├── .dir-locals.el ├── .editorconfig ├── .envrc ├── .gitignore ├── .gitmodules ├── .sops.yaml ├── Justfile ├── README.md ├── docs ├── architecture-decisions │ └── adr_template.md └── org │ ├── age.org │ ├── attach │ ├── diagram-paserTree.svg │ ├── diagram-test.svg │ ├── diagrams-dotsk.svg │ └── hyprland.svg │ ├── auth.org │ ├── chatgpt-web.org │ ├── cloudflare.org │ ├── colors.org │ ├── diagrams.org │ ├── file-system.org │ ├── flags.png │ ├── flake.org │ ├── hello.png │ ├── hyprland.org │ ├── impermanence.org │ ├── ipsec.org │ ├── kubernetes_on_premise.d2 │ ├── kubernetes_on_premise.png │ ├── lib.org │ ├── networking.org │ ├── nixos-generators.org │ ├── nixos-install.org │ ├── nixosProfiles.org │ ├── programs.org │ ├── security.org │ ├── shell.org │ ├── shellPackages.org │ ├── shellPrograms.org │ ├── ssh.org │ ├── terminal.org │ ├── tree-sitter-grep.org │ └── waybar.org ├── flake.lock ├── flake.nix ├── hosts └── macbook │ ├── bee.nix │ ├── darwinConfiguration.nix │ ├── darwinProfiles │ └── bootstrap.nix │ ├── darwinSuites.nix │ ├── homeProfiles │ └── programs.nix │ ├── homeSuites.nix │ ├── layouts.nix │ ├── meta.nix │ ├── omnibus │ └── homeProfiles │ │ └── alacritty.nix │ └── pops │ ├── homeProfiles.nix │ └── omnibus │ ├── homeProfiles.nix │ └── nixosProfiles.nix ├── local ├── data │ └── guangtao.toml ├── dotfiles │ ├── block │ │ ├── Brower-brave │ │ │ └── shutup │ │ │ │ └── block-comment.list │ │ └── adguard │ │ │ └── custom-filter.list │ ├── doom-emacs │ │ ├── .dir-locals.el │ │ ├── config-old.org │ │ ├── config.org │ │ ├── custom-post.org │ │ ├── init.el │ │ ├── modules │ │ │ ├── private │ │ │ │ └── spacemacs-default │ │ │ │ │ ├── buffer.el │ │ │ │ │ ├── config.el │ │ │ │ │ ├── misc.el │ │ │ │ │ └── vinegar.el │ │ │ └── templates │ │ │ │ ├── braindumo-blog:braindump.*.setup │ │ │ │ ├── emacs-lisp:.*.el │ │ │ │ ├── git:.*.gitignore │ │ │ │ ├── go-mode:.*.go │ │ │ │ ├── my-blog:posts.*.org │ │ │ │ └── org:.*.org │ │ ├── nickel.org │ │ └── snippets │ │ │ ├── conf-toml-mode │ │ │ └── commands │ │ │ ├── emacs-lisp-mode │ │ │ └── org-package │ │ │ ├── envrc-file-mode │ │ │ └── nix │ │ │ ├── nix-mode │ │ │ ├── l │ │ │ ├── machix-head │ │ │ ├── machix-python │ │ │ ├── nocargo │ │ │ ├── python-replace │ │ │ └── rule │ │ │ ├── org-mode │ │ │ ├── +[] │ │ │ ├── -[] │ │ │ ├── .[] │ │ │ ├── R-src │ │ │ ├── asciinema │ │ │ ├── attr_html │ │ │ ├── audio_list │ │ │ ├── conf │ │ │ ├── config.el │ │ │ ├── ein-R │ │ │ ├── ein-haskell │ │ │ ├── ein-julia │ │ │ ├── ein-python │ │ │ ├── ein-rust │ │ │ ├── git-update-master │ │ │ ├── git-upstram │ │ │ ├── go-src │ │ │ ├── gtrun_blog │ │ │ ├── haskell-src │ │ │ ├── home-manager-src │ │ │ ├── html-image │ │ │ ├── info │ │ │ ├── item-price │ │ │ ├── julia-src │ │ │ ├── lambda-nixops-infra-list │ │ │ ├── logseq-embed-id │ │ │ ├── logseq-public │ │ │ ├── logseq-vedio │ │ │ ├── nix-src │ │ │ ├── nixos-flk-conf │ │ │ ├── nixos-host │ │ │ ├── org-super-link-type │ │ │ ├── pdf-image │ │ │ ├── property-header-dir │ │ │ ├── property-template-habit │ │ │ ├── python-src │ │ │ ├── python-val │ │ │ ├── rust-src │ │ │ └── shell-src │ │ │ └── yaml-mode │ │ │ └── gh-nix │ ├── eww │ │ ├── README.md │ │ ├── css │ │ │ ├── _calendar.scss │ │ │ ├── _colors.scss │ │ │ ├── _music.scss │ │ │ ├── _notification.scss │ │ │ ├── _osd.scss │ │ │ ├── _sidebar.scss │ │ │ ├── _system.scss │ │ │ └── _volume.scss │ │ ├── eww.scss │ │ ├── eww.yuck │ │ ├── modules │ │ │ ├── bluetooth.yuck │ │ │ ├── bright.yuck │ │ │ ├── clock.yuck │ │ │ ├── music.yuck │ │ │ ├── net.yuck │ │ │ ├── sys.yuck │ │ │ ├── variables.yuck │ │ │ ├── volume.yuck │ │ │ └── workspaces.yuck │ │ ├── scripts │ │ │ ├── airplane │ │ │ ├── battery │ │ │ ├── bluetooth │ │ │ ├── brightness │ │ │ ├── memory │ │ │ ├── music │ │ │ ├── net │ │ │ ├── notifications │ │ │ ├── volume │ │ │ └── workspaces │ │ └── windows │ │ │ ├── calendar.yuck │ │ │ ├── music.yuck │ │ │ ├── notifications.yuck │ │ │ ├── osd.yuck │ │ │ └── system-menu.yuck │ ├── fcitx5 │ │ ├── conf │ │ │ ├── cached_layouts │ │ │ ├── classicui.conf │ │ │ ├── keyboard.conf │ │ │ ├── notifications.conf │ │ │ └── xim.conf │ │ ├── config │ │ ├── profile │ │ └── themes │ │ │ └── Alpha-black-2.0 │ │ │ ├── arrow.png │ │ │ ├── panel.png │ │ │ ├── radio.png │ │ │ └── theme.conf │ ├── hyprland │ │ ├── hyprland.conf │ │ └── hyprpaper.conf │ ├── kitty │ │ ├── cscheme.conf │ │ ├── kitty.conf │ │ └── solarized.conf │ ├── navi │ │ └── ssh.cheat │ ├── rofi │ │ ├── colors.rasi │ │ ├── launcher.sh │ │ ├── launcher_theme.rasi │ │ ├── off.sh │ │ ├── powermenu.sh │ │ └── powermenu_theme.rasi │ ├── waybar │ │ ├── config-bottom.json │ │ ├── config-top.json │ │ ├── scripts │ │ │ ├── mediaplayer.py │ │ │ ├── power-menu │ │ │ │ ├── powermenu.sh │ │ │ │ ├── shared │ │ │ │ │ ├── colors.rasi │ │ │ │ │ └── fonts.rasi │ │ │ │ └── style.rasi │ │ │ ├── rofi-bluetooth │ │ │ ├── rofi-wifi-menu.sh │ │ │ ├── spotify.sh │ │ │ └── weather.py │ │ └── style.css │ └── wezterm │ │ └── wezterm.lua └── secrets │ ├── secrets.nix │ └── tiangang │ ├── acme-cloudflare.age │ ├── attic-cert.age │ ├── chatgpt-web-env.age │ ├── chatgpt-web-passwd.age │ ├── chatgpt-web.age │ ├── chatgpt-yak.age │ └── v2ray-vmess.age ├── logo.svg └── units ├── lock ├── flake.lock └── flake.nix ├── nixos ├── darwinProfiles │ ├── presets │ │ ├── fonts.nix │ │ ├── homebrew.nix │ │ └── yabai.nix │ └── skhd ├── homeModules │ ├── hive.nix │ ├── programs │ │ └── git │ │ │ ├── _config.nix │ │ │ └── default.nix │ └── wayland │ │ └── windowManager │ │ └── hyprland │ │ ├── _config.nix │ │ ├── default.nix │ │ └── swww_randomize.sh ├── homeProfiles │ ├── apps.nix │ ├── graphical.nix │ ├── presets │ │ ├── alacritty.nix │ │ ├── atuin.nix │ │ ├── auto-upgrade.nix │ │ ├── bat │ │ │ ├── catppuccin-mocha.nix │ │ │ └── default.nix │ │ ├── brave.nix │ │ ├── chat.nix │ │ ├── diagrams.nix │ │ ├── dircolors │ │ │ ├── LS_COLORS │ │ │ └── default.nix │ │ ├── dropbox.nix │ │ ├── emacs │ │ │ ├── desktop.nix │ │ │ ├── doom.nix │ │ │ ├── exit.patch │ │ │ ├── macbook.nix │ │ │ └── packages.nix │ │ ├── eww │ │ │ ├── default.nix │ │ │ └── desktop.nix │ │ ├── firefox.nix │ │ ├── fzf.nix │ │ ├── gh.nix │ │ ├── git.nix │ │ ├── gpg.nix │ │ ├── gtk.nix │ │ ├── hyprland │ │ │ ├── default.nix │ │ │ ├── desktop.nix │ │ │ └── hyprpaper.nix │ │ ├── latex.nix │ │ ├── nushell.nix │ │ ├── office.nix │ │ ├── qt.nix │ │ ├── rofi │ │ │ ├── default.nix │ │ │ └── desktop.nix │ │ ├── spell-check.nix │ │ ├── ssh-agent.nix │ │ ├── starship │ │ │ ├── default.nix │ │ │ └── starship.toml │ │ ├── tmux.nix │ │ ├── users │ │ │ └── guangtao.nix │ │ ├── utils.nix │ │ ├── waybar │ │ │ ├── default.nix │ │ │ ├── desktop.nix │ │ │ ├── hyprland_window.sh │ │ │ └── themes.nix │ │ ├── wayland.nix │ │ ├── wezterm │ │ │ └── default.nix │ │ └── zsh │ │ │ ├── autoload.zsh │ │ │ ├── compinit-setopt.zsh │ │ │ ├── default.nix │ │ │ ├── init-bindkey.zsh │ │ │ └── zshrc.zsh │ └── shell.nix ├── hosts │ ├── desktop │ │ ├── layouts.nix │ │ ├── nixosConfiguration.nix │ │ └── nixosProfiles │ │ │ └── bootstrap.nix │ ├── macbook │ │ ├── darwinConfiguration.nix │ │ ├── darwinProfiles │ │ │ └── bootstrap.nix │ │ ├── homeProfiles │ │ │ └── programs.nix │ │ ├── layouts.nix │ │ └── omnibus │ │ │ └── homeProfiles │ │ │ └── alacritty.nix │ ├── mobile │ │ ├── layouts.nix │ │ ├── nixosConfiguration.nix │ │ └── nixosProfiles │ │ │ └── bootstrap.nix │ └── tiangang │ │ ├── layouts.nix │ │ ├── nixosConfiguration.nix │ │ ├── nixosProfiles │ │ ├── acme.nix │ │ ├── atticd.nix │ │ ├── bootstrap.nix │ │ ├── networking.nix │ │ ├── nginx │ │ │ ├── atticd.nix │ │ │ ├── chatgpt-next.nix │ │ │ └── default.nix │ │ └── v2ray.nix │ │ └── omnibus │ │ └── nixosProfiles │ │ └── disko.nix ├── microvmProfiles │ └── dev.nix ├── nixosModules │ └── services │ │ ├── atticd │ │ └── default.nix │ │ └── chatgpt-next-web.nix └── nixosProfiles │ ├── cloud.nix │ ├── graphical.nix │ └── presets │ ├── audio │ ├── bluetooth.nix │ └── pipewire.nix │ ├── backup │ ├── btrbk.nix │ └── restic.nix │ ├── coding │ ├── default.nix │ ├── julia.nix │ ├── languageServers.nix │ ├── nickel.nix │ ├── python.nix │ ├── rust.nix │ └── vscode │ │ ├── _types.nix │ │ └── default.nix │ ├── display │ ├── dbus.nix │ ├── fcitx5.nix │ ├── fontconfig.nix │ ├── gdm.nix │ ├── greetd.nix │ ├── hyprland.nix │ ├── lightdm.nix │ ├── opengl.nix │ ├── sddm.nix │ └── xdg.nix │ ├── git.nix │ ├── hardware │ └── nvidia.nix │ ├── secrets │ ├── _1password.nix │ ├── age.nix │ ├── ecryptfs.nix │ ├── gnome-keyring.nix │ ├── gpg.nix │ ├── sops.nix │ └── yubikey.nix │ ├── security │ ├── secureboot.nix │ └── tpm2.nix │ ├── services │ └── chatgpt │ │ ├── web-vue.nix │ │ ├── web-yak.nix │ │ └── web.nix │ ├── users │ └── root.nix │ └── virtualisation │ ├── qemu-tap.nix │ └── test-container-nvidia.nix ├── packages └── hello.nix ├── self ├── default.nix ├── eachSystem.nix ├── flakeOutputs.nix └── pops │ ├── darwinProfiles.nix │ ├── data.nix │ ├── eachSystem.nix │ ├── hive.nix │ ├── homeProfiles.nix │ ├── hosts.nix │ ├── nixosModules.nix │ ├── nixosProfiles.nix │ ├── omnibus │ ├── homeProfiles.nix │ └── nixosProfiles.nix │ ├── packages.nix │ ├── scripts.nix │ └── subflake.nix └── std ├── cells ├── hosts │ ├── arionConfigurations.nix │ ├── arionProfiles.nix │ ├── colmenaConfigurations.nix │ ├── darwinConfigurations.nix │ ├── diskoConfigurations.nix │ ├── diskoConfigurations │ │ ├── btrfs-legacy.nix │ │ └── btrfs.nix │ ├── entrypoints │ │ ├── default.nix │ │ ├── init.bash │ │ └── show-sshKey.sh │ ├── exporter.nix │ ├── exporter │ │ ├── desktop.nix │ │ ├── flops.nix │ │ ├── init.nix │ │ ├── macbook.nix │ │ └── tiangang.nix │ ├── homeConfigurations.nix │ ├── homeModules.nix │ ├── homeModules │ │ ├── desktop │ │ │ ├── hive.nix │ │ │ ├── home.nix │ │ │ ├── programs.nix │ │ │ ├── services.nix │ │ │ └── xsession.nix │ │ └── macbook │ │ │ └── programs.nix │ ├── lib.nix │ ├── nixosConfigurations.nix │ ├── nixosModules.nix │ ├── nixosModules │ │ ├── desktop │ │ │ ├── boot.nix │ │ │ ├── environment │ │ │ │ └── persistence.nix │ │ │ ├── fileSystems.nix │ │ │ ├── fonts.nix │ │ │ ├── hardware.nix │ │ │ ├── hive.nix │ │ │ ├── networking.nix │ │ │ ├── programs.nix │ │ │ ├── security.nix │ │ │ ├── services.nix │ │ │ ├── systemd.nix │ │ │ ├── users.nix │ │ │ └── virtualisation.nix │ │ ├── flops │ │ │ ├── fileSystems.nix │ │ │ ├── hive.nix │ │ │ ├── services.nix │ │ │ └── virtualisation.nix │ │ └── tiangang │ │ │ └── services │ │ │ ├── atticd.nix │ │ │ ├── nginx │ │ │ ├── _config │ │ │ │ ├── atticd.nix │ │ │ │ ├── chatgpt-next.nix │ │ │ │ ├── chatgpt-web.nix │ │ │ │ ├── chatgpt-yak.nix │ │ │ │ └── default.nix │ │ │ └── default.nix │ │ │ └── v2ray.nix │ ├── overlays.nix │ └── overlays │ │ ├── desktop.nix │ │ ├── flops.nix │ │ ├── macbook.nix │ │ └── tiangang.nix ├── nixos │ ├── darwinProfiles.nix │ ├── data.nix │ ├── devshellProfiles │ │ └── nix-store.nix │ ├── homeModules.nix │ ├── homeProfiles.nix │ ├── nixosModules.nix │ ├── nixosProfiles.nix │ ├── overlays.nix │ ├── overlays │ │ ├── __repl.nix │ │ ├── default.nix │ │ ├── lib.nix │ │ ├── nodePackages.nix │ │ ├── overrides.nix │ │ ├── packages.nix │ │ ├── python.nix │ │ ├── vscode-extensions.nix │ │ └── vscode.nix │ ├── packages.nix │ ├── packages │ │ ├── _sources │ │ │ ├── generated.json │ │ │ └── generated.nix │ │ ├── emacs │ │ │ ├── _sources │ │ │ │ ├── generated.json │ │ │ │ └── generated.nix │ │ │ └── sources.toml │ │ ├── material-symbols.nix │ │ ├── my-node-packages │ │ │ ├── node-env.nix │ │ │ ├── node-packages.nix │ │ │ ├── packages.json │ │ │ ├── plugins.nix │ │ │ └── upgrade.sh │ │ ├── python │ │ │ ├── HPI │ │ │ │ └── default.nix │ │ │ ├── chatgpt-wrapper │ │ │ │ ├── default.nix │ │ │ │ └── linux.patch │ │ │ ├── orgparse │ │ │ │ └── default.nix │ │ │ └── promnesia │ │ │ │ └── default.nix │ │ ├── sources.toml │ │ ├── vscode │ │ │ ├── _sources │ │ │ │ ├── generated.json │ │ │ │ └── generated.nix │ │ │ └── sources.toml │ │ └── wezterm │ │ │ └── appimage.nix │ ├── pops.nix │ └── scripts │ │ ├── default.nix │ │ ├── fcitx5-init.sh │ │ └── init-kubevela.bash └── repo │ ├── configs.nix │ ├── configs │ ├── default.nix │ └── justfile.nix │ ├── devshellProfiles.nix │ ├── nixosProfiles │ ├── auto-upgrade.nix │ └── default.nix │ ├── packages.nix │ ├── pops.nix │ └── shells │ └── default.nix ├── flake.lock └── flake.nix /.dir-locals.el: -------------------------------------------------------------------------------- 1 | ;;; .dir-locals.el --- description -*- lexical-binding: t; -*- 2 | ;;; 3 | ((nil . ((eval . (setq org-roam-directory (concat (shell-command-to-string 4 | "git rev-parse --show-toplevel | tr -d '\n'") 5 | "/docs/org"))) 6 | (eval . (setq org-attach-id-dir (concat (shell-command-to-string 7 | "git rev-parse --show-toplevel | tr -d '\n'") 8 | "/docs/org/attach/"))) 9 | (eval . (setq org-roam-db-location (concat doom-cache-dir "org-hive.db"))))) 10 | 11 | (org-mode . ((org-tanglesync-mode . t))) 12 | ) 13 | ;;;docs/org-mode-locals.el ends here 14 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Editor configuration, see http://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | end_of_line = lf 6 | insert_final_newline = true 7 | trim_trailing_whitespace = true 8 | charset = utf-8 9 | indent_style = space 10 | indent_size = 2 11 | 12 | # Ignore diffs/patches 13 | [*.{diff,patch}] 14 | end_of_line = unset 15 | insert_final_newline = unset 16 | trim_trailing_whitespace = unset 17 | indent_size = unset 18 | 19 | [**/encrypted/**] 20 | end_of_line = unset 21 | insert_final_newline = unset 22 | trim_trailing_whitespace = unset 23 | charset = unset 24 | indent_style = unset 25 | indent_size = unset 26 | 27 | [*.md] 28 | max_line_length = off 29 | trim_trailing_whitespace = false 30 | 31 | 32 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | # Disable the automatic menu displaying on every environment reload. 2 | # export DEVSHELL_NO_MOTD=1 3 | watch_file ./flake.nix ./flake.lock 4 | watch_file ./nix/hive/flake.nix ./nix/hive/flake.lock 5 | # shellcheck disable=SC1090 6 | source "$(fetchurl "https://raw.githubusercontent.com/gtrunsec/direnv/main/lib" "sha256-tuMA8WGkwcYq9V3MtlN6xdVvKd2YkdEpdK4ZyAN6VDM=")" 7 | 8 | registry="$PRJ_ROOT/units/std#__std" 9 | 10 | use envreload //repo/shells/default 11 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # direnv/direnv + divnix/std 2 | .std 3 | 4 | # numtide/devshell 5 | .data 6 | 7 | # nixos/nix 8 | result* 9 | 10 | # nixago: ignore-linked-files 11 | /treefmt.toml 12 | treefmt.toml 13 | # nixago-auto-created: mdbook-build-folder 14 | docs/book/** 15 | 16 | /.cache 17 | profiles/*.el 18 | 19 | profiles/doom-emacs/modules/private/my-code 20 | profiles/doom-emacs/modules/private/my-org 21 | /tf 22 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "resources"] 2 | path = local/resources 3 | url = https://github.com/GTrunSec/resources.git 4 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | keys: 2 | - &guangtao 6A43333DBD6C7C70B7A1DB59761C8EBEA940960E 3 | creation_rules: 4 | - path_regex: (secrets|secrets/keys/rootIdentityFile)/[^/]+\.(yaml|keytab)$ 5 | key_groups: 6 | - pgp: 7 | - *guangtao 8 | -------------------------------------------------------------------------------- /docs/architecture-decisions/adr_template.md: -------------------------------------------------------------------------------- 1 | # {title} 2 | 3 | Date: {date} 4 | 5 | ## Status 6 | 7 | {status} 8 | 9 | ## Context 10 | 11 | What is the issue that we're seeing that is motivating this decision or change? 12 | 13 | ## Decision 14 | 15 | What is the change that we're proposing and/or doing? 16 | 17 | ## Consequences 18 | 19 | What becomes easier or more difficult to do because of this change? 20 | -------------------------------------------------------------------------------- /docs/org/age.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 16cebc40-afd4-42d7-be25-2fb9cbd2fd5f 3 | :END: 4 | #+TITLE: age 5 | #+AUTHOR: GuangTao Zhang 6 | #+EMAIL: gtrunsec@hardenedlinux.org 7 | #+DATE: 2023-03-28 Tue 00:46 8 | 9 | * nixosModules 10 | 11 | ** https://github.com/oddlama/agenix-rekey :nix: 12 | -------------------------------------------------------------------------------- /docs/org/auth.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: cd028f78-7dc1-4325-afc7-00d917c138ff 3 | :END: 4 | #+TITLE: authorization 5 | #+AUTHOR: GuangTao Zhang 6 | #+EMAIL: gtrunsec@hardenedlinux.org 7 | #+DATE: 2023-03-28 Tue 00:48 8 | 9 | 10 | * keycloak 11 | 12 | 13 | * SSH 14 | 15 | ** [[id:16cebc40-afd4-42d7-be25-2fb9cbd2fd5f][age]] 16 | -------------------------------------------------------------------------------- /docs/org/chatgpt-web.org: -------------------------------------------------------------------------------- 1 | #+TITLE: chatgpt-web 2 | #+AUTHOR: GuangTao Zhang 3 | #+EMAIL: gtrunsec@hardenedlinux.org 4 | #+DATE: 2023-03-13 Mon 04:09 5 | 6 | 7 | 8 | * nginx 9 | 10 | #+begin_src sh :async :exports both :results output 11 | nix-shell -p apacheHttpd 12 | htpasswd -c cache.password 13 | #+end_src 14 | -------------------------------------------------------------------------------- /docs/org/cloudflare.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 36ffec1b-50c7-4fc0-9e55-9a417b7de628 3 | :END: 4 | #+TITLE: cloudflare 5 | #+AUTHOR: GuangTao Zhang 6 | #+EMAIL: gtrunsec@hardenedlinux.org 7 | #+DATE: 2023-03-12 Sun 00:59 8 | 9 | 10 | * config 11 | 12 | * [[https://github.com/cloudflare/terraform-provider-cloudflare/tree/master/examples][terraform-provider-cloudflare/examples at master · cloudflare/terraform-provider-cloudflare]] :terraform:config: 13 | 14 | ** [[https://developers.cloudflare.com/terraform/additional-configurations/waf-managed-rulesets/][Configure WAF Managed Rules with Terraform · Cloudflare Terraform docs 🔊]] 15 | 16 | ** Examples 17 | 18 | *** [[https://github.com/quantum-sec/package-cloudflare/blob/master/modules/cloudflare-zone/main.tf][package-cloudflare/main.tf at master · quantum-sec/package-cloudflare · GitHub]] 19 | -------------------------------------------------------------------------------- /docs/org/colors.org: -------------------------------------------------------------------------------- 1 | #+TITLE: colors 2 | #+AUTHOR: GuangTao Zhang 3 | #+EMAIL: gtrunsec@hardenedlinux.org 4 | #+DATE: 2023-04-19 Wed 18:28 5 | 6 | 7 | 8 | * [[https://github.com/danth/stylix][danth/stylix: System-wide colorscheming and typography for NixOS]] :nixos: 9 | -------------------------------------------------------------------------------- /docs/org/file-system.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: e3860126-278b-49e6-896c-2767e6a6b830 3 | :END: 4 | #+title: File System 5 | 6 | 7 | * Gvfs 8 | 9 | - https://wiki.gnome.org/Projects/gvfs 10 | -------------------------------------------------------------------------------- /docs/org/flags.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GTrunSec/hivebus/59ed0576ad12ea5c81000b7241ee121f09ca4498/docs/org/flags.png -------------------------------------------------------------------------------- /docs/org/hello.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GTrunSec/hivebus/59ed0576ad12ea5c81000b7241ee121f09ca4498/docs/org/hello.png -------------------------------------------------------------------------------- /docs/org/impermanence.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 62747325-b552-4848-a358-a0eb308878da 3 | :END: 4 | #+title: Impermanence 5 | 6 | * Blogs 7 | 8 | ** https://grahamc.com/blog/erase-your-darlings 9 | 10 | ** https://lantian.pub/article/modify-computer/nixos-impermanence.lantian/ :chinese: 11 | * Settings 12 | ** paths :backup: 13 | - [[https://discourse.nixos.org/t/nixos-server-what-to-backup/25547/6]] 14 | -------------------------------------------------------------------------------- /docs/org/ipsec.org: -------------------------------------------------------------------------------- 1 | #+TITLE: ipsec 2 | #+AUTHOR: GuangTao Zhang 3 | #+EMAIL: gtrunsec@hardenedlinux.org 4 | #+DATE: 2023-03-14 Tue 03:14 5 | 6 | 7 | * [[https://github.com/NickCao/ranet][NickCao/ranet: redundant array of networks]] 8 | -------------------------------------------------------------------------------- /docs/org/kubernetes_on_premise.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GTrunSec/hivebus/59ed0576ad12ea5c81000b7241ee121f09ca4498/docs/org/kubernetes_on_premise.png -------------------------------------------------------------------------------- /docs/org/networking.org: -------------------------------------------------------------------------------- 1 | #+TITLE: networking 2 | #+AUTHOR: GuangTao Zhang 3 | #+EMAIL: gtrunsec@hardenedlinux.org 4 | #+DATE: 2023-05-14 Sun 19:11 5 | 6 | 7 | 8 | * IPv4 and IPv6 9 | 10 | - [prefer-ipv4] https://github.com/pmeiyu/nixos-config/blob/c792b85417a4df748396c743d26fbd2bd1659b37/modules/network.nix#L12 11 | -------------------------------------------------------------------------------- /docs/org/nixos-generators.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: d5b96977-9848-4f24-80a4-bd839c96b663 3 | :END: 4 | #+title: Nixos Generators 5 | 6 | 7 | * https://github.com/nix-community/nixos-generators 8 | -------------------------------------------------------------------------------- /docs/org/nixos-install.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 1943dfb0-d774-4fc5-8122-c46a106f1975 3 | :END: 4 | #+TITLE: nixos-install 5 | #+AUTHOR: GuangTao Zhang 6 | #+EMAIL: gtrunsec@hardenedlinux.org 7 | #+DATE: 2023-03-28 Tue 00:50 8 | 9 | 10 | 11 | * Projects 12 | 13 | ** https://github.com/numtide/nixos-anywhere :install:nixos:init: 14 | 15 | * Blogs 16 | 17 | ** [[https://galowicz.de/2023/04/05/single-command-server-bootstrap/][Single-Command Server Bootstrapping]] :disko: 18 | 19 | 20 | -------------------------------------------------------------------------------- /docs/org/programs.org: -------------------------------------------------------------------------------- 1 | #+TITLE: programs 2 | #+AUTHOR: GuangTao Zhang 3 | #+EMAIL: gtrunsec@hardenedlinux.org 4 | #+DATE: 2023-06-21 Wed 12:53 5 | 6 | * Firefox :browser: 7 | - https://github.com/sg-qwt/nixos/blob/f6f366d9ffb93857055fd1c38b07c02579fc9f6d/modules/profiles/firefox.nix 8 | -------------------------------------------------------------------------------- /docs/org/security.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 3bfb17bc-95f9-4fc7-80c6-255f20732809 3 | :END: 4 | #+title: Security 5 | 6 | 7 | * Trusted_Platform_Module (TPM) 8 | - https://wiki.archlinux.org/title/Trusted_Platform_Module 9 | 10 | 11 | 12 | 13 | * Check 14 | 15 | #+begin_src sh :async :exports both :results output 16 | sudo fwupdmgr security --forc 17 | #+end_src 18 | -------------------------------------------------------------------------------- /docs/org/shell.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: e52cca9d-f7af-4365-aa0b-a92fe498364b 3 | :END: 4 | #+title: Shell 5 | 6 | * terminal workspace 7 | ** tmux 8 | ** [[https://github.com/zellij-org/zellij][zellij]] 9 | -------------------------------------------------------------------------------- /docs/org/shellPrograms.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: f60e5bcf-f88e-425a-a91d-1903c1a7cd61 3 | :END: 4 | #+title: Shell Programs 5 | #+header-args:sh: :dir ../../ 6 | 7 | * History 8 | 9 | ** [[https://github.com/cantino/mcfly][Fly through your shell history. Great Scott!]] :hm: 10 | 11 | * Code location 12 | 13 | #+begin_src nix :exports both :results output :tangle "../../nix/guangtao/homeProfiles/shellPrograms.nix" 14 | { 15 | programs.bat.enable = true; 16 | programs.fzf.enable = true; 17 | programs.broot.enable = true; 18 | programs.direnv.enable = true; 19 | programs.gpg.enable = true; 20 | programs.jq.enable = true; 21 | programs.mcfly.enable = true; 22 | programs.starship.enable = true; 23 | programs.zoxide.enable = true; 24 | programs.gh = { 25 | enable = true; 26 | settings.git_protocol = "ssh"; 27 | }; 28 | } 29 | #+end_src 30 | -------------------------------------------------------------------------------- /docs/org/ssh.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 730ccec5-8dc2-46fe-83c8-a7abab14a6ab 3 | :END: 4 | #+TITLE: ssh 5 | #+AUTHOR: GuangTao Zhang 6 | #+EMAIL: gtrunsec@hardenedlinux.org 7 | #+DATE: 2023-03-12 Sun 00:47 8 | 9 | 10 | * store keys 11 | ** [[https://github.com/maxgoedjen/secretive][maxgoedjen/secretive: Store SSH keys in the Secure Enclave 🔊]] :macos: 12 | 13 | ** [[https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md][tpm2-pkcs11/SSH.md at master · tpm2-software/tpm2-pkcs11 · GitHub 🔊]] :tpm: 14 | -------------------------------------------------------------------------------- /docs/org/terminal.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 020e5f24-6bb2-4433-a93d-0e18e09af946 3 | :END: 4 | #+title: Terminal 5 | 6 | 7 | - tags:: [[id:e52cca9d-f7af-4365-aa0b-a92fe498364b][Shell]] 8 | 9 | 10 | * alacritty 11 | :PROPERTIES: 12 | :ID: b4ad3b94-4458-429d-9322-946fd8c69fc0 13 | :END: 14 | -------------------------------------------------------------------------------- /docs/org/waybar.org: -------------------------------------------------------------------------------- 1 | :PROPERTIES: 2 | :ID: 10013320-494e-45a5-a004-555e42391032 3 | :END: 4 | #+title: Waybar 5 | 6 | 7 | 8 | 9 | 10 | * Configuration from other users 11 | - https://github.com/CnTeng/nixfiles/blob/master/modules/desktop/modules/waybar.nix 12 | - https://github.com/Misterio77/nix-config/blob/main/home/misterio/features/desktop/common/wayland-wm/waybar.nix 13 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 The omnibus Authors 2 | # SPDX-FileCopyrightText: 2024 The omnibus Authors 3 | # 4 | # SPDX-License-Identifier: MIT 5 | 6 | { 7 | inputs = { 8 | omnibus.url = "github:gtrunsec/omnibus"; 9 | # omnibus.url = "git+file:/Users/guangtao/Dropbox/omnibus"; 10 | }; 11 | 12 | outputs = 13 | inputs: 14 | let 15 | inherit (inputs.omnibus.inputs.flops.inputs.nixlib) lib; 16 | eachSystem = lib.genAttrs [ 17 | "x86_64-linux" 18 | "x86_64-darwin" 19 | "aarch64-linux" 20 | "aarch64-darwin" 21 | ]; 22 | pops.hivebus = import ./units/self { inherit inputs eachSystem; }; 23 | hivebus = pops.hivebus.exports.default; 24 | in 25 | lib.recursiveUpdate { inherit pops; } hivebus.flakeOutputs; 26 | } 27 | -------------------------------------------------------------------------------- /hosts/macbook/bee.