bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 08:39:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: bryan:e74ae46d569ff63a867afa335b6dd105d91c734e
Branches Tags
bryan:master
..
compare: bryan:579a564ce519ef353a0fdcb21830d4a0db5ed4be
Branches Tags
bryan:master

No commits in common. "e74ae46d569ff63a867afa335b6dd105d91c734e" and "579a564ce519ef353a0fdcb21830d4a0db5ed4be" have entirely different histories.
e74ae46d56 ... 579a564ce5

128 changed files with 1921 additions and 2898 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
*.qcow2 *.qcow2
result result
.direnv

15
.gitmodules vendored
View file

@ -1,15 +0,0 @@
[submodule "nvim"]
path = src/user/modules/utils/modules/neovim/config/nvim
url = https://github.com/itme-brain/nvim.git
[submodule "vim"]
path = src/user/modules/utils/modules/vim/vim
url = https://github.com/itme-brain/vim.git
[submodule "git"]
path = src/user/modules/git/git
url = https://github.com/itme-brain/git.git
[submodule "bash"]
path = src/user/modules/bash/config/bash
url = https://github.com/itme-brain/bash.git

153
README.md
View file

@ -1,145 +1,38 @@
# My Nix Configurations 💻 # My Nix Configurations 💻
My modular Nix configs 🔥 My modular Nix configs🔥
## Requirements ⚙️
## Requirements ⚙️
- [Nix 2.0 & Flakes enabled](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS) - [Nix 2.0 & Flakes enabled](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS)
- [NixOS](https://www.nixos.org/) for system configurations
- [Nix Home-Manager](https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-standalone) for user configurations
## Flake Endpoints ❄️ ### NixOS Configurations
- [NixOS](https://www.nixos.org/)
### Home-Manager Configuration
- [Nix Home-Manager](https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-standalone)
NixOS Configurations: `desktop` · `workstation` · `server` (wip) · `vm` · `wsl` # Flake End-Points Exposed ❄️
NixOS Configurations:
- desktop
- wsl
- server (wip)
- vm
## Fresh Install 🚀 Home-Manager Configurations:
- workstation
From the NixOS live installer: Fork this repo, take inspiration, borrow ideas and create your own NixOS configs & modules
```bash ## Developing & Customizing 🔧
# Enable flakes (not enabled by default on installer) If you need a list of available packages and options:
echo "experimental-features = nix-command flakes" | sudo tee -a /etc/nix/nix.conf
# Clone repo
nix run nixpkgs#git -- clone --recurse-submodules https://github.com/itme-brain/nixos.git
cd nixos
# Enter dev shell and install
nix develop
just install desktop
```
Replace `desktop` with `workstation` or `vm` as needed.
## Getting Started 🔧
```bash
git clone --recurse-submodules git@github.com:itme-brain/nixos.git
```
Enter the dev shell with `nix develop`, then run `just` to see available project scripts.
Useful resources:
- [nixpkgs Packages](https://search.nixos.org/packages) 📦️ - [nixpkgs Packages](https://search.nixos.org/packages) 📦️
- [nixpkgs Options](https://search.nixos.org/options?) 🔍️ - [nixpkgs Options](https://search.nixos.org/options?) 🔍️
- [Home-Manager Options](https://mipmip.github.io/home-manager-option-search/) ☕️ - [Home-Manager Options](https://mipmip.github.io/home-manager-option-search/) ☕️
⚠️ Be sure to tailor any hardware settings to your own — replace the `hardware.nix` in `src/system/machines/<machine>` with output from `nixos-generate-config` Invoke `nix develop` to enter a development shell powered by [`just`](https://github.com/casey/just)
Invoke `just` in order to view an available list of project scripts
## Submodules 🔗 `user.configs.nix` is a symlink to conveniently access centrally defined common user variables from the repo root
Standalone portable configurations maintained as separate repos. Each can be cloned independently on any system — NixOS or not. ⚠️ Be sure to tailor any hardware settings to your own
⚠️ Replace the `hardware.nix` found in the `src/system/machines/<machine>` directory
| Submodule | Purpose | Repo | Standalone Install | ⚠️ Run `nixos-generate-config` to generate a `hardware-configuration.nix` for your current system
|-----------|---------|------|--------------------|
| **nvim** | Full IDE (LSP, treesitter, telescope) | [itme-brain/nvim](https://github.com/itme-brain/nvim) | `git clone git@github.com:itme-brain/nvim.git ~/.config/nvim` |
| **vim** | Lightweight editor for headless servers | [itme-brain/vim](https://github.com/itme-brain/vim) | `git clone git@github.com:itme-brain/vim.git ~/.vim` |
```bash
# Update a submodule
cd <submodule-path>
git add . && git commit -m "your changes" && git push
cd /path/to/nixos
git add <submodule-path> && git commit -m "Update <name> submodule"
# Pull submodule updates from remote
git submodule update --remote
git add <submodule-path> && git commit -m "Update <name> submodule"
```
## Directory Structure 🗂️
```
.
├── flake.nix # Flake entrypoint - defines all NixOS configurations
├── flake.lock
├── justfile # Project scripts (via `just`)
├── system.configs -> src/system/machines/ # Symlink for quick access
├── user.configs -> src/user/config/ # Symlink for quick access
└── src/
├── system/ # System-level (NixOS) configuration
│ ├── machines/ # Per-machine NixOS configurations
│ │ ├── desktop/ # Desktop config (flake: nixosConfigurations.desktop)
│ │ │ ├── default.nix # Machine entry point
│ │ │ ├── hardware.nix # Machine-specific hardware config
│ │ │ ├── system.nix # System-level settings
│ │ │ └── modules/
│ │ │ ├── disko/ # Disk partitioning (disko)
│ │ │ └── home-manager/ # Home-manager integration + home.nix
│ │ ├── workstation/ # Workstation config (same structure as desktop)
│ │ ├── server/ # Server config (no disko)
│ │ ├── vm/ # VM config
│ │ ├── wsl/ # WSL config (includes wsl module)
│ │ └── laptop/ # Laptop config (stub)
│ └── modules/ # Shared system modules (imported by machines)
│ ├── default.nix
│ ├── bitcoin/ # Bitcoin node + electrum server
│ ├── forgejo/ # Self-hosted Forgejo
│ └── nginx/ # Nginx reverse proxy
└── user/ # User-level (home-manager) configuration
├── default.nix # User module entry point
├── config/ # User identity & settings
│ ├── default.nix # Common user variables (username, email, etc.)
│ ├── bookmarks/ # Browser bookmarks
│ ├── keys/ # Public keys
│ │ ├── pgp/ # PGP public keys
│ │ └── ssh/ # SSH public keys
│ ├── nvim # Symlink to neovim submodule config
│ └── vim # Symlink to vim submodule config
└── modules/ # Home-manager modules
├── bash/ # Shell config (aliases, prompt, bashrc)
├── git/ # Git config + helper scripts
├── tmux/ # Tmux config
├── security/ # Security tools (GPG)
├── utils/ # CLI utilities
│ └── modules/
│ ├── dev/ # Dev tools (penpot, PCB design)
│ ├── email/ # Email client (aerc)
│ ├── irc/ # IRC client
│ ├── neovim/ # Neovim (config is a git submodule)
│ └── vim/ # Vim lightweight (config is a git submodule)
└── gui/ # GUI applications
├── modules/
│ ├── alacritty/ # Terminal emulator
│ ├── browsers/ # Firefox & Chromium
│ ├── corn/ # Corn app
│ ├── fun/ # Discord, etc.
│ ├── utils/ # GUI utilities
│ └── writing/ # Writing tools
└── wm/ # Window managers
├── hyprland/ # Hyprland (Wayland) + waybar, rofi
├── sway/ # Sway (Wayland) + rofi
├── i3/ # i3 (X11) + rofi
└── shared/ # Shared WM config (mimeapps)
```
### How it works
**flake.nix** defines NixOS configurations (desktop, workstation, server, wsl) that each reference a machine under `src/system/machines/`. Each machine's `default.nix` pulls in its own `hardware.nix`, `system.nix`, and per-machine modules (disko, home-manager).
The **system layer** (`src/system/`) handles NixOS-level concerns: hardware, bootloader, networking, and system services. Shared modules in `src/system/modules/` can be imported by any machine.
The **user layer** (`src/user/`) handles home-manager configuration. `src/user/config/` defines user identity (name, email, keys), while `src/user/modules/` contains modular home-manager configs for individual tools. Each machine's `home-manager/home.nix` selects which user modules to enable.
Root symlinks `system.configs` and `user.configs` provide quick access to machine definitions and user config from the repo root.

99
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773025010, "lastModified": 1721007199,
"narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", "narHash": "sha256-Gof4Lj1rgTrX59bNu5b/uS/3X/marUGM7LYw31NoXEA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", "rev": "bad376945de7033c7adc424c02054ea3736cf7c4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,11 +23,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1696426674,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,24 +36,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": { "flake-utils": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "systems": "systems"
"nur",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1733312601, "lastModified": 1701680307,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "hercules-ci", "owner": "numtide",
"repo": "flake-parts", "repo": "flake-utils",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "numtide",
"repo": "flake-parts", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
@ -64,16 +61,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772985280, "lastModified": 1720042825,
"narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f736f007139d7f70752657dff6a401a585d6cbc", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.11", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -81,68 +78,49 @@
"nixos-wsl": { "nixos-wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1739577062, "lastModified": 1702823833,
"narHash": "sha256-u/trdPzJO8UotNq48RbG7m6Pe8761IEMCOY0QidNjY4=", "narHash": "sha256-Sreo1VEMSwS/T83QxXeN1cDtgXWXPMibGYfQ8pLLSVc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "0b2b8b31f69f24e9a75b4b18a32c771a48612d5e", "rev": "34eda458bd3f6bad856a99860184d775bc1dd588",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "2411.6.0", "ref": "2311.5.3",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1772822230, "lastModified": 1720954236,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.11", "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nur": { "nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2"
},
"locked": { "locked": {
"lastModified": 1773108757, "lastModified": 1730795826,
"narHash": "sha256-3BAoe2R6YA6Xjdsgx3urZ4Ns3LeTy0E/w5d1wPny910=", "narHash": "sha256-5eUMYntBzgV2EPdPWY4acON2vc4zWrRR7rOJifTqrIE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "9f2c583704f122828e6f9893416ca3b007464ee6", "rev": "689c78bc78b5a3aa0e86a2f5cd25a266015791ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,6 +137,21 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur" "nur": "nur"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

48
flake.nix
View file

@ -1,19 +1,17 @@
{ {
description = "My Nix Configs"; description = "My Nix Configs";
inputs = inputs = {
{ nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
self.submodules = true;
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-wsl = { nixos-wsl = {
url = "github:nix-community/NixOS-WSL/2411.6.0"; url = "github:nix-community/NixOS-WSL/2311.5.3";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { disko = {
@ -22,7 +20,7 @@
}; };
}; };
outputs = { nixpkgs, nur, home-manager, nixos-wsl, disko, ... }: outputs = { self, nixpkgs, nur, home-manager, nixos-wsl, disko }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -31,7 +29,7 @@
allowUnfree = true; allowUnfree = true;
}; };
overlays = [ overlays = [
nur.overlays.default nur.overlay
]; ];
}; };
@ -42,26 +40,17 @@
desktop = nixpkgs.lib.nixosSystem { desktop = nixpkgs.lib.nixosSystem {
inherit system pkgs; inherit system pkgs;
modules = [ modules = [
disko.nixosModules.disko
./src/system/machines/desktop ./src/system/machines/desktop
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
(import ./src/system/machines/desktop/modules/home-manager) (import ./src/system/machines/desktop/modules/home-manager)
]; #disko.nixosModules.disko
}; # (import ./src/system/machines/desktop/modules/disko)
workstation = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./src/system/machines/workstation
home-manager.nixosModules.home-manager
(import ./src/system/machines/workstation/modules/home-manager)
]; ];
}; };
server = nixpkgs.lib.nixosSystem { server = nixpkgs.lib.nixosSystem {
inherit system pkgs; inherit system pkgs;
modules = [ modules = [
disko.nixosModules.disko
./src/system/machines/server ./src/system/machines/server
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
(import ./src/system/machines/server/modules/home-manager) (import ./src/system/machines/server/modules/home-manager)
@ -73,18 +62,33 @@
modules = [ modules = [
./src/system/machines/wsl ./src/system/machines/wsl
nixos-wsl.nixosModules.wsl nixos-wsl.nixosModules.wsl
(import ./src/system/machines/wsl/modules/wsl) (import ./src/system/machines/wsl/wsl.nix)
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
(import ./src/system/machines/wsl/modules/home-manager) (import ./src/system/machines/wsl/home.nix)
]; ];
}; };
vm = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./src/system/machines/vm
home-manager.nixosModules.home-manager
(import ./src/system/machines/vm/modules/home-manager)
disko.nixosModules.disko
(import ./src/system/machines/vm/modules/disko)
];
};
};
homeConfigurations."work" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [ ./src/system/machines/workstation ];
}; };
devShells.${system}.default = mkShell { devShells.${system}.default = mkShell {
name = "devShell"; name = "devShell";
packages = [ packages = [
just just
age
]; ];
}; };
}; };

