sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: sam:incus
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules
...
pull from: sam:master
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules

198 Commits
incus ... master

Author SHA1 Message Date
Sam 86c59bb27b Add Gajim to default packages and new Prefect variable 
- Add `pkgs.gajim` to the list of default packages in `default.nix`
- Introduce a new Prefect variable `wdpa_dir` in `baseddata-worker.nix`
- Set the value of `wdpa_dir` to `/media/baseddata-data/wdpa
 2024-11-06 16:33:28 +00:00
Sam ac6a9d2c21 merge 2024-11-05 15:21:23 +00:00
Sam a154d2df79 Update default.nix to include R package 2024-11-05 15:20:35 +00:00
Sam a95ac4ef25 Update default.nix and dwm.nix with new packages and revisions 
- Add pkgs.gimp to default.nix
- Update dwm.nix with new revision and sha256
 2024-11-05 15:19:32 +00:00
Sam de5c1edf1b revert user variables removal 2024-11-04 15:57:32 +00:00
Sam ac5833c8af revert neovim to stable 2024-11-04 15:54:26 +00:00
Sam b9c0b70fc8 rm parrot.nvim 2024-11-04 15:53:53 +00:00
Sam b2f849d80b Update desktop packages and add spell-checking support 
- Replace libreoffice with libreoffice-qt
- Add hunspell and hunspell dictionaries for en-gb and en_US
 2024-11-04 15:33:41 +00:00
Sam 4d0335d99a Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-11-03 21:27:10 +00:00
Sam ec7f879c6d Add Krita and update DWM source 
- Add Krita to the default.nix package list
- Update DWM source URL and revision in dwm.nix
- Modify DWM source SHA256 checksum in dwm.nix
 2024-11-03 21:27:07 +00:00
Sam 2c44487796 Add swap devices and update Prefect variables 
- Add swap devices configuration to citadel and semita hosts
- Update Prefect variable for OSM directory in baseddata-worker
- Set swap device size to 32*1024 for both citadel and semita hosts
 2024-11-03 21:03:12 +00:00
Sam 45ee82da0e Add glow plugin and update prefect variable 
- Add 'pkgs.glow' to 'default.nix'
- Add and configure 'glow.nvim' plugin in 'plugins/default.nix'
- Update 'postgres_dbname' variable to 'baseddata' in 'baseddata-worker.nix'
 2024-11-02 14:00:30 +00:00
Sam 5d0b1b9be7 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-11-01 22:17:35 +00:00
Sam 7be587d7b1 Update Postgres configuration and remove system packages 
- Update Postgres configuration for dev and prod environments:
  - Change dbname from `dev_baseddata_models` to `dev_baseddata` and `baseddata_models` to `baseddata`
  - Replace host variable with `${baseddataPostgresIp}`
  - Update user and password placeholders to new paths
- Remove `environment.systemPackages` configuration
 2024-11-01 22:17:24 +00:00
Sam 7e4f15496f rm flake.lock to gitignore 2024-11-01 17:38:25 +00:00
Sam 9a26bbe7c5 add flake.lock to gitignore 2024-11-01 17:37:34 +00:00
Sam d725852387 add flake.lock to gitignore 2024-11-01 17:37:23 +00:00
Sam 4bee1bffbd flake.lock 2024-11-01 17:33:29 +00:00
Sam 8561f44963 update flake.lock 2024-10-28 17:52:45 +00:00
Sam dde54c9aa7 Add lib to configuration 2024-10-28 17:52:29 +00:00
Sam 16436da1e4 Update nixvim configuration to use unstable Neovim package 2024-10-28 17:51:42 +00:00
Sam 13dad7b532 Update: Add Mistral API key and Parrot.nvim plugin 
- Introduce Mistral API key
- Add Parrot.nvim plugin
- Implement a function to read the API key from a secrets file
- Set up Parrot.nvim with Mistral provider and custom hooks for code assistance and git commit generation
 2024-10-28 17:46:09 +00:00
Sam a9f321a847 update flake 2024-10-28 13:45:55 +00:00
Sam 7cffeffca9 Add bitcoind configuration and prefect variables 
- Add bitcoind IP and port configuration variables
- Update prefect variables for bitcoind ip and port
- Maintain existing configurations for other services
 2024-10-25 10:31:52 +01:00
Sam 70a788f588 Add bitcoind RPC credentials and update prefect variables 
- Add bitcoind RPC username and password to secrets and environment variables
- Update prefect variables to include bitcoin RPC username and password
- Add new read-only host paths for bitcoind RPC username and password
 2024-10-25 10:18:15 +01:00
Sam 4e6f1f6f01 update flake 2024-10-24 15:22:35 +01:00
Sam 8242c29cf7 Refactor flake.nix and add key remaps script 
- Refactor `flake.nix` to simplify the `outputs` section and remove redundant configurations
- Update `lsp.nix` to use hostname for NixOS and Home Manager configurations.
- Add `key-remaps.nix` script to `dwm` configuration and update `xinitrc.nix` to include it in autostart.
- Comment out non-functional `displayManager.sessionCommands` in `citadel/default.nix`.
 2024-10-24 15:14:34 +01:00
Sam bd3f24056e modify nixvim 
- add config for nixd
- fix luasnip call func in cmp
- enable autocomplete in cmp- cmdline
- add cmp-cmdline mapping
 2024-10-23 22:34:35 +01:00
Sam 71ac9901dd disable tlp for citadel 2024-10-23 19:06:08 +01:00
Sam b106d1cb6e add nix-ld for citadel and semita 2024-10-19 13:33:51 +01:00
Sam ca9dff8442 modify baseddata-worker variables 2024-10-19 13:27:30 +01:00
Sam 2516f9de21 removed unused hosts 2024-10-14 18:54:48 +01:00
Sam a9fc820d61 brave 2024-10-14 18:46:13 +01:00
Sam c255cdbb2c chromium, kemaps, cli commands 2024-10-14 16:57:01 +01:00
Sam 6f4187b95e new postgres connection dbui 2024-10-14 09:48:33 +01:00
Sam 89141ff555 dwm-taglabels 2024-10-12 16:26:10 +01:00
Sam e6c3917942 small changes and updates 2024-10-12 00:19:40 +01:00
Sam 2793c3cfe0 small modification to postgres container 2024-10-12 00:19:24 +01:00
Sam 2005bc293f rm worker container 2024-10-12 00:19:07 +01:00
Sam d9fce8a1c9 new containers for mongodb and bd-worker 2024-10-12 00:18:37 +01:00
Sam 37768683d7 minor modifications to containers 2024-10-10 01:37:37 +01:00
Sam 3092630c08 add firefox bookmarks 2024-10-10 01:37:18 +01:00
Sam dbd3dd5584 update flake secrets 2024-10-10 01:37:05 +01:00
Sam 92fb9f5519 non-Nix Python Packages with Binaries on NixOS 2024-10-10 01:36:50 +01:00
Sam 00d5c7db47 install libreoffice on desktops 2024-10-10 01:36:08 +01:00
Sam 8eeea08472 add script runner container called worker 2024-10-10 01:35:45 +01:00
Sam 5430e70bd4 add vars networking.addresses from nix-secrets 2024-10-07 14:19:27 +01:00
Sam 62a3630a5c modify jellyfin & nix-bitcoin containers 2024-10-07 09:35:22 +01:00
Sam 51320794e6 intel gpu hardware firmware 2024-10-06 17:26:39 +01:00
Sam bd3924fda3 add podman group to sam 2024-10-06 17:26:20 +01:00
Sam e0093f134b change docker to podman for arion compatibility 2024-10-06 17:25:52 +01:00
Sam f57afcc50c add postgres and jellyfin nixos-containers 2024-10-06 17:25:27 +01:00
Sam 9096d69f9a remove postgres arion 2024-10-06 17:25:02 +01:00
Sam 74a2c3f930 update flake secrets 2024-10-06 17:23:54 +01:00
Sam 2533603b65 update nix-bitcoin and use network bridge for semita 2024-10-05 16:42:16 +01:00
Sam 25dfe2cf37 Update flake 2024-10-05 16:41:56 +01:00
Sam 37901f3937 working implementation of bitcoind 2024-10-04 17:53:32 +01:00
Sam 4c857eded4 set static ip for semita and add /srv to persistance 2024-10-04 09:30:34 +01:00
Sam 2e90b1ae46 set static ip for semita 2024-10-03 14:55:42 +01:00
Sam 0038dbf8ce add transmission-daemon 2024-09-30 09:37:25 +01:00
Sam 612affe2fd change sql formatter back to sqlfmt 2024-09-30 08:49:49 +01:00
Sam 53d2343f04 install docker and compose 2024-09-21 22:19:00 +01:00
Sam afaf3c4697 create xmodmap-arrow config 2024-09-15 10:12:56 +01:00
Sam 16fee36e96 rm xmodmap from xinitrc 2024-09-15 10:02:02 +01:00
Sam e374498aa4 key-remaps to xinitrc and nixvim buffer switch remaps 2024-09-15 09:51:21 +01:00
Sam f7ffba2266 add nvim buffer switch keymap & change dbt models 2024-09-14 20:19:07 +01:00
Sam a8e0ae35da updated postgres 2024-09-09 11:41:10 +01:00
Sam 564d4f6230 update flake and add .scripts to path 2024-08-31 21:29:38 +01:00
Sam 55d96ce54e Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-08-31 10:30:45 +01:00
Sam d86a05d7c3 add qgis, transmission and mpv to home-manager 2024-08-31 10:30:36 +01:00
Sam 5a6dca3b5d nixvim conform add postgres language to sql-formatter 2024-08-31 10:29:45 +01:00
Sam d418d16fa4 nfs homeshare and photos 2024-08-26 21:04:19 +01:00
Sam 9fe49f4d79 added sql-formatter config 2024-08-25 23:27:42 +01:00
Sam 1af24715ff config conform.nvim 
- removed sqlfmt and replaced with sql-formatter
 2024-08-25 23:22:24 +01:00
Sam 6f5f8867fd configure dbui 2024-08-24 23:32:48 +01:00
Sam c25d56f350 add yazi to home-manager 2024-08-20 13:14:24 +01:00
Sam 3d90deadf9 nixvim spell 2024-08-20 10:19:24 +01:00
Sam f3ad132675 fix issue with clipboard-save 2024-08-15 13:32:04 +01:00
Sam f6b8aeca69 add tmux to home-manager and removed yaml lsp from nixvim 2024-08-03 12:58:38 +01:00
Sam 9f5e92d452 postgres 2024-08-02 22:53:01 +01:00
Sam dd94dea696 Update LSP plugin configuration 
- Enable TypeScript server (tsserver)
- Disable SQL server (sqls)
 2024-07-29 13:30:35 +01:00
Sam 19f0057503 add comment plugin to nvim 2024-07-27 11:23:14 +01:00
Sam dabff16a37 Add src alias to zshrc 2024-07-27 11:13:19 +01:00
Sam 5fae14f4fc Add nvim language servers for cls and r 2024-07-27 11:12:41 +01:00
Sam c51cb70732 Change dunst border for urgen notifications 2024-07-27 11:12:16 +01:00
Sam c4ac477d6f update sqlfmt 2024-07-21 20:26:56 +01:00
Sam ff300d8542 Updated dwm 2024-07-21 18:23:24 +01:00
Sam e30e731d61 Added shell.nix to nixos config 2024-07-21 18:22:59 +01:00
Sam 07d19c4535 Remaps Alt_l arrow keys using hjkl 2024-07-21 16:23:47 +01:00
Sam 2ec9f2db77 Modify tlp settings 2024-07-21 16:23:35 +01:00
Sam 0e0e2b2ae7 Add back bind_to_address for mpd 2024-07-21 16:21:54 +01:00
Sam b26aceec76 Disabled alpha plugin for nixvim 2024-07-21 14:52:45 +01:00
Sam 06f6aa1ffd MODIFY: updated battery-status script 2024-07-21 14:46:11 +01:00
Sam 3421360317 Import optional/notes for citadel 2024-07-21 14:42:57 +01:00
Sam 154b474868 Moved hm notes to optional 2024-07-21 14:42:22 +01:00
Sam d5f72ee2fd Added dwm scripts for battery-status and notification 2024-07-21 01:03:28 +01:00
Sam 46018fb461 Removed unnecessary sxhkdrc keybindings 2024-07-21 01:02:48 +01:00
Sam 621e97d8f1 Add backlight to citadel 2024-07-20 23:52:08 +01:00
Sam ae64001bc7 Add bluetooth to citadel 2024-07-20 23:51:40 +01:00
Sam 9d287792c6 Add tlp power save service to citadel 2024-07-20 23:51:10 +01:00
Sam c448a8c0cd Add thinkpad modules to citadel 2024-07-20 23:50:33 +01:00
Sam 87f30f8ace Define cursor and use xresources module 2024-07-20 20:23:02 +01:00
Sam a5e41acf63 Use -merge in xrdb 2024-07-20 20:22:41 +01:00
Sam 21bdc107eb Add gtk cursor theme 2024-07-20 20:22:02 +01:00
Sam d56fc29336 MODIFY: Tweak semita scaling 2024-07-20 18:49:27 +01:00
Sam 9788e0d6e2 remove bind_to_address from mpd 2024-07-20 18:18:53 +01:00
Sam bf30739d8b Xserver scaling, input settings 2024-07-20 17:38:49 +01:00
Sam f8f662daf7 Removed unnecessary monitors option in xinitrc 2024-07-20 17:35:31 +01:00
Sam 04782f64f5 Disabled sb-updates script 2024-07-20 17:34:53 +01:00
Sam cf8c449e5e MODIFY: Removed scaling in xresources for citadel and semita 2024-07-20 17:34:37 +01:00
Sam f7e23e39c7 MODIFY: Add deploy_key into sops hosts 2024-07-20 16:14:09 +01:00
Sam 86f27abb2f MODIFY: Firmware configuration for citadel to enable wifi 2024-07-20 16:13:24 +01:00
Sam fa060dba70 Added sam to networkmanager group 2024-07-20 16:12:49 +01:00
Sam f411adbf20 FIX: Renamed sb-battery 2024-07-20 16:12:10 +01:00
Sam 5e0230dcdd Added dmenu-wifi to dwm 2024-07-20 16:11:42 +01:00
Sam 1049ecbd76 Update flake.lock 2024-07-20 16:10:53 +01:00
Sam e3a1143ca5 Add sb-battery to dwm 2024-07-20 14:48:51 +01:00
Sam b991fa4236 Add citadel to flake.nix 2024-07-20 14:48:32 +01:00
Sam 5f672c2665 Fix justfile for new nix-secrets location 2024-07-20 14:48:04 +01:00
Sam 22ce3e08c2 Fix bootstrap script for new nix-secrets location 2024-07-20 14:47:26 +01:00
Sam 5147d02fa9 Update flake.lock secrets 2024-07-20 14:47:08 +01:00
Sam 6fbd5447b8 Update SOPS_FILE path in justfile 
- Changed the path of SOPS_FILE in justfile from "../nix-secrets/secrets.yaml" to "~/.local/share/src/nix-secrets/secrets.yaml"
 2024-07-20 13:49:01 +01:00
Sam 1743869b07 Add xresources to semita 2024-07-20 12:39:36 +01:00
Sam 0fb3056a4c Add citadel host 2024-07-20 12:38:57 +01:00
Sam 32bf8eca1f Removed xresources from desktop 2024-07-20 12:38:03 +01:00
Sam c9409866b7 enable printing and add network printer 2024-07-19 13:09:20 +01:00
Sam c5da58fc3b Add vimwiki-sync plugin to nixvim 2024-07-19 11:27:05 +01:00
Sam 82b0838f5c Add get-notes in home-manager activation script 2024-07-19 11:26:32 +01:00
Sam 7440a6662f oil.nvim plugin 2024-07-15 21:30:24 +01:00
mrsu 959d734fd1 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-07-14 21:04:49 +01:00
mrsu 394a24567b removed test hosts fileserver & nixdev 2024-07-14 21:04:36 +01:00
Sam 6472e085c7 add nameservers to semita 2024-07-14 19:51:09 +01:00
Sam 937b53db87 nixvim todo-comments and fixed TODOs in codebase 2024-07-07 18:26:24 +01:00
Sam fb7cf9e280 merge master 2024-07-07 16:48:11 +01:00
Sam efb6128704 deactivate otter.nvim and rm lxd reference 2024-07-07 16:46:39 +01:00
sam 539ac37b8a Merge branch 'master' into docker 2024-07-07 16:25:47 +01:00
Sam 22aa6d3fa4 nvim_ufo fold plugin fix name 2024-07-07 16:24:50 +01:00
sam 8e527473ac Merge branch 'docker' of git.bitlab21.com:sam/nixos into docker 2024-07-07 16:24:00 +01:00
Sam db7bce57e7 Add arion package 2024-07-07 16:23:36 +01:00
Sam 614b9765dd Docker and postgres config 2024-07-07 16:23:36 +01:00
Sam 4b85810128 small fix 2024-07-07 16:23:36 +01:00
Sam a7c8b86b1f Postgres docker configuration 2024-07-07 16:23:36 +01:00
Sam 89ab4e8f9d Modify postgres docker container 
- add sops-secrets for admin pwd
- POSTGRES_MULTIPLE_DATABASES as json to specify users and extensions
- initdb docker entrypoint script to create dbs, users and extensions
  from json
 2024-07-07 16:23:36 +01:00
Sam 01ad0238a7 Update nix-secrets 2024-07-07 16:23:36 +01:00
Sam 688c2c9bcd Add arion package 2024-07-07 16:23:36 +01:00
Sam b8973040d5 pg init script to configure db on start 
- create users & dbs
- setup db permissions
- install extensions
 2024-07-07 16:23:36 +01:00
Sam ba9f593bcd pgdata dir and admin_db default database 2024-07-07 16:23:36 +01:00
Sam 3dbe85853e Build postgres using dockerfile 
- use dockerfile to install postgis during build
 2024-07-07 16:23:36 +01:00
Sam ba19ee9125 Minor fixes 2024-07-07 16:23:36 +01:00
Sam 8173a0dc94 Podman to user groups 2024-07-07 16:23:36 +01:00
Sam 600160bd9a Arion flake input 2024-07-07 16:23:36 +01:00
Sam 5205e606c1 Docker and postgres config 2024-07-07 16:23:36 +01:00
Sam 5b8a1430fe Add postgres btrfs zvol 2024-07-07 16:23:36 +01:00
Sam 8f458590e2 Remove deploy_key from sops 2024-07-07 16:23:36 +01:00
Sam bcea6919fb Update flake secrets 2024-07-07 16:23:36 +01:00
Sam aa8d4ca3ae nvim_ufo fold plugin 2024-07-07 16:23:05 +01:00
Sam 653901f823 Removed precognition config 2024-07-07 15:39:07 +01:00
sam febc33faee Merge branch 'docker' of git.bitlab21.com:sam/nixos into docker 2024-07-07 15:36:51 +01:00
Sam 2f99d05406 small fix 2024-07-07 15:36:34 +01:00
Sam 947ddaca43 Postgres docker configuration 2024-07-07 15:36:34 +01:00
Sam 529fc394ef Modify postgres docker container 
- add sops-secrets for admin pwd
- POSTGRES_MULTIPLE_DATABASES as json to specify users and extensions
- initdb docker entrypoint script to create dbs, users and extensions
  from json
 2024-07-07 15:36:34 +01:00
Sam 89646a5d6a Update nix-secrets 2024-07-07 15:36:34 +01:00
Sam 804d6bf4d0 Add arion package 2024-07-07 15:36:34 +01:00
Sam 491350bc58 pg init script to configure db on start 
- create users & dbs
- setup db permissions
- install extensions
 2024-07-07 15:36:34 +01:00
Sam baaaa3e8d6 pgdata dir and admin_db default database 2024-07-07 15:36:34 +01:00
Sam 591a9ce48f Build postgres using dockerfile 
- use dockerfile to install postgis during build
 2024-07-07 15:36:34 +01:00
Sam 7df7970414 Minor fixes 2024-07-07 15:36:34 +01:00
Sam 052c941e81 Podman to user groups 2024-07-07 15:36:34 +01:00
Sam f7695f4d15 Arion flake input 2024-07-07 15:36:34 +01:00
Sam 52a3b85c8f Docker and postgres config 2024-07-07 15:36:34 +01:00
Sam c9ee7c7e80 Add postgres btrfs zvol 2024-07-07 15:36:34 +01:00
Sam fc2f6f4ca3 Remove deploy_key from sops 2024-07-07 15:36:34 +01:00
Sam 67e3d9dded Update flake secrets 2024-07-07 15:36:34 +01:00
Sam 4fbfbee45b Removed precognition nixvim plugin 2024-07-07 15:35:38 +01:00
Sam b8f85256a7 small fix 2024-07-06 21:17:32 +01:00
Sam 271b5958b8 Postgres docker configuration 2024-07-06 20:53:26 +01:00
Sam 2f0ddf8375 Modify postgres docker container 
- add sops-secrets for admin pwd
- POSTGRES_MULTIPLE_DATABASES as json to specify users and extensions
- initdb docker entrypoint script to create dbs, users and extensions
  from json
 2024-07-06 16:02:10 +01:00
Sam e419389862 Update nix-secrets 2024-07-06 16:01:40 +01:00
Sam fec1dae750 Add arion package 2024-07-06 16:01:17 +01:00
Sam 3b7a597d8f pg init script to configure db on start 
- create users & dbs
- setup db permissions
- install extensions
 2024-07-06 10:28:09 +01:00
Sam 1e95ba6c36 pgdata dir and admin_db default database 2024-07-06 10:27:15 +01:00
Sam d29250a2a6 Build postgres using dockerfile 
- use dockerfile to install postgis during build
 2024-07-06 10:26:08 +01:00
Sam f71ece31f1 Minor fixes 2024-07-05 18:59:10 +01:00
Sam a71ee506d3 Podman to user groups 2024-07-05 18:58:46 +01:00
Sam 7f9c3535ef Arion flake input 2024-07-05 18:58:30 +01:00
Sam 9ace130029 Docker and postgres config 2024-07-05 18:58:03 +01:00
Sam 92d09646fa Add postgres btrfs zvol 2024-07-05 18:57:17 +01:00
Sam 33981eea6d Remove deploy_key from sops 2024-07-05 18:56:41 +01:00
Sam bd719c72fa Update flake secrets 2024-07-05 18:56:18 +01:00
sam 37192edd83 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-07-05 16:34:11 +01:00
Sam 911d7d6905 ifTheuExist and extra groups to user sam 2024-07-05 16:32:49 +01:00
Sam 74dab0c38d nebula zfs configuration and post-install-setup script 2024-07-05 16:31:58 +01:00
Sam f6290f3215 music_player to dwm 2024-07-04 17:19:33 +01:00
Sam 8c13a24cc8 Added music nfs mount to semita 2024-07-04 17:18:55 +01:00
Sam 60b6064ded Added personal build of kunst as package overlay 2024-07-04 17:18:05 +01:00
Sam 5000138b85 Update flake nixvim 2024-07-04 17:16:58 +01:00
Sam 20bdddf472 Enabled fontconfig (caused issues with symbols in dwm) 2024-07-02 12:21:38 +01:00
Sam bcf6db040e Updated dwm (patched functional gaps) 2024-07-02 12:20:48 +01:00
88 changed files with 2834 additions and 768 deletions
Show Stats Expand all files Collapse all files

