bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-23 16:29:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: bryan:579a564ce519ef353a0fdcb21830d4a0db5ed4be
Branches Tags
bryan:master
...
compare: bryan:e74ae46d569ff63a867afa335b6dd105d91c734e
Branches Tags
bryan:master

178 commits
579a564ce5 ... e74ae46d56

Author SHA1 Message Date
Bryan Ramos
e74ae46d56 fix cln 2026-03-12 23:47:13 -04:00
Bryan Ramos
a799d82f66 cat 2026-03-12 23:41:04 -04:00
Bryan Ramos
b829043438 fix shit 2026-03-12 23:38:48 -04:00
Bryan Ramos
2423780bc2 fixed 2026-03-12 23:37:20 -04:00
Bryan Ramos
764fa71c44 tmpfiles 2026-03-12 23:28:14 -04:00
Bryan Ramos
824eb05f6b test 2026-03-12 23:22:15 -04:00
Bryan Ramos
8eecf9912f removed CLNRest 2026-03-12 23:16:27 -04:00
Bryan Ramos
11b42b84c7 enable 2026-03-12 23:04:58 -04:00
Bryan Ramos
ba8f95ce7d lightning 2026-03-12 23:02:24 -04:00
Bryan Ramos
6789937b80 again 2026-03-12 22:44:20 -04:00
Bryan Ramos
522edac846 sni-filter 2026-03-12 22:39:00 -04:00
Bryan Ramos
eaf84e155b fixed? 2026-03-12 22:25:08 -04:00
Bryan Ramos
a11e72949c fixed electrs 2026-03-12 22:22:14 -04:00
Bryan Ramos
3c33750722 electrs 2026-03-12 22:19:41 -04:00
Bryan Ramos
9cda3e5290 fix tor cookie 2026-03-12 22:07:58 -04:00
Bryan Ramos
cfbd0e03f9 bitcoin init 2026-03-12 22:03:27 -04:00
Bryan Ramos
7b22f399e0 minimal bitcoin config 2026-03-12 21:52:57 -04:00
Bryan Ramos
cf9b8b1951 fix 2026-03-12 19:49:07 -04:00
Bryan Ramos
cf4cf866c9 immich init 2026-03-12 19:48:38 -04:00
Bryan Ramos
37ebd2d6b6 more dns 2026-03-12 19:21:38 -04:00
Bryan Ramos
a36841f12f dnsmasq 2026-03-12 17:25:04 -04:00
Bryan Ramos
fb0bc5666a fix 2026-03-12 16:54:52 -04:00
Bryan Ramos
e3a031753a http auth 2026-03-12 16:51:58 -04:00
Bryan Ramos
bb0f973aa1 removed tomb 2026-03-12 16:27:07 -04:00
Bryan Ramos
adccda4d54 fixed malformed pubkeys 2026-03-12 16:21:20 -04:00
Bryan Ramos
09d58fa540 rebuild 2026-03-12 16:09:08 -04:00
Bryan Ramos
bfad2975cd added age-plugin-yubikey 2026-03-12 16:04:55 -04:00
Bryan Ramos
b8b25478e9 fix 2026-03-12 16:00:55 -04:00
Bryan Ramos
91804d1407 changed to weekly 2026-03-12 15:52:07 -04:00
Bryan Ramos
960904cbd9 Add machines.keys config and reorganize key structure 
- Add config.machines.keys for machine-specific keys (private keys live on that machine)
- Move desktop SSH key to machines.keys.desktop.ssh
- Fix extractName to preserve "yubikey" (only strip .key/.pub extensions)
- Rename key files for clarity (android -> graphone, primary -> yubikey)
- Add age yubikey key for encrypted backups
- Add README files to document key purposes
- Update all machine configs to import system config
 2026-03-12 15:17:46 -04:00
Bryan Ramos
570a321e53 configed backup and removed redundant keys 2026-03-12 14:40:18 -04:00
Bryan Ramos
5db04c8210 org creation 2026-03-12 13:59:15 -04:00
Bryan Ramos
72b49e6f41 server configs 2026-03-12 13:55:58 -04:00
Bryan Ramos
830063e838 added bash 2026-03-12 13:34:51 -04:00
Bryan Ramos
cd92d6c939 changed forgejo shell 2026-03-12 13:29:08 -04:00
Bryan Ramos
5ccbc214a1 working but disabled 2026-03-12 05:34:03 -04:00
Bryan Ramos
30991dd537 added cameras 2026-03-12 05:22:12 -04:00
Bryan Ramos
05ed364b26 404 2026-03-12 05:01:28 -04:00
Bryan Ramos
2f34d995df fixed fallback behavior 2026-03-12 04:59:23 -04:00
Bryan Ramos
52bea0cbeb fixed ssl 2026-03-12 04:57:06 -04:00
Bryan Ramos
9d08efaa77 fixed loop 2026-03-12 04:45:57 -04:00
Bryan Ramos
a207d2e1cc increased fd 2026-03-12 04:41:34 -04:00
Bryan Ramos
ecb985c1ed back to 5000 2026-03-12 04:38:05 -04:00
Bryan Ramos
045ca00a70 changed port to 5001 2026-03-12 04:35:52 -04:00
Bryan Ramos
d8416b2e38 removed detect 2026-03-12 04:30:37 -04:00
Bryan Ramos
350423d449 test 2026-03-12 04:26:52 -04:00
Bryan Ramos
e4e5ac629c fixed stale ips 2026-03-12 04:20:05 -04:00
Bryan Ramos
1d0e1f736a fixed names 2026-03-12 04:11:06 -04:00
Bryan Ramos
df16533def try 2026-03-12 04:09:01 -04:00
Bryan Ramos
cbfb9c30a0 frigate init 2026-03-12 04:05:10 -04:00
Bryan Ramos
d30996fac4 added dnsmasq 2026-03-12 03:53:10 -04:00
Bryan Ramos
6be9a15adf fixed? 2026-03-12 03:30:38 -04:00
Bryan Ramos
55d6a0eb1f added stateDir 2026-03-12 03:27:30 -04:00
Bryan Ramos
8b001768eb added git user 2026-03-12 03:25:30 -04:00
Bryan Ramos
40c509731e forgejo initial config 2026-03-12 03:22:46 -04:00
Bryan Ramos
e2e6fb5dae added ssl 2026-03-12 03:07:09 -04:00
Bryan Ramos
a10ba82767 nginx init config 2026-03-12 02:29:56 -04:00
Bryan Ramos
c10f28c977 Merge branch 'server-setup' 2026-03-12 02:17:07 -04:00
Bryan Ramos
f690941af7 disabled root ssh 2026-03-12 02:16:45 -04:00
Bryan Ramos
0d23ec07fd removed substitution 2026-03-12 02:01:52 -04:00
Bryan Ramos
4a0761b3a2 removed git substitution 2026-03-12 02:01:13 -04:00
Bryan Ramos
474bb1a745 added timeout for headless booting 2026-03-12 01:55:10 -04:00
Bryan Ramos
5bccc6cbfa updated 2026-03-12 01:40:31 -04:00
Bryan Ramos
2abb2ba62a fix: rename terminus-nerdfont to nerd-fonts.terminess-ttf 2026-03-12 01:09:57 -04:00
Bryan Ramos
763fc3c2f8 remake 2026-03-12 01:04:41 -04:00
Bryan Ramos
e0b390e121 server hardware 2026-03-12 00:37:02 -04:00
Bryan Ramos
fd50b502cc hardware readme 2026-03-12 00:12:12 -04:00
Bryan Ramos
0713048568 nit: removed self 2026-03-11 07:17:52 -04:00
Bryan Ramos
05edfc3185 added current line to virtual text 2026-03-11 07:07:48 -04:00
Bryan Ramos
5d43c959a2 updated nvim 2026-03-11 06:36:57 -04:00
Bryan Ramos
5d208e81ac improved key compat 2026-03-11 06:20:39 -04:00
Bryan Ramos
d4a8d706fb disko integration 2026-03-10 07:58:10 -04:00
Bryan Ramos
44f439ff74 updated flake 2026-03-09 23:18:17 -04:00
Bryan Ramos
9d0dcf9305 updated justfile 2026-03-09 22:40:39 -04:00
Bryan Ramos
0ec643d3c6 updated submodules 2026-03-09 22:30:14 -04:00
Bryan Ramos
12c02a5487 updated bash submodule 2026-03-09 22:16:37 -04:00
Bryan Ramos
8d4bf218c3 updated bash 2026-03-09 22:07:05 -04:00
Bryan Ramos
e9e703530c updated nvim submodule 2026-03-09 22:03:46 -04:00
Bryan Ramos
35d2e79fdc updated bash submodule 2026-03-09 21:43:34 -04:00
Bryan Ramos
ffecafc78c rollback bash submodule 2026-03-09 21:31:42 -04:00
Bryan Ramos
c41b0b89d7 updated submodules 2026-03-09 21:20:37 -04:00
Bryan Ramos
dca3456346 updated bash submodule 2026-03-09 21:20:18 -04:00
Bryan Ramos
4bc3946f71 add bash submodule and config symlink 2026-03-09 21:08:25 -04:00
Bryan Ramos
f1f60d4916 fixed python and nix icons 2026-03-09 20:22:47 -04:00
Bryan Ramos
1f1c7dae67 changes 2026-03-09 20:19:53 -04:00
Bryan Ramos
ae71471b1a updated git 2026-03-09 18:23:25 -04:00
Bryan Ramos
8e6f2843aa created git symlink 2026-03-09 18:21:23 -04:00
Bryan Ramos
46d6f2825f added git submodule 2026-03-09 17:36:32 -04:00
Bryan Ramos
8ecfea2ef5 updated vim submodule 2026-03-09 15:52:34 -04:00
Bryan Ramos
c07c238ade added vim submodule and updated README 2026-03-09 15:31:56 -04:00
Bryan Ramos
477034ff09 Updated README to explicitly list out dir structure, directory hierarchy is how we keep the configs organized 2026-03-09 14:45:41 -04:00
Bryan Ramos
95c344b60c
nvim as a submodule 2026-03-09 02:01:54 -04:00
Bryan Ramos
f04c333384
Updated nvim 2026-03-09 01:05:28 -04:00
Bryan Ramos
05ffac4fe7
added nvim config symlink for convenience 2026-03-09 00:55:05 -04:00
Bryan Ramos
64466c4e37
Rename submodule to 'nvim' for cleaner config 2026-03-09 00:46:48 -04:00
Bryan Ramos
7afdf764f0
Add submodule workflow documentation 2026-03-09 00:40:36 -04:00
Bryan Ramos
8ff95e665d
Update nvim submodule 2026-03-09 00:39:15 -04:00
Bryan Ramos
d4dfb66d5c
Update nvim submodule 2026-03-09 00:37:30 -04:00
Bryan Ramos
c9b76d83f3
Convert nvim config to git submodule 
Neovim configuration is now a separate repo at github.com/itme-brain/nvim
for portability across non-NixOS systems.
 2026-03-09 00:27:45 -04:00
Bryan Ramos
e6ac6638c2
migrated to vim.lsp.config() 2026-03-08 23:57:32 -04:00
Bryan Ramos
d1144e96d3
Add shared monitor configuration across window managers 
- Define monitors option in hardware.nix with explicit dimensions
- Pass monitors to home-manager via extraSpecialArgs
- Update hyprland and sway to consume shared monitor config
- Removes hardcoded monitor definitions from WM modules
 2026-03-08 15:25:59 -04:00
Bryan Ramos
2be7ed502c
removed password auth from desktop 2026-03-08 15:03:57 -04:00
Bryan Ramos
bae44e132e
modified 2026-03-08 14:24:48 -04:00
Bryan Ramos
957b5f018f
Updated nix to 25.11 
Fixed failing assertions:
  - xdg.portal now requires `environment.pathsToLink`
  - `virtualisation.libvirtd.qemu.ovmf` is deprecated
  - noto-fonts-emoji -> noto-fonts-color-emoji
  - `rofi-wayland` has been merged into `rofi`
  - `sumneko-lua-language-server` -> `lua-language-server`
  - `glxinfo` -> `mesa-demos`
 2026-03-08 14:11:02 -04:00
Bryan Ramos
f8ab0e3ff0 Update to 25.11, added claude-code user pkg 2026-03-08 11:18:14 -04:00
Bryan Ramos
dab93c5ee0 revert server modules to pre-merge state 
Server work (frigate, bitcoin/clightning, forgejo, nginx) was merged
before ready. Reverts these to de56423 state. Work is preserved on
branches: cameras, lightning, server, bitcoind.
 2026-03-08 11:04:30 -04:00
Bryan Ramos
0bcd891c7c
integrated frigate 2025-10-06 22:09:42 -04:00
Bryan Ramos
f1de6cf3ee
temp 2025-07-16 09:07:48 -04:00
Bryan Ramos
beb00a5718
configured sops-nix 2025-07-15 02:27:01 -04:00
Bryan Ramos
a9843c9089
added sops-nix input 2025-07-15 01:01:58 -04:00
Bryan Ramos
bc7fcae70c
added frigate service module 2025-07-15 01:01:45 -04:00
Bryan Ramos
608783b10c
fixed cursor? 2025-07-13 09:50:49 -04:00
Bryan Ramos
2d0612752d
fixed bitcoin modules, still need to fix cln 2025-07-06 14:36:12 -04:00
Bryan Ramos
d3baf7c8e2
direnv bug workaround 2025-07-06 10:36:47 -04:00
Bryan Ramos
37a1a771aa
removed deprecated bitcoin.conf configs 2025-07-06 10:30:05 -04:00
Bryan Ramos
9db03305a9
fixed electrum 2025-07-06 10:20:47 -04:00
Bryan Ramos
a20993403f
fixed waybar 2025-07-06 10:08:58 -04:00
Bryan Ramos
5bc920d232
more font fixes 2025-07-06 09:57:54 -04:00
Bryan Ramos
29a3723290
fixed font 2025-07-06 09:52:29 -04:00
Bryan Ramos
6c4c116f18
updated desktop config for 25.05 2025-07-06 01:51:40 -04:00
Bryan Ramos
cadcfe0bc5
updated to 25.05 2025-07-06 01:24:42 -04:00
Bryan Ramos
433dac83d8
changes 2025-07-06 01:04:12 -04:00
Bryan Ramos
1d99368b0a
closed tcp ports 2025-07-06 00:07:36 -04:00
Bryan Ramos
832cd6de4c
test password 2025-07-05 23:58:02 -04:00
Bryan Ramos
e6aaead5d5
fixed imports 2025-07-05 20:11:52 -04:00
Bryan Ramos
ec4753b737
Merge branch 'lightning' 2025-07-05 20:08:55 -04:00
Bryan Ramos
9cb8467224
updates to server modules 2025-07-05 19:57:46 -04:00
Bryan Ramos
de564231e7
added i3 module, switched workstation back to nvidia 2025-03-04 04:33:51 -05:00
Bryan Ramos
2985462eee
added ipmi to workstation cfg 2025-03-03 17:01:15 -05:00
Bryan Ramos
3dc9061cc0
fix amdgpu 2025-02-26 14:29:13 -05:00
Bryan Ramos
a4f43bf0cf
moar opts 2025-02-25 16:57:25 -05:00
Bryan Ramos
fc754d7928
more worky 2025-02-25 16:33:49 -05:00
Bryan Ramos
a0bb4c1eba
more work for workstation 2025-02-25 16:26:06 -05:00
Bryan Ramos
e2e3b21c4c
removed iommu from workstation 2025-02-25 16:14:48 -05:00
Bryan Ramos
752e0ffc71
switch to amd gpu for workstation 2025-02-25 14:22:29 -05:00
Bryan Ramos
7f52e5db5d
LTS kernel for workstation 2025-02-25 14:16:43 -05:00
Bryan Ramos
2f79c0a66d
removed nixvirt 2025-02-25 09:15:43 -05:00
Bryan Ramos
4dbeebbd76
VM changes 2025-02-25 08:46:18 -05:00
Bryan Ramos
e78d2abc03
removed redundant optional checks 2025-02-25 08:46:17 -05:00
Bryan Ramos
984e4b4564
Added Sway GTK Compat 2025-02-25 08:46:16 -05:00
Bryan Ramos
e1e8c16bcd
Fixing up VM setup 2025-02-25 08:46:11 -05:00
Bryan Ramos
608100b359
fixed virtualisation.libvirt missing 2025-02-08 13:22:24 -05:00
Bryan Ramos
f0070a33c7
changed chromium 2025-02-07 16:35:57 -05:00
Bryan Ramos
8e86b90579
changed hyprland config 2025-02-04 10:31:21 -05:00
Bryan Ramos
3dc1465284
fixed 2025-02-04 10:29:42 -05:00
Bryan Ramos
b3605d741c
removed uneeded nixosConfiguration 2025-01-27 17:04:47 -05:00
Bryan Ramos
6a34f3c6e4
small directory changes 2025-01-27 16:26:03 -05:00
Bryan Ramos
01730af9ee
virt changes including new NixVirt input 2025-01-27 16:23:01 -05:00
Bryan Ramos
3e6621fa2a
removed conditional wm check on pgp pub keys 2025-01-24 16:18:45 -05:00
Bryan Ramos
73a7fbb649
got working 2025-01-24 10:33:21 -05:00
Bryan Ramos
3a8d303d6f
added new workstation configs 2025-01-21 16:45:53 -05:00
Bryan Ramos
ec56fef89b
workstation added 2025-01-21 10:03:51 -05:00
Bryan Ramos
7b11ac39c8
justfile script enhancements 2025-01-11 23:36:32 -05:00
Bryan Ramos
b765ca1558
changes 2025-01-11 23:15:34 -05:00
Bryan Ramos
fc37abef96
bitcoin server fixes 2025-01-11 21:58:38 -05:00
Bryan Ramos
10e8a34586
added server configs 2025-01-11 06:25:22 -05:00
Bryan Ramos
34ce975a09
removed until i can fix 2025-01-11 04:17:55 -05:00
Bryan Ramos
566eae471e
changed 2025-01-06 05:51:42 -05:00
Bryan Ramos
e07d6b2aab
changes 2024-12-29 17:27:15 -05:00
Bryan Ramos
af3ae9b490
added bitcoin-script-hints.nvim 2024-12-18 21:47:54 -05:00
Bryan Ramos
651f6979b4
changed to pulsemixer TUI 2024-12-14 22:52:50 -05:00
Bryan Ramos
09e5d22e2d
24.11 update 2024-12-11 00:43:36 -05:00
Bryan Ramos
f5bcebf6e7
wm changes 2024-12-10 21:31:16 -05:00
Bryan Ramos
6bfd5d2047
fixed 2024-12-01 19:00:59 -05:00
Bryan Ramos
488d383637
fixed api script 2024-12-01 18:26:36 -05:00
Bryan Ramos
4704dbb499
space fixed 2024-12-01 18:15:46 -05:00
Bryan Ramos
6e0637fd71
mouse sens 2024-12-01 15:05:28 -05:00
Bryan Ramos
dedd142082
removed bookmarks 2024-12-01 15:04:48 -05:00
Bryan Ramos
25cd4b9ee8
mouse speed 2024-12-01 14:59:23 -05:00
Bryan Ramos
efe09fd5a0
updated 2024-11-30 21:26:42 -05:00
Bryan Ramos
9a0d71a8df
updated bootloader 2024-11-21 21:49:22 -05:00
Bryan Ramos
5fd58f8bda
removed 2024-11-21 21:46:15 -05:00
Bryan Ramos
fd5a75eebb
fstab changes 2024-11-21 21:20:53 -05:00
Bryan Ramos
07f4608853
changes 2024-11-11 02:21:41 -05:00
Bryan Ramos
5c5e6f0a8f
removed needless comments 2024-11-11 01:53:18 -05:00
Bryan Ramos
79e07599de
updated vers 2024-11-11 01:52:12 -05:00
Bryan Ramos
4be8dceaa1
updated wsl configs 2024-11-09 11:25:11 -05:00
Bryan Ramos
5c3d410aa0
changed imports to mkModules 2024-11-08 01:37:20 -05:00
128 changed files with 2893 additions and 1916 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
*.qcow2
result
.direnv

