nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nullbite:main
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia
..
compare: nullbite:wip/theme-helper
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia

1 Commits
main ... wip/theme-

Author SHA1 Message Date
NullBite
5b42a03972
add wip stuff for helpers folder 2024-03-22 01:50:15 -04:00
165 changed files with 1735 additions and 9456 deletions
Show Stats Expand all files Collapse all files

63
.github/workflows/build-then-cache.yaml vendored
View File

@ -1,63 +0,0 @@
name: Build and upload to Attic cache
on:
push:
branches:
- "main"
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
# TODO: figure out how to use flake checks and use those to build it
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86-64_packages:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- run: 'nix develop .#ci --command bash ci/run_builds.sh packages'
build_x86-64:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
# TODO: figure out how to use flake checks and use those to build it
- run: 'nix develop .#ci --command bash ci/run_builds.sh config'

49
.github/workflows/proactive-update.yaml vendored
View File

@ -1,49 +0,0 @@
name: Proactively build and cache flake
on:
schedule:
- cron: "0 */6 * * *"
push:
branches:
- "force-build"
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
- run: 'nix flake update'
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
- run: 'nix flake update'
- run: 'nix develop .#ci --command bash ci/run_builds.sh'

27
README.md
View File

@ -1,16 +1,8 @@
# NullBite's NixOS Config
Preface: the current structure of this flake scares me a bit. I have added
[flake-parts](https://github.com/hercules-ci/flake-parts) to this repository
and I plan to modularize it in the same way I refactored my actual NixOS and
Home Manager configurations. This repository used to be *a lot worse* because
it was my very first Nix project, but I have learned a lot about both Nix and
programming in general in this span of time.
## Overview
This is my personal NixOS config. Right now, it's just a <del>basic</del>
extremely ~~overengineered~~ messy flake which imports a (mostly) normal stock NixOS configuration.
extremely overengineered flake which imports a (mostly) normal stock NixOS configuration.
Now that I have used NixOS for a ~~month~~ year, I have learned a fair bit and have made
Now that I have used NixOS for a month, I have learned a fair bit and have made
some organizational changes. <del>Currently, the repository is organized as
such</del> (I am in the process of migrating my config to this format, some
stuff may not match yet):
@ -23,6 +15,7 @@ stuff may not match yet):
- inputs: all specified flake inputs
- vars: attrset of variables that are passed to modules
- The flake also has multiple helper functions:
- `mkExtraPkgs`: Produce a set of packages for the given system
- `eachSystem :: (system -> attrset) -> attrset`: Generate an attrset
of default systems (used for packages)
- `homeManagerInit`: Generate a NixOS Module that initializes
@ -71,13 +64,13 @@ stuff may not match yet):
## TODO
- ~~Reorganize repo to use a more "standard" module layout.~~
- ~~[github:Misterio77/nix-config](https://github.com/Misterio77/nix-config) might be a good reference for a better module layout.~~
- ~~Select entire desktop configuration via a single option and make bootable with specialisation.~~
- ~~Give each desktop a modularized configuration that can be enabled with an option.~~
- ~~figure out nixpkgs.lib.options.mkOption and add a string option that picks a desktop to use.~~
- Reorganize repo to use a more "standard" module layout.
- [github:Misterio77/nix-config](https://github.com/Misterio77/nix-config) might be a good reference for a better module layout.
- Select entire desktop configuration via a single option and make bootable with specialisation.
- Give each desktop a modularized configuration that can be enabled with an option.
- figure out nixpkgs.lib.options.mkOption and add a string option that picks a desktop to use.
- add Plasma, Hyprland, and maybe GNOME if I'm feeling silly (I'd probably never actually use it).
- ~~make more things configurable as options once I figure out the above, it's probably cleaner than importing modules.~~
- make more things configurable as options once I figure out the above, it's probably cleaner than importing modules.
- Reorganize README bullets into headings
- make system ephemeral/stateless
- The following command is able to successfully show any accumulated state on my system: <pre><code>sudo find / -xdev \( -path /home -o -path /nix -o -path /boot \) -prune -o \( -name flatpak -o -name boot.bak -o -path /var/log -o -name .cache \) \( -prune -print \) -o \( -type f \) -print</code></pre>
@ -93,4 +86,4 @@ stuff may not match yet):
- coredumps
- /root user and /home
- /etc/machine-id
- ~~configure /etc/supergfxd.conf with a oneshot systemd unit on boot bsaed on selected specialisation (should still be modifiable with supergfxctl but should be ephemeral)~~
- configure /etc/supergfxd.conf with a oneshot systemd unit on boot bsaed on selected specialisation (should still be modifiable with supergfxctl but should be ephemeral)

9
backports/README.md Normal file
View File

@ -0,0 +1,9 @@
# backports
This is a nixpkgs overlay that contains temporary fixes for build failures or
other issues, usually backported from the nixpkgs master branch. Each package
defined in this overlay shall automatically disable itself once a certain
condition is met, such as the upstream package being updated or the nixpkgs
modification date passing a certain time.
This is in place because I am extremely forgetful; I will almost certainly
forget to undo a temporary fix later, so this takes care of it for me.

18
backports/default.nix Normal file
View File

@ -0,0 +1,18 @@
nixfiles: final: prev:
let
inherit (prev) callPackage fetchFromGitHub;
inherit (prev.lib) recurseIntoAttrs optionalAttrs;
# if you can't do version based just make it time based and deal with it in a
# month if it's not fixed
# 2024-04-10T08:11:11
gap-hold = (nixfiles.inputs.nixpkgs-unstable.lastModified <= 1712751071);
gimpPlugins-gap = let
src = fetchFromGitHub {
owner = "Scrumplex";
repo = "nixpkgs";
rev = "cca25fd345f2c48de66ff0a950f4ec3f63e0420f";
hash="sha256-oat4TwOorFevUMZdBFgaQHx/UKqGW7CGMoOHVgQxVdM=";
};
in recurseIntoAttrs (callPackage "${src}/pkgs/applications/graphics/gimp/plugins" {});
in (optionalAttrs gap-hold { gimpPlugins = gimpPlugins-gap; })

82
ci/run_builds.sh
View File

@ -1,82 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2317
# ^ SC2317 (Command appears to be unreachable.)
set -Exo pipefail
err=0
set_error () {
err=1
pkill -s 0 -9 nix-eval-jobs || true
}
trap set_error ERR
system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
run_builds () {
for i in "$@" ; do
nix-fast-build --eval-workers 1 --no-nom --skip-cache --attic-cache main -f "$i"
pkill -s 0 -9 nix-eval-jobs || true
done
}
_build_systems () {
case "$system" in
# TODO this is messy and hard-coded, make an attribute set for
# each system containing the specializations as well as the nospec ver
x86_64-linux) run_builds \
.\#nixosConfigurations.nullbox.config.specialisation.hyprland.configuration.system.build.toplevel \
.\#nospec.nullbox.config.system.build.toplevel \
.\#nixosConfigurations.slab.config.specialisation.{hyprland,nvidia}.configuration.system.build.toplevel \
.\#nospec.slab.config.system.build.toplevel \
.\#nixosConfigurations.nixos-wsl.config.system.build.toplevel \
;;
aarch64-linux) run_builds \
.\#nixosConfigurations.rpi4.config.system.build.toplevel \
;;
esac
}
build_systems () {
# system should be set in `nix develop` but just in case
local system
system="${system:-$(nix eval --impure --raw --expr 'builtins.currentSystem')}"
#nix eval --json .#legacyPackages."${system}".specialisedNixosConfigurations --apply 'builtins.attrNames' \
# | jq -c '.[]' \
# | while read -r line ; do
# local build
# build="$(printf '%s' "$line" | jq -r)"
# run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations.${build}"
# done
run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations"
}
build_packages () {
run_builds .\#packages."${system}".redlib
}
if [[ "$#" -ne 0 ]] ; then
until [[ "$#" -le 0 ]]; do
case "$1" in
pkgs|packages) DO_PACKAGES=1;;
config) DO_CONFIG=1;;
esac
shift
done
else
DO_PACKAGES=1
DO_CONFIG=1
fi
if [[ -n "${DO_CONFIG:+x}" ]] ; then build_systems; fi
if [[ -n "${DO_PACKAGES:+x}" ]] ; then build_packages; fi
exit $err

118
ci/util_free_space_extreme.sh
View File

@ -1,118 +0,0 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -eux
df -h
echo "::group::/usr/local/*"
du -hsc /usr/local/*
echo "::endgroup::"
# ~1GB
sudo rm -rf \
/usr/local/aws-sam-cil \
/usr/local/julia* || :
echo "::group::/usr/local/bin/*"
du -hsc /usr/local/bin/*
echo "::endgroup::"
# ~1GB (From 1.2GB to 214MB)
sudo rm -rf \
/usr/local/bin/aliyun \
/usr/local/bin/azcopy \
/usr/local/bin/bicep \
/usr/local/bin/cmake-gui \
/usr/local/bin/cpack \
/usr/local/bin/helm \
/usr/local/bin/hub \
/usr/local/bin/kubectl \
/usr/local/bin/minikube \
/usr/local/bin/node \
/usr/local/bin/packer \
/usr/local/bin/pulumi* \
/usr/local/bin/sam \
/usr/local/bin/stack \
/usr/local/bin/terraform || :
# 142M
sudo rm -rf /usr/local/bin/oc || : \
echo "::group::/usr/local/share/*"
du -hsc /usr/local/share/*
echo "::endgroup::"
# 506MB
sudo rm -rf /usr/local/share/chromium || :
# 1.3GB
sudo rm -rf /usr/local/share/powershell || :
echo "::group::/usr/local/lib/*"
du -hsc /usr/local/lib/*
echo "::endgroup::"
# 15GB
sudo rm -rf /usr/local/lib/android || :
# 341MB
sudo rm -rf /usr/local/lib/heroku || :
# 1.2GB
sudo rm -rf /usr/local/lib/node_modules || :
echo "::group::/opt/*"
du -hsc /opt/*
echo "::endgroup::"
# 679MB
sudo rm -rf /opt/az || :
echo "::group::/opt/microsoft/*"
du -hsc /opt/microsoft/*
echo "::endgroup::"
# 197MB
sudo rm -rf /opt/microsoft/powershell || :
echo "::group::/opt/hostedtoolcache/*"
du -hsc /opt/hostedtoolcache/*
echo "::endgroup::"
# 5.3GB
sudo rm -rf /opt/hostedtoolcache/CodeQL || :
# 1.4GB
sudo rm -rf /opt/hostedtoolcache/go || :
# 489MB
sudo rm -rf /opt/hostedtoolcache/PyPy || :
# 376MB
sudo rm -rf /opt/hostedtoolcache/node || :
# Remove Web browser packages
# sudo apt purge -y \
# firefox \
# google-chrome-stable \
# microsoft-edge-stable
#
# this works better on arm
for i in firefox \
google-chrome-stable \
microsoft-edge-stable ; do
sudo apt purge -y "$i" || :
done
## extras
sudo rm -rf /home/runner/.rustup \
/home/runner/.cargo \
/home/linuxbrew \
/usr/lib/google-cloud-sdk \
/usr/lib/jvm \
/usr/lib/mono \
/usr/lib/heroku \
/usr/share/swift \
/usr/share/dotnet \
/opt/microsoft/msedge \
/opt/google/chrome \
/usr/lib/firefox \
/usr/local/.ghcup
df -h

15
default.nix
View File

@ -1,15 +0,0 @@
(
import
(
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.flake-compat;
in
fetchTarball {
url = lock.nodes.${nodeName}.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
sha256 = lock.nodes.${nodeName}.locked.narHash;
}
)
{src = ./.;}
)
.defaultNix

1440
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

584
flake.nix
View File

@ -1,32 +1,14 @@
# vim: set foldmethod=marker:
{
description = "NixOS Configuration";
inputs = {
# {{{
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
# ^^^^^^^^^^^^^ this part is optional
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
# ^^^^^^^^^^^^^ this part is optional
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-nix-du.url = "github:NixOS/nixpkgs/c933cf4698e5189b35dd83bf4d7a81aef16d464a";
nixpkgs-mopidy.url = "github:NixOS/nixpkgs/93ff48c9be84a76319dac293733df09bbbe3f25c";
# this seems to be a popular way to declare systems
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# this is nice so one-off impure scripts can interact with attributes in
# this flake
flake-compat = {
url = "github:edolstra/flake-compat";
};
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -37,15 +19,9 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-minecraft = {
url = "github:Silveere/nix-minecraft/quilt-revert";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-minecraft-upstream = {
url = "github:infinidoge/nix-minecraft";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# 33.0.3p2 as suggested by https://xdaforums.com/t/guide-january-3-2024-root-pixel-7-pro-unlock-bootloader-pass-safetynet-both-slots-bootable-more.4505353/
# android tools versions [ 34.0.0, 34.0.5 ) causes bootloops somehow and 34.0.5 isn't in nixpkgs yet
pkg-android-tools.url = "github:NixOS/nixpkgs/55070e598e0e03d1d116c49b9eff322ef07c6ac6";
# provides an up-to-date database for comma
nix-index-database = {
@ -58,61 +34,19 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# https://github.com/nix-community/lanzaboote/releases
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs";
};
# no inputs.nixpkgs.follows so i can use cachix
# https://github.com/hyprwm/Hyprland/releases
# hyprland.url = "git+https://github.com/hyprwm/Hyprland?rev=v0.4.1&submodules=1";
hyprland = {
type = "git";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
# ref = "refs/tags/v0.44.1";
};
hyprland.url = "github:hyprwm/Hyprland/dc44bd7113b81a5c9aa61ecdc11d905a749b3e88";
hyprwm-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
};
hypridle = {
url = "github:hyprwm/hypridle";
inputs.nixpkgs.follows = "nixpkgs";
};
zen-browser = {
url = "github:youwen5/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
inputs.base16.follows = "base16";
};
base16 = {
url = "github:SenchoPens/base16.nix";
};
nixfiles-assets = {
# using self-hosted gitea mirror because of GitHub LFS bandwidth limit (even though i'd probably never hit it)
type = "github";
@ -121,324 +55,204 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.systems.follows = "systems";
};
}; # }}}
};
outputs = {
self,
flake-parts,
...
} @ inputs:
flake-parts.lib.mkFlake {inherit inputs;} (
outputs = { self, nixpkgs, nixpkgs-unstable, ... }@inputs:
let
inherit (self) outputs;
# inputs is already defined
lib = nixpkgs.lib;
systems = [ "x86_64-linux" "aarch64-linux" ];
overlays = [
/* android-tools 33.0.3p2 */ (final: prev: {
inherit (inputs.pkg-android-tools.legacyPackages.${final.system})
android-tools android-udev-rules;
})
(final: prev: let
packages = import ./pkgs { inherit (prev) pkgs; };
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
})
# various temporary fixes that automatically revert
(import ./backports self)
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
];
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "America/New_York";
# define extra packages here
mkExtraPkgs = system: {
# android-tools = inputs.pkg-android-tools.legacyPackages.${system}.android-tools;
inherit (inputs.pkg-android-tools.legacyPackages.${system}) android-tools android-udev-rules;
};
# Variables to be passed to NixOS modules in the vars attrset
vars = {
inherit username mobileTimeZone self;
};
# funciton to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# This function produces a module that adds the home-manager module to the
# system and configures the given module to the user's Home Manager
# configuration
homeManagerInit = let _username=username; _nixpkgs=nixpkgs;
in { system,
nixpkgs ? _nixpkgs, # this is so modules can know which flake the system is using
home-manager ? inputs.home-manager,
username ? _username,
module ? _ : {},
rootModule ? (import ./home/root.nix),
userModules ? { ${username} = [ module ] ; root = [ rootModule ]; },
stateVersion }:
{ config, lib, pkgs, ... }:
let
mapUserModules = lib.attrsets.mapAttrs (user: modules: {...}:
{
imports = [
./home
] ++ modules;
config = {
home = { inherit stateVersion; };
};
});
users = mapUserModules userModules;
in
{
inputs,
self,
config,
lib,
nixfiles-lib,
...
} @ flakeArgs: {
# flake-parts imports
imports = [
./flake
./lib/nixfiles/module.nix
./pkgs/module.nix
./overlays
inputs.treefmt-nix.flakeModule
home-manager.nixosModules.home-manager
];
config = {
# flake-parts systems (still uses nix-systems)
systems = import inputs.systems;
# expose vars to nix repl
debug = lib.mkDefault true;
perSystem = {
config,
system,
pkgs,
self',
...
}: {
treefmt = {
programs = {
alejandra.enable = true;
};
};
legacyPackages.specialisedNixosConfigurations = let
attrs = lib.pipe self.nixosConfigurations [
(lib.filterAttrs (n: v: !(builtins.elem n ["iso" "rpi4-x86_64"])))
(lib.filterAttrs (n: v: v.pkgs.system or "" == system))
(lib.mapAttrs' (configName: v: let
nospec =
(v.extendModules {
modules = [
({lib, ...}: {
config.specialisation = lib.mkForce {};
})
];
})
.config;
configs =
(
lib.mapAttrs'
(n: v: lib.nameValuePair "specialisation-${n}" v.configuration)
v.config.specialisation
)
// {inherit nospec;};
in
lib.nameValuePair configName configs))
(
lib.concatMapAttrs (
configName: v:
(
lib.mapAttrs' (
specName: v: lib.nameValuePair "${configName}--${specName}" v
)
)
v
)
)
(lib.mapAttrs (_: v: v.system.build.toplevel))
];
in
attrs;
devShells = {
ci = pkgs.mkShell {
buildInputs = with pkgs; [
jq
nix-update
nix-fast-build
];
};
default = let
formatter =
pkgs.runCommandNoCC "flake-formatter" {
formatter = lib.getExe self'.formatter;
} ''
mkdir -p $out/bin
ln -s "$formatter" "$out/bin/formatter"
'';
in
pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nix-update
formatter
inputs.agenix.packages.${system}.default
];
};
};
};
nixfiles = {
vars = {
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "America/New_York";
};
common.overlays = let
nix-minecraft-patched-overlay = let
normal = inputs.nix-minecraft-upstream.overlays.default;
quilt = inputs.nix-minecraft.overlays.default;
in
lib.composeExtensions
normal
(final: prev: let
x = quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
packagesOverlay = final: prev: let
packages = import ./pkgs {inherit (prev) pkgs;};
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
};
zen-browser-overlay = final: prev: let
inherit (final) system callPackage;
input = inputs.zen-browser;
packages = input.packages.${system};
sources = builtins.fromJSON (builtins.readFile (input + "/sources.json"));
warnExists = name: value: let
pass =
if prev ? ${name}
then builtins.warn "zen-browser-overlay: Package `${name}` already exists. This overlay is no longer needed and should be removed." value
else value;
in
pass;
in {
zen-browser-bin = callPackage packages.zen-browser.override {};
zen-browser-unwrapped = warnExists "zen-browser-unwrapped" (callPackage packages.zen-browser-unwrapped.override {
inherit (sources.${system}) hash url;
inherit (sources) version;
});
};
in [
# TODO delete this, transfer all packages to new-packages overlay
packagesOverlay
self.overlays.new-packages
# various temporary fixes that automatically revert
self.overlays.mitigations
# auto backports from nixpkgs unstable
self.overlays.backports
# modpacks (keeps modpack version in sync between hosts so i can reverse
# proxy create track map because it's broken)
self.overlays.modpacks
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
zen-browser-overlay
];
systems = {
slab.system = "x86_64-linux";
nullbox.system = "x86_64-linux";
rpi4.system = "aarch64-linux";
nixos-wsl = {
system = "x86_64-linux";
wsl = true;
};
# for eval testing
rpi4-x86_64 = {
system = "x86_64-linux";
name = "rpi4";
modules = [
{
nixpkgs.hostPlatform = "x86_64-linux";
}
];
};
}; # end systems
};
flake = let
# {{{
inherit (nixfiles-lib.flake-legacy) mkSystem mkWSLSystem mkISOSystem mkHome;
inherit (inputs) nixpkgs nixpkgs-unstable;
inherit (self) outputs;
inherit (config.nixfiles.vars) username mobileTimeZone;
# inputs is already defined
lib = nixpkgs.lib;
# function to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
# }}}
in {
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (
system: {
iso = let
isoSystem = mkISOSystem system;
in
isoSystem.config.system.build.isoImage;
}
);
apps = eachSystem (system:
import ./pkgs/apps.nix
{
inherit (self.outputs) packages;
inherit system;
});
nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
}; # end nixosConfigurations
nospec = lib.mapAttrs (n: v:
v.extendModules {
modules = [
(
{lib, ...}: {specialisation = lib.mkForce {};}
)
];
})
config.flake.nixosConfigurations;
homeConfigurations = {
# minimal root config
"root@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
username = "root";
homeDirectory = "/root";
config = {pkgs, ...}: {
programs.bash.enable = true;
# update nix system-wide since it's installed via root profile
home.packages = with pkgs; [btdu nix];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nullbite@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
config = {pkgs, ...}: {
programs = {
zsh.enable = false;
keychain.enable = false;
};
home.packages = with pkgs; [btdu];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"deck" = mkHome {
system = "x86_64-linux";
stateVersion = "23.11";
username = "deck";
modules = [./users/deck/home.nix];
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"testuser" = mkHome {
username = "testuser";
system = "x86_64-linux";
modules = [./users/testuser/home.nix];
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nix-on-droid" = mkHome {
username = "nix-on-droid";
homeDirectory = "/data/data/com.termux.nix/files/home";
modules = [./users/nix-on-droid/home.nix];
system = "aarch64-linux";
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
inherit users;
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
extraPkgs = mkExtraPkgs system;
};
};
}
); # end outputs
}
# end flake
};
# This function produces a nixosSystem which imports configuration.nix and
# a Home Manager home.nix for the given user from ./hosts/${hostname}/
mkSystem = let _username=username; _overlays=overlays; _nixpkgs=nixpkgs;
in { system,
nixpkgs ? _nixpkgs,
home-manager ? inputs.home-manager,
overlays ? _overlays,
hostname,
username ? _username,
stateVersion,
extraModules ? [] }:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./system
({pkgs, config, lib, ...}@args:
{
# Values for every single system that would not conceivably need
# to be made modular
system.stateVersion = stateVersion;
nixpkgs = {
inherit overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
nix.settings.experimental-features = ["nix-command" "flakes" ];
})
./hosts/${hostname}/configuration.nix
(homeManagerInit {
inherit nixpkgs home-manager;
module = import ./hosts/${hostname}/home.nix;
inherit username system stateVersion;
})
] ++ extraModules;
specialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
extraPkgs = mkExtraPkgs system;
};
};
mkWSLSystem = let _username=username; in
{username ? _username, extraModules ? [], ...}@args: let
WSLModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = username;
};
override = {extraModules = extraModules ++ [WSLModule];};
in
mkSystem (args // override);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
inherit mkExtraPkgs;
};
in {
# for repl debugging via :lf .
inherit inputs vars;
devShells = eachSystem (system: let
pkgs = import nixpkgs { inherit system; };
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [
nix-update
];
};
});
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (system: let pkgs = import nixpkgs { inherit system; };
in import ./pkgs { inherit pkgs; });
apps = eachSystem (system: import ./pkgs/apps.nix
{ inherit (self.outputs) packages; inherit system; });
nixosConfigurations = {
slab = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
hostname = "slab";
stateVersion = "23.11";
};
nullbox = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
hostname = "nullbox";
stateVersion = "23.11";
};
nixos-wsl = mkWSLSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
stateVersion = "23.11";
hostname = "nixos-wsl";
};
}; # end nixosConfigurations
}; # end outputs
} # end flake