0
.gitignore vendored Normal file
View File

299
flake.lock
View File

@ -1,5 +1,27 @@
{ {
"nodes": { "nodes": {
"arion": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1720147808,
"narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
}
},
"base16-schemes": { "base16-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -18,18 +40,17 @@
}, },
"devshell": { "devshell": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1717408969, "lastModified": 1728330715,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -59,6 +80,31 @@
"type": "github" "type": "github"
} }
}, },
"extra-container": {
"inputs": {
"flake-utils": [
"nix-bitcoin",
"flake-utils"
],
"nixpkgs": [
"nix-bitcoin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722175938,
"narHash": "sha256-HKyB4HD+NdX3T233bY31hm76v3/tdQBNeLLvopKbZeY=",
"owner": "erikarvstedt",
"repo": "extra-container",
"rev": "37e7207ac9f857eedb58b208b9dc91cd6b24e651",
"type": "github"
},
"original": {
"owner": "erikarvstedt",
"repo": "extra-container",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -90,6 +136,48 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@ -97,11 +185,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717285511, "lastModified": 1727826117,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -115,11 +203,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1726560853,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -142,11 +230,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719259945, "lastModified": 1729104314,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -177,6 +265,44 @@
"type": "github" "type": "github"
} }
}, },
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -184,11 +310,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718530513, "lastModified": 1726989464,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -206,11 +332,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718530513, "lastModified": 1726989464,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -222,11 +348,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1719091691, "lastModified": 1730403150,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -235,6 +361,30 @@
"type": "github" "type": "github"
} }
}, },
"nix-bitcoin": {
"inputs": {
"extra-container": "extra-container",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1727247704,
"narHash": "sha256-Jl1CYXNIdJ4Ac0MK15e8+vflFOgPxZZNw24CKfLC6QY=",
"owner": "fort-nix",
"repo": "nix-bitcoin",
"rev": "a0d36d59248ac54f1b42a668326346a77640c7f5",
"type": "github"
},
"original": {
"owner": "fort-nix",
"ref": "nixos-24.05",
"repo": "nix-bitcoin",
"type": "github"
}
},
"nix-colors": { "nix-colors": {
"inputs": { "inputs": {
"base16-schemes": "base16-schemes", "base16-schemes": "base16-schemes",
@ -262,11 +412,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719128254, "lastModified": 1729826725,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=", "narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310", "rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -276,13 +426,12 @@
} }
}, },
"nix-secrets": { "nix-secrets": {
"flake": false,
"locked": { "locked": {
"lastModified": 1719601133, "lastModified": 1730130467,
"narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=", "narHash": "sha256-mcyG1iu8hNmkDjgDEdFQyCZ3bBxBHFKd4nxT8NreMmY=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0", "rev": "c82ff6f7e995503acabb9cf2478e5b4e401968ce",
"revCount": 141, "revCount": 188,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -293,16 +442,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719426051, "lastModified": 1720031269,
"narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=", "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd", "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -324,27 +473,43 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1719099622, "lastModified": 1729973466,
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=", "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924", "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1719254875, "lastModified": 1726871744,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -354,11 +519,27 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1730481737,
"narHash": "sha256-HaUCfqLIFX/4wiSKkKKSTwUNmZd1EMy+lGB+faadQXU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f18ab3b08f56abc54bcc2ef9bbca627d45926fee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
@ -368,11 +549,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1719469291, "lastModified": 1729945968,
"narHash": "sha256-Efir01r7ThPabDBFOygX1UDyerJFHelbRGdMo/VNw14=", "narHash": "sha256-4u+nbBSMuXWGCtXxUPPEflRm54+y/HLIbhIep9do8Ew=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "8f52e4d1e34039937efb0ee05825b9963ef29739", "rev": "c05ac01070425ed0797b1ff678dc690c333cea74",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,11 +565,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1719596768, "lastModified": 1730472538,
"narHash": "sha256-quSWztqqMxvSJIKddYp1D0GdR7Kg8JjEVCIzMbtBTQ4=", "narHash": "sha256-3m4OVGKsbPzMlnS0gVptIZBRlxgqQz+WhfwT+rT823Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "35e48702118124ec52a071e300f55c78a4b7b338", "rev": "52c21ec8fde46366b1a5555e18d854ee18012ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -399,13 +580,15 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"arion": "arion",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-bitcoin": "nix-bitcoin",
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nix-secrets": "nix-secrets", "nix-secrets": "nix-secrets",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable_2",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -419,11 +602,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1719268571, "lastModified": 1729999681,
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=", "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3", "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +638,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719243788, "lastModified": 1729613947,
"narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=", "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf", "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca",
"type": "github" "type": "github"
}, },
"original": { "original": {

166
flake.nix
View File

@ -3,7 +3,7 @@
inputs = { inputs = {
# Nixpkgs # Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/release-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# NUR # NUR
@ -21,6 +21,17 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Arion for docker
arion = {
url = "github:hercules-ci/arion/236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318";
};
# nix-bitcoin
nix-bitcoin = {
url = "github:fort-nix/nix-bitcoin/nixos-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix colors # Nix colors
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
@ -42,89 +53,84 @@
nix-secrets = { nix-secrets = {
url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git"; url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git";
flake = false; inputs = {};
}; };
}; };
outputs = outputs = {
{ self self,
, nixpkgs nixpkgs,
, home-manager home-manager,
, ... ...
} @ inputs: } @ inputs: let
let inherit (self) outputs;
inherit (self) outputs; systems = [
systems = [ "x86_64-linux"
"x86_64-linux" ];
]; forAllSystems = nixpkgs.lib.genAttrs systems;
forAllSystems = nixpkgs.lib.genAttrs systems; inherit (nixpkgs) lib;
specialArgs = { inherit inputs outputs; }; configVars = import ./vars {inherit inputs lib;};
in specialArgs = {
{ inherit
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); inputs
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); outputs
overlays = import ./overlays { inherit inputs; }; configVars
nixosModules = import ./modules/nixos; ;
homeManagerModules = import ./modules/home-manager; };
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays {inherit inputs;};
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
# System level configs # System level configs
nixosConfigurations = { nixosConfigurations = {
nixdev = nixpkgs.lib.nixosSystem { bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/nixdev ./hosts/bootstrap
home-manager.nixosModules.home-manager ];
{ };
home-manager.extraSpecialArgs = specialArgs; sparky = nixpkgs.lib.nixosSystem {
} inherit specialArgs;
]; modules = [
}; ./hosts/sparky
fileserver = nixpkgs.lib.nixosSystem { home-manager.nixosModules.home-manager
inherit specialArgs; {
modules = [ home-manager.extraSpecialArgs = specialArgs;
./hosts/fileserver }
home-manager.nixosModules.home-manager ];
{ };
home-manager.extraSpecialArgs = specialArgs; semita = nixpkgs.lib.nixosSystem {
} inherit specialArgs;
]; modules = [
}; ./hosts/semita
bootstrap = nixpkgs.lib.nixosSystem { home-manager.nixosModules.home-manager
inherit specialArgs; {
modules = [ home-manager.extraSpecialArgs = specialArgs;
./hosts/bootstrap }
]; ];
}; };
sparky = nixpkgs.lib.nixosSystem { merlin = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/sparky ./hosts/nebula
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.extraSpecialArgs = specialArgs; home-manager.extraSpecialArgs = specialArgs;
} }
]; ];
}; };
semita = nixpkgs.lib.nixosSystem { citadel = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/semita ./hosts/citadel
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.extraSpecialArgs = specialArgs; home-manager.extraSpecialArgs = specialArgs;
} }
]; ];
};
nebula = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
}; };
}; };
};
} }