15
.gitmodules vendored Normal file
View file

@ -0,0 +1,15 @@
[submodule "nvim"]
path = src/user/modules/utils/modules/neovim/config/nvim
url = https://github.com/itme-brain/nvim.git
[submodule "vim"]
path = src/user/modules/utils/modules/vim/vim
url = https://github.com/itme-brain/vim.git
[submodule "git"]
path = src/user/modules/git/git
url = https://github.com/itme-brain/git.git
[submodule "bash"]
path = src/user/modules/bash/config/bash
url = https://github.com/itme-brain/bash.git

149
README.md
View file

@ -3,36 +3,143 @@
My modular Nix configs 🔥
## Requirements ⚙️
- [Nix 2.0 & Flakes enabled](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS)
- [NixOS](https://www.nixos.org/) for system configurations
- [Nix Home-Manager](https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-standalone) for user configurations
### NixOS Configurations
- [NixOS](https://www.nixos.org/)
### Home-Manager Configuration
- [Nix Home-Manager](https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-standalone)
## Flake Endpoints ❄️
# Flake End-Points Exposed ❄️
NixOS Configurations:
- desktop
- wsl
- server (wip)
- vm
NixOS Configurations: `desktop` · `workstation` · `server` (wip) · `vm` · `wsl`
Home-Manager Configurations:
- workstation
## Fresh Install 🚀
Fork this repo, take inspiration, borrow ideas and create your own NixOS configs & modules
From the NixOS live installer:
## Developing & Customizing 🔧
If you need a list of available packages and options:
```bash
# Enable flakes (not enabled by default on installer)
echo "experimental-features = nix-command flakes" | sudo tee -a /etc/nix/nix.conf
# Clone repo
nix run nixpkgs#git -- clone --recurse-submodules https://github.com/itme-brain/nixos.git
cd nixos
# Enter dev shell and install
nix develop
just install desktop
```
Replace `desktop` with `workstation` or `vm` as needed.
## Getting Started 🔧
```bash
git clone --recurse-submodules git@github.com:itme-brain/nixos.git
```
Enter the dev shell with `nix develop`, then run `just` to see available project scripts.
Useful resources:
- [nixpkgs Packages](https://search.nixos.org/packages) 📦️
- [nixpkgs Options](https://search.nixos.org/options?) 🔍️
- [Home-Manager Options](https://mipmip.github.io/home-manager-option-search/) ☕️
Invoke `nix develop` to enter a development shell powered by [`just`](https://github.com/casey/just)
Invoke `just` in order to view an available list of project scripts
⚠️ Be sure to tailor any hardware settings to your own — replace the `hardware.nix` in `src/system/machines/<machine>` with output from `nixos-generate-config`
`user.configs.nix` is a symlink to conveniently access centrally defined common user variables from the repo root
## Submodules 🔗
⚠️ Be sure to tailor any hardware settings to your own
⚠️ Replace the `hardware.nix` found in the `src/system/machines/<machine>` directory
⚠️ Run `nixos-generate-config` to generate a `hardware-configuration.nix` for your current system
Standalone portable configurations maintained as separate repos. Each can be cloned independently on any system — NixOS or not.
| Submodule | Purpose | Repo | Standalone Install |
|-----------|---------|------|--------------------|
| **nvim** | Full IDE (LSP, treesitter, telescope) | [itme-brain/nvim](https://github.com/itme-brain/nvim) | `git clone git@github.com:itme-brain/nvim.git ~/.config/nvim` |
| **vim** | Lightweight editor for headless servers | [itme-brain/vim](https://github.com/itme-brain/vim) | `git clone git@github.com:itme-brain/vim.git ~/.vim` |
```bash
# Update a submodule
cd <submodule-path>
git add . && git commit -m "your changes" && git push
cd /path/to/nixos
git add <submodule-path> && git commit -m "Update <name> submodule"
# Pull submodule updates from remote
git submodule update --remote
git add <submodule-path> && git commit -m "Update <name> submodule"
```
## Directory Structure 🗂️
```
.
├── flake.nix # Flake entrypoint - defines all NixOS configurations
├── flake.lock
├── justfile # Project scripts (via `just`)
├── system.configs -> src/system/machines/ # Symlink for quick access
├── user.configs -> src/user/config/ # Symlink for quick access
└── src/
├── system/ # System-level (NixOS) configuration
│ ├── machines/ # Per-machine NixOS configurations
│ │ ├── desktop/ # Desktop config (flake: nixosConfigurations.desktop)
│ │ │ ├── default.nix # Machine entry point
│ │ │ ├── hardware.nix # Machine-specific hardware config
│ │ │ ├── system.nix # System-level settings
│ │ │ └── modules/
│ │ │ ├── disko/ # Disk partitioning (disko)
│ │ │ └── home-manager/ # Home-manager integration + home.nix
│ │ ├── workstation/ # Workstation config (same structure as desktop)
│ │ ├── server/ # Server config (no disko)
│ │ ├── vm/ # VM config
│ │ ├── wsl/ # WSL config (includes wsl module)
│ │ └── laptop/ # Laptop config (stub)
│ └── modules/ # Shared system modules (imported by machines)
│ ├── default.nix
│ ├── bitcoin/ # Bitcoin node + electrum server
│ ├── forgejo/ # Self-hosted Forgejo
│ └── nginx/ # Nginx reverse proxy
└── user/ # User-level (home-manager) configuration
├── default.nix # User module entry point
├── config/ # User identity & settings
│ ├── default.nix # Common user variables (username, email, etc.)
│ ├── bookmarks/ # Browser bookmarks
│ ├── keys/ # Public keys
│ │ ├── pgp/ # PGP public keys
│ │ └── ssh/ # SSH public keys
│ ├── nvim # Symlink to neovim submodule config
│ └── vim # Symlink to vim submodule config
└── modules/ # Home-manager modules
├── bash/ # Shell config (aliases, prompt, bashrc)
├── git/ # Git config + helper scripts
├── tmux/ # Tmux config
├── security/ # Security tools (GPG)
├── utils/ # CLI utilities
│ └── modules/
│ ├── dev/ # Dev tools (penpot, PCB design)
│ ├── email/ # Email client (aerc)
│ ├── irc/ # IRC client
│ ├── neovim/ # Neovim (config is a git submodule)
│ └── vim/ # Vim lightweight (config is a git submodule)
└── gui/ # GUI applications
├── modules/
│ ├── alacritty/ # Terminal emulator
│ ├── browsers/ # Firefox & Chromium
│ ├── corn/ # Corn app
│ ├── fun/ # Discord, etc.
│ ├── utils/ # GUI utilities
│ └── writing/ # Writing tools
└── wm/ # Window managers
├── hyprland/ # Hyprland (Wayland) + waybar, rofi
├── sway/ # Sway (Wayland) + rofi
├── i3/ # i3 (X11) + rofi
└── shared/ # Shared WM config (mimeapps)
```
### How it works
**flake.nix** defines NixOS configurations (desktop, workstation, server, wsl) that each reference a machine under `src/system/machines/`. Each machine's `default.nix` pulls in its own `hardware.nix`, `system.nix`, and per-machine modules (disko, home-manager).
The **system layer** (`src/system/`) handles NixOS-level concerns: hardware, bootloader, networking, and system services. Shared modules in `src/system/modules/` can be imported by any machine.
The **user layer** (`src/user/`) handles home-manager configuration. `src/user/config/` defines user identity (name, email, keys), while `src/user/modules/` contains modular home-manager configs for individual tools. Each machine's `home-manager/home.nix` selects which user modules to enable.
Root symlinks `system.configs` and `user.configs` provide quick access to machine definitions and user config from the repo root.

99
flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1721007199,
"narHash": "sha256-Gof4Lj1rgTrX59bNu5b/uS/3X/marUGM7LYw31NoXEA=",
"lastModified": 1773025010,
"narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=",
"owner": "nix-community",
"repo": "disko",
"rev": "bad376945de7033c7adc424c02054ea3736cf7c4",
"rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3",
"type": "github"
},
"original": {
@ -23,11 +23,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -36,21 +36,24 @@
"type": "github"
}
},
"flake-utils": {
"flake-parts": {
"inputs": {
"systems": "systems"
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
@ -61,16 +64,16 @@
]
},
"locked": {
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"lastModified": 1772985280,
"narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@ -78,49 +81,68 @@
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1702823833,
"narHash": "sha256-Sreo1VEMSwS/T83QxXeN1cDtgXWXPMibGYfQ8pLLSVc=",
"lastModified": 1739577062,
"narHash": "sha256-u/trdPzJO8UotNq48RbG7m6Pe8761IEMCOY0QidNjY4=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "34eda458bd3f6bad856a99860184d775bc1dd588",
"rev": "0b2b8b31f69f24e9a75b4b18a32c771a48612d5e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "2311.5.3",
"ref": "2411.6.0",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1720954236,
"narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
"lastModified": 1772822230,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1730795826,
"narHash": "sha256-5eUMYntBzgV2EPdPWY4acON2vc4zWrRR7rOJifTqrIE=",
"lastModified": 1773108757,
"narHash": "sha256-3BAoe2R6YA6Xjdsgx3urZ4Ns3LeTy0E/w5d1wPny910=",
"owner": "nix-community",
"repo": "NUR",
"rev": "689c78bc78b5a3aa0e86a2f5cd25a266015791ee",
"rev": "9f2c583704f122828e6f9893416ca3b007464ee6",
"type": "github"
},
"original": {
@ -137,21 +159,6 @@
"nixpkgs": "nixpkgs",
"nur": "nur"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

48
flake.nix
View file

@ -1,17 +1,19 @@
{
description = "My Nix Configs";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
inputs =
{
self.submodules = true;
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nur = {
url = "github:nix-community/NUR";
};
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-wsl = {
url = "github:nix-community/NixOS-WSL/2311.5.3";
url = "github:nix-community/NixOS-WSL/2411.6.0";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
@ -20,7 +22,7 @@
};
};
outputs = { self, nixpkgs, nur, home-manager, nixos-wsl, disko }:
outputs = { nixpkgs, nur, home-manager, nixos-wsl, disko, ... }:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
@ -29,7 +31,7 @@
allowUnfree = true;
};
overlays = [
nur.overlay
nur.overlays.default
];
};
@ -40,17 +42,26 @@
desktop = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
disko.nixosModules.disko
./src/system/machines/desktop
home-manager.nixosModules.home-manager
(import ./src/system/machines/desktop/modules/home-manager)
#disko.nixosModules.disko
# (import ./src/system/machines/desktop/modules/disko)
];
};
workstation = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./src/system/machines/workstation
home-manager.nixosModules.home-manager
(import ./src/system/machines/workstation/modules/home-manager)
];
};
server = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
disko.nixosModules.disko
./src/system/machines/server
home-manager.nixosModules.home-manager
(import ./src/system/machines/server/modules/home-manager)
@ -62,33 +73,18 @@
modules = [
./src/system/machines/wsl
nixos-wsl.nixosModules.wsl
(import ./src/system/machines/wsl/wsl.nix)
(import ./src/system/machines/wsl/modules/wsl)
home-manager.nixosModules.home-manager
(import ./src/system/machines/wsl/home.nix)
(import ./src/system/machines/wsl/modules/home-manager)
];
};
vm = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./src/system/machines/vm
home-manager.nixosModules.home-manager
(import ./src/system/machines/vm/modules/home-manager)
disko.nixosModules.disko
(import ./src/system/machines/vm/modules/disko)
];
};
};
homeConfigurations."work" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [ ./src/system/machines/workstation ];
};
devShells.${system}.default = mkShell {
name = "devShell";
packages = [
just
age
];
};
};

