phundrak/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Lucien Cartier-Tilet 2025-05-04 02:47:36 +02:00
commit d5e06f3f49
Signed by: phundrak
SSH Key Fingerprint: SHA256:CE0HPsbW3L2YiJETx1zYZ2muMptaAqTN2g3498KrMkc
91 changed files with 9063 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.envrc Normal file
View File

@ -0,0 +1,10 @@
if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
fi
watch_file flake.nix
watch_file flake.lock
if ! use flake . --no-pure-eval
then
echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2
fi

11
.gitignore vendored Normal file
View File

@ -0,0 +1,11 @@
*~
# Devenv
.devenv*
devenv.local.nix
# direnv
.direnv
# pre-commit
.pre-commit-config.yaml
result

17
.sops.yaml Normal file
View File

@ -0,0 +1,17 @@
keys:
- &gampo age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
- &gampo-host age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz
- &marpa age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2
- &marpa-host age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
- &tilo age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
- &tilo-host age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *gampo
- *gampo-host
- *marpa
- *marpa-host
- *tilo
- *tilo-host

37
README.org Normal file
View File

@ -0,0 +1,37 @@
#+title: NixOS Configuration
#+author: Lucien Cartier-Tilet <lucien@phundrak.com>
This repository contains the NixOS configuration for my personal
setup. It uses Nix Flakes to manache the configuration, making it
reproducible and easy to share across my different machines.
* Repository Structure
- =flake.nix= :: The main entry point for the Nix Flake. It defines my
NixOS configurations as well as a dev shell which installs the tools
needed for testing and building my configurations.
- =hosts/= :: Directory containing host-specific configurations. Each
host has its own directory with at least a =configuration.nix= file.
- =modules/= :: Custom NixOS modules that can be reused across different
hosts.
- =programs/= :: Programs shared across hosts at the system level that
are not made into configurable modules.
- =secrets/= :: Contains secret values that I cannot or will not share
publicly.
- =system/= :: Common system-level configuration shared across hosts
that are not made into configurable modules.
- =users/phundrak/= :: My home-manager configuration, containing
user-specific settings and applications.
- =users/modules/= :: Custom user NixOS modules that can be reused
across different users.
- =user/scripts/= :: Custom shell scripts shared across users.
* Updating and Rebuilding the Configuration
In this repository, there are two helper scripts:
- =update.sh= :: Updates the Flakes lockfile.
- =rebuild.sh= :: Rebuilds the configuration and switch to it
immediately.
* Contributing
Feel free to fork this repository and make your own changes. If you
have any improvements or suggestions, please open an issue or submit a
pull request.

323
flake.lock generated Normal file
View File

@ -0,0 +1,323 @@
{
"nodes": {
"cachix": {
"inputs": {
"devenv": [
"devenv"
],
"flake-compat": [
"devenv"
],
"git-hooks": [
"devenv"
],
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1742042642,
"narHash": "sha256-D0gP8srrX0qj+wNYNPdtVJsQuFzIng3q43thnHXQ/es=",
"owner": "cachix",
"repo": "cachix",
"rev": "a624d3eaf4b1d225f918de8543ed739f2f574203",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "latest",
"repo": "cachix",
"type": "github"
}
},
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1746189866,
"narHash": "sha256-3sTvuSVBFcXbqg26Qcw/ENJ1s36jtzEcZ0mHqLqvWRA=",
"owner": "cachix",
"repo": "devenv",
"rev": "5fc592d45dd056035e0fd5000893a21609c35526",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"devenv",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"devenv"
],
"gitignore": "gitignore",
"nixpkgs": [
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"devenv",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746204974,
"narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": [
"devenv"
],
"flake-parts": "flake-parts",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-23-11": [
"devenv"
],
"nixpkgs-regression": [
"devenv"
],
"pre-commit-hooks": [
"devenv"
]
},
"locked": {
"lastModified": 1745930071,
"narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=",
"owner": "domenkozar",
"repo": "nix",
"rev": "b455edf3505f1bf0172b39a735caef94687d0d9c",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.24",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1733477122,
"narHash": "sha256-qamMCz5mNpQmgBwc8SB5tVMlD5sbwVIToVZtSxMph9s=",
"owner": "cachix",
"repo": "devenv-nixpkgs",
"rev": "7bd9e84d0452f6d2e63b6e6da29fe73fac951857",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "rolling",
"repo": "devenv-nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1746141548,
"narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f02fddb8acef29a8b32f10a335d44828d7825b78",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"devenv": "devenv",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_4",
"sops-nix": "sops-nix",
"zen-browser": "zen-browser"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745310711,
"narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745121923,
"narHash": "sha256-8X9JuDfxAEQlBhB0ARgFj9fbDOlCvPx6AbQ1h2T47/g=",
"owner": "youwen5",
"repo": "zen-browser-flake",
"rev": "02084a38e9dbc4fa17f3474c3e9d43bb7db55799",
"type": "github"
},
"original": {
"owner": "youwen5",
"repo": "zen-browser-flake",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

125
flake.nix Normal file
View File

@ -0,0 +1,125 @@
{
description = "Home Manager configuration of phundrak";
inputs = {
# Specify the source of Home Manager and Nixpkgs.
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
devenv.url = "github:cachix/devenv";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
zen-browser = {
url = "github:youwen5/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
nixConfig = {
extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=";
extra-substituters = "https://devenv.cachix.org";
};
outputs = {
self,
nixpkgs,
home-manager,
devenv,
...
} @ inputs: let
inherit (self) outputs;
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in {
formatter.${system} = pkgs.alejandra;
packages.${system} = {
devenv-up = self.devShells.${system}.default.config.procfileScript;
devenv-test = self.devShells.${system}.default.config.test;
};
devShells.${system}.default = devenv.lib.mkShell {
inherit inputs pkgs;
modules = [
(
{pkgs, ...}: {
packages = [pkgs.nh];
git-hooks.hooks = {
alejandra.enable = true;
commitizen.enable = true;
detect-private-keys.enable = true;
end-of-file-fixer.enable = true;
deadnix.enable = true;
ripsecrets.enable = true;
statix.enable = true;
};
}
)
];
};
homeConfigurations = {
"phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
home-conf = "fullHome";
};
modules = [
./users/phundrak/marpa.nix
inputs.sops-nix.homeManagerModules.sops
];
};
"phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
home-conf = "fullHome";
};
modules = [
./users/phundrak/gampo.nix
inputs.sops-nix.homeManagerModules.sops
];
};
"phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
home-conf = "minimal";
};
modules = [
./users/phundrak/tilo.nix
inputs.sops-nix.homeManagerModules.sops
];
};
};
nixosConfigurations = {
gampo = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [
./hosts/gampo/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
marpa = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [
./hosts/marpa/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
tilo = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [
./hosts/tilo/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
};
};
}

63
hosts/gampo/configuration.nix Normal file
View File

@ -0,0 +1,63 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
inputs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./system/hardware-configuration.nix
./services.nix
../../modules/system.nix
../../modules/sops.nix
../../modules/opentablet.nix
../../programs/steam.nix
];
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
boot.initrd.kernelModules = ["i915"];
system = {
boot.plymouth.enable = true;
docker = {
enable = true;
autoprune.enable = true;
podman.enable = true;
};
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
sound.enable = true;
};
security.rtkit.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
curl
openssl
wget
];
nix.settings.trusted-users = ["root" "phundrak"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database
# versions on your system were taken. Its perfectly fine and
# recommended to leave this value at the release version of the
# first install of this system. Before changing this value read
# the documentation for this option (e.g. man configuration.nix or
# on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

15
hosts/gampo/services.nix Normal file
View File

@ -0,0 +1,15 @@
{
imports = [
./services/gnome.nix
];
services = {
# Enable CUPS to print documents.
printing.enable = true;
openssh.enable = true;
fwupd.enable = true;
udev.extraRules = ''
ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
'';
};
}

11
hosts/gampo/services/gnome.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
xkb = {
layout = "fr";
variant = "bepo";
};
};
}

46
hosts/gampo/system/hardware-configuration.nix Normal file
View File

@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = ["ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/1a8adc62-a11c-4d80-a000-9d37a4fce7b7";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/4032-0CCF";
fsType = "vfat";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/85b7722a-4859-4fe6-b838-660314443638";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s29u1u4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

78
hosts/marpa/configuration.nix Normal file
View File

@ -0,0 +1,78 @@
{
config,
pkgs,
inputs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./system/hardware-configuration.nix
./services.nix
../../modules/system.nix
../../modules/sops.nix
../../modules/opentablet.nix
../../programs/flatpak.nix
../../programs/steam.nix
];
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
security.polkit.enable = true;
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
system = {
amdgpu.enable = true;
boot.plymouth.enable = true;
docker = {
enable = true;
podman.enable = true;
autoprune.enable = true;
};
networking = {
hostname = "marpa";
id = "7EA4A111";
hostFiles = [config.sops.secrets.extraHosts.path];
firewall.openPortRanges = [
{
# Sunshine
from = 1714;
to = 1764;
}
];
};
sound = {
enable = true;
jack = true;
};
};
security.rtkit.enable = true;
nix.settings.trusted-users = ["root" "phundrak"];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
clinfo # AMD
curl
openssl
wget
];
programs.nix-ld.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

23
hosts/marpa/services.nix Normal file
View File

@ -0,0 +1,23 @@
{
imports = [
../../modules/ssh.nix
../../modules/sunshine.nix
../../modules/xserver.nix
];
modules = {
xserver = {
amdgpu.enable = true;
de = "gnome";
};
sunshine = {
enable = true;
autostart = true;
};
};
services = {
printing.enable = true;
openssh.enable = true;
fwupd.enable = true;
};
}

11
hosts/marpa/services/gnome.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
xkb = {
layout = "fr";
variant = "bepo_afnor";
};
};
}

50
hosts/marpa/system/hardware-configuration.nix Normal file
View File

@ -0,0 +1,50 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "thunderbolt" "usb_storage" "usbhid" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3738e245-f6aa-4ed8-a97b-c7bf199a7810";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/A2C1-2147";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
"/home" = {
device = "/dev/disk/by-uuid/532f1e53-2cd7-4345-82ec-7309f816cfb8";
fsType = "btrfs";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/acdf872f-274c-4316-aeed-11bb1bbde6b8";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp17s0u9.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

83
hosts/tilo/configuration.nix Normal file
View File

@ -0,0 +1,83 @@
# Edit this configuration file to define what should be installed on your
# system. Help is available in the configuration.nix(5) man page and in
# the NixOS manual (accessible by running nixos-help).
{
pkgs,
inputs,
...
}: {
imports = [
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
../../modules/locale.nix
../../modules/system.nix
../../modules/ssh.nix
../../modules/endlessh.nix
../../programs/nano.nix
];
system = {
amdgpu.enable = false;
boot = {
kernel = {
hardened = true;
cpuVendor = "amd";
};
zfs = {
enable = true;
pools = ["tank"];
};
};
docker.enable = true;
networking = {
hostname = "tilo";
id = "7110b33f";
firewall = {
openPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
2222 # endlessh
25565 # Minecraft
];
extraCommands = ''
iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
'';
};
};
nix.gc.automatic = true;
sound.enable = false;
users = {
root.disablePassword = true;
phundrak = true;
};
console.keyMap = "fr-bepo";
};
modules = {
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
endlessh.enable = true;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [pkgs.openssl];
# imports = [
# # Include the results of the hardware scan.
# ./services.nix
# ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}

45
hosts/tilo/hardware-configuration.nix Normal file
View File

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = ["xhci_pci" "ahci" "mpt3sas" "usb_storage" "usbhid" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6f6bb286-3848-482e-b18c-940b459425c8";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/8A5A-5720";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
};
swapDevices = [{device = "/dev/disk/by-uuid/a0be51cb-11fa-4087-a14b-c314e35fc34f";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

17
modules/amdgpu.nix Normal file
View File

@ -0,0 +1,17 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.modules.amdgpu;
in {
options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
};
}

