nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

...

141 Commits
feature/tm ... main

Author SHA1 Message Date
NullBite
b2ab765800
Update flake.lock 2025-05-02 03:26:58 -04:00
NullBite
3b97ca6943
overlays/mitigations: gotenberg 2025-04-26 18:38:30 -04:00
NullBite
b13d96f56e
slab: fix stylix config 2025-04-26 17:28:13 -04:00
NullBite
c6ba185187
Update flake.lock 2025-04-26 11:00:17 -04:00
NullBite
7e663d2e13
Update zen browser 2025-03-15 11:18:30 -04:00
NullBite
ad73714688
Revert "Update flake.lock" 
This reverts commit df2f8726f68525b00e55ad2f824ec361a33fb4d5.
 2025-03-15 11:17:33 -04:00
NullBite
df2f8726f6
Update flake.lock 2025-03-13 18:19:41 -04:00
NullBite
95f3aa39c8
Fix formatting 2025-03-13 17:30:29 -04:00
NullBite
a41bd02ca4
overlays: pin rustdesk-flutter 2025-03-13 17:29:59 -04:00
NullBite
7b07ae7983
system: fix eval failure 2025-03-13 12:42:36 -04:00
NullBite
551723abef
home(productivity): add Zen Browser 2025-03-06 17:03:04 -05:00
NullBite
b2a24ce42e
flake: add Zen Browser input + overlay 2025-03-06 16:58:11 -05:00
NullBite
9b438def7b
Update flake.lock, pkgs 2025-03-04 09:24:58 -05:00
NullBite
e9bc288e35
ci: eval builds as single attrset 
This is much safer and might also be faster. Passing `system` could
still be hypothetically unsafe, but I doubt nixpkgs will ever have a
system name with a dot in it for this specific reason.
 2025-03-04 01:25:36 -05:00
NullBite
bd0759b398
flake: fix specialisedNixosConfigurations nospec 2025-03-04 01:19:51 -05:00
NullBite
d768399a4e
ci: dynamic system build list 2025-03-04 00:49:04 -05:00
NullBite
8c7d95f0fd
rpi4: update reddit subscriptions 2025-03-03 16:47:49 -05:00
NullBite
b02c67961f
flake: add config specialisation attrset 
This contains each host's individual specialisations as separate
derivations, as well as a modified top-level config containing no
specialisations. Evaluating specialisations as separate derivations
takes significantly less memory (especially since nix-fast-build doesn't
support eval caching) and should stop CI from crashing.
 2025-03-03 16:32:48 -05:00
NullBite
f60bd3ade9
ci: actually remove full system build 
it would be nice if i actually removed the thing i said i was gonna
remove, now wouldn't it?
 2025-03-02 18:12:01 -05:00
NullBite
f309435739
ci: don't eval full systems with specialisations 
this should fix the ungodly memory usage that keeps crashing my runners
 2025-03-02 17:27:30 -05:00
NullBite
c49fa018b3
ci: update build script 2025-03-02 16:30:11 -05:00
NullBite
004770c410
flake: move devShell to perSystem, add formatter 2025-02-28 19:16:21 -05:00
NullBite
ee9f7ff199
mitigations: pin mopidy 
pinned to some random version from several months ago because of bug
that causes playback freezing
 2025-02-28 19:16:07 -05:00
NullBite
d2f48215ed
Update flake.lock, migrate config 2025-02-27 12:09:56 -05:00
NullBite
7b6d27bc73
system(base): enable envfs 2025-02-25 18:39:56 -05:00
NullBite
e5970b0149
flake: treefmt-nix follow nixpkgs unstable 2025-02-25 16:56:10 -05:00
NullBite
783055b885
Reformat repository with Alejandra 2025-02-25 16:53:02 -05:00
NullBite
b8f5793ac0
flake: enable treefmt 2025-02-25 16:08:27 -05:00
NullBite
7b10783731
flake: add treefmt input 2025-02-25 16:01:25 -05:00
NullBite
b72980839a
hosts(nullbox): unset hardware.nvidia.open 2025-02-25 15:48:48 -05:00
NullBite
a1ccd4031c
hosts(rpi4,nullbox): update kernel 2025-02-25 15:43:36 -05:00
NullBite
c8075804b1
system(sound): set clock quantum 2025-02-25 15:43:13 -05:00
NullBite
b24b4d99ba
system(pc): disable nfs 
causes massive startup delay
 2025-02-25 13:25:17 -05:00
NullBite
cb4be12725
flake(overlays): modularize with flake-parts 2025-02-24 19:18:01 -05:00
NullBite
89f107b407
system(nvidia): switch to latest 2025-02-23 20:20:49 -05:00
NullBite
3410ac1ae5
system(nvidia): use open driver by default 2025-02-23 18:27:13 -05:00
NullBite
675ca4742d
system(nvidia): beta driver 2025-02-23 18:20:26 -05:00
NullBite
490c290171
hosts(nullbox): update backup policy 2025-02-23 11:13:24 -05:00
NullBite
39782ecb3f
packageSets(gaming): install lucem 2025-02-22 14:38:25 -05:00
NullBite
62b16ae836
flake(overlays): add lucem to overlay 2025-02-22 14:35:19 -05:00
NullBite
cd302073fe
flake(system): use home-manager lib instance in correct place 2025-02-22 12:39:52 -05:00
NullBite
4b856ed7f9
flake, pkgs: update 2025-02-22 12:26:49 -05:00
NullBite
c2ee05db72
pkgs(lucem): init at 2.1.2 2025-02-20 01:55:37 -05:00
NullBite
45eebbb1ce
flake(pkgs): move old package definitions to legacy-module.nix 2025-02-20 01:32:22 -05:00
NullBite
f9f39bf70d
flake: add flake-compat 
It is good for if I am making a nix update script that needs network
access or some other impurity (although this is probably what
nix-prefetch-git is for but it's good to know how to do it manually,
especially for something like recreating a lockfile)
 2025-02-20 01:27:05 -05:00
NullBite
f86de5ff5b
home(neovim): add gcc to env 
A compiler is required for the compilation of treesitter grammars. I
should probably figure out how to just add every grammar to Neovim, but
this works with my existing configuration for now. I'm choosing to keep
my config separate because I want to still be able to use it on systems
without Nix.
 2025-02-19 15:01:47 -05:00
NullBite
cab0e3e023
flake(system): use system nixpkgs config in home-manager 
This allows for setting overlays at the home level while also inheriting
the global nixpkgs configuration. This should theoretically work exactly
like useGlobalPkgs while still allowing for flexibility at the home
level. See
2025-02-17 08:39:01 +00:00
NullBite
d8723c0f3d
system(greetd): enable kwallet forceRun 2025-02-16 23:03:15 -05:00
NullBite
ad58ee8a48
system(greetd): enable pam_kwallet 2025-02-16 22:58:36 -05:00
NullBite
aed770afe6
ci: use vars instead of secrets for cache name 
The cache name is "main" and having everything with "main" in it
automatically redacted in the run logs is really annoying.
 2025-02-15 20:18:03 -05:00
NullBite
be3ec1900a
home/base: fix eval on >=25.05 
Related to git signing options
 2025-02-15 19:50:50 -05:00
NullBite
acb902b1ad
home/base: enable Git maintenance 
This is enabled in home-manager becuase Git attempts to hardcode the
path when it is done through Git. Enabling Git in home-manager creates a
managed config at $XDG_CONFIG_HOME/git/config, but if ~/.gitconfig
exists, git will use that instead which still allows for mutable config.
The activation script is configured to automatically create ~/.gitconfig
if it doesn't exist, so everything should still work exactly as before.
 2025-02-15 21:04:47 +00:00
NullBite
8d011735f4
Update flake.lock, pkgs 2025-02-15 00:38:49 +00:00
NullBite
dfd4af7300
overlays: pin libreoffice, unpin gotenberg 2025-02-14 15:15:11 -05:00
NullBite
03dbb4e096
overlays: hold gotenberg 2025-02-14 13:50:11 -05:00
NullBite
5da1e2d86e
system: fix regreet persistence 2025-02-14 01:24:02 -05:00
NullBite
e32faf1368
ci: downgrade runners to 22.04 
there's a bug that causes nix-installer-action to fail on arm on 24.04
2025-02-14 00:49:25 -05:00
NullBite
515668ccdd
Merge branch 'flake-parts-hosts' 2025-02-14 00:46:34 -05:00
NullBite
c869ec0fe3
flake: migrate nixosConfigurations to new config 2025-02-14 00:39:50 -05:00
NullBite
4aac8ea9ad
flake/system: fully working mkSystem replacement 
for some reason, the toplevel derivation is different for some systems,
but nix-diff only shows one file being different, specifically the order
of some config relating to kernel modules. however, the produced system
is functionally identical. i have no idea what could be responsible for
this change.
 2025-02-14 00:30:30 -05:00
NullBite
5e40d0ca60
flake: functional prototype of modular systems 2025-02-13 19:51:05 -05:00
NullBite
a6bd0191e0
flake: move modules 2025-02-13 19:51:05 -05:00
NullBite
3e5c57da9e
flake: move legacy mkSystem code into library 2025-02-13 19:50:59 -05:00
NullBite
ec7f258777
update reddit subscriptions 2025-02-09 16:57:59 -05:00
NullBite
c8ad36040f
actions: update workflows, use script 2025-02-09 11:39:29 -05:00
NullBite
f2300f0689
mitigations: hold nwg-displays to nixpkgs stable 2025-02-09 10:25:30 -05:00
NullBite
36c7242d30
workflows: use stable actions tags 2025-02-09 01:47:36 -05:00
NullBite
322d8cba9a
flake: add lib to _module.args 2025-02-08 17:35:22 -05:00
NullBite
0926aa6ff8
Add flake-parts TODO, update comments 2025-02-08 15:30:44 -05:00
NullBite
cb06c56f96
actions: fix nix-fast-build command 
apparently it doesn't detect that i want to build a package output
 2025-02-08 14:30:13 -05:00
NullBite
bde706ba77
actions: move package build to separate workflow 
i am impatient i want my packages immediately
 2025-02-08 14:26:35 -05:00
NullBite
faa75ecc5a
actions: add redlib to build workflow 2025-02-08 14:17:01 -05:00
NullBite
780dafeaa7
flake: switch majority of packages to module 2025-02-08 14:13:58 -05:00
NullBite
f85b59a2e9
flake: add alejandra to devShell, format 2025-02-08 14:13:30 -05:00
NullBite
1071440ed1
flake: add modules, make lib compatible 2025-02-08 14:12:26 -05:00
NullBite
b8e37d3eeb flake: move old let block to config.flake scope 2025-02-07 02:11:24 +00:00
NullBite
c7d841b3e8 flake.nix: move main flake into config block 
grrr why do people always insist on dumping options into the main block
of the module
 2025-02-07 02:01:20 +00:00
NullBite
41be6a0642 Update README.md 2025-02-07 01:23:05 +00:00
NullBite
63c5fd0f6a flake.nix: switch to flake parts 
Currently, there has been no functional change to the structure of this
flake. I have simply wrapped the current flake outputs in the root
flake-parts module.
 2025-02-07 01:01:58 +00:00
NullBite
6975b56de2
home: fix path collision 
not sure why this only happens when i build nix-on-droid
 2025-02-06 22:15:21 +00:00
NullBite
bc9f758aa3
Update nixpkgs stable branch 2025-02-06 19:23:47 +00:00
NullBite
f5fc7a43ba
Update nixfiles-assets 2025-02-06 19:18:17 +00:00
NullBite
bd0baf154d
Update flake.lock 2025-02-06 08:56:16 +00:00
NullBite
865d0ec439 flake.nix: lock nixfiles-assets to commit 
CI is spamming my LFS quota (this shouldn't even be stored in LFS (i
will fix that if i ever move away from GitHub)).
 2025-02-06 07:25:31 +00:00
NullBite
0221b8e3b4
system: install busybox with low priority 
it is a good fallback for common system commands
 2025-02-05 17:12:19 -05:00
NullBite
2fe138d88c
rpi4: update reddit subscriptions 2025-02-05 15:00:34 -05:00
NullBite
2df449179f
actions: update cache build schedule 2025-02-05 01:46:15 -05:00
NullBite
c2ab201780 pkgs/redlib: fix hashes 2025-02-05 00:48:06 +00:00
NullBite
36befa8966 pkgs/redlib: disable checks 2025-02-05 00:36:13 +00:00
NullBite
b29f0a9479 home: fix package name 
attic -> attic-client
 2025-02-05 00:12:29 +00:00
NullBite
0884e391ac actions: update build-then-cache 2025-02-05 00:08:28 +00:00
NullBite
1e6b656572 Install Attic, configure nix to always use cache 2025-02-05 00:05:05 +00:00
NullBite
d5f75437c2
actions: fiz nix-fast-build command 2025-02-04 19:03:26 -05:00
NullBite
df6449bac7
actions: change nix-fast-build jobs 2025-02-04 13:46:58 -05:00
NullBite
910d7fbef7
actions: use nix-fast-build 2025-02-04 12:27:35 -05:00
NullBite
296a5505a3
actions: use local cleanup script 2025-02-04 12:10:26 -05:00
NullBite
c7358c7224
ci: add build space script 2025-02-04 12:03:51 -05:00
NullBite
3588738b77
add workflow to cache updated flake 2025-02-04 04:51:32 -05:00
NullBite
c2a71885e3
GitHub actions: free disk space 2025-02-04 03:37:54 -05:00
NullBite
6b39b303b5
Add GitHub build action (test) 2025-02-04 00:35:11 -05:00
NullBite
63492d7223
flake.nix: update Lanzaboote 2025-02-03 18:11:55 -05:00
NullBite
82d3cef545
pkgs/redlib: fix hash 2025-02-03 18:04:35 -05:00
NullBite
70afb1719c
Update flake.lock, migrate config 2025-02-03 17:02:45 -05:00
NullBite
d12e25c8fd
rpi4/thelounge: increase max image prefetch size 2025-01-28 21:14:11 +00:00
NullBite
748e76bdac
rpi4: fix key 2025-01-28 02:19:54 +00:00
NullBite
d2dbbe2679
rpi4/thelounge: enable prefetch 2025-01-28 02:15:52 +00:00
NullBite
9cc635aa82
rpi4: update homepage 2025-01-26 17:47:02 +00:00
NullBite
16724406df
rpi4: enable paperless 2025-01-26 01:52:00 -05:00
NullBite
e32de47778
secrets: paperless-admin 2025-01-26 03:40:38 +00:00
NullBite
3c05906690
rpi4: update backup policy 2025-01-25 21:54:12 +00:00
NullBite
7674bb6b16
rpi4: enable TheLounge 2025-01-25 21:52:07 +00:00
NullBite
6b7156a7d1
home: fix package name 2025-01-19 11:59:38 -05:00
NullBite
c4843e57e0
home: add packages 2025-01-19 03:03:14 -05:00
NullBite
07b13e729f
system: enable polkit 2025-01-17 18:25:07 -05:00
NullBite
2e3e89ca90
Update flake.lock, pkgs 2025-01-17 17:55:21 -05:00
NullBite
150a26cc7d
pkgs: add cross-seed 2025-01-15 16:06:50 -05:00
NullBite
99fae72379
rpi4: add sites to homepage 
unsorted, fix later
 2025-01-10 22:08:40 -05:00
NullBite
3e7e6f0d63
secrets: homepage 2025-01-10 22:07:25 -05:00
NullBite
f35e373bbb
rpi4/homepage: update bookmarks 2025-01-10 03:16:45 -05:00
NullBite
26c347c51a
rpi4: update Reddit subscriptions 
i am not your personal tech support
 2025-01-10 03:02:51 -05:00
NullBite
463094a244
rpi4/services: add initial homepage config 2025-01-10 03:01:55 -05:00
NullBite
b0c619f9c1
rpi4: enable homepage 2025-01-09 15:05:23 -05:00
NullBite
8e1074bfc0
home/base: add some common packages 2025-01-09 02:20:05 -05:00
NullBite
8c15a71cec
home: move shell config to separate file 2025-01-09 01:59:51 -05:00
NullBite
45b2e7ff0f
home: add shell alias to show frequent comma runs 2025-01-09 01:20:05 -05:00
NullBite
2a20c799a5
Update flake.lock 2025-01-08 21:21:29 -05:00
NullBite
d9a6b64d28
system/pc: re-enable QEMU binfmt 
it seems like the relevant issues have been fixed:
- https://github.com/NixOS/nixpkgs/issues/221056 (compilation time)
- https://github.com/NixOS/nixpkgs/issues/160300 (chroot not working)
 2025-01-08 16:55:20 -05:00
NullBite
0737c1461b
system/pc: enable sysrq 2025-01-08 15:34:01 -05:00
NullBite
8b42cfe092
rpi4: set the path properly 
i am going insane

in all fairness this fuckup isn't my fault the documentation literally
used setting PATH as an example:

8cb0cd700b/nixos/lib/systemd-unit-options.nix (L333)
 2025-01-04 01:31:39 -05:00
NullBite
cdd99c9b5e
rpi4: what is wrong with me 
will this be the last fix for a stupid typo? we will never know.
 2025-01-04 01:24:31 -05:00
NullBite
b5206da39a
rpi4: uhh fix thing 
i am going to pretend that didn't happen
 2025-01-04 01:22:19 -05:00
NullBite
d9dad28acf
rpi4: don't set PATH using shell exports 
what the actual fuck was i cooking
 2025-01-04 01:16:41 -05:00
NullBite
8187c8a77f
nullbox: fix for agenix + impermanence 2025-01-04 00:16:06 -05:00
NullBite
74a9151823
rpi4: add media sync systemd timer 2025-01-03 23:33:19 -05:00
NullBite
2dccb28120
system: refactor syncthing config 2025-01-03 17:32:36 -05:00
NullBite
67efa28a24
home: Neovim improvements 
- Move Neovim to separate module
- Install a few langauge servers
 2024-12-24 21:06:11 -05:00
NullBite
ef290477fc
Update flake.lock 2024-12-23 12:12:30 -05:00
NullBite
cb90053ef8
rpi4: update redlib subscriptions 2024-12-22 21:10:45 +00:00
NullBite
99016d3adb
home/shell: add some shell aliases 2024-12-22 00:40:34 -05:00
NullBite
765fcb3a6c
slab: move config to explicit config block 2024-12-21 18:16:36 -05:00
NullBite
6540ad1b94
Update flake.lock 2024-12-21 14:30:52 -05:00
144 changed files with 5753 additions and 2837 deletions
.github/workflows
build-then-cache.yamlproactive-update.yaml
README.md
ci
run_builds.shutil_free_space_extreme.sh
default.nixflake.lockflake.nix
flake
TODO.mddefault.nixhome.nixmeta.nixoverlays.nixpackages.nixsystem.nix
home
common
default.nixnix.nixnodm.nixshell.nixtheme.nix
wm
default.nixkeybinds.nix
default.nix
package-sets
communication.nixdefault.nixdev.nixgaming.nixmultimedia.nixproductivity.nix
profile
base.nixdefault.nixpc.nix
programs
comma.nixdefault.nixdunst.nixhypridle.nixmopidy.nixneovim.nix
root.nix
sessions
default.nix
hyprland
default.nix
dispatcher
default.nix
plasma.nix
standalone.nixstylix.nix
hosts
nixos-wsl
configuration.nixhome.nix
nullbox
backup.nixconfiguration.nixhardware-configuration.nixhome.niximpermanence.nixluks.nixmcserver.nixunbound.nix
rpi4
authelia.nixbackup.nixconfiguration.nixgitea.nixhardware-configuration.nixhome.nixmedia-sync.nixreddit-subscriptions.txtservices.nix
slab
configuration.nixhardware-configuration.nixhome.nixnvidia-optimus.nixsupergfxd.nix
lib/nixfiles
default.nixflake-legacy.nixminecraft.nixmodule.nixtypes.nix
modules
home-manager
default.nix
nixos
default.nix
overlays
backports.nixdefault.nixmitigations.nixmodpacks.nix
pkgs
apps.nix
atool-wrapped
default.nix
cofi
shell.nix
cross-seed
default.nix
default.nix
google-fonts
default.nix
legacy-module.nix
lucem
default.nixlock.jsonlucem-disable-auto-updater.patchnim_lk-rev-order-fix.patchupdate.nix
module.nix
mopidy
autoplay.nixdefault.nix
nixfiles-assets
default.nix
redlib
default.nix
wm-helpers
default.nix
secrets
homepage.agepaperless-admin.age
Show More

63
.github/workflows/build-then-cache.yaml vendored Normal file

@ -0,0 +1,63 @@
name: Build and upload to Attic cache
on:
push:
branches:
- "main"
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
# TODO: figure out how to use flake checks and use those to build it
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86-64_packages:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- run: 'nix develop .#ci --command bash ci/run_builds.sh packages'
build_x86-64:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
# TODO: figure out how to use flake checks and use those to build it
- run: 'nix develop .#ci --command bash ci/run_builds.sh config'

49
.github/workflows/proactive-update.yaml vendored Normal file

@ -0,0 +1,49 @@
name: Proactively build and cache flake
on:
schedule:
- cron: "0 */6 * * *"
push:
branches:
- "force-build"
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
- run: 'nix flake update'
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
- run: 'nix flake update'
- run: 'nix develop .#ci --command bash ci/run_builds.sh'