449
justfile
View file

@ -1,205 +1,240 @@
SYSTEM := "$(echo $HOSTNAME)"
VALID_SYSTEMS := "desktop workstation server wsl vm laptop"
# Print this list
default:
@just --list
# Validate system argument
[private]
_validate SYSTEM:
#!/usr/bin/env bash
case "{{SYSTEM}}" in
desktop|workstation|server|wsl|vm|laptop) ;;
*) echo "Error: Unknown system '{{SYSTEM}}'. Use one of: {{VALID_SYSTEMS}}"; exit 1 ;;
esac
# Helper to parse submodules from .gitmodules
[private]
_subs_init := '''
declare -A SUBS
while read -r key path; do
name="${key#submodule.}"; name="${name%.path}"
SUBS[$name]="$path"
done < <(git config -f .gitmodules --get-regexp 'submodule\..*\.path')
'''
# Clean up build artifacts
[group('nix')]
clean:
#!/usr/bin/env bash
set -euo pipefail
echo "Cleaning build artifacts"
if [ -d result ]; then
echo "Removing result directory..."
rm ./result;
fi
if ls *.qcow2 1> /dev/null 2>&1; then
echo "Removing virtual disk..."
rm ./*.qcow2;
fi
echo "All clean!"
rm -f result
rm -f ./*.qcow2
echo "Done"
# Output what derivations will be built
out TYPE SYSTEM="desktop":
#!/usr/bin/env bash
set -euo pipefail
case "{{TYPE}}" in
"nix")
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Testing NixOS configuration for {{SYSTEM}}..."
nix build --dry-run .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " wsl"
echo " vm"
exit 1
fi
;;
"home")
echo "Testing home configuration..."
nix build --dry-run .#homeConfigurations."workstation".config.home-manager.build.toplevel -L
exit 0
;;
*)
echo "Invalid usage: {{TYPE}}.";
echo "Use one of:"
echo " nix"
echo " home"
exit 1
;;
esac
[group('nix')]
out SYSTEM="desktop": (_validate SYSTEM)
@echo "Outputting derivations to be built for {{SYSTEM}}..."
@nix build --dry-run .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
# Test switch into the next generation
test TYPE SYSTEM="desktop":
#!/usr/bin/env bash
set -euo pipefail
case "{{TYPE}}" in
"nix")
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Testing next NixOS generation for {{SYSTEM}}..."
sudo nixos-rebuild test --flake .#{{SYSTEM}}
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " wsl"
echo " vm"
exit 1
fi
;;
"home")
echo "Testing home configuration..."
nix build --dry-run .#homeConfigurations."workstation".config.home-manager.build.toplevel -L
exit 0
;;
*)
echo "Invalid usage: {{TYPE}}.";
echo "Use one of:"
echo " nix"
echo " home"
exit 1
;;
esac
[group('nixos')]
test SYSTEM="desktop": (_validate SYSTEM)
@echo "Testing switching to next NixOS generation for {{SYSTEM}}..."
@sudo nixos-rebuild test --flake .#{{SYSTEM}}
# Build the nix expression and hydrate the results directory
make TYPE SYSTEM="desktop":
#!/usr/bin/env bash
set -euo pipefail
case "{{TYPE}}" in
"nix")
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Hydrating resulting NixOS configuration for {{SYSTEM}}..."
nix build .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " wsl"
echo " vm"
exit 1
fi
;;
"home")
echo "Hydrating resulting home configuration..."
nix build --dry-run .#homeConfigurations."workstation".config.home-manager.build.toplevel -L
exit 0
;;
*)
echo "Invalid usage: {{TYPE}}."
echo "Use one of:"
echo " nix"
echo " home"
exit 1
;;
esac
[group('nix')]
build SYSTEM="desktop": (_validate SYSTEM)
@echo "Building NixOS configuration for {{SYSTEM}}..."
@nix build .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
@echo -e "\033[32mBuild success - result directory hydrated\033[0m"
# Deploy a vm of the defined system
vm SYSTEM:
[group('nixos')]
vm SYSTEM: (_validate SYSTEM)
#!/usr/bin/env bash
set -euo pipefail
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Building VM for {{SYSTEM}}..."
nixos-rebuild build-vm --flake .#{{SYSTEM}}
if [[ -f result/bin/run-{{SYSTEM}}-vm ]]; then
result/bin/run-{{SYSTEM}}-vm
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " vm"
echo " wsl"
echo "Error: VM build failed!"
exit 1
fi
# grep nixpkgs for PKG
[group('nix')]
search PKG:
nix search nixpkgs {{PKG}}
# Open nixos packages in the browser
[group('nix')]
pkgs:
@xdg-open https://search.nixos.org/packages
# Open nixos options in the browser
[group('nix')]
options:
@xdg-open https://search.nixos.org/options
# NixOS-rebuild switch for the current system
[group('nixos')]
switch:
@echo -e "\033[32m->> Switching to next generation ->>\033[0m"
@sudo nixos-rebuild switch --flake .#{{SYSTEM}}
# Rollback to previous generation
rollback SYSTEM="nixos":
#!/usr/bin/env bash
set -euo pipefail
if [ {{SYSTEM}} = "nixos" ]; then
sudo nixos-rebuild switch --rollback
fi
[group('nixos')]
rollback:
@sudo nixos-rebuild switch --rollback
# NixOS-rebuild boot for the current system
[group('nixos')]
boot:
@echo -e "\033[34m->> Reboot to new generation ->>\033[0m"
@echo "Switching to next generation on reboot"
@sudo nixos-rebuild boot --flake .#{{SYSTEM}}
# Partition disk only (interactive disk selection)
[group('nixos')]
partition SYSTEM:
#!/usr/bin/env bash
set -euo pipefail
DISKO_CONFIG="./src/system/machines/{{SYSTEM}}/modules/disko/default.nix"
if [[ ! -f "$DISKO_CONFIG" ]]; then
echo "Error: No disko config for '{{SYSTEM}}'"
exit 1
fi
# Build array of disk options with readable info
declare -a DISK_IDS
declare -a DISK_OPTIONS
for id in /dev/disk/by-id/*; do
name=$(basename "$id")
[[ "$name" =~ part ]] && continue
[[ ! "$name" =~ ^(ata|nvme|scsi)- ]] && continue
dev=$(readlink -f "$id")
dev_name=$(basename "$dev")
size=$(lsblk -dn -o SIZE "$dev" 2>/dev/null) || continue
model=$(lsblk -dn -o MODEL "$dev" 2>/dev/null | xargs) || model=""
DISK_IDS+=("$id")
DISK_OPTIONS+=("$dev_name $size $model")
done
if [[ ${#DISK_IDS[@]} -eq 0 ]]; then
echo "No disks found!"
exit 1
fi
echo "Select a disk:"
select opt in "${DISK_OPTIONS[@]}"; do
if [[ -n "$opt" ]]; then
idx=$((REPLY - 1))
DISK="${DISK_IDS[$idx]}"
break
else
echo "Invalid selection"
fi
done
echo ""
echo -e "\033[31m!! WARNING: This will DESTROY all data on $DISK !!\033[0m"
read -p "Continue? [y/N]: " confirm
case "${confirm,,}" in
y|yes) ;;
*) echo "Aborted."; exit 1 ;;
esac
echo "Writing disk '$DISK' to disko config..."
sed -i "s|device = \"/dev/disk/by-id/[^\"]*\";|device = \"$DISK\";|" "$DISKO_CONFIG"
echo "Partitioning $DISK..."
sudo nix \
--extra-experimental-features "nix-command flakes" \
run github:nix-community/disko -- \
--mode destroy,format,mount \
"$DISKO_CONFIG"
echo -e "\033[32mPartitioning complete. Disk mounted at /mnt.\033[0m"
# Install NixOS (partition + install in one shot)
[group('nixos')]
install SYSTEM:
#!/usr/bin/env bash
set -euo pipefail
DISKO_CONFIG="./src/system/machines/{{SYSTEM}}/modules/disko/default.nix"
if [[ ! -f "$DISKO_CONFIG" ]]; then
echo "Error: No disko config for '{{SYSTEM}}'"
exit 1
fi
# Build array of disk options with readable info
declare -a DISK_IDS
declare -a DISK_OPTIONS
for id in /dev/disk/by-id/*; do
name=$(basename "$id")
[[ "$name" =~ part ]] && continue
[[ ! "$name" =~ ^(ata|nvme|scsi)- ]] && continue
dev=$(readlink -f "$id")
dev_name=$(basename "$dev")
size=$(lsblk -dn -o SIZE "$dev" 2>/dev/null) || continue
model=$(lsblk -dn -o MODEL "$dev" 2>/dev/null | xargs) || model=""
DISK_IDS+=("$id")
DISK_OPTIONS+=("$dev_name $size $model")
done
if [[ ${#DISK_IDS[@]} -eq 0 ]]; then
echo "No disks found!"
exit 1
fi
echo "Select a disk:"
select opt in "${DISK_OPTIONS[@]}"; do
if [[ -n "$opt" ]]; then
idx=$((REPLY - 1))
DISK="${DISK_IDS[$idx]}"
break
else
echo "Invalid selection"
fi
done
echo ""
echo -e "\033[31m!! WARNING: This will DESTROY all data on $DISK !!\033[0m"
read -p "Continue? [y/N]: " confirm
case "${confirm,,}" in
y|yes) ;;
*) echo "Aborted."; exit 1 ;;
esac
echo "Writing disk '$DISK' to disko config..."
sed -i "s|device = \"/dev/disk/by-id/[^\"]*\";|device = \"$DISK\";|" "$DISKO_CONFIG"
echo "Partitioning and installing NixOS..."
sudo nix \
--extra-experimental-features "nix-command flakes" \
run github:nix-community/disko/latest#disko-install -- \
--flake .#{{SYSTEM}} \
--disk main "$DISK"
echo -e "\033[32mDone! Reboot to start NixOS.\033[0m"
# Commit all changes and push to upstream
[group('git')]
gh COMMIT_MESSAGE:
#!/usr/bin/env bash
set -euo pipefail
@ -207,17 +242,125 @@ gh COMMIT_MESSAGE:
git commit -m "{{COMMIT_MESSAGE}}"
git push
# Show status of submodules with changes
[group('submodule')]
sstatus:
#!/usr/bin/env bash
{{_subs_init}}
for name in "${!SUBS[@]}"; do
status=$(git -C "${SUBS[$name]}" status -s)
[[ -n "$status" ]] && echo -e "\033[34m$name:\033[0m" && echo "$status"
done
# Pull all submodules and parent
[group('submodule')]
spull:
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
git pull
for name in "${!SUBS[@]}"; do
echo -e "\033[34m$name:\033[0m"
git -C "${SUBS[$name]}" pull
done
# Push submodules and parent
[group('submodule')]
spush NAME="":
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
if [[ -n "{{NAME}}" ]]; then
path="${SUBS[{{NAME}}]:-}"
[[ -z "$path" ]] && echo "Unknown: {{NAME}}. Available: ${!SUBS[*]}" && exit 1
git -C "$path" push
else
for path in "${SUBS[@]}"; do git -C "$path" push; done
fi
git push
# Commit submodule changes and update parent
[group('submodule')]
scommit NAME="":
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
MSGS=()
commit_sub() {
local name="$1" path="$2"
[[ -z "$(git -C "$path" status -s)" ]] && return 0
echo -e "\033[34m$name:\033[0m"
git -C "$path" status -s
read -p "Commit message: " MSG
[[ -z "$MSG" ]] && return 0
git -C "$path" add -A && git -C "$path" commit -m "$MSG"
git add "$path"
MSGS+=("$name: $MSG")
}
if [[ -n "{{NAME}}" ]]; then
path="${SUBS[{{NAME}}]:-}"
[[ -z "$path" ]] && echo "Unknown: {{NAME}}. Available: ${!SUBS[*]}" && exit 1
commit_sub "{{NAME}}" "$path"
else
for name in "${!SUBS[@]}"; do commit_sub "$name" "${SUBS[$name]}"; done
fi
if ! git diff --cached --quiet; then
COMMIT_MSG="updated submodules"$'\n'
for m in "${MSGS[@]}"; do COMMIT_MSG+="- $m"$'\n'; done
git commit -m "$COMMIT_MSG"
fi
# Commit and push submodules + parent
[group('submodule')]
ssync NAME="":
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
MSGS=()
sync_sub() {
local name="$1" path="$2"
[[ -z "$(git -C "$path" status -s)" ]] && return 0
echo -e "\033[34m$name:\033[0m"
git -C "$path" status -s
read -p "Commit message: " MSG
[[ -z "$MSG" ]] && return 0
git -C "$path" add -A && git -C "$path" commit -m "$MSG"
git -C "$path" push
git add "$path"
MSGS+=("$name: $MSG")
}
if [[ -n "{{NAME}}" ]]; then
path="${SUBS[{{NAME}}]:-}"
[[ -z "$path" ]] && echo "Unknown: {{NAME}}. Available: ${!SUBS[*]}" && exit 1
sync_sub "{{NAME}}" "$path"
else
for name in "${!SUBS[@]}"; do sync_sub "$name" "${SUBS[$name]}"; done
fi
if ! git diff --cached --quiet; then
COMMIT_MSG="updated submodules"$'\n'
for m in "${MSGS[@]}"; do COMMIT_MSG+="- $m"$'\n'; done
git commit -m "$COMMIT_MSG"
fi
git push
# Fetch resources and compute sha256 hash
[group('nix')]
hash URL:
#!/usr/bin/env bash
set -euo pipefail
if echo "{{URL}}" | grep -E '\.(tar\.gz|tgz|zip)$'; then
CONTENTS=$(nix-prefetch-url --unpack {{URL}} | tail -n 1)
if [[ "{{URL}}" =~ \.(tar(\.gz)?|tgz|gz|zip)$ ]]; then
CONTENTS=$(nix-prefetch-url --unpack {{URL}})
else
CONTENTS=$(nix-prefetch-url {{URL}} | tail -n 1)
CONTENTS=$(nix-prefetch-url {{URL}})
fi
HASH=$(nix hash to-sri --type sha256 "$CONTENTS")
HASH=$(nix hash convert --hash-algo sha256 "$CONTENTS")
echo -e "\033[32m$HASH\033[0m"

14
src/system/config/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, pkgs, config, ... }:
with lib;
{
options = {
machines = mkOption {
description = "Machine Configurations";
type = types.attrs;
default = {
keys = import ./keys { inherit lib; };
};
};
};
}

33
src/system/config/keys/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ lib }:
with builtins;
let
extractName = filename:
let
# Remove .key extension
noKey = lib.removeSuffix ".key" filename;
# Remove .pub/.priv/.public/.private markers
noMarkers = replaceStrings
[ ".pub" ".priv" ".public" ".private" ]
[ "" "" "" "" ]
noKey;
in noMarkers;
constructKeys = dir: (
listToAttrs (
map (subdir: {
name = subdir;
value = listToAttrs (
map (file: {
name = extractName file;
value = readFile "${dir}/${subdir}/${file}";
}) (filter (file:
(readDir "${dir}/${subdir}").${file} == "regular" &&
lib.hasSuffix ".key" file
) (attrNames (readDir "${dir}/${subdir}")))
);
}) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
)
);
in
constructKeys ./.

3
src/system/config/keys/desktop/README.md Normal file
View file

@ -0,0 +1,3 @@
# Desktop Keys
ssh.pub.key - ~/.ssh/id_rsa

1
src/system/config/keys/desktop/ssh.pub.key Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYXfu4Jc/HtdyhOfAdCXYzhqCubIq3Bz6Kl9NDUov76 bryan@desktop

19
src/system/machines/desktop/README.md Normal file
View file

@ -0,0 +1,19 @@
## Hardware
| Component | Model |
|-------------|------------------------------------|
| Motherboard | MSI B760 GAMING PLUS WIFI |
| CPU | Intel Core i7-12700KF (12th Gen) |
| GPU | NVIDIA GeForce GTX 1650 |
| Storage | 2x 2TB Crucial MX500 SSD |
## Memory
| Slot | Size | Manufacturer | Part Number | Speed |
|---------|------|----------------|-------------|------------|
| DIMM A1 | - | - | - | - |
| DIMM A2 | 16GB | Team Group Inc | UD5-6000 | 4800 MT/s |
| DIMM B1 | - | - | - | - |
| DIMM B2 | 16GB | Team Group Inc | UD5-6000 | 4800 MT/s |
**Total: 32GB DDR5**

2
src/system/machines/desktop/default.nix
View file

@ -3,7 +3,9 @@
{
imports = [
../../../user/config
../../config
./hardware.nix
./system.nix
./modules/disko
];
}

61
src/system/machines/desktop/hardware.nix
View file

@ -1,8 +1,31 @@
{ config, lib, pkgs, modulesPath, ... }:
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
options.monitors = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption { type = types.str; example = "HDMI-A-1"; };
width = mkOption { type = types.int; };
height = mkOption { type = types.int; };
x = mkOption { type = types.int; };
y = mkOption { type = types.int; };
scale = mkOption { type = types.float; };
refreshRate = mkOption { type = types.int; };
};
});
default = [];
description = "System monitor configuration";
};
config = {
monitors = [
{ name = "HDMI-A-1"; width = 1920; height = 1080; x = 0; y = 0; scale = 1.0; refreshRate = 60; }
{ name = "DP-1"; width = 1920; height = 1080; x = 1920; y = 0; scale = 1.0; refreshRate = 60; }
];
boot = {
initrd = {
availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@ -21,32 +44,14 @@
vulkan-loader
vulkan-tools
vulkan-extension-layer
glxinfo
mesa
mesa-demos
cudaPackages.cudatoolkit
cudaPackages.cudnn
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/8a323092-39b9-4913-8839-452156e48922";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/84474517-05eb-45aa-880e-c18301483b53";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/B4B2-C898";
fsType = "vfat";
};
};
services.xserver.videoDrivers = ["nvidia"];
hardware = {
cpu = {
intel = {
@ -54,20 +59,14 @@
};
};
nvidia = {
open = true;
modesetting.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "550.90.07";
sha256_64bit = "sha256-Uaz1edWpiE9XOh0/Ui5/r6XnhB4iqc7AtLvq4xsLlzM=";
openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
settingsSha256 = "sha256-sX9dHEp9zH9t3RWp727lLCeJLo8QRAGhVb8iN6eX49g=";
persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
opengl = {
graphics = {
enable = true;
driSupport = true;
driSupport32Bit = true;
enable32Bit = true;
};
};
@ -75,10 +74,10 @@
enable = true;
qemu = {
runAsRoot = true;
ovmf.enable = true;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
};
}

81
src/system/machines/desktop/modules/disko/default.nix
View file

@ -1,99 +1,50 @@
{ disks ? [ "/dev/nvme0n1" "/dev/sdb" ], ... }:
{
disko.devices = {
disk = {
one = {
main = {
type = "disk";
device = builtins.elemAt disks 0;
device = "/dev/disk/by-id/ata-CT2000MX500SSD1_2137E5D2D47D";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "0";
end = "200M";
fs-type = "fat32";
bootable = true;
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
}
{
start = "200M";
end = "100%FREE";
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "stick";
};
}
];
vg = "nix";
};
};
};
disk = {
two = {
type = "disk";
device = builtins.elemAt disks 1;
content = {
type = "table";
format = "gpt";
partitions = [
{
start = "0";
end = "100%FREE";
content = {
type = "lvm_pv";
vg = "ssd";
};
}
];
};
};
};
lvm_vg = {
stick = {
nix = {
type = "lvm_vg";
lvs = {
aaa = {
size = "1M";
};
zzz = {
size = "1M";
};
root = {
size = "100%";
size = "5%";
content = {
name = "NixOS";
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
mountOptions = [ "defaults" ];
};
};
};
};
};
lvm_vg = {
ssd = {
type = "lvm_vg";
lvs = {
aaa = {
size = "1M";
};
zzz = {
size = "1M";
};
home = {
size = "200G";
size = "100%FREE";
content = {
name = "home";
type = "filesystem";
format = "ext4";
mountpoint = "/home";

3
src/system/machines/desktop/modules/home-manager/home.nix
View file

@ -3,6 +3,9 @@
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
monitors = config.monitors;
};
home-manager.users.${config.user.name} = {
imports = [ ../../../../../user ];

35
src/system/machines/desktop/system.nix
View file

@ -1,5 +1,11 @@
{ pkgs, lib, config, ... }:
let
gpgEnabled = lib.any
(user: user.modules.user.security.gpg.enable or false)
(lib.attrValues config.home-manager.users);
in
{ system.stateVersion = "23.11";
users.users = {
@ -7,13 +13,13 @@
isNormalUser = true;
extraGroups = config.user.groups
++ [ "video" "audio" "kvm" "libvirtd" "dialout" ];
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.android}" ];
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.graphone}" ];
};
};
nix = {
channel.enable = false;
package = pkgs.nixFlakes;
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
keep-going = true
@ -32,29 +38,32 @@
};
boot.loader = {
timeout = null;
grub = {
systemd-boot = {
enable = true;
devices = [ "nodev" ];
efiSupport = true;
configurationLimit = 3;
splashImage = null;
configurationLimit = 5;
#memtest86.enable = true;
};
efi = {
canTouchEfiVariables = true;
};
#timeout = null;
};
environment.systemPackages = with pkgs; [
environment = {
systemPackages = with pkgs; [
vim
git
usbutils
];
pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
};
fonts.packages = with pkgs; [
terminus_font
terminus-nerdfont
nerd-fonts.terminess-ttf
];
security = {
@ -85,9 +94,11 @@
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
nameservers = [ "192.168.0.154" ];
};
services = {
pcscd.enable = gpgEnabled;
timesyncd = lib.mkDefault {
enable = true;
servers = [
@ -113,7 +124,7 @@
startWhenNeeded = false;
settings = {
X11Forwarding = false;
PasswordAuthentication = true;
PasswordAuthentication = false;
};
};
};

20
src/system/machines/server/README.md Normal file
View file

@ -0,0 +1,20 @@
## Hardware
| Component | Model |
|-----------|--------------------------------|
| System | HP Z230 SFF Workstation |
| CPU | Intel Core i7-4770 @ 3.40GHz |
| GPU | Integrated |
| Storage | 6TB Seagate ST6000NM0024 |
| Network | Intel (onboard) |
## Memory
| Slot | Size | Manufacturer | Part Number | Speed |
|-------|------|---------------|-------------------|-----------|
| DIMM1 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
| DIMM2 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
| DIMM3 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
| DIMM4 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
**Total: 16GB DDR3**

1
src/system/machines/server/default.nix
View file

@ -3,6 +3,7 @@
{
imports = [
../../../user/config
../../config
./hardware.nix
./system.nix
];

30
src/system/machines/server/hardware.nix
View file

@ -1,26 +1,22 @@
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./modules/disko
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0fviSz-6z7Q-oH7Y-JOzH-nRxW-c029-2LxSqo";
fsType = "ext4";
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
"/boot" = {
device = "/dev/disk/by-uuid/3BAA-D9DC";
fsType = "vfat";
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

75
src/system/machines/server/modules/disko/default.nix Normal file
View file

@ -0,0 +1,75 @@
{ lib, ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
lvm = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg0";
};
};
};
};
};
};
lvm_vg = {
vg0 = {
type = "lvm_vg";
lvs = {
root = {
size = "200G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
data = {
size = "1T";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/data";
};
};
bitcoin = {
size = "1T";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/var/lib/bitcoin";
};
};
frigate = {
size = "3T";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/var/lib/frigate";
};
};
# ~300GB left unallocated for future growth
};
};
};
};
}

3
src/system/machines/server/modules/home-manager/default.nix
View file

@ -8,7 +8,7 @@
programs.home-manager.enable = true;
home.stateVersion = "23.11";
home.stateVersion = "25.11";
home.username = "${config.user.name}";
home.homeDirectory = "/home/${config.user.name}";
@ -17,6 +17,7 @@
user = {
bash.enable = true;
git.enable = true;
tmux.enable = true;
security = {
gpg.enable = true;

85
src/system/machines/server/system.nix
View file

@ -1,19 +1,30 @@
{ pkgs, lib, config, ... }:
{ system.stateVersion = "23.11";
{ system.stateVersion = "25.11";
imports = [ ../../modules ];
modules = {
system = {
modules.system = {
nginx.enable = true;
forgejo.enable = true;
frigate.enable = false;
immich.enable = true;
bitcoin = {
enable = true;
electrum.enable = true;
clightning = {
clightning.enable = true;
};
backup = {
enable = true;
rest.enable = true;
};
};
recipients = [
"${config.user.keys.age.yubikey}"
"${config.machines.keys.desktop.ssh}"
];
paths = [ "/root/.config/rclone" ];
destination = "gdrive:backups/server";
schedule = "daily";
keepLast = 2;
};
};
@ -21,13 +32,15 @@
${config.user.name} = {
isNormalUser = true;
extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
openssh.authorizedKeys.keys = [
"${config.machines.keys.desktop.ssh}"
];
};
};
nix = {
channel.enable = false;
package = pkgs.nixFlakes;
package = pkgs.nixVersions.stable;
extraOptions = "experimental-features = nix-command flakes";
settings = {
auto-optimise-store = true;
@ -41,10 +54,9 @@
};
boot.loader = {
timeout = null;
timeout = 3;
grub = {
enable = true;
useOSProber = true;
devices = [ "nodev" ];
efiSupport = true;
configurationLimit = 5;
@ -60,11 +72,7 @@
wget
git
vim
];
fonts.packages = with pkgs; [
terminus_font
terminus-nerdfont
htop
];
security.sudo = {
@ -89,27 +97,58 @@
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
console.font = "Lat2-Terminus16";
networking = {
hostName = "server";
useDHCP = lib.mkDefault true;
networkmanager.enable = true;
useDHCP = false;
interfaces.eno1 = {
ipv4.addresses = [{
address = "192.168.0.154";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 22 ];
};
};
services.dnsmasq = {
enable = true;
settings = {
# All *.ramos.codes subdomains -> local server
address = "/.ramos.codes/192.168.0.154";
# Except www, http, https and bare domain -> forward to upstream
server = [
"/www.ramos.codes/1.1.1.1"
"/http.ramos.codes/1.1.1.1"
"/https.ramos.codes/1.1.1.1"
"/ramos.codes/1.1.1.1"
"1.1.1.1"
"8.8.8.8"
];
cache-size = 1000;
};
};
networking.firewall.allowedUDPPorts = [ 53 ];
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "1h";
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings = {
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
}

