lytedev/nix
1
0
Fork 1
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: lytedev:beefcake-revival
Branches Tags
lytedev:main
lytedev:pinephone
lytedev:beefcake-revival
lytedev:wezterm
lytedev:fix-api-lyte-dev
lytedev:tear-it-up
lytedev:wip-no-special-args
lytedev:kde
lytedev:reorg
lytedev:reduce-common
lytedev:template
...
pull from: lytedev:main
Branches Tags
lytedev:main
lytedev:pinephone
lytedev:beefcake-revival
lytedev:wezterm
lytedev:fix-api-lyte-dev
lytedev:tear-it-up
lytedev:wip-no-special-args
lytedev:kde
lytedev:reorg
lytedev:reduce-common
lytedev:template

89 commits
beefcake-r ... main

Author SHA1 Message Date
Daniel Flanagan 5ad3a220a7 Fix soju account by updating password
Some checks failed
/ check (push) Failing after 3m20s
Details
2024-10-15 10:43:21 -05:00
Daniel Flanagan 06427b694c Building jovian
Some checks failed
/ check (push) Failing after 3m48s
Details
2024-10-15 10:10:28 -05:00
Daniel Flanagan 66c0f17e46 fix: game-password -> game_password
Some checks failed
/ check (push) Failing after 2m57s
Details
2024-10-14 09:58:40 -05:00
Daniel Flanagan c8bf3ae618 clean up since online works with lan=true
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-14 09:58:00 -05:00
Daniel Flanagan 8afad6f40c Add factorio server in preparation for 2.0 release
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-14 09:54:39 -05:00
Daniel Flanagan 0cfb985723 Merge remote-tracking branch 'origin/main'
Some checks failed
/ check (push) Failing after 2m59s
Details
2024-10-10 11:46:27 -05:00
Daniel Flanagan 303ca8c871 Fix minecraft server so saving works
Some checks failed
/ check (push) Failing after 3m0s
Details
2024-10-10 11:46:03 -05:00
Daniel Flanagan e8dd91e345 Add radio tools module
Some checks failed
/ check (push) Failing after 3m4s
Details
2024-10-09 13:44:02 -05:00
Daniel Flanagan 2b4b1c5850 Well, we tried
Some checks failed
/ check (push) Failing after 50s
Details
2024-10-09 11:04:24 -05:00
Daniel Flanagan a1acf60896 I think this will build an SD image with an installer?
Some checks failed
/ check (push) Failing after 57s
Details
2024-10-09 10:05:14 -05:00
Daniel Flanagan 2c541801e6 Add image 2024-10-09 09:57:09 -05:00
Daniel Flanagan 352d4412f2 Use pkgsCross
Some checks failed
/ check (push) Failing after 3m1s
Details
2024-10-09 09:44:36 -05:00
Daniel Flanagan a3997d519a Update actual
Some checks failed
/ check (push) Failing after 2m58s
Details
2024-10-08 21:06:11 -05:00
Daniel Flanagan 64e4c9c1b2 Started building at least...?
Some checks failed
/ check (push) Failing after 2m58s
Details
2024-10-08 20:22:11 -05:00
Daniel Flanagan 337e587f92 Use nixpkgs-unstable (duh)
Some checks failed
/ check (push) Failing after 3m6s
Details
2024-10-08 19:46:46 -05:00
Daniel Flanagan 1bb83efeef WIP pinephone
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-08 19:42:33 -05:00
Daniel Flanagan a7b81162d5 We'll flatpak these
Some checks failed
/ check (push) Failing after 3m4s
Details
2024-10-08 10:19:06 -05:00
Daniel Flanagan 1bec150b17 Fix bad polkit setting
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-08 10:17:56 -05:00
Daniel Flanagan bec787e6ff Include PATH in sway systemd vars
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-08 10:17:22 -05:00
Daniel Flanagan 3eba3a553d Update actual to use the simplefin sync feature
Some checks failed
/ check (push) Failing after 3m0s
Details
2024-10-07 10:24:28 -05:00
Daniel Flanagan 9630de5237 Hibernate delay
Some checks failed
/ check (push) Failing after 2m56s
Details
2024-10-03 23:23:12 -05:00
Daniel Flanagan a3fa043cb9 Add motd
Some checks failed
/ check (push) Failing after 3m2s
Details
2024-10-03 09:41:10 -05:00
Daniel Flanagan 6624b11014 Peach, understand...
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-03 09:29:26 -05:00
Daniel Flanagan 226c7993b1 Add family minecraft servers
Some checks failed
/ check (push) Has been cancelled
Details
2024-10-03 09:23:44 -05:00
Daniel Flanagan ce00bd6fed bash -x -c for simpler command echoing
Some checks failed
/ check (push) Failing after 3m2s
Details
2024-09-30 09:16:54 -05:00
Daniel Flanagan 556c58f0fb Merge remote-tracking branch 'origin/main'
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-30 09:16:13 -05:00
Daniel Flanagan c007790ecf Add some snippy scripts for foxtrot quick switching between performance modes 2024-09-30 09:14:12 -05:00
Daniel Flanagan 095bfdddfc Merge remote-tracking branch 'origin/main'
Some checks failed
/ check (push) Failing after 3m0s
Details
2024-09-23 15:01:52 -05:00
Daniel Flanagan e8564cbae0 Fix bluetooth icon 2024-09-23 15:01:39 -05:00
Daniel Flanagan 9cc15d53fa Add comma
Some checks failed
/ check (push) Failing after 3m0s
Details
2024-09-23 10:21:22 -05:00
Daniel Flanagan a33de2c711 Some cleanup, plasma6 out by default
Some checks failed
/ check (push) Failing after 3m8s
Details
2024-09-22 20:20:15 -05:00
Daniel Flanagan 9e8ce71b65 Add comma 2024-09-19 11:32:33 -05:00
Daniel Flanagan 1469810d2b laptop monitor above
All checks were successful
/ check (push) Successful in 3m50s
Details
2024-09-18 09:43:31 -05:00
Daniel Flanagan b8ac83f1a1 Add comment with pipewire profile for fw13 speakers
All checks were successful
/ check (push) Successful in 3m50s
Details
2024-09-17 12:12:40 -05:00
Daniel Flanagan f676b4d7a5 Merge remote-tracking branch 'origin/main'
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-17 12:06:43 -05:00
Daniel Flanagan a733249377 Allow media keys even when sway is locked 2024-09-17 12:06:20 -05:00
Daniel Flanagan 494a9727c7 Rascale host
All checks were successful
/ check (push) Successful in 3m48s
Details
2024-09-17 08:56:54 -05:00
Daniel Flanagan 8aab4b1056 Flake check
All checks were successful
/ check (push) Successful in 1m58s
Details
2024-09-16 16:38:16 -05:00
Daniel Flanagan 035fdc710b Increase default timeout
Some checks failed
/ check (push) Failing after 3m21s
Details 
I need to investigate why these calls take so long:

1. Deno Deploy cold starts?
2. Netlify rate limits or slowness? Can I make some use of caching?
 2024-09-14 09:51:07 -05:00
Daniel Flanagan 09b4567c92 Redact sensitive info from ddns client while also logging verbosely
All checks were successful
/ check (push) Successful in 2m9s
Details
2024-09-14 09:49:35 -05:00
Daniel Flanagan c2e03c50ae Try again
Some checks failed
/ check (push) Failing after 3m19s
Details
2024-09-14 09:43:09 -05:00
Daniel Flanagan 379c26527a Dragon ddns
Some checks failed
/ check (push) Failing after 3m29s
Details
2024-09-14 07:43:11 -05:00
Daniel Flanagan 3b7aefac96 Add foxtrot
Some checks failed
/ check (push) Failing after 3m26s
Details
2024-09-14 07:37:41 -05:00
Daniel Flanagan 3df1eeecca dragon 2024-09-14 07:32:59 -05:00
Daniel Flanagan 529dcce37a Verbose logging, redact passwords
Some checks failed
/ check (push) Failing after 3m26s
Details
2024-09-14 07:27:40 -05:00
Daniel Flanagan fbdac308ec Fix second offsite backups
Some checks failed
/ check (push) Failing after 3m31s
Details
2024-09-14 07:20:34 -05:00
Daniel Flanagan c92314e731 Tweaks to waybar
Some checks failed
/ check (push) Failing after 3m27s
Details
2024-09-13 14:17:45 -05:00
Daniel Flanagan c2095697ef Make spark executable
Some checks failed
/ check (push) Failing after 3m25s
Details
2024-09-13 13:54:12 -05:00
Daniel Flanagan f247344b05 Add spark 2024-09-13 13:54:00 -05:00
Daniel Flanagan 637c4e4273 Add grafana root_url
Some checks failed
/ check (push) Failing after 3m25s
Details
2024-09-13 13:25:34 -05:00
Daniel Flanagan c20b5d540f Backgrounds are back
Some checks failed
/ check (push) Failing after 3m44s
Details
2024-09-13 01:39:25 -05:00
Daniel Flanagan 20eaf3acbd Fix grafana dir permissions
Some checks failed
/ check (push) Failing after 3m22s
Details
2024-09-13 00:50:31 -05:00
Daniel Flanagan 0ee453de49 Scale display
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-13 00:46:39 -05:00
Daniel Flanagan 5b80da7323 Router secrets
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-13 00:38:04 -05:00
Daniel Flanagan 8c77376e36 Actual
Some checks failed
/ check (push) Failing after 3m21s
Details
2024-09-13 00:02:57 -05:00
Daniel Flanagan 8d0e080906 Specify version
Some checks failed
/ check (push) Failing after 3m17s
Details
2024-09-12 23:52:06 -05:00
Daniel Flanagan b72c71a272 Actual
Some checks failed
/ check (push) Failing after 3m19s
Details
2024-09-12 23:45:03 -05:00
Daniel Flanagan 8bb7b4cac2 Comments
Some checks failed
/ check (push) Failing after 3m22s
Details
2024-09-12 22:37:20 -05:00
Daniel Flanagan 262ef3bb45 Valerie
Some checks failed
/ check (push) Failing after 3m19s
Details
2024-09-12 15:16:09 -05:00
Daniel Flanagan 2fc5333362 Working on backups to rascal...
Some checks failed
/ check (push) Failing after 3m20s
Details
2024-09-12 14:47:21 -05:00
Daniel Flanagan b7925c965e Fix GTK theme
All checks were successful
/ check (push) Successful in 3m49s
Details
2024-09-12 13:24:57 -05:00
Daniel Flanagan 727a70d843 Comment
All checks were successful
/ check (push) Successful in 3m45s
Details
2024-09-12 12:05:22 -05:00
Daniel Flanagan a7ec834c6a Commenting
All checks were successful
/ check (push) Successful in 3m46s
Details
2024-09-12 11:58:24 -05:00
Daniel Flanagan a633ccc36f Bringing sway back
All checks were successful
/ check (push) Successful in 3m50s
Details
2024-09-12 11:22:43 -05:00
Daniel Flanagan e7ecd05161 Add family users to beefcake
All checks were successful
/ check (push) Successful in 3m43s
Details
2024-09-12 10:36:29 -05:00
Daniel Flanagan c520512399 Atuin up and running?
All checks were successful
/ check (push) Successful in 3m39s
Details
2024-09-11 16:04:32 -05:00
Daniel Flanagan 4c07dcacc1 Forgot smtp host port
All checks were successful
/ check (push) Successful in 3m39s
Details
2024-09-11 15:29:58 -05:00
Daniel Flanagan 9616fb1df0 Setup grafana smtp
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-11 15:28:52 -05:00
Daniel Flanagan 3d9a29b857 Grafana password
All checks were successful
/ check (push) Successful in 3m40s
Details
2024-09-11 14:58:17 -05:00
Daniel Flanagan 11e159c7c9 Hide prometheus
All checks were successful
/ check (push) Successful in 3m43s
Details
2024-09-11 14:31:48 -05:00
Daniel Flanagan 003b5516fe Cache is back 2024-09-11 13:39:57 -05:00
Daniel Flanagan f6eb6a72ad Fix path
All checks were successful
/ check (push) Successful in 3m51s
Details
2024-09-11 13:31:07 -05:00
Daniel Flanagan cf2f2ecf0a Tweak backups - pretty sure passwords are wrong
Some checks failed
/ check (push) Failing after 29s
Details
2024-09-11 12:03:55 -05:00
Daniel Flanagan 524a34d819 Merge remote-tracking branch 'origin/main'
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-11 11:57:46 -05:00
Daniel Flanagan 352e3d72a2 Re-initialize backups on beefcake 2024-09-11 11:57:27 -05:00
Daniel Flanagan 26f2784f0f Force umask when creating notes
All checks were successful
/ check (push) Successful in 3m41s
Details
2024-09-09 10:16:11 -05:00
Daniel Flanagan 25abed953f Add todo script
All checks were successful
/ check (push) Successful in 3m41s
Details
2024-09-09 10:08:38 -05:00
Daniel Flanagan f8b68daf1e Merge remote-tracking branch 'origin/main'
Some checks failed
/ check (push) Has been cancelled
Details
2024-09-09 10:05:52 -05:00
Daniel Flanagan 6ddc70bcaa Trouble 2024-09-09 10:05:45 -05:00
Daniel Flanagan 67fe4216f2 Add iftop to router 2024-09-09 10:05:23 -05:00
Daniel Flanagan 0ff4336088 Fix nix flake check failing
All checks were successful
/ check (push) Successful in 3m34s
Details
2024-09-07 06:35:31 -05:00
Daniel Flanagan 66e96e2960 Fix audiobookshelf, add aria2 as a system package
Some checks failed
/ check (push) Failing after 3m37s
Details
2024-09-06 20:45:10 -05:00
Daniel Flanagan 0984c7aef0 Merge branch 'beefcake-revival'
Some checks failed
/ check (push) Failing after 3m41s
Details
2024-09-06 17:01:05 -05:00
Daniel Flanagan efe20354ea Viable? 2024-09-06 16:57:30 -05:00
Daniel Flanagan bbd09488ff Audiobookshelf 2024-09-06 16:48:59 -05:00
Daniel Flanagan 379adc7ec6 Fix postgres, enable atuin 2024-09-06 16:44:15 -05:00
Daniel Flanagan 639aad8c8a Jellyfin 2024-09-06 16:36:53 -05:00
Daniel Flanagan da602beac6 Re-enable regular flake builds 2024-09-06 16:32:10 -05:00
Daniel Flanagan de02a81c92 Somerthing
All checks were successful
/ check (push) Successful in 4m0s
Details
2024-09-03 20:03:52 -05:00
38 changed files with 3940 additions and 2378 deletions
Show stats Expand all files Collapse all files

33
.sops.yaml
View file

@ -1,7 +1,19 @@
keys: keys:
# after updating this, you will need to `sops updatekeys secrets.file` for any files that need the new key(s) # list any public keys here
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7 # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'" # pass age-key | rg '# pub'
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
# per-host keys can be derived from a target host's ssh keys like so:
# ssh host "nix shell nixpkgs#ssh-to-age -c $SHELL -c 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7
- &sshd-at-router age1zd7c3g5d20shdftq8ghqm0r92488dg4pdp4gulur7ex3zx2yq35ssxawpn
- &sshd-at-dragon age1ez4why08hdx0qf940cjzs6ep4q5rk2gqq7lp99pe58fktpwv65esx4xrht
- &ssh-foxtrot age1njnet9ltjuxasqv3ckn67r5natke6xgd8wlx8psf64pyc4duvurqhedw80
# after updating this file, you may need to update the keys for any associated files like so:
# sops updatekeys secrets.file
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$ - path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
key_groups: key_groups:
@ -12,3 +24,18 @@ creation_rules:
- age: - age:
- *daniel - *daniel
- *sshd-at-beefcake - *sshd-at-beefcake
- path_regex: secrets/router/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- *sshd-at-router
- path_regex: secrets/dragon/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- *sshd-at-dragon
- path_regex: secrets/foxtrot/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- *ssh-foxtrot

34
disko/default.nix
View file

@ -6,10 +6,12 @@ in {
swapSize, swapSize,
... ...
}: { }: {
# this is my standard partitioning scheme for my machines which probably want hibernation capabilities /*
# a UEFI-compatible boot partition this is my standard partitioning scheme for my machines which probably want hibernation capabilities
# it includes an LUKS-encrypted btrfs volume a UEFI-compatible boot partition
# a swap partition big enough to dump all the machine's RAM into it includes an LUKS-encrypted btrfs volume
a swap partition big enough to dump all the machine's RAM into
*/
disko.devices = { disko.devices = {
disk = { disk = {
@ -195,9 +197,11 @@ in {
beefcake = let beefcake = let
zpools = { zpools = {
zroot = { zroot = {
# TODO: at the time of writing, disko does not support draid6 /*
# so I'm building/managing the array manually for the time being TODO: at the time of writing, disko does not support draid6
# the root pool is just a single disk right now so I'm building/managing the array manually for the time being
the root pool is just a single disk right now
*/
name = "zroot"; name = "zroot";
config = { config = {
type = "zpool"; type = "zpool";
@ -242,9 +246,11 @@ in {
keylocation = "file:///tmp/secret.key"; keylocation = "file:///tmp/secret.key";
}; };
# use this to read the key during boot # use this to read the key during boot
# postCreateHook = '' /*
# zfs set keylocation="prompt" "zroot/$name"; postCreateHook = ''
# ''; zfs set keylocation="prompt" "zroot/$name";
'';
*/
}; };
"encrypted/test" = { "encrypted/test" = {
type = "zfs_fs"; type = "zfs_fs";
@ -254,9 +260,11 @@ in {
}; };
}; };
zstorage = { zstorage = {
# PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c /*
# sudo zfs create -o mountpoint=legacy zstorage/nix PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c
# sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage sudo zfs create -o mountpoint=legacy zstorage/nix
sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage
*/
name = "zstorage"; name = "zstorage";
config = {}; config = {};
}; };