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | self, 4 | lib, 5 | }: 6 | { 7 | system = "aarch64-darwin"; 8 | darwin = inputs.darwin; 9 | home = inputs.home; 10 | pkgs = import inputs.darwin-nixos-unstable { 11 | inherit (self) system; 12 | config = { 13 | allowUnfreePredicate = 14 | pkg: builtins.elem (lib.getName pkg) [ "aspell-dict-en-science" ]; 15 | permittedInsecurePackages = [ ]; 16 | }; 17 | overlays = [ (_: prev: { d2 = prev.emptyDirectory; }) ]; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/macbook/darwinConfiguration.nix: -------------------------------------------------------------------------------- 1 | { super, lib }: 2 | { 3 | inherit (super) bee; 4 | imports = lib.flatten [ super.darwinSuites.default ]; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/macbook/darwinProfiles/bootstrap.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ omnibus.nixosProfiles.presets.boot ]; 3 | boot.__profiles__.systemd-boot.enable = true; 4 | fileSystems."/" = { 5 | device = "/dev/disk/by-label/nixos"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/macbook/darwinSuites.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | super, 4 | omnibus, 5 | }: 6 | { 7 | default = [ 8 | inputs.self.darwinProfiles.presets.homebrew 9 | super.pops.omnibus.nixosProfiles.exports.default.dev.coding 10 | super.pops.omnibus.nixosProfiles.exports.default.presets.coding.node 11 | inputs.self.nixosProfiles.presets.coding.python 12 | inputs.self.darwinProfiles.presets.fonts 13 | omnibus.darwinProfiles.init.default 14 | (omnibus.src.mkHome { 15 | user.guangtao = { 16 | uid = 1000; 17 | description = "Guangtao's home"; 18 | }; 19 | shell = "zsh"; 20 | suites = [ super.homeSuites.default ]; 21 | }) 22 | { 23 | nix.gc.user = "root"; 24 | system.stateVersion = 3; 25 | ids.uids.nixbld = 300; 26 | } 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/macbook/homeProfiles/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | pkgs, 5 | }: 6 | let 7 | removeUnwantedPackages = 8 | pkg: 9 | lib.warn "the ${pkg.pname} has been removed on the ${pkgs.system}" pkgs.emptyDirectory; 10 | in 11 | { 12 | # imports = [ inputs.self.pops.omnibus.homeProfiles.exports.macbook.presets.alacritty ]; 13 | programs.zoxide = { 14 | enable = lib.mkForce false; 15 | }; 16 | 17 | programs.carapace = { 18 | enable = lib.mkForce false; 19 | }; 20 | home.packages = [ 21 | (lib.warn "the terraform has been removed on the darwin platform" pkgs.emptyDirectory) 22 | ]; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/macbook/homeSuites.nix: -------------------------------------------------------------------------------- 1 | { 2 | super, 3 | lib, 4 | inputs, 5 | }: 6 | { 7 | default = [ 8 | { home.stateVersion = "24.11"; } 9 | super.pops.omnibus.homeProfiles.exports.macbook.shell.full 10 | inputs.self.homeProfiles.presets.git 11 | inputs.self.homeProfiles.presets.zsh.default 12 | inputs.self.homeProfiles.apps.doomemacs-macbook 13 | super.pops.homeProfiles.exports.default.shell.wezterm 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/macbook/meta.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | 4 | } 5 | -------------------------------------------------------------------------------- /hosts/macbook/omnibus/homeProfiles/alacritty.nix: -------------------------------------------------------------------------------- 1 | { 2 | value = 3 | { selfModule', inputs }: 4 | let 5 | inherit (inputs) dmerge; 6 | in 7 | selfModule' ( 8 | m: 9 | dmerge m { 10 | config.programs.alacritty = { 11 | __profiles__.enableZellij = true; 12 | settings = { 13 | font = { 14 | size = 21.0; 15 | normal = { 16 | family = "JetBrainsMono Nerd Font"; 17 | style = "Regular"; 18 | }; 19 | }; 20 | }; 21 | }; 22 | } 23 | ); 24 | path = [ 25 | "presets" 26 | "alacritty" 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/macbook/pops/homeProfiles.nix: -------------------------------------------------------------------------------- 1 | { inputs, root }: 2 | inputs.self.pops.homeProfiles.addLoadExtender { 3 | load.inputs = { 4 | inputs.nixpkgs = root.macbook.bee.pkgs; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/macbook/pops/omnibus/homeProfiles.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | inputs.self.pops.omnibus.homeProfiles.addLoadExtender { 3 | load.inputs = { 4 | system = "aarch64-darwin"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/macbook/pops/omnibus/nixosProfiles.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | inputs.self.pops.omnibus.nixosProfiles.addLoadExtender { 3 | load.inputs = { 4 | system = "aarch64-darwin"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /local/data/guangtao.toml: -------------------------------------------------------------------------------- 1 | [openssh] 2 | 3 | [openssh.public] 4 | macbook = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINK1QW0lG58r6yaI9xMQ+D5XA7RUQF8lfBanNs36Wrlw guangtaos-MBP.attlocal.net-guangtao-21-02-2023" 5 | tiangang = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIs2b8XXs4/OM8/Z8UhGDupRVBptYqR2AMLAkb45lVJ root@tiangang" 6 | desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLxc7EBr1Qi4M65O1KjXZf4bOBZMQ6YeDSFYzKzFan7 Desktop-guangtao-03-02-2023" 7 | -------------------------------------------------------------------------------- /local/dotfiles/block/Brower-brave/shutup/block-comment.list: -------------------------------------------------------------------------------- 1 | ;;; https://rickyromero.com/shutup/ 2 | 3 | https://www.bilibili.com/* 4 | https://www.bilibili.com/* 5 | -------------------------------------------------------------------------------- /local/dotfiles/block/adguard/custom-filter.list: -------------------------------------------------------------------------------- 1 | /huyaimg.msstatic.com/ 2 | /metric.huya.com/ 3 | ||a.msstatic.com^$important 4 | ||v-huya-img.huya.com^$important 5 | ||vhuya-static.huya.com^$important 6 | ||danmuproxy.douyu.com^$important 7 | ||gift.douyucdn.cn^$important 8 | ||apm.douyucdn.cn^$important 9 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/.dir-locals.el: -------------------------------------------------------------------------------- 1 | ((org-mode . ((eval . (setq-local org-attach-id-dir "./.attach")) 2 | ))) 3 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/private/spacemacs-default/buffer.el: -------------------------------------------------------------------------------- 1 | ;;; private/spacemacs-default/buffer.el -*- lexical-binding: t; -*- 2 | 3 | (defun spacemacs/alternate-buffer (&optional window) 4 | "Switch back and forth between current and last buffer in the 5 | current window." 6 | (interactive) 7 | (let ((current-buffer (window-buffer window))) 8 | ;; if no window is found in the windows history, `switch-to-buffer' will 9 | ;; default to calling `other-buffer'. 10 | (switch-to-buffer 11 | (cl-find-if (lambda (buffer) 12 | (not (eq buffer current-buffer))) 13 | (mapcar #'car (window-prev-buffers window)))))) 14 | 15 | 16 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/private/spacemacs-default/config.el: -------------------------------------------------------------------------------- 1 | ;;; private/spacemacs-default/config.el -*- lexical-binding: t; -*- 2 | 3 | 4 | (load! "buffer") 5 | (load! "vinegar") 6 | (load! "misc") 7 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/private/spacemacs-default/misc.el: -------------------------------------------------------------------------------- 1 | ;;; private/spacemacs-default/misc.el -*- lexical-binding: t; -*- 2 | 3 | (defun spacemacs/backward-kill-word-or-region (&optional arg) 4 | "Calls `kill-region' when a region is active and 5 | `backward-kill-word' otherwise. ARG is passed to 6 | `backward-kill-word' if no region is active." 7 | (interactive "p") 8 | (if (region-active-p) 9 | ;; call interactively so kill-region handles rectangular selection 10 | ;; correctly (see https://github.com/syl20bnr/spacemacs/issues/3278) 11 | (call-interactively #'kill-region) 12 | (backward-kill-word arg))) 13 | 14 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/templates/braindumo-blog:braindump.*.setup: -------------------------------------------------------------------------------- 1 | # -*- mode: org; -*- 2 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/templates/emacs-lisp:.*.el: -------------------------------------------------------------------------------- 1 | ;;; `(file-name-nondirectory buffer-file-name)`${1: --- ${2:description}} -*- lexical-binding: t; -*- 2 | 3 | $0 4 | 5 | (provide '`(file-name-base buffer-file-name)`) 6 | ;;; `(file-name-nondirectory buffer-file-name)` ends here -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/templates/git:.*.gitignore: -------------------------------------------------------------------------------- 1 | # -*- mode: gitignore; -*- 2 | 3 | ## nixos 4 | result 5 | 6 | 7 | .DS_Store 8 | dotfiles/emacs/emacs.d/var 9 | dotfiles/emacs/emacs.d/straight 10 | dotfiles/emacs/emacs.d/.* 11 | dotfiles/emacs/emacs.d/librime.so 12 | dotfiles/emacs/emacs.d/setup 13 | dotfiles/emacs/emacs.d/elpa 14 | dotfiles/emacs/emacs.d/pyim/rime 15 | Pattern.org 16 | ##Emacs bookmarks 17 | bm-macos-data 18 | ## Emacs librime config 19 | dotfiles/emacs/emacs.d/pyim/rime/build 20 | dotfiles/emacs/emacs.d/pyim/rime/easy_en.userdb 21 | dotfiles/emacs/emacs.d/pyim/rime/easy_en.userdb.old 22 | dotfiles/emacs/emacs.d/pyim/rime/luna_pinyin.userdb 23 | dotfiles/emacs/emacs.d/pyim/rime/luna_pinyin.userdb.old 24 | dotfiles/emacs/emacs.d/pyim/scel2pyim/scel2pyim 25 | dotfiles/emacs/emacs.d/liberime.so 26 | dotfiles/emacs/emacs.d/pyim/rime/user.yaml 27 | 28 | ## lsp 29 | 30 | dotfiles/emacs/emacs.d/mspyls 31 | dotfiles/emacs/emacs.d/SessionDesktop.el 32 | 33 | 34 | #latex 35 | _minted-math 36 | #lang-python 37 | *.pyg 38 | 39 | #lang-R 40 | 41 | .Rhistory -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/templates/go-mode:.*.go: -------------------------------------------------------------------------------- 1 | package ${1:main} 2 | 3 | import ( 4 | $2 5 | ) 6 | 7 | func main() { 8 | $0 9 | } 10 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/templates/my-blog:posts.*.org: -------------------------------------------------------------------------------- 1 | #+TITLE: ${1:Title} 2 | #+AUTHOR: `user-full-name` 3 | #+EMAIL: `user-mail-address` 4 | #+DATE: `(format-time-string "%Y-%m-%d %a %H:%M")` 5 | #+SETUPFILE: ./hugo.local 6 | #+SETUPFILE: ./theme-readtheorg.setup 7 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/modules/templates/org:.*.org: -------------------------------------------------------------------------------- 1 | #+TITLE: `(file-name-sans-extension (buffer-name))` 2 | #+AUTHOR: `user-full-name` 3 | #+EMAIL: `user-mail-address` 4 | #+DATE: `(format-time-string "%Y-%m-%d %a %H:%M")` 5 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/nickel.org: -------------------------------------------------------------------------------- 1 | #+title: Nickel 2 | 3 | #+begin_src emacs-lisp :tangle yes 4 | (defconst nickel-ts-mode--kernel-keywords 5 | '("switch" "import" "if" "else" "then" "let" "in""with")) 6 | 7 | (progn 8 | (add-to-list 'auto-mode-alist '("\\.ncl\\'" . nickel-ts-mode)) 9 | ) 10 | (define-derived-mode nickel-ts-mode prog-mode "Nickel" 11 | (treesit-parser-create 'nickel) 12 | (setq-local comment-start "# ") 13 | (setq-local comment-start-skip 14 | (rx "#" (* (syntax whitespace)))) 15 | (setq-local comment-end "") 16 | (setq-local comment-end-skip 17 | (rx (* (syntax whitespace)) 18 | (group (or (syntax comment-end) "\n")))) 19 | ) 20 | #+end_src 21 | 22 | #+RESULTS: 23 | : nickel-ts-mode 24 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/conf-toml-mode/commands: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: commands 3 | # key: c 4 | # -- 5 | [[commands]] 6 | name = "$1" 7 | category = "" 8 | command = "" 9 | help = "" -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/emacs-lisp-mode/org-package: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: org 3 | # uuid: 4 | # key: org 5 | # condition: t 6 | # -- 7 | (package! org 8 | :recipe (:host github 9 | :repo "yantar92/org" 10 | :branch "feature/org-fold" 11 | :files ("*.el" "lisp/*.el" "contrib/lisp/*.el" "contrib/scripts") 12 | :build t 13 | :pre-build 14 | (with-temp-file "org-version.el" 15 | (insert "(defun org-release () \"9.5\")\n" 16 | (format "(defun org-git-version (&rest _) \"9.5-%s\")\n" 17 | (cdr (doom-call-process "git" "rev-parse" "--short" "HEAD"))) 18 | "(provide 'org-version)\n"))) 19 | ) 20 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/envrc-file-mode/nix: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: nix 3 | # uuid: 4 | # key: nix 5 | # condiixtion: t 6 | # -- 7 | watch_file flake.nix flake.lock 8 | { 9 | # shell gc root dir 10 | mkdir -p "$(direnv_layout_dir)" 11 | eval "$(nix print-dev-env --no-update-lock-file --no-write-lock-file --profile $(direnv_layout_dir)/flake-profile)" 12 | } || use nix 13 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/nix-mode/l: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: l 3 | # uuid: 4 | # key: l 5 | # condition: t 6 | # -- 7 | l = inputs.nixpkgs.lib // builtins; -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/nix-mode/machix-head: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: machix to head 3 | # key: mach 4 | # condition: t 5 | # -- 6 | {pkgs}: 7 | with builtins; 8 | let 9 | pypi_fetcher_src = import (builtins.fetchTarball { 10 | name = "nix-pypi-fetcher"; 11 | url = "https://github.com/DavHau/nix-pypi-fetcher/tarball/0d94c66e7b259f4dba0a7c5121d1f611f93bdfc8"; 12 | # Hash obtained using `nix-prefetch-url --unpack ` 13 | sha256 = "1s1jag3cm2i05jraa9g42hfd3ya1x9ca3zdb2g5nnvzq5x52wwnx"; 14 | }){inherit pkgs;}; 15 | 16 | fetchPypi = pypi_fetcher_src.fetchPypi; 17 | fetchPypiWheel = pypi_fetcher_src.fetchPypiWheel; 18 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/nix-mode/machix-python: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: mach-nix to python 3 | # key: macp 4 | # condition: t 5 | # -- 6 | {pkgs}: 7 | let 8 | result = import ./machnix.nix {inherit pkgs;}; 9 | python = pkgs.python37; 10 | manylinux1 = pkgs.pythonManylinuxPackages.manylinux1; 11 | overrides = result.overrides manylinux1 pkgs.autoPatchelfHook; 12 | py = pkgs.python37.override { packageOverrides = overrides; }; 13 | in 14 | py.withPackages (ps: result.select_pkgs ps) 15 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/nix-mode/nocargo: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: nocargo 3 | # uuid: 4 | # key: nocargo 5 | # condition: t 6 | # -- 7 | { 8 | description = "Rust crate deploy-rs"; 9 | 10 | inputs = { 11 | nixpkgs.url = "nixpkgs/nixos-unstable"; 12 | flake-utils.url = "github:numtide/flake-utils"; 13 | rust-overlay = { 14 | url = "github:oxalica/rust-overlay"; 15 | inputs.nixpkgs.follows = "nixpkgs"; 16 | inputs.flake-utils.follows = "flake-utils"; 17 | }; 18 | nocargo = { 19 | url = "github:oxalica/nocargo"; 20 | inputs.nixpkgs.follows = "nixpkgs"; 21 | inputs.registry-crates-io.follows = "registry-crates-io"; 22 | }; 23 | 24 | registry-crates-io = { url = "github:rust-lang/crates.io-index"; flake = false; }; 25 | }; 26 | 27 | outputs = { nixpkgs, flake-utils, rust-overlay, nocargo, ... }@inputs: 28 | flake-utils.lib.eachDefaultSystem (system: 29 | let 30 | pkgs = import nixpkgs { 31 | inherit system; 32 | overlays = [ rust-overlay.overlays.default nocargo.overlay ]; 33 | }; 34 | 35 | rustc = pkgs.rust-bin.stable.latest.minimal; 36 | 37 | in 38 | rec { 39 | defaultPackage = packages."$1"; 40 | defaultApp = defaultPackage.bin; 41 | 42 | packages."$2" = pkgs.nocargo.buildRustCrateFromSrcAndLock { 43 | src = ./.; 44 | inherit rustc; 45 | }; 46 | }); 47 | } 48 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/nix-mode/python-replace: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: py replace 3 | # uuid: 4 | # key: pr 5 | # condition: t 6 | # -- 7 | --replace "$1" "$2" \ -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/nix-mode/rule: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: rule 3 | # uuid: 4 | # key: _r 5 | # condition: t 6 | # -- 7 | schemas.result.rule = { 8 | "0" = ""; 9 | "1" = ""; 10 | "-1" = ""; 11 | }; -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/+[]: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: +[ ] 3 | # key: +[ 4 | 5 | # -- 6 | 7 | + [ ] [$1 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/-[]: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: -[ ] 3 | # key: -[ 4 | # -- 5 | - [ ] [$1 -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/.[]: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: [ ] [] 3 | # key: [] 4 | # -- 5 | [ ] [] -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/R-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: R_src 3 | # key: Ro 4 | # -- 5 | #+begin_src R :results file :exports both 6 | $1 7 | #+end_src 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/asciinema: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: as 3 | # key: as 4 | # -- 5 | 6 | #+begin_export md 7 | {{< asciinema key="$1" rows="10" preload="1" >}} 8 | #+end_export 9 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/attr_html: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: atth 3 | # key: atth 4 | # -- 5 | #+attr_html: :width 300 :height 300 6 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/audio_list: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: au 3 | # key: au 4 | # -- 5 |
  • 6 | $2
    • -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/conf: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: conf 3 | # key: conf 4 | # -- 5 | #+begin_src conf :exports both :tangle "~/.config/guangtao/dotfiles/" 6 | 7 | #+end_src 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/config.el: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: config.el 3 | # key: cfg 4 | # -- 5 | #+begin_src emacs-lisp :tangle "config.el" 6 | $1 7 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/ein-R: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: jupyter-R 3 | # key: eR 4 | # -- 5 | #+BEGIN_SRC ein-R :session localhost :exports both :results raw drawer 6 | $1 7 | #+END_SRC -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/ein-haskell: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: ein-haskell 3 | # uuid: 4 | # key: eh 5 | # condition: t 6 | # -- 7 | #+begin_src ein-haskell :session localhost :exports both 8 | $1 9 | #+end_src 10 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/ein-julia: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: jupyter-julia 3 | # key: ej 4 | # -- 5 | #+BEGIN_SRC ein-julia :session localhost :exports both :results raw drawer 6 | $1 7 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/ein-python: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: ein-python 3 | # key: ep 4 | # -- 5 | #+BEGIN_SRC ein-python :session localhost :exports both :results output 6 | $1 7 | #+END_SRC 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/ein-rust: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: ein-rust 3 | # uuid: 4 | # key: er 5 | # condition: t 6 | # -- 7 | #+begin_src ein-rust :session localhost :exports both 8 | $1 9 | #+end_src 10 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/git-update-master: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: git-update 3 | # key: gu 4 | # -- 5 | cd $1 6 | TODAY=$(date) 7 | HOST=$(hostname) 8 | echo $TODAY 9 | echo $HOST 10 | git fetch origin master 11 | git pull origin master -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/git-upstram: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: git-upstream 3 | # key: gus 4 | # -- 5 | cd $1 6 | TODAY=$(date) 7 | HOST=$(hostname) 8 | echo $TODAY 9 | echo $HOST 10 | git fetch upstream master 11 | git pull upstream master -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/go-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: go-src 3 | # key: go 4 | # -- 5 | #+begin_src go :exports both :results output :async nil 6 | $1 7 | #+end_src 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/gtrun_blog: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: ~/project/blog/static/ 3 | # key: ~/project/blog/static/ 4 | # -- 5 | https://www.gtrun.org/ -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/haskell-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: haskell-src 3 | # key: ho 4 | # -- 5 | #+begin_src haskell :exports both :results output 6 | $1 7 | #+end_src 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/home-manager-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: home-manager org-babel 3 | # key: hm 4 | # condition: t 5 | # -- 6 | #+begin_src nix :exports both :tangle "~/.config/guangtao/home-manager/" 7 | $1 8 | #+end_src 9 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/html-image: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: html-image size 3 | # key: hi 4 | # -- 5 | #+NAME: $2 6 | #+CAPTION: $3 7 | #+ATTR_HTML: :width 500 $1 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/info: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: info 3 | # key: info 4 | # -- 5 | TODAY=$(date) 6 | HOST=$(hostname) 7 | echo $TODAY 8 | echo $HOST -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/item-price: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: Item price 3 | # uuid: 4 | # key: ip 5 | # condition: t 6 | # -- 7 | Item price: $1 -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/julia-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: julia 3 | # key: jo 4 | # -- 5 | #+begin_src julia :async :exports both :results output 6 | $1 7 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/lambda-nixops-infra-list: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: infra list 3 | # key: il 4 | # -- 5 | + [ ] [nixpkgs] 6 | + [ ] [nixos] 7 | - [ ] [micro-vm] 8 | - [ ] [module] 9 | + [ ] [nomad] 10 | - [ ] [docker] 11 | - [ ] [podmad] 12 | - [ ] [qemu] 13 | - [ ] [nix] 14 | + [ ] [makes] 15 | - [ ] [release] 16 | - [ ] [dev] 17 | - [ ] [staging] 18 | + [ ] [Nickel] 19 | - [ ] [dockerFile] 20 | - [ ] [nomad] 21 | - [ ] [kubernetes] 22 | + [ ] [github] 23 | - [ ] [internal] 24 | - [ ] [runner] 25 | + [ ] [CUE] 26 | - [ ] [dockerFile] 27 | - [ ] [nomad] 28 | - [ ] [kubernetes] -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/logseq-embed-id: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: logseq-embed-id 3 | # key: lei 4 | # -- 5 | - {{{embed(($1))}}} -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/logseq-public: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: logseq-public 3 | # key: :p 4 | # condition: t 5 | # -- 6 | :public: true -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/logseq-vedio: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: logseq-vedio 3 | # key: lv 4 | # -- 5 | 6 | [:div.videoWrapper.mb-4 7 | [:iframe 8 | {:allowFullScreen "allowfullscreen" 9 | :allow 10 | "accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" 11 | :frameBorder "0" 12 | :src "https://www.youtube.com/embed/$1" 13 | :height "367" 14 | :width "653"}]] 15 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/nix-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: nix 3 | # uuid: nix-src 4 | # key: no 5 | # condition: t 6 | # -- 7 | #+begin_src nix :exports both :results output 8 | $1 9 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/nixos-flk-conf: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: nixos-flk conf 3 | # key: nf 4 | # condition: t 5 | # -- 6 | #+begin_src nix :exports both :tangle "~/.config/guangtao/nixos-flk/" 7 | $1 8 | #+end_src 9 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/nixos-host: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: nixos 3 | # key: nixos 4 | # -- 5 | 10.220.170.137 -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/org-super-link-type: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: org-superlink type 3 | # key: -l 4 | # -- 5 | 6 | - `(insert-current-date-time-inactive)` -> $1 7 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/pdf-image: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: pdf-image size 3 | # key: pi 4 | # -- 5 | #+NAME: $1 6 | #+CAPTION: $2 7 | #+ATTR_ORG: :width 600 8 | #+ATTR_LATEX: :width 5in 9 | $0 10 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/property-header-dir: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: PROPERTIES header dir 3 | # key: phd 4 | # condition: t 5 | # -- 6 | :PROPERTIES: 7 | :header-args:sh: :dir ./$1 8 | :END: 9 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/property-template-habit: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: property-template-habit 3 | # key: pth 4 | # condition: t 5 | # -- 6 | :PROPERTIES: 7 | :STYLE: habit 8 | :LAST_REPEAT: 9 | :END: 10 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/python-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name:python-src 3 | # key: po 4 | # -- 5 | #+begin_src python :results output :async 6 | $1 7 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/python-val: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: python-val 3 | # key: pval 4 | # -- 5 | #+tblname: data_table 6 | $1 7 | #+begin_src python :var val=1 :var data=data_table 8 | # Return row specified by val. 9 | # In non-session mode, use return to return results. 