88
modules/boot.nix Normal file
View File

@ -0,0 +1,88 @@
{
pkgs,
config,
lib,
...
}:
with lib; let
cfg = config.modules.boot;
in {
options.modules.boot = {
amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
kernel = {
package = mkOption {
type = types.raw;
default = pkgs.linuxPackages_zen;
};
modules = mkOption {
type = types.listOf types.str;
default = [];
};
cpuVendor = mkOption {
description = "Intel or AMD?";
type = types.enum ["intel" "amd"];
default = "amd";
};
v4l2loopback = mkOption {
description = "Enables v4l2loopback";
type = types.bool;
default = true;
};
hardened = mkEnableOption "Enables hardened Linux kernel";
};
zfs = {
enable = mkEnableOption "Enables ZFS";
pools = mkOption {
type = types.listOf types.str;
default = [];
};
};
};
config.boot = {
initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu";
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = mkIf cfg.zfs.enable ["zfs"];
zfs.extraPools = mkIf cfg.zfs.enable cfg.zfs.pools;
kernelPackages =
if cfg.kernel.hardened
then pkgs.linuxPackages_hardened
else cfg.kernel.package;
kernelModules =
cfg.kernel.modules
++ ["kvm-${cfg.kernel.cpuVendor}"]
++ lists.optional cfg.kernel.v4l2loopback "v4l2loopback"
++ lists.optional cfg.kernel.hardened "tcp_bbr";
kernel.sysctl = mkIf cfg.kernel.hardened {
"kernel.sysrq" = 0; # Disable magic SysRq key
# Ignore ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
# Ignore bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# SYN flood protection
"net.ipv4.tcp_syncookies" = 1;
# Do not accept ICMP redirects (prevent MITM attacks)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default_accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Do not send ICMP redirects (we are not a router)
"net.ipv4.conf.all.send_redirects" = 0;
# Do not accept IP source route packets (we are not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Protect against tcp time-wait assassination hazards
"net.ipv4.tcp_rfc1337" = 1;
# Latency reduction
"net.ipv4.tcp_fastopen" = 3;
# Bufferfloat mitigations
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
}

32
modules/dev/docker.nix Normal file
View File

@ -0,0 +1,32 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.modules.docker;
in {
options.modules.docker = {
enable = mkEnableOption "Enable Docker";
podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support";
autoprune.enable = mkEnableOption "Enable autoprune";
};
config = {
virtualisation = {
docker = mkIf (cfg.enable && !cfg.podman.enable) {
enable = true;
enableNvidia = cfg.nvidia.enable;
autoPrune.enable = cfg.autoprune.enable;
};
podman = mkIf cfg.podman.enable {
enable = true;
dockerCompat = cfg.enable;
enableNvidia = cfg.nvidia.enable;
dockerSocket.enable = cfg.enable;
autoPrune.enable = cfg.autoprune.enable;
};
};
};
}

21
modules/endlessh.nix Normal file
View File

@ -0,0 +1,21 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.endlessh;
in {
options.modules.endlessh = {
enable = mkEnableOption "Enables endlessh.";
port = mkOption {
type = types.port;
default = 2222;
example = 22;
};
};
config.services.endlessh-go = mkIf cfg.enable {
inherit (cfg) enable port;
openFirewall = true;
};
}

1
modules/keys/id_gampo.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPhP4p9KGk6jSOxJzBu+RzJPHI6baT0o+xrgPeNRwfq lucien@phundrak.com

1
modules/keys/id_marpa.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com

1
modules/keys/id_opn4.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFVzXgt8Md+PgOMM3qcBIR/a8uf5s6dnxGbFlG9yD+Gx lucien@phundrak.com

1
modules/keys/id_tilo.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7GXp4OfK2j1+7TMjVBL29Ol/6nsEMbfE2wRGkjk3Ya lucien@phundrak.com

16
modules/locale.nix Normal file
View File

@ -0,0 +1,16 @@
{
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
};
};
}

65
modules/networking.nix Normal file
View File

@ -0,0 +1,65 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.modules.networking;
in {
options.modules.networking = {
hostname = mkOption {
type = types.str;
example = "gampo";
};
id = mkOption {
type = types.str;
example = "deadb33f";
};
hostFiles = mkOption {
type = types.listOf types.path;
example = [/path/to/hostFile];
default = [];
};
firewall = {
openPorts = mkOption {
type = types.listOf types.int;
example = [22 80 443];
default = [];
};
openPortRanges = mkOption {
type = types.listOf (types.attrsOf types.port);
default = [];
example = [
{
from = 8080;
to = 8082;
}
];
description = ''
A range of TCP and UDP ports on which incoming connections are
accepted.
'';
};
extraCommands = mkOption {
type = types.nullOr types.lines;
example = "iptables -A INPUTS -p icmp -j ACCEPT";
default = null;
};
};
};
config.networking = {
hostName = cfg.hostname; # Define your hostname.
hostId = cfg.id;
networkmanager.enable = true;
inherit (cfg) hostFiles;
firewall = {
enable = true;
allowedTCPPorts = cfg.firewall.openPorts;
allowedUDPPorts = cfg.firewall.openPorts;
allowedTCPPortRanges = cfg.firewall.openPortRanges;
allowedUDPPortRanges = cfg.firewall.openPortRanges;
extraCommands = (mkIf (cfg.firewall.extraCommands != null)) cfg.firewall.extraCommands;
};
};
}

38
modules/nix.nix Normal file
View File

@ -0,0 +1,38 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.modules.nix;
in {
options.modules.nix = {
disableSandbox = mkEnableOption "Disables Nix sandbox";
gc = {
automatic = mkOption {
type = types.bool;
default = true;
};
dates = mkOption {
type = types.str;
default = "Monday 01:00 UTC";
};
options = mkOption {
type = types.str;
default = "--delete-older-than 30d";
};
};
};
config = {
nix = {
settings = {
sandbox = cfg.disableSandbox;
experimental-features = ["nix-command" "flakes"];
auto-optimise-store = true;
};
inherit (cfg) gc;
};
nixpkgs.config.allowUnfree = true;
};
}

6
modules/opentablet.nix Normal file
View File

@ -0,0 +1,6 @@
{
hardware.opentabletdriver = {
enable = true;
daemon.enable = true;
};
}

33
modules/plymouth.nix Normal file
View File

@ -0,0 +1,33 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.modules.boot.plymouth;
in {
options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
config.boot = mkIf cfg.enable {
plymouth = {
inherit (cfg) enable;
theme = "circle_hud";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override {
selected_themes = ["circle_hud"];
})
];
};
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
# Loader appears only if a key is pressed
loader.timeout = 0;
};
}

17
modules/sops.nix Normal file
View File

@ -0,0 +1,17 @@
{
sops = {
defaultSopsFile = ../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age = {
# automatically import user SSH keys as age keys
sshKeyPaths = [
"/home/phundrak/.ssh/id_ed25519"
"/etc/ssh/ssh_host_ed25519_key"
];
# this will use an age key that is expected to already be in the filesystem
keyFile = "/var/lib/sops-nix/key.txt";
# generate a new key if the key specified above does not exist
generateKey = true;
};
};
}

40
modules/sound.nix Normal file
View File

@ -0,0 +1,40 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
cfg = config.modules.sound;
in {
options.modules.sound = {
enable = mkEnableOption "Whether to enable sounds with Pipewire";
alsa = mkOption {
type = types.bool;
example = true;
default = true;
description = "Whether to enable ALSA support with Pipewire";
};
jack = mkOption {
type = types.bool;
example = true;
default = false;
description = "Whether to enable JACK support with Pipewire";
};
package = mkOption {
type = types.package;
example = pkgs.pulseaudio;
default = pkgs.pulseaudioFull;
description = "Which base package to use for PulseAudio";
};
};
config.services.pipewire = mkIf cfg.enable {
enable = true;
alsa = mkIf cfg.alsa {
enable = mkDefault true;
support32Bit = mkDefault true;
};
jack.enable = mkDefault cfg.jack;
};
}

30
modules/ssh.nix Normal file
View File

@ -0,0 +1,30 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.modules.ssh;
in {
options.modules.ssh = {
enable = mkEnableOption "Enables OpenSSH";
allowedUsers = mkOption {
type = types.listOf types.str;
example = ["alice" "bob"];
default = ["phundrak"];
};
passwordAuthentication = mkOption {
type = types.bool;
example = true;
default = false;
};
};
config.services.openssh = mkIf cfg.enable {
enable = true;
settings = {
AllowUsers = cfg.allowedUsers;
PermitRootLogin = "no";
PasswordAuthentication = cfg.passwordAuthentication;
};
};
}

22
modules/sunshine.nix Normal file
View File

@ -0,0 +1,22 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.sunshine;
in {
options.modules.sunshine = {
enable = mkEnableOption "Enables moonlight";
autostart = mkEnableOption "Enables autostart";
};
config.services.sunshine = mkIf cfg.enable {
enable = true;
autoStart = cfg.autostart;
capSysAdmin = true;
openFirewall = true;
settings = {
sunshine_name = "marpa";
};
};
}

171
modules/system.nix Normal file
View File

@ -0,0 +1,171 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.system;
in {
imports = [
./amdgpu.nix
./boot.nix
./locale.nix
./networking.nix
./nix.nix
./plymouth.nix
./sound.nix
./users.nix
./dev/docker.nix
];
options.system = {
amdgpu.enable = mkEnableOption "Enables AMD GPU support";
boot = {
kernel = {
package = mkOption {
type = types.raw;
default = pkgs.linuxPackages_zen;
};
modules = mkOption {
type = types.listOf types.str;
default = [];
};
cpuVendor = mkOption {
description = "Intel or AMD?";
type = types.enum ["intel" "amd"];
default = "amd";
};
v4l2loopback = mkOption {
description = "Enables v4l2loopback";
type = types.bool;
default = true;
};
hardened = mkEnableOption "Enables hardened Linux kernel";
};
plymouth.enable = mkEnableOption "Enables Plymouth";
zfs = {
enable = mkEnableOption "Enables ZFS";
pools = mkOption {
type = types.listOf types.str;
default = [];
};
};
};
docker = {
enable = mkEnableOption "Enable Docker";
podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support";
autoprune.enable = mkEnableOption "Enable autoprune";
};
networking = {
hostname = mkOption {
type = types.str;
example = "gampo";
};
id = mkOption {
type = types.str;
example = "deadb33f";
};
hostFiles = mkOption {
type = types.listOf types.path;
example = [/path/to/hostFile];
default = [];
};
firewall = {
openPorts = mkOption {
type = types.listOf types.int;
example = [22 80 443];
default = [];
};
openPortRanges = mkOption {
type = types.listOf (types.attrsOf types.port);
default = [];
example = [
{
from = 8080;
to = 8082;
}
];
description = ''
A range of TCP and UDP ports on which incoming connections are
accepted.
'';
};
extraCommands = mkOption {
type = types.nullOr types.lines;
example = "iptables -A INPUTS -p icmp -j ACCEPT";
default = null;
};
};
};
nix = {
disableSandbox = mkOption {
type = types.bool;
default = false;
};
gc = {
automatic = mkOption {
type = types.bool;
default = true;
};
dates = mkOption {
type = types.str;
default = "Monday 01:00 UTC";
};
options = mkOption {
type = types.str;
default = "--delete-older-than 30d";
};
};
};
sound = {
enable = mkEnableOption "Whether to enable sounds with Pipewire";
alsa = mkOption {
type = types.bool;
example = true;
default = true;
description = "Whether to enable ALSA support with Pipewire";
};
jack = mkOption {
type = types.bool;
example = true;
default = false;
description = "Whether to enable JACK support with Pipewire";
};
package = mkOption {
type = types.package;
example = pkgs.pulseaudio;
default = pkgs.pulseaudioFull;
description = "Which base package to use for PulseAudio";
};
};
users = {
root.disablePassword = mkEnableOption "Disables root password";
phundrak = mkOption {
type = types.bool;
default = true;
};
};
timezone = mkOption {
type = types.str;
default = "Europe/Paris";
};
console.keyMap = mkOption {
type = types.str;
default = "fr";
};
};
config = {
time.timeZone = cfg.timezone;
console.keyMap = cfg.console.keyMap;
modules = {
boot = {
inherit (cfg) amdgpu;
inherit (cfg.boot) kernel plymouth zfs;
};
inherit (cfg) sound users networking docker amdgpu;
};
};
}

39
modules/users.nix Normal file
View File

@ -0,0 +1,39 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
cfg = config.modules.users;
in {
options.modules.users = {
root.disablePassword = mkEnableOption "Disables root password";
phundrak = mkOption {
type = types.bool;
default = true;
};
};
config = {
users.users = {
root = {
hashedPassword = mkIf cfg.root.disablePassword "*";
shell = pkgs.zsh;
};
phundrak = {
isNormalUser = true;
description = "Lucien Cartier-Tilet";
extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [
./keys/id_gampo.pub
./keys/id_marpa.pub
./keys/id_tilo.pub
./keys/id_opn4.pub
];
};
};
programs.zsh.enable = true;
};
}

