lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Format
Some checks failed
/ check (push) Failing after 9s
Details

Browse source
This commit is contained in:
Daniel Flanagan 2025-02-14 13:31:18 -06:00
parent 8e8a483e97
commit d21df887fe
51 changed files with 4363 additions and 3873 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.helix/languages.toml
View file

@ -3,6 +3,7 @@ auto-format = true
file-types = ["nix"]
name = "nix"
scope = "source.nix"
language-servers = ["nixd", "nil"]
[language.formatter]
args = ["-"]

21
lib/colors.nix
View file

@ -1,6 +1,9 @@
{lib, ...}: {
schemes = let
mkColorScheme = scheme @ {
{ lib, ... }:
{
schemes =
let
mkColorScheme =
scheme@{
scheme-name,
bg,
bg2,
@ -19,9 +22,9 @@
green,
# teal,
blue,
}: let
base =
{
}:
let
base = {
text = fg;
primary = blue;
urgent = red;
@ -46,14 +49,14 @@
# whites
"7" = fg2;
"15" = fg3;
}
// scheme;
} // scheme;
in
base
// {
withHashPrefix = lib.mapAttrs (_: value: "#${value}") base;
};
in {
in
{
donokai = mkColorScheme {
scheme-name = "donokai";
bg = "110f0a";

20
lib/default.nix
View file

@ -1,10 +1,18 @@
{self, ...}: let
{ self, ... }:
let
forSelfOverlay =
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays
then self.overlays.forSelf
else (_: p: p);
in rec {
systems = ["aarch64-linux" "aarch64-darwin" "x86_64-darwin" "x86_64-linux"];
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays then
self.overlays.forSelf
else
(_: p: p);
in
rec {
systems = [
"aarch64-linux"
"aarch64-darwin"
"x86_64-darwin"
"x86_64-linux"
];
forSystems = nixpkgs: nixpkgs.lib.genAttrs systems;
pkgsFor = nixpkgs: system: (import nixpkgs { inherit system; }).extend forSelfOverlay;
genPkgs = nixpkgs: func: (forSystems nixpkgs (system: func (pkgsFor nixpkgs system)));

66
lib/disko/default.nix
View file

@ -1,8 +1,10 @@
{nixpkgs-unstable, ...}: let
{ nixpkgs-unstable, ... }:
let
# TODO: This file needs some serious cleaning up.
lib = nixpkgs-unstable.lib;
inherit (lib.attrsets) mapAttrs' filterAttrs;
ESP = inputs @ {
ESP =
inputs@{
size ? "4G",
label ? "ESP",
name ? "ESP",
@ -24,8 +26,10 @@
};
}
// inputs;
in rec {
standardWithHibernateSwap = {
in
rec {
standardWithHibernateSwap =
{
esp ? {
label = "ESP";
size = "4G";
@ -36,7 +40,8 @@ in rec {
disk,
swapSize,
...
}: {
}:
{
/*
this is my standard partitioning scheme for my machines which probably want hibernation capabilities
a UEFI-compatible boot partition
@ -85,7 +90,10 @@ in rec {
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
@ -109,7 +117,8 @@ in rec {
};
};
standard = {
standard =
{
esp ? {
label = "ESP";
size = "4G";
@ -117,7 +126,8 @@ in rec {
},
disk,
...
}: {
}:
{
# this is my standard partitioning scheme for my machines: an LUKS-encrypted
# btrfs volume
disko.devices = {
@ -153,7 +163,10 @@ in rec {
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
@ -175,7 +188,9 @@ in rec {
};
};
unencrypted = {disk, ...}: {
unencrypted =
{ disk, ... }:
{
disko.devices = {
disk = {
primary = {
@ -202,7 +217,10 @@ in rec {
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
@ -214,7 +232,8 @@ in rec {
};
};
beefcake = let
beefcake =
let
zpools = {
zroot = {
/*
@ -385,24 +404,33 @@ in rec {
};
};
diskoBoot = mapAttrs' (device: {name, ...}: {
diskoBoot = mapAttrs' (
device:
{ name, ... }:
{
name = "boot-${name}";
value = {
inherit device;
type = "disk";
content = diskClass.boot.content;
};
}) (filterAttrs (_: {enable, ...}: enable) bootDisks);
}
) (filterAttrs (_: { enable, ... }: enable) bootDisks);
diskoStorage = mapAttrs' (device: {name, ...}: {
diskoStorage = mapAttrs' (
device:
{ name, ... }:
{
name = "storage-${name}";
value = {
inherit device;
type = "disk";
content = diskClass.storage.content;
};
}) (filterAttrs (_: {enable, ...}: enable) storageDisks);
in {
}
) (filterAttrs (_: { enable, ... }: enable) storageDisks);
in
{
disko.devices = {
disk = diskoBoot // diskoStorage;
zpool = {
@ -411,7 +439,9 @@ in rec {
};
};
legacy = {disks, ...}: {
legacy =
{ disks, ... }:
{
disko.devices = {
disk = {
primary = {

5
lib/modules/home/eww/scripts/workspaces/default.nix
View file

@ -1,4 +1,7 @@
{pkgs ? import <nixpkgs> {}}: let
{
pkgs ? import <nixpkgs> { },
}:
let
# lock = builtins.fromJSON (builtins.readFile ../../../../../flake.lock);
# nixpkgsRev = lock.nodes.nixpkgs.locked.rev;
# pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgsRev}.tar.gz") {};

17
lib/modules/home/hyprland.nix
View file

@ -5,9 +5,11 @@
lib,
# font,
...
}: let
}:
let
inherit (style) colors;
in {
in
{
# TODO: Hyprland seems to sometimes use a ton of CPU?
home.packages = with pkgs; [
@ -217,7 +219,10 @@ in {
];
# Move/resize windows with mod + LMB/RMB and dragging
bindm = ["$mod, mouse:272, movewindow" "$mod, mouse:273, resizewindow"];
bindm = [
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
};
extraConfig = ''
@ -376,10 +381,12 @@ in {
};
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
enable = true;
settings = {
general = {

3
lib/modules/home/kitty.nix
View file

@ -2,7 +2,8 @@
colors,
font,
...
}: {
}:
{
programs.kitty = {
enable = true;
darwinLaunchOptions = [ "--single-instance" ];

