lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Format
Some checks failed
/ check (push) Failing after 9s
Details

Browse source
This commit is contained in:
Daniel Flanagan 2025-02-14 13:31:18 -06:00
parent 8e8a483e97
commit d21df887fe
51 changed files with 4363 additions and 3873 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.helix/languages.toml
View file

@ -3,6 +3,7 @@ auto-format = true
file-types = ["nix"]
name = "nix"
scope = "source.nix"
language-servers = ["nixd", "nil"]
[language.formatter]
args = ["-"]

21
lib/colors.nix
View file

@ -1,6 +1,9 @@
{lib, ...}: {
schemes = let
mkColorScheme = scheme @ {
{ lib, ... }:
{
schemes =
let
mkColorScheme =
scheme@{
scheme-name,
bg,
bg2,
@ -19,9 +22,9 @@
green,
# teal,
blue,
}: let
base =
{
}:
let
base = {
text = fg;
primary = blue;
urgent = red;
@ -46,14 +49,14 @@
# whites
"7" = fg2;
"15" = fg3;
}
// scheme;
} // scheme;
in
base
// {
withHashPrefix = lib.mapAttrs (_: value: "#${value}") base;
};
in {
in
{
donokai = mkColorScheme {
scheme-name = "donokai";
bg = "110f0a";

22
lib/default.nix
View file

@ -1,11 +1,19 @@
{self, ...}: let
{ self, ... }:
let
forSelfOverlay =
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays
then self.overlays.forSelf
else (_: p: p);
in rec {
systems = ["aarch64-linux" "aarch64-darwin" "x86_64-darwin" "x86_64-linux"];
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays then
self.overlays.forSelf
else
(_: p: p);
in
rec {
systems = [
"aarch64-linux"
"aarch64-darwin"
"x86_64-darwin"
"x86_64-linux"
];
forSystems = nixpkgs: nixpkgs.lib.genAttrs systems;
pkgsFor = nixpkgs: system: (import nixpkgs {inherit system;}).extend forSelfOverlay;
pkgsFor = nixpkgs: system: (import nixpkgs { inherit system; }).extend forSelfOverlay;
genPkgs = nixpkgs: func: (forSystems nixpkgs (system: func (pkgsFor nixpkgs system)));
}

88
lib/disko/default.nix
View file

@ -1,8 +1,10 @@
{nixpkgs-unstable, ...}: let
{ nixpkgs-unstable, ... }:
let
# TODO: This file needs some serious cleaning up.
lib = nixpkgs-unstable.lib;
inherit (lib.attrsets) mapAttrs' filterAttrs;
ESP = inputs @ {
ESP =
inputs@{
size ? "4G",
label ? "ESP",
name ? "ESP",
@ -24,8 +26,10 @@
};
}
// inputs;
in rec {
standardWithHibernateSwap = {
in
rec {
standardWithHibernateSwap =
{
esp ? {
label = "ESP";
size = "4G";
@ -36,7 +40,8 @@ in rec {
disk,
swapSize,
...
}: {
}:
{
/*
this is my standard partitioning scheme for my machines which probably want hibernation capabilities
a UEFI-compatible boot partition
@ -73,19 +78,22 @@ in rec {
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = ["-f"];
extraArgs = [ "-f" ];
subvolumes = {
${rootfsName} = {
mountpoint = "/";
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
};
${homeName} = {
mountpoint = "/home";
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
@ -109,7 +117,8 @@ in rec {
};
};
standard = {
standard =
{
esp ? {
label = "ESP";
size = "4G";
@ -117,7 +126,8 @@ in rec {
},
disk,
...
}: {
}:
{
# this is my standard partitioning scheme for my machines: an LUKS-encrypted
# btrfs volume
disko.devices = {
@ -141,19 +151,22 @@ in rec {
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = ["-f"];
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
@ -175,7 +188,9 @@ in rec {
};
};
unencrypted = {disk, ...}: {
unencrypted =
{ disk, ... }:
{
disko.devices = {
disk = {
primary = {
@ -184,25 +199,28 @@ in rec {
content = {
type = "gpt";
partitions = {
ESP = ESP {size = "5G";};
ESP = ESP { size = "5G"; };
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"];
extraArgs = [ "-f" ];
mountpoint = "/partition-root";
subvolumes = {
"/rootfs" = {
mountpoint = "/";
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
@ -214,7 +232,8 @@ in rec {
};
};
beefcake = let
beefcake =
let
zpools = {
zroot = {
/*
@ -286,7 +305,7 @@ in rec {
sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage
*/
name = "zstorage";
config = {};
config = { };
};
};
diskClass = {
@ -385,24 +404,33 @@ in rec {
};
};
diskoBoot = mapAttrs' (device: {name, ...}: {
diskoBoot = mapAttrs' (
device:
{ name, ... }:
{
name = "boot-${name}";
value = {
inherit device;
type = "disk";
content = diskClass.boot.content;
};
}) (filterAttrs (_: {enable, ...}: enable) bootDisks);
}
) (filterAttrs (_: { enable, ... }: enable) bootDisks);
diskoStorage = mapAttrs' (device: {name, ...}: {
diskoStorage = mapAttrs' (
device:
{ name, ... }:
{
name = "storage-${name}";
value = {
inherit device;
type = "disk";
content = diskClass.storage.content;
};
}) (filterAttrs (_: {enable, ...}: enable) storageDisks);
in {
}
) (filterAttrs (_: { enable, ... }: enable) storageDisks);
in
{
disko.devices = {
disk = diskoBoot // diskoStorage;
zpool = {
@ -411,7 +439,9 @@ in rec {
};
};
legacy = {disks, ...}: {
legacy =
{ disks, ... }:
{
disko.devices = {
disk = {
primary = {

9
lib/modules/home/eww/scripts/workspaces/default.nix
View file

@ -1,4 +1,7 @@
{pkgs ? import <nixpkgs> {}}: let
{
pkgs ? import <nixpkgs> { },
}:
let
# lock = builtins.fromJSON (builtins.readFile ../../../../../flake.lock);
# nixpkgsRev = lock.nodes.nixpkgs.locked.rev;
# pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgsRev}.tar.gz") {};
@ -6,7 +9,7 @@
version = "1.0.0";
src = ./src;
in
pkgs.rustPlatform.buildRustPackage {
pkgs.rustPlatform.buildRustPackage {
inherit pname version src;
cargoHash = "sha256-6Wl3cOIxlPJjzEuzNhCBZJXayL8runQfAxPruvzh2Vc=";
# cargoHash = pkgs.lib.fakeHash;
@ -17,4 +20,4 @@ in
# ${pkgs.upx}/bin/upx --best --lzma hyprland-workspaces-eww
# popd
'';
}
}

17
lib/modules/home/hyprland.nix
View file

@ -5,9 +5,11 @@
lib,
# font,
...
}: let
}:
let
inherit (style) colors;
in {
in
{
# TODO: Hyprland seems to sometimes use a ton of CPU?
home.packages = with pkgs; [
@ -217,7 +219,10 @@ in {
];
# Move/resize windows with mod + LMB/RMB and dragging
bindm = ["$mod, mouse:272, movewindow" "$mod, mouse:273, resizewindow"];
bindm = [
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
};
extraConfig = ''
@ -376,10 +381,12 @@ in {
};
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
enable = true;
settings = {
general = {

5
lib/modules/home/kitty.nix
View file

@ -2,10 +2,11 @@
colors,
font,
...
}: {
}:
{
programs.kitty = {
enable = true;
darwinLaunchOptions = ["--single-instance"];
darwinLaunchOptions = [ "--single-instance" ];
shellIntegration = {
enableFishIntegration = true;
};

