extraGSettingsOverridePackages = [pkgs.gnome.mutter]; extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
extraGSettingsOverrides = '' extraGSettingsOverrides = ''
[org.gnome.mutter] [org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer'] experimental-features=['scale-monitor-framebuffer']

6
lib/modules/nixos/shell-config.nix
View file

@ -3,9 +3,11 @@
pkgs, pkgs,
config, config,
... ...
}: let }:
let
cfg = config.lyte.shell; cfg = config.lyte.shell;
in { in
{
options = { options = {
lyte = { lyte = {
shell = { shell = {

10
lib/overlays/default.nix
View file

@ -3,7 +3,8 @@
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
... ...
} @ inputs: { }@inputs:
{
default = final: _prev: { default = final: _prev: {
overlays = with self.overlays; [ overlays = with self.overlays; [
additions additions
@ -14,9 +15,12 @@
additions = final: prev: (prev // self.outputs.packages.${prev.system}); additions = final: prev: (prev // self.outputs.packages.${prev.system});
modifications = final: prev: let modifications =
final: prev:
let
inherit (inputs) helix ghostty; inherit (inputs) helix ghostty;
in { in
{
ghostty = ghostty.outputs.packages.${prev.system}.default; ghostty = ghostty.outputs.packages.${prev.system}.default;
helix = helix.outputs.packages.${prev.system}.default; helix = helix.outputs.packages.${prev.system}.default;
bitwarden = self.outputs.packages.${prev.system}.bitwarden; bitwarden = self.outputs.packages.${prev.system}.bitwarden;

21
lib/templates/deno/flake.nix
View file

@ -1,10 +1,12 @@
{ {
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs = { outputs =
{
self, self,
nixpkgs, nixpkgs,
}: let }:
let
inherit (self) outputs; inherit (self) outputs;
supportedSystems = [ supportedSystems = [
"x86_64-linux" "x86_64-linux"
@ -14,10 +16,14 @@
"aarch64-darwin" "aarch64-darwin"
]; ];
forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems; forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems;
in { in
devShells = forEachSupportedSystem (system: let {
pkgs = import nixpkgs {inherit system;}; devShells = forEachSupportedSystem (
in { system:
let
pkgs = import nixpkgs { inherit system; };
in
{
deno-dev = pkgs.mkShell { deno-dev = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
vscode-langservers-extracted vscode-langservers-extracted
@ -29,6 +35,7 @@
}; };
default = outputs.devShells.${system}.deno-dev; default = outputs.devShells.${system}.deno-dev;
}); }
);
}; };
} }

7
lib/templates/elixir/flake.nix
View file

@ -5,9 +5,12 @@
git-hooks.inputs.nixpkgs.follows = "nixpkgs"; git-hooks.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs: let outputs =
inputs:
let
inherit (import nix/boilerplate.nix inputs) call; inherit (import nix/boilerplate.nix inputs) call;
in { in
{
overlays = import nix/overlays.nix; overlays = import nix/overlays.nix;
packages = call (import nix/packages.nix); packages = call (import nix/packages.nix);
checks = call (import nix/checks.nix); checks = call (import nix/checks.nix);

23
lib/templates/elixir/nix/boilerplate.nix
View file

@ -1,16 +1,21 @@
inputs @ { inputs@{
nixpkgs, nixpkgs,
self, self,
... ...
}: let }:
let
forSelfOverlay = forSelfOverlay =
if builtins.hasAttr "forSelf" self.overlays if builtins.hasAttr "forSelf" self.overlays then self.overlays.forSelf else (_: p: p);
then self.overlays.forSelf in
else (_: p: p); rec {
in rec { systems = [
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"]; "aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems; forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: ((import nixpkgs {inherit system;}).extend forSelfOverlay); pkgsFor = system: ((import nixpkgs { inherit system; }).extend forSelfOverlay);
genPkgs = func: (forSystems (system: func (pkgsFor system))); genPkgs = func: (forSystems (system: func (pkgsFor system)));
call = imported: genPkgs (pkgs: imported (inputs // {inherit pkgs;})); call = imported: genPkgs (pkgs: imported (inputs // { inherit pkgs; }));
} }

22
lib/templates/elixir/nix/checks.nix
View file

@ -2,28 +2,32 @@
git-hooks, git-hooks,
pkgs, pkgs,
... ...
}: let }:
hook = { let
hook =
{
command, command,
stages ? ["pre-commit"], stages ? [ "pre-commit" ],
... ...
}: { }:
{
inherit stages; inherit stages;
enable = true; enable = true;
name = command; name = command;
entry = command; entry = command;
pass_filenames = false; pass_filenames = false;
}; };
in { in
{
git-hooks = git-hooks.lib.${pkgs.system}.run { git-hooks = git-hooks.lib.${pkgs.system}.run {
src = ./..; src = ./..;
hooks = { hooks = {
alejandra.enable = true; alejandra.enable = true;
convco.enable = true; convco.enable = true;
credo = hook {command = "mix credo --strict";}; credo = hook { command = "mix credo --strict"; };
formatting = hook {command = "mix format --check-formatted";}; formatting = hook { command = "mix format --check-formatted"; };
dialyzer = hook {command = "mix dialyzer";}; dialyzer = hook { command = "mix dialyzer"; };
test = hook {command = "mix test";}; test = hook { command = "mix test"; };
}; };
}; };
} }

6
lib/templates/elixir/nix/overlays.nix
View file

@ -2,8 +2,8 @@
forSelf = final: prev: { forSelf = final: prev: {
erlang = prev.beam.packagesWith prev.beam.interpreters.erlang_27; erlang = prev.beam.packagesWith prev.beam.interpreters.erlang_27;
elixir = final.erlang.elixir_1_17; elixir = final.erlang.elixir_1_17;
mixRelease = final.erlang.mixRelease.override {elixir = final.elixir;}; mixRelease = final.erlang.mixRelease.override { elixir = final.elixir; };
fetchMixDeps = final.erlang.fetchMixDeps.override {elixir = final.elixir;}; fetchMixDeps = final.erlang.fetchMixDeps.override { elixir = final.elixir; };
elixir-ls = prev.elixir-ls.override {elixir = final.elixir;}; elixir-ls = prev.elixir-ls.override { elixir = final.elixir; };
}; };
} }

6
lib/templates/elixir/nix/packages.nix
View file

@ -2,11 +2,13 @@
pkgs, pkgs,
self, self,
... ...
}: let }:
let
version = "1.0.0"; version = "1.0.0";
src = ../.; src = ../.;
pname = "my-package"; pname = "my-package";
in { in
{
${pname} = pkgs.mixRelease { ${pname} = pkgs.mixRelease {
inherit pname version src; inherit pname version src;
mixFodDeps = pkgs.fetchMixDeps { mixFodDeps = pkgs.fetchMixDeps {

3
lib/templates/elixir/nix/shells.nix
View file

@ -2,7 +2,8 @@
pkgs, pkgs,
self, self,
... ...
}: { }:
{
elixir-dev = pkgs.mkShell { elixir-dev = pkgs.mkShell {
shellHook = '' shellHook = ''
${self.checks.${pkgs.system}.git-hooks.shellHook} ${self.checks.${pkgs.system}.git-hooks.shellHook}

18
lib/templates/gleam/flake.nix
View file

@ -1,15 +1,23 @@
{ {
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
outputs = { outputs =
{
self, self,
nixpkgs, nixpkgs,
... ...
}: let }:
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"]; let
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems; forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: (import nixpkgs {inherit system;}).extend self.outputs.overlays.default; pkgsFor = system: (import nixpkgs { inherit system; }).extend self.outputs.overlays.default;
genPkgs = func: (forSystems (system: func (pkgsFor system))); genPkgs = func: (forSystems (system: func (pkgsFor system)));
in { in
{
overlays.default = final: prev: { overlays.default = final: prev: {
erlangPackages = prev.beam.packagesWith prev.erlang_27; erlangPackages = prev.beam.packagesWith prev.erlang_27;
erlang = final.erlangPackages.erlang; erlang = final.erlangPackages.erlang;

