nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reformat repository with Alejandra

Browse Source
This commit is contained in:
NullBite 2025-02-25 16:53:02 -05:00
parent b8f5793ac0
commit 783055b885
Signed by: nullbite
GPG Key ID: 6C4D545385D4925A
113 changed files with 2348 additions and 1841 deletions

16
default.nix

@ -1,13 +1,15 @@
(import
(
import
(
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.flake-compat;
in
fetchTarball {
url = lock.nodes.${nodeName}.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
sha256 = lock.nodes.${nodeName}.locked.narHash;
}
fetchTarball {
url = lock.nodes.${nodeName}.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
sha256 = lock.nodes.${nodeName}.locked.narHash;
}
)
{ src = ./.; }
).defaultNix
{src = ./.;}
)
.defaultNix

2
flake/home.nix

@ -1 +1 @@
{ ... }: { }
{...}: {}

2
flake/packages.nix

@ -1,2 +1,2 @@
{ ... }: {
{...}: {
}

3
home/common/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./wm
./nodm.nix

11
home/common/nix.nix

@ -1,5 +1,12 @@
{ pkgs, lib, config, osConfig ? { }, options, nixpkgs, ... }:
let
{
pkgs,
lib,
config,
osConfig ? {},
options,
nixpkgs,
...
}: let
cfg = config.nixfiles.common.nix;
standalone = !(osConfig ? home-manager);
in {

43
home/common/nodm.nix

@ -1,28 +1,35 @@
{ lib, pkgs, config, osConfig ? {}, options, ... }:
let
cfg = config.nixfiles.common.nodm;
in
{
lib,
pkgs,
config,
osConfig ? {},
options,
...
}: let
cfg = config.nixfiles.common.nodm;
in {
config = let
hyprland="${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty="${pkgs.coreutils}/bin/tty";
initCommands =
''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
hyprland = "${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty = "${pkgs.coreutils}/bin/tty";
initCommands = ''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in
lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
options.nixfiles.common.nodm = {
enable = lib.mkOption {
type = lib.types.bool;
description = "Whether to automatically start a desktop session on TTY1, behaving like a rudimentary display manager.";
default = osConfig ? systemd
default =
osConfig
? systemd
&& config.nixfiles.meta.graphical
&& (!(
(osConfig.systemd.services.display-manager.enable or false)

32
home/common/shell.nix

@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf mkDefault;
cfg = config.nixfiles.common.shell;
@ -8,12 +12,13 @@ let
history | sed 's:^ \+[0-9]\+ \+::' | grep '^,' | cut -d' ' -f2- | sed 's:^\(-[^ ]\+ \?\)\+::g' | grep . | cut -d' ' -f1 | sort | uniq -c | sort -g
}
'';
in
{
in {
options.nixfiles.common.shell = {
enable = lib.mkEnableOption "" // {
description = "Whether to enable the nixfiles shell configuration.";
};
enable =
lib.mkEnableOption ""
// {
description = "Whether to enable the nixfiles shell configuration.";
};
};
config = mkIf cfg.enable {
@ -43,11 +48,13 @@ in
};
programs.zsh = {
enable = mkDefault true;
initExtra = ''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
'' + common_functions "zsh";
initExtra =
''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
''
+ common_functions "zsh";
oh-my-zsh = {
enable = mkDefault true;
theme = "robbyrussell";
@ -59,6 +66,5 @@ in
];
};
};
};
}

68
home/common/theme.nix

@ -1,35 +1,51 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.theming;
mkDefaultStylix = lib.mkOverride 999;
toCaps = s: with lib.strings; with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s)-1) s);
toCaps = s:
with lib.strings;
with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s) - 1) s);
inherit (lib.strings) toUpper toLower;
mkCtp = flavor: accent: with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
mkCtp = flavor: accent:
with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override {
variant = toLower flavor;
accent = toLower accent;
};
icons = catppuccin-papirus-folders.override {
flavor = toLower flavor;
accent = toLower accent;
};
gtk = catppuccin-gtk.override {
variant = toLower flavor;
accents = [(toLower accent)];
};
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override { variant = toLower flavor; accent = toLower accent; };
icons = catppuccin-papirus-folders.override { flavor = toLower flavor; accent = toLower accent; };
gtk = catppuccin-gtk.override { variant = toLower flavor; accents = [ (toLower accent) ]; };
};
};
ctp = with cfg.catppuccin; mkCtp flavor accent;
in {
options.nixfiles.theming = {
options.nixfiles.theming = {
enable = lib.mkEnableOption "nixfiles theming options";
catppuccin = {
@ -54,9 +70,11 @@ in {
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = with pkgs; [
ubuntu_font_family
] ++ lib.mapAttrsToList (k: v: v) ctp.packages;
home.packages = with pkgs;
[
ubuntu_font_family
]
++ lib.mapAttrsToList (k: v: v) ctp.packages;
gtk = {
enable = true;

45
home/common/wm/default.nix

@ -1,17 +1,22 @@
{ pkgs, lib, config, osConfig ? {}, options, ...}:
let
{
pkgs,
lib,
config,
osConfig ? {},
options,
...
}: let
cfg = config.nixfiles.common.wm;
inherit (lib) mkDefault;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in
{
in {
options.nixfiles.common.wm = {
enable = lib.mkEnableOption "common window manager config";
autostart = lib.mkOption {
description = "List of window manager agnostic commnads to run at window manager startup";
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam -silent" ];
default = [];
example = ["steam -silent"];
};
};
@ -51,8 +56,14 @@ in
nwg-displays
# very consistent (ok it's actually a little better now)
(catppuccin-papirus-folders.override {accent = "mauve"; flavor = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "mauve"; variant = "mocha"; })
(catppuccin-papirus-folders.override {
accent = "mauve";
flavor = "mocha";
})
(pkgs.catppuccin-kvantum.override {
accent = "mauve";
variant = "mocha";
})
catppuccin-cursors.mochaMauve
arc-theme
@ -73,19 +84,19 @@ in
};
};
# File associations
xdg.mimeApps = {
enable = true;
defaultApplications = let
defaultBrowser = [ "firefox.desktop" ];
in mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
defaultBrowser = ["firefox.desktop"];
in
mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
};
# this makes xdg.mimeApps overwrite mimeapps.list if it has been touched by something else
xdg.configFile."mimeapps.list" = {

14
home/common/wm/keybinds.nix

@ -1,12 +1,16 @@
{ pkgs, config, lib, outputs, ... }:
let
{
pkgs,
config,
lib,
outputs,
...
}: let
df = lib.mkDefault;
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) (value));
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) value);
# not rewriting this rn
keysetting = "${outputs.packages.${pkgs.system}.wm-helpers}/bin/keysetting";
in
{
in {
options.nixfiles.common.wm = {
keybinds = lib.mkOption {
description = ''

22
home/default.nix

@ -1,10 +1,18 @@
{ pkgs, config, lib, options, osConfig ? { }, nixpkgs, home-manager, inputs, ... }@args:
let
{
pkgs,
config,
lib,
options,
osConfig ? {},
nixpkgs,
home-manager,
inputs,
...
} @ args: let
isStandalone = osConfig ? home-manager;
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in
{
in {
imports = [
./common
./package-sets
@ -25,7 +33,7 @@ in
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) { inherit pkgs; };
default = (import ../lib/nixfiles) {inherit pkgs;};
readOnly = true;
};
@ -53,13 +61,13 @@ in
meta.graphical = lib.mkOption {
description = "Whether to enable graphical home-manager applications";
type = lib.types.bool;
default = (osConfig ? services && osConfig.services.xserver.enable);
default = osConfig ? services && osConfig.services.xserver.enable;
example = true;
};
meta.wayland = lib.mkOption {
description = "Whether to prefer wayland packages and configuration";
type = lib.types.bool;
default = (lib.hasAttrByPath [ "nixfiles" "meta" "wayland" ] osConfig) && osConfig.nixfiles.meta.wayland;
default = (lib.hasAttrByPath ["nixfiles" "meta" "wayland"] osConfig) && osConfig.nixfiles.meta.wayland;
example = true;
};

64
home/package-sets/communication.nix

@ -1,10 +1,16 @@
{ pkgs, lib, config, osConfig ? {}, inputs, ... }:
let
{
pkgs,
lib,
config,
osConfig ? {},
inputs,
...
}: let
cfg = config.nixfiles.packageSets.communication;
rustdesk-pkg = if (lib.strings.hasInfix "23.11" lib.version) then
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.rustdesk-flutter
else
pkgs.rustdesk-flutter;
rustdesk-pkg =
if (lib.strings.hasInfix "23.11" lib.version)
then inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.rustdesk-flutter
else pkgs.rustdesk-flutter;
vesktop-ozone-cmd = let
extraFlags = lib.optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
@ -17,23 +23,21 @@ let
done
exec "$@"
'';
in
{
in {
options.nixfiles.packageSets.communication = {
enable = lib.mkEnableOption "communication package set";
};
config = lib.mkIf cfg.enable {
xdg.desktopEntries.vesktop = lib.mkIf config.nixfiles.meta.graphical {
categories= ["Network" "InstantMessaging" "Chat"];
exec=vesktop-ozone-cmd + " %U";
genericName="Internet Messenger";
icon="vesktop";
name="Vesktop";
type="Application";
categories = ["Network" "InstantMessaging" "Chat"];
exec = vesktop-ozone-cmd + " %U";
genericName = "Internet Messenger";
icon = "vesktop";
name = "Vesktop";
type = "Application";
settings = {
StartupWMClass="Vesktop";
Keywords="discord;vencord;electron;chat";
StartupWMClass = "Vesktop";
Keywords = "discord;vencord;electron;chat";
};
};
@ -41,17 +45,19 @@ in
(waitNet + " " + vesktop-ozone-cmd + " --start-minimized")
];
home.packages = with pkgs; lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-pkg
tor-browser
onionshare
] ++ [
irssi
];
home.packages = with pkgs;
lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-pkg
tor-browser
onionshare
]
++ [
irssi
];
};
}

3
home/package-sets/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./communication.nix
./dev.nix

12
home/package-sets/dev.nix

@ -1,8 +1,12 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
let
cfg = config.nixfiles.packageSets.dev;
in
{
pkgs,
lib,
config,
osConfig ? {},
...
}: let
cfg = config.nixfiles.packageSets.dev;
in {
options.nixfiles.packageSets.dev = {
enable = lib.mkEnableOption "development package set";
};

70
home/package-sets/multimedia.nix

@ -1,11 +1,15 @@
{ config, lib, pkgs, osConfig ? { }, ...}:
let
{
config,
lib,
pkgs,
osConfig ? {},
...
}: let
cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optionals mkEnableOption mkIf;
default = osConfig ? nixfiles && osConfig.nixfiles.packageSets.multimedia.enable;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in
{
in {
options.nixfiles.packageSets.multimedia = {
enable = lib.mkOption {
description = "Whether to enable multimedia packages";
@ -16,41 +20,43 @@ in
};
config = mkIf cfg.enable {
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
] ++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
]
++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
xdg.mimeApps.defaultApplications = lib.mkMerge [
# project files
(mkOverrideEach 100 {
"image/x-xcf" = [ "gimp.desktop" ];
"image/x-compressed-xcf" = [ "gimp.desktop" ];
"image/x-krita" = [ "krita.desktop" ];
"application/x-audacity-project" = [ "audacity.desktop" ];
"application/x-audacity-project+sqlite3" = [ "audacity.desktop" ];
"image/svg+xml" = [ "org.inkscape.Inkscape.desktop" ];
"image/svg+xml-compressed" = [ "org.inkscape.Inkscape.desktop" ];
"image/x-xcf" = ["gimp.desktop"];
"image/x-compressed-xcf" = ["gimp.desktop"];
"image/x-krita" = ["krita.desktop"];
"application/x-audacity-project" = ["audacity.desktop"];
"application/x-audacity-project+sqlite3" = ["audacity.desktop"];
"image/svg+xml" = ["org.inkscape.Inkscape.desktop"];
"image/svg+xml-compressed" = ["org.inkscape.Inkscape.desktop"];
})
# general files
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [ nomacs mpv ]))
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [nomacs mpv]))
# rest of the files
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [ inkscape gimp audacity ]))
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [inkscape gimp audacity]))
];
};
}