467
justfile
View file

@ -1,240 +1,205 @@
SYSTEM := "$(echo $HOSTNAME)" SYSTEM := "$(echo $HOSTNAME)"
VALID_SYSTEMS := "desktop workstation server wsl vm laptop"
# Print this list # Print this list
default: default:
@just --list @just --list
# Validate system argument
[private]
_validate SYSTEM:
#!/usr/bin/env bash
case "{{SYSTEM}}" in
desktop|workstation|server|wsl|vm|laptop) ;;
*) echo "Error: Unknown system '{{SYSTEM}}'. Use one of: {{VALID_SYSTEMS}}"; exit 1 ;;
esac
# Helper to parse submodules from .gitmodules
[private]
_subs_init := '''
declare -A SUBS
while read -r key path; do
name="${key#submodule.}"; name="${name%.path}"
SUBS[$name]="$path"
done < <(git config -f .gitmodules --get-regexp 'submodule\..*\.path')
'''
# Clean up build artifacts # Clean up build artifacts
[group('nix')]
clean: clean:
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
echo "Cleaning build artifacts" echo "Cleaning build artifacts"
rm -f result if [ -d result ]; then
rm -f ./*.qcow2 echo "Removing result directory..."
echo "Done" rm ./result;
fi
if ls *.qcow2 1> /dev/null 2>&1; then
echo "Removing virtual disk..."
rm ./*.qcow2;
fi
echo "All clean!"
# Output what derivations will be built # Output what derivations will be built
[group('nix')] out TYPE SYSTEM="desktop":
out SYSTEM="desktop": (_validate SYSTEM)
@echo "Outputting derivations to be built for {{SYSTEM}}..."
@nix build --dry-run .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
# Test switch into the next generation
[group('nixos')]
test SYSTEM="desktop": (_validate SYSTEM)
@echo "Testing switching to next NixOS generation for {{SYSTEM}}..."
@sudo nixos-rebuild test --flake .#{{SYSTEM}}
# Build the nix expression and hydrate the results directory
[group('nix')]
build SYSTEM="desktop": (_validate SYSTEM)
@echo "Building NixOS configuration for {{SYSTEM}}..."
@nix build .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
@echo -e "\033[32mBuild success - result directory hydrated\033[0m"
# Deploy a vm of the defined system
[group('nixos')]
vm SYSTEM: (_validate SYSTEM)
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
echo "Building VM for {{SYSTEM}}..." case "{{TYPE}}" in
nixos-rebuild build-vm --flake .#{{SYSTEM}} "nix")
if [[ -f result/bin/run-{{SYSTEM}}-vm ]]; then if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Testing NixOS configuration for {{SYSTEM}}..."
nix build --dry-run .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " wsl"
echo " vm"
exit 1
fi
;;
"home")
echo "Testing home configuration..."
nix build --dry-run .#homeConfigurations."workstation".config.home-manager.build.toplevel -L
exit 0
;;
*)
echo "Invalid usage: {{TYPE}}.";
echo "Use one of:"
echo " nix"
echo " home"
exit 1
;;
esac
# Test switch into the next generation
test TYPE SYSTEM="desktop":
#!/usr/bin/env bash
set -euo pipefail
case "{{TYPE}}" in
"nix")
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Testing next NixOS generation for {{SYSTEM}}..."
sudo nixos-rebuild test --flake .#{{SYSTEM}}
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " wsl"
echo " vm"
exit 1
fi
;;
"home")
echo "Testing home configuration..."
nix build --dry-run .#homeConfigurations."workstation".config.home-manager.build.toplevel -L
exit 0
;;
*)
echo "Invalid usage: {{TYPE}}.";
echo "Use one of:"
echo " nix"
echo " home"
exit 1
;;
esac
# Build the nix expression and hydrate the results directory
make TYPE SYSTEM="desktop":
#!/usr/bin/env bash
set -euo pipefail
case "{{TYPE}}" in
"nix")
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Hydrating resulting NixOS configuration for {{SYSTEM}}..."
nix build .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
exit 0
else
echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " wsl"
echo " vm"
exit 1
fi
;;
"home")
echo "Hydrating resulting home configuration..."
nix build --dry-run .#homeConfigurations."workstation".config.home-manager.build.toplevel -L
exit 0
;;
*)
echo "Invalid usage: {{TYPE}}."
echo "Use one of:"
echo " nix"
echo " home"
exit 1
;;
esac
# Deploy a vm of the defined system
vm SYSTEM:
#!/usr/bin/env bash
set -euo pipefail
if
[ "{{SYSTEM}}" = "desktop" ] || \
[ "{{SYSTEM}}" = "server" ] || \
[ "{{SYSTEM}}" = "wsl" ] || \
[ "{{SYSTEM}}" = "vm" ] || \
[ "{{SYSTEM}}" = "laptop" ]
then
echo "Building VM for {{SYSTEM}}..."
nixos-rebuild build-vm --flake .#{{SYSTEM}}
result/bin/run-{{SYSTEM}}-vm result/bin/run-{{SYSTEM}}-vm
exit 0
else else
echo "Error: VM build failed!" echo "Error: Unknown argument - '{{SYSTEM}}'"
echo "Use one of:"
echo " desktop"
echo " server"
echo " laptop"
echo " vm"
echo " wsl"
exit 1 exit 1
fi fi
# grep nixpkgs for PKG # grep nixpkgs for PKG
[group('nix')]
search PKG: search PKG:
nix search nixpkgs {{PKG}} nix search nixpkgs {{PKG}}
# Open nixos packages in the browser # Open nixos packages in the browser
[group('nix')]
pkgs: pkgs:
@xdg-open https://search.nixos.org/packages @xdg-open https://search.nixos.org/packages
# Open nixos options in the browser # Open nixos options in the browser
[group('nix')]
options: options:
@xdg-open https://search.nixos.org/options @xdg-open https://search.nixos.org/options
# NixOS-rebuild switch for the current system # NixOS-rebuild switch for the current system
[group('nixos')]
switch: switch:
@echo -e "\033[32m->> Switching to next generation ->>\033[0m" @echo -e "\033[32m->> Switching to next generation ->>\033[0m"
@sudo nixos-rebuild switch --flake .#{{SYSTEM}} @sudo nixos-rebuild switch --flake .#{{SYSTEM}}
# Rollback to previous generation # Rollback to previous generation
[group('nixos')] rollback SYSTEM="nixos":
rollback: #!/usr/bin/env bash
@sudo nixos-rebuild switch --rollback set -euo pipefail
if [ {{SYSTEM}} = "nixos" ]; then
sudo nixos-rebuild switch --rollback
fi
# NixOS-rebuild boot for the current system # NixOS-rebuild boot for the current system
[group('nixos')]
boot: boot:
@echo -e "\033[34m->> Reboot to new generation ->>\033[0m" @echo -e "\033[34m->> Reboot to new generation ->>\033[0m"
@echo "Switching to next generation on reboot"
@sudo nixos-rebuild boot --flake .#{{SYSTEM}} @sudo nixos-rebuild boot --flake .#{{SYSTEM}}
# Partition disk only (interactive disk selection)
[group('nixos')]
partition SYSTEM:
#!/usr/bin/env bash
set -euo pipefail
DISKO_CONFIG="./src/system/machines/{{SYSTEM}}/modules/disko/default.nix"
if [[ ! -f "$DISKO_CONFIG" ]]; then
echo "Error: No disko config for '{{SYSTEM}}'"
exit 1
fi
# Build array of disk options with readable info
declare -a DISK_IDS
declare -a DISK_OPTIONS
for id in /dev/disk/by-id/*; do
name=$(basename "$id")
[[ "$name" =~ part ]] && continue
[[ ! "$name" =~ ^(ata|nvme|scsi)- ]] && continue
dev=$(readlink -f "$id")
dev_name=$(basename "$dev")
size=$(lsblk -dn -o SIZE "$dev" 2>/dev/null) || continue
model=$(lsblk -dn -o MODEL "$dev" 2>/dev/null | xargs) || model=""
DISK_IDS+=("$id")
DISK_OPTIONS+=("$dev_name $size $model")
done
if [[ ${#DISK_IDS[@]} -eq 0 ]]; then
echo "No disks found!"
exit 1
fi
echo "Select a disk:"
select opt in "${DISK_OPTIONS[@]}"; do
if [[ -n "$opt" ]]; then
idx=$((REPLY - 1))
DISK="${DISK_IDS[$idx]}"
break
else
echo "Invalid selection"
fi
done
echo ""
echo -e "\033[31m!! WARNING: This will DESTROY all data on $DISK !!\033[0m"
read -p "Continue? [y/N]: " confirm
case "${confirm,,}" in
y|yes) ;;
*) echo "Aborted."; exit 1 ;;
esac
echo "Writing disk '$DISK' to disko config..."
sed -i "s|device = \"/dev/disk/by-id/[^\"]*\";|device = \"$DISK\";|" "$DISKO_CONFIG"
echo "Partitioning $DISK..."
sudo nix \
--extra-experimental-features "nix-command flakes" \
run github:nix-community/disko -- \
--mode destroy,format,mount \
"$DISKO_CONFIG"
echo -e "\033[32mPartitioning complete. Disk mounted at /mnt.\033[0m"
# Install NixOS (partition + install in one shot)
[group('nixos')]
install SYSTEM:
#!/usr/bin/env bash
set -euo pipefail
DISKO_CONFIG="./src/system/machines/{{SYSTEM}}/modules/disko/default.nix"
if [[ ! -f "$DISKO_CONFIG" ]]; then
echo "Error: No disko config for '{{SYSTEM}}'"
exit 1
fi
# Build array of disk options with readable info
declare -a DISK_IDS
declare -a DISK_OPTIONS
for id in /dev/disk/by-id/*; do
name=$(basename "$id")
[[ "$name" =~ part ]] && continue
[[ ! "$name" =~ ^(ata|nvme|scsi)- ]] && continue
dev=$(readlink -f "$id")
dev_name=$(basename "$dev")
size=$(lsblk -dn -o SIZE "$dev" 2>/dev/null) || continue
model=$(lsblk -dn -o MODEL "$dev" 2>/dev/null | xargs) || model=""
DISK_IDS+=("$id")
DISK_OPTIONS+=("$dev_name $size $model")
done
if [[ ${#DISK_IDS[@]} -eq 0 ]]; then
echo "No disks found!"
exit 1
fi
echo "Select a disk:"
select opt in "${DISK_OPTIONS[@]}"; do
if [[ -n "$opt" ]]; then
idx=$((REPLY - 1))
DISK="${DISK_IDS[$idx]}"
break
else
echo "Invalid selection"
fi
done
echo ""
echo -e "\033[31m!! WARNING: This will DESTROY all data on $DISK !!\033[0m"
read -p "Continue? [y/N]: " confirm
case "${confirm,,}" in
y|yes) ;;
*) echo "Aborted."; exit 1 ;;
esac
echo "Writing disk '$DISK' to disko config..."
sed -i "s|device = \"/dev/disk/by-id/[^\"]*\";|device = \"$DISK\";|" "$DISKO_CONFIG"
echo "Partitioning and installing NixOS..."
sudo nix \
--extra-experimental-features "nix-command flakes" \
run github:nix-community/disko/latest#disko-install -- \
--flake .#{{SYSTEM}} \
--disk main "$DISK"
echo -e "\033[32mDone! Reboot to start NixOS.\033[0m"
# Commit all changes and push to upstream # Commit all changes and push to upstream
[group('git')]
gh COMMIT_MESSAGE: gh COMMIT_MESSAGE:
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
@ -242,125 +207,17 @@ gh COMMIT_MESSAGE:
git commit -m "{{COMMIT_MESSAGE}}" git commit -m "{{COMMIT_MESSAGE}}"
git push git push
# Show status of submodules with changes #Fetch resources and compute sha256 hash
[group('submodule')]
sstatus:
#!/usr/bin/env bash
{{_subs_init}}
for name in "${!SUBS[@]}"; do
status=$(git -C "${SUBS[$name]}" status -s)
[[ -n "$status" ]] && echo -e "\033[34m$name:\033[0m" && echo "$status"
done
# Pull all submodules and parent
[group('submodule')]
spull:
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
git pull
for name in "${!SUBS[@]}"; do
echo -e "\033[34m$name:\033[0m"
git -C "${SUBS[$name]}" pull
done
# Push submodules and parent
[group('submodule')]
spush NAME="":
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
if [[ -n "{{NAME}}" ]]; then
path="${SUBS[{{NAME}}]:-}"
[[ -z "$path" ]] && echo "Unknown: {{NAME}}. Available: ${!SUBS[*]}" && exit 1
git -C "$path" push
else
for path in "${SUBS[@]}"; do git -C "$path" push; done
fi
git push
# Commit submodule changes and update parent
[group('submodule')]
scommit NAME="":
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
MSGS=()
commit_sub() {
local name="$1" path="$2"
[[ -z "$(git -C "$path" status -s)" ]] && return 0
echo -e "\033[34m$name:\033[0m"
git -C "$path" status -s
read -p "Commit message: " MSG
[[ -z "$MSG" ]] && return 0
git -C "$path" add -A && git -C "$path" commit -m "$MSG"
git add "$path"
MSGS+=("$name: $MSG")
}
if [[ -n "{{NAME}}" ]]; then
path="${SUBS[{{NAME}}]:-}"
[[ -z "$path" ]] && echo "Unknown: {{NAME}}. Available: ${!SUBS[*]}" && exit 1
commit_sub "{{NAME}}" "$path"
else
for name in "${!SUBS[@]}"; do commit_sub "$name" "${SUBS[$name]}"; done
fi
if ! git diff --cached --quiet; then
COMMIT_MSG="updated submodules"$'\n'
for m in "${MSGS[@]}"; do COMMIT_MSG+="- $m"$'\n'; done
git commit -m "$COMMIT_MSG"
fi
# Commit and push submodules + parent
[group('submodule')]
ssync NAME="":
#!/usr/bin/env bash
set -euo pipefail
{{_subs_init}}
MSGS=()
sync_sub() {
local name="$1" path="$2"
[[ -z "$(git -C "$path" status -s)" ]] && return 0
echo -e "\033[34m$name:\033[0m"
git -C "$path" status -s
read -p "Commit message: " MSG
[[ -z "$MSG" ]] && return 0
git -C "$path" add -A && git -C "$path" commit -m "$MSG"
git -C "$path" push
git add "$path"
MSGS+=("$name: $MSG")
}
if [[ -n "{{NAME}}" ]]; then
path="${SUBS[{{NAME}}]:-}"
[[ -z "$path" ]] && echo "Unknown: {{NAME}}. Available: ${!SUBS[*]}" && exit 1
sync_sub "{{NAME}}" "$path"
else
for name in "${!SUBS[@]}"; do sync_sub "$name" "${SUBS[$name]}"; done
fi
if ! git diff --cached --quiet; then
COMMIT_MSG="updated submodules"$'\n'
for m in "${MSGS[@]}"; do COMMIT_MSG+="- $m"$'\n'; done
git commit -m "$COMMIT_MSG"
fi
git push
# Fetch resources and compute sha256 hash
[group('nix')]
hash URL: hash URL:
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
if [[ "{{URL}}" =~ \.(tar(\.gz)?|tgz|gz|zip)$ ]]; then if echo "{{URL}}" | grep -E '\.(tar\.gz|tgz|zip)$'; then
CONTENTS=$(nix-prefetch-url --unpack {{URL}}) CONTENTS=$(nix-prefetch-url --unpack {{URL}} | tail -n 1)
else else
CONTENTS=$(nix-prefetch-url {{URL}}) CONTENTS=$(nix-prefetch-url {{URL}} | tail -n 1)
fi fi
HASH=$(nix hash convert --hash-algo sha256 "$CONTENTS") HASH=$(nix hash to-sri --type sha256 "$CONTENTS")
echo -e "\033[32m$HASH\033[0m" echo -e "\033[32m$HASH\033[0m"

14
src/system/config/default.nix
View file

@ -1,14 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
{
options = {
machines = mkOption {
description = "Machine Configurations";
type = types.attrs;
default = {
keys = import ./keys { inherit lib; };
};
};
};
}

33
src/system/config/keys/default.nix
View file

@ -1,33 +0,0 @@
{ lib }:
with builtins;
let
extractName = filename:
let
# Remove .key extension
noKey = lib.removeSuffix ".key" filename;
# Remove .pub/.priv/.public/.private markers
noMarkers = replaceStrings
[ ".pub" ".priv" ".public" ".private" ]
[ "" "" "" "" ]
noKey;
in noMarkers;
constructKeys = dir: (
listToAttrs (
map (subdir: {
name = subdir;
value = listToAttrs (
map (file: {
name = extractName file;
value = readFile "${dir}/${subdir}/${file}";
}) (filter (file:
(readDir "${dir}/${subdir}").${file} == "regular" &&
lib.hasSuffix ".key" file
) (attrNames (readDir "${dir}/${subdir}")))
);
}) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
)
);
in
constructKeys ./.

3
src/system/config/keys/desktop/README.md
View file

@ -1,3 +0,0 @@
# Desktop Keys
ssh.pub.key - ~/.ssh/id_rsa

1
src/system/config/keys/desktop/ssh.pub.key
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYXfu4Jc/HtdyhOfAdCXYzhqCubIq3Bz6Kl9NDUov76 bryan@desktop

19
src/system/machines/desktop/README.md
View file

@ -1,19 +0,0 @@
## Hardware
| Component | Model |
|-------------|------------------------------------|
| Motherboard | MSI B760 GAMING PLUS WIFI |
| CPU | Intel Core i7-12700KF (12th Gen) |
| GPU | NVIDIA GeForce GTX 1650 |
| Storage | 2x 2TB Crucial MX500 SSD |
## Memory
| Slot | Size | Manufacturer | Part Number | Speed |
|---------|------|----------------|-------------|------------|
| DIMM A1 | - | - | - | - |
| DIMM A2 | 16GB | Team Group Inc | UD5-6000 | 4800 MT/s |
| DIMM B1 | - | - | - | - |
| DIMM B2 | 16GB | Team Group Inc | UD5-6000 | 4800 MT/s |
**Total: 32GB DDR5**

2
src/system/machines/desktop/default.nix
View file

@ -3,9 +3,7 @@
{ {
imports = [ imports = [
../../../user/config ../../../user/config
../../config
./hardware.nix ./hardware.nix
./system.nix ./system.nix
./modules/disko
]; ];
} }

135
src/system/machines/desktop/hardware.nix
View file

@ -1,83 +1,84 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
with lib;
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
options.monitors = mkOption { boot = {
type = types.listOf (types.submodule { initrd = {
options = { availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
name = mkOption { type = types.str; example = "HDMI-A-1"; }; kernelModules = [ "dm-snapshot" ];
width = mkOption { type = types.int; }; };
height = mkOption { type = types.int; }; extraModulePackages = [ ];
x = mkOption { type = types.int; }; kernelPackages = pkgs.linuxPackages_zen;
y = mkOption { type = types.int; }; kernelParams = [ "intel_iommu=on" ];
scale = mkOption { type = types.float; }; kernelModules = [ "kvm-intel" "virtio" "vfio-pci" "coretemp" ];
refreshRate = mkOption { type = types.int; };
};
});
default = [];
description = "System monitor configuration";
}; };
config = { environment.systemPackages = with pkgs; [
monitors = [ linuxHeaders
{ name = "HDMI-A-1"; width = 1920; height = 1080; x = 0; y = 0; scale = 1.0; refreshRate = 60; }
{ name = "DP-1"; width = 1920; height = 1080; x = 1920; y = 0; scale = 1.0; refreshRate = 60; }
];
boot = { vulkan-headers
initrd = { vulkan-loader
availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; vulkan-tools
kernelModules = [ "dm-snapshot" ]; vulkan-extension-layer
}; glxinfo
extraModulePackages = [ ]; mesa
kernelPackages = pkgs.linuxPackages_zen;
kernelParams = [ "intel_iommu=on" ]; cudaPackages.cudatoolkit
kernelModules = [ "kvm-intel" "virtio" "vfio-pci" "coretemp" ]; cudaPackages.cudnn
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/8a323092-39b9-4913-8839-452156e48922";
fsType = "ext4";
}; };
environment.systemPackages = with pkgs; [ "/home" = {
linuxHeaders device = "/dev/disk/by-uuid/84474517-05eb-45aa-880e-c18301483b53";
fsType = "ext4";
vulkan-headers
vulkan-loader
vulkan-tools
vulkan-extension-layer
mesa
mesa-demos
cudaPackages.cudatoolkit
cudaPackages.cudnn
];
hardware = {
cpu = {
intel = {
updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
};
nvidia = {
open = true;
modesetting.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
graphics = {
enable = true;
enable32Bit = true;
};
}; };
virtualisation.libvirtd = { "/boot" = {
device = "/dev/disk/by-uuid/B4B2-C898";
fsType = "vfat";
};
};
services.xserver.videoDrivers = ["nvidia"];
hardware = {
cpu = {
intel = {
updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
};
nvidia = {
modesetting.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "550.90.07";
sha256_64bit = "sha256-Uaz1edWpiE9XOh0/Ui5/r6XnhB4iqc7AtLvq4xsLlzM=";
openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
settingsSha256 = "sha256-sX9dHEp9zH9t3RWp727lLCeJLo8QRAGhVb8iN6eX49g=";
persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
};
};
opengl = {
enable = true; enable = true;
qemu = { driSupport = true;
runAsRoot = true; driSupport32Bit = true;
};
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}; };
virtualisation.libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
ovmf.enable = true;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
} }

85
src/system/machines/desktop/modules/disko/default.nix
View file

@ -1,50 +1,99 @@
{ disks ? [ "/dev/nvme0n1" "/dev/sdb" ], ... }:
{ {
disko.devices = { disko.devices = {
disk = { disk = {
main = { one = {
type = "disk"; type = "disk";
device = "/dev/disk/by-id/ata-CT2000MX500SSD1_2137E5D2D47D"; device = builtins.elemAt disks 0;
content = { content = {
type = "gpt"; type = "table";
partitions = { format = "gpt";
boot = { partitions = [
size = "1G"; {
type = "EF00"; name = "boot";
start = "0";
end = "200M";
fs-type = "fat32";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
}; };
}; }
primary = { {
size = "100%"; start = "200M";
end = "100%FREE";
content = { content = {
type = "lvm_pv"; type = "lvm_pv";
vg = "nix"; vg = "stick";
}; };
}; }
}; ];
};
};
};
disk = {
two = {
type = "disk";
device = builtins.elemAt disks 1;
content = {
type = "table";
format = "gpt";
partitions = [
{
start = "0";
end = "100%FREE";
content = {
type = "lvm_pv";
vg = "ssd";
};
}
];
}; };
}; };
}; };
lvm_vg = { lvm_vg = {
nix = { stick = {
type = "lvm_vg"; type = "lvm_vg";
lvs = { lvs = {
aaa = {
size = "1M";
};
zzz = {
size = "1M";
};
root = { root = {
size = "5%"; size = "100%";
content = { content = {
name = "NixOS";
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "defaults" ]; mountOptions = [
"defaults"
];
}; };
}; };
};
};
};
lvm_vg = {
ssd = {
type = "lvm_vg";
lvs = {
aaa = {
size = "1M";
};
zzz = {
size = "1M";
};
home = { home = {
size = "100%FREE"; size = "200G";
content = { content = {
name = "home";
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/home"; mountpoint = "/home";

3
src/system/machines/desktop/modules/home-manager/home.nix
View file

@ -3,9 +3,6 @@
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
monitors = config.monitors;
};
home-manager.users.${config.user.name} = { home-manager.users.${config.user.name} = {
imports = [ ../../../../../user ]; imports = [ ../../../../../user ];