10 | $2 11 | # return(data[val]) 12 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/rust-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: rust-src 3 | # key: ro 4 | # condition: t 5 | # -- 6 | #+begin_src rust :exports both :crates 7 | $1 8 | #+end_src -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/org-mode/shell-src: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: sh 3 | # key: sh 4 | # -- 5 | #+begin_src sh :async :exports both :results output 6 | $1 7 | #+end_src 8 | -------------------------------------------------------------------------------- /local/dotfiles/doom-emacs/snippets/yaml-mode/gh-nix: -------------------------------------------------------------------------------- 1 | # -*- mode: snippet -*- 2 | # name: ghnix 3 | # uuid: 4 | # key: ghnix 5 | # condition: t 6 | # -- 7 | - name: Update nix verison of GH 8 | run: nix -Lv run github:hardenedlinux/nixpkgs-hardenedlinux#gh-nix-update 9 | -------------------------------------------------------------------------------- /local/dotfiles/eww/README.md: -------------------------------------------------------------------------------- 1 | # Eww configuration 2 | 3 | This configuration aims to provide a fully working shell replacement for 4 | compositors/window managers. Features constantly get added and existing ones 5 | get improved. 6 | 7 | ## 🗃️ Components 8 | 9 | The same daemon runs multiple windows which interact with each other: 10 | 11 | ### bar 12 | 13 | ![bar](https://user-images.githubusercontent.com/36706276/192146060-9913d571-abee-4683-9f77-ea1951680cc1.gif) 14 | 15 | ### music window 16 | 17 | ![music](https://user-images.githubusercontent.com/36706276/192146077-f8da4691-9a0c-487f-9805-3fd4d55551e9.gif) 18 | 19 | ### calendar 20 | 21 | ![calendar](https://user-images.githubusercontent.com/36706276/204923748-f5c7db3a-5000-40cf-ba41-cd2d5f14146a.png) 22 | 23 | ### system info 24 | 25 | ![system](https://user-images.githubusercontent.com/36706276/204923681-13c6e1d6-45e8-4f23-aec9-dcd8b96203da.png) 26 | 27 | ## ❔ Usage 28 | 29 | To quickly install this config, grab all the files in this directory and put 30 | them in `~/.config/eww`. Then run `eww daemon` and `eww open bar`. Enjoy! 31 | 32 | Dependencies: 33 | 34 | - Icon fonts: `material-design-icons`, `material-icons` 35 | - Text font: Product Sans 36 | - Script deps: everything in `default.nix`'s `dependencies` list. 37 | 38 | ## 🎨 Theme 39 | 40 | The theme colors can be changed in `css/_colors.scss`. Currently the theme used 41 | is [Catppuccin Mocha](https://github.com/catppuccin/catppuccin). 42 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_calendar.scss: -------------------------------------------------------------------------------- 1 | .calendar-win { 2 | @include window; 3 | background-color: $bg; 4 | border: 1px solid $border; 5 | color: $fg; 6 | padding: 0.2em; 7 | } 8 | 9 | calendar { 10 | padding: 5px; 11 | 12 | :selected { 13 | color: $mauve; 14 | } 15 | 16 | .header { 17 | color: $subtext1; 18 | } 19 | 20 | .highlight { 21 | color: $maroon; 22 | font-weight: bold; 23 | } 24 | 25 | .button { 26 | color: $sapphire; 27 | } 28 | 29 | :indeterminate { 30 | color: $overlay0; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_colors.scss: -------------------------------------------------------------------------------- 1 | $rosewater: #f5e0dc; 2 | $flamingo: #f2cdcd; 3 | $pink: #f5c2e7; 4 | $mauve: #cba6f7; 5 | $red: #f38ba8; 6 | $maroon: #eba0ac; 7 | $peach: #fab387; 8 | $yellow: #f9e2af; 9 | $green: #a6e3a1; 10 | $teal: #94e2d5; 11 | $sky: #89dceb; 12 | $sapphire: #74c7ec; 13 | $blue: #89b4fa; 14 | $lavender: #b4befe; 15 | 16 | $text: #cdd6f4; 17 | $subtext1: #bac2de; 18 | $subtext0: #a6adc8; 19 | $overlay2: #9399b2; 20 | $overlay1: #7f849c; 21 | $overlay0: #6c7086; 22 | 23 | $surface2: #585b70; 24 | $surface1: #45475a; 25 | $surface0: #313244; 26 | 27 | $base: #1e1e2e; 28 | $mantle: #181825; 29 | $crust: #11111b; 30 | 31 | $fg: $text; 32 | $bg: $base; 33 | $bg1: $surface0; 34 | $border: #28283d; 35 | $shadow: $crust; 36 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_music.scss: -------------------------------------------------------------------------------- 1 | .song-cover-art { 2 | @include rounding; 3 | background-position: center; 4 | background-size: cover; 5 | margin: 4px 5px 4px 0; 6 | min-height: 24px; 7 | min-width: 24px; 8 | } 9 | 10 | .music-window { 11 | @include window; 12 | background-color: $bg; 13 | border: 1px solid $border; 14 | color: $fg; 15 | } 16 | 17 | .music-cover-art { 18 | background-position: center; 19 | background-size: cover; 20 | border-radius: 8px; 21 | margin: 1em; 22 | min-height: 170px; 23 | min-width: 170px; 24 | } 25 | 26 | .music-box { 27 | margin: 1rem 1rem 1rem 0; 28 | } 29 | 30 | .music-title { 31 | font-weight: bold; 32 | font-size: 1.1rem; 33 | } 34 | 35 | .music-artist { 36 | color: $subtext1; 37 | } 38 | 39 | .music-button label { 40 | color: $subtext1; 41 | font-size: 2rem; 42 | } 43 | 44 | .music-time { 45 | color: $subtext1; 46 | margin: 0 1rem; 47 | } 48 | 49 | .music-bar scale { 50 | highlight { 51 | background-image: linear-gradient(to right, $teal 30%, $sky 100%); 52 | border-radius: 24px; 53 | } 54 | 55 | trough { 56 | background-color: $bg1; 57 | border-radius: 24px; 58 | margin-top: 0; 59 | min-height: 10px; 60 | min-width: 170px; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_notification.scss: -------------------------------------------------------------------------------- 1 | .notifications-box { 2 | @include window; 3 | background: $bg; 4 | padding: 1rem; 5 | } 6 | 7 | .notification { 8 | background-color: $surface0; 9 | border-bottom: 1px solid $bg; 10 | padding: 0.5rem; 11 | 12 | box { 13 | margin-bottom: 0.5rem; 14 | } 15 | 16 | label { 17 | font-size: 1rem; 18 | } 19 | 20 | &:hover { 21 | border: 1px solid $border; 22 | } 23 | 24 | .appname { 25 | color: $peach; 26 | font-weight: bold; 27 | } 28 | 29 | .summary { 30 | color: $text; 31 | font-weight: bold; 32 | } 33 | 34 | .body { 35 | color: $text; 36 | } 37 | } 38 | 39 | .container { 40 | &:first-child { 41 | border-radius: 8px 8px 0 0; 42 | } 43 | &:last-child { 44 | border-radius: 0 0 8px 8px; 45 | } 46 | } 47 | 48 | .notification-header { 49 | margin-bottom: 1rem; 50 | } 51 | 52 | .notification-label { 53 | color: $blue; 54 | font-size: 1.5rem; 55 | } 56 | 57 | .notification-action { 58 | border-radius: 50%; 59 | margin-bottom: 0.2rem; 60 | padding: 0 0.3rem; 61 | 62 | label { 63 | color: $text; 64 | font-size: 1.2rem; 65 | } 66 | 67 | &:hover { 68 | background: $surface0; 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_osd.scss: -------------------------------------------------------------------------------- 1 | .osd { 2 | @include window; 3 | background: $base; 4 | 5 | label { 6 | color: $text; 7 | font-size: 2rem; 8 | } 9 | } 10 | 11 | .osd trough { 12 | background-color: $bg1; 13 | margin: 1rem 0 0.5rem; 14 | min-height: 10rem; 15 | min-width: 3px; 16 | @include rounding; 17 | 18 | highlight { 19 | min-width: 0; 20 | @include rounding; 21 | } 22 | } 23 | 24 | .osd_vol highlight { 25 | background-image: linear-gradient(to top, $teal 30%, $sky 100%); 26 | } 27 | 28 | .osd_brightness highlight { 29 | background-image: linear-gradient(to top, $yellow 30%, $peach 100%); 30 | } 31 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_system.scss: -------------------------------------------------------------------------------- 1 | .membar { 2 | color: $peach; 3 | } 4 | 5 | .cpubar { 6 | color: $blue; 7 | } 8 | 9 | .batbar { 10 | color: $green; 11 | } 12 | 13 | .membar, 14 | .cpubar, 15 | .batbar { 16 | background-color: $bg1; 17 | } 18 | 19 | .iconmem { 20 | color: $peach; 21 | } 22 | 23 | .iconcpu { 24 | color: $blue; 25 | } 26 | 27 | .icon-text { 28 | font-size: 3rem; 29 | padding: 0.7rem; 30 | } 31 | 32 | .sys-text-sub { 33 | color: $text; 34 | } 35 | 36 | .sys-text-mem, 37 | .sys-text-cpu { 38 | font-size: 1rem; 39 | font-weight: bold; 40 | } 41 | 42 | .sys-icon-mem, 43 | .sys-icon-cpu { 44 | font-size: 1.5rem; 45 | margin: 1.5rem; 46 | } 47 | 48 | .system-info-box { 49 | @include rounding; 50 | background-color: $surface0; 51 | margin: 0.5rem 1rem; 52 | padding: 0.5rem; 53 | } 54 | 55 | .sys-mem, 56 | .sys-cpu { 57 | background-color: $bg; 58 | } 59 | 60 | .sys-icon-mem, 61 | .sys-text-mem, 62 | .sys-mem { 63 | color: $peach; 64 | } 65 | 66 | .sys-icon-cpu, 67 | .sys-text-cpu, 68 | .sys-cpu { 69 | color: $blue; 70 | } 71 | 72 | .sys-box { 73 | margin: 0.3em; 74 | 75 | box { 76 | margin-left: 1rem; 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /local/dotfiles/eww/css/_volume.scss: -------------------------------------------------------------------------------- 1 | .vol-icon { 2 | color: $green; 3 | } 4 | .volbar highlight { 5 | background-image: linear-gradient(to right, $teal 30%, $sky 100%); 6 | border-radius: 10px; 7 | } 8 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/bluetooth.yuck: -------------------------------------------------------------------------------- 1 | (defwidget bluetooth [] 2 | (button 3 | :class "module-bt module icon" 4 | :onclick "blueberry" 5 | :tooltip "${bluetooth.text} ${bluetooth.batt_icon}" 6 | :style "color: ${bluetooth.color};" 7 | {bluetooth.icon})) 8 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/bright.yuck: -------------------------------------------------------------------------------- 1 | (defwidget bright [] 2 | (box 3 | :class "module" 4 | (eventbox 5 | :onscroll "echo {} | sed -e 's/up/-U 1/g' -e 's/down/-A 1/g' | xargs light" 6 | (label 7 | :text {brightness.icon} 8 | :class "bright-icon icon" 9 | :tooltip "brightness ${round(brightness.level, 0)}%")))) 10 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/clock.yuck: -------------------------------------------------------------------------------- 1 | (defvar date_rev false) 2 | 3 | (defwidget clock_module [] 4 | (eventbox 5 | :onhover "${EWW_CMD} update date_rev=true" 6 | :onhoverlost "${EWW_CMD} update date_rev=false" 7 | (overlay 8 | :class "module" 9 | (box 10 | :space-evenly false 11 | (label 12 | :text {time.hour} 13 | :class "clock hour") 14 | (label 15 | :text ":" 16 | :class "clock") 17 | (label 18 | :text {time.minute} 19 | :class "clock minute")) 20 | (revealer 21 | :reveal date_rev 22 | (button 23 | :class "date clock" 24 | :onclick "${EWW_CMD} open --toggle calendar" 25 | {time.date}))))) 26 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/music.yuck: -------------------------------------------------------------------------------- 1 | (defwidget music-module [] 2 | (eventbox 3 | :onhover "${EWW_CMD} update music_reveal=true" 4 | :onhoverlost "${EWW_CMD} update music_reveal=false" 5 | (box 6 | :class "module" 7 | :space-evenly false 8 | (box 9 | :class "song-cover-art" 10 | :style "background-image: url(\"${music_cover}\");") 11 | (button 12 | :class "module" 13 | :onclick "${EWW_CMD} open --toggle music" 14 | {music.title}) 15 | (revealer 16 | :transition "slideright" 17 | :reveal music_reveal 18 | :duration "350ms" 19 | (box 20 | :class "icon" 21 | (button :class "song-button" :onclick "playerctl previous" "") 22 | (button :class "song-button" :onclick "playerctl play-pause" {music.status}) 23 | (button :class "song-button" :onclick "playerctl next" "")))))) 24 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/net.yuck: -------------------------------------------------------------------------------- 1 | (defwidget net [] 2 | (button 3 | :class "module icon" 4 | :onclick "iwgtk &" 5 | :tooltip {net.essid} 6 | :style "color: ${net.color};" 7 | {net.icon})) 8 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/sys.yuck: -------------------------------------------------------------------------------- 1 | (defwidget sys [] 2 | (box 3 | :class "module" 4 | :space-evenly false 5 | :spacing 5 6 | (circular-progress 7 | :value "${EWW_CPU.avg}" 8 | :class "cpubar" 9 | :thickness 3 10 | (button 11 | :tooltip "using ${round(EWW_CPU.avg,0)}% cpu" 12 | :onclick "${EWW_CMD} open --toggle system-menu" 13 | (label :class "icon-text" :text ""))) 14 | 15 | (circular-progress 16 | :value {memory.percentage} 17 | :class "membar" 18 | :thickness 3 19 | (button 20 | :tooltip "using ${round(memory.percentage,0)}% ram" 21 | :onclick "${EWW_CMD} open --toggle system-menu" 22 | (label :class "icon-text" :text ""))) 23 | )) 24 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/variables.yuck: -------------------------------------------------------------------------------- 1 | (defvar bright_reveal false) 2 | (defvar bt_rev false) 3 | (defvar music_reveal false) 4 | (defvar notif_rev false) 5 | (defvar net_rev false) 6 | (defvar time_rev false) 7 | (defvar vol_reveal false) 8 | 9 | (defpoll time :interval "5s" `date +'{"date": "%d/%m", "hour": "%H", "minute": "%M", "day": "%A"}'`) 10 | 11 | (deflisten airplane "scripts/airplane") 12 | (deflisten bluetooth "scripts/bluetooth") 13 | (deflisten brightness "scripts/brightness") 14 | (deflisten memory "scripts/memory") 15 | (deflisten music "scripts/music") 16 | (deflisten music_cover "scripts/music cover") 17 | (deflisten notifications "scripts/notifications") 18 | (deflisten notif_icons :initial `{"icon": "󰆄", "toggle_icon": ""}` "scripts/notifications icons") 19 | (deflisten net "scripts/net") 20 | (deflisten volume "scripts/volume") 21 | (deflisten workspace "scripts/workspaces") 22 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/volume.yuck: -------------------------------------------------------------------------------- 1 | (defwidget volume-module [] 2 | (box 3 | :class "module icon" 4 | (eventbox 5 | :onscroll "echo {} | sed -e 's/up/-/g' -e 's/down/+/g' | xargs -I% wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.005%" 6 | :onclick "pavucontrol &" 7 | :onrightclick "scripts/volume mute SINK" 8 | (label 9 | :class "vol-icon" 10 | :tooltip "volume ${volume.percent}%" 11 | :text {volume.icon})))) 12 | -------------------------------------------------------------------------------- /local/dotfiles/eww/modules/workspaces.yuck: -------------------------------------------------------------------------------- 1 | (defwidget workspaces [] 2 | (eventbox 3 | :onscroll "echo {} | sed -e \"s/up/-1/g\" -e \"s/down/+1/g\" | xargs hyprctl dispatch workspace" 4 | (box 5 | :class "module workspaces" 6 | :spacing 5 7 | (for i in workspace 8 | (button 9 | :onclick "hyprctl dispatch workspace ${i.number}" 10 | :class "ws icon" 11 | :style "color: ${i.color};" 12 | "●"))))) 13 | -------------------------------------------------------------------------------- /local/dotfiles/eww/scripts/airplane: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | icon() { 4 | if [[ $STATUS == "no" ]]; then 5 | echo "" 6 | else 7 | echo "" 8 | fi 9 | } 10 | 11 | toggle() { 12 | if [[ $STATUS == "no" ]]; then 13 | rfkill block all 14 | notify-send --urgency=normal -i airplane-mode-symbolic "Airplane Mode" "Airplane mode has been turned on!" 15 | else 16 | rfkill unblock all 17 | notify-send --urgency=normal -i airplane-mode-disabled-symbolic "Airplane Mode" "Airplane mode has been turned off!" 18 | fi 19 | } 20 | 21 | if [[ $1 == "toggle" ]]; then 22 | toggle 23 | else 24 | while true; do 25 | STATUS="$(rfkill list | sed -n 2p | awk '{print $3}')" 26 | icon 27 | sleep 3; 28 | done 29 | fi 30 | -------------------------------------------------------------------------------- /local/dotfiles/eww/scripts/brightness: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | icons=("" "" "") 4 | 5 | # initial 6 | icon=${icons[$(awk -v n="$(light)" 'BEGIN{print int(n/34)}')]} 7 | echo '{ "level": '"$(light)"', "icon": "'"$icon"'" }' 8 | 9 | udevadm monitor | rg --line-buffered "backlight" | while read -r _; do 10 | icon="${icons[$(awk -v n="$(light)" 'BEGIN{print int(n/34)}')]}" 11 | 12 | echo '{ "level": '"$(light)"', "icon": "'"$icon"'" }' 13 | done 14 | -------------------------------------------------------------------------------- /local/dotfiles/eww/scripts/memory: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | while true; do 4 | # human-readable 5 | freeH=$(free -h --si | rg "Mem:") 6 | # non-human-readable 7 | freeN=$(free --mega | rg "Mem:") 8 | 9 | total="$(echo "$freeH" | awk '{ print $2 }')" 10 | used="$(echo "$freeH" | awk '{ print $3 }')" 11 | t="$(echo "$freeN" | awk '{ print $2 }')" 12 | u="$(echo "$freeN" | awk '{ print $3 }')" 13 | 14 | free=$(printf '%.1fG' "$(bc -l <<< "($t - $u) / 1000")") 15 | perc=$(printf '%.1f' "$(free -m | rg Mem | awk '{print ($3/$2)*100}')") 16 | 17 | echo '{ "total": "'"$total"'", "used": "'"$used"'", "free": "'"$free"'", "percentage": '"$perc"' }' 18 | 19 | sleep 3 20 | done 21 | -------------------------------------------------------------------------------- /local/dotfiles/eww/scripts/net: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | toggle() { 4 | status=$(rfkill -J | jaq -r '.rfkilldevices[] | select(.type == "wlan") | .soft' | head -1) 5 | 6 | if [ "$status" = "unblocked" ]; then 7 | rfkill block wlan 8 | else 9 | rfkill unblock wlan 10 | fi 11 | } 12 | 13 | if [ "$1" = "toggle" ]; then 14 | toggle 15 | else 16 | while true; do 17 | status=$(nmcli g | tail -n 1 | awk '{print $1}') 18 | signal=$(nmcli -f in-use,signal dev wifi | rg "\*" | awk '{ print $2 }') 19 | essid=$(nmcli -t -f NAME connection show --active | head -n1 | sed 's/\"/\\"/g') 20 | 21 | icons=("" "" "" "" "") 22 | 23 | if [ "$status" = "disconnected" ] ; then 24 | icon="" 25 | color="#988ba2" 26 | else 27 | level=$(awk -v n="$signal" 'BEGIN{print int((n-1)/20)}') 28 | if [ "$level" -gt 4 ]; then 29 | level=4 30 | fi 31 | 32 | icon=${icons[$level]} 33 | color="#cba6f7" 34 | fi 35 | 36 | echo '{ "essid": "'"$essid"'", "icon": "'"$icon"'", "color": "'"$color"'" }' 37 | 38 | sleep 3 39 | done 40 | fi 41 | -------------------------------------------------------------------------------- /local/dotfiles/eww/windows/calendar.yuck: -------------------------------------------------------------------------------- 1 | (defwidget calendar-win [] 2 | (box 3 | :class "calendar-win" 4 | (calendar))) 5 | 6 | (defwindow calendar 7 | :monitor 0 8 | :geometry (geometry 9 | :x "0%" 10 | :y "0%" 11 | :anchor "top right" 12 | :width "0px" 13 | :height "0px") 14 | (calendar-win)) 15 | -------------------------------------------------------------------------------- /local/dotfiles/eww/windows/osd.yuck: -------------------------------------------------------------------------------- 1 | (defwidget osd [icon value] 2 | (box 3 | :class "osd" 4 | :orientation "v" 5 | :space-evenly false 6 | (scale 7 | :flipped true 8 | :orientation "v" 9 | :value value) 10 | (label 11 | :text icon))) 12 | 13 | (defwindow osd_vol 14 | :stacking "fg" 15 | :focusable false 16 | :monitor 0 17 | :geometry (geometry 18 | :x "1%" 19 | :y "0%" 20 | :width "0%" 21 | :height "0%" 22 | :anchor "center left") 23 | (osd 24 | :icon {volume.icon} 25 | :value {volume.percent})) 26 | 27 | (defwindow osd_brightness 28 | :stacking "fg" 29 | :focusable false 30 | :monitor 0 31 | :geometry (geometry 32 | :x "1%" 33 | :y "0%" 34 | :width "0%" 35 | :height "0%" 36 | :anchor "center left") 37 | (osd 38 | :icon {brightness.icon} 39 | :value {brightness.level})) 40 | -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/conf/classicui.conf: -------------------------------------------------------------------------------- 1 | # Vertical Candidate List 2 | Vertical Candidate List=False 3 | # Use Per Screen DPI 4 | PerScreenDPI=True 5 | # Use mouse wheel to go to prev or next page 6 | WheelForPaging=True 7 | # Font 8 | Font="Sans 30" 9 | # Theme 10 | Theme=Alpha-black-2.0 11 | -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/conf/keyboard.conf: -------------------------------------------------------------------------------- 1 | # Page size 2 | PageSize=10 3 | # Enable emoji in hint 4 | EnableEmoji=True 5 | # Enable emoji in quickphrase 6 | EnableQuickPhraseEmoji=True 7 | # Choose key modifier 8 | Choose Modifier=None 9 | 10 | [PrevCandidate] 11 | 0=Shift+Tab 12 | 13 | [NextCandidate] 14 | 0=Tab 15 | 16 | [Hint Trigger] 17 | 0=Control+Alt+H 18 | 19 | -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/conf/notifications.conf: -------------------------------------------------------------------------------- 1 | # Hidden Notifications 2 | HiddenNotifications= 3 | 4 | -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/conf/xim.conf: -------------------------------------------------------------------------------- 1 | # Use On The Spot Style (Needs restarting) 2 | UseOnTheSpot=False 3 | 4 | -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/profile: -------------------------------------------------------------------------------- 1 | [Groups/0] 2 | # Group Name 3 | Name=Default 4 | # Layout 5 | Default Layout=us 6 | # Default Input Method 7 | DefaultIM=rime 8 | 9 | [Groups/0/Items/0] 10 | # Name 11 | Name=keyboard-us 12 | # Layout 13 | Layout= 14 | 15 | [Groups/0/Items/1] 16 | # Name 17 | Name=rime 18 | # Layout 19 | Layout= 20 | 21 | [GroupOrder] 22 | 0=Default 23 | 24 | -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/themes/Alpha-black-2.0/arrow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GTrunSec/hivebus/59ed0576ad12ea5c81000b7241ee121f09ca4498/local/dotfiles/fcitx5/themes/Alpha-black-2.0/arrow.png -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/themes/Alpha-black-2.0/panel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GTrunSec/hivebus/59ed0576ad12ea5c81000b7241ee121f09ca4498/local/dotfiles/fcitx5/themes/Alpha-black-2.0/panel.png -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/themes/Alpha-black-2.0/radio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GTrunSec/hivebus/59ed0576ad12ea5c81000b7241ee121f09ca4498/local/dotfiles/fcitx5/themes/Alpha-black-2.0/radio.png -------------------------------------------------------------------------------- /local/dotfiles/fcitx5/themes/Alpha-black-2.0/theme.conf: -------------------------------------------------------------------------------- 1 | [Metadata] 2 | Name=green 3 | Version=0.1 4 | Author=thepoy 5 | Description=Fctix5 Green Theme 6 | ScaleWithDPI=True 7 | 8 | [InputPanel] 9 | # 字体 10 | Font=Sans 13 11 | # 非选中候选字颜色 12 | NormalColor=#ffffff 13 | # 选中候选字颜色 14 | HighlightCandidateColor=#54CE74 15 | # 高亮前景颜色(输入字符颜色) 16 | HighlightColor=#ffffff 17 | # 输入字符背景颜色 18 | HighlightBackgroundColor=#00000000 19 | # 20 | Spacing=3 21 | 22 | [InputPanel/TextMargin] 23 | # 候选字对左边距 24 | Left=20 25 | # 候选字对右边距 26 | Right=20 27 | # 候选字向上边距 28 | Top=10 29 | # 候选字向下边距 30 | Bottom=10 31 | 32 | [InputPanel/Background] 33 | Image=panel.png 34 | 35 | [InputPanel/Background/Margin] 36 | Left=2 37 | Right=2 38 | Top=2 39 | Bottom=2 40 | 41 | [InputPanel/Highlight] 42 | Color=#030303 43 | 44 | [InputPanel/Highlight/Margin] 45 | # 高亮区域左边距 46 | Left=20 47 | # 高亮区域右边距 48 | Right=20 49 | # 高亮区域上边距 50 | Top=10 51 | # 高亮区域下边距 52 | Bottom=10 53 | 54 | [Menu/Background] 55 | Color=#ffffff 56 | 57 | [Menu/Background/Margin] 58 | Left=2 59 | Right=2 60 | Top=2 61 | Bottom=2 62 | 63 | [Menu/ContentMargin] 64 | Left=2 65 | Right=2 66 | Top=2 67 | Bottom=2 68 | 69 | [Menu/Highlight] 70 | Color=#030303 71 | 72 | [Menu/Highlight/Margin] 73 | Left=10 74 | Right=10 75 | Top=5 76 | Bottom=5 77 | 78 | [Menu/Separator] 79 | Color=#c0c0c0 80 | 81 | [Menu/CheckBox] 82 | Image=radio.png 83 | 84 | [Menu/SubMenu] 85 | Image=arrow.png 86 | 87 | [Menu/TextMargin] 88 | Left=5 89 | Right=5 90 | Top=5 91 | Bottom=5 92 | -------------------------------------------------------------------------------- /local/dotfiles/hyprland/hyprpaper.conf: -------------------------------------------------------------------------------- 1 | preload = /home/guangtao/ghq/github.com/GTrunSec/hive/resources/wallpaper/.attach/00/d885ed-3c8e-4c03-b325-52a807f9a3c7/20201219_162324george-turmanidze-10.jpg.jpeg 2 | wallpaper = DP-2,contain:/home/guangtao/ghq/github.com/GTrunSec/hive/resources/wallpaper/.attach/00/d885ed-3c8e-4c03-b325-52a807f9a3c7/20201219_162324george-turmanidze-10.jpg.jpeg 3 | -------------------------------------------------------------------------------- /local/dotfiles/kitty/cscheme.conf: -------------------------------------------------------------------------------- 1 | # [[https://github.com/MartinSeeler/iterm2-material-design][MartinSeeler/iterm2-material-design: A theme / color scheme for iTerm2 based on Google's Material Design Color Palette]] 2 | # [[https://github.com/evicinelli/Dotfiles/blob/master/kitty/.config/kitty/kitty.conf][Dotfiles/kitty.conf at master · evicinelli/Dotfiles]] 3 | foreground #ECEFF1 4 | background #263238 5 | cursor #A7FDEB 6 | # url_color #0075c9 7 | # cursor_text_color #fff8e7 8 | # inactive_border_color #fff8e7 9 | # inactive_tab_background #fff8e7 10 | # selection_foreground #fff8e7 11 | # active_border_color #485a62 12 | # active_tab_background #485a62 13 | # foreground #485a62 14 | # inactive_tab_foreground #485a62 15 | # selection_background #485a62 16 | # cursor #364850 17 | # bell_border_color #c44756 18 | # url_color #0075c9 19 | 20 | color0 #546E7A 21 | color1 #FF5252 22 | color2 #5CF19E 23 | color3 #FFD740 24 | color4 #40C4FF 25 | color5 #FF4081 26 | color6 #64FCDA 27 | color7 #FFFFFF 28 | color8 #B0BEC5 29 | color9 #FF8A80 30 | color10 #B9F6CA 31 | color11 #FFE57F 32 | color12 #80D8FF 33 | color13 #FF80AB 34 | color14 #A7FDEB 35 | color15 #FFFFFF -------------------------------------------------------------------------------- /local/dotfiles/kitty/kitty.conf: -------------------------------------------------------------------------------- 1 | # Font ❤ 2 | font_family Fantasque Sans Mono 3 | font_size 40 4 | 5 | 6 | map ctrl+shift+1 goto_tab 1 7 | map shift+ctrl+2 goto_tab 2 8 | map shift+ctrl+3 goto_tab 3 9 | map shift+ctrl+4 goto_tab 4 10 | map shift+ctrl+5 goto_tab 5 11 | map shift+ctrl+6 goto_tab 6 12 | 13 | map alt+shift+1 first_window 14 | map alt+shift+2 second_window 15 | map alt+shift+3 third_window 16 | map alt+shift+4 fourth_window 17 | map alt+shift+5 fifth_window 18 | map alt+shift+6 sixth_window 19 | map alt+shift+7 seventh_window 20 | 21 | # Kitty option 22 | background_opacity 0.85 23 | remember_window_size yes 24 | adjust_line_height 150% 25 | 26 | # Colorscheme 27 | include ~/.config/guangtao/dotfiles/kitty/cscheme.conf 28 | #include ~/.config/kitty/solarized.conf 29 | 30 | 31 | 32 | new_tab my tab 33 | cd ~/org-notes 34 | # Set the layouts allowed in this tab 35 | enabled_layouts tall, stack 36 | # Set the current layout 37 | layout tall 38 | launch fish 39 | kitty +kitten clipboard --get-clipboard 40 | echo hooray | kitty +kitten clipboard 41 | -------------------------------------------------------------------------------- /local/dotfiles/kitty/solarized.conf: -------------------------------------------------------------------------------- 1 | Base16 Solarized Light - kitty color config 2 | # Scheme by Ethan Schoonover (modified by aramisgithub) 3 | # background #fdf6e3 4 | # foreground #586e75 5 | selection_background #586e75 6 | selection_foreground #fdf6e3 7 | url_color #657b83 8 | cursor #586e75 9 | active_border_color #839496 10 | inactive_border_color #eee8d5 11 | active_tab_background #fdf6e3 12 | active_tab_foreground #586e75 13 | inactive_tab_background #eee8d5 14 | inactive_tab_foreground #657b83 15 | 16 | # normal 17 | color0 #fdf6e3 18 | color0 #ece5d2 19 | color1 #dc322f 20 | color2 #859900 21 | color3 #b58900 22 | color4 #268bd2 23 | color5 #6c71c4 24 | color6 #2aa198 25 | color7 #586e75 26 | 27 | # bright 28 | color8 #839496 29 | color9 #dc322f 30 | color10 #859900 31 | color11 #b58900 32 | color12 #268bd2 33 | color13 #6c71c4 34 | color14 #2aa198 35 | color15 #586e75 36 | 37 | # extended base16 colors 38 | color16 #cb4b16 39 | color17 #d33682 40 | color18 #eee8d5 41 | color19 #93a1a1 42 | color20 #657b83 43 | color21 #073642 -------------------------------------------------------------------------------- /local/dotfiles/navi/ssh.cheat: -------------------------------------------------------------------------------- 1 | % ssh 2 | 3 | # login to a server with a key and port 4 | ssh -i -p @ 5 | 6 | $ user : echo -e "$(whoami)\nroot" --- --prevent-extra 7 | -------------------------------------------------------------------------------- /local/dotfiles/rofi/colors.rasi: -------------------------------------------------------------------------------- 1 | /* colors */ 2 | 3 | * { 4 | al: #00000000; 5 | bg: #24273A; 6 | se: #1E1E2E; 7 | fg: #BF616A; 8 | ac: #24273A; 9 | } 10 | -------------------------------------------------------------------------------- /local/dotfiles/rofi/launcher.