41
modules/xserver.nix Normal file
View File

@ -0,0 +1,41 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.xserver;
in {
options.modules.xserver = {
amdgpu.enable = mkEnableOption "Enables AMD GPU support";
de = mkOption {
type = types.enum ["gnome" "kde"];
default = "gnome";
example = "kde";
description = "Which DE to enable";
};
};
config.services = {
displayManager.sddm.enable = mkIf (cfg.de == "kde") true;
desktopManager.plasma6.enable = mkIf (cfg.de == "kde") true;
gnome = mkIf (cfg.de == "gnome") {
gnome-browser-connector.enable = true;
games.enable = false;
gnome-remote-desktop.enable = true;
gnome-online-accounts.enable = true;
sushi.enable = true;
};
xserver = {
enable = true;
displayManager.gdm.enable = mkIf (cfg.de == "gnome") true;
desktopManager.gnome.enable = mkIf (cfg.de == "gnome") true;
videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu";
xkb = {
layout = "fr";
variant = "bepo_afnor";
};
};
};
}

3
programs/flatpak.nix Normal file
View File

@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

49
programs/hyprland.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.hyprland;
in {
options.modules.hyprland = {
enable = mkEnableOption "Enables Hyprland";
config = mkOption {
type = types.lines;
default = "";
};
waybar = {
config = mkOption {
type = types.lines;
default = "";
};
style = mkOption {
type = types.nullOr types.path;
default = null;
};
};
};
config = {
wayland.windowManager.hyprland = mkIf cfg.enable {
enable = true;
xwayland.enable = true;
systemd.enable = true;
extraConfig = cfg.config;
};
services.wpaperd = {
enable = true;
settings = ''
[default]
path = "/home/phundrak/Pictures/Wallpapers/nord"
duration = "5m"
sorting = "ascending"
'';
};
programs.waybar = {
enable = true;
inherit (cfg.waybar) config style;
systemd.enableInspect = true;
};
};
}

15
programs/kdeconnect.nix Normal file
View File

@ -0,0 +1,15 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.kdeconnect;
in {
options.modules.kdeconnect.enable = mkEnableOption "Enable KDEConnect";
config.services.kdeconnect = mkIf cfg.enable {
enable = true;
indicator = true;
};
}

14
programs/nano.nix Normal file
View File

@ -0,0 +1,14 @@
{
programs.nano = {
enable = true;
syntaxHighlight = true;
nanorc = ''
set tabsize 2
set autoindent
set atblanks
set linenumber
set smarthome
set softwrap
'';
};
}

21
programs/steam.nix Normal file
View File

@ -0,0 +1,21 @@
{pkgs, ...}: {
programs = {
steam = {
enable = true;
protontricks.enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true;
extraCompatPackages = [pkgs.proton-ge-bin];
};
gamescope = {
enable = true;
capSysNice = true;
args = [
"--rt"
"--expose-wayland"
];
};
};
hardware.steam-hardware.enable = true;
}

67
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,67 @@
extraHosts: ENC[AES256_GCM,data:nuEU+Tlj9BBEO/459B7u74WEdlDmvn3coWkk3JG5uqWXR1G4tk6H8EvQAY/xAuqcM01T4psaeqQTxZA+U626zMQ++vOsYwI8cch8m0xIkKKJ3Ztyqeip8egK2xPywdJp69Z5XhweF3RlxPBTroMcCoqHG0rFQmPuwaWrM/DJ6HQBGqKA3wmaYXAC4OLFVGNzLNLfWD85PAxK1YTJnClaerFdwsxm9tq+HNg7zEnOUVyQjm2l16MKkV1kybddNFc6SKHmm2e/XYNQ85eRm1ALq1v1WRPLaa87MsPLM6svwNy5hEMX+AQKfGBL4hLUKOw+yPktfSnGhj8uDO6IUTjySzkgdYIu37E8ozN8CZ2m+5wYDjf1NU34/yUo2p3RZISuy52qEhGE0jsIeDiC6KMPs6/dHKpxbkRVhe7ZWpZvee7dhWyAkW4lk+MA1p3OklCBdTn8JcrAlVcKf0n1+XyK5ua0q5ja6UKg1Q5Y1LGFPInt+styJ65HdvqBcdLiG7DCQYHGpWGIeSNglbAKPMCeBCablN/2gLLYOK08RXwwSAj1V5lCXAKoc3FfnX73ELRelzLwE2MNJZCn0DqnqP0vOnzXM9ftWVODCjcIEmLUX+CL7hBNLrWcp+Q3ALQcSZsAVejpP8Iajo85R/Hc+2OtqfXijoJNacaMgKCX/5ZWOFEwNUdto3xSRQXu2Ck//F4F/0Ez6yqOFux1byjdyHDbGGdFz02DTZUkOtsPVssyqz1nEHepDQM0EmAAxAR6D8hHOnZGesfqbS+5Xd3+KlfxyFC2mHDxK4WZPCHTAEsenWEiQTGfaOT+1bpbimRfUcqiRXukSUeHY2cKf/reNw0MT7t5n1mvidihP3sJuc573ViUlG+Ts8ctyZ/+tKU2aCMz3wevPzZNiIVqXsB2lC8c,iv:MnbM30XhdQFOPmc4x/a7YaDmnCDCFHS2Nm8plh+raSo=,tag:SpHUqyeSVdtf8uk4SyjmOA==,type:str]
mopidy:
spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
ssh:
hosts: ENC[AES256_GCM,data:jLLehzuBuBh22ZukRlqjQJNBg0ri8go58SJfs4GjNqNdvI/H0NWRS0apqLPzERkbpPipex3kUiFIc6BH+usSSpfh/MWico8qZDKVD7Ekx6F8k45I2Pq+mbLsMEo3XfjcnfYgDWn2I7/jyidBsvA+m9VnjU8/Cnk5O/YeIZQRvfOZ4xc8zw7C/vqmxsNi2KZr+2N23L+eetoKM4J6AigmINH41wAL3/RlB0oCpjSHSkbp7Glu2LlyJygS52p9m5pq4QBXtoiu5AJ6qG17LrypmDjfxE2zU2R3Zu6VLbs4zWQY2+W36j33Fm5nMkMMPJAEdRR27HPxM2EAEuH4OI1Jbup669sln9nJxnO2zYveplNPsAb3a16D4L9rwSzUd1s2W+NlqBSYdyAktuvtPWf1vAg9+Fob9jUgUFGTQpNF8Xj1n+DqvXlLQknsB/7EhNSSnYyQS36wHF9KBHJwexpYbhnGiMuLjN6KXbr/YYawocSA/5o8s6X/tRXKMkXtZjoEsyr1aNMj+4gSHaSUOG78r3VwAHLOXNez67xFpKMa/IQfQhj2Zng8142hhL4hPyNtuTOK3oVvPjZtAfbfxesUi+Zx2VhaJsnmj6J4gAOWU9nVpol67V0hNSD4LMUOZwwPst11IyJsXjkKKY0iy7ykFMTk6KalkVUqlYOmQRIXtBE9sD4esC+FGH1ONi3n0tbG7YivmV3YSmxk0RvQ/YlKGOchKpPH/bzN/X+NZh6A3Uk5uDsqU+GOjfDY2yIgetw4FAQ42YMxNmTJjq6MpcaETb5eQm8wee4QaVODocXHyknfWs6FYGNUjQpYp3+zxKJovHuKQcFgug3t8Si5hKnQz6KDZNaoDE0UMBR2ABbAX1Bcvu0lLHzaPXpGfXyoAe+B3MwF9/TTVkCNNYhNKm63P7qUuIbKLLCDXH6e4y5YiIF8Sl9jF/kR8v8MbLgrAROx8NlTm5CqNhQWOPQQyQXvXEl5hwHyF9ptrXUB9wIe,iv:6Lzbf+DBTfaZj7NhTJ07dVPuaViP61V4N2QHPTEFzMQ=,tag:8t4c0DJmAwg/0qRLBW4vCQ==,type:str]
sops:
age:
- recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYU1MR2w4Njh2cVBocmJq
YkxvSmVsWDdGT0h0S3NSbDYxb21EVTlxT21nCjB3WlVmK0hkR1B6Z2lhbndvNFdC
aE9YMHphU1JoV2hwZ0RITXhHZnJmeTAKLS0tIDk4akc0T1FvbURLRFpXNHlRQ3Vx
TUZMTENMbVNjeVFxMGVSc2FpZ0dXcDgKcacaFS2diAKeKwmVz7KghKjkNI2ij4Ns
fYSd8sq/bEDTvn1wNpF1zLmzX9jmoXc5iORuRKaYcT8OaoUX7SsFvQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNlhkZzFoa21tR244dVJ0
cXJWbDA0eVBrZWU4QVRVQm85bVVScFdYbHdnCjRWQWRNajIyQ0JoYTFFQ3RsOFA4
cTZGNVhCN2k0NHBMb1Z4VmVqRzNjbEkKLS0tIFhJTVBCM0E4dTkweld6WUx5Z1hQ
WXdwVFJ3cXQzUnFPUnV2NzdqcWwwZkkKqS9IQpB/MjnsVQ4IfIRtH6FESzLkdHq/
GJnMHt0VcLt/gYrz+lrPc1ecQwNvVGH2Qt++BbSJxUFftoDLdEMlig==
-----END AGE ENCRYPTED FILE-----
- recipient: age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcVZPWVNBc1pFWm8zN3hm
M1RtenlCbGl3Q0xhWlRWN1BmOUNDK3I0cVQwCk82Vm5IcmZZeVRBdlVUb0NtTXdz
QTlVMEhCWkpJN0JOM09mSGtqbzl5ZUkKLS0tIE4vTGhEQlRDZ1Vma0VEQ0xtcU9V
MitPc29VYUV3UmJSNXdmMUhwck9MOXMKLXHEKpNvzModiTR1Q6cE1xKSGewV/9PJ
rEbTgsa0E9C4vm5sDKjSjuvpSF9tNOSByf5So5kzX0ZTxgjdTjsFbw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeUlIL2QxQlhGN3RqOFZR
K1p1bjc5R00yclEzL0hYY0c2OFJhRmN4Y0JvCkpIL0Q4Y1Nic3pFYjNIM1hMK2w2
cFNGNVhHcW85R2loZ3JveVVZNGptd1kKLS0tIGYvYjlTMzRzUUNlM3padDJHNkFm
VGJHL2c4Z05pTWlxellFMG4rRlp1MkUK4mwb2jMlfHb0ISInZKwbm9+EqBzWfZNU
+L/WahvTo4Fe9uSOJffpSMleH0ZJS35loCJE5WIdmGnRQB6Mw7LWag==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR3FWcElFL2RBRmdFS1cy
emRTM201a1ltWndUcDJ5RXptd1RTNHdvWXpNCkxBTXZCNUxvd1dXMDhHK0ZFVUI1
c2VkRlJJbDNYSzF0djJXN0J4YXltam8KLS0tIEFTZjdWd0NQTVEyU1Q4UCtQVGhy
K3VUdlpjd0M3RVBHOVVjc04yZzV4UkUKcB8r+FiqZqwsxj40hCtVePnfIZ3S8DFR
tgSRDMp8eEm6vXHbbf49E/cpV4iBwVel9zAe64tYs7atk9dcgMmOpw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TkVLUnFDMnVoT3BUM0kr
ZU5hZE1teGF1M21SbmY5MHZTMytKeWpkYnk0CmkwNXlBMDR1cEp2MkZPeWUyU0hZ
Wlp4SFIwZUNQa25BRENsYWNoZmZoNjQKLS0tIEtIU3NRVS94SW80VXVGZy9hRkNQ
QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-04T01:05:13Z"
mac: ENC[AES256_GCM,data:/wuo0bg48xlbP074JJ0rtmclWMG9vjlJnWjJnUaz45m+Gqj4IzA5ctSZdNnFTb7/CXkynJdFHme4/Nz8I/6+zzTFBeo/nVw43s1n0XmMqVYb2U/FTikvCMowHNnfMTY5Q83jD1MtE3XsRSCzxe649D4Zbcja8XG42v5rOt3geMA=,iv:n/yFp5f+LK8JaikifjRuieNtmcazl2VNz8rIzbvgBO8=,tag:Fs4+St1lxMn+VdEoP+Eo8g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

10
users/modules/basics.nix Normal file
View File

@ -0,0 +1,10 @@
{
programs = {
fd.enable = true;
fzf.enable = true;
home-manager.enable = true;
htop.enable = true;
jq.enable = true;
ripgrep.enable = true;
};
}