31
flake/TODO.md
View File

@ -1,31 +0,0 @@
# flake-parts TODO
- Move logic for generating system/home configs to module (most important,
reason i wanted to use flake-parts)
- Move common default args from the awful wrapper function to dedicated options:
- default module imports
- "common" module
- currently defines stateVersion, nixpkgs.config.allowUnfree, a few others
- make default module path configurable, but still default to
`./hosts/${hostname}/configuration.nix`
- make "entrypoint" (`./system`, `./home/standalone.nix`, etc) configurable
- make nixfiles home manager initialization a configurable option
- specialArgs (i want to deprecate this but one thing at a time)
- define system "types" and generate all of them internally using lazy
eval. export a specific one to the flake outputs.
- generate as something like `nixfiles.hosts.<name>.outputs`
- `flake.nixosConfigurations.<name>` is set from `nixfiles.hosts.<name>.output`
- default chosen by option like `nixfiles.hosts.<name>.type`
- types:
- normal
- WSL
- ISO image
- define deploy-rs outputs in same section as hosts
- make common, central interface for configuring overlays to be consumed by
various parts of flake, move hard-coded overlays out of common module
- literally just a list, maybe process it using lib.composeManyExtensions
- some top-level config is okay (e.g., defining hosts using nixfiles options).
hide away all of the internal logic into imported modules.
- move random functions into nixfiles lib
- move top-level universal configs (username, mobileTimeZone) into option
(honestly, this alone makes flake-parts worth it)

9
flake/default.nix
View File

@ -1,9 +0,0 @@
{...}: {
imports = [
./packages.nix
./home.nix
./system.nix
./meta.nix
./overlays.nix
];
}

1
flake/home.nix
View File

@ -1 +0,0 @@
{...}: {}

11
flake/meta.nix
View File

@ -1,11 +0,0 @@
{
config,
lib,
...
}: {
options.nixfiles.vars = lib.mkOption {
description = "Global variables";
type = lib.types.attrs;
default = {};
};
}

19
flake/overlays.nix
View File

@ -1,19 +0,0 @@
{
config,
lib,
inputs,
...
}: let
overlayType = lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
};
in {
options.nixfiles.common.overlays = lib.mkOption {
description = "List of overlays shared between various parts of the flake.";
type = lib.types.listOf overlayType;
default = [];
};
}

2
flake/packages.nix
View File

@ -1,2 +0,0 @@
{...}: {
}

258
flake/system.nix
View File

@ -1,258 +0,0 @@
{
config,
options,
lib,
nixfiles-lib,
inputs,
self,
...
}: let
cfg = config.nixfiles.systems;
inherit
(lib)
types
mkOption
mkIf
filterAttrs
mapAttrs
;
inherit (builtins) attrNames isNull;
inherit (nixfiles-lib.flake-legacy) mkSystem mkHome mkWSLSystem mkISOSystem homeManagerInit;
inherit (nixfiles-lib.types) mkCheckedType;
mkConfigurationOption = systemType:
mkOption {
description = "${systemType} configuration type";
type = with types; nullOr mkCheckedType "configuration";
default = null;
};
in {
options.nixfiles.systems = let
systemModule = let
outerConfig = config;
outerOptions = options;
in
{
name,
config,
...
}: {
options = {
enable =
lib.mkEnableOption ""
// {
description = ''
Whether to install this configuration into the flake outputs.
'';
default = true;
};
nixpkgs = mkOption {
description = "nixpkgs input to build system with";
type = nixfiles-lib.types.flake;
default = inputs.nixpkgs-unstable;
};
extraConfig = mkOption {
description = ''
Arguments to pass to nixpkgs.lib.nixosSystem
'';
type = types.attrs;
default = {};
};
system = mkOption {
description = "Nix system value";
type = types.str;
example = "x86_64-linux";
};
modules = mkOption {
description = "Extra NixOS configuration modules.";
type = with types; listOf deferredModule;
default = [];
};
name = mkOption {
description = ''
Name of NixOS configuration. This influences the default
directory to load configuration from. This does *not* modify the
system's hostname, but should probably be set to the same value.
'';
type = lib.types.str;
default = name;
};
configRoot = mkOption {
description = "Path to directory containing system and home configuration modules.";
type = lib.types.path;
default = self + "/hosts/${config.name}";
};
configuration = mkOption {
description = "Path/module of main NixOS configuration.";
type = with types; nullOr deferredModule;
default = config.configRoot + "/configuration.nix";
};
home-manager = {
enable =
lib.mkEnableOption ""
// {
description = ''
Whether to enable home-manager for this configuration.
'';
default = true;
};
input = mkOption {
description = "home-manager input";
type = nixfiles-lib.types.flake;
default = inputs.home-manager-unstable;
};
configuration = mkOption {
description = "Path/module of main home-manager configuration.";
type = with types; nullOr deferredModule;
default = config.configRoot + "/home.nix";
};
modules = mkOption {
description = "Extra home-manager modules";
type = with types; listOf deferredModule;
};
};
wsl =
lib.mkEnableOption ""
// {
description = ''
Whether to import WSL related configuration
'';
};
result = lib.mkOption {
description = "Resulting system configuration";
type = with types; nullOr (mkCheckedType "configuration");
};
};
config = {
home-manager.input = lib.mkIf (config.nixpkgs == inputs.nixpkgs) (lib.mkDefault inputs.home-manager);
modules = let
nixfilesModule = self + "/system";
defaultsModule = {...}: {
# Values for every single system that would not conceivably need
# to be made modular
# this should be set in the system config
# system.stateVersion = stateVersion;
nixpkgs = {
inherit (outerConfig.nixfiles.common) overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
# this should be on by default and there is no reason to turn it
# off because this flake will literally stop working otheriwse
nix.settings.experimental-features = ["nix-command" "flakes"];
};
wslModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = outerConfig.nixfiles.vars.username;
};
homeManagerModule = let
homeManagerModuleInner = homeManagerInit {
inherit (config) nixpkgs system;
inherit (outerConfig.nixfiles.vars) username;
home-manager = config.home-manager.input;
module =
if (isNull config.home-manager.configuration)
then {}
else config.home-manager.configuration;
};
in
{
config,
pkgs,
lib,
...
}: let
perUserDefaultsModule = {lib, ...}: {
config = {
# previously, home-manager inherited stateVersion from
# nixos in a really hacky way that depended on the wrapper
# function. this should preserve that behavior in a much
# safer way by directly setting it in a module. ideally, it
# should probably be set manually, but I want to maintain
# backwards compatibility for now.
home.stateVersion = lib.mkDefault config.system.stateVersion;
# pass the system nixpkgs config as defaults for the
# home-manager nixpkgs config. useGlobalPkgs prevents
# setting overlays at the home level; this allows for doing
# that while inheriting the system overlays.
nixpkgs = {
config = lib.mapAttrs (n: v: lib.mkDefault v) config.nixpkgs.config;
# mkOrder 900 is after mkBefore but before default order
overlays = lib.mkOrder 900 config.nixpkgs.overlays;
};
};
};
in {
imports = [
# TODO placeholder using old function
homeManagerModuleInner
];
options.home-manager.users = lib.mkOption {
type = with lib.types; attrsOf (submodule perUserDefaultsModule);
};
};
in
[
nixfilesModule
defaultsModule
]
++ lib.optional (!(isNull config.configuration)) config.configuration
++ lib.optional config.home-manager.enable homeManagerModule
++ lib.optional config.wsl wslModule;
extraConfig = {
inherit (config) system modules;
# TODO get rid of specialArgs and pass things as a module
specialArgs = let
inherit (self) outputs;
in {
inherit inputs outputs;
inherit (outerConfig.nixfiles) vars;
inherit (config) nixpkgs;
inherit (config.home-manager) input;
};
};
result = config.nixpkgs.lib.nixosSystem config.extraConfig;
};
};
in
lib.mkOption {
description = ''
NixOS system configurations
'';
type = with types; attrsOf (submodule systemModule);
default = {};
};
config = {
flake.nixosConfigurations = let
enabledSystems = filterAttrs (n: v: v.enable) cfg;
in
mapAttrs (_: v: v.result) enabledSystems;
};
}

8
home/common/default.nix
View File

@ -1,9 +1,7 @@
{...}: {
{...}:
{
imports = [
./wm
./wm.nix
./nodm.nix
./nix.nix
./theme.nix
./shell.nix
];
}

60
home/common/nix.nix
View File

@ -1,60 +0,0 @@
{
pkgs,
lib,
config,
osConfig ? {},
options,
nixpkgs,
...
}: let
cfg = config.nixfiles.common.nix;
standalone = !(osConfig ? home-manager);
in {
config = lib.mkIf cfg.enable (lib.mkMerge [
{
nix.registry = {
nixfiles = {
exact = true;
from = {
id = "nixfiles";
type = "indirect";
};
to = {
type = "git";
url = "file://${config.nixfiles.path}";
};
};
};
}
(lib.mkIf standalone {
# direnv is a tool to automatically load shell environments upon entering
# a directory. nix-direnv has an extensionn to keep nix shells in the
# system's gcroots so shells can be used after a gc without rebuilding.
programs.direnv = {
enable = lib.mkDefault true;
nix-direnv.enable = lib.mkDefault true;
};
home.sessionVariables.NIX_PATH = "nixpkgs=${nixpkgs}\${NIX_PATH:+:\${NIX_PATH}}";
nix.registry = {
nixpkgs = {
exact = true;
from = {
id = "nixpkgs";
type = "indirect";
};
to = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
rev = "${nixpkgs.rev}";
};
};
};
})
]);
options.nixfiles.common.nix = {
enable = lib.mkEnableOption "Nix configuration";
};
}

43
home/common/nodm.nix
View File

@ -1,35 +1,28 @@
{
lib,
pkgs,
config,
osConfig ? {},
options,
...
}: let
{ lib, pkgs, config, osConfig ? {}, options, ... }:
let
cfg = config.nixfiles.common.nodm;
in {
in
{
config = let
hyprland = "${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty = "${pkgs.coreutils}/bin/tty";
initCommands = ''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in
lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
hyprland="${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty="${pkgs.coreutils}/bin/tty";
initCommands =
''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in lib.mkIf cfg.enable {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
options.nixfiles.common.nodm = {
enable = lib.mkOption {
type = lib.types.bool;
description = "Whether to automatically start a desktop session on TTY1, behaving like a rudimentary display manager.";
default =
osConfig
? systemd
default = osConfig ? systemd
&& config.nixfiles.meta.graphical
&& (!(
(osConfig.systemd.services.display-manager.enable or false)

70
home/common/shell.nix
View File

@ -1,70 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf mkDefault;
cfg = config.nixfiles.common.shell;
common_functions = shell: ''
__nixfiles_alias_comma_frequent_commands () {
history | sed 's:^ \+[0-9]\+ \+::' | grep '^,' | cut -d' ' -f2- | sed 's:^\(-[^ ]\+ \?\)\+::g' | grep . | cut -d' ' -f1 | sort | uniq -c | sort -g
}
'';
in {
options.nixfiles.common.shell = {
enable =
lib.mkEnableOption ""
// {
description = "Whether to enable the nixfiles shell configuration.";
};
};
config = mkIf cfg.enable {
home.shellAliases = {
v = "nvim";
icat = "kitten icat";
srun = "systemd-run";
urun = "systemd-run --user";
# this lets me find commands that i run with comma very frequently so i
# can install them
comma-frequent = "__nixfiles_alias_comma_frequent_commands";
};
programs.fzf.enable = mkDefault true;
programs.fzf.enableZshIntegration = mkDefault true;
programs.fzf.enableBashIntegration = mkDefault true;
programs.bash = {
enable = mkDefault true;
# declare functions at start of bashrc
bashrcExtra = common_functions "bash";
initExtra = ''
export HOME_MANAGER_MANAGED=true;
[[ -e ~/dotfiles/shell/.bashrc ]] && . ~/dotfiles/shell/.bashrc ]]
unset HOME_MANAGERR_MANAGED
'';
};
programs.zsh = {
enable = mkDefault true;
initExtra =
''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
''
+ common_functions "zsh";
oh-my-zsh = {
enable = mkDefault true;
theme = "robbyrussell";
extraConfig = ''
DISABLE_MAGIC_FUNCTIONS="true"
'';
plugins = [
"git"
];
};
};
};
}

138
home/common/theme.nix
View File

@ -1,138 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.theming;
mkDefaultStylix = lib.mkOverride 999;
toCaps = s:
with lib.strings;
with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s) - 1) s);
inherit (lib.strings) toUpper toLower;
mkCtp = flavor: accent:
with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override {
variant = toLower flavor;
accent = toLower accent;
};
icons = catppuccin-papirus-folders.override {
flavor = toLower flavor;
accent = toLower accent;
};
gtk = catppuccin-gtk.override {
variant = toLower flavor;
accents = [(toLower accent)];
};
};
};
ctp = with cfg.catppuccin; mkCtp flavor accent;
in {
options.nixfiles.theming = {
enable = lib.mkEnableOption "nixfiles theming options";
catppuccin = {
themeDPI = lib.mkOption {
description = "Catppuccin theme DPI preset";
type = with lib.types; oneOf (mapAttrsToList (k: v: k) ctp.names.gtk);
default = "normal";
};
flavor = lib.mkOption {
description = "Catppuccin flavor";
type = lib.types.str;
default = "mocha";
};
accent = lib.mkOption {
description = "Catppuccin accent";
type = lib.types.str;
default = "mauve";
};
};
};
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = with pkgs;
[
ubuntu_font_family
]
++ lib.mapAttrsToList (k: v: v) ctp.packages;
gtk = {
enable = true;
font = lib.mkIf (!(config.stylix.enable)) (lib.mkDefault {
name = "Ubuntu";
package = pkgs.ubuntu_font_family;
size = lib.mkDefault 12;
});
theme = lib.mkDefault {
package = pkgs.gnome-themes-extra;
name = "Adwaita-dark";
};
iconTheme = lib.mkDefault {
name = ctp.names.icons;
package = ctp.packages.icons;
};
};
stylix = {
enable = true;
autoEnable = true;
cursor = {
package = mkDefaultStylix ctp.packages.cursors;
name = mkDefaultStylix ctp.names.cursors;
size = mkDefaultStylix 24;
# x11.enable = lib.mkDefault true;
# gtk.enable = lib.mkDefault true;
};
fonts = let
ubuntu = pkgs.ubuntu_font_family;
in {
# packages = with pkgs; [
# ubuntu_font_family
# noto-fonts-emoji-blob-bin
# ];
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
};
monospace = {
package = ubuntu;
name = "Ubuntu Mono";
};
sansSerif = {
package = ubuntu;
name = "Ubuntu";
};
sizes = {
applications = 13;
desktop = 13;
popups = 13;
terminal = 13;
};
};
};
};
}