53
home/package-sets/productivity.nix

@ -1,33 +1,38 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
cfg = config.nixfiles.packageSets.productivity;
inherit (lib) optionals;
in
{
in {
config = lib.mkIf cfg.enable {
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
# mapping/GIS
qgis
josm
] ++ [
pandoc
];
# mapping/GIS
qgis
josm
]
++ [
pandoc
];
xdg.desktopEntries.obsidian = lib.mkIf config.nixfiles.meta.graphical {
categories = [ "Office" ];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = [ "x-scheme-handler/obsidian" ];
name = "Obsidian";
type = "Application";
categories = ["Office"];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = ["x-scheme-handler/obsidian"];
name = "Obsidian";
type = "Application";
};
};

173
home/profile/base.nix

@ -1,8 +1,12 @@
{ lib, pkgs, config, osConfig ? { }, ... }:
let
cfg = config.nixfiles.profile.base;
in
{
lib,
pkgs,
config,
osConfig ? {},
...
}: let
cfg = config.nixfiles.profile.base;
in {
# imports = [
# ./comma.nix
# ];
@ -31,7 +35,8 @@ in
"${config.home.profileDirectory}/share/terminfo"
"/usr/share/terminfo"
];
in builtins.concatStringsSep ":" terminfo-dirs;
in
builtins.concatStringsSep ":" terminfo-dirs;
})
];
@ -47,8 +52,9 @@ in
# presense of ~/.gitconfig. git will read from both files, and `git config`
# will not write to ~/.gitconfig when the managed config exists unless
# ~/.gitconfig also exists
home.activation.git-create-gitconfig = lib.mkIf config.programs.git.enable
(lib.hm.dag.entryAfter [ "writeBoundary" ] ''
home.activation.git-create-gitconfig =
lib.mkIf config.programs.git.enable
(lib.hm.dag.entryAfter ["writeBoundary"] ''
_nixfiles_git_create_gitconfig () {
if ! [[ -a "$HOME/.gitconfig" ]] ; then
touch "$HOME/.gitconfig"
@ -64,16 +70,18 @@ in
# defaultTerminal =
# if config.programs.kitty.enable then "kitty"
# else null;
in {
enable = lib.mkDefault true;
settings = lib.mkMerge [{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
} (lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})];
settings = lib.mkMerge [
{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
}
(lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})
];
};
programs.keychain = {
@ -83,7 +91,8 @@ in
extraFlags = [
"--quiet"
"--systemd"
"--inherit" "any-once"
"--inherit"
"any-once"
"--noask"
];
};
@ -100,77 +109,79 @@ in
neofetch-hyfetch-shim = writeShellScriptBin "neofetch" ''
exec "${pkgs.hyfetch}/bin/neowofetch" "$@"
'';
in [
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
in
[
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
git
git-lfs
stow
curl
git
git-lfs
stow
curl
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# for icat on all systems
kitty.kitten
# for icat on all systems
kitty.kitten
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# files
restic
rclone
rmlint
ncdu
# files
restic
rclone
rmlint
ncdu
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
] ++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
]
++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
};
}

3
home/profile/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./base.nix
./pc.nix

12
home/profile/pc.nix

@ -1,9 +1,13 @@
{ pkgs, config, osConfig ? {}, lib, ...}:
let
{
pkgs,
config,
osConfig ? {},
lib,
...
}: let
cfg = config.nixfiles.profile.pc;
default = osConfig ? nixfiles && osConfig.nixfiles.profile.pc.enable;
in
{
in {
options.nixfiles.profile.pc.enable = lib.mkOption {
description = "Whether to enable the personal computer profile";
type = lib.types.bool;

19
home/programs/comma.nix

@ -1,8 +1,12 @@
{ lib, pkgs, config, inputs, ... } @args:
let
cfg = config.nixfiles.programs.comma;
in
{
lib,
pkgs,
config,
inputs,
...
} @ args: let
cfg = config.nixfiles.programs.comma;
in {
imports = [
inputs.nix-index-database.hmModules.nix-index
];
@ -13,8 +17,9 @@ in
config = {
programs.nix-index.symlinkToCacheHome = lib.mkDefault cfg.enable;
home.packages = with pkgs; lib.optionals cfg.enable [
comma
];
home.packages = with pkgs;
lib.optionals cfg.enable [
comma
];
};
}

3
home/programs/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./comma.nix
./mopidy.nix

8
home/programs/dunst.nix

@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.dunst;
mkd = lib.mkDefault;
in {

29
home/programs/hypridle.nix

@ -1,21 +1,25 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
cfg = config.nixfiles.services.hypridle;
inherit (lib.types) str int;
in
{
in {
options.nixfiles.services.hypridle = {
enable = lib.mkEnableOption "the hypridle configuration";
timeouts = let
mkTimeout = timeout: desc: lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
mkTimeout = timeout: desc:
lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
in {
dpms = mkTimeout (300) "DPMS timeout";
lock = mkTimeout (360) "Lock timeout";
locked-dpms = mkTimeout (10) "DPMS timeout while locked";
dpms = mkTimeout 300 "DPMS timeout";
lock = mkTimeout 360 "Lock timeout";
locked-dpms = mkTimeout 10 "DPMS timeout while locked";
};
commands = {
dpms-off = lib.mkOption {
@ -57,7 +61,6 @@ in
lock-dpms = pkgs.writeShellScript "lock-dpms" ''
${pkgs.procps}/bin/pgrep -x swaylock > /dev/null && "${dpms-wrapped}"
'';
in [
{
timeout = cfg.timeouts.dpms;

15
home/programs/mopidy.nix

@ -1,8 +1,13 @@
{ lib, pkgs, config, outputs, osConfig ? {}, ... }:
let
cfg = config.nixfiles.programs.mopidy;
in
{
lib,
pkgs,
config,
outputs,
osConfig ? {},
...
}: let
cfg = config.nixfiles.programs.mopidy;
in {
options.nixfiles.programs.mopidy = {
enable = lib.mkEnableOption "mopidy configuration";
};
@ -38,7 +43,7 @@ in
];
};
home.packages = with pkgs; [
(ncmpcpp.override { visualizerSupport = true; })
(ncmpcpp.override {visualizerSupport = true;})
];
};
}

11
home/programs/neovim.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.programs.neovim;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.neovim;
in {
options.nixfiles.programs.neovim.enable = lib.mkEnableOption "the Neovim configuration";
config = lib.mkIf cfg.enable {
programs.neovim = {

8
home/root.nix

@ -1,8 +1,12 @@
# Configuration for root user.
# TODO this file is sorta an exception to my repo organization, it should
# probably be somewhere else.
{ config, lib, pkgs, ... }@args:
{
{
config,
lib,
pkgs,
...
} @ args: {
imports = [
./.
];

3
home/sessions/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./hyprland
./plasma.nix

231
home/sessions/hyprland/default.nix

@ -1,5 +1,12 @@
{ lib, pkgs, config, osConfig ? {}, outputs, inputs, ... }@args:
let
{
lib,
pkgs,
config,
osConfig ? {},
outputs,
inputs,
...
} @ args: let
cfg = config.nixfiles.sessions.hyprland;
mkd = lib.mkDefault;
hyprland-pkg = config.wayland.windowManager.hyprland.finalPackage;
@ -24,13 +31,15 @@ let
lock-cmd = "${swaylock}";
mkKittyHdrop = name: command: let
class = if builtins.isNull (builtins.match "[[:alnum:]_]+" name) then throw "mkKittyHdrop: window name should be an alphanumeric string" else "kitty-${name}";
class =
if builtins.isNull (builtins.match "[[:alnum:]_]+" name)
then throw "mkKittyHdrop: window name should be an alphanumeric string"
else "kitty-${name}";
wrappedCommand = pkgs.writeShellScript "hdrop-${name}" ''
exec bash -c ${lib.escapeShellArg command}
'';
in "hdrop -f -c ${class} 'kitty --class=${class} ${wrappedCommand}'";
# lock-cmd = let
# cmd = pkgs.writeShellScript "lock-script" ''
# ${swayidle} -w timeout 10 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on' &
@ -48,7 +57,7 @@ let
resume 'hyprctl dispatch dpms on'
'';
hypr-dispatcher-package = pkgs.callPackage ./dispatcher { hyprland = hyprland-pkg; };
hypr-dispatcher-package = pkgs.callPackage ./dispatcher {hyprland = hyprland-pkg;};
hypr-dispatcher = "${hypr-dispatcher-package}/bin/hypr-dispatcher";
wallpaper-package = "${pkgs.nixfiles-assets}";
@ -56,7 +65,8 @@ let
wallpaper-cmd = "${swaybg} -i ${wallpaper-package}/share/wallpapers/${wallpaper}";
# https://github.com/flatpak/xdg-desktop-portal-gtk/issues/440#issuecomment-1900520919
xdpg-workaround = pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
xdpg-workaround =
pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
''
${pkgs.coreutils}/bin/sleep 3
${pkgs.systemd}/bin/systemctl --user import-environment PATH
@ -65,19 +75,20 @@ let
bar-cmd = "${pkgs.waybar}/bin/waybar";
# Hyprland workspace configuration
mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]);
mainWorkspaces = builtins.genList (x: x + 1) (9 ++ [0]);
workspaceName = key: let
inherit (builtins) hasAttr;
keyNames = {
"0" = "10";
};
in
if hasAttr key keyNames then keyNames."${key}" else key;
if hasAttr key keyNames
then keyNames."${key}"
else key;
inherit (outputs.packages.${pkgs.system}) wm-helpers;
keysetting = "${wm-helpers}/bin/keysetting";
in
{
in {
# FIXME this is temporary just to get it working, need to make wm-common an
# option first
# imports = [
@ -88,7 +99,10 @@ in
enable = lib.mkOption {
description = "Whether to enable hyprland.";
type = lib.types.bool;
default = if (builtins.hasAttr "home-manager" osConfig) then osConfig.nixfiles.sessions.hyprland.enable else false;
default =
if (builtins.hasAttr "home-manager" osConfig)
then osConfig.nixfiles.sessions.hyprland.enable
else false;
example = true;
};
@ -133,7 +147,6 @@ in
enable = true;
package = lib.mkIf (osConfig ? programs) (lib.mkDefault osConfig.programs.hyprland.package);
settings = {
# enable debug logging
debug.disable_logs = mkd false;
@ -150,15 +163,17 @@ in
exec-once = let
wrapScope = cmd: "systemd-run --user --scope -- ${cmd}";
in (lib.optional cfg.autolock lock-cmd) ++ (map wrapScope config.nixfiles.common.wm.autostart) ++
[
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
in
(lib.optional cfg.autolock lock-cmd)
++ (map wrapScope config.nixfiles.common.wm.autostart)
++ [
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
@ -166,14 +181,13 @@ in
# Some default env vars.
# env = mkd "XCURSOR_SIZE,24";
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input = {
kb_layout = mkd "us";
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
kb_options = [
"compose:ralt"
];
@ -240,18 +254,18 @@ in
};
master = {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
};
gestures = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
};
misc = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
};
"$mod" = mkd "SUPER";
@ -263,95 +277,98 @@ in
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = [
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
bind =
[
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
] ++ lib.optional config.nixfiles.programs.mopidy.enable
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
]
++ lib.optional config.nixfiles.programs.mopidy.enable
"$mod CTRL, n, exec, ${mkKittyHdrop "ncmpcpp" "ncmpcpp"}";
# repeat, ignore mods
bindei = lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindei =
lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging

29
home/sessions/hyprland/dispatcher/default.nix

@ -1,19 +1,20 @@
{ lib,
{
lib,
stdenvNoCC,
socat,
coreutils,
hyprland,
makeShellWrapper }:
let
wrappedPath = lib.makeBinPath [ coreutils socat hyprland ];
makeShellWrapper,
}: let
wrappedPath = lib.makeBinPath [coreutils socat hyprland];
in
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeShellWrapper ];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = ["installPhase"];
nativeBuildInputs = [makeShellWrapper];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}

20
home/sessions/plasma.nix

@ -1,9 +1,13 @@
{ pkgs, config, lib, osConfig ? {}, ... }:
let
{
pkgs,
config,
lib,
osConfig ? {},
...
}: let
inherit (lib) mkOption mkEnableOption;
cfg = config.nixfiles.sessions.plasma;
in
{
in {
options.nixfiles.sessions.plasma = {
enable = lib.mkOption {
description = "Whether to enable the Plasma session home configuration.";
@ -13,12 +17,12 @@ in
};
};
config = lib.mkIf cfg.enable {
# TODO make this a generic implementation
home.packages = let
startupScript = pkgs.writeShellScript "autostart-script"
startupScript =
pkgs.writeShellScript "autostart-script"
(lib.concatStringsSep "\n"
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
name = "home-manager-autostart";
desktopFilePkg = pkgs.makeDesktopItem {
@ -30,6 +34,6 @@ in
mkdir -p $out/etc/xdg/autostart
ln -s "${desktopFilePkg}/share/applications/${name}.desktop" "$out/etc/xdg/autostart/"
'';
in [ autostartPkg ];
in [autostartPkg];
};
}

7
home/standalone.nix

@ -1,7 +1,12 @@
# Home Manager default nixfiles entrypoint. This serves as an alternative to
# default.nix, which sets up some more appropriate options for home-manager
{ inputs, pkgs, config, lib, ... }:
{
inputs,
pkgs,
config,
lib,
...
}: {
imports = [
./.
inputs.stylix.homeManagerModules.stylix

9
home/stylix.nix

@ -1,6 +1,11 @@
{ pkgs, lib, config, inputs, ... }@args:
{
imports = [ ];
pkgs,
lib,
config,
inputs,
...
} @ args: {
imports = [];
config = {
stylix = lib.mkMerge [
{

12
hosts/nixos-wsl/configuration.nix

@ -1,5 +1,10 @@
{ pkgs, config, lib, vars, ... }:
{
pkgs,
config,
lib,
vars,
...
}: {
config = {
networking.hostName = "nixos-wsl";
@ -26,7 +31,7 @@
RemainAfterExit = true;
};
description = "WSL startup workaround";
wantedBy = [ "default.target" ];
wantedBy = ["default.target"];
};
};
@ -42,10 +47,9 @@
noto-fonts-cjk-sans
];
fileSystems."/mnt/wsl/instances/NixOS" = {
device = "/";
options = [ "bind" ];
options = ["bind"];
};
# standard disclaimer don't change this for any reason whatsoever

9
hosts/nixos-wsl/home.nix

@ -1,7 +1,12 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
{
pkgs,
lib,
config,
osConfig ? {},
...
}: {
config = {
nixfiles = {
nixfiles = {
profile.base.enable = true;
packageSets.dev.enable = true;
packageSets.multimedia.enable = true;

17
hosts/nullbox/backup.nix

@ -1,20 +1,22 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) escapeShellArg;
secret = name: config.age.secrets."${name}".path;
fs = config.fileSystems."/srv/mcserver";
in
{
in {
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
systemd.services.restic-backups-system = {
path = with pkgs; [ btrfs-progs ];
path = with pkgs; [btrfs-progs];
};
services.restic.backups.system = {
# create an atomic backup
backupPrepareCommand = ''
set -Eeuxo pipefail
@ -47,7 +49,6 @@ in
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

50
hosts/nullbox/configuration.nix

@ -1,51 +1,51 @@
# vim: set ts=2 sw=2 et:
# vim: set ts=2 sw=2 et:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, lib, pkgs, inputs, ... }:
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./impermanence.nix
./impermanence.nix
./backup.nix
];
./backup.nix
];
config = {
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/6AC23F0FC23EDF4F";
options = [ "auto_cache" "nofail" ];
options = ["auto_cache" "nofail"];
};
"/.btrfsroot" = {
options = [ "subvol=/" ];
options = ["subvol=/"];
};
}
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
}))
];
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
system.nixos.tags = ["Hyprland"];
nixfiles = {
session = "hyprland";
};
};
hardware.cpu.intel.updateMicrocode = true;
services.udev.extraRules = ''
@ -62,7 +62,7 @@
workarounds.nvidiaPrimary = true;
programs.greetd = {
settings = {
randr = [ "--output" "HDMI-A-3" "--off" ];
randr = ["--output" "HDMI-A-3" "--off"];
autologin = false;
autologinUser = "nullbite";
autolock = false;
@ -118,7 +118,6 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "nullbox";
# Pick only one of the below networking options.
@ -126,8 +125,7 @@
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
time.timeZone = "America/New_York";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
@ -142,6 +140,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

114
hosts/nullbox/hardware-configuration.nix

@ -1,73 +1,77 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@root" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@root"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/srv/mcserver-old" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver-old" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver-old/.snapshots" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver-old/.snapshots" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver/.snapshots" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver/.snapshots" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

6
hosts/nullbox/home.nix

@ -1,5 +1,9 @@
{ lib, pkgs, osConfig, ... }:
{
lib,
pkgs,
osConfig,
...
}: {
imports = [
];

59
hosts/nullbox/impermanence.nix

@ -1,11 +1,16 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
inherit (lib) escapeShellArg;
# (wip) more configurable than old one, will be used by volatile btrfs module
mkBtrfsInit = { volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume }:
''
mkBtrfsInit = {
volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume,
}: ''
mkdir -p /btrfs_tmp
mount ${escapeShellArg volume} /btrfs_tmp -o subvol=/
@ -34,7 +39,7 @@ in {
neededForBoot = true;
device = root_vol;
fsType = "btrfs";
options = [ "subvol=/nixos/@persist" ];
options = ["subvol=/nixos/@persist"];
};
# TODO volatile btrfs module
@ -47,7 +52,7 @@ in {
fileSystems."/" = lib.mkForce {
device = root_vol;
fsType = "btrfs";
options = [ "subvol=/nixos/volatile" ];
options = ["subvol=/nixos/volatile"];
};
# agenix fix
@ -74,15 +79,24 @@ in {
# probably NEVER be excluded removed.
"/var/lib/nixos/"
# password files for user.user.<name>.hashedPasswordFile
{ directory = "/etc/passfile"; mode = "0700"; }
{
directory = "/etc/passfile";
mode = "0700";
}
# persistent non-declarative config
"/etc/nixos"
"/etc/ssh"
{ directory = "/etc/wireguard"; mode = "0700"; }
{
directory = "/etc/wireguard";
mode = "0700";
}
# let's keep the root home dir as well
{ directory = "/root"; mode = "0700"; }
{
directory = "/root";
mode = "0700";
}
# system state
"/etc/NetworkManager/system-connections"
@ -93,14 +107,29 @@ in {
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timesync"
{ directory = "/var/lib/tailscale"; mode = "0700"; }
{
directory = "/var/lib/tailscale";
mode = "0700";
}
"/var/lib/unbound"
"/var/db/sudo/lectured"
# remember login stuff
{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; }
{ directory = "/var/cache/regreet"; user = "greeter"; group = "greeter"; }
{ directory = "/var/lib/regreet"; user = "greeter"; group = "greeter"; }
{
directory = "/var/cache/tuigreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/cache/regreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/lib/regreet";
user = "greeter";
group = "greeter";
}
];
files = [

13
hosts/nullbox/luks.nix

@ -1,8 +1,11 @@
{ pkgs, config, lib, ... }:
let
usb = "903D-DF5B";
in
{
pkgs,
config,
lib,
...
}: let
usb = "903D-DF5B";
in {
config = {
# cryptsetup
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage"];
@ -16,7 +19,7 @@ in
mount -n -t vfat -o ro `findfs UUID=${usb}` /key
'';
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
device = "/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
keyFile = "/key/image.png"; # yes it's literally an image file. bite me
allowDiscards = true;
fallbackToPassword = true;

43
hosts/nullbox/mcserver.nix

@ -1,18 +1,21 @@
{ pkgs, lib, config, ... }:
let
cfg = config.services.minecraft-servers;
in
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.minecraft-servers;
in {
config = {
fileSystems = {
"/srv/mcserver".options = [ "compress=zstd" "nofail" ];
"/srv/mcserver/.snapshots".options = [ "compress=zstd" "nofail" ];
"/srv/mcserver".options = ["compress=zstd" "nofail"];
"/srv/mcserver/.snapshots".options = ["compress=zstd" "nofail"];
};
networking.firewall.trustedInterfaces = [ "wg0" ];
networking.firewall.trustedInterfaces = ["wg0"];
users = {
users = {
nullbite.extraGroups = [ "minecraft" ];
nullbite.extraGroups = ["minecraft"];
};
};
@ -45,18 +48,19 @@ in
nulllite-staging = let
commit = "b8c639a";
packHash = "sha256-HTDVIkcBf0DyLbSCuU08/HnEQuesi3cmXXhB4y4lyko=";
in pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in
pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in {
nulllite-staging = {
useRecommendedDefaults = true;
enable = true;
autoStart = false;
modpack = nulllite-staging;
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" ];
modpackSymlinks = ["mods"];
modpackFiles = ["config/"];
serverProperties.server-port = 25574;
serverProperties.motd = "staging server";
};
@ -65,8 +69,8 @@ in
enable = true;
autoStart = true;
modpack = pkgs.modpacks.notlite;
modpackSymlinks = [ "config/yosbr" "config/quilt-loader-overrides.json" "mods" ];
modpackFiles = [ "kubejs/" ];
modpackSymlinks = ["config/yosbr" "config/quilt-loader-overrides.json" "mods"];
modpackFiles = ["kubejs/"];
serverProperties = {
motd = "owo what's this (nix notlite edition)";
server-port = 25567;
@ -76,11 +80,10 @@ in
level-seed = "8555431723250870652";
level-type = "bclib:normal";
};
};
minecraft-nixtest = let
self = cfg.servers.minecraft-nixtest;
package = pkgs.quiltServers.quilt-1_20_1.override { loaderVersion = "0.21.0"; };
package = pkgs.quiltServers.quilt-1_20_1.override {loaderVersion = "0.21.0";};
in {
useRecommendedDefaults = true;
enable = false;
@ -92,8 +95,8 @@ in
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
};
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" "kubejs/" ];
modpackSymlinks = ["mods"];
modpackFiles = ["config/" "kubejs/"];
serverProperties = rec {
motd = "owo what's this (nix edition)";
server-port = 25568;

6
hosts/nullbox/unbound.nix

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
config = {
networking.networkmanager.dns = "none";
services.unbound.enable = true;

