├── .editorconfig ├── .envrc ├── .git-blame-ignore-revs ├── .gitattributes ├── .gitignore ├── .hydra.json ├── .sops.yaml ├── LICENSE ├── README.md ├── deploy.sh ├── flake.lock ├── flake.nix ├── home └── gabriel │ ├── alcyone.nix │ ├── atlas.nix │ ├── celaeno.nix │ ├── electra.nix │ ├── features │ ├── cli │ │ ├── bash.nix │ │ ├── bat.nix │ │ ├── default.nix │ │ ├── direnv.nix │ │ ├── fish │ │ │ ├── bindings.nix │ │ │ ├── default.nix │ │ │ ├── get-bash-completions.sh │ │ │ ├── tide.nix │ │ │ └── up-or-search.fish │ │ ├── fzf.nix │ │ ├── gh.nix │ │ ├── git.nix │ │ ├── gpg-commands.nix │ │ ├── gpg.nix │ │ ├── jira.nix │ │ ├── jujutsu.nix │ │ ├── lyrics.nix │ │ ├── nix-index.nix │ │ ├── nushell.nix │ │ ├── pfetch.nix │ │ ├── ssh.nix │ │ └── xpo.nix │ ├── desktop │ │ ├── common │ │ │ ├── default.nix │ │ │ ├── deluge.nix │ │ │ ├── discord.nix │ │ │ ├── dragon.nix │ │ │ ├── firefox.nix │ │ │ ├── font.nix │ │ │ ├── gtk.nix │ │ │ ├── kdeconnect.nix │ │ │ ├── pavucontrol.nix │ │ │ ├── playerctl.nix │ │ │ ├── qt.nix │ │ │ ├── qtstyleplugins-gtk3-key.patch │ │ │ ├── sublime-music.nix │ │ │ └── wayland-wm │ │ │ │ ├── alacritty.nix │ │ │ │ ├── cliphist.nix │ │ │ │ ├── default.nix │ │ │ │ ├── gammastep.nix │ │ │ │ ├── imv.nix │ │ │ │ ├── mako.nix │ │ │ │ ├── qutebrowser.nix │ │ │ │ ├── swayosd.nix │ │ │ │ ├── waybar.nix │ │ │ │ ├── waypipe.nix │ │ │ │ ├── wofi-run-shell.patch │ │ │ │ ├── wofi.nix │ │ │ │ └── zathura.nix │ │ ├── gnome │ │ │ └── default.nix │ │ ├── hyprland │ │ │ ├── autostart-tty1.nix │ │ │ ├── basic-binds.nix │ │ │ ├── default.nix │ │ │ ├── hyprbars.nix │ │ │ ├── hypridle.nix │ │ │ ├── hyprlock.nix │ │ │ └── hyprpaper.nix │ │ └── wireless │ │ │ └── default.nix │ ├── games │ │ ├── default.nix │ │ ├── factorio.nix │ │ ├── mangohud.nix │ │ ├── osu.nix │ │ ├── prism-launcher.nix │ │ ├── runescape.nix │ │ ├── shadps4.nix │ │ ├── star-citizen.nix │ │ └── steam.nix │ ├── helix │ │ ├── default.nix │ │ └── theme.nix │ ├── pass │ │ └── default.nix │ ├── productivity │ │ ├── calendar.nix │ │ ├── default.nix │ │ ├── khal.nix │ │ ├── khard.nix │ │ ├── mail.nix │ │ ├── neomutt.nix │ │ ├── oama.nix │ │ ├── syncthing.nix │ │ └── todoman.nix │ └── rgb │ │ └── default.nix │ ├── generic.nix │ ├── global │ └── default.nix │ ├── maia.nix │ ├── merope.nix │ ├── nixpkgs.nix │ ├── pgp.asc │ ├── ssh.pub │ └── taygeta.nix ├── hosts ├── alcyone │ ├── default.nix │ ├── hardware-configuration.nix │ ├── secrets.yaml │ ├── services │ │ ├── cgit │ │ │ ├── .gitignore │ │ │ ├── cgit.scss │ │ │ ├── default.nix │ │ │ ├── head.html │ │ │ └── nav.html │ │ ├── cincobola.nix │ │ ├── default.nix │ │ ├── files-server.nix │ │ ├── firefly.nix │ │ ├── git-remote.nix │ │ ├── grafana │ │ │ ├── dashboards │ │ │ │ └── hosts.json │ │ │ └── default.nix │ │ ├── headscale.nix │ │ ├── mail.nix │ │ ├── prometheus.nix │ │ ├── radicale.nix │ │ └── website │ │ │ ├── default.nix │ │ │ ├── scripts │ │ │ ├── nix-installer.sh │ │ │ └── setup-gpg.sh │ │ │ ├── shortner.nix │ │ │ └── themes.nix │ └── ssh_host_ed25519_key.pub ├── atlas │ ├── default.nix │ ├── hardware-configuration.nix │ └── ssh_host_ed25519_key.pub ├── celaeno │ ├── default.nix │ ├── hardware-configuration.nix │ ├── secrets.yaml │ ├── services │ │ ├── binary-cache.nix │ │ ├── default.nix │ │ ├── disconic.nix │ │ ├── hydra │ │ │ ├── default.nix │ │ │ └── machines.nix │ │ └── paste-misterio-me.nix │ └── ssh_host_ed25519_key.pub ├── common │ ├── global │ │ ├── acme.nix │ │ ├── auto-upgrade.nix │ │ ├── default.nix │ │ ├── fish.nix │ │ ├── gamemode.nix │ │ ├── kdeconnect.nix │ │ ├── locale.nix │ │ ├── nix-ld.nix │ │ ├── nix.nix │ │ ├── openssh.nix │ │ ├── optin-persistence.nix │ │ ├── podman.nix │ │ ├── prometheus-node-exporter.nix │ │ ├── sops.nix │ │ ├── ssh-serve-store.nix │ │ ├── steam-hardware.nix │ │ ├── swappiness.nix │ │ ├── systemd-initrd.nix │ │ ├── tailscale.nix │ │ ├── tpm.nix │ │ └── upower.nix │ ├── optional │ │ ├── docker.nix │ │ ├── eduroam-cert.pem │ │ ├── encrypted-root.nix │ │ ├── ephemeral-btrfs.nix │ │ ├── fail2ban.nix │ │ ├── gamemode.nix │ │ ├── gnome.nix │ │ ├── greetd.nix │ │ ├── lxd.nix │ │ ├── mysql.nix │ │ ├── nginx.nix │ │ ├── pantheon.nix │ │ ├── peripherals.nix │ │ ├── pipewire.nix │ │ ├── postgres.nix │ │ ├── quietboot.nix │ │ ├── secure-boot.nix │ │ ├── starcitizen-fixes.nix │ │ ├── systemd-boot.nix │ │ ├── tailscale-exit-node.nix │ │ ├── tlp.nix │ │ ├── wireless.nix │ │ ├── wireshark.nix │ │ └── x11-no-suspend.nix │ ├── secrets.yaml │ └── users │ │ ├── gabriel │ │ └── default.nix │ │ └── layla │ │ ├── default.nix │ │ └── packages.nix ├── maia │ ├── default.nix │ ├── hardware-configuration.nix │ └── ssh_host_ed25519_key.pub ├── merope │ ├── default.nix │ ├── hardware-configuration.nix │ ├── secrets.yaml │ ├── services │ │ ├── default.nix │ │ ├── deluge.nix │ │ ├── files-server.nix │ │ └── navidrome.nix │ └── ssh_host_ed25519_key.pub └── taygeta │ ├── default.nix │ ├── hardware-configuration.nix │ ├── secrets.yaml │ ├── services │ ├── default.nix │ └── minecraft │ │ ├── aikar-flags.nix │ │ ├── default.nix │ │ ├── ops.nix │ │ ├── servers │ │ └── gtnh │ │ │ ├── default.nix │ │ │ └── gtnh.nix │ │ └── whitelist.nix │ └── ssh_host_ed25519_key.pub ├── hydra.nix ├── modules ├── home-manager │ ├── calendar-changes.nix │ ├── colors.nix │ ├── default.nix │ ├── fonts.nix │ ├── monitors.nix │ ├── oama.nix │ ├── pass-secret-service.nix │ ├── vdirsyncer.nix │ ├── wallpaper.nix │ └── xpo.nix └── nixos │ ├── default.nix │ ├── hydra-auto-upgrade.nix │ ├── openrgb.nix │ └── satisfactory.nix ├── overlays ├── default.nix ├── hydra-restrict-eval.diff ├── ltex-change-lang-command.diff ├── pass-secret-service-native.diff ├── pass-wlclipboard-secret.diff ├── qutebrowser-refresh-tab-colorscheme.patch ├── vdirsyncer-fixed-oauth-token.patch ├── vim-numbertoggle-command-mode.patch └── wl-clipboard-secrets.diff ├── pkgs ├── default.nix ├── formats │ └── default.nix ├── lyrics │ ├── default.nix │ └── fix-config-in-build-phase.diff ├── minicava │ └── default.nix ├── pass-wofi │ ├── default.nix │ └── pass-wofi.sh ├── plymouth-spinner-monochrome │ ├── default.nix │ └── src │ │ ├── animation-0001.png │ │ ├── animation-0002.png │ │ ├── animation-0003.png │ │ ├── animation-0004.png │ │ ├── animation-0005.png │ │ ├── animation-0006.png │ │ ├── animation-0007.png │ │ ├── animation-0008.png │ │ ├── animation-0009.png │ │ ├── animation-0010.png │ │ ├── animation-0011.png │ │ ├── animation-0012.png │ │ ├── animation-0013.png │ │ ├── animation-0014.png │ │ ├── animation-0015.png │ │ ├── animation-0016.png │ │ ├── animation-0017.png │ │ ├── animation-0018.png │ │ ├── animation-0019.png │ │ ├── animation-0020.png │ │ ├── animation-0021.png │ │ ├── animation-0022.png │ │ ├── animation-0023.png │ │ ├── animation-0024.png │ │ ├── animation-0025.png │ │ ├── animation-0026.png │ │ ├── animation-0027.png │ │ ├── animation-0028.png │ │ ├── animation-0029.png │ │ ├── animation-0030.png │ │ ├── animation-0031.png │ │ ├── animation-0032.png │ │ ├── animation-0033.png │ │ ├── animation-0034.png │ │ ├── animation-0035.png │ │ ├── animation-0036.png │ │ ├── bullet.png │ │ ├── capslock.png │ │ ├── entry.png │ │ ├── keyboard.png │ │ ├── keymap-render.png │ │ ├── lock.png │ │ ├── spinner-monochrome.plymouth │ │ ├── throbber-0001.png │ │ ├── throbber-0002.png │ │ ├── throbber-0003.png │ │ ├── throbber-0004.png │ │ ├── throbber-0005.png │ │ ├── throbber-0006.png │ │ ├── throbber-0007.png │ │ ├── throbber-0008.png │ │ ├── throbber-0009.png │ │ ├── throbber-0010.png │ │ ├── throbber-0011.png │ │ ├── throbber-0012.png │ │ ├── throbber-0013.png │ │ ├── throbber-0014.png │ │ ├── throbber-0015.png │ │ ├── throbber-0016.png │ │ ├── throbber-0017.png │ │ ├── throbber-0018.png │ │ ├── throbber-0019.png │ │ ├── throbber-0020.png │ │ ├── throbber-0021.png │ │ ├── throbber-0022.png │ │ ├── throbber-0023.png │ │ ├── throbber-0024.png │ │ ├── throbber-0025.png │ │ ├── throbber-0026.png │ │ ├── throbber-0027.png │ │ ├── throbber-0028.png │ │ ├── throbber-0029.png │ │ └── throbber-0030.png ├── vim-plugins │ ├── default.nix │ ├── gemini-vim-syntax │ │ └── default.nix │ ├── hunk-nvim │ │ └── default.nix │ ├── mermaid-vim │ │ └── default.nix │ ├── nvim-femaco │ │ └── default.nix │ ├── vim-medieval │ │ ├── default.nix │ │ └── preview-instead-of-scratch.patch │ └── vim-syntax-shakespeare │ │ └── default.nix └── xpo │ ├── default.nix │ └── xpo.sh ├── shell.nix └── templates └── python ├── .gitignore ├── README.md ├── flake.nix ├── foo_bar ├── __init__.py └── __main__.py ├── pyproject.toml └── tests └── example.py /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | end_of_line = lf 5 | insert_final_newline = true 6 | charset = utf-8 7 | trim_trailing_whitespace = true 8 | 9 | [*.nix] 10 | ident_style = space 11 | ident_size = 2 12 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /.git-blame-ignore-revs: -------------------------------------------------------------------------------- 1 | # Formatted entire codebase with nixfmt-rfc-style 2 | 25e54c1dc514f544199a0cdc1ddb3ce44330b003 3 | # Formatted with alejandra 4 | 7885b414a4390773ce99ae88e248140b8f1d7de0 5 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | nixos/hosts/*/secrets/*.yaml diff=sopsdiffer 2 | nixos/common/secrets/*.yaml diff=sopsdiffer 3 | nix linguist-generated=true 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | result* 3 | *.qcow2 4 | .nixie 5 | -------------------------------------------------------------------------------- /.hydra.json: -------------------------------------------------------------------------------- 1 | { 2 | "main": { 3 | "enabled": 1, 4 | "type": 1, 5 | "hidden": false, 6 | "description": "Build main branch", 7 | "flake": "git://m7.rs/nix-config?ref=main", 8 | "checkinterval": 60, 9 | "schedulingshares": 10, 10 | "enableemail": false, 11 | "emailoverride": "", 12 | "keepnr": 1 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | keys: 2 | # Users 3 | - &users: 4 | - &misterio 7088C7421873E0DB97FF17C2245CAB70B4C225E9 5 | # Hosts 6 | - &hosts: 7 | - &atlas age1hm5lf4qk84r4wh00atn6hpts7mpdx80adq26wht2e5qh9ewvhyaszfv82d 8 | - &merope age1709qfrwglm75v5x8lpuhryt83k6p6c90npplzzec6a5w8ct93ejscpqpc3 9 | - &alcyone age1uxvuygmvwpfjrd9d3ulg6ln8dgvaw4l2c90mw0tr72qg3n8vd9ns3dm000 10 | - &celaeno age1gxhy9eq38xfplay0kvkeyvsg96g0c4p6rkhajkrj8nc9dswdzqhssgvns0 11 | - &taygeta age1szxq4pz3wuxrs5ynqt3gys4wxslg27lr67smsqvg5guhap800szs3y73vd 12 | - &maia age150kp4hx4qzfpcxayyfh8xcv8nf0uudppsknwgzgj724djqup2qvqz2gwj5 13 | creation_rules: 14 | - path_regex: hosts/taygeta/secrets.ya?ml$ 15 | key_groups: 16 | - age: 17 | - *taygeta 18 | pgp: 19 | - *misterio 20 | - path_regex: hosts/celaeno/secrets.ya?ml$ 21 | key_groups: 22 | - age: 23 | - *celaeno 24 | pgp: 25 | - *misterio 26 | - path_regex: hosts/alcyone/secrets.ya?ml$ 27 | key_groups: 28 | - age: 29 | - *alcyone 30 | pgp: 31 | - *misterio 32 | - path_regex: hosts/merope/secrets.ya?ml$ 33 | key_groups: 34 | - age: 35 | - *merope 36 | pgp: 37 | - *misterio 38 | 39 | - path_regex: hosts/common/secrets.ya?ml$ 40 | key_groups: 41 | - age: 42 | - *atlas 43 | - *merope 44 | - *alcyone 45 | - *celaeno 46 | - *taygeta 47 | - *maia 48 | pgp: 49 | - *misterio 50 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2021 Gabriel Fontes 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /deploy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | export NIX_SSHOPTS="-A" 3 | 4 | build_remote=false 5 | 6 | hosts="$1" 7 | shift 8 | 9 | if [ -z "$hosts" ]; then 10 | echo "No hosts to deploy" 11 | exit 2 12 | fi 13 | 14 | for host in ${hosts//,/ }; do 15 | nixos-rebuild --flake .\#$host switch --target-host $host --use-remote-sudo --use-substitutes $@ 16 | done 17 | -------------------------------------------------------------------------------- /home/gabriel/alcyone.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [./global]; 3 | # Yellow 4 | wallpaper = pkgs.inputs.themes.wallpapers.lake-houses-sunset-gold; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/atlas.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | ... 4 | }: { 5 | imports = [ 6 | ./global 7 | ./features/desktop/hyprland 8 | ./features/desktop/wireless 9 | ./features/rgb 10 | ./features/productivity 11 | ./features/pass 12 | ./features/games 13 | ./features/games/star-citizen.nix 14 | ./features/games/shadps4.nix 15 | ]; 16 | 17 | # Red 18 | wallpaper = pkgs.inputs.themes.wallpapers.aenami-dawn; 19 | 20 | # ------ ----- ------ 21 | # | DP-3 | | DP-1| | DP-2 | 22 | # ------ ----- ------ 23 | monitors = [ 24 | { 25 | name = "DP-1"; 26 | width = 2560; 27 | height = 1080; 28 | workspace = "1"; 29 | primary = true; 30 | } 31 | { 32 | name = "DP-2"; 33 | width = 1920; 34 | height = 1080; 35 | position = "auto-right"; 36 | workspace = "2"; 37 | } 38 | ]; 39 | } 40 | -------------------------------------------------------------------------------- /home/gabriel/celaeno.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [./global]; 3 | # Salmon 4 | wallpaper = pkgs.inputs.themes.wallpapers.abstract-salmon-blue; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/electra.nix: -------------------------------------------------------------------------------- 1 | {pkgs, lib, config, inputs, ...}: { 2 | imports = [ 3 | ./global 4 | ./features/desktop/hyprland 5 | ./features/pass 6 | ]; 7 | home.persistence."