25
users/modules/bat.nix Normal file
View File

@ -0,0 +1,25 @@
{
pkgs,
config,
lib,
...
}:
with lib; let
cfg = config.modules.bat;
in {
options.modules.bat.extras = mkEnableOption "Enables extra packages for bat.";
config.programs.bat = {
enable = true;
config = {
theme = "Nord";
map-syntax = [
".spacemacs*:Lisp"
];
};
extraPackages = mkIf cfg.extras (with pkgs.bat-extras; [
batman
batpipe
batgrep
]);
};
}

24
users/modules/btop.nix Normal file
View File

@ -0,0 +1,24 @@
{pkgs, ...}: {
programs.btop = {
enable = true;
package = pkgs.btop.override {
rocmSupport = true;
cudaSupport = true;
};
settings = {
color_theme = "${pkgs.btop}/share/btop/themes/nord.theme";
cpu_bottom = false;
cpu_sensor = "auto";
io_graph_combined = false;
io_mode = true;
only_physical = true;
proc_tree = true;
rounded_corners = true;
show_disks = true;
show_gpu_info = "on";
show_uptime = true;
theme_background = true;
vim_keys = false;
};
};
}

16
users/modules/default.nix Normal file
View File

@ -0,0 +1,16 @@
{
imports = [
./basics.nix
./bat.nix
./btop.nix
./direnv.nix
./eza.nix
./mopidy.nix
./nh.nix
./shell
./ssh.nix
./tealdeer.nix
./tmux.nix
./vcs
];
}

7
users/modules/direnv.nix Normal file
View File

@ -0,0 +1,7 @@
{
programs.direnv = {
enable = true;
config.global.load_dotenv = true;
nix-direnv.enable = true;
};
}

36
users/modules/emacs.nix Normal file
View File

@ -0,0 +1,36 @@
{
pkgs,
config,
lib,
...
}: let
emacsDefaultPackage = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (
epkgs: [
epkgs.vterm
epkgs.mu4e
epkgs.pdf-tools
]
));
cfg = config.modules.emacs;
in {
options.modules.emacs = {
enable = lib.mkEnableOption "enables Emacs";
package = lib.mkOption {
type = lib.types.package;
default = emacsDefaultPackage;
};
service = lib.mkEnableOption "enables Emacs service";
};
config = {
programs.emacs = lib.mkIf cfg.enable {
enable = true;
inherit (cfg) package;
};
services.emacs = lib.mkIf cfg.service {
enable = true;
inherit (cfg) package;
startWithUserSession = "graphical";
};
};
}

4739
users/modules/emoji.nix Normal file
View File

File diff suppressed because it is too large Load Diff

8
users/modules/eza.nix Normal file
View File

@ -0,0 +1,8 @@
{
programs.eza = {
enable = true;
colors = "auto";
icons = "auto";
git = true;
};
}

8
users/modules/hyprland.nix Normal file
View File

@ -0,0 +1,8 @@
{
imports = [../../programs/hyprland.nix];
modules.hyprland = {
enable = true;
config = builtins.readFile ./config/hypr/hyprland.conf;
waybar.style = ./config/waybar/style.css;
};
}

6
users/modules/kdeconnect.nix Normal file
View File

@ -0,0 +1,6 @@
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}

89
users/modules/kitty.nix Normal file
View File

@ -0,0 +1,89 @@
{
programs.kitty = {
enable = true;
settings = {
enable_audio_bell = true;
enabled_layouts = "fat,fat:mirrored=true,tall,tall:mirrored=true";
kitty_mod = "ctrl+shift";
};
keybindings = {
"alt+c" = "copy_to_clipboard";
"kitty_mod+c" = "copy_to_clipboard";
"alt+v" = "paste_from_clipboard";
"kitty_mod+v" = "paste_from_clipboard";
"kitty_mod+s>c" = "show_scrollback";
"kitty_mod+s>down" = "scroll_line_down";
"kitty_mod+s>t" = "scroll_line_down";
"kitty_mod+s>up" = "scroll_line_up";
"kitty_mod+s>s" = "scroll_line_up";
"kitty_mod+s>end" = "scroll_end";
"kitty_mod+s>home" = "scroll_home";
"kitty_mod+s>page_down" = "scroll_page_down";
"kitty_mod+s>page_up" = "scroll_page_up";
"kitty_mod+enter" = "new_window";
"kitty_mod+w>q" = "close_window";
"kitty_mod+w>p" = "next_window";
"kitty_mod+w>n" = "previous_window";
"kitty_mod+w>f" = "move_window_forward";
"kitty_mod+w>b" = "move_window_backward";
"kitty_mod+w>t" = "move_window_to_top";
"kitty_mod+w>r" = "start_resizing_window";
"kitty_mod+w>1" = "first_window";
"kitty_mod+w>2" = "second_window";
"kitty_mod+w>3" = "third_window";
"kitty_mod+w>4" = "fourth_window";
"kitty_mod+w>5" = "fifth_window";
"kitty_mod+w>6" = "sixth_window";
"kitty_mod+w>7" = "seventh_window";
"kitty_mod+w>8" = "eighth_window";
"kitty_mod+w>9" = "ninth_window";
"kitty_mod+w>0" = "tenth_window";
"kitty_mod+tab>n" = "next_tab";
"kitty_mod+tab>p" = "previous_tab";
"kitty_mod+tab>c" = "new_tab";
"kitty_mod+tab>q" = "close_tab";
"kitty_mod+tab>shift+n" = "move_tab_backward";
"kitty_mod+tab>shift+p" = "move_tab_forward";
"kitty_mod+tab>t" = "set_tab_title";
"kitty_mod+l" = "next_layout";
"kitty_mod+f>equal" = "change_font_size all 0";
"kitty_mod+f>kp_add" = "change_font_size all +2.0";
"kitty_mod+f>plus" = "change_font_size all +2.0";
"kitty_mod+f>kp_subtract" = "change_font_size all -2.0";
"kitty_mod+f>minus" = "change_font_size all -2.0";
"kitty_mod+shift+h" = "kitten hints";
"kitty_mod+h>p" = "kitten hints --type path --program -";
"kitty_mod+h>shift+p" = "kitten hints --type path";
"kitty_mod+h>l" = "kitten hints --type line --program -";
"kitty_mod+h>w" = "kitten hints --type word --program -";
"kitty_mod+h>h" = "kitten hints --type hash --program -";
"kitty_mod+h>n" = "kitten hints --type linenum";
"kitty_mod+h>y" = "kitten hints --type hyperlink";
"kitty_mod+f10" = "toggle_maximized";
"kitty_mod+f11" = "toggle_fullscreen";
"kitty_mod+a>equal" = "set_background_opacity 1";
"kitty_mod+a>d" = "set_background_opacity default";
"kitty_mod+a>plus" = "set_background_opacity +0.1";
"kitty_mod+a>up" = "set_background_opacity +0.1";
"kitty_mod+a>kp_add" = "set_background_opacity +0.1";
"kitty_mod+a>minus" = "set_background_opacity -0.1";
"kitty_mod+a>down" = "set_background_opacity -0.1";
"kitty_mod+a>kp_substract" = "set_background_opacity -0.1";
"kitty_mod+delete" = "clear_terminal reset active";
"kitty_mod+escape" = "kitty_shell window";
"kitty_mod+f2" = "edit_config_file";
"kitty_mod+n" = "new_os_window";
"kitty_mod+o" = "pass_selection_to_program";
"kitty_mod+u" = "kitten unicode_input";
};
};
}

60
users/modules/mbsync.nix Normal file
View File

@ -0,0 +1,60 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.mbsync;
in {
options.modules.mbsync = {
enable = mkEnableOption "Enables mbsync";
passwordFile = mkOption {
type = types.str;
example = "/var/email/password";
};
service.enable = mkOption {
type = types.bool;
default = true;
};
host = mkOption {
type = types.str;
default = "mail.phundrak.com";
};
user = mkOption {
type = types.str;
default = "lucien@phundrak.com";
};
};
config = mkIf cfg.enable {
systemd.user.services.mbsync.unitConfig.After = ["sops-nix.service"];
services.mbsync.enable = cfg.service.enable;
programs.mbsync = {
enable = true;
extraConfig = ''
IMAPAccount Main
Host ${cfg.host}
User ${cfg.user}
PassCmd "cat ${cfg.passwordFile}"
SSLType IMAPS
SSLVersion TLSv1.2
CertificateFile /etc/ssl/certs/ca-certificates.crt
IMAPStore main-remote
Account Main
MaildirStore main-local
Subfolders Verbatim
Path ~/Mail/
Inbox ~/Mail/Inbox
Channel main
Far :main-remote:
Near :main-local:
Create Both
SyncState *
Patterns *
'';
};
};
}

46
users/modules/mopidy.nix Normal file
View File

@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.modules.mopidy;
in {
options.modules.mopidy = {
enable = mkEnableOption "Enables Mopidy.";
};
config.services.mopidy = mkIf cfg.enable {
inherit (cfg) enable;
extensionPackages = with pkgs; [
mopidy-bandcamp
mopidy-mpd
mopidy-mpris
mopidy-muse
mopidy-notify
mopidy-spotify
];
extraConfigFiles = [
config.sops.secrets."mopidy/bandcamp".path
config.sops.secrets."mopidy/spotify".path
];
settings = {
mpd = {
enabled = true;
hostname = "::";
port = 6600;
};
mpris.enabled = true;
muse = {
enabled = true;
mopidy_host = "localhost";
mopidy_port = 6690;
mopidy_ssl = false;
snapcast_host = "localhost";
snapcast_port = 1780;
snapcast_ssl = false;
};
};
};
}

21
users/modules/mpd.nix Normal file
View File

@ -0,0 +1,21 @@
{
services.mpd = {
enable = true;
musicDirectory = "/home/phundrak/Music";
playlistDirectory = "/home/phundrak/Music/playlists";
extraConfig = ''
follow_outside_symlinks "yes"
follow_inside_symlinks "yes"
bind_to_address "localhost"
auto_update "yes"
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
'';
};
}

60
users/modules/mpv.nix Normal file
View File

@ -0,0 +1,60 @@
{pkgs, ...}: {
programs.mpv = {
enable = true;
config = {
force-window = "immediate";
ytdl-format = "bestvideo[height<=1080]+bestaudio";
force-seekable = true; # force streams to be seekable
cache-default = 4000000;
slang = "jpn,jp,eng,en,fra,fr";
alang = "eng,en,fra,fr";
gpu-api = "vulkan";
osc = true;
profile = "gpu-hq";
geometry = "50%x50%";
autofit-larger = "90%x90%";
# Screenshots
screenshot-format = "png";
screenshot-high-bit-depth = true;
screenshot-png-compression = 6;
screenshot-directory = "~/Pictures/Screenshots/mpv";
deband = true;
deband-iterations = 2;
deband-threshold = 35;
deband-range = 20;
deband-grand = 5;
dither-depth = "auto";
sub-auto = "fuzzy";
scale = "ewa_lanczossharp";
dscale = "mitchel";
cscale = "ewa_lanczossharp";
};
scripts = with pkgs.mpvScripts; [
crop
encode
inhibit-gnome
mpris
mpv-cheatsheet
quality-menu
sponsorblock
thumbfast
# twitch-chat
youtube-chat
youtube-upnext
];
bindings = {
Q = "quit-watch-later";
P = "show-progress";
"/" = "add volume -2";
"*" = "add volume 2";
m = "cycle mute";
M = "vf toggle hflip";
"Ctrl+r" = "cycle_values video-rotate \"90\" \"180\" \"270\" \"0\"";
};
};
}

20
users/modules/nh.nix Normal file
View File

@ -0,0 +1,20 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.nh;
in {
options.modules.nh.flake = mkOption {
type = types.path;
default = "/home/phundrak/.dotfiles";
example = "/etc/nixos";
};
config.programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 15d --keep 5";
inherit (cfg) flake;
};
}

3
users/modules/qt.nix Normal file
View File

@ -0,0 +1,3 @@
{
qt.enable = true;
}

43
users/modules/shell/bash.nix Normal file
View File

@ -0,0 +1,43 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.bash;
in {
options.modules.bash = {
enable = lib.mkEnableOption "enables bash";
aliases = lib.mkOption {
type = types.attrsOf types.str;
default = {};
example = {
cp = "cp -i";
lns = "ln -si";
};
};
bashrcExtra = lib.mkOption {
type = types.lines;
default = "";
};
};
config = lib.mkIf cfg.enable {
programs.bash = {
enable = true;
shellAliases = cfg.aliases;
shellOptions = [
"histappend"
"cmdhist"
"lithist"
"checkwinsize"
"extglob"
"globstar"
"checkjobs"
"autocd"
"cdspell"
"dirspell"
];
};
};
}