170
flake.lock
View file

@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724850097, "lastModified": 1725199881,
"narHash": "sha256-3BHxvFb3NJzch1X8puRMkVZujOoarQ1llu3ZcwuvsKU=", "narHash": "sha256-jsmipf/u1GFZE5tBUkr56CHMN6VpUWCAjfLIhvQijU0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "23c7925dd31e79e8c06086ace3edb129a070ac01", "rev": "f8a687dd29ff019657498f1bd14da2fbbf0e604b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -61,11 +61,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724895876, "lastModified": 1725377834,
"narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=", "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "511388d837178979de66d14ca4a2ebd5f7991cd3", "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -170,11 +170,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1724857454, "lastModified": 1725513492,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -252,11 +252,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1724878143, "lastModified": 1725885300,
"narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -290,11 +290,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1724856988, "lastModified": 1725976743,
"narHash": "sha256-JBLe2CxAhG+J8+x8qmbzkGHNYmGcSiuY2QO4Zhb72lI=", "narHash": "sha256-pLQQbiC9uO4lF58fAnlcDxlbsBB1XFWswsU1oZOIVqU=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "1b5295a3f3d7cccd96eed5bfd394807a4dae87fc", "rev": "237cbe4bca46eed52efed39ed75eb44aaccbdde3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -311,11 +311,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1725703823,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,11 +332,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724435763, "lastModified": 1725948275,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -386,11 +386,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1724938863, "lastModified": 1726132501,
"narHash": "sha256-CxVxeKpXWm5Jl5wkJFwDnmU/EhJ95/NPiTGKdjrpaLM=", "narHash": "sha256-mFSCZCvUZJX51V7F2NA3uAj5iaCzsDWhBXMNDz0PhH0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "92a0dd164e9cc74060b63abae67b0204b6b6074c", "rev": "73b9756b8d7ee06fc1c9f072f2a41f2dd1aeb2c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -442,11 +442,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724174162, "lastModified": 1725188252,
"narHash": "sha256-fOOBLwil6M9QWMCiSULwjMQzrXhHXUnEqmjHX5ZHeVI=", "narHash": "sha256-yBH8c4GDaEAtBrh+BqIlrx5vp6gG/Gu8fQQK63KAQgs=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "16e5c9465f04477d8a3dd48a0a26bf437986336c", "rev": "c12ab785ce1982f82594aff03b3104c598186ddd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -467,11 +467,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724863980, "lastModified": 1724966483,
"narHash": "sha256-7Ke9wFRYPUIXwm5ZndGHkWBKj6BsFTkSEXUNXQRHE54=", "narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "aadf9a27dddd2272ca354ba5a22a0c2d1f919039", "rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -505,6 +505,28 @@
"type": "github" "type": "github"
} }
}, },
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1728974938,
"narHash": "sha256-pTPEx6WlM+nJVGrRUGx7Di4ljZMwE9HfvlZ6f3NzNfo=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "23170582b0658e6afd913149a58863af3a57b376",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"ref": "development",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"libpng": { "libpng": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -522,6 +544,44 @@
"type": "github" "type": "github"
} }
}, },
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1728423157,
"narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
"owner": "lytedev",
"repo": "mobile-nixos",
"rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
"type": "github"
},
"original": {
"owner": "lytedev",
"repo": "mobile-nixos",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1709479366, "lastModified": 1709479366,
@ -572,11 +632,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1724999960, "lastModified": 1725910328,
"narHash": "sha256-LB3jqSGW5u1ZcUcX6vO/qBOq5oXHlmOCxsTXGMEitp4=", "narHash": "sha256-n9pCtzGZ0httmTwMuEbi5E78UQ4ZbQMr1pzi5N0LAG8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b96f849e725333eb2b1c7f1cb84ff102062468ba", "rev": "5775c2583f1801df7b790bf7f7d710a19bac66f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -588,11 +648,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1725103162,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -604,11 +664,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1724727824, "lastModified": 1725826545,
"narHash": "sha256-0XH9MJk54imJm+RHOLTUJ7e+ponLW00tw5ke4MTVa1Y=", "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "36bae45077667aff5720e5b3f1a5458f51cf0776", "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -627,6 +687,8 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"hyprland": "hyprland", "hyprland": "hyprland",
"jovian": "jovian",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"slippi": "slippi", "slippi": "slippi",
@ -667,11 +729,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721441897, "lastModified": 1726280639,
"narHash": "sha256-gYGX9/22tPNeF7dR6bWN5rsrpU4d06GnQNNgZ6ZiXz0=", "narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "b7996075da11a2d441cfbf4e77c2939ce51506fd", "rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -691,11 +753,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722375582, "lastModified": 1725647475,
"narHash": "sha256-NKUQoYIr+982vUXwlDGbBFY4259CX/mngVHYH4sjL8Y=", "narHash": "sha256-1PaNuhxB+rhAcpBMwDZCUJpI7Lw0AJfzYot/S18hrXo=",
"owner": "lytedev", "owner": "lytedev",
"repo": "slippi-nix", "repo": "slippi-nix",
"rev": "ec418c0b7ed1191e227b2d821c02ee5b5fbe68f1", "rev": "10eb5d58b9d9c0da276d48d1c12898ea53c89d2a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -714,11 +776,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723501126, "lastModified": 1725922448,
"narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "rev": "cede1a08039178ac12957733e97ab1006c6b6892",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -786,11 +848,11 @@
}, },
"locked": { "locked": {
"dir": "nix", "dir": "nix",
"lastModified": 1723525023, "lastModified": 1727585736,
"narHash": "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=", "narHash": "sha256-vEkcyKdFpfWbrtZlB5DCjNCmI2GudIJuHstWo3F9gL8=",
"owner": "wez", "owner": "wez",
"repo": "wezterm", "repo": "wezterm",
"rev": "30345b36d8a00fed347e4df5dadd83915a7693fb", "rev": "a2f2c07a29f5c98f6736cde0c86b24887f9fd48a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -817,11 +879,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724073926, "lastModified": 1725203932,
"narHash": "sha256-nWlUL43jOFHf+KW6Hqrx+W/r1XdXuDyb0wC/SrHsOu4=", "narHash": "sha256-VLULC/OnI+6R9KEP2OIGk+uLJJsfRlaLouZ5gyFd2+Y=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "a08ecbbf33598924e93542f737fc6169a26b481e", "rev": "2425e8f541525fa7409d9f26a8ffaf92a3767251",
"type": "github" "type": "github"
}, },
"original": { "original": {

295
flake.nix
View file

@ -31,7 +31,15 @@
slippi.inputs.nixpkgs.follows = "nixpkgs-unstable"; slippi.inputs.nixpkgs.follows = "nixpkgs-unstable";
slippi.inputs.home-manager.follows = "home-manager-unstable"; slippi.inputs.home-manager.follows = "home-manager-unstable";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS/development";
jovian.inputs.nixpkgs.follows = "nixpkgs-unstable";
# nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b"; # nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
mobile-nixos = {
url = "github:lytedev/mobile-nixos";
flake = false;
};
}; };
nixConfig = { nixConfig = {
@ -41,7 +49,7 @@
"https://cache.nixos.org/" "https://cache.nixos.org/"
"https://helix.cachix.org" "https://helix.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
# "https://nix.h.lyte.dev" "https://nix.h.lyte.dev"
"https://hyprland.cachix.org" "https://hyprland.cachix.org"
]; ];
@ -66,6 +74,8 @@
home-manager-unstable, home-manager-unstable,
helix, helix,
hardware, hardware,
jovian,
mobile-nixos,
# nnf, # nnf,
# hyprland, # hyprland,
slippi, slippi,
@ -88,24 +98,30 @@
pkg = callee: overrides: genPkgs (pkgs: pkgs.callPackage callee overrides); pkg = callee: overrides: genPkgs (pkgs: pkgs.callPackage callee overrides);
}; };
colors = (import ./lib/colors.nix {inherit (nixpkgs) lib;}).schemes.catppuccin-mocha-sapphire; style = {
colors = (import ./lib/colors.nix {inherit (nixpkgs) lib;}).schemes.catppuccin-mocha-sapphire;
# font = { font = {
# name = "IosevkaLyteTerm"; name = "IosevkaLyteTerm";
# size = 12; size = 12;
# }; };
};
# moduleArgs = { /*
# # inherit colors font; moduleArgs = {
# inherit helix slippi hyprland hardware disko home-manager; # inherit style;
# inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays; inherit helix slippi hyprland hardware disko home-manager;
# }; inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
};
*/
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
in { in {
# kind of a quirk, but package definitions are actually in the "additions" /*
# overlay I did this to work around some recursion problems kind of a quirk, but package definitions are actually in the "additions"
# TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880 overlay I did this to work around some recursion problems
TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
*/
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;}); packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;}; diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
templates = import ./templates; templates = import ./templates;
@ -219,10 +235,12 @@
in rec { in rec {
helix = helix.outputs.packages.${prev.system}.helix; helix = helix.outputs.packages.${prev.system}.helix;
final.helix = helix; final.helix = helix;
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage /*
# source: https://github.com/wez/wezterm/issues/3771 TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
# not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737 source: https://github.com/wez/wezterm/issues/3771
# I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
*/
wezterm = wezterm-input.outputs.packages.${prev.system}.default; wezterm = wezterm-input.outputs.packages.${prev.system}.default;
final.wezterm = wezterm; final.wezterm = wezterm;
}; };
@ -236,12 +254,12 @@
}; };
nixosModules = import ./modules/nixos { nixosModules = import ./modules/nixos {
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays colors sops-nix disko; inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays style sops-nix disko;
flakeInputs = self.inputs; flakeInputs = self.inputs;
}; };
homeManagerModules = import ./modules/home-manager { homeManagerModules = import ./modules/home-manager {
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays colors; inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays style;
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
flakeInputs = self.inputs; flakeInputs = self.inputs;
}; };
@ -266,9 +284,12 @@
}; };
} }
family-users
common common
podman podman
troubleshooting-tools troubleshooting-tools
virtual-machines
virtual-machines-gui
linux linux
fonts fonts
@ -289,10 +310,23 @@
password-manager password-manager
wifi wifi
graphical-workstation graphical-workstation
virtual-machines
virtual-machines-gui
music-production music-production
gaming gaming
slippi.nixosModules.default slippi.nixosModules.default
outputs.nixosModules.deno-netlify-ddns-client
{
services.deno-netlify-ddns-client = {
enable = true;
username = "dragon.h";
# TODO: router doesn't even do ipv6 yet...
ipv6 = false;
};
}
./nixos/dragon.nix ./nixos/dragon.nix
{ {
@ -344,10 +378,10 @@
home-manager-defaults home-manager-defaults
hardware.nixosModules.common-pc-ssd hardware.nixosModules.common-pc-ssd
common common
gaming gaming
graphical-workstation graphical-workstation
plasma6
./nixos/htpc.nix ./nixos/htpc.nix
@ -361,6 +395,37 @@
]; ];
}; };
steamdeck1 = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
outputs.diskoConfigurations.standard
hardware.nixosModules.common-pc-ssd
common
gaming
graphical-workstation
plasma6
jovian.outputs.nixosModules.jovian
{
networking.hostName = "steamdeck1";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.bluetooth.enable = true;
networking.networkmanager.enable = true;
home-manager.users.daniel = {
imports = with homeManagerModules; [
firefox-no-tabs
linux-desktop-environment-config
];
};
}
];
};
foxtrot = nixpkgs-unstable.lib.nixosSystem { foxtrot = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = with nixosModules; [ modules = with nixosModules; [
@ -370,10 +435,14 @@
hardware.nixosModules.framework-13-7040-amd hardware.nixosModules.framework-13-7040-amd
common common
kde-connect
password-manager password-manager
graphical-workstation graphical-workstation
virtual-machines
virtual-machines-gui
laptop laptop
gaming gaming
cross-compiler
./nixos/foxtrot.nix ./nixos/foxtrot.nix
@ -398,6 +467,24 @@
modprobe -v mt7921e modprobe -v mt7921e
''; '';
}) })
(writeShellApplication
{
name = "perfmode";
# we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system
# otherwise, they will likely have no effect anyways
text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set performance'
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz'
'';
})
(writeShellApplication
{
name = "battmode";
text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver'
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@60Hz'
'';
})
]; ];
}) })
]; ];
@ -434,33 +521,35 @@
]; ];
}; };
# grablet = nixpkgs.lib.nixosSystem { /*
# system = "x86_64-linux"; grablet = nixpkgs.lib.nixosSystem {
# modules = with nixosModules; [ system = "x86_64-linux";
# common modules = with nixosModules; [
common
# outputs.diskoConfigurations.standard outputs.diskoConfigurations.standard
# hardware.nixosModules.common-cpu-intel-kaby-lake hardware.nixosModules.common-cpu-intel-kaby-lake
# hardware.nixosModules.common-pc-laptopp-ssd hardware.nixosModules.common-pc-laptopp-ssd
# graphical-workstation graphical-workstation
# laptop laptop
# gaming gaming
# ./nixos/thablet.nix ./nixos/thablet.nix
# { {
# home-manager.users.daniel = { home-manager.users.daniel = {
# imports = with homeManagerModules; [ imports = with homeManagerModules; [
# iex iex
# cargo cargo
# linux-desktop-environment-config linux-desktop-environment-config
# ]; ];
# }; };
# powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
# } }
# ]; ];
# }; };
*/
thinker = nixpkgs-unstable.lib.nixosSystem { thinker = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -558,17 +647,117 @@
linux linux
troubleshooting-tools troubleshooting-tools
# NOTE: maybe use this someday, but I think I need more concrete outputs.nixosModules.deno-netlify-ddns-client
# networking knowledge before I know how to use it well. Additionally,
# I can use my existing firewall configuration more easily if I manage {
# it directly. services.deno-netlify-ddns-client = {
# nnf.nixosModules.default enable = true;
username = "router.h";
# TODO: ipv6
ipv6 = false;
};
}
/*
NOTE: maybe use this someday, but I think I need more concrete
networking knowledge before I know how to use it well. Additionally,
I can use my existing firewall configuration more easily if I manage
it directly.
nnf.nixosModules.default
*/
./nixos/router.nix ./nixos/router.nix
]; ];
}; };
# pinephone-image =
# (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
# configuration = with nixosModules; [
# linux
# home-manager-defaults
# # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
# common
# wifi
# # TODO: how do I get a minimally useful mobile environment?
# # for me, this means an on-screen keyboard and suspend support I think?
# # I can live in a tty if needed and graphical stuff can all evolve later
# # not worried about modem
# # maybe/hopefully I can pull in or define my own sxmo via nix?
# ];
# device = "pine64-pinephone";
# pkgs = pkgsFor "aarch64-linux";
# })
# .outputs
# .disk-image;
pinephone = let
inherit (nixpkgs-unstable) lib;
in
lib.nixosSystem {
system = "aarch64-linux";
# lib.nixosSystem {
modules = with nixosModules; [
{
imports = [
(import "${mobile-nixos}/lib/configuration.nix" {
device = "pine64-pinephone";
})
];
# nixpkgs.hostPlatform.system = "aarch64-linux";
nixpkgs.buildPlatform = "x86_64-linux";
# TODO: quirk: since the pinephone kernel doesn't seem to have "rpfilter" support, firewall ain't working
networking.firewall.enable = lib.mkForce false;
# TODO: quirk: since git send-email requires perl support, which we don't seem to have on the pinephone, we're just disabling git for now
# TODO: would likely be easier/better to somehow ignore the assertion? probably a way to do that...
programs.git.enable = lib.mkForce false;
# this option is conflicted, presumably due to some assumption in my defaults/common config
# the sd-image module we're importing above has this set to true, so we better go with that?
# that said, I think the mobile-nixos bootloader module has this set to false, so...
# TODO: what does this mean?
boot.loader.generic-extlinux-compatible.enable = lib.mkForce true;
# another conflicting option since I think I default to NetworkManager and this conflicts with networking.wireless.enable
networking.networkmanager.enable = lib.mkForce false;
networking.wireless.enable = lib.mkForce true;
}
# TODO: how do I build this as a .img to flash to an SD card?
# for testing, this seems to work `nixos-rebuild build --impure --flake .#pinephone`
# TODO: would like to use the mobile-nixos installer?
"${nixpkgs-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
linux
home-manager-unstable-defaults
# outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
common
wifi
{
system.stateVersion = "24.11";
}
{
# nixpkgs.buildPlatform = "x86_64-linux";
# nixpkgs.hostPlatform = lib.systems.examples.aarch64-multiplatform;
# nixpkgs.localSystem.system = lib.systems.examples.x86_64-linux;
# nixpkgs.crossSystem = lib.mkForce null;
}
];
};
}; };
images.pinephone = outputs.nixosConfigurations.pinephone.config.system.build.sdImage;
homeConfigurations = { homeConfigurations = {
"deck" = let "deck" = let
system = "x86_64-linux"; system = "x86_64-linux";
@ -596,8 +785,10 @@
}; };
}; };
# TODO: nix-on-droid for phone terminal usage? /*
# TODO: nix-darwin for work? TODO: nix-on-droid for phone terminal usage? mobile-nixos?
# TODO: nixos ISO? TODO: nix-darwin for work?
TODO: nixos ISO?
*/
}; };
} }