398
hosts/rpi4/authelia.nix

@ -3,10 +3,10 @@
lib,
pkgs,
...
}:
let
}: let
inherit (lib) types mkIf optionalString;
inherit (builtins)
inherit
(builtins)
isNull
any
all
@ -20,22 +20,18 @@ let
"regular"
"basic"
];
getUpstreamFromInstance =
instance:
let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
getUpstreamFromInstance = instance: let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
targetHost =
if host == "0.0.0.0" then
"127.0.0.1"
else if lib.hasInfix ":" host then
throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else
host;
in
"http://${targetHost}:${toString port}";
targetHost =
if host == "0.0.0.0"
then "127.0.0.1"
else if lib.hasInfix ":" host
then throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else host;
in "http://${targetHost}:${toString port}";
# use this when reverse proxying to authelia (and only authelia because i
# like the nixos recommended proxy settings better)
@ -116,212 +112,204 @@ let
proxy_set_header X-Forwarded-URI $request_uri;
'';
genAuthConfig =
method:
let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
genAuthConfig = method: let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
in
''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
genAuthConfigPkg =
method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in
{
in ''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
genAuthConfigPkg = method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in {
# authelia
options.services.nginx =
let
mkAttrsOfSubmoduleOpt = module: lib.mkOption { type = with types; attrsOf (submodule module); };
options.services.nginx = let
mkAttrsOfSubmoduleOpt = module: lib.mkOption {type = with types; attrsOf (submodule module);};
# make system config accessible from submodules
systemConfig = config;
# make system config accessible from submodules
systemConfig = config;
# submodule definitions
vhostModule =
{ name, config, ... }@attrs:
{
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
example = "basic";
};
# submodule definitions
vhostModule = {
name,
config,
...
} @ attrs: {
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations =
let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
};
genLocationModule =
vhostAttrs:
{ name, config, ... }:
let
vhostConfig = vhostAttrs.config;
in
{
options.authelia.method = lib.mkOption {
instance = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
default = "regular";
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations = let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
include ${autheliaLocationConfig};
'';
};
};
in
{
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
};
genLocationModule = vhostAttrs: {
name,
config,
...
}: let
vhostConfig = vhostAttrs.config;
in {
options.authelia.method = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
in {
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
# TODO check if any vhosts have authelia configured
config =
let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
config = let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
mkIf true {
assertions = [
{

14
hosts/rpi4/backup.nix

@ -1,10 +1,13 @@
{ config, lib, pkgs, ... }:
let
secret = name: config.age.secrets."${name}".path;
in
{
config,
lib,
pkgs,
...
}: let
secret = name: config.age.secrets."${name}".path;
in {
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
services.restic.backups.system = {
rcloneConfigFile = secret "restic-rclone";
@ -38,7 +41,6 @@ in
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

44
hosts/rpi4/configuration.nix

@ -1,19 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
./media-sync.nix
./media-sync.nix
./backup.nix
];
./backup.nix
];
fileSystems = let
mounts = [
@ -24,8 +26,9 @@
"/opt/hassio"
"/opt/hassio/.snapshots"
];
fn = (x: { options = [ "compress=zstd" "commit=300" "noatime" ];});
in lib.genAttrs mounts fn;
fn = x: {options = ["compress=zstd" "commit=300" "noatime"];};
in
lib.genAttrs mounts fn;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
@ -64,7 +67,7 @@
"wg0"
"tailscale0"
];
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.firewall.allowedUDPPorts = [51820];
services.openssh = {
enable = true;
@ -94,9 +97,6 @@
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -124,11 +124,11 @@
# tree
# ];
# };
users.users.nullbite = {
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
};
users.users.nullbite = {
isNormalUser = true;
extraGroups = ["wheel"];
uid = 1000;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -182,6 +182,4 @@
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

51
hosts/rpi4/gitea.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.gitea;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.gitea;
in {
config = {
services.gitea = {
enable = true;
@ -32,19 +35,37 @@ in
DEFAULT_THEME = "catppuccin-mocha-pink";
THEMES = let
ctpAttrs = {
flavor = [ "latte" "frappe" "macchiato" "mocha" ];
accent = [ "rosewater" "flamingo" "pink" "mauve"
"red" "maroon" "peach" "yellow" "green" "teal"
"sky" "sapphire" "blue" ];
flavor = ["latte" "frappe" "macchiato" "mocha"];
accent = [
"rosewater"
"flamingo"
"pink"
"mauve"
"red"
"maroon"
"peach"
"yellow"
"green"
"teal"
"sky"
"sapphire"
"blue"
];
};
ctpThemes = lib.mapCartesianProduct
( { flavor, accent }: "catppuccin-${flavor}-${accent}" )
ctpThemes =
lib.mapCartesianProduct
({
flavor,
accent,
}: "catppuccin-${flavor}-${accent}")
ctpAttrs;
in lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
] ++ ctpThemes);
in
lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
]
++ ctpThemes);
};
};
};

118
hosts/rpi4/hardware-configuration.nix

@ -1,75 +1,78 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/" ];
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/srv/syncthing" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@syncthing" ];
};
fileSystems."/srv/syncthing" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@syncthing"];
};
fileSystems."/srv/media" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@media" ];
};
fileSystems."/srv/media" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@media"];
};
fileSystems."/opt/hassio" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@hassio" ];
};
fileSystems."/opt/hassio" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@hassio"];
};
fileSystems."/opt/hassio/.snapshots" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/snapshots/@hassio" ];
};
fileSystems."/opt/hassio/.snapshots" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/snapshots/@hassio"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -81,4 +84,3 @@
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/rpi4/home.nix

@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
config = {
nixfiles.profile.base.enable = true;
programs.keychain.enable = false;

16
hosts/rpi4/media-sync.nix

@ -1,11 +1,15 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
in {
config = {
nixfiles.programs.syncthing.enable = true;
systemd.timers.gallery-dl = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "13";
@ -13,7 +17,7 @@ in {
};
};
systemd.services.gallery-dl = {
path = with pkgs; [ bash coreutils findutils gallery-dl ];
path = with pkgs; [bash coreutils findutils gallery-dl];
serviceConfig = {
# none of your fucking business
# TODO move this into an agenix secret probably
@ -24,14 +28,14 @@ in {
};
systemd.timers.gallery-dl-dedup = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "3h";
};
};
systemd.services.gallery-dl-dedup = {
path = with pkgs ; [ bash coreutils rmlint ];
path = with pkgs; [bash coreutils rmlint];
serviceConfig = {
# likewise
ExecStart = "/srv/gallery-dl-dedup.sh";

460
hosts/rpi4/services.nix

@ -1,15 +1,17 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (config.age) secrets;
inherit (builtins) toString;
in
{
in {
imports = [
./gitea.nix
./authelia.nix
];
config = {
age.secrets.cloudflaredns = {
file = ../../secrets/cloudflare-dns.age;
group = "secrets";
@ -63,7 +65,7 @@ in
};
users.groups.secrets = {};
users.users.acme.extraGroups = [ "secrets" ];
users.users.acme.extraGroups = ["secrets"];
security.acme = {
acceptTerms = true;
@ -97,57 +99,59 @@ in
};
};
users.users.nginx.extraGroups = [ "acme" ];
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [
80 443
80
443
# this is needed for node to work for some reason
8123
];
users.groups.authelia-shared = { };
services.authelia.instances = lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
users.groups.authelia-shared = {};
services.authelia.instances =
lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
};
services.redis = {
servers.authelia = {
@ -157,7 +161,7 @@ in
users.users."${config.services.authelia.instances.main.user}".extraGroups = let
name = config.services.redis.servers.authelia.user;
in [ name ];
in [name];
services.nginx = {
enable = true;
@ -171,24 +175,30 @@ in
virtualHosts = let
useACMEHost = "protogen.io";
mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, authelia ? false, extraConfig ? {}, ... }:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
mkProxy = args @ {
upstream ? "http://127.0.0.1:${builtins.toString args.port}",
auth ? false,
authelia ? false,
extraConfig ? {},
...
}:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
@ -199,149 +209,174 @@ in
# };
# };
mkAuthProxy = port: mkProxy { inherit port; authelia = true; };
mkReverseProxy = port: mkProxy { inherit port; };
in (lib.mapAttrs (domain: instance: { forceSSL = true; inherit useACMEHost; authelia.endpoint = { inherit instance; };}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
}) // {
"changedetection.protogen.io" = mkReverseProxy 5000;
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
"gitea.protogen.io" = mkReverseProxy 3000;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [ (mkProxy { authelia = true; upstream = "http://10.10.1.8:80"; })
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
mkAuthProxy = port:
mkProxy {
inherit port;
authelia = true;
};
}];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in mkProxy { authelia = true; inherit port; extraConfig = {
locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};};
mkReverseProxy = port: mkProxy {inherit port;};
in
(lib.mapAttrs (domain: instance: {
forceSSL = true;
inherit useACMEHost;
authelia.endpoint = {inherit instance;};
}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
})
// {
"changedetection.protogen.io" = mkReverseProxy 5000;
# URL shortener
"nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
"admin.nbt.sh" = mkProxy { authelia = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"gitea.protogen.io" = mkReverseProxy 3000;
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [
(mkProxy {
authelia = true;
upstream = "http://10.10.1.8:80";
})
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}
];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in
mkProxy {
authelia = true;
inherit port;
extraConfig = {
locations = lib.genAttrs ["/favicon.ico" "/autocompleter" "/opensearch.xml"] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};
};
# URL shortener
"nbt.sh" = mkProxy {
port = 8090;
extraConfig.serverAliases = ["proot.link"];
};
"admin.nbt.sh" = mkProxy {
authelia = true;
port = 8091;
extraConfig.serverAliases = ["admin.proot.link"];
};
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = ["x.protogen.io"];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = ["www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz"];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
};
};
# main site
"protogen.io" = {
serverAliases = [ "x.protogen.io" ];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = [ "www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz" ];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
};
};
};
# https://gethomepage.dev
services.homepage-dashboard = let
entry = name: value: { "${name}" = value; };
makeBookmark = name: {...}@attrs: entry name [ attrs ];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({ inherit abbr href; } // lib.optionalAttrs (icon != null) { inherit icon; });
entry = name: value: {"${name}" = value;};
makeBookmark = name: {...} @ attrs: entry name [attrs];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({inherit abbr href;} // lib.optionalAttrs (icon != null) {inherit icon;});
in {
enable = true;
listenPort = 8089;
@ -369,10 +404,12 @@ in
];
services = let
service = name: subdomain: icon: {...}@attrs: entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
} // attrs);
service = name: subdomain: icon: {...} @ attrs:
entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
}
// attrs);
basicService = name: subdomain: icon: service name subdomain icon {};
in [
(entry "unsorted" [
@ -389,13 +426,17 @@ in
(basicService "SearXNG" "searx" "searxng")
(basicService "TheLounge" "lounge" "thelounge")
(basicService "Paperless" "paper" "paperless-ngx")
(entry "Shlink" { href = "https://admin.nbt.sh"; icon = "shlink"; })
(entry "Shlink" {
href = "https://admin.nbt.sh";
icon = "shlink";
})
(basicService "Create Track Map" "trackmap" "")
((x: service x x x {
widget = {
};
}) "changedetection")
((x:
service x x x {
widget = {
};
}) "changedetection")
(service "Uptime Kuma" "uptime" "uptime-kuma" {
widget = {
@ -443,7 +484,7 @@ in
};
# needed for mDNS in Home Assistant
networking.firewall.allowedUDPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [5353];
systemd.services.redlib.environment = {
REDLIB_DEFAULT_SUBSCRIPTIONS = lib.pipe ./reddit-subscriptions.txt [
@ -488,13 +529,12 @@ in
PAPERLESS_URL = "https://paper.protogen.io";
PAPERLESS_TIKA_ENABLED = true;
PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT =
"http://localhost:${toString config.services.gotenberg.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${toString config.services.gotenberg.port}";
};
};
users.users."${config.services.paperless.user}".extraGroups = let
name = config.services.redis.servers.paperless.group;
in [ name ];
in [name];
services.gotenberg = {
enable = true;

