phundrak/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phundrak:76d1a33a789ad22787e04eedbbb8eb7afed8fb14
Branches Tags
phundrak:main phundrak:feature/elcafe
..
compare: phundrak:feature/elcafe
Branches Tags
phundrak:main phundrak:feature/elcafe

1 Commits
76d1a33a78 ... feature/el

Author SHA1 Message Date
Lucien Cartier-Tilet
22e21be60a feat(elcafe): add new server configuration 2025-11-05 05:01:58 +01:00
62 changed files with 5378 additions and 1564 deletions
Expand all files Collapse all files

4
.sops.yaml
View File

@@ -5,8 +5,6 @@ keys:
- &marpa-host age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
- &tilo age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
- &tilo-host age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
- &NaroMk3 age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h
- &NaroMk3-host age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
@@ -17,5 +15,3 @@ creation_rules:
- *marpa-host
- *tilo
- *tilo-host
- *NaroMk3
- *NaroMk3-host

259
flake.lock generated
View File

@@ -33,49 +33,24 @@
"type": "github"
}
},
"caelestia-cli": {
"claude-desktop": {
"inputs": {
"caelestia-shell": [
"caelestia-shell"
],
"flake-utils": "flake-utils",
"nixpkgs": [
"caelestia-shell",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768655473,
"narHash": "sha256-iWnILPS2mP9ubbjRAhNv6Fqg1J/upxmD9OQTZQR4O2w=",
"owner": "caelestia-dots",
"repo": "cli",
"rev": "7de6c6063119a7cef27c6bd4c88f2c5ac4cbc064",
"lastModified": 1761825061,
"narHash": "sha256-AeRQZKr8+1XQer+WmbwtQaQBy05UDgeNNE7YZjNLuS0=",
"owner": "k3d3",
"repo": "claude-desktop-linux-flake",
"rev": "791cd93cfe216ad06ab740f0fdc142119b1d6ec2",
"type": "github"
},
"original": {
"owner": "caelestia-dots",
"repo": "cli",
"type": "github"
}
},
"caelestia-shell": {
"inputs": {
"caelestia-cli": "caelestia-cli",
"nixpkgs": [
"nixpkgs"
],
"quickshell": "quickshell"
},
"locked": {
"lastModified": 1769226446,
"narHash": "sha256-YasBiXBgCkJ5oE6r9UtWXShD3OGtdRlioFErX5A1Z1Q=",
"owner": "caelestia-dots",
"repo": "shell",
"rev": "8430fa572500382e187a49f1ac677bfdeb7edca2",
"type": "github"
},
"original": {
"owner": "caelestia-dots",
"repo": "shell",
"owner": "k3d3",
"repo": "claude-desktop-linux-flake",
"type": "github"
}
},
@@ -86,17 +61,16 @@
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"nix": "nix",
"nixd": "nixd",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769201893,
"narHash": "sha256-x6VW1lQikNZAVm59gb3tzpDU5QCHT8U1e4dU11F2evY=",
"lastModified": 1761922975,
"narHash": "sha256-j4EB5ku/gDm7h7W7A+k70RYj5nUiW/l9wQtXMJUD2hg=",
"owner": "cachix",
"repo": "devenv",
"rev": "685a86068d3a7f9b04e18340187e288413cb5887",
"rev": "c9f0b47815a4895fadac87812de8a4de27e0ace1",
"type": "github"
},
"original": {
@@ -142,21 +116,6 @@
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1723604017,
"narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=",
"owner": "srid",
"repo": "flake-root",
"rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -175,6 +134,24 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
@@ -230,11 +207,11 @@
]
},
"locked": {
"lastModified": 1769187349,
"narHash": "sha256-clG+nT6I2qxjIgk5WoSDKJyNhzKJs9jzbCujPF2S/yg=",
"lastModified": 1761878381,
"narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "082a4cd87c6089d1d9c58ebe52655f9e07245fcb",
"rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
"type": "github"
},
"original": {
@@ -269,16 +246,16 @@
]
},
"locked": {
"lastModified": 1769197468,
"narHash": "sha256-EhbVSjqhjykjIzF1FetpEwxjSMXg4ubHpkuEnE0y23A=",
"lastModified": 1761648602,
"narHash": "sha256-H97KSB/luq/aGobKRuHahOvT1r7C03BgB6D5HBZsbN8=",
"owner": "cachix",
"repo": "nix",
"rev": "6174571301a92afce9b7296d5babdc56972695b7",
"rev": "3e5644da6830ef65f0a2f7ec22830c46285bfff6",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "devenv-2.32",
"ref": "devenv-2.30.6",
"repo": "nix",
"type": "github"
}
@@ -290,11 +267,11 @@
]
},
"locked": {
"lastModified": 1765267181,
"narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",
"lastModified": 1761451000,
"narHash": "sha256-qBJL6xEIjqYq9zOcG2vf2nPTeVBppNJzvO0LuQWMwMo=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
"rev": "ed6b293161b378a7368cda38659eb8d3d9a0dac4",
"type": "github"
},
"original": {
@@ -303,40 +280,13 @@
"type": "github"
}
},
"nixd": {
"inputs": {
"flake-parts": [
"devenv",
"flake-parts"
],
"flake-root": "flake-root",
"nixpkgs": [
"devenv",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1763964548,
"narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=",
"owner": "nix-community",
"repo": "nixd",
"rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixd",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1761907660,
"narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
"type": "github"
},
"original": {
@@ -346,41 +296,9 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"pumo-system-info": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
@@ -403,35 +321,33 @@
"quickshell": {
"inputs": {
"nixpkgs": [
"caelestia-shell",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768689040,
"narHash": "sha256-Tlnr5BulJcMers/cb+YvmBQW4nKHjdKo9loInJkyO2k=",
"lastModified": 1761897390,
"narHash": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",
"ref": "refs/heads/master",
"rev": "7a427ce1979ce7447e885c4f30129b40f3d466f5",
"revCount": 729,
"rev": "fc704e6b5d445899a1565955268c91942a4f263f",
"revCount": 700,
"type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell"
"url": "https://git.outfoxxed.me/quickshell/quickshell"
},
"original": {
"type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell"
"url": "https://git.outfoxxed.me/quickshell/quickshell"
}
},
"root": {
"inputs": {
"caelestia-shell": "caelestia-shell",
"claude-desktop": "claude-desktop",
"devenv": "devenv",
"home-manager": "home-manager",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs",
"pumo-system-info": "pumo-system-info",
"quickshell": "quickshell",
"sops-nix": "sops-nix",
"spicetify": "spicetify",
"srvos": "srvos",
"zen-browser": "zen-browser"
}
},
@@ -463,11 +379,11 @@
]
},
"locked": {
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"lastModified": 1760998189,
"narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github"
},
"original": {
@@ -476,43 +392,6 @@
"type": "github"
}
},
"spicetify": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"locked": {
"lastModified": 1768656845,
"narHash": "sha256-xNlXMyn7yc3Z/NOsz4NchO7gWFwsoCvtJ26pys4s2/M=",
"owner": "Gerg-L",
"repo": "spicetify-nix",
"rev": "8bd7e49d5ac62756bee6e4b02221fb96bfc3c99a",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "spicetify-nix",
"type": "github"
}
},
"srvos": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1769046412,
"narHash": "sha256-LbjKkSB4Nar9pX+AxHs2FGH2ZAFpKWUvr79uyEhFVqc=",
"owner": "nix-community",
"repo": "srvos",
"rev": "a78abbc16a5352ee848e454c99166c97415fbf39",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "srvos",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -543,28 +422,6 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"devenv",
"nixd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1734704479,
"narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
@@ -572,11 +429,11 @@
]
},
"locked": {
"lastModified": 1769228180,
"narHash": "sha256-94KY0JNjdd3CcSyKlHPCPswlqmUrWT6+MfOHektsdB8=",
"lastModified": 1761883599,
"narHash": "sha256-ntnfAAqSuXI/+uqXAWUjbY5arB7sRK9cpgFbHbCZgK8=",
"owner": "youwen5",
"repo": "zen-browser-flake",
"rev": "ef1663c14b7c3c2b84bcf140232534be5a2a0257",
"rev": "5355c0dc6857a2aa34b126fb4a93a454ed702f52",
"type": "github"
},
"original": {

81
flake.nix
View File

@@ -24,8 +24,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
caelestia-shell = {
url = "github:caelestia-dots/shell";
quickshell = {
url = "git+https://git.outfoxxed.me/quickshell/quickshell";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -34,9 +34,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
spicetify.url = "github:Gerg-L/spicetify-nix";
srvos.url = "github:nix-community/srvos";
claude-desktop = {
url = "github:k3d3/claude-desktop-linux-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
zen-browser = {
url = "github:youwen5/zen-browser-flake";
@@ -54,7 +55,6 @@
nixpkgs,
home-manager,
devenv,
srvos,
...
} @ inputs: let
inherit (self) outputs;
@@ -91,71 +91,74 @@
homeConfigurations = let
extraSpecialArgs = {inherit inputs outputs system;};
pkgs = nixpkgs.legacyPackages.x86_64-linux;
defaultUserModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.spicetify.homeManagerModules.default
];
withUserModules = modules: nixpkgs.lib.lists.flatten (defaultUserModules ++ [modules]);
in {
"phundrak@alys" = home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs pkgs;
modules = withUserModules ./users/phundrak/host/alys.nix;
};
"phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs pkgs;
modules = withUserModules [
inputs.caelestia-shell.homeManagerModules.default
./users/phundrak/host/marpa.nix
modules = [
./users/phundrak/host/alys.nix
inputs.sops-nix.homeManagerModules.sops
];
};
"phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs pkgs;
modules = withUserModules [
inputs.caelestia-shell.homeManagerModules.default
modules = [
./users/phundrak/host/marpa.nix
inputs.sops-nix.homeManagerModules.sops
];
};
"phundrak@NaroMk3" = home-manager.lib.homeManagerConfiguration {
"phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs pkgs;
modules = withUserModules ./users/phundrak/host/naromk3.nix;
modules = [
./users/phundrak/host/gampo.nix
inputs.sops-nix.homeManagerModules.sops
];
};
"phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs pkgs;
modules = withUserModules ./users/phundrak/host/tilo.nix;
modules = [
./users/phundrak/host/tilo.nix
inputs.sops-nix.homeManagerModules.sops
];
};
};
nixosConfigurations = let
specialArgs = {inherit inputs outputs;};
defaultSystemModules = [
inputs.sops-nix.nixosModules.sops
];
withSystemModules = modules: nixpkgs.lib.lists.flatten (defaultSystemModules ++ [modules]);
in {
alys = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = withSystemModules ./hosts/alys/configuration.nix;
modules = [
./hosts/alys/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
elcafe = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/elcafe/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
gampo = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = withSystemModules ./hosts/gampo/configuration.nix;
modules = [
./hosts/gampo/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
marpa = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = withSystemModules ./hosts/marpa/configuration.nix;
};
NaroMk3 = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = withSystemModules [
srvos.nixosModules.server
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.mixins-terminfo
./hosts/naromk3/configuration.nix
modules = [
./hosts/marpa/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
tilo = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = withSystemModules ./hosts/tilo/configuration.nix;
modules = [
./hosts/tilo/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
};
};

74
hosts/elcafe/configuration.nix Normal file
View File

@@ -0,0 +1,74 @@
{
inputs,
config,
...
}: {
imports = [
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
../../system
];
sops.secrets = {
"elcafe/traefik/env".restartUnits = ["traefik.service"];
"elcafe/traefik/dynamic".restartUnits = ["traefik.service"];
};
mySystem = {
boot = {
kernel = {
hardened = true;
cpuVendor = "intel";
};
zfs = {
enable = true;
pools = ["tank"];
};
};
dev.docker = {
enable = true;
extraDaemonSettings.data-root = "/tank/docker/";
};
misc.keymap = "fr";
networking = {
hostname = "elcafe";
id = "501c7fb9";
};
packages.nix = {
gc.automatic = true;
trusted-users = [
"root"
"phundrak"
];
};
services = {
endlessh.enable = true;
plex = {
enable = true;
dataDir = "/tank/web/plex-config";
};
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
traefik = {
enable = true;
envFiles = [config.sops.secrets."elcafe/traefik/env".path];
dynConf = config.sops.secrets."elcafe/traefik/dynamic".path;
};
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