84
home/citadel.nix Normal file
View File

@ -0,0 +1,84 @@
{config, pkgs, ...}: {
imports = [
# Import users
./users/sam
./common/core
# Import optional
./common/optional/git.nix
./common/optional/sops.nix
./common/optional/syncthing.nix
./common/optional/desktop/dwm
./common/optional/desktop/common/themes/standard-dark.nix
./common/optional/notes.nix
./common/optional/yazi.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";
author = "Bitlab21";
palette = {
base00 = "#1F1F28";
base01 = "#16161D";
base02 = "#223249";
base03 = "#363646";
base04 = "#727169";
base05 = "#DCD7BA";
base06 = "#C8C093";
base07 = "#717C7C";
base08 = "#C34043";
base09 = "#FFA066";
base0A = "#C0A36E";
base0B = "#76946A";
base0C = "#6A9589";
base0D = "#7E9CD8";
base0E = "#957FB8";
base0F = "#D27E99";
};
};
home.file.".Xresources" = {
recursive = true;
text = ''
! st
st.alpha: 0.8
St.font: monospace:pixelsize=31:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=24:antialias=true:autohint=true;
! dwm
dwm.borderpx: 6
dwm.font: monospace:size=14
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=14
dmenu.font2: NotoColorEmoji:pixelsize=44:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
};
}

7
home/common/core/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, inputs, outputs, ... }: { pkgs, inputs, outputs, lib, ... }:
{ {
imports = [ imports = [
inputs.nix-colors.homeManagerModules.default inputs.nix-colors.homeManagerModules.default
@ -18,14 +18,17 @@
ripgrep ripgrep
fzf fzf
eza eza
bat
killall
pciutils pciutils
tree tree
jq jq
coreutils coreutils
btop btop
htop htop
postgresql postgresql_16
libqalculate libqalculate
tmux
; ;
}; };
home.stateVersion = "24.05"; home.stateVersion = "24.05";

23
home/common/core/nixvim/default.nix
View File

@ -1,5 +1,8 @@
{ inputs, pkgs, ... }:
{ {
inputs,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
./plugins ./plugins
@ -11,12 +14,22 @@
# Install home packages needed for nixvim # Install home packages needed for nixvim
home.packages = [ home.packages = [
pkgs.nixpkgs-fmt pkgs.nixpkgs-fmt
pkgs.black
pkgs.yamllint
pkgs.yamlfmt
pkgs.prettierd pkgs.prettierd
pkgs.sqlfmt pkgs.sqlfmt
pkgs.nodePackages_latest.sql-formatter
pkgs.alejandra
pkgs.shellcheck
pkgs.shellharden
pkgs.shfmt
pkgs.stylua
pkgs.glow
]; ];
programs.nixvim = { programs.nixvim = {
enable = true; enable = true;
package = pkgs.neovim-unwrapped;
enableMan = true; # install man pages for nixvim options enableMan = true; # install man pages for nixvim options
clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers
globals.mapleader = " "; globals.mapleader = " ";
@ -42,7 +55,11 @@
let wiki_0.index = 'home' let wiki_0.index = 'home'
let wiki_0.syntax = 'markdown' let wiki_0.syntax = 'markdown'
let wiki_0.ext = '.md' let wiki_0.ext = '.md'
'';
" ==== dbui
let g:db_ui_hide_schemas = ['pg_catalog', 'pg_toast_temp.*', 'pg_toast']
let g:db_ui_use_nerd_fonts = 1
let g:db_ui_execute_on_save = 0
'';
}; };
} }

70
home/common/core/nixvim/keymaps.nix
View File

@ -2,32 +2,32 @@
programs.nixvim.keymaps = [ programs.nixvim.keymaps = [
# Switching buffers # Switching buffers
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>h"; action = "<C-w>h";
key = "<S-h>"; key = "<S-h>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>j"; action = "<C-w>j";
key = "<S-j>"; key = "<S-j>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>k"; action = "<C-w>k";
key = "<S-k>"; key = "<S-k>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>l"; action = "<C-w>l";
key = "<S-l>"; key = "<S-l>";
options = { options = {
silent = true; silent = true;
@ -36,7 +36,7 @@
# Toggle nvim-tree # Toggle nvim-tree
{ {
mode = [ "n" ]; mode = ["n"];
action = "<cmd>NvimTreeFindFileToggle<CR>"; action = "<cmd>NvimTreeFindFileToggle<CR>";
key = "tt"; key = "tt";
options = { options = {
@ -46,40 +46,72 @@
# Clear search highlighting # Clear search highlighting
{ {
mode = [ "n" ]; mode = ["n"];
key = "<space><space>"; key = "<space><space>";
action = "<cmd>nohlsearch<CR>"; action = "<cmd>nohlsearch<CR>";
options = { noremap = true; }; options = {noremap = true;};
} }
# Telescope Plugin # Telescope Plugin
{ {
# find files # find files
mode = [ "n" ]; mode = ["n"];
key = "<Leader>ff"; key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>"; action = "<cmd>Telescope find_files<CR>";
options = { noremap = true; }; options = {noremap = true;};
} }
{ {
# live grep # live grep
mode = [ "n" ]; mode = ["n"];
key = "<Leader>fg"; key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>"; action = "<cmd>Telescope live_grep<CR>";
options = { noremap = true; }; options = {noremap = true;};
} }
{ {
# buffers # buffers
mode = [ "n" ]; mode = ["n"];
key = "<Leader>fb"; key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>"; action = "<cmd>Telescope buffers<CR>";
options = { noremap = true; }; options = {noremap = true;};
} }
{ {
# help tags # help tags
mode = [ "n" ]; mode = ["n"];
key = "<Leader>fh"; key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>"; action = "<cmd>Telescope help_tags<CR>";
options = { noremap = true; }; options = {noremap = true;};
}
# paste over selected text without yanking it
{
mode = ["v"];
key = "p";
action = "\"_dP";
options = {noremap = true;};
}
# resize window
{
mode = ["n"];
key = "<Right>";
action = ":vertical resize +1<CR>";
options = {noremap = true;};
}
{
mode = ["n"];
key = "<Left>";
action = ":vertical resize -1<CR>";
options = {noremap = true;};
}
{
mode = ["n"];
key = "<Down>";
action = ":resize -1<CR>";
options = {noremap = true;};
}
{
mode = ["n"];
key = "<Up>";
action = ": resize +1<CR>";
options = {noremap = true;};
} }
]; ];
} }

2
home/common/core/nixvim/options.nix
View File

@ -31,5 +31,7 @@
ignorecase = true; ignorecase = true;
smartcase = true; smartcase = true;
backspace = "indent,eol,start"; # allow backspace in insert mode backspace = "indent,eol,start"; # allow backspace in insert mode
spell = true;
spelllang = "en_gb";
}; };
} }

10
home/common/core/nixvim/plugins/alpha.nix
View File

@ -1,10 +0,0 @@
{
programs.nixvim.plugins = {
alpha = {
enable = true;
iconsEnabled = true;
theme = "dashboard";
};
};
}

22
home/common/core/nixvim/plugins/cmp.nix
View File

@ -3,6 +3,7 @@
cmp-emoji = { enable = true; }; cmp-emoji = { enable = true; };
cmp = { cmp = {
enable = true; enable = true;
cmdline = {};
settings = { settings = {
autoEnableSources = true; autoEnableSources = true;
experimental = { ghost_text = true; }; experimental = { ghost_text = true; };
@ -11,7 +12,7 @@
fetchingTimeout = 200; fetchingTimeout = 200;
maxViewEntries = 30; maxViewEntries = 30;
}; };
snippet = { expand = "luasnip"; }; snippet = { expand = "function(args) require('luasnip').lsp_expand(args.body) end"; };
formatting = { formatting = {
fields = [ "kind" "abbr" "menu" ]; fields = [ "kind" "abbr" "menu" ];
format = '' format = ''
@ -43,14 +44,10 @@
}; };
mapping = { mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<C-j>" = "cmp.mapping.select_next_item()"; "<S-Tab>" = "cmp.mapping.select_prev_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-e>" = "cmp.mapping.abort()";
"<C-b>" = "cmp.mapping.scroll_docs(-4)"; "<C-b>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)"; "<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })"; "<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = true })";
}; };
}; };
}; };
@ -58,7 +55,7 @@
cmp-buffer = { enable = true; }; cmp-buffer = { enable = true; };
cmp-path = { enable = true; }; # file system paths cmp-path = { enable = true; }; # file system paths
cmp_luasnip = { enable = true; }; # snippets cmp_luasnip = { enable = true; }; # snippets
cmp-cmdline = { enable = false; }; # autocomplete for cmdline cmp-cmdline = { enable = true; }; # autocomplete for cmdline
}; };
programs.nixvim.extraConfigLua = '' programs.nixvim.extraConfigLua = ''
luasnip = require("luasnip") luasnip = require("luasnip")
@ -94,22 +91,15 @@
-- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore). -- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline({'/', "?" }, { cmp.setup.cmdline({'/', "?" }, {
mapping = cmp.mapping.preset.cmdline(),
sources = { sources = {
{ name = 'buffer' } { name = 'buffer' }
} }
}) })
-- Set configuration for specific filetype.
cmp.setup.filetype('gitcommit', {
sources = cmp.config.sources({
{ name = 'cmp_git' }, -- You can specify the `cmp_git` source if you were installed it.
}, {
{ name = 'buffer' },
})
})
-- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore). -- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline(':', { cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({ sources = cmp.config.sources({
{ name = 'path' } { name = 'path' }
}, { }, {

5
home/common/core/nixvim/plugins/comment.nix Normal file
View File

@ -0,0 +1,5 @@
{
programs.nixvim.plugins.comment = {
enable = true;
};
}

38
home/common/core/nixvim/plugins/conform.nix
View File

@ -1,21 +1,41 @@
{ {
programs.nixvim.plugins.conform-nvim = { programs.nixvim.plugins.conform-nvim = {
enable = true; enable = true;
formatOnSave = {
lspFallback = true;
timeoutMs = 500;
};
notifyOnError = true; notifyOnError = true;
logLevel = "debug";
formattersByFt = { formattersByFt = {
html = [["prettierd" "prettier"]]; html = ["prettierd"];
css = [["prettierd" "prettier"]]; css = ["prettierd"];
javascript = [["prettierd" "prettier"]]; javascript = ["prettierd"];
python = ["black"]; python = ["black"];
lua = ["stylua"]; lua = ["stylua"];
nix = ["alejandra"]; nix = ["alejandra"];
markdown = [["prettierd" "prettier"]]; markdown = ["prettierd"];
yaml = ["yamllint" "yamlfmt"]; yaml = ["yamlfmt"];
sql = ["sqlfmt"]; sql = ["sqlfmt"];
#sql = ["sql-formatter"];
bash = [
"shellcheck"
"shellharden"
"shfmt"
];
}; };
# formatters = {
# sql-formatter = {
# command = "sql-formatter";
# args = "--config ~/.config/sql-formatter/config.json";
# };
# };
}; };
home.file.".config/sql-formatter/config.json".text = ''
{
"language": "postgresql",
"tabWidth": 2,
"linesBetweenQueries": 1,
"expressionWidth": 88,
"newlineBeforeSemicolon": true
}
'';
} }

100
home/common/core/nixvim/plugins/default.nix
View File

@ -1,5 +1,11 @@
{ pkgs, ... }:
{ {
pkgs,
config,
...
}: let
user = config.home.username;
in {
imports = [ imports = [
./cmp.nix ./cmp.nix
./colorizer.nix ./colorizer.nix
@ -13,7 +19,10 @@
./surround.nix ./surround.nix
./telescope.nix ./telescope.nix
./treesitter.nix ./treesitter.nix
./alpha.nix ./fold.nix
./todo-comments.nix
./oil.nix
./comment.nix
]; ];
# Load Plugins that aren't provided as modules by nixvim # Load Plugins that aren't provided as modules by nixvim
@ -27,26 +36,15 @@
(pkgs.vimUtils.buildVimPlugin (pkgs.vimUtils.buildVimPlugin
{ {
name = "precognition.nvim"; name = "glow.nvim";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "tris203"; owner = "ellisonleao";
repo = "precognition.nvim"; repo = "glow.nvim";
rev = "v1.0.0"; rev = "238070a";
sha256 = "sha256-AqWYV/59ugKyOWALOCdycWVm0bZ7qb981xnuw/mAVzM="; sha256 = "sha256-GsNcASzVvY0066kak2nvUY5luzanoBclqcUOsODww8g=";
}; };
}) })
# (pkgs.vimUtils.buildVimPlugin
# {
# name = "hardtime";
# src = pkgs.fetchFromGitHub {
# owner = "m4xshen";
# repo = "hardtime.nvim ";
# rev = "9a4e24f";
# #sha256 = "sha256-abe9ZGmL7U9rC+LxC3LO5/bOn8lHke1FCKO0V3TZGs0=";
# };
# })
#
(pkgs.vimUtils.buildVimPlugin (pkgs.vimUtils.buildVimPlugin
{ {
name = "buffer_manager.nvim"; name = "buffer_manager.nvim";
@ -58,19 +56,36 @@
}; };
}) })
(pkgs.vimUtils.buildVimPlugin
{
name = "vimwiki-sync";
src = pkgs.fetchFromGitHub {
owner = "michal-h21";
repo = "vimwiki-sync";
rev = "99eeab3";
sha256 = "sha256-cz0dSFphIbQAI4AOqwIUpDBTuj/3xlOkhSlIVMdgsqM=";
};
})
# Keep vim-devicons as last entry # Keep vim-devicons as last entry
pkgs.vimPlugins.vim-devicons pkgs.vimPlugins.vim-devicons
]; ];
programs.nixvim.extraConfigLua = '' programs.nixvim.extraConfigLua = ''
-- function to read api key from secrets file
local function read_api_key(file_path)
local file = io.open(file_path, "r")
if file then
local api_key = file:read("*all")
file:close()
return api_key
else
error("Failed to open file: " .. file_path)
end
end
-- buffer_manager.nvim -- buffer_manager.nvim
local opts = {noremap = true} local opts = {noremap = true}
require("precognition").setup(
{
}
)
require("buffer_manager").setup( require("buffer_manager").setup(
{ {
line_keys = "1234567890", line_keys = "1234567890",
@ -94,14 +109,24 @@
} }
) )
require('glow').setup({
border = "shadow",
style = "dark",
pager = false,
width = 80,
height = 100,
width_ratio = 0.7,
height_ratio = 0.7,
})
-- Custom color for modified buffers -- Custom color for modified buffers
vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" }) vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" })
local bmui = require("buffer_manager.ui") local bmui = require("buffer_manager.ui")
vim.keymap.set('n', '<leader>b', bmui.toggle_quick_menu, opts) vim.keymap.set('n', '<leader>b', bmui.toggle_quick_menu, opts)
vim.keymap.set('n', '<leader>n', bmui.nav_next, opts) vim.keymap.set('n', '<leader>n', bmui.nav_next, opts)
vim.keymap.set('n', '<leader>p', bmui.nav_prev, opts) vim.keymap.set('n', '<leader>p', bmui.nav_prev, opts)
local keys="1234567890" local keys="1234567890"
for i = 1, #keys do for i = 1, #keys do
local key = keys:sub(i,i) local key = keys:sub(i,i)
@ -110,7 +135,28 @@
opts opts
) )
end end
-- Setup vimwiki
vim.g.vimwiki_list = {
{
syntax = "markdown",
ext = ".md",
path = "/home/${user}/.local/share/notes",
},
}
-- Format function for conform.nvim
vim.api.nvim_create_user_command("Format", function(args)
local range = nil
if args.count ~= -1 then
local end_line = vim.api.nvim_buf_get_lines(0, args.line2 - 1, args.line2, true)[1]
range = {
start = { args.line1, 0 },
["end"] = { args.line2, end_line:len() },
}
end
require("conform").format({ async = true, lsp_format = "fallback", range = range })
end, { range = true })
''; '';
} }