28
README.md

@ -1,8 +1,16 @@
# NullBite's NixOS Config
This is my personal NixOS config. Right now, it's just a <del>basic</del>
extremely overengineered flake which imports a (mostly) normal stock NixOS configuration.
Preface: the current structure of this flake scares me a bit. I have added
[flake-parts](https://github.com/hercules-ci/flake-parts) to this repository
and I plan to modularize it in the same way I refactored my actual NixOS and
Home Manager configurations. This repository used to be *a lot worse* because
it was my very first Nix project, but I have learned a lot about both Nix and
programming in general in this span of time.
Now that I have used NixOS for a month, I have learned a fair bit and have made
## Overview
This is my personal NixOS config. Right now, it's just a <del>basic</del>
extremely ~~overengineered~~ messy flake which imports a (mostly) normal stock NixOS configuration.
Now that I have used NixOS for a ~~month~~ year, I have learned a fair bit and have made
some organizational changes. <del>Currently, the repository is organized as
such</del> (I am in the process of migrating my config to this format, some
stuff may not match yet):
@ -63,13 +71,13 @@ stuff may not match yet):
## TODO
- Reorganize repo to use a more "standard" module layout.
- [github:Misterio77/nix-config](https://github.com/Misterio77/nix-config) might be a good reference for a better module layout.
- Select entire desktop configuration via a single option and make bootable with specialisation.
- Give each desktop a modularized configuration that can be enabled with an option.
- figure out nixpkgs.lib.options.mkOption and add a string option that picks a desktop to use.
- ~~Reorganize repo to use a more "standard" module layout.~~
- ~~[github:Misterio77/nix-config](https://github.com/Misterio77/nix-config) might be a good reference for a better module layout.~~
- ~~Select entire desktop configuration via a single option and make bootable with specialisation.~~
- ~~Give each desktop a modularized configuration that can be enabled with an option.~~
- ~~figure out nixpkgs.lib.options.mkOption and add a string option that picks a desktop to use.~~
- add Plasma, Hyprland, and maybe GNOME if I'm feeling silly (I'd probably never actually use it).
- make more things configurable as options once I figure out the above, it's probably cleaner than importing modules.
- ~~make more things configurable as options once I figure out the above, it's probably cleaner than importing modules.~~
- Reorganize README bullets into headings
- make system ephemeral/stateless
- The following command is able to successfully show any accumulated state on my system: <pre><code>sudo find / -xdev \( -path /home -o -path /nix -o -path /boot \) -prune -o \( -name flatpak -o -name boot.bak -o -path /var/log -o -name .cache \) \( -prune -print \) -o \( -type f \) -print</code></pre>
@ -85,4 +93,4 @@ stuff may not match yet):
- coredumps
- /root user and /home
- /etc/machine-id
- configure /etc/supergfxd.conf with a oneshot systemd unit on boot bsaed on selected specialisation (should still be modifiable with supergfxctl but should be ephemeral)
- ~~configure /etc/supergfxd.conf with a oneshot systemd unit on boot bsaed on selected specialisation (should still be modifiable with supergfxctl but should be ephemeral)~~

82
ci/run_builds.sh Executable file

@ -0,0 +1,82 @@
#!/usr/bin/env bash
# shellcheck disable=SC2317
# ^ SC2317 (Command appears to be unreachable.)
set -Exo pipefail
err=0
set_error () {
err=1
pkill -s 0 -9 nix-eval-jobs || true
}
trap set_error ERR
system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
run_builds () {
for i in "$@" ; do
nix-fast-build --eval-workers 1 --no-nom --skip-cache --attic-cache main -f "$i"
pkill -s 0 -9 nix-eval-jobs || true
done
}
_build_systems () {
case "$system" in
# TODO this is messy and hard-coded, make an attribute set for
# each system containing the specializations as well as the nospec ver
x86_64-linux) run_builds \
.\#nixosConfigurations.nullbox.config.specialisation.hyprland.configuration.system.build.toplevel \
.\#nospec.nullbox.config.system.build.toplevel \
.\#nixosConfigurations.slab.config.specialisation.{hyprland,nvidia}.configuration.system.build.toplevel \
.\#nospec.slab.config.system.build.toplevel \
.\#nixosConfigurations.nixos-wsl.config.system.build.toplevel \
;;
aarch64-linux) run_builds \
.\#nixosConfigurations.rpi4.config.system.build.toplevel \
;;
esac
}
build_systems () {
# system should be set in `nix develop` but just in case
local system
system="${system:-$(nix eval --impure --raw --expr 'builtins.currentSystem')}"
#nix eval --json .#legacyPackages."${system}".specialisedNixosConfigurations --apply 'builtins.attrNames' \
# | jq -c '.[]' \
# | while read -r line ; do
# local build
# build="$(printf '%s' "$line" | jq -r)"
# run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations.${build}"
# done
run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations"
}
build_packages () {
run_builds .\#packages."${system}".redlib
}
if [[ "$#" -ne 0 ]] ; then
until [[ "$#" -le 0 ]]; do
case "$1" in
pkgs|packages) DO_PACKAGES=1;;
config) DO_CONFIG=1;;
esac
shift
done
else
DO_PACKAGES=1
DO_CONFIG=1
fi
if [[ -n "${DO_CONFIG:+x}" ]] ; then build_systems; fi
if [[ -n "${DO_PACKAGES:+x}" ]] ; then build_packages; fi
exit $err

118
ci/util_free_space_extreme.sh Normal file

@ -0,0 +1,118 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -eux
df -h
echo "::group::/usr/local/*"
du -hsc /usr/local/*
echo "::endgroup::"
# ~1GB
sudo rm -rf \
/usr/local/aws-sam-cil \
/usr/local/julia* || :
echo "::group::/usr/local/bin/*"
du -hsc /usr/local/bin/*
echo "::endgroup::"
# ~1GB (From 1.2GB to 214MB)
sudo rm -rf \
/usr/local/bin/aliyun \
/usr/local/bin/azcopy \
/usr/local/bin/bicep \
/usr/local/bin/cmake-gui \
/usr/local/bin/cpack \
/usr/local/bin/helm \
/usr/local/bin/hub \
/usr/local/bin/kubectl \
/usr/local/bin/minikube \
/usr/local/bin/node \
/usr/local/bin/packer \
/usr/local/bin/pulumi* \
/usr/local/bin/sam \
/usr/local/bin/stack \
/usr/local/bin/terraform || :
# 142M
sudo rm -rf /usr/local/bin/oc || : \
echo "::group::/usr/local/share/*"
du -hsc /usr/local/share/*
echo "::endgroup::"
# 506MB
sudo rm -rf /usr/local/share/chromium || :
# 1.3GB
sudo rm -rf /usr/local/share/powershell || :
echo "::group::/usr/local/lib/*"
du -hsc /usr/local/lib/*
echo "::endgroup::"
# 15GB
sudo rm -rf /usr/local/lib/android || :
# 341MB
sudo rm -rf /usr/local/lib/heroku || :
# 1.2GB
sudo rm -rf /usr/local/lib/node_modules || :
echo "::group::/opt/*"
du -hsc /opt/*
echo "::endgroup::"
# 679MB
sudo rm -rf /opt/az || :
echo "::group::/opt/microsoft/*"
du -hsc /opt/microsoft/*
echo "::endgroup::"
# 197MB
sudo rm -rf /opt/microsoft/powershell || :
echo "::group::/opt/hostedtoolcache/*"
du -hsc /opt/hostedtoolcache/*
echo "::endgroup::"
# 5.3GB
sudo rm -rf /opt/hostedtoolcache/CodeQL || :
# 1.4GB
sudo rm -rf /opt/hostedtoolcache/go || :
# 489MB
sudo rm -rf /opt/hostedtoolcache/PyPy || :
# 376MB
sudo rm -rf /opt/hostedtoolcache/node || :
# Remove Web browser packages
# sudo apt purge -y \
# firefox \
# google-chrome-stable \
# microsoft-edge-stable
#
# this works better on arm
for i in firefox \
google-chrome-stable \
microsoft-edge-stable ; do
sudo apt purge -y "$i" || :
done
## extras
sudo rm -rf /home/runner/.rustup \
/home/runner/.cargo \
/home/linuxbrew \
/usr/lib/google-cloud-sdk \
/usr/lib/jvm \
/usr/lib/mono \
/usr/lib/heroku \
/usr/share/swift \
/usr/share/dotnet \
/opt/microsoft/msedge \
/opt/google/chrome \
/usr/lib/firefox \
/usr/local/.ghcup
df -h

15
default.nix Normal file

@ -0,0 +1,15 @@
(
import
(
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.flake-compat;
in
fetchTarball {
url = lock.nodes.${nodeName}.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
sha256 = lock.nodes.${nodeName}.locked.narHash;
}
)
{src = ./.;}
)
.defaultNix

765
flake.lock generated

File diff suppressed because it is too large Load Diff

673
flake.nix

@ -1,16 +1,32 @@
# vim: set foldmethod=marker:
{
description = "NixOS Configuration";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
# ^^^^^^^^^^^^^ this part is optional
# {{{
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
# ^^^^^^^^^^^^^ this part is optional
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-nix-du.url = "github:NixOS/nixpkgs/c933cf4698e5189b35dd83bf4d7a81aef16d464a";
nixpkgs-mopidy.url = "github:NixOS/nixpkgs/93ff48c9be84a76319dac293733df09bbbe3f25c";
# this seems to be a popular way to declare systems
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# this is nice so one-off impure scripts can interact with attributes in
# this flake
flake-compat = {
url = "github:edolstra/flake-compat";
};
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -44,7 +60,7 @@
# https://github.com/nix-community/lanzaboote/releases
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -69,6 +85,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
zen-browser = {
url = "github:youwen5/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
@ -100,378 +121,324 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.systems.follows = "systems";
};
};
}; # }}}
outputs = { self, nixpkgs, nixpkgs-unstable, ... }@inputs:
let
inherit (self) outputs;
# inputs is already defined
lib = nixpkgs.lib;
systems = [ "x86_64-linux" "aarch64-linux" ];
overlays = let
nix-minecraft-patched-overlay = let
normal = inputs.nix-minecraft-upstream.overlays.default;
quilt = inputs.nix-minecraft.overlays.default;
in lib.composeExtensions
normal
(final: prev: let
x=quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
in [
(final: prev: let
packages = import ./pkgs { inherit (prev) pkgs; };
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
})
# various temporary fixes that automatically revert
self.overlays.mitigations
# auto backports from nixpkgs unstable
self.overlays.backports
# modpacks (keeps modpack version in sync between hosts so i can reverse
# proxy create track map because it's broken)
self.overlays.modpacks
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
# inputs.hypridle.overlays.default
(final: prev: { inherit (inputs.hypridle.packages.${prev.system}) hypridle; })
];
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "Europe/Amsterdam";
# Variables to be passed to NixOS modules in the vars attrset
vars = {
inherit username mobileTimeZone self;
};
# funciton to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# This function produces a module that adds the home-manager module to the
# system and configures the given module to the user's Home Manager
# configuration
homeManagerInit = let _username=username; _nixpkgs=nixpkgs;
in { system,
nixpkgs ? _nixpkgs, # this is so modules can know which flake the system is using
home-manager ? inputs.home-manager,
username ? _username,
module ? _ : {},
rootModule ? (import ./home/root.nix),
userModules ? { ${username} = [ module ] ; root = [ rootModule ]; },
stateVersion }:
{ config, lib, pkgs, ... }:
let
mapUserModules = lib.attrsets.mapAttrs (user: modules: {...}:
{
imports = [
./home
] ++ modules;
config = {
home = { inherit stateVersion; };
};
});
users = mapUserModules userModules;
in
outputs = {
self,
flake-parts,
...
} @ inputs:
flake-parts.lib.mkFlake {inherit inputs;} (
{
inputs,
self,
config,
lib,
nixfiles-lib,
...
} @ flakeArgs: {
# flake-parts imports
imports = [
home-manager.nixosModules.home-manager
./flake
./lib/nixfiles/module.nix
./pkgs/module.nix
./overlays
inputs.treefmt-nix.flakeModule
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "hm.bak";
inherit users;
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
};
config = {
# flake-parts systems (still uses nix-systems)
systems = import inputs.systems;
# TODO rewrite this so it follows the same wrapper pattern as mkHome
# This function produces a nixosSystem which imports configuration.nix and
# a Home Manager home.nix for the given user from ./hosts/${hostname}/
mkSystemN = let
_username = username;
_overlays = overlays;
in { nixpkgs ? inputs.nixpkgs,
home-manager ? inputs.home-manager,
username ? _username,
entrypoint ? ./system,
modules ? [ ],
stateVersion ? null,
config ? { },
overlays ? _overlays,
system,
... }@args: let
_modules = [ entrypoint config ] ++ modules ++ [{
nixpkgs.config = {
inherit overlays;
allowUnfree = true;
};
}] ++ lib.optional (args ? stateVersion) { config.system.stateVersion = stateVersion; };
in nixpkgs.lib.nixosSystem {
};
mkSystem = let _username=username; _overlays=overlays; _nixpkgs=nixpkgs;
in { system,
nixpkgs ? _nixpkgs,
home-manager ? inputs.home-manager,
overlays ? _overlays,
hostname,
username ? _username,
stateVersion,
extraModules ? [] }:
# expose vars to nix repl
debug = lib.mkDefault true;
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./system
({pkgs, config, lib, ...}@args:
{
# Values for every single system that would not conceivably need
# to be made modular
system.stateVersion = stateVersion;
nixpkgs = {
inherit overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
perSystem = {
config,
system,
pkgs,
self',
...
}: {
treefmt = {
programs = {
alejandra.enable = true;
};
nix.settings.experimental-features = ["nix-command" "flakes" ];
})
./hosts/${hostname}/configuration.nix
(homeManagerInit {
inherit nixpkgs home-manager;
module = import ./hosts/${hostname}/home.nix;
inherit username system stateVersion;
})
] ++ extraModules;
specialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
mkWSLSystem = let _username=username; in
{username ? _username, extraModules ? [], ...}@args: let
WSLModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = username;
};
override = {extraModules = extraModules ++ [WSLModule];};
in
mkSystem (args // override);
mkISOSystem = system: inputs.nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
"${inputs.nixpkgs-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
({ config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
neovim
gparted
];
})
];
};
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
# Make a home-manager standalone configuration. This implementation is
# better than mkSystem because it extends homeManagerConfiguration.
mkHome = let
_home-manager = inputs.home-manager;
_nixpkgs = inputs.nixpkgs;
_username = username;
in { home-manager ? _home-manager,
nixpkgs ? _nixpkgs,
username ? _username,
homeDirectory ? "/home/${username}",
entrypoint ? ./home/standalone.nix,
modules ? [ ],
stateVersion ? null,
config ? { },
system,
... }@args: let
_modules = [ entrypoint ] ++ modules ++ [ config ] ++ [
{
config = {
home = {
inherit username homeDirectory;
};
nixpkgs.config = {
allowUnfree = true;
legacyPackages.specialisedNixosConfigurations = let
attrs = lib.pipe self.nixosConfigurations [
(lib.filterAttrs (n: v: !(builtins.elem n ["iso" "rpi4-x86_64"])))
(lib.filterAttrs (n: v: v.pkgs.system or "" == system))
(lib.mapAttrs' (configName: v: let
nospec =
(v.extendModules {
modules = [
({lib, ...}: {
config.specialisation = lib.mkForce {};
})
];
})
.config;
configs =
(
lib.mapAttrs'
(n: v: lib.nameValuePair "specialisation-${n}" v.configuration)
v.config.specialisation
)
// {inherit nospec;};
in
lib.nameValuePair configName configs))
(
lib.concatMapAttrs (
configName: v:
(
lib.mapAttrs' (
specName: v: lib.nameValuePair "${configName}--${specName}" v
)
)
v
)
)
(lib.mapAttrs (_: v: v.system.build.toplevel))
];
in
attrs;
devShells = {
ci = pkgs.mkShell {
buildInputs = with pkgs; [
jq
nix-update
nix-fast-build
];
};
default = let
formatter =
pkgs.runCommandNoCC "flake-formatter" {
formatter = lib.getExe self'.formatter;
} ''
mkdir -p $out/bin
ln -s "$formatter" "$out/bin/formatter"
'';
in
pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nix-update
formatter
inputs.agenix.packages.${system}.default
];
};
};
};
}
] ++ lib.optional (args ? stateVersion) { config.home.stateVersion = stateVersion; };
in home-manager.lib.homeManagerConfiguration ({
modules = _modules;
pkgs = import nixpkgs {inherit system overlays; };
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
nixfiles = {
vars = {
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "America/New_York";
};
# this is needed because modules don't use the default arg for some reason???
osConfig = {};
};
} // builtins.removeAttrs args
[ "system" "nixpkgs" "home-manager" "modules" "username" "homeDirectory" "stateVersion" "entrypoint" "config" ]);
common.overlays = let
nix-minecraft-patched-overlay = let
normal = inputs.nix-minecraft-upstream.overlays.default;
quilt = inputs.nix-minecraft.overlays.default;
in
lib.composeExtensions
normal
(final: prev: let
x = quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
in {
# for repl debugging via :lf .
inherit inputs vars;
packagesOverlay = final: prev: let
packages = import ./pkgs {inherit (prev) pkgs;};
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
};
devShells = eachSystem (system: let
pkgs = import nixpkgs-unstable { inherit system; };
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [
nix-update
inputs.agenix.packages.${system}.default
];
};
});
zen-browser-overlay = final: prev: let
inherit (final) system callPackage;
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (system: let pkgs = import nixpkgs-unstable { inherit system; };
in (
import ./pkgs { inherit pkgs; }) // {
iso = let
isoSystem = mkISOSystem system;
in isoSystem.config.system.build.isoImage;
}
);
apps = eachSystem (system: import ./pkgs/apps.nix
{ inherit (self.outputs) packages; inherit system; });
input = inputs.zen-browser;
packages = input.packages.${system};
sources = builtins.fromJSON (builtins.readFile (input + "/sources.json"));
overlays = import ./overlays self;
warnExists = name: value: let
pass =
if prev ? ${name}
then builtins.warn "zen-browser-overlay: Package `${name}` already exists. This overlay is no longer needed and should be removed." value
else value;
in
pass;
in {
zen-browser-bin = callPackage packages.zen-browser.override {};
zen-browser-unwrapped = warnExists "zen-browser-unwrapped" (callPackage packages.zen-browser-unwrapped.override {
inherit (sources.${system}) hash url;
inherit (sources) version;
});
};
in [
# TODO delete this, transfer all packages to new-packages overlay
packagesOverlay
self.overlays.new-packages
# various temporary fixes that automatically revert
self.overlays.mitigations
nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
slab = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
hostname = "slab";
stateVersion = "23.11";
};
# auto backports from nixpkgs unstable
self.overlays.backports
nullbox = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
hostname = "nullbox";
stateVersion = "23.11";
};
# modpacks (keeps modpack version in sync between hosts so i can reverse
# proxy create track map because it's broken)
self.overlays.modpacks
nixos-wsl = mkWSLSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
stateVersion = "23.11";
hostname = "nixos-wsl";
};
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
zen-browser-overlay
];
# for eval testing
rpi4-x86_64 = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
stateVersion = "24.11";
hostname = "rpi4";
extraModules = [{
nixpkgs.hostPlatform = "x86_64-linux";
}];
};
systems = {
slab.system = "x86_64-linux";
nullbox.system = "x86_64-linux";
rpi4.system = "aarch64-linux";
rpi4 = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "aarch64-linux";
stateVersion = "24.11";
hostname = "rpi4";
};
}; # end nixosConfigurations
nixos-wsl = {
system = "x86_64-linux";
wsl = true;
};
homeConfigurations = {
# minimal root config
"root@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
username = "root";
homeDirectory = "/root";
config = { pkgs, ...}: {
programs.bash.enable = true;
# update nix system-wide since it's installed via root profile
home.packages = with pkgs; [ btdu nix ];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nullbite@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
config = { pkgs, ...} : {
programs = {
zsh.enable = false;
keychain.enable = false;
# for eval testing
rpi4-x86_64 = {
system = "x86_64-linux";
name = "rpi4";
modules = [
{
nixpkgs.hostPlatform = "x86_64-linux";
}
];
};
}; # end systems
};
flake = let
# {{{
inherit (nixfiles-lib.flake-legacy) mkSystem mkWSLSystem mkISOSystem mkHome;
inherit (inputs) nixpkgs nixpkgs-unstable;
inherit (self) outputs;
inherit (config.nixfiles.vars) username mobileTimeZone;
# inputs is already defined
lib = nixpkgs.lib;
# function to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
# }}}
in {
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (
system: {
iso = let
isoSystem = mkISOSystem system;
in
isoSystem.config.system.build.isoImage;
}
);
apps = eachSystem (system:
import ./pkgs/apps.nix
{
inherit (self.outputs) packages;
inherit system;
});
nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
}; # end nixosConfigurations
nospec = lib.mapAttrs (n: v:
v.extendModules {
modules = [
(
{lib, ...}: {specialisation = lib.mkForce {};}
)
];
})
config.flake.nixosConfigurations;
homeConfigurations = {
# minimal root config
"root@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
username = "root";
homeDirectory = "/root";
config = {pkgs, ...}: {
programs.bash.enable = true;
# update nix system-wide since it's installed via root profile
home.packages = with pkgs; [btdu nix];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nullbite@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
config = {pkgs, ...}: {
programs = {
zsh.enable = false;
keychain.enable = false;
};
home.packages = with pkgs; [btdu];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"deck" = mkHome {
system = "x86_64-linux";
stateVersion = "23.11";
username = "deck";
modules = [./users/deck/home.nix];
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"testuser" = mkHome {
username = "testuser";
system = "x86_64-linux";
modules = [./users/testuser/home.nix];
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nix-on-droid" = mkHome {
username = "nix-on-droid";
homeDirectory = "/data/data/com.termux.nix/files/home";
modules = [./users/nix-on-droid/home.nix];
system = "aarch64-linux";
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
};
};
home.packages = with pkgs; [ btdu ];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"deck" = mkHome {
system = "x86_64-linux";
stateVersion = "23.11";
username = "deck";
modules = [ ./users/deck/home.nix ];
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"testuser" = mkHome {
username = "testuser";
system = "x86_64-linux";
modules = [ ./users/testuser/home.nix ];
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nix-on-droid" = mkHome {
username = "nix-on-droid";
homeDirectory = "/data/data/com.termux.nix/files/home";
modules = [ ./users/nix-on-droid/home.nix ];
system = "aarch64-linux";
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
};
}; # end outputs
} # end flake
}
); # end outputs
}
# end flake