34
hosts/naromk3/hardware-configuration.nix → hosts/elcafe/hardware-configuration.nix
View File

@@ -2,32 +2,26 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot = {
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
kernelModules = [];
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/28b965a5-940b-4990-87fe-039c9f373bf0";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EBAD-6B85";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/tank" = {
device = "/dev/disk/by-uuid/ed00871e-a14a-428f-b6e4-5b56febd756a";
device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b";
fsType = "ext4";
};
@@ -38,7 +32,11 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
hosts/gampo/configuration.nix
View File

@@ -16,6 +16,7 @@
kernel = {
cpuVendor = "intel";
package = pkgs.linuxPackages;
modules = ["i915"];
};
systemd-boot = true;
};
@@ -33,17 +34,16 @@
};
hardware = {
bluetooth.enable = true;
input = {
corne.allowHidAccess = true;
ibmTrackpoint.disable = true;
opentablet.enable = true;
};
corne.allowHidAccess = true;
ibmTrackpoint.disable = true;
opentablet.enable = true;
sound.enable = true;
};
misc.keymap = "fr-bepo";
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
packages = {
appimage.enable = true;

52
hosts/marpa/configuration.nix
View File

@@ -9,41 +9,6 @@
../../system
];
fileSystems = {
"/home".options = [
"compress=zstd:3" # Good balance of compression vs speed
"space_cache=v2" # Better performance
"noatime" # Don't update access times (less writes)
];
"/mnt/ai" = {
device = "/dev/disk/by-uuid/47e87286-caaa-4e43-b2fd-b9eceac90fe9";
fsType = "btrfs";
options = [
"compress=zstd:3" # Good balance of compression vs speed
"space_cache=v2" # Better performance
"noatime" # Don't update access times (less writes)
];
};
"/mnt/games" = {
device = "/dev/disk/by-uuid/a8453133-76dc-44bd-a825-444c3305fd9b";
fsType = "btrfs";
options = [
"compress=zstd:3" # Good balance of compression vs speed
"space_cache=v2" # Better performance
"noatime" # Don't update access times (less writes)
];
};
"/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
};
services.displayManager.autoLogin = {
user = "phundrak";
enable = true;
};
mySystem = {
boot = {
extraModprobeConfig = ''
@@ -73,10 +38,8 @@
hardware = {
amdgpu.enable = true;
bluetooth.enable = true;
input = {
corne.allowHidAccess = true;
opentablet.enable = true;
};
corne.allowHidAccess = true;
opentablet.enable = true;
sound = {
enable = true;
jack = true;
@@ -87,6 +50,7 @@
networking = {
hostname = "marpa";
id = "7EA4A111";
hostFiles = [config.sops.secrets.extraHosts.path];
firewall.openPortRanges = [
{
# Sunshine
@@ -126,16 +90,16 @@
mode = "0440";
};
services.udev.extraHwdb = ''
mouse:usb:047d:80a6:*
LIBINPUT_MIDDLE_EMULATION_ENABLED=1
'';
security = {
polkit.enable = true;
rtkit.enable = true;
};
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

75
hosts/naromk3/configuration.nix
View File

@@ -1,75 +0,0 @@
{inputs, ...}: {
imports = [
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
../../system
];
mySystem = {
boot = {
kernel = {
hardened = true;
cpuVendor = "amd";
};
grub = {
enable = true;
device = "/dev/sdb";
};
};
dev.docker.enable = true;
misc.keymap = "fr-bepo";
networking = {
hostname = "NaroMk3";
id = "0003beef";
firewall = {
openPorts = [
22 # Gitea SSH
80 # HTTP
443 # HTTPS
];
};
};
packages.nix = {
gc.automatic = true;
trusted-users = ["phundrak"];
};
services = {
endlessh.enable = false;
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
port = 2222; # port 22 will be used by Gitea
};
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
# This option defines the first version of NixOS you have installed
# on this particular machine, and is used to maintain compatibility
# with application data (e.g. databases) created on older NixOS
# versions.
#
# Most users should NEVER change this value after the initial
# install, for any reason, even if you've upgraded your system to a
# new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and
# OS are pulled from, so changing it will NOT upgrade your system -
# see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT
# mean your system is out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all
# the changes it would make to your configuration, and migrated your
# data accordingly.
#
# For more information, see `man configuration.nix` or
# https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion
system.stateVersion = "25.05"; # Did you read the comment?
}

3
hosts/tilo/configuration.nix
View File

@@ -1,3 +1,6 @@
# Edit this configuration file to define what should be installed on your
# system. Help is available in the configuration.nix(5) man page and in
# the NixOS manual (accessible by running nixos-help).
{inputs, ...}: {
imports = [
./hardware-configuration.nix

1
keys/id_naromk3.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8C2Upks4/feloFsgZkQ6iOZBEJ6o87NdXdHeBYNUhg lucien@phundrak.com