70
lib/modules/home/plasma-manager.nix
View file

@ -2,7 +2,7 @@
programs.plasma = {
enable = true;
shortcuts = {
"ActivityManager"."switch-to-activity-851c180f-d52d-4fe4-b7ed-a10e70cf4ce8" = [];
"ActivityManager"."switch-to-activity-851c180f-d52d-4fe4-b7ed-a10e70cf4ce8" = [ ];
# "KDE Keyboard Layout Switcher"."Switch to Last-Used Keyboard Layout" = "Meta+Alt+L";
# "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+Alt+K";
# "kaccess"."Toggle Screen Reader On and Off" = "Meta+Alt+S";
@ -15,10 +15,19 @@
"kmix"."increase_microphone_volume" = "Microphone Volume Up";
"kmix"."increase_volume" = "Volume Up";
"kmix"."increase_volume_small" = "Shift+Volume Up";
"kmix"."mic_mute" = ["Microphone Mute" "Meta+Volume Mute,Microphone Mute" "Meta+Shift+V" "Meta+Volume Mute,Mute Microphone"];
"kmix"."mic_mute" = [
"Microphone Mute"
"Meta+Volume Mute,Microphone Mute"
"Meta+Shift+V"
"Meta+Volume Mute,Mute Microphone"
];
"kmix"."mute" = "Volume Mute";
# "ksmserver"."Halt Without Confirmation" = "none,,Shut Down Without Confirmation";
"ksmserver"."Lock Session" = ["Meta+Ctrl+Shift+L" "Screensaver,Meta+L" "Screensaver,Lock Session"];
"ksmserver"."Lock Session" = [
"Meta+Ctrl+Shift+L"
"Screensaver,Meta+L"
"Screensaver,Lock Session"
];
# "ksmserver"."Log Out" = "Ctrl+Alt+Del";
# "ksmserver"."Log Out Without Confirmation" = "none,,Log Out Without Confirmation";
# "ksmserver"."LogOut" = "none,,Log Out";
@ -31,19 +40,23 @@
# "kwin"."Decrease Opacity" = "none,,Decrease Opacity of Active Window by 5%";
# "kwin"."Edit Tiles" = "Meta+T";
"kwin"."Expose" = "Ctrl+F9";
"kwin"."ExposeAll" = ["Ctrl+F10" "Launch (C),Ctrl+F10" "Launch (C),Toggle Present Windows (All desktops)"];
"kwin"."ExposeAll" = [
"Ctrl+F10"
"Launch (C),Ctrl+F10"
"Launch (C),Toggle Present Windows (All desktops)"
];
"kwin"."ExposeClass" = "Ctrl+F7";
"kwin"."ExposeClassCurrentDesktop" = [];
"kwin"."ExposeClassCurrentDesktop" = [ ];
"kwin"."Grid View" = "Meta+G";
"kwin"."Increase Opacity" = "none,,Increase Opacity of Active Window by 5%";
"kwin"."Kill Window" = "Meta+Ctrl+Esc";
"kwin"."Move Tablet to Next Output" = [];
"kwin"."Move Tablet to Next Output" = [ ];
"kwin"."MoveMouseToCenter" = "Meta+F6";
"kwin"."MoveMouseToFocus" = "Meta+F5";
"kwin"."MoveZoomDown" = [];
"kwin"."MoveZoomLeft" = [];
"kwin"."MoveZoomRight" = [];
"kwin"."MoveZoomUp" = [];
"kwin"."MoveZoomDown" = [ ];
"kwin"."MoveZoomLeft" = [ ];
"kwin"."MoveZoomRight" = [ ];
"kwin"."MoveZoomUp" = [ ];
"kwin"."Overview" = "Meta+W";
"kwin"."Setup Window Shortcut" = "none,,Setup Window Shortcut";
"kwin"."Show Desktop" = "Meta+D";
@ -91,16 +104,19 @@
"kwin"."Switch to Screen Below" = "none,,Switch to Screen Below";
"kwin"."Switch to Screen to the Left" = "none,,Switch to Screen to the Left";
"kwin"."Switch to Screen to the Right" = "none,,Switch to Screen to the Right";
"kwin"."Toggle Night Color" = [];
"kwin"."Toggle Night Color" = [ ];
"kwin"."Toggle Window Raise/Lower" = "none,,Toggle Window Raise/Lower";
"kwin"."Walk Through Windows" = "Alt+Tab";
"kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
"kwin"."Walk Through Windows Alternative" = "none,,Walk Through Windows Alternative";
"kwin"."Walk Through Windows Alternative (Reverse)" = "none,,Walk Through Windows Alternative (Reverse)";
"kwin"."Walk Through Windows Alternative (Reverse)" =
"none,,Walk Through Windows Alternative (Reverse)";
"kwin"."Walk Through Windows of Current Application" = "Alt+`";
"kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~";
"kwin"."Walk Through Windows of Current Application Alternative" = "none,,Walk Through Windows of Current Application Alternative";
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" = "none,,Walk Through Windows of Current Application Alternative (Reverse)";
"kwin"."Walk Through Windows of Current Application Alternative" =
"none,,Walk Through Windows of Current Application Alternative";
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" =
"none,,Walk Through Windows of Current Application Alternative (Reverse)";
"kwin"."Window Above Other Windows" = "none,,Keep Window Above Others";
"kwin"."Window Below Other Windows" = "none,,Keep Window Below Others";
"kwin"."Window Close" = "Alt+F4";
@ -175,7 +191,11 @@
"kwin"."Window to Screen 6" = "none,,Move Window to Screen 6";
"kwin"."Window to Screen 7" = "none,,Move Window to Screen 7";
"kwin"."view_actual_size" = "Meta+0";
"kwin"."view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
"kwin"."view_zoom_in" = [
"Meta++"
"Meta+=,Meta++"
"Meta+=,Zoom In"
];
"kwin"."view_zoom_out" = "Meta+-";
"mediacontrol"."mediavolumedown" = "none,,Media volume down";
"mediacontrol"."mediavolumeup" = "none,,Media volume up";
@ -196,9 +216,17 @@
"org_kde_powerdevil"."PowerOff" = "Power Off";
"org_kde_powerdevil"."Sleep" = "Sleep";
"org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off";
"org_kde_powerdevil"."Turn Off Screen" = [];
"org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"];
"plasmashell"."activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"];
"org_kde_powerdevil"."Turn Off Screen" = [ ];
"org_kde_powerdevil"."powerProfile" = [
"Battery"
"Meta+B,Battery"
"Meta+B,Switch Power Profile"
];
"plasmashell"."activate application launcher" = [
"Meta"
"Alt+F1,Meta"
"Alt+F1,Activate Application Launcher"
];
"plasmashell"."activate task manager entry 1" = "Meta+1";
"plasmashell"."activate task manager entry 10" = "none,Meta+0,Activate Task Manager Entry 10";
"plasmashell"."activate task manager entry 2" = "Meta+2";
@ -228,7 +256,8 @@
};
configFile = {
"baloofilerc"."General"."dbVersion" = 2;
"baloofilerc"."General"."exclude filters" = "*~,*.part,*.o,*.la,*.lo,*.loT,*.moc,moc_*.cpp,qrc_*.cpp,ui_*.h,cmake_install.cmake,CMakeCache.txt,CTestTestfile.cmake,libtool,config.status,confdefs.h,autom4te,conftest,confstat,Makefile.am,*.gcode,.ninja_deps,.ninja_log,build.ninja,*.csproj,*.m4,*.rej,*.gmo,*.pc,*.omf,*.aux,*.tmp,*.po,*.vm*,*.nvram,*.rcore,*.swp,*.swap,lzo,litmain.sh,*.orig,.histfile.*,.xsession-errors*,*.map,*.so,*.a,*.db,*.qrc,*.ini,*.init,*.img,*.vdi,*.vbox*,vbox.log,*.qcow2,*.vmdk,*.vhd,*.vhdx,*.sql,*.sql.gz,*.ytdl,*.tfstate*,*.class,*.pyc,*.pyo,*.elc,*.qmlc,*.jsc,*.fastq,*.fq,*.gb,*.fasta,*.fna,*.gbff,*.faa,po,CVS,.svn,.git,_darcs,.bzr,.hg,CMakeFiles,CMakeTmp,CMakeTmpQmake,.moc,.obj,.pch,.uic,.npm,.yarn,.yarn-cache,__pycache__,node_modules,node_packages,nbproject,.terraform,.venv,venv,core-dumps,lost+found";
"baloofilerc"."General"."exclude filters" =
"*~,*.part,*.o,*.la,*.lo,*.loT,*.moc,moc_*.cpp,qrc_*.cpp,ui_*.h,cmake_install.cmake,CMakeCache.txt,CTestTestfile.cmake,libtool,config.status,confdefs.h,autom4te,conftest,confstat,Makefile.am,*.gcode,.ninja_deps,.ninja_log,build.ninja,*.csproj,*.m4,*.rej,*.gmo,*.pc,*.omf,*.aux,*.tmp,*.po,*.vm*,*.nvram,*.rcore,*.swp,*.swap,lzo,litmain.sh,*.orig,.histfile.*,.xsession-errors*,*.map,*.so,*.a,*.db,*.qrc,*.ini,*.init,*.img,*.vdi,*.vbox*,vbox.log,*.qcow2,*.vmdk,*.vhd,*.vhdx,*.sql,*.sql.gz,*.ytdl,*.tfstate*,*.class,*.pyc,*.pyo,*.elc,*.qmlc,*.jsc,*.fastq,*.fq,*.gb,*.fasta,*.fna,*.gbff,*.faa,po,CVS,.svn,.git,_darcs,.bzr,.hg,CMakeFiles,CMakeTmp,CMakeTmpQmake,.moc,.obj,.pch,.uic,.npm,.yarn,.yarn-cache,__pycache__,node_modules,node_packages,nbproject,.terraform,.venv,venv,core-dumps,lost+found";
"baloofilerc"."General"."exclude filters version" = 9;
"dolphinrc"."General"."ViewPropsTimestamp" = "2025,1,11,13,50,1.5779999999999998";
"dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false;
@ -247,7 +276,8 @@
"kwinrc"."Desktops"."Number" = 1;
"kwinrc"."Desktops"."Rows" = 1;
"kwinrc"."Tiling"."padding" = 4;
"kwinrc"."Tiling/f18ce12b-2106-508f-9542-e4e6c6fbf75f"."tiles" = "{\"layoutDirection\":\"horizontal\",\"tiles\":[{\"width\":0.25},{\"width\":0.5},{\"width\":0.25}]}";
"kwinrc"."Tiling/f18ce12b-2106-508f-9542-e4e6c6fbf75f"."tiles" =
"{\"layoutDirection\":\"horizontal\",\"tiles\":[{\"width\":0.25},{\"width\":0.5},{\"width\":0.25}]}";
"kwinrc"."Xwayland"."Scale" = 1.75;
"plasma-localerc"."Formats"."LANG" = "en_US.UTF-8";
};

17
lib/modules/home/sway.nix
View file

@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
programs.foot = {
enable = true;
};
@ -100,8 +101,8 @@
};
startup = [
{command = "kdeconnect-indicator";}
{command = "mako";}
{ command = "kdeconnect-indicator"; }
{ command = "mako"; }
{
command = "swaybg -i $HOME/.wallpaper";
}
@ -175,10 +176,12 @@
# pointer_accel
};
};
keybindings = let
keybindings =
let
mod = config.wayland.windowManager.sway.config.modifier;
menu = "tofi-run | xargs swaymsg exec --";
in {
in
{
"${mod}+control+space" = "exec makoctl dismiss";
"${mod}+shift+space" = "exec makoctl invoke";
# "${mod}+return" = "exec kitty --single-instance";
@ -319,8 +322,8 @@
"${mod}+shift+alt+f" = "for_window [class=$tilers] floating toggle";
};
assigns = {};
bars = [];
assigns = { };
bars = [ ];
colors = with style.colors; {
background = bg;
focused = {

3
lib/modules/home/swaylock.nix
View file

@ -1,4 +1,5 @@
{style, ...}: {
{ style, ... }:
{
programs.swaylock = {
enable = true;
settings = {

