├── .envrc ├── .gitignore ├── README.md ├── flake.in.nix ├── flake.lock ├── flake.nix ├── hosts ├── README.md ├── bara │ ├── default.nix │ ├── hardware │ │ └── default.nix │ ├── sunshine-temp │ │ ├── default.nix │ │ ├── dont-build-webui.patch │ │ ├── package-lock.json │ │ └── systemd-udev-path.patch │ └── sunshine.nix ├── glint │ ├── default.nix │ ├── hardware │ │ ├── default.nix │ │ └── hardware-configuration.nix │ └── modules │ │ └── networking.nix ├── mane │ ├── default.nix │ ├── hardware │ │ └── default.nix │ └── modules │ │ ├── networking.nix │ │ └── ssh.nix ├── mera │ ├── default.nix │ ├── hardware │ │ ├── default.nix │ │ └── hardware-configuration.nix │ ├── modules │ │ ├── backup_to_sb1.nix │ │ ├── drawing-emoji.nix │ │ ├── impermanence.nix │ │ ├── matrix.nix │ │ ├── mpd.nix │ │ ├── networking.nix │ │ ├── nextcloud.nix │ │ ├── nginx-new.nix │ │ ├── postgres.nix │ │ ├── showcase-server.nix │ │ ├── ssh.nix │ │ ├── temp-slskd-module.nix │ │ ├── vm0.nix │ │ └── vpn-container.nix │ └── temppatch.patch └── ope │ ├── default.nix │ ├── hardware │ ├── default.nix │ ├── hardware-configuration.nix │ └── mesa.patch │ ├── modules │ ├── jellyfin.nix │ ├── networking.nix │ ├── ssh.nix │ ├── sunshine.nix │ ├── test.py │ ├── vm0.nix │ └── vpn-container.nix │ └── sunshine.patch ├── modules ├── display │ ├── greetd.nix │ └── hyprland │ │ ├── default.nix │ │ ├── icon.png │ │ ├── keyboard.xkb │ │ └── plugins │ │ ├── default.nix │ │ └── hyprlens.nix ├── misc │ ├── android.nix │ ├── assets.nix │ ├── bitwarden.nix │ ├── containers.nix │ ├── fonts.nix │ ├── games │ │ ├── bubble-wrap-game.nix │ │ ├── default.nix │ │ ├── retroarch.cfg │ │ └── srb2 │ │ │ └── ignore-cv-allow-lua.patch │ ├── gtk │ │ ├── adwaita-dark-amoled.nix │ │ ├── colloid-dark-edit.nix │ │ └── default.nix │ ├── impermanence.nix │ ├── microvm.nix │ ├── networking │ │ ├── hostnames.nix │ │ ├── networking.nix │ │ ├── notnft-ns.nix │ │ ├── server-microvm.nix │ │ └── vpn-client.nix │ ├── nixpak.nix │ ├── nur.nix │ ├── printers.nix │ ├── secrets │ │ └── default.nix │ ├── theme.nix │ ├── themes.nix │ ├── unfree.nix │ ├── users.nix │ ├── utils.nix │ ├── vm-temp.patch │ └── vm.nix ├── programs │ ├── alacritty │ │ └── default.nix │ ├── anyrun.nix │ ├── cli-utils.nix │ ├── code-server.nix │ ├── deluge.nix │ ├── direnv.nix │ ├── discord │ │ ├── default.nix │ │ ├── themes │ │ │ └── amoled-cord.css │ │ ├── vencord │ │ │ ├── declarative-settings.patch │ │ │ └── exported-settings.json │ │ └── webcord │ │ │ ├── config.json │ │ │ ├── custom-build.patch │ │ │ ├── screenshare-audio.nix │ │ │ └── unwritable-config.patch │ ├── firefox │ │ ├── addons.nix │ │ ├── default.nix │ │ ├── sidebery │ │ │ └── config.json │ │ ├── startpage.html │ │ └── userChrome.css │ ├── fish.nix │ ├── foot │ │ ├── default.nix │ │ └── transparent.patch │ ├── git.nix │ ├── gnome.nix │ ├── gui-utils.nix │ ├── mpv │ │ ├── default.nix │ │ ├── hm-mpv-fonts.nix │ │ ├── package.nix │ │ └── scripts │ │ │ ├── modern-x-compact.nix │ │ │ └── mp3-metadata.nix │ ├── neovim │ │ ├── config │ │ │ ├── init.lua │ │ │ ├── lsp │ │ │ │ ├── config.lua │ │ │ │ └── default.nix │ │ │ ├── lualine-nvim │ │ │ │ ├── config.lua │ │ │ │ └── default.nix │ │ │ ├── nvim-dap │ │ │ │ ├── config.lua │ │ │ │ └── default.nix │ │ │ └── telescope-nvim │ │ │ │ ├── config.lua │ │ │ │ └── default.nix │ │ ├── default.nix │ │ ├── flutter-tools-no-resolve.patch │ │ └── plugins.nix │ ├── nix.nix │ ├── ssh.nix │ ├── sunshine.nix │ └── transmission.nix └── services │ ├── emoji-drawing.nix │ ├── games │ ├── bad-time-simulator.nix │ └── minecraft.nix │ ├── mailserver │ └── default.nix │ ├── matrix │ ├── default.nix │ └── mautrix-gmessages │ │ ├── package.nix │ │ └── service.nix │ ├── postgres │ └── default.nix │ ├── showcase-server.nix │ └── waypipe.nix ├── secrets ├── bitwarden │ ├── config.nix │ └── credentials.age ├── config.nix ├── dpawn-auth │ ├── config.nix │ └── env.age ├── lastfm │ ├── config.nix │ └── flafydev.age ├── nextcloud │ └── ope │ │ ├── config.nix │ │ └── davfs.age ├── porkbun │ ├── api_key.age │ └── config.nix ├── restic │ └── sb1_backups │ │ ├── config.nix │ │ └── password.age ├── secrets.nix ├── slskd │ ├── config.nix │ └── credentials.age └── ssh-keys │ ├── bara │ ├── bara_to_ope │ │ ├── private.age │ │ └── public │ └── bara_wg_private │ │ ├── private.age │ │ └── public │ ├── glint │ ├── config.nix │ ├── glint_to_ope │ │ ├── private.age │ │ └── public │ ├── glint_wg_private │ │ ├── config.nix │ │ ├── private.age │ │ └── public │ └── glint_wg_vps │ │ ├── config.nix │ │ ├── private.age │ │ └── public │ ├── mane │ ├── config.nix │ ├── mane_wg_private │ │ ├── owner │ │ ├── private.age │ │ └── public │ ├── mane_wg_vpn │ │ ├── private.age │ │ └── public │ └── mane_wg_vps │ │ ├── private.age │ │ └── public │ ├── mera │ ├── config.nix │ ├── mera_to_ope │ │ ├── private.age │ │ └── public │ ├── mera_to_sb1 │ │ ├── private.age │ │ └── public │ ├── mera_wg_private │ │ ├── owner │ │ ├── private.age │ │ └── public │ ├── mera_wg_vpn │ │ ├── owner │ │ ├── private.age │ │ └── public │ └── mera_wg_vps │ │ ├── owner │ │ ├── private.age │ │ └── public │ ├── noro │ └── noro_to_ope │ │ └── public │ └── ope │ ├── config.nix │ ├── ope_flafydev_github │ ├── private.age │ └── public │ ├── ope_to_bara │ ├── private.age │ └── public │ ├── ope_to_glint │ ├── private.age │ └── public │ ├── ope_to_mac │ ├── private.age │ └── public │ ├── ope_to_mane │ ├── private.age │ └── public │ ├── ope_to_mera │ ├── private.age │ └── public │ ├── ope_to_sb1 │ ├── private.age │ └── public │ ├── ope_to_win │ ├── private.age │ └── public │ ├── ope_wg_private │ ├── config.nix │ ├── private.age │ └── public │ └── ope_wg_vps │ ├── config.nix │ ├── private.age │ └── public └── utils ├── color.nix ├── concat-paths.nix ├── default.nix ├── get-modules.nix ├── list-to-nested-attrset.nix ├── load-flake-package.nix ├── recursive-merge.nix └── secrets.nix /.envrc: -------------------------------------------------------------------------------- 1 | use flake -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | result 2 | *.qcow2 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NixOS Configuration 2 | All my machines are being managed by Nix with the code in this repository. 3 | This config uses [Combined Manager](https://github.com/FlafyDev/combined-manager). 4 | 5 | 6 | `hosts` - Machine specific configuration files. 7 | `modules` - Personalized nix modules. 8 | 9 | 10 | ### Declarative TODO 11 | - Firefox Extensions settings (Sidebery, remember bitwarden account, enable extensions by default) 12 | - Secrets (SSH keys) 13 | - Use as little Home Manager as possible 14 | 15 | -------------------------------------------------------------------------------- /flake.in.nix: -------------------------------------------------------------------------------- 1 | let 2 | combinedManager = import (builtins.fetchTarball { 3 | url = 4 | "https://github.com/flafydev/combined-manager/archive/18fb4f6fd42bb6cceb9fc095897c1deb43f20c37.tar.gz"; 5 | sha256 = "sha256:122m10sw1pm8zn6p4qyz7k4zrylibb4yvnsmyp6w23yy79zmrdhk"; 6 | }); 7 | in combinedManager.mkFlake { 8 | description = "NixOS configuration"; 9 | 10 | lockFile = ./flake.lock; 11 | 12 | initialInputs = { 13 | nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 14 | home-manager = { 15 | url = "github:nix-community/home-manager"; 16 | inputs.nixpkgs.follows = "nixpkgs"; 17 | }; 18 | flake-parts.url = "github:hercules-ci/flake-parts"; 19 | }; 20 | 21 | configurations = builtins.mapAttrs (host: cfg: 22 | cfg // { 23 | modules = [ 24 | ({ lib, ... }: { 25 | imports = (import ./utils { inherit lib; }).getModulesForHost host; 26 | }) 27 | ]; 28 | }) { 29 | ope.system = "x86_64-linux"; 30 | mera.system = "x86_64-linux"; 31 | mane.system = "x86_64-linux"; 32 | bara.system = "aarch64-linux"; 33 | glint.system = "x86_64-linux"; 34 | }; 35 | 36 | outputs = inputs@{ self, flake-parts, ... }: 37 | flake-parts.lib.mkFlake { inherit inputs; } { 38 | systems = [ "x86_64-linux" "aarch64-linux" ]; 39 | perSystem = { pkgs, ... }: { 40 | devShells.default = 41 | pkgs.mkShell { packages = [ pkgs.nixd pkgs.nil pkgs.nixfmt ]; }; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | # Do not modify! This file is generated. 2 | 3 | { 4 | description = "NixOS configuration"; 5 | inputs = { 6 | agenix = { 7 | inputs.nixpkgs.follows = "nixpkgs"; 8 | url = "github:ryantm/agenix"; 9 | }; 10 | anyrun = { 11 | inputs.nixpkgs.follows = "nixpkgs"; 12 | url = "github:kirottu/anyrun"; 13 | }; 14 | anyrun-nixos-options = { 15 | inputs.nixpkgs.follows = "nixpkgs"; 16 | url = "github:n3oney/anyrun-nixos-options/v1.0.1"; 17 | }; 18 | assets.url = "github:FlafyDev/assets"; 19 | bad-time-simulator = { 20 | flake = false; 21 | url = "github:flafydev/bad-time-simulator-compiled"; 22 | }; 23 | bufresize-nvim = { 24 | flake = false; 25 | url = "github:kwkarlwang/bufresize.nvim"; 26 | }; 27 | emoji-drawing.url = "github:flafydev/emoji-drawing"; 28 | flake-parts.url = "github:hercules-ci/flake-parts"; 29 | flake-registry = { 30 | flake = false; 31 | url = "github:nixos/flake-registry"; 32 | }; 33 | flakegen.url = "github:jorsn/flakegen"; 34 | flarrent = { 35 | inputs.nixpkgs.follows = "nixpkgs"; 36 | url = "github:flafydev/flarrent"; 37 | }; 38 | flutter-hooks-snippets = { 39 | flake = false; 40 | url = "github:devmuaz/flutter-hooks-snippets"; 41 | }; 42 | flutter-riverpod-snippets = { 43 | flake = false; 44 | url = "github:RobertBrunhage/flutter-riverpod-snippets"; 45 | }; 46 | guifetch.url = "github:flafydev/guifetch"; 47 | home-manager = { 48 | inputs.nixpkgs.follows = "nixpkgs"; 49 | url = "github:nix-community/home-manager"; 50 | }; 51 | hypr-dynamic-cursors = { 52 | inputs.hyprland.follows = "hyprland"; 53 | url = "github:VirtCode/hypr-dynamic-cursors"; 54 | }; 55 | hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; 56 | impermanence.url = "github:nix-community/impermanence"; 57 | microvm = { 58 | inputs.nixpkgs.follows = "nixpkgs"; 59 | url = "github:FlafyDev/microvm.nix/flafy-main"; 60 | }; 61 | mobile-nixos = { 62 | flake = false; 63 | url = "github:nixos/mobile-nixos/8f9ce9d7e7e71b2d018039332e04c5be78f0a6b7"; 64 | }; 65 | nix-gaming = { 66 | inputs.nixpkgs.follows = "nixpkgs"; 67 | url = "github:fufexan/nix-gaming"; 68 | }; 69 | nix-index-database = { 70 | inputs.nixpkgs.follows = "nixpkgs"; 71 | url = "github:Mic92/nix-index-database"; 72 | }; 73 | nix-minecraft.url = "github:infinidoge/nix-minecraft"; 74 | nix-super = { 75 | inputs.nixpkgs.follows = "nixpkgs"; 76 | url = "github:privatevoid-net/nix-super"; 77 | }; 78 | nixpak = { 79 | inputs.nixpkgs.follows = "nixpkgs"; 80 | url = "github:nixpak/nixpak"; 81 | }; 82 | nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 83 | nixpkgs-bara.url = "github:nixos/nixpkgs/684c17c429c42515bafb3ad775d2a710947f3d67"; 84 | nur.url = "github:nix-community/NUR"; 85 | showcase.url = "git+file:///home/flafy/repos/flafydev/showcase2"; 86 | tailwind-tools = { 87 | flake = false; 88 | url = "github:luckasRanarison/tailwind-tools.nvim"; 89 | }; 90 | transparent-nvim = { 91 | flake = false; 92 | url = "github:xiyaowong/transparent.nvim"; 93 | }; 94 | }; 95 | outputs = inputs: inputs.flakegen ./flake.in.nix inputs; 96 | } -------------------------------------------------------------------------------- /hosts/README.md: -------------------------------------------------------------------------------- 1 | ## Machine specific configuration files 2 | 3 | - [Ope](https://onepiece.fandom.com/wiki/Ope_Ope_no_Mi): PC, daily driver. 4 | - [Mera](https://onepiece.fandom.com/wiki/Mera_Mera_no_Mi): Lenovo laptop, home server. 5 | - [Mane](https://onepiece.fandom.com/wiki/Mane_Mane_no_Mi): Vultr VPS, reverse proxy for home server. 6 | - [Bara](https://onepiece.fandom.com/wiki/Bara_Bara_no_Mi): OnePlus 6, portable computer. (Mobile NixOS) 7 | - [Noro](https://onepiece.fandom.com/wiki/Noro_Noro_no_Mi): Redmi note 7, daily driver. (Android) 8 | 9 | -------------------------------------------------------------------------------- /hosts/bara/hardware/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | lib, 5 | ... 6 | }: { 7 | inputs = { 8 | mobile-nixos = { 9 | url = "github:nixos/mobile-nixos/8f9ce9d7e7e71b2d018039332e04c5be78f0a6b7"; 10 | # url = "github:nixos/mobile-nixos/master"; 11 | flake = false; 12 | }; 13 | nixpkgs-bara.url = "github:nixos/nixpkgs/684c17c429c42515bafb3ad775d2a710947f3d67"; 14 | # mobile-nixos-nixpkgs.url = "github:nixos/nixpkgs/684c17c429c42515bafb3ad775d2a710947f3d67"; 15 | # mobile-nixos-home-manager = { 16 | # url = "github:nix-community/home-manager/8c350c2069ac3eed6344fa62e3249afa0ce2728c"; 17 | # inputs.nixpkgs.follows = "nixpkgs"; 18 | # }; 19 | }; 20 | 21 | # os.nixpkgs.overlays = [ 22 | # (_final: prev: let 23 | # baraPkgs = import inputs.nixpkgs-bara { 24 | # inherit (prev) system; 25 | # }; 26 | # in { 27 | # inherit (baraPkgs) mesa; 28 | # }) 29 | # ]; 30 | 31 | osModules = [ 32 | (import "${inputs.mobile-nixos}/lib/configuration.nix" {device = "oneplus-enchilada";}) 33 | ]; 34 | 35 | unfree.allowed = [ 36 | "oneplus-sdm845-firmware-xz" 37 | "oneplus-sdm845-firmware" 38 | ]; 39 | 40 | os = { 41 | hardware = { 42 | sensor.iio.enable = true; 43 | 44 | bluetooth.enable = true; 45 | pulseaudio.enable = lib.mkDefault true; 46 | }; 47 | mobile = { 48 | boot.stage-1.networking.enable = true; 49 | beautification = { 50 | silentBoot = lib.mkDefault true; 51 | splash = lib.mkDefault true; 52 | }; 53 | }; 54 | networking = { 55 | # mkDefault to help out users wanting pipewire 56 | networkmanager.enable = true; 57 | wireless.enable = false; 58 | 59 | # Ensures any rndis config from stage-1 is not clobbered by NetworkManager 60 | networkmanager.unmanaged = ["rndis0" "usb0"]; 61 | }; 62 | powerManagement.enable = true; 63 | }; 64 | } 65 | -------------------------------------------------------------------------------- /hosts/bara/sunshine-temp/default.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , stdenv 3 | , fetchFromGitHub 4 | , autoPatchelfHook 5 | , makeWrapper 6 | , buildNpmPackage 7 | , cmake 8 | , avahi 9 | , libevdev 10 | , libpulseaudio 11 | , xorg 12 | , libxcb 13 | , openssl 14 | , libopus 15 | , boost 16 | , pkg-config 17 | , libdrm 18 | , wayland 19 | , libffi 20 | , libcap 21 | , mesa 22 | , curl 23 | , pcre 24 | , pcre2 25 | , libuuid 26 | , libselinux 27 | , libsepol 28 | , libthai 29 | , libdatrie 30 | , libxkbcommon 31 | , libepoxy 32 | , libva 33 | , libvdpau 34 | , libglvnd 35 | , numactl 36 | , amf-headers 37 | , intel-media-sdk 38 | , svt-av1 39 | , vulkan-loader 40 | , libappindicator 41 | , libnotify 42 | , miniupnpc 43 | , config 44 | , cudaSupport ? config.cudaSupport 45 | , cudaPackages ? { } 46 | }: 47 | let 48 | stdenv' = if cudaSupport then cudaPackages.backendStdenv else stdenv; 49 | in 50 | stdenv'.mkDerivation rec { 51 | pname = "sunshine"; 52 | version = "0.22.0"; 53 | 54 | src = fetchFromGitHub { 55 | owner = "LizardByte"; 56 | repo = "Sunshine"; 57 | rev = "v${version}"; 58 | sha256 = "sha256-O9U4zP1o6yWtzk+2DW7ueimvsTuajLY8IETlvCT4jTE="; 59 | fetchSubmodules = true; 60 | }; 61 | 62 | patches = [ 63 | # remove npm install as it needs internet access -- handled separately below 64 | ./dont-build-webui.patch 65 | # revert https://github.com/LizardByte/Sunshine/pull/2046 - let cmake install handle udev and systemd files 66 | ./systemd-udev-path.patch 67 | ]; 68 | 69 | # build webui 70 | ui = buildNpmPackage { 71 | inherit src version; 72 | pname = "sunshine-ui"; 73 | npmDepsHash = "sha256-jAZUu2CfcqhC2xMiZYpY7KPCRVFQgT/kgUvSI+5Cpkc="; 74 | 75 | # use generated package-lock.json as upstream does not provide one 76 | postPatch = '' 77 | cp ${./package-lock.json} ./package-lock.json 78 | ''; 79 | 80 | installPhase = '' 81 | mkdir -p $out 82 | cp -r * $out/ 83 | ''; 84 | }; 85 | 86 | nativeBuildInputs = [ 87 | cmake 88 | pkg-config 89 | autoPatchelfHook 90 | makeWrapper 91 | ] ++ lib.optionals cudaSupport [ 92 | cudaPackages.autoAddOpenGLRunpathHook 93 | ]; 94 | 95 | buildInputs = [ 96 | avahi 97 | libevdev 98 | libpulseaudio 99 | xorg.libX11 100 | libxcb 101 | xorg.libXfixes 102 | xorg.libXrandr 103 | xorg.libXtst 104 | xorg.libXi 105 | openssl 106 | libopus 107 | boost 108 | libdrm 109 | wayland 110 | libffi 111 | libevdev 112 | libcap 113 | libdrm 114 | curl 115 | pcre 116 | pcre2 117 | libuuid 118 | libselinux 119 | libsepol 120 | libthai 121 | libdatrie 122 | xorg.libXdmcp 123 | libxkbcommon 124 | libepoxy 125 | libva 126 | libvdpau 127 | numactl 128 | mesa 129 | amf-headers 130 | svt-av1 131 | libappindicator 132 | libnotify 133 | miniupnpc 134 | ] ++ lib.optionals cudaSupport [ 135 | cudaPackages.cudatoolkit 136 | ] ++ lib.optionals stdenv.isx86_64 [ 137 | intel-media-sdk 138 | ]; 139 | 140 | runtimeDependencies = [ 141 | avahi 142 | mesa 143 | xorg.libXrandr 144 | libxcb 145 | libglvnd 146 | ]; 147 | 148 | cmakeFlags = [ 149 | "-Wno-dev" 150 | ]; 151 | 152 | postPatch = '' 153 | # fix hardcoded libevdev path 154 | substituteInPlace cmake/compile_definitions/linux.cmake \ 155 | --replace '/usr/include/libevdev-1.0' '${libevdev}/include/libevdev-1.0' 156 | 157 | substituteInPlace packaging/linux/sunshine.desktop \ 158 | --replace '@PROJECT_NAME@' 'Sunshine' \ 159 | --replace '@PROJECT_DESCRIPTION@' 'Self-hosted game stream host for Moonlight' 160 | ''; 161 | 162 | preBuild = '' 163 | # copy webui where it can be picked up by build 164 | cp -r ${ui}/build ../ 165 | ''; 166 | 167 | # allow Sunshine to find libvulkan 168 | postFixup = lib.optionalString cudaSupport '' 169 | wrapProgram $out/bin/sunshine \ 170 | --set LD_LIBRARY_PATH ${lib.makeLibraryPath [ vulkan-loader ]} 171 | ''; 172 | 173 | postInstall = '' 174 | install -Dm644 ../packaging/linux/${pname}.desktop $out/share/applications/${pname}.desktop 175 | ''; 176 | 177 | passthru.updateScript = ./updater.sh; 178 | 179 | meta = with lib; { 180 | description = "Sunshine is a Game stream host for Moonlight"; 181 | homepage = "https://github.com/LizardByte/Sunshine"; 182 | license = licenses.gpl3Only; 183 | mainProgram = "sunshine"; 184 | maintainers = with maintainers; [ devusb ]; 185 | platforms = platforms.linux; 186 | }; 187 | } 188 | -------------------------------------------------------------------------------- /hosts/bara/sunshine-temp/dont-build-webui.patch: -------------------------------------------------------------------------------- 1 | diff --git a/cmake/targets/common.cmake b/cmake/targets/common.cmake 2 | index 3dd629e..acec58d 100644 3 | --- a/cmake/targets/common.cmake 4 | +++ b/cmake/targets/common.cmake 5 | @@ -37,8 +37,4 @@ endif() 6 | 7 | target_compile_options(sunshine PRIVATE $<$:${SUNSHINE_COMPILE_OPTIONS}>;$<$:${SUNSHINE_COMPILE_OPTIONS_CUDA};-std=c++17>) # cmake-lint: disable=C0301 8 | 9 | -#WebUI build 10 | -add_custom_target(web-ui ALL 11 | - WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" 12 | - COMMENT "Installing NPM Dependencies and Building the Web UI" 13 | - COMMAND bash -c \"npm install && SUNSHINE_SOURCE_ASSETS_DIR=${SUNSHINE_SOURCE_ASSETS_DIR} SUNSHINE_ASSETS_DIR=${CMAKE_BINARY_DIR} npm run build\") # cmake-lint: disable=C0301 14 | + 15 | -------------------------------------------------------------------------------- /hosts/bara/sunshine.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , stdenv 3 | , fetchFromGitHub 4 | , autoPatchelfHook 5 | , makeWrapper 6 | , buildNpmPackage 7 | , cmake 8 | , avahi 9 | , libevdev 10 | , libpulseaudio 11 | , xorg 12 | , libxcb 13 | , openssl 14 | , libopus 15 | , boost 16 | , pkg-config 17 | , libdrm 18 | , wayland 19 | , libffi 20 | , libcap 21 | , mesa 22 | , curl 23 | , pcre 24 | , pcre2 25 | , libuuid 26 | , libselinux 27 | , libsepol 28 | , libthai 29 | , libdatrie 30 | , libxkbcommon 31 | , libepoxy 32 | , libva 33 | , libvdpau 34 | , libglvnd 35 | , numactl 36 | , amf-headers 37 | , intel-media-sdk 38 | , svt-av1 39 | , vulkan-loader 40 | , libappindicator 41 | , libnotify 42 | , miniupnpc 43 | , config 44 | , cudaSupport ? config.cudaSupport 45 | , cudaPackages ? { } 46 | }: 47 | let 48 | stdenv' = if cudaSupport then cudaPackages.backendStdenv else stdenv; 49 | in 50 | stdenv'.mkDerivation rec { 51 | pname = "sunshine"; 52 | version = "0.22.0"; 53 | 54 | src = fetchFromGitHub { 55 | owner = "LizardByte"; 56 | repo = "Sunshine"; 57 | rev = "v${version}"; 58 | sha256 = "sha256-O9U4zP1o6yWtzk+2DW7ueimvsTuajLY8IETlvCT4jTE="; 59 | fetchSubmodules = true; 60 | }; 61 | 62 | patches = [ 63 | # remove npm install as it needs internet access -- handled separately below 64 | ./dont-build-webui.patch 65 | # revert https://github.com/LizardByte/Sunshine/pull/2046 - let cmake install handle udev and systemd files 66 | ./systemd-udev-path.patch 67 | ]; 68 | 69 | # build webui 70 | ui = buildNpmPackage { 71 | inherit src version; 72 | pname = "sunshine-ui"; 73 | npmDepsHash = "sha256-jAZUu2CfcqhC2xMiZYpY7KPCRVFQgT/kgUvSI+5Cpkc="; 74 | 75 | # use generated package-lock.json as upstream does not provide one 76 | postPatch = '' 77 | cp ${./package-lock.json} ./package-lock.json 78 | ''; 79 | 80 | installPhase = '' 81 | mkdir -p $out 82 | cp -r * $out/ 83 | ''; 84 | }; 85 | 86 | nativeBuildInputs = [ 87 | cmake 88 | pkg-config 89 | autoPatchelfHook 90 | makeWrapper 91 | ] ++ lib.optionals cudaSupport [ 92 | cudaPackages.autoAddOpenGLRunpathHook 93 | ]; 94 | 95 | buildInputs = [ 96 | avahi 97 | libevdev 98 | libpulseaudio 99 | xorg.libX11 100 | libxcb 101 | xorg.libXfixes 102 | xorg.libXrandr 103 | xorg.libXtst 104 | xorg.libXi 105 | openssl 106 | libopus 107 | boost 108 | libdrm 109 | wayland 110 | libffi 111 | libevdev 112 | libcap 113 | libdrm 114 | curl 115 | pcre 116 | pcre2 117 | libuuid 118 | libselinux 119 | libsepol 120 | libthai 121 | libdatrie 122 | xorg.libXdmcp 123 | libxkbcommon 124 | libepoxy 125 | libva 126 | libvdpau 127 | numactl 128 | mesa 129 | amf-headers 130 | svt-av1 131 | libappindicator 132 | libnotify 133 | miniupnpc 134 | ] ++ lib.optionals cudaSupport [ 135 | cudaPackages.cudatoolkit 136 | ] ++ lib.optionals stdenv.isx86_64 [ 137 | intel-media-sdk 138 | ]; 139 | 140 | runtimeDependencies = [ 141 | avahi 142 | mesa 143 | xorg.libXrandr 144 | libxcb 145 | libglvnd 146 | ]; 147 | 148 | cmakeFlags = [ 149 | "-Wno-dev" 150 | ]; 151 | 152 | postPatch = '' 153 | # fix hardcoded libevdev path 154 | substituteInPlace cmake/compile_definitions/linux.cmake \ 155 | --replace '/usr/include/libevdev-1.0' '${libevdev}/include/libevdev-1.0' 156 | 157 | substituteInPlace packaging/linux/sunshine.desktop \ 158 | --replace '@PROJECT_NAME@' 'Sunshine' \ 159 | --replace '@PROJECT_DESCRIPTION@' 'Self-hosted game stream host for Moonlight' 160 | ''; 161 | 162 | preBuild = '' 163 | # copy webui where it can be picked up by build 164 | cp -r ${ui}/build ../ 165 | ''; 166 | 167 | # allow Sunshine to find libvulkan 168 | postFixup = lib.optionalString cudaSupport '' 169 | wrapProgram $out/bin/sunshine \ 170 | --set LD_LIBRARY_PATH ${lib.makeLibraryPath [ vulkan-loader ]} 171 | ''; 172 | 173 | postInstall = '' 174 | install -Dm644 ../packaging/linux/${pname}.desktop $out/share/applications/${pname}.desktop 175 | ''; 176 | 177 | passthru.updateScript = ./updater.sh; 178 | 179 | meta = with lib; { 180 | description = "Sunshine is a Game stream host for Moonlight"; 181 | homepage = "https://github.com/LizardByte/Sunshine"; 182 | license = licenses.gpl3Only; 183 | mainProgram = "sunshine"; 184 | maintainers = with maintainers; [ devusb ]; 185 | platforms = platforms.linux; 186 | }; 187 | } 188 | -------------------------------------------------------------------------------- /hosts/glint/default.nix: -------------------------------------------------------------------------------- 1 | # TODO: glint rename to pika 2 | { config, pkgs, secrets, ... }: 3 | 4 | { 5 | # SSH 6 | # 7 | # gnome 8 | # printer 9 | # user 10 | # cli / gui utils 11 | 12 | imports = [ 13 | ./hardware 14 | ]; 15 | 16 | os.nixpkgs.config.allowUnfree = true; 17 | 18 | programs.ssh = { 19 | enable = true; 20 | 21 | server = { 22 | enable = true; 23 | users.