31
flake/TODO.md Normal file

@ -0,0 +1,31 @@
# flake-parts TODO
- Move logic for generating system/home configs to module (most important,
reason i wanted to use flake-parts)
- Move common default args from the awful wrapper function to dedicated options:
- default module imports
- "common" module
- currently defines stateVersion, nixpkgs.config.allowUnfree, a few others
- make default module path configurable, but still default to
`./hosts/${hostname}/configuration.nix`
- make "entrypoint" (`./system`, `./home/standalone.nix`, etc) configurable
- make nixfiles home manager initialization a configurable option
- specialArgs (i want to deprecate this but one thing at a time)
- define system "types" and generate all of them internally using lazy
eval. export a specific one to the flake outputs.
- generate as something like `nixfiles.hosts.<name>.outputs`
- `flake.nixosConfigurations.<name>` is set from `nixfiles.hosts.<name>.output`
- default chosen by option like `nixfiles.hosts.<name>.type`
- types:
- normal
- WSL
- ISO image
- define deploy-rs outputs in same section as hosts
- make common, central interface for configuring overlays to be consumed by
various parts of flake, move hard-coded overlays out of common module
- literally just a list, maybe process it using lib.composeManyExtensions
- some top-level config is okay (e.g., defining hosts using nixfiles options).
hide away all of the internal logic into imported modules.
- move random functions into nixfiles lib
- move top-level universal configs (username, mobileTimeZone) into option
(honestly, this alone makes flake-parts worth it)

9
flake/default.nix Normal file

@ -0,0 +1,9 @@
{...}: {
imports = [
./packages.nix
./home.nix
./system.nix
./meta.nix
./overlays.nix
];
}

1
flake/home.nix Normal file

@ -0,0 +1 @@
{...}: {}

11
flake/meta.nix Normal file

@ -0,0 +1,11 @@
{
config,
lib,
...
}: {
options.nixfiles.vars = lib.mkOption {
description = "Global variables";
type = lib.types.attrs;
default = {};
};
}

19
flake/overlays.nix Normal file

@ -0,0 +1,19 @@
{
config,
lib,
inputs,
...
}: let
overlayType = lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
};
in {
options.nixfiles.common.overlays = lib.mkOption {
description = "List of overlays shared between various parts of the flake.";
type = lib.types.listOf overlayType;
default = [];
};
}

2
flake/packages.nix Normal file

@ -0,0 +1,2 @@
{...}: {
}

258
flake/system.nix Normal file

@ -0,0 +1,258 @@
{
config,
options,
lib,
nixfiles-lib,
inputs,
self,
...
}: let
cfg = config.nixfiles.systems;
inherit
(lib)
types
mkOption
mkIf
filterAttrs
mapAttrs
;
inherit (builtins) attrNames isNull;
inherit (nixfiles-lib.flake-legacy) mkSystem mkHome mkWSLSystem mkISOSystem homeManagerInit;
inherit (nixfiles-lib.types) mkCheckedType;
mkConfigurationOption = systemType:
mkOption {
description = "${systemType} configuration type";
type = with types; nullOr mkCheckedType "configuration";
default = null;
};
in {
options.nixfiles.systems = let
systemModule = let
outerConfig = config;
outerOptions = options;
in
{
name,
config,
...
}: {
options = {
enable =
lib.mkEnableOption ""
// {
description = ''
Whether to install this configuration into the flake outputs.
'';
default = true;
};
nixpkgs = mkOption {
description = "nixpkgs input to build system with";
type = nixfiles-lib.types.flake;
default = inputs.nixpkgs-unstable;
};
extraConfig = mkOption {
description = ''
Arguments to pass to nixpkgs.lib.nixosSystem
'';
type = types.attrs;
default = {};
};
system = mkOption {
description = "Nix system value";
type = types.str;
example = "x86_64-linux";
};
modules = mkOption {
description = "Extra NixOS configuration modules.";
type = with types; listOf deferredModule;
default = [];
};
name = mkOption {
description = ''
Name of NixOS configuration. This influences the default
directory to load configuration from. This does *not* modify the
system's hostname, but should probably be set to the same value.
'';
type = lib.types.str;
default = name;
};
configRoot = mkOption {
description = "Path to directory containing system and home configuration modules.";
type = lib.types.path;
default = self + "/hosts/${config.name}";
};
configuration = mkOption {
description = "Path/module of main NixOS configuration.";
type = with types; nullOr deferredModule;
default = config.configRoot + "/configuration.nix";
};
home-manager = {
enable =
lib.mkEnableOption ""
// {
description = ''
Whether to enable home-manager for this configuration.
'';
default = true;
};
input = mkOption {
description = "home-manager input";
type = nixfiles-lib.types.flake;
default = inputs.home-manager-unstable;
};
configuration = mkOption {
description = "Path/module of main home-manager configuration.";
type = with types; nullOr deferredModule;
default = config.configRoot + "/home.nix";
};
modules = mkOption {
description = "Extra home-manager modules";
type = with types; listOf deferredModule;
};
};
wsl =
lib.mkEnableOption ""
// {
description = ''
Whether to import WSL related configuration
'';
};
result = lib.mkOption {
description = "Resulting system configuration";
type = with types; nullOr (mkCheckedType "configuration");
};
};
config = {
home-manager.input = lib.mkIf (config.nixpkgs == inputs.nixpkgs) (lib.mkDefault inputs.home-manager);
modules = let
nixfilesModule = self + "/system";
defaultsModule = {...}: {
# Values for every single system that would not conceivably need
# to be made modular
# this should be set in the system config
# system.stateVersion = stateVersion;
nixpkgs = {
inherit (outerConfig.nixfiles.common) overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
# this should be on by default and there is no reason to turn it
# off because this flake will literally stop working otheriwse
nix.settings.experimental-features = ["nix-command" "flakes"];
};
wslModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = outerConfig.nixfiles.vars.username;
};
homeManagerModule = let
homeManagerModuleInner = homeManagerInit {
inherit (config) nixpkgs system;
inherit (outerConfig.nixfiles.vars) username;
home-manager = config.home-manager.input;
module =
if (isNull config.home-manager.configuration)
then {}
else config.home-manager.configuration;
};
in
{
config,
pkgs,
lib,
...
}: let
perUserDefaultsModule = {lib, ...}: {
config = {
# previously, home-manager inherited stateVersion from
# nixos in a really hacky way that depended on the wrapper
# function. this should preserve that behavior in a much
# safer way by directly setting it in a module. ideally, it
# should probably be set manually, but I want to maintain
# backwards compatibility for now.
home.stateVersion = lib.mkDefault config.system.stateVersion;
# pass the system nixpkgs config as defaults for the
# home-manager nixpkgs config. useGlobalPkgs prevents
# setting overlays at the home level; this allows for doing
# that while inheriting the system overlays.
nixpkgs = {
config = lib.mapAttrs (n: v: lib.mkDefault v) config.nixpkgs.config;
# mkOrder 900 is after mkBefore but before default order
overlays = lib.mkOrder 900 config.nixpkgs.overlays;
};
};
};
in {
imports = [
# TODO placeholder using old function
homeManagerModuleInner
];
options.home-manager.users = lib.mkOption {
type = with lib.types; attrsOf (submodule perUserDefaultsModule);
};
};
in
[
nixfilesModule
defaultsModule
]
++ lib.optional (!(isNull config.configuration)) config.configuration
++ lib.optional config.home-manager.enable homeManagerModule
++ lib.optional config.wsl wslModule;
extraConfig = {
inherit (config) system modules;
# TODO get rid of specialArgs and pass things as a module
specialArgs = let
inherit (self) outputs;
in {
inherit inputs outputs;
inherit (outerConfig.nixfiles) vars;
inherit (config) nixpkgs;
inherit (config.home-manager) input;
};
};
result = config.nixpkgs.lib.nixosSystem config.extraConfig;
};
};
in
lib.mkOption {
description = ''
NixOS system configurations
'';
type = with types; attrsOf (submodule systemModule);
default = {};
};
config = {
flake.nixosConfigurations = let
enabledSystems = filterAttrs (n: v: v.enable) cfg;
in
mapAttrs (_: v: v.result) enabledSystems;
};
}

4
home/common/default.nix

@ -1,9 +1,9 @@
{...}:
{
{...}: {
imports = [
./wm
./nodm.nix
./nix.nix
./theme.nix
./shell.nix
];
}

11
home/common/nix.nix

@ -1,5 +1,12 @@
{ pkgs, lib, config, osConfig ? { }, options, nixpkgs, ... }:
let
{
pkgs,
lib,
config,
osConfig ? {},
options,
nixpkgs,
...
}: let
cfg = config.nixfiles.common.nix;
standalone = !(osConfig ? home-manager);
in {

43
home/common/nodm.nix

@ -1,28 +1,35 @@
{ lib, pkgs, config, osConfig ? {}, options, ... }:
let
cfg = config.nixfiles.common.nodm;
in
{
lib,
pkgs,
config,
osConfig ? {},
options,
...
}: let
cfg = config.nixfiles.common.nodm;
in {
config = let
hyprland="${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty="${pkgs.coreutils}/bin/tty";
initCommands =
''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
hyprland = "${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty = "${pkgs.coreutils}/bin/tty";
initCommands = ''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in
lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
options.nixfiles.common.nodm = {
enable = lib.mkOption {
type = lib.types.bool;
description = "Whether to automatically start a desktop session on TTY1, behaving like a rudimentary display manager.";
default = osConfig ? systemd
default =
osConfig
? systemd
&& config.nixfiles.meta.graphical
&& (!(
(osConfig.systemd.services.display-manager.enable or false)

70
home/common/shell.nix Normal file

@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf mkDefault;
cfg = config.nixfiles.common.shell;
common_functions = shell: ''
__nixfiles_alias_comma_frequent_commands () {
history | sed 's:^ \+[0-9]\+ \+::' | grep '^,' | cut -d' ' -f2- | sed 's:^\(-[^ ]\+ \?\)\+::g' | grep . | cut -d' ' -f1 | sort | uniq -c | sort -g
}
'';
in {
options.nixfiles.common.shell = {
enable =
lib.mkEnableOption ""
// {
description = "Whether to enable the nixfiles shell configuration.";
};
};
config = mkIf cfg.enable {
home.shellAliases = {
v = "nvim";
icat = "kitten icat";
srun = "systemd-run";
urun = "systemd-run --user";
# this lets me find commands that i run with comma very frequently so i
# can install them
comma-frequent = "__nixfiles_alias_comma_frequent_commands";
};
programs.fzf.enable = mkDefault true;
programs.fzf.enableZshIntegration = mkDefault true;
programs.fzf.enableBashIntegration = mkDefault true;
programs.bash = {
enable = mkDefault true;
# declare functions at start of bashrc
bashrcExtra = common_functions "bash";
initExtra = ''
export HOME_MANAGER_MANAGED=true;
[[ -e ~/dotfiles/shell/.bashrc ]] && . ~/dotfiles/shell/.bashrc ]]
unset HOME_MANAGERR_MANAGED
'';
};
programs.zsh = {
enable = mkDefault true;
initExtra =
''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
''
+ common_functions "zsh";
oh-my-zsh = {
enable = mkDefault true;
theme = "robbyrussell";
extraConfig = ''
DISABLE_MAGIC_FUNCTIONS="true"
'';
plugins = [
"git"
];
};
};
};
}

68
home/common/theme.nix

@ -1,35 +1,51 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.theming;
mkDefaultStylix = lib.mkOverride 999;
toCaps = s: with lib.strings; with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s)-1) s);
toCaps = s:
with lib.strings;
with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s) - 1) s);
inherit (lib.strings) toUpper toLower;
mkCtp = flavor: accent: with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
mkCtp = flavor: accent:
with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override {
variant = toLower flavor;
accent = toLower accent;
};
icons = catppuccin-papirus-folders.override {
flavor = toLower flavor;
accent = toLower accent;
};
gtk = catppuccin-gtk.override {
variant = toLower flavor;
accents = [(toLower accent)];
};
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override { variant = toLower flavor; accent = toLower accent; };
icons = catppuccin-papirus-folders.override { flavor = toLower flavor; accent = toLower accent; };
gtk = catppuccin-gtk.override { variant = toLower flavor; accents = [ (toLower accent) ]; };
};
};
ctp = with cfg.catppuccin; mkCtp flavor accent;
in {
options.nixfiles.theming = {
options.nixfiles.theming = {
enable = lib.mkEnableOption "nixfiles theming options";
catppuccin = {
@ -54,9 +70,11 @@ in {
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = with pkgs; [
ubuntu_font_family
] ++ lib.mapAttrsToList (k: v: v) ctp.packages;
home.packages = with pkgs;
[
ubuntu_font_family
]
++ lib.mapAttrsToList (k: v: v) ctp.packages;
gtk = {
enable = true;

45
home/common/wm/default.nix

@ -1,17 +1,22 @@
{ pkgs, lib, config, osConfig ? {}, options, ...}:
let
{
pkgs,
lib,
config,
osConfig ? {},
options,
...
}: let
cfg = config.nixfiles.common.wm;
inherit (lib) mkDefault;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in
{
in {
options.nixfiles.common.wm = {
enable = lib.mkEnableOption "common window manager config";
autostart = lib.mkOption {
description = "List of window manager agnostic commnads to run at window manager startup";
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam -silent" ];
default = [];
example = ["steam -silent"];
};
};
@ -51,8 +56,14 @@ in
nwg-displays
# very consistent (ok it's actually a little better now)
(catppuccin-papirus-folders.override {accent = "mauve"; flavor = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "mauve"; variant = "mocha"; })
(catppuccin-papirus-folders.override {
accent = "mauve";
flavor = "mocha";
})
(pkgs.catppuccin-kvantum.override {
accent = "mauve";
variant = "mocha";
})
catppuccin-cursors.mochaMauve
arc-theme
@ -73,19 +84,19 @@ in
};
};
# File associations
xdg.mimeApps = {
enable = true;
defaultApplications = let
defaultBrowser = [ "firefox.desktop" ];
in mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
defaultBrowser = ["firefox.desktop"];
in
mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
};
# this makes xdg.mimeApps overwrite mimeapps.list if it has been touched by something else
xdg.configFile."mimeapps.list" = {

14
home/common/wm/keybinds.nix

@ -1,12 +1,16 @@
{ pkgs, config, lib, outputs, ... }:
let
{
pkgs,
config,
lib,
outputs,
...
}: let
df = lib.mkDefault;
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) (value));
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) value);
# not rewriting this rn
keysetting = "${outputs.packages.${pkgs.system}.wm-helpers}/bin/keysetting";
in
{
in {
options.nixfiles.common.wm = {
keybinds = lib.mkOption {
description = ''

22
home/default.nix

@ -1,10 +1,18 @@
{ pkgs, config, lib, options, osConfig ? { }, nixpkgs, home-manager, inputs, ... }@args:
let
{
pkgs,
config,
lib,
options,
osConfig ? {},
nixpkgs,
home-manager,
inputs,
...
} @ args: let
isStandalone = osConfig ? home-manager;
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in
{
in {
imports = [
./common
./package-sets
@ -25,7 +33,7 @@ in
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) { inherit pkgs; };
default = (import ../lib/nixfiles) {inherit pkgs;};
readOnly = true;
};
@ -53,13 +61,13 @@ in
meta.graphical = lib.mkOption {
description = "Whether to enable graphical home-manager applications";
type = lib.types.bool;
default = (osConfig ? services && osConfig.services.xserver.enable);
default = osConfig ? services && osConfig.services.xserver.enable;
example = true;
};
meta.wayland = lib.mkOption {
description = "Whether to prefer wayland packages and configuration";
type = lib.types.bool;
default = (lib.hasAttrByPath [ "nixfiles" "meta" "wayland" ] osConfig) && osConfig.nixfiles.meta.wayland;
default = (lib.hasAttrByPath ["nixfiles" "meta" "wayland"] osConfig) && osConfig.nixfiles.meta.wayland;
example = true;
};

60
home/package-sets/communication.nix

@ -1,10 +1,12 @@
{ pkgs, lib, config, osConfig ? {}, inputs, ... }:
let
{
pkgs,
lib,
config,
osConfig ? {},
inputs,
...
}: let
cfg = config.nixfiles.packageSets.communication;
rustdesk-pkg = if (lib.strings.hasInfix "23.11" lib.version) then
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.rustdesk-flutter
else
pkgs.rustdesk-flutter;
vesktop-ozone-cmd = let
extraFlags = lib.optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
@ -17,23 +19,21 @@ let
done
exec "$@"
'';
in
{
in {
options.nixfiles.packageSets.communication = {
enable = lib.mkEnableOption "communication package set";
};
config = lib.mkIf cfg.enable {
xdg.desktopEntries.vesktop = lib.mkIf config.nixfiles.meta.graphical {
categories= ["Network" "InstantMessaging" "Chat"];
exec=vesktop-ozone-cmd + " %U";
genericName="Internet Messenger";
icon="vesktop";
name="Vesktop";
type="Application";
categories = ["Network" "InstantMessaging" "Chat"];
exec = vesktop-ozone-cmd + " %U";
genericName = "Internet Messenger";
icon = "vesktop";
name = "Vesktop";
type = "Application";
settings = {
StartupWMClass="Vesktop";
Keywords="discord;vencord;electron;chat";
StartupWMClass = "Vesktop";
Keywords = "discord;vencord;electron;chat";
};
};
@ -41,17 +41,19 @@ in
(waitNet + " " + vesktop-ozone-cmd + " --start-minimized")
];
home.packages = with pkgs; lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-pkg
tor-browser
onionshare
] ++ [
irssi
];
home.packages = with pkgs;
lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-flutter
tor-browser
onionshare
]
++ [
irssi
];
};
}

3
home/package-sets/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./communication.nix
./dev.nix

12
home/package-sets/dev.nix

@ -1,8 +1,12 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
let
cfg = config.nixfiles.packageSets.dev;
in
{
pkgs,
lib,
config,
osConfig ? {},
...
}: let
cfg = config.nixfiles.packageSets.dev;
in {
options.nixfiles.packageSets.dev = {
enable = lib.mkEnableOption "development package set";
};

38
home/package-sets/gaming.nix

@ -1,27 +1,35 @@
{ config, osConfig ? { }, lib, pkgs, ... }:
let
{
config,
osConfig ? {},
lib,
pkgs,
...
}: let
cfg = config.nixfiles.packageSets.gaming;
default = osConfig.nixfiles.packageSets.gaming.enable or false;
in
{
in {
config = lib.mkIf cfg.enable {
nixpkgs.overlays = let
in lib.mkAfter [ ];
in
lib.mkAfter [];
nixfiles.common.wm.autostart = [
"steam -silent"
];
home.packages = with pkgs; [
ludusavi
rclone # needed to sync ludusavi
protontricks
] ++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
];
home.packages = with pkgs;
[
ludusavi
rclone # needed to sync ludusavi
protontricks
]
++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
lucem
];
};
options.nixfiles.packageSets.gaming = {
enable = lib.mkOption {