43
src/system/machines/desktop/system.nix
View file

@ -1,11 +1,5 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let
gpgEnabled = lib.any
(user: user.modules.user.security.gpg.enable or false)
(lib.attrValues config.home-manager.users);
in
{ system.stateVersion = "23.11"; { system.stateVersion = "23.11";
users.users = { users.users = {
@ -13,13 +7,13 @@ in
isNormalUser = true; isNormalUser = true;
extraGroups = config.user.groups extraGroups = config.user.groups
++ [ "video" "audio" "kvm" "libvirtd" "dialout" ]; ++ [ "video" "audio" "kvm" "libvirtd" "dialout" ];
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.graphone}" ]; openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.android}" ];
}; };
}; };
nix = { nix = {
channel.enable = false; channel.enable = false;
package = pkgs.nixVersions.stable; package = pkgs.nixFlakes;
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
keep-going = true keep-going = true
@ -38,32 +32,29 @@ in
}; };
boot.loader = { boot.loader = {
systemd-boot = { timeout = null;
grub = {
enable = true; enable = true;
configurationLimit = 5; devices = [ "nodev" ];
#memtest86.enable = true; efiSupport = true;
configurationLimit = 3;
splashImage = null;
}; };
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
}; };
#timeout = null;
}; };
environment = { environment.systemPackages = with pkgs; [
systemPackages = with pkgs; [ vim
vim git
git usbutils
usbutils ];
];
pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
};
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
nerd-fonts.terminess-ttf terminus_font
terminus-nerdfont
]; ];
security = { security = {
@ -94,11 +85,9 @@ in
enable = true; enable = true;
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 22 80 443 ];
}; };
nameservers = [ "192.168.0.154" ];
}; };
services = { services = {
pcscd.enable = gpgEnabled;
timesyncd = lib.mkDefault { timesyncd = lib.mkDefault {
enable = true; enable = true;
servers = [ servers = [
@ -124,7 +113,7 @@ in
startWhenNeeded = false; startWhenNeeded = false;
settings = { settings = {
X11Forwarding = false; X11Forwarding = false;
PasswordAuthentication = false; PasswordAuthentication = true;
}; };
}; };
}; };

20
src/system/machines/server/README.md
View file

@ -1,20 +0,0 @@
## Hardware
| Component | Model |
|-----------|--------------------------------|
| System | HP Z230 SFF Workstation |
| CPU | Intel Core i7-4770 @ 3.40GHz |
| GPU | Integrated |
| Storage | 6TB Seagate ST6000NM0024 |
| Network | Intel (onboard) |
## Memory
| Slot | Size | Manufacturer | Part Number | Speed |
|-------|------|---------------|-------------------|-----------|
| DIMM1 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
| DIMM2 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
| DIMM3 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
| DIMM4 | 4GB | Hynix/Hyundai | HMT451U6AFR8C-PB | 1600 MT/s |
**Total: 16GB DDR3**

1
src/system/machines/server/default.nix
View file

@ -3,7 +3,6 @@
{ {
imports = [ imports = [
../../../user/config ../../../user/config
../../config
./hardware.nix ./hardware.nix
./system.nix ./system.nix
]; ];

30
src/system/machines/server/hardware.nix
View file

@ -1,22 +1,26 @@
{ config, lib, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
./modules/disko
];
boot = { boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
initrd = { boot.initrd.kernelModules = [ "dm-snapshot" ];
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ]; boot.kernelModules = [ "kvm-intel" ];
kernelModules = [ ]; boot.extraModulePackages = [ ];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0fviSz-6z7Q-oH7Y-JOzH-nRxW-c029-2LxSqo";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/3BAA-D9DC";
fsType = "vfat";
}; };
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
}; };
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

75
src/system/machines/server/modules/disko/default.nix
View file

@ -1,75 +0,0 @@
{ lib, ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
lvm = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg0";
};
};
};
};
};
};
lvm_vg = {
vg0 = {
type = "lvm_vg";
lvs = {
root = {
size = "200G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
data = {
size = "1T";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/data";
};
};
bitcoin = {
size = "1T";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/var/lib/bitcoin";
};
};
frigate = {
size = "3T";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/var/lib/frigate";
};
};
# ~300GB left unallocated for future growth
};
};
};
};
}

3
src/system/machines/server/modules/home-manager/default.nix
View file

@ -8,7 +8,7 @@
programs.home-manager.enable = true; programs.home-manager.enable = true;
home.stateVersion = "25.11"; home.stateVersion = "23.11";
home.username = "${config.user.name}"; home.username = "${config.user.name}";
home.homeDirectory = "/home/${config.user.name}"; home.homeDirectory = "/home/${config.user.name}";
@ -17,7 +17,6 @@
user = { user = {
bash.enable = true; bash.enable = true;
git.enable = true; git.enable = true;
tmux.enable = true;
security = { security = {
gpg.enable = true; gpg.enable = true;

93
src/system/machines/server/system.nix
View file

@ -1,30 +1,19 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
{ system.stateVersion = "25.11"; { system.stateVersion = "23.11";
imports = [ ../../modules ]; imports = [ ../../modules ];
modules.system = { modules = {
nginx.enable = true; system = {
forgejo.enable = true; bitcoin = {
frigate.enable = false; enable = true;
immich.enable = true; electrum.enable = true;
bitcoin = { clightning = {
enable = true; enable = true;
electrum.enable = true; rest.enable = true;
clightning.enable = true; };
}; };
backup = {
enable = true;
recipients = [
"${config.user.keys.age.yubikey}"
"${config.machines.keys.desktop.ssh}"
];
paths = [ "/root/.config/rclone" ];
destination = "gdrive:backups/server";
schedule = "daily";
keepLast = 2;
}; };
}; };
@ -32,15 +21,13 @@
${config.user.name} = { ${config.user.name} = {
isNormalUser = true; isNormalUser = true;
extraGroups = config.user.groups; extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
"${config.machines.keys.desktop.ssh}"
];
}; };
}; };
nix = { nix = {
channel.enable = false; channel.enable = false;
package = pkgs.nixVersions.stable; package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
@ -54,9 +41,10 @@
}; };
boot.loader = { boot.loader = {
timeout = 3; timeout = null;
grub = { grub = {
enable = true; enable = true;
useOSProber = true;
devices = [ "nodev" ]; devices = [ "nodev" ];
efiSupport = true; efiSupport = true;
configurationLimit = 5; configurationLimit = 5;
@ -72,7 +60,11 @@
wget wget
git git
vim vim
htop ];
fonts.packages = with pkgs; [
terminus_font
terminus-nerdfont
]; ];
security.sudo = { security.sudo = {
@ -97,58 +89,27 @@
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console.font = "Lat2-Terminus16"; console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
networking = { networking = {
hostName = "server"; hostName = "server";
useDHCP = false; useDHCP = lib.mkDefault true;
interfaces.eno1 = { networkmanager.enable = true;
ipv4.addresses = [{
address = "192.168.0.154";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 22 ]; allowedTCPPorts = [ 22 80 443 ];
}; };
}; };
services.dnsmasq = {
enable = true;
settings = {
# All *.ramos.codes subdomains -> local server
address = "/.ramos.codes/192.168.0.154";
# Except www, http, https and bare domain -> forward to upstream
server = [
"/www.ramos.codes/1.1.1.1"
"/http.ramos.codes/1.1.1.1"
"/https.ramos.codes/1.1.1.1"
"/ramos.codes/1.1.1.1"
"1.1.1.1"
"8.8.8.8"
];
cache-size = 1000;
};
};
networking.firewall.allowedUDPPorts = [ 53 ];
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "1h";
};
services.openssh = { services.openssh = {
enable = true; enable = true;
startWhenNeeded = true; startWhenNeeded = true;
settings = { settings = {
X11Forwarding = false; X11Forwarding = false;
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no";
}; };
}; };
} }

1
src/system/machines/vm/default.nix
View file

@ -3,7 +3,6 @@
{ {
imports = [ imports = [
../../../user/config ../../../user/config
../../config
./hardware.nix ./hardware.nix
./system.nix ./system.nix
]; ];

13
src/system/machines/vm/modules/disko/default.nix
View file

@ -1,10 +1,11 @@
{ disk ? "/dev/vda" }: { disks ? [ "/dev/vda" ], ... }:
{ {
disko.devices = { disko.devices = {
disk = { disk = {
one = { one = {
device = builtins.elemAt disks 0;
type = "disk"; type = "disk";
device = disk;
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
@ -16,6 +17,8 @@
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
}; };
bootable = true;
priority = 1;
}; };
primary = { primary = {
size = "100%"; size = "100%";
@ -33,6 +36,12 @@
vm = { vm = {
type = "lvm_vg"; type = "lvm_vg";
lvs = { lvs = {
aaa = {
size = "1M";
};
zzz = {
size = "1M";
};
root = { root = {
size = "100%"; size = "100%";
content = { content = {

4
src/system/machines/vm/system.nix
View file

@ -8,13 +8,13 @@
${config.user.name} = { ${config.user.name} = {
isNormalUser = true; isNormalUser = true;
extraGroups = config.user.groups; extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.yubikey}" ]; openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
}; };
}; };
nix = { nix = {
channel.enable = false; channel.enable = false;
package = pkgs.nixVersions.stable; package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;

11
src/system/machines/workstation/default.nix
View file

@ -1,10 +1 @@
{ ... }: { imports = [ ./home.nix ]; }
{
imports = [
../../../user/config
../../config
./hardware.nix
./system.nix
];
}

95
src/system/machines/workstation/hardware.nix
View file

@ -1,95 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
};
extraModulePackages = [ ];
kernelParams = [ "intel_iommu=on" ];
kernelModules = [
"kvm-intel"
"virtio"
"vfio-pci"
"coretemp"
"ipmi_devintf"
"ipmi_si"
];
};
environment.systemPackages = with pkgs; [
ipmitool
ipmicfg
ipmiutil
ipmiview
linuxHeaders
vulkan-headers
vulkan-loader
vulkan-tools
vulkan-extension-layer
mesa
mesa-demos
libGL
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6e964c61-ea77-48cc-b495-6a8516b8e756";
fsType = "xfs";
};
"/home" = {
device = "/dev/disk/by-uuid/db504fb8-14f8-4292-b745-32d6255c4893";
fsType = "xfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/61E7-6E56";
fsType = "vfat";
};
"/var/lib/libvirt/images" = {
device = "/home/VMs";
options = [ "bind" ];
};
};
systemd.tmpfiles.rules = [
"d /home/VMs 0755 root root"
];
virtualisation.libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
};
};
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia = {
open = false;
powerManagement.enable = false;
powerManagement.finegrained = false;
modesetting.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

56
src/system/machines/workstation/home.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, pkgs, ... }:
{
imports = [ ./user ];
programs.home-manager.enable = true;
home = {
stateVersion = "23.11";
username = "${config.user.name}";
homeDirectory = "/home/${config.user.name}";
file.".config/home-manager" = {
source = ../../../..;
recursive = true;
};
};
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
settings = {
auto-optimise-store = true;
trusted-users = [ "${config.user.name}" ];
};
};
user = {
bash.enable = true;
git.enable = true;
security= {
gpg.enable = true;
};
gui = {
alacritty.enable = true;
browsers.enable = true;
neovim.enable = true;
};
utils = {
enable = true;
dev.enable = true;
email.enable = true;
irc.enable = true;
vim.enable = true;
};
};
programs.bash = {
initExtra =
import ./scripts/guiControl
;
};
}

58
src/system/machines/workstation/modules/disko/default.nix
View file

@ -1,58 +0,0 @@
{ disk }:
{
disko.devices = {
disk = {
one = {
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "nix";
};
};
};
};
};
};
lvm_vg = {
nix = {
type = "lvm_vg";
lvs = {
root = {
size = "5%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
home = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
};
};
};
};
}

52
src/system/machines/workstation/modules/home-manager/home.nix
View file

@ -1,52 +0,0 @@
{ config, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${config.user.name} = {
imports = [ ../../../../../user ];
programs.home-manager.enable = true;
home.stateVersion = "23.11";
home.username = "${config.user.name}";
home.homeDirectory = "/home/${config.user.name}";
modules = {
user = {
bash.enable = true;
git.enable = true;
security = {
enable = true;
gpg.enable = true;
};
tmux.enable = true;
utils = {
enable = true;
dev = {
enable = true;
};
email.enable = true;
neovim.enable = true;
vim.enable = true;
};
gui = {
wm.i3.enable = true;
browser = {
chromium.enable = true;
};
alacritty.enable = true;
utils.enable = true;
writing.enable = true;
};
};
};
};
}

17
src/system/machines/workstation/scripts/guiControl.nix Normal file
View file

@ -0,0 +1,17 @@
''
function ui() {
case $1 in
on)
sudo systemctl set-default graphical.target
sudo systemctl start graphical.target
;;
off)
sudo systemctl set-default multi-user.target
sudo systemctl isolate multi-user.target
;;
*)
echo "Usage: $0 {on|off}"
;;
esac
}
''

131
src/system/machines/workstation/system.nix
View file

@ -1,131 +0,0 @@
{ pkgs, lib, config, home-manager, ... }:
with lib;
{
system.stateVersion = "23.11";
users.users = {
${config.user.name} = {
isNormalUser = true;
extraGroups = config.user.groups
++ [ "video" "audio" "kvm" "libvirtd" "dialout" ];
openssh.authorizedKeys.keys = [
"${config.user.keys.ssh.yubikey}"
"${config.user.keys.ssh.work}"
];
};
};
nix = {
channel.enable = false;
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
keep-going = true
'';
settings = {
auto-optimise-store = true;
trusted-users = [ "${config.user.name}" ];
substitute = true;
max-jobs = "auto";
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
boot.loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
memtest86.enable = true;
};
timeout = null;
};
environment.systemPackages = with pkgs; [
vim
git
usbutils
];
fonts.packages = with pkgs; [
terminus_font
terminus-nerdfont
];
security = {
sudo = {
wheelNeedsPassword = false;
execWheelOnly = true;
};
polkit.enable = true;
};
time = {
timeZone = "America/New_York";
hardwareClockInLocalTime = true;
};
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
networking = {
hostName = "workstation";
useDHCP = lib.mkDefault true;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
};
programs.i3lock = {
enable = true;
package = pkgs.i3lock-fancy;
};
services = {
xserver.enable = true;
displayManager.ly.enable = true;
teamviewer.enable = true;
timesyncd = lib.mkDefault {
enable = true;
servers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
"3.pool.ntp.org"
];
};
pipewire = {
enable = true;
audio.enable = true;
wireplumber.enable = true;
pulse.enable = true;
jack.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
openssh = {
enable = true;
startWhenNeeded = false;
settings = {
X11Forwarding = false;
PasswordAuthentication = true;
};
};
};
}

1
src/system/machines/workstation/user Symbolic link
View file

@ -0,0 +1 @@
../../../user/

1
src/system/machines/wsl/default.nix
View file

@ -3,7 +3,6 @@
{ {
imports = [ imports = [
../../../user/config ../../../user/config
../../config
./system.nix ./system.nix
]; ];
} }

8
src/system/machines/wsl/modules/home-manager/home.nix → src/system/machines/wsl/home.nix
View file

@ -4,7 +4,9 @@
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.${config.user.name} = { home-manager.users.${config.user.name} = {
imports = [ ../../../../../user ]; imports = [
../../../user
];
programs.home-manager.enable = true; programs.home-manager.enable = true;
@ -23,14 +25,12 @@
gpg.enable = true; gpg.enable = true;
}; };
tmux.enable = true;
utils = { utils = {
enable = true; enable = true;
dev.enable = true; dev.enable = true;
email.enable = true; email.enable = true;
irc.enable = true; irc.enable = true;
neovim.enable = true; vim.enable = true;
}; };
}; };
}; };

9
src/system/machines/wsl/modules/home-manager/default.nix
View file

@ -1,9 +0,0 @@
{
imports = [
<<<<<<<< HEAD:src/system/machines/wsl/modules/home-manager/default.nix
./home.nix
========
./c-lightning-REST
>>>>>>>> lightning:src/system/modules/bitcoin/modules/clightning/plugins/default.nix
];
}

5
src/system/machines/wsl/modules/wsl/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./wsl.nix
];
}

63
src/system/machines/wsl/system.nix
View file

@ -1,45 +1,62 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
{ { system.stateVersion = "23.11";
system.stateVersion = "23.11";
boot.isContainer = true;
# Users
users.users = { users.users = {
${config.user.name} = { ${config.user.name} = {
isNormalUser = true; isNormalUser = true;
extraGroups = config.user.groups; extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
"${config.user.keys.ssh.yubikey}"
];
}; };
}; };
boot.isContainer = true;
# Nix
nix = { nix = {
channel.enable = false; channel.enable = false;
package = pkgs.nixVersions.stable; package = pkgs.nixFlakes;
extraOptions = '' extraOptions = "experimental-features = nix-command flakes";
experimental-features = nix-command flakes
'';
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = [ "${config.user.name}" ]; trusted-users = [ "${config.user.name}" ];
}; };
gc = { gc = {
automatic = true; automatic = true;
dates = "daily"; dates = "weekly";
options = "--delete-older-than 7d"; options = "--delete-older-than 30d";
}; };
}; };
# Sudo Options
security.sudo = { security.sudo = {
wheelNeedsPassword = false; wheelNeedsPassword = false;
execWheelOnly = true; execWheelOnly = true;
}; };
# System Services
services = {
cron = {
enable = true;
systemCronJobs = [];
};
};
# Locale
time = { time = {
timeZone = "America/New_York"; timeZone = "America/New_York";
}; };
services.timesyncd = lib.mkDefault {
enable = true;
servers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
"3.pool.ntp.org"
];
};
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
@ -47,8 +64,8 @@
useXkbConfig = true; useXkbConfig = true;
}; };
# Networking
networking = { networking = {
hostName = "wsl";
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
firewall = { firewall = {
enable = true; enable = true;
@ -56,20 +73,12 @@
}; };
}; };
services = { services.openssh = {
openssh = { enable = true;
enable = true; startWhenNeeded = true;
startWhenNeeded = true; settings = {
settings = { X11Forwarding = false;
X11Forwarding = false; PasswordAuthentication = false;
PasswordAuthentication = false;
};
};
timesyncd = lib.mkDefault {
enable = true;
servers = [
"time.windows.com"
];
}; };
}; };
} }

10
src/system/machines/wsl/modules/wsl/wsl.nix → src/system/machines/wsl/wsl.nix
View file