96
secrets/secrets.yaml
View File

@@ -1,85 +1,71 @@
extraHosts: ENC[AES256_GCM,data:buAUbxVALT7zjwYfySVQ7E6RsI4EaVBUFN/ZXOuSaj42DLoLPM45PSgkxjner9o4g6a3s58Snp3siO8l0KPSTYyPUPBZ7dgbCcsWp5t8Q3K111d4TPTlx+gcluK5BvwNvFB4esRXJOgpm5jK498COKq/UZJECM0D5Emid0CKkzZynUYdbQeHkQEKIXV2LxJNro87xHtU/l11nox37Na0+t+eqp8/jcQh9pGnKmppPhviJeCy6GoiDPNFHDalQUmd204gi6EaTx0p3r7gRK61RfTwSCiX1Y7N5muzPvJQJt8lwgqznw5Etjud8wn6HF+fmb/BbYtioO9TjOVJnjVOlB4iUMApx3XY4VOuBPJm7D9ET+2J8Umw4OD5pB9A5WF+gVseAqYYNZYpe2hlHBoXMw4IZh8qOgxR/noE71PHxRe5gSB/2Hq0lKwG0e8lyFEeJKZdXsl47CtQE39RfC/+ik2COaRmYxY8fHHs2/yTylopv/pSM6K2TGF5B3dwVS18LU5AR48C1Ip7CseMgjgAWvjQ43KBc+P74a+237tlRFlFsU3HNk9Hk4fF53DPUX67+l42W6sNcgrszFHb/dm939qDKYqdNcWEjaaVSdDo34I6NGhmTUI7FxCVYipe,iv:SehibPtT3k9Ufen8Gri3HcFthUe0S7dMT+486fwOK0w=,tag:oatCeFr2j3EPHwXc6eU66w==,type:str]
elcafe:
traefik:
env: ENC[AES256_GCM,data:Mfm4Wt/7UWrpWGGa/rmC1wY6QtI2G/a6cbZiNjZz1gOTrREehFBZxH5JJ9ZgsxCMSuh/XCQa/75cPg==,iv:nrtTmtdFfTrCYzxFHDVMuaDdoa8SDi+pn4kghP4r9xE=,tag:gjlv8ohv1aDx2PB1rwx6fQ==,type:str]
dynamic: ENC[AES256_GCM,data:AYUojopOSi2kZ4ORxs4KrWHgqXZTMVtShb7T2iQ4JDyrlrIWCTpynt8/El9uoDaSryTgqxM8z3g4DIe5nrovh7pcFGVm/QYXfsfAx4kIm//7CwL9UISiyERirJo053Ilut0/lAdw3rlqa9aBYC2fS6AlrHN1ZFzqBttTeyykvZe0qmiW4hPNZ3axXW66juXwe9cxm24bE9bJZuuV9RYbafQ2Om76p/92E42hu6twWaUz/n6QgwaE2ymCekroKaq8+Umohj1XL6UdEEcLSnmc1qRblshhhSssNEtzbKERujt2SH/ppf/LLoohp8v4VbSpVOkx+6fqvyKWvbi2RU3C7eusee+gnBe2mGxGj34Q35iU4RM6dEwwmvzfmCAYy+27SlNVffI8yo8JXACp1aLxqBxLDDU7LokoSUb62/w/mX3NlzYf5a6NeIrHzoh+qHmEXUq63+gsNJaiJPp6DxtAKByg23t1LxSpFhxW7LaYIjh+KjaYZgNYTFR1BerqDu2pyzIrzZQTdtCveX3eiEZ3p9SJxfiuBVKlfQ2FpvJ9JPl9ACTFK6AI4s61ZgiNEeXzqQwo9zt8QrruiixdxPaclOfrBrFxq1mWGBGGXaAryiuZjo4G0KlNVvg/s5YiecYi8prQxXVozti7YI0sGJdGVjDiHwXfnUn+eQD2YBrOH9FlRwO3Vd/yd+42Xf06Hv7IbbYMogcu5y9ZbiXWesVd/TgB+Hu2oWkWxBU3sn6i3rMiZ0z+V/74xCwmfElugGCQ97ga6tQ92UbSBbteoiXpZiH7Z7Wja39rWKPyypH1h71Sccy1rSWrcEVHLC9swtLcB4dzt2JvVdXQ37pmEElfusY0yEb/y0W20vxNArDy035gCXdhUyP65NfrlhcAXoiKQaayL3NO81vBLP+X9+zgKsAV/eINPzM3gsF12QJaaQSL6CIlIF7qdwX8GZwoIg60rE2ogR0XxLcN9CGdMMuILpB9UsSOoPNwgMZd3KIwEB2LJabLKtUwuyKuA0iF6ZwHSghpnkxAIkIGFsbIxslvgCLkVihoSR97lhFpOJbC6n8u408wLD6qxoS6IRAXbIbErkyNyrt9PvbwSiHyWRjF8APCZD2WuQ22GmfBK0t6lM2hF8q7vRKN+SFOvLpql6NFT4n8/Odfr7i+4JqJahRH33RnDqYtRiqgqSSZtq3DOn1aYCivfEMKZrVxP+c6COqpPELDpjBfGWjLhqE/rV48N9x7UZNQKflBlMtaGnB1uEcVuMuZfTRFYQLqYs2p8f5vVXXWF7vSP9mBSHB3oz0seEfLd65y2hppF3J/8F/+QlAyGDrAZFhCYYMRE4eY2dy2cxLNP2M9tGVZMXQSNfys5cDnkYZzvofK7b2scgC9HcCUmBKv8ZxoSa4qyIOzH9XJupY4rlemlJbJQ9paXgAiiTdvLPcncVVnlCPRbEngCDKvoplVnzH9Hd6mIgRCZLyyIeAR8FwikGuZEuQETWanbe4S60KdMpofGM/ysz6eD67q9iVKL1zHCDtpzYQAhKurFUfgcxNOXnWYi8MWdRY9CAvIUJgRgg+IHOV76Nl8ljV6wpgn0qFR0IoQPblI3W8zJ4UASSgvUkf0meR9KLN3pA1D/AnYxi+Zblcz6SuXqBBARkXfW84iJOVanbNxyZpJDEnio6cJmNXX8VJxP0zqlA80FpcMNAvNOYsKx5yEwx3MEAlP7lLU35xgMx/BOgErf9f8XfbxINXPH0an+xQqAm99gbaKamflNQqpXXV+1ViWVWlx7xwqSUq0qy7A2sjs6prZRTR1sTt4i7MONEaRN65zgaPtL8zbO3BCbUecUdzCTmBy/XVnfa2krF8dN4LjBs6/ZswW/KYqc8TU6udiCb6Y1H9kXKsg3l9/5+ftcFB/YC6LzS9ynpOYhw12BJtjEuIuwiKa5J/UTp3IULQDZ2rCKBL09GT1/DGwB5AU8Dc9E9X2OOvWowme/eyYiiX9q+B9yLMYxP6rTsq7vJ8cjwnNRCz8UJbVzTlM9MwntUnyqv1L8E8xD438m0P+soqOc99NwXsuM/aJ6ndctfFNwHYfuau7BJrMRPfjc65yMiayfCxUJmnAsp309ODNS9D6VZkf/l5cBzbd+9xsnK/WA8I7f9bTZgi2/HSNOdEAlwBfRZXrLQAbeixG4qNmRqtOjILYkSkb13Ug/Yx+IFlMIgTxiZzXMduxbloNQU4VqEVY6Qrogu4qlaCWsqICX0SabXFZXUFUHgwswkNqV0G8977QSFTyYkMNr7FZTuFegYjzZZHaOtCJ/2FAJFX/e76rWcoz8GK7lsEqvQnCrqDfGtaSDF0LcJojKXEFg2E6rwENuMumdDJzkHj5dFzGdsf2ogeHqB2+sKpaHAgVjWzfk8CevSKnPDR/6UMhNoi2luW+xbV/DmDLJ5GzO6uGdcSmaQsFcNuFsuQZkC/q3zTf/TqbfH/V/eXR6YS0Etn73/xwVh9b59KazNb7JJ+rXahVHP3aUWocpu7/92Qwh/Odf3qGBJ/KT4a2VWYfBXLq6N0H8g1SI/aRJIAe3JCq2j+ln1PRegcqmwFqJpwp3TebdJEroCZU63Cl6vXm0XHm75MVXz7kYXBnOWeYv63oVyCvRc/yoOTBsCYPiyRxaoLXHUI2e0zCrbSAmAmb5WOUqxq4dJKGZXYYzHlR+aAjBbqmLFyCm92DW0sWlXPBhEeXysOK6IP8NEHatdyCnkpiHsQZyuBITw==,iv:Ooq6tK6nMGuRFJ1ElGCJhOMQVyMNtGBSguQVFSm71fA=,tag:iJviKci+i3tif+sH8UxRZg==,type:str]
extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
mopidy:
spotify: ENC[AES256_GCM,data:89vPpgJ53eYou01qgxfqxOO6G/raBA0Vzck31PLchE4Jhi6HcNnoW4wwhHW3pG0AfCu5sE1CuryhRpWTc62fXIBoenKiCiU7chFhBF0UNq3Fcie26l6hdEx+XYVcM/MNBBbkb8VZq1mR0sgGmUESuZVzeI3LMykF,iv:n+LxuijWCZGW2YacrYQ2QIF2BTSilLmJ72piFRK25vw=,tag:iOQatj2UJdlMvn6C40IILg==,type:str]
bandcamp: ENC[AES256_GCM,data:Sas5Sk0gNaq2E1XnsK8lvaZEzsaFZKY+zDxvgTiqTm2hrI2BnWieRWcZV6u1yRKjLAhh1rdSYhnZJHWUGIAY9qnFOk4vUVUHLtxnkxO/bJN/sykc4qwXRg4/NNap+8TcsN/S1AFJYKmXYn1Otx/02wbMEzHIuw==,iv:VGC7COqF3goMyyJvasiT0yVxOk4QKLOuXd2FbHjuRwk=,tag:pvyX4Q+dvlWFkdSJzTlgwA==,type:str]
emailPassword: ENC[AES256_GCM,data:RXmfWKIm5CzZrqhT6bAPZdijByO1NvrSwN1YO4/huVQnQh5p1g==,iv:lh/mxH5sPce+to6TsK2f0SrpHJuuGUiKWzrNmQfJcY0=,tag:EyR7Nml7Jyh4Modsq7DuBw==,type:str]
spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
ssh:
hosts: ENC[AES256_GCM,data:CnSHwOiLbrA3C902LrkyLKvZOd4Lv1RCBF+IVVbNcx1aCibpMHlFN6Ov+CFNrHG1ZVd3tarnZdGX5kScJJa0khDOVtrUF1gtvifqn1A9tUDP2M+iu3JrVxDw6cPeVyoxWL1hwuWwfO3zgApBGT3CvzAy9V85cNEdS7ukx08VRTgnM6rXYLJKLvjwaDnhnB43Am8XpZQkI0I6DkhCAQuGCrxsqtEE/mQXItZUGlOp/Al8B1XEs35b16odMJEextf85bnzpYYbpV9n4OCMTgoZ8ciQgTbi7u9FD8vmKs5W15pZvL4sxFIcbegn29SvRd7sfsotQ6xNgXHqAQtTa+VcUPA7bSjDw5KHs0iC8AkxdHwGL1kY0GSb992BIZ7PqKdNRLAikttGslFM98Ce6fpHQXj3soYYMdsm9vj7av1+P4N6SQ2cmhpVDrbnrmXQ5MT5gbQlecu32b0Yqf6rfjGyZ+SCZmMzTwAsEpHSnIgYPin38ztDsMMPaouxaTR8V1TXK715ITtA9ojrZhTBbWlaJWVybicc6tT164ZDKyurGdPHf2KrakkVYZghuCkWZWM/yc4GoW1o7/XxWnwQDkUvte8kPDwB2Rvc1jjG6SFvhdXouIqfNNxrdbSoFURBuouZIbfamVqU3MfSF0JRBrpRerA5tqrWYOPL4rXqsqGWyQ==,iv:92tBq0zjlJ44Ia5ug2zk9PgspWzA6QlT0A+j9T74T7U=,tag:XTB7zG14DsPw1uNXTpD7Bg==,type:str]
hosts: ENC[AES256_GCM,data:j7+Ua5G8dePL5GO+Tf8+hnoJsSfKo2z4I0OcVfSyJ3dc6yyYZVho8iG9bqPAqVR5d7SJr391zCLMJp/jRDpDFLkzQB54udVKI8ob0C2w2xBznPZJsC7qZMptQ+n4IHO1ZROSi/vBadCUfEWKNO9e8gsroBYmliy/31M5IlA85Vx6q4Zx0qIFylfIhBDto3jD2DRcbjWP8NvjJcY7YLrN2sv8RR7QqX1q+0ZxpgFhg+W+a5Dz8JBVsPEdjNJqFAKAmUGKXf4bpEIS5lLUxxZweizEiWgo4nYJgA0kqVYEOiErOPgtpnBKiJlR+fLGuVwdGxVOUMvttZtyIgHc4CWgOJ0h67h4eVii+zeLn0GPJl3i2g5bjOArHKLfkKGduqii4n/1p9VvVTAOn5dj0/NtD2JNJF9kUDr1nMyMa1xA35gzv1vp/U55L6ZU/BRpBPzka6i8nGnCkDVdoUG0DKhN9ooXRpUS9L+W1iz480fzb6i/tfmlhx7Ms1T9VybYFkGLNkxnsrt5Oc24o0XD5/A1j8bJgNWo6aWSA748ZWtN0mXDzB5sH4TVtaZAGlyU9r/x5oCuWPN2qhZ8d2i7g5rceZW5ang/uyXNt8Le5cKvLw3Rhf4BTFhQ6+VJ4/SpdfnLZ17djjbwZO1DT5Nb0RUObcilcwbmUwqvmLbcrdmsfQMOcetRwFpIdoX6MjkRiC1WZ4cz8bMU7ArnK/n15dsIdaiiUfuOJAiBYut1PaJBoZDe8pXzOE6U1s57sejUf1T7NHp2epyevCAYuVG71dAFLn1oLM+FWXuBm6ogFLujoFh7XCVVqdf6j348/ekzBxDIemzS4G1+zflG3AteLWcslGVTNmx0rb3GlSHGNVNZoeHvYAHIIEyWpY4Yd01R8RhjrFXQo9comnpoQXSlFDvuUGTxuUpsariAof4wKLdpqj8Dc4ZaDvd1pAGVh7RBqR4rn4kClbWUVcSFy7QWs9T5Sw0fU/bLL76N6x9Y44P5NQLAJvZ0z8rhIPl0u8OwIhhEwkhWdFLSulk/N7+DVqrRpj7bB5hB8jZWspsl44IdiZWY3UPs7zs=,iv:3q4FYxDWPGyMqeKoSTRxSPvqZXzwg/NeHZh70d38HYM=,tag:jA8/5yi74/mOuu/b83WEeg==,type:str]
sops:
age:
- recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMG1wWDcrSjN0NjEzY05q
YVBWbXJ1ZTlMYkdxZmRMakNZdm9qQnFxYzBFClMzS3RUVzM1aVRoazhXNkxwZFdv
OVVIQWlWS0dLS2puN0ZZVjNwaGpWeE0KLS0tIGtaVWJoZmN3bnFtbWt6RmhvUnpK
NnlaM2VmdnRVQitxUXZueGxXeWdhQlkK99cfnUusVZO/icWY2pDLExVveLtf1xPp
43QVMMWTnkF8fS1SyM6KT7T12gFOeCIxa06IDKs1AIvuOuaq6OxEhw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYU1MR2w4Njh2cVBocmJq
YkxvSmVsWDdGT0h0S3NSbDYxb21EVTlxT21nCjB3WlVmK0hkR1B6Z2lhbndvNFdC
aE9YMHphU1JoV2hwZ0RITXhHZnJmeTAKLS0tIDk4akc0T1FvbURLRFpXNHlRQ3Vx
TUZMTENMbVNjeVFxMGVSc2FpZ0dXcDgKcacaFS2diAKeKwmVz7KghKjkNI2ij4Ns
fYSd8sq/bEDTvn1wNpF1zLmzX9jmoXc5iORuRKaYcT8OaoUX7SsFvQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SjlaZGdmNWZOKzRUYU5B
NlpDeEREOUlkamhINnREeVFoYUJqSkNlc1U0CkU2QUpBTi9DUDI0RmV3M3U3Vmgv
UTJ5ZXBlaEcxeUtzUjcwcGw0MG9xKzAKLS0tIFpWeHRMWDlDekVMOWtLWFR2S05y
MHNUYUlJVHc4cnRwdGpKYXJOUE9ydWcKrJmvP3y+xVMGvS17iIzAzrKjvO4LAFOH
mQV2c2WwZpNFYb63zwKKVxxRsTMCZjQviMXywCB7GRuUk1/aCEjZyA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNlhkZzFoa21tR244dVJ0
cXJWbDA0eVBrZWU4QVRVQm85bVVScFdYbHdnCjRWQWRNajIyQ0JoYTFFQ3RsOFA4
cTZGNVhCN2k0NHBMb1Z4VmVqRzNjbEkKLS0tIFhJTVBCM0E4dTkweld6WUx5Z1hQ
WXdwVFJ3cXQzUnFPUnV2NzdqcWwwZkkKqS9IQpB/MjnsVQ4IfIRtH6FESzLkdHq/
GJnMHt0VcLt/gYrz+lrPc1ecQwNvVGH2Qt++BbSJxUFftoDLdEMlig==
-----END AGE ENCRYPTED FILE-----
- recipient: age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMlUrWnFoZGZuZi8yVUJW
R1lJeUYydHZCMWZFeTZBNGVVRDQxTmlGZ0RjCmVKZ3BocEVLTUl3M1VoWjRvTi96
SzNaWUIrUkxpVjZPVytJTmNEV2g5SkkKLS0tIDlyY1E4T1cxSXNuZDFtT3lhdFVl
c2pDd2hCUE9RWHRCN1pXZ2prRk9iNFEKFWnDpPTFbi/l+aJnILF5NWwXLdpzzA7P
RWoYja2qWNyIH8+6p+hazvezEVOpGECK5EVCH1dkLv52utuznmwsYg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcVZPWVNBc1pFWm8zN3hm
M1RtenlCbGl3Q0xhWlRWN1BmOUNDK3I0cVQwCk82Vm5IcmZZeVRBdlVUb0NtTXdz
QTlVMEhCWkpJN0JOM09mSGtqbzl5ZUkKLS0tIE4vTGhEQlRDZ1Vma0VEQ0xtcU9V
MitPc29VYUV3UmJSNXdmMUhwck9MOXMKLXHEKpNvzModiTR1Q6cE1xKSGewV/9PJ
rEbTgsa0E9C4vm5sDKjSjuvpSF9tNOSByf5So5kzX0ZTxgjdTjsFbw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMkZ6dC84cHY5ZGtOd0cv
RERqSXI3ejB2andMcldDVmp2SjNVc1hzZlIwCmVoWEFwMXdtVUU3dTVZZ05mRkhB
Z2ZCMnY3SUlkV0xRQUVlUDE3VE1aTzgKLS0tIHdiYXh1aE5nb3FSZTlpdVNZOUlF
ZEpsL25rcGFZaXBaTXFKbjd2UFpYRzQKNytlpy3cD1OC3FOSfSADjMMzD9qcsLrg
A4w6NqhU8E1DJBln/AiElZ58AhzAb5okPsKRGWMQSb73XN0pLLRwXw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeUlIL2QxQlhGN3RqOFZR
K1p1bjc5R00yclEzL0hYY0c2OFJhRmN4Y0JvCkpIL0Q4Y1Nic3pFYjNIM1hMK2w2
cFNGNVhHcW85R2loZ3JveVVZNGptd1kKLS0tIGYvYjlTMzRzUUNlM3padDJHNkFm
VGJHL2c4Z05pTWlxellFMG4rRlp1MkUK4mwb2jMlfHb0ISInZKwbm9+EqBzWfZNU
+L/WahvTo4Fe9uSOJffpSMleH0ZJS35loCJE5WIdmGnRQB6Mw7LWag==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4M1hKditZLytKeVErbit5
UEwyQW13bG1jakphRVA1WEd0WUtFa0I1UUc0ClV6NlUwRkZpZlhmY2t4RVliVExK
a2k4RkFFampEUUFkQVhvSWJwd1JPVVEKLS0tIDVzdGV4NFFveStkVUROWE1mUHAz
Z3R3MTRIRVZPc0pNVVhHYWhaSXdtbW8KorG+7fRAt1RT1fUD8Z4b2CJaIwCb+1br
Wt1E8hWeYVoHGnZuuJgrorv/GnqpRDkMrXix/qqGKuBlAgTDab5eYg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR3FWcElFL2RBRmdFS1cy
emRTM201a1ltWndUcDJ5RXptd1RTNHdvWXpNCkxBTXZCNUxvd1dXMDhHK0ZFVUI1
c2VkRlJJbDNYSzF0djJXN0J4YXltam8KLS0tIEFTZjdWd0NQTVEyU1Q4UCtQVGhy
K3VUdlpjd0M3RVBHOVVjc04yZzV4UkUKcB8r+FiqZqwsxj40hCtVePnfIZ3S8DFR
tgSRDMp8eEm6vXHbbf49E/cpV4iBwVel9zAe64tYs7atk9dcgMmOpw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTDRWRUJNelRPMitSTm1H
U1FTY0xsTXZrWnF2VXdsQWNLcE5zeHJ6bGg4CkRZckY3Q0hBNTgxMUVDdUh3YWZS
STgwOEZ5cGFkVHFEOWNnNjNONDZIZm8KLS0tIGg1TUZjbmQ5MFU2bG1sZFcycnRR
cDVwRVIxeTVmcmJLekpXcG13cTZJVG8KwXR0NOiHcd0njWwRWzEyGf0vb1kXp766
FhBxX0RoUToq/UgTQGBWvEODrZTnNd/zXr1J8gA1TeacTEbkoWEkpA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TkVLUnFDMnVoT3BUM0kr
ZU5hZE1teGF1M21SbmY5MHZTMytKeWpkYnk0CmkwNXlBMDR1cEp2MkZPeWUyU0hZ
Wlp4SFIwZUNQa25BRENsYWNoZmZoNjQKLS0tIEtIU3NRVS94SW80VXVGZy9hRkNQ
QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUwxenU2aFN5My9wcHpu
c2prSCtvbW4xanlxZGhDT1dpT0V2ZUtmcGlvCkNrRkJ2OXVOSFhFcGxSYUdJMHBn
M2VydHhVSW5MWTdvTW8vSWlXT3ZnV1UKLS0tIGpydEc5TXNpdXc4czVvNk54K0JO
RTlDblJHcUczdmtOdGc4VjUrYk1PTWMKVM07fdDfLWf4T3ELq8G4jsPhR4ZukOjP
SATCHMTn3wG4qeGTI4R+4m4iqa3k7CFJUJapmBNHqXWOZeO5w9IonA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SUtkZysyMU05Q0tlSHZh
V21acktNUTA1SjBMNFJtcE9XVHVFWWFvcEhNCm9hRFY3QjZkTk05UTJXZkpyTytE
N01WS3E1TERmcVlCTEluT2RoODR0RFUKLS0tIHpoNmkxNlc0YmcvTHBZNUZPRks0
VkdKMUVOemNhUnpYSFFocnZRQmxPaUEKgCne7JJRIuvFtDMtaqO21IKjRoDW8D+3
V5tGfZOQADuef3n8ZG1j5t1OtNNBu4PjpxZynGx3/nR7+FThsK4vMg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-25T02:54:23Z"
mac: ENC[AES256_GCM,data:nIOwiSAT3YCRabbPwfO2XBFhb/qH5cFLsMUQUCUa7trBnLeerzWLpngB96T0ZkDmsVsdJLhfv5ZWWZlgIg+K9uIww+DzvK48B3+EyVpNCJ4cDfgz3gZXlnp41Eu8LSklQ+sk9lVFEbHNPPhbTliXma9Kr1ldkdP035lQmYXUz6Y=,iv:sp7oiTUvO/FchubMlCuaaWDpNO9+aLIyehjS9+8pEPw=,tag:/PvIJTM17nFi5YIq0b1LyQ==,type:str]
lastmodified: "2025-11-02T00:42:02Z"
mac: ENC[AES256_GCM,data:0rYURFETR06JRNY/vE89jEI+dovFNxsjSOalf1Id3H+yzl4UYdsHN1T3mD1EfssFwCloBxOo+188RkUe7JlNV7hC+tvO3nBrDNuqjzFBQu/IHEz+nTI3mwB7ZsywubvFMG65dohM8H9hB2bUXSSqtEUpFEiz7Ugn2BfGyex4BbI=,iv:vFJk6mz60d6CzSetd+bNvxTEWfGBPaBS4sYj/AiYbq4=,tag:2nHBGQ5P3mxLyzllvstBqg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