26
lib/templates/godot/flake.nix
View file

@ -1,11 +1,13 @@
{ {
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
outputs = { outputs =
{
self, self,
nixpkgs, nixpkgs,
... ...
}: let }:
let
inherit (self) outputs; inherit (self) outputs;
supportedSystems = [ supportedSystems = [
"x86_64-linux" "x86_64-linux"
@ -16,17 +18,25 @@
]; ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in { in
devShells = forAllSystems (system: let {
pkgs = import nixpkgs {inherit system;}; devShells = forAllSystems (
in { system:
let
pkgs = import nixpkgs { inherit system; };
in
{
default = outputs.devShells.${system}.godot; default = outputs.devShells.${system}.godot;
godot = pkgs.mkShell { godot = pkgs.mkShell {
buildInputs = with pkgs; [godot_4 gdtoolkit]; buildInputs = with pkgs; [
godot_4
gdtoolkit
];
shellHook = '' shellHook = ''
echo -e "\e[0;30m\e[43m Use 'godot4 -e' to run the editor for this project. \e[0;30m\e[0m" echo -e "\e[0;30m\e[43m Use 'godot4 -e' to run the editor for this project. \e[0;30m\e[0m"
''; '';
}; };
}); }
);
}; };
} }

21
lib/templates/nim/flake.nix
View file

@ -1,9 +1,11 @@
{ {
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs = { outputs =
{
self, self,
nixpkgs, nixpkgs,
}: let }:
let
inherit (self) outputs; inherit (self) outputs;
supportedSystems = [ supportedSystems = [
"x86_64-linux" "x86_64-linux"
@ -13,10 +15,14 @@
"aarch64-darwin" "aarch64-darwin"
]; ];
forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems; forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems;
in { in
devShells = forEachSupportedSystem (system: let {
pkgs = import nixpkgs {inherit system;}; devShells = forEachSupportedSystem (
in { system:
let
pkgs = import nixpkgs { inherit system; };
in
{
nim-dev = pkgs.mkShell { nim-dev = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
nim nim
@ -26,6 +32,7 @@
}; };
default = outputs.devShells.${system}.nim-dev; default = outputs.devShells.${system}.nim-dev;
}); }
);
}; };
} }

7
lib/templates/rust/flake.nix
View file

@ -2,9 +2,12 @@
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
inputs.git-hooks.url = "github:cachix/git-hooks.nix"; inputs.git-hooks.url = "github:cachix/git-hooks.nix";
inputs.git-hooks.inputs.nixpkgs.follows = "nixpkgs"; inputs.git-hooks.inputs.nixpkgs.follows = "nixpkgs";
outputs = inputs: let outputs =
inputs:
let
inherit (import nix/boilerplate.nix inputs) call genPkgs; inherit (import nix/boilerplate.nix inputs) call genPkgs;
in { in
{
# overlays = import nix/overlays.nix; # overlays = import nix/overlays.nix;
checks = call (import nix/checks.nix); checks = call (import nix/checks.nix);
packages = call (import nix/packages.nix); packages = call (import nix/packages.nix);

26
lib/templates/rust/nix/boilerplate.nix
View file

@ -1,16 +1,24 @@
inputs @ { inputs@{
nixpkgs, nixpkgs,
self, self,
... ...
}: let }:
let
forSelfOverlay = forSelfOverlay =
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays then
then self.overlays.forSelf self.overlays.forSelf
else (_: p: p); else
in rec { (_: p: p);
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"]; in
rec {
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems; forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: ((import nixpkgs {inherit system;}).extend forSelfOverlay); pkgsFor = system: ((import nixpkgs { inherit system; }).extend forSelfOverlay);
genPkgs = func: (forSystems (system: func (pkgsFor system))); genPkgs = func: (forSystems (system: func (pkgsFor system)));
call = imported: genPkgs (pkgs: imported (inputs // {inherit pkgs;})); call = imported: genPkgs (pkgs: imported (inputs // { inherit pkgs; }));
} }

5
lib/templates/rust/nix/checks.nix
View file

@ -2,7 +2,8 @@
pkgs, pkgs,
git-hooks, git-hooks,
... ...
}: { }:
{
git-hooks = git-hooks.lib.${pkgs.system}.run { git-hooks = git-hooks.lib.${pkgs.system}.run {
src = ./..; src = ./..;
hooks = { hooks = {
@ -16,7 +17,7 @@
# types = ["rust"]; # types = ["rust"];
# language = "rust"; # language = "rust";
pass_filenames = false; pass_filenames = false;
stages = ["pre-commit"]; stages = [ "pre-commit" ];
}; };
clippy.enable = true; clippy.enable = true;
rustfmt.enable = true; rustfmt.enable = true;

6
lib/templates/rust/nix/packages.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: let { pkgs, ... }:
let
inherit (builtins) fromTOML readFile; inherit (builtins) fromTOML readFile;
pname = "my-package"; pname = "my-package";
src = ./..; src = ./..;
@ -20,7 +21,8 @@
cargoHash = pkgs.lib.fakeHash; cargoHash = pkgs.lib.fakeHash;
useFetchCargoVendor = true; useFetchCargoVendor = true;
}; };
in { in
{
${pname} = main-package; ${pname} = main-package;
default = main-package; default = main-package;
} }

8
lib/templates/rust/nix/shells.nix
View file

@ -2,12 +2,14 @@
self, self,
pkgs, pkgs,
... ...
}: let }:
let
inherit (pkgs) system; inherit (pkgs) system;
in { in
{
default = pkgs.mkShell { default = pkgs.mkShell {
inherit (self.checks.${system}.git-hooks) shellHook; inherit (self.checks.${system}.git-hooks) shellHook;
inputsFrom = [self.packages.${system}.default]; inputsFrom = [ self.packages.${system}.default ];
packages = with pkgs; [ packages = with pkgs; [
convco convco
rustPackages.clippy rustPackages.clippy

1
nix/boilerplate.nix
View file

@ -1 +0,0 @@

5
nix/constants.nix
View file

@ -1,6 +1,7 @@
{nixpkgs, ...}: { { nixpkgs, ... }:
{
style = { style = {
colors = (import ./lib/colors.nix {inherit (nixpkgs) lib;}).schemes.catppuccin-mocha-sapphire; colors = (import ./lib/colors.nix { inherit (nixpkgs) lib; }).schemes.catppuccin-mocha-sapphire;
font = { font = {
name = "IosevkaLyteTerm"; name = "IosevkaLyteTerm";