78
home/common/wm.nix Normal file
View File

@ -0,0 +1,78 @@
{ pkgs, lib, config, osConfig ? {}, options, ...}:
let
cfg = config.nixfiles.common.wm;
inherit (lib) mkDefault;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in
{
options.nixfiles.common.wm = {
enable = lib.mkEnableOption "common window manager config";
};
config = lib.mkIf cfg.enable {
# Common options for standalone window managers; many of these (or
# alternatives thereof) are pulled in by desktop environments.
qt.enable = true;
qt.platformTheme = "qtct";
qt.style.name = "kvantum";
home.packages = with pkgs; let
pcmanfm-qt-shim = writeShellScriptBin "pcmanfm" ''
exec "${pcmanfm-qt}/bin/pcmanfm-qt" "$@"
'';
in [
qt5ct
qt6ct
swaybg
swayidle
libsForQt5.qtstyleplugin-kvantum
pcmanfm-qt
pcmanfm-qt-shim
wlr-randr
nwg-look
nwg-displays
# very consistent
(catppuccin-papirus-folders.override {accent = "mauve"; flavor = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "Mauve"; variant = "Mocha"; })
catppuccin-cursors.mochaMauve
arc-theme
];
programs = {
swaylock = {
enable = true;
package = pkgs.swaylock-effects;
};
};
# File associations
xdg.mimeApps = {
enable = true;
defaultApplications = let
defaultBrowser = [ "firefox.desktop" ];
in mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
};
# this makes xdg.mimeApps overwrite mimeapps.list if it has been touched by something else
xdg.configFile."mimeapps.list" = {
force = true;
};
services = {
udiskie = {
enable = mkDefault true;
automount = mkDefault false;
};
};
};
}

115
home/common/wm/default.nix
View File

@ -1,115 +0,0 @@
{
pkgs,
lib,
config,
osConfig ? {},
options,
...
}: let
cfg = config.nixfiles.common.wm;
inherit (lib) mkDefault;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in {
options.nixfiles.common.wm = {
enable = lib.mkEnableOption "common window manager config";
autostart = lib.mkOption {
description = "List of window manager agnostic commnads to run at window manager startup";
type = lib.types.listOf lib.types.str;
default = [];
example = ["steam -silent"];
};
};
imports = [
./keybinds.nix
];
config = lib.mkIf cfg.enable {
# Common options for standalone window managers. many of these (or
# alternatives thereof) would normally be pulled in by desktop
# environments; we want to create a similar experience for window managers.
nixfiles.theming.enable = lib.mkDefault true;
nixfiles.programs.dunst.enable = lib.mkDefault true;
qt.enable = true;
qt.platformTheme.name = "qtct";
qt.style.name = "kvantum";
home.packages = with pkgs; let
pcmanfm-qt-shim = writeShellScriptBin "pcmanfm" ''
exec "${pcmanfm-qt}/bin/pcmanfm-qt" "$@"
'';
in [
libsForQt5.qt5ct
kdePackages.qt6ct
swaybg
swayidle
libsForQt5.qtstyleplugin-kvantum
playerctl
pcmanfm
ffmpegthumbnailer
wlr-randr
nwg-look
nwg-displays
# very consistent (ok it's actually a little better now)
(catppuccin-papirus-folders.override {
accent = "mauve";
flavor = "mocha";
})
(pkgs.catppuccin-kvantum.override {
accent = "mauve";
variant = "mocha";
})
catppuccin-cursors.mochaMauve
arc-theme
];
programs = {
waybar = {
enable = true;
};
swaylock = {
enable = true;
package = pkgs.swaylock-effects;
settings = {
image = "${pkgs.nixfiles-assets}/share/wallpapers/nixfiles-static/Djayjesse-finding_life.png";
scaling = "fill";
};
};
};
# File associations
xdg.mimeApps = {
enable = true;
defaultApplications = let
defaultBrowser = ["firefox.desktop"];
in
mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
};
# this makes xdg.mimeApps overwrite mimeapps.list if it has been touched by something else
xdg.configFile."mimeapps.list" = {
force = true;
};
services = {
playerctld.enable = mkDefault true;
udiskie = {
enable = mkDefault true;
automount = mkDefault false;
};
};
};
}

51
home/common/wm/keybinds.nix
View File

@ -1,51 +0,0 @@
{
pkgs,
config,
lib,
outputs,
...
}: let
df = lib.mkDefault;
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) value);
# not rewriting this rn
keysetting = "${outputs.packages.${pkgs.system}.wm-helpers}/bin/keysetting";
in {
options.nixfiles.common.wm = {
keybinds = lib.mkOption {
description = ''
Attribute set containing wm-independent XF86 keysyms and associated
commands (without the XF86 prefix)
'';
type = with lib.types; attrsOf str;
default = {};
example = {
XF86AudioPlay = "playerctl play-pause";
};
};
finalKeybinds = lib.mkOption {
description = "Keysyms with XF86 prefix";
type = with lib.types; attrsOf str;
default = mkxf config.nixfiles.common.wm.keybinds;
readOnly = true;
};
};
config = {
nixfiles.common.wm.keybinds = {
AudioRaiseVolume = df "${keysetting} volumeup";
AudioLowerVolume = df "${keysetting} volumedown";
AudioMute = df "${keysetting} mute";
AudioMicMute = df "${keysetting} micmute";
KbdBrightnessDown = df "${keysetting} keydown";
KbdBrightnessUp = df "${keysetting} keyup";
MonBrightnessDown = df "${keysetting} mondown";
MonBrightnessUp = df "${keysetting} monup";
AudioPlay = df "playerctl play-pause";
AudioPrev = df "playerctl previous";
AudioNext = df "playerctl next";
};
};
}

43
home/default.nix
View File

@ -1,27 +1,17 @@
{
pkgs,
config,
lib,
options,
osConfig ? {},
nixpkgs,
home-manager,
inputs,
...
} @ args: let
isStandalone = osConfig ? home-manager;
{ pkgs, config, lib, options, osConfig ? { }, nixpkgs, home-manager, ... }@args:
let
isStandalone = with builtins; !( (typeOf osConfig == "set") && hasAttr "home-manager" osConfig );
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in {
in
{
imports = [
./common
./package-sets
./profile
./programs
./sessions
# modules
./stylix.nix # imports inputs.stylix
./helpers
];
config = {};
options.nixfiles = {
@ -33,7 +23,7 @@ in {
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) {inherit pkgs;};
default = (import ../lib/nixfiles) pkgs;
readOnly = true;
};
@ -61,29 +51,14 @@ in {
meta.graphical = lib.mkOption {
description = "Whether to enable graphical home-manager applications";
type = lib.types.bool;
default = osConfig ? services && osConfig.services.xserver.enable;
default = (osConfig ? services && osConfig.services.xserver.enable);
example = true;
};
meta.wayland = lib.mkOption {
description = "Whether to prefer wayland packages and configuration";
type = lib.types.bool;
default = (lib.hasAttrByPath ["nixfiles" "meta" "wayland"] osConfig) && osConfig.nixfiles.meta.wayland;
default = (lib.hasAttrByPath [ "nixfiles" "meta" "wayland" ] osConfig) && osConfig.nixfiles.meta.wayland;
example = true;
};
workarounds.nvidiaPrimary = lib.mkOption {
description = "Whether to enable workarounds for NVIDIA as the primary GPU";
default = osConfig.nixfiles.workarounds.nvidiaPrimary or false;
example = true;
type = lib.types.bool;
};
path = lib.mkOption {
description = "The absolute path of the nixfiles flake";
type = lib.types.str;
default = "${config.home.homeDirectory}/nixfiles";
defaultText = "\${config.home.homeDirectory}/nixfiles";
example = "/etc/nixos";
};
};
}

6
home/helpers/default.nix Normal file
View File

@ -0,0 +1,6 @@
{...}:
{
imports = [
./swaylock.nix
];
}

19
home/helpers/swaylock.nix Normal file
View File

@ -0,0 +1,19 @@
# This module doesn't configure swaylock on its own (swaylock doesn't have a
# config file), it just produces a "finalCommand" option which can be consumed
# by other functions, and provides a central place to configure it from other
# modules (e.g., to make theming easier). I only want to configure
{ pkgs, config, lib, ... }:
let
inherit (lib) mkOption;
inherit (lib.types) nullOr bool int str path;
in
{
options.nixfiles.helpers.swaylock = {
wallpaper = lib.mkOption {
description = "Wallpaper to show on swaylock";
type = nullOr path;
default = null;
example = "femboy-bee.png";
};
};
}

73
home/package-sets/communication.nix
View File

@ -1,59 +1,40 @@
{
pkgs,
lib,
config,
osConfig ? {},
inputs,
...
}: let
{ pkgs, lib, config, osConfig ? {}, inputs, ... }:
let
cfg = config.nixfiles.packageSets.communication;
vesktop-ozone-cmd = let
extraFlags = lib.optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 vesktop${extraFlags}";
waitNet = pkgs.writeShellScript "wait-network" ''
until ${pkgs.curl}/bin/curl -fs https://www.google.com &>/dev/null; do
sleep 5
((counter++)) && ((counter>=60)) && break
done
exec "$@"
'';
in {
rustdesk-pkg = if (lib.strings.hasInfix "23.11" lib.version) then
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.rustdesk-flutter
else
pkgs.rustdesk-flutter;
in
{
options.nixfiles.packageSets.communication = {
enable = lib.mkEnableOption "communication package set";
};
config = lib.mkIf cfg.enable {
xdg.desktopEntries.vesktop = lib.mkIf config.nixfiles.meta.graphical {
categories = ["Network" "InstantMessaging" "Chat"];
exec = vesktop-ozone-cmd + " %U";
genericName = "Internet Messenger";
icon = "vesktop";
name = "Vesktop";
type = "Application";
categories= ["Network" "InstantMessaging" "Chat"];
# exec="env NIXOS_OZONE_WL=1 vesktop %U";
exec="vesktop %U";
genericName="Internet Messenger";
icon="vesktop";
name="Vesktop";
type="Application";
settings = {
StartupWMClass = "Vesktop";
Keywords = "discord;vencord;electron;chat";
StartupWMClass="Vesktop";
Keywords="discord;vencord;electron;chat";
};
};
nixfiles.common.wm.autostart = lib.optionals config.nixfiles.meta.graphical [
(waitNet + " " + vesktop-ozone-cmd + " --start-minimized")
home.packages = with pkgs; lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-pkg
] ++ [
irssi
];
home.packages = with pkgs;
lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-flutter
tor-browser
onionshare
]
++ [
irssi
];
};
}

4
home/package-sets/default.nix
View File

@ -1,9 +1,9 @@
{...}: {
{...}:
{
imports = [
./communication.nix
./dev.nix
./multimedia.nix
./productivity.nix
./gaming.nix
];
}

19
home/package-sets/dev.nix
View File

@ -1,23 +1,14 @@
{
pkgs,
lib,
config,
osConfig ? {},
...
}: let
{ pkgs, lib, config, osConfig ? {}, ... }:
let
cfg = config.nixfiles.packageSets.dev;
in {
in
{
options.nixfiles.packageSets.dev = {
enable = lib.mkEnableOption "development package set";
};
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
withPython3 = true;
withNodeJs = true;
withRuby = true;
};
home.packages = with pkgs; [
neovim
ripgrep
fd
bat

55
home/package-sets/gaming.nix
View File

@ -1,55 +0,0 @@
{
config,
osConfig ? {},
lib,
pkgs,
...
}: let
cfg = config.nixfiles.packageSets.gaming;
default = osConfig.nixfiles.packageSets.gaming.enable or false;
in {
config = lib.mkIf cfg.enable {
nixpkgs.overlays = let
in
lib.mkAfter [];
nixfiles.common.wm.autostart = [
"steam -silent"
];
home.packages = with pkgs;
[
ludusavi
rclone # needed to sync ludusavi
protontricks
]
++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
lucem
];
};
options.nixfiles.packageSets.gaming = {
enable = lib.mkOption {
description = "Whether to install gaming-related packages";
inherit default;
type = lib.types.bool;
example = true;
};
enableLaunchers = lib.mkOption {
description = ''
Whether to install launchers as user-level config. This is left
disabled by default as to not conflict with any game launchers provided
by the user's distribution (for example, installing another Steam on
the Steam Deck seems like an absolutely AWFUL idea). Nix (on non-NixOS)
also has not-so-great handling of OpenGL, so launchers should probably
be installed via the user's distribution instead.
'';
type = lib.types.bool;
default = false;
example = true;
};
};
}

66
home/package-sets/multimedia.nix
View File

@ -1,15 +1,11 @@
{
config,
lib,
pkgs,
osConfig ? {},
...
}: let
{ config, lib, pkgs, osConfig ? { }, ...}:
let
cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optionals mkEnableOption mkIf;
default = osConfig ? nixfiles && osConfig.nixfiles.packageSets.multimedia.enable;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in {
in
{
options.nixfiles.packageSets.multimedia = {
enable = lib.mkOption {
description = "Whether to enable multimedia packages";
@ -20,43 +16,37 @@ in {
};
config = mkIf cfg.enable {
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
]
++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
mpv
gimp-with-plugins
krita
inkscape
obs-studio
nomacs
audacity
picard
] ++ [
yt-dlp
gallery-dl
imagemagick
ffmpeg
];
xdg.mimeApps.defaultApplications = lib.mkMerge [
# project files
(mkOverrideEach 100 {
"image/x-xcf" = ["gimp.desktop"];
"image/x-compressed-xcf" = ["gimp.desktop"];
"image/x-krita" = ["krita.desktop"];
"application/x-audacity-project" = ["audacity.desktop"];
"application/x-audacity-project+sqlite3" = ["audacity.desktop"];
"image/svg+xml" = ["org.inkscape.Inkscape.desktop"];
"image/svg+xml-compressed" = ["org.inkscape.Inkscape.desktop"];
"image/x-xcf" = [ "gimp.desktop" ];
"image/x-compressed-xcf" = [ "gimp.desktop" ];
"image/x-krita" = [ "krita.desktop" ];
"application/x-audacity-project" = [ "audacity.desktop" ];
"application/x-audacity-project+sqlite3" = [ "audacity.desktop" ];
"image/svg+xml" = [ "org.inkscape.Inkscape.desktop" ];
"image/svg+xml-compressed" = [ "org.inkscape.Inkscape.desktop" ];
})
# general files
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [nomacs mpv]))
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [ nomacs mpv ]))
# rest of the files
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [inkscape gimp audacity]))
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [ inkscape gimp audacity ]))
];
};
}

44
home/package-sets/productivity.nix
View File

@ -1,40 +1,16 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, config, ... }:
let
cfg = config.nixfiles.packageSets.productivity;
inherit (lib) optionals;
in {
in
{
config = lib.mkIf cfg.enable {
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
zen-browser-bin
# mapping/GIS
qgis
josm
]
++ [
pandoc
];
xdg.desktopEntries.obsidian = lib.mkIf config.nixfiles.meta.graphical {
categories = ["Office"];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = ["x-scheme-handler/obsidian"];
name = "Obsidian";
type = "Application";
};
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
] ++ [
pandoc
];
};
options.nixfiles.packageSets.productivity.enable = lib.mkEnableOption "the productivity package set";

199
home/profile/base.nix
View File

@ -1,12 +1,8 @@
{
lib,
pkgs,
config,
osConfig ? {},
...
}: let
{ lib, pkgs, config, osConfig ? { }, ... }:
let
cfg = config.nixfiles.profile.base;
in {
in
{
# imports = [
# ./comma.nix
# ];
@ -19,169 +15,42 @@ in {
config = lib.mkIf cfg.enable {
nixfiles.programs.comma.enable = true;
nixfiles.programs.neovim.enable = lib.mkDefault true;
nixfiles.common.nix.enable = true;
nixfiles.common.shell.enable = true;
home.sessionVariables = lib.mkMerge [
(lib.mkIf config.programs.neovim.enable {
MANPAGER = "nvim +Man!";
})
# configure terminfo since we're probably standalone
(lib.mkIf (!(osConfig ? environment)) {
TERMINFO_DIRS = let
terminfo-dirs = [
"${config.home.profileDirectory}/share/terminfo"
"/usr/share/terminfo"
];
in
builtins.concatStringsSep ":" terminfo-dirs;
})
];
programs.git = {
enable = lib.mkDefault true;
maintenance.enable = lib.mkDefault true;
# default value is stateVersion dependent, doesn't evaluate after 25.05
# even if signing isn't configured for some reason
signing.format = lib.mkDefault "openpgp";
# TODO move this stuff to a zsh.nix or something; this is just a quick fix so home.sessionVariables works
home.shellAliases = {
v = "nvim";
};
# this allows `git config --global` commands to work by ensuring the
# presense of ~/.gitconfig. git will read from both files, and `git config`
# will not write to ~/.gitconfig when the managed config exists unless
# ~/.gitconfig also exists
home.activation.git-create-gitconfig =
lib.mkIf config.programs.git.enable
(lib.hm.dag.entryAfter ["writeBoundary"] ''
_nixfiles_git_create_gitconfig () {
if ! [[ -a "$HOME/.gitconfig" ]] ; then
touch "$HOME/.gitconfig"
fi
}
run _nixfiles_git_create_gitconfig
'');
programs.btop.enable = lib.mkDefault true;
programs.ranger = let
defaultTerminal = "kitty";
# defaultTerminal =
# if config.programs.kitty.enable then "kitty"
# else null;
in {
enable = lib.mkDefault true;
settings = lib.mkMerge [
{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
}
(lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})
];
};
programs.keychain = {
enable = lib.mkDefault true;
enableBashIntegration = lib.mkDefault true;
enableZshIntegration = lib.mkDefault true;
extraFlags = [
"--quiet"
"--systemd"
"--inherit"
"any-once"
"--noask"
];
programs.fzf.enable = true;
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
initExtra = ''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
'';
oh-my-zsh = {
enable = true;
theme = "robbyrussell";
extraConfig = ''
DISABLE_MAGIC_FUNCTIONS="true"
'';
plugins = [
"git"
];
};
};
# this fixes a lot of theme weirdness
# this actually breaks home-manager's icon/theme management
# home.file.".icons".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.dataHome}/icons";
# home.file.".themes".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.dataHome}/themes";
home.file.".icons".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.dataHome}/icons";
home.file.".themes".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.dataHome}/themes";
# some packages defined here may be redundant with packages on a non-NixOS
# home-manager setup, but it's better to have a consistent environment at
# the cost of slightly more space
home.packages = with pkgs; let
neofetch-hyfetch-shim = writeShellScriptBin "neofetch" ''
exec "${pkgs.hyfetch}/bin/neowofetch" "$@"
'';
in
[
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
git
git-lfs
stow
curl
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# for icat on all systems
kitty.kitten
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# files
restic
rclone
rmlint
ncdu
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
]
++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
home.packages = with pkgs; [
btop
fzf
zoxide
tmux
];
};
}

3
home/profile/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./base.nix
./pc.nix

12
home/profile/pc.nix
View File

@ -1,13 +1,9 @@
{
pkgs,
config,
osConfig ? {},
lib,
...
}: let
{ pkgs, config, osConfig ? {}, lib, ...}:
let
cfg = config.nixfiles.profile.pc;
default = osConfig ? nixfiles && osConfig.nixfiles.profile.pc.enable;
in {
in
{
options.nixfiles.profile.pc.enable = lib.mkOption {
description = "Whether to enable the personal computer profile";
type = lib.types.bool;