124
users/modules/shell/default.nix Normal file
View File

@ -0,0 +1,124 @@
{
config,
lib,
...
}:
with lib; let
aliases = {
df = "df -H";
diskspace = "sudo df -h | grep -E \"sd|lv|Size\"";
du = "du -ch";
meminfo = "free -m -l -t";
gpumeminfo = "grep -i --color memory /var/log/Xorg.0.log";
cpuinfo = "lscpu";
pscpu = "ps auxf | sort -nr -k 3";
pscpu10 = "ps auxf | sort -nr -k 3 | head -10";
psmem = "ps auxf | sort -nr -k 4";
psmem10 = "ps auxf | sort -nr -k 4 | head -10";
s = "systemctl";
dc = "docker compose";
dcd = "docker compose down";
dcl = "docker compose logs";
dclf = "docker compose logs -f";
dcp = "docker compose pull";
dcu = "docker compose up";
dcud = "docker compose up -d";
dcudp = "docker compose up -d --pull=always";
dcr = "docker compose restart";
enw = "emacsclient -nw";
e = "emacsclient -n -c";
cp = "cp -i";
rsync = "rsync -Pa --progress";
ln = "ln -i";
lns = "ln -si";
mv = "mv -i";
rm = "rm -Iv";
rmd = "rm --preserve-root -Irv";
rmdf = "rm --preserve-root -Irfv";
rmf = "rm --preserve-root -Ifv";
chgrp = "chgrp --preserve-root -v";
chmod = "chmod --preserve-root -v";
chown = "chown --preserve-root -v";
lsl = "eza -halg@ --group-directories-first --git";
flac = "yt-dlp -x --audio-format flac --audio-quality 0 o \"~/Music/%(uploader)s/%(title)s.%(ext)s\"";
please = "sudo -A";
wget = "wget --hsts-file=\"$XDG_DATA_HOME/wget-hsts\" -c";
};
cfg = config.modules.shell;
in {
imports = [
./bash.nix
./fish.nix
./starship.nix
./zsh.nix
];
options.modules.shell = {
enableBash = mkOption {
type = types.bool;
default = true;
description = "enables bash";
};
enableFish = mkOption {
type = types.bool;
default = true;
description = "enables fish";
};
enableZsh = mkOption {
type = types.bool;
default = true;
description = "enables zsh";
};
starship = {
enable = mkEnableOption "Enables the starship prompt.";
jjIntegration = mkEnableOption "Enables Jujutsu integration in starship.";
};
zoxide = {
enable = mkOption {
type = types.bool;
default = true;
description = "enables zoxide";
};
replaceCd = mkOption {
type = types.bool;
default = true;
description = "makes zoxide replace cd";
};
};
};
config = {
home.shell = {
enableFishIntegration = mkDefault cfg.enableFish;
enableBashIntegration = mkDefault cfg.enableBash;
enableZshIntegration = mkDefault cfg.enableZsh;
};
modules = {
fish = {
enable = mkDefault cfg.enableFish;
abbrs = mkDefault aliases;
};
bash = {
enable = mkDefault cfg.enableBash;
aliases = mkDefault aliases;
};
zsh = {
enable = mkDefault cfg.enableZsh;
abbrs = mkDefault aliases;
};
inherit (cfg) starship;
};
programs.zoxide = mkIf cfg.zoxide.enable {
enable = true;
options = mkIf cfg.zoxide.replaceCd [
"--cmd cd"
];
};
};
}

75
users/modules/shell/fish.nix Normal file
View File

@ -0,0 +1,75 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.modules.fish;
in {
options.modules.fish = {
enable = lib.mkEnableOption "enables fish";
abbrs = lib.mkOption {
type = types.attrsOf types.str;
default = {};
example = {
cp = "cp -i";
lns = "ln -si";
};
};
};
config = lib.mkIf cfg.enable {
programs.fish = {
enable = true;
shellAbbrs = cfg.abbrs;
preferAbbrs = true;
shellInit = ''
function fish_command_not_found
__fish_default_command_not_found_handler $argv
end
'';
plugins = [
{
name = "bass";
inherit (pkgs.fishPlugins.bass) src;
# src = pkgs.fishPlugins.bass.src;
}
{
name = "colored-man-pages";
inherit (pkgs.fishPlugins.colored-man-pages) src;
}
{
name = "done";
inherit (pkgs.fishPlugins.done) src;
}
{
name = "fzf";
inherit (pkgs.fishPlugins.fzf) src;
}
{
name = "pisces";
inherit (pkgs.fishPlugins.pisces) src;
}
{
name = "getopts.fish";
src = pkgs.fetchFromGitHub {
owner = "jorgebucaran";
repo = "getopts.fish";
rev = "4b74206725c3e11d739675dc2bb84c77d893e901";
sha256 = "9hRFBmjrCgIUNHuOJZvOufyLsfreJfkeS6XDcCPesvw=";
};
}
{
name = "replay.fish";
src = pkgs.fetchFromGitHub {
owner = "jorgebucaran";
repo = "replay.fish";
rev = "d2ecacd3fe7126e822ce8918389f3ad93b14c86c";
sha256 = "TzQ97h9tBRUg+A7DSKeTBWLQuThicbu19DHMwkmUXdg=";
};
}
];
};
};
}

45
users/modules/shell/starship.nix Normal file
View File

@ -0,0 +1,45 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.starship;
in {
options.modules.starship = {
enable = mkEnableOption "Enables the starship prompt.";
jjIntegration = mkEnableOption "Enables Jujutsu integration in starship.";
};
config.programs.starship = mkIf cfg.enable {
inherit (cfg) enable;
enableTransience = true;
settings.custom = {
jj = {
description = "The current jj status";
detect_folders = [".jj"];
symbol = "🥋 ";
command = ''
jj log --revisions @ --no-graph --ignore-working-copy --color always --limit 1 --template '
separate(" ",
change_id.shortest(4),
bookmarks,
"|",
concat(
if(conflict, "💥"),
if(divergent, "🚧"),
if(hidden, "👻"),
if(immutable, "🔒"),
),
raw_escape_sequence("\x1b[1;32m") ++ if(empty, "(empty)"),
raw_escape_sequence("\x1b[1;32m") ++ coalesce(
truncate_end(29, description.first_line(), ""),
"(no description set)",
) ++ raw_escape_sequence("\x1b[0m"),
)
'
'';
};
};
};
}

96
users/modules/shell/zsh.nix Normal file
View File

@ -0,0 +1,96 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.modules.zsh;
in {
options.modules.zsh = {
enable = lib.mkEnableOption "enables zsh";
abbrs = lib.mkOption {
type = types.attrsOf types.str;
default = {};
example = {
cp = "cp -i";
lns = "ln -si";
};
};
zshrcExtra = lib.mkOption {
type = types.lines;
default = ''
bindkey -e
bindkey '^p' history-search-backward
bindkey '^n' history-search-forward
# Completion styling
zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}'
zstyle ':completion:*' list-colors "''${(s.:.)LS_COLORS}"
zstyle ':completion:*' menu no
zstyle ':fzf-tab:complete:cd:*' fzf-preview '${pkgs.eza}/bin/eza $realpath'
'';
};
};
config.programs.zsh = lib.mkIf cfg.enable {
enable = true;
autocd = true;
autosuggestion = {
enable = true;
strategy = ["match_prev_cmd" "completion"];
};
enableCompletion = true;
history = {
findNoDups = true;
ignoreAllDups = true;
ignoreDups = true;
ignoreSpace = true;
path = "${config.xdg.dataHome}/zsh/zsh_history";
saveNoDups = true;
};
historySubstringSearch.enable = true;
initContent = cfg.zshrcExtra;
oh-my-zsh = {
enable = true;
plugins = [
"dirhistory"
"sudo"
];
};
plugins = [
{
name = "fzf-tab";
src = pkgs.fetchFromGitHub {
owner = "Aloxaf";
repo = "fzf-tab";
rev = "v1.2.0";
sha256 = "sha256-q26XVS/LcyZPRqDNwKKA9exgBByE0muyuNb0Bbar2lY=";
};
}
{
name = "auto-notify";
src = pkgs.fetchFromGitHub {
owner = "MichaelAquilina";
repo = "zsh-auto-notify";
rev = "0.11.0";
sha256 = "sha256-8r5RsyldJIzlWr9+G8lrkHvJ8KxTVO859M//wDnYOUY=";
};
}
{
name = "zsh-autopair";
src = pkgs.fetchFromGitHub {
owner = "hlissner";
repo = "zsh-autopair";
rev = "449a7c3d095bc8f3d78cf37b9549f8bb4c383f3d";
sha256 = "sha256-3zvOgIi+q7+sTXrT+r/4v98qjeiEL4Wh64rxBYnwJvQ=";
};
}
];
syntaxHighlighting.enable = true;
zsh-abbr = {
enable = true;
abbreviations = cfg.abbrs;
};
};
}

23
users/modules/ssh.nix Normal file
View File

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.modules.ssh;
in {
options.modules.ssh = {
enable = mkEnableOption "enables SSH";
hosts = mkOption {
type = types.nullOr types.path;
default = null;
};
};
config = {
programs.ssh = mkIf cfg.enable {
enable = true;
includes = mkIf (cfg.hosts != null) [cfg.hosts];
};
};
}

6
users/modules/tealdeer.nix Normal file
View File

@ -0,0 +1,6 @@
{
programs.tealdeer = {
enable = true;
enableAutoUpdates = true;
};
}

86
users/modules/tmux.nix Normal file
View File

@ -0,0 +1,86 @@
{pkgs, ...}: {
programs.tmux = {
enable = true;
baseIndex = 1;
clock24 = true;
customPaneNavigationAndResize = true;
keyMode = "vi";
mouse = true;
newSession = true;
prefix = "M-space";
plugins = with pkgs.tmuxPlugins; [
cpu
nord
prefix-highlight
resurrect
sensible
yank
];
extraConfig = ''
set-option -sa terminal-overrides ",xterm*:Tc"
unbind C-b
bind-key -T prefix « select-window -p
bind-key -T prefix » select-window -n
bind-key -T prefix Tab switch-client -T windows
bind-key -T prefix w switch-client -T pane
bind-key -T prefix y switch-client -T copy-mode
bind-key -T pane / split-window -h -c "#{pane-current_path}"
bind-key -T pane - split-window -v -c "#{pane-current_path}"
bind-key -T pane c select-pane -L
bind-key -T pane t select-pane -D
bind-key -T pane s select-pane -U
bind-key -T pane r select-pane -R
bind-key -T pane f resize-pane -Z
bind-key -T pane . switch-client -T pane-resize
bind-key -T pane-resize c resize-pane -L 5\; switch-client -T pane-resize
bind-key -T pane-resize t resize-pane -D 5\; switch-client -T pane-resize
bind-key -T pane-resize s resize-pane -U 5\; switch-client -T pane-resize
bind-key -T pane-resize r resize-pane -R 5\; switch-client -T pane-resize
bind-key -T pane-resize C resize-pane -L\; switch-client -T pane-resize
bind-key -T pane-resize T resize-pane -D\; switch-client -T pane-resize
bind-key -T pane-resize S resize-pane -U\; switch-client -T pane-resize
bind-key -T pane-resize R resize-pane -R\; switch-client -T pane-resize
bind-key -T windows c new-window
bind-key -T windows n next-window
bind-key -T windows p previous-window
bind-key -T windows \" select-window -t :=1
bind-key -T windows « select-window -t :=2
bind-key -T windows » select-window -t :=3
bind-key -T windows ( select-window -t :=4
bind-key -T windows ) select-window -t :=5
bind-key -T windows @ select-window -t :=6
bind-key -T windows + select-window -t :=7
bind-key -T windows - select-window -t :=8
bind-key -T windows / select-window -t :=9
bind-key -T windows * select-window -t :=10
unbind -T copy-mode-vi H
unbind -T copy-mode-vi J
unbind -T copy-mode-vi K
unbind -T copy-mode-vi L
unbind -T copy-mode-vi h
unbind -T copy-mode-vi j
unbind -T copy-mode-vi k
unbind -T copy-mode-vi l
bind-key -T copy-mode-vi v send-keys -X begin-selection
bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle
bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel
bind-key -T copy-mode-vi C send-keys -X top-line
bind-key -T copy-mode-vi J send-keys -X jump-to-backward
bind-key -T copy-mode-vi S send-keys -X scroll-up
bind-key -T copy-mode-vi R send-keys -X bottom-line
bind-key -T copy-mode-vi T send-keys -X scroll-down
bind-key -T copy-mode-vi c send-keys -X cursor-left
bind-key -T copy-mode-vi t send-keys -X cursor-down
bind-key -T copy-mode-vi s send-keys -X cursor-up
bind-key -T copy-mode-vi r send-keys -X cursor-right
'';
};
}