70
home/package-sets/multimedia.nix

@ -1,11 +1,15 @@
{ config, lib, pkgs, osConfig ? { }, ...}:
let
{
config,
lib,
pkgs,
osConfig ? {},
...
}: let
cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optionals mkEnableOption mkIf;
default = osConfig ? nixfiles && osConfig.nixfiles.packageSets.multimedia.enable;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in
{
in {
options.nixfiles.packageSets.multimedia = {
enable = lib.mkOption {
description = "Whether to enable multimedia packages";
@ -16,41 +20,43 @@ in
};
config = mkIf cfg.enable {
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
] ++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
]
++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
xdg.mimeApps.defaultApplications = lib.mkMerge [
# project files
(mkOverrideEach 100 {
"image/x-xcf" = [ "gimp.desktop" ];
"image/x-compressed-xcf" = [ "gimp.desktop" ];
"image/x-krita" = [ "krita.desktop" ];
"application/x-audacity-project" = [ "audacity.desktop" ];
"application/x-audacity-project+sqlite3" = [ "audacity.desktop" ];
"image/svg+xml" = [ "org.inkscape.Inkscape.desktop" ];
"image/svg+xml-compressed" = [ "org.inkscape.Inkscape.desktop" ];
"image/x-xcf" = ["gimp.desktop"];
"image/x-compressed-xcf" = ["gimp.desktop"];
"image/x-krita" = ["krita.desktop"];
"application/x-audacity-project" = ["audacity.desktop"];
"application/x-audacity-project+sqlite3" = ["audacity.desktop"];
"image/svg+xml" = ["org.inkscape.Inkscape.desktop"];
"image/svg+xml-compressed" = ["org.inkscape.Inkscape.desktop"];
})
# general files
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [ nomacs mpv ]))
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [nomacs mpv]))
# rest of the files
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [ inkscape gimp audacity ]))
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [inkscape gimp audacity]))
];
};
}

54
home/package-sets/productivity.nix

@ -1,33 +1,39 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
cfg = config.nixfiles.packageSets.productivity;
inherit (lib) optionals;
in
{
in {
config = lib.mkIf cfg.enable {
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
zen-browser-bin
# mapping/GIS
qgis
josm
] ++ [
pandoc
];
# mapping/GIS
qgis
josm
]
++ [
pandoc
];
xdg.desktopEntries.obsidian = lib.mkIf config.nixfiles.meta.graphical {
categories = [ "Office" ];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = [ "x-scheme-handler/obsidian" ];
name = "Obsidian";
type = "Application";
categories = ["Office"];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = ["x-scheme-handler/obsidian"];
name = "Obsidian";
type = "Application";
};
};

209
home/profile/base.nix

@ -1,8 +1,12 @@
{ lib, pkgs, config, osConfig ? { }, ... }:
let
cfg = config.nixfiles.profile.base;
in
{
lib,
pkgs,
config,
osConfig ? {},
...
}: let
cfg = config.nixfiles.profile.base;
in {
# imports = [
# ./comma.nix
# ];
@ -15,7 +19,9 @@ in
config = lib.mkIf cfg.enable {
nixfiles.programs.comma.enable = true;
nixfiles.programs.neovim.enable = lib.mkDefault true;
nixfiles.common.nix.enable = true;
nixfiles.common.shell.enable = true;
home.sessionVariables = lib.mkMerge [
(lib.mkIf config.programs.neovim.enable {
@ -29,48 +35,34 @@ in
"${config.home.profileDirectory}/share/terminfo"
"/usr/share/terminfo"
];
in builtins.concatStringsSep ":" terminfo-dirs;
in
builtins.concatStringsSep ":" terminfo-dirs;
})
];
# TODO move this stuff to a shell.nix or something; this is just a quick
# fix so home.sessionVariables works
home.shellAliases = {
v = "nvim";
icat = "kitten icat";
};
programs.fzf.enable = lib.mkDefault true;
programs.fzf.enableZshIntegration = lib.mkDefault true;
programs.fzf.enableBashIntegration = lib.mkDefault true;
programs.bash = {
programs.git = {
enable = lib.mkDefault true;
initExtra = ''
export HOME_MANAGER_MANAGED=true;
[[ -e ~/dotfiles/shell/.bashrc ]] && . ~/dotfiles/shell/.bashrc ]]
unset HOME_MANAGERR_MANAGED
'';
};
programs.zsh = {
enable = lib.mkDefault true;
initExtra = ''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
'';
oh-my-zsh = {
enable = lib.mkDefault true;
theme = "robbyrussell";
extraConfig = ''
DISABLE_MAGIC_FUNCTIONS="true"
'';
plugins = [
"git"
];
};
maintenance.enable = lib.mkDefault true;
# default value is stateVersion dependent, doesn't evaluate after 25.05
# even if signing isn't configured for some reason
signing.format = lib.mkDefault "openpgp";
};
# this allows `git config --global` commands to work by ensuring the
# presense of ~/.gitconfig. git will read from both files, and `git config`
# will not write to ~/.gitconfig when the managed config exists unless
# ~/.gitconfig also exists
home.activation.git-create-gitconfig =
lib.mkIf config.programs.git.enable
(lib.hm.dag.entryAfter ["writeBoundary"] ''
_nixfiles_git_create_gitconfig () {
if ! [[ -a "$HOME/.gitconfig" ]] ; then
touch "$HOME/.gitconfig"
fi
}
run _nixfiles_git_create_gitconfig
'');
programs.btop.enable = lib.mkDefault true;
programs.ranger = let
@ -78,16 +70,18 @@ in
# defaultTerminal =
# if config.programs.kitty.enable then "kitty"
# else null;
in {
enable = lib.mkDefault true;
settings = lib.mkMerge [{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
} (lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})];
settings = lib.mkMerge [
{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
}
(lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})
];
};
programs.keychain = {
@ -97,7 +91,8 @@ in
extraFlags = [
"--quiet"
"--systemd"
"--inherit" "any-once"
"--inherit"
"any-once"
"--noask"
];
};
@ -110,65 +105,83 @@ in
# some packages defined here may be redundant with packages on a non-NixOS
# home-manager setup, but it's better to have a consistent environment at
# the cost of slightly more space
programs.neovim = {
enable = lib.mkDefault true;
vimAlias = lib.mkDefault true;
withPython3 = lib.mkDefault true;
defaultEditor = lib.mkDefault true;
};
home.packages = with pkgs; let
neofetch-hyfetch-shim = writeShellScriptBin "neofetch" ''
exec "${pkgs.hyfetch}/bin/neowofetch" "$@"
'';
in [
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
in
[
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
git
git-lfs
stow
curl
git
git-lfs
stow
curl
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# for icat on all systems
kitty.kitten
# for icat on all systems
kitty.kitten
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# pretty
hyfetch
neofetch-hyfetch-shim
# files
restic
rclone
rmlint
ncdu
# files
restic
rclone
rmlint
ncdu
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# other utilities
tmux
mosh
btop
htop
zoxide
asciinema
];
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
]
++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
};
}

3
home/profile/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./base.nix
./pc.nix

12
home/profile/pc.nix

@ -1,9 +1,13 @@
{ pkgs, config, osConfig ? {}, lib, ...}:
let
{
pkgs,
config,
osConfig ? {},
lib,
...
}: let
cfg = config.nixfiles.profile.pc;
default = osConfig ? nixfiles && osConfig.nixfiles.profile.pc.enable;
in
{
in {
options.nixfiles.profile.pc.enable = lib.mkOption {
description = "Whether to enable the personal computer profile";
type = lib.types.bool;

19
home/programs/comma.nix

@ -1,8 +1,12 @@
{ lib, pkgs, config, inputs, ... } @args:
let
cfg = config.nixfiles.programs.comma;
in
{
lib,
pkgs,
config,
inputs,
...
} @ args: let
cfg = config.nixfiles.programs.comma;
in {
imports = [
inputs.nix-index-database.hmModules.nix-index
];
@ -13,8 +17,9 @@ in
config = {
programs.nix-index.symlinkToCacheHome = lib.mkDefault cfg.enable;
home.packages = with pkgs; lib.optionals cfg.enable [
comma
];
home.packages = with pkgs;
lib.optionals cfg.enable [
comma
];
};
}

4
home/programs/default.nix

@ -1,9 +1,9 @@
{...}:
{
{...}: {
imports = [
./comma.nix
./mopidy.nix
./hypridle.nix
./dunst.nix
./neovim.nix
];
}

8
home/programs/dunst.nix

@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.dunst;
mkd = lib.mkDefault;
in {

29
home/programs/hypridle.nix

@ -1,21 +1,25 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
cfg = config.nixfiles.services.hypridle;
inherit (lib.types) str int;
in
{
in {
options.nixfiles.services.hypridle = {
enable = lib.mkEnableOption "the hypridle configuration";
timeouts = let
mkTimeout = timeout: desc: lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
mkTimeout = timeout: desc:
lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
in {
dpms = mkTimeout (300) "DPMS timeout";
lock = mkTimeout (360) "Lock timeout";
locked-dpms = mkTimeout (10) "DPMS timeout while locked";
dpms = mkTimeout 300 "DPMS timeout";
lock = mkTimeout 360 "Lock timeout";
locked-dpms = mkTimeout 10 "DPMS timeout while locked";
};
commands = {
dpms-off = lib.mkOption {
@ -57,7 +61,6 @@ in
lock-dpms = pkgs.writeShellScript "lock-dpms" ''
${pkgs.procps}/bin/pgrep -x swaylock > /dev/null && "${dpms-wrapped}"
'';
in [
{
timeout = cfg.timeouts.dpms;

15
home/programs/mopidy.nix

@ -1,8 +1,13 @@
{ lib, pkgs, config, outputs, osConfig ? {}, ... }:
let
cfg = config.nixfiles.programs.mopidy;
in
{
lib,
pkgs,
config,
outputs,
osConfig ? {},
...
}: let
cfg = config.nixfiles.programs.mopidy;
in {
options.nixfiles.programs.mopidy = {
enable = lib.mkEnableOption "mopidy configuration";
};
@ -38,7 +43,7 @@ in
];
};
home.packages = with pkgs; [
(ncmpcpp.override { visualizerSupport = true; })
(ncmpcpp.override {visualizerSupport = true;})
];
};
}

25
home/programs/neovim.nix Normal file

@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.neovim;
in {
options.nixfiles.programs.neovim.enable = lib.mkEnableOption "the Neovim configuration";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
vimAlias = lib.mkDefault true;
withPython3 = lib.mkDefault true;
defaultEditor = lib.mkDefault true;
extraPackages = with pkgs; [
lua-language-server
rust-analyzer
vscode-langservers-extracted
pyright
gcc
];
};
};
}

8
home/root.nix

@ -1,8 +1,12 @@
# Configuration for root user.
# TODO this file is sorta an exception to my repo organization, it should
# probably be somewhere else.
{ config, lib, pkgs, ... }@args:
{
{
config,
lib,
pkgs,
...
} @ args: {
imports = [
./.
];

3
home/sessions/default.nix

@ -1,5 +1,4 @@
{...}:
{
{...}: {
imports = [
./hyprland
./plasma.nix

235
home/sessions/hyprland/default.nix

@ -1,5 +1,12 @@
{ lib, pkgs, config, osConfig ? {}, outputs, inputs, ... }@args:
let
{
lib,
pkgs,
config,
osConfig ? {},
outputs,
inputs,
...
} @ args: let
cfg = config.nixfiles.sessions.hyprland;
mkd = lib.mkDefault;
hyprland-pkg = config.wayland.windowManager.hyprland.finalPackage;
@ -12,7 +19,7 @@ let
rofi = "${pkgs.rofi-wayland}/bin/rofi";
notifydaemon = "${pkgs.dunst}/bin/dunst";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
polkit-agent = "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1";
polkit-agent = "${pkgs.kdePackages.polkit-kde-agent-1}/libexec/polkit-kde-authentication-agent-1";
grimblast = "${inputs.hyprwm-contrib.packages.${pkgs.system}.grimblast}/bin/grimblast";
swayidle = "${pkgs.swayidle}/bin/swayidle";
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
@ -24,13 +31,15 @@ let
lock-cmd = "${swaylock}";
mkKittyHdrop = name: command: let
class = if builtins.isNull (builtins.match "[[:alnum:]_]+" name) then throw "mkKittyHdrop: window name should be an alphanumeric string" else "kitty-${name}";
class =
if builtins.isNull (builtins.match "[[:alnum:]_]+" name)
then throw "mkKittyHdrop: window name should be an alphanumeric string"
else "kitty-${name}";
wrappedCommand = pkgs.writeShellScript "hdrop-${name}" ''
exec bash -c ${lib.escapeShellArg command}
'';
in "hdrop -f -c ${class} 'kitty --class=${class} ${wrappedCommand}'";
# lock-cmd = let
# cmd = pkgs.writeShellScript "lock-script" ''
# ${swayidle} -w timeout 10 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on' &
@ -48,7 +57,7 @@ let
resume 'hyprctl dispatch dpms on'
'';
hypr-dispatcher-package = pkgs.callPackage ./dispatcher { hyprland = hyprland-pkg; };
hypr-dispatcher-package = pkgs.callPackage ./dispatcher {hyprland = hyprland-pkg;};
hypr-dispatcher = "${hypr-dispatcher-package}/bin/hypr-dispatcher";
wallpaper-package = "${pkgs.nixfiles-assets}";
@ -56,7 +65,8 @@ let
wallpaper-cmd = "${swaybg} -i ${wallpaper-package}/share/wallpapers/${wallpaper}";
# https://github.com/flatpak/xdg-desktop-portal-gtk/issues/440#issuecomment-1900520919
xdpg-workaround = pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
xdpg-workaround =
pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
''
${pkgs.coreutils}/bin/sleep 3
${pkgs.systemd}/bin/systemctl --user import-environment PATH
@ -65,19 +75,20 @@ let
bar-cmd = "${pkgs.waybar}/bin/waybar";
# Hyprland workspace configuration
mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]);
mainWorkspaces = builtins.genList (x: x + 1) (9 ++ [0]);
workspaceName = key: let
inherit (builtins) hasAttr;
keyNames = {
"0" = "10";
};
in
if hasAttr key keyNames then keyNames."${key}" else key;
if hasAttr key keyNames
then keyNames."${key}"
else key;
inherit (outputs.packages.${pkgs.system}) wm-helpers;
keysetting = "${wm-helpers}/bin/keysetting";
in
{
in {
# FIXME this is temporary just to get it working, need to make wm-common an
# option first
# imports = [
@ -88,7 +99,10 @@ in
enable = lib.mkOption {
description = "Whether to enable hyprland.";
type = lib.types.bool;
default = if (builtins.hasAttr "home-manager" osConfig) then osConfig.nixfiles.sessions.hyprland.enable else false;
default =
if (builtins.hasAttr "home-manager" osConfig)
then osConfig.nixfiles.sessions.hyprland.enable
else false;
example = true;
};
@ -112,7 +126,7 @@ in
nixfiles.common.wm.enable = true;
home.packages = with pkgs; [
kitty
dolphin
kdePackages.dolphin
rofi-wayland
wev
dunst
@ -133,7 +147,6 @@ in
enable = true;
package = lib.mkIf (osConfig ? programs) (lib.mkDefault osConfig.programs.hyprland.package);
settings = {
# enable debug logging
debug.disable_logs = mkd false;
@ -150,15 +163,17 @@ in
exec-once = let
wrapScope = cmd: "systemd-run --user --scope -- ${cmd}";
in (lib.optional cfg.autolock lock-cmd) ++ (map wrapScope config.nixfiles.common.wm.autostart) ++
[
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
in
(lib.optional cfg.autolock lock-cmd)
++ (map wrapScope config.nixfiles.common.wm.autostart)
++ [
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
@ -166,14 +181,13 @@ in
# Some default env vars.
# env = mkd "XCURSOR_SIZE,24";
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input = {
kb_layout = mkd "us";
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
kb_options = [
"compose:ralt"
];
@ -240,18 +254,18 @@ in
};
master = {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
};
gestures = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
};
misc = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
};
"$mod" = mkd "SUPER";
@ -263,95 +277,98 @@ in
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = [
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
bind =
[
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
] ++ lib.optional config.nixfiles.programs.mopidy.enable
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
]
++ lib.optional config.nixfiles.programs.mopidy.enable
"$mod CTRL, n, exec, ${mkKittyHdrop "ncmpcpp" "ncmpcpp"}";
# repeat, ignore mods
bindei = lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindei =
lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging

29
home/sessions/hyprland/dispatcher/default.nix

@ -1,19 +1,20 @@
{ lib,
{
lib,
stdenvNoCC,
socat,
coreutils,
hyprland,
makeShellWrapper }:
let
wrappedPath = lib.makeBinPath [ coreutils socat hyprland ];
makeShellWrapper,
}: let
wrappedPath = lib.makeBinPath [coreutils socat hyprland];
in
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeShellWrapper ];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = ["installPhase"];
nativeBuildInputs = [makeShellWrapper];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}

20
home/sessions/plasma.nix

@ -1,9 +1,13 @@
{ pkgs, config, lib, osConfig ? {}, ... }:
let
{
pkgs,
config,
lib,
osConfig ? {},
...
}: let
inherit (lib) mkOption mkEnableOption;
cfg = config.nixfiles.sessions.plasma;
in
{
in {
options.nixfiles.sessions.plasma = {
enable = lib.mkOption {
description = "Whether to enable the Plasma session home configuration.";
@ -13,12 +17,12 @@ in
};
};
config = lib.mkIf cfg.enable {
# TODO make this a generic implementation
home.packages = let
startupScript = pkgs.writeShellScript "autostart-script"
startupScript =
pkgs.writeShellScript "autostart-script"
(lib.concatStringsSep "\n"
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
name = "home-manager-autostart";
desktopFilePkg = pkgs.makeDesktopItem {
@ -30,6 +34,6 @@ in
mkdir -p $out/etc/xdg/autostart
ln -s "${desktopFilePkg}/share/applications/${name}.desktop" "$out/etc/xdg/autostart/"
'';
in [ autostartPkg ];
in [autostartPkg];
};
}

7
home/standalone.nix

@ -1,7 +1,12 @@
# Home Manager default nixfiles entrypoint. This serves as an alternative to
# default.nix, which sets up some more appropriate options for home-manager
{ inputs, pkgs, config, lib, ... }:
{
inputs,
pkgs,
config,
lib,
...
}: {
imports = [
./.
inputs.stylix.homeManagerModules.stylix

10
home/stylix.nix

@ -1,12 +1,18 @@
{ pkgs, lib, config, inputs, ... }@args:
{
imports = [ ];
pkgs,
lib,
config,
inputs,
...
} @ args: {
imports = [];
config = {
stylix = lib.mkMerge [
{
targets.vim.enable = lib.mkDefault false;
targets.neovim.enable = lib.mkDefault false;
targets.gtk.enable = lib.mkDefault false;
targets.qt.enable = lib.mkDefault false;
targets.fzf.enable = lib.mkDefault false;
# the ring is styled light so it's light on light which looks worse than the default theme
targets.swaylock.enable = lib.mkDefault false;

15
hosts/nixos-wsl/configuration.nix

@ -1,5 +1,10 @@
{ pkgs, config, lib, vars, ... }:
{
pkgs,
config,
lib,
vars,
...
}: {
config = {
networking.hostName = "nixos-wsl";
@ -26,7 +31,7 @@
RemainAfterExit = true;
};
description = "WSL startup workaround";
wantedBy = [ "default.target" ];
wantedBy = ["default.target"];
};
};
@ -42,10 +47,12 @@
noto-fonts-cjk-sans
];
fileSystems."/mnt/wsl/instances/NixOS" = {
device = "/";
options = [ "bind" ];
options = ["bind"];
};
# standard disclaimer don't change this for any reason whatsoever
system.stateVersion = "23.11";
};
}

9
hosts/nixos-wsl/home.nix

@ -1,7 +1,12 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
{
pkgs,
lib,
config,
osConfig ? {},
...
}: {
config = {
nixfiles = {
nixfiles = {
profile.base.enable = true;
packageSets.dev.enable = true;
packageSets.multimedia.enable = true;

18
hosts/nullbox/backup.nix

@ -1,20 +1,22 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) escapeShellArg;
secret = name: config.age.secrets."${name}".path;
fs = config.fileSystems."/srv/mcserver";
in
{
in {
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
systemd.services.restic-backups-system = {
path = with pkgs; [ btrfs-progs ];
path = with pkgs; [btrfs-progs];
};
services.restic.backups.system = {
# create an atomic backup
backupPrepareCommand = ''
set -Eeuxo pipefail
@ -37,6 +39,7 @@ in
];
paths = [
"/srv/mcserver/@restic"
"/persist/backup"
];
dynamicFilesFrom = ''
echo
@ -46,7 +49,6 @@ in
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

56
hosts/nullbox/configuration.nix

@ -1,54 +1,51 @@
# vim: set ts=2 sw=2 et:
# vim: set ts=2 sw=2 et:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, lib, pkgs, inputs, ... }:
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./impermanence.nix
./impermanence.nix
./backup.nix
];
./backup.nix
];
config = {
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/6AC23F0FC23EDF4F";
options = [ "auto_cache" "nofail" ];
options = ["auto_cache" "nofail"];
};
"/.btrfsroot" = {
options = [ "subvol=/" ];
options = ["subvol=/"];
};
}
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
}))
];
# hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.production;
hardware.nvidia.open = lib.mkForce false;
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
system.nixos.tags = ["Hyprland"];
nixfiles = {
session = "hyprland";
};
};
hardware.cpu.intel.updateMicrocode = true;
services.udev.extraRules = ''
@ -65,7 +62,7 @@
workarounds.nvidiaPrimary = true;
programs.greetd = {
settings = {
randr = [ "--output" "HDMI-A-3" "--off" ];
randr = ["--output" "HDMI-A-3" "--off"];
autologin = false;
autologinUser = "nullbite";
autolock = false;
@ -109,8 +106,7 @@
};
};
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
boot.kernelPackages = pkgs.linuxPackages_6_12;
networking.wg-quick.interfaces.wg0 = {
configFile = "/etc/wireguard/wg0.conf";
@ -122,7 +118,6 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "nullbox";
# Pick only one of the below networking options.
@ -130,8 +125,7 @@
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
time.timeZone = "America/New_York";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
@ -146,6 +140,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