52
lib/modules/home/plasma-manager.nix
View file

@ -15,10 +15,19 @@
"kmix"."increase_microphone_volume" = "Microphone Volume Up";
"kmix"."increase_volume" = "Volume Up";
"kmix"."increase_volume_small" = "Shift+Volume Up";
"kmix"."mic_mute" = ["Microphone Mute" "Meta+Volume Mute,Microphone Mute" "Meta+Shift+V" "Meta+Volume Mute,Mute Microphone"];
"kmix"."mic_mute" = [
"Microphone Mute"
"Meta+Volume Mute,Microphone Mute"
"Meta+Shift+V"
"Meta+Volume Mute,Mute Microphone"
];
"kmix"."mute" = "Volume Mute";
# "ksmserver"."Halt Without Confirmation" = "none,,Shut Down Without Confirmation";
"ksmserver"."Lock Session" = ["Meta+Ctrl+Shift+L" "Screensaver,Meta+L" "Screensaver,Lock Session"];
"ksmserver"."Lock Session" = [
"Meta+Ctrl+Shift+L"
"Screensaver,Meta+L"
"Screensaver,Lock Session"
];
# "ksmserver"."Log Out" = "Ctrl+Alt+Del";
# "ksmserver"."Log Out Without Confirmation" = "none,,Log Out Without Confirmation";
# "ksmserver"."LogOut" = "none,,Log Out";
@ -31,7 +40,11 @@
# "kwin"."Decrease Opacity" = "none,,Decrease Opacity of Active Window by 5%";
# "kwin"."Edit Tiles" = "Meta+T";
"kwin"."Expose" = "Ctrl+F9";
"kwin"."ExposeAll" = ["Ctrl+F10" "Launch (C),Ctrl+F10" "Launch (C),Toggle Present Windows (All desktops)"];
"kwin"."ExposeAll" = [
"Ctrl+F10"
"Launch (C),Ctrl+F10"
"Launch (C),Toggle Present Windows (All desktops)"
];
"kwin"."ExposeClass" = "Ctrl+F7";
"kwin"."ExposeClassCurrentDesktop" = [ ];
"kwin"."Grid View" = "Meta+G";
@ -96,11 +109,14 @@
"kwin"."Walk Through Windows" = "Alt+Tab";
"kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
"kwin"."Walk Through Windows Alternative" = "none,,Walk Through Windows Alternative";
"kwin"."Walk Through Windows Alternative (Reverse)" = "none,,Walk Through Windows Alternative (Reverse)";
"kwin"."Walk Through Windows Alternative (Reverse)" =
"none,,Walk Through Windows Alternative (Reverse)";
"kwin"."Walk Through Windows of Current Application" = "Alt+`";
"kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~";
"kwin"."Walk Through Windows of Current Application Alternative" = "none,,Walk Through Windows of Current Application Alternative";
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" = "none,,Walk Through Windows of Current Application Alternative (Reverse)";
"kwin"."Walk Through Windows of Current Application Alternative" =
"none,,Walk Through Windows of Current Application Alternative";
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" =
"none,,Walk Through Windows of Current Application Alternative (Reverse)";
"kwin"."Window Above Other Windows" = "none,,Keep Window Above Others";
"kwin"."Window Below Other Windows" = "none,,Keep Window Below Others";
"kwin"."Window Close" = "Alt+F4";
@ -175,7 +191,11 @@
"kwin"."Window to Screen 6" = "none,,Move Window to Screen 6";
"kwin"."Window to Screen 7" = "none,,Move Window to Screen 7";
"kwin"."view_actual_size" = "Meta+0";
"kwin"."view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
"kwin"."view_zoom_in" = [
"Meta++"
"Meta+=,Meta++"
"Meta+=,Zoom In"
];
"kwin"."view_zoom_out" = "Meta+-";
"mediacontrol"."mediavolumedown" = "none,,Media volume down";
"mediacontrol"."mediavolumeup" = "none,,Media volume up";
@ -197,8 +217,16 @@
"org_kde_powerdevil"."Sleep" = "Sleep";
"org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off";
"org_kde_powerdevil"."Turn Off Screen" = [ ];
"org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"];
"plasmashell"."activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"];
"org_kde_powerdevil"."powerProfile" = [
"Battery"
"Meta+B,Battery"
"Meta+B,Switch Power Profile"
];
"plasmashell"."activate application launcher" = [
"Meta"
"Alt+F1,Meta"
"Alt+F1,Activate Application Launcher"
];
"plasmashell"."activate task manager entry 1" = "Meta+1";
"plasmashell"."activate task manager entry 10" = "none,Meta+0,Activate Task Manager Entry 10";
"plasmashell"."activate task manager entry 2" = "Meta+2";
@ -228,7 +256,8 @@
};
configFile = {
"baloofilerc"."General"."dbVersion" = 2;
"baloofilerc"."General"."exclude filters" = "*~,*.part,*.o,*.la,*.lo,*.loT,*.moc,moc_*.cpp,qrc_*.cpp,ui_*.h,cmake_install.cmake,CMakeCache.txt,CTestTestfile.cmake,libtool,config.status,confdefs.h,autom4te,conftest,confstat,Makefile.am,*.gcode,.ninja_deps,.ninja_log,build.ninja,*.csproj,*.m4,*.rej,*.gmo,*.pc,*.omf,*.aux,*.tmp,*.po,*.vm*,*.nvram,*.rcore,*.swp,*.swap,lzo,litmain.sh,*.orig,.histfile.*,.xsession-errors*,*.map,*.so,*.a,*.db,*.qrc,*.ini,*.init,*.img,*.vdi,*.vbox*,vbox.log,*.qcow2,*.vmdk,*.vhd,*.vhdx,*.sql,*.sql.gz,*.ytdl,*.tfstate*,*.class,*.pyc,*.pyo,*.elc,*.qmlc,*.jsc,*.fastq,*.fq,*.gb,*.fasta,*.fna,*.gbff,*.faa,po,CVS,.svn,.git,_darcs,.bzr,.hg,CMakeFiles,CMakeTmp,CMakeTmpQmake,.moc,.obj,.pch,.uic,.npm,.yarn,.yarn-cache,__pycache__,node_modules,node_packages,nbproject,.terraform,.venv,venv,core-dumps,lost+found";
"baloofilerc"."General"."exclude filters" =
"*~,*.part,*.o,*.la,*.lo,*.loT,*.moc,moc_*.cpp,qrc_*.cpp,ui_*.h,cmake_install.cmake,CMakeCache.txt,CTestTestfile.cmake,libtool,config.status,confdefs.h,autom4te,conftest,confstat,Makefile.am,*.gcode,.ninja_deps,.ninja_log,build.ninja,*.csproj,*.m4,*.rej,*.gmo,*.pc,*.omf,*.aux,*.tmp,*.po,*.vm*,*.nvram,*.rcore,*.swp,*.swap,lzo,litmain.sh,*.orig,.histfile.*,.xsession-errors*,*.map,*.so,*.a,*.db,*.qrc,*.ini,*.init,*.img,*.vdi,*.vbox*,vbox.log,*.qcow2,*.vmdk,*.vhd,*.vhdx,*.sql,*.sql.gz,*.ytdl,*.tfstate*,*.class,*.pyc,*.pyo,*.elc,*.qmlc,*.jsc,*.fastq,*.fq,*.gb,*.fasta,*.fna,*.gbff,*.faa,po,CVS,.svn,.git,_darcs,.bzr,.hg,CMakeFiles,CMakeTmp,CMakeTmpQmake,.moc,.obj,.pch,.uic,.npm,.yarn,.yarn-cache,__pycache__,node_modules,node_packages,nbproject,.terraform,.venv,venv,core-dumps,lost+found";
"baloofilerc"."General"."exclude filters version" = 9;
"dolphinrc"."General"."ViewPropsTimestamp" = "2025,1,11,13,50,1.5779999999999998";
"dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false;
@ -247,7 +276,8 @@
"kwinrc"."Desktops"."Number" = 1;
"kwinrc"."Desktops"."Rows" = 1;
"kwinrc"."Tiling"."padding" = 4;
"kwinrc"."Tiling/f18ce12b-2106-508f-9542-e4e6c6fbf75f"."tiles" = "{\"layoutDirection\":\"horizontal\",\"tiles\":[{\"width\":0.25},{\"width\":0.5},{\"width\":0.25}]}";
"kwinrc"."Tiling/f18ce12b-2106-508f-9542-e4e6c6fbf75f"."tiles" =
"{\"layoutDirection\":\"horizontal\",\"tiles\":[{\"width\":0.25},{\"width\":0.5},{\"width\":0.25}]}";
"kwinrc"."Xwayland"."Scale" = 1.75;
"plasma-localerc"."Formats"."LANG" = "en_US.UTF-8";
};