21
lib/modules/home/waybar.nix
View file

@ -2,21 +2,25 @@
pkgs,
style,
...
}: {
}:
{
programs.waybar = {
enable = true;
settings = {
mainBar = {
"layer" = "top";
"position" = "bottom";
"output" = ["eDP-1" "DP-3"];
"output" = [
"eDP-1"
"DP-3"
];
"height" = 50;
"modules-left" = [
"idle_inhibitor"
"sway/workspaces"
"sway/window"
];
"modules-center" = [];
"modules-center" = [ ];
"modules-right" = [
"privacy"
"power-profiles-daemon"
@ -94,7 +98,10 @@
"backlight" = {
# "device" = "acpi_video1";
"format" = "{percent}%\n{icon}";
"format-icons" = ["" ""];
"format-icons" = [
""
""
];
"justify" = "center";
};
"battery" = {
@ -145,10 +152,12 @@
};
};
};
style = let
style =
let
border-width = "0px";
in
with style.colors.withHashPrefix; ''
with style.colors.withHashPrefix;
''
* {
border-radius: 0;
font-family: "${style.font.name}", "Symbols Nerd Font Mono", sans-serif;

32
lib/modules/nixos/conduwuit.nix
View file

@ -4,14 +4,16 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.services.conduwuit;
defaultUser = "conduwuit";
defaultGroup = "conduwuit";
format = pkgs.formats.toml {};
format = pkgs.formats.toml { };
configFile = format.generate "conduwuit.toml" cfg.settings;
in {
meta.maintainers = with lib.maintainers; [niklaskorz];
in
{
meta.maintainers = with lib.maintainers; [ niklaskorz ];
options.services.conduwuit = {
enable = lib.mkEnableOption "conduwuit";
@ -34,13 +36,13 @@ in {
extraEnvironment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Extra Environment variables to pass to the conduwuit server.";
default = {};
default = { };
example = {
RUST_BACKTRACE = "yes";
};
};
package = lib.mkPackageOption pkgs.unstable-packages "conduwuit" {};
package = lib.mkPackageOption pkgs.unstable-packages "conduwuit" { };
settings = lib.mkOption {
type = lib.types.submodule {
@ -66,7 +68,7 @@ in {
};
global.port = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [6167];
default = [ 6167 ];
description = ''
The port(s) conduwuit will be running on.
You need to set up a reverse proxy in your web server (e.g. apache or nginx),
@ -125,7 +127,7 @@ in {
};
global.trusted_servers = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
default = ["matrix.org"];
default = [ "matrix.org" ];
description = ''
Servers listed here will be used to gather public keys of other servers
(notary trusted key servers).
@ -158,7 +160,7 @@ in {
};
};
};
default = {};
default = { };
# TOML does not allow null values, so we use null to omit those fields
apply = lib.filterAttrsRecursive (_: v: v != null);
description = ''
@ -198,17 +200,17 @@ in {
};
users.groups = lib.mkIf (cfg.group == defaultGroup) {
${defaultGroup} = {};
${defaultGroup} = { };
};
systemd.services.conduwuit = {
description = "Conduwuit Matrix Server";
documentation = ["https://conduwuit.puppyirl.gay/"];
wantedBy = ["multi-user.target"];
wants = ["network-online.target"];
after = ["network-online.target"];
documentation = [ "https://conduwuit.puppyirl.gay/" ];
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
environment = lib.mkMerge [
{CONDUWUIT_CONFIG = configFile;}
{ CONDUWUIT_CONFIG = configFile; }
cfg.extraEnvironment
];
startLimitBurst = 5;

291
lib/modules/nixos/default.nix
View file

@ -1,8 +1,15 @@
{self, ...}: let
{ self, ... }:
let
inherit (self) outputs;
inherit (outputs) nixosModules homeManagerModules overlays constants;
inherit (outputs)
nixosModules
homeManagerModules
overlays
constants
;
inherit (constants) pubkey;
in {
in
{
shell-defaults-and-applications = import ./shell-config.nix;
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
@ -48,21 +55,29 @@ in {
# };
# };
ewwbar = {pkgs, ...}: {
ewwbar =
{ pkgs, ... }:
{
# imports = with nixosModules; [];
environment.systemPackages = with pkgs; [eww upower jq];
environment.systemPackages = with pkgs; [
eww
upower
jq
];
# TODO: include the home-manager modules for daniel?
};
niri = {pkgs, ...}: {
environment.systemPackages = with pkgs; [niri];
niri =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ niri ];
systemd.user.services.polkit = {
description = "PolicyKit Authentication Agent";
wantedBy = ["niri.service"];
after = ["graphical-session.target"];
partOf = ["graphical-session.target"];
wantedBy = [ "niri.service" ];
after = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.libsForQt5.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1";
@ -79,7 +94,9 @@ in {
services.gnome.gnome-keyring.enable = true;
};
hyprland = {pkgs, ...}: {
hyprland =
{ pkgs, ... }:
{
imports = with nixosModules; [
ewwbar
pipewire
@ -88,7 +105,11 @@ in {
programs.hyprland = {
enable = true;
};
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge netcat-openbsd];
environment.systemPackages = with pkgs; [
hyprpaper
xwaylandvideobridge
netcat-openbsd
];
home-manager.users.daniel = {
imports = with homeManagerModules; [
@ -99,16 +120,22 @@ in {
# TODO: include the home-manager modules for daniel?
};
sway = {pkgs, ...}: {
sway =
{ pkgs, ... }:
{
imports = with nixosModules; [
pipewire
];
systemd.user.services."wait-for-full-path" = {
description = "wait for systemd units to have full PATH";
wantedBy = ["xdg-desktop-portal.service"];
before = ["xdg-desktop-portal.service"];
path = with pkgs; [systemd coreutils gnugrep];
wantedBy = [ "xdg-desktop-portal.service" ];
before = [ "xdg-desktop-portal.service" ];
path = with pkgs; [
systemd
coreutils
gnugrep
];
script = ''
ispresent () {
systemctl --user show-environment | grep -E '^PATH=.*/.nix-profile/bin'
@ -156,7 +183,10 @@ in {
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
};
services.gvfs = {
@ -211,17 +241,19 @@ in {
};
};
remote-disk-key-entry-on-boot = {
remote-disk-key-entry-on-boot =
{
lib,
pkgs,
...
}: {
}:
{
/*
https://nixos.wiki/wiki/Remote_disk_unlocking
"When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
^ seems less than ideal
*/
boot.kernelParams = ["ip=dhcp"];
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = {
# availableKernelModules = ["r8169"]; # ethernet drivers
systemd.users.root.shell = "/bin/cryptsetup-askpass";
@ -230,14 +262,16 @@ in {
ssh = {
enable = true;
port = 22;
authorizedKeys = [pubkey];
hostKeys = ["/etc/secrets/initrd/ssh_host_rsa_key"];
authorizedKeys = [ pubkey ];
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
};
};
};
};
laptop = {pkgs, ...}: {
laptop =
{ pkgs, ... }:
{
imports = with nixosModules; [
family-users
wifi
@ -277,7 +311,9 @@ in {
};
};
touchscreen = {pkgs, ...}: {
touchscreen =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
wvkbd # on-screen keyboard
flakeInputs.iio-hyprland.outputs.packages.${system}.default # auto-rotate hyprland displays
@ -285,7 +321,9 @@ in {
];
};
emacs = {pkgs, ...}: {
emacs =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
emacs
];
@ -297,11 +335,13 @@ in {
};
};
development-tools = {
development-tools =
{
pkgs,
lib,
...
}: {
}:
{
imports = with nixosModules; [
postgres
podman
@ -385,7 +425,9 @@ in {
};
};
troubleshooting-tools = {pkgs, ...}: {
troubleshooting-tools =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
iftop
bottom
@ -403,7 +445,9 @@ in {
];
};
music-consumption = {pkgs, ...}: {
music-consumption =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
spotube
@ -412,7 +456,9 @@ in {
};
};
video-tools = {pkgs, ...}: {
video-tools =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
ffmpeg-full
@ -428,13 +474,15 @@ in {
# environment.systemPackages = [pkgs.android-studio];
# };
graphical-workstation = {
graphical-workstation =
{
pkgs,
lib,
options,
config,
...
}: {
}:
{
imports = with nixosModules; [
sway
# hyprland
@ -454,8 +502,8 @@ in {
xdg.portal.enable = true;
hardware =
if builtins.hasAttr "graphics" options.hardware
then {
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
enable32Bit = true;
@ -465,7 +513,8 @@ in {
*/
};
}
else {
else
{
opengl = {
enable = true;
driSupport32Bit = true;
@ -490,12 +539,14 @@ in {
};
};
gnome = {
gnome =
{
pkgs,
lib,
...
}: {
imports = with nixosModules; [pipewire];
}:
{
imports = with nixosModules; [ pipewire ];
services = {
xserver = {
@ -503,7 +554,7 @@ in {
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
udev.packages = [pkgs.gnome-settings-daemon];
udev.packages = [ pkgs.gnome-settings-daemon ];
};
environment = {
@ -548,7 +599,9 @@ in {
};
};
radio-tools = {pkgs, ...}: {
radio-tools =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
chirp
@ -568,23 +621,28 @@ in {
*/
};
fonts = {pkgs, ...}: {
fonts =
{ pkgs, ... }:
{
fonts.packages = [
(
# allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs
then (pkgs.nerd-fonts.symbols-only)
else (pkgs.nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];})
if builtins.hasAttr "nerd-fonts" pkgs then
(pkgs.nerd-fonts.symbols-only)
else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
)
pkgs.iosevkaLyteTerm
];
};
plasma6 = {
plasma6 =
{
pkgs,
lib,
...
}: {
}:
{
imports = with nixosModules; [
kde-connect
pipewire
@ -595,7 +653,7 @@ in {
services.displayManager.sddm = {
enable = true;
# package = lib.mkForce pkgs.kdePackages.sddm;
settings = {};
settings = { };
# theme = "";
enableHidpi = true;
wayland = {
@ -647,7 +705,9 @@ in {
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
};
lutris = {pkgs, ...}: {
lutris =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
wineWowPackages.waylandFull
@ -657,7 +717,9 @@ in {
};
};
gaming = {pkgs, ...}: {
gaming =
{ pkgs, ... }:
{
imports = with nixosModules; [
# lutris # use the flatpak
steam # TODO: use the flatpak?
@ -685,7 +747,12 @@ in {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"];
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
extraConfig.pipewire."91-null-sinks" = {
@ -767,12 +834,14 @@ in {
*/
};
podman = {
podman =
{
pkgs,
config,
lib,
...
}: {
}:
{
config = lib.mkIf config.virtualisation.podman.enable {
environment = {
systemPackages = with pkgs; [
@ -803,27 +872,31 @@ in {
};
};
virtual-machines = {
virtual-machines =
{
pkgs,
lib,
config,
...
}: {
}:
{
config = lib.mkIf config.virtualisation.libvirtd.enable {
users.users.daniel.extraGroups = ["libvirtd"];
users.users.daniel.extraGroups = [ "libvirtd" ];
};
};
postgres = {
postgres =
{
pkgs,
lib,
config,
...
}: {
}:
{
config = lib.mkIf config.services.postgresql.enable {
# this is really just for development usage
services.postgresql = {
ensureDatabases = ["daniel"];
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
@ -863,14 +936,17 @@ in {
};
};
desktop = {
desktop =
{
pkgs,
lib,
config,
...
}: let
}:
let
cfg = config.lyte.desktop;
in {
in
{
options = {
lyte = {
desktop = {
@ -892,12 +968,14 @@ in {
};
};
printing = {
printing =
{
pkgs,
lib,
config,
...
}: {
}:
{
config = lib.mkIf config.services.printing.enable {
services.printing.browsing = true;
services.printing.browsedConf = ''
@ -908,18 +986,21 @@ in {
BrowseProtocols all
'';
services.printing.drivers = [pkgs.gutenprint];
services.printing.drivers = [ pkgs.gutenprint ];
};
};
wifi = {
wifi =
{
lib,
config,
...
}: let
}:
let
inherit (lib) mkDefault;
cfg = config.networking.wifi;
in {
in
{
options = {
networking.wifi.enable = lib.mkEnableOption "Enable wifi via NetworkManager";
};
@ -958,7 +1039,9 @@ in {
};
};
steam = {pkgs, ...}: {
steam =
{ pkgs, ... }:
{
programs.gamescope.enable = true;
programs.steam = {
@ -980,7 +1063,7 @@ in {
};
hardware.steam-hardware.enable = true;
services.udev.packages = with pkgs; [steam];
services.udev.packages = with pkgs; [ steam ];
environment.systemPackages = with pkgs; [
dualsensectl # for interfacing with dualsense controllers programmatically
@ -993,19 +1076,21 @@ in {
*/
};
root = {
root =
{
pkgs,
lib,
...
}: {
}:
{
users.users.root = {
home = "/root";
createHome = true;
openssh.authorizedKeys.keys = [pubkey];
openssh.authorizedKeys.keys = [ pubkey ];
shell = lib.mkForce pkgs.fish;
};
home-manager.users.root = {
imports = [homeManagerModules.common];
imports = [ homeManagerModules.common ];
home = {
username = "root";
@ -1015,14 +1100,17 @@ in {
};
};
daniel = {
daniel =
{
pkgs,
lib,
config,
...
}: let
}:
let
username = "daniel";
in {
in
{
imports = [
{
config = lib.mkIf config.lyte.shell.enable {
@ -1036,18 +1124,25 @@ in {
};
}
];
users.groups.${username} = {};
users.groups.${username} = { };
users.users.${username} = {
isNormalUser = true;
home = "/home/${username}/.home";
createHome = true;
openssh.authorizedKeys.keys = [pubkey];
openssh.authorizedKeys.keys = [ pubkey ];
group = username;
extraGroups = ["users" "wheel" "video" "dialout" "uucp" "kvm"];
packages = [];
extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
"kvm"
];
packages = [ ];
};
home-manager.users.daniel = {
imports = [homeManagerModules.common];
imports = [ homeManagerModules.common ];
home = {
username = "daniel";
@ -1071,33 +1166,43 @@ in {
};
};
valerie = let
valerie =
let
username = "valerie";
in {
users.groups.${username} = {};
in
{
users.groups.${username} = { };
users.users.${username} = {
isNormalUser = true;
home = "/home/${username}";
createHome = true;
openssh.authorizedKeys.keys = [pubkey];
openssh.authorizedKeys.keys = [ pubkey ];
group = username;
extraGroups = ["users" "video"];
packages = [];
extraGroups = [
"users"
"video"
];
packages = [ ];
};
};
flanfam = let
flanfam =
let
username = "flanfam";
in {
users.groups.${username} = {};
in
{
users.groups.${username} = { };
users.users.${username} = {
isNormalUser = true;
home = "/home/${username}";
createHome = true;
openssh.authorizedKeys.keys = [pubkey];
openssh.authorizedKeys.keys = [ pubkey ];
group = username;
extraGroups = ["users" "video"];
packages = [];
extraGroups = [
"users"
"video"
];
packages = [ ];
};
};