112
users/modules/vcs/default.nix Normal file
View File

@ -0,0 +1,112 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.modules.vcs;
in {
imports = [./git.nix ./jujutsu.nix];
options.modules.vcs = {
git = {
enable = mkEnableOption "enables git";
sendmail = {
enable = mkOption {
type = types.bool;
default = true;
};
server = mkOption {
type = types.nullOr types.str;
default = "mail.phundrak.com";
};
user = mkOption {
type = types.nullOr types.str;
default = null;
};
encryption = mkOption {
type = types.enum ["tls" "ssl" "none"];
default = "none";
};
port = mkOption {
type = types.nullOr types.int;
default = 587;
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a file containing the password necessary for authenticating
against the mailserver.
This file should contain the password only, with no newline.
'';
};
};
browser = mkOption {
type = types.nullOr types.str;
example = "${pkgs.firefox}/bin/firefox";
default = null;
};
completeConfig = mkEnableOption "Complete configuration for workstations";
mergeTool = mkOption {
type = types.str;
default = "ediff";
};
emacs = {
integration = mkEnableOption "enables Emacs integration";
pkg = mkOption {
type = types.package;
default = pkgs.emacs;
};
};
};
jj.enable = mkEnableOption "enables jujutsu";
name = mkOption {
type = types.str;
default = "Lucien Cartier-Tilet";
};
email = mkOption {
type = types.str;
default = "lucien@phundrak.com";
};
editor = mkOption {
type = types.str;
default = "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs";
};
publicKey = {
content = mkOption {
type = types.nullOr types.str;
example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGj+J6N6SO+4P8dOZqfR1oiay2yxhhHnagH52avUqw5h";
default = null;
};
file = mkOption {
type = with types; nullOr path;
default = "/home/phundrak/.ssh/id_ed25519.pub";
};
};
};
config = lib.mkIf (cfg.git.enable || cfg.jj.enable) {
home.file.".ssh/allowed_signers".text = mkIf (cfg.publicKey.content != null) (mkDefault ''
${cfg.email} namespaces="git" ${cfg.publicKey.content}
'');
modules = {
git = mkIf cfg.git.enable {
inherit (cfg.git) enable sendmail browser completeConfig emacs mergeTool;
inherit (cfg) email name editor;
publicKeyFile = cfg.publicKey.file;
};
jj = mkIf cfg.jj.enable {
inherit (cfg.jj) enable;
inherit (cfg) name email editor;
signing.enable = cfg.publicKey.content != null;
signing.sshKey =
if (cfg.publicKey.file == null)
then cfg.publicKey.content
else cfg.publicKey.file;
};
};
};
}

273
users/modules/vcs/git.nix Normal file
View File

@ -0,0 +1,273 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
cfg = config.modules.git;
in {
options.modules.git = {
enable = mkEnableOption "enables git";
email = mkOption {
type = types.str;
default = "lucien@phundrak.com";
};
name = mkOption {
type = types.str;
default = "Lucien Cartier-Tilet";
};
sendmail = {
enable = mkOption {
type = types.bool;
default = true;
};
server = mkOption {
type = types.nullOr types.str;
default = "mail.phundrak.com";
};
user = mkOption {
type = types.nullOr types.str;
default = null;
};
encryption = mkOption {
type = types.enum ["tls" "ssl" "none"];
default = "none";
};
port = mkOption {
type = types.nullOr types.int;
default = 587;
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a file containing the password necessary for authenticating
against the mailserver.
This file should contain the password only, with no newline.
'';
};
};
browser = mkOption {
type = types.nullOr types.str;
example = "${pkgs.firefox}/bin/firefox";
default = null;
};
completeConfig = mkEnableOption "Complete configuration for workstations";
emacs = {
integration = mkEnableOption "enables Emacs integration";
pkg = mkOption {
type = types.package;
default = pkgs.emacs;
};
};
mergeTool = mkOption {
type = types.str;
default = "ediff";
};
editor = mkOption {
type = types.str;
default = "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs";
};
publicKeyFile = mkOption {
type = types.nullOr types.str;
default = null;
};
};
config = lib.mkIf cfg.enable {
programs.git = let
smtpEmail =
if (cfg.sendmail.user == null)
then cfg.email
else cfg.sendmail.user;
in {
enable = true;
userEmail = cfg.email;
userName = cfg.name;
extraConfig = {
color.ui = "auto";
column.ui = "auto";
tag.sort = "version:refname";
core = mkIf cfg.completeConfig {
compression = 9;
inherit (cfg) editor;
whitespace = "fix,-indent-with-non-tab,trailing-space";
preloadindex = true;
};
status = {
branch = true;
showStash = true;
};
diff = {
algorithm = "histogram";
colorMoved = "plain";
mnemonicPrefix = true;
renames = "copy";
interHunkContext = 10;
};
commit.gpgsign = cfg.publicKeyFile != null;
gpg.format = "ssh";
gpg.ssh.allowedSignersFile = (mkIf (cfg.publicKeyFile != null)) "~/.ssh/allowed_signers";
init.defaultBranch = "main";
pull.rebase = true;
push = {
default = "simple";
autoSetupRemote = true;
followTags = true;
};
rebase = {
autoSquash = true;
autoStash = true;
missingCommitsCheck = "warn";
updateRefs = true;
};
help.autocorrect = "prompt";
user.signingkey = mkIf (cfg.publicKeyFile != null) cfg.publicKeyFile;
web.browser = mkIf (cfg.browser != null) cfg.browser;
sendemail = mkIf cfg.sendmail.enable {
smtpserver = cfg.sendmail.server;
smtpuser = smtpEmail;
smtpencryption = cfg.sendmail.encryption;
smtpserverport = cfg.sendmail.port;
};
credentials = mkIf (cfg.sendmail.passwordFile != null) {
"smtp://${smtpEmail}@${cfg.sendmail.server}:${toString cfg.sendmail.port}" = {
helper = "cat ${cfg.sendmail.passwordFile}";
};
};
magithub = mkIf cfg.emacs.integration {
online = true;
"status" = {
includeStatusHeader = true;
includePullRequestsSection = true;
includeIssuesSection = true;
};
};
merge = {
tool = mkIf cfg.completeConfig cfg.mergeTool;
conflictstyle = "zdiff3";
};
mergetool.ediff.cmd = mkIf (cfg.emacs.integration && cfg.completeConfig) "\"${cfg.emacs.pkg} --eval \" (progn (defun ediff-write-merge-buffer () (let ((file ediff-merge-store-file)) (set-buffer ediff-buffer-C) (write-region (point-min) (point-max) file) (message \\\"Merge buffer saved in: %s\\\" file) (set-buffer-modified-p nil) (sit-for 1))) (setq ediff-quit-hook 'kill-emacs ediff-quit-merge-hook 'ediff-write-merge-buffer) (ediff-merge-files-with-ancestor \\\"$LOCAL\\\" \\\"$REMOTE\\\" \\\"$BASE\\\" nil \\\"$MERGED\\\"))\"\"";
github.user = "phundrak";
url = {
"https://phundrak@github.com" = {
insteadOf = "https://github.com";
};
"https://phundrak@labs.phundrak.com" = {
insteadOf = "https://labs.phundrak.com";
};
"https://github.com/RustSec/advisory-db" = {
insteadOf = "https://github.com/RustSec/advisory-db";
};
"git@github.com:Phundrak/" = {
insteadOf = "pg:";
};
"git@labs.phundrak.com/phundrak:" = {
insteadOf = "p:";
};
"git@github.com" = {
insteadOf = "gh:";
};
"git@labs.phundrak.com" = {
insteadOf = "labs:";
};
};
};
ignores = [
".env"
".direnv/"
"*~"
"\#*\#"
"*.elc"
"auto-save-list"
".\#*"
"*_flymake.*"
"/auto/"
".projectile"
".dir-locals.el"
"# Org mode files"
".org-id-locations"
"*_archive"
"*.out"
"*.o"
"*.so"
"# Archives"
"*.7zz"
"*.dmg"
"*.gz"
"*.iso"
"*.jar"
"*.rar"
"*.tar"
"*.zip"
"*.log"
"*.sqlite"
"dist/"
];
aliases = {
a = "add --all";
aca = "!git add --all && git commit --amend";
acan = "!git add --all && git commit --amend --no-edit";
ap = "add --patch";
b = "branch";
bd = "branch -d";
bdd = "branch -D";
c = "commit -S";
ca = "commit -Sa";
can = "commit -Sa --no-edit";
cm = "commit -Sm";
cam = "commit -Sam";
co = "checkout";
cob = "checkout -b";
cod = "checkout develop";
cl = "clone";
cl1 = "clone --depth 1";
f = "fetch";
fp = "fetch --prune";
ps = "push";
psf = "push --force-with-lease";
pso = "push origin";
psfo = "push --force-with-lease origin";
pushall = "!git remote \vert{} xargs -L1 git push";
psl = "!git remote \vert{} xargs -L1 git push";
pullall = "!git remote \vert{} xargs -L1 git pull";
pll = "!git remote \vert{} xargs -L1 git pull";
pl = "pull";
pb = "pull --rebase";
r = "rebase";
ra = "rebase --abort";
rc = "rebase --continue";
rd = "rebase develop";
ri = "rebase -i";
rmf = "rm -f";
rmd = "rm -r";
rmdf = "rm -rf";
sm = "submodule";
sms = "submodule status";
sma = "submodule add";
smu = "submodule update";
smui = "submodule update --init";
smuir = "submodule update --init --recursive";
st = "stash";
stc = "stash clear";
stp = "stash pop";
stw = "stash show";
u = "reset --";
d = "diff -w";
l = "log --all --oneline --graph --decorate --pretty=format':%C(magenta)%h %C(white) %an %ar%C(auto) %D%n%s%n'";
s = "status";
staged = "diff --cached";
upstream = "!git push -u origin HEAD";
unstage = "reset --";
};
};
};
}

55
users/modules/vcs/jujutsu.nix Normal file
View File

@ -0,0 +1,55 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
cfg = config.modules.jj;
in {
options.modules.jj = {
enable = mkEnableOption "enables jj";
name = mkOption {
type = types.str;
default = "Lucien Cartier-Tilet";
};
email = mkOption {
type = types.str;
default = "lucien@phundrak.com";
};
editor = mkOption {
type = types.str;
default = "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs";
};
signing = {
enable = mkEnableOption "enables signing jj commits";
sshKey = mkOption {
type = with types; nullOr (either path str);
example = "~/.ssh/id_ed25519.pub";
default = "~/.ssh/id_ed25519.pub";
description = "Path to the public SSH key or its content.";
};
};
};
config.programs.jujutsu = mkIf cfg.enable {
enable = true;
settings = {
user = {
inherit (cfg) name email;
};
ui = {
default-command = "st";
pager = ":builtin";
inherit (cfg) editor;
};
signing = mkIf cfg.signing.enable {
behavior = "own";
backend = "ssh";
key = cfg.signing.sshKey;
backends."ssh.allowed-signers" = "~/.ssh/allowed_signers";
backends."ssh.program" = "${pkgs.openssh}/bin/ssh-keygen";
};
};
};
}

68
users/modules/wofi.nix Normal file
View File

@ -0,0 +1,68 @@
{
programs.wofi = {
enable = true;
settings = {
modi = "ssh,drun,combi";
sidebar-mode = false;
width = 30;
line-margin = 10;
lines = 6;
columns = 2;
display-ssh = "";
display-run = "";
display-drun = "";
display-window = "";
display-combi = "";
show-icons = true;
};
# from https://github.com/alxndr13/wofi-nord-theme
style = ''
* {
font-family: "Hack", monospace;
}
window {
background-color: #3B4252;
}
#input {
margin: 5px;
border-radius: 0px;
border: none;
background-color: #3B4252;
color: white;
}
#inner-box {
background-color: #383C4A;
}
#outer-box {
margin: 2px;
padding: 10px;
background-color: #383C4A;
}
#scroll {
margin: 5px;
}
#text {
padding: 4px;
color: white;
}
#entry:nth-child(even){
background-color: #404552;
}
#entry:selected {
background-color: #4C566A;
}
#text:selected {
background: transparent;
}
'';
};
}