/persist/${config.home.homeDirectory}" = lib.mkForce {}; 8 | home.username = "gabriel"; 9 | home.packages = [ 10 | pkgs.juju 11 | pkgs.sshuttle 12 | pkgs.lxd-lts 13 | ]; 14 | 15 | targets.genericLinux.enable = true; 16 | nixGL = { 17 | packages = inputs.nix-gl.packages; 18 | defaultWrapper = "mesa"; 19 | installScripts = ["mesa"]; 20 | vulkan.enable = true; 21 | }; 22 | 23 | # Local configuration file overrides for git and SSH 24 | # The guys over at $WORK don't like me mentioning my work email or hostnames 25 | # in github :( 26 | programs.git.includes = [{ path = "local.conf"; }]; 27 | programs.ssh.includes = ["local.conf"]; 28 | 29 | monitors = [ 30 | { 31 | name = "eDP-1"; 32 | width = 1920; 33 | height = 1080; 34 | workspace = "1"; 35 | primary = true; 36 | } 37 | { 38 | name = "HDMI-A-1"; 39 | width = 1920; 40 | height = 1080; 41 | workspace = "2"; 42 | position = "auto-left"; 43 | } 44 | ]; 45 | # Green 46 | wallpaper = pkgs.inputs.themes.wallpapers.aenami-northern-lights; 47 | } 48 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/bash.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.bash = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/bat.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.bat = { 3 | enable = true; 4 | config.theme = "base16"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [ 3 | ./fish 4 | 5 | ./bash.nix 6 | ./bat.nix 7 | ./direnv.nix 8 | ./gh.nix 9 | ./git.nix 10 | ./gpg.nix 11 | ./jujutsu.nix 12 | ./lyrics.nix 13 | ./nushell.nix 14 | ./nix-index.nix 15 | ./pfetch.nix 16 | ./ssh.nix 17 | ./xpo.nix 18 | ./fzf.nix 19 | ./jira.nix 20 | ]; 21 | home.packages = with pkgs; [ 22 | comma # Install and run programs by sticking a , before them 23 | distrobox # Nice escape hatch, integrates docker images with my environment 24 | 25 | bc # Calculator 26 | bottom # System viewer 27 | ncdu # TUI disk usage 28 | eza # Better ls 29 | ripgrep # Better grep 30 | fd # Better find 31 | httpie # Better curl 32 | jq # JSON pretty printer and manipulator 33 | timer # To help with my ADHD paralysis 34 | viddy # Better watch 35 | 36 | nixd # Nix LSP 37 | alejandra # Nix formatter 38 | nixfmt-rfc-style 39 | nvd # Differ 40 | nix-diff # Differ, more detailed 41 | nix-output-monitor 42 | nh # Nice wrapper for NixOS and HM 43 | ]; 44 | } 45 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/direnv.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.direnv = { 3 | enable = true; 4 | nix-direnv.enable = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/fish/bindings.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | ... 6 | }: 7 | let 8 | useHelix = config.programs.helix.enable; 9 | in 10 | { 11 | programs.fish = { 12 | interactiveShellInit = '' 13 | fish_vi_key_bindings 14 | ${lib.optionalString useHelix "fish_helix_key_bindings"} 15 | set fish_cursor_default block blink 16 | set fish_cursor_insert line blink 17 | set fish_cursor_replace_one underscore blink 18 | set fish_cursor_visual block 19 | ''; 20 | plugins = lib.optional useHelix { 21 | name = "fish-helix"; 22 | src = pkgs.fetchFromGitHub { 23 | owner = "sshilovsky"; 24 | repo = "fish-helix"; 25 | rev = "8a5c7999ec67ae6d70de11334aa888734b3af8d7"; 26 | hash = "sha256-04cL9/m5v0/5dkqz0tEqurOY+5sDjCB5mMKvqgpV4vM="; 27 | }; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/fish/get-bash-completions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Author: Brian Beffa 3 | # Original source: https://brbsix.github.io/2015/11/29/accessing-tab-completion-programmatically-in-bash/ 4 | # License: LGPLv3 (http://www.gnu.org/licenses/lgpl-3.0.txt) 5 | # 6 | 7 | get_completions(){ 8 | local completion COMP_CWORD COMP_LINE COMP_POINT COMP_WORDS COMPREPLY=() 9 | 10 | COMP_LINE=$* 11 | COMP_POINT=${#COMP_LINE} 12 | 13 | eval set -- "$@" 14 | 15 | COMP_WORDS=("$@") 16 | 17 | # add '' to COMP_WORDS if the last character of the command line is a space 18 | [[ ${COMP_LINE[@]: -1} = ' ' ]] && COMP_WORDS+=('') 19 | 20 | # index of the last word 21 | COMP_CWORD=$(( ${#COMP_WORDS[@]} - 1 )) 22 | 23 | # load completion 24 | _comp_load -D -- "$1" 25 | 26 | # detect completion 27 | completion=$(complete -p "$1" 2>/dev/null | awk '{print $(NF-1)}') 28 | 29 | # ensure completion was detected 30 | [[ -n $completion ]] || return 1 31 | 32 | # execute completion function 33 | "$completion" 34 | 35 | # print completions to stdout 36 | for ((i = 0; i < ${#COMPREPLY[@]}; i++)); do 37 | echo "${COMPREPLY[$i]%%*( )}" 38 | done 39 | } 40 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/fish/up-or-search.fish: -------------------------------------------------------------------------------- 1 | # Merge history upon doing up-or-search 2 | # This lets multiple fish instances share history 3 | if commandline --search-mode 4 | commandline -f history-search-backward 5 | return 6 | end 7 | if commandline --paging-mode 8 | commandline -f up-line 9 | return 10 | end 11 | 12 | set -l lineno (commandline -L) 13 | 14 | switch $lineno 15 | case 1 16 | commandline -f history-search-backward 17 | # Here we go 18 | history merge 19 | case '*' 20 | commandline -f up-line 21 | end 22 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/fzf.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.fzf = { 3 | enable = true; 4 | defaultOptions = ["--color 16"]; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/gh.nix: -------------------------------------------------------------------------------- 1 | {pkgs, config, ...}: { 2 | programs.gh = { 3 | enable = true; 4 | extensions = with pkgs; [gh-markdown-preview]; 5 | settings = { 6 | version = "1"; 7 | git_protocol = "ssh"; 8 | prompt = "enabled"; 9 | }; 10 | }; 11 | home.persistence = { 12 | "/persist/${config.home.homeDirectory}".files = [".config/gh/hosts.yml"]; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/git.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | ssh = "${pkgs.openssh}/bin/ssh"; 8 | 9 | git-m7 = pkgs.writeShellScriptBin "git-m7" '' 10 | case "''${1:-ls}" in 11 | ls) 12 | ${ssh} -TA git@m7.rs ls | grep '\.git$' 13 | ;; 14 | init) 15 | name="''${2:-$(basename "$PWD")}" 16 | ${ssh} -TA git@m7.rs << EOF 17 | git init --bare "$name.git" 18 | git -C "$name.git" branch -m main 19 | EOF 20 | git remote add origin git@m7.rs:"$name.git" 21 | ;; 22 | *) 23 | repo="$(git remote -v | grep git@m7.rs | head -1 | cut -d ':' -f2 | cut -d ' ' -f1)" 24 | if [[ "$repo" != *".git" ]]; then repo="$repo.git"; fi 25 | ${ssh} -TA git@m7.rs git -C "/srv/git/$repo" "$@" 26 | ;; 27 | esac 28 | ''; 29 | # git commit --amend, but for older commits 30 | git-fixup = pkgs.writeShellScriptBin "git-fixup" '' 31 | rev="$(git rev-parse "$1")" 32 | git commit --fixup "$@" 33 | GIT_SEQUENCE_EDITOR=true git rebase -i --autostash --autosquash $rev^ 34 | ''; 35 | in { 36 | home.packages = [ 37 | git-m7 38 | git-fixup 39 | ]; 40 | programs.git = { 41 | enable = true; 42 | package = pkgs.gitAndTools.gitFull; 43 | aliases = { 44 | p = "pull --ff-only"; 45 | ff = "merge --ff-only"; 46 | graph = "log --decorate --oneline --graph"; 47 | pushall = "!git remote | xargs -L1 git push --all"; 48 | add-nowhitespace = "!git diff -U0 -w --no-color | git apply --cached --ignore-whitespace --unidiff-zero -"; 49 | }; 50 | userName = "Gabriel Fontes"; 51 | userEmail = lib.mkDefault "hi@m7.rs"; 52 | extraConfig = { 53 | init.defaultBranch = "main"; 54 | user.signing.key = "CE707A2C17FAAC97907FF8EF2E54EA7BFE630916"; 55 | commit.gpgSign = lib.mkDefault true; 56 | gpg.program = "${config.programs.gpg.package}/bin/gpg2"; 57 | 58 | merge.conflictStyle = "zdiff3"; 59 | commit.verbose = true; 60 | diff.algorithm = "histogram"; 61 | log.date = "iso"; 62 | column.ui = "auto"; 63 | branch.sort = "committerdate"; 64 | # Automatically track remote branch 65 | push.autoSetupRemote = true; 66 | # Reuse merge conflict fixes when rebasing 67 | rerere.enabled = true; 68 | }; 69 | lfs.enable = true; 70 | ignores = [ 71 | ".direnv" 72 | "result" 73 | ".jj" 74 | ]; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/gpg-commands.nix: -------------------------------------------------------------------------------- 1 | {pkgs, config, lib, ...}: let 2 | pgrep = lib.getExe' pkgs.procps "pgrep"; 3 | grep = lib.getExe pkgs.gnugrep; 4 | gpg-connect-agent = lib.getExe' config.programs.gpg.package "gpg-connect-agent"; 5 | gpgconf = lib.getExe' config.programs.gpg.package "gpgconf"; 6 | in { 7 | # TODO: this does not REALLY queries if the PIN is cached, only if the card has been used by the agent 8 | # So, this always indicated that the card is at least plugged in, but the user might be prompted for a pin anyway. 9 | isUnlocked = "${pgrep} 'gpg-agent' &> /dev/null && ${gpg-connect-agent} 'scd getinfo card_list' /bye | ${grep} SERIALNO -q"; 10 | lock = "${gpg-connect-agent} reloadagent /bye"; 11 | unlock = "SSH_AUTH_SOCK=$(${gpgconf} --list-dirs agent-ssh-socket) ssh localhost exit"; 12 | } 13 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/gpg.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | ... 6 | }: { 7 | services.gpg-agent = { 8 | enable = true; 9 | enableSshSupport = true; 10 | sshKeys = ["149F16412997785363112F3DBD713BC91D51B831"]; 11 | enableExtraSocket = true; 12 | pinentry.package = 13 | if config.gtk.enable 14 | then pkgs.pinentry-gnome3 15 | else pkgs.pinentry-tty; 16 | }; 17 | 18 | home.packages = lib.optional config.gtk.enable pkgs.gcr; 19 | 20 | programs = let 21 | fixGpg = 22 | /* 23 | bash 24 | */ 25 | '' 26 | gpgconf --launch gpg-agent 27 | ''; 28 | in { 29 | # Start gpg-agent if it's not running or tunneled in 30 | # SSH does not start it automatically, so this is needed to avoid having to use a gpg command at startup 31 | # https://www.gnupg.org/faq/whats-new-in-2.1.html#autostart 32 | bash.profileExtra = fixGpg; 33 | fish.loginShellInit = fixGpg; 34 | zsh.loginExtra = fixGpg; 35 | nushell.extraLogin = fixGpg; 36 | 37 | gpg = { 38 | enable = true; 39 | settings = { 40 | trust-model = "tofu+pgp"; 41 | }; 42 | publicKeys = [ 43 | { 44 | source = ../../pgp.asc; 45 | trust = 5; 46 | } 47 | ]; 48 | }; 49 | }; 50 | 51 | systemd.user.services = { 52 | # Link /run/user/$UID/gnupg to ~/.gnupg-sockets 53 | # So that SSH config does not have to know the UID 54 | link-gnupg-sockets = { 55 | Unit = { 56 | Description = "link gnupg sockets from /run to /home"; 57 | }; 58 | Service = { 59 | Type = "oneshot"; 60 | ExecStart = "${pkgs.coreutils}/bin/ln -Tfs /run/user/%U/gnupg %h/.gnupg-sockets"; 61 | ExecStop = "${pkgs.coreutils}/bin/rm $HOME/.gnupg-sockets"; 62 | RemainAfterExit = true; 63 | }; 64 | Install.WantedBy = ["default.target"]; 65 | }; 66 | }; 67 | } 68 | # vim: filetype=nix 69 | 70 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/jira.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | { 3 | home.packages = [pkgs.jira-cli-go]; 4 | home.persistence = { 5 | "/persist/${config.home.homeDirectory}".directories = [".config/.jira"]; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/jujutsu.nix: -------------------------------------------------------------------------------- 1 | {config, lib, ...}: { 2 | programs.jujutsu = { 3 | enable = true; 4 | settings = { 5 | user = { 6 | name = config.programs.git.userName; 7 | email = config.programs.git.userEmail; 8 | }; 9 | ui = { 10 | pager = "less -FRX"; 11 | show-cryptographic-signatures = true; 12 | }; 13 | signing = let 14 | gitCfg = config.programs.git.extraConfig; 15 | in { 16 | backend = "gpg"; 17 | behaviour = if gitCfg.commit.gpgSign then "own" else "never"; 18 | key = gitCfg.user.signing.key; 19 | }; 20 | revset-aliases = { 21 | "closest_bookmark(to)" = "heads(::to & bookmarks())"; 22 | }; 23 | aliases = { 24 | # Advances closest bookmark to parent commit 25 | tug = ["bookmark" "move" "--from" "closest_bookmark(@-)" "--to" "@-"]; 26 | }; 27 | template-aliases = { 28 | "gerrit_change_id(change_id)" = '' 29 | "Id0000000" ++ change_id.normal_hex() 30 | ''; 31 | }; 32 | templates = { 33 | draft_commit_description = '' 34 | concat( 35 | description, 36 | indent("JJ: ", concat( 37 | if( 38 | !description.contains("Change-Id: "), 39 | "Change-Id: " ++ gerrit_change_id(change_id) ++ "\n", 40 | "", 41 | ), 42 | "Change summary:\n", 43 | indent(" ", diff.summary()), 44 | "Full change:\n", 45 | "ignore-rest\n", 46 | )), 47 | diff.git(), 48 | ) 49 | ''; 50 | }; 51 | }; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/lyrics.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = [pkgs.lyrics]; 3 | xdg.configFile."lyrics-in-terminal/lyrics.cfg".text = 4 | /* 5 | ini 6 | */ 7 | '' 8 | [OPTIONS] 9 | alignment=left 10 | source=google 11 | interval=1500 12 | autoswitch=on 13 | player= 14 | mpd_host= 15 | mpd_port= 16 | mpd_pass= 17 | 18 | [BINDINGS] 19 | up=k 20 | down=j 21 | left=i 22 | center=o 23 | right=p 24 | step-up=arrow_up 25 | step-down=arrow_down 26 | step-size=5 27 | google=R 28 | azLyrics=r 29 | autoswitchtoggle=a 30 | delete=d 31 | edit=e 32 | help=h 33 | quit=q 34 | ''; 35 | } 36 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/nix-index.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: { 6 | programs.nix-index.enable = true; 7 | 8 | systemd.user.services.nix-index-database-sync = { 9 | Unit.Description = "fetch nix-community/nix-index-database"; 10 | Service = { 11 | Type = "oneshot"; 12 | ExecStart = lib.getExe ( 13 | pkgs.writeShellApplication { 14 | name = "fetch-nix-index-database"; 15 | runtimeInputs = with pkgs; [ 16 | wget 17 | coreutils 18 | ]; 19 | text = '' 20 | mkdir -p ~/.cache/nix-index 21 | cd ~/.cache/nix-index 22 | name="index-${pkgs.stdenv.system}" 23 | wget -N "https://github.com/nix-community/nix-index-database/releases/download/2025-05-04-033656/$name" 24 | ln -sf "$name" "files" 25 | ''; 26 | } 27 | ); 28 | Restart = "on-failure"; 29 | RestartSec = "5m"; 30 | }; 31 | }; 32 | systemd.user.timers.nix-index-database-sync = { 33 | Unit.Description = "Automatic github:nix-community/nix-index-database fetching"; 34 | Timer = { 35 | OnBootSec = "10m"; 36 | OnUnitActiveSec = "24h"; 37 | }; 38 | Install.WantedBy = ["timers.target"]; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/pfetch.