19
home/programs/comma.nix
View File

@ -1,12 +1,8 @@
{
lib,
pkgs,
config,
inputs,
...
} @ args: let
{ lib, pkgs, config, inputs, ... } @args:
let
cfg = config.nixfiles.programs.comma;
in {
in
{
imports = [
inputs.nix-index-database.hmModules.nix-index
];
@ -17,9 +13,8 @@ in {
config = {
programs.nix-index.symlinkToCacheHome = lib.mkDefault cfg.enable;
home.packages = with pkgs;
lib.optionals cfg.enable [
comma
];
home.packages = with pkgs; lib.optionals cfg.enable [
comma
];
};
}

6
home/programs/default.nix
View File

@ -1,9 +1,7 @@
{...}: {
{...}:
{
imports = [
./comma.nix
./mopidy.nix
./hypridle.nix
./dunst.nix
./neovim.nix
];
}

38
home/programs/dunst.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.dunst;
mkd = lib.mkDefault;
in {
options.nixfiles.programs.dunst = {
enable = lib.mkOption {
description = "Whether to enable the dunst configuration";
type = lib.types.bool;
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.dunst = {
enable = mkd true;
settings = {
global = {
# behavior
monitor = mkd 1;
markup = mkd "full";
show_age_threshold = mkd "60";
# appearance
follow = mkd "none";
font = mkd "Ubuntu 10";
alignment = mkd "left";
word_wrap = mkd true;
};
};
};
};
}

103
home/programs/hypridle.nix
View File

@ -1,103 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.nixfiles.services.hypridle;
inherit (lib.types) str int;
in {
options.nixfiles.services.hypridle = {
enable = lib.mkEnableOption "the hypridle configuration";
timeouts = let
mkTimeout = timeout: desc:
lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
in {
dpms = mkTimeout 300 "DPMS timeout";
lock = mkTimeout 360 "Lock timeout";
locked-dpms = mkTimeout 10 "DPMS timeout while locked";
};
commands = {
dpms-off = lib.mkOption {
description = "DPMS off command";
default = "hyprctl dispatch dpms off";
type = str;
};
dpms-on = lib.mkOption {
description = "DPMS on command";
default = "hyprctl dispatch dpms on";
type = str;
};
# lock = lib.mkOption {
# description = "Lock command";
# default = "${pkgs.swaylock}/bin/swaylock";
# type = str;
# };
# unlock = lib.mkOption {
# description = "Unlock command";
# default = "${pkgs.procps}/bin/pkill -USR1 swaylock";
# type = str;
# };
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
services.hypridle = {
enable = true;
settings = let
lock = pkgs.writeShellScript "lock-once" ''
${pkgs.procps}/bin/pgrep -x swaylock > /dev/null || "${config.programs.swaylock.package}/bin/swaylock"
'';
in {
listener = let
dpms-wrapped = pkgs.writeShellScript "dpms-wrapped" ''
exec ${cfg.commands.dpms-off}
'';
lock-dpms = pkgs.writeShellScript "lock-dpms" ''
${pkgs.procps}/bin/pgrep -x swaylock > /dev/null && "${dpms-wrapped}"
'';
in [
{
timeout = cfg.timeouts.dpms;
on-timeout = cfg.commands.dpms-off;
on-resume = cfg.commands.dpms-on;
}
# {
# timeout = cfg.timeouts.locked-dpms;
# on-timeout = "${lock-dpms}";
# on-resume = cfg.commands.dpms-on;
# }
{
timeout = cfg.timeouts.lock;
on-timeout = "${lock}";
}
{
timeout = cfg.timeouts.lock + cfg.timeouts.locked-dpms;
on-timeout = cfg.commands.dpms-off;
on-resume = cfg.commands.dpms-on;
}
];
general = {
lock_cmd = "${lock}";
unlock_cmd = "${pkgs.procps}/bin/pkill -x -USR1 swaylock";
before_sleep_cmd = "${config.programs.swaylock.package}";
ignore_dbus_inhibit = false;
# after_sleep_cmd = "echo 'Awake...'";
};
};
};
})
# why isn't this handled automatically??
(lib.mkIf config.services.hypridle.enable {
home.packages = with pkgs; [
hypridle
];
})
];
}

28
home/programs/mopidy.nix
View File

@ -1,30 +1,12 @@
{
lib,
pkgs,
config,
outputs,
osConfig ? {},
...
}: let
{ lib, pkgs, config, outputs, osConfig ? {}, ... }:
let
cfg = config.nixfiles.programs.mopidy;
in {
in
{
options.nixfiles.programs.mopidy = {
enable = lib.mkEnableOption "mopidy configuration";
};
config = lib.mkIf cfg.enable {
systemd.user.services = lib.mkIf config.services.mopidy.enable {
mopidy.Service = {
TimeoutStopSec = lib.mkDefault 10;
ExecStartPre = pkgs.writeShellScript "mopidy-wait-net" ''
until ${pkgs.curl}/bin/curl -fs https://www.google.com &>/dev/null ; do
sleep 5
((counter++)) && ((counter==60)) && break
done || true
# don't know why i need a true here
'';
};
};
xdg.configFile."mopidy/mopidy.conf".enable = lib.mkForce false;
services.mopidy = {
enable = lib.mkDefault true;
@ -43,7 +25,7 @@ in {
];
};
home.packages = with pkgs; [
(ncmpcpp.override {visualizerSupport = true;})
(ncmpcpp.override { visualizerSupport = true; })
];
};
}

25
home/programs/neovim.nix
View File

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.neovim;
in {
options.nixfiles.programs.neovim.enable = lib.mkEnableOption "the Neovim configuration";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
vimAlias = lib.mkDefault true;
withPython3 = lib.mkDefault true;
defaultEditor = lib.mkDefault true;
extraPackages = with pkgs; [
lua-language-server
rust-analyzer
vscode-langservers-extracted
pyright
gcc
];
};
};
}

8
home/root.nix
View File

@ -1,12 +1,8 @@
# Configuration for root user.
# TODO this file is sorta an exception to my repo organization, it should
# probably be somewhere else.
{
config,
lib,
pkgs,
...
} @ args: {
{ config, lib, pkgs, ... }@args:
{
imports = [
./.
];

4
home/sessions/default.nix
View File

@ -1,6 +1,6 @@
{...}: {
{...}:
{
imports = [
./hyprland
./plasma.nix
];
}

297
home/sessions/hyprland/default.nix
View File

@ -1,63 +1,28 @@
{
lib,
pkgs,
config,
osConfig ? {},
outputs,
inputs,
...
} @ args: let
{ lib, pkgs, config, osConfig ? {}, outputs, inputs, ... }@args:
let
cfg = config.nixfiles.sessions.hyprland;
mkd = lib.mkDefault;
hyprland-pkg = config.wayland.windowManager.hyprland.finalPackage;
inherit (builtins) map;
# commands
terminal = "${pkgs.kitty}/bin/kitty";
files = "pcmanfm"; # this should be installed in path
files = "${pkgs.pcmanfm-qt}/bin/pcmanfm-qt";
rofi = "${pkgs.rofi-wayland}/bin/rofi";
notifydaemon = "${pkgs.dunst}/bin/dunst";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
polkit-agent = "${pkgs.kdePackages.polkit-kde-agent-1}/libexec/polkit-kde-authentication-agent-1";
polkit-agent = "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1";
grimblast = "${inputs.hyprwm-contrib.packages.${pkgs.system}.grimblast}/bin/grimblast";
swayidle = "${pkgs.swayidle}/bin/swayidle";
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
swaylock = "${pkgs.swaylock}/bin/swaylock";
hyprctl = "${hyprland-pkg}/bin/hyprctl";
pkill = "${pkgs.procps}/bin/pkill";
swaybg = "${pkgs.swaybg}/bin/swaybg";
hypridle = "${config.services.hypridle.package}/bin/hypridle";
lock-cmd = "${swaylock}";
mkKittyHdrop = name: command: let
class =
if builtins.isNull (builtins.match "[[:alnum:]_]+" name)
then throw "mkKittyHdrop: window name should be an alphanumeric string"
else "kitty-${name}";
wrappedCommand = pkgs.writeShellScript "hdrop-${name}" ''
exec bash -c ${lib.escapeShellArg command}
'';
in "hdrop -f -c ${class} 'kitty --class=${class} ${wrappedCommand}'";
# lock-cmd = let
# cmd = pkgs.writeShellScript "lock-script" ''
# ${swayidle} -w timeout 10 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on' &
# ${swaylock}
# kill %%
# '';
# in "${cmd}";
# idle-cmd = "${swayidle} -w timeout 315 '${lock-cmd}' timeout 300 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on' before-sleep '${lock-cmd}' lock '${lock-cmd}' unlock '${pkill} -USR1 -x swaylock'";
# idle-cmd = "${swayidle} -w timeout 300 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on'";
# idle-cmd = "${hypridle}";
# idle-cmd = "${pkgs.coreutils}/bin/true";
idle-cmd = pkgs.writeShellScript "idle-dpms-lock" ''
${swayidle} timeout 10 'pgrep -x swaylock > /dev/null && hyprctl dispatch dpms off' \
resume 'hyprctl dispatch dpms on'
'';
idle-cmd = "${swayidle} -w timeout 300 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on'";
hypr-dispatcher-package = pkgs.callPackage ./dispatcher {hyprland = hyprland-pkg;};
hypr-dispatcher-package = pkgs.callPackage ./dispatcher { hyprland = hyprland-pkg; };
hypr-dispatcher = "${hypr-dispatcher-package}/bin/hypr-dispatcher";
wallpaper-package = "${pkgs.nixfiles-assets}";
@ -65,30 +30,27 @@
wallpaper-cmd = "${swaybg} -i ${wallpaper-package}/share/wallpapers/${wallpaper}";
# https://github.com/flatpak/xdg-desktop-portal-gtk/issues/440#issuecomment-1900520919
xdpg-workaround =
pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
xdpg-workaround = pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
''
${pkgs.coreutils}/bin/sleep 3
${pkgs.systemd}/bin/systemctl --user import-environment PATH
${pkgs.systemd}/bin/systemctl --user restart xdg-desktop-portal.service
'';
bar-cmd = "${pkgs.waybar}/bin/waybar";
# Hyprland workspace configuration
mainWorkspaces = builtins.genList (x: x + 1) (9 ++ [0]);
mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]);
workspaceName = key: let
inherit (builtins) hasAttr;
keyNames = {
"0" = "10";
};
in
if hasAttr key keyNames
then keyNames."${key}"
else key;
if hasAttr key keyNames then keyNames."${key}" else key;
inherit (outputs.packages.${pkgs.system}) wm-helpers;
keysetting = "${wm-helpers}/bin/keysetting";
in {
in
{
# FIXME this is temporary just to get it working, need to make wm-common an
# option first
# imports = [
@ -97,36 +59,18 @@ in {
options.nixfiles.sessions.hyprland = {
enable = lib.mkOption {
type = lib.types.bool;
default = if (builtins.hasAttr "home-manager" osConfig) then osConfig.nixfiles.sessions.hyprland.enable else false;
example = true;
description = "Whether to enable hyprland.";
type = lib.types.bool;
default =
if (builtins.hasAttr "home-manager" osConfig)
then osConfig.nixfiles.sessions.hyprland.enable
else false;
example = true;
};
autolock = lib.mkOption {
description = ''
Whether to automatically lock Hyprland upon logging in. This is useful
on a system with auto-login enabled, so that user programs can start
automatically with the system, but there is still an added layer of
security. This can be configured system-wide via
nixfiles.greetd.settings.autolock.
'';
type = lib.types.bool;
default = osConfig.nixfiles.programs.greetd.settings.autolock or false;
defaultText = "osConfig.nixfiles.programs.greetd.settings.autolock or false";
example = true;
};
};
config = lib.mkIf cfg.enable {
nixfiles.services.hypridle.enable = true;
nixfiles.common.wm.enable = true;
home.packages = with pkgs; [
kitty
kdePackages.dolphin
dolphin
rofi-wayland
wev
dunst
@ -134,21 +78,12 @@ in {
hypr-dispatcher-package
config.programs.swaylock.package
pkgs.swayidle
inputs.hyprwm-contrib.packages.${pkgs.system}.hdrop
];
programs.rofi = {
enable = lib.mkDefault true;
package = lib.mkDefault pkgs.rofi-wayland;
};
wayland.windowManager.hyprland = {
enable = true;
package = lib.mkIf (osConfig ? programs) (lib.mkDefault osConfig.programs.hyprland.package);
settings = {
# enable debug logging
debug.disable_logs = mkd false;
# Xwayland fix
xwayland.force_zero_scaling = mkd true;
@ -161,33 +96,28 @@ in {
# Execute your favorite apps at launch
# exec-once = waybar & hyprpaper & firefox
exec-once = let
wrapScope = cmd: "systemd-run --user --scope -- ${cmd}";
in
(lib.optional cfg.autolock lock-cmd)
++ (map wrapScope config.nixfiles.common.wm.autostart)
++ [
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
exec-once = [
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
];
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
# Some default env vars.
# env = mkd "XCURSOR_SIZE,24";
env = mkd "XCURSOR_SIZE,24";
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input = {
kb_layout = mkd "us";
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
kb_options = [
"compose:ralt"
];
@ -254,18 +184,18 @@ in {
};
master = {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = mkd "true";
};
gestures = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
};
misc = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
};
"$mod" = mkd "SUPER";
@ -277,98 +207,95 @@ in {
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind =
[
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
bind = [
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
"$mod, R, exec, ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
"$mod, f, fullscreen"
"$mod SHIFT, f, fakefullscreen"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
]
++ lib.optional config.nixfiles.programs.mopidy.enable
"$mod CTRL, n, exec, ${mkKittyHdrop "ncmpcpp" "ncmpcpp"}";
# show this file (help)
("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' " + args.vars.self.outPath + "/home/hyprland.nix")
];
# repeat, ignore mods
bindei =
lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindei = [
# Volume controls
",XF86AudioRaiseVolume, exec, ${keysetting} volumeup"
",XF86AudioLowerVolume, exec, ${keysetting} volumedown"
",XF86AudioMute, exec, ${keysetting} mute"
",XF86AudioMicMute, exec, ${keysetting} micmute"
# brightness
",XF86KbdBrightnessDown, exec, ${keysetting} keydown"
",XF86KbdBrightnessUp, exec, ${keysetting} keyup"
",XF86MonBrightnessDown, exec, ${keysetting} mondown"
",XF86MonBrightnessUp, exec, ${keysetting} monup"
];
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging

29
home/sessions/hyprland/dispatcher/default.nix
View File

@ -1,20 +1,19 @@
{
lib,
{ lib,
stdenvNoCC,
socat,
coreutils,
hyprland,
makeShellWrapper,
}: let
wrappedPath = lib.makeBinPath [coreutils socat hyprland];
makeShellWrapper }:
let
wrappedPath = lib.makeBinPath [ coreutils socat hyprland ];
in
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = ["installPhase"];
nativeBuildInputs = [makeShellWrapper];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeShellWrapper ];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}

39
home/sessions/plasma.nix
View File

@ -1,39 +0,0 @@
{
pkgs,
config,
lib,
osConfig ? {},
...
}: let
inherit (lib) mkOption mkEnableOption;
cfg = config.nixfiles.sessions.plasma;
in {
options.nixfiles.sessions.plasma = {
enable = lib.mkOption {
description = "Whether to enable the Plasma session home configuration.";
type = with lib.types; bool;
default = osConfig.nixfiles.sessions.plasma.enable or false;
example = true;
};
};
config = lib.mkIf cfg.enable {
# TODO make this a generic implementation
home.packages = let
startupScript =
pkgs.writeShellScript "autostart-script"
(lib.concatStringsSep "\n"
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
name = "home-manager-autostart";
desktopFilePkg = pkgs.makeDesktopItem {
inherit name;
desktopName = "Home Manager Autostart";
exec = startupScript;
};
autostartPkg = pkgs.runCommand name {} ''
mkdir -p $out/etc/xdg/autostart
ln -s "${desktopFilePkg}/share/applications/${name}.desktop" "$out/etc/xdg/autostart/"
'';
in [autostartPkg];
};
}

27
home/standalone.nix
View File

@ -1,27 +0,0 @@
# Home Manager default nixfiles entrypoint. This serves as an alternative to
# default.nix, which sets up some more appropriate options for home-manager
{
inputs,
pkgs,
config,
lib,
...
}: {
imports = [
./.
inputs.stylix.homeManagerModules.stylix
];
config = {
# bash is more common on my standalone machines for some reason (low
# powered things like raspberry pis, the default on steam deck, termux,
# etc.)
programs.bash.enable = lib.mkDefault true;
programs.home-manager.enable = lib.mkDefault true;
nixfiles = {
profile.base.enable = lib.mkDefault true;
packageSets = {
multimedia.enable = lib.mkDefault true;
};
};
};
}

32
home/stylix.nix
View File

@ -1,32 +0,0 @@
{
pkgs,
lib,
config,
inputs,
...
} @ args: {
imports = [];
config = {
stylix = lib.mkMerge [
{
targets.vim.enable = lib.mkDefault false;
targets.neovim.enable = lib.mkDefault false;
targets.gtk.enable = lib.mkDefault false;
targets.qt.enable = lib.mkDefault false;
targets.fzf.enable = lib.mkDefault false;
# the ring is styled light so it's light on light which looks worse than the default theme
targets.swaylock.enable = lib.mkDefault false;
targets.waybar.enable = lib.mkDefault false;
}
# only if styix is standalone
(lib.mkIf (!(args ? osConfig && args.osConfig ? stylix)) {
# all of this is documented in system/stylix.nix
autoEnable = lib.mkDefault config.stylix.enable;
enable = lib.mkDefault false;
image = lib.mkDefault "${pkgs.nixfiles-assets}/share/wallpapers/nixfiles-static/Djayjesse-finding_life.png";
base16Scheme = lib.mkDefault "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
})
];
};
}

38
hosts/nixos-wsl/configuration.nix
View File

@ -1,10 +1,5 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
vars,
...
}: {
config = {
networking.hostName = "nixos-wsl";
@ -14,27 +9,6 @@
};
wsl.interop.register = true;
users.users.${vars.username}.linger = true;
systemd.services = let
user = config.users.users.${vars.username};
mainUid = builtins.toString user.uid;
in {
# "user@${mainUid}" = {
# wantedBy = [ "multi-user.target" ];
# overrideStrategy = "asDropin";
# };
workaround-reisolate = {
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/sleep 10";
ExecStart = "${pkgs.systemd}/bin/systemctl isolate --no-block default.target";
Type = "oneshot";
RemainAfterExit = true;
};
description = "WSL startup workaround";
wantedBy = ["default.target"];
};
};
networking.networkmanager.enable = false;
programs.gnupg.agent = {
enable = true;
@ -42,17 +16,15 @@
};
fonts.packages = with pkgs; [
nerd-fonts.fira-code
(nerdfonts.override { fonts = [ "FiraCode" ]; })
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk
];
fileSystems."/mnt/wsl/instances/NixOS" = {
device = "/";
options = ["bind"];
options = [ "bind" ];
};
# standard disclaimer don't change this for any reason whatsoever
system.stateVersion = "23.11";
};
}

9
hosts/nixos-wsl/home.nix
View File

@ -1,12 +1,7 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
{
pkgs,
lib,
config,
osConfig ? {},
...
}: {
config = {
nixfiles = {
nixfiles = {
profile.base.enable = true;
packageSets.dev.enable = true;
packageSets.multimedia.enable = true;