@ -1,19 +1,19 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
imports = [ ../../../../../user/config ]; imports = [
../../../user
];
wsl = rec { wsl = {
enable = true; enable = true;
defaultUser = lib.mkDefault config.user.name; defaultUser = lib.mkDefault config.user.name;
nativeSystemd = true; nativeSystemd = true;
useWindowsDriver = true;
wslConf = { wslConf = {
user.default = lib.mkDefault defaultUser;
boot.command = "cd"; boot.command = "cd";
network = { network = {
hostname = "${config.networking.hostName}"; hostname = "wsl";
generateHosts = true; generateHosts = true;
}; };
}; };

96
src/system/modules/backup/default.nix
View file

@ -1,96 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.backup;
recipientArgs = concatMapStrings (r: "-r '${lib.strings.trim r}' ") cfg.recipients;
# Convert absolute paths to relative for tar, preserving structure
# e.g., /var/lib/forgejo -> var/lib/forgejo
tarPaths = map (p: removePrefix "/" p) cfg.paths;
backupScript = pkgs.writeShellScript "backup" ''
set -euo pipefail
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BACKUP_NAME="backup-$TIMESTAMP.tar.age"
TEMP_DIR=$(mktemp -d)
trap "rm -rf $TEMP_DIR" EXIT
echo "Starting backup: $BACKUP_NAME"
echo "Paths: ${concatStringsSep " " cfg.paths}"
export PATH="${pkgs.age-plugin-yubikey}/bin:$PATH"
${pkgs.gnutar}/bin/tar -C / -cf - ${concatStringsSep " " tarPaths} | \
${pkgs.age}/bin/age ${recipientArgs} -o "$TEMP_DIR/$BACKUP_NAME"
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf copy "$TEMP_DIR/$BACKUP_NAME" "${cfg.destination}"
# Prune old backups
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf lsf "${cfg.destination}" | \
sort -r | \
tail -n +$((${toString cfg.keepLast} + 1)) | \
while read -r old; do
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf delete "${cfg.destination}/$old"
done
echo "Backup complete"
'';
in
{
options.modules.system.backup = {
enable = mkEnableOption "Encrypted backups";
paths = mkOption {
type = types.listOf types.str;
default = [];
description = "Absolute paths to include in backup (structure preserved)";
};
recipients = mkOption {
type = types.listOf types.str;
default = [];
description = "Age public keys for encryption";
};
destination = mkOption {
type = types.str;
default = "";
description = "Rclone destination";
};
schedule = mkOption {
type = types.str;
default = "daily";
description = "Systemd calendar expression";
};
keepLast = mkOption {
type = types.int;
default = 3;
description = "Number of backups to keep";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rclone ];
systemd.services.backup = {
description = "Encrypted backup";
serviceConfig = {
Type = "oneshot";
ExecStart = backupScript;
};
};
systemd.timers.backup = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.schedule;
Persistent = true;
};
};
};
}

11
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -1,12 +1,14 @@
server=1 server=1
rpccookiefile=/var/lib/bitcoin/.cookie mempoolfullrbf=1
rpccookieperms=group v2transport=1
rpcauth=
rpcbind=127.0.0.1 rpcbind=127.0.0.1
rpcallowip=127.0.0.1 rpcallowip=127.0.0.1
dnsseed=0 dnsseed=0
onlynet=onion
bind=127.0.0.1 bind=127.0.0.1
proxy=127.0.0.1:9050 proxy=127.0.0.1:9050
@ -14,5 +16,4 @@ proxy=127.0.0.1:9050
listen=1 listen=1
listenonion=1 listenonion=1
torcontrol=127.0.0.1:9051 torcontrol=127.0.0.1:9051
torenablecircuit=1
txindex=1

45
src/system/modules/bitcoin/default.nix
View file

@ -3,9 +3,8 @@
with lib; with lib;
let let
cfg = config.modules.system.bitcoin; cfg = config.modules.system.bitcoin;
nginx = config.modules.system.nginx;
home = "/var/lib/bitcoin"; home = "/var/lib/bitcoind";
bitcoinConf = pkgs.writeTextFile { bitcoinConf = pkgs.writeTextFile {
name = "bitcoin.conf"; name = "bitcoin.conf";
@ -15,7 +14,19 @@ let
in in
{ options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; }; { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
modules.system.tor.enable = true; #nixpkgs.overlays = [
# (final: prev: {
# bitcoind = prev.bitcoind.overrideAttrs (old: rec {
# version = "v28.0";
# src = pkgs.fetchFromGitHub {
# owner = "bitcoin";
# repo = "bitcoin";
# rev = "${version}";
# sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY=";
# };
# });
# })
#];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bitcoind bitcoind
@ -28,31 +39,26 @@ in
description = "Bitcoin Core system user"; description = "Bitcoin Core system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "bitcoin";
extraGroups = [ "tor" ];
createHome = true; createHome = true;
}; };
"nginx" = {
extraGroups = mkIf nginx.enable [
"bitcoin"
];
};
}; };
groups = { groups = {
"bitcoin" = { "bitcoin" = {
members = [ members = [
"btc" "btc"
config.user.name
]; ];
}; };
}; };
}; };
programs.bash.shellAliases = { programs.bash.shellAliases = {
btc = "bitcoin-cli"; btc = "bitcoind";
}; };
networking.firewall.allowedTCPPorts = [ 8333 ];
services.bitcoind = { services.bitcoind = {
"mainnet" = { "btc" = {
enable = true; enable = true;
user = "btc"; user = "btc";
group = "bitcoin"; group = "bitcoin";
@ -61,20 +67,5 @@ in
pidFile = "${home}/bitcoind.pid"; pidFile = "${home}/bitcoind.pid";
}; };
}; };
# Make data dir group-accessible so electrs/clightning can read cookie
systemd.tmpfiles.rules = [
"d ${home} 0750 btc bitcoin -"
];
systemd.services.bitcoind-mainnet = {
wants = [ "tor.service" ];
after = [ "tor.service" ];
serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/tor";
};
modules.system.backup.paths = [
"${home}/wallets"
];
}; };
} }

32
src/system/modules/bitcoin/modules/clightning/config/lightning.conf
View file

@ -1,31 +1 @@
alias=OrdSux test
network=bitcoin
bitcoin-datadir=/var/lib/bitcoin
bitcoin-rpcconnect=127.0.0.1
bitcoin-rpcport=8332
lightning-dir=/var/lib/clightning
plugin-dir=/var/lib/clightning/plugins
log-file=/var/lib/clightning/lightningd.log
log-level=info
rpc-file-mode=0660
# Bind RPC locally only
bind-addr=127.0.0.1:9736
# Auto-create Tor hidden service for peer connections
addr=autotor:127.0.0.1:9051
# Route outbound through Tor
proxy=127.0.0.1:9050
always-use-proxy=true
large-channels
fee-base=1000
fee-per-satoshi=10
min-capacity-sat=10000
htlc-minimum-msat=0
funding-confirms=3
max-concurrent-htlcs=30

76
src/system/modules/bitcoin/modules/clightning/default.nix
View file

@ -4,21 +4,35 @@ with lib;
let let
cfg = config.modules.system.bitcoin.clightning; cfg = config.modules.system.bitcoin.clightning;
btc = config.modules.system.bitcoin; btc = config.modules.system.bitcoin;
nginx = config.modules.system.nginx;
home = "/var/lib/clightning";
domain = "ramos.codes";
clnConfig = pkgs.writeTextFile { clnConfig = pkgs.writeTextFile {
name = "lightning.conf"; name = "lightning.conf";
text = '' text = builtins.readFile ./config/lightning.conf;
${builtins.readFile ./config/lightning.conf}
bitcoin-cli=${pkgs.bitcoind}/bin/bitcoin-cli
'';
}; };
in in
{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; { options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; };
imports = [ ./plugins ];
config = mkIf (cfg.enable && btc.enable) { config = mkIf (cfg.enable && btc.enable) {
#nixpkgs.overlays = [
# (final: prev: {
# clightning = prev.electrs.overrideAttrs (old: rec {
# version = "24.08";
# src = pkgs.fetchFromGitHub {
# owner = "ElementsProject";
# repo = "lightning";
# rev = "82f4ad68e34a2428c556e63fc2632d48a914968c";
# hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g";
# };
# cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
# name = "lightning-vendor.tar.gz";
# inherit src;
# outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g=";
# });
# });
# })
#];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
clightning clightning
]; ];
@ -26,11 +40,10 @@ in
users = { users = {
users = { users = {
"clightning" = { "clightning" = {
inherit home; home = "/var/lib/clightning";
description = "Core Lightning system user"; description = "Core Lightning system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "bitcoin";
extraGroups = [ "tor" ];
createHome = true; createHome = true;
}; };
}; };
@ -44,26 +57,25 @@ in
}; };
programs.bash.shellAliases = { programs.bash.shellAliases = {
cln = "lightning-cli"; cln = "lightningd";
}; };
systemd.services.lightningd = { systemd.services.lightningd = {
description = "Core Lightning Daemon"; description = "Core Lightning Daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "bitcoind-mainnet.service" "tor.service" ]; script = "${pkgs.clightning}/bin/lightningd";
scriptArgs = ''
--conf=${clnConfig}
'';
after = [ after = [
"bitcoind-mainnet.service" "bitcoind-btc.service"
"tor.service"
"network.target"
]; ];
serviceConfig = { serviceConfig = {
ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin /var/lib/tor ${home} ${home}/bitcoin";
ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}";
User = "clightning"; User = "clightning";
Group = "bitcoin"; Group = "bitcoin";
WorkingDirectory = home;
Type = "simple"; Type = "simple";
KillMode = "process"; KillMode = "process";
@ -71,30 +83,10 @@ in
Restart = "always"; Restart = "always";
RestartSec = 60; RestartSec = 60;
}; };
requisite = [
"bitcoind-btc.service"
"network.target"
];
}; };
# Ensure data directory exists with correct permissions
systemd.tmpfiles.rules = mkAfter [
"d ${home} 0750 clightning bitcoin -"
"d ${home}/plugins 0750 clightning bitcoin -"
"L+ /home/${config.user.name}/.lightning - - - - ${home}"
];
modules.system.backup.paths = [
"${home}/bitcoin/hsm_secret"
];
# TODO: CLNRest not included in nixpkgs clightning build
# Need to package it separately or use an overlay
# services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable {
# useACMEHost = domain;
# forceSSL = true;
# locations."/" = {
# proxyPass = "https://127.0.0.1:3010";
# extraConfig = ''
# proxy_ssl_verify off;
# '';
# };
# };
}; };
} }

35
src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.modules.system.bitcoin.clightning.rest;
cln = config.modules.system.bitcoin.clightning;
in
{ options.modules.system.bitcoin.clightning.rest = { enable = mkEnableOption "C-Lightning REST API Server"; };
config = mkIf (cfg.enable && cln.enable) {
nixpkgs.overlays = [
(final: prev: {
clightning-REST = prev.buildNpmPackage rec {
pname = "c-lightning-rest";
version = "0.10.7";
src = prev.fetchFromGitHub {
owner = "Ride-The-Lightning";
repo = "c-lightning-REST";
rev = "v${version}";
hash = "sha256-Z3bLH/nqhO2IPE1N4TxYhEDh2wHR0nT801kztfYoj+s=";
};
npmDepsHash = "sha256-svt5hjhTriGhehxC36yGwrqcjax/9UqqVzxEhHnoM0M=";
dontNpmBuild = true;
meta = with lib; {
description = "REST APIs for Core Lightning written with node.js ";
homepage = "https://github.com/Ride-The-Lightning/c-lightning-REST";
license = licenses.mit;
};
};
})
];
};
}

2
src/system/machines/workstation/modules/home-manager/default.nix → src/system/modules/bitcoin/modules/clightning/plugins/default.nix
View file

@ -1,5 +1,5 @@
{ {
imports = [ imports = [
./home.nix ./c-lightning-REST
]; ];
} }

9
src/system/modules/bitcoin/modules/electrum/config/config.toml
View file

@ -2,12 +2,13 @@ network = "bitcoin"
electrum_rpc_addr = "127.0.0.1:50001" electrum_rpc_addr = "127.0.0.1:50001"
cookie_file = "/var/lib/bitcoin/.cookie" cookie-file = "/var/lib/bitcoind/.cookie"
db_dir = "/var/lib/electrs" db_dir = "/var/lib/electrs"
log_filters = "INFO" log_filters = "INFO"
timestamp = true
daemon_rpc_addr = "127.0.0.1:8332" daemon-rpc-addr = "127.0.0.1:8332"
daemon_p2p_addr = "127.0.0.1:8333" daemon-p2p-addr = "127.0.0.1:8333"
daemon_dir = "/var/lib/bitcoin" daemon-dir = "/var/lib/bitcoind"

84
src/system/modules/bitcoin/modules/electrum/default.nix
View file

@ -3,11 +3,7 @@
with lib; with lib;
let let
cfg = config.modules.system.bitcoin.electrum; cfg = config.modules.system.bitcoin.electrum;
nginx = config.modules.system.nginx;
home = "/var/lib/electrs";
btc = config.modules.system.bitcoin; btc = config.modules.system.bitcoin;
domain = "ramos.codes";
electrsConfig = pkgs.writeTextFile { electrsConfig = pkgs.writeTextFile {
name = "config.toml"; name = "config.toml";
@ -17,27 +13,24 @@ let
in in
{ options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; }; { options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; };
config = mkIf (cfg.enable && btc.enable) { config = mkIf (cfg.enable && btc.enable) {
#TODO: Fix the failing overlay due to `cargoHash/cargoSha256` nixpkgs.overlays = [
#nixpkgs.overlays = [ (final: prev: {
# (final: prev: { electrs = prev.electrs.overrideAttrs (old: rec {
# electrs = prev.electrs.overrideAttrs (old: rec { version = "0.10.6";
# pname = "electrs"; src = pkgs.fetchFromGitHub {
# version = "0.10.8"; owner = "romanz";
# src = pkgs.fetchFromGitHub { repo = "electrs";
# owner = "romanz"; rev = "v${version}";
# repo = pname; hash = "sha256-yp9fKD7zH9Ne2+WQUupaxvUx39RWE8RdY4U6lHuDGSc=";
# rev = "v${version}"; };
# hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE="; cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
# }; name = "electrs-vendor.tar.gz";
# #cargoDeps = old.cargoDeps.overrideAttrs (const { inherit src;
# # name = "electrs-${version}.tar.gz"; outputHash = "sha256-qQKAQHOAeYWQ5YVtx12hIAjNA7Aj1MW1m+WimlBWPv0=";
# # inherit src; });
# # sha256 = ""; });
# #}); })
# cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU="; ];
# });
# })
#];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
electrs electrs
@ -46,7 +39,7 @@ in
users = { users = {
users = { users = {
"electrs" = { "electrs" = {
inherit home; home = "/var/lib/electrs";
description = "Electrs system user"; description = "Electrs system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "bitcoin";
@ -65,20 +58,18 @@ in
systemd.services.electrs = { systemd.services.electrs = {
description = "Electrs Bitcoin Indexer"; description = "Electrs Bitcoin Indexer";
wantedBy = [ "multi-user.target" ];
wants = [ "bitcoind-mainnet.service" ]; script = "${pkgs.electrs}/bin/electrs";
scriptArgs = "--conf=${electrsConfig}";
after = [ after = [
"bitcoind-mainnet.service" "bitcoind-btc.service"
"network.target"
]; ];
serviceConfig = { serviceConfig = {
ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin";
ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}";
User = "electrs"; User = "electrs";
Group = "bitcoin"; Group = "bitcoin";
WorkingDirectory = home;
Type = "simple"; Type = "simple";
KillMode = "process"; KillMode = "process";
@ -86,29 +77,10 @@ in
Restart = "always"; Restart = "always";
RestartSec = 60; RestartSec = 60;
}; };
requisite = [
"bitcoind-btc.service"
"network.target"
];
}; };
# Ensure db directory exists with correct permissions
systemd.tmpfiles.rules = [
"d ${home} 0750 electrs bitcoin -"
];
# Nginx SSL proxy for Electrum protocol (TCP)
networking.firewall.allowedTCPPorts = mkIf nginx.enable [ 50002 ];
services.nginx.streamConfig = mkIf nginx.enable ''
map $ssl_server_name $electrs_backend {
electrum.${domain} 127.0.0.1:50001;
default "";
}
server {
listen 50002 ssl;
proxy_pass $electrs_backend;
ssl_certificate /var/lib/acme/${domain}/fullchain.pem;
ssl_certificate_key /var/lib/acme/${domain}/key.pem;
}
'';
}; };
} }

92
src/system/modules/forgejo/default.nix
View file

@ -1,92 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.forgejo;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
socketPath = "/run/forgejo/forgejo.sock";
in
{
options.modules.system.forgejo = {
enable = mkEnableOption "Forgejo Server";
};
config = mkIf cfg.enable {
users.groups.git = {};
users.users.git = {
isSystemUser = true;
group = "git";
home = "/var/lib/forgejo";
shell = "${pkgs.bash}/bin/bash";
};
users.users.nginx = mkIf nginx.enable {
extraGroups = [ "git" ];
};
systemd.tmpfiles.rules = [
"d /var/lib/forgejo 0750 git git -"
"d /var/lib/forgejo/.ssh 0700 git git -"
"d /var/lib/forgejo/custom 0750 git git -"
"d /var/lib/forgejo/data 0750 git git -"
];
services.forgejo = {
enable = true;
user = "git";
group = "git";
stateDir = "/var/lib/forgejo";
settings = {
DEFAULT = {
APP_NAME = "Git Server";
APP_SLOGAN = "";
};
server = {
DOMAIN = "git.${domain}";
ROOT_URL = "https://git.${domain}/";
PROTOCOL = "http+unix";
HTTP_ADDR = socketPath;
SSH_DOMAIN = "git.${domain}";
SSH_PORT = 22;
START_SSH_SERVER = false;
LANDING_PAGE = "explore";
};
service = {
REGISTER_MANUAL_CONFIRM = true;
DISABLE_REGISTRATION = false;
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
};
admin = {
DISABLE_REGULAR_ORG_CREATION = true;
};
auth = {
ENABLE_BASIC_AUTHENTICATION = true;
};
};
database = {
type = "sqlite3";
path = "/var/lib/forgejo/data/forgejo.db";
};
};
modules.system.backup.paths = [
"/var/lib/forgejo"
];
services.nginx.virtualHosts."git.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
};
};
};
}

68
src/system/modules/frigate/default.nix
View file

@ -1,68 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.frigate;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
in
{
options.modules.system.frigate = {
enable = mkEnableOption "Enable Frigate NVR";
};
config = mkIf cfg.enable {
services.frigate = {
enable = true;
hostname = "frigate.${domain}";
settings = {
mqtt.enabled = false;
cameras = {
doorbell = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
living_room = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
kitchen = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0";
roles = [ "record" ];
}];
};
parking_lot = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.59/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
porch = {
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.43/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
};
};
};
# Add SSL to frigate's nginx virtualHost
services.nginx.virtualHosts."frigate.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
};
};
}