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home = { 3 | packages = with pkgs; [pfetch-rs]; 4 | sessionVariables.PF_INFO = "ascii title os kernel uptime shell de palette"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | outputs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | nixosConfigs = builtins.attrNames outputs.nixosConfigurations; 8 | homeConfigs = map (n: lib.last (lib.splitString "@" n)) (builtins.attrNames outputs.homeConfigurations); 9 | hostnames = lib.unique (homeConfigs ++ nixosConfigs); 10 | in { 11 | # Persisting known_hosts with impermance is wonky, as SSH sometimes 12 | # overwrites it. My workaround is to make a known_hosts.d directory instead, 13 | # which is persisted. 14 | home.persistence = { 15 | "/persist/${config.home.homeDirectory}".directories = [ 16 | ".ssh/known_hosts.d" 17 | ]; 18 | }; 19 | 20 | programs.ssh = { 21 | enable = true; 22 | # See above 23 | userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts.d/hosts"; 24 | matchBlocks = { 25 | net = { 26 | host = lib.concatStringsSep " " (lib.flatten (map (host: [ 27 | host 28 | "${host}.m7.rs" 29 | "${host}.ts.m7.rs" 30 | ]) 31 | hostnames)); 32 | forwardAgent = true; 33 | remoteForwards = [ 34 | { 35 | bind.address = ''/%d/.gnupg-sockets/S.gpg-agent''; 36 | host.address = ''/%d/.gnupg-sockets/S.gpg-agent.extra''; 37 | } 38 | { 39 | bind.address = ''/%d/.waypipe/server.sock''; 40 | host.address = ''/%d/.waypipe/client.sock''; 41 | } 42 | ]; 43 | forwardX11 = true; 44 | forwardX11Trusted = true; 45 | setEnv.WAYLAND_DISPLAY = "wayland-waypipe"; 46 | extraOptions.StreamLocalBindUnlink = "yes"; 47 | }; 48 | }; 49 | }; 50 | 51 | # Compatibility with programs that don't respect SSH configurations (e.g. jujutsu's libssh2) 52 | systemd.user.tmpfiles.rules = [ 53 | "L ${config.home.homeDirectory}/.ssh/known_hosts - - - - ${config.programs.ssh.userKnownHostsFile}" 54 | ]; 55 | } 56 | -------------------------------------------------------------------------------- /home/gabriel/features/cli/xpo.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.xpo = { 3 | enable = true; 4 | defaultServer = "m7.rs"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | imports = [ 7 | ./deluge.nix 8 | ./discord.nix 9 | ./dragon.nix 10 | ./firefox.nix 11 | ./font.nix 12 | ./gtk.nix 13 | ./kdeconnect.nix 14 | ./pavucontrol.nix 15 | ./playerctl.nix 16 | ./qt.nix 17 | ./sublime-music.nix 18 | ]; 19 | 20 | home.packages = [ 21 | pkgs.libnotify 22 | pkgs.handlr-regex 23 | (pkgs.writeShellScriptBin "xterm" '' 24 | handlr launch x-scheme-handler/terminal -- "$@" 25 | '') 26 | (pkgs.writeShellScriptBin "xdg-open" '' 27 | handlr open "$@" 28 | '') 29 | ]; 30 | 31 | # Also sets org.freedesktop.appearance color-scheme 32 | dconf.settings."org/gnome/desktop/interface".color-scheme = 33 | if config.colorscheme.mode == "dark" 34 | then "prefer-dark" 35 | else if config.colorscheme.mode == "light" 36 | then "prefer-light" 37 | else "default"; 38 | 39 | xdg.portal.enable = true; 40 | } 41 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/deluge.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [deluge]; 3 | } 4 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/discord.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | c = config.colorscheme.colors; 7 | in { 8 | home.packages = with pkgs; [vesktop]; 9 | 10 | home.persistence = { 11 | "/persist/${config.home.homeDirectory}" = { 12 | directories = [ 13 | ".config/vesktop/sessionData" 14 | ".config/vesktop/settings" 15 | ]; 16 | }; 17 | }; 18 | 19 | xdg.configFile."vesktop/themes/base16.css".text = 20 | /* 21 | css 22 | */ 23 | '' 24 | @import url("https://slowstab.github.io/dracula/BetterDiscord/source.css"); 25 | @import url("https://mulverinex.github.io/legacy-settings-icons/dist-native.css"); 26 | .theme-dark, .theme-light, :root { 27 | --text-default: ${c.on_surface}; 28 | --header-primary: ${c.on_surface}; 29 | --header-secondary: ${c.on_surface_variant}; 30 | --channeltextarea-background: ${c.surface_container}; 31 | --interactive-normal: ${c.on_surface}; 32 | --interactive-active: ${c.tertiary}; 33 | 34 | --dracula-primary: ${c.surface}; 35 | --dracula-secondary: ${c.surface_dim}; 36 | --dracula-secondary-alpha: ${c.surface_dim}ee; 37 | --dracula-tertiary: ${c.surface_bright}; 38 | --dracula-tertiary-alpha: ${c.surface_bright}aa; 39 | --dracula-primary-light: ${c.surface_bright}; 40 | 41 | --dracula-accent: ${c.primary}; 42 | --dracula-accent-alpha: ${c.primary}66; 43 | --dracula-accent-alpha-alt: ${c.secondary}88; 44 | --dracula-accent-alpha-alt2: ${c.tertiary}aa; 45 | --dracula-accent-dark: ${c.primary_fixed_dim}; 46 | --dracula-accent-light: ${c.primary_fixed}; 47 | } 48 | 49 | html.theme-light #app-mount::after { 50 | content: none; 51 | } 52 | ''; 53 | } 54 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/dragon.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [xdragon]; 3 | } 4 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/font.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fontProfiles = { 3 | enable = true; 4 | monospace = { 5 | name = "FiraMono Nerd Font"; 6 | package = pkgs.nerd-fonts.fira-mono; 7 | }; 8 | regular = { 9 | name = "Fira Sans"; 10 | package = pkgs.fira; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/kdeconnect.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | # Hide all .desktop, except for org.kde.kdeconnect.settings 7 | xdg.desktopEntries = { 8 | "org.kde.kdeconnect.sms" = { 9 | exec = ""; 10 | name = "KDE Connect SMS"; 11 | settings.NoDisplay = "true"; 12 | }; 13 | "org.kde.kdeconnect.nonplasma" = { 14 | exec = ""; 15 | name = "KDE Connect Indicator"; 16 | settings.NoDisplay = "true"; 17 | }; 18 | "org.kde.kdeconnect.app" = { 19 | exec = ""; 20 | name = "KDE Connect"; 21 | settings.NoDisplay = "true"; 22 | }; 23 | }; 24 | 25 | services.kdeconnect = { 26 | enable = true; 27 | indicator = true; 28 | package = pkgs.kdePackages.kdeconnect-kde; 29 | }; 30 | 31 | home.persistence = { 32 | "/persist/${config.home.homeDirectory}".directories = [".config/kdeconnect"]; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/pavucontrol.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [pavucontrol]; 3 | } 4 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/playerctl.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [playerctl]; 3 | services.playerctld = { 4 | enable = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/qt.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: 2 | { 3 | home.sessionVariables = { 4 | # Required for qt5, for some reason. 5 | QT_STYLE_OVERRIDE = "gtk3"; 6 | }; 7 | qt = { 8 | enable = true; 9 | platformTheme = { 10 | name = "gtk3"; 11 | package = [ 12 | (pkgs.libsForQt5.qtstyleplugins.overrideAttrs (old: { 13 | # Make qtstyleplugins' gtk2 platform theme activate if QT_QPA_PLATFORMTHEME=gtk3 14 | patches = (old.patches or []) ++ [./qtstyleplugins-gtk3-key.patch]; 15 | })) 16 | pkgs.qt5.qtbase 17 | 18 | pkgs.qt6.qtbase 19 | ]; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/qtstyleplugins-gtk3-key.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/plugins/platformthemes/gtk2/gtk2.json b/src/plugins/platformthemes/gtk2/gtk2.json 2 | index 86dd8e5..178db4b 100644 3 | --- a/src/plugins/platformthemes/gtk2/gtk2.json 4 | +++ b/src/plugins/platformthemes/gtk2/gtk2.json 5 | @@ -1,3 +1,3 @@ 6 | { 7 | - "Keys": [ "gtk2" ] 8 | + "Keys": [ "gtk2", "gtk3" ] 9 | } 10 | diff --git a/src/plugins/styles/gtk2/gtk2.json b/src/plugins/styles/gtk2/gtk2.json 11 | index 86dd8e5..178db4b 100644 12 | --- a/src/plugins/styles/gtk2/gtk2.json 13 | +++ b/src/plugins/styles/gtk2/gtk2.json 14 | @@ -1,3 +1,3 @@ 15 | { 16 | - "Keys": [ "gtk2" ] 17 | + "Keys": [ "gtk2", "gtk3" ] 18 | } 19 | diff --git a/src/plugins/styles/gtk2/plugin.cpp b/src/plugins/styles/gtk2/plugin.cpp 20 | index cfd73a3..8aeeac9 100644 21 | --- a/src/plugins/styles/gtk2/plugin.cpp 22 | +++ b/src/plugins/styles/gtk2/plugin.cpp 23 | @@ -47,7 +47,7 @@ public: 24 | 25 | QStyle *QGtk2StylePlugin::create(const QString &key) 26 | { 27 | - if (key == "gtk2") 28 | + if (key == "gtk2" || key == "gtk3") 29 | return new QGtkStyle; 30 | return 0; 31 | } 32 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/sublime-music.nix: -------------------------------------------------------------------------------- 1 | {pkgs, config, ...}: { 2 | home.packages = [pkgs.stable.sublime-music]; 3 | home.persistence = { 4 | "/persist/${config.home.homeDirectory}".directories = [".config/sublime-music"]; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/alacritty.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | # Set as default terminal 3 | xdg.mimeApps = { 4 | associations.added = { 5 | "x-scheme-handler/terminal" = "Alacritty.desktop"; 6 | }; 7 | defaultApplications = { 8 | "x-scheme-handler/terminal" = "Alacritty.desktop"; 9 | }; 10 | }; 11 | 12 | programs.alacritty = { 13 | enable = true; 14 | settings = { 15 | keyboard.bindings = [ 16 | { key = "N"; mods = "Control|Shift"; action = "SpawnNewInstance"; } 17 | ]; 18 | font = { 19 | size = config.fontProfiles.monospace.size; 20 | normal = { 21 | family = config.fontProfiles.monospace.name; 22 | style = "Medium"; 23 | }; 24 | }; 25 | window = { 26 | padding = { 27 | x = 24; 28 | y = 26; 29 | }; 30 | }; 31 | colors = rec { 32 | primary = { 33 | background = config.colorscheme.colors.surface; 34 | foreground = config.colorscheme.colors.on_surface; 35 | }; 36 | normal = { 37 | black = config.colorscheme.colors.surface_dim; 38 | white = config.colorscheme.colors.on_surface; 39 | red = config.colorscheme.colors.red; 40 | green = config.colorscheme.colors.green; 41 | yellow = config.colorscheme.colors.yellow; 42 | blue = config.colorscheme.colors.blue; 43 | magenta = config.colorscheme.colors.magenta; 44 | cyan = config.colorscheme.colors.cyan; 45 | }; 46 | # TODO make actual bright variants 47 | bright = normal // { 48 | black = config.colorscheme.colors.on_surface_variant; 49 | }; 50 | }; 51 | }; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/cliphist.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.cliphist = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [ 3 | ./alacritty.nix 4 | ./cliphist.nix 5 | ./gammastep.nix 6 | ./mako.nix 7 | ./qutebrowser.nix 8 | ./waybar.nix 9 | ./wofi.nix 10 | ./zathura.nix 11 | ./imv.nix 12 | ./waypipe.nix 13 | ./swayosd.nix 14 | ]; 15 | 16 | xdg.mimeApps.enable = true; 17 | home.packages = with pkgs; [ 18 | wf-recorder 19 | wl-clipboard 20 | ]; 21 | 22 | home.sessionVariables = { 23 | MOZ_ENABLE_WAYLAND = 1; 24 | QT_QPA_PLATFORM = "wayland"; 25 | LIBSEAT_BACKEND = "logind"; 26 | }; 27 | 28 | xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-wlr]; 29 | } 30 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/gammastep.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.gammastep = { 3 | enable = true; 4 | enableVerboseLogging = true; 5 | provider = "geoclue2"; 6 | temperature = { 7 | day = 6000; 8 | night = 4600; 9 | }; 10 | settings = { 11 | general.adjustment-method = "wayland"; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/imv.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.imv.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/mako.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | inherit (config.colorscheme) colors mode; 3 | in { 4 | services.mako = { 5 | enable = true; 6 | settings = { 7 | icon-path = 8 | if mode == "dark" 9 | then "${config.gtk.iconTheme.package}/share/icons/Papirus-Dark" 10 | else "${config.gtk.iconTheme.package}/share/icons/Papirus-Light"; 11 | font = "${config.fontProfiles.regular.name} ${toString config.fontProfiles.regular.size}"; 12 | padding = "10,20"; 13 | anchor = "top-center"; 14 | width = 400; 15 | height = 150; 16 | border-size = 2; 17 | default-timeout = 12000; 18 | background-color = "${colors.surface}dd"; 19 | border-color = "${colors.surface_container}ff"; 20 | border-radius = 10; 21 | text-color = "${colors.on_surface}dd"; 22 | layer = "overlay"; 23 | max-history = 50; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/swayosd.nix: -------------------------------------------------------------------------------- 1 | {pkgs, config, ...}: let 2 | inherit (config.colorscheme) colors; 3 | in { 4 | services.swayosd = { 5 | enable = true; 6 | stylePath = pkgs.writeText "style.css" '' 7 | window { 8 | padding: 0 1em; 9 | border: 10em; 10 | border-radius: 10em; 11 | background-color: ${colors.surface}; 12 | opacity: 0.7; 13 | } 14 | #container { 15 | margin: 1em; 16 | } 17 | 18 | image { 19 | color: ${colors.primary}; 20 | opacity: 0.9; 21 | } 22 | image:disabled { 23 | color: ${colors.on_surface}; 24 | opacity: 0.8; 25 | } 26 | label { 27 | color: ${colors.on_surface}; 28 | opacity: 1; 29 | } 30 | 31 | progress { 32 | min-height: inherit; 33 | border-radius: inherit; 34 | border: none; 35 | background-color: ${colors.on_surface}; 36 | opacity: 0.9; 37 | } 38 | progressbar { 39 | min-height: 0.5em; 40 | border-radius: 100em; 41 | background-color: transparent; 42 | border: none; 43 | opacity: 0.9; 44 | } 45 | progressbar:disabled { 46 | opacity: 0.5; 47 | } 48 | 49 | trough { 50 | min-height: inherit; 51 | border-radius: inherit; 52 | border: none; 53 | background-color: ${colors.on_surface}; 54 | opacity: 1; 55 | } 56 | ''; 57 | }; 58 | } 59 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/waypipe.nix: -------------------------------------------------------------------------------- 1 | {pkgs, lib, config, ...