463
modules/home-manager/default.nix
View file

@ -1,5 +1,5 @@
{ {
colors, style,
lib, lib,
flakeInputs, flakeInputs,
homeManagerModules, homeManagerModules,
@ -16,16 +16,18 @@
config = { config = {
theme = "ansi"; theme = "ansi";
}; };
# themes = { /*
# "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub themes = {
# { "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub
# owner = "catppuccin"; {
# repo = "bat"; owner = "catppuccin";
# rev = "477622171ec0529505b0ca3cada68fc9433648c6"; repo = "bat";
# sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw="; rev = "477622171ec0529505b0ca3cada68fc9433648c6";
# } sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw=";
# + "/Catppuccin-mocha.tmTheme"); }
# }; + "/Catppuccin-mocha.tmTheme");
};
*/
}; };
home.shellAliases = { home.shellAliases = {
@ -38,8 +40,10 @@
emacs = {pkgs, ...}: { emacs = {pkgs, ...}: {
programs.emacs = { programs.emacs = {
enable = true; enable = true;
# extraConfig = '' /*
# ''; extraConfig = ''
'';
*/
extraPackages = epkgs: (with epkgs; [ extraPackages = epkgs: (with epkgs; [
magit magit
]); ]);
@ -61,9 +65,11 @@
''; '';
}; };
# home.sessionVariables = { /*
# RUSTDOCFLAGS = "--default-theme=ayu"; home.sessionVariables = {
# }; RUSTDOCFLAGS = "--default-theme=ayu";
};
*/
}; };
common = { common = {
@ -79,10 +85,13 @@
homeManagerModules.helix homeManagerModules.helix
git git
zellij zellij
# broot
# nnn
htop htop
# tmux
/*
broot
nnn
tmux
*/
]; ];
programs.home-manager.enable = true; programs.home-manager.enable = true;
@ -158,10 +167,12 @@
programs.fzf = { programs.fzf = {
# using good ol' fzf until skim sucks less out of the box I guess # using good ol' fzf until skim sucks less out of the box I guess
enable = true; enable = true;
# enableFishIntegration = true; /*
# defaultCommand = "fd --type f"; enableFishIntegration = true;
# defaultOptions = ["--height 40%"]; defaultCommand = "fd --type f";
# fileWidgetOptions = ["--preview 'head {}'"]; defaultOptions = ["--height 40%"];
fileWidgetOptions = ["--preview 'head {}'"];
*/
}; };
# TODO: regular cron or something? # TODO: regular cron or something?
@ -184,8 +195,10 @@
firefox = {pkgs, ...}: { firefox = {pkgs, ...}: {
programs.firefox = { programs.firefox = {
# TODO: this should be able to work on macos, no? /*
# TODO: enable dark theme by default TODO: this should be able to work on macos, no?
TODO: enable color scheme/theme by default
*/
enable = true; enable = true;
# TODO: uses nixpkgs.pass so pass otp doesn't work # TODO: uses nixpkgs.pass so pass otp doesn't work
@ -196,9 +209,11 @@
]; ];
}; };
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [ /*
# ublock-origin extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe? ublock-origin
]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
*/
profiles = { profiles = {
daniel = { daniel = {
@ -221,8 +236,10 @@
} }
''; '';
# userContent = '' /*
# ''; userContent = ''
'';
*/
}; };
}; };
}; };
@ -360,10 +377,12 @@
enable = true; enable = true;
}; };
# signing = { /*
# signByDefault = false; signing = {
# key = ~/.ssh/personal-ed25519; signByDefault = false;
# }; key = ~/.ssh/personal-ed25519;
};
*/
aliases = { aliases = {
a = "add -A"; a = "add -A";
@ -487,11 +506,13 @@
''; '';
}; };
# NOTE: Currently, helix crashes when editing markdown in certain scenarios, /*
# presumably due to an old markdown treesitter grammar NOTE: Currently, helix crashes when editing markdown in certain scenarios,
# https://github.com/helix-editor/helix/issues/9011 presumably due to an old markdown treesitter grammar
# https://github.com/helix-editor/helix/issues/8821 https://github.com/helix-editor/helix/issues/9011
# https://github.com/tree-sitter-grammars/tree-sitter-markdown/issues/114 https://github.com/helix-editor/helix/issues/8821
https://github.com/tree-sitter-grammars/tree-sitter-markdown/issues/114
*/
programs.helix = { programs.helix = {
enable = true; enable = true;
@ -503,41 +524,45 @@
args = ["start"]; args = ["start"];
}; };
# next-ls = { /*
# command = "next-ls"; next-ls = {
# args = ["--stdout"]; command = "next-ls";
# }; args = ["--stdout"];
};
# deno = { deno = {
# command = "deno"; command = "deno";
# args = ["lsp"]; args = ["lsp"];
# config = { config = {
# enable = true; enable = true;
# lint = true; lint = true;
# unstable = true; unstable = true;
# }; };
# }; };
*/
}; };
language = [ language = [
# { /*
# name = "heex"; {
# scope = "source.heex"; name = "heex";
# injection-regex = "heex"; scope = "source.heex";
# language-servers = ["lexical"]; # "lexical" "next-ls" ? injection-regex = "heex";
# auto-format = true; language-servers = ["lexical"]; # "lexical" "next-ls" ?
# file-types = ["heex"]; auto-format = true;
# roots = ["mix.exs" "mix.lock"]; file-types = ["heex"];
# indent = { roots = ["mix.exs" "mix.lock"];
# tab-width = 2; indent = {
# unit = " "; tab-width = 2;
# }; unit = " ";
# } };
# { }
# name = "elixir"; {
# language-servers = ["lexical"]; # "lexical" "next-ls" ? name = "elixir";
# auto-format = true; language-servers = ["lexical"]; # "lexical" "next-ls" ?
# } auto-format = true;
}
*/
{ {
name = "rust"; name = "rust";
@ -596,65 +621,67 @@
auto-format = true; auto-format = true;
} }
# { /*
# name = "javascript"; {
# language-id = "javascript"; name = "javascript";
# grammar = "javascript"; language-id = "javascript";
# scope = "source.js"; grammar = "javascript";
# injection-regex = "^(js|javascript)$"; scope = "source.js";
# file-types = ["js" "mjs"]; injection-regex = "^(js|javascript)$";
# shebangs = ["deno"]; file-types = ["js" "mjs"];
# language-servers = ["deno"]; shebangs = ["deno"];
# roots = ["deno.jsonc" "deno.json"]; language-servers = ["deno"];
# formatter = { roots = ["deno.jsonc" "deno.json"];
# command = "deno"; formatter = {
# args = ["fmt"]; command = "deno";
# }; args = ["fmt"];
# auto-format = true; };
# comment-token = "//"; auto-format = true;
# indent = { comment-token = "//";
# tab-width = 2; indent = {
# unit = "\t"; tab-width = 2;
# }; unit = "\t";
# } };
}
# { {
# name = "typescript"; name = "typescript";
# language-id = "typescript"; language-id = "typescript";
# grammar = "typescript"; grammar = "typescript";
# scope = "source.ts"; scope = "source.ts";
# injection-regex = "^(ts|typescript)$"; injection-regex = "^(ts|typescript)$";
# file-types = ["ts"]; file-types = ["ts"];
# shebangs = ["deno"]; shebangs = ["deno"];
# language-servers = ["deno"]; language-servers = ["deno"];
# roots = ["deno.jsonc" "deno.json"]; roots = ["deno.jsonc" "deno.json"];
# formatter = { formatter = {
# command = "deno"; command = "deno";
# args = ["fmt"]; args = ["fmt"];
# }; };
# auto-format = true; auto-format = true;
# comment-token = "//"; comment-token = "//";
# indent = { indent = {
# tab-width = 2; tab-width = 2;
# unit = "\t"; unit = "\t";
# }; };
# } }
# { {
# name = "jsonc"; name = "jsonc";
# language-id = "json"; language-id = "json";
# grammar = "jsonc"; grammar = "jsonc";
# scope = "source.jsonc"; scope = "source.jsonc";
# injection-regex = "^(jsonc)$"; injection-regex = "^(jsonc)$";
# roots = ["deno.jsonc" "deno.json"]; roots = ["deno.jsonc" "deno.json"];
# file-types = ["jsonc"]; file-types = ["jsonc"];
# language-servers = ["deno"]; language-servers = ["deno"];
# indent = { indent = {
# tab-width = 2; tab-width = 2;
# unit = " "; unit = " ";
# }; };
# auto-format = true; auto-format = true;
# } }
*/
]; ];
}; };
@ -664,14 +691,17 @@
editor = { editor = {
soft-wrap.enable = true; soft-wrap.enable = true;
auto-pairs = false; auto-pairs = false;
# auto-save = false;
# completion-trigger-len = 1;
# color-modes = false;
bufferline = "multiple"; bufferline = "multiple";
# scrolloff = 8;
rulers = [81 121]; rulers = [81 121];
cursorline = true; cursorline = true;
/*
auto-save = false;
completion-trigger-len = 1;
color-modes = false;
scrolloff = 8;
*/
inline-diagnostics = { inline-diagnostics = {
cursor-line = "hint"; cursor-line = "hint";
other-lines = "error"; other-lines = "error";
@ -703,18 +733,21 @@
left = [ left = [
"file-name" "file-name"
"mode" "mode"
# "selections" /*
# "primary-selection-length" "selections"
# "position" "primary-selection-length"
# "position-percentage" "position"
"position-percentage"
*/
"spinner" "spinner"
"diagnostics" "diagnostics"
"workspace-diagnostics" "workspace-diagnostics"
]; ];
/*
center = ["file-name"];
right = ["version-control" "total-line-numbers" "file-encoding"];
*/
}; };
# center = ["file-name"];
# right = ["version-control" "total-line-numbers" "file-encoding"];
# };
}; };
keys = { keys = {
insert = { insert = {
@ -752,7 +785,7 @@
}; };
}; };
themes = with colors.withHashPrefix; { themes = with style.colors.withHashPrefix; {
custom = { custom = {
"type" = orange; "type" = orange;
@ -984,8 +1017,10 @@
fg = fgdim; fg = fgdim;
}; };
# "ui.cursorline.primary" = { bg = "default" } /*
# "ui.cursorline.secondary" = { bg = "default" } "ui.cursorline.primary" = { bg = "default" }
"ui.cursorline.secondary" = { bg = "default" }
*/
"ui.cursorcolumn.primary" = {bg = bg3;}; "ui.cursorcolumn.primary" = {bg = bg3;};
"ui.cursorcolumn.secondary" = {bg = bg3;}; "ui.cursorcolumn.secondary" = {bg = bg3;};
@ -1006,15 +1041,17 @@
programs.htop = { programs.htop = {
enable = true; enable = true;
settings = { settings = {
# hide_kernel_threads = 1; /*
# hide_userland_threads = 1; hide_kernel_threads = 1;
# show_program_path = 0; hide_userland_threads = 1;
# header_margin = 0; show_program_path = 0;
# show_cpu_frequency = 1; header_margin = 0;
# highlight_base_name = 1; show_cpu_frequency = 1;
# tree_view = 0; highlight_base_name = 1;
# htop_version = "3.2.2"; tree_view = 0;
# config_reader_min_version = 3; htop_version = "3.2.2";
config_reader_min_version = 3;
*/
fields = "0 48 17 18 38 39 40 2 46 47 49 1"; fields = "0 48 17 18 38 39 40 2 46 47 49 1";
hide_kernel_threads = 1; hide_kernel_threads = 1;
hide_userland_threads = 1; hide_userland_threads = 1;
@ -1057,22 +1094,26 @@
tree_sort_direction = 1; tree_sort_direction = 1;
tree_view_always_by_pid = 0; tree_view_always_by_pid = 0;
all_branches_collapsed = 0; all_branches_collapsed = 0;
# screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command
# .sort_key=PERCENT_MEM /*
# .tree_sort_key=PID screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command
# .tree_view=0 .sort_key=PERCENT_MEM
# .tree_view_always_by_pid=0 .tree_sort_key=PID
# .sort_direction=-1 .tree_view=0
# .tree_sort_direction=1 .tree_view_always_by_pid=0
# .all_branches_collapsed=0 .sort_direction=-1
# screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE Command .tree_sort_direction=1
# .sort_key=IO_RATE .all_branches_collapsed=0
# .tree_sort_key=PID
# .tree_view=0 screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE Command
# .tree_view_always_by_pid=0 .sort_key=IO_RATE
# .sort_direction=-1 .tree_sort_key=PID
# .tree_sort_direction=1 .tree_view=0
# .all_branches_collapsed=0 .tree_view_always_by_pid=0
.sort_direction=-1
.tree_sort_direction=1
.all_branches_collapsed=0
*/
}; };
}; };
}; };
@ -1164,15 +1205,26 @@
]; ];
gtk.theme = { gtk.theme = {
name = "Catppuccin-Mocha-Compact-Sapphire-Dark"; name = "catppuccin-mocha-blue-compact+default";
package = pkgs.catppuccin-gtk.override { package =
accents = ["sapphire"]; (pkgs.catppuccin-gtk.overrideAttrs {
size = "compact"; src = pkgs.fetchFromGitHub {
tweaks = ["rimless"]; owner = "catppuccin";
variant = "mocha"; repo = "gtk";
}; rev = "v1.0.3";
}; fetchSubmodules = true;
hash = "sha256-q5/VcFsm3vNEw55zq/vcM11eo456SYE5TQA3g2VQjGc=";
};
postUnpack = "";
})
.override
{
accents = ["sapphire"];
variant = "mocha";
size = "compact";
};
};
home.pointerCursor = { home.pointerCursor = {
name = "Bibata-Modern-Classic"; name = "Bibata-Modern-Classic";
package = pkgs.bibata-cursors; package = pkgs.bibata-cursors;
@ -1188,7 +1240,7 @@
]; ];
}; };
# mako = {}; mako = {};
# nnn = {}; # nnn = {};
@ -1218,7 +1270,7 @@
programs.senpai = { programs.senpai = {
enable = true; enable = true;
config = { config = {
address = "irc+insecure://beefcake:6667"; address = "irc+insecure://beefcake.hare-cod.ts.net:6667";
nickname = "lytedev"; nickname = "lytedev";
password-cmd = ["pass" "soju"]; password-cmd = ["pass" "soju"];
}; };
@ -1234,12 +1286,27 @@
}; };
}; };
# sway = {}; sway = {
# sway-laptop = {}; imports = [
# swaylock = {}; {
# tmux = {}; _module.args = {
# wallpaper-manager = {}; inherit style;
# waybar = {}; };
}
./waybar.nix
./mako.nix
./swaylock.nix
./sway.nix
];
};
/*
sway-laptop = {};
swaylock = {};
tmux = {};
wallpaper-manager = {};
waybar = {};
*/
wezterm = { wezterm = {
pkgs, pkgs,
@ -1247,14 +1314,14 @@
... ...
}: { }: {
# docs: https://wezfurlong.org/wezterm/config/appearance.html#defining-your-own-colors # docs: https://wezfurlong.org/wezterm/config/appearance.html#defining-your-own-colors
programs.wezterm = with colors.withHashPrefix; { programs.wezterm = with style.colors.withHashPrefix; {
enable = true; enable = true;
# package = pkgs.wezterm; # package = pkgs.wezterm;
extraConfig = builtins.readFile ./wezterm/config.lua; extraConfig = builtins.readFile ./wezterm/config.lua;
colorSchemes = { colorSchemes = {
catppuccin-mocha-sapphire = { catppuccin-mocha-sapphire = {
ansi = map (x: colors.withHashPrefix.${toString x}) (pkgs.lib.lists.range 0 7); ansi = map (x: style.colors.withHashPrefix.${toString x}) (pkgs.lib.lists.range 0 7);
brights = map (x: colors.withHashPrefix.${toString (x + 8)}) (pkgs.lib.lists.range 0 7); brights = map (x: style.colors.withHashPrefix.${toString (x + 8)}) (pkgs.lib.lists.range 0 7);
foreground = fg; foreground = fg;
background = bg; background = bg;
@ -1303,15 +1370,17 @@
compose_cursor = orange; compose_cursor = orange;
# copy_mode_active_highlight_bg = { Color = '#000000' }, /*
# copy_mode_active_highlight_fg = { AnsiColor = 'Black' }, copy_mode_active_highlight_bg = { Color = '#000000' },
# copy_mode_inactive_highlight_bg = { Color = '#52ad70' }, copy_mode_active_highlight_fg = { AnsiColor = 'Black' },
# copy_mode_inactive_highlight_fg = { AnsiColor = 'White' }, copy_mode_inactive_highlight_bg = { Color = '#52ad70' },
copy_mode_inactive_highlight_fg = { AnsiColor = 'White' },
# quick_select_label_bg = { Color = 'peru' }, quick_select_label_bg = { Color = 'peru' },
# quick_select_label_fg = { Color = '#ffffff' }, quick_select_label_fg = { Color = '#ffffff' },
# quick_select_match_bg = { AnsiColor = 'Navy' }, quick_select_match_bg = { AnsiColor = 'Navy' },
# quick_select_match_fg = { Color = '#ffffff' }, quick_select_match_fg = { Color = '#ffffff' },
*/
}; };
}; };
}; };
@ -1791,7 +1860,7 @@
theme = "match"; theme = "match";
themes = { themes = {
match = with colors.withHashPrefix; { match = with style.colors.withHashPrefix; {
fg = fg; fg = fg;
bg = bg; bg = bg;
@ -1810,8 +1879,10 @@
# TODO: port config # TODO: port config
plugins = { plugins = {
# tab-bar = {path = "tab-bar";}; /*
# compact-bar = {path = "compact-bar";}; tab-bar = {path = "tab-bar";};
compact-bar = {path = "compact-bar";};
*/
}; };
ui = { ui = {

2
modules/home-manager/fish/shellInit.fish
View file

@ -42,6 +42,8 @@ if has_command skim
set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden" set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden"
end end
set --export --universal NEWT_COLORS "root=black,black:border=black,blue"
# colors # colors
set -U fish_color_normal normal # default color set -U fish_color_normal normal # default color
set -U fish_color_command white # base command being run (>ls< -la) set -U fish_color_command white # base command being run (>ls< -la)

42
modules/home-manager/hyprland.nix
View file

@ -8,7 +8,7 @@
}: { }: {
imports = [ imports = [
./ewwbar.nix ./ewwbar.nix
# ./mako.nix ./mako.nix
./swaylock.nix ./swaylock.nix
# TODO: figure out how to import this for this module _and_ for the sway module? # TODO: figure out how to import this for this module _and_ for the sway module?
./linux-desktop.nix ./linux-desktop.nix
@ -45,7 +45,7 @@
exec-once = [ exec-once = [
"hyprpaper" "hyprpaper"
# "mako" "mako"
"swayosd-server" "swayosd-server"
"eww daemon && eww open bar$EWW_BAR_MON" "eww daemon && eww open bar$EWW_BAR_MON"
"firefox" "firefox"
@ -88,9 +88,12 @@
input = { input = {
kb_layout = "us"; kb_layout = "us";
kb_options = "ctrl:nocaps"; kb_options = "ctrl:nocaps";
# kb_variant =
# kb_model = /*
# kb_rules = kb_variant =
kb_model =
kb_rules =
*/
follow_mouse = 2; follow_mouse = 2;
@ -131,10 +134,13 @@
decoration = { decoration = {
rounding = 3; rounding = 3;
# blur = "no";
# blur_size = 3 /*
# blur_passes = 1 blur = "no";
# blur_new_optimizations = on blur_size = 3
blur_passes = 1
blur_new_optimizations = on
*/
drop_shadow = "yes"; drop_shadow = "yes";
shadow_range = 4; shadow_range = 4;
@ -147,8 +153,10 @@
"$mod" = "SUPER"; "$mod" = "SUPER";
bind = [ bind = [
# See https://wiki.hyprland.org/Configuring/Keywords/ for more # See https://wiki.hyprland.org/Configuring/Keywords/ for more
# "$mod, return, exec, wezterm" /*
# "$mod SHIFT, return, exec, wezterm" "$mod, return, exec, wezterm"
"$mod SHIFT, return, exec, wezterm"
*/
"$mod, return, exec, wezterm" "$mod, return, exec, wezterm"
"$mod SHIFT, return, exec, kitty" "$mod SHIFT, return, exec, kitty"
"$mod, U, exec, firefox" "$mod, U, exec, firefox"
@ -264,13 +272,13 @@
workspace_swipe = on workspace_swipe = on
} }
# Example per-device config ## Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more ## See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
# device:epic-mouse-v1 { ## device:epic-mouse-v1 {
# sensitivity = -0.5 ## sensitivity = -0.5
# } ## }
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more ## See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
windowrulev2 = idleinhibit,class:^.*([Ss]lippi).*$ windowrulev2 = idleinhibit,class:^.*([Ss]lippi).*$
windowrulev2 = float,class:^.*([Kk]itty|[Ff]irefox|[Ww]ezterm|[Dd]iscord|[Ss]potify|[Ss]lack).*$ windowrulev2 = float,class:^.*([Kk]itty|[Ff]irefox|[Ww]ezterm|[Dd]iscord|[Ss]potify|[Ss]lack).*$
windowrulev2 = opacity 1.0 0.9,floating:1 windowrulev2 = opacity 1.0 0.9,floating:1

8
modules/home-manager/mako.nix
View file

@ -1,9 +1,5 @@
{ {style, ...}: {
colors, services.mako = with style.colors.withHashPrefix; {
font,
...
}: {
services.mako = with colors.withHashPrefix; {
enable = false; enable = false;
anchor = "top-right"; anchor = "top-right";

1
modules/home-manager/scripts/common/bin/nf
View file

@ -1,5 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
umask 0077
SUBDIR="${2:-./}" SUBDIR="${2:-./}"
mkdir -p "$NOTES_PATH/$SUBDIR" mkdir -p "$NOTES_PATH/$SUBDIR"
cd "$NOTES_PATH/$SUBDIR" || exit 1 cd "$NOTES_PATH/$SUBDIR" || exit 1

127
modules/home-manager/scripts/common/bin/spark Executable file
View file

@ -0,0 +1,127 @@
#!/usr/bin/env bash
#
# spark
# https://github.com/holman/spark
#
# Generates sparklines for a set of data.
#
# Here's a good web-based sparkline generator that was a bit of inspiration
# for spark:
#
# https://datacollective.org/sparkblocks
#
# spark takes a comma-separated or space-separated list of data and then prints
# a sparkline out of it.
#
# Examples:
#
# spark 1 5 22 13 53
# # => ▁▁▃▂▇
#
# spark 0 30 55 80 33 150
# # => ▁▂▃▅▂▇
#
# spark -h
# # => Prints the spark help text.
# Generates sparklines.
#
# $1 - The data we'd like to graph.
_echo()
{
if [ "X$1" = "X-n" ]; then
shift
printf "%s" "$*"
else
printf "%s\n" "$*"
fi
}
spark()
{
local n numbers=
# find min/max values
local min=0xffffffff max=0
for n in ${@//,/ }
do
# on Linux (or with bash4) we could use `printf %.0f $n` here to
# round the number but that doesn't work on OS X (bash3) nor does
# `awk '{printf "%.0f",$1}' <<< $n` work, so just cut it off
n=${n%.*}
(( n < min )) && min=$n
(( n > max )) && max=$n
numbers=$numbers${numbers:+ }$n
done
# print ticks
local ticks=(▁ ▂ ▃ ▄ ▅ ▆ ▇ █)
# use a high tick if data is constant
(( min == max )) && ticks=(▅ ▆)
local f=$(( (($max-$min)<<8)/(${#ticks[@]}-1) ))
(( f < 1 )) && f=1
for n in $numbers
do
_echo -n ${ticks[$(( ((($n-$min)<<8)/$f) ))]}
done
_echo
}
# If we're being sourced, don't worry about such things
if [ "$BASH_SOURCE" == "$0" ]; then
# Prints the help text for spark.
help()
{
local spark=$(basename $0)
cat <<EOF
USAGE:
$spark [-h|--help] VALUE,...
EXAMPLES:
$spark 1 5 22 13 53
▁▁▃▂█
$spark 0,30,55,80,33,150
▁▂▃▄▂█
echo 9 13 5 17 1 | $spark
▄▆▂█▁
EOF
}
# show help for no arguments if stdin is a terminal
if { [ -z "$1" ] && [ -t 0 ] ; } || [ "$1" == '-h' ] || [ "$1" == '--help' ]
then
help
exit 0
fi
spark ${@:-`cat`}
fi
# source: https://github.com/holman/spark/commit/ab88ac6f8f33698f39ece2f109b1117ef39a68eb
# The MIT License
#
# Copyright (c) Zach Holman, https://zachholman.com
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

3
modules/home-manager/scripts/common/bin/t Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env bash
N todo