19
system/boot/boot.nix
View File

@@ -38,17 +38,9 @@ in {
};
systemd-boot = mkOption {
type = types.bool;
default = !cfg.grub.enable;
default = true;
description = "Does the system use systemd-boot?";
};
grub = {
enable = mkEnableOption "Does the system use GRUB? (Disables systemd-boot)";
device = mkOption {
type = types.str;
description = "The GRUB device";
default = "";
};
};
zfs = {
enable = mkEnableOption "Enables ZFS";
pools = mkOption {
@@ -59,17 +51,10 @@ in {
};
config.boot = {
initrd.kernelModules = lib.lists.singleton (
if config.mySystem.hardware.amdgpu.enable
then "amdgpu"
else "i915"
);
initrd.kernelModules = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
loader = {
systemd-boot.enable = cfg.systemd-boot;
efi.canTouchEfiVariables = cfg.systemd-boot;
grub = mkIf cfg.grub.enable {
inherit (cfg.grub) enable device;
};
};
supportedFilesystems = mkIf cfg.zfs.enable ["zfs"];
zfs.extraPools = mkIf cfg.zfs.enable cfg.zfs.pools;

4
system/default.nix
View File

@@ -36,9 +36,5 @@ in {
boot.tmp.cleanOnBoot = true;
time.timeZone = cfg.timezone;
console.keyMap = cfg.keymap;
services = {
orca.enable = false;
envfs.enable = true;
};
};
}

22
system/dev/docker.nix
View File

@@ -9,21 +9,23 @@ with lib; let
in {
options.mySystem.dev.docker = {
enable = mkEnableOption "Enable Docker";
extraDaemonSettings = mkOption {
type = types.nullOr (types.attrsOf types.str);
default = {};
example = {
data-root = "/custom/path";
};
};
podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support";
autoprune.enable = mkEnableOption "Enable autoprune";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs;
[
dive # A tool for exploring each layer in a docker image
grype # Vulnerability scanner for container images and filesystems
]
++ lists.optionals cfg.podman.enable [
podman-compose
podman-desktop
];
config = {
environment.systemPackages = mkIf cfg.podman.enable [
pkgs.podman-desktop
pkgs.podman-compose
];
virtualisation = mkIf cfg.enable {
docker = mkIf (!cfg.podman.enable) {
enable = true;

4
system/hardware/input/corne.nix → system/hardware/corne.nix
View File

@@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.hardware.input.corne;
cfg = config.mySystem.hardware.corne;
in {
options.mySystem.hardware.input.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
options.mySystem.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
config.services.udev = mkIf cfg.allowHidAccess {
extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"

6
system/hardware/default.nix
View File

@@ -1,8 +1,12 @@
{lib, ...}:
{
imports = [
./amdgpu.nix
./bluetooth.nix
./corne.nix
./ibm-trackpoint.nix
./opentablet.nix
./sound.nix
./input
];
hardware.enableRedistributableFirmware = lib.mkDefault true;
}

4
system/hardware/input/ibm-trackpoint.nix → system/hardware/ibm-trackpoint.nix
View File

@@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.hardware.input.ibmTrackpoint;
cfg = config.mySystem.hardware.ibmTrackpoint;
in {
options.mySystem.hardware.input.ibmTrackpoint.disable = mkEnableOption "Disable IBMs trackpoint on ThinkPad";
options.mySystem.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBMs trackpoint on ThinkPad";
config.services.udev = mkIf cfg.disable {
extraRules = ''
ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""

8
system/hardware/input/default.nix
View File

@@ -1,8 +0,0 @@
{
imports = [
./corne.nix
./ibm-trackpoint.nix
./opentablet.nix
./trackball.nix
];
}

3
system/hardware/input/trackball.nix
View File

@@ -1,3 +0,0 @@
{
services.libinput.mouse.middleEmulation = true;
}

4
system/hardware/input/opentablet.nix → system/hardware/opentablet.nix
View File

@@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.hardware.input.opentablet;
cfg = config.mySystem.hardware.opentablet;
in {
options.mySystem.hardware.input.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
options.mySystem.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
config.hardware.opentabletdriver = mkIf cfg.enable {
inherit (cfg) enable;
daemon.enable = true;

9
system/network/tailscale.nix
View File

@@ -12,12 +12,5 @@ in {
default = true;
};
};
config.services.tailscale = {
enable = cfg.enable;
extraSetFlags = [
"--accept-dns"
"--accept-routes"
"--ssh"
];
};
config.services.tailscale.enable = cfg.enable;
}

14
system/packages/steam.nix
View File

@@ -17,20 +17,6 @@ in {
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true;
extraCompatPackages = [pkgs.proton-ge-bin];
package = pkgs.steam.override {
extraEnv = {
MANGOHUD = true;
OBS_VKCAPTURE = true;
RADV_TEX_ANISO = 16;
};
extraLibraries = p: with p; [atk];
extraPkgs = pkgs:
with pkgs; [
qt5.qtmultimedia
qt5.qtbase
libpulseaudio
];
};
};
gamescope = {
enable = true;

5
system/services/ssh.nix
View File

@@ -18,14 +18,9 @@ in {
example = true;
default = false;
};
port = mkOption {
type = types.int;
default = 22;
};
};
config.services.openssh = mkIf cfg.enable {
inherit (cfg) enable;
ports = [cfg.port];
settings = {
AllowUsers = cfg.allowedUsers;
PermitRootLogin = "no";