31
home/common/core/nixvim/plugins/fold.nix Normal file
View File

@ -0,0 +1,31 @@
{
programs.nixvim.plugins.nvim-ufo = {
enable = true;
};
programs.nixvim.extraConfigLua = ''
-- default fold options
vim.o.foldcolumn = '1'
vim.o.foldlevel = 99
vim.o.foldlevelstart = 99
vim.o.foldenable = true
-- nvim_ufo options
vim.keymap.set('n', 'zR', require('ufo').openAllFolds, { desc = "Open all folds" })
vim.keymap.set('n', 'zM', require('ufo').closeAllFolds, { desc = "Close all folds" })
vim.keymap.set('n', 'zK', function()
local winid = require("ufo").peekFoldedLinesUnderCursor()
if not winid then
vim.lsp.buf.hover()
end
end , { desc = "Peed fold" })
require("ufo").setup({
provider_selector = function(bufnr, filetype, buftype)
return { 'lsp', 'indent' }
end
})
'';
}

111
home/common/core/nixvim/plugins/lsp.nix
View File

@ -1,51 +1,74 @@
{ osConfig , ... }:
let
hostname = osConfig.networking.hostName;
in
{ {
programs.nixvim.plugins.lsp = { programs.nixvim.plugins = {
enable = true; lsp = {
servers = { enable = true;
lua-ls = { enable = true; }; servers = {
nixd = { enable = true; }; lua-ls = {enable = true;};
bashls = { enable = true; }; nixd = {
pyright = { enable = true; }; enable = true;
html = { enable = true; }; cmd = ["nixd"];
yamlls = { enable = true; }; settings = {
marksman = { enable = true; }; nixpkgs.expr = "import <nixpkgs> { }";
#sqls = {enable = true;}; options = {
}; nixos.expr = "(builtins.getFlake \"/etc/nixos\").nixosConfigurations.${hostname}.options";
keymaps = { # TODO get home-manager options working when hm imported as submodule
lspBuf = { # home_manager.expr = "(builtins.getFlake \"github:nix-community/home-manager\").homeConfigurations.${hostname}.options";
gd = { };
action = "definition"; };
desc = "Goto Definition";
}; };
gr = { bashls = {enable = true;};
action = "references"; pyright = {enable = true;};
desc = "Goto References"; html = {enable = true;};
}; marksman = {enable = true;};
gD = { ccls = {enable = true;};
action = "declaration"; cssls = {enable = true;};
desc = "Goto Declaration"; r-language-server = {enable = true;};
}; tsserver = {enable = true;};
gI = { };
action = "implementation"; keymaps = {
desc = "Goto Implementation"; lspBuf = {
}; gd = {
gT = { action = "definition";
action = "type_definition"; desc = "Goto Definition";
desc = "Type Definition"; };
}; gr = {
K = { action = "references";
action = "hover"; desc = "Goto References";
desc = "Hover"; };
}; gD = {
"<leader>cw" = { action = "declaration";
action = "workspace_symbol"; desc = "Goto Declaration";
desc = "Workspace Symbol"; };
}; gI = {
"<leader>cr" = { action = "implementation";
action = "rename"; desc = "Goto Implementation";
desc = "Rename"; };
gT = {
action = "type_definition";
desc = "Type Definition";
};
gK = {
action = "hover";
desc = "Hover";
};
"<leader>cw" = {
action = "workspace_symbol";
desc = "Workspace Symbol";
};
"<leader>cr" = {
action = "rename";
desc = "Rename";
};
}; };
}; };
}; };
# TODO: enable otter.nvim when merged into nixvim stable
# otter = {
# enable = true;
# };
}; };
} }

5
home/common/core/nixvim/plugins/oil.nix Normal file
View File

@ -0,0 +1,5 @@
{
programs.nixvim.plugins.oil = {
enable = true;
};
}

19
home/common/core/nixvim/plugins/todo-comments.nix Normal file
View File

@ -0,0 +1,19 @@
{
programs = {
nixvim = {
plugins.todo-comments = {
enable = true;
};
keymaps = [
{
mode = [ "n" ];
action = "<cmd>TodoTelescope<cr>";
key = "<leader>ft";
options = {
silent = true;
};
}
];
};
};
}

4
home/common/core/zsh.nix
View File

@ -8,6 +8,10 @@
shellAliases = { shellAliases = {
ll = "ls -l"; ll = "ls -l";
src = "cd ~/.local/share/src";
no = "cd /etc/nixos";
cat = "bat --decorations=never";
ls = "eza";
}; };
history.size = 10000; history.size = 10000;
history.path = "${config.xdg.dataHome}/zsh/history"; history.path = "${config.xdg.dataHome}/zsh/history";

18
home/common/optional/desktop/common/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
imports = [ imports = [
./firefox.nix ./firefox.nix
./alacritty.nix ./alacritty.nix
@ -14,5 +14,21 @@
pkgs.xfce.thunar pkgs.xfce.thunar
pkgs.kcolorchooser pkgs.kcolorchooser
pkgs.zotero pkgs.zotero
pkgs.transmission
pkgs.mpv
pkgs.gnome.simple-scan
pkgs.pandoc
pkgs.texlive.combined.scheme-small
pkgs.libreoffice-fresh
pkgs.hunspell
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en_US
pkgs.set_wm_class
pkgs.xorg.xkill
pkgs.krita
pkgs.R
pkgs.gimp
pkgs.gajim
]; ];
} }

76
home/common/optional/desktop/common/firefox.nix
View File

@ -1,38 +1,53 @@
{ pkgs, config, ... }:
let
user = config.home.username;
in
{ {
pkgs,
config,
configVars,
...
}: let
user = config.home.username;
jellyfinIp = configVars.networking.addresses.jellyfin.ip;
jellyfinPort = configVars.networking.addresses.jellyfin.port;
bitcoinNodeIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
in {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
profiles.${user} = { profiles.${user} = {
search = { search = {
force = true; force = true;
default = "Searx"; default = "Searx";
order = [ "Searx" "DuckDuckGo" ]; order = ["Searx" "DuckDuckGo"];
engines = { engines = {
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [
template = "https://search.nixos.org/packages"; {
params = [ template = "https://search.nixos.org/packages";
{ name = "type"; value = "packages"; } params = [
{ name = "query"; value = "{searchTerms}"; } {
]; name = "type";
}]; value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ]; definedAliases = ["@np"];
}; };
"NixOS Wiki" = { "NixOS Wiki" = {
urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}];
iconUpdateURL = "https://nixos.wiki/favicon.png"; iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ]; definedAliases = ["@nw"];
}; };
"Searx" = { "Searx" = {
urls = [{ template = "http://10.0.10.35:8855/?q={searchTerms}"; }]; urls = [{template = "http://10.0.10.35:8855/?q={searchTerms}";}];
iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg"; iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@searx" ]; definedAliases = ["@searx"];
}; };
"Bing".metaData.hidden = true; "Bing".metaData.hidden = true;
"Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias "Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
@ -41,16 +56,22 @@ in
bookmarks = [ bookmarks = [
{ {
name = "wikipedia"; name = "toolbar";
tags = [ "wiki" ]; toolbar = true;
keyword = "wiki"; bookmarks = [
url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go"; {
} name = "Jellyfin";
{ url = "http://${jellyfinIp}:${jellyfinPort}";
name = "bitlab21"; }
tags = [ "bitcoin" ]; {
keyword = "bitcoin"; name = "Mempool";
url = "https://bitlab21.com"; url = "http://${bitcoinNodeIp}:${toString mempoolPort}";
}
{
name = "Nixos Package Search";
url = "https://search.nixos.org/packages";
}
];
} }
]; ];
@ -75,7 +96,6 @@ in
privacy-badger privacy-badger
zotero-connector zotero-connector
]; ];
}; };
}; };
} }

1
home/common/optional/desktop/common/fontconfig.nix
View File

@ -13,6 +13,7 @@
fonts = { fonts = {
fontconfig = { fontconfig = {
enable = true;
defaultFonts = { defaultFonts = {
serif = [ "NotoSans Nerd Font" ]; serif = [ "NotoSans Nerd Font" ];
sansSerif = [ "Linux Biolinum O" ]; sansSerif = [ "Linux Biolinum O" ];

51
home/common/optional/desktop/common/themes/standard-dark.nix
View File

@ -1,21 +1,48 @@
{ pkgs, ... }: {pkgs, ...}: {
{
# Prevent error when enabling gtk https://github.com/nix-community/home-manager/issues/3113 # Prevent error when enabling gtk https://github.com/nix-community/home-manager/issues/3113
# error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files # error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files
home.packages = [ pkgs.dconf ]; home.packages = [
gtk.enable = true; pkgs.dconf
];
home.file = { # Get details about theme package
".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic"; #cd $(nix build nixpkgs#kanagawa-gtk-theme --print-out-paths --no-link) && nix run nixpkgs#eza -- --tree --level 4
gtk = {
enable = true;
theme = {
name = "Kanagawa-B";
package = pkgs.kanagawa-gtk-theme;
};
iconTheme = {
package = pkgs.gnome.adwaita-icon-theme;
name = "Adwaita";
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
}; };
# Get details about theme package #gtk.theme.package = pkgs.kanagawa-gtk-theme;
#cd $(nix build nixpkgs#kanagawa-gtk-theme --print-out-paths --no-link) && nix run nixpkgs#eza -- --tree --level 4
gtk.theme.package = pkgs.kanagawa-gtk-theme;
gtk.theme.name = "Kanagawa-B";
gtk.iconTheme.package = pkgs.kanagawa-icon-theme; # gtk.cursorTheme = {
gtk.iconTheme.name = "Kanagawa"; # name = "Vimix-Cursors";
# package = pkgs.vimix-cursor-theme;
# };
# gtk.theme.name = "Kanagawa-B";
# gtk.iconTheme.package = pkgs.kanagawa-icon-theme;
# gtk.iconTheme.name = "Kanagawa";
qt.enable = true; qt.enable = true;
qt.platformTheme.name = "gtk"; qt.platformTheme.name = "gtk";

5
home/common/optional/desktop/common/x11/default.nix
View File

@ -11,4 +11,9 @@
pkgs.feh pkgs.feh
]; ];
programs.chromium = {
enable = true;
package = pkgs.brave;
};
} }

8
home/common/optional/desktop/dwm/default.nix
View File

@ -7,8 +7,8 @@
./xinitrc.nix ./xinitrc.nix
./sxhkdrc.nix ./sxhkdrc.nix
./picom.nix ./picom.nix
./xresources.nix
./dunst.nix ./dunst.nix
./music_player.nix
# Status bar scripts # Status bar scripts
./scripts/sb-cpu-pct.nix ./scripts/sb-cpu-pct.nix
@ -16,9 +16,11 @@
./scripts/sb-volume.nix ./scripts/sb-volume.nix
./scripts/sb-network-status.nix ./scripts/sb-network-status.nix
./scripts/sb-updates.nix ./scripts/sb-updates.nix
./scripts/sb-battery.nix
# Notification scripts # Notification scripts
./scripts/dunstify-volume-notification.nix ./scripts/dunstify-volume-notification.nix
./scripts/dunstify-battery-notification.nix
# Helper scripts # Helper scripts
./scripts/emoji-picker.nix ./scripts/emoji-picker.nix
@ -27,6 +29,10 @@
./scripts/get-focused-monitor.nix ./scripts/get-focused-monitor.nix
./scripts/git-commit-ai.nix ./scripts/git-commit-ai.nix
./scripts/aichat-wrapper.nix ./scripts/aichat-wrapper.nix
./scripts/dmenu-wifi.nix
./scripts/battery-status.nix
./scripts/dmenu-set-wm-class.nix
./scripts/key-remaps.nix
]; ];
home.packages = [ home.packages = [

3
home/common/optional/desktop/dwm/dunst.nix
View File

@ -30,7 +30,6 @@
#format = ''%I %s %p\n%b''; #format = ''%I %s %p\n%b'';
format = ''<b>%s:</b>\n%b\n\n%a ''; format = ''<b>%s:</b>\n%b\n\n%a '';
#TODO dynamic fonts
font = "monospace"; font = "monospace";
# Options are "left", "center", and "right". # Options are "left", "center", and "right".
@ -172,7 +171,7 @@
urgency_critical = { urgency_critical = {
background = "#${config.colorScheme.colors.base08}"; background = "#${config.colorScheme.colors.base08}";
foreground = "#${config.colorScheme.colors.base05}"; foreground = "#${config.colorScheme.colors.base05}";
frame_color = "#${config.colorScheme.colors.base00}"; frame_color = "#${config.colorScheme.colors.base05}";
timeout = 0; timeout = 0;
}; };
}; };

65
home/common/optional/desktop/dwm/music_player.nix Normal file
View File

@ -0,0 +1,65 @@
{ pkgs, config, ... }:
{
home.file."mus/music_data".source = config.lib.file.mkOutOfStoreSymlink /media/media/music/music_data;
home.packages = [
pkgs.ffmpeg
pkgs.nsxiv
pkgs.kunst
pkgs.mpc-cli
pkgs.jq
pkgs.imagemagick
];
services.mpd = {
enable = true;
package = pkgs.mpd;
extraConfig = ''
music_directory "~/mus/music_data"
playlist_directory "~/.local/share/mpd/playlists"
log_file "~/.local/share/mpd/log"
db_file "~/.local/share/mpd/database"
pid_file "~/.local/share/mpd/pid"
state_file "~/.local/share/mpd/state"
sticker_file "~/.local/share/mpd/sticker.sql"
auto_update "yes"
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "Visualizer feed"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
'';
musicDirectory = "~/mus/music_data";
};
programs.ncmpcpp = {
enable = true;
package = (pkgs.ncmpcpp.override { visualizerSupport = true; });
mpdMusicDir = "~/mus/music_data";
settings = {
mpd_host = "127.0.0.1";
mpd_port = "6600";
visualizer_data_source = "/tmp/mpd.fifo";
visualizer_output_name = "Visualizer Feed";
visualizer_in_stereo = "yes";
visualizer_type = "spectrum";
visualizer_fps = "60";
visualizer_autoscale = "no";
visualizer_look = "";
visualizer_color = "169, 170, 169, 135, 134, 133, 129, 128, 127, 126, 125, 124";
visualizer_spectrum_smooth_look = "yes";
visualizer_spectrum_dft_size = "3";
};
};
}

54
home/common/optional/desktop/dwm/scripts/battery-status.nix Normal file
View File

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellScriptBin "battery-status" ''
# Get the current power consumption of the laptop battery
power=$(cat /sys/class/power_supply/BAT0/power_now)
power_watts=$(${pkgs.bc}/bin/bc <<< "scale=3; $power / 1000000")
# Get the current battery charge capacity
energy=$(cat /sys/class/power_supply/BAT0/energy_now)
# Get the current battery status (charging or discharging)
battery_status=$(cat /sys/class/power_supply/BAT0/status)
# Calculate the time remaining until the battery is empty or full
if [ "$battery_status" == "Charging" ]; then
# Calculate the time remaining until the battery is full
hours=$(${pkgs.bc}/bin/bc <<< "scale=2; $power / $energy")
hours_int=$(${pkgs.bc}/bin/bc <<< "scale=0; $hours / 1")
minutes=$(${pkgs.bc}/bin/bc <<< "scale=0; 60 * ($hours - $hours_int)/1")
if [ "$hours_int" -gt "0" ]; then
# Show hours and minutes if time remaining is greater than or equal to 1 hour
echo "Full in: $hours_int hours $minutes minutes"
else
# Show minutes if time remaining is less than 1 hour
echo "Full in: $minutes minutes"
fi
elif [ "$battery_status" == "Discharging" ]; then
# Calculate the time remaining until the battery is empty
hours=$(${pkgs.bc}/bin/bc <<< "scale=2; $energy / $power")
hours_int=$(${pkgs.bc}/bin/bc <<< "scale=0; $hours / 1")
minutes=$(${pkgs.bc}/bin/bc <<< "scale=0; 60 * ($hours - $hours_int)/1")
if [ "$hours_int" -gt "0" ]; then
# Show hours and minutes if time remaining is greater than or equal to 1 hour
echo "Empty in: $hours_int hours $minutes minutes"
else
# Show minutes if time remaining is less than 1 hour
echo "Empty in: $minutes minutes"
fi
elif [ "$battery_status" == "Full" ]; then
echo "Battery full"
elif [ "$battery_status" == "Not charging" ]; then
echo "Battery full - not charging"
fi
echo "Power consumption: $power_watts W"
'')
];
}