60
hosts/slab/configuration.nix

@ -1,20 +1,22 @@
# vim: set ts=2 sw=2 et foldmethod=marker:
# vim: set ts=2 sw=2 et foldmethod=marker:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, vars, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
];
config,
lib,
pkgs,
vars,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
];
config = {
# nix.settings.experimental-features = ["nix-command" "flakes" ];
@ -26,18 +28,24 @@
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = [ "subvol=/" ];
options = ["subvol=/"];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = { device = "/boot/EFI/Linux"; options = [ "bind" ]; };
"/efi/EFI/nixos" = { device = "/boot/EFI/nixos"; options = [ "bind" ]; };
"/efi/EFI/Linux" = {
device = "/boot/EFI/Linux";
options = ["bind"];
};
"/efi/EFI/nixos" = {
device = "/boot/EFI/nixos";
options = ["bind"];
};
})
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
}))
];
@ -51,7 +59,7 @@
# };
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
system.nixos.tags = ["Hyprland"];
nixfiles.session = "hyprland";
};
@ -91,21 +99,20 @@
};
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = [ "quiet" ];
boot.kernelParams = ["quiet"];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
device = "/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
@ -138,7 +145,7 @@
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable [ "tcp://pixel.magpie-moth.ts.net:6000" ];
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable ["tcp://pixel.magpie-moth.ts.net:6000"];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
@ -164,7 +171,6 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -195,10 +201,8 @@
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
@ -218,7 +222,6 @@
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
@ -244,7 +247,6 @@
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
@ -296,7 +298,7 @@
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -313,7 +315,5 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

86
hosts/slab/hardware-configuration.nix

@ -1,55 +1,59 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/efi" =
{ device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; }
];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a";}
];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

13
hosts/slab/home.nix

@ -1,5 +1,10 @@
{ lib, pkgs, osConfig, config, ... }:
{
lib,
pkgs,
osConfig,
config,
...
}: {
imports = [
../../home
];
@ -9,7 +14,7 @@
profile.base.enable = true;
common.wm.keybinds = {
Launch1="playerctl play-pause"; # ROG key
Launch1 = "playerctl play-pause"; # ROG key
# Launch3="true"; # AURA fn key
# Launch4="true"; # fan control fn key
};
@ -17,8 +22,8 @@
home.stateVersion = "23.11";
# TODO mkif stylix.enable; danth/stylix#216
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) { size = 32; };
stylix.cursor = { size = 32; };
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) {size = 32;};
stylix.cursor = {size = 32;};
nixfiles.theming.catppuccin.themeDPI = "hdpi";

19
hosts/slab/nvidia-optimus.nix

@ -1,11 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.supergfxd.enable = true;
specialisation = {
nvidia.configuration = {
system.nixos.tags = [ "NVIDIA" ];
system.nixos.tags = ["NVIDIA"];
nixfiles.supergfxd.profile = "Hybrid";
@ -15,9 +17,9 @@
hardware.nvidia = {
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
@ -30,7 +32,8 @@
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in version;
in
version;
prime = {
offload = {

14
hosts/slab/supergfxd.nix

@ -1,5 +1,10 @@
{ pkgs, lib, config, options, ... }@args:
let
{
pkgs,
lib,
config,
options,
...
} @ args: let
gfx = {
Integrated = {
supergfxd = pkgs.writeText "supergfxd-integrated" ''
@ -69,7 +74,8 @@ let
isKeyInAttrset = let
getKeys = attrset: lib.mapAttrsToList (name: _: name) attrset;
isInList = key: list: lib.any (x: x == key) list;
in key: attrset: isInList key (getKeys attrset);
in
key: attrset: isInList key (getKeys attrset);
inherit (lib) mkIf mkOption types;
in {
@ -83,7 +89,7 @@ in {
};
config = {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
# TODO actually configure the system settings here
"supergfxd.conf" = {
source = gfx.${cfg.profile}.supergfxd;

102
lib/nixfiles/minecraft.nix

@ -1,14 +1,19 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
inherit (pkgs) lib;
in
{
mkServer = { modpack ? null, modpackSymlinks ? [], modpackFiles ? [], jvmOpts ? null, ...}@opts: let
in {
mkServer = {
modpack ? null,
modpackSymlinks ? [],
modpackFiles ? [],
jvmOpts ? null,
...
} @ opts: let
# log4j exploit is bad and scary and i have no idea if this is still needed
# but it's best to be on the safe side
jvmOptsPatched = let
requiredJvmOpts = "-Dlog4j2.formatMsgNoLookups=true";
in if (!(builtins.isNull jvmOpts))
in
if (!(builtins.isNull jvmOpts))
then requiredJvmOpts + " " + jvmOpts
else requiredJvmOpts;
@ -17,51 +22,58 @@ in
serverPackage = let
mcVersion = modpack.manifest.versions.minecraft;
fixedVersion = lib.replaceStrings [ "." ] [ "_" ] mcVersion;
fixedVersion = lib.replaceStrings ["."] ["_"] mcVersion;
quiltVersion = modpack.manifest.versions.quilt or null;
fabricVersion = modpack.manifest.versions.fabric or null;
loader = if (!(builtins.isNull quiltVersion)) then "quilt" else "fabric";
loaderVersion = if loader == "quilt" then quiltVersion else fabricVersion;
in pkgs.minecraftServers."${loader}-${fixedVersion}".override { inherit loaderVersion; };
loader =
if (!(builtins.isNull quiltVersion))
then "quilt"
else "fabric";
loaderVersion =
if loader == "quilt"
then quiltVersion
else fabricVersion;
in
pkgs.minecraftServers."${loader}-${fixedVersion}".override {inherit loaderVersion;};
in
lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
in lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# no telemetry
snooper-enabled = lib.mkDefault false;
# no telemetry
snooper-enabled = lib.mkDefault false;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts [ "modpack" "modpackSymlinks" "modpackFiles" "jvmOpts" ])
];
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts ["modpack" "modpackSymlinks" "modpackFiles" "jvmOpts"])
];
}

3
modules/home-manager/default.nix

@ -1,2 +1 @@
_:
{}
_: {}

3
modules/nixos/default.nix

@ -1,3 +1,2 @@
{...}@moduleInputs:
{
{...} @ moduleInputs: {
}

9
overlays/default.nix

@ -12,9 +12,10 @@ in {
./modpacks.nix
];
config.flake.overlays = {
default = with cfg; composeManyExtensions [
backports
mitigations
];
default = with cfg;
composeManyExtensions [
backports
mitigations
];
};
}

18
pkgs/apps.nix

@ -1,9 +1,15 @@
{ packages, system, ... }:
let _packages = packages; in
let
packages = _packages.${system};
mkApp = program: { type = "app"; inherit program; };
in
{
packages,
system,
...
}: let
_packages = packages;
in let
packages = _packages.${system};
mkApp = program: {
type = "app";
inherit program;
};
in {
keysetting = mkApp "${packages.wm-helpers}/bin/keysetting";
}

39
pkgs/atool-wrapped/default.nix

@ -1,4 +1,5 @@
{ lib,
{
lib,
atool,
makeBinaryWrapper,
stdenvNoCC,
@ -14,24 +15,24 @@
p7zip,
unrar,
lha,
unfree ? false }:
let
unfree ? false,
}: let
wrappedPath = lib.makeBinPath ([lzip plzip lzop xz zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
in
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeBinaryWrapper ];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = ["installPhase"];
nativeBuildInputs = [makeBinaryWrapper];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}

23
pkgs/cofi/shell.nix

@ -1,16 +1,15 @@
{ pkgs ? import <nixpkgs> {} }:
let
{pkgs ? import <nixpkgs> {}}: let
rofi-dmenu-wrapped = pkgs.writeShellScript "rofi-dmenu" ''
exec "${pkgs.rofi-wayland}/bin/rofi" -dmenu "$@"
'';
in
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}

7
pkgs/cross-seed/default.nix

@ -1,5 +1,8 @@
{ lib, buildNpmPackage, fetchFromGitHub }:
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec {
pname = "cross-seed";
version = "6.11.0";

20
pkgs/default.nix

@ -1,17 +1,15 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
inherit (pkgs) callPackage callPackages;
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
{
inherit (mopidyPackages) mopidy-autoplay ;
google-fonts = callPackage ./google-fonts { };
wm-helpers = callPackage ./wm-helpers { };
atool = callPackage ./atool-wrapped { };
nixfiles-assets = callPackage ./nixfiles-assets { };
redlib = callPackage ./redlib { };
cross-seed = callPackage ./cross-seed { };
in {
inherit (mopidyPackages) mopidy-autoplay;
google-fonts = callPackage ./google-fonts {};
wm-helpers = callPackage ./wm-helpers {};
atool = callPackage ./atool-wrapped {};
nixfiles-assets = callPackage ./nixfiles-assets {};
redlib = callPackage ./redlib {};
cross-seed = callPackage ./cross-seed {};
}

48
pkgs/google-fonts/default.nix

@ -1,9 +1,9 @@
{ lib
, stdenvNoCC
, fetchFromGitHub
, fonts ? []
{
lib,
stdenvNoCC,
fetchFromGitHub,
fonts ? [],
}:
stdenvNoCC.mkDerivation {
pname = "google-fonts";
version = "unstable-2023-10-20";
@ -11,7 +11,7 @@ stdenvNoCC.mkDerivation {
# Adobe Blank is split out in a separate output,
# because it causes crashes with `libfontconfig`.
# It has an absurd number of symbols
outputs = [ "out" "adobeBlank" ];
outputs = ["out" "adobeBlank"];
src = fetchFromGitHub {
owner = "google";
@ -45,26 +45,32 @@ stdenvNoCC.mkDerivation {
# FamilyName.ttf. This installs all fonts if fonts is empty and otherwise
# only the specified fonts by FamilyName.
fonts = map (font: builtins.replaceStrings [" "] [""] font) fonts;
installPhase = ''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
'' + (if fonts == [] then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
'' else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
'');
installPhase =
''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
''
+ (
if fonts == []
then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
''
else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
''
);
meta = with lib; {
homepage = "https://fonts.google.com";
description = "Font files available from Google Fonts";
license = with licenses; [ asl20 ofl ufl ];
license = with licenses; [asl20 ofl ufl];
platforms = platforms.all;
hydraPlatforms = [];
maintainers = with maintainers; [ manveru ];
sourceProvenance = [ sourceTypes.binaryBytecode ];
maintainers = with maintainers; [manveru];
sourceProvenance = [sourceTypes.binaryBytecode];
};
}

9
pkgs/lucem/update.nix

@ -1,9 +1,11 @@
{ nixpkgs ? <nixpkgs>, pkgs ? (import nixpkgs) { } }:
let
{
nixpkgs ? <nixpkgs>,
pkgs ? (import nixpkgs) {},
}: let
inherit (pkgs) callPackage fetchFromSourcehut fetchFromGitHub lib;
inherit (lib) escapeShellArg;
lucem = pkgs.callPackage ./. { };
lucem = pkgs.callPackage ./. {};
nim_lk_patched = pkgs.nim_lk.overrideAttrs (final: prev: {
src = pkgs.fetchFromSourcehut {
@ -16,7 +18,6 @@ let
./nim_lk-rev-order-fix.patch
];
});
in
pkgs.stdenvNoCC.mkDerivation {
name = "lucem-lock.json";

22
pkgs/mopidy/autoplay.nix

@ -1,5 +1,9 @@
{ lib, python3Packages, fetchPypi, mopidy }:
{
lib,
python3Packages,
fetchPypi,
mopidy,
}:
# based on mopidy/jellyfin.nix
python3Packages.buildPythonApplication rec {
pname = "mopidy-autoplay";
@ -11,15 +15,15 @@ python3Packages.buildPythonApplication rec {
sha256 = "sha256-E2Q+Cn2LWSbfoT/gFzUfChwl67Mv17uKmX2woFz/3YM=";
};
propagatedBuildInputs = [ mopidy ];
propagatedBuildInputs = [mopidy];
# no tests implemented
doCheck = false;
pythonImportsCheck = [ "mopidy_autoplay" ];
pythonImportsCheck = ["mopidy_autoplay"];
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
}