19
lib/modules/nixos/deno-netlify-ddns-client.nix
View file

@ -3,11 +3,18 @@
config,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkOption types mkIf;
}:
let
inherit (lib)
mkEnableOption
mkOption
types
mkIf
;
inherit (lib.strings) optionalString;
cfg = config.services.deno-netlify-ddns-client;
in {
in
{
options.services.deno-netlify-ddns-client = {
enable = mkEnableOption "Enable the deno-netlify-ddns client.";
username = mkOption {
@ -48,8 +55,8 @@ in {
config = {
systemd.timers.deno-netlify-ddns-client = {
enable = mkIf cfg.enable true;
after = ["network.target"];
wantedBy = ["timers.target"];
after = [ "network.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = cfg.afterBootTime;
OnUnitActiveSec = cfg.every;
@ -59,7 +66,7 @@ in {
systemd.services.deno-netlify-ddns-client = {
enable = mkIf cfg.enable true;
after = ["network.target"];
after = [ "network.target" ];
script = ''
set -eu
password="$(cat "${cfg.passwordFile}")"

7
lib/modules/nixos/gnome.nix
View file

@ -2,8 +2,9 @@
pkgs,
lib,
...
}: {
imports = [./pipewire.nix];
}:
{
imports = [ ./pipewire.nix ];
# mkForce is used liberally to take precedence over KDE Plasma
# so I can have both "usable" at once
@ -21,7 +22,7 @@
services.xserver.desktopManager.gnome = {
enable = lib.mkDefault true;
extraGSettingsOverridePackages = [pkgs.gnome.mutter];
extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']

6
lib/modules/nixos/shell-config.nix
View file

@ -3,9 +3,11 @@
pkgs,
config,
...
}: let
}:
let
cfg = config.lyte.shell;
in {
in
{
options = {
lyte = {
shell = {

10
lib/overlays/default.nix
View file

@ -3,7 +3,8 @@
nixpkgs,
nixpkgs-unstable,
...
} @ inputs: {
}@inputs:
{
default = final: _prev: {
overlays = with self.overlays; [
additions
@ -14,9 +15,12 @@
additions = final: prev: (prev // self.outputs.packages.${prev.system});
modifications = final: prev: let
modifications =
final: prev:
let
inherit (inputs) helix ghostty;
in {
in
{
ghostty = ghostty.outputs.packages.${prev.system}.default;
helix = helix.outputs.packages.${prev.system}.default;
bitwarden = self.outputs.packages.${prev.system}.bitwarden;

21
lib/templates/deno/flake.nix
View file

@ -1,10 +1,12 @@
{
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
}: let
}:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
@ -14,10 +16,14 @@
"aarch64-darwin"
];
forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems;
in {
devShells = forEachSupportedSystem (system: let
pkgs = import nixpkgs {inherit system;};
in {
in
{
devShells = forEachSupportedSystem (
system:
let
pkgs = import nixpkgs { inherit system; };
in
{
deno-dev = pkgs.mkShell {
buildInputs = with pkgs; [
vscode-langservers-extracted
@ -29,6 +35,7 @@
};
default = outputs.devShells.${system}.deno-dev;
});
}
);
};
}

7
lib/templates/elixir/flake.nix
View file

@ -5,9 +5,12 @@
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs: let
outputs =
inputs:
let
inherit (import nix/boilerplate.nix inputs) call;
in {
in
{
overlays = import nix/overlays.nix;
packages = call (import nix/packages.nix);
checks = call (import nix/checks.nix);

23
lib/templates/elixir/nix/boilerplate.nix
View file

@ -1,16 +1,21 @@
inputs @ {
inputs@{
nixpkgs,
self,
...
}: let
}:
let
forSelfOverlay =
if builtins.hasAttr "forSelf" self.overlays
then self.overlays.forSelf
else (_: p: p);
in rec {
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"];
if builtins.hasAttr "forSelf" self.overlays then self.overlays.forSelf else (_: p: p);
in
rec {
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: ((import nixpkgs {inherit system;}).extend forSelfOverlay);
pkgsFor = system: ((import nixpkgs { inherit system; }).extend forSelfOverlay);
genPkgs = func: (forSystems (system: func (pkgsFor system)));
call = imported: genPkgs (pkgs: imported (inputs // {inherit pkgs;}));
call = imported: genPkgs (pkgs: imported (inputs // { inherit pkgs; }));
}

22
lib/templates/elixir/nix/checks.nix
View file

@ -2,28 +2,32 @@
git-hooks,
pkgs,
...
}: let
hook = {
}:
let
hook =
{
command,
stages ? ["pre-commit"],
stages ? [ "pre-commit" ],
...
}: {
}:
{
inherit stages;
enable = true;
name = command;
entry = command;
pass_filenames = false;
};
in {
in
{
git-hooks = git-hooks.lib.${pkgs.system}.run {
src = ./..;
hooks = {
alejandra.enable = true;
convco.enable = true;
credo = hook {command = "mix credo --strict";};
formatting = hook {command = "mix format --check-formatted";};
dialyzer = hook {command = "mix dialyzer";};
test = hook {command = "mix test";};
credo = hook { command = "mix credo --strict"; };
formatting = hook { command = "mix format --check-formatted"; };
dialyzer = hook { command = "mix dialyzer"; };
test = hook { command = "mix test"; };
};
};
}