38
src/system/modules/immich/default.nix
View file

@ -1,38 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.immich;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
port = 2283;
in
{
options.modules.system.immich = {
enable = mkEnableOption "Immich Photo Server";
};
config = mkIf cfg.enable {
services.immich = {
enable = true;
port = port;
host = "127.0.0.1";
mediaLocation = "/var/lib/immich";
machine-learning.enable = false;
};
modules.system.backup.paths = [
"/var/lib/immich"
];
services.nginx.virtualHosts."photos.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true;
};
};
};
}

63
src/system/modules/nginx/default.nix
View file

@ -1,63 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.nginx;
domain = "ramos.codes";
in
{
options.modules.system.nginx = {
enable = mkEnableOption "Nginx Reverse Proxy";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.nginx.serviceConfig.LimitNOFILE = 65536;
security.acme = {
acceptTerms = true;
defaults.email = config.user.email;
certs."${domain}" = {
domain = "*.${domain}";
dnsProvider = "namecheap";
environmentFile = "/var/lib/acme/namecheap.env";
group = "nginx";
};
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
eventsConfig = "worker_connections 4096;";
# Catch-all default - friendly error for unknown subdomains
virtualHosts."_" = {
default = true;
useACMEHost = domain;
forceSSL = true;
locations."/" = {
return = "404 'Not Found: This subdomain does not exist.'";
extraConfig = ''
add_header Content-Type text/plain;
'';
};
};
virtualHosts."test.${domain}" = {
useACMEHost = domain;
forceSSL = true;
locations."/" = {
return = "200 'nginx is working'";
extraConfig = ''
add_header Content-Type text/plain;
'';
};
};
};
};
}

30
src/system/modules/tor/default.nix
View file

@ -1,30 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.tor;
in
{
options.modules.system.tor = {
enable = mkEnableOption "Tor";
};
config = mkIf cfg.enable {
services.tor = {
enable = true;
client = {
enable = true;
# SOCKS proxy on 127.0.0.1:9050
};
settings = {
ControlPort = 9051;
CookieAuthentication = true;
CookieAuthFileGroupReadable = true;
DataDirectoryGroupReadable = true;
};
};
};
}

1
src/user/config/bash
View file

@ -1 +0,0 @@
../modules/bash/config/bash/

17
src/user/config/default.nix
View file

@ -2,7 +2,7 @@
with lib; with lib;
let let
modules = config.modules.user; modules = config.modules.user;
in in
{ {
@ -10,13 +10,22 @@ in
user = mkOption { user = mkOption {
description = "User Configurations"; description = "User Configurations";
type = types.attrs; type = types.attrs;
default = with pkgs; rec { default = rec {
name = "bryan"; name = "bryan";
email = "bryan@ramos.codes"; email = "bryan@ramos.codes";
shell = bash; shell = pkgs.bash;
keys = import ./keys { inherit lib; }; keys = import ./keys;
groups = [ "wheel" "networkmanager" "home-manager" "input" ]; groups = [ "wheel" "networkmanager" "home-manager" "input" ];
gitConfig = optionalAttrs modules.git.enable {
userName = "Bryan Ramos";
userEmail = email;
signing = optionalAttrs modules.security.gpg.enable {
key = "F1F3466458452B2DF351F1E864D12BA95ACE1F2D";
signByDefault = true;
};
};
bookmarks = import ./bookmarks; bookmarks = import ./bookmarks;
}; };
}; };

1
src/user/config/git
View file

@ -1 +0,0 @@
../modules/git/git/

3
src/user/config/keys/age/README.md
View file

@ -1,3 +0,0 @@
# Age Keys
yubikey.pub.key - Cold storage backup for age encryption

1
src/user/config/keys/age/yubikey.pub.key
View file

@ -1 +0,0 @@
age1yubikey1qfapxqnnkh92zkgayzzm9n0gtpkwaqcvrzy4d4xa4rxnjua8vjhy72hh9r9

23
src/user/config/keys/default.nix
View file

@ -1,17 +1,13 @@
{ lib }:
with builtins; with builtins;
let let
extractName = filename: extractName = string:
let let
# Remove .key extension metadata = [
noKey = lib.removeSuffix ".key" filename; "pub" "public" "priv" "private"
# Remove .pub/.priv/.public/.private markers "key" "file" "." "_" "-" "pk"
noMarkers = replaceStrings ];
[ ".pub" ".priv" ".public" ".private" ] in
[ "" "" "" "" ] replaceStrings metadata (builtins.map (_: "") metadata) string;
noKey;
in noMarkers;
constructKeys = dir: ( constructKeys = dir: (
listToAttrs ( listToAttrs (
@ -21,10 +17,7 @@ let
map (file: { map (file: {
name = extractName file; name = extractName file;
value = readFile "${dir}/${subdir}/${file}"; value = readFile "${dir}/${subdir}/${file}";
}) (filter (file: }) (filter (node: (readDir "${dir}/${subdir}").${node} == "regular") (attrNames (readDir "${dir}/${subdir}")))
(readDir "${dir}/${subdir}").${file} == "regular" &&
lib.hasSuffix ".key" file
) (attrNames (readDir "${dir}/${subdir}")))
); );
}) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir))) }) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
) )

5
src/user/config/keys/pgp/README.md
View file

@ -1,5 +0,0 @@
# PGP Keys
yubikey.pub.key -
work.pub.key -> bryan.ramos@concurrent-rt.com
ccur.pub.key -> ?

53
src/user/config/keys/pgp/ccur.pub.key
View file

@ -1,53 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBGM8ZXIBEADD3ZTfTFYRtkgH4Mtjy5sxe3Z+3xqxtZFQUg1dFuvPHdQFrNCB
hbmEnMeyDC2FK92OLnYdnfO+evRg4V3AJSl0dyBM1m9bgSuuIw7b9ni3yYVbh4zg
BK0Dcj6E+zGrGMsPje08O+NdOh5pJLfY2Xra9LBGteN7Ck+NnDAwBhE4/0tdm5Y3
bjvKyq3HelpTYLQFiwi2lFCXMEEUeGM3bAUWUEXZn5g8FbFm9Y9KMKivHsNvSFnd
7U3WZg9K1uDMV8+xA/+nxd7CqI03oafxEUlW48a0Z1nowzEbG22OOw0I78FtrqTj
PSKBlIJHYBEF/x0UMfeJnbnR89jJZihPzLRCpSzuMiX4NF39S1nnmpjcn+vwgngE
NIxPBXh4fOdBzvplgS/iaS/wxkoMcXgRe4qMVp/jQzE19XzxUkHcWFxUeG4L0gDJ
77STrDDpIBExkd2EAz1AtxRfuW1PD94uHex3ar41GfU088sYO1pmzwEl5h9ep/Zr
oHLfwb61h85V4+5tw+cFzOa1iA/Rgh/qOCVKrU/A9aibxDh1/x54wo7nwkCuIbjA
W/3wiNiQn9a/GRBoIoSwdpdd90RAxINhXiVqhzkCtQskeCrOiWyZRdHTOQnV6GDH
/s5EaPj4o4v1NpbBh+y4QMtJXk+rpV3ncyBJpBIWwswCXZhVqB6FFRy7uwARAQAB
tExDb25jdXJyZW50IFJlYWwtVGltZSBTb2Z0d2FyZSBTdXBwb3J0IChSVzlSS1lH
QSkgPHN1cHBvcnRAY29uY3VycmVudC1ydC5jb20+iQI+BBMBCAAoBQJjPGVyAhsD
BQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDcXtpJfTtL0m3hEACZ
P9QRj4I9puaXweAiaq1WHDztTBO0Xoi7D+7NlfQiZQ1bONdRN5tYQTCZighcXelQ
Zsjtz/rDrVykBC2r3dG5X81gDTZx9WwGhFu/MuaUnU1Df9LUIAi5FliypqRV/NtH
MyeaOATlpgEBkVBe2fcoCSIqrUJXdW2Cu38w+AJce4IuaUSJeWDiumcW5SvwpdiT
2qsKhbdyjdb2ayRipimEWsaNUDkxz3e6kvz1npgyk5CaLo82yzVMBGxAGfWrJqYr
TZOFm4UG1ObZCP8gq33LKOzB45UZP5lNE+5Cr68MC6tUF5s/Cai8BiskP+gWiDJQ
LPenKDjaf4H11s98/Dfw86DwKY2zfDXTkJ6nQXjqvnZYsovjeFJVXx9jjBh3i98W
5/VwogbWfwpbnRt/rtDq1MglqvHsL9QjA9CSaHRdy0hy2JmZ9S2msFrMR/DrKfcO
kCr8ciLilxvyCpaYUjRmH38w29YUW6JIImPtBlt4QpYiw9cLsU9RGLZ+nu40AFiC
rzo8xiYO6kXEk5znFRy5JzmiFu5QouhMpeVXXEnBZCt5j+A9DkzwlNShHl3UgWfg
xatllI0FUJsJpIKqQq1jkPdC+fZliN2dDKiVgTmz0VvFwZRCxMz30yhsX1ZhtPGx
U2Z/3xIyOE+OEp2iPnCD4fhBnOc6t39rOX7jhSqim7kCDQRjPGVyARAA2zN8zwUa
i8dkeUYxQDjQxhSZsTsE7VGvL5gGRZhJ8whFNxCcjya9xPbGNnsXh8Zp9MM6Ji7a
1OZt9qzOH3Corgp2KA2ascLLpby5OAnIR5fULfqh5XR6byH/X59myrV88mifGCmM
anEjK+Tw5KybaBEHkNE2G2aUzjrYAMsfQnnHgYT8jUN1LkXqHVftX/0dwrhOcCqJ
YjLP9Vp4gZEz/Y5PQEjaEG3U0YCtaBBmnekBZ8bozO0og5/zbnX+IsY1F0QBsCmZ
+cVSuheWhFIJTBK2jyF8mHzAauOtYHHJQYyRsXNuxt5uqYj1it2Hag2jw7+q+ZDx
7FzqcKyxvT+usczHH5QhtzZpWrgZE+Po/2gmEg7Qz/c1I4Hy7DtOVv7ql8kluGpM
NM3cQYivZ4LD7Qsbnfj72muCD5W+T2c044y8WGE0U7GVTQw2ej6eLXutizlzNTmu
eW1r1OvcLXQUH5Ck2DC8HOauoCRPpRZeP+OQuiJax0VFqGdC1s99TCYow15OKWeE
HYCLIhAqz1oKq/4p92HPEV33kx7cGVPBXagw/KZKFlKTVbhHZxWQQDYkTrh/Fx5p
197U4XUG5qxTmMo03uJeppAyufmfpuHX7JVkHfZfXx1ZJdsXKlMahT3z7GhkJgjm
mPaoUroDS0Ddvs7qzYMprPJpiI3V78Q5lakAEQEAAYkCJQQYAQgADwUCYzxlcgIb
DAUJCWYBgAAKCRDcXtpJfTtL0g5SD/9A8fGzmOpnO7u3zKsER5GPxHVuwc4NRDVa
UIEvTrmfR1DSgrIJR4jQ1I4rGeoZ/7kUaYd6l1b5Apj8zp+Z04l0+nlIKvdd97Mg
Sb4kVuyyeUQN2d83ETBcZQC31061bnjH/W3+j5ojDqvjxPFJ7bz/AmVbi0s9MElc
c9h+jJ8LtK24yNQ6ribq+7X4YY7G87eeCkXY+Rdv96V1aaNNortZHQPNAMQRDrK8
sH2nsyfEifyyf3RGmnhrfvVkpPZvBrtoSZStdHqpbD8NRuZgmHFN2EUE210SgSU0
/W2eGDb/VGgAd7Cfh/qncYZWPxRwcnmkAu+bbdeFiyVoCSMzNKY0+6Ub0B7xmCsH
V144cNW01HAOkv/RtFyUIzpY0RhV1SaJ5XqFFNnWpcYjYR5l2YJACvS39nD1Yd+S
+vCDTddpK1okCfk1oXRN7vUYPBjF7Suu+/Kets9FBGoypK+4L2WlC36XYIpBXohB
r/tMoQhcoq73sp04IG3k1+Am5yiCbDMU3+1UhT/m5tL3o02by0c60RMHU/T6vfE8
qj3FjF7Qy37xoWmPCrWkpwPscG+WDogupBc3RpxGP9ET8Th+HJM0IpQLoKeDYl5I
9z/kRFbY243tkJ1r65TMfa5My9J9ZdP22ZcOR2ql5z2IT7dvuteupaD82ojSXPzJ
uWsnbjV0Rg==
=56r2
-----END PGP PUBLIC KEY BLOCK-----

0
src/user/config/keys/pgp/yubikey.pub.key → src/user/config/keys/pgp/primary.pub.key
View file