18
pkgs/mopidy/default.nix

@ -1,10 +1,14 @@
{ lib, newScope, python }:
{
lib,
newScope,
python,
}:
# i have no idea what this is but there's some conflict if i don't do this
# based on https://github.com/NixOS/nixpkgs/blob/77f0d2095a8271fdb6e0d08c90a7d93631fd2748/pkgs/applications/audio/mopidy/default.nix
lib.makeScope newScope (self: with self; {
inherit python;
pythonPackages = python.pkgs;
lib.makeScope newScope (self:
with self; {
inherit python;
pythonPackages = python.pkgs;
mopidy-autoplay = callPackage ./autoplay.nix { };
})
mopidy-autoplay = callPackage ./autoplay.nix {};
})

33
pkgs/nixfiles-assets/default.nix

@ -1,5 +1,8 @@
{ lib, stdenvNoCC, fetchFromGitea }:
let
{
lib,
stdenvNoCC,
fetchFromGitea,
}: let
src = fetchFromGitea {
domain = "gitea.protogen.io";
owner = "nullbite";
@ -10,16 +13,16 @@ let
fetchLFS = true;
};
in
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = [ "installPhase" ];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = ["installPhase"];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}

23
pkgs/redlib/default.nix

@ -1,11 +1,12 @@
{ lib
, stdenv
, cacert
, nixosTests
, rustPlatform
, fetchFromGitHub
, darwin
, nix-update-script
{
lib,
stdenv,
cacert,
nixosTests,
rustPlatform,
fetchFromGitHub,
darwin,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "redlib";
@ -58,7 +59,7 @@ rustPlatform.buildRustPackage rec {
env = {
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GIT_HASH=src.rev;
GIT_HASH = src.rev;
};
doCheck = false;
@ -67,7 +68,7 @@ rustPlatform.buildRustPackage rec {
inherit (nixosTests) redlib;
};
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch=main" ]; };
passthru.updateScript = nix-update-script {extraArgs = ["--version=branch=main"];};
meta = {
changelog = "https://github.com/redlib-org/redlib/releases/tag/v${version}";
@ -75,6 +76,6 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/redlib-org/redlib";
license = lib.licenses.agpl3Only;
mainProgram = "redlib";
maintainers = with lib.maintainers; [ soispha ];
maintainers = with lib.maintainers; [soispha];
};
}

140
pkgs/wm-helpers/default.nix

@ -1,79 +1,85 @@
{ pkgs, lib, cap-volume ? true, unmute ? true, ...}:
let
keysetting = pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
{
pkgs,
lib,
cap-volume ? true,
unmute ? true,
...
}: let
keysetting =
pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
setvol 5%+
# notifyvol
}
setvol 5%+
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
in
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}

30
secrets/secrets.nix

@ -12,22 +12,20 @@ let
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0enlNbo1V5q0yq6n90gRPsNznoQ/KLEjeo1yOAUyJwPi35cw+b3p4DRN7T55DcSivKKE9Hyh6bpaQWFJSLyP5jAtDrYkuUfNx5GkgrquMwMvwzk3Z+h2/J/WgDyKQZXtm9LHYTgiW8jDU1lBiks39IqCAGrCTLAmAHSaJ39A4ZpJwu6zZ9sQqT22E/UpFm5MBezdZbm8V0G+beX+y3+pp8Kag7goGNY+rgTgx7REDz3jzZz3FBP+CxKoo1H8HHz78RDqBb8HKpVQYNQkwvIBeczKawRHIkJO2Mk+1mc6Ta6beA9+Uyf+puxco2xl6BOnDInvnhWJIRXOJuR5P8/YWprE1o4ixF2N95D2GlJ618V7faEovu/sNj8qIvfA66OF1gG+LOfNAl+u2+3V8ewATF493F0q04zhenoH1ZdrsACJfL8tK9Ev9056ImR6aSJ5BjqCk0tMmnLKTZ7q3R2LoKnB1r/TXe10OH7rx5BDAt4OmD8a5QS0RvVgK3O/iMW0="
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSAD3bCc9ZHGqU+HoCtp69uU3Px5bbVYYrHbLS3AS1Xku9rPKE/oUU/fz8/AZxp6dLuKhPjQjLzgbFjM0rK57fiOPqBnlw3eAiIymrlB03ALLV3y+GF2OhVf2rkcPkUxjK978dwS9bxgty6WzPAoSjNwilzgf2CcLcHyIzDwwzWCndM9jtpXbUbLhOH6CvsvygBD7j06wakLOorTS+cAFecUvaUkDr6gSu6zpM29DcFiq8T1VoWhBzwC/9IKnxV/XqaZBM3Em7NfPQIzYWcD9A5+Holj2I6jcTSd9xIdMhD4Miqm8IdojPkP2NuVfD9AMxn0ccwbROG/zliyXtcxRj8b3jEquBKuN+yGqF5hexmKlhHmHua9NwhsWnGWjOWWSaPtsp3WOM/fEc7cWpVWZ+W8V5LbdWEY3Ke52Cz35QbOSml09H/gIzsMxZbiZvkJB4PvWKf0FoyZ8ojJWIaGP1/LQdXNMWorqy7tWp3sAw3JcMsR0ezJ3YoI6Y6FOIdL0="
];
in
{
"cloudflare-dns.age".publicKeys = [ rpi4 ] ++ all-user;
"wireguard-rpi4.age".publicKeys = [ rpi4 ] ++ all-user;
"htpasswd.age".publicKeys = [ rpi4 ] ++ all-user;
"htpasswd-cam.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-users.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-storage.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-jwt.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-session.age".publicKeys = [ rpi4 ] ++ all-user;
"homepage.age".publicKeys = [ rpi4 ] ++ all-user;
"paperless-admin.age".publicKeys = [ rpi4 ] ++ all-user;
in {
"cloudflare-dns.age".publicKeys = [rpi4] ++ all-user;
"wireguard-rpi4.age".publicKeys = [rpi4] ++ all-user;
"htpasswd.age".publicKeys = [rpi4] ++ all-user;
"htpasswd-cam.age".publicKeys = [rpi4] ++ all-user;
"authelia-users.age".publicKeys = [rpi4] ++ all-user;
"authelia-storage.age".publicKeys = [rpi4] ++ all-user;
"authelia-jwt.age".publicKeys = [rpi4] ++ all-user;
"authelia-session.age".publicKeys = [rpi4] ++ all-user;
"homepage.age".publicKeys = [rpi4] ++ all-user;
"paperless-admin.age".publicKeys = [rpi4] ++ all-user;
"restic-rclone.age".publicKeys = [ rpi4 nullbox slab ] ++ all-user;
"restic-password.age".publicKeys = [ rpi4 nullbox slab ] ++ all-user;
"restic-rclone.age".publicKeys = [rpi4 nullbox slab] ++ all-user;
"restic-password.age".publicKeys = [rpi4 nullbox slab] ++ all-user;
"anki-user.age".publicKeys = [ rpi4 ] ++ all-user;
"anki-user.age".publicKeys = [rpi4] ++ all-user;
}

11
system/cachix.nix

@ -1,8 +1,11 @@
{ pkgs, lib, config, ... }:
let
cfg = config.nixfiles.cachix;
in
{
pkgs,
lib,
config,
...
}: let
cfg = config.nixfiles.cachix;
in {
options.nixfiles.cachix.enable = lib.mkOption {
description = "Whether to enable the Cachix derivation cache";
type = lib.types.bool;

73
system/common/bootnext.nix

@ -1,11 +1,16 @@
{ config, lib, pkgs, options, ... }:
let
{
config,
lib,
pkgs,
options,
...
}: let
inherit (lib) types escapeShellArg;
cfg = config.nixfiles.common.bootnext;
bootNextScriptMain = pkgs.writeShellScript "bootnext-wrapped" ''
set -Eeuxo pipefail
PATH=${lib.escapeShellArg (with pkgs; lib.makeBinPath [ gnugrep coreutils efibootmgr ])}
PATH=${lib.escapeShellArg (with pkgs; lib.makeBinPath [gnugrep coreutils efibootmgr])}
export PATH
function do_bootnext() {
@ -19,9 +24,10 @@ let
case "$1" in
${lib.concatStringsSep "\n" (
lib.mapAttrsToList (name: value:
" ${escapeShellArg name}) do_bootnext ${escapeShellArg value.efiPartUUID} ${escapeShellArg value.name} ;;"
) cfg.entries
lib.mapAttrsToList (
name: value: " ${escapeShellArg name}) do_bootnext ${escapeShellArg value.efiPartUUID} ${escapeShellArg value.name} ;;"
)
cfg.entries
)}
*) echo "Boot entry \"$1\" not configured."; exit 1;;
esac
@ -49,18 +55,17 @@ let
bootnextDesktopEntries = pkgs.symlinkJoin {
name = "bootnext-desktop-entries";
paths = lib.mapAttrsToList (name: value: pkgs.makeDesktopItem {
paths = lib.mapAttrsToList (name: value:
pkgs.makeDesktopItem {
name = "bootnext-reboot-${name}";
desktopName = "Reboot into ${value.desktopEntry.name}";
comment = "Select the entry defined by the `${name}` configuration in the bootnext script and then reboot.";
icon = "${value.desktopEntry.icon}";
keywords = [ "bootnext" "reboot" "${name}" "${value.desktopEntry.name}" ];
keywords = ["bootnext" "reboot" "${name}" "${value.desktopEntry.name}"];
exec = "${desktopWrapper} ${name}";
}) (lib.filterAttrs (_: value: value.desktopEntry.enable) cfg.entries);
};
in
{
in {
options = {
nixfiles.common.bootnext = {
enable = lib.mkOption {
@ -71,19 +76,25 @@ in
default = false;
example = true;
};
enableDesktopEntries = lib.mkEnableOption "generation of bootnext Desktop entries" // { default = true; };
enableDesktopEntries = lib.mkEnableOption "generation of bootnext Desktop entries" // {default = true;};
entries = let
entryModule = {name, config, ... }: {
entryModule = {
name,
config,
...
}: {
options = let
uuidType = with types; lib.mkOptionType {
name = "uuid";
description = "UUID";
descriptionClass = "noun";
check = let
uuidRegex = "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$";
in x: str.check x && (builtins.match uuidRegex x) != null;
inherit (str) merge;
};
uuidType = with types;
lib.mkOptionType {
name = "uuid";
description = "UUID";
descriptionClass = "noun";
check = let
uuidRegex = "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$";
in
x: str.check x && (builtins.match uuidRegex x) != null;
inherit (str) merge;
};
in {
efiPartUUID = lib.mkOption {
description = "UUID of EFI partition containing boot entry";
@ -116,22 +127,26 @@ in
};
};
};
in lib.mkOption {
description = "bootnext entry";
type = with types; attrsOf (submodule entryModule);
};
in
lib.mkOption {
description = "bootnext entry";
type = with types; attrsOf (submodule entryModule);
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ bootNextScript ] ++ lib.optional cfg.enableDesktopEntries bootnextDesktopEntries;
environment.systemPackages = [bootNextScript] ++ lib.optional cfg.enableDesktopEntries bootnextDesktopEntries;
security.sudo.extraRules = lib.mkAfter [
{
commands = [
{ command = "${bootNextScriptMain}"; options = [ "NOPASSWD" ]; }
{
command = "${bootNextScriptMain}";
options = ["NOPASSWD"];
}
];
groups = [ "wheel" ];
groups = ["wheel"];
}
];
};