36
nix/machines.nix
View file

@ -1,5 +1,6 @@
{
beefcake = let beefcake =
let
system = "x86_64-linux"; system = "x86_64-linux";
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
@ -38,7 +39,6 @@
]; ];
}; };
htpc = nixpkgs.lib.nixosSystem { htpc = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = with nixosModules; [ modules = with nixosModules; [
@ -113,7 +113,9 @@
./nixos/foxtrot.nix ./nixos/foxtrot.nix
({pkgs, ...}: { (
{ pkgs, ... }:
{
home-manager.users.daniel = { home-manager.users.daniel = {
imports = with homeManagerModules; [ imports = with homeManagerModules; [
senpai senpai
@ -126,17 +128,15 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fw-ectool fw-ectool
(writeShellApplication (writeShellApplication {
{
name = "reset-wifi-module"; name = "reset-wifi-module";
runtimeInputs = with pkgs; [kmod]; runtimeInputs = with pkgs; [ kmod ];
text = '' text = ''
modprobe -rv mt7921e modprobe -rv mt7921e
modprobe -v mt7921e modprobe -v mt7921e
''; '';
}) })
(writeShellApplication (writeShellApplication {
{
name = "perfmode"; name = "perfmode";
# we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system # we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system
# otherwise, they will likely have no effect anyways # otherwise, they will likely have no effect anyways
@ -145,8 +145,7 @@
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz' command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz'
''; '';
}) })
(writeShellApplication (writeShellApplication {
{
name = "battmode"; name = "battmode";
text = '' text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver' command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver'
@ -154,7 +153,8 @@
''; '';
}) })
]; ];
}) }
)
]; ];
}; };
@ -238,7 +238,7 @@
{ {
_module.args = { _module.args = {
disks = ["/dev/nvme0n1"]; disks = [ "/dev/nvme0n1" ];
swapSize = "32G"; swapSize = "32G";
}; };
} }
@ -278,10 +278,10 @@
{ {
_module.args = { _module.args = {
disks = ["/dev/sda"]; disks = [ "/dev/sda" ];
# swapSize = "8G"; # swapSize = "8G";
}; };
esp = {}; esp = { };
} }
outputs.diskoConfigurations.unencrypted outputs.diskoConfigurations.unencrypted
hardware.nixosModules.common-pc-laptop-ssd hardware.nixosModules.common-pc-laptop-ssd
@ -372,7 +372,8 @@
# .outputs # .outputs
# .disk-image; # .disk-image;
pinephone = let pinephone =
let
inherit (nixpkgs-unstable) lib; inherit (nixpkgs-unstable) lib;
in in
lib.nixosSystem { lib.nixosSystem {
@ -434,5 +435,4 @@
} }
]; ];
}; };
}; }

3
nix/users.nix
View file

@ -1,5 +1,6 @@
{ {
"deck" = let "deck" =
let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = unstable.pkgsFor system; pkgs = unstable.pkgsFor system;
in in

8
packages/default.nix
View file

@ -1,6 +1,8 @@
{pkgs, ...}: let { pkgs, ... }:
iosevkaLyteTerm = pkgs.callPackage ./iosevkaLyteTerm.nix {}; let
in { iosevkaLyteTerm = pkgs.callPackage ./iosevkaLyteTerm.nix { };
in
{
inherit iosevkaLyteTerm; inherit iosevkaLyteTerm;
iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix { iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix {

3
packages/hosts/base.nix
View file

@ -2,7 +2,8 @@
config, config,
outputs, outputs,
... ...
}: { }:
{
# a minimal, familiar setup that I can bootstrap atop # a minimal, familiar setup that I can bootstrap atop
imports = with outputs.nixosModules; [ imports = with outputs.nixosModules; [
# may need to be tweaked based on the machine's paritioning scheme # may need to be tweaked based on the machine's paritioning scheme