4
home/common/optional/desktop/dwm/scripts/clipboard-save.nix
View File

@ -14,7 +14,7 @@
*image*) *image*)
echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)" echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)"
filename=$(${xclip}/bin/xclip -selection clipboard -t image/png -o | ${openssl}/bin/openssl sha1 | cut -b 49-) filename=$(${xclip}/bin/xclip -selection clipboard -t image/png -o | ${openssl}/bin/openssl sha1 | cut -b 49-)
file_exists=$(/bin/ls $image_location | grep $filename | sed "s/\..*//") file_exists=$(ls $image_location | grep $filename | sed "s/\..*//")
[[ $filename != "$file_exists" ]] && [[ $filename != "$file_exists" ]] &&
xclip -selection clipboard -t image/png -o > "$image_location/$filename.png" && xclip -selection clipboard -t image/png -o > "$image_location/$filename.png" &&
notify-send -t 5000 "Image Copied" "$image_location/$filename.png" notify-send -t 5000 "Image Copied" "$image_location/$filename.png"
@ -22,7 +22,7 @@
*UTF8_STRING*) *UTF8_STRING*)
echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)" echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)"
filename=$(${xclip}/bin/xclip -selection clipboard -t UTF8_STRING -o | ${openssl}/bin/openssl sha1 | cut -b 49-) filename=$(${xclip}/bin/xclip -selection clipboard -t UTF8_STRING -o | ${openssl}/bin/openssl sha1 | cut -b 49-)
file_exists=$(/bin/ls "$text_location" | grep "$filename" | sed "s/\..*//") file_exists=$(ls "$text_location" | grep "$filename" | sed "s/\..*//")
echo "$filename" "$file_exists" echo "$filename" "$file_exists"
[[ "$filename" != "$file_exists" ]] && [[ "$filename" != "$file_exists" ]] &&
xclip -selection clipboard -t UTF8_STRING -o > "$text_location/$filename" xclip -selection clipboard -t UTF8_STRING -o > "$text_location/$filename"

13
home/common/optional/desktop/dwm/scripts/dmenu-set-wm-class.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-set-wm-class" ''
${libnotify}/bin/notify-send "Set Window Class" "Select window..."
winid=$(${xorg.xwininfo}/bin/xwininfo | grep "Window id:" | grep -o "0x[0-9a-fA-F]*")
class=$(${xorg.xprop}/bin/xprop -id "$winid" WM_CLASS | grep -o "\".*\"$")
new_class=$( echo "" | ${dmenu}/bin/dmenu -p "Selected: $class. Set class name of window:")
[ -z "$new_class" ] && ${libnotify}/bin/notify-send "Set Window Class" "Nothing set, exiting" && exit
${set_wm_class}/bin/set_wm_class "$winid" "$new_class"
'')
];
}

51
home/common/optional/desktop/dwm/scripts/dmenu-wifi.nix Normal file
View File

@ -0,0 +1,51 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-wifi" ''
nmcli dev wifi rescan
ssid_list=$(nmcli -f in-use,bssid,ssid,mode,chan,freq,rate,signal,bars,security dev wifi)
available_connections=$(echo "$ssid_list" | sed '/--.*Infra/d')
connection=$( echo "$available_connections" | dmenu -l 20)
bssid=$(echo "$connection" | sed 's/^.\s*//;s/\s\s.*$//')
ssid=$(echo "$connection" | sed 's/^.\s*[0-9;A-Z;:]*\s\s//;s/\s*Infra\s*[0-9].*$//')
[[ "$connection" = "" ]] && notify-send -t 5000 "Wifi Connect" "Cancelled" && exit 0
[[ $( echo "$connection" | grep "IN-USE" -o) = "IN-USE" ]] && notify-send -t 5000 "Wifi Connect" "Please select valid network" && exit 0
[[ -n "$(echo "$connection" | grep '\*')" ]] && notify-send -t 5000 "Wifi Connect" "Already Connected to: $(echo "$ssid")" && exit 0
notify-send -t 5000 "Network Manager" "Attempting to connect to $ssid..."
nmcli connection modify "$ssid" 802-11-wireless.bssid "$bssid"
nmcli device wifi connect "$bssid"
return_code=$?
if [ $return_code == 4 ];
then
notify-send -t 5000 "Wifi Connect" "Please enter password for '$ssid'..."
prompt="Enter Password for '$ssid'"
pwd=$(echo "" | dmenu -p "$prompt")
nmcli device wifi connect "$bssid" password "$pwd"
return_code=$?
fi
case "$return_code" in
0) notify-send -t 5000 "Wifi Connect" "Successfully connected to: $ssid!"
pkill -RTMIN+12 dwmblocks
exit 0
;;
3) notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Timeout expired?"
pkill -RTMIN+12 dwmblocks
exit 1
;;
4)
notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Possibly wrong password?"
nmcli connection delete id "$ssid"
pkill -RTMIN+12 dwmblocks
exit 1
;;
*) notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Error code $?"
echo "Failed. Exiting"
pkill -RTMIN+12 dwmblocks
exit 1
esac
'')
];
}

9
home/common/optional/desktop/dwm/scripts/dunstify-battery-notification.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellScriptBin "dunstify-battery-notification" ''
msgTag="battery-notify"
${pkgs.dunst}/bin/dunstify -a "batteryNotify" -u critical -i battery-notify -h string:x-dunst-stack-tag:$msgTag "Battery Status" "$(battery-status)" -t 5000
'')
];
}

11
home/common/optional/desktop/dwm/scripts/key-remaps.nix Normal file
View File

@ -0,0 +1,11 @@
{pkgs, ...}: {
home.packages = with pkgs; [
(writeShellScriptBin "key-remaps" ''
${xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
${xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
${xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
${xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
${xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
'')
];
}

37
home/common/optional/desktop/dwm/scripts/sb-battery.nix Normal file
View File

@ -0,0 +1,37 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "sb-battery" ''
BAT=/sys/class/power_supply/BAT0/capacity
# Exit script if no battery detected
[ ! -f "$BAT" ] && exit
STATUS=$(cat /sys/class/power_supply/BAT0/uevent | grep "POWER_SUPPLY_STATUS" | sed "s/^.*=//")
capacity=$(cat "$BAT")
if [ "$STATUS" == "Charging" ] || [ "$STATUS" == "Not charging" ]; then
echo "[󰂄 $capacity%] "
else
case $capacity in
100) echo "[󰁹 $capacity%] ";;
9[0-9]) echo "[󰂂 $capacity%] ";;
8[0-9]) echo "[󰂁 $capacity%] ";;
7[0-9]) echo "[󰂀 $capacity%] ";;
6[0-9]) echo "[󰁿 $capacity%] ";;
5[0-9]) echo "[󰁾 $capacity%] ";;
4[0-9]) echo "[󰁽 $capacity%] ";;
3[0-9]) echo "[󰁼 $capacity%] ";;
2[0-9]) echo "[󰁻 $capacity%] ";;
1[0-9]) echo "[󰁺 $capacity%] ";;
[6-9]) echo "[󰁺 $capacity%] ";;
[0-5]) echo "[󰂃 $capacity%] ";;
esac
fi
if [[ $capacity -le 20 && $STATUS != "Charging" ]]; then
dunstify-battery-notification
fi
'')
];
}

2
home/common/optional/desktop/dwm/scripts/sb-network-status.nix
View File

@ -41,7 +41,7 @@
if [ -z "$IP_ADDRESS" ]; if [ -z "$IP_ADDRESS" ];
then then
printf "$network_symbol" printf "[$network_symbol] "
else else
printf "[$network_symbol|$IP_ADDRESS] " printf "[$network_symbol|$IP_ADDRESS] "
fi fi

12
home/common/optional/desktop/dwm/scripts/sb-updates.nix
View File

@ -2,12 +2,12 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
(writeShellScriptBin "sb-updates" '' (writeShellScriptBin "sb-updates" ''
# Gets number of flake inputs that are ready for update # Gets number of flake inputs that are ready for update
# Checks every 60 minutes # Checks every 60 minutes
inputs=$(cd /etc/nixos && # inputs=$(cd /etc/nixos &&
nix flake update --output-lock-file <(cat flake.nix) 2> /tmp/update && # nix flake update --output-lock-file <(cat flake.nix) 2> /tmp/update &&
cat /tmp/update | grep -c Update) # cat /tmp/update | grep -c Update)
printf "[ $inputs] " # printf "[ $inputs] "
'') '')
]; ];
} }

19
home/common/optional/desktop/dwm/sxhkdrc.nix
View File

@ -1,5 +1,5 @@
{ {
# TODO add emoji and dmenu-dict scripts # TODO: add emoji and dmenu-dict scripts
home.file.".config/sxhkd/sxhkdrc" = { home.file.".config/sxhkd/sxhkdrc" = {
recursive = true; recursive = true;
text = '' text = ''
@ -15,29 +15,20 @@
XF86AudioMicMute XF86AudioMicMute
pamixer --default-source --toggle-mute && dunstify-volume-notification && pkill -RTMIN+10 dwmblocks && exit 1 pamixer --default-source --toggle-mute && dunstify-volume-notification && pkill -RTMIN+10 dwmblocks && exit 1
XF86MonBrightnessUp
light -A 5 && dunstify-brightness-notification
XF86MonBrightnessDown
light -U 5 && dunstify-brightness-notification
XF86Messenger XF86Messenger
dunstify-battery-notification dunstify-battery-notification
control + Home
bookmark-add
control + Insert
bookmark-insert
control + F8 control + F8
clipboard-image-recall /tmp/clipboard/images/ clipboard-image-recall /tmp/clipboard/images/
Print Print
flameshot gui env QT_AUTO_SCREEN_SCALE_FACTOR=1.5 QT_SCREEN_SCALE_FACTORS="" flameshot gui
control + F7 control + F7
emoji-picker emoji-picker
control + F4
dmenu-set-wm-class
''; '';
}; };
} }

19
home/common/optional/desktop/dwm/xinitrc.nix
View File

@ -1,21 +1,14 @@
{ config, ... }: {...}: {
let # TODO: configure x11 to look in .config/x11
monitor = "${toString (builtins.map (m: "xrandr --output ${ m.name } --mode ${ toString( m.width )}x${ toString( m.height )} --pos ${ toString( m.x)}x${ toString( m.y)}" ) config.monitors)}";
in
{
# TODO configure x11 to look in .config/x11
home.file.".xinitrc" = { home.file.".xinitrc" = {
recursive = true; recursive = true;
text = '' text = ''
picom -b --config ~/.config/picom/picom.conf picom -b --config ~/.config/picom/picom.conf
xrdb ~/.Xresources xrdb -merge ~/.Xresources
${monitor} autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd key-remaps"
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd"
for program in $autostart; do for program in $autostart; do
pidof -sx "$program" || "$program" & pidof -sx "$program" || "$program" &
done >/dev/null 2>&1 done >/dev/null 2>&1
@ -25,10 +18,10 @@ in
eval $(dbus-launch --exit-with-session --sh-syntax) eval $(dbus-launch --exit-with-session --sh-syntax)
fi fi
systemctl --user import-environment DISPLAY XAUTHORITY systemctl --user import-environment DISPLAY XAUTHORITY
if command -v dbus-update-activation-environment >/dev/null 2>&1; then if command -v dbus-update-activation-environment >/dev/null 2>&1; then
dbus-update-activation-environment DISPLAY XAUTHORITY dbus-update-activation-environment DISPLAY XAUTHORITY
fi fi
export XSESSION_PID="$$" export XSESSION_PID="$$"
exec dwm exec dwm

44
home/common/optional/desktop/dwm/xresources.nix
View File

@ -1,44 +0,0 @@
{ config, ... }:
{
home.file.".Xresources" = {
recursive = true;
text = ''
! scale
Xft.dpi: 144
! st
st.alpha: 0.8
St.font: monospace:pixelsize=21:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=19:antialias=true:autohint=true;
! dwm
dwm.borderpx: 3
dwm.font: monospace:size=12
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=12
dmenu.font2: NotoColorEmoji:pixelsize=22:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
};
}

7
home/common/optional/git.nix
View File

@ -1,10 +1,13 @@
{ pkgs, ... }: { pkgs, configVars, ... }:
let
email = configVars.email.user;
in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
userName = "Sam"; userName = "Sam";
userEmail = "samual.shop@proton.me"; userEmail = "${email}";
aliases = { }; aliases = { };
extraConfig = { extraConfig = {
pull.rebase = false; pull.rebase = false;

18
home/common/optional/notes.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, config, lib, ... }:
let
user = config.home.username;
in
{
home.activation.get-notes = lib.hm.dag.entryAfter [ "installPackages" ] ''
notes_dir=/home/${user}/.local/share/notes
remote=git@git.bitlab21.com:sam/notes
if [ -d "$notes_dir" ];
then
cd "$notes_dir"
[ ! -d .git ] && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir"
else
mkdir -p "$notes_dir" && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir"
fi
exit 0
'';
}

53
home/common/optional/transmission.nix Normal file
View File

@ -0,0 +1,53 @@
{
config,
pkgs,
...
}: let
in {
systemd.user.services.transmission-daemon = {
Unit = {
Description = "Transmission Bittorrent Daemon";
Wants = "network-online.target";
After = "network-online.target";
Documentation = "man:transmission-daemon(1)";
};
Install = {
WantedBy = ["multi-user.target"];
};
Service = {
User = "transmission";
Type = "notify";
ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --log-level=error";
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
CapabilityBoundingSet = "";
DevicePolicy = "closed";
KeyringMode = "private";
LockPersonality = "true";
NoNewPrivileges = "true";
MemoryDenyWriteExecute = "true";
PrivateTmp = "true";
PrivateDevices = "true";
ProtectClock = "true";
ProtectKernelLogs = "true";
ProtectControlGroups = "true";
ProtectKernelModules = "true";
ProtectSystem = "true";
ProtectHostname = "true";
ProtectKernelTunables = "true";
ProtectProc = "invisible";
RestrictNamespaces = "true";
RestrictSUIDSGID = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictRealtime = "true";
SystemCallFilter = "@system - service";
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
};
};
# home.file.".config/transmission-daemon/settings.json" = {
# recursive = true;
# text = ''
#
# '';
# };
}