31
system/common/busybox.nix

@ -1,18 +1,25 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
cfg = config.nixfiles.common.busybox;
in {
options.nixfiles.common.busybox.enable = lib.mkEnableOption "" // {
description = ''
Whether to install Busybox into the system environment as a very low
priority fallback for common commands. This should *never* override a
user-installed package.
'';
};
options.nixfiles.common.busybox.enable =
lib.mkEnableOption ""
// {
description = ''
Whether to install Busybox into the system environment as a very low
priority fallback for common commands. This should *never* override a
user-installed package.
'';
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; lib.mkOrder 50 [
busybox
];
environment.systemPackages = with pkgs;
lib.mkOrder 50 [
busybox
];
};
}

3
system/common/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./me.nix
./remote.nix

13
system/common/me.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ...}:
let
cfg = config.nixfiles.common.me;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.common.me;
in {
options.nixfiles.common.me = {
enable = lib.mkEnableOption "my user account";
};
@ -12,7 +15,7 @@ in
uid = 1000;
group = "nullbite";
isNormalUser = true;
extraGroups = [ "wheel" ] ++ lib.optional config.nixfiles.packageSets.fun.enable "input";
extraGroups = ["wheel"] ++ lib.optional config.nixfiles.packageSets.fun.enable "input";
packages = with pkgs; [
keychain
];

25
system/common/nix.nix

@ -1,8 +1,14 @@
{ pkgs, lib, config, options, inputs, nixpkgs, ... }:
let
cfg = config.nixfiles.common.nix;
in
{
pkgs,
lib,
config,
options,
inputs,
nixpkgs,
...
}: let
cfg = config.nixfiles.common.nix;
in {
options.nixfiles.common.nix = {
enable = lib.mkEnableOption "common Nix configuration";
registerNixpkgs = lib.mkOption {
@ -11,7 +17,8 @@ in
example = "true";
description = "Whether to register the Nixpkgs revision used by Nixfiles to the system's flake registry and make it tye system's <nixpkgs> channel";
};
/* # TODO
/*
# TODO
register = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
@ -22,8 +29,7 @@ in
};
config = lib.mkMerge [
( lib.mkIf cfg.registerNixpkgs {
(lib.mkIf cfg.registerNixpkgs {
# this makes modern nix tools use the system's version of nixpkgs
nix.registry = {
# this keeps nixfiles-assets in the store so i can save some GitHub LFS
@ -58,10 +64,9 @@ in
# compatibility becasue once `, vkcube` couldn't find the correct opengl
# driver or something (also it reduces the download size of temporary shell
# closures)
nix.nixPath = [ "nixpkgs=${nixpkgs}" ] ++ options.nix.nixPath.default;
nix.nixPath = ["nixpkgs=${nixpkgs}"] ++ options.nix.nixPath.default;
})
( lib.mkIf cfg.enable {
(lib.mkIf cfg.enable {
# direnv is a tool to automatically load shell environments upon entering
# a directory. nix-direnv has an extensionn to keep nix shells in the
# system's gcroots so shells can be used after a gc without rebuilding.

15
system/common/remote.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.common.remoteAccess;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.common.remoteAccess;
in {
config = lib.mkIf cfg.enable {
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
@ -10,7 +13,6 @@ in
enable = true;
openFirewall = true;
settings = {
};
};
@ -27,5 +29,6 @@ in
networking.wireguard.enable = true;
};
options = {
nixfiles.common.remoteAccess.enable = lib.mkEnableOption "remote access options" ; };
nixfiles.common.remoteAccess.enable = lib.mkEnableOption "remote access options";
};
}

12
system/common/wm.nix

@ -1,9 +1,13 @@
{ pkgs, lib, config, options, ...}:
let
{
pkgs,
lib,
config,
options,
...
}: let
inherit (lib) mkDefault mkIf mkEnableOption;
cfg = config.nixfiles.common.wm;
in
{
in {
config = mkIf cfg.enable {
# Common options for standalone window managers; many of these (or
# alternatives thereof) are pulled in by desktop environments.

17
system/default.nix

@ -1,4 +1,14 @@
{ pkgs, config, lib, options, nixpkgs, home-manager, inputs, utils, ... }@args:
{
pkgs,
config,
lib,
options,
nixpkgs,
home-manager,
inputs,
utils,
...
} @ args:
# ^ all these args are yucky and non-portable, replace them with a module
# called from the scope of the flake that brings relevant
# inputs/outputs/overlays/etc into scope. this might even make nixfiles
@ -6,8 +16,7 @@
let
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in
{
in {
imports = [
./common
./hardware
@ -50,7 +59,7 @@ in
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) { inherit pkgs; };
default = (import ../lib/nixfiles) {inherit pkgs;};
readOnly = true;
type = lib.types.attrs;
};

6
system/fragments/debugging.nix

@ -1,5 +1,9 @@
{ config, lib, pkgs, ...}:
{
config,
lib,
pkgs,
...
}: {
environment = {
enableDebugInfo = true;
systemPackages = with pkgs; [

40
system/hardware/binfmt.nix

@ -1,23 +1,28 @@
{ pkgs, config, lib, options, ... }:
let
configForSystem = (system:
let
riscv = [ "riscv32-linux" "riscv64-linux" ];
arm = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ];
x86 = [ "i686-linux" "x86_64-linux" ];
windows = [ "x86_64-windows" "i686-windows" ];
{
pkgs,
config,
lib,
options,
...
}: let
configForSystem = (
system: let
riscv = ["riscv32-linux" "riscv64-linux"];
arm = ["armv6l-linux" "armv7l-linux" "aarch64-linux"];
x86 = ["i686-linux" "x86_64-linux"];
windows = ["x86_64-windows" "i686-windows"];
systems = {
x86_64-linux = riscv ++ arm;
aarch64-linux = riscv;
};
in
if (systems ? "${system}") then systems."${system}" else []
if (systems ? "${system}")
then systems."${system}"
else []
);
emulatedSystems = configForSystem "${pkgs.system}";
cfg = config.nixfiles.binfmt;
in
{
in {
options.nixfiles.binfmt = {
enable = lib.mkOption {
description = "Whether to configure default binfmt emulated systems for the current architecture";
@ -29,9 +34,10 @@ in
config = let
enable = cfg.enable && (builtins.length emulatedSystems) > 0;
in lib.mkMerge [
(lib.mkIf enable {
boot.binfmt = {inherit emulatedSystems;};
})
];
in
lib.mkMerge [
(lib.mkIf enable {
boot.binfmt = {inherit emulatedSystems;};
})
];
}

11
system/hardware/bluetooth.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ...}:
let
cfg = config.nixfiles.hardware.bluetooth;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.hardware.bluetooth;
in {
options.nixfiles.hardware.bluetooth = {
enable = lib.mkEnableOption "Bluetooth";
};

3
system/hardware/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./bluetooth.nix
./nvidia.nix

39
system/hardware/gps.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.hardware.gps;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.hardware.gps;
in {
options = {
nixfiles.hardware.gps = {
enable = lib.mkEnableOption "GPS configuration";
@ -28,21 +31,21 @@ in
# this could probably be a systemd socket but i don't know how to make those
systemd.services.gpsd-nmea-bridge = lib.mkIf cfg.gpsdBridge {
path = with pkgs; [
gpsd
coreutils
socat
];
description = "gpsd to Geoclue2 GPS data bridge";
before = [ "geoclue.service" ];
wantedBy = [ "geoclue.service" "multi-user.target" ];
serviceConfig = {
RuntimeDirectory = "gpsd-nmea";
ExecStart = pkgs.writeShellScript "gpsd-nmea-bridge" ''
exec socat -U UNIX-LISTEN:''${RUNTIME_DIRECTORY}/nmea.sock,fork,reuseaddr,mode=777 SYSTEM:'gpspipe -Br | stdbuf -oL tail -n+4'
'';
};
path = with pkgs; [
gpsd
coreutils
socat
];
description = "gpsd to Geoclue2 GPS data bridge";
before = ["geoclue.service"];
wantedBy = ["geoclue.service" "multi-user.target"];
serviceConfig = {
RuntimeDirectory = "gpsd-nmea";
ExecStart = pkgs.writeShellScript "gpsd-nmea-bridge" ''
exec socat -U UNIX-LISTEN:''${RUNTIME_DIRECTORY}/nmea.sock,fork,reuseaddr,mode=777 SYSTEM:'gpspipe -Br | stdbuf -oL tail -n+4'
'';
};
};
services.gpsd.enable = lib.mkIf cfg.gpsdBridge true;
};
}

31
system/hardware/nvidia.nix

@ -1,7 +1,11 @@
{ config, lib, pkgs, ...}:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.hardware.nvidia;
rcu_patch = pkgs.fetchpatch {
url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
@ -11,8 +15,8 @@ let
version = "555.42.02";
sha256_64bit = "sha256-k7cI3ZDlKp4mT46jMkLaIrc2YUx1lh1wj/J4SVSHWyk=";
sha256_aarch64 = lib.fakeSha256;
openSha256 = "sha256-rtDxQjClJ+gyrCLvdZlT56YyHQ4sbaL+d5tL4L4VfkA=";
settingsSha256 = "sha256-rtDxQjClJ+gyrCLvdZlT56YyHQ4sbaL+d5tL4L4VfkA=";
openSha256 = "sha256-rtDxQjClJ+gyrCLvdZlT56YyHQ4sbaL+d5tL4L4VfkA=";
settingsSha256 = "sha256-rtDxQjClJ+gyrCLvdZlT56YyHQ4sbaL+d5tL4L4VfkA=";
persistencedSha256 = lib.fakeSha256;
};
@ -24,10 +28,9 @@ let
settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10=";
persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE=";
patches = [ rcu_patch ];
patches = [rcu_patch];
};
in
{
in {
# imports = [
# ../opengl.nix
# ];
@ -41,10 +44,9 @@ in
nixfiles.hardware.opengl.enable = true;
boot.kernelParams = [ "nvidia-drm.fbdev=1" ];
boot.kernelParams = ["nvidia-drm.fbdev=1"];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = lib.mkDefault true;
@ -56,9 +58,9 @@ in
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = lib.mkDefault (!(lib.versionOlder config.hardware.nvidia.package.version "560"));
@ -71,7 +73,8 @@ in
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = let
inherit (config.boot.kernelPackages.nvidiaPackages) production stable latest beta;
in lib.mkDefault latest;
in
lib.mkDefault latest;
};
};
}

35
system/hardware/opengl.nix

@ -1,24 +1,31 @@
{ config, lib, pkgs, ...}:
let
cfg = config.nixfiles.hardware.opengl;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.hardware.opengl;
in {
options.nixfiles.hardware.opengl.enable = lib.mkEnableOption "OpenGL configuration";
config = lib.mkIf cfg.enable {
environment.systemPackages = let
offload-enabled = config.hardware.nvidia.prime.offload.enableOffloadCmd;
glxinfo = lib.getExe' pkgs.glxinfo "glxinfo";
auto-offload = pkgs.writeShellScriptBin "auto-offload" (
(if offload-enabled then ''
if nvidia-offload ${glxinfo} > /dev/null 2>&1 ; then
exec nvidia-offload "$@"
fi
'' else "")
+
''
exec "$@"
'');
in [ auto-offload ];
(
if offload-enabled
then ''
if nvidia-offload ${glxinfo} > /dev/null 2>&1 ; then
exec nvidia-offload "$@"
fi
''
else ""
)
+ ''
exec "$@"
''
);
in [auto-offload];
# Enable OpenGL
hardware.graphics = {
enable = true;