274
packages/hosts/beefcake.nix
View file

@ -1,11 +1,11 @@
/* /*
if ur fans get loud: if ur fans get loud:
# enable manual fan control # enable manual fan control
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00 sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
# set fan speed to last byte as decimal # set fan speed to last byte as decimal
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
*/ */
{ {
/* /*
@ -16,7 +16,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
config, config,
pkgs, pkgs,
... ...
}: { }:
{
system.stateVersion = "24.05"; system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05"; home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "beefcake"; networking.hostName = "beefcake";
@ -27,7 +28,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
networking.hostId = "541ede55"; networking.hostId = "541ede55";
boot = { boot = {
zfs = { zfs = {
extraPools = ["zstorage"]; extraPools = [ "zstorage" ];
}; };
supportedFilesystems = { supportedFilesystems = {
zfs = true; zfs = true;
@ -36,9 +37,14 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
zfs = true; zfs = true;
}; };
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; # kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
initrd.availableKernelModules = ["ehci_pci" "mpt3sas" "usbhid" "sd_mod"]; initrd.availableKernelModules = [
kernelModules = ["kvm-intel"]; "ehci_pci"
kernelParams = ["nohibernate"]; "mpt3sas"
"usbhid"
"sd_mod"
];
kernelModules = [ "kvm-intel" ];
kernelParams = [ "nohibernate" ];
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
}; };
@ -51,7 +57,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B6C4-7CF4"; device = "/dev/disk/by-uuid/B6C4-7CF4";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
/* /*
@ -73,16 +82,19 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# TODO: nfs with zfs? # TODO: nfs with zfs?
# services.nfs.server.enable = true; # services.nfs.server.enable = true;
} }
({ (
{
options, options,
config, config,
... ...
}: let }:
let
inherit (lib) mkOption types; inherit (lib) mkOption types;
in { in
{
options.services.restic.commonPaths = mkOption { options.services.restic.commonPaths = mkOption {
type = types.nullOr (types.listOf types.str); type = types.nullOr (types.listOf types.str);
default = []; default = [ ];
description = '' description = ''
Which paths to backup, in addition to ones specified via Which paths to backup, in addition to ones specified via
`dynamicFilesFrom`. If null or an empty array and `dynamicFilesFrom`. If null or an empty array and
@ -94,13 +106,14 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"/home/user/backup" "/home/user/backup"
]; ];
}; };
}) }
)
{ {
# sops secrets config # sops secrets config
sops = { sops = {
defaultSopsFile = ../secrets/beefcake/secrets.yml; defaultSopsFile = ../secrets/beefcake/secrets.yml;
age = { age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt"; keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true; generateKey = true;
}; };
@ -108,7 +121,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
} }
{ {
sops.secrets = { sops.secrets = {
netlify-ddns-password = {mode = "0400";}; netlify-ddns-password = {
mode = "0400";
};
}; };
services.deno-netlify-ddns-client = { services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path; passwordFile = config.sops.secrets.netlify-ddns-password.path;
@ -117,7 +132,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{ {
# nix binary cache # nix binary cache
sops.secrets = { sops.secrets = {
nix-cache-priv-key = {mode = "0400";}; nix-cache-priv-key = {
mode = "0400";
};
}; };
services.nix-serve = { services.nix-serve = {
enable = true; # TODO: true enable = true; # TODO: true
@ -136,7 +153,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# regularly build this flake so we have stuff in the cache # regularly build this flake so we have stuff in the cache
# TODO: schedule this for nightly builds instead of intervals based on boot time # TODO: schedule this for nightly builds instead of intervals based on boot time
systemd.timers."build-lytedev-flake" = { systemd.timers."build-lytedev-flake" = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnBootSec = "30m"; # 30 minutes after booting OnBootSec = "30m"; # 30 minutes after booting
OnUnitActiveSec = "1d"; # every day afterwards OnUnitActiveSec = "1d"; # every day afterwards
@ -166,7 +183,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# build main laptop configuration # build main laptop configuration
nixos-rebuild build --flake git+https://git.lyte.dev/lytedev/nix.git#foxtrot --accept-flake-config nixos-rebuild build --flake git+https://git.lyte.dev/lytedev/nix.git#foxtrot --accept-flake-config
''; '';
path = with pkgs; [openssh git nixos-rebuild]; path = with pkgs; [
openssh
git
nixos-rebuild
];
serviceConfig = { serviceConfig = {
# TODO: mkdir -p...? # TODO: mkdir -p...?
WorkingDirectory = "/home/daniel/.home/.cache/nightly-flake-builds"; WorkingDirectory = "/home/daniel/.home/.cache/nightly-flake-builds";
@ -217,13 +238,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
reverse_proxy http://localhost:${toString config.services.headscale.port} reverse_proxy http://localhost:${toString config.services.headscale.port}
''; '';
}; };
networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [3478]; networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [ 3478 ];
} }
{ {
services.restic.commonPaths = ["/var/lib/soju" "/var/lib/private/soju"]; services.restic.commonPaths = [
"/var/lib/soju"
"/var/lib/private/soju"
];
services.soju = { services.soju = {
enable = true; enable = true;
listen = ["irc+insecure://:6667"]; listen = [ "irc+insecure://:6667" ];
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
6667 6667
@ -236,7 +260,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
createHome = false; createHome = false;
group = "nextcloud"; group = "nextcloud";
}; };
users.groups.nextcloud = {}; users.groups.nextcloud = { };
sops.secrets = { sops.secrets = {
nextcloud-admin-password = { nextcloud-admin-password = {
owner = "nextcloud"; owner = "nextcloud";
@ -259,7 +283,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"/storage/nextcloud" "/storage/nextcloud"
]; ];
services.postgresql = { services.postgresql = {
ensureDatabases = ["nextcloud"]; ensureDatabases = [ "nextcloud" ];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";
@ -274,7 +298,13 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
extraAppsEnable = true; extraAppsEnable = true;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts notes onlyoffice tasks; inherit
calendar
contacts
notes
onlyoffice
tasks
;
}; };
package = pkgs.nextcloud28; package = pkgs.nextcloud28;
home = "/storage/nextcloud"; home = "/storage/nextcloud";
@ -311,7 +341,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
services.caddy.virtualHosts."nextcloud.h.lyte.dev" = let services.caddy.virtualHosts."nextcloud.h.lyte.dev" =
let
fpm-nextcloud-pool = config.services.phpfpm.pools.nextcloud; fpm-nextcloud-pool = config.services.phpfpm.pools.nextcloud;
root = config.services.nginx.virtualHosts.${config.services.nextcloud.hostName}.root; root = config.services.nginx.virtualHosts.${config.services.nextcloud.hostName}.root;
in in
@ -374,7 +405,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{ {
# plausible # plausible
services.postgresql = { services.postgresql = {
ensureDatabases = ["plausible"]; ensureDatabases = [ "plausible" ];
ensureUsers = [ ensureUsers = [
{ {
name = "plausible"; name = "plausible";
@ -388,7 +419,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
group = "plausible"; group = "plausible";
}; };
users.extraGroups = { users.extraGroups = {
"plausible" = {}; "plausible" = { };
}; };
services.plausible = { services.plausible = {
enable = true; enable = true;
@ -472,7 +503,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{ {
# family storage # family storage
users.extraGroups = { users.extraGroups = {
"family" = {}; "family" = { };
}; };
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-family" = { "10-family" = {
@ -517,8 +548,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
}; };
users.groups.daniel.members = ["daniel"]; users.groups.daniel.members = [ "daniel" ];
users.groups.nixadmin.members = ["daniel"]; users.groups.nixadmin.members = [ "daniel" ];
users.users.daniel = { users.users.daniel = {
extraGroups = [ extraGroups = [
# "nixadmin" # write access to /etc/nixos/ files # "nixadmin" # write access to /etc/nixos/ files
@ -536,7 +567,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
]; ];
services.postgresql = { services.postgresql = {
ensureDatabases = ["daniel"]; ensureDatabases = [ "daniel" ];
ensureUsers = [ ensureUsers = [
{ {
name = "daniel"; name = "daniel";
@ -680,7 +711,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# friends # friends
users.users.ben = { users.users.ben = {
isNormalUser = true; isNormalUser = true;
packages = [pkgs.vim]; packages = [ pkgs.vim ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com"
]; ];
@ -688,14 +719,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
users.users.alan = { users.users.alan = {
isNormalUser = true; isNormalUser = true;
packages = [pkgs.vim]; packages = [ pkgs.vim ];
# openssh.authorizedKeys.keys = []; # openssh.authorizedKeys.keys = [];
}; };
} }
{ {
# restic backups # restic backups
sops.secrets = { sops.secrets = {
restic-ssh-priv-key-benland = {mode = "0400";}; restic-ssh-priv-key-benland = {
mode = "0400";
};
restic-rascal-passphrase = { restic-rascal-passphrase = {
mode = "0400"; mode = "0400";
}; };
@ -703,15 +736,15 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
mode = "0400"; mode = "0400";
}; };
}; };
users.groups.restic = {}; users.groups.restic = { };
users.users.restic = { users.users.restic = {
# used for other machines to backup to # used for other machines to backup to
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
home = "/storage/backups/restic"; home = "/storage/backups/restic";
group = "restic"; group = "restic";
extraGroups = ["sftponly"]; extraGroups = [ "sftponly" ];
openssh.authorizedKeys.keys = [] ++ config.users.users.daniel.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys = [ ] ++ config.users.users.daniel.openssh.authorizedKeys.keys;
}; };
services.openssh.extraConfig = '' services.openssh.extraConfig = ''
Match Group sftponly Match Group sftponly
@ -730,38 +763,35 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
}; };
services.restic.backups = let services.restic.backups =
let
# TODO: How do I set things up so that a compromised server doesn't have access to my backups so that it can corrupt or ransomware them? # TODO: How do I set things up so that a compromised server doesn't have access to my backups so that it can corrupt or ransomware them?
defaults = { defaults = {
passwordFile = config.sops.secrets.restic-rascal-passphrase.path; passwordFile = config.sops.secrets.restic-rascal-passphrase.path;
paths = paths = config.services.restic.commonPaths ++ [
config.services.restic.commonPaths
++ [
]; ];
initialize = true; initialize = true;
exclude = []; exclude = [ ];
timerConfig = { timerConfig = {
OnCalendar = ["04:45" "17:45"]; OnCalendar = [
"04:45"
"17:45"
];
}; };
}; };
in { in
local = {
defaults local = defaults // {
// {
repository = "/storage/backups/local"; repository = "/storage/backups/local";
}; };
rascal = rascal = defaults // {
defaults
// {
extraOptions = [ extraOptions = [
''sftp.command="ssh beefcake@rascal.hare-cod.ts.net -i ${config.sops.secrets.restic-rascal-ssh-private-key.path} -s sftp"'' ''sftp.command="ssh beefcake@rascal.hare-cod.ts.net -i ${config.sops.secrets.restic-rascal-ssh-private-key.path} -s sftp"''
]; ];
repository = "sftp://beefcake@rascal.hare-cod.ts.net://storage/backups/beefcake"; repository = "sftp://beefcake@rascal.hare-cod.ts.net://storage/backups/beefcake";
}; };
# TODO: add ruby? # TODO: add ruby?
benland = benland = defaults // {