85
system/services/traefik.nix
View File

@@ -7,52 +7,57 @@ with lib; let
cfg = config.mySystem.services.traefik;
in {
options.mySystem.services.traefik = {
enable = mkEnableOption "Enable Traefik";
dataDir = mkOption {
type = types.path;
default = "/tank/traefik";
};
enable = mkEnableOption "Enable Traefikse";
email = mkOption {
type = types.str;
default = "";
default = "lucien@phundrak.com";
example = "admin@example.com";
};
envFiles = mkOption {
type = types.listOf types.path;
example = ["/run/secrets/traefik.env"];
default = [];
};
dynConf = mkOption {
type = types.path;
example = "/var/traefik/dynamic.yaml";
};
};
config.services.traefik = {
inherit (cfg) enable;
dynamicConfigFile = "${cfg.dataDir}/dynamic_config.toml";
staticConfigOptions = {
api.dashboard = true;
log = {
level = "INFO";
filePath = "${cfg.dataDir}/traefik.log";
format = "json";
};
accessLog.filePath = "${cfg.dataDir}/access.log";
entryPoints = {
http = {
address = ":80";
asDefault = true;
http.redirections.entrypoint = {
to = "https";
scheme = "https";
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [80 443];
services.traefik = {
inherit (cfg) enable;
environmentFiles = cfg.envFiles;
dynamicConfigFile = cfg.dynConf;
staticConfigOptions = {
log = {
level = "WARN";
filePath = "/var/log/traefik/traefik.log";
};
accessLog.filePath = "/var/log/traefik/access.log";
api.dashboard = true;
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure.address = ":443";
};
certificatesResolvers.cloudflare.acme = {
inherit (cfg) email;
storage = "/var/lib/traefik/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
propagation.delayBeforeChecks = 60;
};
};
https = {
address = ":443";
asDefault = true;
httpChallenge.entryPoint = "https";
};
};
providers.docker = {
endpoint = "unix:///var/run/docker.sock";
exposedByDefault = false;
};
certificatesResolvers.cloudflare.acme = {
inherit (cfg) email;
storage = "${cfg.dataDir}/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
providers.docker = {
endpoint = "unix:///var/run/docker.sock";
exposedByDefault = false;
};
};
};

2
system/users/phundrak.nix
View File

@@ -21,7 +21,7 @@ in {
phundrak = mkIf cfg.phundrak.enable {
isNormalUser = true;
description = "Lucien Cartier-Tilet";
extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input"];
extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys;
};

2
users/modules/cli/scripts/askpass.nix
View File

@@ -1,3 +1,3 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "askpass" ''
${pkgs.rofi}/bin/rofi -dmenu -password -no-fixed-num-lines -p $(printf \"$*\" | sed 's/://')''
${pkgs.wofi}/bin/wofi -d -P -L 1 -p "$(printf $1 | sed s/://)"''

18
users/modules/cli/scripts/rofi-emoji.nix Normal file
View File

@@ -0,0 +1,18 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "rofi-emoji" ''
SELECTED_EMOJI=$(grep -v "#" ~/.config/emoji | ${pkgs.wofi}/bin/wofi --dmenu -p "Select emoji" -i | awk '{print $1}' | tr -d '\n')
if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
printf "%s" "$SELECTED_EMOJI" | ${pkgs.wl-clipboard-rs}/bin/wl-copy
else
printf "%s" "$SELECTED_EMOJI" | ${pkgs.xclip}/bin/xclip -sel clip
fi
if [ "$XDG_SESSION_TYPE" = "wayland" ]
then EMOJI=$(${pkgs.wl-clipboard-rs}/bin/wl-paste)
else EMOJI=$(${pkgs.xclip}/bin/xclip -o)
fi
test -z "$EMOJI" && notify-send "No emoji copied" -u low && exit
EMOJI="$EMOJI copied to clipboard"
${pkgs.libnotify}/bin/notify-send -u low "$EMOJI"
''

4
users/modules/cli/scripts/ytplay.nix
View File

@@ -1,6 +1,6 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "ytplay" ''
URL=$(rofi -dmenu -i -p "Video URL")
URL=$(${pkgs.wofi}/bin/wofi --dmenu -i -p "Video URL")
if [ -z "$URL" ]; then
echo "You need to provide a URL"
exit 1
@@ -9,7 +9,7 @@ pkgs.writeShellScriptBin "ytplay" ''
grep -E "webm.*[0-9]+x[0-9]" | \
awk '{print $3 " " $1}' | \
sort -gu | \
rofi -dmenu -i -p "Resolution")
${pkgs.wofi}/bin/wofi --dmenu -i -p "Resolution")
mapfile -t RESOLUTION <<< "$RESOLUTION_CHOICE"
RESOLUTION_CODE=''${RESOLUTION[0]}
${pkgs.mpv}/bin/mpv --ytdl-format="''${RESOLUTION_CODE}+bestaudio/best" "$URL"

75
users/modules/desktop/caelestia.nix
View File

@@ -1,75 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.home.desktop.caelestia;
in {
options.home.desktop.caelestia.enable = mkEnableOption "Enables Caelestia Shell";
config.programs.caelestia = mkIf cfg.enable {
inherit (cfg) enable;
systemd = {
enable = true;
target = "graphical-session.target";
environment = [
"QT3_QPA_PLATFORMTHEME=gtk3"
];
};
settings = {
paths.wallpaperDir = "~/Pictures/Wallpapers/nord";
general = {
apps = {
terminal = ["kitty"];
audio = ["pavucontrol"];
playback = ["mpv"];
explorer = ["${pkgs.nemo-with-extensions}/bin/nemo"];
};
idle = {
timeouts = [
{
timeout = 300;
idleAction = "lock";
}
];
};
};
background = {
desktopClock.enabled = true;
visualiser.enabled = true;
};
dashboard = {
enabled = true;
showOnHover = true;
};
launcher = {
enabled = true;
showOnHover = true;
useFuzzy = {
apps = true;
schemes = true;
wallpapers = true;
};
};
bar = {
status = {
showAudio = true;
showKbLayout = false;
};
tray.compact = true;
};
services.gpuType = "amd";
session.commands = {
logout = ["uwsm" "stop"];
shutdown = ["systemctl" "poweroff"];
hibernate = ["systemctl" "hibernate"];
reboot = ["systemctl" "reboot"];
};
};
cli = {
enable = true;
settings.theme.enableGtk = true;
};
};
}

11
users/modules/desktop/default.nix
View File

@@ -7,20 +7,17 @@ with lib; let
cfg = config.home.desktop;
in {
imports = [
./caelestia.nix
./emoji.nix
./eww.nix
./hyprland.nix
./kdeconnect.nix
./kitty.nix
./obs.nix
./qt.nix
./rofi
./spotify.nix
./swaync.nix
./theme.nix
./waybar.nix
./wlr-which-key.nix
./wlsunset.nix
./wofi.nix
];
options.home.desktop.fullDesktop = mkEnableOption "Enable options for graphical environments";
@@ -31,9 +28,5 @@ in {
kitty.enable = mkDefault cfg.fullDesktop;
obs.enable = mkDefault cfg.fullDesktop;
qt.enable = mkDefault cfg.fullDesktop;
rofi.enable = mkDefault cfg.fullDesktop;
spotify.enable = mkDefault cfg.fullDesktop;
spotify.spicetify.enable = mkDefault cfg.fullDesktop;
wlr-which-key.enable = mkDefault cfg.fullDesktop;
};
}

4739
users/modules/desktop/emoji.nix Normal file
View File

File diff suppressed because it is too large Load Diff

153
users/modules/desktop/hyprland.nix
View File

@@ -6,14 +6,13 @@
}:
with lib; let
cfg = config.home.desktop.hyprland;
rofi-emoji = import ../cli/scripts/rofi-emoji.nix {inherit pkgs;};
laptops = ["gampo"];
caelestiaEnabled = config.home.desktop.caelestia.enable;
in {
imports = [
./swaync.nix
./waybar.nix
./wlsunset.nix
./hyprpaper.nix
];
options.home.desktop.hyprland = {
@@ -35,24 +34,23 @@ in {
config = mkIf cfg.enable {
home.desktop = {
hyprpaper.enable = mkDefault (! caelestiaEnabled);
rofi.enable = mkDefault true;
swaync.enable = mkDefault (! caelestiaEnabled);
swaync.enable = mkDefault true;
waybar = {
enable = mkDefault (! caelestiaEnabled);
enable = mkDefault true;
battery = mkDefault (builtins.elem cfg.host laptops);
};
wlsunset.enable = mkDefault true;
wofi.enable = mkDefault true;
};
services.blueman-applet.enable = ! caelestiaEnabled;
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
systemd.enable = false;
importantPrefixes = ["$left" "$right" "$up" "$down" "$menu"];
settings = {
input = {
kb_layout = "fr,us";
kb_variant = "bepo_afnor,";
kb_layout = "fr";
kb_variant = "bepo_afnor";
# kb_options = "caps:ctrl_modifier";
numlock_by_default = true;
follow_mouse = 1;
@@ -82,11 +80,11 @@ in {
new_status = "inherit";
};
workspace = [
"10, layoutopt:orientation:bottom"
"4, layoutopt:orientation:bottom"
"1, layoutopt:orientation:bottom"
];
decoration = {
rounding = 20;
rounding = 5;
};
animations = {
enabled = true;
@@ -103,25 +101,119 @@ in {
pseudotile = true;
preserve_split = true;
};
exec-once =
[
"pactl load-module module-switch-on-connect"
"${pkgs.mpc}/bin/mpc stop"
"${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"
]
++ lib.lists.optional (! caelestiaEnabled) "${pkgs.networkmanagerapplet}/bin/nm-applet";
exec-once = [
"pactl load-module module-switch-on-connect"
"${pkgs.mpc}/bin/mpc stop"
"${pkgs.networkmanagerapplet}/bin/nm-applet"
];
};
extraConfig = ''
$left = c
$right = r
$up = s
$down = t
$menu = rofi -combi-modi drun,calc -show combi
$menu = ${pkgs.wofi}/bin/wofi --show drun
bind = SUPER, Return, exec, ${pkgs.kitty}/bin/kitty ${pkgs.tmux}/bin/tmux
bind = SUPER, Space, exec, ${pkgs.wlr-which-key}/bin/wlr-which-key
bind = , Print, exec, ${pkgs.wlr-which-key}/bin/wlr-which-key -k s
bind = SUPER, Space, submap, leader
bind = , Print, submap, screenshot
submap = leader
bind = , l, exec, plock
bind = , l, submap, reset
bind = , a, submap, apps
bind = , b, submap, buffers
bind = , w, submap, windows
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = apps
bind = , b, exec, zen
bind = , b, submap, reset
bind = SHIFT, b, exec, qutebrowser
bind = SHIFT, b, submap, reset
bind = , d, exec, vesktop
bind = , d, submap, reset
bind = , e, exec, ${cfg.emacsPkg}/bin/emacsclient -c -n
bind = , e, submap, reset
bind = , g, exec, ${pkgs.gimp}/bin/gimp
bind = , g, submap, reset
bind = , n, exec, ${pkgs.nemo}/bin/nemo
bind = , n, submap, reset
bind = , r, submap, rofi
bind = , u, exec, $menu
bind = , u, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = buffers
bind = , d, killactive,
bind = , d, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = resize
binde = , $left, resizeactive, -10 0
binde = , $right, resizeactive, 10 0
binde = , $up, resizeactive, 0 -10
binde = , $down, resizeactive, 0 10
bind = , q, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = rofi
bind = , e, exec, ${rofi-emoji}/bin/rofi-emoji
bind = , e, submap, reset
bind = , r, exec, $menu
bind = , r, submap, reset
bind = , y, exec, ytplay
bind = , y, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = screenshot
bind = , Print, exec, screenshot
bind = , Print, submap, reset
bind = , d, exec, screenshot -d 3
bind = , d, submap, reset
bind = Shift, d, exec, screenshot -sced 3
bind = Shift, d, submap, reset
bind = , e, exec, screenshot -sec
bind = , e, submap, reset
bind = , s, exec, screenshot -s
bind = , s, submap, reset
bind = Shift, s, exec, screenshot -sc
bind = Shift, s, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = windows
bind = , period, submap, resize
bind = , $left, movefocus, l
bind = , $left, submap, reset
bind = , $right, movefocus, r
bind = , $right, submap, reset
bind = , $up, movefocus, u
bind = , $up, submap, reset
bind = , $down, movefocus, d
bind = , $down, submap, reset
bind = SHIFT, $left, movewindow, l
bind = SHIFT, $left, submap, reset
bind = SHIFT, $right, movewindow, r
bind = SHIFT, $right, submap, reset
bind = SHIFT, $up, movewindow, u
bind = SHIFT, $up, submap, reset
bind = SHIFT, $down, movewindow, d
bind = SHIFT, $down, submap, reset
bind = CTRL_SHIFT, $left, moveworkspacetomonitor, e+0 +1
bind = CTRL_SHIFT, $left, submap, reset
bind = CTRL_SHIFT, $right, moveworkspacetomonitor, e+0 -1
bind = CTRL_SHIFT, $right, submap, reset
bind = , d, killactive,
bind = , d, submap, reset
bind = , f, fullscreen,
bind = , f, submap, reset
bind = SHIFT, f, togglefloating,
bind = SHIFT, f, submap, reset
bind = , escape, submap, reset
bind = CTRL, g, submap, reset
submap = reset
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioPause, exec, playerctl pause
bindl = , XF86AudioStop, exec, playerctl stop
@@ -135,17 +227,22 @@ in {
bindl = , XF86MonBrightnessDown, exec, xbacklight -perceived -dec 2
bindl = , XF86KbdBrightnessUp, exec, xbacklight -perceived -inc 2
bindl = , XF86KbdBrightnessDown, exec, xbacklight -perceived -dec 2
bind = SUPER, a, exec, hyprctl switchxkblayout glove80-keyboard next
bind = SUPER, $left, movefocus, l
bind = SUPER, $right, movefocus, r
bind = SUPER, $up, movefocus, u
bind = SUPER, $down, movefocus, d
bind = SUPER_SHIFT, $left, movewindow, l
bind = SUPER_SHIFT, $left, submap, reset
bind = SUPER_SHIFT, $right, movewindow, r
bind = SUPER_SHIFT, $right, submap, reset
bind = SUPER_SHIFT, $up, movewindow, u
bind = SUPER_SHIFT, $up, submap, reset
bind = SUPER_SHIFT, $down, movewindow, d
bind = SUPER_SHIFT, $down, submap, reset
bind = SUPER_CTRL_SHIFT, $left, moveworkspacetomonitor, e+0 +1
bind = SUPER_CTRL_SHIFT, $left, submap, reset
bind = SUPER_CTRL_SHIFT, $right, moveworkspacetomonitor, e+0 -1
bind = SUPER_CTRL_SHIFT, $right, submap, reset
bind = SUPER, Tab, cyclenext,
bind = SUPER_SHIFT, Tab, cyclenext, prev
bindm = SUPER, mouse:272, movewindow
@@ -174,5 +271,17 @@ in {
bind = SUPER_SHIFT, asterisk, movetoworkspace, 10
'';
};
services = {
blueman-applet.enable = true;
hyprpaper = {
enable = true;
settings = {
ipc = "on";
splash = false;
preload = "/home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
wallpaper = ", /home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
};
};
};
};
}