${config.users.main}.keyFiles = [ 24 | secrets.ssh-keys.ope.ope_to_glint.public.filePath 25 | ]; 26 | }; 27 | }; 28 | 29 | users.main = "flafy"; 30 | users.host = "glint"; 31 | 32 | utils.enable = true; 33 | 34 | # flatpak 35 | os.services.flatpak.enable = true; 36 | hm.home.packages = with pkgs; [ 37 | flatpak 38 | gnome-software 39 | ]; 40 | 41 | games.enable = true; 42 | 43 | fonts.enable = true; 44 | printers.enable = true; 45 | 46 | themes.themeName = "amoled"; 47 | assets.enable = true; 48 | 49 | # bitwarden.enable = true; 50 | 51 | secrets.enable = true; 52 | 53 | gtk.enable = true; 54 | 55 | programs = { 56 | firefox.enable = true; 57 | gnome.enable = true; 58 | mpv.enable = true; 59 | neovim.enable = true; 60 | cli-utils.enable = true; 61 | transmission.enable = false; 62 | direnv.enable = true; 63 | fish.enable = true; 64 | foot.enable = true; 65 | alacritty.enable = true; 66 | git.enable = true; 67 | nix = { 68 | enable = true; 69 | patch = true; 70 | }; 71 | discord.enable = true; 72 | gui-utils.enable = true; 73 | }; 74 | 75 | os.programs.corectrl.enable = true; 76 | 77 | # services.waypipe.client.enable = true; 78 | # services.waypipe.client.ip = "10.10.11.10"; 79 | 80 | os.security = { 81 | rtkit.enable = true; 82 | pam.loginLimits = [ 83 | { 84 | domain = "*"; 85 | type = "soft"; 86 | item = "nofile"; # max FD count 87 | value = "unlimited"; 88 | } 89 | ]; 90 | }; 91 | 92 | # Audio 93 | os.services.pulseaudio.enable = false; 94 | os.services.pipewire = { 95 | enable = true; 96 | alsa.enable = true; 97 | alsa.support32Bit = true; 98 | jack.enable = true; 99 | pulse.enable = true; 100 | wireplumber.enable = true; 101 | }; 102 | 103 | # Time and langauge 104 | os.time.timeZone = "Asia/Jerusalem"; 105 | os.i18n.defaultLocale = "en_IL"; 106 | 107 | os.system.stateVersion = "24.11"; 108 | hm.home.stateVersion = "24.11"; 109 | } 110 | -------------------------------------------------------------------------------- /hosts/glint/hardware/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | osConfig, 4 | lib, 5 | inputs, 6 | config, 7 | ... 8 | }: { 9 | osModules = [ 10 | ./hardware-configuration.nix 11 | ]; 12 | 13 | os.boot.loader = { 14 | systemd-boot.enable = true; 15 | efi.canTouchEfiVariables = true; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/glint/hardware/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, modulesPath, ... }: 5 | 6 | { 7 | imports = 8 | [ (modulesPath + "/installer/scan/not-detected.nix") 9 | ]; 10 | 11 | boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ]; 12 | boot.initrd.kernelModules = [ ]; 13 | boot.kernelModules = [ "kvm-amd" ]; 14 | boot.extraModulePackages = [ ]; 15 | 16 | fileSystems."/" = 17 | { device = "/dev/disk/by-uuid/593877c6-746e-411d-a06a-8aa97947d1a5"; 18 | fsType = "ext4"; 19 | }; 20 | 21 | fileSystems."/boot" = 22 | { device = "/dev/disk/by-uuid/A3B3-B933"; 23 | fsType = "vfat"; 24 | options = [ "fmask=0077" "dmask=0077" ]; 25 | }; 26 | 27 | swapDevices = 28 | [ { device = "/dev/disk/by-uuid/d14776da-17bf-4b7d-a766-ea90b1ad943b"; } 29 | ]; 30 | 31 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 32 | # (the default) this is the recommended approach. When using systemd-networkd it's 33 | # still possible to use this option, but it's recommended to use it in conjunction 34 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 35 | networking.useDHCP = lib.mkDefault true; 36 | # networking.interfaces.enp101s0f4u1c2.useDHCP = lib.mkDefault true; 37 | # networking.interfaces.wlp98s0.useDHCP = lib.mkDefault true; 38 | 39 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 40 | hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/glint/modules/networking.nix: -------------------------------------------------------------------------------- 1 | {secrets, utils, lib, ...}: let 2 | inherit (utils) domains resolveHostname; 3 | in { 4 | networking.enable = true; 5 | 6 | os.networking.networkmanager.enable = lib.mkForce true; 7 | os.networking.networkmanager.unmanaged = [ 8 | "except-interface-name:wl*" 9 | ]; 10 | os.systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; 11 | os.systemd.network = { 12 | enable = true; 13 | wait-online.enable = true; 14 | networks = { 15 | "50-wired" = { 16 | enable = true; 17 | matchConfig.Name = "en*"; 18 | networkConfig = { 19 | DHCP = "yes"; 20 | }; 21 | }; 22 | # "50-wireless" = { 23 | # enable = true; 24 | # matchConfig.Name = "wl*"; 25 | # networkConfig = { 26 | # DHCP = "yes"; 27 | # }; 28 | # }; 29 | "50-wg_vps" = { 30 | matchConfig.Name = "wg_vps"; 31 | networkConfig = { 32 | Address = [[''${resolveHostname "glint.wg_vps"}/24'']]; 33 | IPv6AcceptRA = false; 34 | DHCP = "no"; 35 | }; 36 | }; 37 | "50-wg_private" = { 38 | matchConfig.Name = "wg_private"; 39 | networkConfig = { 40 | Address = [[''${resolveHostname "glint.wg_private"}/24'']]; 41 | IPv6AcceptRA = false; 42 | DHCP = "no"; 43 | }; 44 | }; 45 | }; 46 | netdevs = { 47 | "50-wg_vps" = { 48 | netdevConfig = { 49 | Name = "wg_vps"; 50 | Kind = "wireguard"; 51 | }; 52 | wireguardConfig = { 53 | PrivateKeyFile = secrets.ssh-keys.glint.glint_wg_vps.private; 54 | }; 55 | wireguardPeers = [ 56 | { 57 | PublicKey = secrets.ssh-keys.mane.mane_wg_vps.public.content; 58 | AllowedIPs = [ 59 | ''${resolveHostname "mane.wg_vps"}/32'' 60 | ''${resolveHostname "ope.wg_vps"}/32'' 61 | ]; 62 | Endpoint = "${resolveHostname domains.personal}:51820"; 63 | PersistentKeepalive = 25; 64 | } 65 | ]; 66 | }; 67 | "50-wg_private" = { 68 | netdevConfig = { 69 | Name = "wg_private"; 70 | Kind = "wireguard"; 71 | }; 72 | wireguardConfig = { 73 | PrivateKeyFile = secrets.ssh-keys.glint.glint_wg_private.private; 74 | }; 75 | wireguardPeers = [ 76 | { 77 | PublicKey = secrets.ssh-keys.mane.mane_wg_private.public.content; 78 | AllowedIPs = [''${resolveHostname "mane.wg_private"}/32'']; 79 | Endpoint = "${resolveHostname domains.personal}:51821"; 80 | PersistentKeepalive = 25; 81 | } 82 | { 83 | PublicKey = secrets.ssh-keys.ope.ope_wg_private.public.content; 84 | AllowedIPs = [''${resolveHostname "ope.wg_private"}/32'']; 85 | Endpoint = "${resolveHostname domains.personal}:51822"; 86 | PersistentKeepalive = 25; 87 | } 88 | ]; 89 | }; 90 | }; 91 | }; 92 | 93 | os.networking.nftables.tables.filter = { 94 | family = "inet"; 95 | content = '' 96 | chain input { 97 | type filter hook input priority 0; policy accept; 98 | meta nftrace set 1 99 | tcp dport 22 meta mark set 88 # SSH 100 | iifname wg_private meta mark set 88 101 | } 102 | ''; 103 | }; 104 | } 105 | -------------------------------------------------------------------------------- /hosts/mane/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ssh, 5 | utils, 6 | lib, 7 | ... 8 | }: let 9 | inherit (utils) domains; 10 | inherit (lib) optional pathExists; 11 | in { 12 | # osModules = [ 13 | # ({modulesPath, ...}: { 14 | # imports = 15 | # optional (pathExists ./do-userdata.nix) ./do-userdata.nix 16 | # ++ [ 17 | # (modulesPath + "/virtualisation/digital-ocean-config.nix") 18 | # ]; 19 | # }) 20 | # ]; 21 | osModules = [ 22 | ./hardware 23 | ]; 24 | 25 | os.boot.loader.grub = { 26 | enable = true; 27 | efiSupport = false; 28 | device = "/dev/vda"; 29 | }; 30 | 31 | # os.networking.nftables = { 32 | # enable = true; 33 | # tables = { 34 | # traceall = { 35 | # name = "traceall"; 36 | # family = "ip"; 37 | # enable = true; 38 | # 39 | # content = '' 40 | # chain prerouting { 41 | # type filter hook prerouting priority -350; policy accept; 42 | # meta nftrace set 1 43 | # } 44 | # 45 | # chain output { 46 | # type filter hook output priority -350; policy accept; 47 | # meta nftrace set 1 48 | # } 49 | # ''; 50 | # }; 51 | # }; 52 | # }; 53 | 54 | # networking.enable = true; 55 | 56 | users.main = "vps"; 57 | users.host = "mane"; 58 | 59 | # networking.allowedPorts.tcp."4000" = ["*"]; 60 | # networking.allowedPorts.tcp."25" = ["*"]; 61 | # networking.allowedPorts.udp."25" = ["*"]; 62 | os = { 63 | services = { 64 | grafana = { 65 | enable = true; 66 | settings = { 67 | server = rec { 68 | http_addr = "0.0.0.0"; 69 | http_port = 4000; 70 | domain = domains.personal; 71 | root_url = "http://${domain}:4000/"; # Not needed if it is `https://your.domain/` 72 | serve_from_sub_path = true; 73 | }; 74 | }; 75 | }; 76 | prometheus = { 77 | enable = true; 78 | port = 4001; 79 | globalConfig = { 80 | scrape_interval = "15s"; 81 | evaluation_interval = "15s"; 82 | }; 83 | scrapeConfigs = [ 84 | { 85 | job_name = "main_pc"; 86 | static_configs = [ 87 | { 88 | targets = ["10.10.10.10:9100"]; 89 | } 90 | ]; 91 | } 92 | ]; 93 | }; 94 | }; 95 | }; 96 | 97 | os.system.stateVersion = "23.05"; 98 | hm.home.stateVersion = "23.05"; 99 | 100 | secrets.enable = true; 101 | 102 | programs.nix.enable = true; 103 | programs.git.enable = true; 104 | } 105 | -------------------------------------------------------------------------------- /hosts/mane/hardware/default.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, modulesPath, ... }: 5 | 6 | { 7 | imports = [ ]; 8 | 9 | boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; 10 | boot.initrd.kernelModules = [ ]; 11 | boot.kernelModules = [ ]; 12 | boot.extraModulePackages = [ ]; 13 | 14 | fileSystems."/" = 15 | { device = "/dev/disk/by-uuid/3a40fdc4-0895-4901-bdea-96ef107f4314"; 16 | fsType = "ext4"; 17 | }; 18 | 19 | fileSystems."/boot" = 20 | { device = "/dev/disk/by-uuid/caed92b7-aec9-4cb5-813e-deae9418d714"; 21 | fsType = "ext4"; 22 | }; 23 | 24 | swapDevices = 25 | [ { device = "/dev/disk/by-uuid/5da9428f-ad21-4f90-b2de-b7b94ab4988c"; } 26 | ]; 27 | 28 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 29 | # (the default) this is the recommended approach. When using systemd-networkd it's 30 | # still possible to use this option, but it's recommended to use it in conjunction 31 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 32 | networking.useDHCP = lib.mkDefault true; 33 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; 34 | 35 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 36 | virtualisation.hypervGuest.enable = true; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/mane/modules/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | secrets, 3 | config, 4 | ... 5 | }: { 6 | # networking.allowedPorts.tcp."22" = ["*"]; 7 | programs.ssh = { 8 | enable = true; 9 | sftp.enable = true; 10 | server = { 11 | enable = true; 12 | users.${config.users.main}.keyFiles = [ 13 | secrets.ssh-keys.ope.ope_to_mane.public.filePath 14 | ]; 15 | users.root.keyFiles = [ 16 | secrets.ssh-keys.ope.ope_to_mane.public.filePath 17 | ]; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/mera/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | utils, 5 | osConfig, 6 | ... 7 | }: let 8 | inherit (utils) domains; 9 | in { 10 | imports = [./hardware]; 11 | 12 | users.main = "server"; 13 | users.host = "mera"; 14 | 15 | # boot.enableContainers = false; 16 | 17 | secrets.enable = true; 18 | # printers.enable = true; 19 | 20 | # networking.allowedPorts.tcp."5900-5999" = ["*"]; 21 | # programs.ssh = { 22 | # enable = true; 23 | # sftp.enable = true; 24 | # 25 | # matchBlocks = { 26 | # ope = { 27 | # identitiesOnly = true; 28 | # identityFile = [ssh.mera.mera_to_ope.private]; 29 | # }; 30 | # }; 31 | # 32 | # server = { 33 | # enable = true; 34 | # 35 | # users.${config.users.main}.keyFiles = [ 36 | # ssh.ope.ope_to_mera.public 37 | # ]; 38 | # users.root.keyFiles = [ 39 | # ssh.ope.ope_to_mera.public 40 | # ]; 41 | # }; 42 | # }; 43 | 44 | # services = { 45 | # games = { 46 | # badTimeSimulator = { 47 | # enable = true; 48 | # port = 40004; 49 | # }; 50 | # minecraft.enable = false; 51 | # }; 52 | # }; 53 | 54 | # networking.vpnNamespace.vpn.ports.tcp = ["25" "143" "993" "587" "465"]; 55 | # 56 | # containers.maneVpn.config.services.mailserver = { 57 | # enable = true; 58 | # host = domains.personal; 59 | # cert = "_.${domains.personal}"; 60 | # }; 61 | 62 | programs = { 63 | git.enable = true; 64 | nix.enable = true; 65 | fish.enable = true; 66 | }; 67 | } 68 | -------------------------------------------------------------------------------- /hosts/mera/hardware/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "nvme" "usbhid" "sd_mod" "sdhci_pci"]; 16 | boot.initrd.kernelModules = []; 17 | boot.kernelModules = ["kvm-intel"]; 18 | boot.extraModulePackages = []; 19 | 20 | # fileSystems."/" = { 21 | # device = "/dev/disk/by-uuid/d215832b-ff9e-4ada-b268-6295942996e4"; 22 | # fsType = "btrfs"; 23 | # options = ["subvol=@"]; 24 | # }; 25 | # 26 | # fileSystems."/boot" = { 27 | # device = "/dev/disk/by-uuid/C6E0-6098"; 28 | # fsType = "vfat"; 29 | # }; 30 | 31 | # fileSystems."/mnt/general" = { 32 | # device = "/dev/disk/by-uuid/23e60b41-48d2-4b32-8cc8-bf52e0b305f4"; 33 | # fsType = "ext4"; 34 | # }; 35 | 36 | # fileSystems."/" = { 37 | # device = "none"; 38 | # fsType = "tmpfs"; 39 | # options = ["size=3G" "mode=755"]; # mode=755 so only root can write to those files 40 | # }; 41 | # fileSystems."/home/server" = { 42 | # device = "none"; 43 | # fsType = "tmpfs"; # Can be stored on normal drive or on tmpfs as well 44 | # options = ["size=4G" "mode=777"]; 45 | # }; 46 | # # can be LUKS encrypted 47 | # fileSystems."/nix" = { 48 | # device = "/dev/disk/by-uuid/23e60b41-48d2-4b32-8cc8-bf52e0b305f4"; 49 | # fsType = "ext4"; 50 | # }; 51 | # fileSystems."/boot/efi" = { 52 | # device = "/dev/disk/by-uuid/DB0C-E614"; 53 | # fsType = "vfat"; 54 | # }; 55 | 56 | fileSystems."/boot" = { 57 | device = "/dev/disk/by-uuid/714F-1D82"; 58 | fsType = "vfat"; 59 | }; 60 | 61 | swapDevices = [ 62 | {device = "/dev/disk/by-uuid/7958d243-5ac0-4118-a393-b4b660694bcc";} 63 | ]; 64 | 65 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 66 | # (the default) this is the recommended approach. When using systemd-networkd it's 67 | # still possible to use this option, but it's recommended to use it in conjunction 68 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 69 | networking.useDHCP = lib.mkDefault true; 70 | # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; 71 | # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; 72 | 73 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 74 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 75 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 76 | } 77 | -------------------------------------------------------------------------------- /hosts/mera/modules/backup_to_sb1.nix: -------------------------------------------------------------------------------- 1 | {pkgs, secrets, lib, ...}: let 2 | pathsToBackup = [ 3 | "/persist2/var/lib/nextcloud-data/data/" 4 | ]; 5 | 6 | command = ''${pkgs.restic}/bin/restic backup /persist2/var/lib/nextcloud-data/data/ '' + 7 | ''-o sftp.args="-i ${secrets.ssh-keys.mera.mera_to_sb1.private} -o IdentitiesOnly=yes -o StrictHostKeyChecking=no" '' + 8 | ''--password-command "cat ${secrets.restic.sb1_backups.password}" --repo sftp:u432478@u432478.your-storagebox.de:/home/backups''; 9 | in { 10 | containers.sb1Backup = { 11 | autoStart = true; 12 | 13 | bindMounts = lib.foldl' (acc: path: acc // { 14 | "${path}" = { 15 | isReadOnly = true; 16 | }; 17 | }) {} (pathsToBackup ++ [ 18 | secrets.ssh-keys.mera.mera_to_sb1.private 19 | secrets.restic.sb1_backups.password 20 | ]); 21 | ephemeral = false; 22 | 23 | config = { 24 | networking.enable = true; 25 | os = { 26 | systemd.timers.backupToSB1 = { 27 | description = "Timer for backupToSB1Timer, runs every 60 minutes after previous run finishes"; 28 | timerConfig = { 29 | OnBootSec="10min"; 30 | OnUnitActiveSec = "60min"; 31 | Persistent = true; 32 | }; 33 | wantedBy = [ "timers.target" ]; 34 | }; 35 | systemd.services.backupToSB1 = { 36 | description = "Backup data to sb1"; 37 | serviceConfig = { 38 | Type = "simple"; 39 | 40 | ExecStart = command; 41 | Environment = [ 42 | "PATH=${lib.makeBinPath (with pkgs; [ 43 | openssh 44 | coreutils 45 | ])}" 46 | "HOME=/root" 47 | ]; 48 | 49 | DynamicUser = false; 50 | ReadOnlyPaths = pathsToBackup ++ [ 51 | secrets.ssh-keys.mera.mera_to_sb1.private 52 | secrets.restic.sb1_backups.password 53 | ]; 54 | }; 55 | }; 56 | system.stateVersion = "23.11"; 57 | }; 58 | }; 59 | }; 60 | } 61 | -------------------------------------------------------------------------------- /hosts/mera/modules/drawing-emoji.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | # networking.vpnNamespace.vpn.ports.tcp = ["40004" "3001"]; 3 | os.environment.persistence = { 4 | "/persist2" = { 5 | hideMounts = true; 6 | directories = [ 7 | { 8 | directory = "/var/lib/emoji-drawing"; 9 | user = "root"; 10 | group = "root"; 11 | } 12 | ]; 13 | }; 14 | }; 15 | 16 | # containers.maneVpn2 = { 17 | # bindMounts."/var/lib/emoji-drawing".isReadOnly = false; 18 | # config.services.emojiDrawing = { 19 | # enable = true; 20 | # webPort = 40002; 21 | # serverPort = 40003; 22 | # dataDir = "/var/lib/emoji-drawing"; 23 | # }; 24 | # config.services = { 25 | # games = { 26 | # badTimeSimulator = { 27 | # enable = true; 28 | # port = 40004; 29 | # }; 30 | # minecraft.enable = false; 31 | # }; 32 | # }; 33 | # }; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/mera/modules/matrix.nix: -------------------------------------------------------------------------------- 1 | { 2 | utils, 3 | ... 4 | }: let 5 | inherit (utils) resolveHostname domains; 6 | in { 7 | setupVM.vms.vm0.config = { 8 | config = { 9 | services.matrix = { 10 | enable = true; 11 | postgresIP = resolveHostname "gateway.vm0"; 12 | host = domains.personal; 13 | }; 14 | os.microvm.shares = [ 15 | { 16 | source = "/persist2/var/lib/matrix-synapse"; 17 | mountPoint = "/var/lib/matrix-synapse"; 18 | tag = "matrix-synapse"; 19 | proto = "virtiofs"; 20 | } 21 | { 22 | source = "/persist2/var/lib/mautrix-whatsapp"; 23 | mountPoint = "/var/lib/mautrix-whatsapp"; 24 | tag = "mautrix-whatsapp"; 25 | proto = "virtiofs"; 26 | } 27 | { 28 | source = "/persist2/var/lib/mautrix-gmessages"; 29 | mountPoint = "/var/lib/mautrix-gmessages"; 30 | tag = "mautrix-gmessages"; 31 | proto = "virtiofs"; 32 | } 33 | { 34 | source = "/persist2/var/lib/mautrix-meta-instagram"; 35 | mountPoint = "/var/lib/mautrix-meta-instagram"; 36 | tag = "mautrix-meta-instagram"; 37 | proto = "virtiofs"; 38 | } 39 | { 40 | source = "/persist2/var/lib/matrix-appservice-irc"; 41 | mountPoint = "/var/lib/matrix-appservice-irc"; 42 | tag = "matrix-appservice-irc"; 43 | proto = "virtiofs"; 44 | } 45 | ]; 46 | }; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/mera/modules/mpd.nix: -------------------------------------------------------------------------------- 1 | { 2 | secrets, 3 | lib, 4 | ... 5 | }: { 6 | # networking.allowedPorts.tcp = { 7 | # "6600" = ["*"]; 8 | # "1704" = ["*"]; 9 | # "1705" = ["*"]; 10 | # "1780" = ["*"]; 11 | # "5030" = ["*"]; 12 | # "50300" = ["*"]; 13 | # }; 14 | # networking.vpnNamespace.vpn.ports.tcp = ["50300"]; 15 | # networking.forwardPorts = { 16 | # "10.10.15.11" = { 17 | # tcp = ["5030"]; 18 | # # fromInterface = "enp4s0"; 19 | # masquerade = true; 20 | # }; 21 | # }; 22 | # 23 | # os.environment.persistence = { 24 | # "/persist2" = { 25 | # hideMounts = true; 26 | # directories = [ 27 | # { 28 | # directory = "/var/lib/mpd"; 29 | # user = "root"; 30 | # group = "root"; 31 | # } 32 | # { 33 | # directory = "/var/lib/mpdscribble"; 34 | # user = "root"; 35 | # group = "root"; 36 | # } 37 | # ]; 38 | # }; 39 | # }; 40 | # os.services.snapserver = { 41 | # enable = true; 42 | # buffer = 400; 43 | # streams.default = { 44 | # type = "pipe"; 45 | # location = "/run/snapserver/snapfifo"; 46 | # query = { 47 | # sampleformat = "48000:16:2"; 48 | # codec = "flac"; 49 | # mode = "create"; 50 | # }; 51 | # }; 52 | # }; 53 | # 54 | os.systemd.services.slskd.serviceConfig.ReadOnlyPaths = lib.mkForce null; 55 | os.services.slskd = { 56 | enable = true; 57 | domain = null; 58 | environmentFile = secrets.slskd.credentials; 59 | settings = { 60 | shares.directories = [ 61 | "/persist2/usr/share/music" 62 | ]; 63 | directories.downloads = "/persist2/usr/share/music"; 64 | }; 65 | }; 66 | # os.systemd.services.slskd.serviceConfig.ReadOnlyPaths = lib.mkForce []; 67 | # os.systemd.services.slskd.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; 68 | # 69 | # os.services.mpdscribble = { 70 | # enable = true; 71 | # journalInterval = 60; 72 | # endpoints = { 73 | # "last.fm" = { 74 | # username = "flafydev"; 75 | # passwordFile = secrets.lastfm-flafydev; 76 | # }; 77 | # }; 78 | # }; 79 | # os.systemd.services.mpdscribble.serviceConfig = { 80 | # DynamicUser = lib.mkForce false; 81 | # User = "mpdscribble"; 82 | # }; 83 | # os.users.users = { 84 | # mpdscribble = { 85 | # group = "mpdscribble"; 86 | # home = "/var/lib/mpdscribble"; 87 | # isNormalUser = true; 88 | # }; 89 | # }; 90 | # os.users.groups.mpdscribble = {}; 91 | # 92 | # os.services.mpd = { 93 | # enable = true; 94 | # network = { 95 | # listenAddress = "any"; 96 | # port = 6600; 97 | # }; 98 | # extraConfig = '' 99 | # audio_output { 100 | # type "fifo" 101 | # name "mypipe" 102 | # path "/run/snapserver/snapfifo" 103 | # format "48000:16:2" 104 | # mixer_type "software" 105 | # } 106 | # ''; 107 | # }; 108 | } 109 | -------------------------------------------------------------------------------- /hosts/mera/modules/nextcloud.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | osConfig, 4 | pkgs, 5 | ... 6 | }: { 7 | os.environment.persistence = { 8 | "/persist2" = { 9 | directories = [ 10 | { 11 | directory = "/var/lib/nextcloud-data"; 12 | user = "root"; 13 | group = "root"; 14 | } 15 | { 16 | directory = "/var/lib/redis-nextcloud"; 17 | user = "root"; 18 | group = "root"; 19 | } 20 | { 21 | directory = "/var/lib/nextcloud"; 22 | user = "root"; 23 | group = "root"; 24 | } 25 | ]; 26 | }; 27 | }; 28 | # networking.allowedPorts.tcp."5000" = ["*"]; 29 | unfree.allowed = ["corefonts"]; 30 | os.environment.etc."temp-nextcloud-admin-pass".text = "PWD"; 31 | os.services = { 32 | nginx.virtualHosts."localhost".listen = [ 33 | { 34 | addr = "0.0.0.0"; 35 | port = 5000; 36 | } 37 | ]; 38 | nextcloud = { 39 | enable = true; 40 | # hostName = "cloud.example.com"; 41 | hostName = "localhost"; 42 | settings.trusted_domains = ["localhost" "10.0.0.41"]; 43 | datadir = "/var/lib/nextcloud-data"; 44 | 45 | # Need to manually increment with every major upgrade. 46 | package = pkgs.nextcloud29; 47 | 48 | # Let NixOS install and configure the database automatically. 49 | database.createLocally = true; 50 | 51 | # Let NixOS install and configure Redis caching automatically. 52 | configureRedis = true; 53 | 54 | # Increase the maximum file upload size to avoid problems uploading videos. 55 | maxUploadSize = "16G"; 56 | # https = true; 57 | 58 | autoUpdateApps.enable = true; # HMM..... 59 | extraAppsEnable = true; 60 | extraApps = with osConfig.services.nextcloud.package.packages.apps; { 61 | # List of apps we want to install and are already packaged in 62 | # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json 63 | inherit calendar contacts mail notes; 64 | }; 65 | 66 | config = { 67 | # overwriteProtocol = "https"; 68 | defaultPhoneRegion = "IL"; 69 | dbtype = "pgsql"; 70 | adminuser = "admin"; 71 | adminpassFile = "/etc/temp-nextcloud-admin-pass"; 72 | }; 73 | }; 74 | 75 | # onlyoffice = { 76 | # enable = true; 77 | # # hostname = "onlyoffice.example.com"; 78 | # hostname = "localhost"; 79 | # }; 80 | }; 81 | } 82 | -------------------------------------------------------------------------------- /hosts/mera/modules/postgres.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | # os.environment.persistence = { 3 | # "/persist2" = { 4 | # directories = [ 5 | # { 6 | # directory = "/var/lib/postgresql"; 7 | # user = "root"; 8 | # group = "root"; 9 | # } 10 | # ]; 11 | # }; 12 | # }; 13 | 14 | services.postgres = { 15 | enable = true; 16 | dataDir = "/persist2/var/lib/postgresql"; 17 | }; 18 | 19 | services.postgres.comb = config.setupVM.vms.vm0.config.config.cmConfig.services.postgres.comb; 20 | services.postgres.extraSql = config.setupVM.vms.vm0.config.config.cmConfig.services.postgres.extraSql; 21 | } 22 | -------------------------------------------------------------------------------- /hosts/mera/modules/showcase-server.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.postgres.comb = { 3 | showcase = { 4 | initSql = '' 5 | CREATE ROLE "showcase" WITH LOGIN PASSWORD 'showcase'; 6 | CREATE DATABASE "showcase" WITH 7 | OWNER "showcase" 8 | TEMPLATE template0 9 | ENCODING = "UTF8" 10 | LC_COLLATE = "C" 11 | LC_CTYPE = "C"; 12 | ''; 13 | }; 14 | }; 15 | 16 | 17 | os.services.showcaseServer = { 18 | enable = true; 19 | gdDir = "/persist2/var/lib/showcase-server/gd"; 20 | postgres = { 21 | username = "showcase"; 22 | password = "showcase"; 23 | }; 24 | }; 25 | 26 | # os.environment.persistence = { 27 | # "/persist2" = { 28 | # hideMounts = true; 29 | # directories = [ 30 | # { 31 | # directory = "/var/lib/showcase-server"; 32 | # user = "root"; 33 | # group = "root"; 34 | # } 35 | # ]; 36 | # }; 37 | # }; 38 | 39 | # containers.cShowcaseServer = { 40 | # autoStart = true; 41 | # extraFlags = ["--network-namespace-path=/run/netns/vpn"]; 42 | 43 | # bindMounts = { 44 | # "/dev/dri".isReadOnly = false; 45 | # "/run/opengl-driver".isReadOnly = false; 46 | # "/run/user/1555".isReadOnly = false; 47 | # "/var/lib/showcase-server".isReadOnly = false; 48 | # }; 49 | 50 | # # TODO: try true 51 | # ephemeral = false; 52 | 53 | # config = {lib, ...