6
lib/templates/elixir/nix/overlays.nix
View file

@ -2,8 +2,8 @@
forSelf = final: prev: {
erlang = prev.beam.packagesWith prev.beam.interpreters.erlang_27;
elixir = final.erlang.elixir_1_17;
mixRelease = final.erlang.mixRelease.override {elixir = final.elixir;};
fetchMixDeps = final.erlang.fetchMixDeps.override {elixir = final.elixir;};
elixir-ls = prev.elixir-ls.override {elixir = final.elixir;};
mixRelease = final.erlang.mixRelease.override { elixir = final.elixir; };
fetchMixDeps = final.erlang.fetchMixDeps.override { elixir = final.elixir; };
elixir-ls = prev.elixir-ls.override { elixir = final.elixir; };
};
}

6
lib/templates/elixir/nix/packages.nix
View file

@ -2,11 +2,13 @@
pkgs,
self,
...
}: let
}:
let
version = "1.0.0";
src = ../.;
pname = "my-package";
in {
in
{
${pname} = pkgs.mixRelease {
inherit pname version src;
mixFodDeps = pkgs.fetchMixDeps {

3
lib/templates/elixir/nix/shells.nix
View file

@ -2,7 +2,8 @@
pkgs,
self,
...
}: {
}:
{
elixir-dev = pkgs.mkShell {
shellHook = ''
${self.checks.${pkgs.system}.git-hooks.shellHook}

18
lib/templates/gleam/flake.nix
View file

@ -1,15 +1,23 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
...
}: let
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"];
}:
let
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: (import nixpkgs {inherit system;}).extend self.outputs.overlays.default;
pkgsFor = system: (import nixpkgs { inherit system; }).extend self.outputs.overlays.default;
genPkgs = func: (forSystems (system: func (pkgsFor system)));
in {
in
{
overlays.default = final: prev: {
erlangPackages = prev.beam.packagesWith prev.erlang_27;
erlang = final.erlangPackages.erlang;

26
lib/templates/godot/flake.nix
View file

@ -1,11 +1,13 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
...
}: let
}:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
@ -16,17 +18,25 @@
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in {
devShells = forAllSystems (system: let
pkgs = import nixpkgs {inherit system;};
in {
in
{
devShells = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system; };
in
{
default = outputs.devShells.${system}.godot;
godot = pkgs.mkShell {
buildInputs = with pkgs; [godot_4 gdtoolkit];
buildInputs = with pkgs; [
godot_4
gdtoolkit
];
shellHook = ''
echo -e "\e[0;30m\e[43m Use 'godot4 -e' to run the editor for this project. \e[0;30m\e[0m"
'';
};
});
}
);
};
}

21
lib/templates/nim/flake.nix
View file

@ -1,9 +1,11 @@
{
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs = {
outputs =
{
self,
nixpkgs,
}: let
}:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
@ -13,10 +15,14 @@
"aarch64-darwin"
];
forEachSupportedSystem = nixpkgs.lib.genAttrs supportedSystems;
in {
devShells = forEachSupportedSystem (system: let
pkgs = import nixpkgs {inherit system;};
in {
in
{
devShells = forEachSupportedSystem (
system:
let
pkgs = import nixpkgs { inherit system; };
in
{
nim-dev = pkgs.mkShell {
buildInputs = with pkgs; [
nim
@ -26,6 +32,7 @@
};
default = outputs.devShells.${system}.nim-dev;
});
}
);
};
}

7
lib/templates/rust/flake.nix
View file

@ -2,9 +2,12 @@
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
inputs.git-hooks.url = "github:cachix/git-hooks.nix";
inputs.git-hooks.inputs.nixpkgs.follows = "nixpkgs";
outputs = inputs: let
outputs =
inputs:
let
inherit (import nix/boilerplate.nix inputs) call genPkgs;
in {
in
{
# overlays = import nix/overlays.nix;
checks = call (import nix/checks.nix);
packages = call (import nix/packages.nix);

26
lib/templates/rust/nix/boilerplate.nix
View file

@ -1,16 +1,24 @@
inputs @ {
inputs@{
nixpkgs,
self,
...
}: let
}:
let
forSelfOverlay =
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays
then self.overlays.forSelf
else (_: p: p);
in rec {
systems = ["aarch64-linux" "x86_64-linux" "x86_64-darwin" "aarch64-darwin"];
if builtins.hasAttr "overlays" self && builtins.hasAttr "forSelf" self.overlays then
self.overlays.forSelf
else
(_: p: p);
in
rec {
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: ((import nixpkgs {inherit system;}).extend forSelfOverlay);
pkgsFor = system: ((import nixpkgs { inherit system; }).extend forSelfOverlay);
genPkgs = func: (forSystems (system: func (pkgsFor system)));
call = imported: genPkgs (pkgs: imported (inputs // {inherit pkgs;}));
call = imported: genPkgs (pkgs: imported (inputs // { inherit pkgs; }));
}

5
lib/templates/rust/nix/checks.nix
View file

@ -2,7 +2,8 @@
pkgs,
git-hooks,
...
}: {
}:
{
git-hooks = git-hooks.lib.${pkgs.system}.run {
src = ./..;
hooks = {
@ -16,7 +17,7 @@
# types = ["rust"];
# language = "rust";
pass_filenames = false;
stages = ["pre-commit"];
stages = [ "pre-commit" ];
};
clippy.enable = true;
rustfmt.enable = true;

6
lib/templates/rust/nix/packages.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (builtins) fromTOML readFile;
pname = "my-package";
src = ./..;
@ -20,7 +21,8 @@
cargoHash = pkgs.lib.fakeHash;
useFetchCargoVendor = true;
};
in {
in
{
${pname} = main-package;
default = main-package;
}

8
lib/templates/rust/nix/shells.nix
View file

@ -2,12 +2,14 @@
self,
pkgs,
...
}: let
}:
let
inherit (pkgs) system;
in {
in
{
default = pkgs.mkShell {
inherit (self.checks.${system}.git-hooks) shellHook;
inputsFrom = [self.packages.${system}.default];
inputsFrom = [ self.packages.${system}.default ];
packages = with pkgs; [
convco
rustPackages.clippy

1
nix/boilerplate.nix
View file

@ -1 +0,0 @@

5
nix/constants.nix
View file

@ -1,6 +1,7 @@
{nixpkgs, ...}: {
{ nixpkgs, ... }:
{
style = {
colors = (import ./lib/colors.nix {inherit (nixpkgs) lib;}).schemes.catppuccin-mocha-sapphire;
colors = (import ./lib/colors.nix { inherit (nixpkgs) lib; }).schemes.catppuccin-mocha-sapphire;
font = {
name = "IosevkaLyteTerm";

36
nix/machines.nix
View file

@ -1,5 +1,6 @@
beefcake = let
{
beefcake =
let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
@ -38,7 +39,6 @@
];
};
htpc = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
@ -113,7 +113,9 @@
./nixos/foxtrot.nix
({pkgs, ...}: {
(
{ pkgs, ... }:
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
senpai
@ -126,17 +128,15 @@
};
environment.systemPackages = with pkgs; [
fw-ectool
(writeShellApplication
{
(writeShellApplication {
name = "reset-wifi-module";
runtimeInputs = with pkgs; [kmod];
runtimeInputs = with pkgs; [ kmod ];
text = ''
modprobe -rv mt7921e
modprobe -v mt7921e
'';
})
(writeShellApplication
{
(writeShellApplication {
name = "perfmode";
# we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system
# otherwise, they will likely have no effect anyways
@ -145,8 +145,7 @@
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz'
'';
})
(writeShellApplication
{
(writeShellApplication {
name = "battmode";
text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver'
@ -154,7 +153,8 @@
'';
})
];
})
}
)
];
};
@ -238,7 +238,7 @@
{
_module.args = {
disks = ["/dev/nvme0n1"];
disks = [ "/dev/nvme0n1" ];
swapSize = "32G";
};
}
@ -278,10 +278,10 @@
{
_module.args = {
disks = ["/dev/sda"];
disks = [ "/dev/sda" ];
# swapSize = "8G";
};
esp = {};
esp = { };
}
outputs.diskoConfigurations.unencrypted
hardware.nixosModules.common-pc-laptop-ssd
@ -372,7 +372,8 @@
# .outputs
# .disk-image;
pinephone = let
pinephone =
let
inherit (nixpkgs-unstable) lib;
in
lib.nixosSystem {
@ -434,5 +435,4 @@
}
];
};
};
}

3
nix/users.nix
View file

@ -1,5 +1,6 @@
{
"deck" = let
"deck" =
let
system = "x86_64-linux";
pkgs = unstable.pkgsFor system;
in

8
packages/default.nix
View file

@ -1,6 +1,8 @@
{pkgs, ...}: let
iosevkaLyteTerm = pkgs.callPackage ./iosevkaLyteTerm.nix {};
in {
{ pkgs, ... }:
let
iosevkaLyteTerm = pkgs.callPackage ./iosevkaLyteTerm.nix { };
in
{
inherit iosevkaLyteTerm;
iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix {

3
packages/hosts/base.nix
View file

@ -2,7 +2,8 @@
config,
outputs,
...
}: {
}:
{
# a minimal, familiar setup that I can bootstrap atop
imports = with outputs.nixosModules; [
# may need to be tweaked based on the machine's paritioning scheme