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | theme="launcher_theme" 3 | dir="$HOME/.config/rofi/" 4 | 5 | # catppuccin 6 | ALPHA="#00000000" 7 | BG="#24273A" 8 | FG="#BF616A" 9 | SELECT="#1E1E2E" 10 | ACCENT="#24273A" 11 | 12 | # nord 13 | #ALPHA="#00000000" 14 | #BG="#3B4253" 15 | #FG="#BF616A" 16 | #SELECT="#343a46" 17 | #ACCENT="#3B4252" 18 | 19 | # overwrite colors file 20 | cat >$dir/colors.rasi <<-EOF 21 | /* colors */ 22 | 23 | * { 24 | al: $ALPHA; 25 | bg: $BG; 26 | se: $SELECT; 27 | fg: $FG; 28 | ac: $ACCENT; 29 | } 30 | EOF 31 | 32 | rofi -no-lazy-grab -show drun -modi drun -theme $dir/"$theme" 33 | -------------------------------------------------------------------------------- /local/dotfiles/rofi/powermenu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | rofi -show p -modi p:~/.config/rofi/off.sh -theme ~/.config/rofi/powermenu_theme.rasi 3 | -------------------------------------------------------------------------------- /local/dotfiles/waybar/config-bottom.json: -------------------------------------------------------------------------------- 1 | { 2 | "output": ["DP-2"], 3 | "position": "bottom", 4 | "modules-center": ["custom/wintitle"], 5 | "custom/wintitle": { 6 | "exec": "/nix/store/2qy379ilr2qhndnmbf66nxmgs3c1agsv-hyprland-window/bin/hyprland-window", 7 | "interval": 1 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /local/dotfiles/waybar/scripts/power-menu/shared/colors.rasi: -------------------------------------------------------------------------------- 1 | * { 2 | background: #15161EFF; 3 | background-alt: #1A1B26FF; 4 | foreground: #C0CAF5FF; 5 | selected: #33467CFF; 6 | active: #414868FF; 7 | urgent: #F7768EFF; 8 | } 9 | -------------------------------------------------------------------------------- /local/dotfiles/waybar/scripts/power-menu/shared/fonts.rasi: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | * Author : Aditya Shakya (adi1090x) 4 | * Github : @adi1090x 5 | * 6 | * Fonts 7 | * 8 | **/ 9 | 10 | * { 11 | font: "JetBrains Mono Nerd Font 10.5"; 12 | } 13 | -------------------------------------------------------------------------------- /local/dotfiles/wezterm/wezterm.lua: -------------------------------------------------------------------------------- 1 | -- local wezterm = require 'catppuccin' 2 | config = { 3 | default_prog = { '/run/current-system/etc/profiles/per-user/' .. os.getenv("USER") .. '/bin/zsh'}, 4 | window_background_opacity = 0.8, 5 | font_size = 20.0, 6 | } 7 | return config 8 | -- config.keys = { 9 | -- -- Shift + Control + R to rename tab 10 | -- { 11 | -- key = "R", 12 | -- mods = "SHIFT|CTRL", 13 | -- action = act.PromptInputLine({ 14 | -- description = "Enter new name for tab", 15 | -- action = wezterm.action_callback(function(window, pane, line) 16 | -- -- line will be `nil` if they hit escape without entering anything 17 | -- -- An empty string if they just hit enter 18 | -- -- Or the actual line of text they wrote 19 | -- if line then 20 | -- window:active_tab():set_title(line) 21 | -- end 22 | -- end), 23 | -- }), 24 | -- }, 25 | -- } 26 | -------------------------------------------------------------------------------- /local/secrets/secrets.nix: -------------------------------------------------------------------------------- 1 | let 2 | flake = (__getFlake (__toPath ../..)); 3 | # opensshKeys = flake.users.userProfiles.openssh; 4 | data = flake.local.${__currentSystem}.data; 5 | 6 | # Common keys for all hosts 7 | common = [ 8 | data.guangtao.openssh.public.desktop 9 | data.guangtao.openssh.public.macbook 10 | ]; 11 | cloud = [ data.guangtao.openssh.public.tiangang ]; 12 | in 13 | { 14 | "tiangang/attic-cert.age".publicKeys = common ++ cloud; 15 | "tiangang/acme-cloudflare.age".publicKeys = common ++ cloud; 16 | "tiangang/chatgpt-web.age".publicKeys = common ++ cloud; 17 | "tiangang/chatgpt-web-passwd.age".publicKeys = common ++ cloud; 18 | "tiangang/chatgpt-web-env.age".publicKeys = common ++ cloud; 19 | "tiangang/chatgpt-yak.age".publicKeys = common ++ cloud; 20 | "tiangang/v2ray-vmess.age".publicKeys = common ++ cloud; 21 | } 22 | -------------------------------------------------------------------------------- /local/secrets/tiangang/acme-cloudflare.age: -------------------------------------------------------------------------------- 1 | -----BEGIN AGE ENCRYPTED FILE----- 2 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNORzVqdyBBUEZi 3 | VWYzMXpOS01iVzhQTlNtY3Vhc2pMNVhQUjVVNG9CdHJxQUJNNUJNClBUVlVOS05Q 4 | NVpROURwMldSRkpnamJiRzBSWmNLRGdUd0x3aUNVOVJnR0UKLT4gc3NoLWVkMjU1 5 | MTkgWDBWRFhnIG5oOXJJU0tZa0U1cnoxcUZYOFZTcTh4cGFaYmV2U3MrUUhtWWl0 6 | Y0xKblkKL3lWTm9LOU1LRDBTdTMwaXlnQ0wvR2dZbjR0MXZSSm1DM2tZZ2FCYjdT 7 | cwotPiBzc2gtZWQyNTUxOSBsTHNkSkEgSFhqZU9VczI0ZGhzNW5hRjdkM2l4dVNV 8 | eEc3WW8yN1ExaWxMUVpaa2tuSQpxMk05Wm1qakhtYVozY3VUQ0hHQXI3eS9EQWFn 9 | WFM3aUJnWjlvZlhrRXo4Ci0+IHxNKkZbQylLLWdyZWFzZSBaSSIgXUtACkl3MlEK 10 | LS0tIEJ5NHhUM2hwYTJJL2IwKzdVTmhaZUtIQVI0UVhmaGlGSXFNVlVqNG5IWjgK 11 | t/2VA4qtK0nhsbuu3XZUWmgH/H2k4DoGSV2FnzRUh+AR9apqV8JCGoeb0iCcqHpP 12 | eyHsbcFjBdFxBxF7r3IGVT/eoKiNcHZk69ny8zvuCJQBk/mjN4HenDlPTfjV6STc 13 | bC4= 14 | -----END AGE ENCRYPTED FILE----- 15 | -------------------------------------------------------------------------------- /local/secrets/tiangang/attic-cert.age: -------------------------------------------------------------------------------- 1 | -----BEGIN AGE ENCRYPTED FILE----- 2 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNORzVqdyBRdVBO 3 | VkE1YVZaWXI4b2ErOE5yVkxBVTVGZW5HWTNyYk1EMHpoaDBqaXljCkNZdDlVVHg5 4 | VUVDY0lTbHJoOVVqbFpnTlF3QnlaYS9tS2dSckcrVVdWOUEKLT4gc3NoLWVkMjU1 5 | MTkgWDBWRFhnIDBIdE9sVzJZakZVemVpQnJUd1IyZk9kekkwZW9PL0RHcnM2MlVl 6 | dFI2RUUKcjFCWXh0Z294Rld1N0VYR3A3d01vTmdITDJYUVRUUTFSNkJDbThzZlNI 7 | NAotPiBzc2gtZWQyNTUxOSBsTHNkSkEgbjFEVCtVTW1JUGxyd0lCYVZ0OGJKV1U1 8 | V3NIQjZTb2lVaXZ0YlEra3p5VQpzUnBuaDZTWFVwWEZGa3BZSklpaDFudlNKMXRl 9 | RHhRY1pKVEp3eVhqSGVvCi0+ICNbfnI5Sy1ncmVhc2UgKWxTcwpqSzZ6VHBQM1dC 10 | WVJJZ00yVHBMNEdDVGtiQTRETWNrYzRwU0dXb1U4cVpudnZkK2I2aVlHCi0tLSBt 11 | T3pIeW0rdDJNZDBTNEhXNm8xSXlocVFVT0NrQ3dUY1ZGV3VzZXlCZzN3CvktLWuY 12 | wPf3fwIFu5yUBg6LnUdvhp6YK2DnDjRcjU5GrR4pnqx4mPOt3u7y28w2QyByBRtP 13 | Aqoe7nRlSc9YSNct2WzdTU08IwchyO2ZifLa3dGJrD/bHneWqbys7ejq5BJ/OGDV 14 | 54neNxvUHxS5ftTUUkCH433QY75lN8s2ZKdtCbka67sVzKLHfjM1zIbiaqhkNYTy 15 | HhMWwAdtDz46GX0UUQ== 16 | -----END AGE ENCRYPTED FILE----- 17 | -------------------------------------------------------------------------------- /local/secrets/tiangang/chatgpt-web-passwd.age: -------------------------------------------------------------------------------- 1 | -----BEGIN AGE ENCRYPTED FILE----- 2 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNORzVqdyBweSsw 3 | SW00VFlWR2pPMUlOa0EwZFZ2L2lGYURRbUIrZEI3L2tXZEkyOWw4CmNTUjVRaUNm 4 | Y1I5cjc0MW9FbVRrZUxyWk1vRlBNZFRsWm4vM0ZQNjVqVjQKLT4gc3NoLWVkMjU1 5 | MTkgWDBWRFhnIFhscFlGOTJzalZndlJNT1FJRTFrM3hMS3ZkMzd2WFNqUlBOakU2 6 | dGpaM0UKSlhiUTNlTXB0STlvQ05oWUNKU1NEdHcxVWlhMmhuTXYvSDhvTStjc2tB 7 | OAotPiBzc2gtZWQyNTUxOSBsTHNkSkEgUWlTZDM2bFkreGl2M09HVEZLZS9xekdv 8 | Tnovd2JKZGFWQjErQjJjL25Dbwoxb2V0OHJPRkkxODF5V01obXNQWE44U2xzRlI2 9 | Qkh2Y0l4aEpTbmt4Q0xBCi0+IDo+PDhOVGZ3LWdyZWFzZQpFMkhFblYvczYyeU9q 10 | S2FkRHRERzZjVmFRT2VaS1hMNnVsWTA2eWlpYkRYRmo1eVp2cXJwT3E0SzNENDI1 11 | cjJWCmYzVTU3TXlUOTR1S2k2eFRoaG9HaVBRZzV3YkxodzFsTHo1NFpjVUNHOFF4 12 | Qm1uam5tVGw1U0dVZ3ZIZ0tRRjkKWmtJCi0tLSBiYWlMSjkyNWVLODRLN2VENVox 13 | S1kwYzBPOVV2VTdieW5Cb0tHOUFvQ2JFCsr8Nw4o3wF8vpKfdjlaFeMsEYDCNowJ 14 | xFinP0I5f1q59HfDDauTxMxT2D5/CxAyJYHVTk9qQXw6oMKTs1kz//4F+BcKhWQ5 15 | 9WA5 16 | -----END AGE ENCRYPTED FILE----- 17 | -------------------------------------------------------------------------------- /local/secrets/tiangang/chatgpt-yak.age: -------------------------------------------------------------------------------- 1 | -----BEGIN AGE ENCRYPTED FILE----- 2 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNORzVqdyBXUEtp 3 | NndYSU9mMUIvSXRVWGJSUGdmam54aVk0K2svalczV005RVVIUHpRCk5kejRWeGl3 4 | SWZmYVFSc0s2NC9nZDlISHlKOEo4Yjk1WEI1K081OVhKZTgKLT4gc3NoLWVkMjU1 5 | MTkgWDBWRFhnIDlmcitVSi81bmZtakVJRVlHQTBXQUd0dlJiVnZCVGxyaGU1N0Ix 6 | cW9OaDAKb3VsZ2g5ZHdaWm12VVBLZ0NHOXNXUjF3UlZ5cDcyRUx0Mzl3SERmUkt4 7 | UQotPiBzc2gtZWQyNTUxOSBsTHNkSkEgRnNOeHVGZGVkcXJqNGh2eWNRcVh2SUh2 8 | c3BSdXJ3MVVRam9oN2RiM1ltOAo0UzB3aXNxVitYNUtrNFNlT0RjQWJXMyt2WnVw 9 | UzB0UUR6Q1N2aHdlazJzCi0+ID4vZzctZ3JlYXNlIDV4KmFTICw4ZUt0OCAsIDgK 10 | bDdscUpqNDZCQmlhYndSdlpMQzczMFRuY2M3bUI1S2FiWXdPZEhCYi9pdnNTQ3FD 11 | S0pFbUU0Z0ozUlpneXc3QQpUcE40ZVZnY3kycE8vYkppMEgxNE9RQ29QbXg0b3ox 12 | Q0xJeDNSdkh5bFEKLS0tIFExNTd0bVI1c3luTW1QZ01abWwxSVMxU245dVJSSWFX 13 | eFBPTWFKSVEzWVUKwtMbCHpj6gGk/56876JIuga+wyi6wCi/CZ70ZJUESHioqaqe 14 | H58r6P3oHO013Z0vn7YIBt5vutRC45yQPQS78Nd9MXX+9OCDJJ7i92y6uaeiHZVw 15 | 5rRMs23fnQA5/JjJz1ZgKNT0sid32Cr/iKBaedcWe9wZJZMOGxTG2pdqKKAxNIR/ 16 | frrYCOav5QKdF3k68MQE0yPpi6ZyT/fkBlnuPZF4YIDpY5JLh6T8xb4SBaV1b7rb 17 | WSRBXRqy18QWyLlXzQG6U5M5X3Regr2NeK/3YU8joMbvE7m6rS7x1AUt2DAMbW2k 18 | dcD4gc2x6PRmp9L3ydWqbpE5JB1DYYkhx3fr6RcPlhymBA== 19 | -----END AGE ENCRYPTED FILE----- 20 | -------------------------------------------------------------------------------- /units/nixos/darwinProfiles/presets/fonts.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | { 3 | fonts.packages = with pkgs; [ 4 | (nerdfonts.override { 5 | fonts = [ 6 | "JetBrainsMono" 7 | "RobotoMono" 8 | ]; 9 | }) 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /units/nixos/darwinProfiles/presets/homebrew.nix: -------------------------------------------------------------------------------- 1 | { lib, omnibus }: 2 | { 3 | imports = [ omnibus.darwinProfiles.presets.homebrew ]; 4 | homebrew = { 5 | __profiles__ = { 6 | enableReaders = lib.mkDefault true; 7 | enableShell = lib.mkDefault true; 8 | enableFonts = lib.mkDefault true; 9 | enableContainers = lib.mkDefault true; 10 | enableEmacs = lib.mkDefault true; 11 | enableChinese = lib.mkDefault true; 12 | enableSecurity = lib.mkDefault true; 13 | enableChat = lib.mkDefault true; 14 | casks.removePackagesFromProfiles = [ ]; 15 | brews.removePackagesFromProfiles = [ ]; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /units/nixos/homeModules/hive.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | { 3 | _options = with lib; { 4 | monitor = mkOption { 5 | type = types.either types.str (types.listOf types.str); 6 | description = "The monitor to use"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /units/nixos/homeModules/programs/git/default.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | { 3 | _imports = [ ./_config.nix ]; 4 | _options = { 5 | hive = with lib; { 6 | default = mkOption { 7 | type = types.bool; 8 | default = true; 9 | description = "Whether to Enable default profile"; 10 | }; 11 | haskell = lib.mkEnableOption (lib.mdDoc "Whether to Enable Haskell Profile"); 12 | gpg = lib.mkEnableOption (lib.mdDoc "Whether to Enable GPG Profile"); 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /units/nixos/homeModules/wayland/windowManager/hyprland/default.nix: -------------------------------------------------------------------------------- 1 | { lib, __inputs__ }: 2 | { 3 | _imports = [ ./_config.nix ]; 4 | _options.hive = 5 | with lib; 6 | mkOption { 7 | default = { }; 8 | type = types.submodule { 9 | options = { 10 | swww = mkEnableOption (lib.mdDoc "Whether to enable swww wallpaper profile"); 11 | nvidia = mkEnableOption (lib.mdDoc "Whether to enable nvidia profile"); 12 | autoLogin = mkEnableOption (lib.mdDoc "Whether to enable autoLogin profile"); 13 | }; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /units/nixos/homeModules/wayland/windowManager/hyprland/swww_randomize.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script will randomly go through the files of a directory, setting it 4 | # up as the wallpaper at regular intervals 5 | # 6 | # NOTE: this script is in bash (not posix shell), because the RANDOM variable 7 | # we use is not defined in posix 8 | 9 | if [[ $# -lt 1 ]] || [[ ! -d $1 ]]; then 10 | echo "Usage: 11 | $0 " 12 | exit 1 13 | fi 14 | 15 | # Edit bellow to control the images transition 16 | export SWWW_TRANSITION_FPS=60 17 | export SWWW_TRANSITION_STEP=2 18 | 19 | # This controls (in seconds) when to switch to the next image 20 | INTERVAL=3000 21 | 22 | if swww query; then 23 | swww kill 24 | else 25 | swww init 26 | fi 27 | 28 | while true; do 29 | find "$1" -type f | 30 | while read -r img; do 31 | echo "$((RANDOM % 1000)):$img" 32 | done | 33 | sort -n | cut -d':' -f2- | 34 | while read -r img; do 35 | swww img "$img" --transition-type center 36 | sleep $INTERVAL 37 | done 38 | done 39 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/apps.nix: -------------------------------------------------------------------------------- 1 | { 2 | root, 3 | self, 4 | lib, 5 | }: 6 | let 7 | inherit (root) presets; 8 | in 9 | { 10 | linux = [ 11 | presets.chat 12 | presets.dropbox 13 | presets.firefox 14 | presets.brave 15 | presets.office 16 | self.doomemacs 17 | ]; 18 | 19 | doomemacs-macbook = [ 20 | self.doomemacs 21 | presets.emacs.macbook 22 | ]; 23 | 24 | doomemacs = [ 25 | presets.emacs.doom 26 | presets.emacs.packages 27 | ]; 28 | 29 | doomemacs-desktop = [ 30 | presets.emacs.desktop 31 | self.doomemacs 32 | ]; 33 | } 34 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/graphical.nix: -------------------------------------------------------------------------------- 1 | { self, root }: 2 | { 3 | default = [ 4 | root.preset.qt 5 | root.preset.gtk 6 | root.preset.ssh-agent 7 | ]; 8 | 9 | full = [ 10 | self.default 11 | root.preset.rofi.default 12 | root.preset.kanshi.default 13 | ]; 14 | 15 | wayland = [ 16 | self.full 17 | root.preset.wayland 18 | root.preset.hyprland.default 19 | root.preset.rofi.default 20 | root.preset.waybar.default 21 | ]; 22 | } 23 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/alacritty.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.alacritty = { 3 | enable = true; 4 | CSIuSupport = true; 5 | settings = { 6 | env.TERM = "xterm-256color"; 7 | window.decorations = "full"; 8 | cursor.style = "Beam"; 9 | window.opacity = 0.7; 10 | # snazzy theme 11 | colors = { 12 | # Default colors 13 | primary = { 14 | background = "0x282a36"; 15 | foreground = "0xeff0eb"; 16 | }; 17 | 18 | # Normal colors 19 | normal = { 20 | black = "0x282a36"; 21 | red = "0xff5c57"; 22 | green = "0x5af78e"; 23 | yellow = "0xf3f99d"; 24 | blue = "0x57c7ff"; 25 | magenta = "0xff6ac1"; 26 | cyan = "0x9aedfe"; 27 | white = "0xf1f1f0"; 28 | }; 29 | 30 | # Bright colors 31 | bright = { 32 | black = "0x686868"; 33 | red = "0xff5c57"; 34 | green = "0x5af78e"; 35 | yellow = "0xf3f99d"; 36 | blue = "0x57c7ff"; 37 | magenta = "0xff6ac1"; 38 | cyan = "0x9aedfe"; 39 | white = "0xf1f1f0"; 40 | }; 41 | }; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/atuin.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.atuin = { 3 | # credit: https://github.com/montchr/dotfield/commit/6237fa7cde4b6fc1ba5b28234e5ce0c295c7bff9#diff-e85828e2a1e40863d27b847846b1f592b906fd9fa495f89b52057125bcc992f7 4 | enable = true; 5 | settings = { 6 | auto_sync = true; 7 | dialect = "us"; 8 | sync_frequency = "10m"; 9 | sync_address = "https://api.atuin.sh"; 10 | search_mode = "fuzzy"; # 'prefix' | 'fulltext' | 'fuzzy' 11 | 12 | ##: options: 'global' (default) | 'host' | 'session' | 'directory' 13 | filter_mode = "global"; 14 | filter_mode_shell_up_key_binding = "directory"; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/auto-upgrade.nix: -------------------------------------------------------------------------------- 1 | { 2 | system.autoUpgrade = { 3 | enable = true; 4 | dates = "07:00"; 5 | flake = "github:gtrunsec/hive"; 6 | allowReboot = true; 7 | persistent = true; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/bat/catppuccin-mocha.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | { pkgs, ... }: 3 | let 4 | inherit (inputs.cells.common.lib) __utils__; 5 | in 6 | { 7 | programs.bat = { 8 | config = { 9 | theme = "Catppuccin-mocha"; 10 | style = "changes,header"; 11 | }; 12 | # bat cache --build 13 | themes = { 14 | Catppuccin-mocha = builtins.readFile ( 15 | __utils__.catppuccin-bat + "/Catppuccin-mocha.tmTheme" 16 | ); 17 | }; 18 | 19 | extraPackages = with pkgs.bat-extras; [ batman ]; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/bat/default.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | programs.bat = { 5 | enable = true; 6 | extraPackages = with pkgs.bat-extras; [ batman ]; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/brave.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | ( 5 | (brave.override { 6 | commandLineArgs = [ 7 | "--enable-wayland-ime" 8 | "--ozone-platform=wayland" 9 | "--enable-features=UseOzonePlatform" 10 | # "--enable-unsafe-webgpu" 11 | # "--use-gl=egl" 12 | ]; 13 | }).overrideAttrs 14 | (old: { 15 | # inherit (pkgs.guangtao-sources.brave) src pname version; 16 | }) 17 | ) 18 | # google-chrome 19 | ]; 20 | } 21 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/chat.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | home.packages = with pkgs; [ 5 | tdesktop 6 | (mkWaylandApp zoom-us "zoom-us" [ 7 | "--enable-features=UseOzonePlatform" 8 | "--ozone-platform=wayland" 9 | ]) 10 | slack 11 | discord 12 | # (mkWaylandApp element-desktop "element-destkop" "--add-flags '--enable-features=UseOzonePlatform --ozone-platform=wayland'" "nixgl") 13 | (mkWaylandApp element-desktop "element-desktop" [ 14 | "--ozone-platform=wayland" 15 | "--enable-wayland-ime" 16 | "--enable-features=UseOzonePlatform" 17 | ]) 18 | (mkWaylandApp signal-desktop "signal-desktop" [ 19 | "--ozone-platform=wayland" 20 | "--enable-wayland-ime" 21 | "--enable-features=UseOzonePlatform" 22 | ]) 23 | ]; 24 | } 25 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/diagrams.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | home.packages = with pkgs; [ d2 ]; 5 | } 6 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/dircolors/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.dircolors = { 3 | enable = true; 4 | extraConfig = builtins.readFile ./LS_COLORS; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/dropbox.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | # FIXME: dropox missing module named 'gi' https://github.com/NixOS/nixpkgs/issues/235345 5 | systemd.user.services.maestral = { 6 | Unit = { 7 | Description = "maestral daemon"; 8 | }; 9 | Install.WantedBy = [ "default.target" ]; 10 | Service.ExecStart = "${pkgs.maestral}/bin/maestral start --foreground"; 11 | }; 12 | home.packages = [ 13 | pkgs.maestral-gui 14 | pkgs.maestral 15 | ]; 16 | # services.dropbox = { 17 | # enable = true; 18 | # }; 19 | } 20 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/emacs/desktop.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | inputs, 6 | omnibus, 7 | }: 8 | { 9 | imports = [ 10 | omnibus.homeProfiles.presets.emacs.default 11 | omnibus.homeProfiles.presets.emacs.tree-sitter 12 | ]; 13 | config = 14 | with lib; 15 | mkMerge [ 16 | (mkIf pkgs.stdenv.isLinux { 17 | programs.emacs = { 18 | extraPackages = 19 | epkgs: with epkgs; [ 20 | vterm 21 | grab-x-link 22 | ]; 23 | }; 24 | services.emacs.client.enable = true; 25 | }) 26 | ]; 27 | } 28 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/emacs/doom.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | inputs, 6 | }: 7 | let 8 | src = inputs.dotfiles + "/doom-emacs"; 9 | onChange = '' 10 | export PATH=/run/current-system/etc/profiles/per-user/$USER/bin:/opt/homebrew/bin:$PATH 11 | $HOME/.emacs.d/bin/doom sync 12 | ''; 13 | in 14 | { 15 | config = lib.mkMerge [ 16 | { 17 | home.activation.initDoomEmacs = config.lib.dag.entryAfter [ "writeBoundary" ] '' 18 | if [ ! -d "$HOME/.emacs.d/bin" ];then 19 | ${lib.getExe pkgs.git} clone https://github.com/doomemacs/doomemacs ~/.emacs.d 20 | fi 21 | if [ ! -d "$HOME/.doom.d" ];then 22 | mkdir -p $HOME/.doom.d/ 23 | cp "$HOME/ghq/github.com/GTrunSec/hive/profiles/doom-emacs/init.el" "$HOME/.doom.d/init.el" 24 | mkdir -p $HOME/.doom.d/{etc,autoload} 25 | ln -sfT "$HOME/ghq/github.com/GTrunSec/hive/profiles/doom-emacs/snippets" $HOME/.doom.d/snippets 26 | fi 27 | ''; 28 | 29 | home.file.".doom.d/config.org" = { 30 | source = src + "/config.org"; 31 | inherit onChange; 32 | }; 33 | # home.file.".doom.d/static/sketchviz".source = 34 | # let 35 | # env = pkgs.applyPatches { 36 | # name = "sketchviz-env"; 37 | # src = __utils__.sketchviz; 38 | # patches = [ ./exit.patch ]; 39 | # }; 40 | # in 41 | # env; 42 | } 43 | ]; 44 | } 45 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/emacs/exit.patch: -------------------------------------------------------------------------------- 1 | diff --git a/sketch.js b/sketch.js 2 | index 754b74e..a83dad2 100755 3 | --- a/sketch.js 4 | +++ b/sketch.js 5 | @@ -193,6 +193,7 @@ function main() { 6 | process.exit(1); 7 | } 8 | console.log("Written as '" + output + "'."); 9 | + process.exit(); 10 | }); 11 | }); 12 | fs.readFile(input, {}, function (err, data) { 13 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/emacs/macbook.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | super, 6 | }: 7 | { 8 | imports = [ super.desktop ]; 9 | config = with lib; mkMerge [ ({ programs.emacs = { }; }) ]; 10 | } 11 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/eww/desktop.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | cell, 4 | profiles, 5 | __inputs__, 6 | }: 7 | let 8 | src = profiles + "/eww"; 9 | 10 | eww = __inputs__.eww.packages.default; 11 | eww-wayland = __inputs__.eww.packages.eww-wayland; 12 | in 13 | { 14 | default = { 15 | imports = [ 16 | cell.homeModules.eww 17 | cell.homeProfiles.eww.overlays.default 18 | ]; 19 | }; 20 | 21 | overlays.default.nixpkgs.overlays = [ __inputs__.eww.overlays.default ]; 22 | 23 | guangtao = { 24 | imports = [ cell.homeProfiles.eww.default ]; 25 | programs.eww.configDir = src; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/firefox.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | pkgs, 4 | config, 5 | lib, 6 | ... 7 | }: 8 | { 9 | programs.firefox = { 10 | enable = true; 11 | package = pkgs.wrapFirefox pkgs.firefox-unwrapped { 12 | extraPolicies = { 13 | PasswordManagerEnabled = false; 14 | DisableFirefoxAccounts = true; 15 | DisablePocket = true; 16 | EnableTrackingProtection = { 17 | Value = true; 18 | Locked = true; 19 | Cryptomining = true; 20 | Fingerprinting = true; 21 | }; 22 | Preferences = { 23 | "browser.newtabpage.activity-stream.feeds.topsites" = false; 24 | "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; 25 | "browser.urlbar.autoFill.adaptiveHistory.enabled" = true; 26 | "browser.tabs.closeWindowWithLastTab" = false; 27 | "extensions.unifiedExtensions.enabled" = false; 28 | }; 29 | }; 30 | }; 31 | profiles.default.extensions = with pkgs.nur.repos.rycee.firefox-addons; [ 32 | vimium 33 | darkreader 34 | privacy-badger 35 | ]; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/fzf.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | programs.fzf = { 10 | enable = true; 11 | enableBashIntegration = true; 12 | enableZshIntegration = lib.mkIf config.programs.zsh.enable true; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/gh.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.gh = { 3 | enable = true; 4 | settings.git_protocol = "ssh"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/git.