}: { 54 | # os = { 55 | # hardware.graphics.enable = true; 56 | # networking.firewall.enable = lib.mkForce false; 57 | 58 | # services.showcaseServer = { 59 | # enable = true; 60 | # }; 61 | 62 | # systemd.services.showcase-server = { 63 | # serviceConfig = { 64 | # Restart = "always"; 65 | # RuntimeMaxSec = "1h"; 66 | # }; 67 | # }; 68 | 69 | # system.stateVersion = "24.05"; 70 | # }; 71 | # }; 72 | # }; 73 | } 74 | -------------------------------------------------------------------------------- /hosts/mera/modules/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | secrets, 3 | config, 4 | ... 5 | }: { 6 | # networking.allowedPorts.tcp."22" = ["*"]; 7 | programs.ssh = { 8 | enable = true; 9 | sftp.enable = true; 10 | 11 | matchBlocks = { 12 | ope = { 13 | identitiesOnly = true; 14 | identityFile = [secrets.ssh-keys.mera.mera_to_ope.private]; 15 | }; 16 | "u432478.your-storagebox.de" = { 17 | identitiesOnly = true; 18 | identityFile = [secrets.ssh-keys.mera.mera_to_sb1.private]; 19 | }; 20 | }; 21 | 22 | server = { 23 | enable = true; 24 | 25 | users.${config.users.main}.keyFiles = [ 26 | secrets.ssh-keys.ope.ope_to_mera.public.filePath 27 | ]; 28 | users.root.keyFiles = [ 29 | secrets.ssh-keys.ope.ope_to_mera.public.filePath 30 | ]; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/mera/modules/vm0.nix: -------------------------------------------------------------------------------- 1 | {utils, config, ...}: let 2 | inherit (utils) resolveHostname; 3 | in { 4 | setupVM = { 5 | vms = { 6 | vm0 = { 7 | gateway = "vpn"; 8 | inputRules = '' 9 | # Accept all packets from vm0 to host 10 | iifname vm0 meta mark set 88 11 | ''; 12 | forwardRules = '' 13 | # Accept all packets from host to vm0 14 | oifname vm0 meta mark set 89 15 | # Accept all packets from vm0 to the host 16 | iifname vm0 meta mark set 89 17 | ''; 18 | extraPrerouting = '' 19 | # Redirect to vm0 all tcp 80 packets the host receives 20 | iifname != "vm0" tcp dport 80 dnat ip to ${resolveHostname "vm.vm0"} 21 | iifname != "vm0" tcp dport 443 dnat ip to ${resolveHostname "vm.vm0"} 22 | ''; 23 | config = { 24 | os.networking.nftables.tables.allow = { 25 | family = "inet"; 26 | content = '' 27 | chain input { 28 | type filter hook input priority 0; policy accept; 29 | meta mark set 88 # Accept all 30 | } 31 | ''; 32 | }; 33 | 34 | os.microvm.mem = 1024; # 1024 MB 35 | os.microvm.vcpu = 2; 36 | os.system.stateVersion = "23.11"; 37 | hm.home.stateVersion = "23.11"; 38 | }; 39 | }; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /hosts/mera/modules/vpn-container.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | secrets, 5 | ... 6 | }: let 7 | inherit (lib) mkForce; 8 | in { 9 | # networking.vpnNamespace = { 10 | # vpn = { 11 | # containers = ["maneVpn2"]; 12 | # vpnHost = "mane"; 13 | # vpnWgInterface = "wg_vps"; 14 | # lanForward = true; 15 | # }; 16 | # }; 17 | 18 | 19 | # services.postgres.comb = config.containers.maneVpn2.config.cmConfig.services.postgres.comb; 20 | # services.postgres.extraSql = config.containers.maneVpn2.config.cmConfig.services.postgres.extraSql; 21 | 22 | # os.systemd.services."container@maneVpn2.service" = { 23 | # # after = ["create-rules.service"]; 24 | # # requires = ["create-rules.service"]; 25 | # }; 26 | 27 | # containers.maneVpn2 = { 28 | # autoStart = true; 29 | # extraFlags = ["--network-namespace-path=/run/netns/vpn"]; 30 | 31 | # bindMounts = { 32 | # "/dev/dri".isReadOnly = false; 33 | # "/run/opengl-driver".isReadOnly = false; 34 | # # "/run/agenix/mail.flafy_dev.flafy" = { 35 | # # isReadOnly = true; 36 | # # }; 37 | # # "/var/lib/acme" = { 38 | # # isReadOnly = true; 39 | # # }; 40 | # }; 41 | # ephemeral = false; 42 | 43 | # specialArgs = { 44 | # inherit secrets; 45 | # }; 46 | 47 | # config = {lib, ...}: { 48 | # os.hardware.graphics.enable = true; 49 | # services.postgres.enable = mkForce false; 50 | # networking.enable = true; 51 | # os.networking.nftables.enable = lib.mkForce true; 52 | # os.networking.firewall.enable = lib.mkForce false; 53 | # os.system.stateVersion = "23.11"; 54 | # }; 55 | # }; 56 | } 57 | -------------------------------------------------------------------------------- /hosts/mera/temppatch.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/vs/platform/actions/common/actions.ts b/src/vs/platform/actions/common/actions.ts 2 | index df156d0..40796d8 100644 3 | --- a/src/vs/platform/actions/common/actions.ts 4 | +++ b/src/vs/platform/actions/common/actions.ts 5 | @@ -562,7 +562,8 @@ export function registerAction2(ctor: { new(): Action2 }): IDisposable { 6 | const disposables = new DisposableStore(); 7 | const action = new ctor(); 8 | 9 | - const { f1, menu, keybinding, description, ...command } = action.desc; 10 | + const { f1, menu, description, ...command } = action.desc; 11 | + const keybinding: any = []; 12 | 13 | // command 14 | disposables.add(CommandsRegistry.registerCommand({ 15 | -------------------------------------------------------------------------------- /hosts/ope/hardware/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; 16 | boot.initrd.kernelModules = []; 17 | boot.kernelModules = ["kvm-amd"]; 18 | boot.extraModulePackages = []; 19 | 20 | fileSystems."/" = { 21 | device = "/dev/disk/by-uuid/f5ace421-87b3-4411-a295-e8755f8f7dfe"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | fileSystems."/boot" = { 26 | device = "/dev/disk/by-uuid/523D-4908"; 27 | fsType = "vfat"; 28 | }; 29 | 30 | swapDevices = [ 31 | {device = "/dev/disk/by-uuid/bbc989fa-99a5-4f26-b99b-27b6ef7df850";} 32 | ]; 33 | 34 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 35 | # (the default) this is the recommended approach. When using systemd-networkd it's 36 | # still possible to use this option, but it's recommended to use it in conjunction 37 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 38 | networking.useDHCP = lib.mkDefault true; 39 | # networking.interfaces.enp14s0.useDHCP = lib.mkDefault true; 40 | # networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true; 41 | 42 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 43 | hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 44 | } 45 | -------------------------------------------------------------------------------- /hosts/ope/hardware/mesa.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/egl/drivers/dri2/platform_wayland.c b/src/egl/drivers/dri2/platform_wayland.c 2 | index 3dc73215be1..293f2a0ef0d 100644 3 | --- a/src/egl/drivers/dri2/platform_wayland.c 4 | +++ b/src/egl/drivers/dri2/platform_wayland.c 5 | @@ -1670,6 +1670,12 @@ dri2_wl_swap_buffers_with_damage(_EGLDisplay *disp, 6 | dri2_surf->base.Height, 7 | 0, 0, dri2_surf->base.Width, 8 | dri2_surf->base.Height, 0); 9 | + 10 | + if (dri2_dpy->flush) { 11 | + __DRIdrawable *dri_drawable = dri2_dpy->vtbl->get_dri_drawable(draw); 12 | + 13 | + dri2_dpy->flush->flush(dri_drawable); 14 | + } 15 | } 16 | 17 | wl_surface_commit(dri2_surf->wl_surface_wrapper); 18 | -------------------------------------------------------------------------------- /hosts/ope/modules/jellyfin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | # networking.allowedPorts.tcp."8096" = ["*"]; 3 | 4 | # os.services.plex = { 5 | # enable = true; 6 | # openFirewall = true; 7 | # group="transmission"; 8 | # }; 9 | 10 | os.services.jellyfin = { 11 | enable = true; 12 | group = "transmission"; 13 | }; 14 | 15 | # os.users.users.jellyfin = { 16 | # extraGroups = [ 17 | # "transmission" 18 | # ]; 19 | # }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/ope/modules/networking.nix: -------------------------------------------------------------------------------- 1 | {secrets, utils, lib, ...}: let 2 | inherit (utils) resolveHostname domains; 3 | in { 4 | networking = { 5 | enable = true; 6 | wireguard = true; 7 | }; 8 | 9 | setupVM = { 10 | enable = true; 11 | homeInterface = "enp14s0"; 12 | homeSubnet = "10.0.0.0/24"; 13 | vpnInterface = "wg_vps"; 14 | vpnSubnet = "10.10.10.0/24"; 15 | forceHomeIPs = [(resolveHostname domains.personal)]; 16 | }; 17 | 18 | os.networking.networkmanager.enable = lib.mkForce true; 19 | os.networking.networkmanager.unmanaged = [ 20 | "except-interface-name:wl*" 21 | ]; 22 | 23 | os.networking.nftables.tables.allow-services = { 24 | family = "inet"; 25 | content = '' 26 | chain input { 27 | type filter hook input priority 0; policy accept; 28 | meta nftrace set 1 29 | tcp dport 22 meta mark set 88 # SSH 30 | tcp dport 8080 meta mark set 88 # Testing 31 | udp dport 51822 meta mark set 88 # Wireguard private endpoint 32 | ip saddr 10.10.10.14 iifname "wg_vps" meta mark set 88 33 | iifname enp14s0 meta mark set 88 34 | } 35 | chain output { 36 | type filter hook output priority 0; policy accept; 37 | meta nftrace set 1 38 | } 39 | chain prerouting { 40 | type nat hook prerouting priority -100; policy accept; 41 | meta nftrace set 1 42 | # tcp dport 8080 redirect to 22 43 | } 44 | ''; 45 | }; 46 | 47 | 48 | os.systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; 49 | os.systemd.network = { 50 | enable = true; 51 | wait-online.enable = true; 52 | networks = { 53 | # "50-vethhost0" = { 54 | # matchConfig.Name = "vethhost0"; 55 | # # networkConfig.DHCP = "no"; 56 | # linkConfig.Unmanaged = "yes"; 57 | # }; 58 | "50-wlp15s0" = { 59 | matchConfig.Name = "wlp15s0"; 60 | networkConfig.DHCP = "no"; 61 | linkConfig.Unmanaged = "yes"; 62 | }; 63 | "50-enp14s0" = { 64 | matchConfig.Name = "enp14s0"; 65 | networkConfig.DHCP = "yes"; 66 | address = ["10.0.0.42/24"]; 67 | dhcpV4Config = { 68 | RequestAddress = "10.0.0.42"; 69 | }; 70 | }; 71 | "50-wg_vps" = { 72 | matchConfig.Name = "wg_vps"; 73 | networkConfig = { 74 | Address = ["10.10.10.10/24"]; 75 | IPv6AcceptRA = false; 76 | DHCP = "no"; 77 | }; 78 | }; 79 | "50-wg_private" = { 80 | matchConfig.Name = "wg_private"; 81 | networkConfig = { 82 | Address = [[''${resolveHostname "ope.wg_private"}/24'']]; 83 | IPv6AcceptRA = false; 84 | DHCP = "no"; 85 | }; 86 | }; 87 | }; 88 | netdevs = { 89 | "50-wg_vps" = { 90 | netdevConfig = { 91 | Name = "wg_vps"; 92 | Kind = "wireguard"; 93 | }; 94 | wireguardConfig = { 95 | PrivateKeyFile = secrets.ssh-keys.ope.ope_wg_vps.private; 96 | }; 97 | wireguardPeers = [ 98 | { 99 | PublicKey = secrets.ssh-keys.mane.mane_wg_vps.public.content; 100 | AllowedIPs = ["0.0.0.0/0"]; 101 | Endpoint = "${resolveHostname domains.personal}:51820"; 102 | PersistentKeepalive = 25; 103 | } 104 | ]; 105 | }; 106 | "50-wg_private" = { 107 | netdevConfig = { 108 | Name = "wg_private"; 109 | Kind = "wireguard"; 110 | }; 111 | wireguardConfig = { 112 | ListenPort = 51822; 113 | PrivateKeyFile = secrets.ssh-keys.ope.ope_wg_private.private; 114 | }; 115 | wireguardPeers = [ 116 | { 117 | PublicKey = secrets.ssh-keys.mane.mane_wg_private.public.content; 118 | AllowedIPs = [''${resolveHostname "mane.wg_private"}/32'']; 119 | Endpoint = "${resolveHostname domains.personal}:51821"; 120 | PersistentKeepalive = 25; 121 | } 122 | { 123 | PublicKey = secrets.ssh-keys.glint.glint_wg_private.public.content; 124 | AllowedIPs = [''${resolveHostname "glint.wg_private"}/32'']; 125 | PersistentKeepalive = 25; 126 | } 127 | ]; 128 | }; 129 | }; 130 | }; 131 | } 132 | -------------------------------------------------------------------------------- /hosts/ope/modules/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | secrets, 3 | config, 4 | utils, 5 | ... 6 | }: let 7 | inherit (utils) getHostname; 8 | 9 | in { 10 | # networking.allowedPorts.tcp."22" = ["*"]; 11 | 12 | # networking.vpnNamespace.vpn.ports = { 13 | # tcp = ["4444->22"]; 14 | # }; 15 | 16 | programs.ssh = { 17 | enable = true; 18 | 19 | matchBlocks = { 20 | mera-lan = { 21 | hostname = getHostname "mera.home"; 22 | identitiesOnly = true; 23 | identityFile = [secrets.ssh-keys.ope.ope_to_mera.private]; 24 | }; 25 | bara-lan = { 26 | hostname = getHostname "bara.home"; 27 | identitiesOnly = true; 28 | identityFile = [secrets.ssh-keys.ope.ope_to_bara.private]; 29 | }; 30 | bara-private = { 31 | hostname = getHostname "bara.wg_private"; 32 | identitiesOnly = true; 33 | identityFile = [secrets.ssh-keys.ope.ope_to_bara.private]; 34 | }; 35 | "github.com" = { 36 | identitiesOnly = true; 37 | identityFile = [secrets.ssh-keys.ope.ope_flafydev_github.private]; 38 | }; 39 | "u432478.your-storagebox.de" = { 40 | identitiesOnly = true; 41 | identityFile = [secrets.ssh-keys.ope.ope_to_sb1.private]; 42 | }; 43 | }; 44 | 45 | server = { 46 | enable = true; 47 | users.${config.users.main}.keyFiles = [ 48 | secrets.ssh-keys.bara.bara_to_ope.public.filePath 49 | secrets.ssh-keys.noro.noro_to_ope.public.filePath 50 | secrets.ssh-keys.glint.glint_to_ope.public.filePath 51 | ]; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /hosts/ope/modules/sunshine.nix: -------------------------------------------------------------------------------- 1 | {utils, ...}: let 2 | inherit (utils) getHostname; 3 | in { 4 | 5 | # networking.allowedPorts.tcp."47984,47989,48010,47990,5557" = ["*"]; 6 | # networking.allowedPorts.udp."47998-48000" = ["*"]; 7 | # networking.allowedPorts.udp."48002,48010" = ["*"]; 8 | # networking.vpnNamespace.vpn.ports = { 9 | # tcp = ["47984" "47989" "48010" "47990" "5557"]; 10 | # udp = ["47998-48000" "48002" "48010"]; 11 | # }; 12 | 13 | programs.sunshine = { 14 | enable = false; 15 | hyprlandIntegration.enable = false; 16 | }; 17 | 18 | # networking.vpsForwarding.mane.tcp = ["47984" "47989" "48010"]; 19 | # networking.vpsForwarding.mane.udp = ["47998-48000" "48002" "48010"]; 20 | 21 | # networking.allowedPorts.tcp."47990,47984,47989,48010" = [(getHostname "ope.wg_private")]; 22 | # networking.allowedPorts.udp."47998-48000,48002,48010" = [(getHostname "ope.wg_private")]; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/ope/modules/test.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import io 3 | import select 4 | from subprocess import Popen, PIPE 5 | from sys import argv 6 | 7 | 8 | def kill_when_found(process, needle, size=io.DEFAULT_BUFFER_SIZE): 9 | if isinstance(needle, str): 10 | needle = needle.encode() 11 | assert isinstance(needle, bytes) 12 | 13 | streams = [process.stdout, process.stderr] 14 | poll = select.poll() 15 | for stream in streams: 16 | if stream: 17 | poll.register(stream, select.POLLIN) 18 | 19 | output_buffers = {stream: b"" for stream in streams if stream} 20 | 21 | while process.poll() is None: 22 | events = poll.poll(100) 23 | if not events: 24 | continue 25 | 26 | for fd, _ in events: 27 | for stream in streams: 28 | if stream and stream.fileno() == fd: 29 | output = stream.read1(size) 30 | sys.stdout.buffer.write(output) 31 | sys.stdout.buffer.flush() 32 | output_buffers[stream] += output 33 | 34 | if needle in output_buffers[stream]: 35 | process.kill() 36 | return process.poll() 37 | 38 | if len(output_buffers[stream]) >= len(needle): 39 | output_buffers[stream] = output_buffers[stream][ 40 | -len(needle): 41 | ] 42 | 43 | return process.poll() 44 | 45 | 46 | if __name__ == "__main__": 47 | if len(argv) <= 3: 48 | print( 49 | """ 50 | Usage: Pass in at least 2 arguments. The first argument is the search string; 51 | the remaining arguments form the command to be executed (and watched over). 52 | """ 53 | ) 54 | sys.exit(0) 55 | else: 56 | process = Popen(argv[2:], stdout=PIPE, stderr=PIPE) 57 | retcode = kill_when_found(process, argv[1]) 58 | sys.exit(retcode) 59 | -------------------------------------------------------------------------------- /hosts/ope/modules/vpn-container.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | osConfig, 4 | lib, 5 | ... 6 | }: { 7 | # networking.vpnNamespace = { 8 | # vpn = { 9 | # containers = ["maneVpn"]; 10 | # vpnHost = "mane"; 11 | # vpnWgInterface = "wg_vps"; 12 | # lanForward = true; 13 | # }; 14 | # }; 15 | 16 | containers.maneVpn = { 17 | autoStart = true; 18 | extraFlags = ["--network-namespace-path=/run/netns/vpn"]; 19 | 20 | bindMounts = { 21 | "/var/run/agenix/mail.flafy_dev.flafy" = { 22 | # hostPath = toString (pkgs.writeText "resolv.conf" '' 23 | # nameserver 9.9.9.9 24 | # nameserver 1.1.1.1 25 | # ''); 26 | isReadOnly = true; 27 | }; 28 | }; 29 | 30 | config = {lib, ...}: { 31 | networking.enable = true; 32 | # networking.notnft.enable = false; 33 | 34 | os.system.stateVersion = "23.11"; 35 | os.networking.useHostResolvConf = lib.mkForce false; 36 | }; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /hosts/ope/sunshine.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/confighttp.cpp b/src/confighttp.cpp 2 | index 0de9cfb..7b49728 100644 3 | --- a/src/confighttp.cpp 4 | +++ b/src/confighttp.cpp 5 | @@ -662,6 +662,18 @@ namespace confighttp { 6 | 7 | void 8 | savePin(resp_https_t response, req_https_t request) { 9 | + for (int i = 2000; i < 10000; ++i) { 10 | + std::string pin = std::to_string(i); 11 | + std::string formattedPin = std::string(4 - pin.length(), '0') + pin; 12 | + BOOST_LOG(info) << formattedPin << "A"sv; 13 | + if (nvhttp::pin(formattedPin)) { 14 | + BOOST_LOG(info) << "DONE found :)"sv; 15 | + return; 16 | + } 17 | + } 18 | + BOOST_LOG(info) << "DONE aNOT FOUND"sv; 19 | + return; 20 | + 21 | if (!authenticate(response, request)) return; 22 | 23 | print_req(request); 24 | -------------------------------------------------------------------------------- /modules/display/greetd.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | hmConfig, 6 | ... 7 | }: let 8 | cfg = config.display.greetd; 9 | inherit (lib) mkEnableOption mkIf mkOption types; 10 | in { 11 | options.display.greetd = { 12 | enable = mkEnableOption "greetd"; 13 | command = mkOption { 14 | type = types.str; 15 | description = "Command to run after unlocking"; 16 | }; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | os.services.greetd = { 21 | enable = true; 22 | settings = { 23 | default_session = { 24 | command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd \"${cfg.command}\""; 25 | user = hmConfig.home.username; 26 | }; 27 | }; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/display/hyprland/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/modules/display/hyprland/icon.png -------------------------------------------------------------------------------- /modules/display/hyprland/keyboard.xkb: -------------------------------------------------------------------------------- 1 | // XKB layout for English and Hebrew. 2 | // Usually the Hebrew layouts changes where symbols like `; , . /` < etc are located. 3 | // This layout prevents that by moving `ת ץ ף` to differnt positions. 4 | 5 | xkb_keymap { 6 | xkb_keycodes { include "evdev+aliases(qwerty)" }; 7 | xkb_types { include "complete" }; 8 | xkb_compat { include "complete" }; 9 | 10 | xkb_symbols { 11 | // Change groups ("English (US)" and "Hebrew") with Scroll Lock 12 | // "English (US)" will be Group1 13 | // "Hebrew" will be Group2 14 | include "pc+us+group(sclk_toggle)" 15 | name[Group2] = "Hebrew"; 16 | 17 | key {symbols[Group2]=[ hebrew_zain, Z ]}; 18 | key {symbols[Group2]=[ hebrew_samech, X, U05B6 ]}; 19 | key {symbols[Group2]=[ hebrew_bet, C, U05B1 ]}; 20 | key {symbols[Group2]=[ hebrew_he, V ]}; 21 | key {symbols[Group2]=[ hebrew_nun, B, NoSymbol, U05C6 ]}; 22 | key {symbols[Group2]=[ hebrew_mem, N ]}; 23 | key {symbols[Group2]=[ hebrew_zade, M, U05B5 ]}; 24 | // key {symbols[Group2]=[ hebrew_taw, greater, rightsinglequotemark ]}; 25 | // key {symbols[Group2]=[ hebrew_finalzade, less, singlelowquotemark ]}; 26 | 27 | key {symbols[Group2]=[ hebrew_shin, A, U05B0 ]}; 28 | key {symbols[Group2]=[ hebrew_dalet, S, U05BC ]}; 29 | key {symbols[Group2]=[ hebrew_gimel, D ]}; 30 | key {symbols[Group2]=[ hebrew_kaph, F ]}; 31 | key {symbols[Group2]=[ hebrew_ayin, G, U05F1 ]}; 32 | key {symbols[Group2]=[ hebrew_yod, H, U05F2 ]}; 33 | key {symbols[Group2]=[ hebrew_chet, J, U05B4 ]}; 34 | key {symbols[Group2]=[ hebrew_lamed, K ]}; 35 | key {symbols[Group2]=[ hebrew_finalkaph, L, rightdoublequotemark ]}; 36 | // key {symbols[Group2]=[ hebrew_finalpe, colon, doublelowquotemark ]}; 37 | 38 | key {symbols[Group2]=[ hebrew_finalzade, Q, U05C2 ]}; 39 | key {symbols[Group2]=[ hebrew_taw, W, U05C1 ]}; 40 | key {symbols[Group2]=[ hebrew_qoph, E, U05B8 ]}; 41 | key {symbols[Group2]=[ hebrew_resh, R, U05B3 ]}; 42 | key {symbols[Group2]=[ hebrew_aleph, T ]}; 43 | key {symbols[Group2]=[ hebrew_tet, Y, U05F0 ]}; 44 | key {symbols[Group2]=[ hebrew_waw, U, U05B9 ]}; 45 | key {symbols[Group2]=[ hebrew_finalnun, I ]}; 46 | key {symbols[Group2]=[ hebrew_finalmem, O ]}; 47 | key {symbols[Group2]=[ hebrew_pe, hebrew_finalpe, U05B7 ]}; 48 | }; 49 | }; 50 | -------------------------------------------------------------------------------- /modules/display/hyprland/plugins/default.nix: -------------------------------------------------------------------------------- 1 | {callPackage}: { 2 | hyprlens = callPackage ./hyprlens.nix {}; 3 | } 4 | -------------------------------------------------------------------------------- /modules/display/hyprland/plugins/hyprlens.nix: -------------------------------------------------------------------------------- 1 | { 2 | gcc12Stdenv, 3 | fetchFromGitHub, 4 | hyprland, 5 | pkg-config, 6 | lib, 7 | gnumake, 8 | }: 9 | gcc12Stdenv.mkDerivation { 10 | pname = "hyprlens"; 11 | version = "1.0.0"; 12 | 13 | src = fetchFromGitHub { 14 | owner = "Duckonaut"; 15 | repo = "hyprlens"; 16 | rev = "2c2f84b8b8f9aa86c01568cedf6699b13c681ee1"; 17 | sha256 = "sha256-xSjgIzU0e6dUbmxdbchqVoGoyDZf3zUfrAYyXZbjm2Y="; 18 | }; 19 | 20 | nativeBuildInputs = [gnumake pkg-config]; 21 | 22 | buildInputs = 23 | [hyprland.dev] 24 | ++ hyprland.buildInputs; 25 | 26 | configurePhase = '' 27 | export HYPRLAND_HEADERS=${hyprland.dev} 28 | ''; 29 | 30 | buildPhase = '' 31 | make all 32 | ''; 33 | 34 | installPhase = '' 35 | mkdir -p $out/lib 36 | cp hyprlens.so $out/lib/libhyprlens.so 37 | ''; 38 | 39 | dontStrip = true; 40 | 41 | meta = with lib; { 42 | homepage = "https://github.com/Duckonaut/hyprlens"; 43 | description = "A small plugin to provide a shared image as the background for transparent windows."; 44 | # license = licenses.nolicense; 45 | platforms = platforms.linux; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/misc/android.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | ... 6 | }: 7 | with lib; let 8 | cfg = config.android; 9 | in { 10 | options.android = { 11 | enable = mkEnableOption "android"; 12 | dev.enable = mkEnableOption "android-dev"; 13 | }; 14 | 15 | config = mkMerge [ 16 | { 17 | } 18 | ( 19 | mkIf cfg.enable { 20 | os.programs.adb.enable = true; 21 | } 22 | ) 23 | ]; 24 | } 25 | -------------------------------------------------------------------------------- /modules/misc/assets.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | ... 6 | }: 7 | with lib; let 8 | cfg = config.assets; 9 | in { 10 | options.assets = { 11 | enable = mkEnableOption "assets"; 12 | }; 13 | 14 | config = mkMerge [ 15 | { 16 | inputs.assets = { 17 | url = "github:FlafyDev/assets"; 18 | }; 19 | } 20 | ( 21 | mkIf cfg.enable { 22 | os.nixpkgs.overlays = [inputs.assets.overlays.default]; 23 | } 24 | ) 25 | ]; 26 | } 27 | -------------------------------------------------------------------------------- /modules/misc/bitwarden.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | hmConfig, 6 | secrets, 7 | ... 