121
src/user/config/keys/pgp/work.pub.key
View file

@ -1,121 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGZhwAgBEACsQLogtgJt/+UuNQGDDV3I73sBHZrrEm5JgooOL5GLK+YJSrqh
/fqidBcNft8/V4sycafOvud9OYs7w1EgeOlmGQXtXgZuQaKf161yUztPvuodzIo0
bFGI8NdbyNJVZKgCmvJ3f4H/6f5nxNM6+dp57F8QbvW3hB/W76mCqQSek3kfZPfY
vxZB+OS7lnLRVp+xiW3zAnoBvAW2bWhSR7Jn+sLnaJpRlv4Sk3f3/659hvYOBdtt
/Qp5N0P8BnDPbb6Yt02F7lX/k9QB0P7XXVyj33lUVZdp6aTWNTqDcMcW1BJa7p2K
M6N92QvipVBOQtF63XguFIhQwf60X0O5+LZE1JStsTZh6ALmWei96S2uvHfe/45U
WrZQpnZC6UHpEMgMFliT0Enj/PgpW6/tKLuukO4sZBk7jkdCa1fKYbrMPRdjpml7
T1sJgTLzJ2TWIbZqVy+GOO0Cqz2fi1p1DQxbWnMhLDtnrZBDUpbZigjS648/wclw
xJhhvaWtDNdzpdKCmYl9LETX/S/btDT6xGJDDzYj1ibko+HIarhnPwd51G9nm14J
7NXxZ6hcP82IDy/1cJc7OWTf1FEJKrd41ksuF8aYE3EP2R/SXuGPjyt3VHZCU2Oh
OHqG5Iz+C8iDFsjpkgBucbZwh5VCiW5H55cE9gtta2WItQN8JwAq9NSZowARAQAB
tCtCcnlhbiBSYW1vcyA8YnJ5YW4ucmFtb3NAY29uY3VycmVudC1ydC5jb20+iQJS
BBMBCAA8BQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIXgBYhBK9qiSn9utkVtpBl
QAkI9LTbcsc9BQJmYcDFAhsBAAoJEAkI9LTbcsc9m4YP/RJv95LINYzid76qhFCD
lk/MKj0LXf/+dzZYD3ikKZKN0L0DSRkZdqL7oNCYBf9BYoyDOEv7DQcQF3IlsPjq
fpUeJEi20heASnB5CZ0W3Q74FK972IdlCf2gZM3Kmt6TrxJGiBF5aqRTXw8a4EGE
A9kAcT9vKU4ANnOjybevM7hP2GW2eNiEpJYUAEQ7O5W5Y5w1fVi5eJqU9I5d9fvz
Cp8FQMTgF3DlYc4kq+wSYwwP5v+2T3Pu3wq6fCw8SG39UuuFP5qnYu8lhK16wKFK
5fanqUP2aPArPq2aF6fSSDG5qDaCYY++0ia6HlbFdYPs5/cCyznqnYtW4GISGUyp
urAwfScLNgDj2MUQg2saHsLFa5nnKSaVeqjKRlkN5to13fCGvCFGBP6TrikpmLe7
MY8B+9sYo0coxg/iWwfzLCusjyyYpDBUSCa7/cmsbMcMk/6eFJOPXcdvvkkJ7jGe
wAmAKXxxbJBuWdZ0EYsO6reAIocN0FukeObg913j1Du98uiluAc6DI9j/h8Scb4M
O7J0eQXz+yrc7t2CqTm0QjEpGbslNd6UXtyUnC93ZRcGwtkdIPMZK9Xomf7/vLxa
oJ1Hc9G3UwjV9hfdOfzcNvYPrycIYACOfUPdK+467mgj44kAUj5S/X2LuFgupHor
mKe3Ezwfgz6nNc+/7gFBf8CuuQINBGZhwHIBEADPgrtOfjzof84+v5IVRWlWdnkn
Sugjdp90nuL+OwNFth/ny31pDNhuacItLoQTFSjrJdUwWGfTMQAlAnsRetHI7VcJ
bgLaTClMDp+OVhHf2OvCThgwboxTWFYbLrU6YyF2s6ijty7ZQnkesBEusqH1Jdnd
rqaYSBZ2Lx/dwrEmANebP1WGW9PYHhF22tBWKdrDfe5EXZRk2QjPrnStrbwLWbwn
vHQTQm59jPvclU+Sj89x2AhC9prMPTi7x4dTWHV6sqP6gQEiztium1+nL9tOSQrD
yMe0dFMsvv4gwyic4Dzwnh1f0+Mha0Ov0j5hny3NZ2DeA47bUrsAxIJUO8S6+QZx
8IlruPuyEbHX+1Pmp9OdyAr/hjh4699XXzieBntsIrWiT5zRPDS+xVyv6uItzalw
pKCH1moy7w8d9qGz3IKFGYfzqT1NBSZggH8BQuJxEdBh9te7UoqAP4CUzqr7V1j5
V3NqPhj5J7Fei5JVk+JTNyz5bCkSs7WVccYkeA2nz12rNma0Ix8glhztxkNTqpbY
hIWUYKlkZ+6Azky8iA6wpx2GbdnqmQAtTKwgtkmr0Vmb1b7WJcvWAOVA7/JrNECu
1JL6QyPtQcgwuj8D+VdaA0dl7w6vvMMjbKasMtIcwCdUqub0QcvJhr8p0xc3oYE9
qViIWpdEtkHhRo3yEwARAQABiQRsBBgBCAAgFiEEr2qJKf262RW2kGVACQj0tNty
xz0FAmZhwHICGwICQAkQCQj0tNtyxz3BdCAEGQEIAB0WIQQKdRvp/B6Aqs4lPCbT
PvQ/u0HUtQUCZmHAcgAKCRDTPvQ/u0HUtXRrD/sEfXe5bvUPgj5JAPlUjfziMAAt
IL0z2AWySwaeEhJDEjeYtQAHNRrAn06qnec6erQ4Y6Yzd5sTRtrWCx+WGd+sIi9n
HXC7sc2u0iQEcsK+LQBetdArHbOUQqmn9GE7NDF+H1jQfBKfpiXLKGz8lQsHtHM4
t6CmjokrLBBuS1fTJFjdgl35gJ+VjCvZqjAb749xg1dQrsY2A9WK135rs539rNlE
GotgYRXiL7VRkvoCCy1UFS47OsMFMcdQ+yCj3pKOIvQEJ6uvn4IpzLLpM8FEfQPP
Au/76E525nKN06bzGuBJmVLaOEMA8il5mKFXhexMTT5OUE5avGUV59WfeVsukNeC
QC+ZuZMr/c6hacX4hQwC5KJQWmfxXv0VkzugHGw52dpFU/+zSr1EcviZGxP8jZo4
kh6SeMcihuuciV8gwvdImYR+PtthbTz9KLBPLcMlLWhc6qeuiN/tyNAwapFWbzW4
uqR1iLjshTTpAKDId7NqKsjGaEFlsJeoQo7T5DgP7ojWiuTb0gO7CfF6GOZ5nv3J
LL0lsrnH1rLQGgtlUmvN1iPaBZqcqq4TG0nal6+DABetqPOoOjUZTMEmn9oAtK+8
QukTOPjbX+4abI58A1c0xunbPkX6CFlOV9xUSzt19Sp41BqUGIKhVf7uDHG4ZfJk
84g6YYd+4KiCunNNFOnLEACESWjhgCrvZUmQQ4SBAvtVcWZQcrA1XGZqd0t3olzD
HNu70p/RwhPQSmZeaXfYFXUvGCHc5d/Qvb/kZszKzyHZ/f6OaZm5GtYf9x9kFtWU
Q+jdZTT0lvizUkBHKYKzXQmzBa4TC8Ke4RnVXwE5/pwpOxQzRgpDKiCUh+45QLft
XLSEQibb30PKaLEhLO6pD3yqYNo4+3MTBkYUtfaCbTrixNTJPDs85OMz+EMphnE8
+dY1GYjILNw22dHkrE0I4Mf7ZUE31pn/hwt+h71+4l4aZ/nbCt5uIhfvctG4c+mq
72duQSq7vFdqQX1SBdczlknR7khb9S73VKBgcIIPUtrOl0OwmA57EPOHJ+I56Lqf
qNGByfBLYdn8XxuF8fJRr71Mg/tx0HWIkffkvefPx9TVb0aaNMCS0XgIZG8cqTp/
+o4XSpmL5TZV9+DIyPXZe1LPQDIZA9s9WSX0QajbBPy3BGNUyBStV4ZXsTjZAhcu
Kg5AHY4WFZSdYwAoXxIolvyWw4fZLBNDBEtVlSXDqbW2uowKSb5Q2y7/aGZkYsZA
x/QHFPM19l+twSsW5/kUy8UHr0Mo7BWxM5oijrIeJyqG6txFs8CVF2j2Xn348A52
p31k0Gkh99EVaWNt+JamdR4ymr3B/Thd8My6LMIQx7ZL4LXsFtQSN2xMp3MY/ago
1bkCDQRmYcDKARAA1ef7QCCGxriWc2w+p9oPbgex06Idxr5ZcjrY7nk5jc2WHKxi
3eMQv6FB6rttRKOOhJCi/tI3Uv2gKpsJYk26s9FgZVGpCQMX/8phDRL8ZUdB1QKp
gEx8P4yg9llerD5HnWcJlKJ4i7TFbkq6UaN8ls8W29zR+6OqG+1JtZpUeLU3O1Bb
e9BLDvv/9qqtZhOtKJZwn6oCXlzNWLIa1XWKrGc0UQ3WmfnVhgkySdQBLFZ2NH4N
r6N21NzDPBBgin1lF9HZ1kKnTqII4a+UJZsufXp19bs+wgxunum+qLPd5GMY6CVe
sQ85g12en4+RiCMW+jxFNoTEkmN3rgRO7Ccw3WTamfcUoiIq3l5KaMgUefI6K/wG
/yg2VxAViC3KtLPgYZ39UmTjhdbZpW26FK9Ky4/v+vJu+kjKCELqU7ACR23f0P2E
nS4O0AkotqkA+LeXWoJduq1JXB0a7AXKE6kg6Go8lCbv2Vq34FgGH/+Uz3qHlNdE
ppmYl68/jaxH0mExgl4Csxb/qMZ44AMtYgwfSA/lgR8p80agUAN8Q1ALSZKnOVUN
ALXtlraQEEiE7Zxo8mmU9yai/HDjKcQl19UvopuQ5Bnl/bzrj7CuDdiGFgmD2GNq
gu/4Q1008NR4c26AgA6ecKnzdnWY8OkMhm6Cdp2JtsI2eSZnU4hZyvusxzEAEQEA
AYkCNgQYAQgAIBYhBK9qiSn9utkVtpBlQAkI9LTbcsc9BQJmYcDKAhsMAAoJEAkI
9LTbcsc9FnQP/jh1Z6Tf1wcwzoOchaep21IPGjaKk2MthVAakhP6rLNFj+0WMCqU
SBKJZdkd91eQWa27CPISDly3JvDdLrCX0GOplfA/OHY5UJVX7z/4uUdsqMeMGDpI
yBSQ0HS4vFsaIOGzUIprjFX1jUMsKWUcDVf1l8M342C4040ufW3seK0i2gD66Qkp
AHfHEw+5eRT6dKh1G7eyii7XDp4wRIztt/V+C91M11dZMMnB0ctlvKgnnVl8LKVT
lTyW90Eu9m/X+mRCrtdrP6O6QSlS78w0ollkbwWzxW5VYfry05glO4TKTLC+CFB4
/ebiNXHK81Qdl2mwKHb1U7Wpnt8VAWKSGX/7o99e5n2CmctEEeXbj+RVBTl1yYHD
AuUaaZoijkiitqvVTSm8WIOyJm66OGWTzo55uA8S3Ygh45digj6OMiqennwtRUp4
6r4qN1GEv/v1gobqzmKyvBpqRvDsQysMJzOZ5uFL2G+h8g9xj7xGp3qIeRQEBa4X
w7VpNeHajjwAlxvCYKRxQCIfYdnac5APvbRjQEvxAJ/h4zIuFmY6LTLcbPrsWm49
esJ5EJg26Z1iCE/4xSh4nrqNTsi3PzF9Iz3iZkSz8rfFgsWlO4vEVh1sUKA3LuGc
UeG50NzyEmcqU4kvmdl0+pXepB7UBpEiCsjqDwRolt8Ca4MFiWQ+Rd1euQINBGZh
wOQBEACr0LE4obH5j696i06jnG40mCNmfNdpSnv6uq7IS2GeRXzcgX12sDuvRaBX
M/aNge9N5IFwXV9SZdw53nNXdWu5x79Vizyr2FO8P+aLVvwAavcXqlHPxvtbRhUW
Yp6PW9r+Y7EZJ98tCZkgwQ0F6m7ArOi5Yziy8y7JN+WgVj30Il3JOcY9os/HtBSC
EzvJ5rh1DAExie9KW3Pn+LEECPrp75hSwn/XIHrBZwB5JZ6g6I7M7t+/KWYgtPiT
ex8KPk3NnjMTri1w8FnfC9iMbbRYqMr6fYYdXpp0+WnkJuBKEO+XeO1Q840hJVnk
V9jOIss492boEhZWEtxHzRWTijqXiqJu0VNMIm7WmBZXmHEeynXc0PjYFWDwJ7De
L+FsuKvRJqVmi5TixeFzszO9ghDjJSTFgpXO5gZXc1QgCWrexTV+OpDIPKKwO+V0
fQgYJoKBvlSWXQH0PlUl9FC8HeL5H3LRNqftqKbZtJ0HE+0Sa3AjK3YXszawrA4v
O/+zqjHwbdG9kYsc9gUg/CF6hPcSrUBJYQo6Sb86Dwb2OGL5pXgw0GAlLsMF4Upl
mADxy3haKLd65ou5cwFgoMqevs0m0y6L0LQLtE6DM269jOnTmsDa70HNlBODMj2Y
G4pN73f+PIdpgLzyc+2g3Dcu8xNQ9zTcULIETSFUQ5F5Ta8BtwARAQABiQRsBBgB
CAAgFiEEr2qJKf262RW2kGVACQj0tNtyxz0FAmZhwPsCGyACQMF0IAQZAQgAHRYh
BNFMNrmgN2O008gyP/SMgJ9Pr40xBQJmYcDkAAoJEPSMgJ9Pr40xhC0P/1o7C3yf
Ku6m8+xEvW82b0kBv4KNy9FzDV5CBfD37t79NE8+RYkjm7p2X3BJInb8VgFM/Cp4
zoUOOOTMBlLbZt92XFJSszh8hvOBlFSk/2js9Sgv/bv88jUiJdkW2TyIrb4NH3A0
+HSZHQD9rHeF23Yzj1jomHpdz6jAwF2Or2cCeUa1Lf/o8DqGpOzKUY7i93Yc2hRQ
mWjRdV4bJLmwHVE/YLeiSn/EzYGiaDJ08Y4KfrOP6A2B5ODk4EL71aQoYLLeKRPc
gMq2PmyH/v+DakZBwWAyhf0AcW5IalcQehx9HIhG8H9+lIr1QmxVzA1XumHA3bm7
JPxovnZjOYMa3dd+z+i0Ags+ezluonXD3ow7s31G6tBQbwDLOI2oYNpDz8p7aViP
ieKGTuOelOBWk3Uo9zZjg8MNqJpo2a1nvGM/rRo9DeflX3B7sitalyeXFPmVCDCB
/ShMiiRAQPnRk+NrFdyEdrE8BmlHWOXhpHchF/KdZLHKETox/7eejYLxeS/D7L6q
YNDe5aCxxa1j9ZhYgh3xGE3BScMNOBZcUAmHb5EcPDkPI4wlwEGkvwKy02NtpD2s
UunZB0FZlpuCbAo1WQNxlSn9DtPda8LlrtSts71Rd0Cg5hlrVz3MeeXEiFuI6NQI
kKKqzkICa2xmdrac/psmPV+0ututxg3IAXF9CRAJCPS023LHPVlDD/9/eJly6fGy
O/hq//a26u4G3TB7ytQ1WXZ5vpHN5KlCl5TzBdyt38fA4NyW7q4JP0RbaNPPIzm8
x47WmhEu88wkujNG3+uriM7Ku6CGte9ZDGfB2SSIMqVZczBWrfK2LEsjYKEOeGVJ
gJg6zAcDZ3HZSG2iGUme7RcU+bkRKq8YS3dlpRKi5lVwnEhsy6p17HnVaPpQfzLw
K+Yh2/+s9HJ4jA3yX7KMo7r+qaP8QytT+gTNHgEHWqtUrhMIWV4seaocCiohE2tH
VyOJIAeYZUDbrbSQ92vViutga+jNY6HfSudI2l08Ri1eEVu1rMSN5wQr8jWSyaRN
4kbsHmvoEynEbooETU0qFNW1BHiclud70E2P6teCGzHTIkLW6wA7w0jFAQmeh5VA
2SxagRyZFmK3e6aBImBDcAfPJJmszI739mQukpCwiYCBtMCoPxhdRNQ2diimragf
oyfbltRYs3ko0KGvb9vQUNNbRLLjzPL42GXou8Qh20emTf4/umeUmOZVq3AxZXcE
YjTNK3GMrey7oq/jJd305hekweDRDi6MmYBX93sKtR/CrmS5072xypBJkFHGtOwd
NkWkspfpqUH+JpjPDG5ift9Q69dteGvyIhe7tAQN6QtDj8jZpa1wiBZ1C8DDjv2C
Vv2c5XcFneMcDVBQ28VlwQ2fbIoDokz3Iw==
=my/o
-----END PGP PUBLIC KEY BLOCK-----

5
src/user/config/keys/ssh/README.md
View file

@ -1,5 +0,0 @@
# SSH Keys
yubikey.pub.key -> PGP derived from `pgp.yubikey.pub.key`
work.pub.key - ?
graphone.pub.key -> For Android `pass`

1
src/user/config/keys/ssh/android.pub.key Normal file
View file

@ -0,0 +1 @@
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJM1HutPcWXdeTaAXY7ha8SlgeZFtLJGwNa3Kd/DL/R38fq5+fkh3iCoHgv+iiKcordtVTMhbOsHhz3H+Jm274c="

1
src/user/config/keys/ssh/graphone.pub.key
View file

@ -1 +0,0 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJM1HutPcWXdeTaAXY7ha8SlgeZFtLJGwNa3Kd/DL/R38fq5+fkh3iCoHgv+iiKcordtVTMhbOsHhz3H+Jm274c=

1
src/user/config/keys/ssh/primary.pub.key Normal file
View file

@ -0,0 +1 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl4895aB9P5p/lp8Hq5rHun4clvhyTSHFi3U2d6OOBoW5Fm+VcQnW/xbjmCBsXk5BdiowsBxQhwnzdfz/KJL7J5RobomUEaVRwb9UwT88eJveLp14BG8j2J3SjfyhrCX+4jkPx0bPQk1HGcuYY+tPEXf1q/ps88Dhu0CARBIzYQOTYY6b1qWzxpDoFZGHjKG8g5iY6FIu65yKKvvVy1f8IgZ3l3IpwBWVamxgkTcYY0QYSrmzo1n7TXxwrWbvenAqBsQ0cBPs+gVa3uIr+1TJl0Az5SElBVGu3LvUdlk58trtPUj6TQR3YUkg7Vjll7WHOdqhux5ZQNhjkOsHerf0Tw86e6cEzgeTuIbQHIb0LcsUunwKcuh2+au7RO599cvHn0+xZE5MZBxloDDaJ3JsiliM8kyPP/U3ERj03cWLW7BqbT+sfjAOl21RCzk0iQxk1wt/8VmtCr9Adv7IyrtaYvf/bwRP+g+9ldmzKGt8Mdb605uVzZ70H/LLm17f40Te+QHaex5by/6p6cuwEEZtgIg53Wpglu0rA6UxrBfQEHKl/Jt3FLeE0mnEyYkkR2MnHNtyWRIXtuqYZMAm2Ub1pFHH7jQV1gGiDVTw6a2eIwK21a/hXtRjFUpFd1nB1n+KNfJBE4zT3wm3Ud7mKw/6rWnoRyhYZvGXkFdp+iEs49Q=="

1
src/user/config/keys/ssh/work.pub.key
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXYU5c7AUD5tQQdpzQ73yy3ti3R7dArZ+f/wETN7L2Z2Hw6zo6hDid9/Q4yxdgM/FlTj/Ok2DHBWqxJsEe3S4shwsT9l2qJatjdcUK6zH3/0nFPxGYIaByj87aZ+5dwMoWNGlioPWciUdKeovvau1PwvdBxPabHHap6nwC9yPaSIVbZi4GgYv/zEvOB4LVYLuxLqr0pPdMNz1ddjmjsQCq5alC33jSZWkABERw3GlF02dNHbUq6cZlFq9BudbNWBQ8zFgj/C8amK4DHUSeU8w+ckTmO5PjDjINOnFr8kytDap+/5AQ6kr618evJ2JCwnBj6txb3SVGhcvn3/DJjf2H7flVhZEWIMEMu7452SXfz9mxp3Vu3UMJkjHUj6Lxl302M318k9j+w1fa8EHO7OQHQZajNKrEP5/UK2CDfpP2KIybX5HnEqBcEqoSKhRt7ytNX6VGzURk3/mmk9L+An5z7ve+zqlgNOA8uaIoebB4476+n5pGiNIedO3FRjPofEidYjf5NTZ9YDpqFc5KbfbhduuP63G/kqmgTxXMuTsWINY2xKEc0BPnlEGfezMN+eQpwWINOUxW1ZEk3OYMvC91EndbVwxVbm3aze9894T3+wVTipJ88xARCQeQpu1eaWDSaNduD+8LAouQiTA4whM+jBEeQoWZe6Wf6W4tBeCZ6Q==

1
src/user/config/keys/ssh/yubikey.pub.key
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl4895aB9P5p/lp8Hq5rHun4clvhyTSHFi3U2d6OOBoW5Fm+VcQnW/xbjmCBsXk5BdiowsBxQhwnzdfz/KJL7J5RobomUEaVRwb9UwT88eJveLp14BG8j2J3SjfyhrCX+4jkPx0bPQk1HGcuYY+tPEXf1q/ps88Dhu0CARBIzYQOTYY6b1qWzxpDoFZGHjKG8g5iY6FIu65yKKvvVy1f8IgZ3l3IpwBWVamxgkTcYY0QYSrmzo1n7TXxwrWbvenAqBsQ0cBPs+gVa3uIr+1TJl0Az5SElBVGu3LvUdlk58trtPUj6TQR3YUkg7Vjll7WHOdqhux5ZQNhjkOsHerf0Tw86e6cEzgeTuIbQHIb0LcsUunwKcuh2+au7RO599cvHn0+xZE5MZBxloDDaJ3JsiliM8kyPP/U3ERj03cWLW7BqbT+sfjAOl21RCzk0iQxk1wt/8VmtCr9Adv7IyrtaYvf/bwRP+g+9ldmzKGt8Mdb605uVzZ70H/LLm17f40Te+QHaex5by/6p6cuwEEZtgIg53Wpglu0rA6UxrBfQEHKl/Jt3FLeE0mnEyYkkR2MnHNtyWRIXtuqYZMAm2Ub1pFHH7jQV1gGiDVTw6a2eIwK21a/hXtRjFUpFd1nB1n+KNfJBE4zT3wm3Ud7mKw/6rWnoRyhYZvGXkFdp+iEs49Q==