}: { 2 | home.packages = [pkgs.waypipe]; 3 | systemd.user.services = { 4 | waypipe-client = { 5 | Unit.Description = "Runs waypipe on startup to support SSH forwarding"; 6 | Service = { 7 | ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p"; 8 | ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/client.sock client"; 9 | ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/client.sock"; 10 | }; 11 | Install.WantedBy = ["graphical-session.target"]; 12 | }; 13 | waypipe-server = { 14 | Unit.Description = "Runs waypipe on startup to support SSH forwarding"; 15 | Service = { 16 | Type = "simple"; 17 | ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p"; 18 | ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity"; 19 | ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/server.sock %t/wayland-waypipe"; 20 | }; 21 | Install.WantedBy = ["default.target"]; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/wofi-run-shell.patch: -------------------------------------------------------------------------------- 1 | --- a/src/wofi.c Mon Feb 22 23:53:57 2021 -0800 2 | +++ b/src/wofi.c Wed Aug 11 13:49:13 2021 -0300 3 | @@ -881,12 +881,15 @@ 4 | } 5 | 6 | void wofi_term_run(const char* cmd) { 7 | + char *shell = getenv("SHELL"); 8 | + if (!shell) shell = "sh"; 9 | + 10 | if(terminal != NULL) { 11 | - execlp(terminal, terminal, "-e", cmd, NULL); 12 | + execlp(terminal, terminal, "-e", shell, "-c", cmd, NULL); 13 | } 14 | size_t term_count = sizeof(terminals) / sizeof(char*); 15 | for(size_t count = 0; count < term_count; ++count) { 16 | - execlp(terminals[count], terminals[count], "-e", cmd, NULL); 17 | + execlp(terminals[count], terminals[count], "-e", shell, "-c", cmd, NULL); 18 | } 19 | fprintf(stderr, "No terminal emulator found please set term in config or use --term\n"); 20 | exit(1); 21 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/wofi.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: { 7 | programs.wofi = { 8 | enable = true; 9 | package = pkgs.wofi.overrideAttrs (oa: { 10 | patches = 11 | (oa.patches or []) 12 | ++ [ 13 | ./wofi-run-shell.patch # Fix for https://todo.sr.ht/~scoopta/wofi/174 14 | ]; 15 | }); 16 | settings = { 17 | image_size = 48; 18 | columns = 3; 19 | allow_images = true; 20 | insensitive = true; 21 | run-always_parse_args = true; 22 | run-cache_file = "/dev/null"; 23 | run-exec_search = true; 24 | matching = "multi-contains"; 25 | }; 26 | }; 27 | 28 | home.packages = let 29 | inherit (config.programs.password-store) package enable; 30 | in 31 | lib.optional enable (pkgs.pass-wofi.override {pass = package;}); 32 | } 33 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/common/wayland-wm/zathura.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | inherit (config.colorscheme) colors; 3 | in { 4 | programs.zathura = { 5 | enable = true; 6 | options = { 7 | selection-clipboard = "clipboard"; 8 | font = "${config.fontProfiles.regular.name} ${toString config.fontProfiles.regular.size}"; 9 | recolor = true; 10 | default-bg = "${colors.surface}"; 11 | default-fg = "${colors.surface_bright}"; 12 | statusbar-bg = "${colors.surface_container}"; 13 | statusbar-fg = "${colors.on_surface_variant}"; 14 | inputbar-bg = "${colors.surface}"; 15 | inputbar-fg = "${colors.on_secondary}"; 16 | notification-bg = "${colors.surface}"; 17 | notification-fg = "${colors.on_secondary}"; 18 | notification-error-bg = "${colors.error}"; 19 | notification-error-fg = "${colors.on_error}"; 20 | notification-warning-bg = "${colors.error}"; 21 | notification-warning-fg = "${colors.on_error}"; 22 | highlight-color = "${colors.tertiary}"; 23 | highlight-active-color = "${colors.secondary}"; 24 | completion-bg = "${colors.surface_bright}"; 25 | completion-fg = "${colors.on_surface}"; 26 | completions-highlight-bg = "${colors.secondary}"; 27 | completions-highlight-fg = "${colors.on_secondary}"; 28 | recolor-lightcolor = "${colors.surface}"; 29 | recolor-darkcolor = "${colors.inverse_surface}"; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/gnome/default.nix: -------------------------------------------------------------------------------- 1 | {imports = [../common];} 2 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/hyprland/autostart-tty1.nix: -------------------------------------------------------------------------------- 1 | {lib, config, ...}: let 2 | hyprland = lib.getExe config.wayland.windowManager.hyprland.package; 3 | in { 4 | programs.zsh.loginExtra = lib.mkBefore '' 5 | if [[ "$(tty)" == /dev/tty1 ]]; then 6 | exec ${hyprland} &> /dev/null 7 | fi 8 | ''; 9 | programs.fish.loginShellInit = lib.mkBefore '' 10 | if test (tty) = /dev/tty1 11 | exec ${hyprland} &> /dev/null 12 | end 13 | ''; 14 | programs.bash.profileExtra = lib.mkBefore '' 15 | if [[ "$(tty)" == /dev/tty1 ]]; then 16 | exec ${hyprland} &> /dev/null 17 | fi 18 | ''; 19 | } 20 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/hyprland/hypridle.nix: -------------------------------------------------------------------------------- 1 | {config, lib, ...}: { 2 | services.hypridle = { 3 | enable = true; 4 | settings = let 5 | isLocked = "pgrep hyprlock"; 6 | isDischarging = "grep Discharging /sys/class/power_supply/BAT{0,1}/status -q"; 7 | in { 8 | general = { 9 | lock_cmd = "if ! ${isLocked}; then ${lib.getExe config.programs.hyprlock.package}; fi"; 10 | before_sleep_cmd = "loginctl lock-session"; 11 | after_sleep_cmd = "hyprctl dispatch dpms on"; 12 | inhibit_sleep = 3; # Wait for lock before suspend 13 | }; 14 | listener = [ 15 | { 16 | timeout = 10; 17 | on-timeout = "brightnessctl --save"; 18 | on-resume = "brightnessctl --restore"; 19 | } 20 | { 21 | timeout = 30; 22 | on-timeout = "brightnessctl --device *:kbd_backlight --save set 0"; 23 | on-resume = "brightnessctl --device *:kbd_backlight --restore"; 24 | } 25 | { 26 | timeout = 50; 27 | on-timeout = "brightnessctl set 50%-"; 28 | } 29 | { 30 | timeout = 110; 31 | on-timeout = "brightnessctl set 50%-"; 32 | } 33 | { 34 | timeout = 120; 35 | on-timeout = "loginctl lock-session"; 36 | } 37 | { 38 | timeout = 140; 39 | on-timeout = "hyprctl dispatch dpms off"; 40 | on-resume = "hyprctl dispatch dpms on"; 41 | } 42 | 43 | # If already locked 44 | { 45 | timeout = 15; 46 | on-timeout = "if ${isLocked}; then brightnessctl set 75%-; fi"; 47 | } 48 | { 49 | timeout = 20; 50 | on-timeout = "if ${isLocked}; then hyprctl dispatch dpms off; fi"; 51 | on-resume = "hyprctl dispatch dpms on"; 52 | } 53 | 54 | # If discharging 55 | { 56 | timeout = 900; 57 | on-timeout = "if ${isDischarging}; then systemctl suspend; fi"; 58 | } 59 | ]; 60 | }; 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/hyprland/hyprlock.nix: -------------------------------------------------------------------------------- 1 | {config, lib, ...}: { 2 | programs.hyprlock = { 3 | enable = true; 4 | settings = { 5 | auth.fingerprint.enabled = true; 6 | general = { 7 | grace = 5; 8 | hide_cursor = true; 9 | }; 10 | animations = { 11 | enabled = true; 12 | bezier = [ 13 | "easeout,0.5, 1, 0.9, 1" 14 | "easeoutback,0.34,1.22,0.65,1" 15 | ]; 16 | animation = [ 17 | "fade, 1, 3, easeout" 18 | "inputField, 1, 1, easeoutback" 19 | ]; 20 | }; 21 | background = { 22 | path = "screenshot"; 23 | blur_passes = 4; 24 | }; 25 | input-field = { 26 | font_color = "rgb(${lib.removePrefix "#" config.colorscheme.colors.on_surface})"; 27 | font_family = config.fontProfiles.regular.name; 28 | 29 | position = "0, 20%"; 30 | halign = "center"; 31 | valign = "bottom"; 32 | 33 | # Hide outline and filling 34 | outline_thickness = 0; 35 | inner_color = "rgba(00000000)"; 36 | check_color = "rgba(00000000)"; 37 | fail_color = "rgba(00000000)"; 38 | }; 39 | label = { 40 | text = "$TIME"; 41 | color = "rgb(${lib.removePrefix "#" config.colorscheme.colors.on_surface})"; 42 | font_family = config.fontProfiles.regular.name; 43 | font_size = "180"; 44 | 45 | position = "0 0"; 46 | halign = "center"; 47 | valign = "center"; 48 | }; 49 | }; 50 | }; 51 | 52 | wayland.windowManager.hyprland = { 53 | settings = { 54 | bind = let 55 | hyprlock = lib.getExe config.programs.hyprlock.package; 56 | in [ 57 | "SUPER,backspace,exec,${hyprlock} --immediate" 58 | "SUPER,XF86Calculator,exec,${hyprlock} --immediate" 59 | ]; 60 | }; 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/hyprland/hyprpaper.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | services.hyprpaper = { 3 | enable = true; 4 | settings = { 5 | ipc = true; 6 | splash = false; 7 | preload = "${config.wallpaper}"; 8 | wallpaper = ",${config.wallpaper}"; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /home/gabriel/features/desktop/wireless/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ...}: { 2 | home.packages = [pkgs.wpa_supplicant_gui]; 3 | } 4 | -------------------------------------------------------------------------------- /home/gabriel/features/games/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, config, ...}: { 2 | imports = [ 3 | ./steam.nix 4 | ./prism-launcher.nix 5 | ./mangohud.nix 6 | ]; 7 | home = { 8 | packages = with pkgs; [gamescope]; 9 | persistence = { 10 | "/persist/${config.home.homeDirectory}" = { 11 | allowOther = true; 12 | directories = [ 13 | "Games" 14 | ]; 15 | }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /home/gabriel/features/games/factorio.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | home = { 7 | packages = [pkgs.factorio]; 8 | persistence = { 9 | "/persist/${config.home.homeDirectory}" = { 10 | allowOther = true; 11 | directories = [{ 12 | directory = ".factorio"; 13 | method = "bindfs"; 14 | }]; 15 | }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /home/gabriel/features/games/mangohud.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.mangohud = { 3 | enable = true; 4 | enableSessionWide = true; 5 | settings = { 6 | frame_timing = false; 7 | cpu_stats = true; 8 | cpu_temp = true; 9 | gpu_stats = true; 10 | gpu_temp = true; 11 | ram = true; 12 | vram = true; 13 | hud_compact = true; 14 | 15 | # Hide until toggled 16 | no_display = true; 17 | 18 | toggle_hud = "Shift_L+F1"; 19 | toggle_hud_position = "Shift_L+F2"; 20 | toggle_logging = "Shift_L+F3"; 21 | reload_cfg = "Shift_L+F4"; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /home/gabriel/features/games/osu.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | home.packages = [pkgs.osu-lazer]; 7 | 8 | home.persistence = { 9 | "/persist/${config.home.homeDirectory}".directories = [".local/share/osu"]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /home/gabriel/features/games/prism-launcher.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | home.packages = [pkgs.prismlauncher]; 7 | 8 | home.persistence = { 9 | "/persist/${config.home.homeDirectory}".directories = [".local/share/PrismLauncher"]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /home/gabriel/features/games/runescape.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: let 6 | # Add PULSE_LATENCY_MSEC to .desktop file 7 | pulse_latency = 100; 8 | runescape = pkgs.runescape.overrideAttrs (oa: { 9 | nativeBuildInputs = (oa.nativeBuildInputs or []) ++ [pkgs.makeWrapper]; 10 | buildCommand = 11 | (oa.buildCommand or "") 12 | + 13 | /* 14 | bash 15 | */ 16 | '' 17 | wrapProgram "$out/bin/RuneScape" \ 18 | --set PULSE_LATENCY_MSEC ${toString pulse_latency} \ 19 | --run 'echo $PULSE_LATENCY_MSEC' 20 | ''; 21 | }); 22 | in { 23 | home.packages = [ 24 | runescape 25 | # TODO: Broken 26 | # pkgs.runelite 27 | ]; 28 | 29 | home.persistence = { 30 | "/persist/${config.home.homeDirectory}" = { 31 | allowOther = true; 32 | directories = ["Jagex"]; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /home/gabriel/features/games/shadps4.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | home.packages = [pkgs.shadps4]; 7 | 8 | home.persistence = { 9 | "/persist/${config.home.homeDirectory}".directories = [".local/share/shadPS4"]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /home/gabriel/features/games/star-citizen.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | monitor = lib.head (lib.filter (m: m.primary) config.monitors); 8 | in { 9 | home.packages = [ 10 | (pkgs.inputs.nix-gaming.star-citizen.override { 11 | disableEac = false; 12 | useUmu = true; 13 | gamescope = pkgs.gamescope.overrideAttrs (_: { 14 | NIX_CFLAGS_COMPILE = ["-fno-fast-math"]; 15 | }); 16 | gameScopeEnable = true; 17 | gameScopeArgs = [ 18 | "--fullscreen" 19 | "--expose-wayland" 20 | "--force-grab-cursor" 21 | "--force-windows-fullscreen" 22 | "--prefer-output ${monitor.name}" 23 | "--output-width ${toString monitor.width}" 24 | "--output-height ${toString monitor.height}" 25 | "--framerate-limit ${toString monitor.refreshRate}" 26 | ]; 27 | preCommands = '' 28 | export MESA_SHADER_CACHE_DIR="$WINEPREFIX/mesa_cache" 29 | export MESA_SHADER_CACHE_MAX_SIZE=10G 30 | ''; 31 | }) 32 | ]; 33 | } 34 | -------------------------------------------------------------------------------- /home/gabriel/features/games/steam.