120
home/common/optional/yazi.nix Normal file
View File

@ -0,0 +1,120 @@
{ pkgs, ... }:
{
programs.yazi = {
enable = true;
package = pkgs.yazi;
enableBashIntegration = true;
enableZshIntegration = true;
settings = {
log = {
enabled = true;
};
manager = {
show_hidden = false;
sort_by = "modified";
sort_dir_first = true;
sort_reverse = true;
};
};
theme = {
manager = {
marker_copied = { fg = "#98bb6c"; bg = "#98bb6c"; };
marker_cut = { fg = "#e46876"; bg = "#e46876"; };
marker_marked = { fg = "#957fb8"; bg = "#957fb8"; };
marker_selected = { fg = "#ffa066"; bg = "#ffa066"; };
cwd = { fg = "#e6c384"; };
hovered = { reversed = true; };
preview_hovered = { reversed = true; };
tab_active = { reversed = true; };
tab_inactive = { };
tab_width = 1;
count_copied = { fg = "#1f1f28"; bg = "#98bb6c"; };
count_cut = { fg = "#1f1f28"; bg = "#e46876"; };
count_selected = { fg = "#1f1f28"; bg = "#e6c384"; };
border_symbol = "";
border_style = { fg = "#dcd7ba"; };
};
status = {
separator_open = "";
separator_close = "";
separator_style = { fg = "reset"; bg = "#363646"; };
mode_normal = { fg = "#1f1f28"; bg = "#85a6ea"; bold = true; };
mode_select = { fg = "#1f1f28"; bg = "#957fb8"; bold = true; };
mode_unset = { fg = "#1f1f28"; bg = "#e6c384"; bold = true; };
progress_label = { fg = "#85a6ea"; bg = "#363646"; bold = true; };
progress_normal = { fg = "#363646"; bg = "#1f1f28"; };
progress_error = { fg = "#363646"; bg = "#1f1f28"; };
permissions_t = { fg = "#98bb6c"; };
permissions_r = { fg = "#e6c384"; };
permissions_w = { fg = "#e82424"; };
permissions_x = { fg = "#7aa89f"; };
permissions_s = { fg = "#938aa9"; };
};
select = {
border = { fg = "#7fb4ca"; };
active = { fg = "#938aa9"; bold = true; };
inactive = { };
};
input = {
border = { fg = "#7fb4ca"; };
title = { };
value = { };
selected = { reversed = true; };
};
completion = {
border = { fg = "#7fb4ca"; };
active = { reversed = true; };
inactive = { };
};
tasks = {
border = { fg = "#7fb4ca"; };
title = { };
hovered = { fg = "#938aa9"; };
};
which = {
cols = 2;
separator = " - ";
separator_style = { fg = "#727169"; };
mask = { bg = "#16161d"; };
rest = { fg = "#727169"; };
cand = { fg = "#85a6ea"; };
desc = { fg = "#565666"; };
};
help = {
on = { fg = "#7aa89f"; };
run = { fg = "#938aa9"; };
desc = { };
hovered = { reversed = true; bold = true; };
footer = { fg = "#090618"; bg = "#dcd7ba"; };
};
notify = {
title_info = { fg = "#98bb6c"; };
title_warn = { fg = "#e6c384"; };
title_error = { fg = "#e82424"; };
};
filetype = {
rules = [
{ mime = "image/*"; fg = "#e6c384"; }
{ mime = "{audio,video}/*"; fg = "#957fb8"; }
{ mime = "application/{,g}zip"; fg = "#e46876"; }
{ mime = "application/x-{tar,bzip*,7z-compressed,xz,rar}"; fg = "#e46876"; }
{ mime = "application/{pdf,doc,rtf,vnd.*}"; fg = "#6a9589"; }
{ name = "*"; is = "orphan"; fg = "#e46876"; }
{ name = "*"; is = "exec"; fg = "#957fb8"; }
{ name = "*/"; fg = "#85a6ea"; }
];
};
};
};
}

14
home/fileserver.nix
View File

@ -1,14 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
}

13
home/nebula.nix
View File

@ -1,13 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

29
home/nixdev.nix
View File

@ -1,29 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/sam
./common/core
./common/optional/desktop/hyprland
./common/optional/desktop/waybar.nix
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
# ------
# | DP-1
# ------
monitors = [
{
name = "Virtual-1";
width = 2048;
height = 1152;
x = 0;
workspace = "1";
primary = true;
}
];
}

65
home/semita.nix
View File

@ -1,4 +1,7 @@
{ ... {
pkgs,
config,
...
}: { }: {
imports = [ imports = [
# Import users # Import users
@ -12,28 +15,13 @@
./common/optional/syncthing.nix ./common/optional/syncthing.nix
./common/optional/desktop/dwm ./common/optional/desktop/dwm
./common/optional/desktop/common/themes/standard-dark.nix ./common/optional/desktop/common/themes/standard-dark.nix
./common/optional/notes.nix
./common/optional/yazi.nix
./common/optional/transmission.nix
]; ];
# ------
# | DP-1 home.packages = [
# ------ pkgs.qgis
monitors = [
{
name = "DP-1";
width = 2560;
height = 1440;
x = 0;
y = 0;
workspace = "1";
primary = true;
}
{
name = "DP-2";
width = 2560;
height = 1440;
x = 2560;
y = 0;
}
]; ];
colorScheme = { colorScheme = {
@ -60,4 +48,37 @@
}; };
}; };
xresources.extraConfig = ''
! st
st.alpha: 0.8
St.font: monospace:pixelsize=21:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=19:antialias=true:autohint=true;
! dwm
dwm.borderpx: 3
dwm.font: monospace:size=12
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=12
dmenu.font2: NotoColorEmoji:pixelsize=22:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
} }

17
home/users/sam/default.nix
View File

@ -1,25 +1,22 @@
{ outputs, ... }: {outputs, ...}: {
{
home.username = "sam"; home.username = "sam";
home.homeDirectory = "/home/sam"; home.homeDirectory = "/home/sam";
imports = [ imports =
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? [
]
++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"git.bitlab21.com" = { "git.bitlab21.com" = {
identitiesOnly = true; identitiesOnly = true;
identityFile = [ "~/.ssh/id_ed25519" ]; identityFile = ["~/.ssh/id_ed25519"];
}; };
}; };
}; };
home.sessionPath = [
];
xdg.userDirs = { xdg.userDirs = {
enable = true; enable = true;
createDirectories = true; createDirectories = true;
@ -39,6 +36,6 @@
READER = "zathura"; READER = "zathura";
IMAGE_VIEWER = "nsxiv"; IMAGE_VIEWER = "nsxiv";
IMAGE_EDITOR = "drawing"; IMAGE_EDITOR = "drawing";
PATH = "$PATH:$HOME/.scripts";
}; };
} }

134
hosts/citadel/default.nix Normal file
View File

@ -0,0 +1,134 @@
{
inputs,
lib,
pkgs,
config,
configVars,
...
}: let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/nvme0n1"; # depends on target hardware
encrypted = true; # currrently only applies to btrfs
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
../common/users/${user}
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/persistence.nix
../common/optional/pipewire.nix
../common/optional/openssh.nix
../common/optional/dwm.nix
../common/optional/nfs-mounts/media.nix
../common/optional/nfs-mounts/homeshare.nix
../common/optional/nfs-mounts/photos.nix
../common/optional/printing.nix
../common/optional/backlight.nix
../common/optional/xmodmap-arrow-remaps.nix
../common/optional/nix-ld.nix
];
boot = {
blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
kernelModules = ["iwlwifi"];
initrd.kernelModules = ["thinkpad-acpi" "acpi-call"];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
extraModulePackages = [
config.boot.kernelPackages.acpi_call
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 3;
};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
services = {
libinput.touchpad.accelSpeed = "0.5";
xserver = {
xkb.options = "caps:swapescape";
dpi = 196;
upscaleDefaultCursor = true;
# FIXME this doesnt work for some reason
# displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" ''
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
# '';
};
};
environment.variables = {
GDK_SCALE = "2.2";
GDK_DPI_SCALE = "0.8";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2.2";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
XCURSOR_SIZE = "64";
};
# services.tlp = {
# enable = true;
# settings = {
# CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
# CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#
# START_CHARGE_THRESH_BAT0 = 50;
# STOP_CHARGE_THRESH_BAT0 = 95;
# };
# };
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
};
enableRedistributableFirmware = true;
firmware = [
pkgs.sof-firmware
];
};
networking = {
hostName = "citadel";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
services.libinput.enable = true;
}

0
hosts/nebula/hardware-configuration.nix → hosts/citadel/hardware-configuration.nix
View File

6
hosts/common/core/default.nix
View File

@ -37,6 +37,12 @@ in
}; };
}; };
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.rsync pkgs.rsync
pkgs.curl pkgs.curl

16
hosts/common/core/sops.nix
View File

@ -1,13 +1,13 @@
{ pkgs, lib, inputs, config, ... }: {
lib,
let inputs,
config,
...
}: let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = config.environment.persistence ? "/persist"; hasOptinPersistence = config.environment.persistence ? "/persist";
hostname = config.networking.hostName; in {
in
{
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
@ -17,7 +17,7 @@ in
validateSopsFiles = false; validateSopsFiles = false;
age = { age = {
sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = ["${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"];
}; };
secrets = { secrets = {
"passwords/root".neededForUsers = true; "passwords/root".neededForUsers = true;

3
hosts/common/disks/zfs/post-install-setup.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./zspeed.nix

70
hosts/common/disks/zfs/zspeed.nix Normal file
View File

@ -0,0 +1,70 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
y = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
};
zpool = {
zspeed = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
"compression" = "zstd-4";
"com.sun:auto-snapshot" = "false";
"xattr" = "sa";
"atime" = "off";
};
options = {
"ashift" = "13";
};
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zspeed@blank$' || zfs snapshot zspeed@blank";
datasets = {
postgres = {
type = "zfs_volume";
size = "10G -s";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/postgres";
};
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
};
};
};
};
}

7
hosts/common/optional/backlight.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.brightnessctl
];
services.illum.enable = true;
}

26
hosts/common/optional/docker/default.nix Normal file
View File

@ -0,0 +1,26 @@
{
pkgs,
inputs,
...
}: {
imports = [inputs.arion.nixosModules.arion];
environment.systemPackages = [
pkgs.arion
pkgs.docker-client
];
virtualisation = {
podman = {
enable = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/containers"
];
};
}

17
hosts/common/optional/dwm.nix
View File

@ -3,8 +3,8 @@
services = { services = {
libinput.enable = true; libinput.enable = true;
xserver = { xserver = {
autoRepeatDelay = 250; autoRepeatDelay = 300;
autoRepeatInterval = 30; autoRepeatInterval = 15;
enable = true; enable = true;
xkb.layout = "gb"; xkb.layout = "gb";
displayManager.startx.enable = true; displayManager.startx.enable = true;
@ -12,13 +12,12 @@
windowManager.dwm = { windowManager.dwm = {
enable = true; enable = true;
package = pkgs.dwm.overrideAttrs { package = pkgs.dwm.overrideAttrs {
src = pkgs.fetchFromGitea { # src = /home/sam/.local/share/src/dwm;
domain = "git.bitlab21.com"; src = pkgs.fetchgit {
owner = "sam"; url = "https://git.bitlab21.com/sam/dwm";
repo = "dwm"; rev = "3e0601b29d879e589703239e064f0baaabb3474b";
rev = "e34d0ecdd98e52164c135b560a5583aa11be89b7"; sha256 = "sha256-7Hq0vo6YnXKhEUdKjvaAeKodq2l8wwJRzCYJfdHDNMQ=";
sha256 = "sha256-er1zi2xYK7AB6oR7JmfkfehesKTw9P4bcgjafj2lIIU="; };
};
}; };
}; };
}; };

9
hosts/common/optional/nfs-mounts/homeshare.nix Normal file
View File

@ -0,0 +1,9 @@
{
fileSystems."/media/homeshare" = {
device = "10.0.10.30:/mnt/homeshare";
fsType = "nfs";
options = [ "noatime" "_netdev" ];
};
}

7
hosts/common/optional/nfs-mounts/media.nix Normal file
View File

@ -0,0 +1,7 @@
{
fileSystems."/media/media" = {
device = "10.0.10.30:/mnt/media";
fsType = "nfs";
options = ["noatime" "_netdev"];
};
}

9
hosts/common/optional/nfs-mounts/photos.nix Normal file
View File

@ -0,0 +1,9 @@
{
fileSystems."/media/photos" = {
device = "10.0.10.30:/mnt/photos";
fsType = "nfs";
options = [ "noatime" "_netdev" "ro" ];
};
}

21
hosts/common/optional/nix-ld.nix Normal file
View File

@ -0,0 +1,21 @@
{ lib, pkgs, ... }:
{
# Using non-Nix Python Packages with Binaries on NixOS https://github.com/mcdonc/.nixconfig/blob/e7885ad18b7980f221e59a21c91b8eb02795b541/videos/pydev/script.rst
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib # numpy
libgcc # sqlalchemy
expat # pyosmium
# that's where the shared libs go, you can find which one you need using
# nix-locate --top-level libstdc++.so.6 (replace this with your lib)
# ^ this requires `nix-index` pkg
];
environment.variables = {
NIX_LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib";
NIX_LD="/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH=lib.mkForce "$NIX_LD_LIBRARY_PATH";
};
}

274
hosts/common/optional/nixos-containers/baseddata-worker.nix Normal file
View File

@ -0,0 +1,274 @@
{
lib,
pkgs,
configVars,
inputs,
config,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "bd-worker";
containerIp = configVars.networking.addresses.bd-worker.ip;
mongodbIp = configVars.networking.addresses.mongodb.ip;
mongodbPort = toString configVars.networking.addresses.mongodb.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
postgresIp = configVars.networking.addresses.postgres.ip;
postgresPort = toString configVars.networking.addresses.postgres.port;
bitcoindIp = configVars.networking.addresses.bitcoin-node.ip;
bitcoindPort = toString configVars.networking.addresses.bitcoin-node.services.bitcoind.port;
#secrets
sshKeyFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."ssh_keys/baseddata-models-access/id_ed25519".path;
notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path;
notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path;
recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path;
mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path;
mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path;
mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path;
postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path;
bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path;
bitcoindRPCPassword= lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
baseddataEnv = "dev";
in {
sops.secrets = {
"ssh_keys/baseddata-models-access/id_ed25519" = {};
"comms/xmpp/notifybot/username" = {};
"comms/xmpp/notifybot/password" = {};
"comms/xmpp/mrsu/username" = {};
"software/mongodb/baseddata/auth" = {};
"software/mongodb/baseddata/username" = {};
"software/mongodb/baseddata/password" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/bitcoind/username" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/root/.ssh/id_ed25519" = {
hostPath = "${sshKeyFile}";
isReadOnly = true;
};
"/run/secrets/notifybotUsername" = {
hostPath = "${notifybotUsername}";
isReadOnly = true;
};
"/run/secrets/notifybotPassword" = {
hostPath = "${notifybotPwd}";
isReadOnly = true;
};
"/run/secrets/recipientUsername" = {
hostPath = "${recipientUsername}";
isReadOnly = true;
};
"/run/secrets/mongoclientAuth" = {
hostPath = "${mongoclientAuth}";
isReadOnly = true;
};
"/run/secrets/mongoclientUser" = {
hostPath = "${mongoclientUser}";
isReadOnly = true;
};
"/run/secrets/mongoclientPassword" = {
hostPath = "${mongoclientPassword}";
isReadOnly = true;
};
"/run/secrets/postgresPassword" = {
hostPath = "${postgresPassword}";
isReadOnly = true;
};
"/run/secrets/postgresUser" = {
hostPath = "${postgresUser}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCPassword" = {
hostPath = "${bitcoindRPCPassword}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCUsername" = {
hostPath = "${bitcoindRPCUsername}";
isReadOnly = true;
};
"/media/baseddata-data" = {
hostPath = "/media/main-ssd/baseddata-data";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
4200
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = [
pkgs.vim
pkgs.git
pkgs.python311
pkgs.poetry
pkgs.aria2
pkgs.osmctools
pkgs.osmium-tool
];
environment.variables = {
BASEDDATA_ENVIRONMENT = "dev";
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
};
systemd.services.baseddata-deploy-service = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
description = "Initiates deployment of application and builds python environment using Poetry";
environment = {
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
ExecStart = pkgs.writeShellScript "baseddata-deploy-service" ''
GITCMD="${pkgs.openssh}/bin/ssh -i /root/.ssh/id_ed25519"
if [ ! -d "/srv/baseddata-models" ]; then
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git clone --branch $BASEDDATA_ENVIRONMENT git@git.bitlab21.com:sam/baseddata-models.git /srv/baseddata-models
else
cd /srv/baseddata-models
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git stash --include-untracked
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git pull
fi
cd /srv/baseddata-models
mkdir .venv
${pkgs.poetry}/bin/poetry install
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-prefect-server = {
wantedBy = ["multi-user.target"];
after = ["baseddata-deploy-service.target"];
description = "Initates the Prefect server";
environment = {
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
WorkingDirectory = "/srv/baseddata-models";
ExecStart = pkgs.writeShellScript "baseddata-prefect-server" ''
# run prefect server
.venv/bin/prefect server start --host 0.0.0.0
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-serve-flows = {
wantedBy = ["multi-user.target"];
after = ["baseddata-prefect-server.target"];
description = "Serves the Prefect flows";
environment = {
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
Environment = "PATH=/run/current-system/sw/bin/";
WorkingDirectory = "/srv/baseddata-models";
ExecStartPre = "${pkgs.coreutils}/bin/timeout 120 ${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat-openbsd}/bin/nc -z ${containerIp} 4200; do sleep 3; done'";
ExecStart = pkgs.writeShellScript "baseddata-serve-flows" ''
# set prefect environment variables
.venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite
.venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite
.venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite
.venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite
.venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite
.venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite
.venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite
.venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite
.venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite
.venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite
.venv/bin/prefect variable set "postgres_pwd" $(cat /run/secrets/postgresPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_password" $(cat /run/secrets/bitcoindRPCPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_username" $(cat /run/secrets/bitcoindRPCUsername) --overwrite
.venv/bin/prefect variable set "bitcoind_ip" ${bitcoindIp} --overwrite
.venv/bin/prefect variable set "bitcoind_port" ${bitcoindPort} --overwrite
.venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite
.venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite
.venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite
.venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite
# serve flows
.venv/bin/python automation/flows/serve-flows.py
'';
Restart = "on-failure";
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib
libgcc
];
programs.ssh.knownHosts = {
"git.bitlab21.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