54
hosts/nullbox/backup.nix
View File

@ -1,54 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) escapeShellArg;
secret = name: config.age.secrets."${name}".path;
fs = config.fileSystems."/srv/mcserver";
in {
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
systemd.services.restic-backups-system = {
path = with pkgs; [btrfs-progs];
};
services.restic.backups.system = {
# create an atomic backup
backupPrepareCommand = ''
set -Eeuxo pipefail
if btrfs subvol delete /srv/mcserver/@restic; then
echo "Old restic snapshot deleted.";
fi
btrfs subvol snapshot -r /srv/mcserver /srv/mcserver/@restic
'';
backupCleanupCommand = ''
btrfs subvolume delete /srv/mcserver/@restic
'';
rcloneConfigFile = secret "restic-rclone";
passwordFile = secret "restic-password";
repository = "rclone:restic:";
exclude = [
".snapshots"
];
paths = [
"/srv/mcserver/@restic"
"/persist/backup"
];
dynamicFilesFrom = ''
echo
'';
extraBackupArgs = [
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

91
hosts/nullbox/configuration.nix
View File

@ -1,89 +1,64 @@
# vim: set ts=2 sw=2 et:
# vim: set ts=2 sw=2 et:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, lib, pkgs, inputs, ... }:
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./impermanence.nix
./backup.nix
];
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
];
config = {
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/6AC23F0FC23EDF4F";
options = ["auto_cache" "nofail"];
options = [ "auto_cache" ];
};
"/.btrfsroot" = {
options = ["subvol=/"];
options = [ "subvol=/" ];
};
}
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
];
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.production;
hardware.nvidia.open = lib.mkForce false;
specialisation.plasma.configuration = {
system.nixos.tags = [ "Plasma" ];
nixfiles = {
session = "hyprland";
sessions.hyprland.enable = false;
sessions.plasma.enable = true;
};
};
hardware.cpu.intel.updateMicrocode = true;
services.udev.extraRules = ''
# motherboard has a faulty USB hub or something; whenever *any* program
# tries to enumerate USB devices (which is a lot of programs for some
# reason), it hangs for several seconds. this disables the faulty hub.
SUBSYSTEMS=="usb", ACTION=="add", KERNEL=="usb2", ATTRS{idVendor}=="1d6b", ATTRS{idProduct}=="0003", ATTRS{serial}=="0000:00:14.0", ATTRS{busnum}=="2", ATTR{authorized}="0"
'';
hardware.cpu.intel.updateMicrocode = true;
# nixfiles
nixfiles = {
profile.workstation.enable = true;
profile.pc.enable = true;
programs.adb.enable = true;
workarounds.nvidiaPrimary = true;
programs.greetd = {
settings = {
randr = ["--output" "HDMI-A-3" "--off"];
autologin = false;
autologinUser = "nullbite";
autolock = false;
};
preset = "tuigreet";
};
programs.unbound.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries = {
windows = {
name = "Windows Boot Manager";
efiPartUUID = "6fc437f5-b917-42b2-9d5d-1439a14e105b";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
sessions.plasma.enable = lib.mkDefault false;
sessions.hyprland.enable = lib.mkDefault true;
sessions.hyprland.useFlake = true;
hardware.nvidia.modesetting.enable = true;
packageSets.gaming.enable = true;
};
@ -106,8 +81,6 @@
};
};
boot.kernelPackages = pkgs.linuxPackages_6_12;
networking.wg-quick.interfaces.wg0 = {
configFile = "/etc/wireguard/wg0.conf";
autostart = true;
@ -118,6 +91,7 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "nullbox";
# Pick only one of the below networking options.
@ -125,7 +99,8 @@
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
time.timeZone = "America/New_York";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
@ -140,4 +115,6 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

96
hosts/nullbox/hardware-configuration.nix
View File

@ -1,77 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@root"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@root" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/srv/mcserver-old" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver-old/.snapshots" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver/.snapshots" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
swapDevices = [
{device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785";}
];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

12
hosts/nullbox/home.nix
View File

@ -1,9 +1,5 @@
{ lib, pkgs, osConfig, ... }:
{
lib,
pkgs,
osConfig,
...
}: {
imports = [
];
@ -15,13 +11,7 @@
wayland.windowManager.hyprland.settings = {
monitor = [
"HDMI-A-3,disable"
"Unknown-1,disable"
"DP-3,highrr,auto,1"
# this is the "proper" multi monitor config but hyprland's multi
# monitor system scares me so i am going to keep the other one disabled
# still. i might need something called hyprsome or something
# "HDMI-A-3,highrr,0x0,1,transform,1"
# "DP-3,highrr,1024x160,1"
];
};
};

145
hosts/nullbox/impermanence.nix
View File

@ -1,145 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
inherit (lib) escapeShellArg;
# (wip) more configurable than old one, will be used by volatile btrfs module
mkBtrfsInit = {
volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume,
}: ''
mkdir -p /btrfs_tmp
mount ${escapeShellArg volume} /btrfs_tmp -o subvol=/
# ensure subvol parent directory exists
mkdir -p $(dirname /btrfs_tmp/${escapeShellArg volatileRoot})
if [[ -e /btrfs_tmp/${escapeShellArg volatileRoot} ]] ; then
mkdir -p /btrfs_tmp/${escapeShellArg oldRoots}
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${escapeShellArg volatileRoot})" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/${escapeShellArg volatileRoot} /btrfs_tmp/${escapeShellArg oldRoots}/"$timestamp"
fi
btrfs subvolume create /btrfs_tmp/${escapeShellArg volatileRoot}
umount /btrfs_tmp
# TODO implement deletion once system is booted. the old implementation did
# it here, which is not safe until system time is at least monotonic.
# systemd tmpfiles is good enough, just mount it to somewhere in /run
'';
root_vol = "/dev/archdesktop/root";
in {
config = lib.mkIf (!(config.virtualisation ? qemu)) {
fileSystems."/persist" = {
neededForBoot = true;
device = root_vol;
fsType = "btrfs";
options = ["subvol=/nixos/@persist"];
};
# TODO volatile btrfs module
boot.initrd.postDeviceCommands = lib.mkAfter (mkBtrfsInit {
volume = root_vol;
volatileRoot = "/nixos/volatile";
oldRoots = "/nixos/old_roots";
});
fileSystems."/" = lib.mkForce {
device = root_vol;
fsType = "btrfs";
options = ["subvol=/nixos/volatile"];
};
# agenix fix
fileSystems."/etc/ssh".neededForBoot = true;
environment.persistence = {
"/persist/nobackup" = {
hideMounts = true;
directories = [
"/var/lib/systemd/coredump"
"/var/lib/flatpak"
"/var/log"
];
files = [
"/var/lib/systemd/random-seed"
];
};
"/persist/backup" = {
hideMounts = true;
directories = [
# this affects generation/consistency of uids and gids, and should
# probably NEVER be excluded removed.
"/var/lib/nixos/"
# password files for user.user.<name>.hashedPasswordFile
{
directory = "/etc/passfile";
mode = "0700";
}
# persistent non-declarative config
"/etc/nixos"
"/etc/ssh"
{
directory = "/etc/wireguard";
mode = "0700";
}
# let's keep the root home dir as well
{
directory = "/root";
mode = "0700";
}
# system state
"/etc/NetworkManager/system-connections"
"/var/lib/bluetooth"
"/var/lib/blueman"
"/var/lib/cups"
"/var/lib/NetworkManager"
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timesync"
{
directory = "/var/lib/tailscale";
mode = "0700";
}
"/var/lib/unbound"
"/var/db/sudo/lectured"
# remember login stuff
{
directory = "/var/cache/tuigreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/cache/regreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/lib/regreet";
user = "greeter";
group = "greeter";
}
];
files = [
"/etc/machine-id"
];
};
};
users.mutableUsers = false;
users.users.nullbite.hashedPasswordFile = "/persist/passfile/nullbite";
users.users.root.hashedPasswordFile = "/persist/passfile/root";
};
}

13
hosts/nullbox/luks.nix
View File

@ -1,11 +1,8 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
usb = "903D-DF5B";
in {
in
{
config = {
# cryptsetup
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage"];
@ -19,7 +16,7 @@ in {
mount -n -t vfat -o ro `findfs UUID=${usb}` /key
'';
device = "/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
keyFile = "/key/image.png"; # yes it's literally an image file. bite me
allowDiscards = true;
fallbackToPassword = true;

109
hosts/nullbox/mcserver.nix
View File

@ -1,109 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.minecraft-servers;
in {
config = {
fileSystems = {
"/srv/mcserver".options = ["compress=zstd" "nofail"];
"/srv/mcserver/.snapshots".options = ["compress=zstd" "nofail"];
};
networking.firewall.trustedInterfaces = ["wg0"];
users = {
users = {
nullbite.extraGroups = ["minecraft"];
};
};
services.snapper = {
configs.mcserver = {
FSTYPE = "btrfs";
SUBVOLUME = "/srv/mcserver";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800;
TIMELINE_LIMIT_HOURLY = 36;
TIMELINE_LIMIT_DAILY = 14;
TIMELINE_LIMIT_WEEKLY = 4;
TIMELINE_LIMIT_MONTHLY = 12;
TIMELINE_LIMIT_YEARLY = 10000;
};
};
services.minecraft-servers = {
enable = true;
eula = true;
dataDir = "/srv/mcserver";
servers = let
# hack to make quilt work. requires manual installation.
# workaround for nix-minecraft#60
shimPackage = pkgs.writeShellScriptBin "minecraft-server" ''
exec ${pkgs.jre_headless}/bin/java $@ -jar ./quilt-server-launch.jar nogui
'';
nulllite-staging = let
commit = "b8c639a";
packHash = "sha256-HTDVIkcBf0DyLbSCuU08/HnEQuesi3cmXXhB4y4lyko=";
in
pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in {
nulllite-staging = {
useRecommendedDefaults = true;
enable = true;
autoStart = false;
modpack = nulllite-staging;
modpackSymlinks = ["mods"];
modpackFiles = ["config/"];
serverProperties.server-port = 25574;
serverProperties.motd = "staging server";
};
notlite = {
useRecommendedDefaults = true;
enable = true;
autoStart = true;
modpack = pkgs.modpacks.notlite;
modpackSymlinks = ["config/yosbr" "config/quilt-loader-overrides.json" "mods"];
modpackFiles = ["kubejs/"];
serverProperties = {
motd = "owo what's this (nix notlite edition)";
server-port = 25567;
"query.port" = 25567;
# more declarative
level-seed = "8555431723250870652";
level-type = "bclib:normal";
};
};
minecraft-nixtest = let
self = cfg.servers.minecraft-nixtest;
package = pkgs.quiltServers.quilt-1_20_1.override {loaderVersion = "0.21.0";};
in {
useRecommendedDefaults = true;
enable = false;
modpack = pkgs.modpacks.notlite;
# package = shimPackage;
autoStart = self.enable;
whitelist = {
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
};
modpackSymlinks = ["mods"];
modpackFiles = ["config/" "kubejs/"];
serverProperties = rec {
motd = "owo what's this (nix edition)";
server-port = 25568;
"query.port" = server-port;
};
};
};
};
};
}

6
hosts/nullbox/unbound.nix
View File

@ -1,9 +1,5 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
config = {
networking.networkmanager.dns = "none";
services.unbound.enable = true;

329
hosts/rpi4/authelia.nix
View File

@ -1,329 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) types mkIf optionalString;
inherit
(builtins)
isNull
any
all
attrValues
toString
;
inherit (config.services) nginx;
validAuthMethods = [
"regular"
"basic"
];
getUpstreamFromInstance = instance: let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
targetHost =
if host == "0.0.0.0"
then "127.0.0.1"
else if lib.hasInfix ":" host
then throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else host;
in "http://${targetHost}:${toString port}";
# use this when reverse proxying to authelia (and only authelia because i
# like the nixos recommended proxy settings better)
autheliaProxyConfig = pkgs.writeText "authelia-proxy-config.conf" ''
## Headers
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
## Basic Proxy Configuration
client_body_buffer_size 128k;
# Timeout if the real server is dead.
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
## Trusted Proxies Configuration
## Please read the following documentation before configuring this:
## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies
# set_real_ip_from 10.0.0.0/8;
# set_real_ip_from 172.16.0.0/12;
# set_real_ip_from 192.168.0.0/16;
# set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
## Advanced Proxy Configuration
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
'';
autheliaLocation = ''
internal;
## Headers
## The headers starting with X-* are required.
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Content-Length "";
proxy_set_header Connection "";
## Basic Proxy Configuration
proxy_pass_request_body off;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
client_body_buffer_size 128k;
## Advanced Proxy Configuration
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
'';
autheliaLocationConfig = pkgs.writeText "authelia-location.conf" autheliaLocation;
autheliaBasicLocationConfig = pkgs.writeText "authelia-location-basic.conf" ''
${autheliaLocation}
# Auth Basic Headers
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri;
'';
genAuthConfig = method: let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
in ''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
genAuthConfigPkg = method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in {
# authelia
options.services.nginx = let
mkAttrsOfSubmoduleOpt = module: lib.mkOption {type = with types; attrsOf (submodule module);};
# make system config accessible from submodules
systemConfig = config;
# submodule definitions
vhostModule = {
name,
config,
...
} @ attrs: {
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
example = "basic";
};
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations = let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
};
genLocationModule = vhostAttrs: {
name,
config,
...
}: let
vhostConfig = vhostAttrs.config;
in {
options.authelia.method = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
in {
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
# TODO check if any vhosts have authelia configured
config = let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
mkIf true {
assertions = [
{
assertion = all (
vhost: (!(isNull vhost.authelia.upstream)) -> (isNull vhost.authelia.endpoint.upstream)
) (attrValues nginx.virtualHosts);
message = "`services.nginx.virtualHosts.<name>.authelia.upstream` and `services.nginx.virtualHosts.<name>.authelia.endpoint.upstream` cannot be set at the same time.";
}
# {
# assertion = all (
# vhost: vhost.authelia.instance -> config.services.authelia.instances ? "${vhost.authelia.instance}"
# ) (attrValues nginx.virtualHosts);
# message = "`services.authelia.instances.<name>` must be configured if `services.nginx.virtualHosts.<name>.authelia.instance` is set.";
# }
];
};
}

46
hosts/rpi4/backup.nix
View File

@ -1,46 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
secret = name: config.age.secrets."${name}".path;
in {
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
services.restic.backups.system = {
rcloneConfigFile = secret "restic-rclone";
passwordFile = secret "restic-password";
repository = "rclone:restic:";
exclude = [
".snapshots"
"gdlmirror"
"gitea-dump-*"
"/var/lib/thelounge/storage"
];
paths = [
"/srv"
"/srv/media"
"/srv/syncthing"
"/srv/http"
"/opt"
"/var/lib/gitea"
"/var/lib/tailscale"
"/var/lib/private/anki-sync-server"
"/var/lib/thelounge"
"/var/lib/paperless"
"/etc"
];
dynamicFilesFrom = ''
echo
find /var/lib -mindepth 1 -maxdepth 1 -type d -name 'authelia-*'
'';
extraBackupArgs = [
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

185
hosts/rpi4/configuration.nix
View File

@ -1,185 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
./media-sync.nix
./backup.nix
];
fileSystems = let
mounts = [
"/nix"
"/"
"/.btrfsroot"
"/home"
"/opt/hassio"
"/opt/hassio/.snapshots"
];
fn = x: {options = ["compress=zstd" "commit=300" "noatime"];};
in
lib.genAttrs mounts fn;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible = {
enable = true;
configurationLimit = 5;
};
boot.kernelPackages = pkgs.linuxPackages_6_12;
nixfiles = {
profile.server.enable = true;
};
hardware.rtl-sdr.enable = true;
# VPN services
age.secrets.wg0 = {
file = ../../secrets/wireguard-rpi4.age;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
systemd.services.wg-quick-wg0.serviceConfig.execStartPre = pkgs.writeShellScript "wait-dns" ''
until ${lib.getExe pkgs.getent} ahostsv4 example.com ; do echo sleep 1 ; done
'';
networking.wg-quick.interfaces.wg0 = {
configFile = config.age.secrets.wg0.path;
autostart = true;
};
networking.firewall.trustedInterfaces = [
"wg0"
"tailscale0"
];
networking.firewall.allowedUDPPorts = [51820];
services.openssh = {
enable = true;
openFirewall = true;
};
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "rpi4";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
users.users.nullbite = {
isNormalUser = true;
extraGroups = ["wheel"];
uid = 1000;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
programs.neovim = {
enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

73
hosts/rpi4/gitea.nix
View File

@ -1,73 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.gitea;
in {
config = {
services.gitea = {
enable = true;
lfs.enable = true;
settings = {
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_PUSH_CREATE_PRIVATE = true;
};
server = {
ROOT_URL = "https://gitea.protogen.io/";
LANDING_PAGE = "explore";
OFFLINE_MODE = false;
};
service.DISABLE_REGISTRATION = true;
session = {
COOKIE_NAME = "session";
COOKIE_SECURE = false;
PROVIDER = "file";
};
# TODO package themes
ui = {
DEFAULT_THEME = "catppuccin-mocha-pink";
THEMES = let
ctpAttrs = {
flavor = ["latte" "frappe" "macchiato" "mocha"];
accent = [
"rosewater"
"flamingo"
"pink"
"mauve"
"red"
"maroon"
"peach"
"yellow"
"green"
"teal"
"sky"
"sapphire"
"blue"
];
};
ctpThemes =
lib.mapCartesianProduct
({
flavor,
accent,
}: "catppuccin-${flavor}-${accent}")
ctpAttrs;
in
lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
]
++ ctpThemes);
};
};
};
};
}

86
hosts/rpi4/hardware-configuration.nix
View File

@ -1,86 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/"];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/srv/syncthing" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@syncthing"];
};
fileSystems."/srv/media" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@media"];
};
fileSystems."/opt/hassio" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@hassio"];
};
fileSystems."/opt/hassio/.snapshots" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/snapshots/@hassio"];
};
swapDevices = [
{device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

6
hosts/rpi4/home.nix
View File

@ -1,6 +0,0 @@
{config, ...}: {
config = {
nixfiles.profile.base.enable = true;
programs.keychain.enable = false;
};
}

47
hosts/rpi4/media-sync.nix
View File

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
in {
config = {
nixfiles.programs.syncthing.enable = true;
systemd.timers.gallery-dl = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "13";
RandomizedDelaySec = "4m";
};
};
systemd.services.gallery-dl = {
path = with pkgs; [bash coreutils findutils gallery-dl];
serviceConfig = {
# none of your fucking business
# TODO move this into an agenix secret probably
ExecStart = "/srv/gallery-dl.sh";
Type = "oneshot";
User = "nullbite";
};
};
systemd.timers.gallery-dl-dedup = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "3h";
};
};
systemd.services.gallery-dl-dedup = {
path = with pkgs; [bash coreutils rmlint];
serviceConfig = {
# likewise
ExecStart = "/srv/gallery-dl-dedup.sh";
Type = "oneshot";
User = "nullbite";
};
};
};
}

50
hosts/rpi4/reddit-subscriptions.txt
View File

@ -1,50 +0,0 @@
Addons4Kodi
archlinux
AreTheStraightsOK
autism
beatsaber
Bitwarden
btd6
ConservativeRap
crackheadcraigslist
crackwatch
DataHoarder
Destiny2
DestinyMemes
DestinyTheGame
duolingo
ennnnnnnnnnnnbbbbbby
evilautism
femboymemes
feminineboys
flatpak
geometrydash
gocommitdie
homeassistant
ihaveihaveihavereddit
LinkedInLunatics
linux
linux_gaming
losercity
MINDWAVEgame
NixOS
NonBinaryTalk
okbuddyhetero
peepeeshart
pressureroblox
prismlauncher
programmingcirclejerk
regretevator
rust
rustjerk
selfhosted
Shark_Park
steam
SteamDeck
talesfromtechsupport
termux
theamazingdigitalciru
Ultrakill
unicodecirclejerk
VaushV
whenthe