274
packages/hosts/beefcake.nix
View file

@ -1,11 +1,11 @@
/*
if ur fans get loud:
if ur fans get loud:
# enable manual fan control
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
# enable manual fan control
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
# set fan speed to last byte as decimal
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# set fan speed to last byte as decimal
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
*/
{
/*
@ -16,7 +16,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
config,
pkgs,
...
}: {
}:
{
system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "beefcake";
@ -27,7 +28,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
networking.hostId = "541ede55";
boot = {
zfs = {
extraPools = ["zstorage"];
extraPools = [ "zstorage" ];
};
supportedFilesystems = {
zfs = true;
@ -36,9 +37,14 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
zfs = true;
};
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
initrd.availableKernelModules = ["ehci_pci" "mpt3sas" "usbhid" "sd_mod"];
kernelModules = ["kvm-intel"];
kernelParams = ["nohibernate"];
initrd.availableKernelModules = [
"ehci_pci"
"mpt3sas"
"usbhid"
"sd_mod"
];
kernelModules = [ "kvm-intel" ];
kernelParams = [ "nohibernate" ];
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
@ -51,7 +57,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B6C4-7CF4";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
/*
@ -73,16 +82,19 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# TODO: nfs with zfs?
# services.nfs.server.enable = true;
}
({
(
{
options,
config,
...
}: let
}:
let
inherit (lib) mkOption types;
in {
in
{
options.services.restic.commonPaths = mkOption {
type = types.nullOr (types.listOf types.str);
default = [];
default = [ ];
description = ''
Which paths to backup, in addition to ones specified via
`dynamicFilesFrom`. If null or an empty array and
@ -94,13 +106,14 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"/home/user/backup"
];
};
})
}
)
{
# sops secrets config
sops = {
defaultSopsFile = ../secrets/beefcake/secrets.yml;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
@ -108,7 +121,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}
{
sops.secrets = {
netlify-ddns-password = {mode = "0400";};
netlify-ddns-password = {
mode = "0400";
};
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path;
@ -117,7 +132,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{
# nix binary cache
sops.secrets = {
nix-cache-priv-key = {mode = "0400";};
nix-cache-priv-key = {
mode = "0400";
};
};
services.nix-serve = {
enable = true; # TODO: true
@ -136,7 +153,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# regularly build this flake so we have stuff in the cache
# TODO: schedule this for nightly builds instead of intervals based on boot time
systemd.timers."build-lytedev-flake" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "30m"; # 30 minutes after booting
OnUnitActiveSec = "1d"; # every day afterwards
@ -166,7 +183,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# build main laptop configuration
nixos-rebuild build --flake git+https://git.lyte.dev/lytedev/nix.git#foxtrot --accept-flake-config
'';
path = with pkgs; [openssh git nixos-rebuild];
path = with pkgs; [
openssh
git
nixos-rebuild
];
serviceConfig = {
# TODO: mkdir -p...?
WorkingDirectory = "/home/daniel/.home/.cache/nightly-flake-builds";
@ -217,13 +238,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
reverse_proxy http://localhost:${toString config.services.headscale.port}
'';
};
networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [3478];
networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [ 3478 ];
}
{
services.restic.commonPaths = ["/var/lib/soju" "/var/lib/private/soju"];
services.restic.commonPaths = [
"/var/lib/soju"
"/var/lib/private/soju"
];
services.soju = {
enable = true;
listen = ["irc+insecure://:6667"];
listen = [ "irc+insecure://:6667" ];
};
networking.firewall.allowedTCPPorts = [
6667
@ -236,7 +260,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
createHome = false;
group = "nextcloud";
};
users.groups.nextcloud = {};
users.groups.nextcloud = { };
sops.secrets = {
nextcloud-admin-password = {
owner = "nextcloud";
@ -259,7 +283,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"/storage/nextcloud"
];
services.postgresql = {
ensureDatabases = ["nextcloud"];
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
@ -274,7 +298,13 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
extraAppsEnable = true;
autoUpdateApps.enable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts notes onlyoffice tasks;
inherit
calendar
contacts
notes
onlyoffice
tasks
;
};
package = pkgs.nextcloud28;
home = "/storage/nextcloud";
@ -311,7 +341,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
services.caddy.virtualHosts."nextcloud.h.lyte.dev" = let
services.caddy.virtualHosts."nextcloud.h.lyte.dev" =
let
fpm-nextcloud-pool = config.services.phpfpm.pools.nextcloud;
root = config.services.nginx.virtualHosts.${config.services.nextcloud.hostName}.root;
in
@ -374,7 +405,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{
# plausible
services.postgresql = {
ensureDatabases = ["plausible"];
ensureDatabases = [ "plausible" ];
ensureUsers = [
{
name = "plausible";
@ -388,7 +419,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
group = "plausible";
};
users.extraGroups = {
"plausible" = {};
"plausible" = { };
};
services.plausible = {
enable = true;
@ -472,7 +503,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
{
# family storage
users.extraGroups = {
"family" = {};
"family" = { };
};
systemd.tmpfiles.settings = {
"10-family" = {
@ -517,8 +548,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
};
users.groups.daniel.members = ["daniel"];
users.groups.nixadmin.members = ["daniel"];
users.groups.daniel.members = [ "daniel" ];
users.groups.nixadmin.members = [ "daniel" ];
users.users.daniel = {
extraGroups = [
# "nixadmin" # write access to /etc/nixos/ files
@ -536,7 +567,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
];
services.postgresql = {
ensureDatabases = ["daniel"];
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
@ -680,7 +711,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# friends
users.users.ben = {
isNormalUser = true;
packages = [pkgs.vim];
packages = [ pkgs.vim ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com"
];
@ -688,14 +719,16 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
users.users.alan = {
isNormalUser = true;
packages = [pkgs.vim];
packages = [ pkgs.vim ];
# openssh.authorizedKeys.keys = [];
};
}
{
# restic backups
sops.secrets = {
restic-ssh-priv-key-benland = {mode = "0400";};
restic-ssh-priv-key-benland = {
mode = "0400";
};
restic-rascal-passphrase = {
mode = "0400";
};
@ -703,15 +736,15 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
mode = "0400";
};
};
users.groups.restic = {};
users.groups.restic = { };
users.users.restic = {
# used for other machines to backup to
isSystemUser = true;
createHome = true;
home = "/storage/backups/restic";
group = "restic";
extraGroups = ["sftponly"];
openssh.authorizedKeys.keys = [] ++ config.users.users.daniel.openssh.authorizedKeys.keys;
extraGroups = [ "sftponly" ];
openssh.authorizedKeys.keys = [ ] ++ config.users.users.daniel.openssh.authorizedKeys.keys;
};
services.openssh.extraConfig = ''
Match Group sftponly
@ -730,38 +763,35 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
};
services.restic.backups = let
services.restic.backups =
let
# TODO: How do I set things up so that a compromised server doesn't have access to my backups so that it can corrupt or ransomware them?
defaults = {
passwordFile = config.sops.secrets.restic-rascal-passphrase.path;
paths =
config.services.restic.commonPaths
++ [
paths = config.services.restic.commonPaths ++ [
];
initialize = true;
exclude = [];
exclude = [ ];
timerConfig = {
OnCalendar = ["04:45" "17:45"];
OnCalendar = [
"04:45"
"17:45"
];
};
};
in {
local =
defaults
// {
in
{
local = defaults // {
repository = "/storage/backups/local";
};
rascal =
defaults
// {
rascal = defaults // {
extraOptions = [
''sftp.command="ssh beefcake@rascal.hare-cod.ts.net -i ${config.sops.secrets.restic-rascal-ssh-private-key.path} -s sftp"''
];
repository = "sftp://beefcake@rascal.hare-cod.ts.net://storage/backups/beefcake";
};
# TODO: add ruby?
benland =
defaults
// {
benland = defaults // {
extraOptions = [
''sftp.command="ssh daniel@n.benhaney.com -p 10022 -i ${config.sops.secrets.restic-ssh-priv-key-benland.path} -s sftp"''
];
@ -813,7 +843,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
}
({...}: let
(
{ ... }:
let
theme = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz";
sha256 = "sha256-et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI=";
@ -832,9 +864,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
sha256 = "sha256-CdMTRXoQ3AI76aHW/sTqvZo1q/0XQdnQs9V1vGmiffY=";
};
};
forgejoCustomCss =
pkgs.writeText "iosevkalyte.css"
''
forgejoCustomCss = pkgs.writeText "iosevkalyte.css" ''
@font-face {
font-family: ldiosevka;
font-style: normal;
@ -862,15 +892,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
--fonts-monospace: ldiosevka, ui-monospace, SFMono-Regular, "SF Mono", Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace, var(--fonts-emoji);
}
'';
forgejoCustomHeaderTmpl =
pkgs.writeText "header.tmpl"
''
forgejoCustomHeaderTmpl = pkgs.writeText "header.tmpl" ''
<link rel="stylesheet" href="/assets/css/iosevkalyte.css" />
<script async="" defer="" data-domain="git.lyte.dev" src="https://a.lyte.dev/js/script.js"></script>
'';
forgejoCustomHomeTmpl =
pkgs.writeText "home.tmpl"
''
forgejoCustomHomeTmpl = pkgs.writeText "home.tmpl" ''
{{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8">
@ -923,7 +949,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
</div>
{{template "base/footer" .}}
'';
in {
in
{
# systemd.tmpfiles.settings = {
# "10-forgejo" = {
# "/storage/forgejo" = {
@ -998,9 +1025,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
config.services.forgejo.stateDir
];
sops.secrets = {
"forgejo-runner.env" = {mode = "0400";};
"forgejo-runner.env" = {
mode = "0400";
};
systemd.services.gitea-runner-beefcake.after = ["sops-nix.service"];
};
systemd.services.gitea-runner-beefcake.after = [ "sops-nix.service" ];
systemd.services.forgejo = {
preStart = lib.mkAfter ''
@ -1069,7 +1098,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
'';
};
})
}
)
{
services.restic.commonPaths = [
config.services.vaultwarden.backupDir
@ -1100,10 +1130,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
group = "atuin";
};
users.extraGroups = {
"atuin" = {};
"atuin" = { };
};
services.postgresql = {
ensureDatabases = ["atuin"];
ensureDatabases = [ "atuin" ];
ensureUsers = [
{
name = "atuin";
@ -1246,15 +1276,18 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
];
*/
}
({...}: let
(
{ ... }:
let
port = 26969;
dir = "/storage/flanilla";
user = "flanilla";
in
# uid = config.users.users.flanilla.uid;
# gid = config.users.groups.flanilla.gid;
in {
{
# flanilla family minecraft server
users.groups.${user} = {};
users.groups.${user} = { };
users.users.${user} = {
isSystemUser = true;
createHome = false;
@ -1269,7 +1302,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
];
image = "docker.io/itzg/minecraft-server";
# user = "${toString uid}:${toString gid}";
extraOptions = ["--tty" "--interactive"];
extraOptions = [
"--tty"
"--interactive"
];
environment = {
EULA = "true";
MOTD = "Flanilla Survival! Happy hunting!";
@ -1288,7 +1324,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
ENABLE_QUERY = "true";
ENABLE_COMMAND_BLOCK = "true";
};
ports = ["${toString port}:25565"];
ports = [ "${toString port}:25565" ];
volumes = [
"${dir}/data:/data"
@ -1317,20 +1353,24 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
};
services.restic.commonPaths = [dir];
services.restic.commonPaths = [ dir ];
networking.firewall.allowedTCPPorts = [
port
];
})
({...}: let
}
)
(
{ ... }:
let
port = 26968;
dir = "/storage/flanilla-creative";
user = "flanilla";
in
# uid = config.users.users.flanilla.uid;
# gid = config.users.groups.flanilla.gid;
in {
{
# flanilla family minecraft server
users.groups.${user} = {};
users.groups.${user} = { };
users.users.${user} = {
isSystemUser = true;
createHome = false;
@ -1341,7 +1381,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
autoStart = true;
image = "docker.io/itzg/minecraft-server";
# user = "${toString uid}:${toString gid}";
extraOptions = ["--tty" "--interactive"];
extraOptions = [
"--tty"
"--interactive"
];
environment = {
EULA = "true";
MOTD = "Flanilla Creative! Have fun building!";
@ -1360,7 +1403,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
ENABLE_QUERY = "true";
ENABLE_COMMAND_BLOCK = "true";
};
ports = ["${toString port}:25565"];
ports = [ "${toString port}:25565" ];
volumes = [
"${dir}/data:/data"
@ -1389,29 +1432,33 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
};
services.restic.commonPaths = [dir];
services.restic.commonPaths = [ dir ];
networking.firewall.allowedTCPPorts = [
port
];
})
({
}
)
(
{
config,
options,
...
}: let
}:
let
domain = "idm.h.lyte.dev";
name = "kanidm";
user = name;
group = name;
storage = "/storage/${name}";
in {
in
{
# kanidm
config = {
# reload certs from caddy every 5 minutes
# TODO: ideally some kind of file watcher service would make way more sense here?
# or we could simply setup the permissions properly somehow?
systemd.timers."copy-kanidm-certificates-from-caddy" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "10m"; # 10 minutes after booting
OnUnitActiveSec = "5m"; # every 5 minutes afterwards
@ -1428,7 +1475,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
cd /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev
install -m 0700 -o "${name}" -g "${name}" idm.h.lyte.dev.key idm.h.lyte.dev.crt "${storage}/certs"
'';
path = with pkgs; [rsync];
path = with pkgs; [ rsync ];
serviceConfig = {
Type = "oneshot";
User = "root";
@ -1521,7 +1568,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
'';
};
};
})
}
)
{
systemd.tmpfiles.settings = {
"10-audiobookshelf" = {
@ -1548,7 +1596,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
};
};
};
users.groups.audiobookshelf = {};
users.groups.audiobookshelf = { };
users.users.audiobookshelf = {
isSystemUser = true;
group = "audiobookshelf";
@ -1584,13 +1632,25 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
job_name = "beefcake";
static_configs = [
{
targets = let inherit (config.services.prometheus.exporters.node) port listenAddress; in ["${listenAddress}:${toString port}"];
targets =
let
inherit (config.services.prometheus.exporters.node) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
}
{
targets = let inherit (config.services.prometheus.exporters.zfs) port listenAddress; in ["${listenAddress}:${toString port}"];
targets =
let
inherit (config.services.prometheus.exporters.zfs) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
}
{
targets = let inherit (config.services.prometheus.exporters.postgres) port listenAddress; in ["${listenAddress}:${toString port}"];
targets =
let
inherit (config.services.prometheus.exporters.postgres) port listenAddress;
in
[ "${listenAddress}:${toString port}" ];
}
];
}
@ -1754,8 +1814,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
containers.actual = {
image = "ghcr.io/actualbudget/actual-server:25.2.1";
autoStart = true;
ports = ["5006:5006"];
volumes = ["/storage/actual:/data"];
ports = [ "5006:5006" ];
volumes = [ "/storage/actual:/data" ];
};
};
@ -1769,7 +1829,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
package = pkgs.factorio-headless.override {
versionsJson = ./factorio-versions.json;
};
admins = ["lytedev"];
admins = [ "lytedev" ];
autosave-interval = 5;
game-name = "Flanwheel Online";
description = "Space Age 2.0";
@ -1783,17 +1843,22 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
extraSettingsFile = config.sops.secrets.factorio-server-settings.path;
};
sops.secrets = {
factorio-server-settings = {mode = "0777";};
factorio-server-settings = {
mode = "0777";
};
};
}
({
(
{
pkgs,
config,
...
}: let
}:
let
port = builtins.head config.services.conduwuit.settings.global.port;
sPort = toString port;
in {
in
{
sops.secrets.matrix-registration-token-file.mode = "0400";
services.conduwuit = {
enable = true;
@ -1815,7 +1880,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
'';
# TODO: backups
# TODO: reverse proxy
})
}
)
];
/*