1
src/system/machines/vm/default.nix
View file

@ -3,6 +3,7 @@
{
imports = [
../../../user/config
../../config
./hardware.nix
./system.nix
];

13
src/system/machines/vm/modules/disko/default.nix
View file

@ -1,11 +1,10 @@
{ disks ? [ "/dev/vda" ], ... }:
{ disk ? "/dev/vda" }:
{
disko.devices = {
disk = {
one = {
device = builtins.elemAt disks 0;
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
@ -17,8 +16,6 @@
format = "vfat";
mountpoint = "/boot";
};
bootable = true;
priority = 1;
};
primary = {
size = "100%";
@ -36,12 +33,6 @@
vm = {
type = "lvm_vg";
lvs = {
aaa = {
size = "1M";
};
zzz = {
size = "1M";
};
root = {
size = "100%";
content = {

4
src/system/machines/vm/system.nix
View file

@ -8,13 +8,13 @@
${config.user.name} = {
isNormalUser = true;
extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.yubikey}" ];
};
};
nix = {
channel.enable = false;
package = pkgs.nixFlakes;
package = pkgs.nixVersions.stable;
extraOptions = "experimental-features = nix-command flakes";
settings = {
auto-optimise-store = true;

11
src/system/machines/workstation/default.nix
View file

@ -1 +1,10 @@
{ imports = [ ./home.nix ]; }
{ ... }:
{
imports = [
../../../user/config
../../config
./hardware.nix
./system.nix
];
}

95
src/system/machines/workstation/hardware.nix Normal file
View file

@ -0,0 +1,95 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
};
extraModulePackages = [ ];
kernelParams = [ "intel_iommu=on" ];
kernelModules = [
"kvm-intel"
"virtio"
"vfio-pci"
"coretemp"
"ipmi_devintf"
"ipmi_si"
];
};
environment.systemPackages = with pkgs; [
ipmitool
ipmicfg
ipmiutil
ipmiview
linuxHeaders
vulkan-headers
vulkan-loader
vulkan-tools
vulkan-extension-layer
mesa
mesa-demos
libGL
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6e964c61-ea77-48cc-b495-6a8516b8e756";
fsType = "xfs";
};
"/home" = {
device = "/dev/disk/by-uuid/db504fb8-14f8-4292-b745-32d6255c4893";
fsType = "xfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/61E7-6E56";
fsType = "vfat";
};
"/var/lib/libvirt/images" = {
device = "/home/VMs";
options = [ "bind" ];
};
};
systemd.tmpfiles.rules = [
"d /home/VMs 0755 root root"
];
virtualisation.libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
};
};
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia = {
open = false;
powerManagement.enable = false;
powerManagement.finegrained = false;
modesetting.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

56
src/system/machines/workstation/home.nix
View file

@ -1,56 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ ./user ];
programs.home-manager.enable = true;
home = {
stateVersion = "23.11";
username = "${config.user.name}";
homeDirectory = "/home/${config.user.name}";
file.".config/home-manager" = {
source = ../../../..;
recursive = true;
};
};
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
settings = {
auto-optimise-store = true;
trusted-users = [ "${config.user.name}" ];
};
};
user = {
bash.enable = true;
git.enable = true;
security= {
gpg.enable = true;
};
gui = {
alacritty.enable = true;
browsers.enable = true;
neovim.enable = true;
};
utils = {
enable = true;
dev.enable = true;
email.enable = true;
irc.enable = true;
vim.enable = true;
};
};
programs.bash = {
initExtra =
import ./scripts/guiControl
;
};
}

58
src/system/machines/workstation/modules/disko/default.nix Normal file
View file

@ -0,0 +1,58 @@
{ disk }:
{
disko.devices = {
disk = {
one = {
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "nix";
};
};
};
};
};
};
lvm_vg = {
nix = {
type = "lvm_vg";
lvs = {
root = {
size = "5%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
home = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
};
};
};
};
}

2
src/system/modules/bitcoin/modules/clightning/plugins/default.nix → src/system/machines/workstation/modules/home-manager/default.nix
View file

@ -1,5 +1,5 @@
{
imports = [
./c-lightning-REST
./home.nix
];
}

52
src/system/machines/workstation/modules/home-manager/home.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${config.user.name} = {
imports = [ ../../../../../user ];
programs.home-manager.enable = true;
home.stateVersion = "23.11";
home.username = "${config.user.name}";
home.homeDirectory = "/home/${config.user.name}";
modules = {
user = {
bash.enable = true;
git.enable = true;
security = {
enable = true;
gpg.enable = true;
};
tmux.enable = true;
utils = {
enable = true;
dev = {
enable = true;
};
email.enable = true;
neovim.enable = true;
vim.enable = true;
};
gui = {
wm.i3.enable = true;
browser = {
chromium.enable = true;
};
alacritty.enable = true;
utils.enable = true;
writing.enable = true;
};
};
};
};
}

17
src/system/machines/workstation/scripts/guiControl.nix
View file

@ -1,17 +0,0 @@
''
function ui() {
case $1 in
on)
sudo systemctl set-default graphical.target
sudo systemctl start graphical.target
;;
off)
sudo systemctl set-default multi-user.target
sudo systemctl isolate multi-user.target
;;
*)
echo "Usage: $0 {on|off}"
;;
esac
}
''

131
src/system/machines/workstation/system.nix Normal file
View file

@ -0,0 +1,131 @@
{ pkgs, lib, config, home-manager, ... }:
with lib;
{
system.stateVersion = "23.11";
users.users = {
${config.user.name} = {
isNormalUser = true;
extraGroups = config.user.groups
++ [ "video" "audio" "kvm" "libvirtd" "dialout" ];
openssh.authorizedKeys.keys = [
"${config.user.keys.ssh.yubikey}"
"${config.user.keys.ssh.work}"
];
};
};
nix = {
channel.enable = false;
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
keep-going = true
'';
settings = {
auto-optimise-store = true;
trusted-users = [ "${config.user.name}" ];
substitute = true;
max-jobs = "auto";
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
boot.loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
memtest86.enable = true;
};
timeout = null;
};
environment.systemPackages = with pkgs; [
vim
git
usbutils
];
fonts.packages = with pkgs; [
terminus_font
terminus-nerdfont
];
security = {
sudo = {
wheelNeedsPassword = false;
execWheelOnly = true;
};
polkit.enable = true;
};
time = {
timeZone = "America/New_York";
hardwareClockInLocalTime = true;
};
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
networking = {
hostName = "workstation";
useDHCP = lib.mkDefault true;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
};
programs.i3lock = {
enable = true;
package = pkgs.i3lock-fancy;
};
services = {
xserver.enable = true;
displayManager.ly.enable = true;
teamviewer.enable = true;
timesyncd = lib.mkDefault {
enable = true;
servers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
"3.pool.ntp.org"
];
};
pipewire = {
enable = true;
audio.enable = true;
wireplumber.enable = true;
pulse.enable = true;
jack.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
openssh = {
enable = true;
startWhenNeeded = false;
settings = {
X11Forwarding = false;
PasswordAuthentication = true;
};
};
};
}

1
src/system/machines/workstation/user
View file

@ -1 +0,0 @@
../../../user/

1
src/system/machines/wsl/default.nix
View file

@ -3,6 +3,7 @@
{
imports = [
../../../user/config
../../config
./system.nix
];
}

9
src/system/machines/wsl/modules/home-manager/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
<<<<<<<< HEAD:src/system/machines/wsl/modules/home-manager/default.nix
./home.nix
========
./c-lightning-REST
>>>>>>>> lightning:src/system/modules/bitcoin/modules/clightning/plugins/default.nix
];
}

8
src/system/machines/wsl/home.nix → src/system/machines/wsl/modules/home-manager/home.nix
View file

@ -4,9 +4,7 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${config.user.name} = {
imports = [
../../../user
];
imports = [ ../../../../../user ];
programs.home-manager.enable = true;
@ -25,12 +23,14 @@
gpg.enable = true;
};
tmux.enable = true;
utils = {
enable = true;
dev.enable = true;
email.enable = true;
irc.enable = true;
vim.enable = true;
neovim.enable = true;
};
};
};

5
src/system/machines/wsl/modules/wsl/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./wsl.nix
];
}

10
src/system/machines/wsl/wsl.nix → src/system/machines/wsl/modules/wsl/wsl.nix
View file

@ -1,19 +1,19 @@
{ config, lib, ... }:
{
imports = [
../../../user
];
imports = [ ../../../../../user/config ];
wsl = {
wsl = rec {
enable = true;
defaultUser = lib.mkDefault config.user.name;
nativeSystemd = true;
useWindowsDriver = true;
wslConf = {
user.default = lib.mkDefault defaultUser;
boot.command = "cd";
network = {
hostname = "wsl";
hostname = "${config.networking.hostName}";
generateHosts = true;
};
};

53
src/system/machines/wsl/system.nix
View file

@ -1,62 +1,45 @@
{ pkgs, lib, config, ... }:
{ system.stateVersion = "23.11";
{
system.stateVersion = "23.11";
boot.isContainer = true;
# Users
users.users = {
${config.user.name} = {
isNormalUser = true;
extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
openssh.authorizedKeys.keys = [
"${config.user.keys.ssh.yubikey}"
];
};
};
boot.isContainer = true;
# Nix
nix = {
channel.enable = false;
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
settings = {
auto-optimise-store = true;
trusted-users = [ "${config.user.name}" ];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
dates = "daily";
options = "--delete-older-than 7d";
};
};
# Sudo Options
security.sudo = {
wheelNeedsPassword = false;
execWheelOnly = true;
};
# System Services
services = {
cron = {
enable = true;
systemCronJobs = [];
};
};
# Locale
time = {
timeZone = "America/New_York";
};
services.timesyncd = lib.mkDefault {
enable = true;
servers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
"3.pool.ntp.org"
];
};
i18n.defaultLocale = "en_US.UTF-8";
console = {
@ -64,8 +47,8 @@
useXkbConfig = true;
};
# Networking
networking = {
hostName = "wsl";
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
@ -73,7 +56,8 @@
};
};
services.openssh = {
services = {
openssh = {
enable = true;
startWhenNeeded = true;
settings = {
@ -81,4 +65,11 @@
PasswordAuthentication = false;
};
};
timesyncd = lib.mkDefault {
enable = true;
servers = [
"time.windows.com"
];
};
};
}

96
src/system/modules/backup/default.nix Normal file
View file

@ -0,0 +1,96 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.backup;
recipientArgs = concatMapStrings (r: "-r '${lib.strings.trim r}' ") cfg.recipients;
# Convert absolute paths to relative for tar, preserving structure
# e.g., /var/lib/forgejo -> var/lib/forgejo
tarPaths = map (p: removePrefix "/" p) cfg.paths;
backupScript = pkgs.writeShellScript "backup" ''
set -euo pipefail
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BACKUP_NAME="backup-$TIMESTAMP.tar.age"
TEMP_DIR=$(mktemp -d)
trap "rm -rf $TEMP_DIR" EXIT
echo "Starting backup: $BACKUP_NAME"
echo "Paths: ${concatStringsSep " " cfg.paths}"
export PATH="${pkgs.age-plugin-yubikey}/bin:$PATH"
${pkgs.gnutar}/bin/tar -C / -cf - ${concatStringsSep " " tarPaths} | \
${pkgs.age}/bin/age ${recipientArgs} -o "$TEMP_DIR/$BACKUP_NAME"
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf copy "$TEMP_DIR/$BACKUP_NAME" "${cfg.destination}"
# Prune old backups
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf lsf "${cfg.destination}" | \
sort -r | \
tail -n +$((${toString cfg.keepLast} + 1)) | \
while read -r old; do
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf delete "${cfg.destination}/$old"
done
echo "Backup complete"
'';
in
{
options.modules.system.backup = {
enable = mkEnableOption "Encrypted backups";
paths = mkOption {
type = types.listOf types.str;
default = [];
description = "Absolute paths to include in backup (structure preserved)";
};
recipients = mkOption {
type = types.listOf types.str;
default = [];
description = "Age public keys for encryption";
};
destination = mkOption {
type = types.str;
default = "";
description = "Rclone destination";
};
schedule = mkOption {
type = types.str;
default = "daily";
description = "Systemd calendar expression";
};
keepLast = mkOption {
type = types.int;
default = 3;
description = "Number of backups to keep";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rclone ];
systemd.services.backup = {
description = "Encrypted backup";
serviceConfig = {
Type = "oneshot";
ExecStart = backupScript;
};
};
systemd.timers.backup = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.schedule;
Persistent = true;
};
};
};
}

11
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -1,14 +1,12 @@
server=1
mempoolfullrbf=1
v2transport=1
rpcauth=
rpccookiefile=/var/lib/bitcoin/.cookie
rpccookieperms=group
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
dnsseed=0
onlynet=onion
bind=127.0.0.1
proxy=127.0.0.1:9050
@ -16,4 +14,5 @@ proxy=127.0.0.1:9050
listen=1
listenonion=1
torcontrol=127.0.0.1:9051
torenablecircuit=1
txindex=1

45
src/system/modules/bitcoin/default.nix
View file

@ -3,8 +3,9 @@
with lib;
let
cfg = config.modules.system.bitcoin;
nginx = config.modules.system.nginx;
home = "/var/lib/bitcoind";
home = "/var/lib/bitcoin";
bitcoinConf = pkgs.writeTextFile {
name = "bitcoin.conf";
@ -14,19 +15,7 @@ let
in
{ options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; };
config = mkIf cfg.enable {
#nixpkgs.overlays = [
# (final: prev: {
# bitcoind = prev.bitcoind.overrideAttrs (old: rec {
# version = "v28.0";
# src = pkgs.fetchFromGitHub {
# owner = "bitcoin";
# repo = "bitcoin";
# rev = "${version}";
# sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY=";
# };
# });
# })
#];
modules.system.tor.enable = true;
environment.systemPackages = with pkgs; [
bitcoind
@ -39,26 +28,31 @@ in
description = "Bitcoin Core system user";
isSystemUser = true;
group = "bitcoin";
extraGroups = [ "tor" ];
createHome = true;
};
"nginx" = {
extraGroups = mkIf nginx.enable [
"bitcoin"
];
};
};
groups = {
"bitcoin" = {
members = [
"btc"
config.user.name
];
};
};
};
programs.bash.shellAliases = {
btc = "bitcoind";
btc = "bitcoin-cli";
};
networking.firewall.allowedTCPPorts = [ 8333 ];
services.bitcoind = {
"btc" = {
"mainnet" = {
enable = true;
user = "btc";
group = "bitcoin";
@ -67,5 +61,20 @@ in
pidFile = "${home}/bitcoind.pid";
};
};
# Make data dir group-accessible so electrs/clightning can read cookie
systemd.tmpfiles.rules = [
"d ${home} 0750 btc bitcoin -"
];
systemd.services.bitcoind-mainnet = {
wants = [ "tor.service" ];
after = [ "tor.service" ];
serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/tor";
};
modules.system.backup.paths = [
"${home}/wallets"
];
};
}

32
src/system/modules/bitcoin/modules/clightning/config/lightning.conf
View file

@ -1 +1,31 @@
test
alias=OrdSux
network=bitcoin
bitcoin-datadir=/var/lib/bitcoin
bitcoin-rpcconnect=127.0.0.1
bitcoin-rpcport=8332
lightning-dir=/var/lib/clightning
plugin-dir=/var/lib/clightning/plugins
log-file=/var/lib/clightning/lightningd.log
log-level=info
rpc-file-mode=0660
# Bind RPC locally only
bind-addr=127.0.0.1:9736
# Auto-create Tor hidden service for peer connections
addr=autotor:127.0.0.1:9051
# Route outbound through Tor
proxy=127.0.0.1:9050
always-use-proxy=true
large-channels
fee-base=1000
fee-per-satoshi=10
min-capacity-sat=10000
htlc-minimum-msat=0
funding-confirms=3
max-concurrent-htlcs=30

76
src/system/modules/bitcoin/modules/clightning/default.nix
View file

@ -4,35 +4,21 @@ with lib;
let
cfg = config.modules.system.bitcoin.clightning;
btc = config.modules.system.bitcoin;
nginx = config.modules.system.nginx;
home = "/var/lib/clightning";
domain = "ramos.codes";
clnConfig = pkgs.writeTextFile {
name = "lightning.conf";
text = builtins.readFile ./config/lightning.conf;
text = ''
${builtins.readFile ./config/lightning.conf}
bitcoin-cli=${pkgs.bitcoind}/bin/bitcoin-cli
'';
};
in
{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; };
imports = [ ./plugins ];
config = mkIf (cfg.enable && btc.enable) {
#nixpkgs.overlays = [
# (final: prev: {
# clightning = prev.electrs.overrideAttrs (old: rec {
# version = "24.08";
# src = pkgs.fetchFromGitHub {
# owner = "ElementsProject";
# repo = "lightning";
# rev = "82f4ad68e34a2428c556e63fc2632d48a914968c";
# hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g";
# };
# cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
# name = "lightning-vendor.tar.gz";
# inherit src;
# outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g=";
# });
# });
# })
#];
environment.systemPackages = with pkgs; [
clightning
];
@ -40,10 +26,11 @@ in
users = {
users = {
"clightning" = {
home = "/var/lib/clightning";
inherit home;
description = "Core Lightning system user";
isSystemUser = true;
group = "bitcoin";
extraGroups = [ "tor" ];
createHome = true;
};
};
@ -57,25 +44,26 @@ in
};
programs.bash.shellAliases = {
cln = "lightningd";
cln = "lightning-cli";
};
systemd.services.lightningd = {
description = "Core Lightning Daemon";
wantedBy = [ "multi-user.target" ];
script = "${pkgs.clightning}/bin/lightningd";
scriptArgs = ''
--conf=${clnConfig}
'';
wants = [ "bitcoind-mainnet.service" "tor.service" ];
after = [
"bitcoind-btc.service"
"bitcoind-mainnet.service"
"tor.service"
"network.target"
];
serviceConfig = {
ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin /var/lib/tor ${home} ${home}/bitcoin";
ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}";
User = "clightning";
Group = "bitcoin";
WorkingDirectory = home;
Type = "simple";
KillMode = "process";
@ -83,10 +71,30 @@ in
Restart = "always";
RestartSec = 60;
};
requisite = [
"bitcoind-btc.service"
"network.target"
];
};
# Ensure data directory exists with correct permissions
systemd.tmpfiles.rules = mkAfter [
"d ${home} 0750 clightning bitcoin -"
"d ${home}/plugins 0750 clightning bitcoin -"
"L+ /home/${config.user.name}/.lightning - - - - ${home}"
];
modules.system.backup.paths = [
"${home}/bitcoin/hsm_secret"
];
# TODO: CLNRest not included in nixpkgs clightning build
# Need to package it separately or use an overlay
# services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable {
# useACMEHost = domain;
# forceSSL = true;
# locations."/" = {
# proxyPass = "https://127.0.0.1:3010";
# extraConfig = ''
# proxy_ssl_verify off;
# '';
# };
# };
};
}