88
users/modules/desktop/hyprpaper.nix
View File

@@ -1,88 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.home.desktop.hyprpaper;
in {
options.home.desktop.hyprpaper = {
enable = mkEnableOption "Enables Hyprpaper";
default = mkOption {
type = types.str;
default = "/home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
example = "/home/user/image.jpg";
};
wallpapers-dir = mkOption {
type = types.str;
default = "/home/phundrak/Pictures/Wallpapers/nord/";
example = "/home/user/Pictures/";
};
rotation-interval = mkOption {
type = types.str;
default = "5m";
example = "10m";
description = "Interval between wallpaper rotations";
};
};
config = mkIf cfg.enable {
services.hyprpaper = {
inherit (cfg) enable;
settings = {
ipc = "on";
splash = false;
preload = cfg.default;
wallpaper = ", ${cfg.default}";
};
};
systemd.user = {
services.hyprpaper-rotation = {
Unit = {
Description = "Rotate Hyprpaper wallpaper";
After = "graphical-session.target";
};
Service = {
Type = "oneshot";
ExecCondition = "${pkgs.procps}/bin/pidof Hyprland";
ExecStart = "${config.home.homeDirectory}/.config/hypr/hyprpaper-rotate.sh";
};
};
timers.hyprpaper-rotation = {
Unit = {
Description = "Timer for rotating Hyprpaper wallpaper";
};
Timer = {
OnBootSec = cfg.rotation-interval;
OnUnitActiveSec = cfg.rotation-interval;
};
Install = {
WantedBy = ["timers.target"];
};
};
};
home.file.".config/hypr/hyprpaper-rotate.sh" = {
text = ''
#!/usr/bin/env bash
set -euo pipefail
WALLPAPER_DIR="${cfg.wallpapers-dir}"
# Find a random wallpaper
WP=$(find "$WALLPAPER_DIR" -type f \( -iname "*.jpg" -o -iname "*.jpeg" -o -iname "*.png" \) | shuf -n 1)
if [ -z "$WP" ]; then
echo "No wallpapers found in $WALLPAPER_DIR"
exit 1
fi
echo "Setting wallpaper to: $WP"
# Load and set the wallpaper
${pkgs.hyprland}/bin/hyprctl hyprpaper preload "$WP" && ${pkgs.hyprland}/bin/hyprctl hyprpaper wallpaper ",$WP"
'';
executable = true;
};
};
}

107
users/modules/desktop/rofi/default.nix
View File

@@ -1,107 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.home.desktop.rofi;
inherit (config.lib.formats.rasi) mkLiteral;
in {
options.home.desktop.rofi = {
enable = mkEnableOption "Enable Rofi";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [rofi-bluetooth];
programs.rofi = {
enable = true;
plugins = with pkgs; [
rofi-calc
rofi-emoji
];
terminal = "${pkgs.kitty}/bin/kitty";
location = "center";
modes = ["drun" "emoji" "calc" "combi"];
extraConfig.show-icons = true;
theme = {
"*" = {
font = "Cascadia Code 14";
blur = true;
padding = mkLiteral "10px";
background-color = mkLiteral "transparent";
border-radius = mkLiteral "0px";
};
window = {
width = mkLiteral "1050px";
height = mkLiteral "625px";
location = mkLiteral "center";
blur = true;
border = mkLiteral "2px";
border-radius = mkLiteral "3px";
border-color = mkLiteral "#61afef";
background-color = mkLiteral "transparent";
padding = mkLiteral "0px";
margin = mkLiteral "30px 50px";
};
mainbox = {
orientation = mkLiteral "horizontal";
children = map mkLiteral ["borderbox"];
spacing = mkLiteral "0px";
padding = mkLiteral "0px";
};
borderbox = {
orientation = mkLiteral "horizontal";
children = map mkLiteral ["imagebox" "contentbox"];
padding = mkLiteral "0px";
spacing = mkLiteral "0px";
border-radius = mkLiteral "3px";
};
contentbox = {
orientation = mkLiteral "vertical";
children = map mkLiteral ["entry" "listview"];
spacing = mkLiteral "0px";
padding = mkLiteral "0px";
expand = true;
};
imagebox = {
background-image = mkLiteral "url(\"${./image.jpg}\")";
background-repeat = false;
size = mkLiteral "200px 625px";
};
element = {
border-radius = mkLiteral "0px";
};
"element-text, element-icon" = {
padding = mkLiteral "6px 8px";
spacing = mkLiteral "2px";
text-color = mkLiteral "#fab387";
};
"element selected" = {
background-color = mkLiteral "#191919";
text-color = mkLiteral "#e5c07b";
border-radius = mkLiteral "3px";
};
prompt = {
enabled = false;
background-color = mkLiteral "transparent";
text-color = mkLiteral "#61afef";
padding = mkLiteral "5px 10px";
};
entry = {
padding = mkLiteral "8px";
expand = false;
font = "Cascadia Code 14";
text-color = mkLiteral "#fab387";
border-radius = mkLiteral "0px 3px 0px 0px";
background-color = mkLiteral "#292e36";
};
listview = {
lines = mkLiteral "1";
background-color = mkLiteral "rgba(46, 52, 64, 0.8)";
border-radius = mkLiteral "0px 0px 3px 0px";
padding = mkLiteral "5px";
};
};
};
};
}

BIN
users/modules/desktop/rofi/image.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 228 KiB

25
users/modules/desktop/spotify.nix
View File

@@ -1,25 +0,0 @@
{
pkgs,
config,
lib,
inputs,
...
}:
with lib; let
cfg = config.home.desktop.spotify;
system = pkgs.stdenv.hostPlatform.system;
spicePkgs = inputs.spicetify.legacyPackages.${system};
in {
options.home.desktop.spotify = {
enable = mkEnableOption "Enable Spotify";
spicetify.enable = mkEnableOption "Enable Spicetify";
};
config.programs = mkIf cfg.enable {
spotify-player.enable = cfg.enable;
spicetify = mkIf cfg.spicetify.enable {
inherit (cfg.spicetify) enable;
theme = spicePkgs.themes.sleek;
colorScheme = "Nord";
};
};
}

26
users/modules/desktop/theme.nix
View File

@@ -1,26 +0,0 @@
{
pkgs,
config,
...
}: {
gtk = {
enable = true;
colorScheme = "dark";
iconTheme = {
name = "Nordzy-icons";
package = pkgs.nordzy-icon-theme;
};
theme = {
package = pkgs.nordic;
name = "Nordic";
};
};
home.pointerCursor = {
enable = true;
gtk.enable = true;
hyprcursor.enable = config.home.desktop.hyprland.enable;
name = "Nordzy-cursors";
package = pkgs.nordzy-cursor-theme;
};
qt.enable = true;
}

189
users/modules/desktop/wlr-which-key.nix
View File

@@ -1,189 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
literalExpression
mkIf
mkOption
mkEnableOption
types
;
cfg = config.home.desktop.wlr-which-key;
yamlFormat = pkgs.formats.yaml {};
# Convert kebab-case to snake_case
toSnakeCase = str: builtins.replaceStrings ["-"] ["_"] str;
# Recursively filter out null values and convert kebab-case keys to snake_case
filterNulls = value:
if lib.isAttrs value
then lib.mapAttrs' (n: v: lib.nameValuePair (toSnakeCase n) (filterNulls v)) (lib.filterAttrs (n: v: v != null) value)
else if lib.isList value
then map filterNulls value
else value;
menuEntryType = types.submodule {
freeformType = yamlFormat.type;
options = with types; {
key = mkOption {
type = str;
example = "p";
};
desc = mkOption {
type = str;
example = "Power";
};
cmd = mkOption {
type = nullOr str;
default = null;
example = "echo example";
};
keep-open = mkOption {
type = nullOr bool;
default = null;
example = true;
};
submenu = mkOption {
type = nullOr (listOf menuEntryType);
default = null;
example = literalExpression ''
[
{ key = "s"; desc = "Suspend"; cmd = "systemctl suspend"; }
{ key = "r"; desc = "Reboot"; cmd = "systemctl reboot"; }
{ key = "o"; desc = "Poweroff"; cmd = "systemctl poweroff"; }
]
'';
};
};
};
settingsType = types.submodule {
freeformType = yamlFormat.type;
options = with types; {
background = mkOption {
type = nullOr str;
default = null;
example = "#282828FF";
};
color = mkOption {
type = nullOr str;
default = null;
example = "#FBF1C7FF";
};
border = mkOption {
type = nullOr str;
default = null;
example = "#8EC07CFF";
};
anchor = mkOption {
type = nullOr (enum ["center" "top" "bottom" "left" "right" "top-left" "top-right" "bottom-left" "bottom-right"]);
default = null;
example = "top-left";
};
margin-top = mkOption {
type = nullOr int;
default = null;
example = "0";
};
margin-right = mkOption {
type = nullOr int;
default = null;
example = "0";
};
margin-bottom = mkOption {
type = nullOr int;
default = null;
example = "0";
};
margin-left = mkOption {
type = nullOr int;
default = null;
example = "0";
};
font = mkOption {
type = nullOr str;
default = null;
example = "monospace 10";
};
separator = mkOption {
type = nullOr str;
default = null;
example = " ";
};
border-width = mkOption {
type = nullOr (either float int);
default = null;
example = 4.0;
};
corder-r = mkOption {
type = nullOr (either float int);
default = null;
example = 20.0;
};
padding = mkOption {
type = nullOr (either float int);
default = null;
example = 15.0;
};
rows-per-column = mkOption {
type = nullOr int;
default = null;
example = 5;
};
column-padding = mkOption {
type = nullOr (either float int);
default = null;
example = 25.0;
};
inhibit-compositor-keyboard-shortcuts = mkOption {
type = bool;
default = true;
example = false;
};
auto_kbd_layout = mkOption {
type = bool;
default = true;
example = false;
};
namespace = mkOption {
type = nullOr str;
default = null;
example = "wlr_which_key";
};
menu = mkOption {
type = listOf menuEntryType;
default = [];
example = literalExpression ''
[
{
key = "p";
desc = "Power";
submenu = [
{ key = "s"; desc = "Suspend"; cmd = "systemctl suspend"; }
{ key = "r"; desc = "Reboot"; cmd = "systemctl reboot"; }
{ key = "o"; desc = "Poweroff"; cmd = "systemctl poweroff"; }
];
}
]
'';
};
};
};
in {
options.home.desktop.wlr-which-key = {
enable = mkEnableOption "Enables wlr-which-key";
package = lib.mkPackageOption pkgs "wlr-which-key" {};
settings = mkOption {
type = settingsType;
default = {};
description = "Configuration written to {file}`$XDG_CONFIG_HOME/wlr-which-key/config.yaml`.";
};
};
config = mkIf cfg.enable {
xdg.configFile = {
"wlr-which-key/config.yaml".source = yamlFormat.generate "wlr-which-key-config.yml" (filterNulls cfg.settings);
};
};
}