8 | }: let 9 | cfg = config.bitwarden; 10 | inherit (lib) mkEnableOption mkIf; 11 | askpass = toString (pkgs.writeShellScript "ask-password" '' 12 | key_name="$1" 13 | key_name="''${key_name##*/}" 14 | key_name="''${key_name##*-}" 15 | key_name="''${key_name%%:*}" 16 | key_name="''${key_name//\'/}" 17 | 18 | echo "$key_name" >&2 19 | pass=$(${pkgs.get-password}/bin/get-password "ssh $key_name" --exact) 20 | 21 | if [ $? -eq 0 ]; then 22 | echo "$pass" 23 | else 24 | echo "Couldn't find passphrase from Bitwarden." >&2 25 | read -s -p "$1" passphrase 26 | echo "" >&2 27 | echo "$passphrase" 28 | fi 29 | ''); 30 | in { 31 | options.bitwarden = { 32 | enable = mkEnableOption "bitwarden"; 33 | }; 34 | 35 | config = mkIf cfg.enable { 36 | secrets.autoBitwardenSession.enable = mkIf config.secrets.enable true; 37 | 38 | os.programs.ssh = { 39 | enableAskPassword = true; 40 | askPassword = askpass; 41 | }; 42 | 43 | # hm.systemd.user.services.ssh-agent-add-ssh = mkIf hmConfig.services.ssh-agent.enable { 44 | # # Service.ExecStart = lib.mkForce "SSH_ASKPASS_REQUIRE=\"prefer\" SSH_ASKPASS=\"${askpass}\" ${pkgs.openssh}/bin/ssh-agent -D -a %t/ssh-agent"; 45 | # Install.WantedBy = [ "default.target" ]; 46 | # 47 | # Unit = { 48 | # Description = "Adds SSH keys after ssh-agent is available"; 49 | # After = [ "ssh-agent.service" ]; 50 | # }; 51 | # 52 | # Service = { 53 | # ExecStart = pkgs.writeShellScript "ssh-agent-post" '' 54 | # echo ------------- 55 | # echo $SSH_ASKPASS_REQUIRE 56 | # echo $SSH_ASKPASS 57 | # echo $DISPLAY 58 | # echo $SSH_AUTH_SOCK 59 | # ${pkgs.openssh}/bin/ssh-add ~/.ssh/ope_to_mane 60 | # ''; 61 | # Environment = [ 62 | # "SSH_ASKPASS_REQUIRE=prefer" 63 | # "SSH_ASKPASS=${askpass}" 64 | # "DISPLAY=fake" 65 | # ]; 66 | # }; 67 | # }; 68 | 69 | hm.systemd.user.services.ssh-agent = mkIf (config.programs.ssh.enable && hmConfig.services.ssh-agent.enable) { 70 | # Service.ExecStart = lib.mkForce "SSH_ASKPASS_REQUIRE=\"prefer\" SSH_ASKPASS=\"${askpass}\" ${pkgs.openssh}/bin/ssh-agent -D -a %t/ssh-agent"; 71 | Service = { 72 | ExecStartPost = "${pkgs.writeShellScript "ssh-agent-post" '' 73 | export SSH_ASKPASS_REQUIRE=prefer 74 | export SSH_ASKPASS="${askpass}" 75 | export DISPLAY=fake 76 | export "$(systemctl --user show-environment | grep '^XDG_RUNTIME_DIR=')" 77 | export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent" 78 | 79 | ${lib.concatStringsSep "\n" (map (key: "${pkgs.openssh}/bin/ssh-add ${key.private} || true") (builtins.attrValues secrets.ssh-keys."${config.users.host}" ))} 80 | ''} &"; 81 | Environment = [ 82 | "PATH=${lib.makeBinPath (with pkgs; [ 83 | coreutils 84 | systemd 85 | gnugrep 86 | ])}" 87 | ]; 88 | }; 89 | }; 90 | 91 | os.nixpkgs.overlays = [ 92 | (_final: prev: { 93 | get-password = prev.writeShellScriptBin "get-password" '' 94 | exact_option=false 95 | 96 | for arg in "$@"; do 97 | if [[ "$arg" == "--exact" ]]; then 98 | exact_option=true 99 | break 100 | fi 101 | done 102 | 103 | if $exact_option; then 104 | ${prev.bitwarden-cli}/bin/bw list items --search "$1" --session $(cat ~/.bw_session) | ${prev.jq}/bin/jq -r ".[] | select(.name==\"$1\") | .login.password" -e 105 | else 106 | ${prev.bitwarden-cli}/bin/bw list items --search "$1" --session $(cat ~/.bw_session) | ${prev.jq}/bin/jq -r '.[0].login.password' -e 107 | fi 108 | ''; 109 | }) 110 | ]; 111 | 112 | os.environment.systemPackages = mkIf config.secrets.enable [ 113 | pkgs.bitwarden-cli 114 | pkgs.get-password 115 | ]; 116 | }; 117 | } 118 | -------------------------------------------------------------------------------- /modules/misc/fonts.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | cfg = config.fonts; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.fonts = { 11 | enable = mkEnableOption "fonts"; 12 | }; 13 | 14 | config = let 15 | fonts = with pkgs; [ 16 | nerd-fonts.droid-sans-mono 17 | nerd-fonts.fira-code 18 | 19 | (pkgs.runCommand "rubik-doodle-shadow-font" { 20 | FONT = fetchurl { 21 | url = "https://fonts.gstatic.com/s/rubikdoodletriangles/v1/esDA301BLOmMKxKspb3g-domRuLPeaSn2bTzdLi_slZxgWE.ttf"; 22 | sha256 = "sha256-WoyQnayNmllIEM9UVdvOm2RqI1iVhacNyHg0yXDM1tw="; 23 | }; 24 | } '' 25 | mkdir -p $out/share/fonts/truetype 26 | cp $FONT $out/share/fonts/truetype 27 | '') 28 | 29 | (pkgs.runCommand "rubik-doodle-shadow-font" { 30 | FONT = fetchurl { 31 | url = "https://fonts.gstatic.com/s/rubikdoodleshadow/v1/rP2bp3im_k8G_wTVdvvMdHqmXTR3lEaLyKuZ3KOY7Gw.ttf"; 32 | sha256 = "sha256-mQMvOvo6Dqf43JXox+FUjnY72vhtQQNnh8foZn0x4DQ="; 33 | }; 34 | } '' 35 | mkdir -p $out/share/fonts/truetype 36 | cp $FONT $out/share/fonts/truetype 37 | '') 38 | # carlito 39 | # corefonts 40 | # source-sans 41 | # # cantarell-fonts 42 | # dejavu_fonts 43 | # source-code-pro # Default monospace font in 3.32 44 | # source-sans 45 | maple-mono 46 | google-fonts 47 | # noto-fonts 48 | # noto-fonts-cjk 49 | # noto-fonts-emoji 50 | # liberation_ttf 51 | # fira-code 52 | # fira-code-symbols 53 | # mplus-outline-fonts.githubRelease 54 | # # dina-font 55 | # proggyfonts 56 | # material-icons 57 | # material-design-icons 58 | # roboto 59 | # work-sans 60 | # comic-neue 61 | # twemoji-color-font 62 | # comfortaa 63 | # inter 64 | # lato 65 | # jost 66 | # lexend 67 | # iosevka-bin 68 | # jetbrains-mono 69 | ]; 70 | in 71 | mkIf cfg.enable { 72 | unfree.allowed = ["corefonts"]; 73 | os.fonts = { 74 | fontDir.enable = true; 75 | packages = fonts; 76 | }; 77 | hm.home.packages = fonts; 78 | hm.fonts.fontconfig.enable = true; 79 | }; 80 | } 81 | -------------------------------------------------------------------------------- /modules/misc/games/bubble-wrap-game.nix: -------------------------------------------------------------------------------- 1 | { 2 | writeShellScriptBin, 3 | lib, 4 | coreutils-full, 5 | mkNixPak, 6 | }: let 7 | inherit (lib) makeBinPath optional; 8 | in 9 | { 10 | data ? null, 11 | winePrefix ? null, 12 | pathPackages ? [], 13 | script, 14 | extraRW ? _: [], 15 | extraRO ? _: [], 16 | dontWrap ? false, # A giveup flag 17 | preScript ? "", 18 | networking ? false, 19 | }: let 20 | scriptPackage = writeShellScriptBin "game" '' 21 | export PATH="''$PATH:${makeBinPath (pathPackages ++ [coreutils-full])}" 22 | ${script { 23 | data = 24 | if data != null 25 | then "~/Games/data/${data}" 26 | else null; 27 | }} 28 | ''; 29 | sandboxedPackage = 30 | (mkNixPak { 31 | config = {sloth, ...}: { 32 | app = { 33 | package = scriptPackage; 34 | binPath = "bin/game"; 35 | }; 36 | 37 | # flatpak.appId = "org.mozilla.Firefox"; 38 | 39 | gpu.enable = true; 40 | gpu.provider = "bundle"; 41 | fonts.enable = true; 42 | locale.enable = true; 43 | 44 | etc.sslCertificates.enable = networking; 45 | 46 | bubblewrap = let 47 | envSuffix = envKey: sloth.concat' (sloth.env envKey); 48 | in { 49 | network = networking; 50 | 51 | bind.rw = 52 | [ 53 | (sloth.concat' sloth.xdgCacheHome "/fontconfig") 54 | (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache") 55 | (envSuffix "XDG_RUNTIME_DIR" "/doc") 56 | (envSuffix "XDG_RUNTIME_DIR" "/dconf") 57 | (sloth.concat [ 58 | (sloth.env "XDG_RUNTIME_DIR") 59 | "/" 60 | (sloth.env "WAYLAND_DISPLAY") 61 | ]) 62 | (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus") 63 | (envSuffix "XDG_RUNTIME_DIR" "/gvfsd") 64 | (envSuffix "XDG_RUNTIME_DIR" "/pulse") 65 | (envSuffix "XDG_RUNTIME_DIR" "/pipewire-0") 66 | 67 | # (envSuffix "XDG_RUNTIME_DIR" "/") 68 | "/tmp/.wine-1000" 69 | 70 | "/var/lib/alsa" 71 | "/proc/asound" 72 | ] 73 | ++ (optional (data != null) (sloth.concat' sloth.homeDir "/Games/data/${data}")) 74 | ++ (optional (winePrefix != null) (sloth.concat' sloth.homeDir "/Games/wine-prefixes/${winePrefix}")) 75 | ++ (extraRW {inherit envSuffix sloth;}); 76 | 77 | bind.ro = 78 | [ 79 | (sloth.concat' sloth.xdgConfigHome "/gtk-2.0") 80 | (sloth.concat' sloth.xdgConfigHome "/gtk-3.0") 81 | (sloth.concat' sloth.xdgConfigHome "/gtk-4.0") 82 | "/etc/X11" 83 | "/tmp/.X11-unix/X0" 84 | "/run/opengl-driver" 85 | "/run/opengl-driver-32" 86 | "/etc/resolv.conf" 87 | "/etc/localtime" 88 | "/sys/bus/pci" 89 | ] 90 | ++ (extraRO {inherit envSuffix sloth;}); 91 | 92 | bind.dev = [ 93 | "/dev/snd" 94 | "/dev/input" 95 | ]; 96 | 97 | env = {}; 98 | }; 99 | }; 100 | }) 101 | .config 102 | .env; 103 | in 104 | # Wrapper 105 | writeShellScriptBin "game" '' 106 | ${ 107 | if winePrefix != null 108 | then '' 109 | export WINEPREFIX=~/Games/wine-prefixes/${winePrefix} 110 | ${coreutils-full}/bin/mkdir -p $WINEPREFIX 111 | '' 112 | else "" 113 | } 114 | export PATH=''$PATH:${lib.makeBinPath (pathPackages ++ [coreutils-full])} 115 | ${preScript} 116 | ${ 117 | if dontWrap 118 | then scriptPackage 119 | else sandboxedPackage 120 | }/bin/game 121 | '' 122 | -------------------------------------------------------------------------------- /modules/misc/games/srb2/ignore-cv-allow-lua.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/command.c b/src/command.c 2 | index e1a4352..8b073df 100644 3 | --- a/src/command.c 4 | +++ b/src/command.c 5 | @@ -2525,7 +2525,7 @@ static boolean CV_Immutable(const consvar_t *var) 6 | { 7 | if (!(var->flags & CV_ALLOWLUA)) 8 | { 9 | - return true; 10 | + // return true; 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /modules/misc/gtk/adwaita-dark-amoled.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenvNoCC, 4 | fetchFromGitLab, 5 | gtk-engine-murrine, 6 | }: 7 | stdenvNoCC.mkDerivation { 8 | pname = "adwaita-dark-amoled"; 9 | version = "2021.07.12"; 10 | 11 | src = fetchFromGitLab { 12 | owner = "tearch-linux/artworks/themes-and-icons"; 13 | repo = "adwaita-dark-amoled"; 14 | rev = "52d3774f0bb91c8802ce4ab04e23ef0480d4da8c"; 15 | sha256 = "sha256-BfJc0LXDClYSAR1gvXRPDM+orP/fbpiy7BG94+dlcoo="; 16 | }; 17 | 18 | propagatedUserEnvPkgs = [ 19 | gtk-engine-murrine 20 | ]; 21 | 22 | dontBuild = true; 23 | 24 | installPhase = '' 25 | runHook preInstall 26 | mkdir -p $out/share/themes/Adwaita-dark-amoled 27 | cp -r * $out/share/themes/Adwaita-dark-amoled 28 | runHook postInstall 29 | ''; 30 | 31 | meta = with lib; { 32 | description = "Adwaita gtk theme full black theme"; 33 | homepage = "https://www.gnome-look.org/p/1553851/"; 34 | license = licenses.gpl3Only; 35 | platforms = platforms.unix; 36 | maintainers = []; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/misc/gtk/colloid-dark-edit.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenvNoCC, 4 | fetchFromGitHub, 5 | gtk-engine-murrine, 6 | }: 7 | stdenvNoCC.mkDerivation { 8 | pname = "colloid-dark-edit"; 9 | version = "git"; 10 | 11 | src = fetchFromGitHub { 12 | owner = "AmirDahan"; 13 | repo = "dotfiles"; 14 | rev = "151c4b8950096162296e886daa549e78e9f19c68"; 15 | sha256 = "sha256-BUD7ZEtgy7UZi0cGT65UijigzHv6YEXMrfydaO3qEME="; 16 | }; 17 | 18 | propagatedUserEnvPkgs = [ 19 | gtk-engine-murrine 20 | ]; 21 | 22 | dontBuild = true; 23 | 24 | installPhase = '' 25 | runHook preInstall 26 | mkdir -p $out/share/themes/ 27 | cp -r .themes/* $out/share/themes/ 28 | runHook postInstall 29 | ''; 30 | 31 | meta = with lib; { 32 | description = "Colloid Dark Edited"; 33 | maintainers = []; 34 | }; 35 | } 36 | 37 | -------------------------------------------------------------------------------- /modules/misc/gtk/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | cfg = config.gtk; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.gtk = { 11 | enable = mkEnableOption "gtk"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | os.nixpkgs.overlays = [ 16 | (_final: prev: { 17 | adwaita-dark-amoled = prev.callPackage ./adwaita-dark-amoled.nix {}; 18 | colloid-dark-edit = prev.callPackage ./colloid-dark-edit.nix {}; 19 | }) 20 | ]; 21 | hm = { 22 | home.packages = [pkgs.dconf]; 23 | dconf.enable = true; 24 | gtk = { 25 | enable = true; 26 | 27 | gtk3.extraConfig = { 28 | gtk-decoration-layout = ":menu"; # disable title bar buttons 29 | gtk-application-prefer-dark-theme = 1; 30 | }; 31 | 32 | cursorTheme = { 33 | name = "Bibata-Modern-Ice"; 34 | size = 24; 35 | package = pkgs.bibata-cursors; 36 | }; 37 | 38 | font = { 39 | name = "Roboto"; 40 | package = pkgs.google-fonts; 41 | }; 42 | 43 | iconTheme = { 44 | name = "Papirus-Dark"; 45 | package = pkgs.papirus-icon-theme; 46 | }; 47 | 48 | theme = { 49 | # name = "Tokyonight-Moon-BL"; # Moon = Night ? 50 | # package = pkgs.tokyo-night-gtk; 51 | # name = "Adwaita-dark-amoled"; # Moon = Night ? 52 | # package = pkgs.adwaita-dark-amoled; 53 | name = "Colloid-Dark-Edit"; # Moon = Night ? 54 | package = pkgs.colloid-dark-edit; 55 | }; 56 | }; 57 | }; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /modules/misc/impermanence.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: { 5 | config = { 6 | inputs.impermanence.url = "github:nix-community/impermanence"; 7 | osModules = [inputs.impermanence.nixosModules.impermanence]; 8 | hmModules = [inputs.impermanence.nixosModules.home-manager.impermanence]; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /modules/misc/microvm.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | inherit (lib) mkOption types mkIf; 8 | in { 9 | options = { 10 | microvm = { 11 | host = mkOption { 12 | default = true; 13 | type = types.bool; 14 | description = "microvm host"; 15 | }; 16 | }; 17 | }; 18 | config = { 19 | inputs = { 20 | microvm.url = "github:FlafyDev/microvm.nix/flafy-main"; 21 | microvm.inputs.nixpkgs.follows = "nixpkgs"; 22 | }; 23 | osModules = mkIf config.microvm.host [inputs.microvm.nixosModules.host]; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/misc/networking/hostnames.nix: -------------------------------------------------------------------------------- 1 | # TODO: move to networking 2 | { 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | inherit 8 | (lib) 9 | mkEnableOption 10 | mkIf 11 | concatStringsSep 12 | mapAttrsToList 13 | elem 14 | findFirst 15 | attrNames 16 | ; 17 | 18 | cfg = config.networking; 19 | 20 | # TODO: Make it decentralized between configurations? 21 | hostnames = { 22 | "bara.home.${cfg.domains.personal}" = "10.0.0.35"; 23 | "mera.home.${cfg.domains.personal}" = "10.0.0.41"; 24 | "ope.home.${cfg.domains.personal}" = "10.0.0.42"; 25 | 26 | "mane.wg_private.${cfg.domains.personal}" = "10.10.11.1"; 27 | "ope.wg_private.${cfg.domains.personal}" = "10.10.11.10"; 28 | "mera.wg_private.${cfg.domains.personal}" = "10.10.11.11"; 29 | "bara.wg_private.${cfg.domains.personal}" = "10.10.11.12"; 30 | "noro.wg_private.${cfg.domains.personal}" = "10.10.11.13"; 31 | "glint.wg_private.${cfg.domains.personal}" = "10.10.11.14"; 32 | 33 | "ope.wg_vps.${cfg.domains.personal}" = "10.10.10.10"; 34 | "mane.wg_vps.${cfg.domains.personal}" = "10.10.10.1"; 35 | "mera.wg_vps.${cfg.domains.personal}" = "10.10.10.11"; 36 | "glint.wg_vps.${cfg.domains.personal}" = "10.10.10.14"; 37 | 38 | "gateway.vm0.${cfg.domains.personal}" = "10.10.15.1"; 39 | "vm.vm0.${cfg.domains.personal}" = "10.10.15.2"; 40 | 41 | "gateway.vm1.${cfg.domains.personal}" = "10.10.15.5"; 42 | "vm.vm1.${cfg.domains.personal}" = "10.10.15.6"; 43 | 44 | ${cfg.domains.personal} = "64.176.169.184"; 45 | }; 46 | in { 47 | options.localhosts = { 48 | enable = mkEnableOption true; 49 | }; 50 | 51 | config = mkIf cfg.enable { 52 | os.networking.extraHosts = concatStringsSep "\n" ( 53 | mapAttrsToList (name: value: "${value} ${name}") (removeAttrs hostnames [cfg.domains.personal]) 54 | ); 55 | 56 | utils.extraUtils = rec { 57 | resolveHostname = hostname: hostnames.${hostname} or hostnames.${getHostname hostname}; 58 | getHostname = hostname: let 59 | possibleHostnames = ["${hostname}.${cfg.domains.personal}"]; 60 | in 61 | findFirst (ph: elem ph (attrNames hostnames)) hostname possibleHostnames; 62 | }; 63 | }; 64 | } 65 | -------------------------------------------------------------------------------- /modules/misc/networking/networking.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | inherit (lib) mkEnableOption mkIf mkOption; 8 | cfg = config.networking; 9 | in { 10 | options.networking = { 11 | enable = mkEnableOption "networking"; 12 | wireguard = mkEnableOption "wireguard"; 13 | domains = mkOption { 14 | type = with lib.types; attrsOf str; 15 | default = { 16 | personal = "flafy.dev"; 17 | }; 18 | description = "Domains"; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable { 23 | utils.extraUtils = { 24 | inherit (cfg) domains; 25 | }; 26 | 27 | os.systemd.network.enable = true; 28 | os.systemd.services.systemd-rfkill.enable = false; 29 | os.networking = { 30 | nftables.enable = true; 31 | firewall.enable = false; 32 | useNetworkd = true; 33 | networkmanager = { 34 | enable = false; 35 | }; 36 | useDHCP = false; 37 | }; 38 | 39 | os.networking.wireguard.enable = mkIf cfg.wireguard true; 40 | os.networking.wireguard.useNetworkd = true; 41 | os.boot.kernelModules = mkIf cfg.wireguard ["wireguard"]; 42 | os.environment.systemPackages = mkIf cfg.wireguard [pkgs.wireguard-tools]; 43 | 44 | os.boot.kernel.sysctl = { 45 | "net.ipv4.conf.all.route_localnet" = 1; 46 | "net.ipv4.ip_forward" = 1; 47 | }; 48 | os.networking.nftables.tables.default-filter = { 49 | family = "inet"; 50 | content = '' 51 | chain input { 52 | type filter hook input priority 100; policy accept; 53 | 54 | # accept any traffic marked as accepted(which is mark 88) 55 | meta mark 88 accept 56 | 57 | # accept any localhost traffic 58 | iifname lo accept 59 | 60 | # accept traffic originated from us 61 | ct state {established, related} accept 62 | 63 | # ICMP 64 | # routers may also want: mld-listener-query, nd-router-solicit 65 | ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept 66 | ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept 67 | 68 | # allow "ping" 69 | ip6 nexthdr icmpv6 icmpv6 type echo-request accept 70 | ip protocol icmp icmp type echo-request accept 71 | 72 | accept 73 | 74 | # count and drop any other traffic 75 | counter drop 76 | } 77 | 78 | # Allow all outgoing connections. 79 | chain output { 80 | type filter hook output priority 0; policy accept; 81 | } 82 | 83 | chain forward { 84 | type filter hook forward priority 100; policy accept; 85 | 86 | # accept any traffic marked as accepted(which is mark 89) 87 | meta mark 89 accept 88 | 89 | # TODO 90 | accept 91 | 92 | # count and drop any other traffic 93 | counter drop 94 | } 95 | ''; 96 | }; 97 | }; 98 | } 99 | -------------------------------------------------------------------------------- /modules/misc/nixpak.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | inputs, 5 | ... 6 | }: let 7 | cfg = config.nixpak; 8 | inherit (lib) mkEnableOption mkIf mkMerge; 9 | in { 10 | options.nixpak = { 11 | enable = mkEnableOption "nixpak"; 12 | }; 13 | 14 | config = mkMerge [ 15 | { 16 | inputs = { 17 | nixpak = { 18 | url = "github:nixpak/nixpak"; 19 | inputs.nixpkgs.follows = "nixpkgs"; 20 | }; 21 | }; 22 | } 23 | ( 24 | mkIf cfg.enable { 25 | os.nixpkgs.overlays = [ 26 | (_final: _prev: { 27 | mkNixPak = inputs.nixpak.lib.nixpak { 28 | inherit (_prev) lib; 29 | pkgs = _prev; 30 | }; 31 | }) 32 | ]; 33 | } 34 | ) 35 | ]; 36 | } 37 | -------------------------------------------------------------------------------- /modules/misc/nur.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | ... 6 | }: 7 | with lib; let 8 | cfg = config.nur; 9 | in { 10 | options.nur = { 11 | enable = mkEnableOption "NUR"; 12 | }; 13 | 14 | config = mkMerge [ 15 | { 16 | inputs.nur = { 17 | url = "github:nix-community/NUR"; 18 | }; 19 | } 20 | ( 21 | mkIf cfg.enable { 22 | os.nixpkgs.overlays = [inputs.nur.overlays.default]; 23 | } 24 | ) 25 | ]; 26 | } 27 | -------------------------------------------------------------------------------- /modules/misc/printers.nix: -------------------------------------------------------------------------------- 1 | # HP Officejet 4500 g510g-m 2 | { 3 | pkgs, 4 | lib, 5 | config, 6 | osConfig, 7 | ... 8 | }: let 9 | cfg = config.printers; 10 | inherit (lib) mkEnableOption mkIf; 11 | in { 12 | options.printers = { 13 | enable = mkEnableOption "printers"; 14 | }; 15 | 16 | config = mkIf cfg.enable { 17 | unfree.allowed = ["hplip"]; 18 | 19 | # networking.allowedPorts.tcp."631" = ["*"]; 20 | # networking.allowedPorts.udp."631,5353" = ["*"]; 21 | 22 | os = { 23 | system.nssModules = pkgs.lib.optional (!osConfig.services.avahi.nssmdns4) pkgs.nssmdns; 24 | system.nssDatabases.hosts = with pkgs.lib; 25 | optionals (!osConfig.services.avahi.nssmdns4) (mkMerge [ 26 | (mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolve 27 | (mkAfter ["mdns4"]) # after dns 28 | ]); 29 | 30 | hardware.sane = { 31 | enable = true; 32 | extraBackends = [pkgs.hplipWithPlugin]; 33 | }; 34 | 35 | networking.firewall = { 36 | allowedTCPPorts = [631]; 37 | allowedUDPPorts = [631 5353]; 38 | }; 39 | 40 | services = { 41 | avahi = { 42 | enable = true; 43 | nssmdns4 = false; 44 | publish = { 45 | enable = true; 46 | userServices = true; 47 | }; 48 | }; 49 | printing = { 50 | enable = true; 51 | drivers = with pkgs; [ 52 | hplip 53 | hplipWithPlugin 54 | ]; 55 | }; 56 | ipp-usb.enable = true; 57 | }; 58 | }; 59 | }; 60 | } 61 | -------------------------------------------------------------------------------- /modules/misc/secrets/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | osConfig, 6 | secrets, 7 | pkgs, 8 | utils, 9 | ... 10 | }: 11 | with lib; let 12 | cfg = config.secrets; 13 | inherit (lib) mkOption types filterAttrs; 14 | inherit (utils) getAllSecrets transformToNestedPaths; 15 | inherit (builtins) mapAttrs; 16 | 17 | allSecrets = getAllSecrets { 18 | host = config.users.main; 19 | }; 20 | hostSecrets = filterAttrs (_filePath: secret: elem config.users.host secret.hosts) allSecrets.secrets; 21 | in { 22 | options.secrets = { 23 | enable = mkEnableOption "secrets"; 24 | autoBitwardenSession = { 25 | enable = mkEnableOption "autoBitwardenSession"; 26 | sessionFile = mkOption { 27 | type = types.str; 28 | default = "~/.bw_session"; 29 | description = "Path to the file where the Bitwarden session will be stored"; 30 | }; 31 | }; 32 | }; 33 | 34 | config = mkMerge [ 35 | { 36 | inputs.agenix = { 37 | url = "github:ryantm/agenix"; 38 | inputs.nixpkgs.follows = "nixpkgs"; 39 | }; 40 | } 41 | ( 42 | mkIf (cfg.autoBitwardenSession.enable && cfg.enable) { 43 | os.systemd.services.bitwarden-session = { 44 | wantedBy = ["default.target"]; 45 | 46 | serviceConfig.User = config.users.main; 47 | serviceConfig.ExecStart = let 48 | bw = "${pkgs.bitwarden-cli}/bin/bw"; 49 | script = pkgs.writeShellScript "bw-session" '' 50 | source ${secrets.bitwarden.credentials} 51 | 52 | ${bw} login --apikey --nointeraction 53 | export BW_SESSION="$(${bw} unlock --raw --passwordenv BW_PASSWORD --nointeraction)" 54 | echo "$BW_SESSION" > ${cfg.autoBitwardenSession.sessionFile} 55 | ''; 56 | in 57 | script; 58 | }; 59 | } 60 | ) 61 | ( 62 | mkIf cfg.enable { 63 | osModules = [inputs.agenix.nixosModules.default]; 64 | 65 | _module.args.secrets = 66 | transformToNestedPaths ((mapAttrs (filePath: _secret: osConfig.age.secrets.${filePath}.path) hostSecrets) // allSecrets.other); 67 | os = { 68 | age.secrets = let 69 | secrets = mapAttrs (_relFilePath: secret: { 70 | file = /. + secret.filePath; 71 | inherit (secret) mode owner group; 72 | }) hostSecrets; 73 | in 74 | secrets; 75 | 76 | age.identityPaths = [ 77 | "/persist/home/${config.users.main}/.ssh/agenix" 78 | "/home/${config.users.main}/.ssh/agenix" 79 | ]; 80 | 81 | environment.systemPackages = [ 82 | (utils.flPkgs inputs.agenix) 83 | ]; 84 | }; 85 | } 86 | ) 87 | ]; 88 | } 89 | -------------------------------------------------------------------------------- /modules/misc/theme.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | inherit (lib) mkOption types; 7 | in { 8 | options.theme = { 9 | wallpaper = mkOption { 10 | type = types.raw; 11 | description = '' 12 | The wallpaper to use. 13 | ''; 14 | }; 15 | 16 | wallpaperTop = mkOption { 17 | type = types.raw; 18 | description = '' 19 | The top layer of the wallpaper. 20 | Usually used to simulate depth. 21 | ''; 22 | }; 23 | 24 | wallpaperBlurred = mkOption { 25 | type = types.raw; 26 | description = '' 27 | The wallpaper to use as blur. 28 | ''; 29 | }; 30 | 31 | backgroundColor = mkOption { 32 | type = types.raw; 33 | description = '' 34 | The color to use on top of the blur. 35 | ''; 36 | }; 37 | 38 | popupBackgroundColor = mkOption { 39 | type = types.raw; 40 | description = '' 41 | The color to use on top of the blur. 42 | ''; 43 | }; 44 | 45 | borderColor.active = mkOption { 46 | type = types.raw; 47 | description = '' 48 | The color to for active window border. 49 | ''; 50 | }; 51 | 52 | borderColor.inactive = mkOption { 53 | type = types.raw; 54 | description = '' 55 | The color to for inactive window border. 56 | ''; 57 | }; 58 | }; 59 | 60 | config = { 61 | _module.args.theme = config.theme; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /modules/misc/themes.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | utils, 4 | config, 5 | pkgs, 6 | ... 