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | { 3 | home.packages = with pkgs; [ 4 | # peco 5 | ghq 6 | ]; 7 | programs.git = { 8 | userEmail = "gtrunsec@hardenedlinux.org"; 9 | userName = "guangtao"; 10 | ignores = [ 11 | ".projectile" 12 | ".indium.json" 13 | ".ccls-cache" 14 | ".Rhistory" 15 | ".notdeft*" 16 | "eaf" 17 | ".cache" 18 | ".org-src-babel" 19 | ".auctex-auto" 20 | ".DS_Store" 21 | "result" 22 | ".ipynb_checkpoints" 23 | "__pycache__" 24 | "*.org.organice-bak" 25 | ".direnv" 26 | ".direnv.d" 27 | ".secrets" 28 | ".cargo" 29 | ]; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/gpg.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | config = 10 | with lib; 11 | mkMerge [ 12 | { 13 | programs.gpg = { 14 | enable = true; 15 | settings = { 16 | cert-digest-algo = "SHA512"; 17 | disable-cipher-algo = "3DES"; 18 | default-recipient-self = true; 19 | use-agent = true; 20 | with-fingerprint = true; 21 | }; 22 | }; 23 | } 24 | (mkIf pkgs.stdenv.isLinux { 25 | programs.gpg = { 26 | # settings = { 27 | # default-key = "0x761C8EBEA940960E"; 28 | # }; 29 | }; 30 | services.gpg-agent = { 31 | defaultCacheTtl = 180000; 32 | defaultCacheTtlSsh = 180000; 33 | enable = true; 34 | enableScDaemon = true; 35 | enableSshSupport = true; 36 | grabKeyboardAndMouse = false; 37 | }; 38 | }) 39 | ]; 40 | } 41 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/gtk.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | home.packages = with pkgs; [ 10 | gnome.adwaita-icon-theme 11 | gnome.gnome-themes-extra 12 | ]; 13 | xresources.properties = { 14 | "Xft.autohint" = "0"; 15 | "Xft.lcdfilter" = "lcddefault"; 16 | "Xft.hintstyle" = "hintfull"; 17 | "Xft.hinting" = "1"; 18 | "Xft.antialias" = "1"; 19 | "Xft.rgba" = "rgb"; 20 | }; 21 | home.pointerCursor = { 22 | package = pkgs.bibata-cursors; 23 | name = "Bibata-Modern-Classic"; 24 | gtk.enable = true; 25 | x11.enable = true; 26 | }; 27 | gtk = { 28 | enable = true; 29 | theme = { 30 | package = pkgs.materia-theme; 31 | name = "Materia"; 32 | }; 33 | iconTheme = { 34 | package = pkgs.numix-icon-theme-circle; 35 | name = "Numix-Circle"; 36 | }; 37 | font = { 38 | package = pkgs.roboto; 39 | name = "Roboto"; 40 | size = 20; 41 | }; 42 | gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/hyprland/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | home.sessionVariables = { 3 | QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; 4 | QT_AUTO_SCREEN_SCALE_FACTOR = "1"; 5 | WLR_NO_HARDWARE_CURSORS = 1; 6 | NO_AT_BRIDGE = 1; # https://github.com/NixOS/nixpkgs/issues/16327#issuecomment-315729994 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/hyprland/desktop.nix: -------------------------------------------------------------------------------- 1 | { profiles }: 2 | { pkgs, ... }: 3 | let 4 | src = profiles + "/hyprland"; 5 | in 6 | { 7 | wayland.windowManager.hyprland = { 8 | enable = true; 9 | systemdIntegration = true; 10 | extraConfig = builtins.readFile "${src}/hyprland.conf"; 11 | xwayland = { 12 | enable = true; 13 | }; 14 | hive = { 15 | nvidia = true; 16 | autoLogin = true; 17 | swww = true; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/hyprland/hyprpaper.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs) nixpkgs std self; 4 | inherit (inputs.cells.common.lib) __inputs__; 5 | src = "${(std.incl self [ "profiles/hyprland" ])}/profiles/hyprland"; 6 | inherit (cell) homeProfiles; 7 | in 8 | { 9 | default = { 10 | imports = [ homeProfiles.hyprpaper.packages ]; 11 | }; 12 | 13 | packages.home.packages = with nixpkgs; [ 14 | __inputs__.hyprpaper.packages.hyprpaper 15 | ]; 16 | 17 | guangtao = { 18 | imports = [ homeProfiles.hyprpaper.default ]; 19 | home.file.".config/hypr/hyprpaper.conf".source = "${src}/hyprpaper.conf"; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/latex.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | home.packages = with pkgs; [ 5 | (texlive.combine { 6 | inherit (texlive) 7 | collection-plaingeneric 8 | collection-latexextra 9 | collection-fontsrecommended 10 | collection-pictures 11 | collection-bibtexextra 12 | collection-mathscience 13 | collection-langgerman 14 | scheme-basic 15 | xetex 16 | cjk 17 | ctex 18 | xecjk 19 | dvipng 20 | fontspec 21 | euenc 22 | latexmk 23 | # elegantpaper 24 | 25 | fontawesome5 26 | roboto 27 | lato 28 | sourcesanspro 29 | ; 30 | }) 31 | ]; 32 | } 33 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/nushell.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | inputs, 5 | }: 6 | let 7 | inherit (inputs) nuScripts; 8 | configDir = 9 | if pkgs.stdenv.isDarwin then 10 | "Library/Application Support/nushell" 11 | else 12 | "${config.xdg.configHome}/nushell"; 13 | in 14 | { 15 | home.packages = [ pkgs.peco ]; 16 | programs.nushell = { 17 | enable = true; 18 | environmentVariables = { 19 | PATH = '' 20 | ( 21 | $env.PATH 22 | | split row (char esep) 23 | | prepend $"/etc/profiles/per-user/($env.USER)/bin" 24 | | prepend "/run/current-system/sw/bin" 25 | | prepend "/opt/homebrew/bin" 26 | | prepend "/usr/local/bin" 27 | ) 28 | ''; 29 | }; 30 | extraConfig = '' 31 | $env.config = {keybindings:[]} 32 | 33 | alias cdghq = cd (fd -t d -d 4 '.git$' -HI ~/ghq -x dirname | sed "s|$(ghq root)/||" | peco) 34 | ''; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/office.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | home.packages = with pkgs; [ 5 | onlyoffice-bin 6 | foliate # epub reader 7 | okular # pdf reader 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/qt.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | qt = { 10 | enable = true; 11 | platformTheme = "gtk"; 12 | style.name = "adwaita"; 13 | style.package = pkgs.adwaita-qt; 14 | }; 15 | home.packages = [ ]; 16 | 17 | home.sessionVariables = { 18 | # QML2_IMPORT_PATH = "/run/current-system/sw/" + pkgs.qt5.qtbase.qtQmlPrefix; 19 | QT_PLUGIN_PATH = lib.concatStringsSep ":" [ 20 | "${pkgs.qt5.qtbase}/${pkgs.qt5.qtbase.qtPluginPrefix}" 21 | "${pkgs.qt5.qtwayland.bin}/${pkgs.qt5.qtbase.qtPluginPrefix}" 22 | "${pkgs.qt6.qtwayland}/lib/qt-6/plugins" 23 | "${pkgs.qt6.qtbase}/${pkgs.qt6.qtbase.qtPluginPrefix}" 24 | ]; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/rofi/default.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | { 9 | home.packages = 10 | with pkgs; 11 | (lib.optionals ( 12 | config.wayland.windowManager.hyprland.enable 13 | || config.wayland.windowManager.sway.enable 14 | ) [ rofi-wayland ]); 15 | } 16 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/rofi/desktop.nix: -------------------------------------------------------------------------------- 1 | { profiles }: 2 | let 3 | src = profiles + "/rofi"; 4 | in 5 | { 6 | home.file.".config/rofi/off.sh".source = "${src}/off.sh"; 7 | home.file.".config/rofi/colors.rasi".source = "${src}/colors.rasi"; 8 | home.file.".config/rofi/launcher.sh".source = "${src}/launcher.sh"; 9 | home.file.".config/rofi/launcher_theme.rasi".source = "${src}/launcher_theme.rasi"; 10 | home.file.".config/rofi/powermenu.sh".source = "${src}/powermenu.sh"; 11 | home.file.".config/rofi/powermenu_theme.rasi".source = "${src}/powermenu_theme.rasi"; 12 | } 13 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/spell-check.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, lib, ... }: 3 | let 4 | ordering = lib.concatStringsSep "," ( 5 | (lib.optionals pkgs.stdenv.isDarwin [ "AppleSpell" ]) 6 | ++ [ 7 | # run `enchant-lsmod-2` to see the list of available dictionaries 8 | "aspell" 9 | "hunspell" 10 | "hspell" 11 | ] 12 | ); 13 | in 14 | { 15 | home.file.".config/enchant/enenchant.ordering".source = pkgs.writeText "enenchant.ordering" '' 16 | *:${ordering} 17 | en_US:${ordering} 18 | ''; 19 | home.packages = with pkgs; [ 20 | (hunspellWithDicts [ hunspellDicts.en-us ]) 21 | (aspellWithDicts ( 22 | dicts: with dicts; [ 23 | en 24 | en-computers 25 | en-science 26 | ] 27 | )) 28 | ]; 29 | } 30 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/ssh-agent.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | config = 10 | with lib; 11 | mkMerge [ 12 | (mkIf pkgs.stdenv.isLinux { 13 | home.sessionVariables = { 14 | SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent.socket"; 15 | }; 16 | systemd.user.services."ssh-agent" = { 17 | Unit = { 18 | Description = "SSH key agent"; 19 | }; 20 | 21 | Service = { 22 | Type = "simple"; 23 | # DISPLAY required for ssh-askpass to work 24 | Environment = [ 25 | "SSH_AUTH_SOCK=%t/ssh-agent.socket" 26 | "DISPLAY=:0" 27 | ]; 28 | Restart = "always"; 29 | ExecStart = "${pkgs.openssh}/bin/ssh-agent -D -a $SSH_AUTH_SOCK"; 30 | }; 31 | 32 | Install = { 33 | WantedBy = [ "default.target" ]; 34 | }; 35 | }; 36 | }) 37 | ]; 38 | } 39 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/starship/default.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | programs.starship = { 10 | enable = true; 11 | enableBashIntegration = true; 12 | enableZshIntegration = true; 13 | settings = lib.importTOML ./starship.toml; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/starship/starship.toml: -------------------------------------------------------------------------------- 1 | "$schema" = 'https://starship.rs/config-schema.json' 2 | add_newline = true 3 | 4 | [character] 5 | success_symbol = "[λ](bold blue)" 6 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/tmux.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | { 9 | programs.tmux = { 10 | enable = true; 11 | clock24 = true; 12 | keyMode = "vi"; 13 | extraConfig = 14 | (if pkgs.stdenv.isLinux then "" else "") 15 | + '' 16 | set -g prefix C-b 17 | bind C-b send-prefix 18 | 19 | #https://github.com/gpakosz/.tmux/issues/53 20 | set -gu prefix2 21 | 22 | unbind C-a 23 | 24 | set -g @resurrect-capture-pane-contents "on" 25 | 26 | set -g mouse on 27 | bind P paste-buffer 28 | bind-key -T copy-mode-vi v send-keys -X begin-selection 29 | bind-key -T copy-mode-vi y send-keys -X copy-selection 30 | bind-key -T copy-mode-vi r send-keys -X rectangle-toggle 31 | ''; 32 | 33 | plugins = with pkgs.tmuxPlugins; [ 34 | sidebar 35 | yank 36 | fingers 37 | sensible 38 | continuum 39 | resurrect 40 | power-theme 41 | ]; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/users/guangtao.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | with lib; 3 | { 4 | programs.navi = mkIf config.programs.navi.enable { 5 | settings = { 6 | cheats = { 7 | paths = [ "~/ghq/github.com/GTrunSec/hive/profiles/navi" ]; 8 | }; 9 | }; 10 | }; 11 | programs.git = mkIf config.programs.git.enable { 12 | userEmail = "gtrunsec@hardenedlinux.org"; 13 | userName = "guangtao"; 14 | ignores = [ 15 | ".projectile" 16 | ".indium.json" 17 | ".ccls-cache" 18 | ".Rhistory" 19 | ".notdeft*" 20 | "eaf" 21 | ".cache" 22 | ".org-src-babel" 23 | ".auctex-auto" 24 | "vast.db" 25 | ".DS_Store" 26 | "result" 27 | ".ipynb_checkpoints" 28 | "__pycache__" 29 | "*.org.organice-bak" 30 | ".direnv" 31 | ".direnv.d" 32 | ".secrets" 33 | ".cargo" 34 | ]; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/utils.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | home.packages = with pkgs; [ ]; 10 | } 11 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/waybar/default.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | programs.waybar = { 5 | enable = true; 6 | package = pkgs.waybar.overrideAttrs (oldAttrs: { 7 | mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ]; 8 | }); 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/waybar/hyprland_window.sh: -------------------------------------------------------------------------------- 1 | export PAHT=$PATH 2 | title="$(hyprctl activewindow -j | jq -r '. | .title')" 3 | class="$(hyprctl activewindow -j | jq -r '. | .class')" 4 | 5 | if [ "$title" == "$class" ]; then 6 | echo "$title" 7 | else 8 | echo "$title :: $class" 9 | fi 10 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/waybar/themes.nix: -------------------------------------------------------------------------------- 1 | { lib, profiles }: 2 | let 3 | l = lib // builtins; 4 | src = profiles + "/waybar"; 5 | in 6 | { 7 | default = { 8 | top = l.fromJSON (l.readFile "${src}/config-top.json"); 9 | bottom = l.fromJSON (l.readFile "${src}/config-bottom.json"); 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/wayland.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | home.packages = with pkgs; [ 5 | qt5.qtwayland 6 | wayland-utils 7 | wlr-randr 8 | wf-recorder 9 | wl-clipboard 10 | grim # Grab images from a Wayland compositor 11 | # ksnip 12 | sway-contrib.grimshot # Screenshot utility for Wayland 13 | kooha # Elegantly record your screen 14 | sunpaper # Wallpaper manager for Wayland 15 | swaynotificationcenter 16 | ]; 17 | } 18 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/wezterm/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | inputs, 6 | }: 7 | let 8 | src = inputs.dotfiles + "/wezterm"; 9 | in 10 | { 11 | config = 12 | with lib; 13 | mkMerge [ 14 | { 15 | # home.file.".config/wezterm/catppuccin.lua".source = 16 | # __utils__.catppuccin-wezterm + "/catppuccin.lua"; 17 | home.file.".config/wezterm/wezterm.lua".source = "${src}/wezterm.lua"; 18 | } 19 | ]; 20 | } 21 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/zsh/autoload.zsh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env zsh 2 | 3 | autoload -Uz up-line-or-beginning-search 4 | autoload -Uz down-line-or-beginning-search 5 | autoload -U bashcompinit && bashcompinit 6 | 7 | zle -N up-line-or-beginning-search 8 | zle -N down-line-or-beginning-search 9 | 10 | autoload -Uz zmv zcalc zargs url-quote-magic bracketed-paste-magic compinit 11 | 12 | zle -N self-insert url-quote-magic 13 | zle -N bracketed-paste bracketed-paste-magic 14 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/zsh/compinit-setopt.zsh: -------------------------------------------------------------------------------- 1 | setopt hist_verify # reload full command when runing from history 2 | setopt notify # report the status of backgrounds jobs immediately 3 | setopt hist_ignore_space # do not remember commands starting with space 4 | setopt hist_reduce_blanks # reduce whitespace in history 5 | 6 | setopt auto_continue #automatically send SIGCON to disowned jobs 7 | 8 | # Fancy substitutions in prompts 9 | setopt prompt_subst 10 | setopt transient_rprompt 11 | 12 | # If a pattern for filename generation has no matches, print an error, instead 13 | # of leaving it unchanged in the argument list. This also applies to file 14 | # expansion of an initial ‘~’ or ‘=’. 15 | setopt NOMATCH 16 | 17 | # no Beep on error in ZLE. 18 | setopt NO_BEEP 19 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/zsh/init-bindkey.zsh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env zsh 2 | 3 | # https://superuser.com/questions/427163/altarrow-moving-between-words-in-zsh-and-iterm2 4 | bindkey "\e[1;3C" emacs-forward-word 5 | bindkey "\e[1;3D" emacs-backward-word 6 | 7 | bindkey -M emacs '^x' fzf-cd-widget 8 | # bindkey -M emacs '^P' history-substring-search-up 9 | # bindkey -M emacs '^N' history-substring-search-down 10 | 11 | bindkey "^[[1;5C" vi-forward-word 12 | bindkey "^[[1;5D" vi-backward-word 13 | 14 | bindkey '^Z' fzf-z-widget 15 | 16 | [[ -n "$key[Up]" ]] && bindkey -- "$key[Up]" up-line-or-beginning-search 17 | [[ -n "$key[Down]" ]] && bindkey -- "$key[Down]" down-line-or-beginning-search 18 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/presets/zsh/zshrc.zsh: -------------------------------------------------------------------------------- 1 | zstyle ':completion:*' completer _complete _ignored _approximate 2 | zstyle ':completion:*' list-colors '\' 3 | zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s 4 | zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 5 | zstyle ':completion:*' menu select 6 | zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s 7 | zstyle ':completion:*' verbose true 8 | _comp_options+=(globdots) 9 | 10 | export TERM=xterm-256color 11 | export EDITOR="emacsclient -nw" 12 | export VISUAL=$EDITOR 13 | 14 | fzf-z-widget() { 15 | if type "z" >/dev/null; then 16 | cd "$(echo $(z -t -l | cut -d' ' -f2- | tr -d ' ' | fzf --tac))" 17 | zle reset-prompt 18 | fi 19 | } 20 | 21 | zle -N fzf-z-widget 22 | -------------------------------------------------------------------------------- /units/nixos/homeProfiles/shell.nix: -------------------------------------------------------------------------------- 1 | { 2 | root, 3 | self, 4 | inputs, 5 | lib, 6 | }: 7 | let 8 | inherit (root) presets; 9 | inherit (inputs) nixpkgs; 10 | in 11 | with presets; 12 | { 13 | default = [ 14 | git 15 | # # ------------------------------ 16 | # preset.navi 17 | (lib.optionals nixpkgs.stdenv.isLinux presets.alacritty) 18 | ]; 19 | 20 | wezterm = [ 21 | self.default 22 | nushell 23 | # inputs.self.omnibus.homeProfiles.shell.modernTools 24 | (lib.optional nixpkgs.stdenv.isDarwin presets.wezterm.default) 25 | ]; 26 | 27 | full = [ self.default ]; 28 | } 29 | -------------------------------------------------------------------------------- /units/nixos/hosts/desktop/nixosConfiguration.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | super, 4 | lib, 5 | }: 6 | let 7 | inherit (inputs) nixpkgs; 8 | in 9 | import (super.layouts.hive.bee.pkgs.path + "/nixos/lib/eval-config.nix") rec { 10 | system = super.layouts.system; 11 | pkgs = super.layouts.hive.bee.pkgs; 12 | modules = lib.flatten [ super.layouts.nixosSuites ]; 13 | } 14 | -------------------------------------------------------------------------------- /units/nixos/hosts/desktop/nixosProfiles/bootstrap.nix: -------------------------------------------------------------------------------- 1 | { imports = [ ]; } 2 | -------------------------------------------------------------------------------- /units/nixos/hosts/macbook/darwinConfiguration.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | super, 4 | lib, 5 | }: 6 | let 7 | inherit (inputs) nixpkgs darwin; 8 | in 9 | darwin.lib.darwinSystem rec { 10 | system = super.layouts.system; 11 | pkgs = super.layouts.hive.bee.pkgs; 12 | modules = lib.flatten [ super.layouts.darwinSuites ]; 13 | } 14 | -------------------------------------------------------------------------------- /units/nixos/hosts/macbook/darwinProfiles/bootstrap.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ omnibus.nixosProfiles.presets.boot ]; 3 | boot.__profiles__.systemd-boot.enable = true; 4 | fileSystems."/" = { 5 | device = "/dev/disk/by-label/nixos"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /units/nixos/hosts/macbook/homeProfiles/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | pkgs, 5 | }: 6 | let 7 | removeUnwantedPackages = 8 | pkg: 9 | lib.warn "the ${pkg.pname} has been removed on the ${pkgs.system}" pkgs.emptyDirectory; 10 | in 11 | { 12 | # imports = [ inputs.self.pops.omnibus.homeProfiles.exports.macbook.presets.alacritty ]; 13 | programs.zoxide = { 14 | enable = lib.mkForce false; 15 | }; 16 | 17 | programs.carapace = { 18 | enable = lib.mkForce false; 19 | }; 20 | home.packages = [ 21 | (lib.warn "the terraform has been removed on the darwin platform" pkgs.emptyDirectory) 22 | ]; 23 | } 24 | -------------------------------------------------------------------------------- /units/nixos/hosts/macbook/omnibus/homeProfiles/alacritty.nix: -------------------------------------------------------------------------------- 1 | { 2 | value = 3 | { selfModule', inputs }: 4 | let 5 | inherit (inputs) dmerge; 6 | in 7 | selfModule' ( 8 | m: 9 | dmerge m { 10 | config.programs.alacritty = { 11 | __profiles__.enableZellij = true; 12 | settings = { 13 | font = { 14 | size = 21.0; 15 | normal = { 16 | family = "JetBrainsMono Nerd Font"; 17 | style = "Regular"; 18 | }; 19 | }; 20 | }; 21 | }; 22 | } 23 | ); 24 | path = [ 25 | "presets" 26 | "alacritty" 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /units/nixos/hosts/mobile/nixosConfiguration.nix: -------------------------------------------------------------------------------- 1 | let 2 | inherit (inputs) nixpkgs; 3 | in 4 | nixpkgs.lib.nixosSystem rec { 5 | system = super.layouts.system; 6 | pkgs = import nixpkgs { inherit system; }; 7 | modules = lib.flatten [ super.layouts.nixosSuites ]; 8 | } 9 | -------------------------------------------------------------------------------- /units/nixos/hosts/mobile/nixosProfiles/bootstrap.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ omnibus.nixosProfiles.presets.boot ]; 3 | boot.__profiles__.systemd-boot.enable = true; 4 | fileSystems."/" = { 5 | device = "/dev/disk/by-label/nixos"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosConfiguration.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | super, 4 | lib, 5 | }: 6 | let 7 | inherit (inputs) nixpkgs; 8 | in 9 | import (super.layouts.hive.bee.pkgs.path + "/nixos/lib/eval-config.nix") { 10 | system = super.layouts.system; 11 | pkgs = super.layouts.hive.bee.pkgs; 12 | modules = lib.flatten [ super.layouts.nixosSuites ]; 13 | } 14 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/acme.nix: -------------------------------------------------------------------------------- 1 | { inputs, config }: 2 | { 3 | age.secrets.acme-cloudflare.file = inputs.local.age.file "tiangang/acme-cloudflare.age"; 4 | security.acme = { 5 | acceptTerms = true; 6 | defaults.email = "gtrunsec@hardenedlinux.org"; 7 | }; 8 | security.acme.certs."zhangguangtao.org" = { 9 | dnsProvider = "cloudflare"; 10 | credentialsFile = config.age.secrets."acme-cloudflare".path; 11 | domain = "*.zhangguangtao.org"; 12 | extraDomainNames = [ "*.zhangguangtao.org" ]; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/atticd.nix: -------------------------------------------------------------------------------- 1 | { config, inputs }: 2 | { 3 | # imports = [ inputs.self.nixosModules.services.atticd ]; 4 | age.secrets.attic-cert.file = inputs.local.age.file "tiangang/attic-cert.age"; 5 | environment.systemPackages = [ inputs.attic.packages.attic ]; 6 | services.atticd = { 7 | enable = true; 8 | credentialsFile = config.age.secrets."attic-cert".path; 9 | package = inputs.attic.packages.attic-server; 10 | __profiles__ = { 11 | psql = true; 12 | }; 13 | settings = { 14 | listen = "[::1]:57448"; 15 | database.url = "postgresql:///atticd?host=/run/postgresql"; 16 | allowed-hosts = [ "attic.zhangguangtao.org" ]; 17 | api-endpoint = "https://attic.zhangguangtao.org/"; 18 | storage = { 19 | type = "s3"; 20 | region = "us-west-004"; 21 | bucket = "guangtao-nix-cache"; 22 | endpoint = "https://s3.us-west-004.backblazeb2.com"; 23 | }; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/bootstrap.nix: -------------------------------------------------------------------------------- 1 | { 2 | super, 3 | omnibus, 4 | inputs, 5 | pkgs, 6 | }: 7 | { 8 | imports = [ omnibus.nixosModules.omnibus.bootstrap ]; 9 | 10 | system.stateVersion = "23.11"; 11 | 12 | time.timeZone = "America/Los_Angeles"; 13 | 14 | omnibus.bootstrap = { 15 | contabo = true; 16 | minimal = true; 17 | }; 18 | 19 | # boot.loader = { 20 | # timeout = 0; 21 | # systemd-boot.enable = true; 22 | # efi.canTouchEfiVariables = true; 23 | # }; 24 | # fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; 25 | } 26 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/networking.nix: -------------------------------------------------------------------------------- 1 | { networking.hostName = "tiangang"; } 2 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/nginx/atticd.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.nginx = { 3 | enable = true; 4 | recommendedProxySettings = true; 5 | recommendedTlsSettings = true; 6 | recommendedOptimisation = true; 7 | recommendedGzipSettings = true; 8 | virtualHosts = { 9 | "attic.zhangguangtao.org" = { 10 | enableACME = true; 11 | forceSSL = true; 12 | http3 = false; 13 | http2 = false; 14 | kTLS = true; 15 | extraConfig = '' 16 | client_header_buffer_size 64k; 17 | ''; 18 | locations."/" = { 19 | proxyPass = "http://[::1]:57448"; 20 | recommendedProxySettings = true; 21 | }; 22 | }; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/nginx/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | inputs, 5 | }: 6 | { 7 | networking.firewall.allowedTCPPorts = [ 8 | 80 9 | 443 10 | ]; 11 | networking.firewall.allowedUDPPorts = [ 443 ]; 12 | users.users.nginx.group = "nginx"; 13 | users.groups.nginx = { }; 14 | users.users.nginx.isSystemUser = true; 15 | users.users.nginx.extraGroups = [ config.users.groups.acme.name ]; 16 | 17 | services.nginx.enable = true; 18 | } 19 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/nixosProfiles/v2ray.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | inputs, 5 | }: 6 | { 7 | networking.firewall = { 8 | allowedTCPPorts = [ 8489 ]; 9 | allowedUDPPorts = [ 8489 ]; 10 | }; 11 | age.secrets.v2ray-vmess = { 12 | file = inputs.local.age.file "tiangang/v2ray-vmess.age"; 13 | mode = "0755"; 14 | }; 15 | services.v2ray = { 16 | enable = true; 17 | configFile = config.age.secrets.v2ray-vmess.path; 18 | }; 19 | services.nginx = { 20 | virtualHosts = { 21 | "proxy.zhangguangtao.org" = { 22 | enableACME = true; 23 | forceSSL = true; 24 | http3 = false; 25 | http2 = false; 26 | locations."/" = { 27 | proxyPass = "http://127.0.0.1:8489"; 28 | recommendedProxySettings = true; 29 | extraConfig = ''''; 30 | }; 31 | }; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /units/nixos/hosts/tiangang/omnibus/nixosProfiles/disko.nix: -------------------------------------------------------------------------------- 1 | { flops }: 2 | { 3 | value = 4 | { 5 | selfModule', 6 | inputs, 7 | lib, 8 | }: 9 | let 10 | l = lib // builtins; 11 | in 12 | selfModule' ( 13 | m: 14 | flops.mergeToDepth 10 m { 15 | config.disko.devices.disk.sda.content.partitions.root.content.subvolumes = 16 | l.removeAttrs 17 | m.config.disko.devices.disk.sda.content.partitions.root.content.subvolumes 18 | [ "/swap" ]; 19 | } 20 | ); 21 | path = [ 22 | "presets" 23 | "fileSystems" 24 | "disko-btrfs" 25 | ]; 26 | } 27 | -------------------------------------------------------------------------------- /units/nixos/microvmProfiles/dev.