35
src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix
View file

@ -1,35 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.modules.system.bitcoin.clightning.rest;
cln = config.modules.system.bitcoin.clightning;
in
{ options.modules.system.bitcoin.clightning.rest = { enable = mkEnableOption "C-Lightning REST API Server"; };
config = mkIf (cfg.enable && cln.enable) {
nixpkgs.overlays = [
(final: prev: {
clightning-REST = prev.buildNpmPackage rec {
pname = "c-lightning-rest";
version = "0.10.7";
src = prev.fetchFromGitHub {
owner = "Ride-The-Lightning";
repo = "c-lightning-REST";
rev = "v${version}";
hash = "sha256-Z3bLH/nqhO2IPE1N4TxYhEDh2wHR0nT801kztfYoj+s=";
};
npmDepsHash = "sha256-svt5hjhTriGhehxC36yGwrqcjax/9UqqVzxEhHnoM0M=";
dontNpmBuild = true;
meta = with lib; {
description = "REST APIs for Core Lightning written with node.js ";
homepage = "https://github.com/Ride-The-Lightning/c-lightning-REST";
license = licenses.mit;
};
};
})
];
};
}

9
src/system/modules/bitcoin/modules/electrum/config/config.toml
View file

@ -2,13 +2,12 @@ network = "bitcoin"
electrum_rpc_addr = "127.0.0.1:50001"
cookie-file = "/var/lib/bitcoind/.cookie"
cookie_file = "/var/lib/bitcoin/.cookie"
db_dir = "/var/lib/electrs"
log_filters = "INFO"
timestamp = true
daemon-rpc-addr = "127.0.0.1:8332"
daemon-p2p-addr = "127.0.0.1:8333"
daemon-dir = "/var/lib/bitcoind"
daemon_rpc_addr = "127.0.0.1:8332"
daemon_p2p_addr = "127.0.0.1:8333"
daemon_dir = "/var/lib/bitcoin"

84
src/system/modules/bitcoin/modules/electrum/default.nix
View file

@ -3,7 +3,11 @@
with lib;
let
cfg = config.modules.system.bitcoin.electrum;
nginx = config.modules.system.nginx;
home = "/var/lib/electrs";
btc = config.modules.system.bitcoin;
domain = "ramos.codes";
electrsConfig = pkgs.writeTextFile {
name = "config.toml";
@ -13,24 +17,27 @@ let
in
{ options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; };
config = mkIf (cfg.enable && btc.enable) {
nixpkgs.overlays = [
(final: prev: {
electrs = prev.electrs.overrideAttrs (old: rec {
version = "0.10.6";
src = pkgs.fetchFromGitHub {
owner = "romanz";
repo = "electrs";
rev = "v${version}";
hash = "sha256-yp9fKD7zH9Ne2+WQUupaxvUx39RWE8RdY4U6lHuDGSc=";
};
cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
name = "electrs-vendor.tar.gz";
inherit src;
outputHash = "sha256-qQKAQHOAeYWQ5YVtx12hIAjNA7Aj1MW1m+WimlBWPv0=";
});
});
})
];
#TODO: Fix the failing overlay due to `cargoHash/cargoSha256`
#nixpkgs.overlays = [
# (final: prev: {
# electrs = prev.electrs.overrideAttrs (old: rec {
# pname = "electrs";
# version = "0.10.8";
# src = pkgs.fetchFromGitHub {
# owner = "romanz";
# repo = pname;
# rev = "v${version}";
# hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE=";
# };
# #cargoDeps = old.cargoDeps.overrideAttrs (const {
# # name = "electrs-${version}.tar.gz";
# # inherit src;
# # sha256 = "";
# #});
# cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU=";
# });
# })
#];
environment.systemPackages = with pkgs; [
electrs
@ -39,7 +46,7 @@ in
users = {
users = {
"electrs" = {
home = "/var/lib/electrs";
inherit home;
description = "Electrs system user";
isSystemUser = true;
group = "bitcoin";
@ -58,18 +65,20 @@ in
systemd.services.electrs = {
description = "Electrs Bitcoin Indexer";
wantedBy = [ "multi-user.target" ];
script = "${pkgs.electrs}/bin/electrs";
scriptArgs = "--conf=${electrsConfig}";
wants = [ "bitcoind-mainnet.service" ];
after = [
"bitcoind-btc.service"
"bitcoind-mainnet.service"
"network.target"
];
serviceConfig = {
ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin";
ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}";
User = "electrs";
Group = "bitcoin";
WorkingDirectory = home;
Type = "simple";
KillMode = "process";
@ -77,10 +86,29 @@ in
Restart = "always";
RestartSec = 60;
};
requisite = [
"bitcoind-btc.service"
"network.target"
];
};
# Ensure db directory exists with correct permissions
systemd.tmpfiles.rules = [
"d ${home} 0750 electrs bitcoin -"
];
# Nginx SSL proxy for Electrum protocol (TCP)
networking.firewall.allowedTCPPorts = mkIf nginx.enable [ 50002 ];
services.nginx.streamConfig = mkIf nginx.enable ''
map $ssl_server_name $electrs_backend {
electrum.${domain} 127.0.0.1:50001;
default "";
}
server {
listen 50002 ssl;
proxy_pass $electrs_backend;
ssl_certificate /var/lib/acme/${domain}/fullchain.pem;
ssl_certificate_key /var/lib/acme/${domain}/key.pem;
}
'';
};
}

92
src/system/modules/forgejo/default.nix Normal file
View file

@ -0,0 +1,92 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.forgejo;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
socketPath = "/run/forgejo/forgejo.sock";
in
{
options.modules.system.forgejo = {
enable = mkEnableOption "Forgejo Server";
};
config = mkIf cfg.enable {
users.groups.git = {};
users.users.git = {
isSystemUser = true;
group = "git";
home = "/var/lib/forgejo";
shell = "${pkgs.bash}/bin/bash";
};
users.users.nginx = mkIf nginx.enable {
extraGroups = [ "git" ];
};
systemd.tmpfiles.rules = [
"d /var/lib/forgejo 0750 git git -"
"d /var/lib/forgejo/.ssh 0700 git git -"
"d /var/lib/forgejo/custom 0750 git git -"
"d /var/lib/forgejo/data 0750 git git -"
];
services.forgejo = {
enable = true;
user = "git";
group = "git";
stateDir = "/var/lib/forgejo";
settings = {
DEFAULT = {
APP_NAME = "Git Server";
APP_SLOGAN = "";
};
server = {
DOMAIN = "git.${domain}";
ROOT_URL = "https://git.${domain}/";
PROTOCOL = "http+unix";
HTTP_ADDR = socketPath;
SSH_DOMAIN = "git.${domain}";
SSH_PORT = 22;
START_SSH_SERVER = false;
LANDING_PAGE = "explore";
};
service = {
REGISTER_MANUAL_CONFIRM = true;
DISABLE_REGISTRATION = false;
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
};
admin = {
DISABLE_REGULAR_ORG_CREATION = true;
};
auth = {
ENABLE_BASIC_AUTHENTICATION = true;
};
};
database = {
type = "sqlite3";
path = "/var/lib/forgejo/data/forgejo.db";
};
};
modules.system.backup.paths = [
"/var/lib/forgejo"
];
services.nginx.virtualHosts."git.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
};
};
};
}

68
src/system/modules/frigate/default.nix Normal file
View file

@ -0,0 +1,68 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.frigate;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
in
{
options.modules.system.frigate = {
enable = mkEnableOption "Enable Frigate NVR";
};
config = mkIf cfg.enable {
services.frigate = {
enable = true;
hostname = "frigate.${domain}";
settings = {
mqtt.enabled = false;
cameras = {
doorbell = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
living_room = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
kitchen = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0";
roles = [ "record" ];
}];
};
parking_lot = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.59/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
porch = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.43/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
};
};
};
# Add SSL to frigate's nginx virtualHost
services.nginx.virtualHosts."frigate.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
};
};
}

38
src/system/modules/immich/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.immich;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
port = 2283;
in
{
options.modules.system.immich = {
enable = mkEnableOption "Immich Photo Server";
};
config = mkIf cfg.enable {
services.immich = {
enable = true;
port = port;
host = "127.0.0.1";
mediaLocation = "/var/lib/immich";
machine-learning.enable = false;
};
modules.system.backup.paths = [
"/var/lib/immich"
];
services.nginx.virtualHosts."photos.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true;
};
};
};
}

63
src/system/modules/nginx/default.nix Normal file
View file

@ -0,0 +1,63 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.nginx;
domain = "ramos.codes";
in
{
options.modules.system.nginx = {
enable = mkEnableOption "Nginx Reverse Proxy";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.nginx.serviceConfig.LimitNOFILE = 65536;
security.acme = {
acceptTerms = true;
defaults.email = config.user.email;
certs."${domain}" = {
domain = "*.${domain}";
dnsProvider = "namecheap";
environmentFile = "/var/lib/acme/namecheap.env";
group = "nginx";
};
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
eventsConfig = "worker_connections 4096;";
# Catch-all default - friendly error for unknown subdomains
virtualHosts."_" = {
default = true;
useACMEHost = domain;
forceSSL = true;
locations."/" = {
return = "404 'Not Found: This subdomain does not exist.'";
extraConfig = ''
add_header Content-Type text/plain;
'';
};
};
virtualHosts."test.${domain}" = {
useACMEHost = domain;
forceSSL = true;
locations."/" = {
return = "200 'nginx is working'";
extraConfig = ''
add_header Content-Type text/plain;
'';
};
};
};
};
}

30
src/system/modules/tor/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.tor;
in
{
options.modules.system.tor = {
enable = mkEnableOption "Tor";
};
config = mkIf cfg.enable {
services.tor = {
enable = true;
client = {
enable = true;
# SOCKS proxy on 127.0.0.1:9050
};
settings = {
ControlPort = 9051;
CookieAuthentication = true;
CookieAuthFileGroupReadable = true;
DataDirectoryGroupReadable = true;
};
};
};
}

1
src/user/config/bash Symbolic link
View file

@ -0,0 +1 @@
../modules/bash/config/bash/

15
src/user/config/default.nix
View file

@ -10,22 +10,13 @@ in
user = mkOption {
description = "User Configurations";
type = types.attrs;
default = rec {
default = with pkgs; rec {
name = "bryan";
email = "bryan@ramos.codes";
shell = pkgs.bash;
keys = import ./keys;
shell = bash;
keys = import ./keys { inherit lib; };
groups = [ "wheel" "networkmanager" "home-manager" "input" ];
gitConfig = optionalAttrs modules.git.enable {
userName = "Bryan Ramos";
userEmail = email;
signing = optionalAttrs modules.security.gpg.enable {
key = "F1F3466458452B2DF351F1E864D12BA95ACE1F2D";
signByDefault = true;
};
};
bookmarks = import ./bookmarks;
};
};

1
src/user/config/git Symbolic link
View file

@ -0,0 +1 @@
../modules/git/git/

3
src/user/config/keys/age/README.md Normal file
View file

@ -0,0 +1,3 @@
# Age Keys
yubikey.pub.key - Cold storage backup for age encryption

1
src/user/config/keys/age/yubikey.pub.key Normal file
View file

@ -0,0 +1 @@
age1yubikey1qfapxqnnkh92zkgayzzm9n0gtpkwaqcvrzy4d4xa4rxnjua8vjhy72hh9r9

23
src/user/config/keys/default.nix
View file

@ -1,13 +1,17 @@
{ lib }:
with builtins;
let
extractName = string:
extractName = filename:
let
metadata = [
"pub" "public" "priv" "private"
"key" "file" "." "_" "-" "pk"
];
in
replaceStrings metadata (builtins.map (_: "") metadata) string;
# Remove .key extension
noKey = lib.removeSuffix ".key" filename;
# Remove .pub/.priv/.public/.private markers
noMarkers = replaceStrings
[ ".pub" ".priv" ".public" ".private" ]
[ "" "" "" "" ]
noKey;
in noMarkers;
constructKeys = dir: (
listToAttrs (
@ -17,7 +21,10 @@ let
map (file: {
name = extractName file;
value = readFile "${dir}/${subdir}/${file}";
}) (filter (node: (readDir "${dir}/${subdir}").${node} == "regular") (attrNames (readDir "${dir}/${subdir}")))
}) (filter (file:
(readDir "${dir}/${subdir}").${file} == "regular" &&
lib.hasSuffix ".key" file
) (attrNames (readDir "${dir}/${subdir}")))
);
}) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
)

5
src/user/config/keys/pgp/README.md Normal file
View file

@ -0,0 +1,5 @@
# PGP Keys
yubikey.pub.key -
work.pub.key -> bryan.ramos@concurrent-rt.com
ccur.pub.key -> ?

53
src/user/config/keys/pgp/ccur.pub.key Executable file
View file

@ -0,0 +1,53 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBGM8ZXIBEADD3ZTfTFYRtkgH4Mtjy5sxe3Z+3xqxtZFQUg1dFuvPHdQFrNCB
hbmEnMeyDC2FK92OLnYdnfO+evRg4V3AJSl0dyBM1m9bgSuuIw7b9ni3yYVbh4zg
BK0Dcj6E+zGrGMsPje08O+NdOh5pJLfY2Xra9LBGteN7Ck+NnDAwBhE4/0tdm5Y3
bjvKyq3HelpTYLQFiwi2lFCXMEEUeGM3bAUWUEXZn5g8FbFm9Y9KMKivHsNvSFnd
7U3WZg9K1uDMV8+xA/+nxd7CqI03oafxEUlW48a0Z1nowzEbG22OOw0I78FtrqTj
PSKBlIJHYBEF/x0UMfeJnbnR89jJZihPzLRCpSzuMiX4NF39S1nnmpjcn+vwgngE
NIxPBXh4fOdBzvplgS/iaS/wxkoMcXgRe4qMVp/jQzE19XzxUkHcWFxUeG4L0gDJ
77STrDDpIBExkd2EAz1AtxRfuW1PD94uHex3ar41GfU088sYO1pmzwEl5h9ep/Zr
oHLfwb61h85V4+5tw+cFzOa1iA/Rgh/qOCVKrU/A9aibxDh1/x54wo7nwkCuIbjA
W/3wiNiQn9a/GRBoIoSwdpdd90RAxINhXiVqhzkCtQskeCrOiWyZRdHTOQnV6GDH
/s5EaPj4o4v1NpbBh+y4QMtJXk+rpV3ncyBJpBIWwswCXZhVqB6FFRy7uwARAQAB
tExDb25jdXJyZW50IFJlYWwtVGltZSBTb2Z0d2FyZSBTdXBwb3J0IChSVzlSS1lH
QSkgPHN1cHBvcnRAY29uY3VycmVudC1ydC5jb20+iQI+BBMBCAAoBQJjPGVyAhsD
BQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDcXtpJfTtL0m3hEACZ
P9QRj4I9puaXweAiaq1WHDztTBO0Xoi7D+7NlfQiZQ1bONdRN5tYQTCZighcXelQ
Zsjtz/rDrVykBC2r3dG5X81gDTZx9WwGhFu/MuaUnU1Df9LUIAi5FliypqRV/NtH
MyeaOATlpgEBkVBe2fcoCSIqrUJXdW2Cu38w+AJce4IuaUSJeWDiumcW5SvwpdiT
2qsKhbdyjdb2ayRipimEWsaNUDkxz3e6kvz1npgyk5CaLo82yzVMBGxAGfWrJqYr
TZOFm4UG1ObZCP8gq33LKOzB45UZP5lNE+5Cr68MC6tUF5s/Cai8BiskP+gWiDJQ
LPenKDjaf4H11s98/Dfw86DwKY2zfDXTkJ6nQXjqvnZYsovjeFJVXx9jjBh3i98W
5/VwogbWfwpbnRt/rtDq1MglqvHsL9QjA9CSaHRdy0hy2JmZ9S2msFrMR/DrKfcO
kCr8ciLilxvyCpaYUjRmH38w29YUW6JIImPtBlt4QpYiw9cLsU9RGLZ+nu40AFiC
rzo8xiYO6kXEk5znFRy5JzmiFu5QouhMpeVXXEnBZCt5j+A9DkzwlNShHl3UgWfg
xatllI0FUJsJpIKqQq1jkPdC+fZliN2dDKiVgTmz0VvFwZRCxMz30yhsX1ZhtPGx
U2Z/3xIyOE+OEp2iPnCD4fhBnOc6t39rOX7jhSqim7kCDQRjPGVyARAA2zN8zwUa
i8dkeUYxQDjQxhSZsTsE7VGvL5gGRZhJ8whFNxCcjya9xPbGNnsXh8Zp9MM6Ji7a
1OZt9qzOH3Corgp2KA2ascLLpby5OAnIR5fULfqh5XR6byH/X59myrV88mifGCmM
anEjK+Tw5KybaBEHkNE2G2aUzjrYAMsfQnnHgYT8jUN1LkXqHVftX/0dwrhOcCqJ
YjLP9Vp4gZEz/Y5PQEjaEG3U0YCtaBBmnekBZ8bozO0og5/zbnX+IsY1F0QBsCmZ
+cVSuheWhFIJTBK2jyF8mHzAauOtYHHJQYyRsXNuxt5uqYj1it2Hag2jw7+q+ZDx
7FzqcKyxvT+usczHH5QhtzZpWrgZE+Po/2gmEg7Qz/c1I4Hy7DtOVv7ql8kluGpM
NM3cQYivZ4LD7Qsbnfj72muCD5W+T2c044y8WGE0U7GVTQw2ej6eLXutizlzNTmu
eW1r1OvcLXQUH5Ck2DC8HOauoCRPpRZeP+OQuiJax0VFqGdC1s99TCYow15OKWeE
HYCLIhAqz1oKq/4p92HPEV33kx7cGVPBXagw/KZKFlKTVbhHZxWQQDYkTrh/Fx5p
197U4XUG5qxTmMo03uJeppAyufmfpuHX7JVkHfZfXx1ZJdsXKlMahT3z7GhkJgjm
mPaoUroDS0Ddvs7qzYMprPJpiI3V78Q5lakAEQEAAYkCJQQYAQgADwUCYzxlcgIb
DAUJCWYBgAAKCRDcXtpJfTtL0g5SD/9A8fGzmOpnO7u3zKsER5GPxHVuwc4NRDVa
UIEvTrmfR1DSgrIJR4jQ1I4rGeoZ/7kUaYd6l1b5Apj8zp+Z04l0+nlIKvdd97Mg
Sb4kVuyyeUQN2d83ETBcZQC31061bnjH/W3+j5ojDqvjxPFJ7bz/AmVbi0s9MElc
c9h+jJ8LtK24yNQ6ribq+7X4YY7G87eeCkXY+Rdv96V1aaNNortZHQPNAMQRDrK8
sH2nsyfEifyyf3RGmnhrfvVkpPZvBrtoSZStdHqpbD8NRuZgmHFN2EUE210SgSU0
/W2eGDb/VGgAd7Cfh/qncYZWPxRwcnmkAu+bbdeFiyVoCSMzNKY0+6Ub0B7xmCsH
V144cNW01HAOkv/RtFyUIzpY0RhV1SaJ5XqFFNnWpcYjYR5l2YJACvS39nD1Yd+S
+vCDTddpK1okCfk1oXRN7vUYPBjF7Suu+/Kets9FBGoypK+4L2WlC36XYIpBXohB
r/tMoQhcoq73sp04IG3k1+Am5yiCbDMU3+1UhT/m5tL3o02by0c60RMHU/T6vfE8
qj3FjF7Qy37xoWmPCrWkpwPscG+WDogupBc3RpxGP9ET8Th+HJM0IpQLoKeDYl5I
9z/kRFbY243tkJ1r65TMfa5My9J9ZdP22ZcOR2ql5z2IT7dvuteupaD82ojSXPzJ
uWsnbjV0Rg==
=56r2
-----END PGP PUBLIC KEY BLOCK-----