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | steam-with-pkgs = pkgs.steam.override { 8 | extraPkgs = pkgs: 9 | with pkgs; [ 10 | xorg.libXcursor 11 | xorg.libXi 12 | xorg.libXinerama 13 | xorg.libXScrnSaver 14 | libpng 15 | libpulseaudio 16 | libvorbis 17 | stdenv.cc.cc.lib 18 | libkrb5 19 | keyutils 20 | gamescope 21 | ]; 22 | }; 23 | 24 | monitor = lib.head (lib.filter (m: m.primary) config.monitors); 25 | steam-session = let 26 | gamescope = lib.concatStringsSep " " [ 27 | (lib.getExe pkgs.gamescope) 28 | "--output-width ${toString monitor.width}" 29 | "--output-height ${toString monitor.height}" 30 | "--framerate-limit ${toString monitor.refreshRate}" 31 | "--prefer-output ${monitor.name}" 32 | "--adaptive-sync" 33 | "--expose-wayland" 34 | "--hdr-enabled" 35 | "--steam" 36 | ]; 37 | steam = lib.concatStringsSep " " [ 38 | "steam" 39 | "steam://open/bigpicture" 40 | ]; 41 | in 42 | pkgs.writeTextDir "share/wayland-sessions/steam-sesson.desktop" # ini 43 | 44 | '' 45 | [Desktop Entry] 46 | Name=Steam Session 47 | Exec=${gamescope} -- ${steam} 48 | Type=Application 49 | ''; 50 | in { 51 | home.packages = [ 52 | steam-with-pkgs 53 | steam-session 54 | pkgs.gamescope 55 | pkgs.protontricks 56 | ]; 57 | home.persistence = { 58 | "/persist/${config.home.homeDirectory}" = { 59 | allowOther = true; 60 | directories = [ 61 | { 62 | directory = ".factorio"; 63 | method = "bindfs"; 64 | } 65 | ".config/Hero_Siege" 66 | ".config/unity3d/Berserk Games/Tabletop Simulator" 67 | ".config/unity3d/IronGate/Valheim" 68 | ".local/share/Tabletop Simulator" 69 | ".local/share/Paradox Interactive" 70 | ".paradoxlauncher" 71 | ".local/share/Steam" 72 | ]; 73 | }; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /home/gabriel/features/helix/default.nix: -------------------------------------------------------------------------------- 1 | {config, pkgs, ...}: let 2 | inherit (config) colorscheme; 3 | hash = builtins.hashString "md5" (builtins.toJSON colorscheme.colors); 4 | in { 5 | home.sessionVariables.EDITOR = "hx"; 6 | home.sessionVariables.COLORTERM = "truecolor"; 7 | 8 | programs.helix = { 9 | enable = true; 10 | settings = { 11 | theme = "nix-${hash}"; 12 | editor = { 13 | soft-wrap.enable = true; 14 | color-modes = true; 15 | line-number = "relative"; 16 | bufferline = "multiple"; 17 | indent-guides.render = true; 18 | cursor-shape = { 19 | normal = "block"; 20 | insert = "bar"; 21 | select = "underline"; 22 | }; 23 | }; 24 | }; 25 | languages = { 26 | language = [ 27 | { 28 | name = "nix"; 29 | language-servers = ["nixd" "nil"]; 30 | formatter.command = "alejandra"; 31 | } 32 | ]; 33 | language-server = { 34 | nixd = { 35 | command = "nixd"; 36 | }; 37 | tinymist = { 38 | config = { 39 | typstExtraArgs = ["main.typ"]; 40 | exportPdf = "onType"; 41 | outputPath = "$root/$name"; 42 | }; 43 | }; 44 | }; 45 | }; 46 | themes."nix-${hash}" = import ./theme.nix {inherit colorscheme;}; 47 | }; 48 | xdg.configFile."helix/config.toml".onChange = '' 49 | ${pkgs.procps}/bin/pkill -u $USER -USR1 hx || true 50 | ''; 51 | } 52 | -------------------------------------------------------------------------------- /home/gabriel/features/pass/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | programs.password-store = { 7 | enable = true; 8 | settings = { 9 | PASSWORD_STORE_DIR = "$HOME/.password-store"; 10 | }; 11 | package = pkgs.pass.withExtensions (p: [p.pass-otp]); 12 | }; 13 | 14 | services.pass-secret-service = { 15 | enable = true; 16 | storePath = "${config.home.homeDirectory}/.password-store"; 17 | extraArgs = ["-e${config.programs.password-store.package}/bin/pass"]; 18 | }; 19 | 20 | home.persistence = { 21 | "/persist/${config.home.homeDirectory}".directories = [".password-store"]; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /home/gabriel/features/productivity/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ./khal.nix 4 | ./khard.nix 5 | ./todoman.nix 6 | ./oama.nix 7 | ./syncthing.nix 8 | 9 | ./mail.nix 10 | ./calendar.nix 11 | ./neomutt.nix 12 | 13 | # Pass feature is required 14 | ../pass 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /home/gabriel/features/productivity/khal.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Set as default calendar handler 3 | xdg.mimeApps = { 4 | associations.added = { 5 | "text/calendar" = "khal.desktop"; 6 | }; 7 | defaultApplications = { 8 | "text/calendar" = "khal.desktop"; 9 | }; 10 | }; 11 | 12 | programs.khal = { 13 | enable = true; 14 | locale = { 15 | firstweekday = 0; 16 | weeknumbers = "off"; 17 | unicode_symbols = true; 18 | dateformat = "%d/%m/%Y"; 19 | timeformat = "%H:%M"; 20 | datetimeformat = "%c"; 21 | longdateformat = "%x"; 22 | longdatetimeformat = "%c"; 23 | }; 24 | settings = { 25 | default.highlight_event_days = true; 26 | highlight_days.color = "light blue"; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /home/gabriel/features/productivity/khard.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [khard]; 3 | xdg.configFile."khard/khard.conf".text = 4 | /* 5 | toml 6 | */ 7 | '' 8 | [addressbooks] 9 | [[contacts]] 10 | path = ~/Contacts/Main 11 | ''; 12 | } 13 | -------------------------------------------------------------------------------- /home/gabriel/features/productivity/oama.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | pass = "${config.programs.password-store.package}/bin/pass"; 3 | in { 4 | programs.oama = { 5 | enable = true; 6 | settings = { 7 | encryption.tag = "KEYRING"; 8 | services.google = { 9 | client_id_cmd = "${pass} oama/google_client_id | head -1"; 10 | client_secret_cmd = "${pass} oama/google_client_secret | head -1"; 11 | auth_scope = "https://mail.google.com/ https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/contacts"; 12 | }; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /home/gabriel/features/productivity/syncthing.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.syncthing = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/features/productivity/todoman.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | programs.todoman = { 3 | enable = true; 4 | glob = "*/*"; 5 | extraConfig = '' 6 | default_list = "${config.accounts.calendar.accounts.personal.primaryCollection}" 7 | date_format = "%d/%m/%Y" 8 | time_format = "%H:%M" 9 | humanize = True 10 | default_due = 0 11 | ''; 12 | }; 13 | programs.fish.interactiveShellInit = /* fish */ '' 14 | complete -xc todo -a '(__fish_complete_bash)' 15 | ''; 16 | } 17 | -------------------------------------------------------------------------------- /home/gabriel/features/rgb/default.nix: -------------------------------------------------------------------------------- 1 | {config, lib, pkgs, ...}: let 2 | inherit (config.colorscheme) colors; 3 | setColor = color: "${lib.getExe pkgs.openrgb} --client -c ${lib.removePrefix "#"color} -m static"; 4 | in { 5 | systemd.user.services.rgb = { 6 | Unit = { 7 | Description = "Set RGB colors to match scheme. Requires openrgb."; 8 | X-SwitchMethod = "reload"; 9 | }; 10 | Service = { 11 | Type = "oneshot"; 12 | ExecStart = setColor colors.inverse_primary; 13 | ExecReload = setColor colors.inverse_primary; 14 | ExecStop = setColor "#000000"; 15 | Restart = "on-failure"; 16 | RemainAfterExit = true; 17 | }; 18 | Install.WantedBy = ["default.target"]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /home/gabriel/generic.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | imports = [./global]; 3 | # Disable impermanence 4 | home.persistence = lib.mkForce {}; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/maia.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [ 3 | ./global 4 | ./features/desktop/hyprland 5 | ./features/desktop/wireless 6 | ./features/productivity 7 | ./features/pass 8 | ./features/games 9 | ]; 10 | 11 | # Purple 12 | wallpaper = pkgs.inputs.themes.wallpapers.deer-lunar-fantasy; 13 | 14 | monitors = [ 15 | { 16 | name = "eDP-1"; 17 | width = 2880; 18 | height = 1920; 19 | workspace = "1"; 20 | primary = true; 21 | refreshRate = 120; 22 | scale = "2"; 23 | } 24 | ]; 25 | } 26 | -------------------------------------------------------------------------------- /home/gabriel/merope.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [./global]; 3 | # Blue 4 | wallpaper = pkgs.inputs.themes.wallpapers.towers-ice; 5 | } 6 | -------------------------------------------------------------------------------- /home/gabriel/nixpkgs.nix: -------------------------------------------------------------------------------- 1 | # This file should be included when using hm standalone 2 | { 3 | outputs, 4 | lib, 5 | inputs, 6 | ... 7 | }: let 8 | flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; 9 | in { 10 | nix = { 11 | settings = { 12 | extra-substituters = lib.mkAfter ["https://cache.m7.rs"]; 13 | extra-trusted-public-keys = ["cache.m7.rs:kszZ/NSwE/TjhOcPPQ16IuUiuRSisdiIwhKZCxguaWg="]; 14 | experimental-features = [ 15 | "nix-command" 16 | "flakes" 17 | "ca-derivations" 18 | ]; 19 | warn-dirty = false; 20 | flake-registry = ""; # Disable global flake registry 21 | }; 22 | registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; 23 | }; 24 | 25 | home.sessionVariables = { 26 | NIX_PATH = lib.concatStringsSep ":" (lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs); 27 | }; 28 | 29 | nixpkgs = { 30 | overlays = builtins.attrValues outputs.overlays; 31 | config = { 32 | allowUnfree = true; 33 | allowUnfreePredicate = _: true; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /home/gabriel/ssh.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDci4wJghnRRSqQuX1z2xeaUR+p/muKzac0jw0mgpXE2T/3iVlMJJ3UXJ+tIbySP6ezt0GVmzejNOvUarPAm0tOcW6W0Ejys2Tj+HBRU19rcnUtf4vsKk8r5PW5MnwS8DqZonP5eEbhW2OrX5ZsVyDT+Bqrf39p3kOyWYLXT2wA7y928g8FcXOZjwjTaWGWtA+BxAvbJgXhU9cl/y45kF69rfmc3uOQmeXpKNyOlTk6ipSrOfJkcHgNFFeLnxhJ7rYxpoXnxbObGhaNqn7gc5mt+ek+fwFzZ8j6QSKFsPr0NzwTFG80IbyiyrnC/MeRNh7SQFPAESIEP8LK3PoNx2l1M+MjCQXsb4oIG2oYYMRa2yx8qZ3npUOzMYOkJFY1uI/UEE/j/PlQSzMHfpmWus4o2sijfr8OmVPGeoU/UnVPyINqHhyAd1d3Iji3y3LMVemHtp5wVcuswABC7IRVVKZYrMCXMiycY5n00ch6XTaXBwCY00y8B3Mzkd7Ofq98YHc= hi@m7.rs 2 | -------------------------------------------------------------------------------- /home/gabriel/taygeta.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [./global]; 3 | # Cyan 4 | wallpaper = pkgs.inputs.themes.wallpapers.nebula-cyan-yellow; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/alcyone/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ./services 4 | ./hardware-configuration.nix 5 | 6 | ../common/global 7 | ../common/users/gabriel 8 | ../common/optional/fail2ban.nix 9 | ../common/optional/tailscale-exit-node.nix 10 | ]; 11 | 12 | networking = { 13 | hostName = "alcyone"; 14 | useDHCP = true; 15 | dhcpcd.IPv6rs = true; 16 | interfaces.ens3 = { 17 | useDHCP = true; 18 | wakeOnLan.enable = true; 19 | ipv4.addresses = [ 20 | { 21 | address = "216.238.110.82"; 22 | prefixLength = 23; 23 | } 24 | ]; 25 | ipv6.addresses = [ 26 | { 27 | address = "2001:19f0:b800:1bf8::1"; 28 | prefixLength = 64; 29 | } 30 | ]; 31 | }; 32 | }; 33 | system.stateVersion = "22.05"; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/alcyone/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [../common/optional/ephemeral-btrfs.nix]; 3 | 4 | boot = { 5 | initrd = { 6 | availableKernelModules = [ 7 | "ata_piix" 8 | "sr_mod" 9 | "uhci_hcd" 10 | "virtio_blk" 11 | "virtio_pci" 12 | ]; 13 | }; 14 | loader.grub = { 15 | enable = true; 16 | version = 2; 17 | device = "/dev/vda"; 18 | }; 19 | }; 20 | 21 | fileSystems."/boot" = { 22 | device = "/dev/disk/by-label/alcyone"; 23 | fsType = "btrfs"; 24 | options = ["subvol=boot"]; 25 | }; 26 | 27 | swapDevices = [ 28 | { 29 | device = "/swap/swapfile"; 30 | size = 3072; 31 | } 32 | ]; 33 | 34 | hardware.cpu.intel.updateMicrocode = true; 35 | 36 | virtualisation.hypervGuest.enable = true; 37 | systemd.services.hv-kvp.unitConfig.ConditionPathExists = ["/dev/vmbus/hv_kvp"]; 38 | 39 | nixpkgs.hostPlatform = "x86_64-linux"; 40 | } 41 | -------------------------------------------------------------------------------- /hosts/alcyone/services/cgit/.gitignore: -------------------------------------------------------------------------------- 1 | .sass-cache 2 | -------------------------------------------------------------------------------- /hosts/alcyone/services/cgit/cgit.scss: -------------------------------------------------------------------------------- 1 | td.linenos { 2 | width: 2em; 3 | font-size: 0.9em; 4 | padding-top: 1.28em; 5 | } 6 | 7 | /* Highlight diff */ 8 | code span { 9 | &.head { 10 | color: var(--highlight); 11 | } 12 | &.hunk { 13 | color: var(--text-muted); 14 | } 15 | &.ctx { 16 | color: var(--text-main); 17 | } 18 | &.add { 19 | color: var(--positive); 20 | } 21 | &.del { 22 | color: var(--negative); 23 | } 24 | } 25 | 26 | /* Light up targeted line (for linking, etc) */ 27 | pre > code { 28 | position: relative; 29 | a[id^='line-'] { 30 | height: 1.18rem; 31 | width: 101.96%; 32 | position: absolute; 33 | left: -1em; 34 | pointer-events: none; 35 | &:target { 36 | background-color: var(--highlight); 37 | opacity: 0.3; 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /hosts/alcyone/services/cgit/head.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /hosts/alcyone/services/cgit/nav.html: -------------------------------------------------------------------------------- 1 |
{ Gabriel Fontes }