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | id = "vm-qemu-1"; 4 | in 5 | { 6 | microvm.forwardPorts = [ 7 | { 8 | from = "host"; 9 | host.port = 6000; 10 | guest.port = 22; 11 | } 12 | { 13 | from = "host"; 14 | host.port = 3000; 15 | guest.port = 3000; 16 | } 17 | ]; 18 | microvm = { 19 | hypervisor = "qemu"; 20 | 21 | mem = 4000; 22 | vcpu = 4; 23 | 24 | interfaces = [ 25 | { 26 | type = "user"; 27 | inherit id; 28 | mac = "00:02:00:01:01:00"; 29 | } 30 | ]; 31 | 32 | volumes = [ 33 | { 34 | mountPoint = "/var"; 35 | image = "/tmp/user-${id}.img"; 36 | size = 2048; 37 | } 38 | ]; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /units/nixos/nixosModules/services/atticd/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | inputs, 6 | mkModulePath, 7 | ... 8 | }: 9 | let 10 | cfg = config.services.atticd; 11 | in 12 | { 13 | imports = [ inputs.attic.nixosModules.atticd ]; 14 | options = with lib; { 15 | __profiles__ = mkOption { 16 | default = { }; 17 | type = types.submodule { 18 | options = { 19 | psql = mkEnableOption (lib.mdDoc "Whether to enable psql"); 20 | }; 21 | }; 22 | }; 23 | }; 24 | 25 | config = lib.mkMerge [ 26 | (lib.mkIf cfg.enable (mkModulePath { 27 | settings = { 28 | compression = { 29 | type = "zstd"; 30 | level = 12; 31 | }; 32 | chunking = { 33 | nar-size-threshold = 131072; 34 | min-size = 65536; 35 | avg-size = 131072; 36 | max-size = 262144; 37 | }; 38 | garbage-collection.default-retention-period = "3 months"; 39 | }; 40 | })) 41 | (lib.mkIf cfg.__profiles__.psql { 42 | services.postgresql.enable = true; 43 | services.postgresql.ensureDatabases = [ "atticd" ]; 44 | services.postgresql.ensureUsers = [ 45 | { 46 | name = "atticd"; 47 | ensureDBOwnership = true; 48 | ensurePermissions."DATABASE atticd" = "ALL PRIVILEGES"; 49 | } 50 | ]; 51 | }) 52 | ]; 53 | } 54 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/cloud.nix: -------------------------------------------------------------------------------- 1 | { self }: 2 | { 3 | default = [ 4 | { 5 | boot.cleanTmpDir = true; 6 | boot.tmp.cleanOnBoot = true; 7 | zramSwap.enable = true; 8 | documentation.enable = false; 9 | } 10 | ]; 11 | contabo = [ 12 | self.default 13 | ( 14 | { modulesPath, ... }: 15 | { 16 | imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; 17 | hive.bootstrap.contabo = true; 18 | } 19 | ) 20 | ]; 21 | } 22 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/graphical.nix: -------------------------------------------------------------------------------- 1 | { self, root }: 2 | { 3 | default = [ 4 | { programs.dconf.enable = true; } 5 | root.preset.audio.pipewire 6 | root.preset.audio.bluetooth 7 | root.preset.display.xdg 8 | ]; 9 | 10 | full = [ 11 | self.default 12 | root.preset.display.fcitx5 13 | root.preset.display.dbus 14 | root.preset.virtualisation.podman 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/audio/bluetooth.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | environment.systemPackages = with pkgs; [ lxqt.pavucontrol-qt ]; 5 | 6 | hardware.bluetooth = { 7 | package = pkgs.bluez5-experimental; 8 | enable = true; 9 | powerOnBoot = true; 10 | }; 11 | services.blueman.enable = true; 12 | } 13 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/audio/pipewire.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { lib, config, ... }: 3 | { 4 | security.rtkit.enable = lib.mkDefault config.services.pipewire.enable; 5 | services.pipewire = { 6 | enable = true; 7 | alsa.enable = true; 8 | wireplumber.enable = true; 9 | alsa.support32Bit = true; 10 | pulse.enable = true; 11 | }; 12 | environment = lib.mkIf config.hardware.bluetooth.enable { 13 | etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' 14 | bluez_monitor.properties = { 15 | ["bluez5.enable-sbc-xq"] = true, 16 | ["bluez5.enable-msbc"] = true, 17 | ["bluez5.enable-hw-volume"] = true, 18 | ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" 19 | } 20 | ''; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/backup/btrbk.nix: -------------------------------------------------------------------------------- 1 | # [[file:../../../../docs/org/nixosProfiles.org::*btrbk][btrbk:1]] 2 | # credit: https://github.com/LEXUGE/flake/blob/main/cfgs/x1c7/services.nix 3 | { 4 | # Use btrbk to snapshot persistent states and home 5 | services.btrbk.instances.snapshot = { 6 | # snapshot on the start and the middle of every hour. 7 | onCalendar = "*:00,30"; 8 | settings = { 9 | timestamp_format = "long-iso"; 10 | preserve_day_of_week = "monday"; 11 | preserve_hour_of_day = "23"; 12 | # All snapshots are retained for at least 6 hours regardless of other policies. 13 | snapshot_preserve_min = "6h"; 14 | volume."/" = { 15 | snapshot_dir = ".snapshots"; 16 | subvolume."persist".snapshot_preserve = "48h 7d"; 17 | subvolume."persist/home".snapshot_preserve = "48h 7d 4w"; 18 | }; 19 | }; 20 | }; 21 | } 22 | # btrbk:1 ends here 23 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/backup/restic.nix: -------------------------------------------------------------------------------- 1 | { services.restic.server = { }; } 2 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/default.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | pkgs, 4 | lib, 5 | config, 6 | ... 7 | }: 8 | { 9 | config = 10 | with lib; 11 | mkMerge [ { environment.systemPackages = with pkgs; [ just ]; } ]; 12 | } 13 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/julia.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | environment.systemPackages = with pkgs; [ julia-bin ]; 4 | } 5 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/languageServers.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | environment.systemPackages = with pkgs; [ 5 | nodePackages.bash-language-server 6 | nodePackages.typescript-language-server 7 | shellcheck 8 | yaml-language-server 9 | typst-lsp 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/nickel.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | environment.systemPackages = with pkgs; [ 5 | nickel 6 | lsp-nls 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/python.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | omnibus, 5 | }: 6 | { 7 | imports = [ omnibus.nixosProfiles.presets.coding.python ]; 8 | omnibus.coding.python = { 9 | enableLspBridge = true; 10 | enableEmacsEaf = true; 11 | extraPackages = 12 | ps: 13 | with ps; 14 | [ 15 | pytest 16 | #orgparse 17 | pytest 18 | jupyter 19 | #voila 20 | pygments 21 | # orgbabelhelper 22 | # jupyterlab 23 | pdftotext 24 | openai 25 | ] 26 | ++ lib.optionals pkgs.stdenv.isLinux [ 27 | # pyqt6 28 | # pyqt6-webengine 29 | pyinotify 30 | pymupdf 31 | # eaf depencencies 32 | lxml 33 | ]; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/rust.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | pkgs, 4 | lib, 5 | config, 6 | ... 7 | }: 8 | { 9 | config = 10 | with lib; 11 | mkMerge [ 12 | { 13 | environment.systemPackages = with pkgs; [ 14 | (rust-bin.nightly.latest.default.override { extensions = [ "rust-src" ]; }) 15 | rust-bin.nightly.latest."rust-analyzer-preview" 16 | tokio-console 17 | ]; 18 | hive.env.PATH = [ 19 | "\${CARGO_BIN}" 20 | "\${CARGO_HOME}" 21 | ]; 22 | environment.variables = { 23 | CARGO_HOME = "\${HOME}/.cargo"; 24 | CARGO_BIN = "\${HOME}/.cargo/bin"; 25 | }; 26 | } 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/coding/vscode/_types.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | with lib; 3 | { 4 | programs.vscode = { 5 | hive = mkOption { 6 | default = { }; 7 | type = types.submodule { 8 | options = { 9 | rust = mkEnableOption (lib.mdDoc "Whether to enable rust packages"); 10 | julia = mkEnableOption (lib.mdDoc "Whether to enable julia packages"); 11 | markdown = mkEnableOption (lib.mdDoc "Whether to enable markdown packages"); 12 | bpmn = mkEnableOption (lib.mdDoc "Whether to enable bpmn packages"); 13 | nickel = mkEnableOption (lib.mdDoc "Whether to enable nickel packages"); 14 | }; 15 | }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/dbus.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { config, pkgs, ... }: 3 | { 4 | services.dbus = { 5 | enable = true; 6 | packages = 7 | with pkgs; 8 | [ 9 | pass-secret-service 10 | gcr 11 | ] 12 | ++ lib.optionals config.programs.dconf.enable [ dconf ]; 13 | }; 14 | services.passSecretService = { 15 | enable = true; 16 | }; 17 | services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; 18 | } 19 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/fcitx5.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, lib, ... }: 3 | { 4 | i18n = { 5 | inputMethod = { 6 | enabled = "fcitx5"; 7 | }; 8 | inputMethod.fcitx5 = { 9 | # fcitx.engines = with pkgs.fcitx-engines; [cloudpinyin rime]; 10 | addons = with pkgs; [ 11 | fcitx5-chinese-addons 12 | fcitx5-rime 13 | ]; 14 | }; 15 | }; 16 | environment = lib.mkMerge [ { variables = { }; } ]; 17 | } 18 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/fontconfig.nix: -------------------------------------------------------------------------------- 1 | { 2 | fonts.fontconfig = { 3 | antialias = true; 4 | hithing.enable = true; 5 | subpixel.lcdfilter = "default"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/gdm.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | { 3 | config = 4 | with lib; 5 | mkMerge [ 6 | { 7 | services.xserver.enable = true; 8 | services.xserver.displayManager.gdm.enable = true; 9 | } 10 | (mkIf config.programs.xwayland.enable { 11 | services.xserver.displayManager.gdm.wayland = true; 12 | }) 13 | ]; 14 | } 15 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/greetd.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | { 3 | config = 4 | with lib; 5 | mkMerge [ 6 | { 7 | services.greetd = { 8 | enable = true; 9 | }; 10 | } 11 | ]; 12 | } 13 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/hyprland.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs) nixpkgs; 4 | inherit (inputs.cells.common.lib) __inputs__; 5 | l = inputs.nixpkgs.lib // builtins; 6 | in 7 | rec { 8 | default = { 9 | imports = [ 10 | __inputs__.hyprland.nixosModules.default 11 | cell.nixosModules.hyprland 12 | ( 13 | { config, ... }: 14 | let 15 | cfg = config.programs.hyprland.hiveProfiles; 16 | in 17 | { 18 | config = 19 | with l; 20 | mkMerge [ 21 | (mkIf cfg.nvidia { 22 | programs.hyprland.package = __inputs__.hyprland.packages.hyprland-nvidia; 23 | }) 24 | ]; 25 | } 26 | ) 27 | ]; 28 | programs.hyprland.enable = true; 29 | }; 30 | 31 | displayManager = name: { 32 | imports = [ cell.nixosModules.${name} ]; 33 | programs.hyprland.hiveProfiles = { 34 | displayManager = true; 35 | }; 36 | }; 37 | 38 | guangtao = { 39 | imports = [ 40 | default 41 | # (displayManager "sddm") 42 | ]; 43 | programs.hyprland.hiveProfiles = { 44 | getty = true; 45 | autoLogin = true; 46 | user = "guangtao"; 47 | shell = "zsh"; 48 | }; 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/lightdm.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | { 3 | config = 4 | with lib; 5 | mkMerge [ 6 | { 7 | services.xserver.enable = true; 8 | services.xserver.displayManager.lightdm.enable = true; 9 | } 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/opengl.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | # hardware.opengl.extraPackages = with pkgs; [ 4 | # vaapiIntel 5 | # vaapiVdpau 6 | # libvdpau-va-gl 7 | # intel-media-driver 8 | # ]; 9 | hardware.opengl = { 10 | driSupport = true; 11 | driSupport32Bit = true; 12 | }; 13 | hardware.opengl.package = pkgs.mesa.drivers; 14 | } 15 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/sddm.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | { 3 | config = 4 | with lib; 5 | mkMerge [ 6 | { 7 | services.xserver = { 8 | enable = true; 9 | }; 10 | services.xserver.displayManager.sddm.enable = true; 11 | } 12 | # (mkIf config.hardware.video.hidpi.enable 13 | { services.xserver.displayManager.sddm.enableHidpi = true; } 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/display/xdg.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | { 9 | xdg = { 10 | mime.enable = true; 11 | icons.enable = true; 12 | portal = { 13 | enable = true; 14 | wlr.enable = lib.mkIf config.hive.display.wayland true; 15 | extraPortals = 16 | with pkgs; 17 | [ xdg-desktop-portal-gtk ] 18 | ++ (lib.optionals config.hive.display.wayland) [ xdg-desktop-portal-wlr ]; 19 | }; 20 | }; 21 | environment.systemPackages = with pkgs; [ xdg-utils ]; 22 | } 23 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/git.nix: -------------------------------------------------------------------------------- 1 | { config, lib }: 2 | { 3 | programs.git = lib.mkIf config.programs.git.enable { 4 | userEmail = "gtrunsec@hardenedlinux.org"; 5 | userName = "guangtao"; 6 | ignores = [ 7 | ".projectile" 8 | ".indium.json" 9 | ".ccls-cache" 10 | ".Rhistory" 11 | ".notdeft*" 12 | "eaf" 13 | ".cache" 14 | ".org-src-babel" 15 | ".auctex-auto" 16 | "vast.db" 17 | ".DS_Store" 18 | "result" 19 | ".ipynb_checkpoints" 20 | "__pycache__" 21 | "*.org.organice-bak" 22 | ".direnv" 23 | ".direnv.d" 24 | ".secrets" 25 | ".cargo" 26 | ]; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/hardware/nvidia.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | { 9 | services.xserver = { 10 | videoDrivers = [ "nvidia" ]; 11 | }; 12 | 13 | systemd.services.nvidia-control-devices = { 14 | wantedBy = [ "multi-user.target" ]; 15 | }; 16 | boot = { 17 | kernelParams = [ "nvidia-drm.modeset=1" ]; 18 | kernelModules = [ "nvidia" ]; 19 | # blacklistedKernelModules = ["nouveau"]; 20 | }; 21 | hardware = { 22 | nvidia = { 23 | package = config.boot.kernelPackages.nvidiaPackages.production; 24 | modesetting.enable = true; 25 | powerManagement.enable = false; 26 | }; 27 | # nvidia = { 28 | # package = config.boot.kernelPackages.nvidiaPackages.stable; 29 | # open = true; 30 | # nvidiaSettings = false; 31 | # }; 32 | opengl.enable = true; 33 | # nvidia.prime = { 34 | # nvidiaBusId = "PCI:1:0:0"; 35 | # intelBusId = "PCI:0:2:0"; 36 | # offload.enable = true; 37 | # }; 38 | }; 39 | 40 | environment.systemPackages = with pkgs; [ 41 | glxinfo 42 | vulkan-tools 43 | glmark2 44 | ]; 45 | } 46 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/_1password.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | environment.systemPackages = with pkgs; [ 5 | _1password-gui 6 | _1password 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/age.nix: -------------------------------------------------------------------------------- 1 | { __inputs__ }: 2 | { 3 | imports = [ __inputs__.ragenix.nixosModules.age ]; 4 | # age.secretsDir = "/run/keys"; 5 | } 6 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/ecryptfs.nix: -------------------------------------------------------------------------------- 1 | # https://discourse.nixos.org/t/solene-linux-home-encryption-with-ecryptfs/26277 2 | { security.pam.enableEcryptfs = true; } 3 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/gnome-keyring.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | services.gnome.gnome-keyring.enable = true; 5 | programs.seahorse.enable = true; 6 | environment.systemPackages = with pkgs; [ libsecret ]; 7 | } 8 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/gpg.nix: -------------------------------------------------------------------------------- 1 | _: { ... }: { } 2 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/sops.nix: -------------------------------------------------------------------------------- 1 | { __inputs__ }: 2 | { 3 | imports = [ __inputs__.sops-nix.nixosModules.sops ]; 4 | } 5 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/secrets/yubikey.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, ... }: 3 | { 4 | services.yubikey-agent.enable = true; 5 | 6 | environment.systemPackages = with pkgs; [ 7 | yubikey-manager 8 | yubico-piv-tool 9 | ]; 10 | 11 | services.udev.packages = [ pkgs.yubikey-personalization ]; 12 | } 13 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/security/secureboot.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | { user, path }: 3 | { config, ... }: 4 | { 5 | privateKeyFile = "${config.users.users.${user}.home}/${path}"; 6 | publicKeyFile = "${config.users.users.${user}.home}/${path}"; 7 | } 8 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/security/tpm2.nix: -------------------------------------------------------------------------------- 1 | { 2 | security.tpm2 = { 3 | enable = true; 4 | pkcs11.enable = true; 5 | tctiEnvironment.enable = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/services/chatgpt/web-yak.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, config, ... }: 3 | let 4 | in 5 | { 6 | systemd.services.chatgpt-yak = { 7 | description = "chatgpt-yak"; 8 | wantedBy = [ "network.target" ]; 9 | preStart = '' 10 | cp -rf --no-preserve=mode,ownership ${pkgs.yakgpt.outPath}/* /var/lib/chatgpt-yak/ 11 | cp -rf --no-preserve=mode,ownership ${pkgs.yakgpt.outPath}/.next /var/lib/chatgpt-yak/.next 12 | chmod -R +x /var/lib/chatgpt-yak/node_modules/.bin/* 13 | cp -rf --no-preserve=mode,ownership ${ 14 | config.age.secrets."chatgpt-yak".path 15 | } /var/lib/chatgpt-yak/.env.local 16 | ''; 17 | script = '' 18 | export PATH=${ 19 | pkgs.lib.makeBinPath [ 20 | pkgs.nodejs 21 | pkgs.yarn 22 | ] 23 | }:/run/current-system/sw/bin:/var/lib/chatgpt-yak/node_modules/.bin:$PATH 24 | source .env.local && yarn start --hostname 127.0.0.1 --port 3005 25 | ''; 26 | serviceConfig = { 27 | Type = "simple"; 28 | ReadWritePaths = "/var/lib/chatgpt-yak"; 29 | ProtectSystem = "strict"; 30 | DynamicUser = true; 31 | Restart = "always"; 32 | WorkingDirectory = "/var/lib/chatgpt-yak"; 33 | StateDirectory = "chatgpt-yak"; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/services/chatgpt/web.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { pkgs, config, ... }: 3 | let 4 | src = pkgs.nixpkgs-hardenedlinux-sources.go-chatgpt-web.src.outPath; 5 | in 6 | { 7 | systemd.services.chatgpt-web = { 8 | description = "chatgpt-web"; 9 | wantedBy = [ "network.target" ]; 10 | preStart = '' 11 | ln -sfT ${src}/resources /var/lib/chatgpt-web/resources 12 | ln -sfT ${src}/static /var/lib/chatgpt-web/static 13 | cp -rf ${config.age.secrets."chatgpt-web".path} /var/lib/chatgpt-web/config.json 14 | ''; 15 | serviceConfig = { 16 | ExecStart = '' 17 | ${pkgs.go-chatgpt-web}/bin/chatgpt-web 18 | ''; 19 | ReadWritePaths = "/var/lib/chatgpt-web"; 20 | ProtectSystem = "strict"; 21 | DynamicUser = true; 22 | Restart = "always"; 23 | DevicePolicy = "closed"; 24 | NoNewPrivileges = true; 25 | WorkingDirectory = "/var/lib/chatgpt-web"; 26 | StateDirectory = "chatgpt-web"; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/users/root.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | let 3 | inherit (inputs.local) data; 4 | openssh.authorizedKeys.keys = [ 5 | data.guangtao.openssh.public.desktop 6 | data.guangtao.openssh.public.macbook 7 | ]; 8 | in 9 | { 10 | users.users."root" = { 11 | initialPassword = "root"; 12 | # hashedPassword = "$6$iv9bE8EVny10wamj$CS7uxN8/QeLSIMKZGwN2X2OHKSIY8xxCDrXVkwKokPW4xMGdFGuQ6SSC8UJ9GcUFX2BQizE6k3yv8vUFyH2XA/"; 13 | inherit openssh; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /units/nixos/nixosProfiles/presets/virtualisation/qemu-tap.nix: -------------------------------------------------------------------------------- 1 | { } 2 | # {...}: { 3 | # boot = { 4 | # kernelParams = ["intel_iommu=on"]; 5 | # kernelModules = ["vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" "irqbypass" "virtio"]; 6 | # # PCI id's of graphics card 7 | # # extraModprobeConfig = '' 8 | # # options vfio-pci ids=10de:1b80,10de:10f0 9 | # # ''; 10 | # }; 11 | # networking.interfaces.tap0 = { 12 | # virtualOwner = "guangtao"; 13 | # virtual = true; 14 | # virtualType = "tap"; 15 | # useDHCP = true; 16 | # }; 17 | # environment.etc."qemu/bridge.conf".text = "allow br0"; 18 | # } 19 | -------------------------------------------------------------------------------- /units/packages/hello.nix: -------------------------------------------------------------------------------- 1 | { 2 | callPackage, 3 | lib, 4 | stdenv, 5 | fetchurl, 6 | nixos, 7 | testers, 8 | hello, 9 | }: 10 | 11 | stdenv.mkDerivation (finalAttrs: { 12 | pname = "hello"; 13 | version = "2.12.1"; 14 | 15 | src = fetchurl { 16 | url = "mirror://gnu/hello/hello-${finalAttrs.version}.tar.gz"; 17 | sha256 = "sha256-jZkUKv2SV28wsM18tCqNxoCZmLxdYH2Idh9RLibH2yA="; 18 | }; 19 | 20 | doCheck = true; 21 | 22 | passthru.tests = { 23 | version = testers.testVersion { package = hello; }; 24 | 25 | invariant-under-noXlibs = 26 | testers.testEqualDerivation 27 | "hello must not be rebuilt when environment.noXlibs is set." 28 | hello 29 | (nixos { environment.noXlibs = true; }).pkgs.hello; 30 | }; 31 | 32 | passthru.tests.run = callPackage ./test.nix { 33 | hello = finalAttrs.finalPackage; 34 | }; 35 | 36 | meta = with lib; { 37 | description = "A program that produces a familiar, friendly greeting"; 38 | longDescription = '' 39 | GNU Hello is a program that prints "Hello, world!" when you run it. 40 | It is fully customizable. 41 | ''; 42 | homepage = "https://www.gnu.org/software/hello/manual/"; 43 | changelog = "https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${finalAttrs.version}"; 44 | license = licenses.gpl3Plus; 45 | maintainers = [ maintainers.eelco ]; 46 | platforms = platforms.all; 47 | }; 48 | }) 49 | -------------------------------------------------------------------------------- /units/self/default.nix: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 The omnibus Authors 2 | # SPDX-FileCopyrightText: 2024 The omnibus Authors 3 | # 4 | # SPDX-License-Identifier: MIT 5 | 6 | { inputs, eachSystem }: 7 | let 8 | inherit (inputs.omnibus.lib.haumea) removeTopDefault; 9 | in 10 | (inputs.omnibus.pops.load { 11 | src = ./.; 12 | transformer = [ removeTopDefault ]; 13 | inputs = { 14 | inherit inputs eachSystem; 15 | projectRoot = ../..; 16 | }; 17 | }) 18 | -------------------------------------------------------------------------------- /units/self/eachSystem.nix: -------------------------------------------------------------------------------- 1 | { 2 | eachSystem, 3 | super, 4 | inputs, 5 | lib, 6 | }: 7 | lib.mapAttrs (_: v: eachSystem v) { 8 | scripts = system: super.pops.eachSystem.scripts.${system}.exports.default; 9 | apps = system: super.pops.eachSystem.scripts.${system}.exports.apps; 10 | packages = 11 | system: 12 | super.pops.eachSystem.packages.${system}.exports.derivations 13 | // { 14 | data = super.pops.eachSystem.data.${system}.exports.default; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /units/self/flakeOutputs.nix: -------------------------------------------------------------------------------- 1 | { super, eachSystem }: 2 | let 3 | renamerHiveExports = (super.pops.hive.setNixosConfigurationsRenamer "asd").setHomeConfigurationsRenamer "myHm"; 4 | in 5 | { 6 | inherit (super.pops.hive.exports) 7 | nixosConfigurations 8 | darwinConfigurations 9 | colmenaHive 10 | homeConfigurations 11 | ; 12 | inherit (super) pops; 13 | 14 | renamerNixosConfigurations = renamerHiveExports.exports.nixosConfigurations; 15 | myHm = renamerHiveExports.exports.homeConfigurations; 16 | 17 | data = super.pops.data.exports.default; 18 | 19 | subflake = super.pops.subflake; 20 | 21 | overlays = super.pops.eachSystem.packages.x86_64-linux.exports.overlays; 22 | 23 | nixosProfiles = super.pops.nixosProfiles.exports.default; 24 | nixosModules = super.pops.nixosModules.exports.default; 25 | 26 | homeProfiles = super.pops.homeProfiles.exports.default; 27 | 28 | darwinProfiles = super.pops.darwinProfiles.exports.default; 29 | 30 | hosts = super.pops.hosts.exports.default; 31 | } 32 | // super.eachSystem 33 | -------------------------------------------------------------------------------- /units/self/pops/darwinProfiles.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | (omnibus.pops.nixosProfiles.addLoadExtender { 7 | load = { 8 | type = "nixosProfilesOmnibus"; 9 | src = projectRoot + /units/nixos/darwinProfiles; 10 | inputs = { 11 | inputs = inputs; 12 | }; 13 | }; 14 | }) 15 | -------------------------------------------------------------------------------- /units/self/pops/data.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | omnibus.pops.data.addLoadExtender { 7 | load = { 8 | src = projectRoot + /units/data; 9 | inputs = { 10 | inputs = inputs; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /units/self/pops/eachSystem.nix: -------------------------------------------------------------------------------- 1 | { 2 | eachSystem, 3 | super, 4 | inputs, 5 | lib, 6 | }: 7 | let 8 | nixos-unstable = inputs.self.subflake.inputs.nixos-unstable; 9 | in 10 | lib.mapAttrs (_: v: eachSystem v) { 11 | scripts = 12 | system: 13 | (super.scripts.addLoadExtender { 14 | load.inputs = { 15 | inputs = { 16 | nixpkgs = nixos-unstable.legacyPackages.${system}; 17 | }; 18 | }; 19 | }); 20 | 21 | packages = 22 | system: 23 | (super.packages.addLoadExtender { 24 | load.inputs = { 25 | inputs = { 26 | nixpkgs = nixos-unstable.legacyPackages.${system}; 27 | }; 28 | }; 29 | }); 30 | 31 | data = 32 | system: 33 | (super.data.addLoadExtender { 34 | load.inputs = { 35 | nixpkgs = nixos-unstable.legacyPackages.${system}; 36 | inputs = { 37 | nixpkgs = nixos-unstable.legacyPackages.${system}; 38 | }; 39 | }; 40 | }); 41 | } 42 | -------------------------------------------------------------------------------- /units/self/pops/hive.nix: -------------------------------------------------------------------------------- 1 | { inputs, super }: inputs.omnibus.pops.hive.setHosts super.hosts.exports.default 2 | -------------------------------------------------------------------------------- /units/self/pops/homeProfiles.