114
hosts/nullbox/hardware-configuration.nix

@ -1,73 +1,77 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@root" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@root"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/srv/mcserver-old" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver-old" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver-old/.snapshots" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver-old/.snapshots" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver/.snapshots" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver/.snapshots" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

6
hosts/nullbox/home.nix

@ -1,5 +1,9 @@
{ lib, pkgs, osConfig, ... }:
{
lib,
pkgs,
osConfig,
...
}: {
imports = [
];

62
hosts/nullbox/impermanence.nix

@ -1,11 +1,16 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
inherit (lib) escapeShellArg;
# (wip) more configurable than old one, will be used by volatile btrfs module
mkBtrfsInit = { volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume }:
''
mkBtrfsInit = {
volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume,
}: ''
mkdir -p /btrfs_tmp
mount ${escapeShellArg volume} /btrfs_tmp -o subvol=/
@ -34,7 +39,7 @@ in {
neededForBoot = true;
device = root_vol;
fsType = "btrfs";
options = [ "subvol=/nixos/@persist" ];
options = ["subvol=/nixos/@persist"];
};
# TODO volatile btrfs module
@ -47,8 +52,12 @@ in {
fileSystems."/" = lib.mkForce {
device = root_vol;
fsType = "btrfs";
options = [ "subvol=/nixos/volatile" ];
options = ["subvol=/nixos/volatile"];
};
# agenix fix
fileSystems."/etc/ssh".neededForBoot = true;
environment.persistence = {
"/persist/nobackup" = {
hideMounts = true;
@ -70,15 +79,24 @@ in {
# probably NEVER be excluded removed.
"/var/lib/nixos/"
# password files for user.user.<name>.hashedPasswordFile
{ directory = "/etc/passfile"; mode = "0700"; }
{
directory = "/etc/passfile";
mode = "0700";
}
# persistent non-declarative config
"/etc/nixos"
"/etc/ssh"
{ directory = "/etc/wireguard"; mode = "0700"; }
{
directory = "/etc/wireguard";
mode = "0700";
}
# let's keep the root home dir as well
{ directory = "/root"; mode = "0700"; }
{
directory = "/root";
mode = "0700";
}
# system state
"/etc/NetworkManager/system-connections"
@ -89,13 +107,29 @@ in {
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timesync"
{ directory = "/var/lib/tailscale"; mode = "0700"; }
{
directory = "/var/lib/tailscale";
mode = "0700";
}
"/var/lib/unbound"
"/var/db/sudo/lectured"
# remember login stuff
{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; }
{ directory = "/var/cache/regreet"; user = "greeter"; group = "greeter"; }
{
directory = "/var/cache/tuigreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/cache/regreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/lib/regreet";
user = "greeter";
group = "greeter";
}
];
files = [

13
hosts/nullbox/luks.nix

@ -1,8 +1,11 @@
{ pkgs, config, lib, ... }:
let
usb = "903D-DF5B";
in
{
pkgs,
config,
lib,
...
}: let
usb = "903D-DF5B";
in {
config = {
# cryptsetup
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage"];
@ -16,7 +19,7 @@ in
mount -n -t vfat -o ro `findfs UUID=${usb}` /key
'';
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
device = "/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
keyFile = "/key/image.png"; # yes it's literally an image file. bite me
allowDiscards = true;
fallbackToPassword = true;

43
hosts/nullbox/mcserver.nix

@ -1,18 +1,21 @@
{ pkgs, lib, config, ... }:
let
cfg = config.services.minecraft-servers;
in
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.minecraft-servers;
in {
config = {
fileSystems = {
"/srv/mcserver".options = [ "compress=zstd" "nofail" ];
"/srv/mcserver/.snapshots".options = [ "compress=zstd" "nofail" ];
"/srv/mcserver".options = ["compress=zstd" "nofail"];
"/srv/mcserver/.snapshots".options = ["compress=zstd" "nofail"];
};
networking.firewall.trustedInterfaces = [ "wg0" ];
networking.firewall.trustedInterfaces = ["wg0"];
users = {
users = {
nullbite.extraGroups = [ "minecraft" ];
nullbite.extraGroups = ["minecraft"];
};
};
@ -45,18 +48,19 @@ in
nulllite-staging = let
commit = "b8c639a";
packHash = "sha256-HTDVIkcBf0DyLbSCuU08/HnEQuesi3cmXXhB4y4lyko=";
in pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in
pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in {
nulllite-staging = {
useRecommendedDefaults = true;
enable = true;
autoStart = false;
modpack = nulllite-staging;
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" ];
modpackSymlinks = ["mods"];
modpackFiles = ["config/"];
serverProperties.server-port = 25574;
serverProperties.motd = "staging server";
};
@ -65,8 +69,8 @@ in
enable = true;
autoStart = true;
modpack = pkgs.modpacks.notlite;
modpackSymlinks = [ "config/yosbr" "config/quilt-loader-overrides.json" "mods" ];
modpackFiles = [ "kubejs/" ];
modpackSymlinks = ["config/yosbr" "config/quilt-loader-overrides.json" "mods"];
modpackFiles = ["kubejs/"];
serverProperties = {
motd = "owo what's this (nix notlite edition)";
server-port = 25567;
@ -76,11 +80,10 @@ in
level-seed = "8555431723250870652";
level-type = "bclib:normal";
};
};
minecraft-nixtest = let
self = cfg.servers.minecraft-nixtest;
package = pkgs.quiltServers.quilt-1_20_1.override { loaderVersion = "0.21.0"; };
package = pkgs.quiltServers.quilt-1_20_1.override {loaderVersion = "0.21.0";};
in {
useRecommendedDefaults = true;
enable = false;
@ -92,8 +95,8 @@ in
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
};
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" "kubejs/" ];
modpackSymlinks = ["mods"];
modpackFiles = ["config/" "kubejs/"];
serverProperties = rec {
motd = "owo what's this (nix edition)";
server-port = 25568;

6
hosts/nullbox/unbound.nix

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
config = {
networking.networkmanager.dns = "none";
services.unbound.enable = true;

398
hosts/rpi4/authelia.nix

@ -3,10 +3,10 @@
lib,
pkgs,
...
}:
let
}: let
inherit (lib) types mkIf optionalString;
inherit (builtins)
inherit
(builtins)
isNull
any
all
@ -20,22 +20,18 @@ let
"regular"
"basic"
];
getUpstreamFromInstance =
instance:
let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
getUpstreamFromInstance = instance: let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
targetHost =
if host == "0.0.0.0" then
"127.0.0.1"
else if lib.hasInfix ":" host then
throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else
host;
in
"http://${targetHost}:${toString port}";
targetHost =
if host == "0.0.0.0"
then "127.0.0.1"
else if lib.hasInfix ":" host
then throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else host;
in "http://${targetHost}:${toString port}";
# use this when reverse proxying to authelia (and only authelia because i
# like the nixos recommended proxy settings better)
@ -116,212 +112,204 @@ let
proxy_set_header X-Forwarded-URI $request_uri;
'';
genAuthConfig =
method:
let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
genAuthConfig = method: let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
in
''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
genAuthConfigPkg =
method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in
{
in ''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
genAuthConfigPkg = method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in {
# authelia
options.services.nginx =
let
mkAttrsOfSubmoduleOpt = module: lib.mkOption { type = with types; attrsOf (submodule module); };
options.services.nginx = let
mkAttrsOfSubmoduleOpt = module: lib.mkOption {type = with types; attrsOf (submodule module);};
# make system config accessible from submodules
systemConfig = config;
# make system config accessible from submodules
systemConfig = config;
# submodule definitions
vhostModule =
{ name, config, ... }@attrs:
{
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
example = "basic";
};
# submodule definitions
vhostModule = {
name,
config,
...
} @ attrs: {
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations =
let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
};
genLocationModule =
vhostAttrs:
{ name, config, ... }:
let
vhostConfig = vhostAttrs.config;
in
{
options.authelia.method = lib.mkOption {
instance = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
default = "regular";
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations = let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
include ${autheliaLocationConfig};
'';
};
};
in
{
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
};
genLocationModule = vhostAttrs: {
name,
config,
...
}: let
vhostConfig = vhostAttrs.config;
in {
options.authelia.method = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
in {
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
# TODO check if any vhosts have authelia configured
config =
let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
config = let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
mkIf true {
assertions = [
{

17
hosts/rpi4/backup.nix

@ -1,10 +1,13 @@
{ config, lib, pkgs, ... }:
let
secret = name: config.age.secrets."${name}".path;
in
{
config,
lib,
pkgs,
...
}: let
secret = name: config.age.secrets."${name}".path;
in {
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
services.restic.backups.system = {
rcloneConfigFile = secret "restic-rclone";
@ -14,6 +17,7 @@ in
".snapshots"
"gdlmirror"
"gitea-dump-*"
"/var/lib/thelounge/storage"
];
paths = [
"/srv"
@ -24,6 +28,8 @@ in
"/var/lib/gitea"
"/var/lib/tailscale"
"/var/lib/private/anki-sync-server"
"/var/lib/thelounge"
"/var/lib/paperless"
"/etc"
];
dynamicFilesFrom = ''
@ -35,7 +41,6 @@ in
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

47
hosts/rpi4/configuration.nix

@ -1,17 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
./backup.nix
];
./media-sync.nix
./backup.nix
];
fileSystems = let
mounts = [
@ -22,8 +26,9 @@
"/opt/hassio"
"/opt/hassio/.snapshots"
];
fn = (x: { options = [ "compress=zstd" "commit=300" "noatime" ];});
in lib.genAttrs mounts fn;
fn = x: {options = ["compress=zstd" "commit=300" "noatime"];};
in
lib.genAttrs mounts fn;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
@ -33,8 +38,7 @@
configurationLimit = 5;
};
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
boot.kernelPackages = pkgs.linuxPackages_6_12;
nixfiles = {
profile.server.enable = true;
@ -63,7 +67,7 @@
"wg0"
"tailscale0"
];
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.firewall.allowedUDPPorts = [51820];
services.openssh = {
enable = true;
@ -93,9 +97,6 @@
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -123,11 +124,11 @@
# tree
# ];
# };
users.users.nullbite = {
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
};
users.users.nullbite = {
isNormalUser = true;
extraGroups = ["wheel"];
uid = 1000;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -181,6 +182,4 @@
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

51
hosts/rpi4/gitea.nix

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.gitea;
in
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.gitea;
in {
config = {
services.gitea = {
enable = true;
@ -32,19 +35,37 @@ in
DEFAULT_THEME = "catppuccin-mocha-pink";
THEMES = let
ctpAttrs = {
flavor = [ "latte" "frappe" "macchiato" "mocha" ];
accent = [ "rosewater" "flamingo" "pink" "mauve"
"red" "maroon" "peach" "yellow" "green" "teal"
"sky" "sapphire" "blue" ];
flavor = ["latte" "frappe" "macchiato" "mocha"];
accent = [
"rosewater"
"flamingo"
"pink"
"mauve"
"red"
"maroon"
"peach"
"yellow"
"green"
"teal"
"sky"
"sapphire"
"blue"
];
};
ctpThemes = lib.mapCartesianProduct
( { flavor, accent }: "catppuccin-${flavor}-${accent}" )
ctpThemes =
lib.mapCartesianProduct
({
flavor,
accent,
}: "catppuccin-${flavor}-${accent}")
ctpAttrs;
in lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
] ++ ctpThemes);
in
lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
]
++ ctpThemes);
};
};
};

118
hosts/rpi4/hardware-configuration.nix

@ -1,75 +1,78 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/" ];
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/srv/syncthing" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@syncthing" ];
};
fileSystems."/srv/syncthing" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@syncthing"];
};
fileSystems."/srv/media" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@media" ];
};
fileSystems."/srv/media" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@media"];
};
fileSystems."/opt/hassio" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@hassio" ];
};
fileSystems."/opt/hassio" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@hassio"];
};
fileSystems."/opt/hassio/.snapshots" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/snapshots/@hassio" ];
};
fileSystems."/opt/hassio/.snapshots" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/snapshots/@hassio"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -81,4 +84,3 @@
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/rpi4/home.nix

@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
config = {
nixfiles.profile.base.enable = true;
programs.keychain.enable = false;

47
hosts/rpi4/media-sync.nix Normal file

@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}: let
in {
config = {
nixfiles.programs.syncthing.enable = true;
systemd.timers.gallery-dl = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "13";
RandomizedDelaySec = "4m";
};
};
systemd.services.gallery-dl = {
path = with pkgs; [bash coreutils findutils gallery-dl];
serviceConfig = {
# none of your fucking business
# TODO move this into an agenix secret probably
ExecStart = "/srv/gallery-dl.sh";
Type = "oneshot";
User = "nullbite";
};
};
systemd.timers.gallery-dl-dedup = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "3h";
};
};
systemd.services.gallery-dl-dedup = {
path = with pkgs; [bash coreutils rmlint];
serviceConfig = {
# likewise
ExecStart = "/srv/gallery-dl-dedup.sh";
Type = "oneshot";
User = "nullbite";
};
};
};
}

8
hosts/rpi4/reddit-subscriptions.txt

@ -4,7 +4,6 @@ AreTheStraightsOK
autism
beatsaber
Bitwarden
boykisser
btd6
ConservativeRap
crackheadcraigslist
@ -20,17 +19,22 @@ femboymemes
feminineboys
flatpak
geometrydash
gocommitdie
homeassistant
ihaveihaveihavereddit
LinkedInLunatics
linux
linux_gaming
losercity
MINDWAVEgame
NixOS
NonBinaryTalk
okbuddyhetero
peepeeshart
pressureroblox
prismlauncher
programmingcirclejerk
regretevator
rust
rustjerk
selfhosted
@ -38,9 +42,9 @@ Shark_Park
steam
SteamDeck
talesfromtechsupport
techsupport
termux
theamazingdigitalciru
Ultrakill
unicodecirclejerk
VaushV
whenthe

562
hosts/rpi4/services.nix

@ -1,11 +1,17 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: let
inherit (config.age) secrets;
inherit (builtins) toString;
in {
imports = [
./gitea.nix
./authelia.nix
];
config = {
age.secrets.cloudflaredns = {
file = ../../secrets/cloudflare-dns.age;
group = "secrets";
@ -50,8 +56,16 @@
file = ../../secrets/anki-user.age;
};
age.secrets.homepage = {
file = ../../secrets/homepage.age;
};
age.secrets.paperless-admin = {
file = ../../secrets/paperless-admin.age;
};
users.groups.secrets = {};
users.users.acme.extraGroups = [ "secrets" ];
users.users.acme.extraGroups = ["secrets"];
security.acme = {
acceptTerms = true;
@ -85,57 +99,59 @@
};
};
users.users.nginx.extraGroups = [ "acme" ];
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [
80 443
80
443
# this is needed for node to work for some reason
8123
];
users.groups.authelia-shared = { };
services.authelia.instances = lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
users.groups.authelia-shared = {};
services.authelia.instances =
lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
};
services.redis = {
servers.authelia = {
@ -145,7 +161,7 @@
users.users."${config.services.authelia.instances.main.user}".extraGroups = let
name = config.services.redis.servers.authelia.user;
in [ name ];
in [name];
services.nginx = {
enable = true;
@ -159,24 +175,30 @@
virtualHosts = let
useACMEHost = "protogen.io";
mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, authelia ? false, extraConfig ? {}, ... }:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
mkProxy = args @ {
upstream ? "http://127.0.0.1:${builtins.toString args.port}",
auth ? false,
authelia ? false,
extraConfig ? {},
...
}:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
@ -187,136 +209,273 @@
# };
# };
mkAuthProxy = port: mkProxy { inherit port; authelia = true; };
mkReverseProxy = port: mkProxy { inherit port; };
in (lib.mapAttrs (domain: instance: { forceSSL = true; inherit useACMEHost; authelia.endpoint = { inherit instance; };}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
}) // {
"changedetection.protogen.io" = mkReverseProxy 5000;
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
"gitea.protogen.io" = mkReverseProxy 3000;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [ (mkProxy { authelia = true; upstream = "http://10.10.1.8:80"; })
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
mkAuthProxy = port:
mkProxy {
inherit port;
authelia = true;
};
}];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in mkProxy { authelia = true; inherit port; extraConfig = {
locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};};
mkReverseProxy = port: mkProxy {inherit port;};
in
(lib.mapAttrs (domain: instance: {
forceSSL = true;
inherit useACMEHost;
authelia.endpoint = {inherit instance;};
}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
})
// {
"changedetection.protogen.io" = mkReverseProxy 5000;
# URL shortener
"nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
"admin.nbt.sh" = mkProxy { authelia = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"gitea.protogen.io" = mkReverseProxy 3000;
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = [ "x.protogen.io" ];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = [ "www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz" ];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [
(mkProxy {
authelia = true;
upstream = "http://10.10.1.8:80";
})
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}
];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in
mkProxy {
authelia = true;
inherit port;
extraConfig = {
locations = lib.genAttrs ["/favicon.ico" "/autocompleter" "/opensearch.xml"] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};
};
# URL shortener
"nbt.sh" = mkProxy {
port = 8090;
extraConfig.serverAliases = ["proot.link"];
};
"admin.nbt.sh" = mkProxy {
authelia = true;
port = 8091;
extraConfig.serverAliases = ["admin.proot.link"];
};
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = ["x.protogen.io"];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = ["www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz"];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
};
};
};
# https://gethomepage.dev
services.homepage-dashboard = let
entry = name: value: {"${name}" = value;};
makeBookmark = name: {...} @ attrs: entry name [attrs];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({inherit abbr href;} // lib.optionalAttrs (icon != null) {inherit icon;});
in {
enable = true;
listenPort = 8089;
environmentFile = secrets.homepage.path;
# bookmarks customCSS customJS docker environmentFile kubernetes services settings widgets
settings = {
theme = "dark";
color = "slate";
};
widgets = [
(entry "resources" {
cpu = true;
memory = true;
disk = "/";
})
(entry "search" {
provider = "custom";
target = "_self";
url = "https://searx.protogen.io/search?q=";
suggestionUrl = "https://searx.protogen.io/autocompleter?q=";
showSearchSuggestions = true;
})
];
services = let
service = name: subdomain: icon: {...} @ attrs:
entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
}
// attrs);
basicService = name: subdomain: icon: service name subdomain icon {};
in [
(entry "unsorted" [
(basicService "Firefly III" "firefly" "firefly-iii")
(basicService "Gitea" "gitea" "gitea")
(basicService "Home Assistant" "hass" "home-assistant")
(basicService "Node-RED" "node" "node-red")
(basicService "Zigbee2MQTT" "z2m" "zigbee2mqtt")
(basicService "Code Server (Home Assistant)" "vsc-hass" "vscode")
(basicService "Deemix" "deemix" "deemix")
(basicService "Miniflux" "rss" "miniflux")
(basicService "mlmym" "blahaj" "lemmy-light")
(basicService "Octoprint" "print" "octoprint")
(basicService "SearXNG" "searx" "searxng")
(basicService "TheLounge" "lounge" "thelounge")
(basicService "Paperless" "paper" "paperless-ngx")
(entry "Shlink" {
href = "https://admin.nbt.sh";
icon = "shlink";
})
(basicService "Create Track Map" "trackmap" "")
((x:
service x x x {
widget = {
};
}) "changedetection")
(service "Uptime Kuma" "uptime" "uptime-kuma" {
widget = {
type = "uptimekuma";
url = "https://uptime.protogen.io";
slug = "all";
};
})
(service "Jellyfin" "room" "jellyfin" {
widget = {
type = "jellyfin";
url = "https://room.protogen.io";
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableBlocks = true;
enableNowPlaying = true;
enableUser = true;
};
})
])
];
bookmarks = [
(entry "Admin" [
(makeBookmark' "Backblaze" "backblaze" "BZ" "https://secure.backblaze.com/user_signin.htm")
(makeBookmark' "Cloudflare" "cloudflare" "CF" "https://dash.cloudflare.com")
(makeBookmark' "Porkbun" "porkbun" "PB" "https://porkbun.com/account/domainsSpeedy")
(makeBookmark' "Namecheap" "namechea" "NC" "https://ap.www.namecheap.com/")
])
(entry "Developer" [
(makeBookmark' "GitHub" "github" "GH" "https://github.com")
])
(entry "Local" [
(makeBookmark' "Syncthing" "syncthing" "ST" "http://127.0.0.1:8384")
(makeBookmark' "Iris" null "IR" "http://localhost:6680/iris/")
])
(entry "Entertainment" [
(makeBookmark' "Redlib" "redlib" "RL" "https://redlib.protogen.io")
])
];
};
virtualisation.docker = {
@ -325,7 +484,7 @@
};
# needed for mDNS in Home Assistant
networking.firewall.allowedUDPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [5353];
systemd.services.redlib.environment = {
REDLIB_DEFAULT_SUBSCRIPTIONS = lib.pipe ./reddit-subscriptions.txt [
@ -348,6 +507,41 @@
port = 8087;
};
services.thelounge = {
enable = true;
extraConfig = {
prefetch = true;
prefetchStorage = true;
prefetchMaxImageSize = 8192;
};
};
services.redis.servers.paperless.enable = true;
services.paperless = {
enable = true;
# default is "localhost", binding should not rely on DNS (even if
# localhost is hard-coded 99.999% of the time)
address = "127.0.0.1";
passwordFile = secrets.paperless-admin.path;
settings = {
PAPERLESS_ADMIN_USER = "nullbite";
PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}";
PAPERLESS_URL = "https://paper.protogen.io";
PAPERLESS_TIKA_ENABLED = true;
PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${toString config.services.gotenberg.port}";
};
};
users.users."${config.services.paperless.user}".extraGroups = let
name = config.services.redis.servers.paperless.group;
in [name];
services.gotenberg = {
enable = true;
port = 3002;
};
services.tika.enable = true;
services.anki-sync-server = {
enable = true;
address = "127.0.0.1";