107
modules/home-manager/sway.nix
View file

@ -1,29 +1,21 @@
{ {
colors, style,
lib, lib,
config, config,
pkgs, pkgs,
font,
... ...
}: { }: {
imports = [
./waybar.nix
# ./mako.nix
./swaylock.nix
./linux-desktop.nix
];
programs.foot = { programs.foot = {
enable = true; enable = true;
}; };
home.file."${config.xdg.configHome}/mako/config" = { home.file."${config.xdg.configHome}/mako/config" = {
enable = true; enable = true;
text = with colors.withHashPrefix; '' text = with style.colors.withHashPrefix; ''
border-size=1 border-size=1
max-visible=5 max-visible=5
default-timeout=15000 default-timeout=15000
font=Symbols Nerd Font ${toString font.size},${font.name} ${toString font.size} font=Symbols Nerd Font ${toString style.font.size},${style.font.name} ${toString style.font.size}
anchor=top-right anchor=top-right
background-color=${bg} background-color=${bg}
@ -59,7 +51,7 @@
wayland.windowManager.sway = { wayland.windowManager.sway = {
/* /*
TODO: TODO:
+ Super+r should rotate the selected group of windows. + Super+r should rotate the selected group of windows.
+ Super+Control+{1-9} should control the size of the preselect space. + Super+Control+{1-9} should control the size of the preselect space.
+ Super+Shift+b should balance the size of all selected nodes. + Super+Shift+b should balance the size of all selected nodes.
@ -80,6 +72,17 @@
systemd = { systemd = {
enable = true; enable = true;
variables = [
"DISPLAY"
"WAYLAND_DISPLAY"
"SWAYSOCK"
"XDG_CURRENT_DESKTOP"
"XDG_SESSION_TYPE"
"NIXOS_OZONE_WL"
"XCURSOR_THEME"
"XCURSOR_SIZE"
"PATH"
];
}; };
# TODO: stuff is opening on workspace 10 (0?) # TODO: stuff is opening on workspace 10 (0?)
@ -103,12 +106,6 @@
*/ */
]; ];
output = {
# "*" = {
# background = "$HOME/.wallpaper fill";
# };
};
# TODO: popup_during_fullscreen smart # TODO: popup_during_fullscreen smart
focus = { focus = {
wrapping = "no"; # maybe workspace? wrapping = "no"; # maybe workspace?
@ -133,6 +130,11 @@
}; };
startup = [ startup = [
{command = "kdeconnect-indicator";}
{command = "mako";}
{
command = "swaybg -i $HOME/.wallpaper";
}
{ {
command = "swayosd-server"; command = "swayosd-server";
} }
@ -162,7 +164,6 @@
"timeout 600 'swaymsg \"output * dpms off\"' resume 'swaymsg \"output * dpms on\" & maybe-good-morning &'" "timeout 600 'swaymsg \"output * dpms off\"' resume 'swaymsg \"output * dpms on\" & maybe-good-morning &'"
]; ];
} }
# {command = "mako";}
# {command = "firefox";} # {command = "firefox";}
# {command = "wezterm";} # {command = "wezterm";}
]; ];
@ -187,13 +188,13 @@
input = { input = {
"type:keyboard" = { "type:keyboard" = {
xkb_options = "ctrl:nocaps"; xkb_options = "ctrl:nocaps";
repeat_delay = "200"; repeat_delay = "180";
repeat_rate = "60"; repeat_rate = "100";
}; };
"type:pointer" = { "type:pointer" = {
accel_profile = "flat"; accel_profile = "flat";
pointer_accel = "0"; pointer_accel = "0.5";
}; };
"type:touchpad" = { "type:touchpad" = {
@ -217,6 +218,7 @@
"${mod}+c" = "kill"; "${mod}+c" = "kill";
"${mod}+shift+c" = "kill # TODO: kill -9?"; "${mod}+shift+c" = "kill # TODO: kill -9?";
"${mod}+alt+space" = "exec wofi --show drun"; "${mod}+alt+space" = "exec wofi --show drun";
"${mod}" = "exec ${menu}";
"${mod}+space" = "exec ${menu}"; "${mod}+space" = "exec ${menu}";
"${mod}+shift+s" = "exec clipshot"; "${mod}+shift+s" = "exec clipshot";
"${mod}+e" = "exec thunar"; "${mod}+e" = "exec thunar";
@ -294,39 +296,54 @@
# TODO: this should also reset the horizontal and vertical gaps? # TODO: this should also reset the horizontal and vertical gaps?
"${mod}+control+equal" = "gaps inner current set 0"; "${mod}+control+equal" = "gaps inner current set 0";
"${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle";
"${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle"; "XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
"${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle";
# "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume 15";
# "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -15";
# "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise --max-volume 120";
# "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower --max-volume 120";
# "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume +10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
# "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
# "XF86MonBrightnessUp" = " exec swayosd-client --brightness 10";
# "XF86MonBrightnessDown" = "exec swayosd-client --brightness -10";
# "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
# "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"control+XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +1%"; "control+XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +1%";
"control+XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -1%"; "control+XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -1%";
# "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
# "XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
# "XF86MonBrightnessDown" = "exec brightnessctl set 10%-";
# "XF86MonBrightnessUp" = "exec brightnessctl set +10%";
# "shift+XF86MonBrightnessDown" = "exec brightnessctl set 1%";
# "shift+XF86MonBrightnessUp" = "exec brightnessctl set 100%";
# "control+XF86MonBrightnessDown" = "exec brightnessctl set 1%-";
# "control+XF86MonBrightnessUp" = "exec brightnessctl set +1%";
"XF86AudioPlay" = "exec playerctl play-pause"; "XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next"; "XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous"; "XF86AudioPrev" = "exec playerctl previous";
# "${mod}+shift+v" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; "--locked ${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle";
"--locked ${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"--locked XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"--locked XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
"--locked XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
"--locked XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
"--locked XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
"--locked XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"--locked control+XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +1%";
"--locked control+XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -1%";
"--locked XF86AudioPlay" = "exec playerctl play-pause";
"--locked XF86AudioNext" = "exec playerctl next";
"--locked XF86AudioPrev" = "exec playerctl previous";
/*
"XF86MonBrightnessUp" = " exec swayosd-client --brightness 10";
"XF86MonBrightnessDown" = "exec swayosd-client --brightness -10";
"XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume 15";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume -15";
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise --max-volume 120";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower --max-volume 120";
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume +10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume -10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec brightnessctl set 10%-";
"XF86MonBrightnessUp" = "exec brightnessctl set +10%";
"shift+XF86MonBrightnessDown" = "exec brightnessctl set 1%";
"shift+XF86MonBrightnessUp" = "exec brightnessctl set 100%";
"control+XF86MonBrightnessDown" = "exec brightnessctl set 1%-";
"control+XF86MonBrightnessUp" = "exec brightnessctl set +1%";
"${mod}+shift+v" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
*/
"${mod}+control+shift+l" = "exec swaylock"; "${mod}+control+shift+l" = "exec swaylock";
@ -334,7 +351,7 @@
}; };
assigns = {}; assigns = {};
bars = []; bars = [];
colors = with colors; { colors = with style.colors; {
background = bg; background = bg;
focused = { focused = {
background = bg; background = bg;

8
modules/home-manager/swaylock.nix
View file

@ -1,14 +1,10 @@
{ {style, ...}: {
font,
# colors,
...
}: {
programs.swaylock = { programs.swaylock = {
enable = true; enable = true;
settings = { settings = {
color = "ffffffff"; color = "ffffffff";
image = "~/.wallpaper"; image = "~/.wallpaper";
font = font.name; font = style.font.name;
show-failed-attempts = true; show-failed-attempts = true;
ignore-empty-password = true; ignore-empty-password = true;

144
modules/home-manager/waybar.nix
View file

@ -1,6 +1,6 @@
{ {
colors, pkgs,
font, style,
... ...
}: { }: {
programs.waybar = { programs.waybar = {
@ -10,38 +10,41 @@
"layer" = "top"; "layer" = "top";
"position" = "bottom"; "position" = "bottom";
"output" = ["eDP-1" "DP-3"]; "output" = ["eDP-1" "DP-3"];
"height" = 32; "height" = 50;
"modules-left" = ["clock" "sway/window"]; "modules-left" = [
"modules-center" = ["sway/workspaces"];
"modules-right" = [
"mpris"
"idle_inhibitor" "idle_inhibitor"
"bluetooth" "sway/workspaces"
# "wireplumber", "sway/window"
];
"modules-center" = [];
"modules-right" = [
"privacy"
"power-profiles-daemon"
"mpris"
## "disk"
## TODO: will need a custom module for Disk IO
## "wireplumber" # pulseaudio module is more featureful
"pulseaudio" "pulseaudio"
# "network", "network"
"cpu" "cpu"
"memory" "memory"
# "temperature", "temperature"
"backlight" "backlight"
"battery" "battery"
"bluetooth"
"tray" "tray"
"clock"
]; ];
"bluetooth" = { "bluetooth" = {
"format" = "<span</span>"; "format" = "<span></span>";
"format-connected" = "<span></span>"; "on-click" = "${pkgs.blueman}/bin/blueman-manager";
"format-connected-battery" = "<span></span>"; };
# "format-device-preference" = [ "device1", "device2" ], # preference list deciding the displayed devic; "wireplumber" = {
"tooltip-format" = "{controller_alias}@{controller_address} ({num_connections} connected)"; "format" = "{volume}% {icon}";
"tooltip-format-connected" = "{controller_alias}@{controller_address} ({num_connections} connected)\n{device_enumerate}"; "on-click" = "helvum";
"tooltip-format-enumerate-connected" = "{device_alias}@{device_address}";
"tooltip-format-enumerate-connected-battery" = "{device_alias}@{device_address} (󰁹 {device_battery_percentage}%)";
}; };
# "wireplumber" = ;
# "format" = "{volume}% {icon}";
# "format-muted" = "";
# "on-click" = "helvum;
# },
"sway/workspaces" = { "sway/workspaces" = {
"disable-scroll" = false; "disable-scroll" = false;
"persistent_workspaces" = { "persistent_workspaces" = {
@ -59,31 +62,40 @@
"tray" = { "tray" = {
"icon-size" = 24; "icon-size" = 24;
"spacing" = 4; "spacing" = 4;
"show-passive-items" = true;
}; };
"clock" = { "clock" = {
"interval" = 1; "interval" = 1;
"format" = "{:%a %b %d %H:%M:%S}"; "format" = "{:%a %b %d\n%H:%M:%S}";
"justify" = "center";
}; };
"cpu" = { "cpu" = {
"format" = "{usage} <span></span>"; "format" = "{usage}%\nCPU";
"tooltip" = true; "tooltip" = true;
"interval" = 3; "interval" = 5;
"justify" = "center";
}; };
"memory" = { "memory" = {
"format" = "{} 󰍛"; "format" = "{}%\nRAM";
"tooltip" = true;
"interval" = 5;
"justify" = "center";
}; };
"temperature" = { "temperature" = {
# "thermal-zone" = 2; /*
# "hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input"; "thermal-zone" = 2;
"hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
"format-critical" = "{temperatureC}°C {icon}";
*/
"critical-threshold" = 80; "critical-threshold" = 80;
# "format-critical" = "{temperatureC}°C {icon}"; "format" = "{temperatureC}\n°C";
"format" = "{temperatureC}°C {icon}"; "justify" = "center";
"format-icons" = ["" "" ""];
}; };
"backlight" = { "backlight" = {
# "device" = "acpi_video1"; # "device" = "acpi_video1";
"format" = "{percent}% {icon}"; "format" = "{percent}%\n{icon}";
"format-icons" = ["" ""]; "format-icons" = ["" ""];
"justify" = "center";
}; };
"battery" = { "battery" = {
"states" = { "states" = {
@ -91,55 +103,53 @@
"warning" = 30; "warning" = 30;
"critical" = 1; "critical" = 1;
}; };
"format" = "{capacity}% {time} {icon}"; "tooltip-format" = "{timeTo}\n{power} watts\n{health}% health\n{cycles} cycles";
"format-charging" = "{capacity}% {time} 󱐋"; "format" = "{icon}{capacity}%-\n{time}";
"format-plugged" = "{capacity}% {time} 󰚥"; "format-charging" = "{capacity}%+\n{time}";
"format-alt" = "{capacity}% {icon}"; "format-plugged" = "{capacity}%=\n{time}";
"format-alt" = "{capacity}%";
"format-good" = ""; # An empty format will hide the module "format-good" = ""; # An empty format will hide the module
"format-full" = "󰁹"; "format-time" = "{H}:{m}";
"format-icons" = ["󰂎" "󰁻" "󰁽" "󰁿" "󰂂"]; "justify" = "center";
}; };
"network" = { "network" = {
"format-wifi" = "{essid} ({signalStrength}%) "; "format-wifi" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
"format-ethernet" = "{ifname}: {ipaddr}/{cidr} "; "format-ethernet" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
"format-linked" = "{ifname} (No IP) "; "format-linked" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
"format-disconnected" = "Disconnected "; "format-disconnected" = "No Network {icon}";
"format-alt" = "{ifname}: {ipaddr}/{cidr}"; "format-alt" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
"interval" = 5;
"justify" = "right";
}; };
"mpris" = { "mpris" = {
"format" = "{title} by {artist}"; "format" = "{title}\nby {artist}";
"justify" = "center";
}; };
"pulseaudio" = { "pulseaudio" = {
# "scroll-step" = 1, # %, can be a floa; /*
"format" = "{volume} {icon} <span>{format_source}</span>"; "scroll-step" = 1, # %, can be a floa;
#"format" = "{volume}% {icon} {format_source}"; "format" = "{volume}% {icon} {format_source}";
#"format-bluetooth" = "{volume}% {icon} {format_source}"; "format-muted" = " {format_source}";
#"format-bluetooth-muted" = " {icon} {format_source}"; */
#"format-muted" = " {format_source}"; "format" = "{volume}%\n{format_source}";
"format-muted" = "󰝟 {format_source}"; "format-muted" = "MUTE\n{format_source}";
"format-source" = ""; "format-bluetooth" = "{volume}%\n{format_source}";
"format-source-muted" = ""; "format-bluetooth-muted" = "MUTE\n{format_source}";
"format-icons" = { "format-source" = "MIC ON";
"headphones" = ""; "format-source-muted" = "MIC OFF";
"handsfree" = "󱥋";
"headset" = "󰋎";
"phone" = "";
"portable" = "";
"car" = "";
"default" = ["" "" ""];
};
# TODO: toggle mute? # TODO: toggle mute?
"on-click" = "pavucontrol"; "on-click" = "${pkgs.pavucontrol}/bin/pavucontrol";
"justify" = "center";
}; };
}; };
}; };
style = let style = let
border-width = "0px"; border-width = "0px";
in in
with colors.withHashPrefix; '' with style.colors.withHashPrefix; ''
* { * {
border-radius: 0; border-radius: 0;
font-family: "${font.name}", "Symbols Nerd Font Mono", sans-serif; font-family: "${style.font.name}", "Symbols Nerd Font Mono", sans-serif;
font-size: 16px; font-size: 16px;
} }

428
modules/nixos/default.nix
View file

@ -1,7 +1,7 @@
{ {
disko, disko,
sops-nix, sops-nix,
colors, style,
flakeInputs, flakeInputs,
homeManagerModules, homeManagerModules,
home-manager, home-manager,
@ -11,6 +11,124 @@
pubkey, pubkey,
overlays, overlays,
}: { }: {
ewwbar = {pkgs, ...}: {
# imports = with nixosModules; [];
environment.systemPackages = with pkgs; [eww upower jq];
# TODO: include the home-manager modules for daniel?
};
hyprland = {pkgs, ...}: {
imports = with nixosModules; [
ewwbar
pipewire
];
programs.hyprland = {
enable = true;
};
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge socat];
programs.hyprland = {
package = flakeInputs.hyprland.packages.${pkgs.system}.hyprland;
};
# TODO: include the home-manager modules for daniel?
};
sway = {pkgs, ...}: {
imports = with nixosModules; [
pipewire
];
home-manager.users.daniel = {
imports = with homeManagerModules; [
sway
];
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# services.xserver.libinput.enable = true;
# TODO: a lot of this probably needs de-duping with hyprland?
services.gnome.gnome-keyring.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
];
};
services.dbus.enable = true;
security.polkit.enable = true; # needed for home-manager integration
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
services.gvfs = {
enable = true;
};
environment = {
variables = {
VISUAL = "hx";
PAGER = "less";
MANPAGER = "less";
};
systemPackages = with pkgs; [
brightnessctl
feh
grim
libinput
libinput-gestures
libnotify
mako
noto-fonts
pamixer
playerctl
pulseaudio
pulsemixer
slurp
swaybg
swayidle
swaylock
swayosd
tofi
waybar
wl-clipboard
zathura
/*
gimp
inkscape
krita
lutris
nil
nixpkgs-fmt
pavucontrol
rclone
restic
steam
vlc
vulkan-tools
weechat
wine
*/
];
};
};
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix; deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
fallback-hostname = {lib, ...}: { fallback-hostname = {lib, ...}: {
@ -123,9 +241,11 @@
file file
iputils iputils
nettools nettools
# nodePackages.bash-language-server # just pull in as needed? /*
# shellcheck nodePackages.bash-language-server # just pull in as needed?
# shfmt shellcheck
shfmt
*/
killall killall
ripgrep ripgrep
rsync rsync
@ -154,9 +274,11 @@
pkgs, pkgs,
... ...
}: { }: {
# https://nixos.wiki/wiki/Remote_disk_unlocking /*
# "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang." https://nixos.wiki/wiki/Remote_disk_unlocking
# ^ seems less than ideal "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
^ seems less than ideal
*/
boot.kernelParams = ["ip=dhcp"]; boot.kernelParams = ["ip=dhcp"];
boot.initrd = { boot.initrd = {
# availableKernelModules = ["r8169"]; # ethernet drivers # availableKernelModules = ["r8169"]; # ethernet drivers
@ -186,22 +308,26 @@
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PermitRootLogin = "prohibit-password"; PermitRootLogin = lib.mkForce "prohibit-password";
}; };
openFirewall = lib.mkDefault true; openFirewall = lib.mkDefault true;
# listenAddresses = [ /*
# { addr = "0.0.0.0"; port = 22; } listenAddresses = [
# ]; { addr = "0.0.0.0"; port = 22; }
];
*/
}; };
}; };
password-manager = {pkgs, ...}: { password-manager = {pkgs, ...}: {
# programs.goldwarden = { /*
# NOTE: This didn't seem to work for me, but would be awesome! programs.goldwarden = {
# enable = true; ## NOTE: This didn't seem to work for me, but would be awesome! (but I can't remember why?)
# }; enable = true;
};
*/
home-manager.users.daniel = { home-manager.users.daniel = {
imports = with homeManagerModules; [ imports = with homeManagerModules; [
@ -225,6 +351,10 @@
}; };
}; };
cross-compiler = {config, ...}: {
boot.binfmt.emulatedSystems = ["aarch64-linux" "i686-linux"];
};
default-nix-configuration-and-overlays = { default-nix-configuration-and-overlays = {
lib, lib,
config, config,
@ -247,12 +377,14 @@
trusted-users = ["root" "daniel"]; trusted-users = ["root" "daniel"];
experimental-features = lib.mkDefault ["nix-command" "flakes"]; experimental-features = lib.mkDefault ["nix-command" "flakes"];
extra-platforms = ["i686-linux" "aarch64-linux"];
substituters = [ substituters = [
# TODO: dedupe with flake's config? is that even necessary? # TODO: dedupe with flake's config? is that even necessary?
"https://cache.nixos.org/" "https://cache.nixos.org/"
"https://helix.cachix.org" "https://helix.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
# "https://nix.h.lyte.dev" "https://nix.h.lyte.dev"
"https://hyprland.cachix.org" "https://hyprland.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
@ -278,6 +410,19 @@
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness" ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
''; '';
services.upower.enable = true;
# NOTE: I previously let plasma settings handle this
services.logind = {
lidSwitch = "suspend-then-hibernate";
extraConfig = ''
HandleLidSwitchDocked=ignore
HandlePowerKey=suspend-then-hibernate
IdleActionSec=11m
IdleAction=suspend-then-hibernate
'';
};
}; };
emacs = {pkgs, ...}: { emacs = {pkgs, ...}: {
@ -303,9 +448,11 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.neovim = { programs.neovim = {
enable = true; enable = true;
# plugins = [ /*
# pkgs.vimPlugins.nvim-treesitter.withAllGrammars plugins = [
# ]; pkgs.vimPlugins.nvim-treesitter.withAllGrammars
];
*/
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -400,6 +547,8 @@
troubleshooting-tools = {pkgs, ...}: { troubleshooting-tools = {pkgs, ...}: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
comma
iftop
bottom bottom
btop btop
dnsutils dnsutils
@ -411,6 +560,7 @@
hexyl hexyl
pkgs.unixtools.xxd pkgs.unixtools.xxd
usbutils usbutils
comma
]; ];
}; };
@ -440,13 +590,15 @@
... ...
}: { }: {
imports = with nixosModules; [ imports = with nixosModules; [
plasma6 sway
# hyprland
enable-flatpaks-and-appimages enable-flatpaks-and-appimages
fonts fonts
development-tools development-tools
printing printing
music-consumption music-consumption
video-tools video-tools
radio-tools
]; ];
xdg.portal.enable = true; xdg.portal.enable = true;
@ -456,8 +608,10 @@
then { then {
graphics = { graphics = {
enable = true; enable = true;
# driSupport32Bit = true; /*
# driSupport = true; driSupport32Bit = true;
driSupport = true;
*/
}; };
} }
else { else {
@ -473,24 +627,35 @@
slides slides
]; ];
variables = { variables = {
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark"; /*
# GTK_USE_PORTAL = "1"; GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
GTK_USE_PORTAL = "1";
*/
}; };
}; };
}; };
# ewwbar = {};
# gnome = {}; # gnome = {};
# hyprland = {};
# intel = {}; # intel = {};
radio-tools = {pkgs, ...}: {
environment = {
systemPackages = with pkgs; [
chirp
];
};
};
kde-connect = { kde-connect = {
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
# networking.firewall = { /*
# allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # handled by enabling
# allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall = {
# }; allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
};
*/
}; };
fonts = {pkgs, ...}: { fonts = {pkgs, ...}: {
@ -535,21 +700,24 @@
maliit-framework maliit-framework
kdePackages.kate kdePackages.kate
# kdePackages.kdenlive
# kdePackages.merkuro
kdePackages.kcalc kdePackages.kcalc
# kdePackages.neochat
kdePackages.filelight kdePackages.filelight
kdePackages.krdc kdePackages.krdc
kdePackages.krfb kdePackages.krfb
kdePackages.kclock kdePackages.kclock
kdePackages.kweather kdePackages.kweather
kdePackages.ktorrent kdePackages.ktorrent
# kdePackages.kdevelop
# kdePackages.kdialog
kdePackages.kdeplasma-addons kdePackages.kdeplasma-addons
unstable-packages.kdePackages.krdp unstable-packages.kdePackages.krdp
/*
kdePackages.kdenlive
kdePackages.merkuro
kdePackages.neochat
kdePackages.kdevelop
kdePackages.kdialog
*/
]; ];
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty; programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty;
@ -630,50 +798,56 @@
} }
]; ];
}; };
# extraConfig.pipewire."92-low-latency" = { /*
# context.properties = { extraConfig.pipewire."92-low-latency" = {
# default.clock.rate = 48000; context.properties = {
# default.clock.quantum = 32; default.clock.rate = 48000;
# default.clock.min-quantum = 32; default.clock.quantum = 32;
# default.clock.max-quantum = 32; default.clock.min-quantum = 32;
# }; default.clock.max-quantum = 32;
# }; };
};
*/
}; };
# recommended by https://nixos.wiki/wiki/PipeWire # recommended by https://nixos.wiki/wiki/PipeWire
security.rtkit.enable = true; security.rtkit.enable = true;
# services.pipewire = { /*
# enable = true; services.pipewire = {
enable = true;
# wireplumber.enable = true; wireplumber.enable = true;
# pulse.enable = true; pulse.enable = true;
# jack.enable = true; jack.enable = true;
# alsa = { alsa = {
# enable = true; enable = true;
# support32Bit = true; support32Bit = true;
# }; };
# }; };
# hardware = { hardware = {
# pulseaudio = { pulseaudio = {
# enable = false; enable = false;
# support32Bit = true; support32Bit = true;
# }; };
# }; };
# security = { security = {
# # I forget why I need these exactly... # I forget why I need these exactly...
# polkit.enable = true; polkit.enable = true;
# rtkit.enable = true; rtkit.enable = true;
# }; };
*/
}; };
music-production = {pkgs, ...}: { music-production = {pkgs, ...}: {
# TODO: may want to force nixpkgs-stable for a more-stable music production /*
# environment? TODO: may want to force nixpkgs-stable for a more-stable music production
environment?
*/
imports = [ imports = [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -684,11 +858,12 @@
} }
]; ];
# TODO: things to look into for music production: /*
# - https://linuxmusicians.com/viewtopic.php?t=27016 TODO: things to look into for music production:
# - KXStudio? - https://linuxmusicians.com/viewtopic.php?t=27016
# - falktx (https://github.com/DISTRHO/Cardinal) - KXStudio?
# - - falktx (https://github.com/DISTRHO/Cardinal)
*/
}; };
podman = {pkgs, ...}: { podman = {pkgs, ...}: {
@ -713,6 +888,15 @@
}; };
}; };
virtual-machines = {pkgs, ...}: {
virtualisation.libvirtd.enable = true;
users.users.daniel.extraGroups = ["libvirtd"];
};
virtual-machines-gui = {pkgs, ...}: {
programs.virt-manager.enable = true;
};
postgres = {pkgs, ...}: { postgres = {pkgs, ...}: {
# this is really just for development usage # this is really just for development usage
services.postgresql = { services.postgresql = {
@ -771,8 +955,6 @@
services.printing.drivers = [pkgs.gutenprint]; services.printing.drivers = [pkgs.gutenprint];
}; };
sway = {};
enable-flatpaks-and-appimages = { enable-flatpaks-and-appimages = {
services.flatpak.enable = true; services.flatpak.enable = true;
programs.appimage.binfmt = true; programs.appimage.binfmt = true;
@ -784,9 +966,15 @@
networking.networkmanager.enable = mkDefault true; networking.networkmanager.enable = mkDefault true;
systemd.services.NetworkManager-wait-online.enable = mkDefault false; systemd.services.NetworkManager-wait-online.enable = mkDefault false;
# TODO: networking.networkmanager.wifi.backend = "iwd"; ? /*
# TODO: powersave? TODO: networking.networkmanager.wifi.backend = "iwd"; ?
# TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets? TODO: powersave?
TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
*/
hardware.wirelessRegulatoryDatabase = true;
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="US"
'';
}; };
steam = {pkgs, ...}: { steam = {pkgs, ...}: {
@ -794,12 +982,15 @@
programs.steam = { programs.steam = {
enable = true; enable = true;
# extest.enable = true;
# gamescopeSession.enable = true;
# extraPackages = with pkgs; [ /*
# gamescope extest.enable = true;
# ]; gamescopeSession.enable = true;
extraPackages = with pkgs; [
gamescope
];
*/
extraCompatPackages = with pkgs; [ extraCompatPackages = with pkgs; [
proton-ge-bin proton-ge-bin
@ -817,8 +1008,10 @@
]; ];
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true; # remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
# networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; /*
# networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
*/
}; };
root = { root = {
@ -957,41 +1150,43 @@
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
services.irqbalance.enable = true; services.irqbalance.enable = true;
services.kanidm = { # this is not ready for primetime yet
enableClient = true; # services.kanidm = {
enablePam = true; # enableClient = true;
package = pkgs.kanidm; # enablePam = true;
# package = pkgs.kanidm;
clientSettings.uri = "https://idm.h.lyte.dev"; # clientSettings.uri = "https://idm.h.lyte.dev";
unixSettings = { # unixSettings = {
# hsm_pin_path = "/somewhere/else"; # # hsm_pin_path = "/somewhere/else";
pam_allowed_login_groups = []; # pam_allowed_login_groups = [];
}; # };
}; # };
# systemd.tmpfiles.rules = [
systemd.tmpfiles.rules = [ # "d /etc/kanidm 1755 nobody users -"
"d /etc/kanidm 1755 nobody users -" # ];
];
# module has the incorrect file permissions out of the box # module has the incorrect file permissions out of the box
environment.etc = { # environment.etc = {
# "kanidm" = { /*
# enable = true; "kanidm" = {
# user = "nobody"; enable = true;
# group = "users"; user = "nobody";
# mode = "0755"; group = "users";
# }; mode = "0755";
"kanidm/unixd" = {
user = "kanidm-unixd";
group = "kanidm-unixd";
mode = "0700";
};
"kanidm/config" = {
user = "nobody";
group = "users";
mode = "0755";
};
}; };
*/
# "kanidm/unixd" = {
# user = "kanidm-unixd";
# group = "kanidm-unixd";
# mode = "0700";
# };
# "kanidm/config" = {
# user = "nobody";
# group = "users";
# mode = "0755";
# };
# };
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
@ -999,7 +1194,7 @@
}; };
time = { time = {
timeZone = lib.mkDefault "America/Chicago"; timeZone = "America/Chicago";
}; };
i18n = { i18n = {
@ -1022,7 +1217,7 @@
useXkbConfig = lib.mkDefault true; useXkbConfig = lib.mkDefault true;
earlySetup = lib.mkDefault true; earlySetup = lib.mkDefault true;
colors = with colors; [ colors = with style.colors; [
bg bg
red red
green green
@ -1050,7 +1245,6 @@
}; };
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.stateVersion = lib.mkDefault "24.05"; system.stateVersion = lib.mkDefault "24.05";
}; };