121
src/user/config/keys/pgp/work.pub.key Executable file
View file

@ -0,0 +1,121 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGZhwAgBEACsQLogtgJt/+UuNQGDDV3I73sBHZrrEm5JgooOL5GLK+YJSrqh
/fqidBcNft8/V4sycafOvud9OYs7w1EgeOlmGQXtXgZuQaKf161yUztPvuodzIo0
bFGI8NdbyNJVZKgCmvJ3f4H/6f5nxNM6+dp57F8QbvW3hB/W76mCqQSek3kfZPfY
vxZB+OS7lnLRVp+xiW3zAnoBvAW2bWhSR7Jn+sLnaJpRlv4Sk3f3/659hvYOBdtt
/Qp5N0P8BnDPbb6Yt02F7lX/k9QB0P7XXVyj33lUVZdp6aTWNTqDcMcW1BJa7p2K
M6N92QvipVBOQtF63XguFIhQwf60X0O5+LZE1JStsTZh6ALmWei96S2uvHfe/45U
WrZQpnZC6UHpEMgMFliT0Enj/PgpW6/tKLuukO4sZBk7jkdCa1fKYbrMPRdjpml7
T1sJgTLzJ2TWIbZqVy+GOO0Cqz2fi1p1DQxbWnMhLDtnrZBDUpbZigjS648/wclw
xJhhvaWtDNdzpdKCmYl9LETX/S/btDT6xGJDDzYj1ibko+HIarhnPwd51G9nm14J
7NXxZ6hcP82IDy/1cJc7OWTf1FEJKrd41ksuF8aYE3EP2R/SXuGPjyt3VHZCU2Oh
OHqG5Iz+C8iDFsjpkgBucbZwh5VCiW5H55cE9gtta2WItQN8JwAq9NSZowARAQAB
tCtCcnlhbiBSYW1vcyA8YnJ5YW4ucmFtb3NAY29uY3VycmVudC1ydC5jb20+iQJS
BBMBCAA8BQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIXgBYhBK9qiSn9utkVtpBl
QAkI9LTbcsc9BQJmYcDFAhsBAAoJEAkI9LTbcsc9m4YP/RJv95LINYzid76qhFCD
lk/MKj0LXf/+dzZYD3ikKZKN0L0DSRkZdqL7oNCYBf9BYoyDOEv7DQcQF3IlsPjq
fpUeJEi20heASnB5CZ0W3Q74FK972IdlCf2gZM3Kmt6TrxJGiBF5aqRTXw8a4EGE
A9kAcT9vKU4ANnOjybevM7hP2GW2eNiEpJYUAEQ7O5W5Y5w1fVi5eJqU9I5d9fvz
Cp8FQMTgF3DlYc4kq+wSYwwP5v+2T3Pu3wq6fCw8SG39UuuFP5qnYu8lhK16wKFK
5fanqUP2aPArPq2aF6fSSDG5qDaCYY++0ia6HlbFdYPs5/cCyznqnYtW4GISGUyp
urAwfScLNgDj2MUQg2saHsLFa5nnKSaVeqjKRlkN5to13fCGvCFGBP6TrikpmLe7
MY8B+9sYo0coxg/iWwfzLCusjyyYpDBUSCa7/cmsbMcMk/6eFJOPXcdvvkkJ7jGe
wAmAKXxxbJBuWdZ0EYsO6reAIocN0FukeObg913j1Du98uiluAc6DI9j/h8Scb4M
O7J0eQXz+yrc7t2CqTm0QjEpGbslNd6UXtyUnC93ZRcGwtkdIPMZK9Xomf7/vLxa
oJ1Hc9G3UwjV9hfdOfzcNvYPrycIYACOfUPdK+467mgj44kAUj5S/X2LuFgupHor
mKe3Ezwfgz6nNc+/7gFBf8CuuQINBGZhwHIBEADPgrtOfjzof84+v5IVRWlWdnkn
Sugjdp90nuL+OwNFth/ny31pDNhuacItLoQTFSjrJdUwWGfTMQAlAnsRetHI7VcJ
bgLaTClMDp+OVhHf2OvCThgwboxTWFYbLrU6YyF2s6ijty7ZQnkesBEusqH1Jdnd
rqaYSBZ2Lx/dwrEmANebP1WGW9PYHhF22tBWKdrDfe5EXZRk2QjPrnStrbwLWbwn
vHQTQm59jPvclU+Sj89x2AhC9prMPTi7x4dTWHV6sqP6gQEiztium1+nL9tOSQrD
yMe0dFMsvv4gwyic4Dzwnh1f0+Mha0Ov0j5hny3NZ2DeA47bUrsAxIJUO8S6+QZx
8IlruPuyEbHX+1Pmp9OdyAr/hjh4699XXzieBntsIrWiT5zRPDS+xVyv6uItzalw
pKCH1moy7w8d9qGz3IKFGYfzqT1NBSZggH8BQuJxEdBh9te7UoqAP4CUzqr7V1j5
V3NqPhj5J7Fei5JVk+JTNyz5bCkSs7WVccYkeA2nz12rNma0Ix8glhztxkNTqpbY
hIWUYKlkZ+6Azky8iA6wpx2GbdnqmQAtTKwgtkmr0Vmb1b7WJcvWAOVA7/JrNECu
1JL6QyPtQcgwuj8D+VdaA0dl7w6vvMMjbKasMtIcwCdUqub0QcvJhr8p0xc3oYE9
qViIWpdEtkHhRo3yEwARAQABiQRsBBgBCAAgFiEEr2qJKf262RW2kGVACQj0tNty
xz0FAmZhwHICGwICQAkQCQj0tNtyxz3BdCAEGQEIAB0WIQQKdRvp/B6Aqs4lPCbT
PvQ/u0HUtQUCZmHAcgAKCRDTPvQ/u0HUtXRrD/sEfXe5bvUPgj5JAPlUjfziMAAt
IL0z2AWySwaeEhJDEjeYtQAHNRrAn06qnec6erQ4Y6Yzd5sTRtrWCx+WGd+sIi9n
HXC7sc2u0iQEcsK+LQBetdArHbOUQqmn9GE7NDF+H1jQfBKfpiXLKGz8lQsHtHM4
t6CmjokrLBBuS1fTJFjdgl35gJ+VjCvZqjAb749xg1dQrsY2A9WK135rs539rNlE
GotgYRXiL7VRkvoCCy1UFS47OsMFMcdQ+yCj3pKOIvQEJ6uvn4IpzLLpM8FEfQPP
Au/76E525nKN06bzGuBJmVLaOEMA8il5mKFXhexMTT5OUE5avGUV59WfeVsukNeC
QC+ZuZMr/c6hacX4hQwC5KJQWmfxXv0VkzugHGw52dpFU/+zSr1EcviZGxP8jZo4
kh6SeMcihuuciV8gwvdImYR+PtthbTz9KLBPLcMlLWhc6qeuiN/tyNAwapFWbzW4
uqR1iLjshTTpAKDId7NqKsjGaEFlsJeoQo7T5DgP7ojWiuTb0gO7CfF6GOZ5nv3J
LL0lsrnH1rLQGgtlUmvN1iPaBZqcqq4TG0nal6+DABetqPOoOjUZTMEmn9oAtK+8
QukTOPjbX+4abI58A1c0xunbPkX6CFlOV9xUSzt19Sp41BqUGIKhVf7uDHG4ZfJk
84g6YYd+4KiCunNNFOnLEACESWjhgCrvZUmQQ4SBAvtVcWZQcrA1XGZqd0t3olzD
HNu70p/RwhPQSmZeaXfYFXUvGCHc5d/Qvb/kZszKzyHZ/f6OaZm5GtYf9x9kFtWU
Q+jdZTT0lvizUkBHKYKzXQmzBa4TC8Ke4RnVXwE5/pwpOxQzRgpDKiCUh+45QLft
XLSEQibb30PKaLEhLO6pD3yqYNo4+3MTBkYUtfaCbTrixNTJPDs85OMz+EMphnE8
+dY1GYjILNw22dHkrE0I4Mf7ZUE31pn/hwt+h71+4l4aZ/nbCt5uIhfvctG4c+mq
72duQSq7vFdqQX1SBdczlknR7khb9S73VKBgcIIPUtrOl0OwmA57EPOHJ+I56Lqf
qNGByfBLYdn8XxuF8fJRr71Mg/tx0HWIkffkvefPx9TVb0aaNMCS0XgIZG8cqTp/
+o4XSpmL5TZV9+DIyPXZe1LPQDIZA9s9WSX0QajbBPy3BGNUyBStV4ZXsTjZAhcu
Kg5AHY4WFZSdYwAoXxIolvyWw4fZLBNDBEtVlSXDqbW2uowKSb5Q2y7/aGZkYsZA
x/QHFPM19l+twSsW5/kUy8UHr0Mo7BWxM5oijrIeJyqG6txFs8CVF2j2Xn348A52
p31k0Gkh99EVaWNt+JamdR4ymr3B/Thd8My6LMIQx7ZL4LXsFtQSN2xMp3MY/ago
1bkCDQRmYcDKARAA1ef7QCCGxriWc2w+p9oPbgex06Idxr5ZcjrY7nk5jc2WHKxi
3eMQv6FB6rttRKOOhJCi/tI3Uv2gKpsJYk26s9FgZVGpCQMX/8phDRL8ZUdB1QKp
gEx8P4yg9llerD5HnWcJlKJ4i7TFbkq6UaN8ls8W29zR+6OqG+1JtZpUeLU3O1Bb
e9BLDvv/9qqtZhOtKJZwn6oCXlzNWLIa1XWKrGc0UQ3WmfnVhgkySdQBLFZ2NH4N
r6N21NzDPBBgin1lF9HZ1kKnTqII4a+UJZsufXp19bs+wgxunum+qLPd5GMY6CVe
sQ85g12en4+RiCMW+jxFNoTEkmN3rgRO7Ccw3WTamfcUoiIq3l5KaMgUefI6K/wG
/yg2VxAViC3KtLPgYZ39UmTjhdbZpW26FK9Ky4/v+vJu+kjKCELqU7ACR23f0P2E
nS4O0AkotqkA+LeXWoJduq1JXB0a7AXKE6kg6Go8lCbv2Vq34FgGH/+Uz3qHlNdE
ppmYl68/jaxH0mExgl4Csxb/qMZ44AMtYgwfSA/lgR8p80agUAN8Q1ALSZKnOVUN
ALXtlraQEEiE7Zxo8mmU9yai/HDjKcQl19UvopuQ5Bnl/bzrj7CuDdiGFgmD2GNq
gu/4Q1008NR4c26AgA6ecKnzdnWY8OkMhm6Cdp2JtsI2eSZnU4hZyvusxzEAEQEA
AYkCNgQYAQgAIBYhBK9qiSn9utkVtpBlQAkI9LTbcsc9BQJmYcDKAhsMAAoJEAkI
9LTbcsc9FnQP/jh1Z6Tf1wcwzoOchaep21IPGjaKk2MthVAakhP6rLNFj+0WMCqU
SBKJZdkd91eQWa27CPISDly3JvDdLrCX0GOplfA/OHY5UJVX7z/4uUdsqMeMGDpI
yBSQ0HS4vFsaIOGzUIprjFX1jUMsKWUcDVf1l8M342C4040ufW3seK0i2gD66Qkp
AHfHEw+5eRT6dKh1G7eyii7XDp4wRIztt/V+C91M11dZMMnB0ctlvKgnnVl8LKVT
lTyW90Eu9m/X+mRCrtdrP6O6QSlS78w0ollkbwWzxW5VYfry05glO4TKTLC+CFB4
/ebiNXHK81Qdl2mwKHb1U7Wpnt8VAWKSGX/7o99e5n2CmctEEeXbj+RVBTl1yYHD
AuUaaZoijkiitqvVTSm8WIOyJm66OGWTzo55uA8S3Ygh45digj6OMiqennwtRUp4
6r4qN1GEv/v1gobqzmKyvBpqRvDsQysMJzOZ5uFL2G+h8g9xj7xGp3qIeRQEBa4X
w7VpNeHajjwAlxvCYKRxQCIfYdnac5APvbRjQEvxAJ/h4zIuFmY6LTLcbPrsWm49
esJ5EJg26Z1iCE/4xSh4nrqNTsi3PzF9Iz3iZkSz8rfFgsWlO4vEVh1sUKA3LuGc
UeG50NzyEmcqU4kvmdl0+pXepB7UBpEiCsjqDwRolt8Ca4MFiWQ+Rd1euQINBGZh
wOQBEACr0LE4obH5j696i06jnG40mCNmfNdpSnv6uq7IS2GeRXzcgX12sDuvRaBX
M/aNge9N5IFwXV9SZdw53nNXdWu5x79Vizyr2FO8P+aLVvwAavcXqlHPxvtbRhUW
Yp6PW9r+Y7EZJ98tCZkgwQ0F6m7ArOi5Yziy8y7JN+WgVj30Il3JOcY9os/HtBSC
EzvJ5rh1DAExie9KW3Pn+LEECPrp75hSwn/XIHrBZwB5JZ6g6I7M7t+/KWYgtPiT
ex8KPk3NnjMTri1w8FnfC9iMbbRYqMr6fYYdXpp0+WnkJuBKEO+XeO1Q840hJVnk
V9jOIss492boEhZWEtxHzRWTijqXiqJu0VNMIm7WmBZXmHEeynXc0PjYFWDwJ7De
L+FsuKvRJqVmi5TixeFzszO9ghDjJSTFgpXO5gZXc1QgCWrexTV+OpDIPKKwO+V0
fQgYJoKBvlSWXQH0PlUl9FC8HeL5H3LRNqftqKbZtJ0HE+0Sa3AjK3YXszawrA4v
O/+zqjHwbdG9kYsc9gUg/CF6hPcSrUBJYQo6Sb86Dwb2OGL5pXgw0GAlLsMF4Upl
mADxy3haKLd65ou5cwFgoMqevs0m0y6L0LQLtE6DM269jOnTmsDa70HNlBODMj2Y
G4pN73f+PIdpgLzyc+2g3Dcu8xNQ9zTcULIETSFUQ5F5Ta8BtwARAQABiQRsBBgB
CAAgFiEEr2qJKf262RW2kGVACQj0tNtyxz0FAmZhwPsCGyACQMF0IAQZAQgAHRYh
BNFMNrmgN2O008gyP/SMgJ9Pr40xBQJmYcDkAAoJEPSMgJ9Pr40xhC0P/1o7C3yf
Ku6m8+xEvW82b0kBv4KNy9FzDV5CBfD37t79NE8+RYkjm7p2X3BJInb8VgFM/Cp4
zoUOOOTMBlLbZt92XFJSszh8hvOBlFSk/2js9Sgv/bv88jUiJdkW2TyIrb4NH3A0
+HSZHQD9rHeF23Yzj1jomHpdz6jAwF2Or2cCeUa1Lf/o8DqGpOzKUY7i93Yc2hRQ
mWjRdV4bJLmwHVE/YLeiSn/EzYGiaDJ08Y4KfrOP6A2B5ODk4EL71aQoYLLeKRPc
gMq2PmyH/v+DakZBwWAyhf0AcW5IalcQehx9HIhG8H9+lIr1QmxVzA1XumHA3bm7
JPxovnZjOYMa3dd+z+i0Ags+ezluonXD3ow7s31G6tBQbwDLOI2oYNpDz8p7aViP
ieKGTuOelOBWk3Uo9zZjg8MNqJpo2a1nvGM/rRo9DeflX3B7sitalyeXFPmVCDCB
/ShMiiRAQPnRk+NrFdyEdrE8BmlHWOXhpHchF/KdZLHKETox/7eejYLxeS/D7L6q
YNDe5aCxxa1j9ZhYgh3xGE3BScMNOBZcUAmHb5EcPDkPI4wlwEGkvwKy02NtpD2s
UunZB0FZlpuCbAo1WQNxlSn9DtPda8LlrtSts71Rd0Cg5hlrVz3MeeXEiFuI6NQI
kKKqzkICa2xmdrac/psmPV+0ututxg3IAXF9CRAJCPS023LHPVlDD/9/eJly6fGy
O/hq//a26u4G3TB7ytQ1WXZ5vpHN5KlCl5TzBdyt38fA4NyW7q4JP0RbaNPPIzm8
x47WmhEu88wkujNG3+uriM7Ku6CGte9ZDGfB2SSIMqVZczBWrfK2LEsjYKEOeGVJ
gJg6zAcDZ3HZSG2iGUme7RcU+bkRKq8YS3dlpRKi5lVwnEhsy6p17HnVaPpQfzLw
K+Yh2/+s9HJ4jA3yX7KMo7r+qaP8QytT+gTNHgEHWqtUrhMIWV4seaocCiohE2tH
VyOJIAeYZUDbrbSQ92vViutga+jNY6HfSudI2l08Ri1eEVu1rMSN5wQr8jWSyaRN
4kbsHmvoEynEbooETU0qFNW1BHiclud70E2P6teCGzHTIkLW6wA7w0jFAQmeh5VA
2SxagRyZFmK3e6aBImBDcAfPJJmszI739mQukpCwiYCBtMCoPxhdRNQ2diimragf
oyfbltRYs3ko0KGvb9vQUNNbRLLjzPL42GXou8Qh20emTf4/umeUmOZVq3AxZXcE
YjTNK3GMrey7oq/jJd305hekweDRDi6MmYBX93sKtR/CrmS5072xypBJkFHGtOwd
NkWkspfpqUH+JpjPDG5ift9Q69dteGvyIhe7tAQN6QtDj8jZpa1wiBZ1C8DDjv2C
Vv2c5XcFneMcDVBQ28VlwQ2fbIoDokz3Iw==
=my/o
-----END PGP PUBLIC KEY BLOCK-----