556
hosts/rpi4/services.nix
View File

@ -1,556 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (config.age) secrets;
inherit (builtins) toString;
in {
imports = [
./gitea.nix
./authelia.nix
];
config = {
age.secrets.cloudflaredns = {
file = ../../secrets/cloudflare-dns.age;
group = "secrets";
};
age.secrets.htpasswd-cam = {
file = ../../secrets/htpasswd-cam.age;
group = "nginx";
mode = "0750";
};
age.secrets.htpasswd = {
file = ../../secrets/htpasswd.age;
group = "nginx";
mode = "0750";
};
age.secrets.authelia-users = {
file = ../../secrets/authelia-users.age;
group = "authelia-shared";
mode = "0750";
};
age.secrets.authelia-jwt = {
file = ../../secrets/authelia-jwt.age;
group = "authelia-shared";
mode = "0750";
};
age.secrets.authelia-storage = {
file = ../../secrets/authelia-storage.age;
group = "authelia-shared";
mode = "0750";
};
age.secrets.authelia-session = {
file = ../../secrets/authelia-session.age;
group = "authelia-shared";
mode = "0750";
};
age.secrets.anki = {
file = ../../secrets/anki-user.age;
};
age.secrets.homepage = {
file = ../../secrets/homepage.age;
};
age.secrets.paperless-admin = {
file = ../../secrets/paperless-admin.age;
};
users.groups.secrets = {};
users.users.acme.extraGroups = ["secrets"];
security.acme = {
acceptTerms = true;
maxConcurrentRenewals = 1;
defaults.email = "iancoguz@gmail.com";
certs = {
"protogen.io" = {
credentialFiles = {
"CLOUDFLARE_EMAIL_FILE" = pkgs.writeText "email" "iancoguz@gmail.com";
"CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflaredns.path;
};
dnsProvider = "cloudflare";
domain = "protogen.io";
extraDomainNames = [
"*.protogen.io"
"nullbite.com"
"*.nullbite.com"
"nullbite.dev"
"*.nullbite.dev"
"nbt.sh"
"*.nbt.sh"
"proot.link"
"*.proot.link"
"nullbite.xyz"
"*.nullbite.xyz"
];
};
};
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [
80
443
# this is needed for node to work for some reason
8123
];
users.groups.authelia-shared = {};
services.authelia.instances =
lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
};
services.redis = {
servers.authelia = {
enable = true;
};
};
users.users."${config.services.authelia.instances.main.user}".extraGroups = let
name = config.services.redis.servers.authelia.user;
in [name];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
commonHttpConfig = ''
port_in_redirect off;
'';
virtualHosts = let
useACMEHost = "protogen.io";
mkProxy = args @ {
upstream ? "http://127.0.0.1:${builtins.toString args.port}",
auth ? false,
authelia ? false,
extraConfig ? {},
...
}:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${builtins.toString port}";
# proxyWebsockets = true;
# };
# };
mkAuthProxy = port:
mkProxy {
inherit port;
authelia = true;
};
mkReverseProxy = port: mkProxy {inherit port;};
in
(lib.mapAttrs (domain: instance: {
forceSSL = true;
inherit useACMEHost;
authelia.endpoint = {inherit instance;};
}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
})
// {
"changedetection.protogen.io" = mkReverseProxy 5000;
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
"gitea.protogen.io" = mkReverseProxy 3000;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [
(mkProxy {
authelia = true;
upstream = "http://10.10.1.8:80";
})
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}
];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in
mkProxy {
authelia = true;
inherit port;
extraConfig = {
locations = lib.genAttrs ["/favicon.ico" "/autocompleter" "/opensearch.xml"] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};
};
# URL shortener
"nbt.sh" = mkProxy {
port = 8090;
extraConfig.serverAliases = ["proot.link"];
};
"admin.nbt.sh" = mkProxy {
authelia = true;
port = 8091;
extraConfig.serverAliases = ["admin.proot.link"];
};
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = ["x.protogen.io"];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = ["www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz"];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
};
};
};
# https://gethomepage.dev
services.homepage-dashboard = let
entry = name: value: {"${name}" = value;};
makeBookmark = name: {...} @ attrs: entry name [attrs];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({inherit abbr href;} // lib.optionalAttrs (icon != null) {inherit icon;});
in {
enable = true;
listenPort = 8089;
environmentFile = secrets.homepage.path;
# bookmarks customCSS customJS docker environmentFile kubernetes services settings widgets
settings = {
theme = "dark";
color = "slate";
};
widgets = [
(entry "resources" {
cpu = true;
memory = true;
disk = "/";
})
(entry "search" {
provider = "custom";
target = "_self";
url = "https://searx.protogen.io/search?q=";
suggestionUrl = "https://searx.protogen.io/autocompleter?q=";
showSearchSuggestions = true;
})
];
services = let
service = name: subdomain: icon: {...} @ attrs:
entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
}
// attrs);
basicService = name: subdomain: icon: service name subdomain icon {};
in [
(entry "unsorted" [
(basicService "Firefly III" "firefly" "firefly-iii")
(basicService "Gitea" "gitea" "gitea")
(basicService "Home Assistant" "hass" "home-assistant")
(basicService "Node-RED" "node" "node-red")
(basicService "Zigbee2MQTT" "z2m" "zigbee2mqtt")
(basicService "Code Server (Home Assistant)" "vsc-hass" "vscode")
(basicService "Deemix" "deemix" "deemix")
(basicService "Miniflux" "rss" "miniflux")
(basicService "mlmym" "blahaj" "lemmy-light")
(basicService "Octoprint" "print" "octoprint")
(basicService "SearXNG" "searx" "searxng")
(basicService "TheLounge" "lounge" "thelounge")
(basicService "Paperless" "paper" "paperless-ngx")
(entry "Shlink" {
href = "https://admin.nbt.sh";
icon = "shlink";
})
(basicService "Create Track Map" "trackmap" "")
((x:
service x x x {
widget = {
};
}) "changedetection")
(service "Uptime Kuma" "uptime" "uptime-kuma" {
widget = {
type = "uptimekuma";
url = "https://uptime.protogen.io";
slug = "all";
};
})
(service "Jellyfin" "room" "jellyfin" {
widget = {
type = "jellyfin";
url = "https://room.protogen.io";
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableBlocks = true;
enableNowPlaying = true;
enableUser = true;
};
})
])
];
bookmarks = [
(entry "Admin" [
(makeBookmark' "Backblaze" "backblaze" "BZ" "https://secure.backblaze.com/user_signin.htm")
(makeBookmark' "Cloudflare" "cloudflare" "CF" "https://dash.cloudflare.com")
(makeBookmark' "Porkbun" "porkbun" "PB" "https://porkbun.com/account/domainsSpeedy")
(makeBookmark' "Namecheap" "namechea" "NC" "https://ap.www.namecheap.com/")
])
(entry "Developer" [
(makeBookmark' "GitHub" "github" "GH" "https://github.com")
])
(entry "Local" [
(makeBookmark' "Syncthing" "syncthing" "ST" "http://127.0.0.1:8384")
(makeBookmark' "Iris" null "IR" "http://localhost:6680/iris/")
])
(entry "Entertainment" [
(makeBookmark' "Redlib" "redlib" "RL" "https://redlib.protogen.io")
])
];
};
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
};
# needed for mDNS in Home Assistant
networking.firewall.allowedUDPPorts = [5353];
systemd.services.redlib.environment = {
REDLIB_DEFAULT_SUBSCRIPTIONS = lib.pipe ./reddit-subscriptions.txt [
builtins.readFile
(lib.splitString "\n")
(lib.filter (x: x != ""))
(lib.concatStringsSep "+")
];
REDLIB_DEFAULT_SHOW_NSFW = "on";
REDLIB_DEFAULT_BLUR_NSFW = "on";
REDLIB_DEFAULT_BLUR_SPOILER = "on";
REDLIB_DEFAULT_USE_HLS = "on";
REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION = "on";
REDLIB_ENABLE_RSS = "on";
};
services.redlib = {
enable = true;
port = 8087;
};
services.thelounge = {
enable = true;
extraConfig = {
prefetch = true;
prefetchStorage = true;
prefetchMaxImageSize = 8192;
};
};
services.redis.servers.paperless.enable = true;
services.paperless = {
enable = true;
# default is "localhost", binding should not rely on DNS (even if
# localhost is hard-coded 99.999% of the time)
address = "127.0.0.1";
passwordFile = secrets.paperless-admin.path;
settings = {
PAPERLESS_ADMIN_USER = "nullbite";
PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}";
PAPERLESS_URL = "https://paper.protogen.io";
PAPERLESS_TIKA_ENABLED = true;
PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${toString config.services.gotenberg.port}";
};
};
users.users."${config.services.paperless.user}".extraGroups = let
name = config.services.redis.servers.paperless.group;
in [name];
services.gotenberg = {
enable = true;
port = 3002;
};
services.tika.enable = true;
services.anki-sync-server = {
enable = true;
address = "127.0.0.1";
users = [
{
username = "nullbite";
passwordFile = config.age.secrets.anki.path;
}
];
};
};
}

563
hosts/slab/configuration.nix
View File

@ -1,319 +1,270 @@
# vim: set ts=2 sw=2 et foldmethod=marker:
# vim: set ts=2 sw=2 et foldmethod=marker:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
vars,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
{ config, lib, pkgs, vars, ... }:
{
# nix.settings.experimental-features = ["nix-command" "flakes" ];
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = [ "subvol=/" ];
};
}
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
];
config = {
# nix.settings.experimental-features = ["nix-command" "flakes" ];
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = ["subvol=/"];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = {
device = "/boot/EFI/Linux";
options = ["bind"];
};
"/efi/EFI/nixos" = {
device = "/boot/EFI/nixos";
options = ["bind"];
};
})
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
}))
../../system # nixfiles modules
./nvidia-optimus.nix
];
# specialisation.plasma.configuration = {
# system.nixos.tags = [ "Plasma" ];
# nixfiles = {
# session = "plasma";
# };
# services.displayManager.sddm.enable = lib.mkForce true;
# # services.xserver.displayManager.startx.enable = lib.mkForce false;
# };
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
nixfiles.session = "hyprland";
};
nixfiles.supergfxd.profile = lib.mkDefault "Integrated";
specialisation.plasma.configuration = {
system.nixos.tags = [ "Plasma" ];
nixfiles = {
profile.workstation.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries.windows = {
name = "Windows Boot Manager";
efiPartUUID = "c8505f55-1f48-47fc-9b3b-3ba16062cafd";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
hardware.opengl.enable = true;
hardware.gps.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
programs = {
adb.enable = true;
unbound.enable = false;
greetd = {
settings = {
autologin = true;
autologinUser = "nullbite";
};
};
};
sessions.hyprland.enable = false;
sessions.plasma.enable = true;
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = ["quiet"];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device = "/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
};
};
# bootloader setup
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/efi";
};
# grub = {
# enable = true;
# efiSupport = true;
# device = "nodev";
# };
systemd-boot = {
enable = lib.mkForce (!config.boot.lanzaboote.enable);
xbootldrMountPoint = "/boot";
netbootxyz.enable = true;
memtest86.enable = true;
};
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings.reboot-for-bitlocker = true;
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable ["tcp://pixel.magpie-moth.ts.net:6000"];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
unitConfig.DefaultDependencies = "no";
});
# might make hibernate better idk
systemd.sleep.extraConfig = ''
disk=shutdown
'';
services.logind = {
lidSwitch = "lock";
suspendKey = "hibernate";
};
services.xserver.videoDrivers = ["amdgpu"];
# {{{ old config
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# }}}
# Set your time zone.
# time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;
# {{{ old config
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# users.users.nullbite = {
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# packages = with pkgs; [
# firefox
# keychain
# ];
# initialPassword = "changeme";
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
# keybindings = true;
# fuzzyCompletion = true;
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# curl
# git
# stow
# zsh
# ntfs3g
# fd
# ripgrep
# sbctl
# comma
# ];
# Allow unfree packages
# nixpkgs.config.allowUnfree = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh = {
# enable = true;
# openFirewall = true;
# settings = {
# };
# };
# services.tailscale.enable = true;
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
services.xserver.displayManager.sddm.enable = lib.mkForce true;
services.xserver.displayManager.startx.enable = lib.mkForce false;
};
# who needs a display manager?
services.xserver.displayManager.sddm.enable = false;
nixfiles = {
profile.pc.enable = true;
common.remoteAccess.enable = true;
hardware.opengl.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
sessions.hyprland.enable = lib.mkDefault true;
sessions.hyprland.useFlake = true;
sessions.plasma.enable = lib.mkDefault false;
programs = {
adb.enable = true;
unbound.enable = true;
greetd = {
preset = "tuigreet";
};
};
};
services.greetd.settings.initial_session = {
command = config.nixfiles.programs.greetd.settings.command;
user = "nullbite";
};
networking.hostName = "slab";
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = true;
preLVM = true;
};
};
# bootloader setup
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
# grub = {
# enable = true;
# efiSupport = true;
# device = "nodev";
# };
systemd-boot = {
enable = true;
netbootxyz.enable = true;
memtest86.enable = true;
# grr oem efi partitions
configurationLimit = 4;
};
};
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
unitConfig.DefaultDependencies = "no";
});
services.logind.lidSwitch = "lock";
services.xserver.videoDrivers = ["amdgpu"];
# {{{ old config
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# }}}
# Set your time zone.
time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;
# {{{ old config
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# users.users.nullbite = {
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# packages = with pkgs; [
# firefox
# keychain
# ];
# initialPassword = "changeme";
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
# keybindings = true;
# fuzzyCompletion = true;
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# curl
# git
# stow
# zsh
# ntfs3g
# fd
# ripgrep
# sbctl
# comma
# ];
# Allow unfree packages
# nixpkgs.config.allowUnfree = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh = {
# enable = true;
# openFirewall = true;
# settings = {
# };
# };
# services.tailscale.enable = true;
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

86
hosts/slab/hardware-configuration.nix
View File

@ -1,59 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs";
options = [ "subvol=nixos/@root" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/b9813c1d-5b6c-4026-9ee3-53ba80b90dc4";
# fsType = "ext4";
# };
fileSystems."/home" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs";
options = [ "subvol=/" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a";}
];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

19
hosts/slab/home.nix
View File

@ -1,10 +1,5 @@
{ lib, pkgs, osConfig, config, ... }:
{
lib,
pkgs,
osConfig,
config,
...
}: {
imports = [
../../home
];
@ -12,21 +7,9 @@
config = {
nixfiles = {
profile.base.enable = true;
common.wm.keybinds = {
Launch1 = "playerctl play-pause"; # ROG key
# Launch3="true"; # AURA fn key
# Launch4="true"; # fan control fn key
};
};
home.stateVersion = "23.11";
# TODO mkif stylix.enable; danth/stylix#216
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) {size = 32;};
stylix.cursor = lib.mkIf config.stylix.enable {size = 32;};
nixfiles.theming.catppuccin.themeDPI = "hdpi";
wayland.windowManager.hyprland.settings = {
monitor = ",preferred,auto,1.25";
};

25
hosts/slab/nvidia-optimus.nix
View File

@ -1,15 +1,12 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.supergfxd.enable = true;
specialisation = {
nvidia.configuration = {
system.nixos.tags = ["NVIDIA"];
system.nixos.tags = [ "NVIDIA" ];
nixfiles.supergfxd.profile = "Hybrid";
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = ["amdgpu" "nvidia"];
@ -17,23 +14,19 @@
hardware.nvidia = {
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = false;
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in
version;
package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = {
offload = {

109
hosts/slab/supergfxd.nix
View File

@ -1,71 +1,52 @@
{
pkgs,
lib,
config,
options,
...
} @ args: let
{ pkgs, lib, config, options, ... }@args:
let
gfx = {
Integrated = {
supergfxd = pkgs.writeText "supergfxd-integrated" ''
{
"mode": "Integrated",
"vfio_enable": false,
"vfio_save": false,
"always_reboot": false,
"no_logind": false,
"logout_timeout_s": 180,
"hotplug_type": "None"
}
{
"mode": "Integrated",
"vfio_enable": false,
"vfio_save": false,
"always_reboot": false,
"no_logind": false,
"logout_timeout_s": 180,
"hotplug_type": "None"
}
'';
# old def (keeping this here just in case
# modprobe = pkgs.writeText "supergfxd-integrated-modprobe" ''
# # Automatically generated by supergfxd
# blacklist nouveau
# alias nouveau off
# blacklist nvidia_drm
# blacklist nvidia_uvm
# blacklist nvidia_modeset
# blacklist nvidia
# alias nvidia off
# options nvidia-drm modeset=1
# '';
modprobe = pkgs.writeText "supergfxd-integrated-modprobe" ''
# Automatically generated by supergfxd
blacklist nouveau
blacklist nvidia_drm
blacklist nvidia_uvm
blacklist nvidia_modeset
blacklist nvidia
install nvidia_uvm /bin/false
install nvdia_drm /bin/false
install nvidia_modeset /bin/false
install nvidia /bin/false
install nouveau /bin/false
# Automatically generated by supergfxd
blacklist nouveau
alias nouveau off
blacklist nvidia_drm
blacklist nvidia_uvm
blacklist nvidia_modeset
blacklist nvidia
alias nvidia off
options nvidia-drm modeset=1
options nvidia-drm modeset=1
'';
};
Hybrid = {
supergfxd = pkgs.writeText "supergfxd-hybrid" ''
{
"mode": "Hybrid",
"vfio_enable": false,
"vfio_save": false,
"always_reboot": false,
"no_logind": false,
"logout_timeout_s": 180,
"hotplug_type": "None"
}
{
"mode": "Hybrid",
"vfio_enable": false,
"vfio_save": false,
"always_reboot": false,
"no_logind": false,
"logout_timeout_s": 180,
"hotplug_type": "None"
}
'';
modprobe = pkgs.writeText "supergfxd-hybrid-modprobe" ''
# Automatically generated by supergfxd
blacklist nouveau
alias nouveau off
options nvidia NVreg_DynamicPowerManagement=0x02
# Automatically generated by supergfxd
blacklist nouveau
alias nouveau off
options nvidia NVreg_DynamicPowerManagement=0x02
options nvidia-drm modeset=1
options nvidia-drm modeset=1
'';
};
};
@ -74,31 +55,23 @@
isKeyInAttrset = let
getKeys = attrset: lib.mapAttrsToList (name: _: name) attrset;
isInList = key: list: lib.any (x: x == key) list;
in
key: attrset: isInList key (getKeys attrset);
in key: attrset: isInList key (getKeys attrset);
inherit (lib) mkIf mkOption types;
in {
options = {
nixfiles.supergfxd.profile = mkOption {
type = types.nullOr (types.enum (builtins.attrNames gfx));
default = null;
type = types.str;
default = "";
example = "Integrated";
description = "supergfxd profile to use";
};
};
config = {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
etc = mkIf (!(cfg.profile == "")) {
# TODO figure out here how to assert if the value is in the gfx attrset
# TODO actually configure the system settings here
"supergfxd.conf" = {
source = gfx.${cfg.profile}.supergfxd;
mode = "0644";
};
"modprobe.d/supergfxd.conf" = {
source = gfx.${cfg.profile}.modprobe;
mode = "0644";
};
};
};
}