14
modules/nixos/deno-netlify-ddns-client.nix
View file

@ -31,7 +31,7 @@ in {
requestTimeout = mkOption { requestTimeout = mkOption {
type = types.int; type = types.int;
description = "The maximum number of seconds before the HTTP request times out."; description = "The maximum number of seconds before the HTTP request times out.";
default = 30; default = 180;
}; };
afterBootTime = mkOption { afterBootTime = mkOption {
type = types.str; type = types.str;
@ -64,18 +64,24 @@ in {
set -eu set -eu
password="$(cat "${cfg.passwordFile}")" password="$(cat "${cfg.passwordFile}")"
${optionalString cfg.ipv4 '' ${optionalString cfg.ipv4 ''
${pkgs.curl}/bin/curl -4 -s \ "${pkgs.curl}/bin/curl" -4 -s \
-vvv \
-X POST \ -X POST \
--max-time ${toString cfg.requestTimeout} \ --max-time ${toString cfg.requestTimeout} \
-u "${cfg.username}:''${password}" \ -u "${cfg.username}:''${password}" \
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" -L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" 2>&1 \
| "${pkgs.sd}/bin/sd" --fixed-strings "''${password}" "[REDACTED]" \
| "${pkgs.sd}/bin/sd" -f i "Authorization: .*" "Authorization: [REST OF LINE REDACTED]"
''} ''}
${optionalString cfg.ipv6 '' ${optionalString cfg.ipv6 ''
${pkgs.curl}/bin/curl -6 -s \ ${pkgs.curl}/bin/curl -6 -s \
-vvv \
-X POST \ -X POST \
--max-time ${toString cfg.requestTimeout} \ --max-time ${toString cfg.requestTimeout} \
-u "${cfg.username}:''${password}" \ -u "${cfg.username}:''${password}" \
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" -L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" 2>&1 \
| "${pkgs.sd}/bin/sd" --fixed-strings "''${password}" "[REDACTED]" \
| "${pkgs.sd}/bin/sd" -f i "Authorization: .*" "Authorization: [REST OF LINE REDACTED]"
''} ''}
''; '';
serviceConfig = { serviceConfig = {

3
modules/nixos/ewwbar.nix
View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [eww upower jq];
}

30
modules/nixos/gnome.nix
View file

@ -40,7 +40,6 @@
environment = { environment = {
variables = { variables = {
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
VISUAL = "hx"; VISUAL = "hx";
PAGER = "less"; PAGER = "less";
MANPAGER = "less"; MANPAGER = "less";
@ -50,36 +49,35 @@
gnome.gnome-power-manager gnome.gnome-power-manager
brightnessctl brightnessctl
feh feh
# gimp
grim grim
# inkscape
# krita
libinput libinput
libinput-gestures libinput-gestures
libnotify libnotify
# lutris
# nil
# nixpkgs-fmt
noto-fonts noto-fonts
pamixer pamixer
# pavucontrol
playerctl playerctl
# pulseaudio
pulsemixer pulsemixer
# rclone
# restic
slurp slurp
# steam
swaybg swaybg
swayidle swayidle
swaylock swaylock
# vlc
# vulkan-tools
waybar waybar
# weechat
# wine
wl-clipboard wl-clipboard
zathura zathura
/*
gimp
inkscape
krita
pavucontrol
pulseaudio
rclone
restic
steam
vlc
vulkan-tools
weechat
wine
*/
]; ];
}; };
} }

17
modules/nixos/hyprland.nix
View file

@ -1,17 +0,0 @@
{
inputs,
pkgs,
...
}: {
imports = [
./ewwbar.nix
./pipewire.nix
{
programs.hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
};
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge socat];
}
];
}

81
modules/nixos/sway.nix
View file

@ -1,81 +0,0 @@
{pkgs, ...}: {
imports = [
./pipewire.nix
];
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# services.xserver.libinput.enable = true;
services.gnome.gnome-keyring.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
];
};
services.dbus.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
services.gvfs = {
enable = true;
};
environment = {
variables = {
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
VISUAL = "hx";
PAGER = "less";
MANPAGER = "less";
};
systemPackages = with pkgs; [
brightnessctl
feh
# gimp
grim
# inkscape
# krita
libinput
libinput-gestures
libnotify
# mako
# lutris
# nil
# nixpkgs-fmt
noto-fonts
pamixer
# pavucontrol
playerctl
pulseaudio
pulsemixer
# rclone
# restic
slurp
# steam
swaybg
swayidle
swaylock
swayosd
tofi
# vlc
# vulkan-tools
waybar
# weechat
# wine
wl-clipboard
zathura
];
};
}

2596
nixos/beefcake.nix
View file

File diff suppressed because it is too large Load diff

154
nixos/bigtower.nix
View file

@ -40,21 +40,23 @@
}; };
}; };
# networking = { /*
# firewall = let networking = {
# terraria = 7777; firewall = let
# stardew-valley = 24642; terraria = 7777;
# web-dev-lan = 18888; stardew-valley = 24642;
# ports = [ web-dev-lan = 18888;
# terraria ports = [
# stardew-valley terraria
# web-dev-lan stardew-valley
# ]; web-dev-lan
# in { ];
# allowedTCPPorts = ports; in {
# allowedUDPPorts = ports; allowedTCPPorts = ports;
# }; allowedUDPPorts = ports;
# }; };
};
*/
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
radeontop radeontop
@ -63,69 +65,73 @@
]; ];
home-manager.users.daniel = { home-manager.users.daniel = {
# slippi-launcher = { /*
# enable = true; slippi-launcher = {
# # isoPath = "${config.home-manager.users.daniel.home.homeDirectory}/../games/roms/dolphin/melee.iso"; enable = true;
# launchMeleeOnPlay = false; # isoPath = "${config.home-manager.users.daniel.home.homeDirectory}/../games/roms/dolphin/melee.iso";
# }; launchMeleeOnPlay = false;
};
*/
# TODO: monitor config module? # TODO: monitor config module?
# wayland.windowManager.hyprland = { /*
# settings = { wayland.windowManager.hyprland = {
# env = [ settings = {
# "EWW_BAR_MON,1" env = [
# ]; "EWW_BAR_MON,1"
# # See https://wiki.hyprland.org/Configuring/Keywords/ for more ];
# monitor = [ # See https://wiki.hyprland.org/Configuring/Keywords/ for more
# # "DP-2,3840x2160@60,-2160x0,1,transform,3" monitor = [
# "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" # "DP-2,3840x2160@60,-2160x0,1,transform,3"
# # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
# # "desc:LG Display 0x0521,3840x2160@120,0x0,1" ## HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
# # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" ## "desc:LG Display 0x0521,3840x2160@120,0x0,1"
# "DP-2,3840x2160@60,0x0,1.5,transform,1" ## "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
# ]; "DP-2,3840x2160@60,0x0,1.5,transform,1"
# input = { ];
# force_no_accel = true; input = {
# sensitivity = 1; # -1.0 - 1.0, 0 means no modification. force_no_accel = true;
# }; sensitivity = 1; # -1.0 - 1.0, 0 means no modification.
# }; };
# }; };
};
# wayland.windowManager.sway = { wayland.windowManager.sway = {
# config = { config = {
# output = { output = {
# "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = { "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = {
# mode = "3840x2160@120Hz"; mode = "3840x2160@120Hz";
# position = "${toString (builtins.ceil (2160 / 1.5))},0"; position = "${toString (builtins.ceil (2160 / 1.5))},0";
# }; };
# "Dell Inc. DELL U2720Q D3TM623" = { "Dell Inc. DELL U2720Q D3TM623" = {
# # desktop left vertical monitor # desktop left vertical monitor
# mode = "3840x2160@60Hz"; mode = "3840x2160@60Hz";
# transform = "90"; transform = "90";
# scale = "1.5"; scale = "1.5";
# position = "0,0"; position = "0,0";
# }; };
# }; };
# workspaceOutputAssign = workspaceOutputAssign =
# ( (
# map map
# (ws: { (ws: {
# output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307"; output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307";
# workspace = toString ws; workspace = toString ws;
# }) })
# (lib.range 1 7) (lib.range 1 7)
# ) )
# ++ ( ++ (
# map map
# (ws: { (ws: {
# output = "Dell Inc. DELL U2720Q D3TM623"; output = "Dell Inc. DELL U2720Q D3TM623";
# workspace = toString ws; workspace = toString ws;
# }) })
# (lib.range 8 9) (lib.range 8 9)
# ); );
# }; };
# }; };
*/
}; };
} }

131
nixos/dragon.nix
View file

@ -10,6 +10,26 @@
home-manager.users.daniel.home.stateVersion = "24.05"; home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "dragon"; networking.hostName = "dragon";
} }
{
# sops secrets config
sops = {
defaultSopsFile = ../secrets/dragon/secrets.yml;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
};
}
{
sops.secrets = {
ddns-pass = {mode = "0400";};
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.ddns-pass.path;
};
}
]; ];
hardware.graphics.extraPackages = [ hardware.graphics.extraPackages = [
# pkgs.rocmPackages.clr.icd # pkgs.rocmPackages.clr.icd
@ -73,62 +93,65 @@
}; };
# TODO: monitor config module? # TODO: monitor config module?
# wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
# settings = { settings = {
# env = [ env = [
# "EWW_BAR_MON,1" "EWW_BAR_MON,1"
# ]; ];
# # See https://wiki.hyprland.org/Configuring/Keywords/ for more # See https://wiki.hyprland.org/Configuring/Keywords/ for more
# monitor = [ monitor = [
# # "DP-2,3840x2160@60,-2160x0,1,transform,3" # "DP-2,3840x2160@60,-2160x0,1,transform,3"
# "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
# # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" # TODO: HDR breaks screenshare?
# # "desc:LG Display 0x0521,3840x2160@120,0x0,1" /*
# # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
# "DP-2,3840x2160@60,0x0,1.5,transform,1" "desc:LG Display 0x0521,3840x2160@120,0x0,1"
# ]; "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
# input = { */
# force_no_accel = true; "DP-2,3840x2160@60,0x0,1.5,transform,1"
# sensitivity = 1; # -1.0 - 1.0, 0 means no modification. ];
# }; input = {
# }; force_no_accel = true;
# }; sensitivity = 1; # -1.0 - 1.0, 0 means no modification.
};
};
};
# wayland.windowManager.sway = { wayland.windowManager.sway = {
# config = { config = {
# output = { output = {
# "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = { "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = {
# mode = "3840x2160@120Hz"; mode = "3840x2160@120Hz";
# position = "${toString (builtins.ceil (2160 / 1.5))},0"; position = "${toString (builtins.ceil (2160 / 1.5))},0";
# }; };
# "Dell Inc. DELL U2720Q D3TM623" = { "Dell Inc. DELL U2720Q D3TM623" = {
# # desktop left vertical monitor # desktop left vertical monitor
# mode = "3840x2160@60Hz"; mode = "3840x2160@60Hz";
# transform = "90"; transform = "270";
# scale = "1.5"; scale = "1.5";
# position = "0,0"; position = "0,0";
# }; };
# }; };
# workspaceOutputAssign = workspaceOutputAssign =
# ( (
# map map
# (ws: { (ws: {
# output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307"; output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307";
# workspace = toString ws; workspace = toString ws;
# }) })
# (lib.range 1 7) (lib.range 1 7)
# ) )
# ++ ( ++ (
# map map
# (ws: { (ws: {
# output = "Dell Inc. DELL U2720Q D3TM623"; output = "Dell Inc. DELL U2720Q D3TM623";
# workspace = toString ws; workspace = toString ws;
# }) })
# (lib.range 8 9) (lib.range 8 9)
# ); );
# }; };
# }; };
}; };
} }

58
nixos/factorio-versions.json Normal file
View file

@ -0,0 +1,58 @@
{
"x86_64-linux": {
"alpha": {
"experimental": {
"name": "factorio_alpha_x64-1.1.110.tar.xz",
"needsAuth": true,
"sha256": "0ndhb94lh47n09a7wshm2inv52fd6rjfa7fk7nk9b7zzh84i7f4x",
"tarDirectory": "x64",
"url": "https://factorio.com/get-download/1.1.110/alpha/linux64",
"version": "1.1.110"
},
"stable": {
"name": "factorio_alpha_x64-1.1.110.tar.xz",
"needsAuth": true,
"sha256": "0ndhb94lh47n09a7wshm2inv52fd6rjfa7fk7nk9b7zzh84i7f4x",
"tarDirectory": "x64",
"url": "https://factorio.com/get-download/1.1.110/alpha/linux64",
"version": "1.1.110"
}
},
"demo": {
"experimental": {
"name": "factorio_demo_x64-1.1.110.tar.xz",
"needsAuth": false,
"sha256": "0dasxgrybl00vrabgrlarsvg0hdg5rvn3y4hsljhqc4zpbf93nxx",
"tarDirectory": "x64",
"url": "https://factorio.com/get-download/1.1.110/demo/linux64",
"version": "1.1.110"
},
"stable": {
"name": "factorio_demo_x64-1.1.110.tar.xz",
"needsAuth": false,
"sha256": "0dasxgrybl00vrabgrlarsvg0hdg5rvn3y4hsljhqc4zpbf93nxx",
"tarDirectory": "x64",
"url": "https://factorio.com/get-download/1.1.110/demo/linux64",
"version": "1.1.110"
}
},
"headless": {
"experimental": {
"name": "factorio_headless_x64-1.1.110.tar.xz",
"needsAuth": false,
"sha256": "0sk4g9y051xjhiwdhj1yz808308zwsbpq3nps1ywvpp56vdycps8",
"tarDirectory": "x64",
"url": "https://factorio.com/get-download/1.1.110/headless/linux64",
"version": "1.1.110"
},
"stable": {
"name": "factorio_headless_x64-1.1.110.tar.xz",
"needsAuth": false,
"sha256": "0sk4g9y051xjhiwdhj1yz808308zwsbpq3nps1ywvpp56vdycps8",
"tarDirectory": "x64",
"url": "https://factorio.com/get-download/1.1.110/headless/linux64",
"version": "1.1.110"
}
}
}
}