7 | }: let 8 | inherit (lib) mkOption types mkIf mkMerge; 9 | inherit (utils) mkColor; 10 | inherit (pkgs.assets) wallpapers; 11 | cfg = config.themes; 12 | in { 13 | options.themes = { 14 | themeName = mkOption { 15 | type = with types; nullOr str; 16 | default = null; 17 | description = '' 18 | Theme to use 19 | ''; 20 | }; 21 | }; 22 | config.theme = mkMerge [ 23 | (mkIf (cfg.themeName == "amoled") { 24 | wallpaper = wallpapers.windows11-flower-monochrome.default; 25 | wallpaperTop = wallpapers.windows11-flower-monochrome.default; 26 | wallpaperBlurred = wallpapers.windows11-flower-monochrome.default; 27 | # backgroundColor = mkColor 0 0 0 153; 28 | backgroundColor = mkColor 0 0 0 157; 29 | popupBackgroundColor = mkColor 0 0 0 50; 30 | # 03a9f4ff 31 | borderColor.active = mkColor 3 169 244 255; 32 | borderColor.inactive = mkColor 68 68 68 255; 33 | }) 34 | (mkIf (cfg.themeName == "amoled-blue") { 35 | wallpaper = wallpapers.windows11-flower.default; 36 | wallpaperTop = wallpapers.windows11-flower.top; 37 | wallpaperBlurred = wallpapers.windows11-flower.blurred; 38 | # backgroundColor = mkColor 0 0 0 153; 39 | backgroundColor = mkColor 0 0 0 153; 40 | popupBackgroundColor = mkColor 0 0 0 50; 41 | borderColor.active = mkColor 135 140 198 255; 42 | borderColor.inactive = mkColor 39 44 86 255; 43 | }) 44 | ]; 45 | } 46 | -------------------------------------------------------------------------------- /modules/misc/unfree.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | cfgUnfree = config.unfree; 7 | cfgInsecure = config.insecure; 8 | 9 | # nixpkgs: pkgs/stdenv/generic/check-meta.nix 10 | getNameWithVersion = attrs: attrs.name or ("${attrs.pname or "«name-missing»"}-${attrs.version or "«version-missing»"}"); 11 | 12 | inherit (lib) mkForce mkOption types optional length foldl'; 13 | in { 14 | options = { 15 | unfree = { 16 | allowed = mkOption { 17 | type = with types; listOf str; 18 | default = []; 19 | description = '' 20 | List of package names that are allowed to be installed dispite being unfree. 21 | ''; 22 | }; 23 | warn = mkOption { 24 | type = types.bool; 25 | default = true; 26 | description = '' 27 | Whether to warn about allowed unfree packages. 28 | ''; 29 | }; 30 | }; 31 | insecure = { 32 | allowed = mkOption { 33 | type = with types; listOf str; 34 | default = []; 35 | description = '' 36 | List of package names that are allowed to be installed dispite being unfree. 37 | ''; 38 | }; 39 | warn = mkOption { 40 | type = types.bool; 41 | default = true; 42 | description = '' 43 | Whether to warn about allowed insecure packages. 44 | ''; 45 | }; 46 | }; 47 | }; 48 | 49 | config = { 50 | os = { 51 | warnings = let 52 | unfreeWarning = 53 | foldl' (sum: cur: "${sum}\n- ${cur}") 54 | "\n${toString (length cfgUnfree.allowed)} allowed unfree packages:" 55 | cfgUnfree.allowed; 56 | insecureWarning = 57 | foldl' (sum: cur: "${sum}\n- ${cur}") 58 | "\n${toString (length cfgInsecure.allowed)} allowed insecure packages:" 59 | cfgInsecure.allowed; 60 | in 61 | (optional (cfgUnfree.warn && length cfgUnfree.allowed != 0) unfreeWarning) ++ 62 | (optional (cfgInsecure.warn && length cfgInsecure.allowed != 0) insecureWarning); 63 | 64 | nixpkgs.config.allowUnfreePredicate = 65 | mkForce (pkg: 66 | builtins.elem (getNameWithVersion pkg) cfgUnfree.allowed); 67 | 68 | nixpkgs.config.allowInsecurePredicate = 69 | mkForce (pkg: 70 | builtins.elem (getNameWithVersion pkg) cfgInsecure.allowed); 71 | }; 72 | }; 73 | } 74 | -------------------------------------------------------------------------------- /modules/misc/users.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | cfg = config.users; 7 | inherit (lib) mkOption types; 8 | in { 9 | options.users = { 10 | host = mkOption { 11 | type = with types; str; 12 | description = '' 13 | The host's name 14 | ''; 15 | }; 16 | main = mkOption { 17 | type = with types; str; 18 | description = '' 19 | Main user 20 | ''; 21 | }; 22 | groups = mkOption { 23 | type = with types; listOf str; 24 | default = []; 25 | description = '' 26 | Extra groups the main user will be apart of. 27 | ''; 28 | }; 29 | }; 30 | 31 | config = { 32 | os = { 33 | networking.hostName = cfg.host; 34 | users.users.root = { 35 | group = "root"; 36 | hashedPassword = "$y$j9T$s7BZx6bB6XXKsM.nGXaeq/$rUV6f4K8c1SuxPe0HnngsFhgDDTa9Cj1oWKGfaPuik5"; 37 | isSystemUser = true; 38 | }; 39 | users.users.${cfg.main} = { 40 | uid = 1000; 41 | hashedPassword = "$y$j9T$lBa.z5DPjmFIpGgdlajll.$M3ioCotjdUW178tOJpGT7OtK../klyeSZQV2zjYblf8"; 42 | isNormalUser = true; 43 | extraGroups = 44 | [ 45 | "wheel" 46 | "video" 47 | "audio" 48 | "networkmanager" 49 | "adbusers" 50 | "scanner" 51 | "lp" 52 | "docker" 53 | "dialout" 54 | "davfs2" 55 | "nextcloud" 56 | ] 57 | ++ cfg.groups; 58 | }; 59 | users.mutableUsers = false; 60 | }; 61 | hmUsername = cfg.main; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /modules/misc/utils.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | inputs, 6 | ... 7 | }: let 8 | inherit 9 | (lib) 10 | mkEnableOption 11 | mkIf 12 | types 13 | mkOption 14 | ; 15 | cfg = config.utils; 16 | 17 | utils = import ../../utils {inherit lib;}; 18 | 19 | utils' = 20 | utils 21 | // { 22 | flPkgs = utils.flPkgs pkgs.system; 23 | flPkgs' = utils.flPkgs' pkgs.system; 24 | flLPkgs = utils.flLPkgs pkgs.system; 25 | flLPkgs' = utils.flLPkgs' pkgs.system; 26 | } 27 | // cfg.extraUtils; 28 | in { 29 | options.utils.enable = mkEnableOption "utils" // {default = true;}; 30 | options.utils.extraUtils = mkOption { 31 | type = types.attrs; 32 | default = {}; 33 | description = "Extra utils"; 34 | }; 35 | 36 | config = mkIf cfg.enable { 37 | _module.args.utils = utils'; 38 | # _module.args.upkgs = import inputs.nixpkgs-unstable {inherit (pkgs) system;}; 39 | _module.args.upkgs = pkgs; 40 | # os.nixpkgs.overlays = [ 41 | # (_final: _prev: { 42 | # utils = utils'; 43 | # }) 44 | # ]; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /modules/misc/vm-temp.patch: -------------------------------------------------------------------------------- 1 | diff --git a/kvmfr.c b/kvmfr.c 2 | index 121aae5b..2f4c9e1a 100644 3 | --- a/kvmfr.c 4 | +++ b/kvmfr.c 5 | @@ -539,7 +539,11 @@ static int __init kvmfr_module_init(void) 6 | if (kvmfr->major < 0) 7 | goto out_free; 8 | 9 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0) 10 | kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME); 11 | +#else 12 | + kvmfr->pClass = class_create(KVMFR_DEV_NAME); 13 | +#endif 14 | if (IS_ERR(kvmfr->pClass)) 15 | goto out_unreg; 16 | 17 | -------------------------------------------------------------------------------- /modules/misc/vm.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | osConfig, 6 | ... 7 | }: let 8 | cfg = config.vm; 9 | inherit (lib) mkEnableOption mkIf types mkOption concatStringsSep; 10 | in { 11 | options.vm = { 12 | enable = mkEnableOption "vm"; 13 | gpu = mkOption { 14 | type = with types; listOf str; 15 | example = ''["1002:73df" "1002:ab28"]''; 16 | description = '' 17 | The IPCs related to the GPU to pass. 18 | ''; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable { 23 | users.groups = ["libvirtd"]; 24 | os = { 25 | nixpkgs.overlays = [ 26 | # (_final: prev: { 27 | # looking-glass-client = prev.looking-glass-client.overrideAttrs (_old: rec { 28 | # version = "B6"; 29 | # patches = []; 30 | # src = prev.fetchFromGitHub { 31 | # owner = "gnif"; 32 | # repo = "LookingGlass"; 33 | # rev = version; 34 | # sha256 = "sha256-6vYbNmNJBCoU23nVculac24tHqH7F4AZVftIjL93WJU="; 35 | # fetchSubmodules = true; 36 | # }; 37 | # }); 38 | # }) 39 | ]; 40 | boot.initrd.kernelModules = [ 41 | "vfio_pci" 42 | "vfio" 43 | "vfio_iommu_type1" 44 | "kvmfr" 45 | ]; 46 | 47 | boot.kernelParams = [ 48 | "amd_iommu=on" 49 | "vfio-pci.ids=${concatStringsSep "," cfg.gpu}" 50 | "iommu=pt" 51 | "video=efifb:off" 52 | ]; 53 | 54 | services.udev.extraRules = '' 55 | SUBSYSTEM=="kvmfr", KERNEL=="kvmfr0", OWNER="${config.users.main}", GROUP="kvm", MODE="0660" 56 | ''; 57 | 58 | boot.extraModprobeConfig = '' 59 | options kvm ignore_msrs=1 60 | options kvmfr static_size_mb=32 61 | options snd_hda_intel power_save=0 62 | ''; 63 | 64 | boot.extraModulePackages = [ 65 | 66 | (osConfig.boot.kernelPackages.kvmfr.overrideAttrs (old: { 67 | # inherit (pkgs.looking-glass-client) version src; 68 | # patches = [ 69 | # ./vm-temp.patch 70 | # ]; 71 | # patches = []; # UPDATE-TODO: https://github.com/NixOS/nixpkgs/pull/305018 72 | })) 73 | ]; 74 | 75 | environment.systemPackages = with pkgs; [ 76 | virt-manager 77 | looking-glass-client 78 | guestfs-tools 79 | ]; 80 | 81 | virtualisation.docker.enable = true; 82 | virtualisation.libvirtd = { 83 | enable = true; 84 | # hooks.qemu = { 85 | # "passthrough" = lib.getExe ( 86 | # pkgs.writeShellApplication { 87 | # name = "qemu-hook"; 88 | # 89 | # runtimeInputs = with pkgs; [ 90 | # libvirt 91 | # systemd 92 | # kmod 93 | # ]; 94 | # 95 | # text = '' 96 | # GUEST_NAME="$1" 97 | # OPERATION="$2" 98 | # 99 | # if [ "$GUEST_NAME" != "win-gpu" ]; then 100 | # exit 0; 101 | # fi 102 | # 103 | # if [ "$OPERATION" == "prepare" ]; then 104 | # echo "0000:03:00.0" > /sys/bus/pci/drivers/amdgpu/unbind || true 105 | # echo "0000:03:00.0" > /sys/bus/pci/drivers/vfio-pci/bind || true 106 | # fi 107 | # 108 | # if [ "$OPERATION" == "release" ]; then 109 | # echo "0000:03:00.0" > /sys/bus/pci/drivers/vfio-pci/unbind || true 110 | # echo "0000:03:00.0" > /sys/bus/pci/drivers/amdgpu/bind || true 111 | # fi 112 | # ''; 113 | # } 114 | # ); 115 | # }; 116 | qemu = { 117 | package = pkgs.qemu_kvm; 118 | ovmf.enable = true; 119 | # Full is needed for TPM and secure boot emulation 120 | # ovmf.packages = [ pkgs.OVMFFull.fd ]; 121 | # TPM emulation 122 | # swtpm.enable = true; 123 | verbatimConfig = '' 124 | cgroup_device_acl = [ 125 | "/dev/kvmfr0", 126 | "/dev/vfio/vfio", "/dev/vfio/11", "/dev/vfio/12", 127 | "/dev/null", "/dev/full", "/dev/zero", 128 | "/dev/random", "/dev/urandom", 129 | "/dev/ptmx", "/dev/kvm" 130 | ] 131 | ''; 132 | }; 133 | }; 134 | }; 135 | }; 136 | } 137 | -------------------------------------------------------------------------------- /modules/programs/alacritty/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | theme, 5 | ... 6 | }: let 7 | cfg = config.programs.alacritty; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.alacritty = { 11 | enable = mkEnableOption "alacritty"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | hm.programs.alacritty = { 16 | enable = true; 17 | 18 | settings = { 19 | window = { 20 | opacity = theme.backgroundColor.toNormA; 21 | padding = { 22 | x = 10; 23 | y = 10; 24 | }; 25 | }; 26 | 27 | selection.save_to_clipboard = true; 28 | 29 | key_bindings = [ 30 | { 31 | key = "I"; 32 | mods = "Control|Shift"; 33 | action = "IncreaseFontSize"; 34 | } 35 | { 36 | key = "U"; 37 | mods = "Control|Shift"; 38 | action = "DecreaseFontSize"; 39 | } 40 | ]; 41 | 42 | font = { 43 | size = 11; 44 | family = "FiraCode Nerd Font Mono"; 45 | normal = { 46 | style = "Regular"; 47 | }; 48 | bold = { 49 | style = "Bold"; 50 | }; 51 | }; 52 | 53 | colors = { 54 | primary = { 55 | background = "0x${theme.backgroundColor.toHexRGB}"; 56 | foreground = "0xc0caf5"; 57 | }; 58 | cursor = { 59 | text = "0xc0caf5"; 60 | cursor = "0xffffff"; 61 | }; 62 | selection = { 63 | text = "CellForeground"; # "0xc0caf5"; 64 | background = "0x33467c"; 65 | }; 66 | normal = { 67 | black = "0x15161e"; 68 | red = "0xf7768e"; 69 | green = "0x9ece6a"; 70 | yellow = "0xe0af68"; 71 | blue = "0x7aa2f7"; 72 | magenta = "0xbb9af7"; 73 | cyan = "0x7dcfff"; 74 | white = "0xa9b1d6"; 75 | }; 76 | bright = { 77 | black = "0x414868"; 78 | red = "0xf7768e"; 79 | green = "0x9ece6a"; 80 | yellow = "0xe0af68"; 81 | blue = "0x7aa2f7"; 82 | magenta = "0xbb9af7"; 83 | cyan = "0x7dcfff"; 84 | white = "0xc0caf5"; 85 | }; 86 | }; 87 | }; 88 | }; 89 | }; 90 | } 91 | -------------------------------------------------------------------------------- /modules/programs/anyrun.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | osConfig, 5 | config, 6 | theme, 7 | lib, 8 | ... 9 | }: { 10 | options.programs.anyrun.enable = lib.mkEnableOption "anyrun"; 11 | 12 | config = lib.mkMerge [ 13 | { 14 | inputs = { 15 | anyrun = { 16 | url = "github:kirottu/anyrun"; 17 | inputs.nixpkgs.follows = "nixpkgs"; 18 | }; 19 | anyrun-nixos-options = { 20 | url = "github:n3oney/anyrun-nixos-options/v1.0.1"; 21 | inputs.nixpkgs.follows = "nixpkgs"; 22 | }; 23 | }; 24 | } 25 | (lib.mkIf config.programs.anyrun.enable { 26 | os.nix.settings = { 27 | substituters = ["https://anyrun.cachix.org"]; 28 | 29 | trusted-public-keys = [ 30 | "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" 31 | ]; 32 | }; 33 | 34 | hmModules = [inputs.anyrun.homeManagerModules.default]; 35 | 36 | hm.programs.anyrun = { 37 | enable = true; 38 | 39 | config = { 40 | y.fraction = 0.2; 41 | width = { fraction = 0.3; }; 42 | closeOnClick = true; 43 | hidePluginInfo = true; 44 | showResultsImmediately = true; 45 | maxEntries = 10; 46 | plugins = with inputs.anyrun.packages.${pkgs.system}; [ 47 | applications 48 | rink 49 | inputs.anyrun-nixos-options.packages.${pkgs.system}.default 50 | translate 51 | # symbols # prefix not working 52 | ]; 53 | }; 54 | extraConfigFiles = { 55 | "nixos-options.ron".text = '' 56 | Config( 57 | options_paths: ${builtins.toJSON ["${osConfig.system.build.manual.optionsJSON}/share/doc/nixos/options.json"]}, 58 | prefix: ";nix", 59 | ) 60 | ''; 61 | 62 | "translate.ron".text = '' 63 | Config( 64 | prefix: ";", 65 | language_delimiter: ">", 66 | max_entries: 1, 67 | ) 68 | ''; 69 | 70 | "symbols.ron".text = '' 71 | Config( 72 | prefix: ";sym", 73 | max_entries: 3, 74 | ) 75 | ''; 76 | }; 77 | 78 | extraCss = '' 79 | window { 80 | background: transparent; 81 | } 82 | 83 | #match, 84 | #entry, 85 | #plugin, 86 | #main { 87 | background: transparent; 88 | font-size: 1.1rem; 89 | } 90 | 91 | #match.activatable { 92 | padding: 12px 14px; 93 | border-radius: 12px; 94 | 95 | color: white; 96 | margin-top: 4px; 97 | border: 2px solid transparent; 98 | transition: all 0.3s ease; 99 | } 100 | 101 | #match.activatable:not(:first-child) { 102 | border-top-left-radius: 0; 103 | border-top-right-radius: 0; 104 | border-top: 2px solid rgba(255, 255, 255, 0.1); 105 | } 106 | 107 | #match.activatable #match-title { 108 | font-size: 1.3rem; 109 | } 110 | 111 | #match.activatable:hover { 112 | border: 2px solid rgba(255, 255, 255, 0.4); 113 | } 114 | 115 | #match-title, #match-desc { 116 | color: inherit; 117 | } 118 | 119 | #match.activatable:hover, #match.activatable:selected { 120 | border-top-left-radius: 12px; 121 | border-top-right-radius: 12px; 122 | } 123 | 124 | #match.activatable:selected + #match.activatable, #match.activatable:hover + #match.activatable { 125 | border-top: 2px solid transparent; 126 | } 127 | 128 | #match.activatable:selected, #match.activatable:hover:selected { 129 | background: rgba(255,255,255,0.1); 130 | } 131 | 132 | #match, #plugin { 133 | box-shadow: none; 134 | } 135 | 136 | #entry { 137 | color: white; 138 | box-shadow: none; 139 | border-radius: 12px; 140 | } 141 | 142 | box#main { 143 | /* background: rgba(36, 39, 58, 0.7); */ 144 | background: rgba(${toString theme.popupBackgroundColor.r}, ${toString theme.popupBackgroundColor.g}, ${toString theme.popupBackgroundColor.b}, ${toString theme.popupBackgroundColor.toNormA}); 145 | border-radius: 16px; 146 | padding: 8px; 147 | box-shadow: 0px 2px 33px -5px rgba(0, 0, 0, 0.4); 148 | } 149 | 150 | row:first-child { 151 | margin-top: 6px; 152 | } 153 | ''; 154 | }; 155 | }) 156 | ]; 157 | } 158 | -------------------------------------------------------------------------------- /modules/programs/code-server.nix: -------------------------------------------------------------------------------- 1 | # TODO: I'm making this its own module so in the future I'll make the vscode more declarative. 2 | { 3 | pkgs, 4 | lib, 5 | config, 6 | ... 7 | }: let 8 | cfg = config.programs.code-server; 9 | inherit (lib) mkEnableOption mkIf; 10 | in { 11 | options.programs.code-server = { 12 | enable = mkEnableOption "code-server"; 13 | }; 14 | 15 | config = mkIf cfg.enable { 16 | os.environment.systemPackages = [ 17 | pkgs.code-server 18 | ]; 19 | }; 20 | } -------------------------------------------------------------------------------- /modules/programs/deluge.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | cfg = config.programs.deluge; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.deluge = { 11 | enable = mkEnableOption "deluge"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | users.groups = ["deluge"]; 16 | os.services.deluge = { 17 | enable = true; 18 | web.enable = false; 19 | declarative = true; 20 | config = { 21 | download_location = "/share/downloads"; 22 | allow_remote = true; 23 | daemon_port = 58846; 24 | listen_ports = [6881 6889]; 25 | }; 26 | authFile = pkgs.writeText "deluge-auth" '' 27 | admin:admin:10 28 | ''; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /modules/programs/direnv.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | cfg = config.programs.direnv; 7 | inherit (lib) mkEnableOption mkIf; 8 | in { 9 | options.programs.direnv = { 10 | enable = mkEnableOption "direnv"; 11 | }; 12 | 13 | config = mkIf cfg.enable { 14 | hm.programs.direnv = { 15 | enable = true; 16 | nix-direnv.enable = true; 17 | }; 18 | 19 | hm.xdg.configFile."direnv/direnvrc".text = '' 20 | : ''${XDG_CACHE_HOME:=$HOME/.cache} 21 | declare -A direnv_layout_dirs 22 | direnv_layout_dir() { 23 | echo "''${direnv_layout_dirs[$PWD]:=$( 24 | local hash="$(sha1sum - <<<"''${PWD}" | cut -c-7)" 25 | local path="''${PWD//[^a-zA-Z0-9]/-}" 26 | echo "''${XDG_CACHE_HOME}/direnv/layouts/''${hash}''${path}" 27 | )}" 28 | } 29 | ''; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /modules/programs/discord/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | theme, 6 | ... 7 | }: let 8 | cfg = config.programs.discord; 9 | inherit (lib) mkEnableOption mkIf; 10 | in { 11 | options.programs.discord = { 12 | enable = mkEnableOption "discord"; 13 | webcord.enable = mkEnableOption "webcord" // {default = true;}; 14 | }; 15 | 16 | config = mkIf (cfg.enable && cfg.webcord.enable) { 17 | os.environment.systemPackages = let 18 | webcord-vencord = pkgs.webcord-vencord.override { 19 | # Patch webcord 20 | # webcord = (pkgs.callPackage ./webcord/screenshare-audio.nix {}).overrideAttrs (old: { 21 | # patches = (old.patches or []) ++ [./webcord/unwritable-config.patch]; 22 | # }); 23 | webcord = pkgs.webcord.overrideAttrs (old: rec { 24 | patches = (old.patches or []) ++ [./webcord/unwritable-config.patch]; 25 | }); 26 | 27 | # Patch vencord 28 | vencord-web-extension = pkgs.vencord-web-extension.overrideAttrs (old: { 29 | # patches = 30 | # (old.patches or []) 31 | # ++ [ 32 | # (pkgs.runCommand "vencord-settings-patch" { 33 | # nativeBuildInputs = with pkgs; [jq]; 34 | # } '' 35 | # export settings=$(jq -c '.settings' < ${./vencord/exported-settings.json}) 36 | # substituteAll ${./vencord/declarative-settings.patch} $out 37 | # '') 38 | # ]; 39 | }); 40 | }; 41 | in [ 42 | webcord-vencord 43 | ]; 44 | 45 | hm.xdg.configFile."WebCord/Themes/amoled-cord".source = pkgs.substituteAll { 46 | src = ./themes/amoled-cord.css; 47 | backgroundColor = "#${theme.backgroundColor.toHexRGBA}"; 48 | }; 49 | hm.xdg.configFile."WebCord/config.json".source = ./webcord/config.json; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /modules/programs/discord/themes/amoled-cord.css: -------------------------------------------------------------------------------- 1 | /** 2 | * @name AMOLED-Cord 3 | * @version 1.1.1 4 | * @description A theme that's nice on your eyes.. lights out baby! 5 | * @author LuckFire#4800 6 | * 7 | * @website https://github.com/LuckFire 8 | * @source https://github.com/LuckFire/amoled-cord/tree/main/src 9 | **/ 10 | 11 | @import url('https://luckfire.github.io/amoled-cord/src/amoled-cord.css'); 12 | 13 | :root { 14 | /* --------- BASE THEME --------- */ 15 | --blurple-replace: #7289DA; 16 | /* --background-primary: rgb(8, 8, 8); */ 17 | /* --background-secondary: rgb(5, 5, 5); */ 18 | /* --background-secondary-alt: rgb(15, 15, 15); */ 19 | /* --background-tertiary: black; */ 20 | 21 | --background-primary: #00000000 !important; 22 | --background-secondary: #00000000 !important; 23 | --background-secondary-alt: #00000000 !important; 24 | --background-tertiary: #00000000 !important; 25 | 26 | --background-accent: rgba(15, 15, 15, 0); 27 | --background-floating: black; 28 | --userarea-background: var(--background-tertiary); 29 | --header-primary: #fff; 30 | --header-secondary: #b9bbbe; 31 | --elevation-low: 0 1px 0 rgba(40, 40, 50, 0.2), 0 1.5px 0 rgba(60, 60, 70, 0.05), 0 2px 0 rgba(40, 40, 50, 0.05); 32 | --elevation-high: 0 8px 16px rgba(0, 0, 0, 0.24); 33 | --channels-default: #969696; 34 | --channeltextarea-background: #000000aa 35 | --guild-header-text-shadow: 0 1px 1px rgba(0, 0, 0, 0.4); 36 | --activity-card-background: #0f0f0f; 37 | --interactive-normal: #b9bbbe; 38 | --interactive-hover: #dcddde; 39 | --interactive-active: #fff; 40 | --interactive-muted: rgb(75, 75, 75); 41 | --background-modifier-hover: rgba(50, 50, 50, 0.16); 42 | --background-modifier-active: rgba(50, 50, 50, 0.24); 43 | --background-modifier-selected: rgba(50, 50, 50, 0.32); 44 | --background-modifier-accent: hsla(0, 0%, 100%, 0.06); 45 | --text-link: #00b0f4; 46 | --text-normal: #dcddde; 47 | --text-muted: #969696; 48 | --deprecated-panel-background: #292b2f; 49 | --deprecated-card-bg: rgba(32, 34, 37, 0.6); 50 | --deprecated-card-editable-bg: rgba(32, 34, 37, 0.3); 51 | --deprecated-store-bg: #36393f; 52 | --deprecated-quickswitcher-input-background: #72767d; 53 | --deprecated-quickswitcher-input-placeholder: hsla(0, 0%, 100%, 0.3); 54 | --deprecated-text-input-bg: rgba(0, 0, 0, 0.1); 55 | --deprecated-text-input-border: rgba(0, 0, 0, 0.3); 56 | --deprecated-text-input-border-hover: #040405; 57 | --deprecated-text-input-border-disabled: #202225; 58 | --deprecated-text-input-prefix: #dcddde; 59 | --background-accent-1: rgb(15, 15, 15, 0.1); 60 | --background-accent-3: rgb(15, 15, 15, 0.3); 61 | --background-floating-2: rgba(0, 0, 0, 0.2); 62 | } 63 | 64 | body { 65 | background-color: @backgroundColor@ !important; 66 | } 67 | 68 | -------------------------------------------------------------------------------- /modules/programs/discord/vencord/declarative-settings.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/api/Settings.ts b/src/api/Settings.ts 2 | index 709050f..ced740f 100644 3 | --- a/src/api/Settings.ts 4 | +++ b/src/api/Settings.ts 5 | @@ -93,7 +93,7 @@ const DefaultSettings: Settings = { 6 | }; 7 | 8 | try { 9 | - var settings = JSON.parse(VencordNative.settings.get()) as Settings; 10 | + var settings = @settings@ as Settings; 11 | mergeDefaults(settings, DefaultSettings); 12 | } catch (err) { 13 | var settings = mergeDefaults({} as Settings, DefaultSettings); 14 | -------------------------------------------------------------------------------- /modules/programs/discord/webcord/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "settings": { 3 | "general": { 4 | "menuBar": { 5 | "hide": true 6 | }, 7 | "tray": { 8 | "disable": true 9 | }, 10 | "taskbar": { 11 | "flash": true 12 | }, 13 | "window": { 14 | "transparent": true, 15 | "hideOnClose": false 16 | } 17 | }, 18 | "privacy": { 19 | "blockApi": { 20 | "science": true, 21 | "typingIndicator": true, 22 | "fingerprinting": true 23 | }, 24 | "permissions": { 25 | "video": true, 26 | "audio": true, 27 | "fullscreen": true, 28 | "notifications": true, 29 | "display-capture": true, 30 | "background-sync": true 31 | } 32 | }, 33 | "advanced": { 34 | "csp": { 35 | "enabled": true 36 | }, 37 | "cspThirdParty": { 38 | "spotify": true, 39 | "gif": true, 40 | "hcaptcha": true, 41 | "youtube": true, 42 | "twitter": true, 43 | "twitch": true, 44 | "streamable": true, 45 | "vimeo": true, 46 | "soundcloud": true, 47 | "paypal": true, 48 | "audius": true, 49 | "algolia": true, 50 | "reddit": true, 51 | "googleStorageApi": true 52 | }, 53 | "currentInstance": { 54 | "radio": 0 55 | }, 56 | "devel": { 57 | "enabled": false 58 | }, 59 | "redirection": { 60 | "warn": true 61 | }, 62 | "optimize": { 63 | "gpu": false 64 | }, 65 | "webApi": { 66 | "webGl": true 67 | }, 68 | "unix": { 69 | "autoscroll": false 70 | } 71 | } 72 | }, 73 | "update": { 74 | "notification": { 75 | "version": "", 76 | "till": "" 77 | } 78 | }, 79 | "screenShareStore": { 80 | "audio": false 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /modules/programs/discord/webcord/custom-build.patch: -------------------------------------------------------------------------------- 1 | diff --git a/package.json b/package.json 2 | index 0f59ce5..08d81f3 100644 3 | --- a/package.json 4 | +++ b/package.json 5 | @@ -79,9 +79,6 @@ 6 | "tslib": "^2.3.1", 7 | "twemoji-colr-font": "^14.0.2" 8 | }, 9 | - "optionalDependencies": { 10 | - "node-pipewire": "^1.0.14" 11 | - }, 12 | "config": { 13 | "forge": "./app/code/build/forge.js" 14 | }, 15 | -------------------------------------------------------------------------------- /modules/programs/discord/webcord/unwritable-config.patch: -------------------------------------------------------------------------------- 1 | diff --git a/sources/code/main/modules/config.ts b/sources/code/main/modules/config.ts 2 | index cee6519..904287c 100644 3 | --- a/sources/code/main/modules/config.ts 4 | +++ b/sources/code/main/modules/config.ts 5 | @@ -2,7 +2,7 @@ 6 | * configManager 7 | */ 8 | 9 | -import { readFileSync, existsSync, rmSync, writeFileSync } from "fs"; 10 | +import { readFileSync, existsSync, rmSync } from "fs"; 11 | import { 12 | app, 13 | BrowserWindow, 14 | @@ -146,12 +146,7 @@ class Config { 15 | /** Default configuration values. */ 16 | private readonly defaultConfig; 17 | protected spaces = 4; 18 | - #write(object: unknown) { 19 | - const decodedData = JSON.stringify(object, null, this.spaces); 20 | - let encodedData:string|Buffer = decodedData; 21 | - if(this.#pathExtension === FileExt.Encrypted) 22 | - encodedData = safeStorage.encryptString(decodedData); 23 | - writeFileSync(this.#path+this.#pathExtension,encodedData); 24 | + #write(_object: unknown) { 25 | } 26 | #read(): unknown { 27 | const encodedData = readFileSync(this.#path+this.#pathExtension); 28 | @@ -317,4 +312,4 @@ void import("electron/main") 29 | if(new URL(event.senderFrame.url).protocol === "file:") 30 | appConfig.value = config; 31 | }) 32 | - ); 33 | \ No newline at end of file 34 | + ); 35 | -------------------------------------------------------------------------------- /modules/programs/firefox/addons.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | os.nixpkgs.overlays = [ 3 | (_final: prev: let 4 | inherit (prev.nur.repos.rycee.firefox-addons) buildFirefoxXpiAddon; 5 | in { 6 | firefox-addons = { 7 | better-history-ng = buildFirefoxXpiAddon { 8 | pname = "better-history-ng"; 9 | version = "1.0.2"; 10 | addonId = "{058af685-fc17-47a4-991a-bab91a89533d}"; 11 | url = "https://github.com/Christoph-Wagner/firefox-better-history-ng/releases/download/v1.0.2/2c2e37a17c4a4d558bd0-1.0.2.xpi"; 12 | sha256 = "sha256-ryl34Z8pRJhrBgvksqnx678pLKV0YOau61tnJGvk4K8="; 13 | meta = with lib; { 14 | homepage = "https://github.com/Christoph-Wagner/firefox-better-history-ng"; 15 | description = "A Better History page inspired by Vivaldi tent"; 16 | license = licenses.unlicense; 17 | platforms = platforms.all; 18 | }; 19 | }; 20 | }; 21 | }) 22 | ]; 23 | } 24 | -------------------------------------------------------------------------------- /modules/programs/firefox/startpage.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 54 | 67 | 68 | 69 | 70 | 71 |