25
packages/hosts/bigtower.nix
View file

@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "bigtower";
@ -14,22 +15,25 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28";
fsType = "btrfs";
options = ["subvol=root"];
options = [ "subvol=root" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28";
fsType = "btrfs";
options = ["subvol=nix"];
options = [ "subvol=nix" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/5b6c2d65-2704-4ed1-b06d-5ee7110b3d28";
fsType = "btrfs";
options = ["subvol=home"];
options = [ "subvol=home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CE80-4623";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
}
];
@ -43,9 +47,14 @@
# kernelPackages = pkgs.linuxPackages_zen;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci" "usbhid"];
kernelModules = ["kvm-amd"];
supportedFilesystems = ["ntfs"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "ntfs" ];
};
hardware.bluetooth = {

61
packages/hosts/default.nix
View file

@ -8,21 +8,32 @@
nixpkgs-unstable,
home-manager-unstable,
...
}: let
baseHost = {
}:
let
baseHost =
{
nixpkgs,
home-manager,
...
}: (path: ({system ? "x86_64-linux"}: (nixpkgs.lib.nixosSystem {
}:
(
path:
(
{
system ? "x86_64-linux",
}:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [
({
(
{
config,
lib,
pkgs,
modulesPath,
...
}: {
}:
{
imports = with self.outputs.nixosModules; [
(modulesPath + "/installer/scan/not-detected.nix")
home-manager.nixosModules.home-manager
@ -47,7 +58,7 @@
sops = {
age = {
sshKeyPaths = lib.mkDefault ["/etc/ssh/ssh_host_ed25519_key"];
sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
generateKey = lib.mkDefault true;
};
@ -55,15 +66,16 @@
nix = {
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
registry = lib.mapAttrs (_: value: {flake = value;}) self.inputs;
registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;
settings =
{
trusted-users = lib.mkDefault ["@wheel"];
extra-experimental-features = lib.mkDefault ["nix-command" "flakes"];
settings = {
trusted-users = lib.mkDefault [ "@wheel" ];
extra-experimental-features = lib.mkDefault [
"nix-command"
"flakes"
];
auto-optimise-store = lib.mkDefault true;
}
// self.nixConfig;
} // self.nixConfig;
};
systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
@ -77,7 +89,7 @@
home-manager.backupFileExtension = lib.mkDefault "hm-backup";
users.users.root = {
openssh.authorizedKeys.keys = lib.mkDefault [self.constants.pubkey];
openssh.authorizedKeys.keys = lib.mkDefault [ self.constants.pubkey ];
};
services = {
@ -123,7 +135,8 @@
useXkbConfig = lib.mkDefault true;
earlySetup = lib.mkDefault true;
colors = with self.constants.style.colors;
colors =
with self.constants.style.colors;
lib.mkDefault [
bg
red
@ -154,7 +167,8 @@
};
};
};
})
}
)
{
_module.args = {
@ -164,14 +178,17 @@
}
(import path)
];
})));
stableHost = baseHost {inherit nixpkgs home-manager;};
})
)
);
stableHost = baseHost { inherit nixpkgs home-manager; };
host = baseHost {
nixpkgs = nixpkgs-unstable;
home-manager = home-manager-unstable;
};
in {
beefcake = stableHost ./beefcake.nix {};
dragon = host ./dragon.nix {};
arm-dragon = host ./dragon.nix {system = "aarch64-linux";};
in
{
beefcake = stableHost ./beefcake.nix { };
dragon = host ./dragon.nix { };
arm-dragon = host ./dragon.nix { system = "aarch64-linux"; };
}

20
packages/hosts/dragon.nix
View file

@ -5,7 +5,8 @@
hardware,
diskoConfigurations,
...
}: {
}:
{
system.stateVersion = "24.11";
home-manager.users.daniel.home.stateVersion = "24.11";
networking.hostName = "dragon";
@ -14,19 +15,26 @@
kernelPackages = pkgs.linuxPackages_latest;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci" "usbhid"];
kernelModules = ["kvm-amd"];
supportedFilesystems = ["ntfs"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "ntfs" ];
};
imports = with hardware; [
(diskoConfigurations.unencrypted {disk = "/dev/nvme0n1";})
(diskoConfigurations.unencrypted { disk = "/dev/nvme0n1"; })
common-cpu-amd
common-gpu-amd
common-pc-ssd
];
sops.secrets.ddns-pass = {mode = "0400";};
sops.secrets.ddns-pass = {
mode = "0400";
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.ddns-pass.path;
enable = true;