10
users/modules/yt-dlp.nix Normal file
View File

@ -0,0 +1,10 @@
{
programs.yt-dlp = {
enable = true;
settings = {
embed-thumbnail = true;
embed-subs = true;
sub-langs = "all";
};
};
}

249
users/phundrak/config/hypr/hyprland.conf Normal file
View File

@ -0,0 +1,249 @@
env = XCURSOR_SIZE,24
env = SDL_VIDEODRIVER,wayland
input {
kb_layout = fr
kb_variant = bepo_afnor
kb_model =
kb_options = caps:ctrl_modifier
kb_rules =
numlock_by_default = true
follow_mouse = 1
touchpad {
natural_scroll = false
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
monitor = HDMI-A-1, 2560x1080, 0x0, 1
monitor = eDP-1, 1920x1080@120, 2560x0, 1
general {
gaps_in = 5
gaps_out = 20
border_size = 2
col.active_border = rgb(81a1c1) rgb(a3be8c) 45deg
col.inactive_border = rgb(4c566a)
layout = dwindle
}
decoration {
rounding = 5
blur {
enabled = true
size = 9
passes = 1
}
shadow {
enabled = true
color = rgba(2e3440aa)
range = 4
render_power = 3
}
}
animations {
enabled = true
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
pseudotile = true
preserve_split = true
}
exec-once = wpaperd
exec-once = waybar
exec-once = pactl load-module module-switch-on-connect
exec-once = mpc stop
exec-once = xfce-polkit
exec-once = swaync
exec-once = wlsunset -l 48.5 -L 2.2 -d 1500
exec-once = nm-applet
exec-once = blueman-applet
$left = c
$right = r
$up = s
$down = t
$menu = rofi -combi-modi drun -show combi
bind = SUPER, Return, exec, kitty
bind = SUPER, Space, submap, leader
bind = , Print, submap, screenshot
submap = leader
bind = , l, exec, plock
bind = , l, submap, reset
bind = , a, submap, apps
bind = , b, submap, buffers
bind = , w, submap, windows
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = apps
bind = , b, exec, zen-browser
bind = , b, submap, reset
bind = SHIFT, b, exec, qutebrowser
bind = SHIFT, b, submap, reset
bind = , d, exec, vesktop
bind = , d, submap, reset
bind = , e, exec, emacsclient -c -n
bind = , e, submap, reset
bind = , g, exec, gimp
bind = , g, submap, reset
bind = , n, exec, nemo
bind = , n, submap, reset
bind = , r, submap, rofi
bind = , u, exec, $menu
bind = , u, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = buffers
bind = , d, killactive,
bind = , d, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = resize
binde = , $left, resizeactive, -10 0
binde = , $right, resizeactive, 10 0
binde = , $up, resizeactive, 0 -10
binde = , $down, resizeactive, 0 10
bind = , q, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = rofi
bind = , a, exec, awiki
bind = , a, submap, reset
bind = , b, exec, bluetooth-connect
bind = , b, submap, reset
bind = , e, exec, rofi-emoji
bind = , e, submap, reset
bind = , r, exec, $menu
bind = , r, submap, reset
bind = , s, exec, rofi -show ssh
bind = , s, submap, reset
bind = , y, exec, ytplay
bind = , y, submap, reset
bind = SHIFT, y, exec, rofi-ytdl
bind = SHIFT, y, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = screenshot
bind = , Print, exec, screenshot
bind = , Print, submap, reset
bind = , d, exec, screenshot -d 3
bind = , d, submap, reset
bind = Shift, d, exec, screenshot -sced 3
bind = Shift, d, submap, reset
bind = , e, exec, screenshot -sec
bind = , e, submap, reset
bind = , s, exec, screenshot -s
bind = , s, submap, reset
bind = Shift, s, exec, screenshot -sc
bind = Shift, s, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = windows
bind = , period, submap, resize
bind = , $left, movefocus, l
bind = , $left, submap, reset
bind = , $right, movefocus, r
bind = , $right, submap, reset
bind = , $up, movefocus, u
bind = , $up, submap, reset
bind = , $down, movefocus, d
bind = , $down, submap, reset
bind = SHIFT, $left, movewindow, l
bind = SHIFT, $left, submap, reset
bind = SHIFT, $right, movewindow, r
bind = SHIFT, $right, submap, reset
bind = SHIFT, $up, movewindow, u
bind = SHIFT, $up, submap, reset
bind = SHIFT, $down, movewindow, d
bind = SHIFT, $down, submap, reset
bind = CTRL_SHIFT, $left, moveworkspacetomonitor, e+0 +1
bind = CTRL_SHIFT, $left, submap, reset
bind = CTRL_SHIFT, $right, moveworkspacetomonitor, e+0 -1
bind = CTRL_SHIFT, $right, submap, reset
bind = , d, killactive,
bind = , d, submap, reset
bind = , f, fullscreen,
bind = , f, submap, reset
bind = SHIFT, f, togglefloating,
bind = SHIFT, f, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = reset
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioPause, exec, playerctl pause
bindl = , XF86AudioStop, exec, playerctl stop
bindl = , XF86AudioPrev, exec, playerctl previous
bindl = , XF86AudioNext, exec, playerctl next
bindl = , XF86AudioForward, exec, playerctl position +1
bindl = , XF86AudioRewind, exec, playerctl position -1
bindl = , XF86AudioRaiseVolume, exec, pamixer -i 2
bindl = , XF86AudioLowerVolume, exec, pamixer -d 2
bindl = , XF86MonBrightnessUp, exec, xbacklight -perceived -inc 2
bindl = , XF86MonBrightnessDown, exec, xbacklight -perceived -dec 2
bindl = , XF86KbdBrightnessUp, exec, xbacklight -perceived -inc 2
bindl = , XF86KbdBrightnessDown, exec, xbacklight -perceived -dec 2
bind = SUPER, $left, movefocus, l
bind = SUPER, $right, movefocus, r
bind = SUPER, $up, movefocus, u
bind = SUPER, $down, movefocus, d
bind = SUPER_SHIFT, $left, movewindow, l
bind = SUPER_SHIFT, $left, submap, reset
bind = SUPER_SHIFT, $right, movewindow, r
bind = SUPER_SHIFT, $right, submap, reset
bind = SUPER_SHIFT, $up, movewindow, u
bind = SUPER_SHIFT, $up, submap, reset
bind = SUPER_SHIFT, $down, movewindow, d
bind = SUPER_SHIFT, $down, submap, reset
bind = SUPER_CTRL_SHIFT, $left, moveworkspacetomonitor, e+0 +1
bind = SUPER_CTRL_SHIFT, $left, submap, reset
bind = SUPER_CTRL_SHIFT, $right, moveworkspacetomonitor, e+0 -1
bind = SUPER_CTRL_SHIFT, $right, submap, reset
bind = SUPER, Tab, cyclenext,
bind = SUPER_SHIFT, Tab, cyclenext, prev
bindm = SUPER, mouse:272, movewindow
bindm = SUPER, mouse:273, resizewindow
bind = SUPER, quotedbl, workspace, 1
bind = SUPER, guillemotleft, workspace, 2
bind = SUPER, guillemotright, workspace, 3
bind = SUPER, parenleft, workspace, 4
bind = SUPER, parenright, workspace, 5
bind = SUPER, at, workspace, 6
bind = SUPER, plus, workspace, 7
bind = SUPER, minus, workspace, 8
bind = SUPER, slash, workspace, 9
bind = SUPER, asterisk, workspace, 10
bind = SUPER, mouse_down, workspace, e+1
bind = SUPER, mouse_up, workspace, e-1
bind = SUPER_SHIFT, quotedbl, movetoworkspace, 1
bind = SUPER_SHIFT, guillemotleft, movetoworkspace, 2
bind = SUPER_SHIFT, guillemotright, movetoworkspace, 3
bind = SUPER_SHIFT, parenleft, movetoworkspace, 4
bind = SUPER_SHIFT, parenright, movetoworkspace, 5
bind = SUPER_SHIFT, at, movetoworkspace, 6
bind = SUPER_SHIFT, plus, movetoworkspace, 7
bind = SUPER_SHIFT, minus, movetoworkspace, 8
bind = SUPER_SHIFT, slash, movetoworkspace, 9
bind = SUPER_SHIFT, asterisk, movetoworkspace, 10
windowrulev2 = float,class:^(xfce-polkit)$

167
users/phundrak/config/waybar/config Normal file
View File

@ -0,0 +1,167 @@
// -*- mode: js-json -*-
{
// "layer": "top", // Waybar at top layer
// "position": "bottom", // Waybar position (top|bottom|left|right)
"height": 24, // Waybar height (to be removed for auto height)
// "width": 1280, // Waybar width
"spacing": 2, // Gaps between modules (4px)
// Choose the order of the modules
"modules-left": ["hyprland/workspaces", "hyprland/submap", "hyprland/window"],
"modules-center": [],
"modules-right": ["idle_inhibitor", "mpd", "pulseaudio", "network", "cpu",
"memory", "temperature", "battery", "clock", "tray"],
// Modules configuration
// "sway/workspaces": {
// "disable-scroll": true,
// "all-outputs": true,
// "format": "{name}: {icon}",
// "format-icons": {
// "1": "",
// "2": "",
// "3": "",
// "4": "",
// "5": "",
// "urgent": "",
// "focused": "",
// "default": ""
// }
// },
"keyboard-state": {
"numlock": true,
"capslock": true,
"format": "{name} {icon}",
"format-icons": {
"locked": "",
"unlocked": ""
}
},
"sway/mode": {
"format": "<span style=\"italic\">{}</span>"
},
"sway/scratchpad": {
"format": "{icon} {count}",
"show-empty": false,
"format-icons": ["", ""],
"tooltip": true,
"tooltip-format": "{app}: {title}"
},
"mpd": {
"format": "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) ⸨{songPosition}|{queueLength}⸩ {volume}% ",
"format-disconnected": "Disconnected ",
"format-stopped": "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped ",
"unknown-tag": "N/A",
"interval": 2,
"consume-icons": {
"on": " "
},
"random-icons": {
"off": "<span color=\"#f53c3c\"></span> ",
"on": " "
},
"repeat-icons": {
"on": " "
},
"single-icons": {
"on": "1 "
},
"state-icons": {
"paused": "",
"playing": ""
},
"tooltip-format": "MPD (connected)",
"tooltip-format-disconnected": "MPD (disconnected)"
},
"idle_inhibitor": {
"format": "{icon}",
"format-icons": {
"activated": "",
"deactivated": ""
}
},
"tray": {
// "icon-size": 21,
"spacing": 10
},
"clock": {
// "timezone": "America/New_York",
"tooltip-format": "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>",
"format-alt": "{:%Y-%m-%d}"
},
"cpu": {
"format": "{usage}% ",
"tooltip": false
},
"memory": {
"format": "{}% "
},
"temperature": {
// "thermal-zone": 2,
// "hwmon-path": "/sys/class/hwmon/hwmon2/temp1_input",
"critical-threshold": 80,
// "format-critical": "{temperatureC}°C {icon}",
"format": "{temperatureC}°C {icon}",
"format-icons": ["", "", ""]
},
"backlight": {
// "device": "acpi_video1",
"format": "{percent}% {icon}",
"format-icons": ["", "", "", "", "", "", "", "", ""]
},
"battery": {
"states": {
// "good": 95,
"warning": 30,
"critical": 15
},
"format": "{capacity}% {icon}",
"format-charging": "{capacity}% ",
"format-plugged": "{capacity}% ",
"format-alt": "{time} {icon}",
// "format-good": "", // An empty format will hide the module
// "format-full": "",
"format-icons": ["", "", "", "", ""]
},
"battery#bat2": {
"bat": "BAT2"
},
"network": {
// "interface": "wlp2*", // (Optional) To force the use of this interface
"format-wifi": "{essid} ({signalStrength}%) ",
"format-ethernet": "{ipaddr}/{cidr} ",
"tooltip-format": "{ifname} via {gwaddr} ",
"format-linked": "{ifname} (No IP) ",
"format-disconnected": "Disconnected ⚠",
"format-alt": "{ifname}: {ipaddr}/{cidr}"
},
"pulseaudio": {
// "scroll-step": 1, // %, can be a float
"format": "{volume}% {icon} {format_source}",
"format-bluetooth": "{volume}% {icon} {format_source}",
"format-bluetooth-muted": " {icon} {format_source}",
"format-muted": " {format_source}",
"format-source": "{volume}% ",
"format-source-muted": "",
"format-icons": {
"headphone": "",
"hands-free": "",
"headset": "",
"phone": "",
"portable": "",
"car": "",
"default": ["", "", ""]
},
"on-click": "pavucontrol"
},
"custom/media": {
"format": "{icon} {}",
"return-type": "json",
"max-length": 40,
"format-icons": {
"spotify": "",
"default": "🎜"
},
"escape": true,
"exec": "$HOME/.config/waybar/mediaplayer.py 2> /dev/null" // Script in resources folder
// "exec": "$HOME/.config/waybar/mediaplayer.py --player spotify 2> /dev/null" // Filter player based on name
}
}