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | (omnibus.pops.homeProfiles.addLoadExtender { 7 | load = { 8 | type = "nixosProfilesOmnibus"; 9 | src = projectRoot + /units/nixos/homeProfiles; 10 | inputs = { 11 | inputs = inputs // { 12 | dotfiles = projectRoot + /local/dotfiles; 13 | }; 14 | }; 15 | }; 16 | }) 17 | -------------------------------------------------------------------------------- /units/self/pops/hosts.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | root, 6 | super, 7 | }: 8 | omnibus.pops.load { 9 | src = projectRoot + /hosts; 10 | inputs = { 11 | inherit (inputs) nixos-unstable; 12 | inputs = inputs // { hivebus = root; } // super.subflake.inputs; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /units/self/pops/nixosModules.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | (omnibus.pops.nixosModules.addLoadExtender { 7 | load = { 8 | src = projectRoot + /units/nixos/nixosModules; 9 | inputs = { 10 | inputs = inputs; 11 | }; 12 | }; 13 | }) 14 | -------------------------------------------------------------------------------- /units/self/pops/nixosProfiles.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | (omnibus.pops.nixosProfiles.addLoadExtender { 7 | load = { 8 | src = projectRoot + /units/nixos/nixosProfiles; 9 | inputs = { 10 | inputs = inputs; 11 | }; 12 | }; 13 | }) 14 | -------------------------------------------------------------------------------- /units/self/pops/omnibus/homeProfiles.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | POP, 6 | flops, 7 | }: 8 | (omnibus.src.pops.homeProfiles.addLoadExtender { 9 | load = { 10 | inputs = { 11 | inputs = { }; 12 | }; 13 | }; 14 | }).addExporters 15 | [ 16 | (POP.extendPop flops.haumea.pops.exporter ( 17 | selfP: _super: { 18 | exports.macbook = selfP.outputs [ 19 | inputs.self.hosts.macbook.omnibus.homeProfiles.alacritty 20 | ]; 21 | } 22 | )) 23 | ] 24 | -------------------------------------------------------------------------------- /units/self/pops/omnibus/nixosProfiles.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | (omnibus.pops.nixosProfiles.addLoadExtender { 7 | load = { 8 | type = "nixosProfilesOmnibus"; 9 | inputs = { 10 | inputs = { 11 | inherit (omnibus.flake.inputs) nil nickel typst; 12 | }; 13 | }; 14 | }; 15 | }) 16 | -------------------------------------------------------------------------------- /units/self/pops/packages.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | omnibus.pops.packages { 7 | src = projectRoot + /units/packages; 8 | inputs = { 9 | inputs = inputs; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /units/self/pops/scripts.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | inputs, 4 | projectRoot, 5 | }: 6 | (omnibus.pops.scripts.addLoadExtender { 7 | load = { 8 | src = projectRoot + /units/scripts; 9 | inputs = { 10 | inputs = inputs // { 11 | makesSrc = omnibus.flake.inputs.makesSrc; 12 | climodSrc = omnibus.flake.inputs.climodSrc; 13 | }; 14 | }; 15 | }; 16 | }) 17 | -------------------------------------------------------------------------------- /units/self/pops/subflake.nix: -------------------------------------------------------------------------------- 1 | { 2 | omnibus, 3 | flops, 4 | POP, 5 | projectRoot, 6 | }: 7 | (omnibus.pops.flake.addInputsExtender ( 8 | POP.extendPop flops.flake.pops.inputsExtender ( 9 | self: super: 10 | let 11 | subflake = omnibus.pops.flake.setInitInputs (projectRoot + /units/lock); 12 | in 13 | { 14 | inputs = subflake.inputs // { 15 | local.age.file = file: projectRoot + /local/secrets/${file}; 16 | }; 17 | } 18 | ) 19 | )) 20 | -------------------------------------------------------------------------------- /units/std/cells/hosts/arionConfigurations.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs) std; 4 | l = inputs.nixpkgs.lib // builtins; 5 | in 6 | { 7 | full-nixos = std.lib.dev.mkArion cell.arionProfiles.webapp; 8 | } 9 | -------------------------------------------------------------------------------- /units/std/cells/hosts/arionProfiles.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | { 3 | webapp = { 4 | config.project.name = "webapp"; 5 | config.services.webserver = 6 | { pkgs, lib, ... }: 7 | { 8 | nixos.useSystemd = true; 9 | nixos.configuration.boot.tmp.useTmpfs = true; 10 | nixos.configuration.system.stateVersion = "23.05"; 11 | nixos.configuration = { 12 | services.nginx.enable = true; 13 | }; 14 | nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual"; 15 | nixos.configuration.services.nscd.enable = false; 16 | nixos.configuration.system.nssModules = lib.mkForce [ ]; 17 | nixos.configuration.systemd.services.nginx.serviceConfig.AmbientCapabilities = 18 | lib.mkForce 19 | [ "CAP_NET_BIND_SERVICE" ]; 20 | service.useHostStore = true; 21 | service.ports = [ "8000:80" ]; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /units/std/cells/hosts/colmenaConfigurations.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | l = inputs.nixpkgs.lib // builtins; 4 | in 5 | { 6 | desktop = { 7 | deployment = { 8 | allowLocalDeployment = true; 9 | targetHost = "127.0.0.1"; 10 | }; 11 | inherit (cell.nixosConfigurations.desktop) bee imports; 12 | }; 13 | tiangang = { 14 | deployment = { 15 | targetHost = "207.244.228.125"; 16 | targetPort = 22; 17 | targetUser = "root"; 18 | # sshOPTS 19 | # sshOptions = ["-o" "UserKnownHostsFile=/dev/null" "-o" "StrictHostKeyChecking=no"]; 20 | }; 21 | inherit (inputs.hivebus.src.hosts.tiangang.layouts.hive) bee imports; 22 | }; 23 | 24 | macbook = { 25 | deployment = { 26 | allowLocalDeployment = true; 27 | targetHost = "127.0.0.1"; 28 | }; 29 | inherit (cell.darwinConfigurations.macbook) bee imports; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /units/std/cells/hosts/darwinConfigurations.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.hivebus.src) hosts; 4 | in 5 | { 6 | # exports your host configuration 7 | macbook = hosts.macbook.layouts.hive; 8 | } 9 | -------------------------------------------------------------------------------- /units/std/cells/hosts/diskoConfigurations.nix: -------------------------------------------------------------------------------- 1 | inputs.haumea.lib.load { src = ./diskoConfigurations; } 2 | -------------------------------------------------------------------------------- /units/std/cells/hosts/entrypoints/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.std-ext.writers.lib) writeShellApplication; 4 | 5 | l = inputs.nixpkgs.lib // builtins; 6 | in 7 | { 8 | show-sshKey = writeShellApplication { 9 | name = "show-sshKey"; 10 | runtimeInputs = with inputs.nixpkgs; [ coreutils ]; 11 | text = l.fileContents ./show-sshKey.sh; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /units/std/cells/hosts/entrypoints/init.bash: -------------------------------------------------------------------------------- 1 | nix run .\#nixosConfigurations.guangtao-o-desktop.config.system.build.disko 2 | sudo nixos-install --flake .#guangtao-o-desktop --root /mnt 3 | -------------------------------------------------------------------------------- /units/std/cells/hosts/entrypoints/show-sshKey.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | if [[ $1 == *"@"* ]]; then 3 | HOST="$(cut -d '@' -f 2 <<<"$1")" 4 | USER="$(cut -d '@' -f 1 <<<"$1")" 5 | else 6 | HOST="${1:-$HOST}" 7 | USER="${2:-$USER}" 8 | fi 9 | 10 | if [[ $USER == "root" ]]; then 11 | cmd="cat /etc/ssh/ssh_host_ed25519_key.pub" 12 | else 13 | cmd="cat ~/.ssh/id_ed25519.pub" 14 | fi 15 | # shellcheck disable=all 16 | ssh "$USER@$HOST" $cmd 17 | -------------------------------------------------------------------------------- /units/std/cells/hosts/exporter.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.flops.lib.configs) pops; 4 | inherit (inputs.flops.inputs) POP; 5 | inherit (inputs) haumea; 6 | 7 | l = inputs.nixpkgs.lib // builtins; 8 | in 9 | { 10 | hosts = { }; 11 | } 12 | -------------------------------------------------------------------------------- /units/std/cells/hosts/exporter/flops.nix: -------------------------------------------------------------------------------- 1 | { 2 | self', 3 | cell, 4 | inputs, 5 | self, 6 | }: 7 | let 8 | l = inputs.nixpkgs.lib // builtins; 9 | inherit (inputs.cells.nixos.pops) exports; 10 | in 11 | { 12 | imports = [ 13 | self'.exports.nixosModules.flops 14 | (cell.lib.mkHome "guangtao" "flops" "zsh") 15 | 16 | inputs.cells.users.nixosProfiles.root 17 | 18 | self.nixosSuites 19 | ]; 20 | 21 | overlays = self'.exports.overlays.flops; 22 | 23 | nixosSuites = [ 24 | exports.nixosModules.default 25 | (l.attrValues exports.nixosProfiles.preset.bootstrap) 26 | exports.nixosProfiles.preset.virtualisation.docker 27 | exports.nixosProfiles.preset.virtualisation.libvirtd 28 | 29 | exports.nixosProfiles.preset.secrets.age 30 | ]; 31 | 32 | homeSuites = [ 33 | exports.homeModules.default 34 | exports.homeProfiles.shell.default 35 | ]; 36 | } 37 | -------------------------------------------------------------------------------- /units/std/cells/hosts/exporter/init.nix: -------------------------------------------------------------------------------- 1 | { 2 | self', 3 | cell, 4 | inputs, 5 | self, 6 | }: 7 | let 8 | l = inputs.nixpkgs.lib // builtins; 9 | inherit (inputs.cells.nixos.pops) exports; 10 | in 11 | { 12 | imports = [ 13 | self.nixosSuites 14 | inputs.disko.nixosModules.disko 15 | { 16 | hive.bootstrap = { 17 | minimal = true; 18 | }; 19 | fileSystems."/persist".neededForBoot = true; 20 | disko.devices = cell.diskoConfigurations.btrfs-legacy { disk = "/dev/sda"; }; 21 | } 22 | 23 | inputs.cells.users.nixosProfiles.root 24 | exports.nixosProfiles.cloud.contabo 25 | ]; 26 | 27 | overlays = [ ]; 28 | 29 | nixosSuites = [ 30 | exports.nixosModules.default 31 | (l.attrValues exports.nixosProfiles.preset.bootstrap) 32 | ]; 33 | 34 | opensshPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIz+2YjcxpmNnUwaf3pwxot0T4eiG80t34ihyfUkWZiq root@nixos-cloud"; 35 | } 36 | -------------------------------------------------------------------------------- /units/std/cells/hosts/exporter/macbook.nix: -------------------------------------------------------------------------------- 1 | { 2 | self', 3 | cell, 4 | inputs, 5 | self, 6 | }: 7 | let 8 | l = inputs.nixpkgs.lib // builtins; 9 | inherit (inputs.cells.nixos.pops) exports; 10 | in 11 | { 12 | imports = [ 13 | # darwinModules.macbook 14 | (cell.lib.mkHome "guangtao" "macbook" "zsh") 15 | 16 | self.darwinSuites 17 | ]; 18 | 19 | darwinSuites = [ 20 | # exports.darwinModules.default 21 | (l.attrValues exports.darwinProfiles.preset.bootstrap) 22 | (l.attrValues exports.darwinProfiles.preset.homebrew.taps) 23 | # load the all profiles by default 24 | # or exports.darwinProfiles.preset.homebrew.brews.apps) 25 | (l.attrValues exports.darwinProfiles.preset.homebrew.brews) 26 | (l.attrValues exports.darwinProfiles.preset.homebrew.casks) 27 | 28 | exports.nixosProfiles.preset.coding.rust 29 | exports.nixosProfiles.preset.coding.python 30 | exports.nixosProfiles.preset.coding.nix 31 | exports.nixosProfiles.preset.coding.node 32 | ]; 33 | 34 | homeSuites = [ 35 | exports.homeModules.default 36 | inputs.cells.users.homeProfiles.guangtao 37 | 38 | exports.homeProfiles.shell.default 39 | # load user's specific profiles 40 | exports.homeProfiles.apps.darwin 41 | exports.homeProfiles.preset.emacs.doomemacs 42 | ]; 43 | 44 | opensshPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINK1QW0lG58r6yaI9xMQ+D5XA7RUQF8lfBanNs36Wrlw guangtaos-MBP.attlocal.net-guangtao-21-02-2023"; 45 | } 46 | -------------------------------------------------------------------------------- /units/std/cells/hosts/exporter/tiangang.nix: -------------------------------------------------------------------------------- 1 | { 2 | self', 3 | cell, 4 | inputs, 5 | self, 6 | }: 7 | let 8 | l = inputs.nixpkgs.lib // builtins; 9 | inherit (inputs.cells.nixos.pops) exports; 10 | in 11 | { 12 | imports = [ 13 | self'.exports.nixosModules.tiangang.default 14 | { 15 | hive.bootstrap = { 16 | contabo = true; 17 | }; 18 | } 19 | self.nixosSuites 20 | inputs.cells.users.nixosProfiLes.root 21 | 22 | exports.nixosProfiles.cloud.contabo 23 | ]; 24 | 25 | overlays = self'.exports.overlays.tiangang; 26 | 27 | nixosSuites = [ 28 | exports.nixosModules.default 29 | (l.attrValues exports.nixosProfiles.preset.bootstrap) 30 | 31 | exports.nixosProfiles.preset.secrets.age 32 | ]; 33 | 34 | opensshPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw5XTIFs8s7zNy5ZX+GH/8bZzEMOCBkDPnagz0opMPo root@nixos"; 35 | } 36 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeConfigurations.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | { 3 | flops = cell.lib.mkHomeConfig "flops" "guangtao"; 4 | 5 | macbook = cell.lib.mkHomeConfig "macbook" "guangtao"; 6 | 7 | desktop = cell.lib.mkHomeConfig "desktop" "guangtao"; 8 | } 9 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | l = inputs.nixpkgs.lib // builtins; 4 | in 5 | l.mapAttrs ( 6 | name: value: 7 | ( 8 | assert value == "directory"; 9 | inputs.cells.common.lib.loadNixOS ./homeModules/${name} { 10 | inherit inputs cell; 11 | pkgs' = inputs.nixpkgs; 12 | lib = inputs.nixpkgs.lib; 13 | } 14 | ) 15 | ) (l.readDir ./homeModules) 16 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules/desktop/hive.nix: -------------------------------------------------------------------------------- 1 | { monitor = "DP-2"; } 2 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules/desktop/home.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules/desktop/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | alacritty = { 3 | settings = { 4 | font.size = 23.0; 5 | }; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules/desktop/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | # _imports = [ 3 | # { 4 | # programs = { 5 | # password-store = { 6 | # enable = true; 7 | # settings = { 8 | # # pypass will search for this folder in your home directory DON'T ADD ~/ 9 | # PASSWORD_STORE_DIR = ".password-store"; 10 | # }; 11 | # }; 12 | # }; 13 | # } 14 | # ]; 15 | # pass-secret-service.enable = true; 16 | } 17 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules/desktop/xsession.nix: -------------------------------------------------------------------------------- 1 | { 2 | profileExtra = '' 3 | export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent.socket; 4 | ''; 5 | } 6 | -------------------------------------------------------------------------------- /units/std/cells/hosts/homeModules/macbook/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | alacritty = { 3 | settings = { 4 | font.size = 18.0; 5 | }; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosConfigurations.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.hivebus.src) hosts; 4 | in 5 | { 6 | tiangang = hosts.tiangang.layouts.hive; 7 | desktop = hosts.desktop.layouts.hive; 8 | # desktop = 9 | # cell.lib.mkNixOSHost exports.desktop "x86_64-linux" inputs.nixos-unstable 10 | # { 11 | # config.allowUnfree = true; 12 | # config.permittedInsecurePackages = [ "nodejs-16.20.2" ]; 13 | # } 14 | # inputs.home; 15 | 16 | # flops = 17 | # cell.lib.mkNixOSHost exports.flops "x86_64-linux" inputs.nixos 18 | # { config.allowUnfree = true; } 19 | # inputs.home; 20 | 21 | # tiangang = 22 | # cell.lib.mkNixOSHost exports.tiangang "x86_64-linux" inputs.nixos { } 23 | # inputs.home; 24 | 25 | # init = 26 | # cell.lib.mkNixOSHost exports.init "x86_64-linux" inputs.nixos { } 27 | # inputs.home; 28 | } 29 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | l = inputs.nixpkgs.lib // builtins; 4 | in 5 | l.mapAttrs ( 6 | name: value: 7 | ( 8 | assert value == "directory"; 9 | inputs.cells.common.lib.loadNixOS ./nixosModules/${name} { 10 | inherit inputs cell; 11 | pkgs' = inputs.nixpkgs; 12 | lib = inputs.nixpkgs.lib; 13 | __inputs__ = inputs.cells.common.lib.__inputs__; 14 | } 15 | ) 16 | ) (l.readDir ./nixosModules) 17 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | _imports = [ 3 | ( 4 | { pkgs, ... }: 5 | { 6 | boot.kernelPackages = pkgs.linuxPackages_latest; 7 | time.timeZone = "America/Los_Angeles"; 8 | } 9 | ) 10 | ]; 11 | binfmt.emulatedSystems = [ "aarch64-linux" ]; 12 | tmp.useTmpfs = true; 13 | tmp.tmpfsSize = "65%"; 14 | initrd = { 15 | availableKernelModules = [ 16 | "xhci_pci" 17 | "ahci" 18 | "usb_storage" 19 | "usbhid" 20 | "sd_mod" 21 | ]; 22 | kernelModules = [ 23 | "ec_sys" 24 | "uhid" 25 | "kvm-intel" 26 | # "dhack" 27 | ]; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/environment/persistence.nix: -------------------------------------------------------------------------------- 1 | { 2 | "/persist" = { 3 | users.guangtao = { 4 | directories = [ 5 | "Documents" 6 | "Downloads" 7 | "Pictures" 8 | "ghq" 9 | ".cache" 10 | ".local" 11 | ".ssh" 12 | ".config/fcitx5" 13 | ]; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | { 3 | "/persist".neededForBoot = true; 4 | "/DATABASE-4TB" = { 5 | device = "/dev/disk/by-uuid/749df476-c355-469a-9d00-4565a07901bf"; 6 | options = [ "x-systemd.automount" ]; 7 | fsType = "xfs"; 8 | }; 9 | _imports = [ 10 | inputs.disko.nixosModules.disko 11 | { 12 | disko.devices = cell.diskoConfigurations.btrfs-legacy { 13 | # boot.loader.grub.device = lib.mkForce "/dev/disk/by-id/ata-CT1000MX500SSD1_2039E4B362FC"; 14 | # lsblk -f 15 | # disk = "/dev/disk/by-uuid/4ffe8e29-1608-48d5-94c3-a685620a723b"; 16 | disk = "/dev/sda"; 17 | # disk = "/dev/disk/by-id/ata-SanDisk_SDSSDH3500G_180243422621"; 18 | }; 19 | } 20 | ]; 21 | } 22 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | _imports = [ { services.fwupd.enable = true; } ]; 3 | # enableAllFirmware = true; 4 | enableRedistributableFirmware = true; 5 | } 6 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/hive.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | { 3 | _imports = [ { powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; } ]; 4 | bootstrap = { 5 | full = true; 6 | systemd-initrd = true; 7 | }; 8 | display = { 9 | wayland = true; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/networking.nix: -------------------------------------------------------------------------------- 1 | { 2 | nat.enable = true; 3 | firewall.allowedTCPPorts = [ 8888 ]; 4 | } 5 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/programs.nix: -------------------------------------------------------------------------------- 1 | { nix-ld.enable = true; } 2 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/security.nix: -------------------------------------------------------------------------------- 1 | { sudo.wheelNeedsPassword = false; } 2 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/systemd.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Speed up boot 3 | # https://discourse.nixos.org/t/boot-faster-by-disabling-udev-settle-and-nm-wait-online/6339 4 | # services.systemd-udev-settle.enable = false; 5 | # services.NetworkManager-wait-online.enable = false; 6 | } 7 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/users.nix: -------------------------------------------------------------------------------- 1 | { 2 | users."guangtao" = { 3 | extraGroups = [ 4 | "audio" 5 | "video" 6 | ]; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/desktop/virtualisation.nix: -------------------------------------------------------------------------------- 1 | { 2 | hive = { 3 | user = "guangtao"; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/flops/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { 2 | "/" = { 3 | device = "/dev/vda1"; 4 | fsType = "ext4"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/flops/hive.nix: -------------------------------------------------------------------------------- 1 | { 2 | bootstrap = { 3 | minimal = true; 4 | systemd-boot = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/flops/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | xserver.enable = true; 3 | xserver.displayManager.sddm.enable = true; 4 | xserver.displayManager.sddm.enableHidpi = true; 5 | } 6 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/flops/virtualisation.nix: -------------------------------------------------------------------------------- 1 | { 2 | hive = { 3 | user = "guangtao"; 4 | # nvidia = true; 5 | dockerCompose = true; 6 | gui = true; 7 | }; 8 | spiceUSBRedirection.enable = true; 9 | } 10 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/atticd.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.cells.common.lib) __inputs__; 4 | in 5 | { 6 | _imports = [ 7 | inputs.cells.nixos.pops.exports.nixosModules.outputs.atticd 8 | # __inputs__.attic.nixosModules.atticd 9 | ( 10 | { 11 | pkgs, 12 | lib, 13 | config, 14 | ... 15 | }: 16 | { 17 | environment.systemPackages = [ __inputs__.attic.packages.attic ]; 18 | age.secrets.attic-cert.file = pkgs.lib.age.file "tiangang/attic-cert.age"; 19 | services.atticd = { 20 | credentialsFile = config.age.secrets."attic-cert".path; 21 | package = __inputs__.attic.packages.attic-server; 22 | }; 23 | } 24 | ) 25 | ]; 26 | enable = true; 27 | settings = { 28 | listen = "[::1]:57448"; 29 | database.url = "postgresql:///attic?host=/run/postgresql"; 30 | allowed-hosts = [ "attic.zhangguangtao.org" ]; 31 | api-endpoint = "https://attic.zhangguangtao.org/"; 32 | storage = { 33 | type = "s3"; 34 | region = "us-west-004"; 35 | bucket = "guangtao-nix-cache"; 36 | endpoint = "https://s3.us-west-004.backblazeb2.com"; 37 | }; 38 | }; 39 | hive = { 40 | psql = true; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/nginx/_config/atticd.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.nginx = { 3 | enable = true; 4 | recommendedProxySettings = true; 5 | recommendedTlsSettings = true; 6 | recommendedOptimisation = true; 7 | recommendedGzipSettings = true; 8 | virtualHosts = { 9 | "attic.zhangguangtao.org" = { 10 | enableACME = true; 11 | forceSSL = true; 12 | http3 = false; 13 | http2 = false; 14 | kTLS = true; 15 | extraConfig = '' 16 | client_header_buffer_size 64k; 17 | ''; 18 | locations."/" = { 19 | proxyPass = "http://[::1]:57448"; 20 | recommendedProxySettings = true; 21 | }; 22 | }; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/nginx/_config/chatgpt-web.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | { 3 | lib, 4 | pkgs, 5 | config, 6 | ... 7 | }: 8 | { 9 | # imports = [ 10 | # inputs.cells.nixos.pops.exports.nixosProfiles.preset.services.chatgpt.web 11 | # ]; 12 | # age.secrets.chatgpt-web.file = pkgs.lib.age.file "tiangang/chatgpt-web.age"; 13 | # age.secrets.chatgpt-web.mode = "0444"; 14 | # age.secrets.chatgpt-web-passwd.file = pkgs.lib.age.file "tiangang/chatgpt-web-passwd.age"; 15 | # age.secrets.chatgpt-web-passwd.mode = "0444"; 16 | 17 | # services.nginx = { 18 | # virtualHosts = { 19 | # "chatgpt.zhangguangtao.org" = { 20 | # enableACME = true; 21 | # forceSSL = true; 22 | # extraConfig = '' 23 | # auth_basic "ChatGPT-web password"; 24 | # auth_basic_user_file ${config.age.secrets.chatgpt-web-passwd.path}; 25 | # proxy_read_timeout 1800s; 26 | # proxy_connect_timeout 1600s; 27 | # access_log off; 28 | # sub_filter 'src="/' 'src="'; 29 | # sub_filter 'href="/' 'href="'; 30 | # sub_filter_types text/html; 31 | # sub_filter_once off; 32 | # ''; 33 | # locations."/" = { 34 | # proxyPass = "http://127.0.0.1:57445"; 35 | # recommendedProxySettings = true; 36 | # }; 37 | # }; 38 | # }; 39 | # }; 40 | } 41 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/nginx/_config/chatgpt-yak.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | { pkgs, config, ... }: 3 | let 4 | in 5 | { 6 | imports = [ 7 | inputs.cells.nixos.pops.exports.nixosProfiles.preset.services.chatgpt.web-yak 8 | ]; 9 | 10 | age.secrets.chatgpt-yak.file = pkgs.lib.age.file "tiangang/chatgpt-yak.age"; 11 | age.secrets.chatgpt-yak.mode = "444"; 12 | 13 | services.nginx = { 14 | virtualHosts = { 15 | "yakgpt.zhangguangtao.org" = { 16 | enableACME = true; 17 | forceSSL = true; 18 | extraConfig = '' 19 | auth_basic "ChatGPT-web password"; 20 | auth_basic_user_file ${config.age.secrets.chatgpt-web-passwd.path}; 21 | proxy_read_timeout 1800s; 22 | proxy_connect_timeout 1600s; 23 | access_log off; 24 | ''; 25 | locations."/" = { 26 | proxyPass = "http://127.0.0.1:3005"; 27 | recommendedProxySettings = true; 28 | }; 29 | }; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/nginx/_config/default.nix: -------------------------------------------------------------------------------- 1 | _: 2 | { config, pkgs, ... }: 3 | { 4 | networking.firewall.allowedTCPPorts = [ 5 | 80 6 | 443 7 | ]; 8 | networking.firewall.allowedUDPPorts = [ 443 ]; 9 | users.users.nginx.extraGroups = [ config.users.groups.acme.name ]; 10 | age.secrets.chatgpt-web.file = pkgs.lib.age.file "tiangang/chatgpt-web.age"; 11 | age.secrets.chatgpt-web.mode = "0444"; 12 | age.secrets.chatgpt-web-passwd.file = pkgs.lib.age.file "tiangang/chatgpt-web-passwd.age"; 13 | age.secrets.chatgpt-web-passwd.mode = "0444"; 14 | } 15 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/nginx/default.nix: -------------------------------------------------------------------------------- 1 | { lib, inputs }: 2 | let 3 | inherit (inputs) haumea; 4 | in 5 | { 6 | _imports = lib.attrValues ( 7 | haumea.lib.load { 8 | src = ./_config; 9 | inputs = { 10 | inputs = inputs; 11 | }; 12 | } 13 | ); 14 | enable = true; 15 | } 16 | -------------------------------------------------------------------------------- /units/std/cells/hosts/nixosModules/tiangang/services/v2ray.