9
lib/modules/home/sway.nix
View file

@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
programs.foot = {
enable = true;
};
@ -175,10 +176,12 @@
# pointer_accel
};
};
keybindings = let
keybindings =
let
mod = config.wayland.windowManager.sway.config.modifier;
menu = "tofi-run | xargs swaymsg exec --";
in {
in
{
"${mod}+control+space" = "exec makoctl dismiss";
"${mod}+shift+space" = "exec makoctl invoke";
# "${mod}+return" = "exec kitty --single-instance";

3
lib/modules/home/swaylock.nix
View file

@ -1,4 +1,5 @@
{style, ...}: {
{ style, ... }:
{
programs.swaylock = {
enable = true;
settings = {

19
lib/modules/home/waybar.nix
View file

@ -2,14 +2,18 @@
pkgs,
style,
...
}: {
}:
{
programs.waybar = {
enable = true;
settings = {
mainBar = {
"layer" = "top";
"position" = "bottom";
"output" = ["eDP-1" "DP-3"];
"output" = [
"eDP-1"
"DP-3"
];
"height" = 50;
"modules-left" = [
"idle_inhibitor"
@ -94,7 +98,10 @@
"backlight" = {
# "device" = "acpi_video1";
"format" = "{percent}%\n{icon}";
"format-icons" = ["" ""];
"format-icons" = [
""
""
];
"justify" = "center";
};
"battery" = {
@ -145,10 +152,12 @@
};
};
};
style = let
style =
let
border-width = "0px";
in
with style.colors.withHashPrefix; ''
with style.colors.withHashPrefix;
''
* {
border-radius: 0;
font-family: "${style.font.name}", "Symbols Nerd Font Mono", sans-serif;

6
lib/modules/nixos/conduwuit.nix
View file

@ -4,13 +4,15 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.services.conduwuit;
defaultUser = "conduwuit";
defaultGroup = "conduwuit";
format = pkgs.formats.toml { };
configFile = format.generate "conduwuit.toml" cfg.settings;
in {
in
{
meta.maintainers = with lib.maintainers; [ niklaskorz ];
options.services.conduwuit = {
enable = lib.mkEnableOption "conduwuit";