87
hosts/common/optional/nixos-containers/jellyfin.nix Normal file
View File

@ -0,0 +1,87 @@
{
lib,
pkgs,
configVars,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "jellyfin";
containerIp = configVars.networking.addresses.jellyfin.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/var/lib/jellyfin" = {
hostPath = "/media/main-ssd/jellyfin";
isReadOnly = false;
};
"/var/lib/jellyfin/data/media" = {
hostPath = "/media/media";
isReadOnly = true;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
8096
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
services.jellyfin = {
enable = true;
openFirewall = true;
user="jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

98
hosts/common/optional/nixos-containers/mongodb.nix Normal file
View File

@ -0,0 +1,98 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "mongodb";
containerIp = configVars.networking.addresses.mongodb.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
# "/var/db/mongodb" = {
# hostPath = "/media/main-ssd/mongodb";
# isReadOnly = false;
# };
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
27017
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
mongosh
];
# allow unfree packages
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.mongodb
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
services.mongodb = {
enable = true;
# enableAuth = true;
# initialRootPassword = mongodbPasswordPath;
bind_ip = "0.0.0.0";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

173
hosts/common/optional/nixos-containers/nix-bitcoin.nix Normal file
View File

@ -0,0 +1,173 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
bitcoin-rpcpassword-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-privileged".path;
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
"software/bitcoind/bitcoin-rpcpassword-privileged" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
"software/bitcoind/bitcoin-HMAC-privileged" = {};
"software/bitcoind/bitcoin-HMAC-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
hostPath = "${bitcoin-rpcpassword-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public" = {
hostPath = "${bitcoin-rpcpassword-public}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-privileged" = {
hostPath = "${bitcoin-HMAC-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-public" = {
hostPath = "${bitcoin-HMAC-public}";
isReadOnly = false;
};
"/var/lib/bitcoind" = {
hostPath = "/media/main-ssd/nix-bitcoin/bitcoind";
isReadOnly = false;
};
"/var/lib/electrs" = {
hostPath = "/media/main-ssd/nix-bitcoin/electrs";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/media/main-ssd/nix-bitcoin/mysql";
isReadOnly = false;
};
"/var/lib/tor" = {
hostPath = "/media/main-ssd/nix-bitcoin/tor";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
imports = [
inputs.nix-bitcoin.nixosModules.default
];
environment.systemPackages = with pkgs; [
vim
lsof
jq
];
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
80
443
22
config.containers.bitcoin-node.config.services.bitcoind.rpc.port
config.containers.bitcoin-node.config.services.mempool.frontend.port
config.containers.bitcoin-node.config.services.electrs.port
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
# node services here
nix-bitcoin.generateSecrets = true;
services = {
tor = {
enable = true;
client.enable = true;
};
bitcoind = {
tor.proxy = true;
tor.enforce = true;
enable = true;
dataDir = "/var/lib/bitcoind";
dbCache = 5000;
txindex = true;
rpc = {
address = "0.0.0.0";
threads = 6;
allowip = allowip;
users = let
name = "bitcoin";
in {
privileged.name = name;
public.name = name;
};
};
extraConfig = ''
onlynet=onion
bind=127.0.0.1
'';
};
electrs = {
tor.enforce = true;
enable = true;
dataDir = "/var/lib/electrs";
address = "0.0.0.0";
};
mempool = {
enable = true;
electrumServer = "electrs";
frontend = {
port = mempoolPort;
address = "0.0.0.0";
};
};
};
nix-bitcoin.onionServices = {
bitcoind.enable = true;
electrs.enable = true;
mempool-frontend.enable = true;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

120
hosts/common/optional/nixos-containers/postgres.nix Normal file
View File

@ -0,0 +1,120 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
postgresPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/postgres/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "postgres";
containerIp = configVars.networking.addresses.postgres.ip;
subnetIp = configVars.networking.addresses.subnet.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/var/lib/postgresql" = {
hostPath = "/media/main-ssd/postgresql";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
5432
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
lsof
];
services.postgresql = {
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
enableTCPIP = true;
settings = {
max_worker_processes = "12";
max_parallel_workers = "8";
max_parallel_workers_per_gather = "4";
max_connections = "100";
autovacuum_work_mem = "2GB";
shared_buffers = "32GB";
work_mem = "0.32GB";
maintenance_work_mem = "64MB";
};
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all postgres peer
host all all ${subnetIp}/24 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
'';
};
systemd.services.postgresql.postStart = ''
$PSQL -tA <<'EOF'
DO $$
DECLARE password TEXT;
BEGIN
password := trim(both from replace(pg_read_file('${postgresPasswordPath}'), E'\n', '''));
EXECUTE format('ALTER ROLE postgres WITH PASSWORD '''%s''';', password);
END $$;
EOF
'';
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

1
hosts/common/optional/persistence.nix
View File

@ -4,6 +4,7 @@
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/nixos" "/etc/nixos"
"/srv"
"/var/log" "/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"

42
hosts/common/optional/printing.nix Normal file
View File

@ -0,0 +1,42 @@
{
pkgs,
configVars,
...
}: let
serverIp = configVars.networking.addresses.merlin.ip;
in {
services = {
udev.packages = [pkgs.sane-airscan];
printing = {
enable = true;
drivers = [pkgs.gutenprint pkgs.hplip];
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
hardware = {
sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
netConf = "${serverIp}";
};
printers = {
ensurePrinters = [
{
name = "HP_ENVY_6000";
description = "Network printer hosted on bob";
location = "bob";
deviceUri = "ipp://bob/printers/HP_ENVY_6000_series";
model = "everywhere";
ppdOptions = {
PageSize = "A4";
};
}
];
};
};
}

12
hosts/common/optional/xmodmap-arrow-remaps.nix Normal file
View File

@ -0,0 +1,12 @@
{pkgs, ...}: let
customLayout = pkgs.writeText "xkb-layout" ''
keycode 64 = Mode_switch
keycode 43 = h H Left H
keycode 44 = j J Down J
keycode 45 = k K Up K
keycode 46 = l L Right L
'';
in {
# Remap Alt_L +[hjkl] to left down up right
services.xserver.displayManager.sessionCommands = "sleep 5 && ${pkgs.xorg.xmodmap}/bin/xmodmap ${customLayout}";
}

14
hosts/common/users/admin/default.nix
View File

@ -1,5 +1,6 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive (../keys);
hostname = config.networking.hostName; hostname = config.networking.hostName;
@ -7,7 +8,7 @@ let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in in
{ {
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
@ -15,7 +16,14 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = ["wheel"]; extraGroups = [
"wheel"
] ++ ifTheyExist [
"docker"
"lxc"
"git"
"podman"
];
packages = with pkgs; [ packages = with pkgs; [
]; ];
@ -30,7 +38,7 @@ in
path = "/home/${username}/.ssh/id_ed25519"; path = "/home/${username}/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/${username}/id_ed25519.pub" = { "ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub"; path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644"; mode = "0644";

1
hosts/common/users/keys/laptop@id_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgPtDNQEN97mnrq/v9RPMUaSjLpIaF/ga/L41xETB9h0y5jdpPUMbZ6uTV6vW8Vm1YW2tzEs2l1lxb9yTrsK8hdVfz8/vWvDSbsUIJn3gOQSOTNQ+nNFFYlKqNhypK+3Mn8BD7EeJaLNK8Ahr/87PS0c/B5YN+TcntsEZpsXF7U2CCqMh559JXp1byie7DuwTYUdvjdDtCidYNphGoEljuzID+lJFBYsaa5SQFlmrr7HcQfaE/MwyxyPRryRnlO7E9k12BrL56UONYycyTf4dyK9MnhhO0wAkIoHyd46/sAdgvNrloY4I+WLjUOqKY6vys8kxG7xNcmN5XfeDJXrPMhW5N0Kz2dc/Yu8SOG8weCiz7uuDjcxYz9eK5cxKgg37A+drbgddoHTi7GCM5Q6wN2Jlig0++6Xo2CGOUKpNOmGBRGAjlIByXYWu1KFRBVclXZES/g38274gRihVk3WCbtLEUafS7wsl8ruMmecU7rhDL7fITd2hWvBkONpA7RxLlMTBfMAEXuq4hOystGZeZj7KusPG4purJDtT+3rCcl5LZ8cn4G5fvINTbXeix5pOz/TdSGNTSJW7ML2W0W6Q+2kVO0l2N/+6IA/rPa4j+AwTODBxWkWVHEBRncJ5hIh5iFz+dSnmllkwOi41tbDFmdGuDeyQ0dsq4wXrBzXGfxw== samual.shop@protonmail.com :: laptop

44
hosts/common/users/media/default.nix
View File

@ -1,24 +1,28 @@
{ pkgs, inputs, config, lib, ... }: {
let pkgs,
inputs,
config,
lib,
...
}: let
username = "media"; username = "media";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive ../keys;
hostname = config.networking.hostName; hostname = config.networking.hostName;
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in {
in
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = extraGroups = [
[ "scanner"
"wheel" "lp"
]; "wheel"
];
packages = with pkgs; [ packages = with pkgs; [
flatpak flatpak
@ -65,16 +69,14 @@ in
# The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys, # The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys,
# the ownership is busted and home-manager can't target because it can't write into .ssh... # the ownership is busted and home-manager can't target because it can't write into .ssh...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetSshOwnwership = system.activationScripts.sopsSetSshOwnwership = let
let sshFolder = "/home/${username}/.ssh";
sshFolder = "/home/${username}/.ssh"; user = config.users.users.${username}.name;
user = config.users.users.${username}.name; group = config.users.users.${username}.group;
group = config.users.users.${username}.group; in ''
in mkdir -p ${sshFolder} || true
'' chown -R ${user}:${group} /home/${username}/.ssh
mkdir -p ${sshFolder} || true '';
chown -R ${user}:${group} /home/${username}/.ssh
'';
services.flatpak.enable = true; services.flatpak.enable = true;
@ -82,7 +84,7 @@ in
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = {inherit inputs;};
users = { users = {
${username} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };

110
hosts/common/users/sam/default.nix
View File

@ -1,13 +1,19 @@
{ pkgs, inputs, config, lib, ... }: {
let pkgs,
inputs,
config,
lib,
configVars,
...
}: let
hostname = config.networking.hostName; hostname = config.networking.hostName;
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive ../keys;
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
baseddataPostgresIp = configVars.networking.addresses.postgres.ip;
username = "sam"; username = "sam";
in in {
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
@ -16,10 +22,14 @@ in
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager"
"scanner"
"lp"
"docker"
"podman"
]; ];
}; };
services.tailscale.enable = true;
sops.secrets = { sops.secrets = {
"passwords/${username}" = { "passwords/${username}" = {
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
@ -38,18 +48,26 @@ in
"github-access-token" = { "github-access-token" = {
mode = "0655"; mode = "0655";
}; };
"software/postgres/btc_models/password" = { }; "software/postgres/baseddata_models/password" = {};
"software/postgres/btc_models/ip" = { }; "software/postgres/baseddata_models/ip" = {};
"software/postgres/btc_models/username" = { }; "software/postgres/baseddata_models/username" = {};
"software/zotero/username" = { }; "software/postgres/osm/password" = {};
"software/zotero/password" = { }; "software/postgres/osm/ip" = {};
"software/zotero/guid" = { }; "software/postgres/osm/username" = {};
"software/postgres/bitcoin/password" = {};
"software/postgres/bitcoin/ip" = {};
"software/postgres/bitcoin/username" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/zotero/username" = {};
"software/zotero/password" = {};
"software/zotero/guid" = {};
}; };
# Setup software specific templates for user # Setup software specific templates for user
# Should be part of home-manager - waiting for templates functionality # Should be part of home-manager - waiting for templates functionality
# See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498 # See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498
# TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix # TODO: migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix
sops.templates."dbui_connections.json" = { sops.templates."dbui_connections.json" = {
path = "/home/${username}/.local/share/db_ui/connections.json"; path = "/home/${username}/.local/share/db_ui/connections.json";
owner = "${username}"; owner = "${username}";
@ -57,12 +75,24 @@ in
content = '' content = ''
[ [
{ {
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/btc_models", "url": "postgresql://${config.sops.placeholder."software/postgres/baseddata_models/username"}:${config.sops.placeholder."software/postgres/baseddata_models/password"}@${config.sops.placeholder."software/postgres/baseddata_models/ip"}/btc_models",
"name": "btc_models" "name": "baseddata_models"
}, },
{ {
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/dev_btc_models", "url": "postgresql://${config.sops.placeholder."software/postgres/baseddata_models/username"}:${config.sops.placeholder."software/postgres/baseddata_models/password"}@${config.sops.placeholder."software/postgres/baseddata_models/ip"}/dev_baseddata_models",
"name": "dev_btc_models" "name": "dev_baseddata_models"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/osm/username"}:${config.sops.placeholder."software/postgres/osm/password"}@${config.sops.placeholder."software/postgres/osm/ip"}/osm",
"name": "osm"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/bitcoin/username"}:${config.sops.placeholder."software/postgres/bitcoin/password"}@${config.sops.placeholder."software/postgres/bitcoin/ip"}/bitcoin",
"name": "bitcoin"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata/user_username"}:${config.sops.placeholder."software/postgres/baseddata/user_password"}@${baseddataPostgresIp}/baseddata",
"name": "baseddata"
} }
] ]
''; '';
@ -73,28 +103,28 @@ in
owner = "${username}"; owner = "${username}";
mode = "0600"; mode = "0600";
content = '' content = ''
bitcoin: baseddata:
target: dev target: dev
outputs: outputs:
dev: dev:
dbname: dev_btc_models dbname: dev_baseddata
host: ${config.sops.placeholder."software/postgres/btc_models/ip"} host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}' pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
port: 5432 port: 5432
schema: models schema: models
threads: 6 threads: 6
type: postgres type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"} user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
prod: prod:
dbname: btc_models dbname: baseddata
host: ${config.sops.placeholder."software/postgres/btc_models/ip"} host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}' pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
port: 5432 port: 5432
schema: models schema: models
threads: 6 threads: 6
type: postgres type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"} user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
''; '';
}; };
@ -107,16 +137,14 @@ in
# The containing folders are created as root and if this is the first entry when writing files, # The containing folders are created as root and if this is the first entry when writing files,
# the ownership is busted and home-manager can't target because it can't write to these dirs... # the ownership is busted and home-manager can't target because it can't write to these dirs...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetOwnwership = system.activationScripts.sopsSetOwnwership = let
let sshFolder = "/home/${username}/.ssh";
sshFolder = "/home/${username}/.ssh"; user = config.users.users.${username}.name;
user = config.users.users.${username}.name; group = config.users.users.${username}.group;
group = config.users.users.${username}.group; in ''
in mkdir -p ${sshFolder} || true
'' chown -R ${user}:${group} /home/${username}/.ssh
mkdir -p ${sshFolder} || true '';
chown -R ${user}:${group} /home/${username}/.ssh
'';
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ directories = [
@ -127,13 +155,9 @@ in
programs.zsh.enable = true; programs.zsh.enable = true;
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = {inherit inputs;};
users = { users = {
${username} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };
}; };
environment.systemPackages = [
#inputs.sqlfmt.packages.x86_64-linux.sqlfmt
];
} }