72 |
73 |
74 | 77 |
78 | 79 | 80 | -------------------------------------------------------------------------------- /modules/programs/fish.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | cfg = config.programs.fish; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.fish = { 11 | enable = mkEnableOption "fish"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | os = { 16 | users.defaultUserShell = pkgs.fish; 17 | environment.pathsToLink = ["/share/fish"]; 18 | programs.fish.enable = true; 19 | 20 | documentation.man.generateCaches = false; # NixOS 21 | }; 22 | 23 | hm.programs = { 24 | nix-index.enableFishIntegration = true; 25 | # programs.starship.enableFishIntegration = true; 26 | # programs.direnv.enableFishIntegration = true; 27 | man.generateCaches = false; # home-manager 28 | 29 | fish = { 30 | enable = true; 31 | interactiveShellInit = '' 32 | set fish_greeting 33 | fish_vi_key_bindings 34 | ''; 35 | plugins = 36 | map (plugin: { 37 | name = plugin.pname; 38 | inherit (plugin) src; 39 | }) (with pkgs.fishPlugins; [ 40 | pure 41 | autopair 42 | done 43 | ]); 44 | }; 45 | }; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/programs/foot/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | theme, 5 | ... 6 | }: let 7 | cfg = config.programs.foot; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.foot = { 11 | enable = mkEnableOption "foot"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | os.nixpkgs.overlays = [ 16 | (_final: prev: { 17 | foot = prev.foot.overrideAttrs (old: { 18 | patches = 19 | (old.patches or []) 20 | ++ [ 21 | ./transparent.patch 22 | ]; 23 | }); 24 | }) 25 | ]; 26 | hm.programs.foot = { 27 | enable = true; 28 | settings = { 29 | main = { 30 | term = "foot"; 31 | # font = "monospace:size=11"; 32 | font = "FiraCode Nerd Font Mono:size=11"; 33 | dpi-aware = "no"; 34 | pad = "10x10"; 35 | }; 36 | 37 | mouse = { 38 | hide-when-typing = "yes"; 39 | }; 40 | 41 | scrollback = { 42 | lines = 100000; 43 | }; 44 | 45 | cursor.color = "c0caf5 ffffff"; 46 | 47 | colors = { 48 | background = theme.backgroundColor.toHexRGB; 49 | alpha = theme.backgroundColor.toNormA; 50 | # alpha = 0.0; 51 | 52 | foreground = "c0caf5"; 53 | selection-foreground = "c0caf5"; 54 | selection-background = "33467c"; 55 | urls = "73daca"; 56 | 57 | regular0 = "15161e"; 58 | regular1 = "f7768e"; 59 | regular2 = "9ece6a"; 60 | regular3 = "e0af68"; 61 | regular4 = "7aa2f7"; 62 | regular5 = "bb9af7"; 63 | regular6 = "7dcfff"; 64 | regular7 = "a9b1d6"; 65 | 66 | bright0 = "414868"; 67 | bright1 = "f7768e"; 68 | bright2 = "9ece6a"; 69 | bright3 = "e0af68"; 70 | bright4 = "7aa2f7"; 71 | bright5 = "bb9af7"; 72 | bright6 = "7dcfff"; 73 | bright7 = "c0caf5"; 74 | 75 | "16" = "ff9e64"; 76 | "17" = "db4b4b"; 77 | 78 | # background="1a1b26"; 79 | # foreground="c0caf5"; 80 | # regular0="15161E"; 81 | # regular1="f7768e"; 82 | # regular2="9ece6a"; 83 | # regular3="e0af68"; 84 | # regular4="7aa2f7"; 85 | # regular5="bb9af7"; 86 | # regular6="7dcfff"; 87 | # regular7="a9b1d6"; 88 | # bright0="414868"; 89 | # bright1="f7768e"; 90 | # bright2="9ece6a"; 91 | # bright3="e0af68"; 92 | # bright4="7aa2f7"; 93 | # bright5="bb9af7"; 94 | # bright6="7dcfff"; 95 | # bright7="c0caf5"; 96 | # foreground = "${base05}"; # Text 97 | # background = "${base00}"; # Base 98 | # regular0 = "${base00}"; 99 | # regular1 = "${base08}"; 100 | # regular2 = "${base0B}"; 101 | # regular3 = "${base0A}"; 102 | # regular4 = "${base0D}"; 103 | # regular5 = "${base0E}"; 104 | # regular6 = "${base0C}"; 105 | # regular7 = "${base05}"; 106 | # bright0 = "${base03}"; 107 | # bright1 = "${base08}"; 108 | # bright2 = "${base0B}"; 109 | # bright3 = "${base0A}"; 110 | # bright4 = "${base0D}"; 111 | # bright5 = "${base0E}"; 112 | # bright6 = "${base0C}"; 113 | # bright7 = "${base07}"; 114 | }; 115 | }; 116 | }; 117 | }; 118 | } 119 | -------------------------------------------------------------------------------- /modules/programs/foot/transparent.patch: -------------------------------------------------------------------------------- 1 | diff --git a/render.c b/render.c 2 | index 48957a0a..6730f892 100644 3 | --- a/render.c 4 | +++ b/render.c 5 | @@ -534,7 +534,7 @@ render_cell(struct terminal *term, pixman_image_t *pix, 6 | } 7 | 8 | else if (cell->attrs.bg_src == COLOR_DEFAULT) { 9 | - if (term->window->is_fullscreen) { 10 | + if (false) { 11 | /* 12 | * Note: disable transparency when fullscreened. 13 | * 14 | -------------------------------------------------------------------------------- /modules/programs/git.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.git; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.git = { 11 | enable = mkEnableOption "git"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | os.environment.systemPackages = with pkgs; [ 16 | git 17 | gh 18 | ]; 19 | 20 | hm.programs.git = { 21 | enable = true; 22 | userName = "FlafyDev"; 23 | userEmail = "flafyarazi@gmail.com"; 24 | aliases = { 25 | slog = ''! git log -10 --pretty=format:"%C(magenta)%h %C(cyan)%C(bold)%ad %C(green)%<(10,trunc)%an%x09%Creset%C(yellow)%s%C(auto)%d%Creset" --date=short --color=always --graph | head -10''; 26 | slog-all = ''! git log -200 --pretty=format:"%C(magenta)%h %C(cyan)%C(bold)%ad %C(green)%<(10,trunc)%an%x09%Creset%C(yellow)%s%C(auto)%d%Creset" --date=short --color=always --graph | head -200 | less''; 27 | # slog-all = ''! git log --pretty=format:"%C(magenta)%h %C(cyan)%C(bold)%ad %C(green)%<(10,trunc)%an%x09%Creset%C(yellow)%s%C(auto)%d%Creset" --date=short --color=always --graph --all | head -10''; 28 | change = ''!f() { git rebase -i HEAD~$1; }; f''; 29 | }; 30 | extraConfig = { 31 | safe.directory = "*"; 32 | # credential.helper = "${pkgs.git.override {withLibsecret = true;}}/bin/git-credential-libsecret"; 33 | }; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /modules/programs/gnome.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.gnome; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.gnome = { 11 | enable = mkEnableOption "gnome"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | os = { 16 | # xdg.portal.enable = true; 17 | # xdg.portal.extraPortals = with pkgs; [ 18 | # xdg-desktop-portal-gtk 19 | # xdg-desktop-portal-gnome 20 | # ]; 21 | 22 | services = { 23 | xserver = { 24 | enable = true; 25 | desktopManager.gnome.enable = true; 26 | displayManager.gdm.enable = true; 27 | # videoDrivers = [ "amdgpu" ]; 28 | # autorun = false; 29 | 30 | excludePackages = with pkgs; [ 31 | xterm 32 | ]; 33 | 34 | xkb = { 35 | layout = "us"; 36 | variant = ""; 37 | }; 38 | }; 39 | 40 | # gnome.core-utilities.enable = false; 41 | # gnome.core-os-services.enable = lib.mkForce false; 42 | }; 43 | 44 | environment.gnome.excludePackages = with pkgs; [ 45 | gnome-tour 46 | ]; 47 | 48 | environment.systemPackages = 49 | (with pkgs; [ 50 | gnome-tweaks 51 | gnome-extension-manager 52 | ]); 53 | }; 54 | # os.environment.systemPackages = with pkgs; [ 55 | # git 56 | # gh 57 | # ]; 58 | hm = {lib, ...}: { 59 | home.file.".xinitrc".text = '' 60 | dbus-run-session gnome-session 61 | ''; 62 | # dconf = { 63 | # enable = true; 64 | # settings = let 65 | # inherit (lib.hm.gvariant) mkTuple mkUint32; 66 | # in { 67 | # "org/gnome/desktop/input-sources" = { 68 | # per-window = false; 69 | # sources = [(mkTuple ["xkb" "us"]) (mkTuple ["xkb" "il"])]; 70 | # xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"]; 71 | # }; 72 | # "org/gnome/shell" = { 73 | # disable-user-extensions = false; 74 | # enabled-extensions = [ 75 | # "aztaskbar@aztaskbar.gitlab.com" 76 | # "Hide_Activities@shay.shayel.org" 77 | # "blur-my-shell@aunetx" 78 | # "sound-output-device-chooser@kgshank.net" 79 | # "gtktitlebar@velitasali.github.io" 80 | # "clipboard-indicator@tudmotu.com" 81 | # "windowIsReady_Remover@nunofarruca@gmail.com" 82 | # "mprisindicatorbutton@JasonLG1979.github.io" 83 | # "bluetooth-quick-connect@bjarosze.gmail.com" 84 | # ]; 85 | # }; 86 | # "org/gnome/desktop/peripherals/mouse" = { 87 | # accel-profile = "flat"; 88 | # speed = -0.78; 89 | # }; 90 | # "org/gnome/desktop/peripherals/touchpad" = { 91 | # two-finger-scrolling-enabled = true; 92 | # }; 93 | # "org/gnome/desktop/background" = { 94 | # picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/adwaita-l.jpg"; 95 | # picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/adwaita-d.jpg"; 96 | # primary-color = "#3465a4"; 97 | # }; 98 | # "org/gnome/desktop/interface" = { 99 | # # gtk-theme = "Adwaita-dark"; 100 | # color-scheme = "prefer-dark"; 101 | # }; 102 | # "apps/guake/general" = { 103 | # gtk-prefer-dark-theme = true; 104 | # }; 105 | # "apps/guake/style/background" = { 106 | # transparency = 90; 107 | # }; 108 | # "org/gnome/desktop/peripherals/keyboard" = { 109 | # delay = mkUint32 226; 110 | # }; 111 | # }; 112 | # }; 113 | 114 | # home.packages = with pkgs.gnomeExtensions; [ 115 | # gtk-title-bar 116 | # app-icons-taskbar 117 | # hide-activities-button 118 | # blur-my-shell 119 | # sound-output-device-chooser 120 | # clipboard-indicator 121 | # window-is-ready-remover 122 | # mpris-indicator-button 123 | # bluetooth-quick-connect 124 | # ]; 125 | }; 126 | }; 127 | } 128 | -------------------------------------------------------------------------------- /modules/programs/gui-utils.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | inputs, 6 | utils, 7 | theme, 8 | ... 9 | }: let 10 | cfg = config.programs.gui-utils; 11 | inherit (lib) mkEnableOption mkIf mkMerge; 12 | in { 13 | options.programs.gui-utils = { 14 | enable = mkEnableOption "gui-utils"; 15 | }; 16 | 17 | config = mkMerge [ 18 | { 19 | inputs = { 20 | guifetch = { 21 | url = "github:flafydev/guifetch"; 22 | # inputs.nixpkgs.follows = "nixpkgs"; 23 | }; 24 | flarrent = { 25 | url = "github:flafydev/flarrent"; 26 | inputs.nixpkgs.follows = "nixpkgs"; 27 | }; 28 | }; 29 | } 30 | (mkIf cfg.enable { 31 | hmModules = [inputs.guifetch.homeManagerModules.default]; 32 | hm.xdg.configFile."flarrent/config.json".text = builtins.toJSON { 33 | color = theme.borderColor.active.toHexARGB; 34 | backgroundColor = theme.backgroundColor.toHexARGB; 35 | connection = "transmission:http://localhost:9091/transmission/rpc"; 36 | smoothScroll = false; 37 | animateOnlyOnFocus = false; 38 | }; 39 | hm.programs.guifetch = { 40 | enable = true; 41 | config = { 42 | backgroundColor = "${theme.backgroundColor.toHexARGB}"; 43 | }; 44 | }; 45 | os.environment.systemPackages = with pkgs; [ 46 | (utils.flPkgs inputs.flarrent) 47 | zed-editor 48 | kdePackages.kdenlive 49 | chromium 50 | eog # eye of gnome - image viewer 51 | mate.engrampa 52 | nautilus # file manager 53 | scrcpy 54 | simple-scan # scanner 55 | evince # document viewer 56 | gnome-system-monitor 57 | gnome-font-viewer 58 | gimp 59 | gparted 60 | pavucontrol 61 | 62 | gst_all_1.gstreamer 63 | gst_all_1.gst-plugins-base 64 | gst_all_1.gst-plugins-good 65 | gst_all_1.gst-plugins-bad 66 | gst_all_1.gst-plugins-ugly 67 | gst_all_1.gst-vaapi 68 | libva 69 | 70 | libreoffice 71 | 72 | (pkgs.wrapOBS { 73 | plugins = with pkgs.obs-studio-plugins; [ 74 | obs-vaapi 75 | obs-gstreamer 76 | ]; 77 | }) 78 | 79 | lxde.lxrandr 80 | syncplay 81 | prismlauncher 82 | thunderbird 83 | icu 84 | glib 85 | ]; 86 | }) 87 | ]; 88 | } 89 | -------------------------------------------------------------------------------- /modules/programs/mpv/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | cfg = config.programs.mpv; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.mpv = { 11 | enable = mkEnableOption "mpv"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | # Extends the Home Manager Mpv modules to allow Mpv scripts to add fonts. 16 | hmModules = [./hm-mpv-fonts.nix]; 17 | 18 | os.nixpkgs.overlays = [ 19 | (_final: prev: { 20 | mpvScripts = 21 | prev.mpvScripts 22 | // { 23 | modern-x-compact = prev.callPackage ./scripts/modern-x-compact.nix {}; 24 | }; 25 | }) 26 | ]; 27 | 28 | hm.programs.mpv = { 29 | enable = true; 30 | enableFonts = true; 31 | config = { 32 | vo = "gpu"; 33 | profile = "gpu-hq"; 34 | hwdec = "auto-safe"; 35 | gpu-context = "wayland"; 36 | # force-window = true; 37 | ytdl-format = "bestvideo+bestaudio"; 38 | volume-max = 200; 39 | fs = true; 40 | screen = 0; 41 | # save-position-on-quit = true; 42 | osc = false; 43 | }; 44 | bindings = { 45 | UP = "add volume 2"; 46 | DOWN = "add volume -2"; 47 | WHEEL_UP = "add volume 2"; 48 | WHEEL_DOWN = "add volume -2"; 49 | "ctrl+pgup" = "playlist-next"; 50 | "ctrl+pgdwn" = "playlist-prev"; 51 | RIGHT = "seek 5 exact"; 52 | LEFT = "seek -5 exact"; 53 | }; 54 | scripts = with pkgs.mpvScripts; [ 55 | modern-x-compact 56 | mpris 57 | autoload 58 | (let 59 | script = pkgs.writeText "mpv-script" '' 60 | function show_meta() 61 | local ass_start = mp.get_property_osd("osd-ass-cc/0") 62 | local ass_stop = mp.get_property_osd("osd-ass-cc/1" .. "expand-properties/0") 63 | local ass_text = "{\\b1}''${filename}{\\b0}{\\fscx70\\fscy70} [''${height}p ''${video-format}]\n" .. 64 | "''${?metadata/by-key/title:\nTITLE: ''${metadata/by-key/title}}" .. 65 | "''${?metadata/by-key/artist:\nARTIST: ''${metadata/by-key/artist}}" .. 66 | "''${?metadata/by-key/album:\nALBUM: ''${metadata/by-key/album}}" .. 67 | "''${?metadata/by-key/date:\nDATE: ''${metadata/by-key/date}}" 68 | 69 | mp.commandv("expand-properties", "show-text", ass_start .. ass_text .. ass_stop) 70 | end 71 | 72 | mp.add_key_binding('n', 'show-meta', show_meta) 73 | mp.register_event('file-loaded', show_meta) 74 | ''; 75 | in 76 | pkgs.runCommand "mp3-metadata" { 77 | passthru.scriptName = "script.lua"; 78 | } '' 79 | mkdir -p "$out/share/mpv/scripts/" 80 | cp ${script} "$out/share/mpv/scripts/script.lua" 81 | '') 82 | ]; 83 | }; 84 | }; 85 | } 86 | -------------------------------------------------------------------------------- /modules/programs/mpv/hm-mpv-fonts.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.programs.mpv; 7 | inherit (lib) mkIf mkMerge lists; 8 | in { 9 | options = { 10 | programs.mpv = { 11 | enableFonts = lib.mkEnableOption "mpv-fonts"; 12 | }; 13 | }; 14 | 15 | config = mkIf (cfg.enable && cfg.enableFonts) { 16 | xdg.configFile = 17 | mkMerge 18 | ( 19 | lists.flatten 20 | ( 21 | map (script: ( 22 | if script ? "fonts" 23 | then 24 | (map (font: { 25 | "mpv/fonts/${font}".source = "${script}/share/mpv/fonts/${font}"; 26 | }) 27 | script.fonts) 28 | else [] 29 | )) 30 | cfg.scripts 31 | ) 32 | ); 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /modules/programs/mpv/scripts/modern-x-compact.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenv, 4 | fetchFromGitHub, 5 | }: 6 | stdenv.mkDerivation { 7 | pname = "mpv-modern-x-compact"; 8 | version = "unstable-2022-07-20"; 9 | 10 | src = fetchFromGitHub { 11 | owner = "1-minute-to-midnight"; 12 | repo = "mpv-modern-x-compact"; 13 | rev = "9a437fb9936375ff0ca7c844a349398aefbc2c3a"; 14 | sha256 = "Yp1ukGQGH/xguAkvz6AndkUF7fLOmq42QdR9hntzsvE="; 15 | }; 16 | 17 | dontBuild = true; 18 | 19 | installPhase = '' 20 | runHook preInstall 21 | mkdir -p $out/share/mpv/scripts 22 | cp modernx.lua $out/share/mpv/scripts 23 | mkdir -p $out/share/mpv/fonts 24 | cp modernx-osc-icon.ttf $out/share/mpv/fonts 25 | runHook postInstall 26 | ''; 27 | 28 | passthru.scriptName = "modernx.lua"; 29 | passthru.fonts = ["modernx-osc-icon.ttf"]; 30 | 31 | meta = with lib; { 32 | description = "Compact version of modern-x osc for mpv with a neat web-player type UI"; 33 | homepage = "https://github.com/1-minute-to-midnight/mpv-modern-x-compact"; 34 | license = licenses.unlicense; 35 | platforms = platforms.all; 36 | maintainers = []; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/programs/mpv/scripts/mp3-metadata.nix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/modules/programs/mpv/scripts/mp3-metadata.nix -------------------------------------------------------------------------------- /modules/programs/neovim/config/lsp/default.nix: -------------------------------------------------------------------------------- 1 | {snippets ? []}: pkgs: 2 | with pkgs.vimPlugins; let 3 | preprocessSnippetsPath = snippetsSrc: 4 | pkgs.stdenvNoCC.mkDerivation { 5 | name = "preprocessed-nvim-snippets"; 6 | src = snippetsSrc; 7 | buildPhase = '' 8 | # Change all filenames that end with .code-snippets to .json 9 | find . -name "*.code-snippets" -type f -exec sh -c 'mv "$0" "''${0%.code-snippets}.json"' {} \; 10 | 11 | # Modify all files that contain .code-snippets to .json 12 | find . -type f -exec sed -i 's/.code-snippets/.json/g' {} + 13 | ''; 14 | installPhase = '' 15 | mkdir -p $out 16 | cp -r . $out 17 | ''; 18 | }; 19 | in [ 20 | flutter-tools-nvim 21 | null-ls-nvim 22 | nvim-code-action-menu 23 | tailwind-tools-nvim 24 | 25 | # coq_nvim 26 | # coq-thirdparty 27 | # coq-artifacts 28 | # vim-vsnip 29 | lspsaga-nvim 30 | luasnip 31 | cmp_luasnip 32 | nvim-cmp 33 | cmp-nvim-lsp 34 | { 35 | type = "lua"; 36 | plugin = nvim-lspconfig; 37 | config = builtins.readFile (pkgs.substituteAll { 38 | src = ./config.lua; 39 | snippets = pkgs.lib.concatStringsSep "," (map preprocessSnippetsPath snippets); 40 | }); 41 | } 42 | ] 43 | -------------------------------------------------------------------------------- /modules/programs/neovim/config/lualine-nvim/config.lua: -------------------------------------------------------------------------------- 1 | local modules = require('lualine_require').lazy_require { notices = 'lualine.utils.notices' } 2 | 3 | require('lualine').setup { 4 | options = { 5 | theme = 'tokyonight', 6 | -- component_separators = '|', 7 | component_separators = ' ', 8 | section_separators = { left = '', right = '' }, 9 | }, 10 | sections = { 11 | lualine_a = { 12 | { 'mode', separator = { left = '' }, right_padding = 2 }, 13 | }, 14 | lualine_b = { 'branch', }, 15 | lualine_c = { 'diff', }, 16 | lualine_x = { 'diagnostics', }, 17 | lualine_y = { 'filetype', 'progress', }, 18 | lualine_z = { 19 | { 'location', separator = { right = '' }, left_padding = 2 }, 20 | }, 21 | }, 22 | -- inactive_sections = { 23 | -- lualine_a = { 'filename' }, 24 | -- lualine_b = {}, 25 | -- lualine_c = {}, 26 | -- lualine_x = {}, 27 | -- lualine_y = {}, 28 | -- lualine_z = { 'location' }, 29 | -- }, 30 | tabline = {}, 31 | extensions = {}, 32 | } 33 | -------------------------------------------------------------------------------- /modules/programs/neovim/config/lualine-nvim/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: { 2 | type = "lua"; 3 | plugin = pkgs.vimPlugins.lualine-nvim; 4 | config = builtins.readFile ./config.lua; 5 | } 6 | -------------------------------------------------------------------------------- /modules/programs/neovim/config/nvim-dap/config.lua: -------------------------------------------------------------------------------- 1 | local dap = require('dap') 2 | 3 | dap.adapters.coreclr = { 4 | type = 'executable', 5 | command = 'netcoredbg', 6 | args = { '--interpreter=vscode' } 7 | } 8 | 9 | dap.configurations.cs = { 10 | { 11 | type = "coreclr", 12 | name = "launch - netcoredbg", 13 | request = "launch", 14 | program = function() 15 | return vim.fn.input('Path to dll', vim.fn.getcwd() .. '/bin/Debug/', 'file') 16 | end, 17 | }, 18 | } 19 | 20 | require("dapui").setup({ 21 | icons = { expanded = "▾", collapsed = "▸" }, 22 | mappings = { 23 | -- Use a table to apply multiple mappings 24 | expand = { "", "<2-LeftMouse>" }, 25 | open = "o", 26 | remove = "d", 27 | edit = "e", 28 | repl = "r", 29 | toggle = "t", 30 | }, 31 | -- Expand lines larger than the window 32 | -- Requires >= 0.7 33 | expand_lines = vim.fn.has("nvim-0.7"), 34 | -- Layouts define sections of the screen to place windows. 35 | -- The position can be "left", "right", "top" or "bottom". 36 | -- The size specifies the height/width depending on position. It can be an Int 37 | -- or a Float. Integer specifies height/width directly (i.e. 20 lines/columns) while 38 | -- Float value specifies percentage (i.e. 0.3 - 30% of available lines/columns) 39 | -- Elements are the elements shown in the layout (in order). 40 | -- Layouts are opened in order so that earlier layouts take priority in window sizing. 41 | layouts = { 42 | { 43 | elements = { 44 | -- Elements can be strings or table with id and size keys. 45 | { id = "scopes", size = 0.25 }, 46 | "breakpoints", 47 | "stacks", 48 | "watches", 49 | }, 50 | size = 40, -- 40 columns 51 | position = "left", 52 | }, 53 | { 54 | elements = { 55 | "repl", 56 | "console", 57 | }, 58 | size = 0.25, -- 25% of total lines 59 | position = "bottom", 60 | }, 61 | }, 62 | floating = { 63 | max_height = nil, -- These can be integers or a float between 0 and 1. 64 | max_width = nil, -- Floats will be treated as percentage of your screen. 