415
nixos/foxtrot.nix
View file

@ -1,4 +1,244 @@
{pkgs, ...}: { {pkgs, ...}:
/*
## source: https://community.frame.work/t/speakers-sound-quality/1078/82
let
pipewire-speakers-profile-json = ''{
"output": {
"blocklist": [],
"equalizer": {
"balance": 0.0,
"bypass": false,
"input-gain": 0.0,
"left": {
"band0": {
"frequency": 100.0,
"gain": 0.0,
"mode": "RLC (BT)",
"mute": false,
"q": 1.0,
"slope": "x4",
"solo": false,
"type": "Hi-pass"
},
"band1": {
"frequency": 150.0,
"gain": 4.02,
"mode": "RLC (BT)",
"mute": false,
"q": 3.0,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band2": {
"frequency": 600.0,
"gain": -5.07,
"mode": "RLC (BT)",
"mute": false,
"q": 4.000000000000008,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band3": {
"frequency": 1200.0,
"gain": -3.49,
"mode": "RLC (BT)",
"mute": false,
"q": 4.17,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band4": {
"frequency": 2000.0,
"gain": 1.43,
"mode": "RLC (BT)",
"mute": false,
"q": 4.0,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band5": {
"frequency": 5300.0,
"gain": 3.84,
"mode": "RLC (BT)",
"mute": false,
"q": 2.64,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band6": {
"frequency": 6000.0,
"gain": 4.02,
"mode": "RLC (BT)",
"mute": false,
"q": 4.36,
"slope": "x1",
"solo": false,
"type": "Hi-shelf"
},
"band7": {
"frequency": 7500.0,
"gain": -2.09,
"mode": "RLC (BT)",
"mute": false,
"q": 3.0,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band8": {
"frequency": 8000.0,
"gain": 2.01,
"mode": "RLC (BT)",
"mute": false,
"q": 4.36,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band9": {
"frequency": 900.0,
"gain": -4.12,
"mode": "RLC (BT)",
"mute": false,
"q": 5.909999999999967,
"slope": "x1",
"solo": false,
"type": "Bell"
}
},
"mode": "IIR",
"num-bands": 10,
"output-gain": -1.5,
"pitch-left": 0.0,
"pitch-right": 0.0,
"right": {
"band0": {
"frequency": 100.0,
"gain": 0.0,
"mode": "RLC (BT)",
"mute": false,
"q": 1.0,
"slope": "x4",
"solo": false,
"type": "Hi-pass"
},
"band1": {
"frequency": 150.0,
"gain": 4.02,
"mode": "RLC (BT)",
"mute": false,
"q": 3.0,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band2": {
"frequency": 600.0,
"gain": -5.07,
"mode": "RLC (BT)",
"mute": false,
"q": 4.000000000000008,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band3": {
"frequency": 1200.0,
"gain": -3.49,
"mode": "RLC (BT)",
"mute": false,
"q": 4.17,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band4": {
"frequency": 2000.0,
"gain": 1.43,
"mode": "RLC (BT)",
"mute": false,
"q": 4.0,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band5": {
"frequency": 5300.0,
"gain": 3.84,
"mode": "RLC (BT)",
"mute": false,
"q": 2.64,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band6": {
"frequency": 6000.0,
"gain": 4.02,
"mode": "RLC (BT)",
"mute": false,
"q": 4.36,
"slope": "x1",
"solo": false,
"type": "Hi-shelf"
},
"band7": {
"frequency": 7500.0,
"gain": -2.09,
"mode": "RLC (BT)",
"mute": false,
"q": 3.0,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band8": {
"frequency": 8000.0,
"gain": 2.01,
"mode": "RLC (BT)",
"mute": false,
"q": 4.36,
"slope": "x1",
"solo": false,
"type": "Bell"
},
"band9": {
"frequency": 900.0,
"gain": -4.12,
"mode": "RLC (BT)",
"mute": false,
"q": 5.909999999999967,
"slope": "x1",
"solo": false,
"type": "Bell"
}
},
"split-channels": false
},
"loudness": {
"bypass": false,
"clipping": false,
"clipping-range": 6.0,
"fft": "4096",
"input-gain": 0.0,
"output-gain": 0.0,
"std": "ISO226-2003",
"volume": 6.999999999999991
},
"plugins_order": [
"loudness",
"equalizer"
]
}
}'';
in
*/
{
imports = [ imports = [
{ {
system.stateVersion = "24.05"; system.stateVersion = "24.05";
@ -6,32 +246,21 @@
networking.hostName = "foxtrot"; networking.hostName = "foxtrot";
} }
{ {
# laptop power management
services.upower.enable = true;
swapDevices = [ swapDevices = [
# TODO: move this to disko? # TODO: move this to disko?
# NOTE(oninstall): # NOTE(oninstall):
# sudo btrfs subvolume create /swap /*
# sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile sudo btrfs subvolume create /swap
# sudo swapon /swap/swapfile sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile
sudo swapon /swap/swapfile
*/
{device = "/swap/swapfile";} {device = "/swap/swapfile";}
]; ];
# findmnt -no UUID -T /swap/swapfile # findmnt -no UUID -T /swap/swapfile
boot.resumeDevice = "/dev/disk/by-uuid/81c3354a-f629-4b6b-a249-7705aeb9f0d5"; boot.resumeDevice = "/dev/disk/by-uuid/81c3354a-f629-4b6b-a249-7705aeb9f0d5";
systemd.sleep.extraConfig = "HibernateDelaySec=30m"; systemd.sleep.extraConfig = "HibernateDelaySec=11m";
services.fwupd.enable = true; services.fwupd.enable = true;
services.fwupd.extraRemotes = ["lvfs-testing"]; services.fwupd.extraRemotes = ["lvfs-testing"];
# NOTE: I'm letting plasma settings handle this I guess?
# services.logind = {
# lidSwitch = "suspend-then-hibernate";
# # HandleLidSwitchDocked=ignore
# extraConfig = ''
# HandlePowerKey=suspend-then-hibernate
# IdleActionSec=10m
# IdleAction=suspend-then-hibernate
# '';
# };
} }
]; ];
@ -56,37 +285,52 @@
}; };
}; };
# wayland.windowManager.hyprland = { /*
# settings = { wayland.windowManager.hyprland = {
# env = [ settings = {
# "EWW_BAR_MON,0" env = [
# ]; "EWW_BAR_MON,0"
# # See https://wiki.hyprland.org/Configuring/Keywords/ for more ];
# monitor = [ # See https://wiki.hyprland.org/Configuring/Keywords/ for more
# "eDP-1,2256x1504@60,0x0,${toString scale}" monitor = [
# ]; "eDP-1,2256x1504@60,0x0,${toString scale}"
# }; ];
# }; };
};
*/
# wayland.windowManager.sway = { wayland.windowManager.sway = {
# config = { config = {
# output = { output = {
# "BOE 0x0BCA Unknown" = { "BOE NE135A1M-NY1 Unknown" = {
# mode = "2256x1504@60Hz"; mode = "2880x1920@120Hz";
# position = "0,0"; position = "1092,2160";
# scale = toString scale; scale = toString 1.75;
# }; };
# "Dell Inc. DELL U2720Q D3TM623" = { "Dell Inc. DELL U2720Q CWTM623" = {
# # desktop left vertical monitor mode = "3840x2160@60Hz";
# mode = "1920x1080@60Hz"; position = "0,0";
# # transform = "90"; };
# # scale = "1.5";
# position = "${toString (builtins.floor (2256 / scale))},0"; /*
# }; "BOE 0x0BCA Unknown" = {
# }; mode = "2256x1504@60Hz";
# }; position = "0,0";
# }; scale = toString scale;
};
"Dell Inc. DELL U2720Q D3TM623" = {
# desktop left vertical monitor
mode = "1920x1080@60Hz";
# transform = "90";
# scale = "1.5";
position = "${toString (builtins.floor (2256 / scale))},0";
};
*/
};
};
};
}; };
hardware.graphics.extraPackages = [ hardware.graphics.extraPackages = [
@ -99,7 +343,6 @@
]; ];
networking.networkmanager.wifi.powersave = false; networking.networkmanager.wifi.powersave = false;
hardware.wirelessRegulatoryDatabase = true;
hardware.framework.amd-7040.preventWakeOnAC = true; hardware.framework.amd-7040.preventWakeOnAC = true;
@ -107,15 +350,17 @@
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
# https://github.com/void-linux/void-packages/issues/50417#issuecomment-2131802836 fix framework 13 not shutting down # https://github.com/void-linux/void-packages/issues/50417#issuecomment-2131802836 fix framework 13 not shutting down
# kernelPatches = [ /*
# { kernelPatches = [
# name = "framework13shutdownfix"; {
# patch = builtins.fetchurl { name = "framework13shutdownfix";
# url = "https://github.com/void-linux/void-packages/files/15445612/0001-Add-hopefully-a-solution-for-shutdown-regression.PATCH"; patch = builtins.fetchurl {
# sha256 = "sha256:10zcnzy5hkam2cnxx441b978gzhvnqlcc49k7bpz9dc28xyjik50"; url = "https://github.com/void-linux/void-packages/files/15445612/0001-Add-hopefully-a-solution-for-shutdown-regression.PATCH";
# }; sha256 = "sha256:10zcnzy5hkam2cnxx441b978gzhvnqlcc49k7bpz9dc28xyjik50";
# } };
# ]; }
];
*/
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@ -123,11 +368,12 @@
}; };
# NOTE(oninstall): # NOTE(oninstall):
# sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' /*
# the above won't work for btrfs, instead you need sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
# btrfs inspect-internal map-swapfile -r /swap/swapfile the above won't work for btrfs, instead you need btrfs inspect-internal map-swapfile -r /swap/swapfile
# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
# many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend
*/
kernelParams = [ kernelParams = [
"rtc_cmos.use_acpi_alarm=1" "rtc_cmos.use_acpi_alarm=1"
"amdgpu.sg_display=0" "amdgpu.sg_display=0"
@ -140,9 +386,6 @@
]; ];
initrd.availableKernelModules = ["xhci_pci" "nvme" "thunderbolt"]; initrd.availableKernelModules = ["xhci_pci" "nvme" "thunderbolt"];
kernelModules = ["kvm-amd"]; kernelModules = ["kvm-amd"];
extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="US"
'';
}; };
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
@ -151,17 +394,19 @@
powerOnBoot = false; powerOnBoot = false;
}; };
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
# powerManagement.resumeCommands = '' /*
# modprobe -rv mt7921e powerManagement.resumeCommands = ''
# modprobe -v mt7921e modprobe -rv mt7921e
# ''; modprobe -v mt7921e
'';
*/
services.power-profiles-daemon = { services.power-profiles-daemon = {
enable = true; enable = true;
}; };
services.fprintd = { services.fprintd = {
enable = true; enable = false;
package = pkgs.fprintd.overrideAttrs { package = pkgs.fprintd.overrideAttrs {
# Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
mesonCheckFlags = [ mesonCheckFlags = [
@ -170,24 +415,24 @@
"fprintd:TestPamFprintd" "fprintd:TestPamFprintd"
]; ];
}; };
# tod.enable = true;
# tod.driver = pkgs.libfprint-2-tod1-goodix;
}; };
# services.tlp = { /*
# enable = true; services.tlp = {
# settings = { enable = true;
# CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; settings = {
# CPU_SCALING_GOVERNOR_ON_BAT = "ondemand"; CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
# CPU_MIN_PERF_ON_BAT = 0; CPU_SCALING_GOVERNOR_ON_BAT = "ondemand";
# CPU_MAX_PERF_ON_BAT = 80; CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 80;
# CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_AC = "performance";
# CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
# CPU_MIN_PERF_ON_AC = 0; CPU_MIN_PERF_ON_AC = 0;
# CPU_MAX_PERF_ON_AC = 100; CPU_MAX_PERF_ON_AC = 100;
# }; };
# }; };
*/
networking.firewall.allowedTCPPorts = let networking.firewall.allowedTCPPorts = let
stardewValley = 24642; stardewValley = 24642;

78
nixos/htpifour.nix
View file

@ -58,15 +58,19 @@
hardware.raspberry-pi."4".audio.enable = true; hardware.raspberry-pi."4".audio.enable = true;
nixpkgs.overlays = [ nixpkgs.overlays = [
# nixos-22.05 /*
# (self: super: { libcec = super.libcec.override { inherit (self) libraspberrypi; }; }) nixos-22.05
# nixos-22.11 (self: super: { libcec = super.libcec.override { inherit (self) libraspberrypi; }; })
# (self: super: {libcec = super.libcec.override {withLibraspberrypi = true;};}) nixos-22.11
(self: super: {libcec = super.libcec.override {withLibraspberrypi = true;};})
*/
]; ];
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
# systemd.services."getty@tty1".enable = false; /*
# systemd.services."autovt@tty1".enable = false; systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
*/
# hardware # hardware
systemd.targets.sleep.enable = false; systemd.targets.sleep.enable = false;
@ -99,38 +103,40 @@
}; };
}; };
# services.udev.extraRules = '' /*
# # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below) services.udev.extraRules = ''
# SUBSYSTEM=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq" # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below)
# ''; SUBSYSTEM=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq"
'';
# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# optional: attach a persisted cec-client to `/run/cec.fifo`, to avoid the CEC ~1s startup delay per command optional: attach a persisted cec-client to `/run/cec.fifo`, to avoid the CEC ~1s startup delay per command
# scan for devices: `echo 'scan' &gt; /run/cec.fifo ; journalctl -u cec-client.service` scan for devices: `echo 'scan' &gt; /run/cec.fifo ; journalctl -u cec-client.service`
# set pi as active source: `echo 'as' &gt; /run/cec.fifo` set pi as active source: `echo 'as' &gt; /run/cec.fifo`
# systemd.sockets."cec-client" = { systemd.sockets."cec-client" = {
# after = ["dev-vchiq.device"]; after = ["dev-vchiq.device"];
# bindsTo = ["dev-vchiq.device"]; bindsTo = ["dev-vchiq.device"];
# wantedBy = ["sockets.target"]; wantedBy = ["sockets.target"];
# socketConfig = { socketConfig = {
# ListenFIFO = "/run/cec.fifo"; ListenFIFO = "/run/cec.fifo";
# SocketGroup = "video"; SocketGroup = "video";
# SocketMode = "0660"; SocketMode = "0660";
# }; };
# }; };
# systemd.services."cec-client" = { systemd.services."cec-client" = {
# after = ["dev-vchiq.device"]; after = ["dev-vchiq.device"];
# bindsTo = ["dev-vchiq.device"]; bindsTo = ["dev-vchiq.device"];
# wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
# serviceConfig = { serviceConfig = {
# ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1''; ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1'';
# ExecStop = ''/bin/sh -c "echo q &gt; /run/cec.fifo"''; ExecStop = ''/bin/sh -c "echo q &gt; /run/cec.fifo"'';
# StandardInput = "socket"; StandardInput = "socket";
# StandardOutput = "journal"; StandardOutput = "journal";
# Restart = "no"; Restart = "no";
# }; };
# }; };
*/
hardware.graphics.driSupport32Bit = lib.mkForce false; hardware.graphics.driSupport32Bit = lib.mkForce false;

16
nixos/rascal.nix
View file

@ -25,11 +25,14 @@
device = "/dev/sda"; device = "/dev/sda";
}; };
users.groups.beefcake = {};
users.users = { users.users = {
beefcake = { beefcake = {
# used for restic backups isSystemUser = true;
# TODO: can this be a system user? createHome = true;
isNormalUser = true; home = "/storage/backups/beefcake";
group = "beefcake";
extraGroups = ["sftponly"];
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
config.users.users.daniel.openssh.authorizedKeys.keys config.users.users.daniel.openssh.authorizedKeys.keys
++ [ ++ [
@ -52,6 +55,13 @@
}; };
}; };
services.openssh.extraConfig = ''
Match Group sftponly
ChrootDirectory /storage/backups/%u
ForceCommand internal-sftp
AllowTcpForwarding no
'';
networking = { networking = {
hostName = "rascal"; hostName = "rascal";
networkmanager.enable = true; networkmanager.enable = true;