50
hosts/fileserver/default.nix
View File

@ -1,50 +0,0 @@
{ inputs, config, lib, pkgs, outputs, configLib, ... }:
{
imports =
[
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/openssh
../common/optional/fileserver-nfs-mount.nix
# Create users for this host
../common/users/admin
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
networking = {
hostName = "fileserver";
networkmanager.enable = true;
enableIPv6 = false;
hosts = { "192.168.122.223" = [ "fileserver" ]; };
};
time.timeZone = "Europe/London";
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}

15
hosts/nebula/default.nix → hosts/merlin/default.nix
View File

@ -1,11 +1,10 @@
{ inputs, config, lib, pkgs, outputs, ... }: { inputs, ... }:
let let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
impermanence = false; # currrently only applies to btrfs impermanence = false;
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
user = "admin"; user = "admin";
in in
{ {
@ -14,7 +13,7 @@ in
# Create users for this host # Create users for this host
../common/users/${user} ../common/users/${user}
# Disk configuration # Root disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
@ -24,7 +23,8 @@ in
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/docker
../common/optional/docker/postgres.nix
]; ];
@ -37,7 +37,7 @@ in
}; };
networking = { networking = {
hostName = "nebula"; hostName = "merlin";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = false; enableIPv6 = false;
}; };
@ -45,6 +45,7 @@ in
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false; boot.zfs.forceImportRoot = false;
networking.hostId = "18aec5d7"; networking.hostId = "18aec5d7";
boot.zfs.extraPools = [ "zspeed" ];
services.libinput.enable = true; services.libinput.enable = true;
} }

11
hosts/fileserver/hardware-configuration.nix → hosts/merlin/hardware-configuration.nix
View File

@ -8,18 +8,11 @@
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9bed98b2-5ee2-4408-a9b1-6d40e9b68135";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction

34
hosts/nixdev/default.nix
View File

@ -1,34 +0,0 @@
{ inputs, config, lib, pkgs, outputs,... }:
let
dev = "/dev/vda";
in
{
imports =
[
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/pipewire.nix
../common/optional/hyprland.nix
../common/optional/displayManager/sddm.nix
../common/optional/openssh.nix
# Create users for this host
../common/users/sam
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "${dev}";
networking = {
hostName = "nixdev";
networkmanager.enable = true;
enableIPv6 = false;
};
services.libinput.enable = true;
}

33
hosts/nixdev/hardware-configuration.nix
View File

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f9abe09a-de68-4913-b6c5-ad55b473a961";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/fe24d2ba-2fbc-4ef5-8139-a26f4fc3f3e3"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

137
hosts/semita/default.nix
View File

@ -1,40 +1,72 @@
{ inputs, config, lib, pkgs, outputs, ... }: {
let inputs,
lib,
pkgs,
configVars,
...
}: let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/nvme0n1"; # depends on target hardware dev = "/dev/nvme0n1"; # depends on target hardware
encrypted = true; # currrently only applies to btrfs encrypted = true; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
user = "sam"; user = "sam";
impermanence = true; impermanence = true;
in pieholeIp = configVars.networking.addresses.piehole.ip;
{ gatewayIp = configVars.networking.addresses.gateway.ip;
imports = semitaIp = configVars.networking.addresses.semita.ip;
[
# Create users for this host
../common/users/${user}
# Disk configuration in {
inputs.disko.nixosModules.disko imports = [
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) # Create users for this host
../common/users/${user}
# Impermanence # Disk configuration
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; }) inputs.disko.nixosModules.disko
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Import core options # Impermanence
./hardware-configuration.nix (import ../common/disks/btrfs/impermanence.nix {
../common/core btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import optional options # Import core options
../common/optional/persistence.nix ./hardware-configuration.nix
../common/optional/pipewire.nix ../common/core
../common/optional/openssh.nix
../common/optional/dwm.nix
]; # Import optional options
../common/optional/persistence.nix
../common/optional/pipewire.nix
../common/optional/openssh.nix
../common/optional/dwm.nix
../common/optional/nfs-mounts/media.nix
../common/optional/nfs-mounts/homeshare.nix
../common/optional/printing.nix
../common/optional/docker
../common/optional/nixos-containers/nix-bitcoin.nix
../common/optional/nixos-containers/postgres.nix
../common/optional/nixos-containers/jellyfin.nix
../common/optional/nixos-containers/baseddata-worker.nix
../common/optional/nixos-containers/mongodb.nix
../common/optional/nix-ld.nix
];
fileSystems."/media/main-ssd" = {
device = "/dev/disk/by-uuid/ba884006-e813-4b67-9fe6-62aea08b3b59";
fsType = "ext4";
};
boot = { boot = {
blacklistedKernelModules = [ "snd_hda_intel" "snd_soc_skl" ]; blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -43,14 +75,67 @@ in
}; };
}; };
services = {
xserver = {
dpi = 144;
upscaleDefaultCursor = true;
};
};
environment.variables = {
GDK_SCALE = "2";
GDK_DPI_SCALE = "0.6";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
XCURSOR_SIZE = "32";
};
hardware.firmware = [ hardware.firmware = [
pkgs.sof-firmware pkgs.sof-firmware
]; ];
# Add hardware support for intel gpus as specified here: https://nixos.wiki/wiki/Jellyfin
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime
# only available on unstable
unstable.vpl-gpu-rt
intel-media-sdk
];
};
networking = { networking = {
hostName = "semita"; hostName = "semita";
networkmanager.enable = true; nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
enableIPv6 = false; defaultGateway = "${gatewayIp}";
useDHCP = false;
bridges = {
br0 = {
interfaces = ["eth0"];
};
};
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "${semitaIp}";
"prefixLength" = 24;
}
];
};
}; };
services.libinput.enable = true; services.libinput.enable = true;

68
hosts/sparky/default.nix
View File

@ -1,35 +1,52 @@
{ inputs, config, lib, pkgs, outputs, ... }: {
let inputs,
config,
lib,
configVars,
...
}: let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
impermanence = true; impermanence = true;
in pieholeIp = configVars.networking.addresses.piehole.ip;
{ gatewayIp = configVars.networking.addresses.gateway.ip;
imports = in {
[ imports = [
# Create users for this host # Create users for this host
../common/users/media ../common/users/media
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) (import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence # Impermanence
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; }) (import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix
../common/core ../common/core
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/persistence.nix ../common/optional/persistence.nix
../common/optional/gaming.nix ../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix
]; ../common/optional/printing.nix
];
boot = { boot = {
loader = { loader = {
@ -38,12 +55,13 @@ in
timeout = 3; timeout = 3;
}; };
}; };
boot.kernelParams = [ "i915.enable_psr=0" ]; boot.kernelParams = ["i915.enable_psr=0"];
networking = { networking = {
hostName = "sparky"; hostName = "sparky";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = false; enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
}; };
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
@ -59,7 +77,7 @@ in
services.xserver = { services.xserver = {
enable = true; enable = true;
videoDrivers = [ "nvidia" ]; videoDrivers = ["nvidia"];
displayManager.lightdm.enable = true; displayManager.lightdm.enable = true;
exportConfiguration = true; exportConfiguration = true;
deviceSection = '' deviceSection = ''

10
justfile
View File

@ -1,4 +1,4 @@
SOPS_FILE := "../nix-secrets/secrets.yaml" SOPS_FILE := "~/.local/share/src/nix-secrets/secrets.yaml"
# default recipe to display help information # default recipe to display help information
default: default:
@ -14,6 +14,11 @@ rebuild-system:
git add *.nix git add *.nix
sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname) sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname)
# test full system rebuild from flake (stages changes and automatically detects host)
rebuild-system-test:
git add *.nix
sudo nixos-rebuild test --option eval-cache false --flake .#$(hostname)
# updates all flake inputs for system # updates all flake inputs for system
update-flake: update-flake:
nix flake update nix flake update
@ -23,10 +28,11 @@ update-flake:
edit-sops: edit-sops:
echo "Editing {{SOPS_FILE}}" echo "Editing {{SOPS_FILE}}"
nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}" nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit" && git push
# update keys in secrets.yaml and push to remote # update keys in secrets.yaml and push to remote
update-sops-secrets: update-sops-secrets:
cd ../nix-secrets && (\ cd ~/.local/share/src/nix-secrets && (\
nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \ nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \
git add -u && (git commit -m "updated secrets" || true) && git push \ git add -u && (git commit -m "updated secrets" || true) && git push \
) )

14
pkgs/default.nix
View File

@ -1,8 +1,10 @@
pkgs: { pkgs: {
sddm-theme = pkgs.callPackage ./sddm-theme { }; sddm-theme = pkgs.callPackage ./sddm-theme {};
st = pkgs.callPackage ./st { }; st = pkgs.callPackage ./st {};
dwmblocks = pkgs.callPackage ./dwmblocks { }; dwmblocks = pkgs.callPackage ./dwmblocks {};
dmenu = pkgs.callPackage ./dmenu { }; dmenu = pkgs.callPackage ./dmenu {};
nsxiv = pkgs.callPackage ./nsxiv { }; nsxiv = pkgs.callPackage ./nsxiv {};
sqlfmt = pkgs.callPackage ./sqlfmt { }; sqlfmt = pkgs.callPackage ./sqlfmt {};
kunst = pkgs.callPackage ./kunst {};
set_wm_class = pkgs.callPackage ./set_wm_class {};
} }

22
pkgs/kunst/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
}:
pkgs.stdenv.mkDerivation {
pname = "kunst";
name = "kunst";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "kunst";
rev = "efff362ab9ea14cae2bb6c5d246601011e345732";
sha256 = "sha256-AeAYh2z2Ty9rYfgm+EhYB99OI87aWqLURDbfT0N3wUg=";
};
installPhase = ''
mkdir -p $out/bin
mv kunst $out/bin
chmod 755 $out/bin/kunst
'';
}

35
pkgs/set_wm_class/default.nix Normal file
View File

@ -0,0 +1,35 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
, pkg-config ? pkgs.pkg-config
, libX11 ? pkgs.xorg.libX11
}:
pkgs.stdenv.mkDerivation {
pname = "set_wm_class";
name = "set_wm_class";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "set_wm_class";
rev = "b39fb4b360";
sha256 = "sha256-5z2YQof4jbfa1dQll5GLt2OL54UhDKZ4Dzzte7vT0zM=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libX11
];
buildPhase = ''
make
'';
installPhase = ''
mkdir -p $out/bin
mv set_wm_class $out/bin
'';
}

9
pkgs/sqlfmt/default.nix
View File

@ -2,14 +2,17 @@
, fetchurl ? pkgs.fetchurl , fetchurl ? pkgs.fetchurl
, buildPythonPackage ? pkgs.python311Packages.buildPythonPackage , buildPythonPackage ? pkgs.python311Packages.buildPythonPackage
}: }:
let
version = "0.21.4"; # this needs to be fetched from github to get the latest
in
buildPythonPackage { buildPythonPackage {
pname = "shandy-sqlfmt"; pname = "shandy-sqlfmt";
version = "0.21.3";
format = "wheel"; format = "wheel";
version = version;
src = fetchurl { src = fetchurl {
url = "https://github.com/tconbeer/sqlfmt/releases/download/v0.21.3/shandy_sqlfmt-0.21.3-py3-none-any.whl"; url = "https://github.com/tconbeer/sqlfmt/releases/download/v${version}/shandy_sqlfmt-${version}-py3-none-any.whl";
sha256 = "sha256-gb/gLAcGD7F/0LL6WllfX1CW4Tug//jNDA0v9O5tedA="; sha256 = "sha256-mS8afZtQxN/blaVgG2cBD/wnRZGxAwQWPJqtTji1IJk=";
}; };
doCheck = false; doCheck = false;

4
pkgs/st/default.nix
View File

@ -12,8 +12,8 @@ pkgs.stdenv.mkDerivation {
domain = "git.bitlab21.com"; domain = "git.bitlab21.com";
owner = "sam"; owner = "sam";
repo = "st"; repo = "st";
rev = "31e0ba8cb2086fb12741afc5fc3dfd938ca1f59b"; rev = "0e926487c85227aad9eed6667b91e149018014b8";
sha256 = "sha256-dbkXFbNr/lJveMeR7qXo7jGgF5+79S9vqKsLM7XM250="; sha256 = "sha256-aUquoUotLKJDxOISIcx0RUybNvBrytc7+EF7PE1MRJU=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

9
scripts/bootstrap.sh
View File

@ -45,7 +45,7 @@ echo "Creating '$hostname' ssh keys"
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N "" ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
# Extract luks key from secrets # Extract luks key from secrets
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml") luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml")
echo "$luks_secret" > /tmp/luks_secret.key echo "$luks_secret" > /tmp/luks_secret.key
# Generate age key from target host and user public ssh key # Generate age key from target host and user public ssh key
@ -54,7 +54,7 @@ HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host
echo -e "Host age key:\n$HOST_AGE_KEY\n" echo -e "Host age key:\n$HOST_AGE_KEY\n"
# Update .sops.yaml with new age key: # Update .sops.yaml with new age key:
SOPS_FILE="../nix-secrets/.sops.yaml" SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml"
sed -i "{ sed -i "{
# Remove any * and & entries for this host # Remove any * and & entries for this host
/[*&]$hostname/ d; /[*&]$hostname/ d;
@ -63,13 +63,14 @@ sed -i "{
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/}; /age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
# Inject a new hosts: entry # Inject a new hosts: entry
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/} /&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
}" $SOPS_FILE }" "$SOPS_FILE"
# Commit and push changes to sops file # Commit and push changes to sops file
just update-sops-secrets && just update-flake-secrets && just update-flake just update-sops-secrets && just update-flake-secrets && just update-flake
# Copy current nix config over to target # Copy current nix config over to target
cp -prv . "$temp$persist/etc/nixos" echo "copying current nix config to host"
cp -pr . "$temp$persist/etc/nixos"
# Install Nixos to target # Install Nixos to target
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"

8
shell.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell
{
nativeBuildInputs = with pkgs; [
update-nix-fetchgit
];
}

8
vars/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ inputs, ... }:
{
inherit (inputs.nix-secrets)
networking
email
;
}