607
hosts/slab/configuration.nix

@ -1,316 +1,319 @@
# vim: set ts=2 sw=2 et foldmethod=marker:
# vim: set ts=2 sw=2 et foldmethod=marker:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, vars, ... }:
{
# nix.settings.experimental-features = ["nix-command" "flakes" ];
config,
lib,
pkgs,
vars,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = [ "subvol=/" ];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = { device = "/boot/EFI/Linux"; options = [ "bind" ]; };
"/efi/EFI/nixos" = { device = "/boot/EFI/nixos"; options = [ "bind" ]; };
})
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
];
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
config = {
# nix.settings.experimental-features = ["nix-command" "flakes" ];
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = ["subvol=/"];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = {
device = "/boot/EFI/Linux";
options = ["bind"];
};
"/efi/EFI/nixos" = {
device = "/boot/EFI/nixos";
options = ["bind"];
};
})
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
}))
];
# specialisation.plasma.configuration = {
# system.nixos.tags = [ "Plasma" ];
# nixfiles = {
# session = "plasma";
# };
# services.displayManager.sddm.enable = lib.mkForce true;
# # services.xserver.displayManager.startx.enable = lib.mkForce false;
# };
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
nixfiles.session = "hyprland";
};
nixfiles.supergfxd.profile = lib.mkDefault "Integrated";
nixfiles = {
profile.workstation.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries.windows = {
name = "Windows Boot Manager";
efiPartUUID = "c8505f55-1f48-47fc-9b3b-3ba16062cafd";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
hardware.opengl.enable = true;
hardware.gps.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
programs = {
adb.enable = true;
unbound.enable = false;
greetd = {
settings = {
autologin = true;
autologinUser = "nullbite";
};
};
};
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = [ "quiet" ];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
};
};
# bootloader setup
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/efi";
};
# grub = {
# enable = true;
# efiSupport = true;
# device = "nodev";
# specialisation.plasma.configuration = {
# system.nixos.tags = [ "Plasma" ];
# nixfiles = {
# session = "plasma";
# };
# services.displayManager.sddm.enable = lib.mkForce true;
# # services.xserver.displayManager.startx.enable = lib.mkForce false;
# };
systemd-boot = {
enable = lib.mkForce (!config.boot.lanzaboote.enable);
xbootldrMountPoint = "/boot";
netbootxyz.enable = true;
memtest86.enable = true;
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
nixfiles.session = "hyprland";
};
nixfiles.supergfxd.profile = lib.mkDefault "Integrated";
nixfiles = {
profile.workstation.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries.windows = {
name = "Windows Boot Manager";
efiPartUUID = "c8505f55-1f48-47fc-9b3b-3ba16062cafd";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
hardware.opengl.enable = true;
hardware.gps.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
programs = {
adb.enable = true;
unbound.enable = false;
greetd = {
settings = {
autologin = true;
autologinUser = "nullbite";
};
};
};
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = ["quiet"];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device = "/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
};
};
# bootloader setup
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/efi";
};
# grub = {
# enable = true;
# efiSupport = true;
# device = "nodev";
# };
systemd-boot = {
enable = lib.mkForce (!config.boot.lanzaboote.enable);
xbootldrMountPoint = "/boot";
netbootxyz.enable = true;
memtest86.enable = true;
};
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings.reboot-for-bitlocker = true;
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable ["tcp://pixel.magpie-moth.ts.net:6000"];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
unitConfig.DefaultDependencies = "no";
});
# might make hibernate better idk
systemd.sleep.extraConfig = ''
disk=shutdown
'';
services.logind = {
lidSwitch = "lock";
suspendKey = "hibernate";
};
services.xserver.videoDrivers = ["amdgpu"];
# {{{ old config
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# }}}
# Set your time zone.
# time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;
# {{{ old config
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# users.users.nullbite = {
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# packages = with pkgs; [
# firefox
# keychain
# ];
# initialPassword = "changeme";
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
# keybindings = true;
# fuzzyCompletion = true;
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# curl
# git
# stow
# zsh
# ntfs3g
# fd
# ripgrep
# sbctl
# comma
# ];
# Allow unfree packages
# nixpkgs.config.allowUnfree = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh = {
# enable = true;
# openFirewall = true;
# settings = {
# };
# };
# services.tailscale.enable = true;
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings.reboot-for-bitlocker = true;
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable [ "tcp://pixel.magpie-moth.ts.net:6000" ];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
unitConfig.DefaultDependencies = "no";
});
# might make hibernate better idk
systemd.sleep.extraConfig = ''
disk=shutdown
'';
services.logind = {
lidSwitch = "lock";
suspendKey = "hibernate";
};
services.xserver.videoDrivers = ["amdgpu"];
# {{{ old config
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# }}}
# Set your time zone.
# time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;
# {{{ old config
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# users.users.nullbite = {
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# packages = with pkgs; [
# firefox
# keychain
# ];
# initialPassword = "changeme";
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
# keybindings = true;
# fuzzyCompletion = true;
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# curl
# git
# stow
# zsh
# ntfs3g
# fd
# ripgrep
# sbctl
# comma
# ];
# Allow unfree packages
# nixpkgs.config.allowUnfree = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh = {
# enable = true;
# openFirewall = true;
# settings = {
# };
# };
# services.tailscale.enable = true;
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

86
hosts/slab/hardware-configuration.nix

@ -1,55 +1,59 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/efi" =
{ device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; }
];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a";}
];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

13
hosts/slab/home.nix

@ -1,5 +1,10 @@
{ lib, pkgs, osConfig, config, ... }:
{
lib,
pkgs,
osConfig,
config,
...
}: {
imports = [
../../home
];
@ -9,7 +14,7 @@
profile.base.enable = true;
common.wm.keybinds = {
Launch1="playerctl play-pause"; # ROG key
Launch1 = "playerctl play-pause"; # ROG key
# Launch3="true"; # AURA fn key
# Launch4="true"; # fan control fn key
};
@ -17,8 +22,8 @@
home.stateVersion = "23.11";
# TODO mkif stylix.enable; danth/stylix#216
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) { size = 32; };
stylix.cursor = { size = 32; };
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) {size = 32;};
stylix.cursor = lib.mkIf config.stylix.enable {size = 32;};
nixfiles.theming.catppuccin.themeDPI = "hdpi";

19
hosts/slab/nvidia-optimus.nix

@ -1,11 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.supergfxd.enable = true;
specialisation = {
nvidia.configuration = {
system.nixos.tags = [ "NVIDIA" ];
system.nixos.tags = ["NVIDIA"];
nixfiles.supergfxd.profile = "Hybrid";
@ -15,9 +17,9 @@
hardware.nvidia = {
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
@ -30,7 +32,8 @@
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in version;
in
version;
prime = {
offload = {

14
hosts/slab/supergfxd.nix

@ -1,5 +1,10 @@
{ pkgs, lib, config, options, ... }@args:
let
{
pkgs,
lib,
config,
options,
...
} @ args: let
gfx = {
Integrated = {
supergfxd = pkgs.writeText "supergfxd-integrated" ''
@ -69,7 +74,8 @@ let
isKeyInAttrset = let
getKeys = attrset: lib.mapAttrsToList (name: _: name) attrset;
isInList = key: list: lib.any (x: x == key) list;
in key: attrset: isInList key (getKeys attrset);
in
key: attrset: isInList key (getKeys attrset);
inherit (lib) mkIf mkOption types;
in {
@ -83,7 +89,7 @@ in {
};
config = {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
# TODO actually configure the system settings here
"supergfxd.conf" = {
source = gfx.${cfg.profile}.supergfxd;

35
lib/nixfiles/default.nix

@ -1,8 +1,31 @@
{ pkgs, ... }:
let
{...} @ attrs: let
# compatibility with old loading system (this looks awful fix this when i
# fully migrate to flake-parts). this constructs an attrset that resembles
# what the old args used to look like in attrs', so i don't have to rewrite
# all of the glue. it creates a fake pkgs value containing only `lib`.
#
# actually no idk if i can fix this because it needs to be accessible from
# everything (flake, nixos/home-manager modules, maybe derivations). this
# might be the best way to do this so i can pass in either pkgs or lib based
# on the current context, and just return relevant libraries based on that
# input.
#
# create empty `pkgs` with lib only `lib` attr as fallback
pkgs = attrs.pkgs or {inherit (attrs) lib;};
# inherit lib from whatever `pkgs` happens to be
inherit (pkgs) lib;
# compat
attrs' = attrs // {inherit pkgs;};
in
{
types = (import ./types.nix) { inherit pkgs; };
minecraft = (import ./minecraft.nix) { inherit pkgs; };
}
{
types = (import ./types.nix) attrs';
}
# only if an actual `pkgs` was passed
// lib.optionalAttrs (attrs ? pkgs) {
minecraft = (import ./minecraft.nix) attrs';
}
# modules that rely on `self` (flake)
// lib.optionalAttrs (attrs ? self) {
flake-legacy = (import ./flake-legacy.nix) attrs';
}

259
lib/nixfiles/flake-legacy.nix Normal file

@ -0,0 +1,259 @@
{
self,
lib,
moduleAttrs,
...
}: let
inherit (moduleAttrs.config.nixfiles.common) overlays;
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "Europe/Amsterdam";
# Variables to be passed to NixOS modules in the vars attrset
vars = {
inherit username mobileTimeZone self;
};
# funciton to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
inherit (self) inputs outputs;
inherit (inputs) nixpkgs nixpkgs-unstable home-manager home-manager-unstable;
in rec {
# This function produces a module that adds the home-manager module to the
# system and configures the given module to the user's Home Manager
# configuration
homeManagerInit = let
_username = username;
_nixpkgs = nixpkgs;
in
{
system,
nixpkgs ? _nixpkgs, # this is so modules can know which flake the system is using
home-manager ? inputs.home-manager,
username ? _username,
module ? _: {},
rootModule ? (import (self + "/home/root.nix")),
userModules ? {
${username} = [module];
root = [rootModule];
},
stateVersion ? null,
}: {
config,
lib,
pkgs,
...
}: let
mapUserModules = lib.attrsets.mapAttrs (user: modules: {lib, ...}: {
imports =
[
(self + "/home")
]
++ modules;
config = {
home = lib.mkIf (!(builtins.isNull stateVersion)) {inherit stateVersion;};
};
});
users = mapUserModules userModules;
in {
imports = [
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = lib.mkDefault false;
useUserPackages = lib.mkDefault true;
backupFileExtension = "hm.bak";
inherit users;
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
};
# TODO rewrite this so it follows the same wrapper pattern as
# mkHome This function produces a nixosSystem which imports
# configuration.nix and a Home Manager home.nix for the given user
# from ./hosts/${hostname}/
#
# nevermind i am migrating everything to flake-parts, i'm glad i
# never got around to this. i think the module system takes care of
# whatever the fuck godforsaken use-case i had for rewriting this
# (more ergonomic and/or default arguments or something).
mkSystemN = let
_username = username;
_overlays = overlays;
in
{
nixpkgs ? inputs.nixpkgs,
home-manager ? inputs.home-manager,
username ? _username,
entrypoint ? (self + "/system"),
modules ? [],
stateVersion ? null,
config ? {},
overlays ? _overlays,
system,
...
} @ args: let
_modules =
[entrypoint config]
++ modules
++ [
{
nixpkgs.config = {
inherit overlays;
allowUnfree = true;
};
}
]
++ lib.optional (args ? stateVersion) {config.system.stateVersion = stateVersion;};
in
nixpkgs.lib.nixosSystem {
};
mkSystem = let
_username = username;
_overlays = overlays;
_nixpkgs = nixpkgs;
in
{
system,
nixpkgs ? _nixpkgs,
home-manager ? inputs.home-manager,
overlays ? _overlays,
hostname,
username ? _username,
stateVersion,
extraModules ? [],
}:
nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
(self + "/system")
({
pkgs,
config,
lib,
...
} @ args: {
# Values for every single system that would not conceivably need
# to be made modular
system.stateVersion = stateVersion;
nixpkgs = {
inherit overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
})
(self + "/hosts/${hostname}/configuration.nix")
(homeManagerInit {
inherit nixpkgs home-manager;
module = import (self + "/hosts/${hostname}/home.nix");
inherit username system stateVersion;
})
]
++ extraModules;
specialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
mkWSLSystem = let
_username = username;
in
{
username ? _username,
extraModules ? [],
...
} @ args: let
WSLModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = username;
};
override = {extraModules = extraModules ++ [WSLModule];};
in
mkSystem (args // override);
mkISOSystem = system:
inputs.nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
"${inputs.nixpkgs-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
({
config,
pkgs,
lib,
...
}: {
environment.systemPackages = with pkgs; [
neovim
gparted
];
})
];
};
# Make a home-manager standalone configuration. This implementation is
# better than mkSystem because it extends homeManagerConfiguration.
mkHome = let
_home-manager = inputs.home-manager;
_nixpkgs = inputs.nixpkgs;
_username = username;
in
{
home-manager ? _home-manager,
nixpkgs ? _nixpkgs,
username ? _username,
homeDirectory ? "/home/${username}",
entrypoint ? (self + "/home/standalone.nix"),
modules ? [],
stateVersion ? null,
config ? {},
system,
...
} @ args: let
_modules =
[entrypoint]
++ modules
++ [config]
++ [
{
config = {
home = {
inherit username homeDirectory;
};
nixpkgs.config = {
allowUnfree = true;
};
};
}
]
++ lib.optional (args ? stateVersion) {config.home.stateVersion = stateVersion;};
in
home-manager.lib.homeManagerConfiguration ({
modules = _modules;
pkgs = import nixpkgs {inherit system overlays;};
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
# this is needed because modules don't use the default arg for some reason???
osConfig = {};
};
}
// builtins.removeAttrs args
["system" "nixpkgs" "home-manager" "modules" "username" "homeDirectory" "stateVersion" "entrypoint" "config"]);
}

102
lib/nixfiles/minecraft.nix

@ -1,14 +1,19 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
inherit (pkgs) lib;
in
{
mkServer = { modpack ? null, modpackSymlinks ? [], modpackFiles ? [], jvmOpts ? null, ...}@opts: let
in {
mkServer = {
modpack ? null,
modpackSymlinks ? [],
modpackFiles ? [],
jvmOpts ? null,
...
} @ opts: let
# log4j exploit is bad and scary and i have no idea if this is still needed
# but it's best to be on the safe side
jvmOptsPatched = let
requiredJvmOpts = "-Dlog4j2.formatMsgNoLookups=true";
in if (!(builtins.isNull jvmOpts))
in
if (!(builtins.isNull jvmOpts))
then requiredJvmOpts + " " + jvmOpts
else requiredJvmOpts;
@ -17,51 +22,58 @@ in
serverPackage = let
mcVersion = modpack.manifest.versions.minecraft;
fixedVersion = lib.replaceStrings [ "." ] [ "_" ] mcVersion;
fixedVersion = lib.replaceStrings ["."] ["_"] mcVersion;
quiltVersion = modpack.manifest.versions.quilt or null;
fabricVersion = modpack.manifest.versions.fabric or null;
loader = if (!(builtins.isNull quiltVersion)) then "quilt" else "fabric";
loaderVersion = if loader == "quilt" then quiltVersion else fabricVersion;
in pkgs.minecraftServers."${loader}-${fixedVersion}".override { inherit loaderVersion; };
loader =
if (!(builtins.isNull quiltVersion))
then "quilt"
else "fabric";
loaderVersion =
if loader == "quilt"
then quiltVersion
else fabricVersion;
in
pkgs.minecraftServers."${loader}-${fixedVersion}".override {inherit loaderVersion;};
in
lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
in lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# no telemetry
snooper-enabled = lib.mkDefault false;
# no telemetry
snooper-enabled = lib.mkDefault false;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts [ "modpack" "modpackSymlinks" "modpackFiles" "jvmOpts" ])
];
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts ["modpack" "modpackSymlinks" "modpackFiles" "jvmOpts"])
];
}

19
lib/nixfiles/module.nix Normal file

@ -0,0 +1,19 @@
{
lib,
self,
...
} @ moduleAttrs: let
inherit (lib) types;
nixfiles-lib = (import ./.) {inherit lib self moduleAttrs;};
in {
options.nixfiles.lib = lib.mkOption {
description = "nixfiles library";
type = types.attrs;
readOnly = true;
default = nixfiles-lib;
};
config._module.args = {
inherit nixfiles-lib;
};
}

22
lib/nixfiles/types.nix

@ -1,13 +1,21 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
inherit (pkgs) lib;
inherit (lib.types) mkOptionType;
inherit (lib.options) mergeEqualOption;
in
{
in {
mkCheckedType = type:
mkOptionType {
name = "${type}";
description = "Attribute set of type ${type}";
descriptionClass = "noun";
merge = mergeEqualOption;
check = value: value._type or "" == "${type}";
};
flake = mkOptionType {
name="flake";
description="Nix flake";
name = "flake";
description = "Nix flake";
descriptionClass = "noun";
merge = mergeEqualOption; check = (value: value._type or "" == "flake"); };
merge = mergeEqualOption;
check = value: value._type or "" == "flake";
};
}

3
modules/home-manager/default.nix

@ -1,2 +1 @@
_:
{}
_: {}

3
modules/nixos/default.nix

@ -1,3 +1,2 @@
{...}@moduleInputs:
{
{...} @ moduleInputs: {
}

92
overlays/backports.nix

@ -1,42 +1,68 @@
nixfiles: final: prev:
let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable { config.allowUnfree = true; inherit (final) system; };
inherit (final) callPackage kdePackages lib;
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable {
config.allowUnfree = true;
inherit (final) system;
};
inherit (final) callPackage kdePackages lib;
backport = let
_callPackage = callPackage;
in { pkgname,
backport = let
_callPackage = callPackage;
in
{
pkgname,
callPackage ? _callPackage,
new ? pkgs-unstable,
override ? {} } : let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
override ? {},
}: let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
getAttr' = name: attrs: if isString pkgname then getAttr name attrs else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
getAttr' = name: attrs:
if isString pkgname
then getAttr name attrs
else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in
if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
backport' = pkgname: backport { inherit pkgname; };
backport' = pkgname: backport {inherit pkgname;};
# defined locally to not pull in perl from unstable
stripJavaArchivesHook = final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [ final.strip-nondeterminism ];
} ./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport { pkgname="obsidian"; override.electron = final.electron_28; };
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
# defined locally to not pull in perl from unstable
stripJavaArchivesHook =
final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [final.strip-nondeterminism];
}
./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport {
pkgname = "obsidian";
override.electron = final.electron_28;
};
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
};
};
};
in {
config.flake.overlays.backports = overlay;
}

32
overlays/default.nix

@ -1,17 +1,21 @@
nixfiles:
let
inherit (nixfiles.inputs.nixpkgs) lib;
# this name is awful. maybe i don't know anything about functional
# programming or something, but the naming isn't very self explanatory
# - why is it "compose" instead of "combine"
# - why is it "extensions" instead of "overlays"
{
config,
lib,
...
}: let
inherit (lib) composeManyExtensions;
in rec {
backports = import ./backports.nix nixfiles;
mitigations = import ./mitigations.nix nixfiles;
modpacks = import ./modpacks.nix nixfiles;
default = composeManyExtensions [
backports
mitigations
cfg = config.flake.overlays;
in {
imports = [
./mitigations.nix
./backports.nix
./modpacks.nix
];
config.flake.overlays = {
default = with cfg;
composeManyExtensions [
backports
mitigations
];
};
}