defaults
// {
extraOptions = [ extraOptions = [
''sftp.command="ssh daniel@n.benhaney.com -p 10022 -i ${config.sops.secrets.restic-ssh-priv-key-benland.path} -s sftp"'' ''sftp.command="ssh daniel@n.benhaney.com -p 10022 -i ${config.sops.secrets.restic-ssh-priv-key-benland.path} -s sftp"''
]; ];
@ -813,7 +843,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
}; };
} }
({...}: let (
{ ... }:
let
theme = pkgs.fetchzip { theme = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz"; url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz";
sha256 = "sha256-et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI="; sha256 = "sha256-et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI=";
@ -832,9 +864,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
sha256 = "sha256-CdMTRXoQ3AI76aHW/sTqvZo1q/0XQdnQs9V1vGmiffY="; sha256 = "sha256-CdMTRXoQ3AI76aHW/sTqvZo1q/0XQdnQs9V1vGmiffY=";
}; };
}; };
forgejoCustomCss = forgejoCustomCss = pkgs.writeText "iosevkalyte.css" ''
pkgs.writeText "iosevkalyte.css"
''
@font-face { @font-face {
font-family: ldiosevka; font-family: ldiosevka;
font-style: normal; font-style: normal;
@ -862,15 +892,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
--fonts-monospace: ldiosevka, ui-monospace, SFMono-Regular, "SF Mono", Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace, var(--fonts-emoji); --fonts-monospace: ldiosevka, ui-monospace, SFMono-Regular, "SF Mono", Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace, var(--fonts-emoji);
} }
''; '';
forgejoCustomHeaderTmpl = forgejoCustomHeaderTmpl = pkgs.writeText "header.tmpl" ''
pkgs.writeText "header.tmpl"
''
<link rel="stylesheet" href="/assets/css/iosevkalyte.css" /> <link rel="stylesheet" href="/assets/css/iosevkalyte.css" />
<script async="" defer="" data-domain="git.lyte.dev" src="https://a.lyte.dev/js/script.js"></script> <script async="" defer="" data-domain="git.lyte.dev" src="https://a.lyte.dev/js/script.js"></script>
''; '';
forgejoCustomHomeTmpl = forgejoCustomHomeTmpl = pkgs.writeText "home.tmpl" ''
pkgs.writeText "home.tmpl"
''
{{template "base/head" .}} {{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home"> <div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8"> <div class="tw-mb-8 tw-px-8">
@ -923,7 +949,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
</div> </div>
{{template "base/footer" .}} {{template "base/footer" .}}
''; '';
in { in
{
# systemd.tmpfiles.settings = { # systemd.tmpfiles.settings = {
# "10-forgejo" = { # "10-forgejo" = {
# "/storage/forgejo" = { # "/storage/forgejo" = {
@ -998,9 +1025,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
config.services.forgejo.stateDir config.services.forgejo.stateDir
]; ];
sops.secrets = { sops.secrets = {
"forgejo-runner.env" = {mode = "0400";}; "forgejo-runner.env" = {
mode = "0400";
}; };
systemd.services.gitea-runner-beefcake.after = ["sops-nix.service"]; };
systemd.services.gitea-runner-beefcake.after = [ "sops-nix.service" ];
systemd.services.forgejo = { systemd.services.forgejo = {
preStart = lib.mkAfter '' preStart = lib.mkAfter ''
@ -1069,7 +1098,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
''; '';
}; };
}) }
)
{ {
services.restic.commonPaths = [ services.restic.commonPaths = [
config.services.vaultwarden.backupDir config.services.vaultwarden.backupDir
@ -1100,10 +1130,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
group = "atuin"; group = "atuin";
}; };
users.extraGroups = { users.extraGroups = {
"atuin" = {}; "atuin" = { };
}; };
services.postgresql = { services.postgresql = {
ensureDatabases = ["atuin"]; ensureDatabases = [ "atuin" ];
ensureUsers = [ ensureUsers = [
{ {
name = "atuin"; name = "atuin";
@ -1246,15 +1276,18 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
]; ];
*/ */
} }
({...}: let (
{ ... }:
let
port = 26969; port = 26969;
dir = "/storage/flanilla"; dir = "/storage/flanilla";
user = "flanilla"; user = "flanilla";
in
# uid = config.users.users.flanilla.uid; # uid = config.users.users.flanilla.uid;
# gid = config.users.groups.flanilla.gid; # gid = config.users.groups.flanilla.gid;
in { {
# flanilla family minecraft server # flanilla family minecraft server
users.groups.${user} = {}; users.groups.${user} = { };
users.users.${user} = { users.users.${user} = {
isSystemUser = true; isSystemUser = true;
createHome = false; createHome = false;
@ -1269,7 +1302,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
]; ];
image = "docker.io/itzg/minecraft-server"; image = "docker.io/itzg/minecraft-server";
# user = "${toString uid}:${toString gid}"; # user = "${toString uid}:${toString gid}";
extraOptions = ["--tty" "--interactive"]; extraOptions = [
"--tty"
"--interactive"
];
environment = { environment = {
EULA = "true"; EULA = "true";
MOTD = "Flanilla Survival! Happy hunting!"; MOTD = "Flanilla Survival! Happy hunting!";
@ -1288,7 +1324,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
ENABLE_QUERY = "true"; ENABLE_QUERY = "true";
ENABLE_COMMAND_BLOCK = "true"; ENABLE_COMMAND_BLOCK = "true";
}; };
ports = ["${toString port}:25565"]; ports = [ "${toString port}:25565" ];
volumes = [ volumes = [
"${dir}/data:/data" "${dir}/data:/data"
@ -1317,20 +1353,24 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
}; };
services.restic.commonPaths = [dir]; services.restic.commonPaths = [ dir ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
port port
]; ];
}) }
({...}: let )
(
{ ... }:
let
port = 26968; port = 26968;
dir = "/storage/flanilla-creative"; dir = "/storage/flanilla-creative";
user = "flanilla"; user = "flanilla";
in
# uid = config.users.users.flanilla.uid; # uid = config.users.users.flanilla.uid;
# gid = config.users.groups.flanilla.gid; # gid = config.users.groups.flanilla.gid;
in { {
# flanilla family minecraft server # flanilla family minecraft server
users.groups.${user} = {}; users.groups.${user} = { };
users.users.${user} = { users.users.${user} = {
isSystemUser = true; isSystemUser = true;
createHome = false; createHome = false;
@ -1341,7 +1381,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
autoStart = true; autoStart = true;
image = "docker.io/itzg/minecraft-server"; image = "docker.io/itzg/minecraft-server";
# user = "${toString uid}:${toString gid}"; # user = "${toString uid}:${toString gid}";
extraOptions = ["--tty" "--interactive"]; extraOptions = [
"--tty"
"--interactive"
];
environment = { environment = {
EULA = "true"; EULA = "true";
MOTD = "Flanilla Creative! Have fun building!"; MOTD = "Flanilla Creative! Have fun building!";
@ -1360,7 +1403,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
ENABLE_QUERY = "true"; ENABLE_QUERY = "true";
ENABLE_COMMAND_BLOCK = "true"; ENABLE_COMMAND_BLOCK = "true";
}; };
ports = ["${toString port}:25565"]; ports = [ "${toString port}:25565" ];
volumes = [ volumes = [
"${dir}/data:/data" "${dir}/data:/data"
@ -1389,29 +1432,33 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
}; };
services.restic.commonPaths = [dir]; services.restic.commonPaths = [ dir ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
port port
]; ];
}) }
({ )
(
{
config, config,
options, options,
... ...
}: let }:
let
domain = "idm.h.lyte.dev"; domain = "idm.h.lyte.dev";
name = "kanidm"; name = "kanidm";
user = name; user = name;
group = name; group = name;
storage = "/storage/${name}"; storage = "/storage/${name}";
in { in
{
# kanidm # kanidm
config = { config = {
# reload certs from caddy every 5 minutes # reload certs from caddy every 5 minutes
# TODO: ideally some kind of file watcher service would make way more sense here? # TODO: ideally some kind of file watcher service would make way more sense here?
# or we could simply setup the permissions properly somehow? # or we could simply setup the permissions properly somehow?
systemd.timers."copy-kanidm-certificates-from-caddy" = { systemd.timers."copy-kanidm-certificates-from-caddy" = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnBootSec = "10m"; # 10 minutes after booting OnBootSec = "10m"; # 10 minutes after booting
OnUnitActiveSec = "5m"; # every 5 minutes afterwards OnUnitActiveSec = "5m"; # every 5 minutes afterwards
@ -1428,7 +1475,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
cd /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev cd /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev
install -m 0700 -o "${name}" -g "${name}" idm.h.lyte.dev.key idm.h.lyte.dev.crt "${storage}/certs" install -m 0700 -o "${name}" -g "${name}" idm.h.lyte.dev.key idm.h.lyte.dev.crt "${storage}/certs"
''; '';
path = with pkgs; [rsync]; path = with pkgs; [ rsync ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";
@ -1521,7 +1568,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
''; '';
}; };
}; };
}) }
)
{ {
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-audiobookshelf" = { "10-audiobookshelf" = {
@ -1548,7 +1596,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
}; };
users.groups.audiobookshelf = {}; users.groups.audiobookshelf = { };
users.users.audiobookshelf = { users.users.audiobookshelf = {
isSystemUser = true; isSystemUser = true;
group = "audiobookshelf"; group = "audiobookshelf";
@ -1584,13 +1632,25 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
job_name = "beefcake"; job_name = "beefcake";
static_configs = [ static_configs = [
{ {
targets = let inherit (config.services.prometheus.exporters.node) port listenAddress; in ["${listenAddress}:${toString port}"]; targets =
let
inherit (config.services.prometheus.exporters.node) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
} }
{ {
targets = let inherit (config.services.prometheus.exporters.zfs) port listenAddress; in ["${listenAddress}:${toString port}"]; targets =
let
inherit (config.services.prometheus.exporters.zfs) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
} }
{ {
targets = let inherit (config.services.prometheus.exporters.postgres) port listenAddress; in ["${listenAddress}:${toString port}"]; targets =
let
inherit (config.services.prometheus.exporters.postgres) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
} }
]; ];
} }
@ -1754,8 +1814,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
containers.actual = { containers.actual = {
image = "ghcr.io/actualbudget/actual-server:25.2.1"; image = "ghcr.io/actualbudget/actual-server:25.2.1";
autoStart = true; autoStart = true;
ports = ["5006:5006"]; ports = [ "5006:5006" ];
volumes = ["/storage/actual:/data"]; volumes = [ "/storage/actual:/data" ];
}; };
}; };
@ -1769,7 +1829,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
package = pkgs.factorio-headless.override { package = pkgs.factorio-headless.override {
versionsJson = ./factorio-versions.json; versionsJson = ./factorio-versions.json;
}; };
admins = ["lytedev"]; admins = [ "lytedev" ];
autosave-interval = 5; autosave-interval = 5;
game-name = "Flanwheel Online"; game-name = "Flanwheel Online";
description = "Space Age 2.0"; description = "Space Age 2.0";
@ -1783,17 +1843,22 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
extraSettingsFile = config.sops.secrets.factorio-server-settings.path; extraSettingsFile = config.sops.secrets.factorio-server-settings.path;
}; };
sops.secrets = { sops.secrets = {
factorio-server-settings = {mode = "0777";}; factorio-server-settings = {
mode = "0777";
};
}; };
} }
({ (
{
pkgs, pkgs,
config, config,
... ...
}: let }:
let
port = builtins.head config.services.conduwuit.settings.global.port; port = builtins.head config.services.conduwuit.settings.global.port;
sPort = toString port; sPort = toString port;
in { in
{
sops.secrets.matrix-registration-token-file.mode = "0400"; sops.secrets.matrix-registration-token-file.mode = "0400";
services.conduwuit = { services.conduwuit = {
enable = true; enable = true;
@ -1815,7 +1880,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
''; '';
# TODO: backups # TODO: backups
# TODO: reverse proxy # TODO: reverse proxy
}) }
)
]; ];
/* /*