235
lib/modules/nixos/default.nix
View file

@ -1,8 +1,15 @@
{self, ...}: let
{ self, ... }:
let
inherit (self) outputs;
inherit (outputs) nixosModules homeManagerModules overlays constants;
inherit (outputs)
nixosModules
homeManagerModules
overlays
constants
;
inherit (constants) pubkey;
in {
in
{
shell-defaults-and-applications = import ./shell-config.nix;
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
@ -48,14 +55,22 @@ in {
# };
# };
ewwbar = {pkgs, ...}: {
ewwbar =
{ pkgs, ... }:
{
# imports = with nixosModules; [];
environment.systemPackages = with pkgs; [eww upower jq];
environment.systemPackages = with pkgs; [
eww
upower
jq
];
# TODO: include the home-manager modules for daniel?
};
niri = {pkgs, ...}: {
niri =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ niri ];
systemd.user.services.polkit = {
@ -79,7 +94,9 @@ in {
services.gnome.gnome-keyring.enable = true;
};
hyprland = {pkgs, ...}: {
hyprland =
{ pkgs, ... }:
{
imports = with nixosModules; [
ewwbar
pipewire
@ -88,7 +105,11 @@ in {
programs.hyprland = {
enable = true;
};
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge netcat-openbsd];
environment.systemPackages = with pkgs; [
hyprpaper
xwaylandvideobridge
netcat-openbsd
];
home-manager.users.daniel = {
imports = with homeManagerModules; [
@ -99,7 +120,9 @@ in {
# TODO: include the home-manager modules for daniel?
};
sway = {pkgs, ...}: {
sway =
{ pkgs, ... }:
{
imports = with nixosModules; [
pipewire
];
@ -108,7 +131,11 @@ in {
description = "wait for systemd units to have full PATH";
wantedBy = [ "xdg-desktop-portal.service" ];
before = [ "xdg-desktop-portal.service" ];
path = with pkgs; [systemd coreutils gnugrep];
path = with pkgs; [
systemd
coreutils
gnugrep
];
script = ''
ispresent () {
systemctl --user show-environment | grep -E '^PATH=.*/.nix-profile/bin'
@ -156,7 +183,10 @@ in {
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
};
services.gvfs = {
@ -211,11 +241,13 @@ in {
};
};
remote-disk-key-entry-on-boot = {
remote-disk-key-entry-on-boot =
{
lib,
pkgs,
...
}: {
}:
{
/*
https://nixos.wiki/wiki/Remote_disk_unlocking
"When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
@ -237,7 +269,9 @@ in {
};
};
laptop = {pkgs, ...}: {
laptop =
{ pkgs, ... }:
{
imports = with nixosModules; [
family-users
wifi
@ -277,7 +311,9 @@ in {
};
};
touchscreen = {pkgs, ...}: {
touchscreen =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
wvkbd # on-screen keyboard
flakeInputs.iio-hyprland.outputs.packages.${system}.default # auto-rotate hyprland displays
@ -285,7 +321,9 @@ in {
];
};
emacs = {pkgs, ...}: {
emacs =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
emacs
];
@ -297,11 +335,13 @@ in {
};
};
development-tools = {
development-tools =
{
pkgs,
lib,
...
}: {
}:
{
imports = with nixosModules; [
postgres
podman
@ -385,7 +425,9 @@ in {
};
};
troubleshooting-tools = {pkgs, ...}: {
troubleshooting-tools =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
iftop
bottom
@ -403,7 +445,9 @@ in {
];
};
music-consumption = {pkgs, ...}: {
music-consumption =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
spotube
@ -412,7 +456,9 @@ in {
};
};
video-tools = {pkgs, ...}: {
video-tools =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
ffmpeg-full
@ -428,13 +474,15 @@ in {
# environment.systemPackages = [pkgs.android-studio];
# };
graphical-workstation = {
graphical-workstation =
{
pkgs,
lib,
options,
config,
...
}: {
}:
{
imports = with nixosModules; [
sway
# hyprland
@ -454,8 +502,8 @@ in {
xdg.portal.enable = true;
hardware =
if builtins.hasAttr "graphics" options.hardware
then {
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
enable32Bit = true;
@ -465,7 +513,8 @@ in {
*/
};
}
else {
else
{
opengl = {
enable = true;
driSupport32Bit = true;
@ -490,11 +539,13 @@ in {
};
};
gnome = {
gnome =
{
pkgs,
lib,
...
}: {
}:
{
imports = with nixosModules; [ pipewire ];
services = {
@ -548,7 +599,9 @@ in {
};
};
radio-tools = {pkgs, ...}: {
radio-tools =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
chirp
@ -568,23 +621,28 @@ in {
*/
};
fonts = {pkgs, ...}: {
fonts =
{ pkgs, ... }:
{
fonts.packages = [
(
# allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs
then (pkgs.nerd-fonts.symbols-only)
else (pkgs.nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];})
if builtins.hasAttr "nerd-fonts" pkgs then
(pkgs.nerd-fonts.symbols-only)
else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
)
pkgs.iosevkaLyteTerm
];
};
plasma6 = {
plasma6 =
{
pkgs,
lib,
...
}: {
}:
{
imports = with nixosModules; [
kde-connect
pipewire
@ -647,7 +705,9 @@ in {
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
};
lutris = {pkgs, ...}: {
lutris =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
wineWowPackages.waylandFull
@ -657,7 +717,9 @@ in {
};
};
gaming = {pkgs, ...}: {
gaming =
{ pkgs, ... }:
{
imports = with nixosModules; [
# lutris # use the flatpak
steam # TODO: use the flatpak?
@ -685,7 +747,12 @@ in {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"];
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
extraConfig.pipewire."91-null-sinks" = {
@ -767,12 +834,14 @@ in {
*/
};
podman = {
podman =
{
pkgs,
config,
lib,
...
}: {
}:
{
config = lib.mkIf config.virtualisation.podman.enable {
environment = {
systemPackages = with pkgs; [
@ -803,23 +872,27 @@ in {
};
};
virtual-machines = {
virtual-machines =
{
pkgs,
lib,
config,
...
}: {
}:
{
config = lib.mkIf config.virtualisation.libvirtd.enable {
users.users.daniel.extraGroups = [ "libvirtd" ];
};
};
postgres = {
postgres =
{
pkgs,
lib,
config,
...
}: {
}:
{
config = lib.mkIf config.services.postgresql.enable {
# this is really just for development usage
services.postgresql = {
@ -863,14 +936,17 @@ in {
};
};
desktop = {
desktop =
{
pkgs,
lib,
config,
...
}: let
}:
let
cfg = config.lyte.desktop;
in {
in
{
options = {
lyte = {
desktop = {
@ -892,12 +968,14 @@ in {
};
};
printing = {
printing =
{
pkgs,
lib,
config,
...
}: {
}:
{
config = lib.mkIf config.services.printing.enable {
services.printing.browsing = true;
services.printing.browsedConf = ''
@ -912,14 +990,17 @@ in {
};
};
wifi = {
wifi =
{
lib,
config,
...
}: let
}:
let
inherit (lib) mkDefault;
cfg = config.networking.wifi;
in {
in
{
options = {
networking.wifi.enable = lib.mkEnableOption "Enable wifi via NetworkManager";
};
@ -958,7 +1039,9 @@ in {
};
};
steam = {pkgs, ...}: {
steam =
{ pkgs, ... }:
{
programs.gamescope.enable = true;
programs.steam = {
@ -993,11 +1076,13 @@ in {
*/
};
root = {
root =
{
pkgs,
lib,
...
}: {
}:
{
users.users.root = {
home = "/root";
createHome = true;
@ -1015,14 +1100,17 @@ in {
};
};
daniel = {
daniel =
{
pkgs,
lib,
config,
...
}: let
}:
let
username = "daniel";
in {
in
{
imports = [
{
config = lib.mkIf config.lyte.shell.enable {
@ -1043,7 +1131,14 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [ pubkey ];
group = username;
extraGroups = ["users" "wheel" "video" "dialout" "uucp" "kvm"];
extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
"kvm"
];
packages = [ ];
};
home-manager.users.daniel = {
@ -1071,9 +1166,11 @@ in {
};
};
valerie = let
valerie =
let
username = "valerie";
in {
in
{
users.groups.${username} = { };
users.users.${username} = {
isNormalUser = true;
@ -1081,14 +1178,19 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [ pubkey ];
group = username;
extraGroups = ["users" "video"];
extraGroups = [
"users"
"video"
];
packages = [ ];
};
};
flanfam = let
flanfam =
let
username = "flanfam";
in {
in
{
users.groups.${username} = { };
users.users.${username} = {
isNormalUser = true;
@ -1096,7 +1198,10 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [ pubkey ];
group = username;
extraGroups = ["users" "video"];
extraGroups = [
"users"
"video"
];
packages = [ ];
};
};

13
lib/modules/nixos/deno-netlify-ddns-client.nix
View file

@ -3,11 +3,18 @@
config,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkOption types mkIf;
}:
let
inherit (lib)
mkEnableOption
mkOption
types
mkIf
;
inherit (lib.strings) optionalString;
cfg = config.services.deno-netlify-ddns-client;
in {
in
{
options.services.deno-netlify-ddns-client = {
enable = mkEnableOption "Enable the deno-netlify-ddns client.";
username = mkOption {

3
lib/modules/nixos/gnome.nix
View file

@ -2,7 +2,8 @@
pkgs,
lib,
...
}: {
}:
{
imports = [ ./pipewire.nix ];
# mkForce is used liberally to take precedence over KDE Plasma

6
lib/modules/nixos/shell-config.nix
View file

@ -3,9 +3,11 @@
pkgs,
config,
...
}: let
}:
let
cfg = config.lyte.shell;
in {
in
{
options = {
lyte = {
shell = {

10
lib/overlays/default.nix
View file

@ -3,7 +3,8 @@
nixpkgs,
nixpkgs-unstable,
...
} @ inputs: {
}@inputs:
{
default = final: _prev: {
overlays = with self.overlays; [
additions
@ -14,9 +15,12 @@
additions = final: prev: (prev // self.outputs.packages.${prev.system});
modifications = final: prev: let
modifications =
final: prev:
let
inherit (inputs) helix ghostty;
in {
in
{
ghostty = ghostty.outputs.packages.${prev.system}.default;
helix = helix.outputs.packages.${prev.system}.default;
bitwarden = self.outputs.packages.${prev.system}.bitwarden;

19
lib/templates/deno/flake.nix
View file

@ -1,10 +1,12 @@
{
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
}: let
}:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
@ -14,10 +16,14 @@
"aarch64-darwin"
];
forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems;
in {
devShells = forEachSupportedSystem (system: let
in
{
devShells = forEachSupportedSystem (
system:
let
pkgs = import nixpkgs { inherit system; };
in {
in
{
deno-dev = pkgs.mkShell {
buildInputs = with pkgs; [
vscode-langservers-extracted
@ -29,6 +35,7 @@
};
default = outputs.devShells.${system}.deno-dev;
});
}
);
};
}

7
lib/templates/elixir/flake.nix
View file

@ -5,9 +5,12 @@
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs: let
outputs =
inputs:
let
inherit (import nix/boilerplate.nix inputs) call;
in {
in
{
overlays = import nix/overlays.nix;
packages = call (import nix/packages.nix);
checks = call (import nix/checks.nix);