183
overlays/mitigations.nix

@ -1,61 +1,142 @@
nixfiles: final: prev:
let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath { inherit (prev) system; };
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath {
inherit (prev) system;
config.allowUnfree = true;
};
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
inherit (final) lib callPackage fetchFromGitHub;
inherit (lib) recurseIntoAttrs optionalAttrs
versionOlder versionAtLeast;
inherit (final) callPackage fetchFromGitHub;
inherit
(lib)
recurseIntoAttrs
optionalAttrs
versionOlder
versionAtLeast
;
pkgsFromFlake = flake: (import flake.outPath) { inherit (prev) system; };
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs: if versionAtLeast ours.version theirs.version then ours else theirs;
pickNewer = ours: theirs: if versionOlder theirs.version ours.version then ours else theirs;
pkgsFromFlake = flake: (import flake.outPath) {inherit (prev) system;};
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs:
if versionAtLeast ours.version theirs.version
then ours
else theirs;
pickNewer = ours: theirs:
if versionOlder theirs.version ours.version
then ours
else theirs;
hold = now: days: ours: theirs: let
hold = now: days: ours: theirs: let
seconds = days * 24 * 60 * 60;
endTimestamp = now + seconds;
in if now < endTimestamp then ours else theirs;
in
if now < endTimestamp
then ours
else theirs;
optionalPkg = cond: val: if cond then val else null;
optionalPkg = cond: val:
if cond
then val
else null;
gimp-with-plugins-good = let
badPlugins = [ "gap" ];
itemInList = list: item: lib.any (x: x==item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in prev.gimp-with-plugins.override { inherit plugins; };
gimp-with-plugins-good = let
badPlugins = ["gap"];
itemInList = list: item: lib.any (x: x == item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in
prev.gimp-with-plugins.override {inherit plugins;};
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in
{
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in
pickNewer old new;
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
gimp-with-plugins = gimp-with-plugins-good;
nwg-displays = let
stable = pkgsStable.nwg-displays;
unstable = prev.nwg-displays;
now = 1739114541;
in
hold now 7 stable unstable;
libreoffice = let
stable = pkgsStable.libreoffice;
unstable = prev.libreoffice;
now = 1739558971;
in
hold now 7 stable unstable;
gotenberg = let
stable = pkgsStable.gotenberg;
unstable = prev.gotenberg;
now = 1745707083;
in
hold now 90 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in
pickNewer redlib-new redlib;
rustdesk-flutter = let
stable = pkgsStable.rustdesk-flutter;
unstable = prev.rustdesk-flutter;
now = 1741899501;
in
hold now 7 stable unstable;
}
// (
lib.genAttrs [
"mopidyPackages"
"mopidy"
"mopidy-bandcamp"
"mopidy-iris"
"mopidy-jellyfin"
"mopidy-local"
"mopidy-moped"
"mopidy-mopify"
"mopidy-mpd"
"mopidy-mpris"
"mopidy-muse"
"mopidy-musicbox-webclient"
"mopidy-notify"
"mopidy-podcast"
"mopidy-scrobbler"
"mopidy-somafm"
"mopidy-soundcloud"
"mopidy-spotify"
"mopidy-subidy"
"mopidy-tidal"
"mopidy-tunein"
"mopidy-youtube"
"mopidy-ytmusic"
] (name: let
pkgs-mopidy = (import inputs.nixpkgs-mopidy) {inherit (prev) system;};
unstable = prev."${name}";
stable = pkgs-mopidy."${name}";
now = 1740786429;
in
# pin for at least 90 days because who knows when this will be fixed
# https://github.com/mopidy/mopidy/issues/2183
hold now 90 stable unstable)
);
in {
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in pickNewer old new;
gimp-with-plugins = gimp-with-plugins-good;
easyeffects = let
stable = pkgsStable.easyeffects;
unstable = prev.easyeffects;
in if updateTime < 1726148749 then stable else unstable;
compsize = let
stable = pkgsStable.compsize;
unstable = prev.compsize;
now = 1724786296;
in hold now 7 stable unstable;
qgis = let
stable = pkgsStable.qgis;
unstable = prev.qgis;
now = 1733871491;
in hold now 7 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in pickNewer redlib-new redlib;
config.flake.overlays.mitigations = overlay;
}

59
overlays/modpacks.nix

@ -1,27 +1,40 @@
nixfiles: final: prev:
let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in
final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [ final.unzip ];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [final.unzip];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
};
in {
modpacks = {
inherit notlite notlite-ctm-static;
};
};
in {
modpacks = {
inherit notlite notlite-ctm-static;
};
config.flake.overlays.modpacks = overlay;
}

18
pkgs/apps.nix

@ -1,9 +1,15 @@
{ packages, system, ... }:
let _packages = packages; in
let
packages = _packages.${system};
mkApp = program: { type = "app"; inherit program; };
in
{
packages,
system,
...
}: let
_packages = packages;
in let
packages = _packages.${system};
mkApp = program: {
type = "app";
inherit program;
};
in {
keysetting = mkApp "${packages.wm-helpers}/bin/keysetting";
}

39
pkgs/atool-wrapped/default.nix

@ -1,4 +1,5 @@
{ lib,
{
lib,
atool,
makeBinaryWrapper,
stdenvNoCC,
@ -14,24 +15,24 @@
p7zip,
unrar,
lha,
unfree ? false }:
let
unfree ? false,
}: let
wrappedPath = lib.makeBinPath ([lzip plzip lzop xz zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
in
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeBinaryWrapper ];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = ["installPhase"];
nativeBuildInputs = [makeBinaryWrapper];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}

23
pkgs/cofi/shell.nix

@ -1,16 +1,15 @@
{ pkgs ? import <nixpkgs> {} }:
let
{pkgs ? import <nixpkgs> {}}: let
rofi-dmenu-wrapped = pkgs.writeShellScript "rofi-dmenu" ''
exec "${pkgs.rofi-wayland}/bin/rofi" -dmenu "$@"
'';
in
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}

17
pkgs/cross-seed/default.nix Normal file

@ -0,0 +1,17 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec {
pname = "cross-seed";
version = "6.11.2";
src = fetchFromGitHub {
owner = "cross-seed";
repo = "cross-seed";
rev = "v${version}";
hash = "sha256-m/TlEAW9BFEXOvBixOj09ylgstgHKL48e9zC50fzD5g=";
};
npmDepsHash = "sha256-c8wTvEA7QQb17gBHdBKMUatn8I/wKOhXP1W5ftH3pJc=";
}

19
pkgs/default.nix

@ -1,16 +1,15 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
inherit (pkgs) callPackage callPackages;
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
{
inherit (mopidyPackages) mopidy-autoplay ;
google-fonts = callPackage ./google-fonts { };
wm-helpers = callPackage ./wm-helpers { };
atool = callPackage ./atool-wrapped { };
nixfiles-assets = callPackage ./nixfiles-assets { };
redlib = callPackage ./redlib { };
in {
inherit (mopidyPackages) mopidy-autoplay;
google-fonts = callPackage ./google-fonts {};
wm-helpers = callPackage ./wm-helpers {};
atool = callPackage ./atool-wrapped {};
nixfiles-assets = callPackage ./nixfiles-assets {};
redlib = callPackage ./redlib {};
cross-seed = callPackage ./cross-seed {};
}

48
pkgs/google-fonts/default.nix

@ -1,9 +1,9 @@
{ lib
, stdenvNoCC
, fetchFromGitHub
, fonts ? []
{
lib,
stdenvNoCC,
fetchFromGitHub,
fonts ? [],
}:
stdenvNoCC.mkDerivation {
pname = "google-fonts";
version = "unstable-2023-10-20";
@ -11,7 +11,7 @@ stdenvNoCC.mkDerivation {
# Adobe Blank is split out in a separate output,
# because it causes crashes with `libfontconfig`.
# It has an absurd number of symbols
outputs = [ "out" "adobeBlank" ];
outputs = ["out" "adobeBlank"];
src = fetchFromGitHub {
owner = "google";
@ -45,26 +45,32 @@ stdenvNoCC.mkDerivation {
# FamilyName.ttf. This installs all fonts if fonts is empty and otherwise
# only the specified fonts by FamilyName.
fonts = map (font: builtins.replaceStrings [" "] [""] font) fonts;
installPhase = ''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
'' + (if fonts == [] then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
'' else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
'');
installPhase =
''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
''
+ (
if fonts == []
then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
''
else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
''
);
meta = with lib; {
homepage = "https://fonts.google.com";
description = "Font files available from Google Fonts";
license = with licenses; [ asl20 ofl ufl ];
license = with licenses; [asl20 ofl ufl];
platforms = platforms.all;
hydraPlatforms = [];
maintainers = with maintainers; [ manveru ];
sourceProvenance = [ sourceTypes.binaryBytecode ];
maintainers = with maintainers; [manveru];
sourceProvenance = [sourceTypes.binaryBytecode];
};
}

51
pkgs/legacy-module.nix Normal file

@ -0,0 +1,51 @@
{
inputs,
self,
config,
lib,
options,
...
}: let
cfg = config.nixfiles.outputs.packages;
inherit (lib) mapAttrs mkEnableOption mkIf;
in {
options.nixfiles.outputs.packages = {
enable =
mkEnableOption ""
// {
description = ''
Whether to generate the packages output.
'';
default = true;
};
};
config = mkIf cfg.enable {
perSystem = {
system,
inputs',
self',
pkgs,
...
}: {
packages = let
inherit (pkgs) callPackage callPackages;
# i forget how this works so i'm not messing with it.
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
(mapAttrs (_: v: callPackage v {}) {
google-fonts = ./google-fonts;
wm-helpers = ./wm-helpers;
atool = ./atool-wrapped;
nixfiles-assets = ./nixfiles-assets;
redlib = ./redlib;
cross-seed = ./cross-seed;
})
// {
inherit (mopidyPackages) mopidy-autoplay;
};
};
};
}

61
pkgs/lucem/default.nix Normal file

@ -0,0 +1,61 @@
{
lib,
buildNimPackage,
curl,
gtk4,
libadwaita,
pkg-config,
openssl,
xorg,
libxkbcommon,
libGL,
wayland,
wayland-protocols,
wayland-scanner,
fetchFromGitHub,
}:
buildNimPackage (finalAttrs: {
pname = "lucem";
version = "2.1.2";
src = fetchFromGitHub {
owner = "xTrayambak";
repo = "lucem";
tag = finalAttrs.version;
hash = "sha256-9i7YMXG6hXMcQmVdPYX+YxrtQPHZE1RZb+gv5dGEff8=";
};
patches = [
./lucem-disable-auto-updater.patch
];
lockFile = ./lock.json;
buildInputs = [
gtk4.dev
libadwaita.dev
openssl.dev
curl.dev
xorg.libX11
xorg.libXcursor.dev
xorg.libXrender
xorg.libXext
libxkbcommon.dev
libGL.dev
wayland.dev
wayland-protocols
wayland-scanner.dev
];
nativeBuildInputs = [
pkg-config
];
# env.LD_LIBRARY_PATH = lib.makeLibraryPath [
# gtk4.dev
# libadwaita.dev
# pkg-config
# curl.dev
# openssl.dev
# wayland.dev
# ];
})

291
pkgs/lucem/lock.json Normal file

@ -0,0 +1,291 @@
{
"depends": [
{
"method": "fetchzip",
"path": "/nix/store/n3pckbrnpfnlcm7n0c5i75lgl47ghgha-source",
"rev": "d9ee0328d5cec8fd216d3ce8676cebf1976e9272",
"sha256": "02wq4wad7r517rls5n1i9gww9a138a20kiy3d2ax723s3h6s0srg",
"url": "https://github.com/4zv4l/colored_logger/archive/d9ee0328d5cec8fd216d3ce8676cebf1976e9272.tar.gz",
"ref": "HEAD",
"packages": [
"colored_logger"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bzcq8q439rdsqhhihikzv3rsx4l4ybdm-source",
"rev": "ea811bec7fa50f5abd3088ba94cda74285e93f18",
"sha256": "1720iqsxjhqmhw1zhhs7d2ncdz25r8fqadls1p1iry1wfikjlnba",
"url": "https://github.com/treeform/jsony/archive/ea811bec7fa50f5abd3088ba94cda74285e93f18.tar.gz",
"ref": "1.1.5",
"packages": [
"jsony"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f3ghbm17akdg7dj5sarr616hvma09dr5-source",
"rev": "fea85b27f0badcf617033ca1bc05444b5fd8aa7a",
"sha256": "1m96c3k83sj1z2vgjp55fplzf0kym6hhhym4ywydjl9x4zw1a5la",
"url": "https://github.com/status-im/nim-toml-serialization/archive/fea85b27f0badcf617033ca1bc05444b5fd8aa7a.tar.gz",
"ref": "HEAD",
"packages": [
"toml_serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/idsbhi7xb4dmfqbmbl5dq47qh2vs6mjj-source",
"rev": "9e770046c5cdf23d395d6b21c4657345481b1c76",
"sha256": "1li0r6ng3ynzh5qb12qs6czmaaay7gw45khs2niz291nia6navl1",
"url": "https://github.com/treeform/pretty/archive/9e770046c5cdf23d395d6b21c4657345481b1c76.tar.gz",
"ref": "0.2.0",
"packages": [
"pretty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/ax2p5d7wz6ipj0y2zpd9rckzzj7a6f0q-source",
"rev": "861092dc931e754650a735af590fbc34becc3942",
"sha256": "100vxxdpzayj44syfkwn5nrpk5189qiky43xh7w3k908yxrq0jbj",
"url": "https://github.com/can-lehmann/owlkettle/archive/861092dc931e754650a735af590fbc34becc3942.tar.gz",
"ref": "v3.0.0",
"packages": [
"owlkettle"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/y4f3wxlh76h10kflz7vqmkd4vniqp6kw-source",
"rev": "309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81",
"sha256": "0b7givvg0lij4qkv8xpisp0ahcadggavpb85jds5z5k19palh74c",
"url": "https://github.com/nimgl/nimgl/archive/309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81.tar.gz",
"ref": "1.3.2",
"packages": [
"nimgl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nqnhn3vpi49aj4pn722c1qpinnzq056b-source",
"rev": "7b4266458b7435349b28a4468e0af58f1674b198",
"sha256": "12j4rzlxpibxy2jfah21qj1lf63rbkkki971y5i52dmnp84bhjzp",
"url": "https://github.com/treeform/netty/archive/7b4266458b7435349b28a4468e0af58f1674b198.tar.gz",
"ref": "0.2.1",
"packages": [
"netty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/cbzq2fmn5582kqx3w9ima7ll4x19cmx1-source",
"rev": "a0f42baacbc48f4e5924b18854c0df9dcc251466",
"sha256": "0033kxrh8s3wmmh5ky6vlbjk2mq3c3vy0syvl5rwah2zmg0k6wzf",
"url": "https://github.com/guzba/curly/archive/a0f42baacbc48f4e5924b18854c0df9dcc251466.tar.gz",
"ref": "1.1.1",
"packages": [
"curly"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nzqdyy9q0q0rrlpmjmihrq084nyskidd-source",
"rev": "44dc097236de00c09ffed13d4e4aeaff1473870e",
"sha256": "0m7bdiz3dnmdb5cc8k4sksmb71mlg1n75582zv5hhvp2jsj9sxsa",
"url": "https://github.com/johnnovak/nim-nanovg/archive/44dc097236de00c09ffed13d4e4aeaff1473870e.tar.gz",
"ref": "v0.4.0",
"packages": [
"nanovg"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/85w9njq4kkp7cjhz40bmmksiv0053p50-source",
"rev": "9ce9aa3efa84f55bbf3d29ef0517b2411d08a357",
"sha256": "1lm4iynl0c8hzizwc723b29ss6cw78hhr6k62a7x7ddycmxyxsnm",
"url": "https://github.com/levovix0/siwin/archive/9ce9aa3efa84f55bbf3d29ef0517b2411d08a357.tar.gz",
"packages": [
"siwin"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/dvv6cgzl9xmax5rmjxnp5wrr08ibvjaw-source",
"rev": "8e2e098f82dc5eefd874488c37b5830233cd18f4",
"sha256": "01csz5bl4jiv7jx76k7izgknl7k73y2i9hd9s6brlhfqhq7cqxmz",
"url": "https://github.com/nim-lang/opengl/archive/8e2e098f82dc5eefd874488c37b5830233cd18f4.tar.gz",
"ref": "1.2.9",
"packages": [
"opengl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/h98460b96pynrpwxawaq21w6rjhamlvi-source",
"rev": "ec7732a4810441a937fe3059494ba338090c4957",
"sha256": "0dw33jprxrc23bj0b6ypbg6n940nzxlrxa57df88q4ly1xvi6w1h",
"url": "https://github.com/euantorano/semver.nim/archive/ec7732a4810441a937fe3059494ba338090c4957.tar.gz",
"ref": "v1.2.3",
"packages": [
"semver"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/d6c7dvmzzvc1ja7kf65jbclbjv74zll7-source",
"rev": "2086c99608b4bf472e1ef5fe063710f280243396",
"sha256": "1m7c9bvxarw167kd5mpfnddzydji03azhz347hvad592qfw4vwrc",
"url": "https://github.com/status-im/nim-serialization/archive/2086c99608b4bf472e1ef5fe063710f280243396.tar.gz",
"ref": "v0.2.6",
"packages": [
"serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/a5kmnnbk27rxk9vsx1vchiiq9znkpijf-source",
"rev": "79e4fa5a9d3374db17ed63622714d3e1094c7f34",
"sha256": "0x92sgnxczwx5ak067d6169j9qm0cdpbrcpp1ijrzgyfgknpyq0r",
"url": "https://github.com/status-im/nim-stew/archive/79e4fa5a9d3374db17ed63622714d3e1094c7f34.tar.gz",
"ref": "v0.2.0",
"packages": [
"stew"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/vx0a8hw7hs5an0dnbrn6l16bd6is7hdr-source",
"rev": "07f6ba8ab96238e5bd1264cf0cea1d1746abb00c",
"sha256": "005nrldaasfl09zdsni1vi8s7dk0y85ijv6rm2wpj94435x66s36",
"url": "https://github.com/treeform/flatty/archive/07f6ba8ab96238e5bd1264cf0cea1d1746abb00c.tar.gz",
"ref": "0.3.4",
"packages": [
"flatty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bqmdy8vic5wfvpc9hqp4rfrhjlxz4d7c-source",
"rev": "45b2b0bb753fe2376a205a183b2b3f291e19ba14",
"sha256": "1yz1lcclmhvji34ccymglzg535b3xfz0x4m12n3n22cxz156j63x",
"url": "https://github.com/Araq/libcurl/archive/45b2b0bb753fe2376a205a183b2b3f291e19ba14.tar.gz",
"ref": "v1.0.0",
"packages": [
"libcurl"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/zcd2hmjxlkp1bpb7c9xrpg153ssj3w0b-source",
"rev": "a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f",
"sha256": "16qdnyql8d7nm7nwwpq0maflm3p6cpbb2jfaqx6xkld9xkc9lsbv",
"url": "https://github.com/guzba/zippy/archive/a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f.tar.gz",
"ref": "0.10.16",
"packages": [
"zippy"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/4q986rlniaxascxkvx4q8rsx12frjd51-source",
"rev": "325d6ade0970562bee7d7d53961a2c3287f0c4bc",
"sha256": "0qa8hzvamsdszygra3lcc92zk6rzm3gh1mzgjq9khbanzbg3y67n",
"url": "https://github.com/treeform/webby/archive/325d6ade0970562bee7d7d53961a2c3287f0c4bc.tar.gz",
"ref": "0.2.1",
"packages": [
"webby"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/lk4hcmvwvliliyyidx7k3fk9yfijddc5-source",
"rev": "b2e71179174e040884ebf6a16cbac711c84620b9",
"sha256": "0pi6cq43ysm1wy5vva3i2dqvyh4dqppjjjl04yj9wfq7mngpqaa1",
"url": "https://github.com/treeform/chroma/archive/b2e71179174e040884ebf6a16cbac711c84620b9.tar.gz",
"ref": "0.2.7",
"packages": [
"chroma"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f9dp6njaay5rf32f6l9gkw0dm25gim47-source",
"rev": "7282ae1247f2f384ebeaec3826d7fa38fd0e1df1",
"sha256": "1plw9lfrm42qar01rnjhm0d9mkzsc7c3b8kz43w5pb8j8drx1lyn",
"url": "https://github.com/treeform/vmath/archive/7282ae1247f2f384ebeaec3826d7fa38fd0e1df1.tar.gz",
"ref": "2.0.0",
"packages": [
"vmath"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/8qaywzr8nzsiddjba77nhf75hzmxx0d9-source",
"rev": "29aca5e519ebf5d833f63a6a2769e62ec7bfb83a",
"sha256": "16npqgmi2qawjxaddj9ax15rfpdc7sqc37i2r5vg23lyr6znq4wc",
"url": "https://github.com/nim-lang/x11/archive/29aca5e519ebf5d833f63a6a2769e62ec7bfb83a.tar.gz",
"ref": "1.2",
"packages": [
"x11"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/cxdwn7p4cis5hd5w4jsn8lql5vzx5civ-source",
"rev": "2b08c774afaafd600cf4c6f994cf78b8aa090c0c",
"sha256": "10zl9a5phdsjj811v8by0yzadfc8d3azaj878an2hr8qsfi9y1ps",
"url": "https://github.com/status-im/nim-faststreams/archive/2b08c774afaafd600cf4c6f994cf78b8aa090c0c.tar.gz",
"ref": "HEAD",
"packages": [
"faststreams"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/2ksmfd7p93a1a7ibcv3qzsk8h3c3shz7-source",
"rev": "845b6af28b9f68f02d320e03ad18eccccea7ddb9",
"sha256": "1c55kl05pbavm9v5dv42n43sql9qcrblhh3hnp99p5xmlv20c9vf",
"url": "https://github.com/status-im/nim-unittest2/archive/845b6af28b9f68f02d320e03ad18eccccea7ddb9.tar.gz",
"ref": "v0.2.3",
"packages": [
"unittest2"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/17gj9sw2hw818cbxvd6i94n734inm1vf-source",
"rev": "df8113dda4c2d74d460a8fa98252b0b771bf1f27",
"sha256": "1h7amas16sbhlr7zb7n3jb5434k98ji375vzw72k1fsc86vnmcr9",
"url": "https://github.com/arnetheduck/nim-results/archive/df8113dda4c2d74d460a8fa98252b0b771bf1f27.tar.gz",
"ref": "v0.5.1",
"packages": [
"results"
],
"srcDir": ""
}
]
}