2 | 3 | 13 | -------------------------------------------------------------------------------- /hosts/alcyone/services/cincobola.nix: -------------------------------------------------------------------------------- 1 | # Something I did for a UI/UX class I took 2 | # Decided to keep around to help out freshmen 3 | {pkgs, ...}: let 4 | cincobola = pkgs.stdenv.mkDerivation { 5 | name = "cincobola"; 6 | JEKYLL_ENV = "production"; 7 | src = pkgs.fetchFromGitHub { 8 | owner = "misterio77"; 9 | repo = "BSI-SCC0560"; 10 | rev = "bd1dcc3"; 11 | hash = "sha256-npPYxuZkqZWS0nRGc9IpTNviWzF5sFNUeVTdS6486lg="; 12 | }; 13 | buildInputs = [pkgs.jekyll]; 14 | buildPhase = '' 15 | jekyll build 16 | ''; 17 | installPhase = '' 18 | cp -r _site -T $out 19 | ''; 20 | }; 21 | days = n: (hours n) * 24; 22 | hours = n: (minutes n) * 60; 23 | minutes = n: n * 60; 24 | in { 25 | services.nginx.virtualHosts."cincobola.misterio.me" = { 26 | forceSSL = true; 27 | enableACME = true; 28 | locations = { 29 | "/" = { 30 | root = cincobola; 31 | tryFiles = "$uri $uri.html $uri/ =404"; 32 | extraConfig = '' 33 | error_page 404 /404.html; 34 | add_header Cache-Control "max-age=${toString (minutes 15)}"; 35 | ''; 36 | }; 37 | "/assets/" = { 38 | root = cincobola; 39 | extraConfig = '' 40 | add_header Cache-Control "max-age=${toString (days 30)}"; 41 | ''; 42 | }; 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /hosts/alcyone/services/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ../../common/optional/nginx.nix 4 | ../../common/optional/mysql.nix 5 | ../../common/optional/postgres.nix 6 | 7 | ./grafana 8 | ./cincobola.nix 9 | ./files-server.nix 10 | ./git-remote.nix 11 | ./headscale.nix 12 | ./mail.nix 13 | ./prometheus.nix 14 | ./radicale.nix 15 | 16 | # Disabled for now 17 | # ./cgit 18 | ./website 19 | ]; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/alcyone/services/files-server.nix: -------------------------------------------------------------------------------- 1 | let 2 | files = { 3 | forceSSL = true; 4 | enableACME = true; 5 | locations."/".root = "/srv/files"; 6 | }; 7 | in { 8 | services.nginx.virtualHosts = { 9 | "files.m7.rs" = files; 10 | "f.m7.rs" = files; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/alcyone/services/firefly.nix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/hosts/alcyone/services/firefly.nix -------------------------------------------------------------------------------- /hosts/alcyone/services/git-remote.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | environment.persistence = { 7 | "/persist".directories = ["/srv/git"]; 8 | }; 9 | 10 | services.gitDaemon = { 11 | enable = true; 12 | basePath = "/srv/git"; 13 | exportAll = true; 14 | }; 15 | networking.firewall.allowedTCPPorts = [9418]; 16 | 17 | users = { 18 | users.git = { 19 | home = "/srv/git"; 20 | createHome = true; 21 | homeMode = "755"; 22 | isSystemUser = true; 23 | shell = "${pkgs.bash}/bin/bash"; 24 | group = "git"; 25 | packages = [pkgs.git]; 26 | openssh.authorizedKeys.keys = config.users.users.gabriel.openssh.authorizedKeys.keys; 27 | }; 28 | groups.git = {}; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/alcyone/services/grafana/default.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets = { 3 | grafana-gabriel-password = { 4 | sopsFile = ../../secrets.yaml; 5 | owner = "grafana"; 6 | }; 7 | grafana-mail-password = { 8 | sopsFile = ../../secrets.yaml; 9 | owner = "grafana"; 10 | }; 11 | }; 12 | 13 | services = { 14 | grafana = { 15 | enable = true; 16 | settings = { 17 | server.http_port = 3000; 18 | users.default_theme = "system"; 19 | dashboards.default_home_dashboard_path = "${./dashboards}/hosts.json"; 20 | security = { 21 | admin_user = "gabriel"; 22 | admin_email = "hi@m7.rs"; 23 | admin_password = "$__file{${config.sops.secrets.grafana-gabriel-password.path}}"; 24 | cookie_secure = true; 25 | }; 26 | "auth.anonymous" = { 27 | enabled = true; 28 | }; 29 | smtp = rec { 30 | enabled = true; 31 | host = "mail.m7.rs:465"; 32 | from_address = user; 33 | user = config.mailserver.loginAccounts."grafana@m7.rs".name; 34 | password = "$__file{${config.sops.secrets.grafana-mail-password.path}}"; 35 | }; 36 | }; 37 | provision = { 38 | enable = true; 39 | dashboards.settings.providers = [{ 40 | options.path = ./dashboards; 41 | }]; 42 | datasources.settings = { 43 | apiVersion = 1; 44 | datasources = [ 45 | { 46 | name = "Prometheus"; 47 | type = "prometheus"; 48 | access = "proxy"; 49 | url = "https://metrics.m7.rs"; 50 | isDefault = true; 51 | } 52 | ]; 53 | }; 54 | }; 55 | }; 56 | nginx.virtualHosts = { 57 | "dash.m7.rs" = let 58 | port = config.services.grafana.settings.server.http_port; 59 | in { 60 | forceSSL = true; 61 | enableACME = true; 62 | locations."/".proxyPass = "http://localhost:${toString port}"; 63 | }; 64 | }; 65 | }; 66 | } 67 | -------------------------------------------------------------------------------- /hosts/alcyone/services/headscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: let 5 | derpPort = 3478; 6 | in { 7 | services = { 8 | headscale = { 9 | enable = true; 10 | port = 8085; 11 | address = "127.0.0.1"; 12 | settings = { 13 | dns = { 14 | override_local_dns = true; 15 | base_domain = "ts.m7.rs"; 16 | magic_dns = true; 17 | nameservers.global = ["9.9.9.9"]; 18 | extra_records = [ 19 | { 20 | name = "merope.m7.rs"; 21 | type = "A"; 22 | value = "100.77.0.5"; 23 | } 24 | ]; 25 | }; 26 | server_url = "https://tailscale.m7.rs"; 27 | metrics_listen_addr = "127.0.0.1:8095"; 28 | logtail = { 29 | enabled = false; 30 | }; 31 | log = { 32 | level = "warn"; 33 | }; 34 | ip_prefixes = [ 35 | "100.77.0.0/24" 36 | "fd7a:115c:a1e0:77::/64" 37 | ]; 38 | derp.server = { 39 | enable = true; 40 | region_id = 999; 41 | stun_listen_addr = "0.0.0.0:${toString derpPort}"; 42 | }; 43 | }; 44 | }; 45 | 46 | nginx.virtualHosts = { 47 | "tailscale.m7.rs" = { 48 | forceSSL = true; 49 | enableACME = true; 50 | locations = { 51 | "/" = { 52 | proxyPass = "http://localhost:${toString config.services.headscale.port}"; 53 | proxyWebsockets = true; 54 | }; 55 | "/metrics" = { 56 | proxyPass = "http://${config.services.headscale.settings.metrics_listen_addr}/metrics"; 57 | }; 58 | }; 59 | }; 60 | "tailscale.misterio.me" = { 61 | forceSSL = true; 62 | enableACME = true; 63 | locations."/".return = "302 https://tailscale.m7.rs$request_uri"; 64 | }; 65 | }; 66 | }; 67 | 68 | # Derp server 69 | networking.firewall.allowedUDPPorts = [derpPort]; 70 | 71 | environment.systemPackages = [config.services.headscale.package]; 72 | 73 | environment.persistence = { 74 | "/persist".directories = ["/var/lib/headscale"]; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /hosts/alcyone/services/prometheus.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | outputs, 4 | lib, 5 | ... 6 | }: let 7 | hosts = lib.attrNames outputs.nixosConfigurations; 8 | in { 9 | services = { 10 | prometheus = { 11 | enable = true; 12 | globalConfig = { 13 | # Scrape a bit more frequently 14 | scrape_interval = "30s"; 15 | }; 16 | scrapeConfigs = [ 17 | { 18 | job_name = "hydra"; 19 | scheme = "https"; 20 | static_configs = [{targets = ["hydra.m7.rs"];}]; 21 | } 22 | { 23 | job_name = "headscale"; 24 | scheme = "https"; 25 | static_configs = [{targets = ["tailscale.m7.rs"];}]; 26 | } 27 | { 28 | job_name = "grafana"; 29 | scheme = "https"; 30 | static_configs = [{targets = ["dash.m7.rs"];}]; 31 | } 32 | { 33 | job_name = "prometheus"; 34 | scheme = "https"; 35 | static_configs = [{targets = ["metrics.m7.rs"];}]; 36 | } 37 | { 38 | job_name = "nginx"; 39 | scheme = "https"; 40 | static_configs = [ 41 | { 42 | targets = [ 43 | "alcyone.m7.rs" 44 | "celaeno.m7.rs" 45 | "merope.m7.rs" 46 | ]; 47 | } 48 | ]; 49 | } 50 | { 51 | job_name = "hosts"; 52 | scheme = "http"; 53 | static_configs = 54 | map (hostname: { 55 | targets = ["${hostname}:${toString config.services.prometheus.exporters.node.port}"]; 56 | labels.instance = hostname; 57 | }) 58 | hosts; 59 | } 60 | ]; 61 | extraFlags = let 62 | prometheus = config.services.prometheus.package; 63 | in [ 64 | # Custom consoles 65 | "--web.console.templates=${prometheus}/etc/prometheus/consoles" 66 | "--web.console.libraries=${prometheus}/etc/prometheus/console_libraries" 67 | ]; 68 | }; 69 | nginx.virtualHosts = { 70 | "metrics.m7.rs" = { 71 | forceSSL = true; 72 | enableACME = true; 73 | locations."/".proxyPass = "http://localhost:${toString config.services.prometheus.port}"; 74 | }; 75 | }; 76 | }; 77 | 78 | environment.persistence = { 79 | "/persist".directories = ["/var/lib/prometheus2"]; 80 | }; 81 | } 82 | -------------------------------------------------------------------------------- /hosts/alcyone/services/radicale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: let 5 | port = "5232"; 6 | in { 7 | services = { 8 | radicale = { 9 | enable = true; 10 | settings = { 11 | server = { 12 | hosts = [ 13 | "127.0.0.1:${port}" 14 | "::1:${port}" 15 | ]; 16 | }; 17 | auth = { 18 | type = "htpasswd"; 19 | htpasswd_filename = config.sops.secrets.radicale-htpasswd.path; 20 | htpasswd_encryption = "bcrypt"; 21 | }; 22 | storage = { 23 | filesystem_folder = "/var/lib/radicale/collections"; 24 | }; 25 | }; 26 | }; 27 | nginx.virtualHosts = { 28 | "dav.m7.rs" = { 29 | forceSSL = true; 30 | enableACME = true; 31 | locations."/".proxyPass = "http://localhost:${port}"; 32 | extraConfig = '' 33 | proxy_set_header X-Script-Name /; 34 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 35 | proxy_pass_header Authorization; 36 | ''; 37 | }; 38 | }; 39 | }; 40 | sops.secrets.radicale-htpasswd = { 41 | sopsFile = ../secrets.yaml; 42 | owner = config.users.users.radicale.name; 43 | group = config.users.users.radicale.group; 44 | }; 45 | 46 | environment.persistence = { 47 | "/persist".directories = ["/var/lib/radicale"]; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /hosts/alcyone/services/website/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: let 2 | website = pkgs.inputs.website.default; 3 | pgpKey = ../../../../home/gabriel/pgp.asc; 4 | sshKey = ../../../../home/gabriel/ssh.pub; 5 | redir = { 6 | forceSSL = true; 7 | enableACME = true; 8 | locations."/".return = "302 https://m7.rs$request_uri"; 9 | }; 10 | days = n: (hours n) * 24; 11 | hours = n: (minutes n) * 60; 12 | minutes = n: n * 60; 13 | in { 14 | imports = [ 15 | ./themes.nix 16 | ./shortner.nix 17 | ]; 18 | 19 | services.nginx.virtualHosts = { 20 | "m7.rs" = { 21 | forceSSL = true; 22 | enableACME = true; 23 | locations = { 24 | "/" = { 25 | root = "${website}/public"; 26 | extraConfig = '' 27 | add_header Cache-Control "max-age=${toString (minutes 5)}, stale-while-revalidate=${toString (minutes 15)}"; 28 | ''; 29 | }; 30 | "/assets/" = { 31 | root = "${website}/public"; 32 | extraConfig = '' 33 | add_header Cache-Control "max-age=${toString (hours 1)}, stale-while-revalidate=${toString (days 30)}"; 34 | ''; 35 | }; 36 | 37 | "=/nix" = { 38 | # Script to download static nix 39 | alias = ./scripts/nix-installer.sh; 40 | }; 41 | 42 | "=/setup-gpg" = { 43 | alias = ./scripts/setup-gpg.sh; 44 | }; 45 | 46 | "=/7088C7421873E0DB97FF17C2245CAB70B4C225E9.asc".alias = pgpKey; 47 | "=/pgp.asc".alias = pgpKey; 48 | "=/pgp".alias = pgpKey; 49 | "=/ssh.pub".alias = sshKey; 50 | "=/ssh".alias = sshKey; 51 | }; 52 | }; 53 | "gsfontes.com" = redir; 54 | "misterio.me" = redir; 55 | }; 56 | } 57 | -------------------------------------------------------------------------------- /hosts/alcyone/services/website/scripts/nix-installer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -euo pipefail 4 | 5 | arch="$(uname -m)" 6 | job="https://hydra.nixos.org/job/nix/master/buildStatic.$arch-linux/latest/download-by-type/file/binary-dist" 7 | 8 | dir="$HOME/.local/share/nix/bin" 9 | mkdir -p "$dir" 10 | if [ -f "$dir/nix" ]; then 11 | curl -L "$job" -o "$dir/nix" -z "$dir/nix" 12 | else 13 | curl -L "$job" -o "$dir/nix" 14 | fi 15 | chmod +x "$dir/nix" 16 | 17 | comment="# Added by misterio nix installer" 18 | 19 | if ! grep -sq "$comment" "$HOME/.profile" ; then 20 | mkdir -p "$HOME/.config/nix" 21 | echo "$comment" >> "$HOME/.config/nix/nix.conf" 22 | echo 'experimental-features = nix-command flakes' >> "$HOME/.config/nix/nix.conf" 23 | fi 24 | 25 | if ! grep -sq "$comment" "$HOME/.profile" ; then 26 | echo "$comment" >> "$HOME/.profile" 27 | echo "export PATH=\"$dir:\$PATH\"" >> "$HOME/.profile" 28 | echo >&2 "The directory '$dir' has been added to your PATH variable on '~/.profile'." 29 | echo >&2 "Re-login or do 'source ~/.profile' to update it." 30 | fi 31 | -------------------------------------------------------------------------------- /hosts/alcyone/services/website/scripts/setup-gpg.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | pgp_id="7088C7421873E0DB97FF17C2245CAB70B4C225E9" 4 | ssh_keygrip="149F16412997785363112F3DBD713BC91D51B831" 5 | 6 | set -eu 7 | 8 | check_bin() { 9 | if ! which "$1" > /dev/null; then 10 | echo "'$1' is not available" >&2 11 | exit 1 12 | fi 13 | } 14 | 15 | check_bin gpg 16 | check_bin pinentry 17 | echo "GPG and Pinentry located" >&2 18 | 19 | if ! gpg -k "$pgp_id" > /dev/null 2> /dev/null; then 20 | echo "Downloading public key" >&2 21 | gpg --receive-keys "$pgp_id" 22 | fi 23 | if ! gpg -K "$pgp_id" > /dev/null 2> /dev/null; then 24 | echo "Searching card for private keystubs" >&2 25 | gpg --card-status 26 | fi 27 | 28 | if ! grep -q "pinentry-program" ~/.gnupg/gpg-agent.conf 2>/dev/null; then 29 | echo "pinentry-program $(readlink -f "$(which pinentry)")" >> ~/.gnupg/gpg-agent.conf 30 | fi 31 | if ! grep -q "enable-ssh-support" ~/.gnupg/gpg-agent.conf 2>/dev/null; then 32 | echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf 33 | fi 34 | if ! grep -q "$ssh_keygrip" ~/.gnupg/sshcontrol 2>/dev/null; then 35 | echo "$ssh_keygrip" >> ~/.gnupg/sshcontrol 36 | fi 37 | 38 | echo "GPG configured" >&2 39 | 40 | gpgconf --kill gpg-agent 41 | gpgconf --launch gpg-agent 42 | gpg-connect-agent updatestartuptty /bye 43 | 44 | echo "GPG Agent restarted" >&2 45 | 46 | export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" 47 | echo "SSH socket set" >&2 48 | -------------------------------------------------------------------------------- /hosts/alcyone/services/website/shortner.