17
lib/templates/elixir/nix/boilerplate.nix
View file

@ -2,13 +2,18 @@ inputs @ {
nixpkgs,
self,
...
}: let
}:
let
forSelfOverlay =
if builtins.hasAttr "forSelf" self.overlays
then self.overlays.forSelf
else (_: p: p);
in rec {
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"];
if builtins.hasAttr "forSelf" self.overlays then self.overlays.forSelf else (_: p: p);
in
rec {
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: ((import nixpkgs { inherit system; }).extend forSelfOverlay);
genPkgs = func: (forSystems (system: func (pkgsFor system)));

12
lib/templates/elixir/nix/checks.nix
View file

@ -2,19 +2,23 @@
git-hooks,
pkgs,
...
}: let
hook = {
}:
let
hook =
{
command,
stages ? [ "pre-commit" ],
...
}: {
}:
{
inherit stages;
enable = true;
name = command;
entry = command;
pass_filenames = false;
};
in {
in
{
git-hooks = git-hooks.lib.${pkgs.system}.run {
src = ./..;
hooks = {

6
lib/templates/elixir/nix/packages.nix
View file

@ -2,11 +2,13 @@
pkgs,
self,
...
}: let
}:
let
version = "1.0.0";
src = ../.;
pname = "my-package";
in {
in
{
${pname} = pkgs.mixRelease {
inherit pname version src;
mixFodDeps = pkgs.fetchMixDeps {

3
lib/templates/elixir/nix/shells.nix
View file

@ -2,7 +2,8 @@
pkgs,
self,
...
}: {
}:
{
elixir-dev = pkgs.mkShell {
shellHook = ''
${self.checks.${pkgs.system}.git-hooks.shellHook}

16
lib/templates/gleam/flake.nix
View file

@ -1,15 +1,23 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
...
}: let
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"];
}:
let
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: (import nixpkgs { inherit system; }).extend self.outputs.overlays.default;
genPkgs = func: (forSystems (system: func (pkgsFor system)));
in {
in
{
overlays.default = final: prev: {
erlangPackages = prev.beam.packagesWith prev.erlang_27;
erlang = final.erlangPackages.erlang;

24
lib/templates/godot/flake.nix
View file

@ -1,11 +1,13 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
...
}: let
}:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
@ -16,17 +18,25 @@
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in {
devShells = forAllSystems (system: let
in
{
devShells = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system; };
in {
in
{
default = outputs.devShells.${system}.godot;
godot = pkgs.mkShell {
buildInputs = with pkgs; [godot_4 gdtoolkit];
buildInputs = with pkgs; [
godot_4
gdtoolkit
];
shellHook = ''
echo -e "\e[0;30m\e[43m Use 'godot4 -e' to run the editor for this project. \e[0;30m\e[0m"
'';
};
});
}
);
};
}

19
lib/templates/nim/flake.nix
View file

@ -1,9 +1,11 @@
{
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
}: let
}:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
@ -13,10 +15,14 @@
"aarch64-darwin"
];
forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems;
in {
devShells = forEachSupportedSystem (system: let
in
{
devShells = forEachSupportedSystem (
system:
let
pkgs = import nixpkgs { inherit system; };
in {
in
{
nim-dev = pkgs.mkShell {
buildInputs = with pkgs; [
nim
@ -26,6 +32,7 @@
};
default = outputs.devShells.${system}.nim-dev;
});
}
);
};
}

7
lib/templates/rust/flake.nix
View file

@ -2,9 +2,12 @@
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
inputs.git-hooks.url = "github:cachix/git-hooks.nix";
inputs.git-hooks.inputs.nixpkgs.follows = "nixpkgs";
outputs = inputs: let
outputs =
inputs:
let
inherit (import nix/boilerplate.nix inputs) call genPkgs;
in {
in
{
# overlays = import nix/overlays.nix;
checks = call (import nix/checks.nix);
packages = call (import nix/packages.nix);

20
lib/templates/rust/nix/boilerplate.nix
View file

@ -2,13 +2,21 @@ inputs @ {
nixpkgs,
self,
...
}: let
}:
let
forSelfOverlay =
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays
then self.overlays.forSelf
else (_: p: p);
in rec {
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"];
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays then
self.overlays.forSelf
else
(_: p: p);
in
rec {
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: ((import nixpkgs { inherit system; }).extend forSelfOverlay);
genPkgs = func: (forSystems (system: func (pkgsFor system)));

3
lib/templates/rust/nix/checks.nix
View file

@ -2,7 +2,8 @@
pkgs,
git-hooks,
...
}: {
}:
{
git-hooks = git-hooks.lib.${pkgs.system}.run {
src = ./..;
hooks = {

6
lib/templates/rust/nix/packages.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (builtins) fromTOML readFile;
pname = "my-package";
src = ./..;
@ -20,7 +21,8 @@
cargoHash = pkgs.lib.fakeHash;
useFetchCargoVendor = true;
};
in {
in
{
${pname} = main-package;
default = main-package;
}

6
lib/templates/rust/nix/shells.nix
View file

@ -2,9 +2,11 @@
self,
pkgs,
...
}: let
}:
let
inherit (pkgs) system;
in {
in
{
default = pkgs.mkShell {
inherit (self.checks.${system}.git-hooks) shellHook;
inputsFrom = [ self.packages.${system}.default ];

1
nix/boilerplate.nix
View file

@ -1 +0,0 @@

3
nix/constants.nix
View file

@ -1,4 +1,5 @@
{nixpkgs, ...}: {
{ nixpkgs, ... }:
{
style = {
colors = (import ./lib/colors.nix { inherit (nixpkgs) lib; }).schemes.catppuccin-mocha-sapphire;

28
nix/machines.nix
View file

@ -1,5 +1,6 @@
beefcake = let
{
beefcake =
let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
@ -38,7 +39,6 @@
];
};
htpc = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
@ -113,7 +113,9 @@
./nixos/foxtrot.nix
({pkgs, ...}: {
(
{ pkgs, ... }:
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
senpai
@ -126,8 +128,7 @@
};
environment.systemPackages = with pkgs; [
fw-ectool
(writeShellApplication
{
(writeShellApplication {
name = "reset-wifi-module";
runtimeInputs = with pkgs; [ kmod ];
text = ''
@ -135,8 +136,7 @@
modprobe -v mt7921e
'';
})
(writeShellApplication
{
(writeShellApplication {
name = "perfmode";
# we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system
# otherwise, they will likely have no effect anyways
@ -145,8 +145,7 @@
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz'
'';
})
(writeShellApplication
{
(writeShellApplication {
name = "battmode";
text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver'
@ -154,7 +153,8 @@
'';
})
];
})
}
)
];
};
@ -372,7 +372,8 @@
# .outputs
# .disk-image;
pinephone = let
pinephone =
let
inherit (nixpkgs-unstable) lib;
in
lib.nixosSystem {
@ -434,5 +435,4 @@
}
];
};
};
}

3
nix/users.nix
View file

@ -1,5 +1,6 @@
{
"deck" = let
"deck" =
let
system = "x86_64-linux";
pkgs = unstable.pkgsFor system;
in

6
packages/default.nix
View file

@ -1,6 +1,8 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
iosevkaLyteTerm = pkgs.callPackage ./iosevkaLyteTerm.nix { };
in {
in
{
inherit iosevkaLyteTerm;
iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix {

3
packages/hosts/base.nix
View file

@ -2,7 +2,8 @@
config,
outputs,
...
}: {
}:
{
# a minimal, familiar setup that I can bootstrap atop
imports = with outputs.nixosModules; [
# may need to be tweaked based on the machine's paritioning scheme

190
packages/hosts/beefcake.nix
View file

@ -16,7 +16,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
config,
pkgs,
...
}: {
}:
{
system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "beefcake";
@ -36,7 +37,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
zfs = true;
};
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
initrd.availableKernelModules = ["ehci_pci" "mpt3sas" "usbhid" "sd_mod"];
initrd.availableKernelModules = [
"ehci_pci"
"mpt3sas"
"usbhid"
"sd_mod"
];
kernelModules = [ "kvm-intel" ];
kernelParams = [ "nohibernate" ];
loader.systemd-boot.enable = true;
@ -51,7 +57,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B6C4-7CF4";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
/*
@ -73,13 +82,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# TODO: nfs with zfs?
# services.nfs.server.enable = true;
}
({
(
{
options,
config,
...
}: let
}:
let
inherit (lib) mkOption types;
in {
in
{
options.services.restic.commonPaths = mkOption {
type = types.nullOr (types.listOf types.str);
default = [ ];
@ -94,7 +106,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"/home/user/backup"
];
};
})
}
)
{
# sops secrets config
sops = {
@ -108,7 +121,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}
{
sops.secrets = {
netlify-ddns-password = {mode = "0400";};
netlify-ddns-password = {
mode = "0400";
};
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path;
@ -117,7 +132,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{
# nix binary cache
sops.secrets = {
nix-cache-priv-key = {mode = "0400";};
nix-cache-priv-key = {
mode = "0400";
};
};
services.nix-serve = {
enable = true; # TODO: true
@ -166,7 +183,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# build main laptop configuration
nixos-rebuild build --flake git+https://git.lyte.dev/lytedev/nix.git#foxtrot --accept-flake-config
'';
path = with pkgs; [openssh git nixos-rebuild];
path = with pkgs; [
openssh
git
nixos-rebuild
];
serviceConfig = {
# TODO: mkdir -p...?
WorkingDirectory = "/home/daniel/.home/.cache/nightly-flake-builds";
@ -220,7 +241,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [ 3478 ];
}
{
services.restic.commonPaths = ["/var/lib/soju" "/var/lib/private/soju"];
services.restic.commonPaths = [
"/var/lib/soju"
"/var/lib/private/soju"
];
services.soju = {
enable = true;
listen = [ "irc+insecure://:6667" ];
@ -274,7 +298,13 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
extraAppsEnable = true;
autoUpdateApps.enable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts notes onlyoffice tasks;
inherit
calendar
contacts
notes
onlyoffice
tasks
;
};
package = pkgs.nextcloud28;
home = "/storage/nextcloud";
@ -311,7 +341,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
services.caddy.virtualHosts."nextcloud.h.lyte.dev" = let
services.caddy.virtualHosts."nextcloud.h.lyte.dev" =
let
fpm-nextcloud-pool = config.services.phpfpm.pools.nextcloud;
root = config.services.nginx.virtualHosts.${config.services.nextcloud.hostName}.root;
in
@ -695,7 +726,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{
# restic backups
sops.secrets = {
restic-ssh-priv-key-benland = {mode = "0400";};
restic-ssh-priv-key-benland = {
mode = "0400";
};
restic-rascal-passphrase = {
mode = "0400";
};
@ -730,38 +763,35 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
};
services.restic.backups = let
services.restic.backups =
let
# TODO: How do I set things up so that a compromised server doesn't have access to my backups so that it can corrupt or ransomware them?
defaults = {
passwordFile = config.sops.secrets.restic-rascal-passphrase.path;
paths =
config.services.restic.commonPaths
++ [
paths = config.services.restic.commonPaths ++ [
];
initialize = true;
exclude = [ ];
timerConfig = {
OnCalendar = ["04:45" "17:45"];
OnCalendar = [
"04:45"
"17:45"
];
};
};
in {
local =
defaults
// {
in
{
local = defaults // {
repository = "/storage/backups/local";
};
rascal =
defaults
// {
rascal = defaults // {
extraOptions = [
''sftp.command="ssh beefcake@rascal.hare-cod.ts.net -i ${config.sops.secrets.restic-rascal-ssh-private-key.path} -s sftp"''
];
repository = "sftp://beefcake@rascal.hare-cod.ts.net://storage/backups/beefcake";
};
# TODO: add ruby?
benland =
defaults
// {
benland = defaults // {
extraOptions = [
''sftp.command="ssh daniel@n.benhaney.com -p 10022 -i ${config.sops.secrets.restic-ssh-priv-key-benland.path} -s sftp"''
];
@ -813,7 +843,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
}
({...}: let
(
{ ... }:
let
theme = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz";
sha256 = "sha256-et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI=";
@ -832,9 +864,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
sha256 = "sha256-CdMTRXoQ3AI76aHW/sTqvZo1q/0XQdnQs9V1vGmiffY=";
};
};
forgejoCustomCss =
pkgs.writeText "iosevkalyte.css"
''
forgejoCustomCss = pkgs.writeText "iosevkalyte.css" ''
@font-face {
font-family: ldiosevka;
font-style: normal;
@ -862,15 +892,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
--fonts-monospace: ldiosevka, ui-monospace, SFMono-Regular, "SF Mono", Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace, var(--fonts-emoji);
}
'';
forgejoCustomHeaderTmpl =
pkgs.writeText "header.tmpl"
''
forgejoCustomHeaderTmpl = pkgs.writeText "header.tmpl" ''
<link rel="stylesheet" href="/assets/css/iosevkalyte.css" />
<script async="" defer="" data-domain="git.lyte.dev" src="https://a.lyte.dev/js/script.js"></script>
'';
forgejoCustomHomeTmpl =
pkgs.writeText "home.tmpl"
''
forgejoCustomHomeTmpl = pkgs.writeText "home.tmpl" ''
{{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8">
@ -923,7 +949,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
</div>
{{template "base/footer" .}}
'';
in {
in
{
# systemd.tmpfiles.settings = {
# "10-forgejo" = {
# "/storage/forgejo" = {
@ -998,7 +1025,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
config.services.forgejo.stateDir
];
sops.secrets = {
"forgejo-runner.env" = {mode = "0400";};
"forgejo-runner.env" = {
mode = "0400";
};
};
systemd.services.gitea-runner-beefcake.after = [ "sops-nix.service" ];
@ -1069,7 +1098,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
'';
};
})
}
)
{
services.restic.commonPaths = [
config.services.vaultwarden.backupDir
@ -1246,13 +1276,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
];
*/
}
({...}: let
(
{ ... }:
let
port = 26969;
dir = "/storage/flanilla";
user = "flanilla";
in
# uid = config.users.users.flanilla.uid;
# gid = config.users.groups.flanilla.gid;
in {
{
# flanilla family minecraft server
users.groups.${user} = { };
users.users.${user} = {
@ -1269,7 +1302,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
];
image = "docker.io/itzg/minecraft-server";
# user = "${toString uid}:${toString gid}";
extraOptions = ["--tty" "--interactive"];
extraOptions = [
"--tty"
"--interactive"
];
environment = {
EULA = "true";
MOTD = "Flanilla Survival! Happy hunting!";
@ -1321,14 +1357,18 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
networking.firewall.allowedTCPPorts = [
port
];
})
({...}: let
}
)
(
{ ... }:
let
port = 26968;
dir = "/storage/flanilla-creative";
user = "flanilla";
in
# uid = config.users.users.flanilla.uid;
# gid = config.users.groups.flanilla.gid;
in {
{
# flanilla family minecraft server
users.groups.${user} = { };
users.users.${user} = {
@ -1341,7 +1381,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
autoStart = true;
image = "docker.io/itzg/minecraft-server";
# user = "${toString uid}:${toString gid}";
extraOptions = ["--tty" "--interactive"];
extraOptions = [
"--tty"
"--interactive"
];
environment = {
EULA = "true";
MOTD = "Flanilla Creative! Have fun building!";
@ -1393,18 +1436,22 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
networking.firewall.allowedTCPPorts = [
port
];
})
({
}
)
(
{
config,
options,
...
}: let
}:
let
domain = "idm.h.lyte.dev";
name = "kanidm";
user = name;
group = name;
storage = "/storage/${name}";
in {
in
{
# kanidm
config = {
# reload certs from caddy every 5 minutes
@ -1521,7 +1568,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
'';
};
};
})
}
)
{
systemd.tmpfiles.settings = {
"10-audiobookshelf" = {
@ -1584,13 +1632,25 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
job_name = "beefcake";
static_configs = [
{
targets = let inherit (config.services.prometheus.exporters.node) port listenAddress; in ["${listenAddress}:${toString port}"];
targets =
let
inherit (config.services.prometheus.exporters.node) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
}
{
targets = let inherit (config.services.prometheus.exporters.zfs) port listenAddress; in ["${listenAddress}:${toString port}"];
targets =
let
inherit (config.services.prometheus.exporters.zfs) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
}
{
targets = let inherit (config.services.prometheus.exporters.postgres) port listenAddress; in ["${listenAddress}:${toString port}"];
targets =
let
inherit (config.services.prometheus.exporters.postgres) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
}
];
}
@ -1783,17 +1843,22 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
extraSettingsFile = config.sops.secrets.factorio-server-settings.path;
};
sops.secrets = {
factorio-server-settings = {mode = "0777";};
factorio-server-settings = {
mode = "0777";
};
};
}
({
(
{
pkgs,
config,
...
}: let
}:
let
port = builtins.head config.services.conduwuit.settings.global.port;
sPort = toString port;
in {
in
{
sops.secrets.matrix-registration-token-file.mode = "0400";
services.conduwuit = {
enable = true;
@ -1815,7 +1880,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
'';
# TODO: backups
# TODO: reverse proxy
})
}
)
];
/*