76
users/modules/desktop/wofi.nix Normal file
View File

@@ -0,0 +1,76 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.desktop.wofi;
in {
options.home.desktop.wofi.enable = mkEnableOption "Enable wofi support";
config.programs.wofi = mkIf cfg.enable {
inherit (cfg) enable;
settings = {
modi = "ssh,drun,combi";
sidebar-mode = false;
width = 50;
line-margin = 10;
lines = 6;
columns = 2;
display-ssh = "";
display-run = "";
display-drun = "";
display-window = "";
display-combi = "";
show-icons = true;
};
# from https://github.com/alxndr13/wofi-nord-theme
style = ''
* {
font-family: "Hack", monospace;
}
window {
background-color: #3B4252;
}
#input {
margin: 5px;
border-radius: 0px;
border: none;
background-color: #3B4252;
color: white;
}
#inner-box {
background-color: #383C4A;
}
#outer-box {
margin: 2px;
padding: 10px;
background-color: #383C4A;
}
#scroll {
margin: 5px;
}
#text {
padding: 4px;
color: white;
}
#entry:nth-child(even){
background-color: #404552;
}
#entry:selected {
background-color: #4C566A;
}
#text:selected {
background: transparent;
}
'';
};
}

9
users/modules/dev/ai/claude.nix
View File

@@ -1,7 +1,8 @@
{
config,
lib,
pkgs,
inputs,
system,
...
}:
with lib; let
@@ -9,11 +10,7 @@ with lib; let
in {
options.home.dev.ai.claude.enable = mkEnableOption "Enables Claude-related packages";
config = mkIf cfg.enable {
home.packages = let
claude-jj = pkgs.writeShellScriptBin "claude-jj" ''
${pkgs.claude-code}/bin/claude --append-system-prompt 'CRITICAL: This repository uses Jujutsu (jj), NOT git. Never use git commands. Use jj equivalents. See CLAUDE.md.' "$@"
'';
in [claude-jj];
home.packages = [inputs.claude-desktop.packages.${system}.claude-desktop-with-fhs];
programs.claude-code = {
inherit (cfg) enable;
};

10
users/modules/dev/ai/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -13,11 +12,8 @@ in {
];
options.home.dev.ai.enable = mkEnableOption "Enables AI features";
config.home = mkIf cfg.enable {
dev.ai = {
ollama.enable = mkDefault cfg.enable;
claude.enable = mkDefault cfg.enable;
};
packages = [pkgs.lmstudio];
config.home.dev.ai = mkIf cfg.enable {
ollama.enable = mkDefault cfg.enable;
claude.enable = mkDefault cfg.enable;
};
}

16
users/modules/dev/ai/ollama.nix
View File

@@ -16,17 +16,11 @@ in {
};
};
config = {
services.ollama = mkIf cfg.enable {
inherit (cfg) enable;
acceleration = cfg.gpu;
host = "0.0.0.0";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "8192";
OLLAMA_MAX_LOADED_MODELS = "1";
OLLAMA_KEEP_ALIVE = "10m";
};
config.services.ollama = mkIf cfg.enable {
inherit (cfg) enable;
acceleration = cfg.gpu;
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "8192";
};
home.sessionVariables.OLLAMA_API_BASE = "http://${config.services.ollama.host}:11434/";
};
}

19
users/modules/dev/editors/emacs.nix
View File

@@ -6,11 +6,10 @@
}:
with lib; let
emacsDefaultPackage = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
epkgs:
with epkgs; [
mu4e
pdf-tools
]
epkgs: [
epkgs.mu4e
epkgs.pdf-tools
]
));
cfg = config.home.dev.editors.emacs;
in {
@@ -26,10 +25,7 @@ in {
};
config = {
home.packages = with pkgs; [
emacs-all-the-icons-fonts
emacs-lsp-booster
];
home.packages = [pkgs.emacs-all-the-icons-fonts];
programs.emacs = mkIf cfg.enable {
enable = true;
inherit (cfg) package;
@@ -37,12 +33,7 @@ in {
services.emacs = mkIf cfg.service {
enable = true;
inherit (cfg) package;
defaultEditor = true;
startWithUserSession = "graphical";
client = {
enable = true;
arguments = ["-c" "-a" "${cfg.package}/bin/emacs"];
};
};
xdg.desktopEntries.mu4e = mkIf cfg.mu4eMime {

8
users/modules/dev/vcs/jujutsu.nix
View File

@@ -29,8 +29,8 @@ in {
sshKey = mkOption {
type = with types; nullOr (either path str);
example = "~/.ssh/id_ed25519.pub";
default = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
description = "Path to the private SSH key for signing.";
default = "~/.ssh/id_ed25519.pub";
description = "Path to the public SSH key or its content.";
};
};
};
@@ -54,8 +54,8 @@ in {
behavior = "own";
backend = "ssh";
key = cfg.signing.sshKey;
backends.ssh.allowed-signers = "${config.home.homeDirectory}/.ssh/allowed_signers";
backends.ssh.program = "${pkgs.openssh}/bin/ssh-keygen";
backends."ssh.allowed-signers" = "~/.ssh/allowed_signers";
backends."ssh.program" = "${pkgs.openssh}/bin/ssh-keygen";
};
aliases = {
blame = ["file" "annotate"];

7
users/modules/security/gpg.nix
View File

@@ -11,7 +11,10 @@ in {
enable = mkEnableOption "Enable GPG";
pinentry.package = mkOption {
type = types.package;
default = pkgs.pinentry-gnome3;
default =
if config.home.dev.editors.emacs.enable
then pkgs.pinentry-emacs
else pkgs.pinentry-gtk2;
};
};
config = mkIf cfg.enable {
@@ -22,7 +25,7 @@ in {
};
services.gpg-agent = {
enable = true;
enableSshSupport = false;
enableSshSupport = true;
pinentry.package = cfg.pinentry.package;
};
};

27
users/modules/shell/default.nix
View File

@@ -4,7 +4,7 @@
...
}:
with lib; let
defaultAliases = {
aliases = {
df = "df -H";
diskspace = "sudo df -h | grep -E \"sd|lv|Size\"";
du = "du -ch";
@@ -40,16 +40,6 @@ with lib; let
dcud = "docker compose up -d";
dcudp = "docker compose up -d --pull=always";
dcr = "docker compose restart";
pc = "podman compose";
pcd = "podman compose down";
pcl = "podman compose logs";
pclf = "podman compose logs -f";
pcp = "podman compose pull";
pcu = "podman compose up";
pcud = "podman compose up -d";
pcudp = "podman compose up -d --pull=always";
pcr = "podman compose restart";
enw = "emacsclient -nw";
e = "emacsclient -n -c";
@@ -81,26 +71,19 @@ in {
./zsh.nix
./zoxide.nix
];
options.home.shell = {
fullDesktop = mkEnableOption "Enable all shells";
aliases = mkOption {
type = types.attrsOf types.str;
default = {};
example = {la = "ls -a";};
};
};
options.home.shell.fullDesktop = mkEnableOption "Enable all shells";
config.home.shell = {
enableShellIntegration = cfg.bash.enable or cfg.zsh.enable or cfg.fish.enable;
bash = {
aliases = cfg.aliases // defaultAliases;
aliases = mkDefault aliases;
enable = mkDefault cfg.fullDesktop;
};
fish = {
abbrs = cfg.aliases // defaultAliases;
abbrs = mkDefault aliases;
enable = mkDefault cfg.fullDesktop;
};
zsh = {
abbrs = cfg.aliases // defaultAliases;
abbrs = mkDefault aliases;
enable = mkDefault cfg.fullDesktop;
};
};

76
users/modules/shell/starship.nix
View File

@@ -19,58 +19,30 @@ in {
inherit (cfg) enable;
enableTransience = true;
settings = mkIf cfg.jjIntegration {
# Disabling these so they can be enabled conditionally
# See https://github.com/jj-vcs/jj/wiki/Starship
git_status.disabled = true;
git_commit.disabled = true;
git_metrics.disabled = true;
git_branch.disabled = true;
custom = let
when = "! jj --ignore-working-copy-root";
description = "Only show if were not in a jj repository";
style = "";
in {
git_status = {
inherit when description style;
command = "starship module git_status";
};
git_commit = {
inherit when description style;
command = "starship module git_commit";
};
git_metrics = {
inherit when description style;
command = "starship module git_metrics";
};
git_branch = {
inherit when description style;
command = "starship module git_branch";
};
jj = {
description = "The current jj status";
detect_folders = [".jj"];
symbol = "🥋 ";
command = ''
jj log --revisions @ --no-graph --ignore-working-copy --color always --limit 1 --template '
separate(" ",
change_id.shortest(4),
bookmarks,
"|",
concat(
if(conflict, "💥"),
if(divergent, "🚧"),
if(hidden, "👻"),
if(immutable, "🔒"),
),
raw_escape_sequence("\x1b[1;32m") ++ if(empty, "(empty)"),
raw_escape_sequence("\x1b[1;32m") ++ coalesce(
truncate_end(29, description.first_line(), ""),
"(no description set)",
) ++ raw_escape_sequence("\x1b[0m"),
)
'
'';
};
custom.jj = {
description = "The current jj status";
detect_folders = [".jj"];
symbol = "🥋 ";
command = ''
jj log --revisions @ --no-graph --ignore-working-copy --color always --limit 1 --template '
separate(" ",
change_id.shortest(4),
bookmarks,
"|",
concat(
if(conflict, "💥"),
if(divergent, "🚧"),
if(hidden, "👻"),
if(immutable, "🔒"),
),
raw_escape_sequence("\x1b[1;32m") ++ if(empty, "(empty)"),
raw_escape_sequence("\x1b[1;32m") ++ coalesce(
truncate_end(29, description.first_line(), ""),
"(no description set)",
) ++ raw_escape_sequence("\x1b[0m"),
)
'
'';
};
};
};

18
users/phundrak/config/waybar/config
View File

@@ -6,7 +6,7 @@
// "width": 1280, // Waybar width
"spacing": 2, // Gaps between modules (4px)
// Choose the order of the modules
"modules-left": ["hyprland/workspaces", "hyprland/language", "hyprland/submap", "hyprland/window"],
"modules-left": ["hyprland/workspaces", "hyprland/submap", "hyprland/window"],
"modules-center": [],
"modules-right": ["idle_inhibitor", "mpd", "pulseaudio", "network", "cpu",
"memory", "temperature", "battery", "clock", "tray"],
@@ -35,12 +35,16 @@
"unlocked": ""
}
},
{
"hyprland/language": {
"format": "Lang: {}",
"format-en": "gaming",
},
},
"sway/mode": {
"format": "<span style=\"italic\">{}</span>"
},
"sway/scratchpad": {
"format": "{icon} {count}",
"show-empty": false,
"format-icons": ["", ""],
"tooltip": true,
"tooltip-format": "{app}: {title}"
},
"mpd": {
"format": "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) ⸨{songPosition}|{queueLength}⸩ {volume}% ",
"format-disconnected": "Disconnected ",