0
src/user/config/keys/pgp/primary.pub.key → src/user/config/keys/pgp/yubikey.pub.key
View file

5
src/user/config/keys/ssh/README.md Normal file
View file

@ -0,0 +1,5 @@
# SSH Keys
yubikey.pub.key -> PGP derived from `pgp.yubikey.pub.key`
work.pub.key - ?
graphone.pub.key -> For Android `pass`

1
src/user/config/keys/ssh/android.pub.key
View file

@ -1 +0,0 @@
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJM1HutPcWXdeTaAXY7ha8SlgeZFtLJGwNa3Kd/DL/R38fq5+fkh3iCoHgv+iiKcordtVTMhbOsHhz3H+Jm274c="

1
src/user/config/keys/ssh/graphone.pub.key Normal file
View file

@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJM1HutPcWXdeTaAXY7ha8SlgeZFtLJGwNa3Kd/DL/R38fq5+fkh3iCoHgv+iiKcordtVTMhbOsHhz3H+Jm274c=

1
src/user/config/keys/ssh/primary.pub.key
View file

@ -1 +0,0 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl4895aB9P5p/lp8Hq5rHun4clvhyTSHFi3U2d6OOBoW5Fm+VcQnW/xbjmCBsXk5BdiowsBxQhwnzdfz/KJL7J5RobomUEaVRwb9UwT88eJveLp14BG8j2J3SjfyhrCX+4jkPx0bPQk1HGcuYY+tPEXf1q/ps88Dhu0CARBIzYQOTYY6b1qWzxpDoFZGHjKG8g5iY6FIu65yKKvvVy1f8IgZ3l3IpwBWVamxgkTcYY0QYSrmzo1n7TXxwrWbvenAqBsQ0cBPs+gVa3uIr+1TJl0Az5SElBVGu3LvUdlk58trtPUj6TQR3YUkg7Vjll7WHOdqhux5ZQNhjkOsHerf0Tw86e6cEzgeTuIbQHIb0LcsUunwKcuh2+au7RO599cvHn0+xZE5MZBxloDDaJ3JsiliM8kyPP/U3ERj03cWLW7BqbT+sfjAOl21RCzk0iQxk1wt/8VmtCr9Adv7IyrtaYvf/bwRP+g+9ldmzKGt8Mdb605uVzZ70H/LLm17f40Te+QHaex5by/6p6cuwEEZtgIg53Wpglu0rA6UxrBfQEHKl/Jt3FLeE0mnEyYkkR2MnHNtyWRIXtuqYZMAm2Ub1pFHH7jQV1gGiDVTw6a2eIwK21a/hXtRjFUpFd1nB1n+KNfJBE4zT3wm3Ud7mKw/6rWnoRyhYZvGXkFdp+iEs49Q=="

1
src/user/config/keys/ssh/work.pub.key Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXYU5c7AUD5tQQdpzQ73yy3ti3R7dArZ+f/wETN7L2Z2Hw6zo6hDid9/Q4yxdgM/FlTj/Ok2DHBWqxJsEe3S4shwsT9l2qJatjdcUK6zH3/0nFPxGYIaByj87aZ+5dwMoWNGlioPWciUdKeovvau1PwvdBxPabHHap6nwC9yPaSIVbZi4GgYv/zEvOB4LVYLuxLqr0pPdMNz1ddjmjsQCq5alC33jSZWkABERw3GlF02dNHbUq6cZlFq9BudbNWBQ8zFgj/C8amK4DHUSeU8w+ckTmO5PjDjINOnFr8kytDap+/5AQ6kr618evJ2JCwnBj6txb3SVGhcvn3/DJjf2H7flVhZEWIMEMu7452SXfz9mxp3Vu3UMJkjHUj6Lxl302M318k9j+w1fa8EHO7OQHQZajNKrEP5/UK2CDfpP2KIybX5HnEqBcEqoSKhRt7ytNX6VGzURk3/mmk9L+An5z7ve+zqlgNOA8uaIoebB4476+n5pGiNIedO3FRjPofEidYjf5NTZ9YDpqFc5KbfbhduuP63G/kqmgTxXMuTsWINY2xKEc0BPnlEGfezMN+eQpwWINOUxW1ZEk3OYMvC91EndbVwxVbm3aze9894T3+wVTipJ88xARCQeQpu1eaWDSaNduD+8LAouQiTA4whM+jBEeQoWZe6Wf6W4tBeCZ6Q==

1
src/user/config/keys/ssh/yubikey.pub.key Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl4895aB9P5p/lp8Hq5rHun4clvhyTSHFi3U2d6OOBoW5Fm+VcQnW/xbjmCBsXk5BdiowsBxQhwnzdfz/KJL7J5RobomUEaVRwb9UwT88eJveLp14BG8j2J3SjfyhrCX+4jkPx0bPQk1HGcuYY+tPEXf1q/ps88Dhu0CARBIzYQOTYY6b1qWzxpDoFZGHjKG8g5iY6FIu65yKKvvVy1f8IgZ3l3IpwBWVamxgkTcYY0QYSrmzo1n7TXxwrWbvenAqBsQ0cBPs+gVa3uIr+1TJl0Az5SElBVGu3LvUdlk58trtPUj6TQR3YUkg7Vjll7WHOdqhux5ZQNhjkOsHerf0Tw86e6cEzgeTuIbQHIb0LcsUunwKcuh2+au7RO599cvHn0+xZE5MZBxloDDaJ3JsiliM8kyPP/U3ERj03cWLW7BqbT+sfjAOl21RCzk0iQxk1wt/8VmtCr9Adv7IyrtaYvf/bwRP+g+9ldmzKGt8Mdb605uVzZ70H/LLm17f40Te+QHaex5by/6p6cuwEEZtgIg53Wpglu0rA6UxrBfQEHKl/Jt3FLeE0mnEyYkkR2MnHNtyWRIXtuqYZMAm2Ub1pFHH7jQV1gGiDVTw6a2eIwK21a/hXtRjFUpFd1nB1n+KNfJBE4zT3wm3Ud7mKw/6rWnoRyhYZvGXkFdp+iEs49Q==

1
src/user/config/nvim Symbolic link
View file

@ -0,0 +1 @@
../modules/utils/modules/neovim/config/nvim

1
src/user/config/vim Symbolic link
View file

@ -0,0 +1 @@
../modules/utils/modules/vim/vim/

7
src/user/default.nix
View file

@ -4,10 +4,15 @@ let
entries = builtins.readDir dir;
names = builtins.attrNames entries;
excludedDirs = [ "config" "scripts" ];
isSubmodule = path:
builtins.pathExists "${path}/.git" &&
builtins.readFileType "${path}/.git" == "regular";
isModuleDir = path:
builtins.pathExists path &&
builtins.readFileType path == "directory" &&
builtins.baseNameOf path != "config";
!(builtins.elem (builtins.baseNameOf path) excludedDirs) &&
!(isSubmodule path);
isModule = file: file == "default.nix";
isNix = file: builtins.match ".*\\.nix" file != null && file != "default.nix";

17
src/user/modules/bash/config/alias.nix
View file

@ -1,17 +0,0 @@
{ lib, config, ... }:
with lib;
let
gui = config.modules.user.gui.wm;
wm = {
enable = builtins.any (mod: mod.enable or false) (builtins.attrValues gui);
};
in
{
cd = "cd -L";
grep = "grep --color";
tree = "eza --tree --icons=never";
lt = mkForce "eza --tree --icons=never";
open = mkIf wm.enable "xdg-open";
}

1
src/user/modules/bash/config/bash Submodule

@ -0,0 +1 @@
Subproject commit 79eb823bbb9ff88f284ae055fe1de954df8bf2e0

6
src/user/modules/bash/config/bashrc.nix
View file

@ -1,6 +0,0 @@
''
set -o vi
bind 'set completion-ignore-case on'
bind 'set completion-map-case on'
''

155
src/user/modules/bash/config/prompt.nix
View file

@ -1,155 +0,0 @@
{ config, lib, ... }:
with lib;
let
git = config.modules.user.git;
gui = config.modules.user.gui.alacritty;
in
''
check_ssh() {
if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then
ssh_PS1="\n\[\033[01;37m\]\u@\h:\[\033[00m\]\n"
return 0
fi
}
${optionalString git.enable ''
check_venv() {
add_icon() {
local icon=$1
if [[ ! $venv_icons =~ $icon ]]; then
venv_icons+="$icon "
fi
}
remove_icon() {
local icon=$1
venv_icons=''${venv_icons//$icon/}
}
py="py"
js="js"
nix="nix"
${if gui.enable then ''
if [ -n "$DISPLAY" ]; then
py=""
js="󰌞"
nix=""
fi
'' else ''
''}
python_icon="\[\033[01;33m\]$py\[\033[00m\]"
node_icon="\[\033[01;93m\]$js\[\033[00m\]"
nix_icon="\[\033[01;34m\]$nix\[\033[00m\]"
if [ -n "$IN_NIX_SHELL" ]; then
add_icon "$nix_icon"
else
remove_icon "$nix_icon"
fi
if [ -n "$VIRTUAL_ENV" ]; then
add_icon "$python_icon"
else
remove_icon "$python_icon"
fi
if [ -d "''${git_root}/node_modules" ]; then
add_icon "$node_icon"
else
remove_icon "$node_icon"
fi
}
set_git_dir() {
${if gui.enable then ''
if [ -n "$DISPLAY" ]; then
project_icon=" "
else
project_icon="../"
fi
'' else ''
project_icon="../"
''}
local superproject_root=$(git rev-parse --show-superproject-working-tree 2>/dev/null)
if [[ -n "$superproject_root" ]]; then
local submodule_name=$(basename "$git_root")
working_dir="\[\033[01;34m\]$project_icon''${superproject_root##*/}/$submodule_name$git_curr_dir\[\033[00m\]"
elif [ "$git_curr_dir" == "." ]; then
working_dir="\[\033[01;34m\]$project_icon$git_root_dir\[\033[00m\]"
return 0
else
working_dir="\[\033[01;34m\]$project_icon$git_root_dir$git_curr_dir\[\033[00m\]"
return 0
fi
}
relative_path() {
local absolute_target=$(readlink -f "$1")
local absolute_base=$(readlink -f "$2")
echo "''${absolute_target#$absolute_base}"
}
check_project() {
local git_root=$(git rev-parse --show-toplevel 2>/dev/null)
if [ -n "$git_root" ]; then
local git_branch=$(git branch --show-current 2>/dev/null)
if [ -z "$git_branch" ]; then
git_branch=$(git describe --tags --exact-match 2>/dev/null)
git_branch=''${git_branch:-$(git rev-parse --short HEAD 2>/dev/null)}
fi
local git_curr_dir=$(relative_path "." "$git_root")
local git_root_dir=$(basename "$git_root")
${if gui.enable then ''
if [ -n "$DISPLAY" ]; then
git_branch_PS1="\[\033[01;31m\]$git_branch 󰘬:\[\033[00m\]"
else
git_branch_PS1="\[\033[01;31m\]$git_branch:\[\033[00m\]"
fi
'' else ''
git_branch_PS1="\[\033[01;31m\]$git_branch:\[\033[00m\]"
''}
set_git_dir
check_venv
return 0
fi
}
''}
function set_prompt() {
local green_arrow="\[\033[01;32m\]>> "
local white_text="\[\033[00m\]"
local working_dir="\[\033[01;34m\]\w\[\033[00m\]"
local ssh_PS1
check_ssh
${optionalString git.enable ''
local venv_icons
local git_branch_PS1
check_project
''}
${if git.enable
then
''PS1="$ssh_PS1$working_dir\n$venv_icons$green_arrow$git_branch_PS1$white_text"''
else
''PS1="$ssh_PS1$working_dir\n$green_arrow$white_text"''
}
return 0
}
PROMPT_COMMAND="set_prompt"
''

2
src/user/modules/bash/config/shellHook.nix
View file

@ -29,7 +29,7 @@ case $- in
fi
''}
${optionalString tmux.enable ''
if [ -z "$DISPLAY" ] && [ -z "$TMUX" ]; then
if [ -z "$DISPLAY" ] && [ -z "$TMUX" ] && [ -z "$SSH_TTY" ]; then
exec tmux
fi
''}

12
src/user/modules/bash/default.nix
View file

@ -9,14 +9,16 @@ in
config = mkIf cfg.enable {
programs.bash = {
enable = true;
enableCompletion = true;
initExtra = import ./config/prompt.nix { inherit lib config; };
bashrcExtra = import ./config/bashrc.nix;
shellAliases = import ./config/alias.nix { inherit lib config; };
initExtra = "source ~/.config/bash/bashrc";
profileExtra = import ./config/shellHook.nix { inherit lib config; };
};
# .bashrc
home.file.".config/bash" = {
source = ./config/bash;
recursive = true;
};
programs = {
ripgrep.enable = true;
eza = {

37
src/user/modules/git/default.nix
View file

@ -10,44 +10,23 @@ in
programs = {
git = {
enable = true;
package = pkgs.gitSVN;
extraConfig = {
init = { defaultBranch = "master"; };
#format = { pretty = "oneline"; };
#log = { abbrevCommit = true; };
mergetool = {
vimdiff = {
trustExitCode = true;
};
};
merge = { tool = "vimdiff"; };
safe = {
directory = [
"/etc/nixos"
"/boot"
];
};
};
ignores = [
"node_modules"
".direnv"
"dist-newstyle"
".nuxt/"
".output/"
"dist"
"result"
];
} // config.user.gitConfig;
gh = {
enable = true;
settings.git_protocol = "ssh";
};
};
home.packages = with pkgs; [
home = {
packages = with pkgs; [
git-crypt
];
file.".config/git" = {
source = ./git;
recursive = true;
};
};
programs.bash.initExtra = import ./config/bashScripts/cdg.nix;
programs.bash.initExtra = import ./scripts/cdg.nix;
};
}

1
src/user/modules/git/git Submodule

@ -0,0 +1 @@
Subproject commit d394ee0594e8b1162f05547c3f7da817b6fcb62a

0
src/user/modules/git/config/bashScripts/cdg.nix → src/user/modules/git/scripts/cdg.nix
View file

8
src/user/modules/gui/modules/alacritty/config/alacritty.nix
View file

@ -54,22 +54,22 @@ in
font = {
size = 12;
normal = {
family = "Terminus";
family = "Terminess Nerd Font Propo";
style = "Regular";
};
bold = {
family = "Terminus";
family = "Terminess Nerd Font Propo";
style = "Bold";
};
italic = {
family = "Terminus";
family = "Terminess Nerd Font Propo";
style = "Italic";
};
bold_italic = {
family = "Terminus";
family = "Terminess Nerd Font Propo";
style = "Bold Italic";
};
};

BIN
src/user/modules/gui/modules/browsers/chromium/config/extensions/browserpass.crx
View file

Binary file not shown.

BIN
src/user/modules/gui/modules/browsers/chromium/config/extensions/ublock.crx
View file

Binary file not shown.

BIN
src/user/modules/gui/modules/browsers/chromium/config/extensions/vimium.crx
View file

Binary file not shown.

43
src/user/modules/gui/modules/browsers/chromium/default.nix
View file

@ -8,24 +8,40 @@ in
{ options.modules.user.gui.browser.chromium = { enable = mkEnableOption "Enable Chromium browser"; };
config = mkIf cfg.enable {
programs = {
chromium = {
chromium = rec {
enable = true;
package = pkgs.ungoogled-chromium;
extensions = [
{
extensions =
let
vrs = package.version;
in
[
rec {
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
crxPath = /home/${config.user.name}/.config/chromium/Extensions/ublock.crx;
version = "1.58.0";
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=${vrs}&acceptformat=crx2,crx3&x=id%3D${id}%26uc";
name = "ublock_${version}.crx";
sha256 = "0ycnkna72n969crgxfy2lc1qbndjqrj46b9gr5l9b7pgfxi5q0ll";
};
version = "1.62.0";
}
{
rec {
id = "dbepggeogbaibhgnhhndojpepiihcmeb";
crxPath = /home/${config.user.name}/.config/chromium/Extensions/vimium.crx;
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=${vrs}&acceptformat=crx2,crx3&x=id%3D${id}%26uc";
name = "vimium_${version}.crx";
sha256 = "0m8xski05w2r8igj675sxrlkzxlrl59j3a7m0r6c8pwcvka0r88d";
};
version = "2.1.2";
}
{
rec {
id = "naepdomgkenhinolocfifgehidddafch";
crxPath = /home/${config.user.name}/.config/chromium/Extensions/browserpass.crx;
version = "3.8.0";
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=${vrs}&acceptformat=crx2,crx3&x=id%3D${id}%26uc";
name = "browserpass_${version}.crx";
sha256 = "074sc9hxh7vh5j79yjhsrnhb5k4dv3bh5vip0jr30hkkni7nygbd";
};
version = "3.9.0";
}
];
};
@ -33,12 +49,5 @@ in
enable = true;
};
};
home = {
file.".config/chromium/Extensions" = {
source = ./config/extensions;
recursive = true;
};
};
};
}

35
src/user/modules/gui/modules/browsers/firefox/default.nix
View file

@ -22,7 +22,7 @@ let
};
assertions =
let
pinentry = config.services.gpg-agent.pinentryPackage;
pinentry = config.services.gpg-agent.pinentry.package;
in
[
{
@ -41,17 +41,29 @@ in
profiles = {
"${config.user.name}" = {
isDefault = true;
bookmarks = config.user.bookmarks;
#bookmarks = config.user.bookmarks;
extensions = {
packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
tridactyl
#darkreader
tampermonkey
clearurls
passff
multi-account-containers
];
};
search = {
force = true;
default = "Google";
default = "google";
engines = {
"Startpage" = {
urls = [{
template = "https://www.startpage.com/sp/search?q={searchTerms}";
}];
iconUpdateURL = "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico";
icon = "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico";
};
};
};
@ -306,15 +318,12 @@ in
"media.videocontrols.picture-in-picture.enabled" = false;
};
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
tridactyl
#darkreader
tampermonkey
clearurls
passff
multi-account-containers
};
};
policies = {
WebsiteFilter = {
Block = [
"*://*.pokemonshowdown.com/*"
];
};
};

40
src/user/modules/gui/modules/corn/default.nix
View file

@ -8,29 +8,29 @@ in
{ options.modules.user.gui.corn = { enable = mkEnableOption "Enable Bitcoin client applications"; };
config = mkIf cfg.enable {
home.packages = with pkgs; [
trezor-suite
trezorctl
trezord
#trezor-suite
#trezorctl
#trezord
sparrow
];
systemd.user.services = {
trezord = {
Unit = {
Description = "Trezor Bridge";
After = [ "network.target" ];
Wants = [ "network.target" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${pkgs.trezord}/bin/trezord-go";
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
};
};
#systemd.user.services = {
# trezord = {
# Unit = {
# Description = "Trezor Bridge";
# After = [ "network.target" ];
# Wants = [ "network.target" ];
# PartOf = [ "graphical-session.target" ];
# };
# Service = {
# ExecStart = "${pkgs.trezord}/bin/trezord-go";
# Restart = "always";
# };
# Install = {
# WantedBy = [ "default.target" ];
# };
# };
#};
};
}

18
src/user/modules/gui/modules/fun/default.nix
View file

@ -7,17 +7,17 @@ let
in
{ options.modules.user.gui.fun = { enable = mkEnableOption "Enable entertainment apps"; };
config = mkIf cfg.enable {
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-pipewire-audio-capture
input-overlay
];
};
#programs.obs-studio = {
# enable = true;
# plugins = with pkgs.obs-studio-plugins; [
# wlrobs
# obs-pipewire-audio-capture
# input-overlay
# ];
#};
home.packages = with pkgs; [
spotify
ytmdesktop
discordo
webcord
];

2
src/user/modules/gui/modules/writing/default.nix
View file

@ -9,9 +9,9 @@ in
config = mkIf cfg.enable {
home.packages = with pkgs; [
mdbook
texlive.combined.scheme-tetex
pandoc
asciidoctor
evince
];
};
}

2
src/user/modules/gui/wm/hyprland/config/rofi/default.nix
View file

@ -5,7 +5,7 @@ let
in
{
enable = true;
package = pkgs.rofi-wayland;
package = pkgs.rofi;
location = "center";
terminal = "\${pkgs.alacritty}/bin/alacritty";
plugins = with pkgs; [

6
src/user/modules/gui/wm/hyprland/config/waybar/config
View file

@ -2,7 +2,7 @@
"layer": "top",
"position": "top",
"output": "HDMI-A-1",
"modules-left": [ "custom/logo", "clock", "custom/weather", "custom/blockheight", "custom/price", "memory", "cpu" ],
"modules-left": [ "custom/logo", "clock", "custom/blockheight", "custom/price", "memory", "cpu" ],
"modules-center": [ "hyprland/workspaces" ],
"modules-right": [ "tray", "pulseaudio", "network" ],
"reload_style_on_change":true,
@ -10,7 +10,7 @@
"custom/logo": {
"format": "",
"tooltip": false,
"on-click": "alacritty -e neofetch"
"on-click": "alacritty --class sys-specs -e bash -c 'fastfetch; read -n 1'"
},
"hyprland/workspaces": {
@ -108,7 +108,7 @@
"default": ["","",""]
},
"justify": "center",
"on-click": "pavucontrol",
"on-click": "alacritty -e pulsemixer",
"tooltip-format": "{volume}%"
},

BIN
src/user/modules/gui/wm/hyprland/config/waybar/scripts/getPrice
View file

Binary file not shown.