15
packages/hosts/bigtower.nix
View file

@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "bigtower";
@ -29,7 +30,10 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CE80-4623";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
}
];
@ -43,7 +47,12 @@
# kernelPackages = pkgs.linuxPackages_zen;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci" "usbhid"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "ntfs" ];
};

45
packages/hosts/default.nix
View file

@ -8,21 +8,32 @@
nixpkgs-unstable,
home-manager-unstable,
...
}: let
baseHost = {
}:
let
baseHost =
{
nixpkgs,
home-manager,
...
}: (path: ({system ? "x86_64-linux"}: (nixpkgs.lib.nixosSystem {
}:
(
path:
(
{
system ? "x86_64-linux",
}:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [
({
(
{
config,
lib,
pkgs,
modulesPath,
...
}: {
}:
{
imports = with self.outputs.nixosModules; [
(modulesPath + "/installer/scan/not-detected.nix")
home-manager.nixosModules.home-manager
@ -57,13 +68,14 @@
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;
settings =
{
settings = {
trusted-users = lib.mkDefault [ "@wheel" ];
extra-experimental-features = lib.mkDefault ["nix-command" "flakes"];
extra-experimental-features = lib.mkDefault [
"nix-command"
"flakes"
];
auto-optimise-store = lib.mkDefault true;
}
// self.nixConfig;
} // self.nixConfig;
};
systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
@ -123,7 +135,8 @@
useXkbConfig = lib.mkDefault true;
earlySetup = lib.mkDefault true;
colors = with self.constants.style.colors;
colors =
with self.constants.style.colors;
lib.mkDefault [
bg
red
@ -154,7 +167,8 @@
};
};
};
})
}
)
{
_module.args = {
@ -164,13 +178,16 @@
}
(import path)
];
})));
})
)
);
stableHost = baseHost { inherit nixpkgs home-manager; };
host = baseHost {
nixpkgs = nixpkgs-unstable;
home-manager = home-manager-unstable;
};
in {
in
{
beefcake = stableHost ./beefcake.nix { };
dragon = host ./dragon.nix { };
arm-dragon = host ./dragon.nix { system = "aarch64-linux"; };

14
packages/hosts/dragon.nix
View file

@ -5,7 +5,8 @@
hardware,
diskoConfigurations,
...
}: {
}:
{
system.stateVersion = "24.11";
home-manager.users.daniel.home.stateVersion = "24.11";
networking.hostName = "dragon";
@ -14,7 +15,12 @@
kernelPackages = pkgs.linuxPackages_latest;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci" "usbhid"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "ntfs" ];
};
@ -26,7 +32,9 @@
common-pc-ssd
];
sops.secrets.ddns-pass = {mode = "0400";};
sops.secrets.ddns-pass = {
mode = "0400";
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.ddns-pass.path;
enable = true;

37
packages/hosts/foxtrot.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
{
system.stateVersion = "24.11";
@ -75,10 +76,12 @@
}
];
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
settings = {
listener = [
{
@ -205,7 +208,11 @@
# NOTE(oninstall):
"resume_offset=3421665"
];
initrd.availableKernelModules = ["xhci_pci" "nvme" "thunderbolt"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"thunderbolt"
];
kernelModules = [ "kvm-amd" ];
};
hardware.bluetooth = {
@ -214,19 +221,19 @@
# simply resume the power state at the time of hibernation
powerOnBoot = false;
package = pkgs.bluez.overrideAttrs (finalAttrs: previousAttrs: rec {
package = pkgs.bluez.overrideAttrs (
finalAttrs: previousAttrs: rec {
version = "5.78";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/bluetooth/bluez-${version}.tar.xz";
sha256 = "sha256-gw/tGRXF03W43g9eb0X83qDcxf9f+z0x227Q8A1zxeM=";
};
patches = [ ];
buildInputs =
previousAttrs.buildInputs
++ [
buildInputs = previousAttrs.buildInputs ++ [
pkgs.python3Packages.pygments
];
});
}
);
};
powerManagement.cpuFreqGovernor = "ondemand";
/*
@ -269,19 +276,23 @@
};
*/
networking.firewall.allowedTCPPorts = let
networking.firewall.allowedTCPPorts =
let
stardewValley = 24642;
factorio = 34197;
in [
in
[
8000 # dev stuff
factorio
stardewValley
7777
];
networking.firewall.allowedUDPPorts = let
networking.firewall.allowedUDPPorts =
let
stardewValley = 24642;
factorio = 34197;
in [
in
[
8000 # dev stuff
factorio
stardewValley