65 | border = "rounded", -- Border style. Can be "single", "double" or "rounded" 66 | mappings = { 67 | close = { "q", "" }, 68 | }, 69 | }, 70 | windows = { indent = 1 }, 71 | render = { 72 | max_type_length = nil, -- Can be integer or nil. 73 | } 74 | }) 75 | -------------------------------------------------------------------------------- /modules/programs/neovim/config/nvim-dap/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: 2 | with pkgs.vimPlugins; [ 3 | nvim-dap-ui 4 | { 5 | type = "lua"; 6 | plugin = nvim-dap; 7 | config = builtins.readFile ./config.lua; 8 | } 9 | ] 10 | -------------------------------------------------------------------------------- /modules/programs/neovim/config/telescope-nvim/config.lua: -------------------------------------------------------------------------------- 1 | require("telescope").setup({ 2 | update_cwd = true, 3 | -- respect_buf_cwd = true, 4 | }) 5 | 6 | require("telescope").load_extension "file_browser" 7 | -------------------------------------------------------------------------------- /modules/programs/neovim/config/telescope-nvim/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: 2 | with pkgs.vimPlugins; [ 3 | telescope-file-browser-nvim 4 | { 5 | type = "lua"; 6 | plugin = telescope-nvim; 7 | config = builtins.readFile ./config.lua; 8 | } 9 | ] 10 | -------------------------------------------------------------------------------- /modules/programs/neovim/flutter-tools-no-resolve.patch: -------------------------------------------------------------------------------- 1 | diff --git a/lua/flutter-tools/executable.lua b/lua/flutter-tools/executable.lua 2 | index 3807a4f..3345760 100644 3 | --- a/lua/flutter-tools/executable.lua 4 | +++ b/lua/flutter-tools/executable.lua 5 | @@ -31,12 +31,12 @@ local function _dart_sdk_root(paths) 6 | end 7 | 8 | if utils.executable("flutter") then 9 | - local flutter_path = fn.resolve(fn.exepath("flutter")) 10 | + local flutter_path = fn.exepath("flutter") 11 | local flutter_bin = fn.fnamemodify(flutter_path, ":h") 12 | return path.join(flutter_bin, dart_sdk) 13 | end 14 | 15 | - if utils.executable("dart") then return fn.resolve(fn.exepath("dart")) end 16 | + if utils.executable("dart") then return fn.exepath("dart") end 17 | 18 | return "" 19 | end 20 | @@ -50,10 +50,10 @@ end 21 | ---Get paths for flutter and dart based on the binary locations 22 | ---@return table 23 | local function get_default_binaries() 24 | - local flutter_bin = fn.resolve(fn.exepath("flutter")) 25 | + local flutter_bin = fn.exepath("flutter") 26 | return { 27 | flutter_bin = flutter_bin, 28 | - dart_bin = fn.resolve(fn.exepath("dart")), 29 | + dart_bin = fn.exepath("dart"), 30 | flutter_sdk = _flutter_sdk_root(flutter_bin), 31 | } 32 | end 33 | @@ -119,7 +119,7 @@ function M.get(callback) 34 | end 35 | 36 | if config.flutter_path then 37 | - local flutter_path = fn.resolve(config.flutter_path) 38 | + local flutter_path = config.flutter_path 39 | _paths = { flutter_bin = flutter_path, flutter_sdk = _flutter_sdk_root(flutter_path) } 40 | _paths.dart_sdk = _dart_sdk_root(_paths) 41 | _paths.dart_bin = _flutter_sdk_dart_bin(_paths.flutter_sdk) 42 | -------------------------------------------------------------------------------- /modules/programs/neovim/plugins.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | inputs = { 3 | bufresize-nvim = { 4 | url = "github:kwkarlwang/bufresize.nvim"; 5 | flake = false; 6 | }; 7 | transparent-nvim = { 8 | url = "github:xiyaowong/transparent.nvim"; 9 | flake = false; 10 | }; 11 | flutter-riverpod-snippets = { 12 | url = "github:RobertBrunhage/flutter-riverpod-snippets"; 13 | flake = false; 14 | }; 15 | flutter-hooks-snippets = { 16 | url = "github:devmuaz/flutter-hooks-snippets"; 17 | flake = false; 18 | }; 19 | tailwind-tools = { 20 | url = "github:luckasRanarison/tailwind-tools.nvim"; 21 | flake = false; 22 | }; 23 | }; 24 | os.nixpkgs.overlays = [ 25 | (_final: prev: { 26 | vimPlugins = 27 | prev.vimPlugins 28 | // ( 29 | let 30 | inherit (prev.vimUtils) buildVimPlugin; 31 | in 32 | with inputs; { 33 | bufresize-nvim = buildVimPlugin { 34 | pname = "bufresize.nvim"; 35 | version = "git"; 36 | src = bufresize-nvim; 37 | }; 38 | tailwind-tools-nvim = buildVimPlugin { 39 | pname = "tailwind-tools.nvim"; 40 | version = "git"; 41 | src = tailwind-tools; 42 | }; 43 | transparent-nvim = buildVimPlugin { 44 | pname = "transparent-nvim"; 45 | version = "git"; 46 | src = transparent-nvim; 47 | }; 48 | 49 | } 50 | ); 51 | }) 52 | ]; 53 | } 54 | -------------------------------------------------------------------------------- /modules/programs/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | pkgs, 6 | combinedManager, 7 | ... 8 | }: let 9 | cfg = config.programs.nix; 10 | inherit (lib) mkEnableOption mkIf mkMerge mapAttrs; 11 | # package = 12 | # if !cfg.cm-patch 13 | # then inputs.nix-super.packages.${pkgs.system}.default 14 | # else 15 | # pkgs.nix.overrideAttrs (old: { 16 | # patches = 17 | # (old.patches or []) 18 | # ++ ( 19 | # map 20 | # (file: "${combinedManager}/nix-patches/${file}") 21 | # (lib.attrNames (lib.filterAttrs (_: type: type == "regular") (builtins.readDir "${combinedManager}/nix-patches"))) 22 | # ); 23 | # }); 24 | in { 25 | options.programs.nix = { 26 | enable = mkEnableOption "nix"; 27 | patch = mkEnableOption "patch"; 28 | cm-patch = mkEnableOption "combined-manager-patch" // {default = true;}; 29 | 30 | }; 31 | 32 | config = mkMerge [ 33 | { 34 | inputs = { 35 | nix-super = { 36 | url = "github:privatevoid-net/nix-super"; 37 | inputs.nixpkgs.follows = "nixpkgs"; 38 | }; 39 | nix-index-database = { 40 | url = "github:Mic92/nix-index-database"; 41 | inputs.nixpkgs.follows = "nixpkgs"; 42 | }; 43 | flake-registry = { 44 | url = "github:nixos/flake-registry"; 45 | flake = false; 46 | }; 47 | }; 48 | } 49 | # (mkIf (cfg.enable && !cfg.cm-patch) { 50 | # os.nixpkgs.overlays = [ 51 | # (_final: prev: { 52 | # ; 53 | # }) 54 | # ]; 55 | # }) 56 | # (mkIf (cfg.enable && cfg.cm-patch) { 57 | # os.nixpkgs.overlays = [ 58 | # (_final: prev: { 59 | # nix = ; 60 | # }) 61 | # ]; 62 | # }) 63 | (mkIf cfg.enable { 64 | osModules = [ 65 | inputs.nix-index-database.nixosModules.nix-index 66 | ]; 67 | hmModules = [ 68 | inputs.nix-index-database.hmModules.nix-index 69 | ]; 70 | os.nix = { 71 | enable = true; 72 | # package = mkIf cfg.patch package; 73 | 74 | distributedBuilds = true; 75 | 76 | registry = mapAttrs (_name: value: {flake = value;}) (with inputs; { 77 | inherit nixpkgs; 78 | default = nixpkgs; 79 | }); 80 | nixPath = [ 81 | "nixpkgs=${inputs.nixpkgs}" 82 | ]; 83 | # builders = ssh://root@mac1-guest?ssh-key=/home/flafy/.ssh/ope_to_mac&remote-program=/nix/var/nix/profiles/default/bin/nix-store x86_64-darwin 84 | extraOptions = '' 85 | experimental-features = nix-command flakes 86 | ''; 87 | settings = { 88 | flake-registry = "${inputs.flake-registry}/flake-registry.json"; 89 | auto-optimise-store = true; 90 | trusted-public-keys = [ 91 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 92 | ]; 93 | substituters = [ 94 | "https://nix-community.cachix.org" 95 | ]; 96 | trusted-users = [ 97 | "root" 98 | "@wheel" 99 | ]; 100 | }; 101 | }; 102 | 103 | os.programs.command-not-found.enable = false; 104 | hm.programs.nix-index.enable = true; 105 | }) 106 | ]; 107 | } 108 | -------------------------------------------------------------------------------- /modules/programs/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | hmConfig, 5 | secrets, 6 | osOptions, 7 | ... 8 | }: let 9 | cfg = config.programs.ssh; 10 | inherit (lib) mkEnableOption mkOption types mkIf mkMerge; 11 | inherit (builtins) mapAttrs foldl' attrNames; 12 | in { 13 | options.programs.ssh = { 14 | enable = mkEnableOption "ssh"; 15 | 16 | matchBlocks = mkOption { 17 | default = {}; 18 | inherit ((osOptions.home-manager.users.type.getSubOptions []).programs.ssh.matchBlocks) type; 19 | }; 20 | 21 | server = { 22 | enable = mkEnableOption "ssh-server"; 23 | 24 | users = mkOption { 25 | default = {}; 26 | type = with types; 27 | attrsOf (submodule ( 28 | _: { 29 | options.keyFiles = mkOption { 30 | type = with types; listOf path; 31 | default = []; 32 | description = lib.mdDoc '' 33 | A list of files each containing one OpenSSH public key that should be 34 | added to the user's authorized keys. The contents of the files are 35 | read at build time and added to a file that the SSH daemon reads in 36 | addition to the the user's authorized_keys file. You can combine the 37 | `keyFiles` and `keys` options. 38 | ''; 39 | }; 40 | } 41 | )); 42 | example = { 43 | user1 = [ 44 | ./key 45 | ]; 46 | }; 47 | description = '' 48 | A list of files containing SSH public keys for users. 49 | ''; 50 | }; 51 | }; 52 | 53 | sftp = { 54 | enable = mkEnableOption "sftp"; 55 | }; 56 | }; 57 | 58 | config = mkMerge [ 59 | (mkIf (cfg.enable && cfg.server.enable) { 60 | os.services.openssh = { 61 | enable = true; 62 | settings = { 63 | # require public key authentication for better security 64 | PasswordAuthentication = false; 65 | KbdInteractiveAuthentication = false; 66 | # GatewayPorts = "yes"; 67 | PermitRootLogin = "yes"; 68 | }; 69 | }; 70 | os.users.users = 71 | mapAttrs (_name: user: { 72 | openssh.authorizedKeys.keyFiles = user.keyFiles; 73 | }) 74 | cfg.server.users; 75 | }) 76 | (mkIf cfg.enable { 77 | hm.programs.ssh = { 78 | enable = true; 79 | inherit (cfg) matchBlocks; 80 | # # TODO: update home-manager and use option. 81 | # extraConfig = '' 82 | # Host * 83 | # AddKeysToAgent "yes"; 84 | # ''; 85 | }; 86 | hm.services.ssh-agent.enable = true; 87 | os.programs.ssh.startAgent = false; 88 | os.systemd.user.services.ssh-agent.environment.SSH_ASKPASS_REQUIRE = "prefer"; 89 | # os.services.gnome.gnome-keyring.enable = true; 90 | # hm.services.gnome-keyring = { 91 | # enable = true; 92 | # components = ["pkcs11" "secrets" "ssh"]; 93 | # }; 94 | 95 | # os = { 96 | # # security.pam.services.login.enableGnomeKeyring = true; 97 | # # security.pam.services.greetd.enableGnomeKeyring = true; 98 | # # programs.seahorse.enable = true; 99 | # }; 100 | 101 | # hm.home.sessionVariables = { 102 | # SSH_AUTH_SOCK = "/run/user/1000/keyring/ssh"; 103 | # }; 104 | 105 | hm.home.file = let 106 | inherit (config.users) host; 107 | in 108 | foldl' (acc: keyName: 109 | acc 110 | // { 111 | ".ssh/${keyName}".source = hmConfig.lib.file.mkOutOfStoreSymlink secrets.ssh-keys.${host}.${keyName}.private; 112 | }) {} ( 113 | if (secrets.ssh-keys ? ${host}) 114 | then (attrNames secrets.ssh-keys.${host}) 115 | else [] 116 | ); 117 | }) 118 | (mkIf (cfg.enable && cfg.sftp.enable) { 119 | users.groups = ["sftpuser"]; 120 | 121 | os.services.vsftpd = { 122 | enable = true; 123 | writeEnable = true; 124 | localUsers = true; 125 | }; 126 | }) 127 | ]; 128 | } 129 | -------------------------------------------------------------------------------- /modules/programs/sunshine.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.sunshine; 8 | inherit (lib) mkEnableOption mkIf mkOption types; 9 | in { 10 | options.programs.sunshine = { 11 | enable = mkEnableOption "sunshine"; 12 | package = mkOption { 13 | type = with types; package; 14 | default = pkgs.sunshine; 15 | description = '' 16 | Sunshine package. 17 | ''; 18 | }; 19 | hyprlandIntegration.enable = mkEnableOption "hyprlandIntegration"; 20 | }; 21 | 22 | config = mkIf (cfg.enable && cfg.hyprlandIntegration.enable) { 23 | hm.wayland.windowManager.hyprland.settings.exec-once = [ 24 | (pkgs.writeShellScript "remote-control-launcher" '' 25 | while true; do 26 | "${cfg.package}/bin/sunshine" || true 27 | sleep 1 28 | done 29 | '') 30 | ]; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/programs/transmission.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | cfg = config.programs.transmission; 8 | inherit (lib) mkEnableOption mkIf; 9 | in { 10 | options.programs.transmission = { 11 | enable = mkEnableOption "transmission"; 12 | }; 13 | 14 | config = mkIf cfg.enable { 15 | users.groups = ["transmission"]; 16 | 17 | os.environment.systemPackages = with pkgs; [ 18 | # transmission-remote-gtk 19 | ]; 20 | 21 | os.services.transmission = { 22 | enable = true; 23 | package = pkgs.transmission_4; 24 | settings = { 25 | rpc-whitelist-enabled = false; 26 | rpc-bind-address = "0.0.0.0"; 27 | download-dir = "/share/torrents/transmission/downloaded/"; 28 | watch-dir = "/share/torrents/transmission/watch/"; 29 | watch-dir-enabled = true; 30 | incomplete-dir-enabled = false; 31 | script-torrent-done-enabled = true; 32 | downloadDirPermissions = "770"; 33 | speed-limit-down-enabled = false; 34 | speed-limit-up = 300; 35 | speed-limit-up-enabled = true; 36 | alt-speed-down = 3500; 37 | alt-speed-up = 300; 38 | }; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/services/emoji-drawing.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | lib, 5 | osConfig, 6 | pkgs, 7 | osOptions, 8 | ... 9 | }: let 10 | inherit (lib) mkOption types; 11 | cfg = config.services.emojiDrawing; 12 | in { 13 | # TODO: Tunnel options 14 | options.services.emojiDrawing = mkOption { 15 | type = types.submodule (_: { 16 | options = 17 | (inputs.emoji-drawing.nixosModules.default { 18 | inherit pkgs lib; 19 | config = {}; 20 | }) 21 | .options 22 | .services 23 | .emojiDrawing; 24 | }); 25 | default = {enable = false;}; 26 | description = "Emoji Drawing service options."; 27 | }; 28 | 29 | config = { 30 | users.groups = [osConfig.services.emojiDrawing.user]; 31 | inputs = { 32 | emoji-drawing.url = "github:flafydev/emoji-drawing"; 33 | }; 34 | osModules = [inputs.emoji-drawing.nixosModules.default]; 35 | os.services.emojiDrawing = cfg; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/services/games/minecraft.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | pkgs, 6 | ... 7 | }: 8 | with lib; let 9 | cfg = config.services.games.minecraft; 10 | in { 11 | options.services.games.minecraft = { 12 | enable = mkEnableOption "minecraft"; 13 | }; 14 | 15 | config = mkMerge [ 16 | { 17 | inputs.nix-minecraft = { 18 | url = "github:infinidoge/nix-minecraft"; 19 | }; 20 | } 21 | ( 22 | mkIf cfg.enable { 23 | users.groups = ["minecraft"]; 24 | osModules = [ 25 | inputs.nix-minecraft.nixosModules.minecraft-servers 26 | ]; 27 | os.services.minecraft-servers = { 28 | enable = true; 29 | eula = true; 30 | servers = { 31 | # dawncraft = { 32 | # enable = true; 33 | # jvmOpts = "-Xmx6G"; # Avoid OOM 34 | # # package = pkgs.fabricServers.fabric-1_17_1.override { loaderVersion = "0.15.1"; }; 35 | # package = (elib.flLPkgs' inputs.nix-minecraft ["fabricServers" "fabric-1_17_1"]).override {loaderVersion = "0.15.0";}; 36 | # symlinks = { 37 | # "mods" = "/srv/minecraft/mods"; 38 | # }; 39 | # serverProperties = { 40 | # require-resource-pack = true; 41 | # enable-command-block = true; 42 | # server-port = 25565; 43 | # max-players = 10; 44 | # }; 45 | # }; 46 | 47 | fabric-server = { 48 | enable = true; 49 | jvmOpts = "-Xmx4G"; 50 | package = inputs.nix-minecraft.legacyPackages.${pkgs.system}.fabricServers.fabric-1_20_4; 51 | serverProperties = { 52 | require-resource-pack = false; 53 | enable-command-block = true; 54 | server-port = 25565; 55 | max-players = 10; 56 | }; 57 | }; 58 | 59 | # datapacktests4 = { 60 | # enable = true; 61 | # jvmOpts = "-Xmx4G"; # Avoid OOM 62 | # package = elib.flLPkgs' inputs.nix-minecraft ["paperServers" "paper-1_20_4"]; 63 | # serverProperties = { 64 | # require-resource-pack = false; 65 | # enable-command-block = true; 66 | # server-port = 25565; 67 | # max-players = 10; 68 | # }; 69 | # }; 70 | 71 | # map = { 72 | # enable = true; 73 | # jvmOpts = "-Xmx10G"; # Avoid OOM 74 | # # package = pkgs.fabricServers.fabric-1_17_1.override { loaderVersion = "0.15.1"; }; 75 | # package = (elib.flLPkgs' inputs.nix-minecraft ["fabricServers" "fabric-1_17_1"]).override {loaderVersion = "0.15.0";}; 76 | # symlinks = { 77 | # "mods" = "/srv/minecraft/mods"; 78 | # }; 79 | # serverProperties = { 80 | # require-resource-pack = true; 81 | # enable-command-block = true; 82 | # server-port = 25565; 83 | # max-players = 10; 84 | # }; 85 | # }; 86 | }; 87 | }; 88 | } 89 | ) 90 | ]; 91 | } 92 | -------------------------------------------------------------------------------- /modules/services/mailserver/default.nix: -------------------------------------------------------------------------------- 1 | {} 2 | # { 3 | # config, 4 | # pkgs, 5 | # osConfig, 6 | # secrets, 7 | # inputs, 8 | # lib, 9 | # ... 10 | # }: let 11 | # inherit 12 | # (lib) 13 | # mkIf 14 | # mkEnableOption 15 | # mkOption 16 | # types 17 | # mkMerge 18 | # ; 19 | # cfg = config.services.mailserver; 20 | # in { 21 | # options.services.mailserver = { 22 | # enable = mkEnableOption "mailserver"; 23 | # host = mkOption { 24 | # type = types.str; 25 | # description = "The domain name of the Mailserver server"; 26 | # }; 27 | # cert = mkOption { 28 | # type = types.str; 29 | # description = "The name of the certificates"; 30 | # }; 31 | # }; 32 | # 33 | # config = mkMerge [ 34 | # { 35 | # inputs = { 36 | # nixos-mailserver = { 37 | # url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; 38 | # inputs = { 39 | # nixpkgs.follows = "nixpkgs"; 40 | # nixpkgs-23_05.follows = "nixpkgs"; 41 | # nixpkgs-23_11.follows = "nixpkgs"; 42 | # }; 43 | # }; 44 | # }; 45 | # } 46 | # (mkIf cfg.enable { 47 | # osModules = [ 48 | # inputs.nixos-mailserver.nixosModules.mailserver 49 | # ]; 50 | # 51 | # os.services.postfix.config.inet_protocols = "ipv4"; 52 | # 53 | # os.mailserver = { 54 | # enable = true; 55 | # debug = true; 56 | # fqdn = "mail.${cfg.host}"; 57 | # domains = [cfg.host]; 58 | # 59 | # # TODO: acme over manual? 60 | # certificateScheme = "manual"; 61 | # certificateFile = "/var/lib/acme/${cfg.cert}/cert.pem"; 62 | # keyFile = "/var/lib/acme/${cfg.cert}/key.pem"; 63 | # 64 | # # A list of all login accounts. To create the password hashes, use 65 | # # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' 66 | # loginAccounts = { 67 | # # Personal 68 | # "flafy@${cfg.host}" = { 69 | # hashedPasswordFile = secrets."mail.flafy_dev.flafy"; 70 | # }; 71 | # # "user1@example.com" = { 72 | # # hashedPasswordFile = "/a/file/containing/a/hashed/password"; 73 | # # aliases = ["postmaster@example.com"]; 74 | # # }; 75 | # # "user2@example.com" = { ... }; 76 | # }; 77 | # 78 | # # Use Let's Encrypt certificates. Note that this needs to set up a stripped 79 | # # down nginx and opens port 80. 80 | # # certificateScheme = "acme-nginx"; 81 | # }; 82 | # }) 83 | # ]; 84 | # } 85 | -------------------------------------------------------------------------------- /modules/services/matrix/mautrix-gmessages/package.nix: -------------------------------------------------------------------------------- 1 | { 2 | buildGo123Module, 3 | fetchFromGitHub, 4 | olm, 5 | }: 6 | buildGo123Module rec { 7 | pname = "mautrix-gmessages"; 8 | version = "0.4.3"; 9 | 10 | src = fetchFromGitHub { 11 | owner = "mautrix"; 12 | repo = "gmessages"; 13 | rev = "v${version}"; 14 | hash = "sha256-Qh5jlvHOEtEt1IKfSYQsSWzfCrCoo8zVDCZDUZlPKEw="; 15 | }; 16 | 17 | buildInputs = [olm]; 18 | 19 | vendorHash = "sha256-VA+PC7TCEGTXG9yRcroPIVQlA5lzq9GlNRgMNPWTMSg="; 20 | 21 | excludedPackages = ["./libgm"]; 22 | 23 | doCheck = false; 24 | } 25 | -------------------------------------------------------------------------------- /modules/services/postgres/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | config, 5 | osConfig, 6 | ... 7 | }: let 8 | inherit 9 | (lib) 10 | types 11 | mkOption 12 | mkEnableOption 13 | mkForce 14 | mkIf 15 | mapAttrsToList 16 | concatStringsSep 17 | filterAttrs 18 | optionalString 19 | mkAfter 20 | ; 21 | 22 | cfg = config.services.postgres; 23 | 24 | combType = types.attrsOf (types.submodule { 25 | options = { 26 | networkTrusted = mkOption { 27 | type = types.bool; 28 | description = "Whether this combination needs to be able to connect over the network"; 29 | default = false; 30 | }; 31 | extraSql = mkOption { 32 | type = types.lines; 33 | description = "Extra SQL commands to run every DB start"; 34 | default = ""; 35 | }; 36 | initSql = mkOption { 37 | type = types.lines; 38 | description = "Extra SQL commands to run on the first DB start"; 39 | default = ""; 40 | }; 41 | autoCreate = mkOption { 42 | type = types.bool; 43 | default = true; 44 | description = "If enabled, this instructs NixOS to auto-create the database"; 45 | }; 46 | }; 47 | }); 48 | in { 49 | options.services.postgres = { 50 | enable = mkEnableOption "Postgres database"; 51 | 52 | dataDir = mkOption { 53 | type = types.str; 54 | description = "Where to save the database"; 55 | default = "/var/lib/postgresql"; 56 | }; 57 | 58 | extraSql = mkOption { 59 | type = types.lines; 60 | description = "Extra SQL commands to run every DB start"; 61 | default = ""; 62 | }; 63 | comb = mkOption { 64 | type = combType; 65 | description = "postgres user-database combination configuration"; 66 | default = {}; 67 | }; 68 | }; 69 | 70 | config = mkIf cfg.enable { 71 | # networking.allowedPorts.tcp."5432" = ["*"]; 72 | os.services.postgresql = { 73 | enable = true; 74 | package = pkgs.postgresql_14; 75 | dataDir = "${cfg.dataDir}/${osConfig.services.postgresql.package.psqlSchema}"; 76 | enableTCPIP = true; 77 | port = 5432; 78 | authentication = '' 79 | local all all trust 80 | host all all 127.0.0.1/32 trust 81 | host all all 10.0.0.0/24 trust 82 | host all all 10.10.15.0/24 trust 83 | ''; 84 | 85 | # ensureDatabases = 86 | # mapAttrsToList (name: _value: name) 87 | # (filterAttrs (_name: value: value.autoCreate) cfg.comb); 88 | # ensureUsers = 89 | # mapAttrsToList (name: _value: { 90 | # inherit name; 91 | # ensurePermissions = {"DATABASE ${name}" = "ALL PRIVILEGES";}; 92 | # }) 93 | # cfg.comb; 94 | # 95 | # # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html 96 | # authentication = mkForce '' 97 | # local all all trust 98 | # ${concatStringsSep "\n" (mapAttrsToList (name: value: (optionalString value.networkTrusted 99 | # "host ${name} ${name} 127.0.0.1/32 trust")) 100 | # cfg.comb)} 101 | # ''; 102 | 103 | initialScript = 104 | pkgs.writeText "custom-postgres-init.sql" 105 | (concatStringsSep "\n" 106 | (mapAttrsToList (_name: value: value.initSql) cfg.comb)); 107 | }; 108 | 109 | # os.systemd.services.postgresql.postStart = mkAfter '' 110 | # ${concatStringsSep "\n" (mapAttrsToList (name: value: "$PSQL -tAf ${ 111 | # pkgs.writeText "${name}-custom-postgres-init.sql" '' 112 | # \c ${name}; 113 | # ${value.extraSql} 114 | # '' 115 | # }") (filterAttrs (_name: value: value.extraSql != "") cfg.comb))} 116 | # ''; 117 | }; 118 | } 119 | -------------------------------------------------------------------------------- /modules/services/showcase-server.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | osModules = [inputs.showcase.nixosModules.default]; 3 | 4 | inputs = { 5 | showcase.url = "git+file:///home/flafy/repos/flafydev/showcase2"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /modules/services/waypipe.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | pkgs, 6 | ... 7 | }: let 8 | inherit (lib) mkEnableOption mkOption types mkIf mkMerge; 9 | cfg = config.services.waypipe; 10 | in { 11 | # Currently a single host can only have a single server and client. 12 | # If I need to be able to have more servers/clients per host, then I'll change the module. 13 | options.services.waypipe = { 14 | server = { 15 | enable = mkEnableOption "waypipe-server"; 16 | port = mkOption { 17 | type = types.int; 18 | default = 12345; 19 | description = "Port to run the server on."; 20 | }; 21 | }; 22 | client = { 23 | enable = mkEnableOption "waypipe-client"; 24 | ip = mkOption { 25 | type = types.str; 26 | description = "IP of the remote server."; 27 | }; 28 | port = mkOption { 29 | type = types.int; 30 | default = 12345; 31 | description = "Port of the remote server."; 32 | }; 33 | }; 34 | }; 35 | 36 | config = mkMerge [ 37 | ( 38 | mkIf cfg.server.enable { 39 | os.systemd.services.waypipe-server = { 40 | after = ["network-online.target"]; 41 | wantedBy = ["multi-user.target"]; 42 | wants = ["network-online.target"]; 43 | startLimitIntervalSec = 60; 44 | description = "Start Waypipe server"; 45 | serviceConfig = { 46 | Restart = "always"; 47 | RestartSec = "10s"; 48 | DynamicUser = true; 49 | ExecStart = pkgs.writeShellScript "waypipe-server-script" '' 50 | rm /tmp/waypipe.sock 51 | ${pkgs.socat}/bin/socat TCP-LISTEN:${toString cfg.server.port},reuseaddr,fork UNIX-CONNECT:/tmp/waypipe.sock 52 | ''; 53 | }; 54 | }; 55 | } 56 | ) 57 | ( 58 | mkIf cfg.client.enable { 59 | os.systemd.services.waypipe-client = { 60 | after = ["network-online.target"]; 61 | wantedBy = ["multi-user.target"]; 62 | wants = ["network-online.target"]; 63 | startLimitIntervalSec = 60; 64 | description = "Start Waypipe server"; 65 | serviceConfig = { 66 | Restart = "always"; 67 | RestartSec = "10s"; 68 | DynamicUser = true; 69 | ExecStart = pkgs.writeShellScript "waypipe-client-script" '' 70 | rm /tmp/waypipe.sock || true 71 | ${pkgs.waypipe}/bin/waypipe -s /tmp/waypipe.sock client & 72 | ${pkgs.socat}/bin/socat UNIX-LISTEN:/tmp/waypipe.sock,reuseaddr,fork TCP:${cfg.client.ip}:${toString cfg.client.port} 73 | ''; 74 | }; 75 | }; 76 | } 77 | ) 78 | ]; 79 | } 80 | 81 | -------------------------------------------------------------------------------- /secrets/bitwarden/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "flafy"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["ope"]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/bitwarden/credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/bitwarden/credentials.age -------------------------------------------------------------------------------- /secrets/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "nouser"; 3 | group = "nogroup"; 4 | mode = "000"; 5 | hosts = [ ]; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /secrets/dpawn-auth/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "root"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["mera"]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/dpawn-auth/env.