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | services.nginx.virtualHosts."m7.rs" = { 3 | forceSSL = true; 4 | enableACME = true; 5 | locations = lib.mapAttrs' (n: v: lib.nameValuePair "/l/${n}" {return = "302 ${v}$request_uri";}) { 6 | "booletim" = "https://drive.google.com/uc?export=download&id=1cPemsZV3mUq9nfPMW1nKE7CssijMk7s0"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/alcyone/services/website/themes.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: let 6 | themes = pkgs.stdenv.mkDerivation { 7 | name = "website-themes"; 8 | src = builtins.toFile "schemes" (builtins.toJSON inputs.nix-colors.colorSchemes); 9 | dontUnpack = true; 10 | buildInputs = [pkgs.jq]; 11 | buildPhase = '' 12 | build_css() { 13 | scheme_name="$1" 14 | scheme=$(jq -r --arg scheme_name "$scheme_name" '.[$scheme_name]' $src) 15 | 16 | jq -r '" 17 | /* \(.name) by \(.author) */ 18 | :root { 19 | --scheme-name: \"\(.name)\"; 20 | --scheme-author: \"\(.author)\"; 21 | --base00: #\(.palette.base00); 22 | --base01: #\(.palette.base01); 23 | --base02: #\(.palette.base02); 24 | --base03: #\(.palette.base03); 25 | --base04: #\(.palette.base04); 26 | --base05: #\(.palette.base05); 27 | --base06: #\(.palette.base06); 28 | --base07: #\(.palette.base07); 29 | --base08: #\(.palette.base08); 30 | --base09: #\(.palette.base09); 31 | --base0A: #\(.palette.base0A); 32 | --base0B: #\(.palette.base0B); 33 | --base0C: #\(.palette.base0C); 34 | --base0D: #\(.palette.base0D); 35 | --base0E: #\(.palette.base0E); 36 | --base0F: #\(.palette.base0F); 37 | } 38 | "' <<< "$scheme" > "$scheme_name.css" 39 | } 40 | 41 | for scheme_name in $(jq -r 'keys[]' $src); do 42 | build_css "$scheme_name" & 43 | done 44 | 45 | wait 46 | ''; 47 | installPhase = '' 48 | mkdir $out 49 | cp $src $out/themes.json 50 | cp *.css $out/ 51 | ''; 52 | }; 53 | days = n: toString (n * 60 * 60 * 24); 54 | in { 55 | services.nginx.virtualHosts = { 56 | "m7.rs" = { 57 | forceSSL = true; 58 | enableACME = true; 59 | locations = { 60 | "/colors/" = { 61 | alias = "${themes}/"; 62 | extraConfig = '' 63 | add_header Access-Control-Allow-Origin *; 64 | add_header Cache-Control "max-age=${days 1}, stale-while-revalidate=${days 365}"; 65 | ''; 66 | }; 67 | }; 68 | }; 69 | "colors.m7.rs" = { 70 | forceSSL = true; 71 | enableACME = true; 72 | locations."/".return = "301 https://m7.rs/colors$request_uri"; 73 | }; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /hosts/alcyone/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHy3DHDyKvDNlhoOqtFniX9woS6DRLKlImZRkjUj6Uh 2 | -------------------------------------------------------------------------------- /hosts/atlas/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.hardware.nixosModules.common-cpu-amd 8 | inputs.hardware.nixosModules.common-gpu-amd 9 | inputs.hardware.nixosModules.common-pc-ssd 10 | 11 | ./hardware-configuration.nix 12 | 13 | ../common/global 14 | ../common/users/gabriel 15 | 16 | ../common/optional/peripherals.nix 17 | ../common/optional/greetd.nix 18 | ../common/optional/pipewire.nix 19 | ../common/optional/quietboot.nix 20 | ../common/optional/wireless.nix 21 | ../common/optional/lxd.nix 22 | 23 | ../common/optional/starcitizen-fixes.nix 24 | ]; 25 | 26 | environment.systemPackages = with pkgs; [ 27 | hello 28 | ]; 29 | networking = { 30 | hostName = "atlas"; 31 | useDHCP = true; 32 | }; 33 | 34 | boot = { 35 | kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest; 36 | binfmt.emulatedSystems = [ 37 | "aarch64-linux" 38 | "i686-linux" 39 | ]; 40 | }; 41 | 42 | programs = { 43 | adb.enable = true; 44 | dconf.enable = true; 45 | }; 46 | 47 | hardware.graphics.enable = true; 48 | 49 | system.stateVersion = "22.05"; 50 | } 51 | -------------------------------------------------------------------------------- /hosts/atlas/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ../common/optional/ephemeral-btrfs.nix 4 | ../common/optional/encrypted-root.nix 5 | ]; 6 | 7 | boot = { 8 | initrd = { 9 | availableKernelModules = [ 10 | "nvme" 11 | "xhci_pci" 12 | "ahci" 13 | "usb_storage" 14 | "usbhid" 15 | "sd_mod" 16 | ]; 17 | kernelModules = ["kvm-amd"]; 18 | }; 19 | loader = { 20 | systemd-boot = { 21 | enable = true; 22 | consoleMode = "max"; 23 | }; 24 | efi.canTouchEfiVariables = true; 25 | }; 26 | }; 27 | 28 | fileSystems = { 29 | "/boot" = { 30 | device = "/dev/disk/by-label/ESP"; 31 | fsType = "vfat"; 32 | }; 33 | }; 34 | 35 | swapDevices = [ 36 | { 37 | device = "/swap/swapfile"; 38 | size = 8196; 39 | } 40 | ]; 41 | 42 | nixpkgs.hostPlatform.system = "x86_64-linux"; 43 | hardware.cpu.amd.updateMicrocode = true; 44 | } 45 | -------------------------------------------------------------------------------- /hosts/atlas/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTFVIKH3sZyHcBUNG8wZTnOnC7M/APZHvboakGWWG24 2 | -------------------------------------------------------------------------------- /hosts/celaeno/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ./hardware-configuration.nix 4 | ./services 5 | 6 | ../common/global 7 | ../common/users/gabriel 8 | ../common/optional/docker.nix 9 | ]; 10 | 11 | networking = { 12 | hostName = "celaeno"; 13 | useDHCP = true; 14 | }; 15 | system.stateVersion = "22.05"; 16 | # Slows down write operations considerably 17 | nix.settings.auto-optimise-store = false; 18 | 19 | boot.binfmt.emulatedSystems = [ 20 | "x86_64-linux" 21 | "i686-linux" 22 | ]; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/celaeno/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, ...}: { 2 | imports = [ 3 | ../common/optional/ephemeral-btrfs.nix 4 | (modulesPath + "/profiles/qemu-guest.nix") 5 | ]; 6 | 7 | boot = { 8 | initrd = { 9 | availableKernelModules = [ 10 | "xhci_pci" 11 | "virtio_pci" 12 | "usbhid" 13 | ]; 14 | }; 15 | loader = { 16 | systemd-boot = { 17 | enable = true; 18 | consoleMode = "max"; 19 | }; 20 | efi.canTouchEfiVariables = true; 21 | }; 22 | # Enable nested virtualization 23 | extraModprobeConfig = "options kvm nested=1"; 24 | }; 25 | 26 | fileSystems = { 27 | "/boot" = { 28 | device = "/dev/disk/by-label/ESP"; 29 | fsType = "vfat"; 30 | }; 31 | }; 32 | 33 | swapDevices = [ 34 | { 35 | device = "/swap/swapfile"; 36 | size = 8196; 37 | } 38 | ]; 39 | 40 | nixpkgs.hostPlatform.system = "aarch64-linux"; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/celaeno/services/binary-cache.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | sops.secrets.cache-sig-key = { 7 | sopsFile = ../secrets.yaml; 8 | }; 9 | 10 | services = { 11 | nix-serve = { 12 | enable = true; 13 | secretKeyFile = config.sops.secrets.cache-sig-key.path; 14 | package = pkgs.nix-serve; 15 | }; 16 | nginx.virtualHosts."cache.m7.rs" = { 17 | forceSSL = true; 18 | enableACME = true; 19 | locations."/".extraConfig = '' 20 | proxy_pass http://localhost:${toString config.services.nix-serve.port}; 21 | proxy_set_header Host $host; 22 | proxy_set_header X-Real-IP $remote_addr; 23 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 24 | ''; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /hosts/celaeno/services/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ../../common/optional/nginx.nix 4 | ../../common/optional/mysql.nix 5 | ../../common/optional/postgres.nix 6 | 7 | ./binary-cache.nix 8 | ./paste-misterio-me.nix 9 | ./disconic.nix 10 | ./hydra 11 | ]; 12 | 13 | networking.firewall.allowedTCPPorts = [5432]; 14 | } 15 | -------------------------------------------------------------------------------- /hosts/celaeno/services/disconic.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | pkgs, 5 | ... 6 | }: { 7 | imports = [inputs.disconic.nixosModules.default]; 8 | 9 | services.disconic = { 10 | enable = true; 11 | package = pkgs.inputs.disconic.default; 12 | user = "disconic"; 13 | environmentFile = config.sops.secrets.disconic-secrets.path; 14 | }; 15 | 16 | sops.secrets = { 17 | disconic-secrets = { 18 | owner = "disconic"; 19 | group = "disconic"; 20 | sopsFile = ../secrets.yaml; 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/celaeno/services/hydra/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: let 6 | hydraUser = config.users.users.hydra.name; 7 | hydraGroup = config.users.users.hydra.group; 8 | in { 9 | imports = [./machines.nix]; 10 | 11 | # https://github.com/NixOS/nix/issues/4178#issuecomment-738886808 12 | systemd.services.hydra-evaluator.environment.GC_DONT_GC = "true"; 13 | 14 | services = { 15 | hydra = { 16 | enable = true; 17 | package = pkgs.hydra_unstable; 18 | hydraURL = "https://hydra.m7.rs"; 19 | notificationSender = "hydra@m7.rs"; 20 | listenHost = "localhost"; 21 | smtpHost = "localhost"; 22 | useSubstitutes = true; 23 | extraConfig = 24 | /* 25 | xml 26 | */ 27 | '' 28 | Include ${config.sops.secrets.hydra-gh-auth.path} 29 | max_unsupported_time = 30 30 | 31 | jobs = .* 32 | useShortContext = true 33 | 34 | ''; 35 | extraEnv = { 36 | HYDRA_DISALLOW_UNFREE = "0"; 37 | }; 38 | }; 39 | nginx.virtualHosts = { 40 | "hydra.m7.rs" = { 41 | forceSSL = true; 42 | enableACME = true; 43 | locations = { 44 | "~* ^/shield/([^\\s]*)".return = "302 https://img.shields.io/endpoint?url=https://hydra.m7.rs/$1/shield"; 45 | "/".proxyPass = "http://localhost:${toString config.services.hydra.port}"; 46 | }; 47 | }; 48 | }; 49 | }; 50 | users.users = { 51 | hydra-queue-runner.extraGroups = [hydraGroup]; 52 | hydra-www.extraGroups = [hydraGroup]; 53 | }; 54 | sops.secrets = { 55 | hydra-gh-auth = { 56 | sopsFile = ../../secrets.yaml; 57 | owner = hydraUser; 58 | group = hydraGroup; 59 | mode = "0440"; 60 | }; 61 | nix-ssh-key = { 62 | sopsFile = ../../secrets.yaml; 63 | owner = hydraUser; 64 | group = hydraGroup; 65 | mode = "0440"; 66 | }; 67 | }; 68 | 69 | environment.persistence = { 70 | "/persist".directories = ["/var/lib/hydra"]; 71 | }; 72 | } 73 | -------------------------------------------------------------------------------- /hosts/celaeno/services/hydra/machines.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | mkBuildMachine = { 7 | uri ? null, 8 | systems ? null, 9 | sshKey ? null, 10 | maxJobs ? 1, 11 | speedFactor ? 1, 12 | supportedFeatures ? null, 13 | mandatoryFeatures ? null, 14 | publicHostKey ? null, 15 | }: let 16 | field = x: 17 | if (x == null || x == [] || x == "") 18 | then "-" 19 | else if (builtins.isInt x) 20 | then (builtins.toString x) 21 | else if (builtins.isList x) 22 | then (builtins.concatStringsSep "," x) 23 | else x; 24 | in '' 25 | ${field uri} ${field systems} ${field sshKey} ${field maxJobs} ${field speedFactor} ${field supportedFeatures} ${field mandatoryFeatures} ${field publicHostKey} 26 | ''; 27 | mkBuildMachines = machines: builtins.toFile "machines" (lib.concatStringsSep "\n" (map mkBuildMachine machines)); 28 | in { 29 | services.hydra.buildMachinesFiles = [ 30 | (mkBuildMachines [ 31 | { 32 | uri = "ssh://nix-ssh@taygeta"; 33 | systems = [ 34 | "x86_64-linux" 35 | "i686-linux" 36 | ]; 37 | sshKey = config.sops.secrets.nix-ssh-key.path; 38 | maxJobs = 8; 39 | supportedFeatures = [ 40 | "kvm" 41 | "big-parallel" 42 | "nixos-test" 43 | ]; 44 | } 45 | { 46 | uri = "localhost"; 47 | systems = [ 48 | "aarch64-linux" 49 | ]; 50 | maxJobs = 4; 51 | supportedFeatures = [ 52 | "kvm" 53 | "big-parallel" 54 | "nixos-test" 55 | ]; 56 | } 57 | ]) 58 | ]; 59 | } 60 | -------------------------------------------------------------------------------- /hosts/celaeno/services/paste-misterio-me.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | pkgs, 5 | ... 6 | }: { 7 | imports = [inputs.paste-misterio-me.nixosModules.server]; 8 | 9 | services = { 10 | paste-misterio-me = { 11 | enable = true; 12 | package = pkgs.inputs.paste-misterio-me.server; 13 | database.createLocally = true; 14 | environmentFile = config.sops.secrets.paste-misterio-me-secrets.path; 15 | port = 8082; 16 | maxBodySize = "30MiB"; 17 | }; 18 | 19 | nginx.virtualHosts."paste.misterio.me" = { 20 | forceSSL = true; 21 | enableACME = true; 22 | extraConfig = '' 23 | client_max_body_size 30M; 24 | ''; 25 | locations."/".proxyPass = "http://localhost:${toString config.services.paste-misterio-me.port}"; 26 | }; 27 | }; 28 | 29 | sops.secrets.paste-misterio-me-secrets = { 30 | owner = "paste"; 31 | group = "paste"; 32 | sopsFile = ../secrets.yaml; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/celaeno/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIECUvi2AFzeH5eDbTkxONVBSIqF8E4Rg+VTjzGZuN0tr root@kexec 2 | -------------------------------------------------------------------------------- /hosts/common/global/acme.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Enable acme for usage with nginx vhosts 3 | security.acme = { 4 | defaults.email = "eu@misterio.me"; 5 | acceptTerms = true; 6 | }; 7 | 8 | environment.persistence = { 9 | "/persist" = { 10 | directories = ["/var/lib/acme"]; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/common/global/auto-upgrade.nix: -------------------------------------------------------------------------------- 1 | {inputs, config, ...