1
src/user/config/nvim
View file

@ -1 +0,0 @@
../modules/utils/modules/neovim/config/nvim

1
src/user/config/vim
View file

@ -1 +0,0 @@
../modules/utils/modules/vim/vim/

13
src/user/default.nix
View file

@ -4,15 +4,10 @@ let
entries = builtins.readDir dir; entries = builtins.readDir dir;
names = builtins.attrNames entries; names = builtins.attrNames entries;
excludedDirs = [ "config" "scripts" ]; isModuleDir = path:
isSubmodule = path:
builtins.pathExists "${path}/.git" &&
builtins.readFileType "${path}/.git" == "regular";
isModuleDir = path:
builtins.pathExists path && builtins.pathExists path &&
builtins.readFileType path == "directory" && builtins.readFileType path == "directory" &&
!(builtins.elem (builtins.baseNameOf path) excludedDirs) && builtins.baseNameOf path != "config";
!(isSubmodule path);
isModule = file: file == "default.nix"; isModule = file: file == "default.nix";
isNix = file: builtins.match ".*\\.nix" file != null && file != "default.nix"; isNix = file: builtins.match ".*\\.nix" file != null && file != "default.nix";
@ -24,9 +19,9 @@ let
if isModuleDir path then if isModuleDir path then
mkModules path false mkModules path false
else if isModule name && !isRoot then else if isModule name && !isRoot then
[ dir ] [dir]
else if isNix name then else if isNix name then
[ path ] [path]
else else
[] []
) names; ) names;

17
src/user/modules/bash/config/alias.nix Normal file
View file

@ -0,0 +1,17 @@
{ lib, config, ... }:
with lib;
let
gui = config.modules.user.gui.wm;
wm = {
enable = builtins.any (mod: mod.enable or false) (builtins.attrValues gui);
};
in
{
cd = "cd -L";
grep = "grep --color";
tree = "eza --tree --icons=never";
lt = mkForce "eza --tree --icons=never";
open = mkIf wm.enable "xdg-open";
}

1
src/user/modules/bash/config/bash

@ -1 +0,0 @@
Subproject commit 79eb823bbb9ff88f284ae055fe1de954df8bf2e0

6
src/user/modules/bash/config/bashrc.nix Normal file
View file

@ -0,0 +1,6 @@
''
set -o vi
bind 'set completion-ignore-case on'
bind 'set completion-map-case on'
''

155
src/user/modules/bash/config/prompt.nix Normal file
View file

@ -0,0 +1,155 @@
{ config, lib, ... }:
with lib;
let
git = config.modules.user.git;
gui = config.modules.user.gui.alacritty;
in
''
check_ssh() {
if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then
ssh_PS1="\n\[\033[01;37m\]\u@\h:\[\033[00m\]\n"
return 0
fi
}
${optionalString git.enable ''
check_venv() {
add_icon() {
local icon=$1
if [[ ! $venv_icons =~ $icon ]]; then
venv_icons+="$icon "
fi
}
remove_icon() {
local icon=$1
venv_icons=''${venv_icons//$icon/}
}
py="py"
js="js"
nix="nix"
${if gui.enable then ''
if [ -n "$DISPLAY" ]; then
py=""
js="󰌞"
nix=""
fi
'' else ''
''}
python_icon="\[\033[01;33m\]$py\[\033[00m\]"
node_icon="\[\033[01;93m\]$js\[\033[00m\]"
nix_icon="\[\033[01;34m\]$nix\[\033[00m\]"
if [ -n "$IN_NIX_SHELL" ]; then
add_icon "$nix_icon"
else
remove_icon "$nix_icon"
fi
if [ -n "$VIRTUAL_ENV" ]; then
add_icon "$python_icon"
else
remove_icon "$python_icon"
fi
if [ -d "''${git_root}/node_modules" ]; then
add_icon "$node_icon"
else
remove_icon "$node_icon"
fi
}
set_git_dir() {
${if gui.enable then ''
if [ -n "$DISPLAY" ]; then
project_icon=" "
else
project_icon="../"
fi
'' else ''
project_icon="../"
''}
local superproject_root=$(git rev-parse --show-superproject-working-tree 2>/dev/null)
if [[ -n "$superproject_root" ]]; then
local submodule_name=$(basename "$git_root")
working_dir="\[\033[01;34m\]$project_icon''${superproject_root##*/}/$submodule_name$git_curr_dir\[\033[00m\]"
elif [ "$git_curr_dir" == "." ]; then
working_dir="\[\033[01;34m\]$project_icon$git_root_dir\[\033[00m\]"
return 0
else
working_dir="\[\033[01;34m\]$project_icon$git_root_dir$git_curr_dir\[\033[00m\]"
return 0
fi
}
relative_path() {
local absolute_target=$(readlink -f "$1")
local absolute_base=$(readlink -f "$2")
echo "''${absolute_target#$absolute_base}"
}
check_project() {
local git_root=$(git rev-parse --show-toplevel 2>/dev/null)
if [ -n "$git_root" ]; then
local git_branch=$(git branch --show-current 2>/dev/null)
if [ -z "$git_branch" ]; then
git_branch=$(git describe --tags --exact-match 2>/dev/null)
git_branch=''${git_branch:-$(git rev-parse --short HEAD 2>/dev/null)}
fi
local git_curr_dir=$(relative_path "." "$git_root")
local git_root_dir=$(basename "$git_root")
${if gui.enable then ''
if [ -n "$DISPLAY" ]; then
git_branch_PS1="\[\033[01;31m\]$git_branch 󰘬:\[\033[00m\]"
else
git_branch_PS1="\[\033[01;31m\]$git_branch:\[\033[00m\]"
fi
'' else ''
git_branch_PS1="\[\033[01;31m\]$git_branch:\[\033[00m\]"
''}
set_git_dir
check_venv
return 0
fi
}
''}
function set_prompt() {
local green_arrow="\[\033[01;32m\]>> "
local white_text="\[\033[00m\]"
local working_dir="\[\033[01;34m\]\w\[\033[00m\]"
local ssh_PS1
check_ssh
${optionalString git.enable ''
local venv_icons
local git_branch_PS1
check_project
''}
${if git.enable
then
''PS1="$ssh_PS1$working_dir\n$venv_icons$green_arrow$git_branch_PS1$white_text"''
else
''PS1="$ssh_PS1$working_dir\n$green_arrow$white_text"''
}
return 0
}
PROMPT_COMMAND="set_prompt"
''

2
src/user/modules/bash/config/shellHook.nix
View file

@ -29,7 +29,7 @@ case $- in
fi fi
''} ''}
${optionalString tmux.enable '' ${optionalString tmux.enable ''
if [ -z "$DISPLAY" ] && [ -z "$TMUX" ] && [ -z "$SSH_TTY" ]; then if [ -z "$DISPLAY" ] && [ -z "$TMUX" ]; then
exec tmux exec tmux
fi fi
''} ''}

12
src/user/modules/bash/default.nix
View file

@ -9,15 +9,13 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.bash = { programs.bash = {
enable = true; enable = true;
initExtra = "source ~/.config/bash/bashrc"; enableCompletion = true;
initExtra = import ./config/prompt.nix { inherit lib config; };
bashrcExtra = import ./config/bashrc.nix;
shellAliases = import ./config/alias.nix { inherit lib config; };
profileExtra = import ./config/shellHook.nix { inherit lib config; }; profileExtra = import ./config/shellHook.nix { inherit lib config; };
}; };
# .bashrc
home.file.".config/bash" = {
source = ./config/bash;
recursive = true;
};
programs = { programs = {
ripgrep.enable = true; ripgrep.enable = true;

0
src/user/modules/git/scripts/cdg.nix → src/user/modules/git/config/bashScripts/cdg.nix
View file

43
src/user/modules/git/default.nix
View file

@ -10,23 +10,44 @@ in
programs = { programs = {
git = { git = {
enable = true; enable = true;
}; package = pkgs.gitSVN;
extraConfig = {
init = { defaultBranch = "master"; };
#format = { pretty = "oneline"; };
#log = { abbrevCommit = true; };
mergetool = {
vimdiff = {
trustExitCode = true;
};
};
merge = { tool = "vimdiff"; };
safe = {
directory = [
"/etc/nixos"
"/boot"
];
};
};
ignores = [
"node_modules"
".direnv"
"dist-newstyle"
".nuxt/"
".output/"
"dist"
"result"
];
} // config.user.gitConfig;
gh = { gh = {
enable = true; enable = true;
settings.git_protocol = "ssh"; settings.git_protocol = "ssh";
}; };
}; };
home = { home.packages = with pkgs; [
packages = with pkgs; [ git-crypt
git-crypt ];
];
file.".config/git" = {
source = ./git;
recursive = true;
};
};
programs.bash.initExtra = import ./scripts/cdg.nix; programs.bash.initExtra = import ./config/bashScripts/cdg.nix;
}; };
} }

1
src/user/modules/git/git

@ -1 +0,0 @@
Subproject commit d394ee0594e8b1162f05547c3f7da817b6fcb62a

8
src/user/modules/gui/modules/alacritty/config/alacritty.nix
View file

@ -54,22 +54,22 @@ in
font = { font = {
size = 12; size = 12;
normal = { normal = {
family = "Terminess Nerd Font Propo"; family = "Terminus";
style = "Regular"; style = "Regular";
}; };
bold = { bold = {
family = "Terminess Nerd Font Propo"; family = "Terminus";
style = "Bold"; style = "Bold";
}; };
italic = { italic = {
family = "Terminess Nerd Font Propo"; family = "Terminus";
style = "Italic"; style = "Italic";
}; };
bold_italic = { bold_italic = {
family = "Terminess Nerd Font Propo"; family = "Terminus";
style = "Bold Italic"; style = "Bold Italic";
}; };
}; };

BIN
src/user/modules/gui/modules/browsers/chromium/config/extensions/browserpass.crx Normal file
View file

Binary file not shown.

BIN
src/user/modules/gui/modules/browsers/chromium/config/extensions/ublock.crx Normal file
View file

Binary file not shown.

BIN
src/user/modules/gui/modules/browsers/chromium/config/extensions/vimium.crx Normal file
View file

Binary file not shown.

43
src/user/modules/gui/modules/browsers/chromium/default.nix
View file

@ -8,40 +8,24 @@ in
{ options.modules.user.gui.browser.chromium = { enable = mkEnableOption "Enable Chromium browser"; }; { options.modules.user.gui.browser.chromium = { enable = mkEnableOption "Enable Chromium browser"; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs = { programs = {
chromium = rec { chromium = {
enable = true; enable = true;
package = pkgs.ungoogled-chromium; package = pkgs.ungoogled-chromium;
extensions = extensions = [
let {
vrs = package.version;
in
[
rec {
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
crxPath = builtins.fetchurl { crxPath = /home/${config.user.name}/.config/chromium/Extensions/ublock.crx;
url = "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=${vrs}&acceptformat=crx2,crx3&x=id%3D${id}%26uc"; version = "1.58.0";
name = "ublock_${version}.crx";
sha256 = "0ycnkna72n969crgxfy2lc1qbndjqrj46b9gr5l9b7pgfxi5q0ll";
};
version = "1.62.0";
} }
rec { {
id = "dbepggeogbaibhgnhhndojpepiihcmeb"; id = "dbepggeogbaibhgnhhndojpepiihcmeb";
crxPath = builtins.fetchurl { crxPath = /home/${config.user.name}/.config/chromium/Extensions/vimium.crx;
url = "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=${vrs}&acceptformat=crx2,crx3&x=id%3D${id}%26uc";
name = "vimium_${version}.crx";
sha256 = "0m8xski05w2r8igj675sxrlkzxlrl59j3a7m0r6c8pwcvka0r88d";
};
version = "2.1.2"; version = "2.1.2";
} }
rec { {
id = "naepdomgkenhinolocfifgehidddafch"; id = "naepdomgkenhinolocfifgehidddafch";
crxPath = builtins.fetchurl { crxPath = /home/${config.user.name}/.config/chromium/Extensions/browserpass.crx;
url = "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=${vrs}&acceptformat=crx2,crx3&x=id%3D${id}%26uc"; version = "3.8.0";
name = "browserpass_${version}.crx";
sha256 = "074sc9hxh7vh5j79yjhsrnhb5k4dv3bh5vip0jr30hkkni7nygbd";
};
version = "3.9.0";
} }
]; ];
}; };
@ -49,5 +33,12 @@ in
enable = true; enable = true;
}; };
}; };
home = {
file.".config/chromium/Extensions" = {
source = ./config/extensions;
recursive = true;
};
};
}; };
} }

35
src/user/modules/gui/modules/browsers/firefox/default.nix
View file

@ -22,7 +22,7 @@ let
}; };
assertions = assertions =
let let
pinentry = config.services.gpg-agent.pinentry.package; pinentry = config.services.gpg-agent.pinentryPackage;
in in
[ [
{ {
@ -41,29 +41,17 @@ in
profiles = { profiles = {
"${config.user.name}" = { "${config.user.name}" = {
isDefault = true; isDefault = true;
#bookmarks = config.user.bookmarks; bookmarks = config.user.bookmarks;
extensions = {
packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
tridactyl
#darkreader
tampermonkey
clearurls
passff
multi-account-containers
];
};
search = { search = {
force = true; force = true;
default = "google"; default = "Google";
engines = { engines = {
"Startpage" = { "Startpage" = {
urls = [{ urls = [{
template = "https://www.startpage.com/sp/search?q={searchTerms}"; template = "https://www.startpage.com/sp/search?q={searchTerms}";
}]; }];
icon = "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico"; iconUpdateURL = "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico";
}; };
}; };
}; };
@ -318,12 +306,15 @@ in
"media.videocontrols.picture-in-picture.enabled" = false; "media.videocontrols.picture-in-picture.enabled" = false;
}; };
};
}; extensions = with pkgs.nur.repos.rycee.firefox-addons; [
policies = { ublock-origin
WebsiteFilter = { tridactyl
Block = [ #darkreader
"*://*.pokemonshowdown.com/*" tampermonkey
clearurls
passff
multi-account-containers
]; ];
}; };
}; };

40
src/user/modules/gui/modules/corn/default.nix
View file

@ -8,29 +8,29 @@ in
{ options.modules.user.gui.corn = { enable = mkEnableOption "Enable Bitcoin client applications"; }; { options.modules.user.gui.corn = { enable = mkEnableOption "Enable Bitcoin client applications"; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
#trezor-suite trezor-suite
#trezorctl trezorctl
#trezord trezord
sparrow sparrow
]; ];
#systemd.user.services = { systemd.user.services = {
# trezord = { trezord = {
# Unit = { Unit = {
# Description = "Trezor Bridge"; Description = "Trezor Bridge";
# After = [ "network.target" ]; After = [ "network.target" ];
# Wants = [ "network.target" ]; Wants = [ "network.target" ];
# PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
# }; };
# Service = { Service = {
# ExecStart = "${pkgs.trezord}/bin/trezord-go"; ExecStart = "${pkgs.trezord}/bin/trezord-go";
# Restart = "always"; Restart = "always";
# }; };
# Install = { Install = {
# WantedBy = [ "default.target" ]; WantedBy = [ "default.target" ];
# }; };
# }; };
#}; };
}; };
} }

18
src/user/modules/gui/modules/fun/default.nix
View file

@ -7,17 +7,17 @@ let
in in
{ options.modules.user.gui.fun = { enable = mkEnableOption "Enable entertainment apps"; }; { options.modules.user.gui.fun = { enable = mkEnableOption "Enable entertainment apps"; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
#programs.obs-studio = { programs.obs-studio = {
# enable = true; enable = true;
# plugins = with pkgs.obs-studio-plugins; [ plugins = with pkgs.obs-studio-plugins; [
# wlrobs wlrobs
# obs-pipewire-audio-capture obs-pipewire-audio-capture
# input-overlay input-overlay
# ]; ];
#}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
ytmdesktop spotify
discordo discordo
webcord webcord
]; ];

2
src/user/modules/gui/modules/writing/default.nix
View file

@ -9,9 +9,9 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
mdbook mdbook
texlive.combined.scheme-tetex
pandoc pandoc
asciidoctor asciidoctor
evince
]; ];
}; };
} }

2
src/user/modules/gui/wm/hyprland/config/rofi/default.nix
View file

@ -5,7 +5,7 @@ let
in in
{ {
enable = true; enable = true;
package = pkgs.rofi; package = pkgs.rofi-wayland;
location = "center"; location = "center";
terminal = "\${pkgs.alacritty}/bin/alacritty"; terminal = "\${pkgs.alacritty}/bin/alacritty";
plugins = with pkgs; [ plugins = with pkgs; [

8
src/user/modules/gui/wm/hyprland/config/waybar/config
View file

@ -2,7 +2,7 @@
"layer": "top", "layer": "top",
"position": "top", "position": "top",
"output": "HDMI-A-1", "output": "HDMI-A-1",
"modules-left": [ "custom/logo", "clock", "custom/blockheight", "custom/price", "memory", "cpu" ], "modules-left": [ "custom/logo", "clock", "custom/weather", "custom/blockheight", "custom/price", "memory", "cpu" ],
"modules-center": [ "hyprland/workspaces" ], "modules-center": [ "hyprland/workspaces" ],
"modules-right": [ "tray", "pulseaudio", "network" ], "modules-right": [ "tray", "pulseaudio", "network" ],
"reload_style_on_change":true, "reload_style_on_change":true,
@ -10,7 +10,7 @@
"custom/logo": { "custom/logo": {
"format": "", "format": "",
"tooltip": false, "tooltip": false,
"on-click": "alacritty --class sys-specs -e bash -c 'fastfetch; read -n 1'" "on-click": "alacritty -e neofetch"
}, },
"hyprland/workspaces": { "hyprland/workspaces": {
@ -75,7 +75,7 @@
"cpu": { "cpu": {
"interval": 1, "interval": 1,
"format": "<span color='#ffd808'> </span><span color='#ffffff'> {usage}%</span>", "format": "<span color='#ffd808'> </span><span color='#ffffff'>{usage}%</span>",
"min-length": 6, "min-length": 6,
"max-length": 6, "max-length": 6,
"format-icons": ["▁", "▂", "▃", "▄", "▅", "▆", "▇", "█"], "format-icons": ["▁", "▂", "▃", "▄", "▅", "▆", "▇", "█"],
@ -108,7 +108,7 @@
"default": ["","",""] "default": ["","",""]
}, },
"justify": "center", "justify": "center",
"on-click": "alacritty -e pulsemixer", "on-click": "pavucontrol",
"tooltip-format": "{volume}%" "tooltip-format": "{volume}%"
}, },

BIN
src/user/modules/gui/wm/hyprland/config/waybar/scripts/getPrice
View file

Binary file not shown.