25
packages/hosts/bigtower.nix
View file

@ -3,7 +3,8 @@
lib, lib,
config, config,
... ...
}: { }:
{
system.stateVersion = "24.05"; system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05"; home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "bigtower"; networking.hostName = "bigtower";
@ -14,22 +15,25 @@
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28"; device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=root"]; options = [ "subvol=root" ];
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28"; device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=nix"]; options = [ "subvol=nix" ];
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28"; device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=home"]; options = [ "subvol=home" ];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CE80-4623"; device = "/dev/disk/by-uuid/CE80-4623";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
} }
]; ];
@ -43,9 +47,14 @@
# kernelPackages = pkgs.linuxPackages_zen; # kernelPackages = pkgs.linuxPackages_zen;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci" "usbhid"]; initrd.availableKernelModules = [
kernelModules = ["kvm-amd"]; "xhci_pci"
supportedFilesystems = ["ntfs"]; "nvme"
"ahci"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "ntfs" ];
}; };
hardware.bluetooth = { hardware.bluetooth = {

61
packages/hosts/default.nix
View file

@ -8,21 +8,32 @@
nixpkgs-unstable, nixpkgs-unstable,
home-manager-unstable, home-manager-unstable,
... ...
}: let }:
baseHost = { let
baseHost =
{
nixpkgs, nixpkgs,
home-manager, home-manager,
... ...
}: (path: ({system ? "x86_64-linux"}: (nixpkgs.lib.nixosSystem { }:
(
path:
(
{
system ? "x86_64-linux",
}:
(nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
({ (
{
config, config,
lib, lib,
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = with self.outputs.nixosModules; [ imports = with self.outputs.nixosModules; [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@ -47,7 +58,7 @@
sops = { sops = {
age = { age = {
sshKeyPaths = lib.mkDefault ["/etc/ssh/ssh_host_ed25519_key"]; sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt"; keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
generateKey = lib.mkDefault true; generateKey = lib.mkDefault true;
}; };
@ -55,15 +66,16 @@
nix = { nix = {
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
registry = lib.mapAttrs (_: value: {flake = value;}) self.inputs; registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;
settings = settings = {
{ trusted-users = lib.mkDefault [ "@wheel" ];
trusted-users = lib.mkDefault ["@wheel"]; extra-experimental-features = lib.mkDefault [
extra-experimental-features = lib.mkDefault ["nix-command" "flakes"]; "nix-command"
"flakes"
];
auto-optimise-store = lib.mkDefault true; auto-optimise-store = lib.mkDefault true;
} } // self.nixConfig;
// self.nixConfig;
}; };
systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again? systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
@ -77,7 +89,7 @@
home-manager.backupFileExtension = lib.mkDefault "hm-backup"; home-manager.backupFileExtension = lib.mkDefault "hm-backup";
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = lib.mkDefault [self.constants.pubkey]; openssh.authorizedKeys.keys = lib.mkDefault [ self.constants.pubkey ];
}; };
services = { services = {
@ -123,7 +135,8 @@
useXkbConfig = lib.mkDefault true; useXkbConfig = lib.mkDefault true;
earlySetup = lib.mkDefault true; earlySetup = lib.mkDefault true;
colors = with self.constants.style.colors; colors =
with self.constants.style.colors;
lib.mkDefault [ lib.mkDefault [
bg bg
red red
@ -154,7 +167,8 @@
}; };
}; };
}; };
}) }
)
{ {
_module.args = { _module.args = {
@ -164,14 +178,17 @@
} }
(import path) (import path)
]; ];
}))); })
stableHost = baseHost {inherit nixpkgs home-manager;}; )
);
stableHost = baseHost { inherit nixpkgs home-manager; };
host = baseHost { host = baseHost {
nixpkgs = nixpkgs-unstable; nixpkgs = nixpkgs-unstable;
home-manager = home-manager-unstable; home-manager = home-manager-unstable;
}; };
in { in
beefcake = stableHost ./beefcake.nix {}; {
dragon = host ./dragon.nix {}; beefcake = stableHost ./beefcake.nix { };
arm-dragon = host ./dragon.nix {system = "aarch64-linux";}; dragon = host ./dragon.nix { };
arm-dragon = host ./dragon.nix { system = "aarch64-linux"; };
} }

20
packages/hosts/dragon.nix
View file

@ -5,7 +5,8 @@
hardware, hardware,
diskoConfigurations, diskoConfigurations,
... ...
}: { }:
{
system.stateVersion = "24.11"; system.stateVersion = "24.11";
home-manager.users.daniel.home.stateVersion = "24.11"; home-manager.users.daniel.home.stateVersion = "24.11";
networking.hostName = "dragon"; networking.hostName = "dragon";
@ -14,19 +15,26 @@
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci" "usbhid"]; initrd.availableKernelModules = [
kernelModules = ["kvm-amd"]; "xhci_pci"
supportedFilesystems = ["ntfs"]; "nvme"
"ahci"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "ntfs" ];
}; };
imports = with hardware; [ imports = with hardware; [
(diskoConfigurations.unencrypted {disk = "/dev/nvme0n1";}) (diskoConfigurations.unencrypted { disk = "/dev/nvme0n1"; })
common-cpu-amd common-cpu-amd
common-gpu-amd common-gpu-amd
common-pc-ssd common-pc-ssd
]; ];
sops.secrets.ddns-pass = {mode = "0400";}; sops.secrets.ddns-pass = {
mode = "0400";
};
services.deno-netlify-ddns-client = { services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.ddns-pass.path; passwordFile = config.sops.secrets.ddns-pass.path;
enable = true; enable = true;