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/dpawn-auth/env.age -------------------------------------------------------------------------------- /secrets/lastfm/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "flafy"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["ope"]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/lastfm/flafydev.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/lastfm/flafydev.age -------------------------------------------------------------------------------- /secrets/nextcloud/ope/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "root"; 3 | group = "root"; 4 | mode = "600"; 5 | hosts = [ "ope" ]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/nextcloud/ope/davfs.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/nextcloud/ope/davfs.age -------------------------------------------------------------------------------- /secrets/porkbun/api_key.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/porkbun/api_key.age -------------------------------------------------------------------------------- /secrets/porkbun/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "999"; # acme 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["mera"]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/restic/sb1_backups/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "root"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["mera"]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/restic/sb1_backups/password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/restic/sb1_backups/password.age -------------------------------------------------------------------------------- /secrets/secrets.nix: -------------------------------------------------------------------------------- 1 | # Not imported by nix. Used by agenix's cli too. 2 | let 3 | publicKeys = { 4 | ope = { 5 | user = 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrGKIwxotjcyJh4nmp7ZqZVpGtQncoxG7ypTHCoQa1y685OD3F8g4ubBDwuigy7sfshXAA4eenxo3qL6WbNfJCJ3WTP0/6o3AxKTDj3cKt2+bbpOR1hPHuPb3Qn21ot6M+fvDqKZmkpWBls5Cze2U6+7WG5aO/rxXeC8sw4fEK12fhWXwysX6NUIoKh61s51IIr/L2pbhtE1C0yD7I6x3jjtrAxYS1+oBboTI5lSd87LZJTfAsQWmJc0hcEi44AEsgCfbOd2+l4fS3PGB7gKV1pNvKW2bCurqYLfZFNLMyMa8xA4H2iMOJoBJ8W810bFpWYuEGSWMFwCB+DunHYGRtgAnTqLbhx+//2Snz5QSDpt34WrFVOLHuxhVaSAD7inQeF67BQ5lHKo0B0pxZZTPY/fhj9HHuSErNZ5qpX9E1JwGeBpw/FcDsyoNDuQXNQdw7DNlHz08yrLvKxp2Jx+ZD4Q7Anft8AtKvZrlFWCF5XPjgcQTALI4GhL8YBMTh6tk= flafy@ope"; 7 | # system = ""; 8 | }; 9 | mera = { 10 | user = 11 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCMFb8CoNiwcYM0XgGw2m0rMUP065/q+7VfssGH5ebL server@mera"; 12 | }; 13 | mane = { 14 | user = 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPn84OxYt3K7HwfpNPfA1cqbLMMlz3DjVEINeoVFD/it vps@mane"; 16 | }; 17 | bara = { 18 | user = 19 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICC4kn/2R1/ED6zy4MTxbRNeISNhtbJUwG5s0qSIYQzY phone@bara"; 20 | }; 21 | noro = { user = ""; }; 22 | glint = { 23 | user = 24 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj3eTZ2RZ4hLty8trulo1Z5TeRc3KzfYX0a4ZpMm0zZ flafy@glint"; 25 | }; 26 | }; 27 | 28 | master = publicKeys.ope.user; 29 | 30 | inherit ((import ../utils/secrets.nix) { }) getAllSecrets; 31 | 32 | allSecrets = (getAllSecrets { host = null; }).secrets; 33 | 34 | allSecretsPublicKeys = builtins.mapAttrs (_filepath: config: { 35 | publicKeys = builtins.map (host: publicKeys.${host}.user) config.hosts 36 | ++ [ master ]; 37 | }) allSecrets; 38 | in allSecretsPublicKeys 39 | -------------------------------------------------------------------------------- /secrets/slskd/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "slskd"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["mera"]; 6 | } 7 | -------------------------------------------------------------------------------- /secrets/slskd/credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/slskd/credentials.age -------------------------------------------------------------------------------- /secrets/ssh-keys/bara/bara_to_ope/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/bara/bara_to_ope/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/bara/bara_to_ope/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+pGjMLXzb2UJpNQBSt3hpLM6f5rQ8QKjgTUqVgCURI flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/bara/bara_wg_private/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/bara/bara_wg_private/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/bara/bara_wg_private/public: -------------------------------------------------------------------------------- 1 | 4L8DUQj+H1DgV+JLi2Q7VttQSJd8w7L+uM+ZkqpizkM= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "flafy"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["glint"]; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_to_ope/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/glint/glint_to_ope/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_to_ope/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ+LaPOO8KTv+d0q1f+YZ/Ht5L/Vr2XSCY0gRmtsVLw glint_to_ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_wg_private/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "systemd-network"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | } 6 | 7 | -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_wg_private/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/glint/glint_wg_private/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_wg_private/public: -------------------------------------------------------------------------------- 1 | g5SpCXS1ZmCMvNRYIpFc9NM99GQ4HQgbbYwXKRaBrUc= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_wg_vps/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "systemd-network"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | } 6 | 7 | -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_wg_vps/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/glint/glint_wg_vps/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/glint/glint_wg_vps/public: -------------------------------------------------------------------------------- 1 | 3dessdxL4DNSlQ/NLSrJjAx3Ges0ZqtVVTFzPE/+DUc= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "flafy"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["mane"]; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_private/owner: -------------------------------------------------------------------------------- 1 | systemd-network 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_private/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mane/mane_wg_private/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_private/public: -------------------------------------------------------------------------------- 1 | 0pj1W+VHwTp6aYXpF12Rb+y6jcWQpFP8ZBcLaOstT18= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_vpn/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mane/mane_wg_vpn/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_vpn/public: -------------------------------------------------------------------------------- 1 | ROgHP1QLYlFawbLuOIH9UiYNAg39eQgiBcQr7sFKiUo= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_vps/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mane/mane_wg_vps/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mane/mane_wg_vps/public: -------------------------------------------------------------------------------- 1 | 0m1heNR2+UxmBhnOpx/zTXeuC2PcbmLcGwn68p98+2E= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "flafy"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["mera"]; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_to_ope/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mera/mera_to_ope/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_to_ope/public: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZAlMOcuT34U9snqfXFDZKYi4eYbWtrJExFFoyiY31c2ZFZNh+GQyi03FQwWumGXJ2prmzsgKK1nzuFM3+W45QG4oPIBGvXoHS+nCoPejAY8JRgsJNdqns0oCF0g5Nm6RHptTG0S0jpv5Dq2/9VMMAZGX34o1Q3kKc9wjpr8hpRWiVcZpw38nV3sbUsPIR/BgKRRVKC8W5ka7GeNlI2fsAgDQnVjO12oT3N8W6vMNQ6STfQxZ7sNmIctr2l2T0+vm2XDi0TePkCe5wqtRpO53wTojBQ5tTQDmU+CHTKE/E++UWXEQ+P6yz89fuxVO+1DPhgzIJ+Cfikk/buDmvnQWwDiMWXHg/WuZm/kjecEr44xqedHgQINXfzr+FVJr9RbzZ8cXRCSXzSP+ZRdtqglYqBVDKem2adoSLB/Z16ijeZt4JuneWjT4r4rr/bbxeiw5vCzoStfQIDwVvcLwRzDkXvpWqzOp7Od5izqBuGX+XK2DzNxNo0be6L7PKSY6mLCk= flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_to_sb1/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mera/mera_to_sb1/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_to_sb1/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+2dEVFjAJsvMZHH7MLsW4rNY/RoUL9WHIEc2s00HBK server@mera 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_private/owner: -------------------------------------------------------------------------------- 1 | systemd-network 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_private/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mera/mera_wg_private/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_private/public: -------------------------------------------------------------------------------- 1 | +Mrq24VGSlHXPsF2PeU26gJ1Exdei/ltYZv0Ld9FLFM= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_vpn/owner: -------------------------------------------------------------------------------- 1 | systemd-network 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_vpn/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mera/mera_wg_vpn/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_vpn/public: -------------------------------------------------------------------------------- 1 | JnfSaCY9ANopMLamnoqVjyRym4wdDjAchc2I5ykuBFs= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_vps/owner: -------------------------------------------------------------------------------- 1 | systemd-network 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_vps/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/mera/mera_wg_vps/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/mera/mera_wg_vps/public: -------------------------------------------------------------------------------- 1 | 0rNlLIDpss0CFgbSoDcwCEPye7GFQDos+CAwOMr3OFc= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/noro/noro_to_ope/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvCkhvMMGTkK7PNn82NQbCMwHHEW0YJJCS8TFll9QMZ flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "flafy"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | hosts = ["ope"]; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_flafydev_github/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_flafydev_github/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_flafydev_github/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODYVo8TbkZ5N5PKjq1DUCeVB59Ac23eahyKvq14uVo0 flafyarazi@gmail.com 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_bara/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_bara/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_bara/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOU/aCbmpGu6pTaxS9apsX6iTTylxlQBS1JTkv0bLfc flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_glint/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_glint/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_glint/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEjZ8Ky8qWbkhnu9LVkGk1YTt3qBBsmo5s572v7LOfq glint 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_mac/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_mac/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_mac/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfTEToQf+mxwmKGNepzOekU+V/f7180T2DlSKmlgbGH flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_mane/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_mane/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_mane/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINq29EK+k6SCc+IO1R+dbO6Ev9V4p/CSP2sRqL0brMHB flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_mera/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_mera/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_mera/public: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuaVf5J6UPNKrbevI7UOKSRsvVcDswX+lt07ZQ7oZ4BrAj8iHzlBdELnY+dsavTl+jYSueMr9SKAa8ttrGlSk1irSLH2tEVnJqt54jm35hI4T9V7+Nd8PzHlZM3J1a0LRDdWyOcmeNIyLrHPt3qNnHGY4iKs7/0DJ1XPbOXl0LPAfKBb0kNg7Ym127fgeA9l+HaHxD/ZFGkwPrC20Ioio7nJSJ+UNqlfP8QRBegPZ+736Y8A5XU+DsyLIWuH1Da+UFqEepZSE6EXWkgdz27SaEcmWlIdUaORnjrDHlOXo56vZ3gJCgEA1DMAJxd7JsDdWBz8tzyxovrfq7PJqRcT8vBk0m3wKEOyfWdq9ZFwnqKeEbrIdPCqtz2qmL2qek4QDKNv6yVcmS83HkO25JXxLhpB+X+yfsEm48YXRH5uj/sFI9rN3DtC9ZREbRj2slhxoYuESyWXzrHA8MeHhQDhgD4NxmjLCp+1ugyjxrVGntPyO1fJCJKMpf1K71Ud5Pf++fE8dklaZn06FTIa1c+SdIebsL4wDR9jl6cmSimNq+2ziXBSze0PbLVHHyMQKx6Tfc5Su++Uu1widyEE9E0YUlc5gBNlrnsTo62oCUn5mTllwomnPfqKubqcTZodv4Twy3QsG6tWcm6flEJaz8H5mnkFjcuPq16o+HSTxE04qwqQ== flafyarazi@gmail.com 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_sb1/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_sb1/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_sb1/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOq/a7uXT2gMIrJ4TcMCXRytyGJyi+qo0n6gG0NBj6CK flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_win/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_to_win/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_to_win/public: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZiwD4TlUadV0klQaprCnz4pVoSeZFTZeqsumgUSqp4 flafy@ope 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_wg_private/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "systemd-network"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | } 6 | 7 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_wg_private/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_wg_private/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_wg_private/public: -------------------------------------------------------------------------------- 1 | JvUPnW9dNQrQSID8ERhPdLsLVBSiaUMWCQUxeDgugnA= 2 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_wg_vps/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | owner = "systemd-network"; 3 | group = "nogroup"; 4 | mode = "600"; 5 | } 6 | 7 | -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_wg_vps/private.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlafyDev/nixos-config/4027407d0a7842244dce9bbbd22782abaa7061b3/secrets/ssh-keys/ope/ope_wg_vps/private.age -------------------------------------------------------------------------------- /secrets/ssh-keys/ope/ope_wg_vps/public: -------------------------------------------------------------------------------- 1 | a8IpLa4Fl+vV2yMDfIvqkBfh6wYz6uxPh+aIJPAAeA8= 2 | -------------------------------------------------------------------------------- /utils/color.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib) mod elemAt stringLength; 3 | 4 | decToHex = let 5 | intToHex = [ 6 | "0" 7 | "1" 8 | "2" 9 | "3" 10 | "4" 11 | "5" 12 | "6" 13 | "7" 14 | "8" 15 | "9" 16 | "a" 17 | "b" 18 | "c" 19 | "d" 20 | "e" 21 | "f" 22 | ]; 23 | toHex' = q: a: 24 | if q > 0 25 | then 26 | (toHex' 27 | (q / 16) 28 | ((elemAt intToHex (mod q 16)) + a)) 29 | else a; 30 | in 31 | v: let 32 | res = toHex' v ""; 33 | in 34 | if (stringLength res == 0) 35 | then "00" 36 | else if (stringLength res == 1) 37 | then "0${res}" 38 | else res; 39 | in { 40 | mkColor = r: g: b: a: rec { 41 | inherit r g b a; 42 | hex = { 43 | r = decToHex r; 44 | g = decToHex g; 45 | b = decToHex b; 46 | a = decToHex a; 47 | }; 48 | toHexRGB = hex.r + hex.g + hex.b; 49 | toHexRGBA = hex.r + hex.g + hex.b + hex.a; 50 | toHexARGB = hex.a + hex.r + hex.g + hex.b; 51 | toHexA = hex.a; 52 | toDecA = a; 53 | toNormA = a / 255.0; 54 | }; 55 | } 56 | -------------------------------------------------------------------------------- /utils/concat-paths.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | inherit (builtins) substring foldl'; 3 | in { 4 | concatPaths = paths: substring 1 (-1) (foldl' (acc: path: "${acc}/${toString path}") "" paths); 5 | } 6 | -------------------------------------------------------------------------------- /utils/default.nix: -------------------------------------------------------------------------------- 1 | # Not a module! 2 | {lib, ...}: let 3 | inherit (builtins) readDir; 4 | inherit (lib) foldlAttrs hasSuffix; 5 | 6 | inherit ((import ./concat-paths.nix {inherit lib;})) concatPaths; 7 | 8 | utils = 9 | foldlAttrs ( 10 | acc: name: type: 11 | acc 12 | // ( 13 | if (type == "regular" && name != "default.nix" && hasSuffix "nix" name) 14 | then import (concatPaths [(toString ./.) name]) {inherit lib utils;} 15 | else {} 16 | ) 17 | ) {} 18 | (readDir ./.); 19 | in 20 | utils 21 | -------------------------------------------------------------------------------- /utils/get-modules.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | utils, 4 | ... 5 | }: let 6 | inherit (lib) attrNames optional foldlAttrs hasSuffix; 7 | inherit (builtins) elem readDir; 8 | 9 | getModulesRecur = ignoreDefault: path: let 10 | files = readDir path; 11 | isModuleDirectory = !ignoreDefault && elem "default.nix" (attrNames files); 12 | in 13 | if isModuleDirectory 14 | then [(utils.concatPaths [path "default.nix"])] 15 | else 16 | foldlAttrs ( 17 | acc: name: type: 18 | acc 19 | ++ ( 20 | if (type == "regular") 21 | then optional (name != "default.nix" && hasSuffix "nix" name) (utils.concatPaths [path name]) 22 | else getModulesRecur false (utils.concatPaths [path name]) 23 | ) 24 | ) [] 25 | files; 26 | getModules = modulesPath: getModulesRecur true modulesPath; 27 | in { 28 | inherit getModules; 29 | getModulesForHost = host: 30 | (utils.getModules (toString ../modules)) 31 | ++ ( 32 | if builtins.pathExists ../hosts/${host}/modules 33 | then utils.getModules (toString ../hosts/${host}/modules) 34 | else [] 35 | ) 36 | ++ [(toString ../hosts/${host}/default.nix)]; 37 | } 38 | -------------------------------------------------------------------------------- /utils/list-to-nested-attrset.nix: -------------------------------------------------------------------------------- 1 | # `listToNestedAttrs ["a", "b", "c"] 1` returns `a.b.c = 1` 2 | _: let 3 | inherit (builtins) head tail; 4 | 5 | listToNestedAttrs = path: value: 6 | if path == [] 7 | then value 8 | else { 9 | ${head path} = listToNestedAttrs (tail path) value; 10 | }; 11 | in 12 | { inherit listToNestedAttrs; } 13 | -------------------------------------------------------------------------------- /utils/load-flake-package.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib) foldl'; 3 | in { 4 | flPkgs = system: input: input.packages.${system}.default; # flPkgs inputs.guifetch 5 | flPkgs' = system: input: foldl' (sum: n: sum.${n}) input.packages.${system}; # flPkgs' inputs.guifetch [ "guifetch" ] 6 | flLPkgs = system: input: input.legacyPackages.${system}.default; # flLPkgs inputs.guifetch 7 | flLPkgs' = system: input: foldl' (sum: n: sum.${n}) input.legacyPackages.${system}; # flLPkgs' inputs.guifetch [ "guifetch" ] 8 | } 9 | -------------------------------------------------------------------------------- /utils/recursive-merge.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | inherit (builtins) concatLists elemAt length all isList isAttrs zipAttrsWith tail head; 3 | 4 | last = 5 | list: 6 | elemAt list (length list - 1); 7 | recursiveMerge = attrList: 8 | let f = attrPath: 9 | zipAttrsWith (n: values: 10 | if tail values == [] 11 | then head values 12 | else if all isList values 13 | then (concatLists values) 14 | else if all isAttrs values 15 | then f (attrPath ++ [n]) values 16 | else last values 17 | ); 18 | in f [] attrList; 19 | in 20 | { inherit recursiveMerge; } 21 | -------------------------------------------------------------------------------- /utils/secrets.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | inherit ((import ./concat-paths.nix {})) concatPaths; 3 | inherit ((import ./list-to-nested-attrset.nix {})) listToNestedAttrs; 4 | inherit ((import ./recursive-merge.nix {})) recursiveMerge; 5 | inherit (builtins) 6 | readDir 7 | attrNames 8 | removeAttrs 9 | typeOf 10 | foldl' 11 | filter 12 | match 13 | readFile 14 | pathExists 15 | listToAttrs 16 | head 17 | map 18 | stringLength 19 | substring 20 | split; 21 | 22 | # Taken from Nixpkgs's lib 23 | filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set)); 24 | 25 | # Merge a list of attrs into a single attr 26 | mergeAttrs = list: foldl' (acc: item: acc // item) {} list; 27 | 28 | getAllSecrets = {host, relPathList ? [], accConfig ? {}}: let 29 | # Add the current directory's config.nix to the accumulated config variable (accConfig') 30 | fullPath = concatPaths ([../secrets/.] ++ relPathList); 31 | newConfigFilepath = concatPaths [fullPath "config.nix"]; 32 | newConfig = if pathExists newConfigFilepath then (import newConfigFilepath) { inherit host; } else {}; 33 | accConfig' = accConfig // newConfig; 34 | 35 | # List of all the files in the current directory 36 | files = attrNames (filterAttrs (_name: type: type == "regular") (readDir fullPath)); 37 | 38 | # Get all age files in the current directory 39 | ageFiles = (filter (file: (match ".+\\.age" file) != null) files) ++ 40 | (map (fileName: substring 0 ((stringLength fileName) - 5) fileName) (filter (file: (match ".+\\.age-temp" file) != null) files)); 41 | # ageFiles = filter (file: (match ".+\\.age" file) != null) files; 42 | 43 | # List of all the directories in the current directory 44 | directories = attrNames (filterAttrs (_name: type: type == "directory") (readDir fullPath)); 45 | 46 | # List of the secrets in the current directory 47 | secrets = listToAttrs (map (fileName: rec { 48 | name = concatPaths (relPathList ++ [fileName]); 49 | value = accConfig' // { 50 | relFilePath = name; 51 | filePath = concatPaths [fullPath fileName]; 52 | }; 53 | }) ageFiles); 54 | 55 | # Get all the other files in the current directory and their contents 56 | otherFiles = filter (file: (match ".+\\.(age|nix)" file) == null) files; 57 | otherFilesWithContent = listToAttrs (map (fileName: rec { 58 | name = concatPaths (relPathList ++ [fileName]); 59 | value = rec { 60 | relFilePath = name; 61 | filePath = concatPaths [fullPath fileName]; 62 | content = readFile filePath; 63 | }; 64 | }) otherFiles); 65 | 66 | # Recursively evaluate directories 67 | evaluatedDirectories = map (dirName: 68 | getAllSecrets { 69 | inherit host; 70 | relPathList = relPathList ++ [dirName]; 71 | accConfig = accConfig'; 72 | } 73 | ) directories; 74 | directoriesSecrets = map (dir: dir.secrets) evaluatedDirectories; 75 | directoriesOther = map (dir: dir.other) evaluatedDirectories; 76 | in { 77 | secrets = secrets // (mergeAttrs directoriesSecrets); 78 | other = otherFilesWithContent // (mergeAttrs directoriesOther); 79 | }; 80 | 81 | # Split a string by "/" 82 | pathSplitter = name: filter (val: typeOf val == "string") (split "/" name); 83 | # This function removes all of the file extensions of a file. 84 | # Assumes the directories don't have "." in them. 85 | removeFileExtension = filePath: head (split "\\." filePath); 86 | 87 | # Transform flat paths to nested structure 88 | transformToNestedPaths = flatObj: 89 | foldl' 90 | (acc: name: 91 | let 92 | pathList = pathSplitter (removeFileExtension name); 93 | value = flatObj.${name}; 94 | in 95 | recursiveMerge [ 96 | acc 97 | (listToNestedAttrs pathList value) 98 | ] 99 | ) {} (attrNames flatObj); 100 | in { 101 | inherit 102 | transformToNestedPaths 103 | getAllSecrets; 104 | } 105 | --------------------------------------------------------------------------------