43
packages/hosts/foxtrot.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
{
system.stateVersion = "24.11";
@ -19,7 +20,7 @@
# boot.resumeDevice = "/dev/disk/by-uuid/81c3354a-f629-4b6b-a249-7705aeb9f0d5";
# systemd.sleep.extraConfig = "HibernateDelaySec=180m";
services.fwupd.enable = true;
services.fwupd.extraRemotes = ["lvfs-testing"];
services.fwupd.extraRemotes = [ "lvfs-testing" ];
}
];
@ -75,10 +76,12 @@
}
];
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
settings = {
listener = [
{
@ -205,8 +208,12 @@
# NOTE(oninstall):
"resume_offset=3421665"
];
initrd.availableKernelModules = ["xhci_pci" "nvme" "thunderbolt"];
kernelModules = ["kvm-amd"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"thunderbolt"
];
kernelModules = [ "kvm-amd" ];
};
hardware.bluetooth = {
enable = true;
@ -214,19 +221,19 @@
# simply resume the power state at the time of hibernation
powerOnBoot = false;
package = pkgs.bluez.overrideAttrs (finalAttrs: previousAttrs: rec {
package = pkgs.bluez.overrideAttrs (
finalAttrs: previousAttrs: rec {
version = "5.78";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/bluetooth/bluez-${version}.tar.xz";
sha256 = "sha256-gw/tGRXF03W43g9eb0X83qDcxf9f+z0x227Q8A1zxeM=";
};
patches = [];
buildInputs =
previousAttrs.buildInputs
++ [
patches = [ ];
buildInputs = previousAttrs.buildInputs ++ [
pkgs.python3Packages.pygments
];
});
}
);
};
powerManagement.cpuFreqGovernor = "ondemand";
/*
@ -269,19 +276,23 @@
};
*/
networking.firewall.allowedTCPPorts = let
networking.firewall.allowedTCPPorts =
let
stardewValley = 24642;
factorio = 34197;
in [
in
[
8000 # dev stuff
factorio
stardewValley
7777
];
networking.firewall.allowedUDPPorts = let
networking.firewall.allowedUDPPorts =
let
stardewValley = 24642;
factorio = 34197;
in [
in
[
8000 # dev stuff
factorio
stardewValley

20
packages/hosts/htpc.nix
View file

@ -3,7 +3,8 @@
config,
lib,
...
}: {
}:
{
networking.hostName = "htpc";
networking.networkmanager.enable = true;
@ -12,9 +13,18 @@
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["8821au" "8812au"];
boot.kernelModules = ["kvm-intel"];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [
"8821au"
"8812au"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [
# pkgs.rtl8811au
config.boot.kernelPackages.rtl8812au
@ -26,7 +36,7 @@
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
hardware.bluetooth = {
enable = true;

19
packages/hosts/htpifour.nix
View file

@ -5,7 +5,8 @@
outputs,
modulesPath,
...
}: {
}:
{
nixpkgs.hostPlatform = "aarch64-linux";
networking.hostName = "htpifour";
@ -31,10 +32,14 @@
console.enable = false;
home-manager.users.daniel = {
imports = with outputs.homeManagerModules; [linux-desktop wallpaper-manager];
imports = with outputs.homeManagerModules; [
linux-desktop
wallpaper-manager
];
};
environment.systemPackages = with pkgs;
environment.systemPackages =
with pkgs;
#with pkgs;
[
# libcec
@ -82,7 +87,11 @@
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"];
initrd.availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@ -99,7 +108,7 @@
allowedTCPPorts = [
22 # ssh
];
allowedUDPPorts = [];
allowedUDPPorts = [ ];
};
};

32
packages/hosts/rascal.nix
View file

@ -2,13 +2,21 @@
config,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "uas" "sd_mod"];
boot.kernelModules = ["kvm-amd"];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"uas"
"sd_mod"
];
boot.kernelModules = [ "kvm-amd" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d";
@ -25,17 +33,15 @@
device = "/dev/sda";
};
users.groups.beefcake = {};
users.groups.beefcake = { };
users.users = {
beefcake = {
isSystemUser = true;
createHome = true;
home = "/storage/backups/beefcake";
group = "beefcake";
extraGroups = ["sftponly"];
openssh.authorizedKeys.keys =
config.users.users.daniel.openssh.authorizedKeys.keys
++ [
extraGroups = [ "sftponly" ];
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
];
@ -44,7 +50,13 @@
daniel = {
# used for restic backups
isNormalUser = true;
extraGroups = ["users" "wheel" "video" "dialout" "uucp"];
extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
@ -68,7 +80,7 @@
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [22];
allowedTCPPorts = [ 22 ];
};
};

71
packages/hosts/router.nix
View file

@ -4,7 +4,8 @@
# outputs,
pkgs,
...
}: let
}:
let
/*
NOTE: My goal is to be able to apply most of the common tweaks to the router
either live on the system for ad-hoc changes (such as forwarding a port for a
@ -83,7 +84,8 @@
"net.ipv6.conf.${interfaces.wan.name}.use_tempaddr" = 2;
# "net.ipv6.conf.${interfaces.wan.name}.addr_gen_mode" = 2;
};
in {
in
{
imports = [
{
# hardware
@ -92,31 +94,34 @@ in {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = ["xhci_pci"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
initrd.availableKernelModules = [ "xhci_pci" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802";
fsType = "btrfs";
options = ["subvol=root"];
options = [ "subvol=root" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802";
fsType = "btrfs";
options = ["subvol=nix"];
options = [ "subvol=nix" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/6ec80156-62e0-4f6f-b6eb-e2f588f88802";
fsType = "btrfs";
options = ["subvol=home"];
options = [ "subvol=home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7F78-7AE8";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = "performance";
@ -131,21 +136,21 @@ in {
sops = {
defaultSopsFile = ../secrets/router/secrets.yml;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
netlify-ddns-password = {mode = "0400";};
netlify-ddns-password = {
mode = "0400";
};
};
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path;
};
boot.kernel.sysctl =
sysctl-entries
// {
boot.kernel.sysctl = sysctl-entries // {
};
networking = {
@ -174,12 +179,14 @@ in {
# the main meat and potatoes for most routers, the firewall configuration
# TODO: IPv6
nftables = let
nftables =
let
inf = {
lan = interfaces.lan.name;
wan = interfaces.wan.name;
};
in {
in
{
enable = true;
checkRuleset = true;
flushRuleset = true;
@ -460,7 +467,11 @@ in {
*/
enable-ra = true;
server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"];
server = [
"1.1.1.1"
"9.9.9.9"
"8.8.8.8"
];
domain-needed = true;
bogus-priv = true;
@ -477,28 +488,36 @@ in {
dhcp-host =
[
]
++ (lib.attrsets.mapAttrsToList (name: {
++ (lib.attrsets.mapAttrsToList (
name:
{
ip,
identifier ? name,
time ? "12h",
...
}: "${name},${ip},${identifier},${time}")
hosts);
}:
"${name},${ip},${identifier},${time}"
) hosts);
address =
[
"/${hostname}.${domain}/${ip}"
]
++ (lib.lists.flatten (lib.attrsets.mapAttrsToList (name: {
++ (lib.lists.flatten (
lib.attrsets.mapAttrsToList (
name:
{
ip,
additionalHosts ? [],
additionalHosts ? [ ],
identifier ? name,
time ? "12h",
}: [
}:
[
"/${name}.${domain}/${ip}"
(lib.lists.forEach additionalHosts (h: "/${h}/${ip}"))
])
hosts));
]
) hosts
));
# local domains
local = "/lan/";

57
packages/hosts/thablet.nix
View file

@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
networking.hostName = "thablet";
boot.loader.systemd-boot.enable = true;
@ -17,7 +18,7 @@
environment.systemPackages =
#with pkgs;
[];
[ ];
# https://wiki.archlinux.org/title/Lenovo_ThinkPad_X1_Yoga_(Gen_3)#Using_acpi_call
systemd.services.activate-touch-hack = {
@ -25,7 +26,12 @@
description = "Touch wake Thinkpad X1 Yoga 3rd gen hack";
unitConfig = {
After = ["suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target"];
After = [
"suspend.target"
"hibernate.target"
"hybrid-sleep.target"
"suspend-then-hibernate.target"
];
};
serviceConfig = {
@ -34,13 +40,26 @@
'';
};
wantedBy = ["suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target"];
wantedBy = [
"suspend.target"
"hibernate.target"
"hybrid-sleep.target"
"suspend-then-hibernate.target"
];
};
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel" "acpi_call"];
boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-intel"
"acpi_call"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@ -65,12 +84,20 @@
};
networking = {
firewall = let
firewall =
let
terraria = 7777;
stardew-valley = 24642;
in {
allowedTCPPorts = [terraria stardew-valley];
allowedUDPPorts = [terraria stardew-valley];
in
{
allowedTCPPorts = [
terraria
stardew-valley
];
allowedUDPPorts = [
terraria
stardew-valley
];
};
};
@ -104,10 +131,12 @@
];
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
settings = {
listener = [
{

15
packages/hosts/thinker.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
networking.hostName = "thinker";
boot = {
@ -13,7 +14,11 @@
https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
*/
# kernelParams = ["boot.shell_on_fail"];
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"];
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
];
};
home-manager.users.daniel = {
@ -39,10 +44,12 @@
}
];
};
services.hypridle = let
services.hypridle =
let
secondsPerMinute = 60;
lockSeconds = 10 * secondsPerMinute;
in {
in
{
settings = {
listener = [
{

14
packages/iosevkaLyteTerm.nix
View file

@ -1,6 +1,9 @@
{iosevka, ...}: let
{ iosevka, ... }:
let
set = "LyteTerm";
in ((iosevka.override {
in
(
(iosevka.override {
inherit set;
privateBuildPlan = ''
@ -122,8 +125,8 @@ in ((iosevka.override {
question = 'smooth'
punctuation-dot = 'round'
'';
})
.overrideAttrs {
}).overrideAttrs
{
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
@ -142,4 +145,5 @@ in ((iosevka.override {
install "dist/$pname/WOFF2"/* "$wfontdir"
runHook postInstall
'';
})
}
)

9
packages/iosevkaLyteTermSubset.nix
View file

@ -9,8 +9,13 @@ pkgs.stdenvNoCC.mkDerivation {
inherit (iosevkaLyteTerm) version;
pname = "${iosevkaLyteTerm.pname}Subset";
buildInputs = [parallel] ++ (with python311Packages; [fonttools brotli]);
PYTHONPATH = pkgs.python3.withPackages (pp: with pp; [brotli]);
buildInputs =
[ parallel ]
++ (with python311Packages; [
fonttools
brotli
]);
PYTHONPATH = pkgs.python3.withPackages (pp: with pp; [ brotli ]);
src = iosevkaLyteTerm;
installPhase = ''