649
nixos/router.nix
View file

@ -1,17 +1,19 @@
{ {
config,
lib, lib,
# outputs, # outputs,
# config,
pkgs, pkgs,
... ...
}: let }: let
# NOTE: My goal is to be able to apply most of the common tweaks to the router /*
# either live on the system for ad-hoc changes (such as forwarding a port for a NOTE: My goal is to be able to apply most of the common tweaks to the router
# multiplayer game) or to tweak these values just below without reaching deeper either live on the system for ad-hoc changes (such as forwarding a port for a
# into the modules' implementation of these configuration values multiplayer game) or to tweak these values just below without reaching deeper
# NOTE: I could turn this into a cool NixOS module? into the modules' implementation of these configuration values
# TODO: review https://francis.begyn.be/blog/nixos-home-router NOTE: I could turn this into a cool NixOS module?
# TODO: more recent: https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md TODO: review https://francis.begyn.be/blog/nixos-home-router
TODO: more recent: https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md
*/
hostname = "router"; hostname = "router";
domain = "h.lyte.dev"; domain = "h.lyte.dev";
ip = "192.168.0.1"; ip = "192.168.0.1";
@ -49,12 +51,18 @@
"idm.h.lyte.dev" "idm.h.lyte.dev"
"git.lyte.dev" "git.lyte.dev"
"video.lyte.dev" "video.lyte.dev"
"paperless.h.lyte.dev"
"audio.lyte.dev" "audio.lyte.dev"
"a.lyte.dev" "a.lyte.dev"
"bw.lyte.dev" "bw.lyte.dev"
"files.lyte.dev" "files.lyte.dev"
"vpn.h.lyte.dev" "vpn.h.lyte.dev"
"atuin.h.lyte.dev" "atuin.h.lyte.dev"
"grafana.h.lyte.dev"
"prometheus.h.lyte.dev"
"finances.h.lyte.dev"
"nextcloud.h.lyte.dev"
"onlyoffice.h.lyte.dev"
"a.lyte.dev" "a.lyte.dev"
]; ];
}; };
@ -96,6 +104,25 @@ in {
} }
]; ];
environment.systemPackages = with pkgs; [
iftop
];
sops = {
defaultSopsFile = ../secrets/router/secrets.yml;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
netlify-ddns-password = {mode = "0400";};
};
};
services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.netlify-ddns-password.path;
};
boot.kernel.sysctl = boot.kernel.sysctl =
sysctl-entries sysctl-entries
// { // {
@ -137,22 +164,22 @@ in {
checkRuleset = true; checkRuleset = true;
ruleset = with inf; '' ruleset = with inf; ''
table inet filter { table inet filter {
# set LANv4 { ## set LANv4 {
# type ipv4_addr ## type ipv4_addr
# flags interval ## flags interval
# elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 } ## elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
# } ## }
# set LANv6 { ## set LANv6 {
# type ipv6_addr ## type ipv6_addr
# flags interval ## flags interval
# elements = { fd00::/8, fe80::/10 } ## elements = { fd00::/8, fe80::/10 }
# } ## }
# TODO: maybe tailnet? ## TODO: maybe tailnet?
# chain my_input_lan { ## chain my_input_lan {
# udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply" ## udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
# udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies" ## udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
# } ## }
chain input { chain input {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop;
@ -187,12 +214,13 @@ in {
udp dport { 80, 443 } accept comment "Allow QUIC to server (see nat prerouting)" udp dport { 80, 443 } accept comment "Allow QUIC to server (see nat prerouting)"
tcp dport { 22 } accept comment "Allow SSH to server (see nat prerouting)" tcp dport { 22 } accept comment "Allow SSH to server (see nat prerouting)"
tcp dport { 25565 } accept comment "Allow Minecraft server connections (see nat prerouting)" tcp dport { 25565 } accept comment "Allow Minecraft server connections (see nat prerouting)"
udp dport { 34197 } accept comment "Allow Factorio server connections (see nat prerouting)"
iifname "${lan}" accept comment "Allow local network to access the router" iifname "${lan}" accept comment "Allow local network to access the router"
iifname "tailscale0" accept comment "Allow local network to access the router" iifname "tailscale0" accept comment "Allow local network to access the router"
# ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges" ## ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
# ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges" ## ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan" iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
} }
@ -207,13 +235,13 @@ in {
accept accept
} }
# chain forward { ## chain forward {
# type filter hook forward priority filter; policy drop; ## type filter hook forward priority filter; policy drop;
# iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN" ## iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
# iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN" ## iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
# iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN" ## iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
# } ## }
} }
table ip nat { table ip nat {
@ -229,6 +257,7 @@ in {
iifname ${wan} tcp dport {26966} dnat to ${hosts.beefcake.ip} iifname ${wan} tcp dport {26966} dnat to ${hosts.beefcake.ip}
iifname ${wan} tcp dport {25565} dnat to ${hosts.bald.ip} iifname ${wan} tcp dport {25565} dnat to ${hosts.bald.ip}
iifname ${wan} udp dport {25565} dnat to ${hosts.bald.ip} iifname ${wan} udp dport {25565} dnat to ${hosts.bald.ip}
iifname ${wan} udp dport {34197} dnat to ${hosts.beefcake.ip}
} }
chain postrouting { chain postrouting {
@ -240,56 +269,58 @@ in {
}; };
# NOTE: see flake.nix 'nnf.nixosModules.default' # NOTE: see flake.nix 'nnf.nixosModules.default'
# nftables.firewall = let /*
# me = config.networking.nftables.firewall.localZoneName; nftables.firewall = let
# in { me = config.networking.nftables.firewall.localZoneName;
# enable = true; in {
# snippets.nnf-common.enable = true; enable = true;
snippets.nnf-common.enable = true;
# zones = { zones = {
# ${interfaces.wan.name} = { ${interfaces.wan.name} = {
# interfaces = [interfaces.wan.name interfaces.lan.name]; interfaces = [interfaces.wan.name interfaces.lan.name];
# }; };
# ${interfaces.lan.name} = { ${interfaces.lan.name} = {
# parent = interfaces.wan.name; parent = interfaces.wan.name;
# ipv4Addresses = [cidr]; ipv4Addresses = [cidr];
# }; };
# # banned = { ## banned = {
# # ingressExpression = [ ## ingressExpression = [
# # "ip saddr @banlist" ## "ip saddr @banlist"
# # "ip6 saddr @banlist6" ## "ip6 saddr @banlist6"
# # ]; ## ];
# # egressExpression = [ ## egressExpression = [
# # "ip daddr @banlist" ## "ip daddr @banlist"
# # "ip6 daddr @banlist6" ## "ip6 daddr @banlist6"
# # ]; ## ];
# # }; ## };
# }; };
# rules = { rules = {
# dhcp = { dhcp = {
# from = "all"; from = "all";
# to = [hosts.beefcake.ip]; to = [hosts.beefcake.ip];
# allowedTCPPorts = [67]; allowedTCPPorts = [67];
# allowedUDPPorts = [67]; allowedUDPPorts = [67];
# }; };
# http = { http = {
# from = "all"; from = "all";
# to = [me]; to = [me];
# allowedTCPPorts = [80 443]; allowedTCPPorts = [80 443];
# }; };
# router-ssh = { router-ssh = {
# from = "all"; from = "all";
# to = [me]; to = [me];
# allowedTCPPorts = [2201]; allowedTCPPorts = [2201];
# }; };
# server-ssh = { server-ssh = {
# from = "all"; from = "all";
# to = [hosts.beefcake.ip]; to = [hosts.beefcake.ip];
# allowedTCPPorts = [22]; allowedTCPPorts = [22];
# }; };
# }; };
# }; };
*/
}; };
systemd.network = { systemd.network = {
@ -337,29 +368,35 @@ in {
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
# IPv6AcceptRA = false; # IPv6AcceptRA = false;
IPv6SendRA = true; IPv6SendRA = true;
DHCPv6PrefixDelegation = true; DHCPPrefixDelegation = true;
}; };
}; };
# WAN configuration requires DHCP to get addresses /*
# we also disable some options to be certain we retain as much networking WAN configuration requires DHCP to get addresses
# control as we reasonably can, such as not letting the ISP determine our we also disable some options to be certain we retain as much networking
# hostname or DNS configuration control as we reasonably can, such as not letting the ISP determine our
# TODO: IPv6 (prefix delegation) hostname or DNS configuration
TODO: IPv6 (prefix delegation)
*/
"40-${interfaces.wan.name}" = { "40-${interfaces.wan.name}" = {
matchConfig.Name = "${interfaces.wan.name}"; matchConfig.Name = "${interfaces.wan.name}";
networkConfig = { networkConfig = {
Description = "WAN network - connection to fiber ISP jack"; Description = "WAN network - connection to fiber ISP jack";
DHCP = true; DHCP = true;
# IPv6AcceptRA = true; /*
# IPv6PrivacyExtensions = true; IPv6AcceptRA = true;
# IPForward = true; IPv6PrivacyExtensions = true;
IPForward = true;
*/
}; };
dhcpV6Config = { dhcpV6Config = {
# ForceDHCPv6PDOtherInformation = true; /*
# UseHostname = false; ForceDHCPv6PDOtherInformation = true;
# UseDNS = false; UseHostname = false;
# UseNTP = false; UseDNS = false;
UseNTP = false;
*/
PrefixDelegationHint = "::/56"; PrefixDelegationHint = "::/56";
}; };
dhcpV4Config = { dhcpV4Config = {
@ -385,17 +422,21 @@ in {
services.resolved.enable = false; services.resolved.enable = false;
# dnsmasq serves as our DHCP and DNS server /*
# almost all the configuration should be derived from the values at the top of dnsmasq serves as our DHCP and DNS server
# this file almost all the configuration should be derived from the values at the top of
this file
*/
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
settings = { settings = {
listen-address = "::,127.0.0.1,${ip}"; listen-address = "::,127.0.0.1,${ip}";
port = 53; port = 53;
# dhcp-authoritative = true; /*
# dnssec = true; dhcp-authoritative = true;
dnssec = true;
*/
enable-ra = true; enable-ra = true;
server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"]; server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"];
@ -448,8 +489,10 @@ in {
}; };
}; };
# since the home network reserves port 22 for ssh to the big server and to /*
# gitea, the router uses port 2201 for ssh since the home network reserves port 22 for ssh to the big server and to
gitea, the router uses port 2201 for ssh
*/
services.openssh.listenAddresses = [ services.openssh.listenAddresses = [
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
@ -473,252 +516,254 @@ in {
system.stateVersion = "24.05"; system.stateVersion = "24.05";
# NOTE: everything from here on is deprecated or old stuff /*
NOTE: everything from here on is deprecated or old stuff
# TODO: may not be strictly necessary for IPv6? TODO: may not be strictly necessary for IPv6?
# TODO: also may not even be the best implementation? TODO: also may not even be the best implementation?
# services.radvd = { services.radvd = {
# enable = false; enable = false;
# # NOTE: this config is just the default arch linux config I think and may ## NOTE: this config is just the default arch linux config I think and may
# # need tweaking? this is what I had on the arch linux router, though :shrug: ## need tweaking? this is what I had on the arch linux router, though :shrug:
# config = '' config = ''
# interface lo interface lo
# { {
# AdvSendAdvert on; AdvSendAdvert on;
# MinRtrAdvInterval 3; MinRtrAdvInterval 3;
# MaxRtrAdvInterval 10; MaxRtrAdvInterval 10;
# AdvDefaultPreference low; AdvDefaultPreference low;
# AdvHomeAgentFlag off; AdvHomeAgentFlag off;
# prefix 2001:db8:1:0::/64 prefix 2001:db8:1:0::/64
# { {
# AdvOnLink on; AdvOnLink on;
# AdvAutonomous on; AdvAutonomous on;
# AdvRouterAddr off; AdvRouterAddr off;
# }; };
# prefix 0:0:0:1234::/64 prefix 0:0:0:1234::/64
# { {
# AdvOnLink on; AdvOnLink on;
# AdvAutonomous on; AdvAutonomous on;
# AdvRouterAddr off; AdvRouterAddr off;
# Base6to4Interface ppp0; Base6to4Interface ppp0;
# AdvPreferredLifetime 120; AdvPreferredLifetime 120;
# AdvValidLifetime 300; AdvValidLifetime 300;
# }; };
# route 2001:db0:fff::/48 route 2001:db0:fff::/48
# { {
# AdvRoutePreference high; AdvRoutePreference high;
# AdvRouteLifetime 3600; AdvRouteLifetime 3600;
# }; };
# RDNSS 2001:db8::1 2001:db8::2 RDNSS 2001:db8::1 2001:db8::2
# { {
# AdvRDNSSLifetime 30; AdvRDNSSLifetime 30;
# }; };
# DNSSL branch.example.com example.com DNSSL branch.example.com example.com
# { {
# AdvDNSSLLifetime 30; AdvDNSSLLifetime 30;
# }; };
# }; };
# ''; '';
# }; };
# TODO: old config, should be deleted ASAP TODO: old config, should be deleted ASAP
# services.dnsmasq = { services.dnsmasq = {
# enable = false; enable = false;
# settings = { settings = {
# # server endpoints # server endpoints
# listen-address = "::1,127.0.0.1,${ip}"; listen-address = "::1,127.0.0.1,${ip}";
# port = "53"; port = "53";
# # DNS cache entries # DNS cache entries
# cache-size = "10000"; cache-size = "10000";
# # local domain entries # local domain entries
# local = "/lan/"; local = "/lan/";
# domain = "lan"; domain = "lan";
# expand-hosts = true; expand-hosts = true;
# dhcp-authoritative = true; dhcp-authoritative = true;
# conf-file = "/usr/share/dnsmasq/trust-anchors.conf"; conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
# dnssec = true; dnssec = true;
# except-interface = "${wan_if}"; except-interface = "${wan_if}";
# interface = "${lan_if}"; interface = "${lan_if}";
# enable-ra = true; enable-ra = true;
# # dhcp-option = "121,${cidr},${ip}"; # dhcp-option = "121,${cidr},${ip}";
# dhcp-range = [ dhcp-range = [
# "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m" "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
# "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h" "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
# ]; ];
# dhcp-host = [ dhcp-host = [
# "${hosts.dragon.host},${hosts.dragon.ip},12h" "${hosts.dragon.host},${hosts.dragon.ip},12h"
# "${hosts.beefcake.host},${hosts.beefcake.ip},12h" "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
# ]; ];
# # may need to go in /etc/hosts (networking.extraHosts), too? # may need to go in /etc/hosts (networking.extraHosts), too?
# address = [ address = [
# "/video.lyte.dev/192.168.0.9" "/video.lyte.dev/192.168.0.9"
# "/git.lyte.dev/192.168.0.9" "/git.lyte.dev/192.168.0.9"
# "/bw.lyte.dev/192.168.0.9" "/bw.lyte.dev/192.168.0.9"
# "/files.lyte.dev/192.168.0.9" "/files.lyte.dev/192.168.0.9"
# "/vpn.h.lyte.dev/192.168.0.9" "/vpn.h.lyte.dev/192.168.0.9"
# "/.h.lyte.dev/192.168.0.9" "/.h.lyte.dev/192.168.0.9"
# ]; ];
# server = [ server = [
# "${ip}" "${ip}"
# "8.8.8.8" "8.8.8.8"
# "8.8.4.4" "8.8.4.4"
# "1.1.1.1" "1.1.1.1"
# "1.0.0.1" "1.0.0.1"
# ]; ];
# }; };
# }; };
# TODO: old config, should be deleted ASAP TODO: old config, should be deleted ASAP
# nftables = { nftables = {
# enable = false; enable = false;
# flushRuleset = true; flushRuleset = true;
# tables = { tables = {
# filter = { filter = {
# family = "inet"; family = "inet";
# content = '' content = ''
# chain input { chain input {
# # type filter hook input priority filter; policy accept; # type filter hook input priority filter; policy accept;
# type filter hook input priority 0; type filter hook input priority 0;
# # anything from loopback interface # anything from loopback interface
# iifname "lo" accept iifname "lo" accept
# # accept traffic we originated # accept traffic we originated
# ct state { established, related } counter accept ct state { established, related } counter accept
# ct state invalid counter drop ct state invalid counter drop
# # ICMP # ICMP
# ip6 nexthdr icmpv6 icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-solicit, nd-router-advert, mld-listener-query, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept ip6 nexthdr icmpv6 icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-solicit, nd-router-advert, mld-listener-query, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept
# ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } counter accept ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } counter accept
# ip protocol icmpv6 counter accept ip protocol icmpv6 counter accept
# ip protocol icmp counter accept ip protocol icmp counter accept
# meta l4proto ipv6-icmp counter accept meta l4proto ipv6-icmp counter accept
# udp dport dhcpv6-client counter accept udp dport dhcpv6-client counter accept
# tcp dport { 64022, 22, 53, 67, 25565 } counter accept tcp dport { 64022, 22, 53, 67, 25565 } counter accept
# udp dport { 64020, 22, 53, 67 } counter accept udp dport { 64020, 22, 53, 67 } counter accept
# # iifname "iot" ip saddr $iot-ip tcp dport { llmnr } counter accept ## iifname "iot" ip saddr $iot-ip tcp dport { llmnr } counter accept
# # iifname "iot" ip saddr $iot-ip udp dport { mdns, llmnr } counter accept ## iifname "iot" ip saddr $iot-ip udp dport { mdns, llmnr } counter accept
# iifname "${lan_if}" tcp dport { llmnr } counter accept iifname "${lan_if}" tcp dport { llmnr } counter accept
# iifname "${lan_if}" udp dport { mdns, llmnr } counter accept iifname "${lan_if}" udp dport { mdns, llmnr } counter accept
# counter drop counter drop
# } }
# # allow all outgoing # allow all outgoing
# chain output { chain output {
# type filter hook output priority 0; type filter hook output priority 0;
# accept accept
# } }
# chain forward { chain forward {
# type filter hook forward priority 0; type filter hook forward priority 0;
# accept accept
# } }
# ''; '';
# }; };
# nat = { nat = {
# family = "ip"; family = "ip";
# content = '' content = ''
# set masq_saddr { set masq_saddr {
# type ipv4_addr type ipv4_addr
# flags interval flags interval
# elements = { ${cidr} } elements = { ${cidr} }
# } }
# map map_port_ipport { map map_port_ipport {
# type inet_proto . inet_service : ipv4_addr . inet_service type inet_proto . inet_service : ipv4_addr . inet_service
# } }
# chain prerouting { chain prerouting {
# iifname ${lan_if} accept iifname ${lan_if} accept
# type nat hook prerouting priority dstnat + 1; policy accept; type nat hook prerouting priority dstnat + 1; policy accept;
# fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
# iifname ${wan_if} tcp dport { 22, 80, 443, 25565, 64022 } dnat to ${hosts.beefcake.ip} iifname ${wan_if} tcp dport { 22, 80, 443, 25565, 64022 } dnat to ${hosts.beefcake.ip}
# iifname ${wan_if} udp dport { 64020 } dnat to ${hosts.beefcake.ip} iifname ${wan_if} udp dport { 64020 } dnat to ${hosts.beefcake.ip}
# # iifname ${wan_if} tcp dport { 25565 } dnat to 192.168.0.244 ## iifname ${wan_if} tcp dport { 25565 } dnat to 192.168.0.244
# # iifname ${wan_if} udp dport { 25565 } dnat to 192.168.0.244 ## iifname ${wan_if} udp dport { 25565 } dnat to 192.168.0.244
# # router ## router
# iifname ${wan_if} tcp dport { 2201 } dnat to ${ip} iifname ${wan_if} tcp dport { 2201 } dnat to ${ip}
# } }
# chain output { chain output {
# type nat hook output priority -99; policy accept; type nat hook output priority -99; policy accept;
# ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
# } }
# chain postrouting { chain postrouting {
# type nat hook postrouting priority srcnat + 1; policy accept; type nat hook postrouting priority srcnat + 1; policy accept;
# oifname ${lan_if} masquerade oifname ${lan_if} masquerade
# ip saddr @masq_saddr masquerade ip saddr @masq_saddr masquerade
# } }
# ''; '';
# }; };
# }; };
# }; };
# TODO: also want to try to avoid using dhcpcd for IPv6 since systemd-networkd TODO: also want to try to avoid using dhcpcd for IPv6 since systemd-networkd
# should be sufficient? should be sufficient?
# dhcpcd = { dhcpcd = {
# enable = false; enable = false;
# extraConfig = '' extraConfig = ''
# duid duid
# # No way.... https://github.com/NetworkConfiguration/dhcpcd/issues/36#issuecomment-954777644 ## No way.... https://github.com/NetworkConfiguration/dhcpcd/issues/36#issuecomment-954777644
# # issues caused by guests with oneplus devices ## issues caused by guests with oneplus devices
# noarp noarp
# persistent persistent
# vendorclassid vendorclassid
# option domain_name_servers, domain_name, domain_search option domain_name_servers, domain_name, domain_search
# option classless_static_routes option classless_static_routes
# option interface_mtu option interface_mtu
# option host_name option host_name
# #option ntp_servers #option ntp_servers
# require dhcp_server_identifier require dhcp_server_identifier
# slaac private slaac private
# noipv4ll noipv4ll
# noipv6rs noipv6rs
# static domain_name_servers=${ip} static domain_name_servers=${ip}
# interface ${wan_if} interface ${wan_if}
# gateway gateway
# ipv6rs ipv6rs
# iaid 1 iaid 1
# # option rapid_commit ## option rapid_commit
# # ia_na 1 ## ia_na 1
# ia_pd 1 ${lan_if} ia_pd 1 ${lan_if}
# interface ${lan_if} interface ${lan_if}
# static ip_address=${cidr} static ip_address=${cidr}
# static routers=${ip} static routers=${ip}
# static domain_name_servers=${ip} static domain_name_servers=${ip}
# ''; '';
# }; };
*/
} }

23
nixos/thablet.nix
View file

@ -5,9 +5,6 @@
}: { }: {
networking.hostName = "thablet"; networking.hostName = "thablet";
home-manager.users.daniel = {
};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
services.fprintd = { services.fprintd = {
@ -48,7 +45,11 @@
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = false;
};
services.power-profiles-daemon = {
enable = true;
}; };
networking = { networking = {
@ -61,5 +62,19 @@
}; };
}; };
home-manager.users.daniel = {
wayland.windowManager.sway = {
config = {
output = {
"AU Optronics 0x2236 Unknown" = {
mode = "2560x1440@60Hz";
position = "0,0";
scale = toString 1.25;
};
};
};
};
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

10
nixos/thinker.nix
View file

@ -6,10 +6,12 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true; systemd-boot.enable = true;
}; };
# sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' /*
# the above won't work for btrfs, instead you need sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
# btrfs inspect-internal map-swapfile -r /swap/swapfile the above won't work for btrfs, instead you need
# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file btrfs inspect-internal map-swapfile -r /swap/swapfile
https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
*/
kernelParams = ["boot.shell_on_fail"]; kernelParams = ["boot.shell_on_fail"];
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"]; initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"];
}; };

32
overlays/default.nix
View file

@ -5,22 +5,28 @@
pkgs = import nixpkgs {inherit (final) system;}; pkgs = import nixpkgs {inherit (final) system;};
}; };
# This one contains whatever you want to overlay /*
# You can change versions, add patches, set compilation flags, anything really. This one contains whatever you want to overlay
# https://nixos.wiki/wiki/Overlays You can change versions, add patches, set compilation flags, anything really.
https://nixos.wiki/wiki/Overlays
*/
modifications = final: prev: { modifications = final: prev: {
# final.fprintd = prev.fprintd.overrideAttrs { /*
# # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f final.fprintd = prev.fprintd.overrideAttrs {
# mesonCheckFlags = [ # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
# # PAM related checks are timing out mesonCheckFlags = [
# "--no-suite" # PAM related checks are timing out
# "fprintd:TestPamFprintd" "--no-suite"
# ]; "fprintd:TestPamFprintd"
# }; ];
};
*/
}; };
# When applied, the unstable nixpkgs set (declared in the flake inputs) will /*
# be accessible through 'pkgs.unstable' When applied, the unstable nixpkgs set (declared in the flake inputs) will
be accessible through 'pkgs.unstable'
*/
unstable-packages = final: _prev: { unstable-packages = final: _prev: {
unstable = import nixpkgs { unstable = import nixpkgs {
system = final.system; system = final.system;