2
src/user/modules/gui/wm/hyprland/config/waybar/style.css
View file

@ -1,7 +1,7 @@
* { * {
border: none; border: none;
font-size: 14px; font-size: 14px;
font-family: "Terminus Nerd Font Propo" ; font-family: "Terminus" ;
min-height: 25px; min-height: 25px;
} }

68
src/user/modules/gui/wm/hyprland/default.nix
View file

@ -1,19 +1,16 @@
{ pkgs, lib, config, monitors ? [], ... }: { pkgs, lib, config, ... }:
with lib; with lib;
let let
cfg = config.modules.user.gui.wm.hyprland; cfg = config.modules.user.gui.wm.hyprland;
wallpaper = builtins.fetchurl { wallpaper = builtins.fetchurl {
url = "https://images6.alphacoders.com/117/1174033.png"; url = "https://images6.alphacoders.com/117/1174033.png";
sha256 = "1ph5m9s57076jx6042iipqx2ifzadmd5z4lf5l49wgq4jb92mp16"; sha256 = "1ph5m9s57076jx6042iipqx2ifzadmd5z4lf5l49wgq4jb92mp16";
}; };
toHyprlandMonitor = m:
"${m.name}, ${toString m.width}x${toString m.height}@${toString m.refreshRate}, ${toString m.x}x${toString m.y}, ${toString m.scale}";
in in
{ options.modules.user.gui.wm.hyprland = { enable = mkEnableOption "Enable Hyprland WM"; }; { options.modules.user.gui.wm.hyprland = { enable = mkEnableOption "Enable hyprland module"; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
@ -24,13 +21,13 @@ in
"$terminal" = "${pkgs.alacritty}/bin/alacritty"; "$terminal" = "${pkgs.alacritty}/bin/alacritty";
"$menu" = "rofi -show drun -show-icons -drun-icon-theme Qogir -font 'Noto Sans 14'"; "$menu" = "rofi -show drun -show-icons -drun-icon-theme Qogir -font 'Noto Sans 14'";
monitor = if monitors != [] monitor = [
then map toHyprlandMonitor monitors "HDMI-A-1, 1920x1080, 0x0, 1"
else [ ", preferred, auto, 1" ]; "DP-1, 1920x1080, 1920x0, 1"
];
exec-once = [ exec-once = [
"waybar" "waybar"
"hyprctl setcursor Vanilla-DMZ 24"
]; ];
bind = [ bind = [
@ -50,9 +47,9 @@ in
"$mod, F, fullscreen" "$mod, F, fullscreen"
", Print, exec, grim ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png" ", Print, exec, grim ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png"
"$mod&SHIFT, Print, exec, grim -g \"$(slurp)\" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png" "SHIFT, Print, exec, grim -g \"$(slurp)\" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png"
"$mod&SHIFT, F, exec, alacritty -e sh -c 'EDITOR=nvim ranger'" "$mod&SHIFT, F, exec, alacritty -e sh -c 'EDITOR=nvim ranger'"
''SHIFT, Print, exec, grim -g "$(hyprctl activewindow -j | jq -r '"\(.at[0]),\(.at[1]) \(.size[0])x\(.size[1])"')" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png'' #''$mod&SHIFT, Print, exec, sh -c 'grim -g "$(swaymsg -t get_tree | jq -j '"'"'.. | select(.type?) | select(.focused).rect | "\(.x),\(.y) \(.width)x\(.height)"'"'"')" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png'"''
"$mod, D, exec, $menu" "$mod, D, exec, $menu"
"$mod&SHIFT, D, exec, rofi -modi emoji -show emoji" "$mod&SHIFT, D, exec, rofi -modi emoji -show emoji"
@ -77,7 +74,6 @@ in
windowrulev2 = [ windowrulev2 = [
"float, title:(Android Emulator)" "float, title:(Android Emulator)"
"float, title: Extension: (PassFF)" "float, title: Extension: (PassFF)"
"float, size 400 600, stayfocused, class:sys-specs"
]; ];
general = { general = {
@ -98,21 +94,12 @@ in
kb_layout = "us"; kb_layout = "us";
follow_mouse = 1; follow_mouse = 1;
accel_profile = "flat"; accel_profile = "flat";
sensitivity = 0.35; sensitivity = 0;
};
cursor = {
inactive_timeout = 0;
no_hardware_cursors = true;
hide_on_touch = false;
use_cpu_buffer = 0;
enable_hyprcursor = false;
}; };
env = [ env = [
"HYPRCURSOR_THEME,Vanilla-DMZ" "HYPRCURSOR_SIZE, 24"
"HYPRCURSOR_SIZE,24" "GTK_THEME, Juno-ocean"
"GTK_THEME,Juno"
"LIBVA_DRIVER_NAME,nvidia" "LIBVA_DRIVER_NAME,nvidia"
"XDG_SESSION_TYPE,wayland" "XDG_SESSION_TYPE,wayland"
@ -124,7 +111,7 @@ in
programs.rofi = { programs.rofi = {
enable = true; enable = true;
package = pkgs.rofi; package = pkgs.rofi-wayland;
location = "center"; location = "center";
terminal = "alacritty"; terminal = "alacritty";
plugins = with pkgs; [ plugins = with pkgs; [
@ -145,7 +132,7 @@ in
}; };
packages = with pkgs; [ packages = with pkgs; [
pulsemixer pavucontrol
xdg-utils xdg-utils
wl-clipboard wl-clipboard
cliphist cliphist
@ -159,9 +146,10 @@ in
ranger ranger
highlight highlight
terminus-nerdfont
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk
noto-fonts-color-emoji noto-fonts-emoji
]; ];
sessionVariables = { sessionVariables = {
@ -192,17 +180,13 @@ in
gtk = { gtk = {
enable = true; enable = true;
theme = { theme = {
name = "Juno"; name = "Juno-ocean";
package = pkgs.juno-theme; package = pkgs.juno-theme;
}; };
iconTheme = { iconTheme = {
name = "Qogir"; name = "Qogir";
package = pkgs.qogir-icon-theme; package = pkgs.qogir-icon-theme;
}; };
cursorTheme = {
package = pkgs.vanilla-dmz;
name = "Vanilla-DMZ";
};
gtk3.extraConfig = { gtk3.extraConfig = {
gtk-application-prefer-dark-theme = 1; gtk-application-prefer-dark-theme = 1;
}; };
@ -214,20 +198,18 @@ in
qt = { qt = {
enable = true; enable = true;
style = { style = {
name = "juno"; name = "juno-ocean";
package = pkgs.juno-theme; package = pkgs.juno-theme;
}; };
platformTheme.name = "gtk"; platformTheme.name = "gtk";
}; };
xdg = { xdg.portal = {
portal = { enable = true;
enable = true; extraPortals = with pkgs; [
extraPortals = with pkgs; [ xdg-desktop-portal-hyprland
xdg-desktop-portal-hyprland ];
]; config.common.default = "*";
config.common.default = "*";
};
}; };
programs = { programs = {

7
src/user/modules/gui/wm/i3/config/rofi/config/config.rasi
View file

@ -1,7 +0,0 @@
configuration {
font: "SF Pro Rounded 10";
show-icons: true;
kb-cancel: "Escape,Alt+F1";
}
@theme "~/.config/rofi/material-ocean.rasi"

95
src/user/modules/gui/wm/i3/config/rofi/config/material-ocean.rasi
View file

@ -1,95 +0,0 @@
* {
background: #0f111a;
foreground: #f1f1f1;
selected: #ff4151;
}
window {
transparency: "real";
background-color: @background;
text-color: @foreground;
}
prompt {
enabled: true;
padding: 4px 4px 6px 6px;
background-color: @background;
text-color: @foreground;
}
textbox-prompt-colon {
expand: false;
background-color: @background;
padding: 4px 0px 0px 6px;
}
inputbar {
children: [ textbox-prompt-colon, entry ];
background-color: @background;
text-color: @foreground;
expand: false;
border: 0px 0px 0px 0px;
border-radius: 0px;
border-color: @selected;
margin: 0px 0px 0px 0px;
padding: 0px 0px 4px 0px;
position: center;
}
entry {
background-color: @background;
text-color: @foreground;
placeholder-color: @foreground;
expand: true;
horizontal-align: 0;
blink: true;
padding: 4px 0px 0px 4px;
}
case-indicator {
background-color: @background;
text-color: @foreground;
spacing: 0;
}
listview {
background-color: @background;
columns: 1;
spacing: 5px;
cycle: true;
dynamic: true;
layout: vertical;
}
mainbox {
background-color: @background;
children: [ inputbar, listview ];
spacing: 5px;
padding: 5px 5px 5px 5px;
}
element {
background-color: @background;
text-color: @foreground;
orientation: horizontal;
border-radius: 4px;
padding: 6px 6px 6px 6px;
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
element-icon {
size: 18px;
border: 4px;
}
element selected {
background-color: @selected;
text-color: @background;
border: 0px;
border-radius: 0px;
border-color: @selected;
}

183
src/user/modules/gui/wm/i3/config/rofi/default.nix
View file

@ -1,183 +0,0 @@
{ pkgs, config, ... }:
let
inherit (config.lib.formats.rasi) mkLiteral;
in
{
enable = true;
package = pkgs.rofi;
location = "center";
terminal = "\${pkgs.alacritty}/bin/alacritty";
plugins = with pkgs; [
rofi-emoji
];
#theme = {
# "*" = {
# nord0 = mkLiteral "#2e3440";
# nord1 = mkLiteral "#3b4252";
# nord2 = mkLiteral "#434c5e";
# nord3 = mkLiteral "#4c566a";
# nord4 = mkLiteral "#d8dee9";
# nord5 = mkLiteral "#e5e9f0";
# nord6 = mkLiteral "#eceff4";
# nord7 = mkLiteral "#8fbcbb";
# nord8 = mkLiteral "#88c0d0";
# nord9 = mkLiteral "#81a1c1";
# nord10 = mkLiteral "#5e81ac";
# nord11 = mkLiteral "#bf616a";
# nord12 = mkLiteral "#d08770";
# nord13 = mkLiteral "#ebcb8b";
# nord14 = mkLiteral "#a3be8c";
# nord15 = mkLiteral "#b48ead";
# spacing = 2;
# background-color = mkLiteral "var(nord1)";
# background = mkLiteral "var(nord1)";
# foreground = mkLiteral "var(nord4)";
# normal-background = mkLiteral "var(background)";
# normal-foreground = mkLiteral "var(foreground)";
# alternate-normal-background = mkLiteral "var(background)";
# alternate-normal-foreground = mkLiteral "var(foreground)";
# selected-normal-background = mkLiteral "var(nord8)";
# selected-normal-foreground = mkLiteral "var(background)";
# active-background = mkLiteral "var(background)";
# active-foreground = mkLiteral "var(nord10)";
# alternate-active-background = mkLiteral "var(background)";
# alternate-active-foreground = mkLiteral "var(nord10)";
# selected-active-background = mkLiteral "var(nord10)";
# selected-active-foreground = mkLiteral "var(background)";
# urgent-background = mkLiteral "var(background)";
# urgent-foreground = mkLiteral "var(nord11)";
# alternate-urgent-background = mkLiteral "var(background)";
# alternate-urgent-foreground = mkLiteral "var(nord11)";
# selected-urgent-background = mkLiteral "var(nord11)";
# selected-urgent-foreground = mkLiteral "var(background)";
# };
#
# element = {
# padding = mkLiteral "0px 0px 0px 7px";
# spacing = mkLiteral "5px";
# border = 0;
# cursor = mkLiteral "pointer";
# };
# "element normal.normal" = {
# background-color = mkLiteral "var(normal-background)";
# text-color = mkLiteral "var(normal-foreground)";
# };
# "element normal.urgent" = {
# background-color = mkLiteral "var(urgent-background)";
# text-color = mkLiteral "var(urgent-foreground)";
# };
# "element normal.active" = {
# background-color = mkLiteral "var(active-background)";
# text-color = mkLiteral "var(active-foreground)";
# };
# "element selected.normal" = {
# background-color = mkLiteral "var(selected-normal-background)";
# text-color = mkLiteral "var(selected-normal-foreground)";
# };
# "element selected.urgent" = {
# background-color = mkLiteral "var(selected-urgent-background)";
# text-color = mkLiteral "var(selected-urgent-foreground)";
# };
# "element selected.active" = {
# background-color = mkLiteral "var(selected-active-background)";
# text-color = mkLiteral "var(selected-active-foreground)";
# };
# "element alternate.normal" = {
# background-color = mkLiteral "var(alternate-normal-background)";
# text-color = mkLiteral "var(alternate-normal-foreground)";
# };
# "element alternate.urgent" = {
# background-color = mkLiteral "var(alternate-urgent-background)";
# text-color = mkLiteral "var(alternate-urgent-foreground)";
# };
# "element alternate.active" = {
# background-color = mkLiteral "var(alternate-active-background)";
# text-color = mkLiteral "var(alternate-active-foreground)";
# };
# "element-text" = {
# background-color = mkLiteral "rgba(0, 0, 0, 0%)";
# text-color = mkLiteral "inherit";
# highlight = mkLiteral "inherit";
# cursor = mkLiteral "inherit";
# };
# "element-icon" = {
# background-color = mkLiteral "rgba(0, 0, 0, 0%)";
# size = mkLiteral "1.0000em";
# text-color = mkLiteral "inherit";
# cursor = mkLiteral "inherit";
# };
# window = {
# padding = 0;
# border = 0;
# background-color = mkLiteral "var(background)";
# };
# mainbox = {
# padding = 0;
# border = 0;
# };
# message = {
# margin = mkLiteral "0px 7px";
# };
# textbox = {
# text-color = mkLiteral "var(foreground)";
# };
# listview = {
# margin = mkLiteral "0px 0px 5px";
# scrollbar = true;
# spacing = mkLiteral "2px";
# fixed-height = 0;
# };
# scrollbar = {
# padding = 0;
# handle-width = mkLiteral "14px";
# border = 0;
# handle-color = mkLiteral "var(nord3)";
# };
# button = {
# spacing = 0;
# text-color = mkLiteral "var(normal-foreground)";
# cursor = mkLiteral "pointer";
# };
# "button selected" = {
# background-color = mkLiteral "var(selected-normal-background)";
# text-color = mkLiteral "var(selected-normal-foreground)";
# };
# inputbar = {
# padding = mkLiteral "7px";
# margin = mkLiteral "7px";
# spacing = 0;
# text-color = mkLiteral "var(normal-foreground)";
# background-color = mkLiteral "var(nord3)";
# children = [ "entry" ];
# };
# entry = {
# spacing = 0;
# cursor = mkLiteral "text";
# text-color = mkLiteral "var(normal-foreground)";
# background-color = mkLiteral "var(nord3)";
# };
#};
}

144
src/user/modules/gui/wm/i3/default.nix
View file

@ -1,144 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.user.gui.wm.sway;
modifier = config.wayland.windowManager.sway.config.modifier;
wallpaper = builtins.fetchurl {
url = "https://images6.alphacoders.com/117/1174033.png";
sha256 = "1ph5m9s57076jx6042iipqx2ifzadmd5z4lf5l49wgq4jb92mp16";
};
barStatus = pkgs.writeShellScript "status.sh" ''
#!/usr/bin/env bash
while :; do
echo "$(ip -4 addr show eno1 | awk '/inet / {print $2}' | cut -d'/' -f1) | $(free -h | awk '/^Mem/ {print $3}') | $(date +'%I:%M:%S %p') | $(date +'%m-%d-%Y')"; sleep 1;
done
'';
in
{ options.modules.user.gui.wm.i3 = { enable = mkEnableOption "Enable i3 WM"; };
config = mkIf cfg.enable {
xsession = {
enable = true;
windowManager.i3 = {
config = {
defaultWorkspace = "workspace number 1";
fonts = {
names = [ "Terminus" ];
};
modifier = "Mod1";
menu = "rofi -show drun -show-icons -drun-icon-theme Qogir -font 'Noto Sans 14'";
terminal = "${pkgs.alacritty}/bin/alacritty";
bars = [
{
position = "top";
statusCommand = "${barStatus}";
fonts = {
names = [ "Terminus" ];
size = 12.0;
};
colors = {
background = "#0A0E14";
statusline = "#FFFFFF";
};
}
];
gaps = {
smartGaps = false;
inner = 10;
};
floating = {
titlebar = false;
border = 0;
criteria = [
{
title = "Android Emulator";
}
];
};
window = {
titlebar = false;
border= 0;
};
keybindings = lib.mkOptionDefault {
"${modifier}+q" = "kill";
"Print" = "exec grim ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png";
"${modifier}+Shift+Print" = "exec grim -g \"$(slurp)\" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png";
"${modifier}+Print" = ''exec sh -c 'grim -g "$(swaymsg -t get_tree | jq -j '"'"'.. | select(.type?) | select(.focused).rect | "\(.x),\(.y) \(.width)x\(.height)"'"'"')" ~/Pictures/screenshot-$(date +'%Y%m%d-%H%M%S').png' '';
"${modifier}+Shift+f" = "exec alacritty -e sh -c 'EDITOR=nvim ranger'";
"${modifier}+Shift+d" = "exec rofi -modi emoji -show emoji";
};
};
extraConfig = ''
exec_always ${pkgs.autotiling}/bin/autotiling -sr "1.61"
'';
};
};
programs.rofi = import ./config/rofi { inherit pkgs config lib; };
home.file.".config/rofi" = {
source = ./config/rofi/config;
recursive = true;
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
config.common.default = "*";
};
};
gtk = {
enable = true;
theme.package = pkgs.juno-theme;
theme.name = "Juno-ocean";
iconTheme.package = pkgs.qogir-icon-theme;
iconTheme.name = "Qogir";
};
qt = {
enable = true;
style.package = pkgs.juno-theme;
platformTheme.name = "gtk";
};
home.packages = with pkgs; [
pavucontrol
xdg-utils
wl-clipboard
autotiling
grim
jq
slurp
ranger
highlight
nerd-fonts.terminess-ttf
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
];
programs = {
imv.enable = true;
};
fonts.fontconfig.enable = true;
};
}

32
src/user/modules/gui/wm/shared/mimeapps/default.nix
View file

@ -1,32 +0,0 @@
{ pkgs, lib, config, ... }:
let
browser = config.programs;
fileTypes = [
"text/html" "application/pdf" "application/xml"
"image/png" "image/svg+xml" "image/jpg"
"image/jpeg" "image/gif" "image/webp"
"image/avif" "image/bmp" "image/tiff"
];
defaultBrowser = if browser.firefox.enable then
"firefox.desktop"
else if browser.brave.enable then
"brave-browser.desktop"
else if browser.chromium.enable then
"chromium.desktop"
else null;
in
{
xdg.mimeApps = lib.optionalAttrs (defaultBrowser != null && config.xdg.portal.enable) {
enable = true;
defaultApplications = builtins.listToAttrs (
map (type: {
name = type;
value = [ defaultBrowser ];
}) fileTypes
);
};
}

Some files were not shown because too many files have changed in this diff Show more