34
lib/nixfiles/default.nix
View File

@ -1,31 +1,7 @@
{...} @ attrs: let
# compatibility with old loading system (this looks awful fix this when i
# fully migrate to flake-parts). this constructs an attrset that resembles
# what the old args used to look like in attrs', so i don't have to rewrite
# all of the glue. it creates a fake pkgs value containing only `lib`.
#
# actually no idk if i can fix this because it needs to be accessible from
# everything (flake, nixos/home-manager modules, maybe derivations). this
# might be the best way to do this so i can pass in either pkgs or lib based
# on the current context, and just return relevant libraries based on that
# input.
#
# create empty `pkgs` with lib only `lib` attr as fallback
pkgs = attrs.pkgs or {inherit (attrs) lib;};
# inherit lib from whatever `pkgs` happens to be
pkgs:
let
inherit (pkgs) lib;
# compat
attrs' = attrs // {inherit pkgs;};
in
{
types = (import ./types.nix) attrs';
}
# only if an actual `pkgs` was passed
// lib.optionalAttrs (attrs ? pkgs) {
minecraft = (import ./minecraft.nix) attrs';
}
# modules that rely on `self` (flake)
// lib.optionalAttrs (attrs ? self) {
flake-legacy = (import ./flake-legacy.nix) attrs';
}
{
types = (import ./types.nix) pkgs;
}

259
lib/nixfiles/flake-legacy.nix
View File

@ -1,259 +0,0 @@
{
self,
lib,
moduleAttrs,
...
}: let
inherit (moduleAttrs.config.nixfiles.common) overlays;
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "Europe/Amsterdam";
# Variables to be passed to NixOS modules in the vars attrset
vars = {
inherit username mobileTimeZone self;
};
# funciton to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
inherit (self) inputs outputs;
inherit (inputs) nixpkgs nixpkgs-unstable home-manager home-manager-unstable;
in rec {
# This function produces a module that adds the home-manager module to the
# system and configures the given module to the user's Home Manager
# configuration
homeManagerInit = let
_username = username;
_nixpkgs = nixpkgs;
in
{
system,
nixpkgs ? _nixpkgs, # this is so modules can know which flake the system is using
home-manager ? inputs.home-manager,
username ? _username,
module ? _: {},
rootModule ? (import (self + "/home/root.nix")),
userModules ? {
${username} = [module];
root = [rootModule];
},
stateVersion ? null,
}: {
config,
lib,
pkgs,
...
}: let
mapUserModules = lib.attrsets.mapAttrs (user: modules: {lib, ...}: {
imports =
[
(self + "/home")
]
++ modules;
config = {
home = lib.mkIf (!(builtins.isNull stateVersion)) {inherit stateVersion;};
};
});
users = mapUserModules userModules;
in {
imports = [
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = lib.mkDefault false;
useUserPackages = lib.mkDefault true;
backupFileExtension = "hm.bak";
inherit users;
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
};
# TODO rewrite this so it follows the same wrapper pattern as
# mkHome This function produces a nixosSystem which imports
# configuration.nix and a Home Manager home.nix for the given user
# from ./hosts/${hostname}/
#
# nevermind i am migrating everything to flake-parts, i'm glad i
# never got around to this. i think the module system takes care of
# whatever the fuck godforsaken use-case i had for rewriting this
# (more ergonomic and/or default arguments or something).
mkSystemN = let
_username = username;
_overlays = overlays;
in
{
nixpkgs ? inputs.nixpkgs,
home-manager ? inputs.home-manager,
username ? _username,
entrypoint ? (self + "/system"),
modules ? [],
stateVersion ? null,
config ? {},
overlays ? _overlays,
system,
...
} @ args: let
_modules =
[entrypoint config]
++ modules
++ [
{
nixpkgs.config = {
inherit overlays;
allowUnfree = true;
};
}
]
++ lib.optional (args ? stateVersion) {config.system.stateVersion = stateVersion;};
in
nixpkgs.lib.nixosSystem {
};
mkSystem = let
_username = username;
_overlays = overlays;
_nixpkgs = nixpkgs;
in
{
system,
nixpkgs ? _nixpkgs,
home-manager ? inputs.home-manager,
overlays ? _overlays,
hostname,
username ? _username,
stateVersion,
extraModules ? [],
}:
nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
(self + "/system")
({
pkgs,
config,
lib,
...
} @ args: {
# Values for every single system that would not conceivably need
# to be made modular
system.stateVersion = stateVersion;
nixpkgs = {
inherit overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
})
(self + "/hosts/${hostname}/configuration.nix")
(homeManagerInit {
inherit nixpkgs home-manager;
module = import (self + "/hosts/${hostname}/home.nix");
inherit username system stateVersion;
})
]
++ extraModules;
specialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
mkWSLSystem = let
_username = username;
in
{
username ? _username,
extraModules ? [],
...
} @ args: let
WSLModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = username;
};
override = {extraModules = extraModules ++ [WSLModule];};
in
mkSystem (args // override);
mkISOSystem = system:
inputs.nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
"${inputs.nixpkgs-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
({
config,
pkgs,
lib,
...
}: {
environment.systemPackages = with pkgs; [
neovim
gparted
];
})
];
};
# Make a home-manager standalone configuration. This implementation is
# better than mkSystem because it extends homeManagerConfiguration.
mkHome = let
_home-manager = inputs.home-manager;
_nixpkgs = inputs.nixpkgs;
_username = username;
in
{
home-manager ? _home-manager,
nixpkgs ? _nixpkgs,
username ? _username,
homeDirectory ? "/home/${username}",
entrypoint ? (self + "/home/standalone.nix"),
modules ? [],
stateVersion ? null,
config ? {},
system,
...
} @ args: let
_modules =
[entrypoint]
++ modules
++ [config]
++ [
{
config = {
home = {
inherit username homeDirectory;
};
nixpkgs.config = {
allowUnfree = true;
};
};
}
]
++ lib.optional (args ? stateVersion) {config.home.stateVersion = stateVersion;};
in
home-manager.lib.homeManagerConfiguration ({
modules = _modules;
pkgs = import nixpkgs {inherit system overlays;};
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
# this is needed because modules don't use the default arg for some reason???
osConfig = {};
};
}
// builtins.removeAttrs args
["system" "nixpkgs" "home-manager" "modules" "username" "homeDirectory" "stateVersion" "entrypoint" "config"]);
}

79
lib/nixfiles/minecraft.nix
View File

@ -1,79 +0,0 @@
{pkgs, ...}: let
inherit (pkgs) lib;
in {
mkServer = {
modpack ? null,
modpackSymlinks ? [],
modpackFiles ? [],
jvmOpts ? null,
...
} @ opts: let
# log4j exploit is bad and scary and i have no idea if this is still needed
# but it's best to be on the safe side
jvmOptsPatched = let
requiredJvmOpts = "-Dlog4j2.formatMsgNoLookups=true";
in
if (!(builtins.isNull jvmOpts))
then requiredJvmOpts + " " + jvmOpts
else requiredJvmOpts;
symlinks = lib.genAttrs modpackSymlinks (path: "${modpack}/${path}");
files = lib.genAttrs modpackFiles (path: "${modpack}/${path}");
serverPackage = let
mcVersion = modpack.manifest.versions.minecraft;
fixedVersion = lib.replaceStrings ["."] ["_"] mcVersion;
quiltVersion = modpack.manifest.versions.quilt or null;
fabricVersion = modpack.manifest.versions.fabric or null;
loader =
if (!(builtins.isNull quiltVersion))
then "quilt"
else "fabric";
loaderVersion =
if loader == "quilt"
then quiltVersion
else fabricVersion;
in
pkgs.minecraftServers."${loader}-${fixedVersion}".override {inherit loaderVersion;};
in
lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# no telemetry
snooper-enabled = lib.mkDefault false;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts ["modpack" "modpackSymlinks" "modpackFiles" "jvmOpts"])
];
}

19
lib/nixfiles/module.nix
View File

@ -1,19 +0,0 @@
{
lib,
self,
...
} @ moduleAttrs: let
inherit (lib) types;
nixfiles-lib = (import ./.) {inherit lib self moduleAttrs;};
in {
options.nixfiles.lib = lib.mkOption {
description = "nixfiles library";
type = types.attrs;
readOnly = true;
default = nixfiles-lib;
};
config._module.args = {
inherit nixfiles-lib;
};
}

22
lib/nixfiles/types.nix
View File

@ -1,21 +1,13 @@
{pkgs, ...}: let
pkgs:
let
inherit (pkgs) lib;
inherit (lib.types) mkOptionType;
inherit (lib.options) mergeEqualOption;
in {
mkCheckedType = type:
mkOptionType {
name = "${type}";
description = "Attribute set of type ${type}";
descriptionClass = "noun";
merge = mergeEqualOption;
check = value: value._type or "" == "${type}";
};
in
{
flake = mkOptionType {
name = "flake";
description = "Nix flake";
name="flake";
description="Nix flake";
descriptionClass = "noun";
merge = mergeEqualOption;
check = value: value._type or "" == "flake";
};
merge = mergeEqualOption; check = (value: value._type or "" == "flake"); };
}

3
modules/home-manager/default.nix
View File

@ -1 +1,2 @@
_: {}
_:
{}

34
modules/nixos/adb-old.nix Normal file
View File

@ -0,0 +1,34 @@
{...}@moduleInputs:
{ config, lib, pkgs, ... }:
with lib;
let
extraPkgs = (moduleInputs.mkExtraPkgs pkgs.system);
in
{
meta.maintainers = [ maintainers.mic92 ];
disabledModules = [ "programs/adb.nix" ];
###### interface
options = {
programs.adb = {
enable = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc ''
Whether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group:
`users.users.alice.extraGroups = ["adbusers"];`
'';
};
};
};
###### implementation
config = mkIf config.programs.adb.enable {
services.udev.packages = [ extraPkgs.android-udev-rules ];
environment.systemPackages = [ extraPkgs.android-tools ];
users.groups.adbusers = {};
};
}

4
modules/nixos/default.nix
View File

@ -1,2 +1,4 @@
{...} @ moduleInputs: {
{...}@moduleInputs:
{
adb = (import ./adb-old.nix) moduleInputs;
}

20
overlays/README.md
View File

@ -1,20 +0,0 @@
# Overlays
This directory contains nixpkgs overlays which each serve some specific purpose.
## backports
This overlay defines programs that should be unconditionally backported from
nixpkgs-unstable. Packages backported in this overlay will be built using
inputs from the current system when possible, as to not unnecessarily increase
the closure size. This may result in unexpected breakages, as packages in
nixpkgs-unstable are built and tested against other such packages.
## mitigations
This overlay contains temporary fixes for build failures or other issues,
usually backported from the nixpkgs master branch. Each package defined in this
overlay shall automatically disable itself once a certain condition is met,
such as the upstream package being updated or the nixpkgs modification date
passing a certain time.
This is in place because I am extremely forgetful; I will almost certainly
forget to undo a temporary fix later, so this takes care of it for me.

68
overlays/backports.nix
View File

@ -1,68 +0,0 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable {
config.allowUnfree = true;
inherit (final) system;
};
inherit (final) callPackage kdePackages lib;
backport = let
_callPackage = callPackage;
in
{
pkgname,
callPackage ? _callPackage,
new ? pkgs-unstable,
override ? {},
}: let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
getAttr' = name: attrs:
if isString pkgname
then getAttr name attrs
else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in
if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
backport' = pkgname: backport {inherit pkgname;};
# defined locally to not pull in perl from unstable
stripJavaArchivesHook =
final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [final.strip-nondeterminism];
}
./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport {
pkgname = "obsidian";
override.electron = final.electron_28;
};
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
};
};
};
in {
config.flake.overlays.backports = overlay;
}

21
overlays/default.nix
View File

@ -1,21 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) composeManyExtensions;
cfg = config.flake.overlays;
in {
imports = [
./mitigations.nix
./backports.nix
./modpacks.nix
];
config.flake.overlays = {
default = with cfg;
composeManyExtensions [
backports
mitigations
];
};
}

142
overlays/mitigations.nix
View File

@ -1,142 +0,0 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath {
inherit (prev) system;
config.allowUnfree = true;
};
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
inherit (final) callPackage fetchFromGitHub;
inherit
(lib)
recurseIntoAttrs
optionalAttrs
versionOlder
versionAtLeast
;
pkgsFromFlake = flake: (import flake.outPath) {inherit (prev) system;};
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs:
if versionAtLeast ours.version theirs.version
then ours
else theirs;
pickNewer = ours: theirs:
if versionOlder theirs.version ours.version
then ours
else theirs;
hold = now: days: ours: theirs: let
seconds = days * 24 * 60 * 60;
endTimestamp = now + seconds;
in
if now < endTimestamp
then ours
else theirs;
optionalPkg = cond: val:
if cond
then val
else null;
gimp-with-plugins-good = let
badPlugins = ["gap"];
itemInList = list: item: lib.any (x: x == item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in
prev.gimp-with-plugins.override {inherit plugins;};
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in
{
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in
pickNewer old new;
gimp-with-plugins = gimp-with-plugins-good;
nwg-displays = let
stable = pkgsStable.nwg-displays;
unstable = prev.nwg-displays;
now = 1739114541;
in
hold now 7 stable unstable;
libreoffice = let
stable = pkgsStable.libreoffice;
unstable = prev.libreoffice;
now = 1739558971;
in
hold now 7 stable unstable;
gotenberg = let
stable = pkgsStable.gotenberg;
unstable = prev.gotenberg;
now = 1745707083;
in
hold now 90 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in
pickNewer redlib-new redlib;
rustdesk-flutter = let
stable = pkgsStable.rustdesk-flutter;
unstable = prev.rustdesk-flutter;
now = 1741899501;
in
hold now 7 stable unstable;
}
// (
lib.genAttrs [
"mopidyPackages"
"mopidy"
"mopidy-bandcamp"
"mopidy-iris"
"mopidy-jellyfin"
"mopidy-local"
"mopidy-moped"
"mopidy-mopify"
"mopidy-mpd"
"mopidy-mpris"
"mopidy-muse"
"mopidy-musicbox-webclient"
"mopidy-notify"
"mopidy-podcast"
"mopidy-scrobbler"
"mopidy-somafm"
"mopidy-soundcloud"
"mopidy-spotify"
"mopidy-subidy"
"mopidy-tidal"
"mopidy-tunein"
"mopidy-youtube"
"mopidy-ytmusic"
] (name: let
pkgs-mopidy = (import inputs.nixpkgs-mopidy) {inherit (prev) system;};
unstable = prev."${name}";
stable = pkgs-mopidy."${name}";
now = 1740786429;
in
# pin for at least 90 days because who knows when this will be fixed
# https://github.com/mopidy/mopidy/issues/2183
hold now 90 stable unstable)
);
in {
config.flake.overlays.mitigations = overlay;
}

40
overlays/modpacks.nix
View File

@ -1,40 +0,0 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in
final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [final.unzip];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
};
in {
modpacks = {
inherit notlite notlite-ctm-static;
};
};
in {
config.flake.overlays.modpacks = overlay;
}

16
overlays/strip-java-archives.sh
View File

@ -1,16 +0,0 @@
# This setup hook makes the fixup phase to repack all java archives in a
# deterministic fashion. The most important change being done is the resetting
# of the modification times of the archive entries
fixupOutputHooks+=('stripJavaArchivesIn $prefix')
stripJavaArchivesIn() {
local dir="$1"
echo "stripping java archives in $dir"
find $dir -type f -regextype posix-egrep -regex ".*\.(jar|war|hpi|apk)$" -print0 |
while IFS= read -rd '' f; do
echo "stripping java archive $f"
strip-nondeterminism --type jar "$f"
done
}

18
pkgs/apps.nix
View File

@ -1,15 +1,9 @@
{
packages,
system,
...
}: let
_packages = packages;
in let
{ packages, system, ... }:
let _packages = packages; in
let
packages = _packages.${system};
mkApp = program: {
type = "app";
inherit program;
};
in {
mkApp = program: { type = "app"; inherit program; };
in
{
keysetting = mkApp "${packages.wm-helpers}/bin/keysetting";
}

43
pkgs/atool-wrapped/default.nix
View File

@ -1,12 +1,11 @@
{
lib,
{ lib,
atool,
makeBinaryWrapper,
stdenvNoCC,
lzip,
plzip,
lzop,
xz,
lzma,
zip,
unzip,
arj,
@ -15,24 +14,24 @@
p7zip,
unrar,
lha,
unfree ? false,
}: let
wrappedPath = lib.makeBinPath ([lzip plzip lzop xz zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
unfree ? false }:
let
wrappedPath = lib.makeBinPath ([lzip plzip lzop lzma zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
in
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = ["installPhase"];
nativeBuildInputs = [makeBinaryWrapper];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeBinaryWrapper ];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}

23
pkgs/cofi/shell.nix
View File

@ -1,15 +1,16 @@
{pkgs ? import <nixpkgs> {}}: let
{ pkgs ? import <nixpkgs> {} }:
let
rofi-dmenu-wrapped = pkgs.writeShellScript "rofi-dmenu" ''
exec "${pkgs.rofi-wayland}/bin/rofi" -dmenu "$@"
'';
in
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}

17
pkgs/cross-seed/default.nix
View File

@ -1,17 +0,0 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec {
pname = "cross-seed";
version = "6.11.2";
src = fetchFromGitHub {
owner = "cross-seed";
repo = "cross-seed";
rev = "v${version}";
hash = "sha256-m/TlEAW9BFEXOvBixOj09ylgstgHKL48e9zC50fzD5g=";
};
npmDepsHash = "sha256-c8wTvEA7QQb17gBHdBKMUatn8I/wKOhXP1W5ftH3pJc=";
}

18
pkgs/default.nix
View File

@ -1,15 +1,15 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (pkgs) callPackage callPackages;
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in {
inherit (mopidyPackages) mopidy-autoplay;
google-fonts = callPackage ./google-fonts {};
wm-helpers = callPackage ./wm-helpers {};
atool = callPackage ./atool-wrapped {};
nixfiles-assets = callPackage ./nixfiles-assets {};
redlib = callPackage ./redlib {};
cross-seed = callPackage ./cross-seed {};
in
{
inherit (mopidyPackages) mopidy-autoplay ;
google-fonts = callPackage ./google-fonts { };
wm-helpers = callPackage ./wm-helpers { };
atool = callPackage ./atool-wrapped { };
nixfiles-assets = callPackage ./nixfiles-assets { };
}