43
packages/hosts/foxtrot.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
imports = [ imports = [
{ {
system.stateVersion = "24.11"; system.stateVersion = "24.11";
@ -19,7 +20,7 @@
# boot.resumeDevice = "/dev/disk/by-uuid/81c3354a-f629-4b6b-a249-7705aeb9f0d5"; # boot.resumeDevice = "/dev/disk/by-uuid/81c3354a-f629-4b6b-a249-7705aeb9f0d5";
# systemd.sleep.extraConfig = "HibernateDelaySec=180m"; # systemd.sleep.extraConfig = "HibernateDelaySec=180m";
services.fwupd.enable = true; services.fwupd.enable = true;
services.fwupd.extraRemotes = ["lvfs-testing"]; services.fwupd.extraRemotes = [ "lvfs-testing" ];
} }
]; ];
@ -75,10 +76,12 @@
} }
]; ];
}; };
services.hypridle = let services.hypridle =
let
secondsPerMinute = 60; secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute; lockSeconds = 10 * secondsPerMinute;
in { in
{
settings = { settings = {
listener = [ listener = [
{ {
@ -205,8 +208,12 @@
# NOTE(oninstall): # NOTE(oninstall):
"resume_offset=3421665" "resume_offset=3421665"
]; ];
initrd.availableKernelModules = ["xhci_pci" "nvme" "thunderbolt"]; initrd.availableKernelModules = [
kernelModules = ["kvm-amd"]; "xhci_pci"
"nvme"
"thunderbolt"
];
kernelModules = [ "kvm-amd" ];
}; };
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
@ -214,19 +221,19 @@
# simply resume the power state at the time of hibernation # simply resume the power state at the time of hibernation
powerOnBoot = false; powerOnBoot = false;
package = pkgs.bluez.overrideAttrs (finalAttrs: previousAttrs: rec { package = pkgs.bluez.overrideAttrs (
finalAttrs: previousAttrs: rec {
version = "5.78"; version = "5.78";
src = pkgs.fetchurl { src = pkgs.fetchurl {
url = "mirror://kernel/linux/bluetooth/bluez-${version}.tar.xz"; url = "mirror://kernel/linux/bluetooth/bluez-${version}.tar.xz";
sha256 = "sha256-gw/tGRXF03W43g9eb0X83qDcxf9f+z0x227Q8A1zxeM="; sha256 = "sha256-gw/tGRXF03W43g9eb0X83qDcxf9f+z0x227Q8A1zxeM=";
}; };
patches = []; patches = [ ];
buildInputs = buildInputs = previousAttrs.buildInputs ++ [
previousAttrs.buildInputs
++ [
pkgs.python3Packages.pygments pkgs.python3Packages.pygments
]; ];
}); }
);
}; };
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
/* /*
@ -269,19 +276,23 @@
}; };
*/ */
networking.firewall.allowedTCPPorts = let networking.firewall.allowedTCPPorts =
let
stardewValley = 24642; stardewValley = 24642;
factorio = 34197; factorio = 34197;
in [ in
[
8000 # dev stuff 8000 # dev stuff
factorio factorio
stardewValley stardewValley
7777 7777
]; ];
networking.firewall.allowedUDPPorts = let networking.firewall.allowedUDPPorts =
let
stardewValley = 24642; stardewValley = 24642;
factorio = 34197; factorio = 34197;
in [ in
[
8000 # dev stuff 8000 # dev stuff
factorio factorio
stardewValley stardewValley

20
packages/hosts/htpc.nix
View file

@ -3,7 +3,8 @@
config, config,
lib, lib,
... ...
}: { }:
{
networking.hostName = "htpc"; networking.hostName = "htpc";
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
@ -12,9 +13,18 @@
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true; boot.loader.grub.useOSProber = true;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = ["8821au" "8812au"]; "xhci_pci"
boot.kernelModules = ["kvm-intel"]; "ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [
"8821au"
"8812au"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ boot.extraModulePackages = [
# pkgs.rtl8811au # pkgs.rtl8811au
config.boot.kernelPackages.rtl8812au config.boot.kernelPackages.rtl8812au
@ -26,7 +36,7 @@
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = []; swapDevices = [ ];
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;

19
packages/hosts/htpifour.nix
View file

@ -5,7 +5,8 @@
outputs, outputs,
modulesPath, modulesPath,
... ...
}: { }:
{
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
networking.hostName = "htpifour"; networking.hostName = "htpifour";
@ -31,10 +32,14 @@
console.enable = false; console.enable = false;
home-manager.users.daniel = { home-manager.users.daniel = {
imports = with outputs.homeManagerModules; [linux-desktop wallpaper-manager]; imports = with outputs.homeManagerModules; [
linux-desktop
wallpaper-manager
];
}; };
environment.systemPackages = with pkgs; environment.systemPackages =
with pkgs;
#with pkgs; #with pkgs;
[ [
# libcec # libcec
@ -82,7 +87,11 @@
boot = { boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"]; initrd.availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
];
loader = { loader = {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
@ -99,7 +108,7 @@
allowedTCPPorts = [ allowedTCPPorts = [
22 # ssh 22 # ssh
]; ];
allowedUDPPorts = []; allowedUDPPorts = [ ];
}; };
}; };

32
packages/hosts/rascal.nix
View file

@ -2,13 +2,21 @@
config, config,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "uas" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.kernelModules = ["kvm-amd"]; "xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"uas"
"sd_mod"
];
boot.kernelModules = [ "kvm-amd" ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d"; device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d";
@ -25,17 +33,15 @@
device = "/dev/sda"; device = "/dev/sda";
}; };
users.groups.beefcake = {}; users.groups.beefcake = { };
users.users = { users.users = {
beefcake = { beefcake = {
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
home = "/storage/backups/beefcake"; home = "/storage/backups/beefcake";
group = "beefcake"; group = "beefcake";
extraGroups = ["sftponly"]; extraGroups = [ "sftponly" ];
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [
config.users.users.daniel.openssh.authorizedKeys.keys
++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
]; ];
@ -44,7 +50,13 @@
daniel = { daniel = {
# used for restic backups # used for restic backups
isNormalUser = true; isNormalUser = true;
extraGroups = ["users" "wheel" "video" "dialout" "uucp"]; extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
]; ];
@ -68,7 +80,7 @@
firewall = { firewall = {
enable = true; enable = true;
allowPing = true; allowPing = true;
allowedTCPPorts = [22]; allowedTCPPorts = [ 22 ];
}; };
}; };