75
system/hardware/sound.nix

@ -1,9 +1,13 @@
{ config, lib, pkgs, inputs, ...}:
let
{
config,
lib,
pkgs,
inputs,
...
}: let
cfg = config.nixfiles.hardware.sound;
inherit (lib) optionals mkEnableOption mkIf mkDefault;
in
{
in {
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
@ -18,39 +22,42 @@ in
};
};
config = lib.mkMerge [(mkIf cfg.enable {
security.rtkit.enable = mkDefault true;
services.pipewire = {
enable = true;
alsa.enable = mkDefault true;
alsa.support32Bit = mkDefault config.services.pipewire.alsa.enable;
pulse.enable = mkDefault true;
jack.enable = mkDefault true;
extraConfig.pipewire = {
# this should fix the extreme audio crackling in WINE
# note: this increases audio latency to 960/48000 (20ms)
"10-clock-config" = {
"context.properties" = {
"default.clock.min-quantum" = 960;
config = lib.mkMerge [
(mkIf cfg.enable {
security.rtkit.enable = mkDefault true;
services.pipewire = {
enable = true;
alsa.enable = mkDefault true;
alsa.support32Bit = mkDefault config.services.pipewire.alsa.enable;
pulse.enable = mkDefault true;
jack.enable = mkDefault true;
extraConfig.pipewire = {
# this should fix the extreme audio crackling in WINE
# note: this increases audio latency to 960/48000 (20ms)
"10-clock-config" = {
"context.properties" = {
"default.clock.min-quantum" = 960;
};
};
};
};
};
environment.systemPackages = with pkgs; [
qpwgraph
easyeffects
] ++ optionals config.services.pipewire.pulse.enable [
pavucontrol
ncpamixer
pulsemixer
];
})
({
# use alsa-ucm-conf from unstable (fixes Scarlett Solo channels)
nixpkgs.overlays = lib.optional cfg.useUnstableUcmConf (final: prev: {
inherit (inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}) alsa-ucm-conf;
});
})
environment.systemPackages = with pkgs;
[
qpwgraph
easyeffects
]
++ optionals config.services.pipewire.pulse.enable [
pavucontrol
ncpamixer
pulsemixer
];
})
{
# use alsa-ucm-conf from unstable (fixes Scarlett Solo channels)
nixpkgs.overlays = lib.optional cfg.useUnstableUcmConf (final: prev: {
inherit (inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}) alsa-ucm-conf;
});
}
];
}

45
system/minecraft.nix

@ -1,10 +1,19 @@
{ config, lib, pkgs, inputs, ... }:
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
options.services.minecraft-servers.servers = let
serverModule = { name, config, ... }: {
serverModule = {
name,
config,
...
}: {
options = {
useRecommendedDefaults = lib.mkOption {
type = lib.types.bool;
@ -21,13 +30,13 @@
modpackFiles = lib.mkOption {
description = "List of files from modpack to copy into server directory";
type = with lib.types; listOf str;
default = [ ];
default = [];
};
modpackSymlinks = lib.mkOption {
description = "List of files from modpack to symlink into server directory";
type = with lib.types; listOf str;
default = [ ];
default = [];
};
};
@ -37,8 +46,8 @@
jvmOpts = "-Dlog4j2.formatMsgNoLookups=true";
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
@ -75,18 +84,26 @@
inherit (config) modpack;
mcVersion = modpack.manifest.versions.minecraft;
fixedVersion = lib.replaceStrings [ "." ] [ "_" ] mcVersion;
fixedVersion = lib.replaceStrings ["."] ["_"] mcVersion;
quiltVersion = modpack.manifest.versions.quilt or null;
fabricVersion = modpack.manifest.versions.fabric or null;
loader = if (!(builtins.isNull quiltVersion)) then "quilt" else "fabric";
loaderVersion = if loader == "quilt" then quiltVersion else fabricVersion;
loader =
if (!(builtins.isNull quiltVersion))
then "quilt"
else "fabric";
loaderVersion =
if loader == "quilt"
then quiltVersion
else fabricVersion;
serverPackage = pkgs.minecraftServers."${loader}-${fixedVersion}".override { inherit loaderVersion; };
in lib.mkDefault serverPackage;
serverPackage = pkgs.minecraftServers."${loader}-${fixedVersion}".override {inherit loaderVersion;};
in
lib.mkDefault serverPackage;
})
];
};
in lib.mkOption {
type = with lib.types; attrsOf (submodule serverModule);
};
in
lib.mkOption {
type = with lib.types; attrsOf (submodule serverModule);
};
}

21
system/mitigations.nix

@ -1,5 +1,11 @@
{ pkgs, config, lib, inputs, nixpkgs, ... }:
let
{
pkgs,
config,
lib,
inputs,
nixpkgs,
...
}: let
p5 = config.services.xserver.desktopManager.plasma5.enable;
p6 = config.services.desktopManager.plasma6.enable;
@ -7,8 +13,11 @@ let
# kernel update
newKernelPackages = let
pkgs-new = import inputs.nixpkgs-unstable { inherit (pkgs) system; config.allowUnfree = true; };
in pkgs-new.linuxPackages_latest;
in
{
pkgs-new = import inputs.nixpkgs-unstable {
inherit (pkgs) system;
config.allowUnfree = true;
};
in
pkgs-new.linuxPackages_latest;
in {
}

3
system/package-sets/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./gaming.nix
./multimedia.nix

47
system/package-sets/fun.nix

@ -1,28 +1,33 @@
{ pkgs, config, lib, ...}:
let
cfg = config.nixfiles.packageSets.fun;
in
{
pkgs,
config,
lib,
...
}: let
cfg = config.nixfiles.packageSets.fun;
in {
options.nixfiles.packageSets.fun = {
enable = lib.mkEnableOption "fun package set";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
cowsay
uwufetch
fortune
pipes
hollywood
sl
figlet
aalib
asciiquarium
] ++ lib.optionals config.services.xserver.enable [
oneko
] ++ lib.optionals config.services.pipewire.enable [
bucklespring-libinput
espeak
];
environment.systemPackages = with pkgs;
[
cowsay
uwufetch
fortune
pipes
hollywood
sl
figlet
aalib
asciiquarium
]
++ lib.optionals config.services.xserver.enable [
oneko
]
++ lib.optionals config.services.pipewire.enable [
bucklespring-libinput
espeak
];
};
}

43
system/package-sets/multimedia.nix

@ -1,28 +1,33 @@
{ config, lib, pkgs, ...}:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optional optionals mkEnableOption mkIf;
nvidiaEnabled = (lib.elem "nvidia" config.services.xserver.videoDrivers);
in
{
nvidiaEnabled = lib.elem "nvidia" config.services.xserver.videoDrivers;
in {
options.nixfiles.packageSets.multimedia = {
enable = mkEnableOption "multimedia packages";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; optionals config.services.xserver.enable [
mpv
gimp
krita
inkscape
obs-studio
] ++ [
gallery-dl
yt-dlp
imagemagick
pngquant
gifski
ffmpeg
];
environment.systemPackages = with pkgs;
optionals config.services.xserver.enable [
mpv
gimp
krita
inkscape
obs-studio
]
++ [
gallery-dl
yt-dlp
imagemagick
pngquant
gifski
ffmpeg
];
# needed for NVENC to work in OBS Studio and FFmpeg
boot.kernelModules = optional nvidiaEnabled "nvidia_uvm";

23
system/profile/base.nix

@ -1,16 +1,21 @@
{ config, lib, pkgs, options, inputs, outputs, ...}@args:
let
cfg = config.nixfiles.profile.base;
in
{
config,
lib,
pkgs,
options,
inputs,
outputs,
...
} @ args: let
cfg = config.nixfiles.profile.base;
in {
options.nixfiles.profile.base = {
enable = lib.mkEnableOption "base config";
};
# TODO was gonna add something but i forgor and now i'm too lazy
# to delete this
# TODO was gonna add something but i forgor and now i'm too lazy
# to delete this
config = lib.mkMerge [
(lib.mkIf cfg.enable {
nixfiles.common = {
# Enable my account
me.enable = lib.mkDefault true;
@ -30,7 +35,7 @@ in
};
# Enable flakes
nix.settings.experimental-features = ["nix-command" "flakes" ];
nix.settings.experimental-features = ["nix-command" "flakes"];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
@ -124,7 +129,7 @@ in
];
# Needed for Kvantum themes to be detected
environment.pathsToLink = [ "/share/Kvantum" ];
environment.pathsToLink = ["/share/Kvantum"];
# allow for more interactive authentication
security.polkit.enable = lib.mkDefault true;

3
system/profile/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./base.nix
./pc.nix

29
system/profile/pc.nix

@ -1,16 +1,21 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
cfg = config.nixfiles.profile.pc;
inherit (lib) mkDefault;
in
{
options.nixfiles.profile.pc.enable = lib.mkEnableOption "minimal PC profile" // {
description = ''
Whether to enable the minimal PC profile. This profile configures basic
system configuration for physical PCs, such as enabling sound and
Bluetooth support.
'';
};
in {
options.nixfiles.profile.pc.enable =
lib.mkEnableOption "minimal PC profile"
// {
description = ''
Whether to enable the minimal PC profile. This profile configures basic
system configuration for physical PCs, such as enabling sound and
Bluetooth support.
'';
};
config = lib.mkIf cfg.enable {
nixfiles.profile.base.enable = lib.mkDefault true;
@ -20,7 +25,7 @@ in
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# FIXME find somewhere else to put this
networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default.
# contains icons for bootnext desktop entries (the Windows icon); there's
# probably no reason to *not* include this.

10
system/profile/server.nix

@ -1,10 +1,12 @@
{ config, lib, ... }:
let
{
config,
lib,
...
}: let
cfg = config.nixfiles.profile.server;
inherit (lib) mkEnableOption mkDefault;
inherit (lib.types) bool int str;
in
{
in {
options.nixfiles.profile.server.enable = mkEnableOption "server profile";
config = lib.mkIf cfg.enable {

30
system/profile/workstation.nix

@ -1,17 +1,21 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
cfg = config.nixfiles.profile.workstation;
inherit (lib) mkDefault;
in
{
options.nixfiles.profile.workstation.enable = lib.mkEnableOption "workstation (featureful PC) profile" //
{
description = ''
Whether to enable the workstation (featureful PC) profile. This profile
enables the base PC profile, as well as installs and configures various
other programs for a more complete computing experience.
'';
};
in {
options.nixfiles.profile.workstation.enable =
lib.mkEnableOption "workstation (featureful PC) profile"
// {
description = ''
Whether to enable the workstation (featureful PC) profile. This profile
enables the base PC profile, as well as installs and configures various
other programs for a more complete computing experience.
'';
};
config = lib.mkIf cfg.enable {
nixfiles.profile.pc.enable = lib.mkDefault true;
nixfiles.packageSets.multimedia.enable = lib.mkDefault true;
@ -37,7 +41,7 @@ in
nerd-fonts.fira-code
font-awesome
noto-fonts-cjk-sans
(google-fonts.override { fonts = [ "NovaSquare" ];})
(google-fonts.override {fonts = ["NovaSquare"];})
];
# TODO this should be defined in home-manager or not at all probably

15
system/programs/android.nix

@ -1,14 +1,19 @@
{ config, lib, pkgs, outputs, vars, ...}@args:
let
cfg = config.nixfiles.programs.adb;
in
{
config,
lib,
pkgs,
outputs,
vars,
...
} @ args: let
cfg = config.nixfiles.programs.adb;
in {
options.nixfiles.programs.adb = {
enable = lib.mkEnableOption "adb configuration";
};
config = lib.mkIf cfg.enable {
programs.adb.enable = true;
users.users.${vars.username}.extraGroups = [ "adbusers" ];
users.users.${vars.username}.extraGroups = ["adbusers"];
};
}

Some files were not shown because too many files have changed in this diff Show More