13
pkgs/lucem/lucem-disable-auto-updater.patch Normal file

@ -0,0 +1,13 @@
diff --git a/src/config.nim b/src/config.nim
index 64e4370..92aee9a 100644
--- a/src/config.nim
+++ b/src/config.nim
@@ -32,7 +32,7 @@ type
LucemConfig* = object
discord_rpc*: bool = false
- auto_updater*: bool = true
+ auto_updater*: bool = false
notify_server_region*: bool = true
loading_screen*: bool = true
polling_delay*: uint = 100

90
pkgs/lucem/nim_lk-rev-order-fix.patch Normal file

@ -0,0 +1,90 @@
diff --git a/src/nim_lk.nim b/src/nim_lk.nim
index 2b8b0bc..68d8b64 100644
--- a/src/nim_lk.nim
+++ b/src/nim_lk.nim
@@ -4,7 +4,7 @@
# https://cyclonedx.org/docs/1.6/json/
import
- std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri],
+ std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri, re],
pkg/nimblepkg/options,
pkg/nimblepkg/packageinfo,
pkg/nimblepkg/packageinfotypes,
@@ -89,6 +89,13 @@ proc startProcess(cmd: string; cmdArgs: varargs[string]): Process =
type GitPair = object
`ref`, `rev`: string
+proc cleanVersion(version: string): string =
+ let pattern = re"^v?(\d+\.\d+\.\d+.*)$" # Captures valid semantic versions
+ var matches: array[1, string]
+ if version.find(pattern, matches) >= 0:
+ return matches[0]
+ return version
+
proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
var line, rev, refer: string
var process =
@@ -104,12 +111,15 @@ proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
const
refsTags = "refs/tags/"
headsTags = "refs/heads/"
+ headRef = "HEAD"
if refer.startsWith(refsTags):
refer.removePrefix(refsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
elif refer.startsWith(headsTags):
refer.removePrefix(headsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
+ elif refer == headRef:
+ result.add GitPair(`ref`: refer, `rev`: rev)
stderr.write(process.errorStream.readAll)
close(process)
if tagsArg and result.len == 0:
@@ -120,22 +130,40 @@ proc matchRev(url: string; wanted: VersionRange): GitPair =
let special = $wanted.spe
if special[0] == '#':
result.rev = special[1..special.high]
+ return # early return
else:
quit("unhandled version " & url & " " & $wanted)
else:
let withTags = wanted.kind != verAny
let pairs = gitLsRemote(url, withTags)
var resultVersion: Version
+ var latestTag: GitPair
+
for pair in pairs:
try:
- var tagVer = pair.`ref`.newVersion
- if tagVer.withinRange(wanted) and resultVersion < tagVer:
+ var tagVer = cleanVersion(pair.`ref`).newVersion
+ if (tagVer.withinRange(wanted) or not withTags) and resultVersion < tagVer:
resultVersion = tagVer
- result = pair
+ latestTag = pair
except ParseVersionError: discard
- if result.rev == "" and pairs.len > 0:
- result = pairs[pairs.high]
- doAssert result.rev != "", url
+
+ if latestTag.rev != "":
+ result = latestTag
+ return # early return
+
+ let headPairs = gitLsRemote(url, false)
+ var headPair: GitPair
+
+ for pair in headPairs:
+ if pair.`ref` == "HEAD":
+ headPair = pair
+
+ if headPair.rev != "":
+ result = headPair
+ return # early return
+
+
+ doAssert false, "No matching revision found for " & url
proc collectMetadata(data: JsonNode) =
let storePath = data{"path"}.getStr

41
pkgs/lucem/update.nix Normal file

@ -0,0 +1,41 @@
{
nixpkgs ? <nixpkgs>,
pkgs ? (import nixpkgs) {},
}: let
inherit (pkgs) callPackage fetchFromSourcehut fetchFromGitHub lib;
inherit (lib) escapeShellArg;
lucem = pkgs.callPackage ./. {};
nim_lk_patched = pkgs.nim_lk.overrideAttrs (final: prev: {
src = pkgs.fetchFromSourcehut {
owner = "~ehmry";
repo = "nim_lk";
rev = "c2d601095d1961d8f59f1fffe5b56788b255c3de";
hash = "sha256-1WD1UVi6N7tftE69LAhx86Qxc97oMHKARFsCVGqtEm4=";
};
patches = [
./nim_lk-rev-order-fix.patch
];
});
in
pkgs.stdenvNoCC.mkDerivation {
name = "lucem-lock.json";
src = lucem.src;
nativeBuildInputs = with pkgs; [
nim_lk_patched
nix-prefetch-git
nix
# cacert
git
];
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
find .
nim_lk > $out
'';
}

32
pkgs/module.nix Normal file

@ -0,0 +1,32 @@
{
config,
lib,
...
}: {
imports = [./legacy-module.nix];
config = {
perSystem = {
system,
inputs',
self',
pkgs,
...
}: {
packages = {
lucem = pkgs.callPackage ./lucem {};
};
};
flake = {
overlays.new-packages = final: prev: let
inherit (final) callPackage;
currentSystem = config.perSystem "${prev.system}";
flakePackages = currentSystem.packages;
addPackages = packages: lib.genAttrs packages (package: callPackage flakePackages.${package}.override {});
in
addPackages [
"lucem"
];
};
};
}

22
pkgs/mopidy/autoplay.nix

@ -1,5 +1,9 @@
{ lib, python3Packages, fetchPypi, mopidy }:
{
lib,
python3Packages,
fetchPypi,
mopidy,
}:
# based on mopidy/jellyfin.nix
python3Packages.buildPythonApplication rec {
pname = "mopidy-autoplay";
@ -11,15 +15,15 @@ python3Packages.buildPythonApplication rec {
sha256 = "sha256-E2Q+Cn2LWSbfoT/gFzUfChwl67Mv17uKmX2woFz/3YM=";
};
propagatedBuildInputs = [ mopidy ];
propagatedBuildInputs = [mopidy];
# no tests implemented
doCheck = false;
pythonImportsCheck = [ "mopidy_autoplay" ];
pythonImportsCheck = ["mopidy_autoplay"];
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
}

18
pkgs/mopidy/default.nix

@ -1,10 +1,14 @@
{ lib, newScope, python }:
{
lib,
newScope,
python,
}:
# i have no idea what this is but there's some conflict if i don't do this
# based on https://github.com/NixOS/nixpkgs/blob/77f0d2095a8271fdb6e0d08c90a7d93631fd2748/pkgs/applications/audio/mopidy/default.nix
lib.makeScope newScope (self: with self; {
inherit python;
pythonPackages = python.pkgs;
lib.makeScope newScope (self:
with self; {
inherit python;
pythonPackages = python.pkgs;
mopidy-autoplay = callPackage ./autoplay.nix { };
})
mopidy-autoplay = callPackage ./autoplay.nix {};
})

33
pkgs/nixfiles-assets/default.nix

@ -1,5 +1,8 @@
{ lib, stdenvNoCC, fetchFromGitea }:
let
{
lib,
stdenvNoCC,
fetchFromGitea,
}: let
src = fetchFromGitea {
domain = "gitea.protogen.io";
owner = "nullbite";
@ -10,16 +13,16 @@ let
fetchLFS = true;
};
in
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = [ "installPhase" ];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = ["installPhase"];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}

33
pkgs/redlib/default.nix

@ -1,21 +1,22 @@
{ lib
, stdenv
, cacert
, nixosTests
, rustPlatform
, fetchFromGitHub
, darwin
, nix-update-script
{
lib,
stdenv,
cacert,
nixosTests,
rustPlatform,
fetchFromGitHub,
darwin,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "redlib";
version = "0.35.1-unstable-2024-12-02";
version = "0.35.1-unstable-2025-03-01";
src = fetchFromGitHub {
owner = "redlib-org";
repo = "redlib";
rev = "d7ec07cd0d713fc308e1004663b0053db8f00a0f";
hash = "sha256-bAsSLZWGLMrD21xdQtD5NyNsNSZwLOd/+6ujZpbsyQg=";
rev = "357e7c2e096c1aa3bb871e42860dfd3be62e0bfb";
hash = "sha256-KX76kq3AX+GI8wIulGixgS5cENlNUcrKaes1dZwRhxI=";
};
patches = [
@ -24,7 +25,7 @@ rustPlatform.buildRustPackage rec {
./no-hash.patch
];
cargoHash = "sha256-5eQRioAdB1OharUwAZEuPe7NpZOFvqAyh2m+NVio8EI=";
cargoHash = "sha256-5cwF+pntkAwtTwerYrJOfL4NRcL8Sb7lLZiajNcvSZY=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
@ -58,14 +59,16 @@ rustPlatform.buildRustPackage rec {
env = {
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GIT_HASH=src.rev;
GIT_HASH = src.rev;
};
doCheck = false;
passthru.tests = {
inherit (nixosTests) redlib;
};
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch=main" ]; };
passthru.updateScript = nix-update-script {extraArgs = ["--version=branch=main"];};
meta = {
changelog = "https://github.com/redlib-org/redlib/releases/tag/v${version}";
@ -73,6 +76,6 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/redlib-org/redlib";
license = lib.licenses.agpl3Only;
mainProgram = "redlib";
maintainers = with lib.maintainers; [ soispha ];
maintainers = with lib.maintainers; [soispha];
};
}

140
pkgs/wm-helpers/default.nix

@ -1,79 +1,85 @@
{ pkgs, lib, cap-volume ? true, unmute ? true, ...}:
let
keysetting = pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
{
pkgs,
lib,
cap-volume ? true,
unmute ? true,
...
}: let
keysetting =
pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
setvol 5%+
# notifyvol
}
setvol 5%+
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
in
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}

45
secrets/homepage.age Normal file

@ -0,0 +1,45 @@
age-encryption.org/v1
-> ssh-ed25519 YUrFgQ NHJ5J8Bm55hgualWjQrE3v7GsCzXYksWm3yQNgYhTG0
QPX9aBltBRKywC2UKkTpZ22lle+msS/CEx5ONbLkE2o
-> ssh-rsa I7EAZw
ABgbMbRfyKaryPJpyPySIOFGdr1Wo7TREskh5tQW0fQ+6wstKxo3eP6Xr5ds3EI3
OHDR8L7Z99IC1/L7LO4lEgqfjmLFEpVSW1h5LU6CNcb6So2eLfxSNLMVk8/wnnNu
wwiPN/JlQOX/7lmvetQUG+l+CGWKrU2Sbu2uRprg9P76cT469cp93yc5uDOjs+JD
n54odFEK3NAykLSbFB++sQiV7yKkCEZLRatBNeqrombgoqpuiCakVIOOFnWwCCZA
vGOiQgXjXdMw2LAzKJEbo0EBovwD6SOTrir60bss+Axx+98JI4Vh24Jww42v9kPR
frqo+BywkFTc3oxHCn72kx9JFiLbA3fsETy4e1/+1IQlNGs2dED89/98b8Am2LEQ
gO1jPNmBc+NXymG0hkP5zAhxsqKLzz26h8BR4tXQuFTcKFs3mktYBJo2dAoQaxGD
ysfwlKRiOwKbWZxWnJJWTbVl9LfqzBwYiTF/uZSp27dp45mC6vsglLZ4TQuXkbBH
-> ssh-rsa 0pGLuA
Ny2kEOHzisMQX5k8hm1GwINjs14gRAd/AG4VZ2Mc/SY/o31xu5mZV8ThkRt3KTWj
gFN5wdt78KcuXh0U0X0YStE9QLfiBrc1q7SJ95d2dzPaO5y4hETYJBNro1MthBW2
kM1RTikBV+AwECA7belYn098anbuH7P/yLTtn1a+/N7VsH29+wAcf9R1z2zlAJuS
psk0c+IUnOiVQ2zJwzZWvjxrQ/l2XpyaF1aktNkK4TZ6/XdA/jmLzxyyEiQ2YMZv
ppzn8AAZzka53eogZiTFrDBKChM+KKrZIffsRjUZ/p+qPsvcFoUyi16gorODoTor
uo453hjR1+4OkUYgozxlbTGDfSSUH+tI2/djZM/n3jIDAbpMIyzvO8L0wSUN9cTi
+6j8rYLvpi2JFmJZ61zDkVkSVjCH6MV2h9UDkxQQb4lcBcZ0BZa0Ms7DUoLFsJm1
5SqamCS8TO8lAgmc09b0WhR9sEX5sdjW9iTH5wzCLD2GA9tzZS4m0kSMJ7raWWeR
-> ssh-rsa JoBDow
p/xk0f+UXerpduZJ0oKUG21JthAzCzHp7I5W4UiNPQbAm/oplmdXwWVFlb/gCBbZ
EF0zIPBKijvO3IiB+QylzuVET9HgFLNqKye+2LkdsBI3oAmVrhdQkQJIoGco68QF
nhz+q05KkcYs3vOg4ZyvGsVa6idIpvNN//s7VJ2ezB+yvWDIkY6zfTxFmRH6NDzo
oP4HFCBPcVXYJiVcka8rNNMHNWrhLVFnHNsTMcDvXPyXXdwSfsg/unrZ0xxnxkt+
dgjIaM8STQ9BEn+IR6TODiO8xMCUKfzlOHwHYh9xcF/j01SRJTyvYQBQLoqsaESH
2NQOr7O0jJNzIzKVlp+UjMyvLcFMmi5aa5DuAJsXj5ktk9xDZ2CiXhv0qd9Xub9d
iNFHIRAYv5SNobGhHse3htHsazHfhxcPb1gTbRwxzP0qYdwD6pD/pFc39bZg8TzP
gRlSDBHzYnqWPWkJ+LxXzIsW6e9ZKUmNzVb4eq7xhRRpNi/0WQcy0VjWMafxVv+1
-> ssh-rsa wzTCUg
qx45EE/ATHxwpxI9PuIWpiLeZbXfDHFe0ha3QReUHeiosRhKkrVm2X3a+XUqrk3C
FhhGCqDKHj13s83Aelk5xYwlP55eLew6jgCDTALkFWnneQbCxKfKgF3PFPP3vjPI
V9kGN/nhZT30xJRIKwOPm1J4pEqLAGCKHAcdmBA6kM1Xt56y0Q4r/lNeUZAEYSpt
3LscZwVizvGH9uR3GXUN/Kq2BuOIX5v/xhkltStafXyD6oto6KUntK2RJ4L8cCq5
mtTSOb6O1nzYggFxDMTkr1qXYsbweHYBODMUh0A0YeZjnVIjIzdxp3YOqNdKqLs3
5l0bYh0mKCcwovJZSeBNou48iXq0AeFuyMI88DXuak1exWZZ/Cj2lISluz48I+aI
NTktiEjCoi3M3o4EImKlBQvKCFTfExIIF0ZwX64qBK0C8jUF1jcBnbAdxqtKAHJi
r74SAQdSkLaLii9QTytQKhOeThgNMXWSgjXuDPEijXPnHy8eA9oGxAZYTSL036Nh
--- ARnFzeXFOjvL/ktngJRHn9vPrfiwnIc1n+ep5PRU4nc
ÇCLÜÝÕzPgí•ñmƒ‡ˆÜ ÓX¡°Kægs¨µKçn†TÔ¦÷é g±íNv ÔN_43ù8ÁFîqÑ24¶mð“À“ª{ S˜neëiÎ'œ Ôp «Ñ

45
secrets/paperless-admin.age Normal file

@ -0,0 +1,45 @@
age-encryption.org/v1
-> ssh-ed25519 YUrFgQ VJ/GHYXozZPD5R8kqlSVjKY5VxnrkwbGGVdEWz+gaBc
yww/hXtziXh4sK7ezc6o4WAlyd9T0f9f51oRzbdbSwo
-> ssh-rsa I7EAZw
cjSI0a/TuXVMleU7NfL2p9ftCY2tpLMA6Oj3bpYlKRNc42WxnxzrLJVZFDSc9z+L
X1RKiDGt1oHHXXwlxZLVmWcMZWNwmEelI57dsXqUB24FbCE3uStV9t8NwV1eJA0z
0SxIzCCa2hMJbHqL2m2qlIEPN16uvrwHWPLOGFKayJjD4F6YLire91IhIRh6WmYk
8kySC6EiSw2/yS5GgmiDJqw3Mr6aMBBr8MRNJ7QHVtTdKZbdrGL4xAQKMopcRg9B
XliK3JM3CCn0KC9ibDmMD4seQnj1JQ1Rnes6Iva3QhBPJ8z3dc4pIZ51wpttNkIQ
kko7mGrm3K7vn0hnrg9xEc0S/MTDzwLtaEXUjkFfETrHNdi+WUUsSQHNDjB3dXNS
90e2cqxEqrEybJewth2mpmOFrmZuEnXjDs2dngDoOkcs9KGiVXxTPZXMsiTdMVsz
CDWrdqdgZcwcu+4ThHb+c3+O+Zm41fYktB/ssqzFHCGsYiXYVamcCrH5k9UlAapL
-> ssh-rsa 0pGLuA
b8NIb/d6FNGwoURlaOi6hXQcUjZtiWSgzCqnOEJeQb3waVEKpyobGZa6Pu1tjCOz
HHN8Pr/yrSLHyfxk1qReXSvvgtozPcbGyKkxSc/WB78zkwAaXmA9UCaO2jvMR923
X0KVyrJQSwfufr204vAgX06zrFuJA6lXudSNcE6m+LuRdR8Yk2GF8sf3AMnjq/ZA
i020pggUHaO5Yr+rK9QqNi7WVsTAyRYVJcR5CM0Z3HQuVHgkMktkRxThANtoEMrB
oG1tk3jSMd/7pYQu+fuvW1jqNuGKJ7HuVTtyX6oojLO6zg828KmhnXTGOT2C4uyS
uTz0Wr6NeBh3pqxsXpDnAcozZHoImtF63SY4DXi4oCNKUIoAJqmPSgk23oF8ETxU
gn4jbpcQjPOMiad6EgGnr0YIf0Cq+Ptpcd4rLhbtGvVvi5PprV8gKbaG3ZS/59J8
9AJ93oyhNd8qH9/+po73cjRdIuEY0jZArPAYzrG+FXnlJuM7BIuFJXAJ0skZBM32
-> ssh-rsa JoBDow
dhzYfyPoeCMW3bp8kKI/nsSnxwgl1YoqVRSzm9Lzhi9oCkmx7giJMGNgdH/rNt8e
PssgZiTXTvDMC2jTGT1Zo668/ZaGUpc9khhUzp5mMtzEHthtulo+xY8BoMjuyOQp
5U2iloJhu237YeiWWvWcXpUusQvzEiLnOh8+N96ojXTzfRhTCpAy1l9WRcN4v3Px
sSUGZqK+LpERp0HHUtI1FdQXD15vxiyj6teU0tGAd2+AL/jGizqkfsHUCNFy3bQi
rMP/FaWuJy0UCsGOYtV9PKcfhRAEDXmFHj5rDyS1IoZ5jzVYBxOzK3Jv2pOUhvRg
PStIIiKCLI1y1JhYkG6ceO1b0oepFBPKbPi4UF78BxjxXAfZMFm9PJXFVaP3SDUO
34uJBIS5jnx+hYTJITvgmoE6Y3TPAlJ87992rC+N4B6z4VS4Us1c+rEr9jc/8T/F
bszpckO1WDDi+9mkF0XfK1BBaj5i+hyX1djGvczhqLZHBhYu7XUO1cw1HiEa6epo
-> ssh-rsa wzTCUg
cSh6FbV6D2uN8hTixrBdk7MOo/BxN9kZUw6x3JranDYC/PEUkPerVHP2bxTkS0aa
waDpnRdI0C7E8g2Ay1fL/7Gv6ZiHEpf2ReT5EcbPMmpcZ+OSFEMulmp8MrAlYPtI
8NLuUIIA9qoY+lSrigfHMtvfd0XamLN9UjyFSLFp3lz6l3QF1i8p67aOhmrKvEBi
gVTIJQcq7nnk4tkIuB4WyiHCEPMr/r0e1TtaMW8bNjFN1xEJfDER7uKOoG/1zuUF
tcOp02B89hcf7ELhfusu8Wrcw9tLkYD/gpkoRJwpAdg8Vb7Uoow2xDJkigVItnfA
R5b13VPMlwsLCFeCVNom8h+wW+iRsxjac3G+DlMYGqOa+V5nhqwLR1/njUlWrnaJ
s5xtfk+Awz2hLTLtjrLT3XDDPqhJ4cJywybI2kujueYGzDpogBh/XpeFw3A/Gwqa
orBsc8Q+Ned4CeKvdw5CZ+hjzRy/2LHppQlLN+jVlVvq4PsKHY3yQMXQl6tySuZx
--- NLH1lhI+TIz4UzeoeBtR+3g7XYmCurJlw/f71oYxPHE
†©øÊÖE…½565m„DèOóó4žIVŠ~Ú3¾YàçÅ<ˆÚ4êŒ4ùWe"þè;ŒŸ3:ñ§

Some files were not shown because too many files have changed in this diff Show More