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | _imports = [ 3 | ( 4 | { pkgs, config, ... }: 5 | { 6 | networking.firewall = { 7 | allowedTCPPorts = [ 8489 ]; 8 | allowedUDPPorts = [ 8489 ]; 9 | }; 10 | age.secrets.v2ray-vmess = { 11 | file = pkgs.lib.age.file "tiangang/v2ray-vmess.age"; 12 | mode = "0755"; 13 | }; 14 | services.v2ray.configFile = config.age.secrets.v2ray-vmess.path; 15 | } 16 | ) 17 | ]; 18 | enable = true; 19 | } 20 | -------------------------------------------------------------------------------- /units/std/cells/hosts/overlays.nix: -------------------------------------------------------------------------------- 1 | inputs.flops.lib.haumea.pops.default.setInit { 2 | src = ./overlays; 3 | inputs = { 4 | inherit cell; 5 | inputs = removeAttrs inputs [ "self" ]; 6 | exports = inputs.cells.nixos.pops.exports; 7 | inherit (inputs.cells.common.lib) __inputs__ __utils__; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /units/std/cells/hosts/overlays/desktop.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | exports, 4 | __inputs__, 5 | }: 6 | let 7 | l = inputs.nixpkgs.lib // builtins; 8 | in 9 | [ 10 | exports.overlays.packages 11 | exports.overlays.default 12 | exports.overlays.nodePackages 13 | exports.overlays.python 14 | exports.overlays.overrides 15 | 16 | __inputs__.rust-overlay.overlays.default 17 | # __inputs__.nixpkgs-wayland.overlays.default 18 | __inputs__.poetry2nix.overlay 19 | __inputs__.typst.overlays.default 20 | __inputs__.nur.overlay 21 | __inputs__.julia2nix.overlays.default 22 | 23 | __inputs__.emacs-overlay.overlays.default 24 | exports.overlays.vscode 25 | exports.overlays.vscode-extensions 26 | ] 27 | -------------------------------------------------------------------------------- /units/std/cells/hosts/overlays/flops.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | exports, 4 | __inputs__, 5 | }: 6 | [ 7 | exports.overlays.packages 8 | __inputs__.rust-overlay.overlays.default 9 | __inputs__.poetry2nix.overlay 10 | __inputs__.typst.overlays.default 11 | ] 12 | -------------------------------------------------------------------------------- /units/std/cells/hosts/overlays/macbook.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | exports, 4 | __inputs__, 5 | }: 6 | [ 7 | exports.overlays.packages 8 | exports.overlays.nodePackages 9 | __inputs__.rust-overlay.overlays.default 10 | __inputs__.poetry2nix.overlay 11 | __inputs__.typst.overlays.default 12 | ] 13 | -------------------------------------------------------------------------------- /units/std/cells/hosts/overlays/tiangang.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | exports, 4 | __inputs__, 5 | }: 6 | [ 7 | exports.overlays.packages 8 | exports.overlays.lib 9 | 10 | __inputs__.nixpkgs-hardenedlinux.pkgs.overlays.default 11 | __inputs__.nixpkgs-hardenedlinux.common.lib.__inputs__.nix-npm-buildpackage.overlays.default 12 | __inputs__.nixpkgs-hardenedlinux.common.lib.__inputs__.gomod2nix.overlays.default 13 | __inputs__.nixpkgs-hardenedlinux.common.lib.__inputs__.pnpm2nix.overlays.default 14 | ] 15 | -------------------------------------------------------------------------------- /units/std/cells/nixos/darwinProfiles.nix: -------------------------------------------------------------------------------- 1 | inputs.omnibus.darwinProfiles.addLoadExtender { 2 | load = { 3 | src = inputs.self + "/units/nixos/darwinProfiles"; 4 | inputs = { 5 | inherit cell inputs; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /units/std/cells/nixos/data.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.cells.common.lib.__utils__) navi-tldr-pages; 4 | inherit (inputs.nixpkgs.stdenv) isLinux isDarwin; 5 | l = inputs.nixpkgs.lib // builtins; 6 | in 7 | { 8 | navi-tldr-pages = 9 | with inputs.nix-filter.lib; 10 | filter { 11 | root = navi-tldr-pages + "/pages"; 12 | exclude = 13 | [ 14 | "android" 15 | "windows" 16 | "sunos" 17 | (if isLinux then "osx" else "linux") 18 | ( 19 | root: path: type: 20 | if (l.match "[^/]*(rpm|yum|apt).*.cheat" (l.baseNameOf path)) == null then 21 | false 22 | else 23 | true 24 | ) 25 | ] 26 | ++ l.optionals isDarwin [ 27 | # (root: path: type: if (l.match "[^/]*brew.*\.cheat" (l.baseNameOf path)) == null then false else true) 28 | ]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /units/std/cells/nixos/devshellProfiles/nix-store.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | commands = [ 4 | { 5 | name = "repair"; 6 | command = '' 7 | ## sudo rm -rf /nix/store/.links/ 8 | nix-store --verify --check-contents --repair 9 | ''; 10 | } 11 | ]; 12 | } 13 | -------------------------------------------------------------------------------- /units/std/cells/nixos/homeModules.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | { 3 | default = 4 | (inputs.cells.common.lib.loadNixOS (inputs.self + "/nixos/homeModules") { 5 | inherit inputs cell; 6 | __inputs__ = inputs.cells.common.lib.__inputs__; 7 | }).addLoadExtender 8 | { 9 | inputs = { 10 | pkgs' = inputs.nixpkgs; 11 | lib = inputs.nixpkgs.lib; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /units/std/cells/nixos/homeProfiles.nix: -------------------------------------------------------------------------------- 1 | let 2 | inherit (inputs) std self; 3 | profiles = "${(std.incl self [ "profiles" ])}/profiles"; 4 | in 5 | inputs.flops.lib.haumea.pops.default.setInit { 6 | src = inputs.self + "/nixos/homeProfiles"; 7 | inputs = { 8 | inherit cell profiles inputs; 9 | pkgs' = inputs.nixpkgs; 10 | lib = inputs.nixpkgs.lib; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /units/std/cells/nixos/nixosModules.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | l = inputs.nixpkgs.lib // builtins; 4 | in 5 | { 6 | default = 7 | inputs.cells.common.lib.loadNixOS (inputs.self + "/nixos/nixosModules") 8 | { 9 | inherit inputs cell; 10 | lib = inputs.nixpkgs.lib; 11 | pkgs' = inputs.nixpkgs; 12 | __inputs__ = inputs.cells.common.lib.__inputs__; 13 | }; 14 | # .addMerge (final: 15 | # with inputs.dmerge; 16 | # merge final { 17 | # imports = append [ 18 | # (inputs.self + "/nixos/nixosModules/_imports.nix") 19 | # ]; 20 | # }); 21 | outputs = inputs.flops.lib.haumea.pops.default.setInit { 22 | src = inputs.self + "/nixos/nixosModulesOutputs"; 23 | # loader = l.const l.id; 24 | inputs = { 25 | inherit inputs cell; 26 | lib = inputs.nixpkgs.lib; 27 | pkgs' = inputs.nixpkgs; 28 | __inputs__ = inputs.cells.common.lib.__inputs__; 29 | }; 30 | transformer = [ 31 | ( 32 | _cursor: dir: 33 | if dir ? default then 34 | assert (l.attrNames dir == [ "default" ]); 35 | dir.default 36 | else 37 | dir 38 | ) 39 | ]; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /units/std/cells/nixos/nixosProfiles.nix: -------------------------------------------------------------------------------- 1 | inputs.flops.lib.haumea.pops.default.setInit { 2 | src = inputs.self + "/nixos/nixosProfiles"; 3 | inputs = { 4 | inherit cell inputs; 5 | pkgs' = inputs.nixpkgs; 6 | __inputs__ = inputs.cells.common.lib.__inputs__; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays.nix: -------------------------------------------------------------------------------- 1 | (inputs.flops.lib.haumea.pops.default.setInit { 2 | src = ./overlays; 3 | inputs = { 4 | inherit cell; 5 | inputs = removeAttrs inputs [ "self" ]; 6 | secretsPath = with inputs; "${(std.incl self [ "secrets" ])}/secrets"; 7 | __inputs__ = inputs.cells.common.lib.__inputs__; 8 | }; 9 | }) 10 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/__repl.nix: -------------------------------------------------------------------------------- 1 | { flakePath }: 2 | let 3 | Flake = 4 | if builtins.pathExists flakePath then 5 | (import (fetchTarball { 6 | url = "https://github.com/edolstra/flake-compat/archive/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9.tar.gz"; 7 | sha256 = "1prd9b1xx8c0sfwnyzkspplh30m613j42l1k789s521f4kv4c2z2"; 8 | }) { src = toString flakePath; }).defaultNix 9 | else 10 | { }; 11 | 12 | Channels = Flake.pkgs.${builtins.currentSystem} or ; 13 | 14 | LoadFlake = builtins.getFlake (toString flakePath); 15 | in 16 | { 17 | inherit Channels Flake LoadFlake; 18 | } 19 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/default.nix: -------------------------------------------------------------------------------- 1 | _: final: prev: { 2 | mkWaylandApp = 3 | t: e: f: 4 | prev.stdenv.mkDerivation { 5 | pname = t.pname or t.name + "-mkWaylandApp"; 6 | inherit (t) version; 7 | unpackPhase = "true"; 8 | doBuild = false; 9 | nativeBuildInputs = [ prev.buildPackages.makeWrapper ]; 10 | installPhase = '' 11 | mkdir -p $out/bin 12 | ln -s "${prev.lib.getBin t}/bin/${e}" "$out/bin" 13 | ln -s "${prev.lib.getBin t}/share" "$out/share" 14 | ''; 15 | postFixup = '' 16 | for e in $out/bin/*; do 17 | wrapProgram $e --add-flags ${prev.lib.escapeShellArg f} 18 | done 19 | ''; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/lib.nix: -------------------------------------------------------------------------------- 1 | { secretsPath }: 2 | final: prev: 3 | let 4 | in 5 | { 6 | lib = prev.lib.extend ( 7 | lself: lsuper: { age.file = file: secretsPath + "/${file}"; } 8 | ); 9 | } 10 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/nodePackages.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | final: prev: 3 | let 4 | packages = prev.callPackage ../packages/my-node-packages/plugins.nix { }; 5 | in 6 | { 7 | nodePackages = 8 | prev.nodePackages 9 | // packages 10 | // { 11 | # https://github.com/NixOS/nixpkgs/issues/60057#issuecomment-505781308 12 | # mermaid-cli = packages."@mermaid-js/mermaid-cli".overrideAttrs ( 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/overrides.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.cells.common.lib) __inputs__; 4 | nixpkgs-master = import inputs.nixpkgs-master { 5 | inherit (inputs.nixpkgs) system; 6 | config.allowUnfree = true; 7 | }; 8 | nixpkgs-dropbox = import __inputs__.nixpkgs-dropbox { 9 | inherit (inputs.nixpkgs) system; 10 | config.allowUnfree = true; 11 | }; 12 | in 13 | final: prev: { 14 | inherit (nixpkgs-master) 15 | bibata-cursors 16 | zoom-us 17 | brave 18 | firefox 19 | # onlyoffice-bin 20 | typst-lsp 21 | navi 22 | # darwin packages 23 | ; 24 | 25 | # inherit (inputs.nixpkgs-246661.legacyPackages) 26 | # onlyoffice-bin 27 | # ; 28 | 29 | inherit (nixpkgs-dropbox) dropbox-cli; 30 | 31 | yabai = nixpkgs-master.yabai.overrideAttrs (old: rec { 32 | version = "5.0.3"; 33 | src = prev.fetchzip { 34 | url = "https://github.com/koekeishiya/yabai/releases/download/v${version}/yabai-v${version}.tar.gz"; 35 | sha256 = "sha256-dnUrdCbEN/M4RAr/GH3x10bfr2TUjuomxIUStFK7X9M="; 36 | }; 37 | }); 38 | 39 | python3Override = nixpkgs-master.python3; 40 | } 41 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/packages.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | let 3 | inherit (inputs.cells.common.lib) __inputs__ __utils__; 4 | in 5 | final: prev: { 6 | guangtao-sources = 7 | (prev.callPackage ../packages/_sources/generated.nix { }) 8 | // (prev.callPackage ../packages/emacs/_sources/generated.nix { }); 9 | 10 | material-symbols = prev.callPackage ../packages/material-symbols.nix { }; 11 | 12 | inherit (__inputs__.nickel.packages) lsp-nls; 13 | 14 | nickel = __inputs__.nickel.packages.default; 15 | 16 | inherit (__inputs__.nil.packages) nil; 17 | 18 | inherit (__inputs__.nixpkgs-hardenedlinux.packages) gptcommit; 19 | 20 | nix-init = __inputs__.nix-init.packages.default; 21 | 22 | nixUnstable = inputs.nixos-unstable.legacyPackages.nixUnstable; 23 | # slurp = prev.slurp.overrideAttrs (_: { 24 | # name = "slurp-PR-95"; 25 | # src = __utils__.slurp; 26 | # }); 27 | nrepl = ( 28 | prev.writeShellScriptBin "nrepl" '' 29 | export PATH=${prev.coreutils}/bin:${prev.nixUnstable}/bin:$PATH 30 | if [ -z "$1" ]; then 31 | nix repl --argstr host "$HOST" --argstr flakePath "$PRJ_ROOT" ${./__repl.nix} 32 | else 33 | nix repl --argstr host "$HOST" --argstr flakePath $(readlink -f $1 | sed 's|/flake.nix||') ${./__repl.nix} 34 | fi 35 | '' 36 | ); 37 | } 38 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/python.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | final: prev: { 3 | promnesia = prev.python3Packages.callPackage ../packages/python/promnesia { 4 | orgparse = final.orgparse; 5 | hpi = final.hpi; 6 | }; 7 | orgparse = prev.python3Packages.callPackage ../packages/python/orgparse { }; 8 | hpi = prev.pythonPackages.callPackage ../packages/python/HPI { }; 9 | # chatgpt-wrapper = prev.python3Packages.callPackage ../packages/python/chatgpt-wrapper {}; 10 | } 11 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/vscode-extensions.nix: -------------------------------------------------------------------------------- 1 | { __inputs__ }: 2 | __inputs__.devos-ext-lib.vscode-extensions.overlays.vscode-extensions 3 | -------------------------------------------------------------------------------- /units/std/cells/nixos/overlays/vscode.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | l = inputs.nixpkgs.lib // builtins; 4 | inherit (inputs.cells.common.lib) __inputs__; 5 | in 6 | (final: prev: { 7 | vscode-sources = import ../packages/vscode/_sources/generated.nix { 8 | inherit (inputs.nixpkgs) 9 | fetchgit 10 | fetchurl 11 | fetchFromGitHub 12 | dockerTools 13 | ; 14 | }; 15 | vscode-extensions = prev.lib.recursiveUpdate prev.vscode-extensions ( 16 | final.lib.vscode-utils.builders.with-namespace { srcs = final.vscode-sources; } 17 | ); 18 | }) 19 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | { 3 | inherit (cell.pops.exports.nixpkgs) swww; 4 | } 5 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/emacs/sources.toml: -------------------------------------------------------------------------------- 1 | [acm-terminal] 2 | src.git = "https://github.com/twlz0ne/acm-terminal" 3 | fetch.github = "twlz0ne/acm-terminal" 4 | 5 | [lsp-bridge] 6 | src.git = "https://github.com/manateelazycat/lsp-bridge" 7 | fetch.github = "manateelazycat/lsp-bridge" 8 | 9 | [jinx] 10 | src.git = "https://github.com/minad/jinx" 11 | fetch.github = "minad/jinx" 12 | 13 | [GodTian_Pinyin] 14 | src.git = "https://github.com/whatbeg/GodTian_Pinyin" 15 | fetch.github = "whatbeg/GodTian_Pinyin" 16 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/material-symbols.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenvNoCC, 4 | fetchFromGitHub, 5 | util-linux, 6 | }: 7 | stdenvNoCC.mkDerivation { 8 | pname = "material-symbols"; 9 | version = "unstable-2022-12-05"; 10 | 11 | src = fetchFromGitHub { 12 | owner = "google"; 13 | repo = "material-design-icons"; 14 | rev = "c764ca99a5f24cfca7f97d98a92b259b92f903da"; 15 | sha256 = "sha256-J45TND4CowFCaEcybFNSI3AgyqdgvzMuTKCozh+gDe0="; 16 | sparseCheckout = [ "variablefont" ]; 17 | }; 18 | 19 | nativeBuildInputs = [ util-linux ]; 20 | 21 | installPhase = '' 22 | runHook preInstall 23 | 24 | rename '[FILL,GRAD,opsz,wght]' "" variablefont/* 25 | install -Dm755 variablefont/*.ttf -t $out/share/fonts/TTF 26 | install -Dm755 variablefont/*.woff2 -t $out/share/fonts/woff2 27 | 28 | runHook postInstall 29 | ''; 30 | 31 | meta = with lib; { 32 | description = "Material Symbols icons by Google"; 33 | homepage = "https://fonts.google.com/icons"; 34 | license = lib.licenses.asl20; 35 | maintainers = with maintainers; [ fufexan ]; 36 | platforms = platforms.all; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/my-node-packages/packages.json: -------------------------------------------------------------------------------- 1 | ["roughjs", "jsdom"] 2 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/my-node-packages/plugins.nix: -------------------------------------------------------------------------------- 1 | # This file has been generated by node2nix 1.11.1. Do not edit! 2 | { 3 | pkgs ? import { inherit system; }, 4 | system ? builtins.currentSystem, 5 | nodejs ? pkgs."nodejs-10_x", 6 | }: 7 | let 8 | nodeEnv = import ./node-env.nix { 9 | inherit (pkgs) 10 | stdenv 11 | lib 12 | python2 13 | runCommand 14 | writeTextFile 15 | writeShellScript 16 | ; 17 | inherit pkgs nodejs; 18 | libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; 19 | }; 20 | in 21 | import ./node-packages.nix { 22 | inherit (pkgs) 23 | fetchurl 24 | nix-gitignore 25 | stdenv 26 | lib 27 | fetchgit 28 | ; 29 | inherit nodeEnv; 30 | } 31 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/my-node-packages/upgrade.sh: -------------------------------------------------------------------------------- 1 | # /bin/sh 2 | # run inside nix-shell -p nodePackages.node2nix 3 | 4 | cmd="node2nix -10 -i packages.json -c plugins.nix" 5 | 6 | if ! type "node2nix" &>/dev/null; then 7 | nix-shell -p nodePackages.node2nix --run "$cmd" 8 | else 9 | $cmd 10 | fi 11 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/python/HPI/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | python3Packages, 4 | fetchurl, 5 | guangtao-sources, 6 | }: 7 | with python3Packages; 8 | python3Packages.buildPythonPackage rec { 9 | inherit (guangtao-sources.HPI) pname version src; 10 | 11 | propagatedBuildInputs = with python3Packages; [ 12 | pandas 13 | appdirs 14 | more-itertools 15 | mypy 16 | decorator 17 | setuptools_scm 18 | click 19 | ]; 20 | 21 | makeWrapperArgs = [ "--prefix PYTHONPATH : $PYTHONPATH" ]; 22 | 23 | doCheck = false; 24 | 25 | meta = with lib; { 26 | description = "Human Programming Interface 🧑👽🤖"; 27 | homepage = "https://github.com/karlicoss/HPI"; 28 | license = licenses.asl20; 29 | maintainers = with maintainers; [ gtrunsec ]; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/python/chatgpt-wrapper/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | python3Packages, 4 | fetchurl, 5 | guangtao-sources, 6 | }: 7 | with python3Packages; 8 | python3Packages.buildPythonPackage rec { 9 | inherit (guangtao-sources.chatgpt-wrapper) pname version src; 10 | 11 | propagatedBuildInputs = with python3Packages; [ 12 | playwright 13 | gnureadline 14 | rich 15 | ]; 16 | 17 | patches = [ ./linux.patch ]; 18 | 19 | doCheck = false; 20 | } 21 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/python/chatgpt-wrapper/linux.patch: -------------------------------------------------------------------------------- 1 | diff --git a/requirements.txt b/requirements.txt 2 | index d829b46..022230c 100644 3 | --- a/requirements.txt 4 | +++ b/requirements.txt 5 | @@ -1,4 +1,2 @@ 6 | playwright 7 | -readline; platform_system=="Linux" 8 | -pyreadline3; platform_system=="Windows" 9 | rich 10 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/python/orgparse/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | python3Packages, 4 | fetchurl, 5 | guangtao-sources, 6 | }: 7 | with python3Packages; 8 | python3Packages.buildPythonPackage rec { 9 | inherit (guangtao-sources.orgparse) pname version src; 10 | 11 | propagatedBuildInputs = with python3Packages; [ setuptools_scm ]; 12 | 13 | doCheck = false; 14 | 15 | meta = with lib; { 16 | description = "Python module for reading Emacs org-mode files"; 17 | homepage = "https://github.com/karlicoss/orgparse"; 18 | license = licenses.asl20; 19 | maintainers = with maintainers; [ gtrunsec ]; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /units/std/cells/nixos/packages/wezterm/appimage.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenv, 4 | fetchurl, 5 | appimageTools, 6 | guangtao-sources, 7 | }: 8 | let 9 | pname = "wezterm"; 10 | appimageContents = appimageTools.extractType2 { 11 | inherit pname; 12 | inherit (guangtao-sources.wezterm-appimage) version src; 13 | }; 14 | in 15 | appimageTools.wrapType2 rec { 16 | inherit pname; 17 | inherit (guangtao-sources.wezterm-appimage) version src; 18 | 19 | extraPkgs = pkgs: with pkgs; [ ]; 20 | 21 | extraInstallCommands = '' 22 | mv $out/bin/${pname}-${version} $out/bin/${pname} 23 | install -m 444 -D ${appimageContents}/${pname}.desktop $out/share/applications/${pname}.desktop 24 | substituteInPlace $out/share/applications/${pname}.desktop \ 25 | --replace 'Exec=AppRun' 'Exec=${pname}' 26 | ''; 27 | } 28 | -------------------------------------------------------------------------------- /units/std/cells/nixos/pops.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.flops.lib.configs) pops; 4 | inherit (inputs.flops.inputs) POP; 5 | l = inputs.nixpkgs.lib // builtins; 6 | in 7 | ( 8 | (pops.default.setInitRecipes { 9 | overlays = cell.overlays; 10 | nixosModules = cell.nixosModules; 11 | nixosProfiles = cell.nixosProfiles; 12 | darwinProfiles = cell.darwinProfiles; 13 | homeProfiles = cell.homeProfiles; 14 | homeModules = cell.homeModules; 15 | }).addExporters 16 | [ 17 | (POP.lib.extendPop pops.exporter ( 18 | self: super: { 19 | exports = { 20 | overlays = self.recipes.overlays.outputsForTarget.default; 21 | 22 | nixpkgs = inputs.nixpkgs.appendOverlays (l.attrValues self.exports.overlays); 23 | 24 | darwinProfiles = self.recipes.darwinProfiles.outputsForTarget.default; 25 | nixosProfiles = self.recipes.nixosProfiles.outputsForTarget.default; 26 | homeProfiles = self.recipes.homeProfiles.outputsForTarget.default; 27 | 28 | nixosModules.default = 29 | self.recipes.nixosModules.default.outputsForTarget.default; 30 | nixosModules.outputs = 31 | self.recipes.nixosModules.outputs.outputsForTarget.default; 32 | homeModules.default = self.recipes.homeModules.default.outputsForTarget.default; 33 | }; 34 | } 35 | )) 36 | ] 37 | ) 38 | -------------------------------------------------------------------------------- /units/std/cells/nixos/scripts/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs.std-ext.writers.lib) writeShellApplication; 4 | 5 | inherit (inputs) nixpkgs; 6 | l = inputs.nixpkgs.lib // builtins; 7 | in 8 | { 9 | swww-random = writeShellApplication { 10 | name = "swww-random"; 11 | runtimeInputs = with inputs.nixpkgs; [ cell.packages.swww ]; 12 | text = l.fileContents ./swww_randomize.sh; 13 | }; 14 | hyprland-window = writeShellApplication { 15 | name = "hyprland-window"; 16 | runtimeInputs = with inputs.nixpkgs; [ nixpkgs.jq ]; 17 | text = l.fileContents ./hyprland_window.sh; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /units/std/cells/nixos/scripts/fcitx5-init.sh: -------------------------------------------------------------------------------- 1 | cp -r $PRJ_ROOT/profiles/fcitx5/{profile,conf,config} ~/.config/fcitx5 2 | cp -r $PRJ_ROOT/profiles/fcitx5/themes ~/.local/share/fcitx5/ 3 | -------------------------------------------------------------------------------- /units/std/cells/nixos/scripts/init-kubevela.bash: -------------------------------------------------------------------------------- 1 | helm repo add kubevela https://kubevela.github.io/charts 2 | helm repo update 3 | helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wait --kubeconfig /etc/rancher/k3s/k3s 4 | .yaml 5 | 6 | # VelaUX needs authentication. The default 7 | # username is admin and the password is VelaUX12345. Please must set and remember the new password after the first login. 8 | -------------------------------------------------------------------------------- /units/std/cells/repo/configs.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | with inputs.std.inputs.dmerge; 3 | let 4 | cfg = { 5 | inherit (cell.pops.configs.exports.default) treefmt lefthook conform; 6 | }; 7 | inherit (cell.pops.configs.exports.stdNixago) treefmt lefthook conform; 8 | in 9 | { 10 | lefthook = { 11 | inherit (lefthook) default; 12 | }; 13 | treefmt = { 14 | default = (treefmt.default cfg.treefmt.nvfetcher); 15 | }; 16 | conform = rec { 17 | default = conform.default custom; 18 | }; 19 | 20 | just = { 21 | data = { 22 | tasks = import ./configs/justfile.nix { inherit inputs cell; }; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /units/std/cells/repo/configs/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs) std; 4 | 5 | l = inputs.nixpkgs.lib // builtins; 6 | in 7 | { 8 | just = { 9 | data = { 10 | tasks = import ./justfile.nix { inherit inputs cell; }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /units/std/cells/repo/devshellProfiles.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs) nixpkgs; 4 | 5 | terraform-providers-bin = inputs.terraform-providers.legacyPackages.providers; 6 | 7 | terraform-with-plugins = nixpkgs.terraform.withPlugins ( 8 | p: nixpkgs.lib.attrValues (providers p) 9 | ); 10 | 11 | providers = p: { 12 | inherit (terraform-providers-bin.hashicorp) nomad aws template; 13 | inherit (terraform-providers-bin.dmacvicar) libvirt; 14 | inherit (terraform-providers-bin.carlpett) sops; 15 | inherit (terraform-providers-bin.cloudflare) cloudflare; 16 | }; 17 | in 18 | { 19 | terraform = { 20 | commands = [ 21 | { 22 | package = terraform-with-plugins // { 23 | meta.name = "terraform"; 24 | }; 25 | } 26 | ]; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /units/std/cells/repo/nixosProfiles/auto-upgrade.nix: -------------------------------------------------------------------------------- 1 | { 2 | system.autoUpgrade = { 3 | enable = true; 4 | dates = "07:00"; 5 | flake = "github:gtrunsec/hive"; 6 | allowReboot = true; 7 | persistent = true; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /units/std/cells/repo/nixosProfiles/default.nix: -------------------------------------------------------------------------------- 1 | { auto-upgrade = ./auto-upgrade.nix; } 2 | -------------------------------------------------------------------------------- /units/std/cells/repo/packages.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | in 4 | { 5 | inherit (inputs.colmena.packages) colmena; 6 | } 7 | -------------------------------------------------------------------------------- /units/std/cells/repo/pops.nix: -------------------------------------------------------------------------------- 1 | { inputs, cell }: 2 | let 3 | inherit (inputs) nixpkgs; 4 | inherit (inputs.hivebus.inputs) omnibus; 5 | inputs' = (omnibus.pops.flake.setSystem nixpkgs.system).inputs; 6 | in 7 | # inherit (omnibus.pops.self.load.inputs) POP flops; 8 | { 9 | configs = omnibus.pops.configs { 10 | inputs = { 11 | inputs = { 12 | inherit (inputs') nixfmt topiary nur; 13 | inherit (inputs) std; 14 | inherit nixpkgs; 15 | }; 16 | }; 17 | }; 18 | } 19 | --------------------------------------------------------------------------------