71
packages/hosts/router.nix
View file

@ -4,7 +4,8 @@
# outputs, # outputs,
pkgs, pkgs,
... ...
}: let }:
let
/* /*
NOTE: My goal is to be able to apply most of the common tweaks to the router NOTE: My goal is to be able to apply most of the common tweaks to the router
either live on the system for ad-hoc changes (such as forwarding a port for a either live on the system for ad-hoc changes (such as forwarding a port for a
@ -83,7 +84,8 @@
"net.ipv6.conf.${interfaces.wan.name}.use_tempaddr" = 2; "net.ipv6.conf.${interfaces.wan.name}.use_tempaddr" = 2;
# "net.ipv6.conf.${interfaces.wan.name}.addr_gen_mode" = 2; # "net.ipv6.conf.${interfaces.wan.name}.addr_gen_mode" = 2;
}; };
in { in
{
imports = [ imports = [
{ {
# hardware # hardware
@ -92,31 +94,34 @@ in {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true; systemd-boot.enable = true;
}; };
initrd.availableKernelModules = ["xhci_pci"]; initrd.availableKernelModules = [ "xhci_pci" ];
initrd.kernelModules = []; initrd.kernelModules = [ ];
kernelModules = ["kvm-intel"]; kernelModules = [ "kvm-intel" ];
extraModulePackages = []; extraModulePackages = [ ];
}; };
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802"; device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=root"]; options = [ "subvol=root" ];
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802"; device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=nix"]; options = [ "subvol=nix" ];
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802"; device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=home"]; options = [ "subvol=home" ];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7F78-7AE8"; device = "/dev/disk/by-uuid/7F78-7AE8";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";
@ -131,21 +136,21 @@ in {
sops = { sops = {
defaultSopsFile = ../secrets/router/secrets.yml; defaultSopsFile = ../secrets/router/secrets.yml;
age = { age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt"; keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true; generateKey = true;
}; };
secrets = { secrets = {
netlify-ddns-password = {mode = "0400";}; netlify-ddns-password = {
mode = "0400";
};
}; };
}; };
services.deno-netlify-ddns-client = { services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path; passwordFile = config.sops.secrets.netlify-ddns-password.path;
}; };
boot.kernel.sysctl = boot.kernel.sysctl = sysctl-entries // {
sysctl-entries
// {
}; };
networking = { networking = {
@ -174,12 +179,14 @@ in {
# the main meat and potatoes for most routers, the firewall configuration # the main meat and potatoes for most routers, the firewall configuration
# TODO: IPv6 # TODO: IPv6
nftables = let nftables =
let
inf = { inf = {
lan = interfaces.lan.name; lan = interfaces.lan.name;
wan = interfaces.wan.name; wan = interfaces.wan.name;
}; };
in { in
{
enable = true; enable = true;
checkRuleset = true; checkRuleset = true;
flushRuleset = true; flushRuleset = true;
@ -460,7 +467,11 @@ in {
*/ */
enable-ra = true; enable-ra = true;
server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"]; server = [
"1.1.1.1"
"9.9.9.9"
"8.8.8.8"
];
domain-needed = true; domain-needed = true;
bogus-priv = true; bogus-priv = true;
@ -477,28 +488,36 @@ in {
dhcp-host = dhcp-host =
[ [
] ]
++ (lib.attrsets.mapAttrsToList (name: { ++ (lib.attrsets.mapAttrsToList (
name:
{
ip, ip,
identifier ? name, identifier ? name,
time ? "12h", time ? "12h",
... ...
}: "${name},${ip},${identifier},${time}") }:
hosts); "${name},${ip},${identifier},${time}"
) hosts);
address = address =
[ [
"/${hostname}.${domain}/${ip}" "/${hostname}.${domain}/${ip}"
] ]
++ (lib.lists.flatten (lib.attrsets.mapAttrsToList (name: { ++ (lib.lists.flatten (
lib.attrsets.mapAttrsToList (
name:
{
ip, ip,
additionalHosts ? [], additionalHosts ? [ ],
identifier ? name, identifier ? name,
time ? "12h", time ? "12h",
}: [ }:
[
"/${name}.${domain}/${ip}" "/${name}.${domain}/${ip}"
(lib.lists.forEach additionalHosts (h: "/${h}/${ip}")) (lib.lists.forEach additionalHosts (h: "/${h}/${ip}"))
]) ]
hosts)); ) hosts
));
# local domains # local domains
local = "/lan/"; local = "/lan/";

57
packages/hosts/thablet.nix
View file

@ -3,7 +3,8 @@
lib, lib,
config, config,
... ...
}: { }:
{
networking.hostName = "thablet"; networking.hostName = "thablet";
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
@ -17,7 +18,7 @@
environment.systemPackages = environment.systemPackages =
#with pkgs; #with pkgs;
[]; [ ];
# https://wiki.archlinux.org/title/Lenovo_ThinkPad_X1_Yoga_(Gen_3)#Using_acpi_call # https://wiki.archlinux.org/title/Lenovo_ThinkPad_X1_Yoga_(Gen_3)#Using_acpi_call
systemd.services.activate-touch-hack = { systemd.services.activate-touch-hack = {
@ -25,7 +26,12 @@
description = "Touch wake Thinkpad X1 Yoga 3rd gen hack"; description = "Touch wake Thinkpad X1 Yoga 3rd gen hack";
unitConfig = { unitConfig = {
After = ["suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target"]; After = [
"suspend.target"
"hibernate.target"
"hybrid-sleep.target"
"suspend-then-hibernate.target"
];
}; };
serviceConfig = { serviceConfig = {
@ -34,13 +40,26 @@
''; '';
}; };
wantedBy = ["suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target"]; wantedBy = [
"suspend.target"
"hibernate.target"
"hybrid-sleep.target"
"suspend-then-hibernate.target"
];
}; };
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-intel" "acpi_call"]; "nvme"
boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call]; "usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-intel"
"acpi_call"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
hardware = { hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@ -65,12 +84,20 @@
}; };
networking = { networking = {
firewall = let firewall =
let
terraria = 7777; terraria = 7777;
stardew-valley = 24642; stardew-valley = 24642;
in { in
allowedTCPPorts = [terraria stardew-valley]; {
allowedUDPPorts = [terraria stardew-valley]; allowedTCPPorts = [
terraria
stardew-valley
];
allowedUDPPorts = [
terraria
stardew-valley
];
}; };
}; };
@ -104,10 +131,12 @@
]; ];
}; };
services.hypridle = let services.hypridle =
let
secondsPerMinute = 60; secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute; lockSeconds = 10 * secondsPerMinute;
in { in
{
settings = { settings = {
listener = [ listener = [
{ {

15
packages/hosts/thinker.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
networking.hostName = "thinker"; networking.hostName = "thinker";
boot = { boot = {
@ -13,7 +14,11 @@
https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
*/ */
# kernelParams = ["boot.shell_on_fail"]; # kernelParams = ["boot.shell_on_fail"];
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"]; initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
];
}; };
home-manager.users.daniel = { home-manager.users.daniel = {
@ -39,10 +44,12 @@
} }
]; ];
}; };
services.hypridle = let services.hypridle =
let
secondsPerMinute = 60; secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute; lockSeconds = 10 * secondsPerMinute;
in { in
{
settings = { settings = {
listener = [ listener = [
{ {

14
packages/iosevkaLyteTerm.nix
View file

@ -1,6 +1,9 @@
{iosevka, ...}: let { iosevka, ... }:
let
set = "LyteTerm"; set = "LyteTerm";
in ((iosevka.override { in
(
(iosevka.override {
inherit set; inherit set;
privateBuildPlan = '' privateBuildPlan = ''
@ -122,8 +125,8 @@ in ((iosevka.override {
question = 'smooth' question = 'smooth'
punctuation-dot = 'round' punctuation-dot = 'round'
''; '';
}) }).overrideAttrs
.overrideAttrs { {
buildPhase = '' buildPhase = ''
export HOME=$TMPDIR export HOME=$TMPDIR
runHook preBuild runHook preBuild
@ -142,4 +145,5 @@ in ((iosevka.override {
install "dist/$pname/WOFF2"/* "$wfontdir" install "dist/$pname/WOFF2"/* "$wfontdir"
runHook postInstall runHook postInstall
''; '';
}) }
)

9
packages/iosevkaLyteTermSubset.nix
View file

@ -9,8 +9,13 @@ pkgs.stdenvNoCC.mkDerivation {
inherit (iosevkaLyteTerm) version; inherit (iosevkaLyteTerm) version;
pname = "${iosevkaLyteTerm.pname}Subset"; pname = "${iosevkaLyteTerm.pname}Subset";
buildInputs = [parallel] ++ (with python311Packages; [fonttools brotli]); buildInputs =
PYTHONPATH = pkgs.python3.withPackages (pp: with pp; [brotli]); [ parallel ]
++ (with python311Packages; [
fonttools
brotli
]);
PYTHONPATH = pkgs.python3.withPackages (pp: with pp; [ brotli ]);
src = iosevkaLyteTerm; src = iosevkaLyteTerm;
installPhase = '' installPhase = ''