2
src/user/modules/gui/wm/hyprland/config/waybar/style.css
View file

@ -1,7 +1,7 @@
* {
border: none;
font-size: 14px;
font-family: "Terminus" ;
font-family: "Terminus Nerd Font Propo" ;
min-height: 25px;
}

54
src/user/modules/gui/wm/hyprland/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ pkgs, lib, config, monitors ? [], ... }:
with lib;
let
@ -9,8 +9,11 @@ let
sha256 = "1ph5m9s57076jx6042iipqx2ifzadmd5z4lf5l49wgq4jb92mp16";
};
toHyprlandMonitor = m:
"${m.name}, ${toString m.width}x${toString m.height}@${toString m.refreshRate}, ${toString m.x}x${toString m.y}, ${toString m.scale}";
in
{ options.modules.user.gui.wm.hyprland = { enable = mkEnableOption "Enable hyprland module"; };
{ options.modules.user.gui.wm.hyprland = { enable = mkEnableOption "Enable Hyprland WM"; };
config = mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
@ -21,13 +24,13 @@ in
"$terminal" = "${pkgs.alacritty}/bin/alacritty";
"$menu" = "rofi -show drun -show-icons -drun-icon-theme Qogir -font 'Noto Sans 14'";
monitor = [
"HDMI-A-1, 1920x1080, 0x0, 1"
"DP-1, 1920x1080, 1920x0, 1"
];
monitor = if monitors != []
then map toHyprlandMonitor monitors
else [ ", preferred, auto, 1" ];
exec-once = [
"waybar"
"hyprctl setcursor Vanilla-DMZ 24"
];
bind = [
@ -47,9 +50,9 @@ in
"$mod, F, fullscreen"
", Print, exec, grim ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png"
"SHIFT, Print, exec, grim -g \"$(slurp)\" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png"
"$mod&SHIFT, Print, exec, grim -g \"$(slurp)\" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png"
"$mod&SHIFT, F, exec, alacritty -e sh -c 'EDITOR=nvim ranger'"
#''$mod&SHIFT, Print, exec, sh -c 'grim -g "$(swaymsg -t get_tree | jq -j '"'"'.. | select(.type?) | select(.focused).rect | "\(.x),\(.y) \(.width)x\(.height)"'"'"')" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png'"''
''SHIFT, Print, exec, grim -g "$(hyprctl activewindow -j | jq -r '"\(.at[0]),\(.at[1]) \(.size[0])x\(.size[1])"')" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png''
"$mod, D, exec, $menu"
"$mod&SHIFT, D, exec, rofi -modi emoji -show emoji"
@ -74,6 +77,7 @@ in
windowrulev2 = [
"float, title:(Android Emulator)"
"float, title: Extension: (PassFF)"
"float, size 400 600, stayfocused, class:sys-specs"
];
general = {
@ -94,12 +98,21 @@ in
kb_layout = "us";
follow_mouse = 1;
accel_profile = "flat";
sensitivity = 0;
sensitivity = 0.35;
};
cursor = {
inactive_timeout = 0;
no_hardware_cursors = true;
hide_on_touch = false;
use_cpu_buffer = 0;
enable_hyprcursor = false;
};
env = [
"HYPRCURSOR_THEME,Vanilla-DMZ"
"HYPRCURSOR_SIZE,24"
"GTK_THEME, Juno-ocean"
"GTK_THEME,Juno"
"LIBVA_DRIVER_NAME,nvidia"
"XDG_SESSION_TYPE,wayland"
@ -111,7 +124,7 @@ in
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
package = pkgs.rofi;
location = "center";
terminal = "alacritty";
plugins = with pkgs; [
@ -132,7 +145,7 @@ in
};
packages = with pkgs; [
pavucontrol
pulsemixer
xdg-utils
wl-clipboard
cliphist
@ -146,10 +159,9 @@ in
ranger
highlight
terminus-nerdfont
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-color-emoji
];
sessionVariables = {
@ -180,13 +192,17 @@ in
gtk = {
enable = true;
theme = {
name = "Juno-ocean";
name = "Juno";
package = pkgs.juno-theme;
};
iconTheme = {
name = "Qogir";
package = pkgs.qogir-icon-theme;
};
cursorTheme = {
package = pkgs.vanilla-dmz;
name = "Vanilla-DMZ";
};
gtk3.extraConfig = {
gtk-application-prefer-dark-theme = 1;
};
@ -198,19 +214,21 @@ in
qt = {
enable = true;
style = {
name = "juno-ocean";
name = "juno";
package = pkgs.juno-theme;
};
platformTheme.name = "gtk";
};
xdg.portal = {
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
};
programs = {
imv.enable = true;

7
src/user/modules/gui/wm/i3/config/rofi/config/config.rasi Normal file
View file

@ -0,0 +1,7 @@
configuration {
font: "SF Pro Rounded 10";
show-icons: true;
kb-cancel: "Escape,Alt+F1";
}
@theme "~/.config/rofi/material-ocean.rasi"

95
src/user/modules/gui/wm/i3/config/rofi/config/material-ocean.rasi Normal file
View file

@ -0,0 +1,95 @@
* {
background: #0f111a;
foreground: #f1f1f1;
selected: #ff4151;
}
window {
transparency: "real";
background-color: @background;
text-color: @foreground;
}
prompt {
enabled: true;
padding: 4px 4px 6px 6px;
background-color: @background;
text-color: @foreground;
}
textbox-prompt-colon {
expand: false;
background-color: @background;
padding: 4px 0px 0px 6px;
}
inputbar {
children: [ textbox-prompt-colon, entry ];
background-color: @background;
text-color: @foreground;
expand: false;
border: 0px 0px 0px 0px;
border-radius: 0px;
border-color: @selected;
margin: 0px 0px 0px 0px;
padding: 0px 0px 4px 0px;
position: center;
}
entry {
background-color: @background;
text-color: @foreground;
placeholder-color: @foreground;
expand: true;
horizontal-align: 0;
blink: true;
padding: 4px 0px 0px 4px;
}
case-indicator {
background-color: @background;
text-color: @foreground;
spacing: 0;
}
listview {
background-color: @background;
columns: 1;
spacing: 5px;
cycle: true;
dynamic: true;
layout: vertical;
}
mainbox {
background-color: @background;
children: [ inputbar, listview ];
spacing: 5px;
padding: 5px 5px 5px 5px;
}
element {
background-color: @background;
text-color: @foreground;
orientation: horizontal;
border-radius: 4px;
padding: 6px 6px 6px 6px;
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
element-icon {
size: 18px;
border: 4px;
}
element selected {
background-color: @selected;
text-color: @background;
border: 0px;
border-radius: 0px;
border-color: @selected;
}

183
src/user/modules/gui/wm/i3/config/rofi/default.nix Normal file
View file

@ -0,0 +1,183 @@
{ pkgs, config, ... }:
let
inherit (config.lib.formats.rasi) mkLiteral;
in
{
enable = true;
package = pkgs.rofi;
location = "center";
terminal = "\${pkgs.alacritty}/bin/alacritty";
plugins = with pkgs; [
rofi-emoji
];
#theme = {
# "*" = {
# nord0 = mkLiteral "#2e3440";
# nord1 = mkLiteral "#3b4252";
# nord2 = mkLiteral "#434c5e";
# nord3 = mkLiteral "#4c566a";
# nord4 = mkLiteral "#d8dee9";
# nord5 = mkLiteral "#e5e9f0";
# nord6 = mkLiteral "#eceff4";
# nord7 = mkLiteral "#8fbcbb";
# nord8 = mkLiteral "#88c0d0";
# nord9 = mkLiteral "#81a1c1";
# nord10 = mkLiteral "#5e81ac";
# nord11 = mkLiteral "#bf616a";
# nord12 = mkLiteral "#d08770";
# nord13 = mkLiteral "#ebcb8b";
# nord14 = mkLiteral "#a3be8c";
# nord15 = mkLiteral "#b48ead";
# spacing = 2;
# background-color = mkLiteral "var(nord1)";
# background = mkLiteral "var(nord1)";
# foreground = mkLiteral "var(nord4)";
# normal-background = mkLiteral "var(background)";
# normal-foreground = mkLiteral "var(foreground)";
# alternate-normal-background = mkLiteral "var(background)";
# alternate-normal-foreground = mkLiteral "var(foreground)";
# selected-normal-background = mkLiteral "var(nord8)";
# selected-normal-foreground = mkLiteral "var(background)";
# active-background = mkLiteral "var(background)";
# active-foreground = mkLiteral "var(nord10)";
# alternate-active-background = mkLiteral "var(background)";
# alternate-active-foreground = mkLiteral "var(nord10)";
# selected-active-background = mkLiteral "var(nord10)";
# selected-active-foreground = mkLiteral "var(background)";
# urgent-background = mkLiteral "var(background)";
# urgent-foreground = mkLiteral "var(nord11)";
# alternate-urgent-background = mkLiteral "var(background)";
# alternate-urgent-foreground = mkLiteral "var(nord11)";
# selected-urgent-background = mkLiteral "var(nord11)";
# selected-urgent-foreground = mkLiteral "var(background)";
# };
#
# element = {
# padding = mkLiteral "0px 0px 0px 7px";
# spacing = mkLiteral "5px";
# border = 0;
# cursor = mkLiteral "pointer";
# };
# "element normal.normal" = {
# background-color = mkLiteral "var(normal-background)";
# text-color = mkLiteral "var(normal-foreground)";
# };
# "element normal.urgent" = {
# background-color = mkLiteral "var(urgent-background)";
# text-color = mkLiteral "var(urgent-foreground)";
# };
# "element normal.active" = {
# background-color = mkLiteral "var(active-background)";
# text-color = mkLiteral "var(active-foreground)";
# };
# "element selected.normal" = {
# background-color = mkLiteral "var(selected-normal-background)";
# text-color = mkLiteral "var(selected-normal-foreground)";
# };
# "element selected.urgent" = {
# background-color = mkLiteral "var(selected-urgent-background)";
# text-color = mkLiteral "var(selected-urgent-foreground)";
# };
# "element selected.active" = {
# background-color = mkLiteral "var(selected-active-background)";
# text-color = mkLiteral "var(selected-active-foreground)";
# };
# "element alternate.normal" = {
# background-color = mkLiteral "var(alternate-normal-background)";
# text-color = mkLiteral "var(alternate-normal-foreground)";
# };
# "element alternate.urgent" = {
# background-color = mkLiteral "var(alternate-urgent-background)";
# text-color = mkLiteral "var(alternate-urgent-foreground)";
# };
# "element alternate.active" = {
# background-color = mkLiteral "var(alternate-active-background)";
# text-color = mkLiteral "var(alternate-active-foreground)";
# };
# "element-text" = {
# background-color = mkLiteral "rgba(0, 0, 0, 0%)";
# text-color = mkLiteral "inherit";
# highlight = mkLiteral "inherit";
# cursor = mkLiteral "inherit";
# };
# "element-icon" = {
# background-color = mkLiteral "rgba(0, 0, 0, 0%)";
# size = mkLiteral "1.0000em";
# text-color = mkLiteral "inherit";
# cursor = mkLiteral "inherit";
# };
# window = {
# padding = 0;
# border = 0;
# background-color = mkLiteral "var(background)";
# };
# mainbox = {
# padding = 0;
# border = 0;
# };
# message = {
# margin = mkLiteral "0px 7px";
# };
# textbox = {
# text-color = mkLiteral "var(foreground)";
# };
# listview = {
# margin = mkLiteral "0px 0px 5px";
# scrollbar = true;
# spacing = mkLiteral "2px";
# fixed-height = 0;
# };
# scrollbar = {
# padding = 0;
# handle-width = mkLiteral "14px";
# border = 0;
# handle-color = mkLiteral "var(nord3)";
# };
# button = {
# spacing = 0;
# text-color = mkLiteral "var(normal-foreground)";
# cursor = mkLiteral "pointer";
# };
# "button selected" = {
# background-color = mkLiteral "var(selected-normal-background)";
# text-color = mkLiteral "var(selected-normal-foreground)";
# };
# inputbar = {
# padding = mkLiteral "7px";
# margin = mkLiteral "7px";
# spacing = 0;
# text-color = mkLiteral "var(normal-foreground)";
# background-color = mkLiteral "var(nord3)";
# children = [ "entry" ];
# };
# entry = {
# spacing = 0;
# cursor = mkLiteral "text";
# text-color = mkLiteral "var(normal-foreground)";
# background-color = mkLiteral "var(nord3)";
# };
#};
}

144
src/user/modules/gui/wm/i3/default.nix Normal file
View file

@ -0,0 +1,144 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.user.gui.wm.sway;
modifier = config.wayland.windowManager.sway.config.modifier;
wallpaper = builtins.fetchurl {
url = "https://images6.alphacoders.com/117/1174033.png";
sha256 = "1ph5m9s57076jx6042iipqx2ifzadmd5z4lf5l49wgq4jb92mp16";
};
barStatus = pkgs.writeShellScript "status.sh" ''
#!/usr/bin/env bash
while :; do
echo "$(ip -4 addr show eno1 | awk '/inet / {print $2}' | cut -d'/' -f1) | $(free -h | awk '/^Mem/ {print $3}') | $(date +'%I:%M:%S %p') | $(date +'%m-%d-%Y')"; sleep 1;
done
'';
in
{ options.modules.user.gui.wm.i3 = { enable = mkEnableOption "Enable i3 WM"; };
config = mkIf cfg.enable {
xsession = {
enable = true;
windowManager.i3 = {
config = {
defaultWorkspace = "workspace number 1";
fonts = {
names = [ "Terminus" ];
};
modifier = "Mod1";
menu = "rofi -show drun -show-icons -drun-icon-theme Qogir -font 'Noto Sans 14'";
terminal = "${pkgs.alacritty}/bin/alacritty";
bars = [
{
position = "top";
statusCommand = "${barStatus}";
fonts = {
names = [ "Terminus" ];
size = 12.0;
};
colors = {
background = "#0A0E14";
statusline = "#FFFFFF";
};
}
];
gaps = {
smartGaps = false;
inner = 10;
};
floating = {
titlebar = false;
border = 0;
criteria = [
{
title = "Android Emulator";
}
];
};
window = {
titlebar = false;
border= 0;
};
keybindings = lib.mkOptionDefault {
"${modifier}+q" = "kill";
"Print" = "exec grim ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png";
"${modifier}+Shift+Print" = "exec grim -g \"$(slurp)\" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png";
"${modifier}+Print" = ''exec sh -c 'grim -g "$(swaymsg -t get_tree | jq -j '"'"'.. | select(.type?) | select(.focused).rect | "\(.x),\(.y) \(.width)x\(.height)"'"'"')" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png' '';
"${modifier}+Shift+f" = "exec alacritty -e sh -c 'EDITOR=nvim ranger'";
"${modifier}+Shift+d" = "exec rofi -modi emoji -show emoji";
};
};
extraConfig = ''
exec_always ${pkgs.autotiling}/bin/autotiling -sr "1.61"
'';
};
};
programs.rofi = import ./config/rofi { inherit pkgs config lib; };
home.file.".config/rofi" = {
source = ./config/rofi/config;
recursive = true;
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
config.common.default = "*";
};
};
gtk = {
enable = true;
theme.package = pkgs.juno-theme;
theme.name = "Juno-ocean";
iconTheme.package = pkgs.qogir-icon-theme;
iconTheme.name = "Qogir";
};
qt = {
enable = true;
style.package = pkgs.juno-theme;
platformTheme.name = "gtk";
};
home.packages = with pkgs; [
pavucontrol
xdg-utils
wl-clipboard
autotiling
grim
jq
slurp
ranger
highlight
nerd-fonts.terminess-ttf
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
];
programs = {
imv.enable = true;
};
fonts.fontconfig.enable = true;
};
}

32
src/user/modules/gui/wm/shared/mimeapps/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, lib, config, ... }:
let
browser = config.programs;
fileTypes = [
"text/html" "application/pdf" "application/xml"
"image/png" "image/svg+xml" "image/jpg"
"image/jpeg" "image/gif" "image/webp"
"image/avif" "image/bmp" "image/tiff"
];
defaultBrowser = if browser.firefox.enable then
"firefox.desktop"
else if browser.brave.enable then
"brave-browser.desktop"
else if browser.chromium.enable then
"chromium.desktop"
else null;
in
{
xdg.mimeApps = lib.optionalAttrs (defaultBrowser != null && config.xdg.portal.enable) {
enable = true;
defaultApplications = builtins.listToAttrs (
map (type: {
name = type;
value = [ defaultBrowser ];
}) fileTypes
);
};
}

Some files were not shown because too many files have changed in this diff Show more