8
packages/iosevkaLyteTerm.nix
View file

@ -34,10 +34,10 @@ in ((iosevka.override {
menu = 900 menu = 900
css = 900 css = 900
# [[buildPlans.Iosevka${set}.compatibility-ligatures]] ## [[buildPlans.Iosevka${set}.compatibility-ligatures]]
# unicode = 57600 # 0xE100 ## unicode = 57600 # 0xE100
# featureTag = 'calt' ## featureTag = 'calt'
# kequence = '<*>' ## kequence = '<*>'
[buildPlans.Iosevka${set}.variants] [buildPlans.Iosevka${set}.variants]
inherits = "ss01" inherits = "ss01"

8
secrets/beefcake/secrets.yml
View file

@ -15,7 +15,9 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str] nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
grafana-admin-password: ENC[AES256_GCM,data:SpxQ7FgFoF5cZj5+1ug=,iv:NaQPIqFE62PHC14rT/xqYchdt7IykS8jJhuGRcC2SjM=,tag:Q8QtHiE4Beh5GG/IcvjG4w==,type:str]
netlify-ddns-password: ENC[AES256_GCM,data:mz9MS93ZPbtziwo56DP27q5ZgA1rgCptQpgTPrq2Ihc3KjSxSACJ6p6t8NjRPr4lSDLPzDa47OnRct/N4fcm5Q==,iv:upOh9S0wvTXBwfso3GhQzpl5befY0T0hTW/LGNcvv0k=,tag:/LNP0wIaxtExulV0blVkXA==,type:str] netlify-ddns-password: ENC[AES256_GCM,data:mz9MS93ZPbtziwo56DP27q5ZgA1rgCptQpgTPrq2Ihc3KjSxSACJ6p6t8NjRPr4lSDLPzDa47OnRct/N4fcm5Q==,iv:upOh9S0wvTXBwfso3GhQzpl5befY0T0hTW/LGNcvv0k=,tag:/LNP0wIaxtExulV0blVkXA==,type:str]
grafana-smtp-password: ENC[AES256_GCM,data:eSzFlEcgSPEy7p0QW6Pr6Z86TRHuuIJcM7nSI7bBBFy/9/VQaYk6+Ztu049ZGrejPNk=,iv:o14YoiTE4dCKw/Rbh/B2m2b5oyitvaB+FnLxydgu75c=,tag:4iRngd9OiZMq5RTVKdklHw==,type:str]
#ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment] #ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment]
forgejo-runner.env: ENC[AES256_GCM,data:x4EaDzK4W34ZEZ/Inakore2YABZf8e7TBBjoC6xTPZ9GBrSZCE85FOcHAmMXPDo=,iv:bNGOsLnhxnlC/opCKT1DSsGoWdmgJ8NgEPY3ySlN108=,tag:Ijp3qHBSdv6EDaZdomJhAA==,type:str] forgejo-runner.env: ENC[AES256_GCM,data:x4EaDzK4W34ZEZ/Inakore2YABZf8e7TBBjoC6xTPZ9GBrSZCE85FOcHAmMXPDo=,iv:bNGOsLnhxnlC/opCKT1DSsGoWdmgJ8NgEPY3ySlN108=,tag:Ijp3qHBSdv6EDaZdomJhAA==,type:str]
jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str] jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
@ -24,6 +26,8 @@ api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/n
restic-rascal-passphrase: ENC[AES256_GCM,data:yonKbBh4riGwxc/qcj8F/qrgAtA1sWhYejw9rdOTdCNW3a7zL/Ny1+XCI/P3bMOsY6UTmg/gxA2itp4cSbvqjg==,iv:5GwaEExn7b3dIkCVehLxaBXW+nUuSexY/bcqfCUwF5Q=,tag:dinyyw2XeVoSnw/IsYfK0w==,type:str] restic-rascal-passphrase: ENC[AES256_GCM,data:yonKbBh4riGwxc/qcj8F/qrgAtA1sWhYejw9rdOTdCNW3a7zL/Ny1+XCI/P3bMOsY6UTmg/gxA2itp4cSbvqjg==,iv:5GwaEExn7b3dIkCVehLxaBXW+nUuSexY/bcqfCUwF5Q=,tag:dinyyw2XeVoSnw/IsYfK0w==,type:str]
restic-rascal-ssh-private-key: ENC[AES256_GCM,data:ddsOs0XsayyQI9qc6LzwQpdDnfwNpbj8PbBJ5fyuqtlVNYndeLxaYcbZI2ULSUhgR1tN0FS+ggGTHQhVvjwksNvpskUGHNKkSLKH3D/mn5N9tsoeAblN4gZsloZdqXBVzEehumcQMdhh6iy6NkNbuinKrVKDhLV25PrFKuSBEYw9VHU7HAMW5Tfop3RzBXjZWETCDAR2OQa7d1dXsJ0Kw6b9RFmRe5MGQ0J7YhjdTg26JGMMVSeHvr5UbiUJkGA5RvOLEDM2Dfai7Lf8yRPZVxUl+rdRsNvNYEoYGu5rGLUFcuqIbQ+s40dP2uXwWauwkIvHUjEahkbP0httj4Kg3qIJBRPg7OuS+MOwAnLEAs3hl5zeBV396yA9qjWW8nhnbml58/uFFbfXbJWTM3r8cMpFbHKD+Ojo/99fm5Vy3pAMzNzEsHOaT+iyDYyNkV5OH1GyKK9n7kIRLdqmWe7GmaKXlwVvNUPi3RvLX9VXq83a4BuupFyTmaNfPGMs/17830aleV674+QVgKh3VyFtuJy6KBpMXDv16wFo,iv:S2I3h6pmKLxEc29E0zn2b8lscqA//5/ZMTV9q+/tdvs=,tag:ALeCT+nrVPDfS21xC555sA==,type:str] restic-rascal-ssh-private-key: ENC[AES256_GCM,data:ddsOs0XsayyQI9qc6LzwQpdDnfwNpbj8PbBJ5fyuqtlVNYndeLxaYcbZI2ULSUhgR1tN0FS+ggGTHQhVvjwksNvpskUGHNKkSLKH3D/mn5N9tsoeAblN4gZsloZdqXBVzEehumcQMdhh6iy6NkNbuinKrVKDhLV25PrFKuSBEYw9VHU7HAMW5Tfop3RzBXjZWETCDAR2OQa7d1dXsJ0Kw6b9RFmRe5MGQ0J7YhjdTg26JGMMVSeHvr5UbiUJkGA5RvOLEDM2Dfai7Lf8yRPZVxUl+rdRsNvNYEoYGu5rGLUFcuqIbQ+s40dP2uXwWauwkIvHUjEahkbP0httj4Kg3qIJBRPg7OuS+MOwAnLEAs3hl5zeBV396yA9qjWW8nhnbml58/uFFbfXbJWTM3r8cMpFbHKD+Ojo/99fm5Vy3pAMzNzEsHOaT+iyDYyNkV5OH1GyKK9n7kIRLdqmWe7GmaKXlwVvNUPi3RvLX9VXq83a4BuupFyTmaNfPGMs/17830aleV674+QVgKh3VyFtuJy6KBpMXDv16wFo,iv:S2I3h6pmKLxEc29E0zn2b8lscqA//5/ZMTV9q+/tdvs=,tag:ALeCT+nrVPDfS21xC555sA==,type:str]
restic-ssh-priv-key-benland: ENC[AES256_GCM,data:G+uiYZTvqXhpJb66j6Q6S+otlXeRX0CdYeMHzSMjIbvbI0AVm0yCU7COO5/O8i47NpvrKKS1kVxVEK8ixLRUowkl3hgRXhxsBIPFnpkMD0ENmJttm4HOpi0qIWMwzPYTjkz/slY4HcTFnCfYy1ZpURQdWwZsr1EdAA05bUMTtM22R3uOMzjO8uf72PCWX7yffo8MxsLmWvNVAOhVlrb2H5KQNR/IquFK3TFoZitq5nVDG9tcEFkX+lgA3zsmCHU/2DvvodgeRoltaAFvgjVznNGf4e5p8owHUtSzX52HwGZRiUlMuhpre2gm1r73n8AyZe41II+LX/85fMfZDdyayIGv3AAMBib8H0/AoChexRcdLQEmzOgRrXsgucDJrWSWP6WMBVyamUm79m5ep0fvL1lJftuJqN0uuq9dBrispdso4x+6jk/pDf5pEM/FE6s1rY832BEb7q0PnjyvVogOez+cIihmMpDdnS0A/8TFzg29i3C+93x5vrt3k7atNzR/jN+/GqX2FKLzxWrrIw2d,iv:IP+N8JQu+XRvwTtBnxu54ujzU5UliltXG3mk9HfJaN8=,tag:4oinE9QMaSh8IfUd/ttM3Q==,type:str] restic-ssh-priv-key-benland: ENC[AES256_GCM,data:G+uiYZTvqXhpJb66j6Q6S+otlXeRX0CdYeMHzSMjIbvbI0AVm0yCU7COO5/O8i47NpvrKKS1kVxVEK8ixLRUowkl3hgRXhxsBIPFnpkMD0ENmJttm4HOpi0qIWMwzPYTjkz/slY4HcTFnCfYy1ZpURQdWwZsr1EdAA05bUMTtM22R3uOMzjO8uf72PCWX7yffo8MxsLmWvNVAOhVlrb2H5KQNR/IquFK3TFoZitq5nVDG9tcEFkX+lgA3zsmCHU/2DvvodgeRoltaAFvgjVznNGf4e5p8owHUtSzX52HwGZRiUlMuhpre2gm1r73n8AyZe41II+LX/85fMfZDdyayIGv3AAMBib8H0/AoChexRcdLQEmzOgRrXsgucDJrWSWP6WMBVyamUm79m5ep0fvL1lJftuJqN0uuq9dBrispdso4x+6jk/pDf5pEM/FE6s1rY832BEb7q0PnjyvVogOez+cIihmMpDdnS0A/8TFzg29i3C+93x5vrt3k7atNzR/jN+/GqX2FKLzxWrrIw2d,iv:IP+N8JQu+XRvwTtBnxu54ujzU5UliltXG3mk9HfJaN8=,tag:4oinE9QMaSh8IfUd/ttM3Q==,type:str]
paperless-superuser-password: ENC[AES256_GCM,data:lypWK73mOYI2hyQAW/4T3cDiVtsts3kKb7LZb9ES3n97Kn5l,iv:jBHUBFbb4GqQ3gnK0h5VCaGj3/kd3/eGa1QFiE7+B9I=,tag:UoQar+x1xVnCV2k+9hYjWA==,type:str]
factorio-server-settings: ENC[AES256_GCM,data:ItK+/eONdAqNAiQxCrCipUmTdIKt274qwVyNnSdOdxxd67XGozs/xr/cCYwwDiUyKQ7mD8oBLL6EVaHbXpObLwGe0Nsnz5jE9GtI0k5184/jsQ==,iv:Qre+BKhdqNDNuOz0PGZJJpTmQxJdNoTbd5FxRy0lrVs=,tag:G4dFdVclUdagyA84Yh653w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -48,8 +52,8 @@ sops:
bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg== rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-06T21:22:57Z" lastmodified: "2024-10-14T14:58:39Z"
mac: ENC[AES256_GCM,data:suoBGuZnfZpo55g+sq6MXDvecwhhWRS9gtTlCvnWmSvWT+K8TFXHcz9cLZT5U2N4ueSYJovRoKPoAv9rKgtLHSSg+JKI0b0cErQge75970bTbeMKMl+SJmYF0T0ht5+8n5zjhnQjVo2mHmJJI1IekumsoNJ9+F6USPBidiK0uNU=,iv:7dMsEnXylvn0vVfmU9pQt1BgrqfKdSyoBbNTUZ782Uo=,tag:E3u9LVcdTKa7mjAxQ/m9rw==,type:str] mac: ENC[AES256_GCM,data:cNVTWA2S9SMEqoDz7jHuN/9hO20kDyoR03vKw8D72VJiqDEVvAkYeRu6KmGI7DWcfV/2OIrwVjyt+zry92ksYPmF1Xx8s4hu6Z0ooi7mvNrtSMnOLJ68mfpERbdBBcnvX5YivS50mbPhif/kvb5IgUxIQvo2NGFC9Sj7ZnXLa+U=,iv:kKkHVNJ0JE4CRvQdLAfFHKeL4h3o7Z6HJ57HzsqKTJY=,tag:k9K7NS2TZ0uk9u0yd9IAOg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

30
secrets/dragon/secrets.yml Normal file
View file

@ -0,0 +1,30 @@
ddns-pass: ENC[AES256_GCM,data:/Dpjl761JLHTM+we1PJs7pkcHcWzBk0jQ1bP4plOYGS4N3vXhXn1bHCYmENlrOwU3riETBZ5OeRA1LvFNZHPQw==,iv:LbgN5utHUBZRV49e6ux7HPG0xt4ydTqyZA+NZuaJnWs=,tag:l0VRaMJ6ie63lej6mZTMPg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTitMaFRiK1BSMEcwRmNk
Q0hmOGlZSFpkUUhyZkkwSU40QXB5cmlkR1FRCkRhbVBXQ2FjUzRhdEhrSEZKcWhM
dTNuVUljU0NSbVQzbXhZeFNENmN5QjgKLS0tIDFncEMrUCtWWTMyUGZIelY5aXB4
NmJWeDFSVVoxZCtRWlhNNXNyVWRvY28KgPbg6RScxBrxI0DvD6R7iKm8/70kJLdG
FhbgK9d/7UPMfefluEah7vKzXV/dn+/4KsCJuKFFZ1AsM5hDFQ+JGQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ez4why08hdx0qf940cjzs6ep4q5rk2gqq7lp99pe58fktpwv65esx4xrht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa1owK21QNUovZzZHekpw
OWdsSy9ZcmhGNzc1enNGVHRHTTlSb1E5UEJJCkF3MlpYQ1c5UGNySk94aENHMDh2
ME1rUlZscHFYSUVwOWFSczZGV2Z5aEEKLS0tIFlXTUFZaVJtWXltZGdEZzJPSjFJ
bTdCNS9zMzdvT2NiZVRyT1JzVmRFUFEKguq2i4rnVvGECZlUcEEubXfv4Ya/zI1N
3mWQslPHgnnWuwG7flbvafHYnyZCXsMqNKnNDM6wayDgKAbtCx3Syg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-14T12:41:15Z"
mac: ENC[AES256_GCM,data:sO3omCYH1urB/qcW3VippCinCUO1cmp5KrUSQk5ms7k+i9xUhdL3tTYHGVTa4PHV6VluukKnHuwAijo+rneNdCeMdIkAEskk/X6SDYgkwmjXuNcNEA4la22EqSrenJ8W3UafHDvP8+vpUKAzVo0E82Vmo9/YNJaqvqQM8PtciSc=,iv:2GboNZpAezZsWK3CbcwVw40zW4CucP3JhsYlvZ/Hy2M=,tag:w3XmkN76oYV+PmliPB01MQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

30
secrets/router/secrets.yml Normal file
View file

@ -0,0 +1,30 @@
netlify-ddns-password: ENC[AES256_GCM,data:zp58uV2L+/n/9Cvp1BnQBhdfmNfuyH8C73R6JYrJ3pw0QbEpPpIWuzod9S28QxNq50Bj5/zGzE+D125dkYFX0A==,iv:kceEl04Nb6LWcyjl2fHYjsl0RSO8OulN3DKlDLwjIu4=,tag:nOi2H56dEX9K5okaiDaWOQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQlZqSzBaTUROMkp2K2xI
Z0ZIdllGNnlNYnFtVERPbVN6Y1FnWC9aeGlFCnZYci9CblA3VFZsOG5OOXE3cDZj
TlZkbU0yY0F1ZDA5amczRVFldU1ZWGcKLS0tIEFTdi9uRFdlQW1MbUdSdm9jRW5n
emxsSGN2b3JLZGNYQmVDYk96QUY5aVEK0w7Q/zEsIJKFcQjhgQovmRs4Iv6bhuaz
cKn8M/p8dG+p5G50ALsiIiuTFBUM7vmFVF000PxqsEFr0Yl6eDg+uA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zd7c3g5d20shdftq8ghqm0r92488dg4pdp4gulur7ex3zx2yq35ssxawpn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK1lRTlRIc2ZxcllsRFRp
aEZIOC80TSt2Ly9MUEdiVGQ5akkrUUJwcDFJClIyMUl0SWY3TXFLcWl0TGw3K3VM
N0VWaGpCaVp6MXg4M2pwcnNhNkhPYjQKLS0tIEZOVGVTcUxaMmxBNEVJQ2VFSjRm
L2lpaExJM2FkUFdqa3JpalZmOFZYV0kKmXlu5CUIYnNEOlIco3JveS7KdiF2yWTn
r/KOKA9/v3zPbnsYc+HETxYNy1OWrQ/qDGIbR6jz8L5+v35FN+larw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-13T05:37:38Z"
mac: ENC[AES256_GCM,data:r1qpYSojCuN84FYX1c684XifKMKUPTOl7dvzuoYYuLf+mwbZrD4fUErDmZczzA4g2ttSNNv05bEq5D7XgfoXPcbhqtj/jggxvX4EGLltpo3Jy77EyKabr1c7KsYV3ciYT13sRGzFYrge06wVrUUPpozPfvAbp1qv0CwK4dUg4dc=,iv:Bpnrx8KcZnWkld4f3VRl39xMmaU388KQunig9xohUto=,tag:vKUupMf/dRb5bY8BMV4oVw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

26
templates/elixir/flake.nix
View file

@ -47,19 +47,21 @@
src = ./.; src = ./.;
pname = "api.lyte.dev"; pname = "api.lyte.dev";
in { in {
# this-package = mixRelease { /*
# inherit pname version src; this-package = mixRelease {
# mixFodDeps = fetchMixDeps { inherit pname version src;
# inherit version src; mixFodDeps = fetchMixDeps {
# pname = "mix-deps-${pname}"; inherit version src;
# hash = pkgs.lib.fakeSha256; pname = "mix-deps-${pname}";
# }; hash = pkgs.lib.fakeSha256;
# buildInputs = with pkgs; [sqlite]; };
# HOME = "$(pwd)"; buildInputs = with pkgs; [sqlite];
# MIX_XDG = "$HOME"; HOME = "$(pwd)";
# }; MIX_XDG = "$HOME";
};
# default = outputs.packages.${system}.this-package; default = outputs.packages.${system}.this-package;
*/
}); });
devShells = forAllSystems (system: let devShells = forAllSystems (system: let

16
templates/nix-flake/flake.nix
View file

@ -35,12 +35,14 @@
default = self.outputs.devShells.${pkgs.system}.nix; default = self.outputs.devShells.${pkgs.system}.nix;
}); });
# packages = genPkgs (pkgs: import ./pkgs {inherit pkgs;}); /*
# overlays = import ./overlays self; packages = genPkgs (pkgs: import ./pkgs {inherit pkgs;});
# nixosModules = import ./modules/nixos; overlays = import ./overlays self;
# homeManagerModules = import ./modules/home-manager; nixosModules = import ./modules/nixos;
# nixosConfigurations = import ./nixos; homeManagerModules = import ./modules/home-manager;
# homeConfigurations = import ./home nixosConfigurations = import ./nixos;
# templates = import ./templates; homeConfigurations = import ./home
templates = import ./templates;
*/
}; };
} }

28
templates/rust/flake.nix
View file

@ -22,12 +22,14 @@
alejandra.enable = true; alejandra.enable = true;
# NOTE: These do not work well with `nix flake check` due to pure environments # NOTE: These do not work well with `nix flake check` due to pure environments
# https://github.com/cachix/git-hooks.nix/issues/452 # https://github.com/cachix/git-hooks.nix/issues/452
# cargo-check.enable = true; /*
# clippy = { cargo-check.enable = true;
# enable = true; clippy = {
# packageOverrides.cargo = pkgs.cargo; enable = true;
# packageOverrides.clippy = pkgs.rustPackages.clippy; packageOverrides.cargo = pkgs.cargo;
# }; packageOverrides.clippy = pkgs.rustPackages.clippy;
};
*/
rustfmt = { rustfmt = {
enable = true; enable = true;
packageOverrides.rustfmt = pkgs.rustfmt; packageOverrides.rustfmt = pkgs.rustfmt;
@ -41,13 +43,15 @@
pname = "kodotag"; pname = "kodotag";
version = "0.1.0"; version = "0.1.0";
# nativeBuildInputs = with pkgs; [ /*
# pkg-config nativeBuildInputs = with pkgs; [
# clang pkg-config
# ]; clang
];
# buildInputs = with pkgs; [ buildInputs = with pkgs; [
# ]; ];
*/
src = ./.; src = ./.;
hash = pkgs.lib.fakeHash; hash = pkgs.lib.fakeHash;