4
users/phundrak/email.nix
View File

@@ -6,8 +6,8 @@
Sent from GNU/Emacs
@@@ Sauvez un arbre, mangez un castor @@@
@@@ Save a tree, eat a beaver @@@
*** Sauvez un arbre, mangez un castor ***
*** Save a tree, eat a beaver ***
'';
in {
home.file.".signature" = {

66
users/phundrak/home.nix
View File

@@ -1,49 +1,21 @@
{
pkgs,
config,
lib,
...
}: {
imports = [
./light-home.nix
./packages.nix
./email.nix
./wlr-which-key
../modules
];
config = let
emacsPackage = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
epkgs:
with epkgs; [
mu4e
pdf-tools
tree-sitter
tree-sitter-langs
(treesit-grammars.with-grammars (grammar:
with grammar; [
tree-sitter-bash
tree-sitter-c
tree-sitter-cpp
tree-sitter-css
tree-sitter-dockerfile
tree-sitter-http
tree-sitter-javascript
tree-sitter-jsdoc
tree-sitter-json
tree-sitter-just
tree-sitter-markdown
tree-sitter-markdown-inline
tree-sitter-nix
tree-sitter-rust
tree-sitter-sql
tree-sitter-toml
tree-sitter-typescript
tree-sitter-typst
tree-sitter-vue
tree-sitter-yaml
]))
]
emacsPkg = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
epkgs: [
epkgs.mu4e
epkgs.pdf-tools
]
));
askpass = import ../modules/cli/scripts/askpass.nix {inherit pkgs;};
launchWithEmacsclient = import ../modules/cli/scripts/launch-with-emacsclient.nix {
@@ -58,34 +30,18 @@
home = {
sessionVariables = {
EDITOR = "${emacsPkg}/bin/emacsclient -c -a ${emacsPkg}/bin/emacs";
LAUNCH_EDITOR = "${launchWithEmacsclient}/bin/launch-with-emacsclient";
SUDO_ASKPASS = "${askpass}/bin/askpass";
LSP_USE_PLISTS = "true";
OPENAI_API_URL = "http://localhost:1234/";
};
desktop.caelestia.enable = true;
dev = {
ai.claude.enable = true;
editors.emacs.package = emacsPackage;
vcs.jj.signing.enable = true;
};
desktop.waybar.style = ./config/waybar/style.css;
dev.ai.claude.enable = true;
fullDesktop = true;
file."${config.home.homeDirectory}/.ssh/allowed_signers" = {
enable = true;
text = lib.strings.join "\n" (
map (file: let
content = lib.strings.trim (builtins.readFile file);
parts = lib.strings.splitString " " content;
email = lib.lists.last parts;
in "${email} namespaces=\"git\" ${content}")
(lib.filesystem.listFilesRecursive ../../keys)
);
};
shell.fish.enable = true;
};
manual = {
html.enable = true;
manpages.enable = true;
};
manual.html.enable = true;
};
}

4
users/phundrak/host/marpa.nix
View File

@@ -2,9 +2,9 @@
imports = [../home.nix];
home = {
cli.nh.flake = "${config.home.homeDirectory}/.dotfiles";
dev.ai = {
dev.ai.ollama = {
enable = true;
ollama.gpu = "rocm";
gpu = "rocm";
};
desktop.hyprland.host = "marpa";
phundrak.sshKey = {

7
users/phundrak/host/naromk3.nix
View File

@@ -1,7 +0,0 @@
{
imports = [../light-home.nix];
home = {
cli.nh.flake = "/home/phundrak/.dotfiles";
phundrak.sshKey.content = builtins.readFile ../../../keys/id_naromk3.pub;
};
}

2
users/phundrak/host/tilo.nix
View File

@@ -1,7 +1,7 @@
{
imports = [../light-home.nix];
home = {
cli.nh.flake = "/tank/phundrak/.dotfiles";
cli.nh.flake = "/tank/phundrak/nixos";
phundrak.sshKey.content = builtins.readFile ../../../keys/id_tilo.pub;
};
}

1
users/phundrak/light-home.nix
View File

@@ -46,7 +46,6 @@ in {
username = "phundrak";
homeDirectory = "/home/phundrak";
packages = [pkgs.tree pkgs.ncdu];
preferXdgDirectories = true;
phundrak.sshKey.file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";

21
users/phundrak/packages.nix
View File

@@ -4,10 +4,7 @@
lib,
...
}:
with lib; let
system = pkgs.stdenv.hostPlatform.system;
in {
programs.bun.enable = true;
with lib; {
home.packages = with pkgs; [
# Terminal stuff
duf
@@ -30,6 +27,7 @@ in {
plexamp
plex-desktop
spicetify-cli
spotify
pavucontrol # Volume control
# Social
@@ -48,6 +46,7 @@ in {
watchmate
inputs.zen-browser.packages.${system}.default
inputs.pumo-system-info.packages.${system}.default
inputs.quickshell.packages.${system}.default
# Games
atlauncher
@@ -57,6 +56,9 @@ in {
moonlight-qt
# Gnome stuff
gnome-tweaks
gnomeExtensions.docker
gnomeExtensions.syncthing-indicator
gnomeExtensions.tray-icons-reloaded
gthumb
@@ -66,23 +68,18 @@ in {
gimpPlugins.gmic
# Dev
dbeaver-bin
devenv
nodejs
sqlite
dive # A tool for exploring each layer in a docker image
grype # Vulnerability scanner for container images and filesystems
tectonic # better LaTeX engine
wakatime-cli
zeal
## LSP servers
bash-language-server
docker-language-server
kdePackages.qtdeclarative # For QML LSP
nixd
nixfmt
marksman
nil # Nix
python3 # for Emacs and LSP
vscode-json-languageserver
yaml-language-server # Yaml (Docker, GitHub Actions, ...)
];
}

4
users/phundrak/wlr-which-key/center-window.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "center-window" ''
${pkgs.procps}/bin/pidof -x Hyprland && ${pkgs.hyprland}/bin/hyprctl dispatch centerwindow
''

4
users/phundrak/wlr-which-key/close-window.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "close-window" ''
${pkgs.procps}/bin/pidof -x Hyprland && ${pkgs.hyprland}/bin/hyprctl dispatch killactive
''

232
users/phundrak/wlr-which-key/default.nix
View File

@@ -1,232 +0,0 @@
{
config,
pkgs,
...
}: {
config.home.desktop.wlr-which-key.settings = {
font = "Cascadia Code 12";
background = "#3b4252d0";
color = "#eceff4";
border = "#2e3440";
border_width = 2;
corner_r = 10;
rows_per_column = 5;
column_padding = 25;
inhibit_compositor_keyboard_shortcuts = true;
auto_kbd_layout = true;
menu = let
left = "c";
down = "t";
up = "s";
right = "r";
center-window = import ./center-window.nix {inherit pkgs;};
close-window = import ./close-window.nix {inherit pkgs;};
float-window = import ./float-window.nix {inherit pkgs;};
focus-urgent = import ./focus-urgent.nix {inherit pkgs;};
fullscreen = import ./fullscreen.nix {inherit pkgs;};
logout = import ./logout.nix {inherit pkgs;};
ytplay = import ../../modules/cli/scripts/ytplay.nix {inherit pkgs;};
in [
{
key = "a";
desc = "Apps";
submenu = [
{
key = "b";
desc = "Browser";
cmd = "zen";
}
{
key = "B";
desc = "Qutebrowser";
cmd = "${pkgs.qutebrowser}/bin/qutebrowser";
}
{
key = "d";
desc = "Discord";
cmd = "${pkgs.vesktop}/bin/vesktop";
}
{
key = "e";
desc = "Emacs";
cmd = "${config.home.dev.editors.emacs.package}/bin/emacsclient -c -n";
}
{
key = "g";
desc = "Gimp";
cmd = "${pkgs.gimp}/bin/gimp";
}
{
key = "n";
desc = "Nemo";
cmd = "${pkgs.nemo-with-extensions}/bin/nemo";
}
{
key = "N";
desc = "Nextcloud";
cmd = "${pkgs.nextcloud-client}/bin/nextcloud";
}
{
key = "r";
desc = "Rofi";
submenu = [
{
key = "b";
desc = "Bluetooth";
cmd = "${pkgs.rofi-bluetooth}/bin/rofi-bluetooth";
}
{
key = "c";
desc = "calc";
cmd = "rofi -show calc";
}
{
key = "e";
desc = "Emoji";
cmd = "rofi -show emoji";
}
{
key = "r";
desc = "App Menu";
cmd = "rofi -show drun";
}
{
key = "s";
desc = "SSH";
cmd = "rofi -show ssh";
}
{
key = "y";
desc = "YouTube";
cmd = "${ytplay}/bin/ytplay";
}
];
}
];
}
{
key = "b";
desc = "Buffers";
submenu = [
{
key = "c";
desc = "Center";
cmd = "${center-window}/bin/center-window";
}
{
key = "d";
desc = "Close";
cmd = "${close-window}/bin/close-window";
}
{
key = "f";
desc = "Fullscreen";
cmd = "${fullscreen}/bin/fullscreen";
}
{
key = "F";
desc = "Float";
cmd = "${float-window}/bin/float-window";
}
{
key = "u";
desc = "Urgent";
cmd = "${focus-urgent}/bin/focus-urgent";
}
{
key = ".";
desc = "Resize";
submenu = [
{
key = left;
desc = "Decrease Width";
cmd = "echo decrease width";
keep-open = true;
}
{
key = down;
desc = "Increase Height";
cmd = "echo decrease height";
keep-open = true;
}
{
key = up;
desc = "Decrease Height";
cmd = "echo decrease height";
keep-open = true;
}
{
key = right;
desc = "Increase Width";
cmd = "echo increase width";
keep-open = true;
}
];
}
];
}
{
key = "p";
desc = "Power";
submenu = [
{
key = "l";
desc = "Logout";
cmd = "${logout}/bin/logout";
}
{
key = "s";
desc = "Suspend";
cmd = "systemctl suspend";
}
{
key = "r";
desc = "Reboot";
cmd = "systemctl reboot";
}
{
key = "o";
desc = "Poweroff";
cmd = "systemctl poweroff";
}
];
}
{
key = "s";
desc = "Screenshots";
submenu = [
{
key = "Print";
desc = "Screenshot";
cmd = "screenshot";
}
{
key = "d";
desc = "Delayed";
cmd = "screenshot -d 3";
}
{
key = "D";
desc = "Select, Delay, Edit, and Copy";
cmd = "screenshot -secd 3";
}
{
key = "e";
desc = "Select, Edit, and Copy";
cmd = "screenshot -sec";
}
{
key = "g";
desc = "Select, Gimp, and Copy";
cmd = "screenshot -sgc";
}
{
key = "s";
desc = "Select and Copy";
cmd = "screenshot -sc";
}
];
}
];
};
}

4
users/phundrak/wlr-which-key/float-window.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "float" ''
${pkgs.procps}/bin/pidof -x Hyprland && ${pkgs.hyprland}/bin/hyprctl dispatch togglefloating
''

4
users/phundrak/wlr-which-key/focus-urgent.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "focus-urgent" ''
${pkgs.procps}/bin/pidof -x Hyprland && ${pkgs.hyprland}/bin/hyprctl dispatch focusurgentorlast
''

4
users/phundrak/wlr-which-key/fullscreen.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "fullscreen" ''
${pkgs.procps}/bin/pidof -x Hyprland && ${pkgs.hyprland}/bin/hyprctl dispatch fullscreen
''

4
users/phundrak/wlr-which-key/logout.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}:
pkgs.writeShellScriptBin "logout" ''
${pkgs.procps}/bin/pidof -x Hyprland && uwsm stop
''