16
packages/hosts/htpc.nix
View file

@ -3,7 +3,8 @@
config,
lib,
...
}: {
}:
{
networking.hostName = "htpc";
networking.networkmanager.enable = true;
@ -12,8 +13,17 @@
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["8821au" "8812au"];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [
"8821au"
"8812au"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [
# pkgs.rtl8811au

17
packages/hosts/htpifour.nix
View file

@ -5,7 +5,8 @@
outputs,
modulesPath,
...
}: {
}:
{
nixpkgs.hostPlatform = "aarch64-linux";
networking.hostName = "htpifour";
@ -31,10 +32,14 @@
console.enable = false;
home-manager.users.daniel = {
imports = with outputs.homeManagerModules; [linux-desktop wallpaper-manager];
imports = with outputs.homeManagerModules; [
linux-desktop
wallpaper-manager
];
};
environment.systemPackages = with pkgs;
environment.systemPackages =
with pkgs;
#with pkgs;
[
# libcec
@ -82,7 +87,11 @@
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"];
initrd.availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;

24
packages/hosts/rascal.nix
View file

@ -2,12 +2,20 @@
config,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "uas" "sd_mod"];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"uas"
"sd_mod"
];
boot.kernelModules = [ "kvm-amd" ];
fileSystems."/" = {
@ -33,9 +41,7 @@
home = "/storage/backups/beefcake";
group = "beefcake";
extraGroups = [ "sftponly" ];
openssh.authorizedKeys.keys =
config.users.users.daniel.openssh.authorizedKeys.keys
++ [
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
];
@ -44,7 +50,13 @@
daniel = {
# used for restic backups
isNormalUser = true;
extraGroups = ["users" "wheel" "video" "dialout" "uucp"];
extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];

53
packages/hosts/router.nix
View file

@ -4,7 +4,8 @@
# outputs,
pkgs,
...
}: let
}:
let
/*
NOTE: My goal is to be able to apply most of the common tweaks to the router
either live on the system for ad-hoc changes (such as forwarding a port for a
@ -83,7 +84,8 @@
"net.ipv6.conf.${interfaces.wan.name}.use_tempaddr" = 2;
# "net.ipv6.conf.${interfaces.wan.name}.addr_gen_mode" = 2;
};
in {
in
{
imports = [
{
# hardware
@ -116,7 +118,10 @@ in {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7F78-7AE8";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = "performance";
@ -136,16 +141,16 @@ in {
generateKey = true;
};
secrets = {
netlify-ddns-password = {mode = "0400";};
netlify-ddns-password = {
mode = "0400";
};
};
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path;
};
boot.kernel.sysctl =
sysctl-entries
// {
boot.kernel.sysctl = sysctl-entries // {
};
networking = {
@ -174,12 +179,14 @@ in {
# the main meat and potatoes for most routers, the firewall configuration
# TODO: IPv6
nftables = let
nftables =
let
inf = {
lan = interfaces.lan.name;
wan = interfaces.wan.name;
};
in {
in
{
enable = true;
checkRuleset = true;
flushRuleset = true;
@ -460,7 +467,11 @@ in {
*/
enable-ra = true;
server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"];
server = [
"1.1.1.1"
"9.9.9.9"
"8.8.8.8"
];
domain-needed = true;
bogus-priv = true;
@ -477,28 +488,36 @@ in {
dhcp-host =
[
]
++ (lib.attrsets.mapAttrsToList (name: {
++ (lib.attrsets.mapAttrsToList (
name:
{
ip,
identifier ? name,
time ? "12h",
...
}: "${name},${ip},${identifier},${time}")
hosts);
}:
"${name},${ip},${identifier},${time}"
) hosts);
address =
[
"/${hostname}.${domain}/${ip}"
]
++ (lib.lists.flatten (lib.attrsets.mapAttrsToList (name: {
++ (lib.lists.flatten (
lib.attrsets.mapAttrsToList (
name:
{
ip,
additionalHosts ? [ ],
identifier ? name,
time ? "12h",
}: [
}:
[
"/${name}.${domain}/${ip}"
(lib.lists.forEach additionalHosts (h: "/${h}/${ip}"))
])
hosts));
]
) hosts
));
# local domains
local = "/lan/";

51
packages/hosts/thablet.nix
View file

@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
networking.hostName = "thablet";
boot.loader.systemd-boot.enable = true;
@ -25,7 +26,12 @@
description = "Touch wake Thinkpad X1 Yoga 3rd gen hack";
unitConfig = {
After = ["suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target"];
After = [
"suspend.target"
"hibernate.target"
"hybrid-sleep.target"
"suspend-then-hibernate.target"
];
};
serviceConfig = {
@ -34,12 +40,25 @@
'';
};
wantedBy = ["suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target"];
wantedBy = [
"suspend.target"
"hibernate.target"
"hybrid-sleep.target"
"suspend-then-hibernate.target"
];
};
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = ["kvm-intel" "acpi_call"];
boot.kernelModules = [
"kvm-intel"
"acpi_call"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
hardware = {
@ -65,12 +84,20 @@
};
networking = {
firewall = let
firewall =
let
terraria = 7777;
stardew-valley = 24642;
in {
allowedTCPPorts = [terraria stardew-valley];
allowedUDPPorts = [terraria stardew-valley];
in
{
allowedTCPPorts = [
terraria
stardew-valley
];
allowedUDPPorts = [
terraria
stardew-valley
];
};
};
@ -104,10 +131,12 @@
];
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
settings = {
listener = [
{

15
packages/hosts/thinker.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
networking.hostName = "thinker";
boot = {
@ -13,7 +14,11 @@
https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
*/
# kernelParams = ["boot.shell_on_fail"];
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
];
};
home-manager.users.daniel = {
@ -39,10 +44,12 @@
}
];
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
settings = {
listener = [
{

14
packages/iosevkaLyteTerm.nix
View file

@ -1,6 +1,9 @@
{iosevka, ...}: let
{ iosevka, ... }:
let
set = "LyteTerm";
in ((iosevka.override {
in
(
(iosevka.override {
inherit set;
privateBuildPlan = ''
@ -122,8 +125,8 @@ in ((iosevka.override {
question = 'smooth'
punctuation-dot = 'round'
'';
})
.overrideAttrs {
}).overrideAttrs
{
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
@ -142,4 +145,5 @@ in ((iosevka.override {
install "dist/$pname/WOFF2"/* "$wfontdir"
runHook postInstall
'';
})
}
)

7
packages/iosevkaLyteTermSubset.nix
View file

@ -9,7 +9,12 @@ pkgs.stdenvNoCC.mkDerivation {
inherit (iosevkaLyteTerm) version;
pname = "${iosevkaLyteTerm.pname}Subset";
buildInputs = [parallel] ++ (with python311Packages; [fonttools brotli]);
buildInputs =
[ parallel ]
++ (with python311Packages; [
fonttools
brotli
]);
PYTHONPATH = pkgs.python3.withPackages (pp: with pp; [ brotli ]);
src = iosevkaLyteTerm;