280
users/phundrak/config/waybar/style.css Normal file
View File

@ -0,0 +1,280 @@
* {
/* `otf-font-awesome` is required to be installed for icons */
font-family: FontAwesome, Roboto, Helvetica, Arial, sans-serif;
font-size: 13px;
}
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
window#waybar.termite {
background-color: #3F3F3F;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
button {
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each button name */
border: none;
border-radius: 0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
button:hover {
background: inherit;
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
}
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
}
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#wireplumber,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#scratchpad,
#mpd {
padding: 0 10px;
color: #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#memory {
background-color: #9b59b6;
}
#disk {
background-color: #964B00;
}
#backlight {
background-color: #90b1b1;
}
#network {
background-color: #2980b9;
}
#network.disconnected {
background-color: #f53c3c;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#wireplumber {
background-color: #fff0f5;
color: #000000;
}
#wireplumber.muted {
background-color: #f53c3c;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#temperature {
background-color: #f0932b;
}
#temperature.critical {
background-color: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#mpd.stopped {
background-color: #90b1b1;
}
#mpd.paused {
background-color: #51a37a;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
#scratchpad {
background: rgba(0, 0, 0, 0.2);
}
#scratchpad.empty {
background-color: transparent;
}

7
users/phundrak/gampo.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [./home.nix];
home.phundrak.sshKey = {
content = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPhP4p9KGk6jSOxJzBu+RzJPHI6baT0o+xrgPeNRwfq lucien@phundrak.com";
file = "/home/phundrak/.ssh/id_ed25519.pub";
};
}

99
users/phundrak/home.nix Normal file
View File

@ -0,0 +1,99 @@
{
pkgs,
config,
inputs,
...
}: {
imports = [
./light-home.nix
./packages.nix
../modules/emacs.nix
../modules/kdeconnect.nix
../modules/kitty.nix
../modules/mbsync.nix
../modules/mpd.nix
../modules/mpv.nix
../modules/wofi.nix
../modules/yt-dlp.nix
../modules/emoji.nix
../modules/qt.nix
];
config = let
emacsPkg = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (
epkgs: [
epkgs.vterm
epkgs.mu4e
epkgs.pdf-tools
]
));
askpass = import ../scripts/askpass.nix {inherit pkgs;};
launchWithEmacsclient = import ../scripts/launch-with-emacsclient.nix {
inherit pkgs;
emacsPackage = emacsPkg;
};
in {
sops.secrets = {
emailPassword = {};
"mopidy/bandcamp" = {};
"mopidy/spotify" = {};
};
home.sessionVariables = {
EDITOR = "${emacsPkg}/bin/emacsclient -c -a ${emacsPkg}/bin/emacs";
LAUNCH_EDITOR = "${launchWithEmacsclient}/bin/launch-with-emacsclient";
SUDO_ASKPASS = "${askpass}/bin/askpass";
LSP_USE_PLISTS = "true";
};
modules = {
emacs = {
enable = true;
service = true;
package = emacsPkg;
};
shell.starship.jjIntegration = true;
bat.extras = true;
packages.emacsPackage = emacsPkg;
mopidy.enable = true;
mbsync = {
enable = true;
passwordFile = config.sops.secrets.emailPassword.path;
};
ssh = {
enable = true;
hosts = config.sops.secrets."ssh/hosts".path;
};
vcs.git = {
browser = "${inputs.zen-browser.packages.${pkgs.system}.default}/bin/zen";
emacs = {
integration = true;
pkg = emacsPkg;
};
sendmail = {
enable = true;
passwordFile = config.sops.secrets.emailPassword.path;
};
};
};
programs = {
zsh.enableVteIntegration = true;
mu.enable = true;
obs-studio = {
enable = true;
plugins = with pkgs; [
obs-studio-plugins.input-overlay
obs-studio-plugins.obs-backgroundremoval
obs-studio-plugins.obs-mute-filter
obs-studio-plugins.obs-pipewire-audio-capture
obs-studio-plugins.obs-source-clone
obs-studio-plugins.obs-source-record
obs-studio-plugins.obs-tuna
];
};
};
manual.html.enable = true;
};
}

68
users/phundrak/light-home.nix Normal file
View File

@ -0,0 +1,68 @@
{
lib,
pkgs,
config,
...
}:
with lib; let
cfg = config.home.phundrak;
in {
imports = [../modules];
options.home.phundrak = {
sshKey = {
content = mkOption {
type = types.nullOr types.str;
example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGj+J6N6SO+4P8dOZqfR1oiay2yxhhHnagH52avUqw5h";
default = null;
};
file = mkOption {
type = with types; nullOr path;
default = "/home/phundrak/.ssh/id_ed25519.pub";
};
};
};
config = {
nixpkgs.config.allowUnfree = true;
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets."ssh/hosts" = {};
age = {
# automatically import user SSH keys as age keys
sshKeyPaths = [
"/home/phundrak/.ssh/id_ed25519"
];
# this will use an age key that is expected to already be in the filesystem
# keyFile = "/home/phundrak/.config/sops/age/keys.txt";
keyFile = "/home/phundrak/.local/sops-nix/key.txt";
# generate a new key if the key specified above does not exist
generateKey = true;
};
};
home = {
username = "phundrak";
homeDirectory = "/home/phundrak";
packages = [pkgs.tree pkgs.ncdu];
stateVersion = "24.11"; # Please read the comment before changing.
};
modules = {
shell.starship.enable = true;
vcs = {
git.enable = true;
jj.enable = true;
publicKey = cfg.sshKey;
};
ssh = {
enable = true;
hosts = config.sops.secrets."ssh/hosts".path;
};
};
manual.manpages.enable = true;
};
}

7
users/phundrak/marpa.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [./home.nix];
home.phundrak.sshKey = {
content = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPhP4p9KGk6jSOxJzBu+RzJPHI6baT0o+xrgPeNRwfq lucien@phundrak.com";
file = "/home/phundrak/.ssh/id_ed25519.pub";
};
}

110
users/phundrak/packages.nix Normal file
View File

@ -0,0 +1,110 @@
{
pkgs,
inputs,
lib,
config,
...
}:
with lib; let
cfg = config.modules.packages;
in {
options.modules.packages.emacsPackage = mkOption {
type = types.package;
default = pkgs.emacs;
};
config.home.packages = with pkgs; let
scripts = import ../scripts/scripts.nix {
inherit pkgs;
config.emacsPkg = cfg.emacsPackage;
};
in
[
flatpak
# LSP server for Nix
nil
# Terminal stuff
duf
ffmpeg
ripgrep-all
unzip
# Fonts
#nerdfonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
tibetan-machine
# Browsers
amfora
# Media
ani-cli
audacity
plexamp
plex-media-player
spicetify-cli
spotify
spotify-tray
# Social
vesktop # Discord alternative that works well with wayland
element-desktop
signal-desktop-bin
# Misc
bitwarden
gplates
libnotify
nextcloud-client
onlyoffice-bin
scrcpy
syncthing
watchmate
inputs.zen-browser.packages.${system}.default
# Games
atlauncher
heroic
modrinth-app
openttd-jgrpp
moonlight-qt
# Emacs stuff
emacs-all-the-icons-fonts
# Gnome stuff
gnome-tweaks
gnomeExtensions.docker
gnomeExtensions.syncthing-indicator
gnomeExtensions.tray-icons-reloaded
gthumb
# Graphics
inkscape
gimp
gimpPlugins.fourier
gimpPlugins.farbfeld
# Dev
devenv
dive # A tool for exploring each layer in a docker image
grype # Vulnerability scanner for container images and filesystems
podman-desktop
podman-compose
python3 # for Emacs and LSP
tectonic # better LaTeX engine
virt-manager
zeal
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# Custom scripts
]
++ scripts;
}

12
users/phundrak/programs.nix Normal file
View File

@ -0,0 +1,12 @@
{
imports = [
../modules/emacs.nix
../modules/kdeconnect.nix
../modules/kitty.nix
../modules/mbsync.nix
../modules/mpd.nix
../modules/mpv.nix
../modules/wofi.nix
../modules/yt-dlp.nix
];
}

8
users/phundrak/tilo.nix Normal file
View File

@ -0,0 +1,8 @@
{
imports = [./light-home.nix];
home.phundrak.sshKey = {
content = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com";
file = "/home/phundrak/.ssh/id_ed25519.pub";
};
modules.nh.flake = "/tank/phundrak/nixos";
}

3
users/scripts/askpass.nix Normal file
View File

@ -0,0 +1,3 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "askpass" ''
${pkgs.wofi}/bin/wofi -d -P -L 1 -p "$(printf $1 | sed s/://)"''

3
users/scripts/backup.nix Normal file
View File

@ -0,0 +1,3 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "backup" ''
cp -r "$1" "$1.bak.$(date +%Y%m%d%H%M%S)"''

4
users/scripts/hyprland-autostart.nix Normal file
View File

@ -0,0 +1,4 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "hyprland-autostart" ''
${pkgs.waybar}/bin/waybar &
${pkgs.wlsunset}/bin/wlsunset -l 48.5 -L 2.2 -d 1500''

3
users/scripts/keygen.nix Normal file
View File

@ -0,0 +1,3 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "keygen"
"tr -cd '[:alnum:]' < /dev/urandom | fold -w 64 | head -n 1 | tr -d '\n'"

10
users/scripts/launch-with-emacsclient.nix Normal file
View File

@ -0,0 +1,10 @@
{
pkgs,
emacsPackage,
...
}:
pkgs.writeShellScriptBin "launch-with-emacsclient" ''
filename="$1"
line="$2"
column="$3"
${emacsPackage}/bin/emacsclient +$line:$column "$filename"''

3
users/scripts/mp42webm.nix Normal file
View File

@ -0,0 +1,3 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "mp42webm" ''
${pkgs.ffmpeg}/bin/ffmpeg -i "$1" -c:v libvpx -crf 10 -b:v 1M -c:a libvorbis "$1".webm''

18
users/scripts/scripts.nix Normal file
View File

@ -0,0 +1,18 @@
{
config,
pkgs,
...
}: let
askpass = import ./askpass.nix {inherit pkgs;};
in [
askpass
(import ./backup.nix {inherit pkgs;})
(import ./hyprland-autostart.nix {inherit pkgs;})
(import ./keygen.nix {inherit pkgs;})
(import ./launch-with-emacsclient.nix {
inherit pkgs;
emacsPackage = config.emacsPkg;
})
(import ./mp42webm.nix {inherit pkgs;})
(import ./sshbind.nix {inherit pkgs;})
]

3
users/scripts/sshbind.nix Normal file
View File

@ -0,0 +1,3 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "sshbind" ''
ssh -L "$1:$3:$1" "$2" -N''

18
users/scripts/ytplay.nix Normal file
View File

@ -0,0 +1,18 @@
{pkgs, ...}: let
rofi = pkgs.rofi-wayland;
in
pkgs.writeShellScriptBin "ytplay" ''
URL=$(${rofi}/bin/rofi -dmenu -i -p "Video URL")
if [ -z "$URL" ]; then
echo "You need to provide a URL"
exit 1
fi
RESOLUTION_CHOICE=$(${pkgs.yt-dlp}/bin/yt-dlp --list-formats "$URL" | \
grep -E "webm.*[0-9]+x[0-9]" | \
awk '{print $3 " " $1}' | \
sort -gu | \
${rofi}/bin/rofi -dmenu -i -p "Resolution")
mapfile -t RESOLUTION <<< "$RESOLUTION_CHOICE"
RESOLUTION_CODE=''${RESOLUTION[0]}
${pkgs.mpv}/bin/mpv --ytdl-format="''${RESOLUTION_CODE}+bestaudio/best" "$URL"
''