48
pkgs/google-fonts/default.nix
View File

@ -1,9 +1,9 @@
{
lib,
stdenvNoCC,
fetchFromGitHub,
fonts ? [],
{ lib
, stdenvNoCC
, fetchFromGitHub
, fonts ? []
}:
stdenvNoCC.mkDerivation {
pname = "google-fonts";
version = "unstable-2023-10-20";
@ -11,7 +11,7 @@ stdenvNoCC.mkDerivation {
# Adobe Blank is split out in a separate output,
# because it causes crashes with `libfontconfig`.
# It has an absurd number of symbols
outputs = ["out" "adobeBlank"];
outputs = [ "out" "adobeBlank" ];
src = fetchFromGitHub {
owner = "google";
@ -45,32 +45,26 @@ stdenvNoCC.mkDerivation {
# FamilyName.ttf. This installs all fonts if fonts is empty and otherwise
# only the specified fonts by FamilyName.
fonts = map (font: builtins.replaceStrings [" "] [""] font) fonts;
installPhase =
''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
''
+ (
if fonts == []
then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
''
else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
''
);
installPhase = ''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
'' + (if fonts == [] then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
'' else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
'');
meta = with lib; {
homepage = "https://fonts.google.com";
description = "Font files available from Google Fonts";
license = with licenses; [asl20 ofl ufl];
license = with licenses; [ asl20 ofl ufl ];
platforms = platforms.all;
hydraPlatforms = [];
maintainers = with maintainers; [manveru];
sourceProvenance = [sourceTypes.binaryBytecode];
maintainers = with maintainers; [ manveru ];
sourceProvenance = [ sourceTypes.binaryBytecode ];
};
}

51
pkgs/legacy-module.nix
View File

@ -1,51 +0,0 @@
{
inputs,
self,
config,
lib,
options,
...
}: let
cfg = config.nixfiles.outputs.packages;
inherit (lib) mapAttrs mkEnableOption mkIf;
in {
options.nixfiles.outputs.packages = {
enable =
mkEnableOption ""
// {
description = ''
Whether to generate the packages output.
'';
default = true;
};
};
config = mkIf cfg.enable {
perSystem = {
system,
inputs',
self',
pkgs,
...
}: {
packages = let
inherit (pkgs) callPackage callPackages;
# i forget how this works so i'm not messing with it.
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
(mapAttrs (_: v: callPackage v {}) {
google-fonts = ./google-fonts;
wm-helpers = ./wm-helpers;
atool = ./atool-wrapped;
nixfiles-assets = ./nixfiles-assets;
redlib = ./redlib;
cross-seed = ./cross-seed;
})
// {
inherit (mopidyPackages) mopidy-autoplay;
};
};
};
}

61
pkgs/lucem/default.nix
View File

@ -1,61 +0,0 @@
{
lib,
buildNimPackage,
curl,
gtk4,
libadwaita,
pkg-config,
openssl,
xorg,
libxkbcommon,
libGL,
wayland,
wayland-protocols,
wayland-scanner,
fetchFromGitHub,
}:
buildNimPackage (finalAttrs: {
pname = "lucem";
version = "2.1.2";
src = fetchFromGitHub {
owner = "xTrayambak";
repo = "lucem";
tag = finalAttrs.version;
hash = "sha256-9i7YMXG6hXMcQmVdPYX+YxrtQPHZE1RZb+gv5dGEff8=";
};
patches = [
./lucem-disable-auto-updater.patch
];
lockFile = ./lock.json;
buildInputs = [
gtk4.dev
libadwaita.dev
openssl.dev
curl.dev
xorg.libX11
xorg.libXcursor.dev
xorg.libXrender
xorg.libXext
libxkbcommon.dev
libGL.dev
wayland.dev
wayland-protocols
wayland-scanner.dev
];
nativeBuildInputs = [
pkg-config
];
# env.LD_LIBRARY_PATH = lib.makeLibraryPath [
# gtk4.dev
# libadwaita.dev
# pkg-config
# curl.dev
# openssl.dev
# wayland.dev
# ];
})

291
pkgs/lucem/lock.json
View File

@ -1,291 +0,0 @@
{
"depends": [
{
"method": "fetchzip",
"path": "/nix/store/n3pckbrnpfnlcm7n0c5i75lgl47ghgha-source",
"rev": "d9ee0328d5cec8fd216d3ce8676cebf1976e9272",
"sha256": "02wq4wad7r517rls5n1i9gww9a138a20kiy3d2ax723s3h6s0srg",
"url": "https://github.com/4zv4l/colored_logger/archive/d9ee0328d5cec8fd216d3ce8676cebf1976e9272.tar.gz",
"ref": "HEAD",
"packages": [
"colored_logger"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bzcq8q439rdsqhhihikzv3rsx4l4ybdm-source",
"rev": "ea811bec7fa50f5abd3088ba94cda74285e93f18",
"sha256": "1720iqsxjhqmhw1zhhs7d2ncdz25r8fqadls1p1iry1wfikjlnba",
"url": "https://github.com/treeform/jsony/archive/ea811bec7fa50f5abd3088ba94cda74285e93f18.tar.gz",
"ref": "1.1.5",
"packages": [
"jsony"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f3ghbm17akdg7dj5sarr616hvma09dr5-source",
"rev": "fea85b27f0badcf617033ca1bc05444b5fd8aa7a",
"sha256": "1m96c3k83sj1z2vgjp55fplzf0kym6hhhym4ywydjl9x4zw1a5la",
"url": "https://github.com/status-im/nim-toml-serialization/archive/fea85b27f0badcf617033ca1bc05444b5fd8aa7a.tar.gz",
"ref": "HEAD",
"packages": [
"toml_serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/idsbhi7xb4dmfqbmbl5dq47qh2vs6mjj-source",
"rev": "9e770046c5cdf23d395d6b21c4657345481b1c76",
"sha256": "1li0r6ng3ynzh5qb12qs6czmaaay7gw45khs2niz291nia6navl1",
"url": "https://github.com/treeform/pretty/archive/9e770046c5cdf23d395d6b21c4657345481b1c76.tar.gz",
"ref": "0.2.0",
"packages": [
"pretty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/ax2p5d7wz6ipj0y2zpd9rckzzj7a6f0q-source",
"rev": "861092dc931e754650a735af590fbc34becc3942",
"sha256": "100vxxdpzayj44syfkwn5nrpk5189qiky43xh7w3k908yxrq0jbj",
"url": "https://github.com/can-lehmann/owlkettle/archive/861092dc931e754650a735af590fbc34becc3942.tar.gz",
"ref": "v3.0.0",
"packages": [
"owlkettle"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/y4f3wxlh76h10kflz7vqmkd4vniqp6kw-source",
"rev": "309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81",
"sha256": "0b7givvg0lij4qkv8xpisp0ahcadggavpb85jds5z5k19palh74c",
"url": "https://github.com/nimgl/nimgl/archive/309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81.tar.gz",
"ref": "1.3.2",
"packages": [
"nimgl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nqnhn3vpi49aj4pn722c1qpinnzq056b-source",
"rev": "7b4266458b7435349b28a4468e0af58f1674b198",
"sha256": "12j4rzlxpibxy2jfah21qj1lf63rbkkki971y5i52dmnp84bhjzp",
"url": "https://github.com/treeform/netty/archive/7b4266458b7435349b28a4468e0af58f1674b198.tar.gz",
"ref": "0.2.1",
"packages": [
"netty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/cbzq2fmn5582kqx3w9ima7ll4x19cmx1-source",
"rev": "a0f42baacbc48f4e5924b18854c0df9dcc251466",
"sha256": "0033kxrh8s3wmmh5ky6vlbjk2mq3c3vy0syvl5rwah2zmg0k6wzf",
"url": "https://github.com/guzba/curly/archive/a0f42baacbc48f4e5924b18854c0df9dcc251466.tar.gz",
"ref": "1.1.1",
"packages": [
"curly"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nzqdyy9q0q0rrlpmjmihrq084nyskidd-source",
"rev": "44dc097236de00c09ffed13d4e4aeaff1473870e",
"sha256": "0m7bdiz3dnmdb5cc8k4sksmb71mlg1n75582zv5hhvp2jsj9sxsa",
"url": "https://github.com/johnnovak/nim-nanovg/archive/44dc097236de00c09ffed13d4e4aeaff1473870e.tar.gz",
"ref": "v0.4.0",
"packages": [
"nanovg"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/85w9njq4kkp7cjhz40bmmksiv0053p50-source",
"rev": "9ce9aa3efa84f55bbf3d29ef0517b2411d08a357",
"sha256": "1lm4iynl0c8hzizwc723b29ss6cw78hhr6k62a7x7ddycmxyxsnm",
"url": "https://github.com/levovix0/siwin/archive/9ce9aa3efa84f55bbf3d29ef0517b2411d08a357.tar.gz",
"packages": [
"siwin"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/dvv6cgzl9xmax5rmjxnp5wrr08ibvjaw-source",
"rev": "8e2e098f82dc5eefd874488c37b5830233cd18f4",
"sha256": "01csz5bl4jiv7jx76k7izgknl7k73y2i9hd9s6brlhfqhq7cqxmz",
"url": "https://github.com/nim-lang/opengl/archive/8e2e098f82dc5eefd874488c37b5830233cd18f4.tar.gz",
"ref": "1.2.9",
"packages": [
"opengl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/h98460b96pynrpwxawaq21w6rjhamlvi-source",
"rev": "ec7732a4810441a937fe3059494ba338090c4957",
"sha256": "0dw33jprxrc23bj0b6ypbg6n940nzxlrxa57df88q4ly1xvi6w1h",
"url": "https://github.com/euantorano/semver.nim/archive/ec7732a4810441a937fe3059494ba338090c4957.tar.gz",
"ref": "v1.2.3",
"packages": [
"semver"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/d6c7dvmzzvc1ja7kf65jbclbjv74zll7-source",
"rev": "2086c99608b4bf472e1ef5fe063710f280243396",
"sha256": "1m7c9bvxarw167kd5mpfnddzydji03azhz347hvad592qfw4vwrc",
"url": "https://github.com/status-im/nim-serialization/archive/2086c99608b4bf472e1ef5fe063710f280243396.tar.gz",
"ref": "v0.2.6",
"packages": [
"serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/a5kmnnbk27rxk9vsx1vchiiq9znkpijf-source",
"rev": "79e4fa5a9d3374db17ed63622714d3e1094c7f34",
"sha256": "0x92sgnxczwx5ak067d6169j9qm0cdpbrcpp1ijrzgyfgknpyq0r",
"url": "https://github.com/status-im/nim-stew/archive/79e4fa5a9d3374db17ed63622714d3e1094c7f34.tar.gz",
"ref": "v0.2.0",
"packages": [
"stew"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/vx0a8hw7hs5an0dnbrn6l16bd6is7hdr-source",
"rev": "07f6ba8ab96238e5bd1264cf0cea1d1746abb00c",
"sha256": "005nrldaasfl09zdsni1vi8s7dk0y85ijv6rm2wpj94435x66s36",
"url": "https://github.com/treeform/flatty/archive/07f6ba8ab96238e5bd1264cf0cea1d1746abb00c.tar.gz",
"ref": "0.3.4",
"packages": [
"flatty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bqmdy8vic5wfvpc9hqp4rfrhjlxz4d7c-source",
"rev": "45b2b0bb753fe2376a205a183b2b3f291e19ba14",
"sha256": "1yz1lcclmhvji34ccymglzg535b3xfz0x4m12n3n22cxz156j63x",
"url": "https://github.com/Araq/libcurl/archive/45b2b0bb753fe2376a205a183b2b3f291e19ba14.tar.gz",
"ref": "v1.0.0",
"packages": [
"libcurl"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/zcd2hmjxlkp1bpb7c9xrpg153ssj3w0b-source",
"rev": "a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f",
"sha256": "16qdnyql8d7nm7nwwpq0maflm3p6cpbb2jfaqx6xkld9xkc9lsbv",
"url": "https://github.com/guzba/zippy/archive/a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f.tar.gz",
"ref": "0.10.16",
"packages": [
"zippy"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/4q986rlniaxascxkvx4q8rsx12frjd51-source",
"rev": "325d6ade0970562bee7d7d53961a2c3287f0c4bc",
"sha256": "0qa8hzvamsdszygra3lcc92zk6rzm3gh1mzgjq9khbanzbg3y67n",
"url": "https://github.com/treeform/webby/archive/325d6ade0970562bee7d7d53961a2c3287f0c4bc.tar.gz",
"ref": "0.2.1",
"packages": [
"webby"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/lk4hcmvwvliliyyidx7k3fk9yfijddc5-source",
"rev": "b2e71179174e040884ebf6a16cbac711c84620b9",
"sha256": "0pi6cq43ysm1wy5vva3i2dqvyh4dqppjjjl04yj9wfq7mngpqaa1",
"url": "https://github.com/treeform/chroma/archive/b2e71179174e040884ebf6a16cbac711c84620b9.tar.gz",
"ref": "0.2.7",
"packages": [
"chroma"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f9dp6njaay5rf32f6l9gkw0dm25gim47-source",
"rev": "7282ae1247f2f384ebeaec3826d7fa38fd0e1df1",
"sha256": "1plw9lfrm42qar01rnjhm0d9mkzsc7c3b8kz43w5pb8j8drx1lyn",
"url": "https://github.com/treeform/vmath/archive/7282ae1247f2f384ebeaec3826d7fa38fd0e1df1.tar.gz",
"ref": "2.0.0",
"packages": [
"vmath"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/8qaywzr8nzsiddjba77nhf75hzmxx0d9-source",
"rev": "29aca5e519ebf5d833f63a6a2769e62ec7bfb83a",
"sha256": "16npqgmi2qawjxaddj9ax15rfpdc7sqc37i2r5vg23lyr6znq4wc",
"url": "https://github.com/nim-lang/x11/archive/29aca5e519ebf5d833f63a6a2769e62ec7bfb83a.tar.gz",
"ref": "1.2",
"packages": [
"x11"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/cxdwn7p4cis5hd5w4jsn8lql5vzx5civ-source",
"rev": "2b08c774afaafd600cf4c6f994cf78b8aa090c0c",
"sha256": "10zl9a5phdsjj811v8by0yzadfc8d3azaj878an2hr8qsfi9y1ps",
"url": "https://github.com/status-im/nim-faststreams/archive/2b08c774afaafd600cf4c6f994cf78b8aa090c0c.tar.gz",
"ref": "HEAD",
"packages": [
"faststreams"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/2ksmfd7p93a1a7ibcv3qzsk8h3c3shz7-source",
"rev": "845b6af28b9f68f02d320e03ad18eccccea7ddb9",
"sha256": "1c55kl05pbavm9v5dv42n43sql9qcrblhh3hnp99p5xmlv20c9vf",
"url": "https://github.com/status-im/nim-unittest2/archive/845b6af28b9f68f02d320e03ad18eccccea7ddb9.tar.gz",
"ref": "v0.2.3",
"packages": [
"unittest2"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/17gj9sw2hw818cbxvd6i94n734inm1vf-source",
"rev": "df8113dda4c2d74d460a8fa98252b0b771bf1f27",
"sha256": "1h7amas16sbhlr7zb7n3jb5434k98ji375vzw72k1fsc86vnmcr9",
"url": "https://github.com/arnetheduck/nim-results/archive/df8113dda4c2d74d460a8fa98252b0b771bf1f27.tar.gz",
"ref": "v0.5.1",
"packages": [
"results"
],
"srcDir": ""
}
]
}

13
pkgs/lucem/lucem-disable-auto-updater.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/config.nim b/src/config.nim
index 64e4370..92aee9a 100644
--- a/src/config.nim
+++ b/src/config.nim
@@ -32,7 +32,7 @@ type
LucemConfig* = object
discord_rpc*: bool = false
- auto_updater*: bool = true
+ auto_updater*: bool = false
notify_server_region*: bool = true
loading_screen*: bool = true
polling_delay*: uint = 100

90
pkgs/lucem/nim_lk-rev-order-fix.patch
View File

@ -1,90 +0,0 @@
diff --git a/src/nim_lk.nim b/src/nim_lk.nim
index 2b8b0bc..68d8b64 100644
--- a/src/nim_lk.nim
+++ b/src/nim_lk.nim
@@ -4,7 +4,7 @@
# https://cyclonedx.org/docs/1.6/json/
import
- std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri],
+ std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri, re],
pkg/nimblepkg/options,
pkg/nimblepkg/packageinfo,
pkg/nimblepkg/packageinfotypes,
@@ -89,6 +89,13 @@ proc startProcess(cmd: string; cmdArgs: varargs[string]): Process =
type GitPair = object
`ref`, `rev`: string
+proc cleanVersion(version: string): string =
+ let pattern = re"^v?(\d+\.\d+\.\d+.*)$" # Captures valid semantic versions
+ var matches: array[1, string]
+ if version.find(pattern, matches) >= 0:
+ return matches[0]
+ return version
+
proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
var line, rev, refer: string
var process =
@@ -104,12 +111,15 @@ proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
const
refsTags = "refs/tags/"
headsTags = "refs/heads/"
+ headRef = "HEAD"
if refer.startsWith(refsTags):
refer.removePrefix(refsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
elif refer.startsWith(headsTags):
refer.removePrefix(headsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
+ elif refer == headRef:
+ result.add GitPair(`ref`: refer, `rev`: rev)
stderr.write(process.errorStream.readAll)
close(process)
if tagsArg and result.len == 0:
@@ -120,22 +130,40 @@ proc matchRev(url: string; wanted: VersionRange): GitPair =
let special = $wanted.spe
if special[0] == '#':
result.rev = special[1..special.high]
+ return # early return
else:
quit("unhandled version " & url & " " & $wanted)
else:
let withTags = wanted.kind != verAny
let pairs = gitLsRemote(url, withTags)
var resultVersion: Version
+ var latestTag: GitPair
+
for pair in pairs:
try:
- var tagVer = pair.`ref`.newVersion
- if tagVer.withinRange(wanted) and resultVersion < tagVer:
+ var tagVer = cleanVersion(pair.`ref`).newVersion
+ if (tagVer.withinRange(wanted) or not withTags) and resultVersion < tagVer:
resultVersion = tagVer
- result = pair
+ latestTag = pair
except ParseVersionError: discard
- if result.rev == "" and pairs.len > 0:
- result = pairs[pairs.high]
- doAssert result.rev != "", url
+
+ if latestTag.rev != "":
+ result = latestTag
+ return # early return
+
+ let headPairs = gitLsRemote(url, false)
+ var headPair: GitPair
+
+ for pair in headPairs:
+ if pair.`ref` == "HEAD":
+ headPair = pair
+
+ if headPair.rev != "":
+ result = headPair
+ return # early return
+
+
+ doAssert false, "No matching revision found for " & url
proc collectMetadata(data: JsonNode) =
let storePath = data{"path"}.getStr

41
pkgs/lucem/update.nix
View File

@ -1,41 +0,0 @@
{
nixpkgs ? <nixpkgs>,
pkgs ? (import nixpkgs) {},
}: let
inherit (pkgs) callPackage fetchFromSourcehut fetchFromGitHub lib;
inherit (lib) escapeShellArg;
lucem = pkgs.callPackage ./. {};
nim_lk_patched = pkgs.nim_lk.overrideAttrs (final: prev: {
src = pkgs.fetchFromSourcehut {
owner = "~ehmry";
repo = "nim_lk";
rev = "c2d601095d1961d8f59f1fffe5b56788b255c3de";
hash = "sha256-1WD1UVi6N7tftE69LAhx86Qxc97oMHKARFsCVGqtEm4=";
};
patches = [
./nim_lk-rev-order-fix.patch
];
});
in
pkgs.stdenvNoCC.mkDerivation {
name = "lucem-lock.json";
src = lucem.src;
nativeBuildInputs = with pkgs; [
nim_lk_patched
nix-prefetch-git
nix
# cacert
git
];
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
find .
nim_lk > $out
'';
}

Some files were not shown because too many files have changed in this diff Show More