}: { 2 | system.hydraAutoUpgrade = { 3 | # Only enable if not dirty 4 | enable = inputs.self ? rev; 5 | dates = "*:0/10"; # Every 10 minutes 6 | instance = "https://hydra.m7.rs"; 7 | project = "nix-config"; 8 | jobset = "main"; 9 | job = "hosts.${config.networking.hostName}"; 10 | oldFlakeRef = "self"; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/common/global/default.nix: -------------------------------------------------------------------------------- 1 | # This file (and the global directory) holds config that i use on all hosts 2 | { 3 | inputs, 4 | outputs, 5 | ... 6 | }: { 7 | imports = 8 | [ 9 | inputs.home-manager.nixosModules.home-manager 10 | ./acme.nix 11 | ./auto-upgrade.nix 12 | ./fish.nix 13 | ./locale.nix 14 | ./nix.nix 15 | ./openssh.nix 16 | ./optin-persistence.nix 17 | ./podman.nix 18 | ./sops.nix 19 | ./ssh-serve-store.nix 20 | ./steam-hardware.nix 21 | ./systemd-initrd.nix 22 | ./swappiness.nix 23 | ./tailscale.nix 24 | ./tpm.nix 25 | ./gamemode.nix 26 | ./nix-ld.nix 27 | ./prometheus-node-exporter.nix 28 | ./kdeconnect.nix 29 | ./upower.nix 30 | ] 31 | ++ (builtins.attrValues outputs.nixosModules); 32 | 33 | home-manager.useGlobalPkgs = true; 34 | home-manager.extraSpecialArgs = { 35 | inherit inputs outputs; 36 | }; 37 | 38 | nixpkgs = { 39 | overlays = builtins.attrValues outputs.overlays; 40 | config = { 41 | allowUnfree = true; 42 | }; 43 | }; 44 | 45 | hardware.enableRedistributableFirmware = true; 46 | networking.domain = "m7.rs"; 47 | 48 | # Increase open file limit for sudoers 49 | security.pam.loginLimits = [ 50 | { 51 | domain = "@wheel"; 52 | item = "nofile"; 53 | type = "soft"; 54 | value = "524288"; 55 | } 56 | { 57 | domain = "@wheel"; 58 | item = "nofile"; 59 | type = "hard"; 60 | value = "1048576"; 61 | } 62 | ]; 63 | 64 | # Cleanup stuff included by default 65 | services.speechd.enable = false; 66 | } 67 | -------------------------------------------------------------------------------- /hosts/common/global/fish.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.fish = { 3 | enable = true; 4 | vendor = { 5 | completions.enable = true; 6 | config.enable = true; 7 | functions.enable = true; 8 | }; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/common/global/gamemode.nix: -------------------------------------------------------------------------------- 1 | {programs.gamemode.enable = true;} 2 | -------------------------------------------------------------------------------- /hosts/common/global/kdeconnect.nix: -------------------------------------------------------------------------------- 1 | { 2 | networking.firewall = { 3 | allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; 4 | allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/common/global/locale.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | i18n = { 3 | defaultLocale = lib.mkDefault "en_US.UTF-8"; 4 | extraLocaleSettings = { 5 | LC_TIME = lib.mkDefault "pt_BR.UTF-8"; 6 | }; 7 | supportedLocales = lib.mkDefault [ 8 | "en_US.UTF-8/UTF-8" 9 | "pt_BR.UTF-8/UTF-8" 10 | ]; 11 | }; 12 | location.provider = "geoclue2"; 13 | time.timeZone = lib.mkDefault "America/Sao_Paulo"; 14 | services.automatic-timezoned.enable = true; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/common/global/nix-ld.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.nix-ld = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/common/global/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | ... 5 | }: let 6 | flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; 7 | in { 8 | nix = { 9 | settings = { 10 | extra-substituters = lib.mkAfter ["https://cache.m7.rs"]; 11 | extra-trusted-public-keys = ["cache.m7.rs:kszZ/NSwE/TjhOcPPQ16IuUiuRSisdiIwhKZCxguaWg="]; 12 | trusted-users = [ 13 | "root" 14 | "@wheel" 15 | ]; 16 | auto-optimise-store = lib.mkDefault true; 17 | experimental-features = [ 18 | "nix-command" 19 | "flakes" 20 | "ca-derivations" 21 | ]; 22 | warn-dirty = false; 23 | system-features = [ 24 | "kvm" 25 | "big-parallel" 26 | "nixos-test" 27 | ]; 28 | flake-registry = ""; # Disable global flake registry 29 | }; 30 | gc = { 31 | automatic = true; 32 | dates = "weekly"; 33 | # Keep the last 3 generations 34 | options = "--delete-older-than +3"; 35 | }; 36 | 37 | # Add each flake input as a registry and nix_path 38 | registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; 39 | nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/common/global/openssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | outputs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | hosts = lib.attrNames outputs.nixosConfigurations; 8 | 9 | # Sops needs acess to the keys before the persist dirs are even mounted; so 10 | # just persisting the keys won't work, we must point at /persist 11 | hasOptinPersistence = config.environment.persistence ? "/persist"; 12 | in { 13 | services.openssh = { 14 | enable = true; 15 | settings = { 16 | # Harden 17 | PasswordAuthentication = false; 18 | PermitRootLogin = "no"; 19 | 20 | # Automatically remove stale sockets 21 | StreamLocalBindUnlink = "yes"; 22 | # Allow forwarding ports to everywhere 23 | GatewayPorts = "clientspecified"; 24 | # Let WAYLAND_DISPLAY be forwarded 25 | AcceptEnv = "WAYLAND_DISPLAY"; 26 | X11Forwarding = true; 27 | }; 28 | 29 | hostKeys = [ 30 | { 31 | path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"; 32 | type = "ed25519"; 33 | } 34 | ]; 35 | }; 36 | 37 | programs.ssh = { 38 | # Each hosts public key 39 | knownHosts = lib.genAttrs hosts (hostname: { 40 | publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub; 41 | extraHostNames = 42 | [ 43 | "${hostname}.m7.rs" 44 | ] 45 | ++ 46 | # Alias for localhost if it's the same host 47 | (lib.optional (hostname == config.networking.hostName) "localhost") 48 | # Alias to m7.rs and git.m7.rs if it's alcyone 49 | ++ (lib.optionals (hostname == "alcyone") [ 50 | "m7.rs" 51 | "git.m7.rs" 52 | ]); 53 | }); 54 | }; 55 | 56 | # Passwordless sudo when SSH'ing with keys 57 | # security.pam.sshAgentAuth = { 58 | # enable = true; 59 | # authorizedKeysFiles = ["/etc/ssh/authorized_keys.d/%u"]; 60 | # }; 61 | } 62 | -------------------------------------------------------------------------------- /hosts/common/global/optin-persistence.nix: -------------------------------------------------------------------------------- 1 | # This file defines the "non-hardware dependent" part of opt-in persistence 2 | # It imports impermanence, defines the basic persisted dirs, and ensures each 3 | # users' home persist dir exists and has the right permissions 4 | # 5 | # It works even if / is tmpfs, btrfs snapshot, or even not ephemeral at all. 6 | { 7 | lib, 8 | inputs, 9 | config, 10 | ... 11 | }: { 12 | imports = [inputs.impermanence.nixosModules.impermanence]; 13 | 14 | environment.persistence = { 15 | "/persist" = { 16 | files = [ 17 | "/etc/machine-id" 18 | ]; 19 | directories = [ 20 | "/var/lib/fprint" 21 | "/var/lib/systemd" 22 | "/var/lib/nixos" 23 | "/var/log" 24 | "/srv" 25 | ]; 26 | }; 27 | }; 28 | programs.fuse.userAllowOther = true; 29 | 30 | system.activationScripts.persistent-dirs.text = let 31 | mkHomePersist = user: 32 | lib.optionalString user.createHome '' 33 | mkdir -p /persist/${user.home} 34 | chown ${user.name}:${user.group} /persist/${user.home} 35 | chmod ${user.homeMode} /persist/${user.home} 36 | ''; 37 | users = lib.attrValues config.users.users; 38 | in 39 | lib.concatLines (map mkHomePersist users); 40 | } 41 | -------------------------------------------------------------------------------- /hosts/common/global/podman.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | dockerEnabled = config.virtualisation.docker.enable; 3 | in { 4 | virtualisation.podman = { 5 | enable = true; 6 | dockerCompat = !dockerEnabled; 7 | dockerSocket.enable = !dockerEnabled; 8 | defaultNetwork.settings.dns_enabled = true; 9 | }; 10 | 11 | environment.persistence = { 12 | "/persist".directories = ["/var/lib/containers"]; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /hosts/common/global/prometheus-node-exporter.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | services.prometheus.exporters.node = { 3 | enable = true; 4 | enabledCollectors = ["systemd"]; 5 | }; 6 | networking.firewall.interfaces."tailscale0" = { 7 | allowedTCPPorts = [config.services.prometheus.exporters.node.port]; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/common/global/sops.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | ... 5 | }: let 6 | isEd25519 = k: k.type == "ed25519"; 7 | getKeyPath = k: k.path; 8 | keys = builtins.filter isEd25519 config.services.openssh.hostKeys; 9 | in { 10 | imports = [inputs.sops-nix.nixosModules.sops]; 11 | 12 | sops = { 13 | age.sshKeyPaths = map getKeyPath keys; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/common/global/ssh-serve-store.nix: -------------------------------------------------------------------------------- 1 | { 2 | nix = { 3 | sshServe = { 4 | enable = true; 5 | keys = [ 6 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz0dIbaTuAihil/si33MQSFH5yBFoupwnV5gcq2CCbO nix-ssh" 7 | ]; 8 | protocol = "ssh"; 9 | write = true; 10 | }; 11 | settings.trusted-users = ["nix-ssh"]; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/common/global/steam-hardware.nix: -------------------------------------------------------------------------------- 1 | {hardware.steam-hardware.enable = true;} 2 | -------------------------------------------------------------------------------- /hosts/common/global/swappiness.nix: -------------------------------------------------------------------------------- 1 | { 2 | boot.kernel.sysctl = {"vm.swappiness" = 60; }; 3 | } 4 | -------------------------------------------------------------------------------- /hosts/common/global/systemd-initrd.nix: -------------------------------------------------------------------------------- 1 | {boot.initrd.systemd.enable = true;} 2 | -------------------------------------------------------------------------------- /hosts/common/global/tailscale.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | services.tailscale = { 3 | enable = true; 4 | useRoutingFeatures = lib.mkDefault "client"; 5 | extraUpFlags = ["--login-server https://tailscale.m7.rs"]; 6 | }; 7 | networking.firewall.allowedUDPPorts = [41641]; # Facilitate firewall punching 8 | 9 | environment.persistence = { 10 | "/persist".directories = ["/var/lib/tailscale"]; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/common/global/tpm.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | security.tpm2 = { 3 | enable = true; 4 | pkcs11.enable = true; 5 | 6 | }; 7 | boot.kernelModules = ["uhid"]; 8 | # Needed for tpm-fido 9 | services.udev.extraRules = '' 10 | KERNEL=="uhid", SUBSYSTEM=="misc", GROUP="${config.security.tpm2.tssGroup}", MODE="0660" 11 | ''; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/common/global/upower.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.upower.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /hosts/common/optional/docker.nix: -------------------------------------------------------------------------------- 1 | { 2 | virtualisation.docker = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/common/optional/encrypted-root.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | hostname = config.networking.hostName; 3 | in { 4 | boot.initrd = { 5 | luks.devices."${hostname}".device = "/dev/disk/by-label/${hostname}_crypt"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/common/optional/fail2ban.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.fail2ban = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/common/optional/gamemode.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.gamemode = { 3 | enable = true; 4 | settings = { 5 | general = { 6 | softrealtime = "on"; 7 | inhibit_screensaver = 1; 8 | }; 9 | gpu = { 10 | apply_gpu_optimisations = "accept-responsibility"; 11 | gpu_device = 0; 12 | amd_performance_level = "high"; 13 | }; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /hosts/common/optional/gnome.nix: -------------------------------------------------------------------------------- 1 | { 2 | services = { 3 | xserver = { 4 | desktopManager.gnome = { 5 | enable = true; 6 | }; 7 | displayManager.gdm = { 8 | enable = true; 9 | autoSuspend = false; 10 | }; 11 | }; 12 | gnome.games.enable = true; 13 | }; 14 | # Fix broken stuff 15 | services.avahi.enable = false; 16 | networking.networkmanager.enable = false; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/common/optional/greetd.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | homeCfgs = config.home-manager.users; 8 | homeSharePaths = lib.mapAttrsToList (_: v: "${v.home.path}/share") homeCfgs; 9 | sway-kiosk = command: "${lib.getExe pkgs.sway} --unsupported-gpu --config ${pkgs.writeText "kiosk.config" '' 10 | output * bg #000000 solid_color 11 | xwayland disable 12 | input "type:touchpad" { 13 | tap enabled 14 | } 15 | exec 'XDG_DATA_DIRS="$XDG_DATA_DIRS:${lib.concatStringsSep ":" homeSharePaths}" GTK_USE_PORTAL=0 ${command}; ${pkgs.sway}/bin/swaymsg exit' 16 | ''} &>/dev/null"; 17 | in { 18 | users.extraUsers.greeter = { 19 | # For caching and such 20 | home = "/tmp/greeter-home"; 21 | createHome = true; 22 | }; 23 | 24 | programs.regreet = { 25 | enable = true; 26 | iconTheme = { 27 | name = "Papirus-Dark"; 28 | package = pkgs.papirus-icon-theme; 29 | }; 30 | theme = { 31 | name = "Materia-dark"; 32 | package = pkgs.materia-theme; 33 | }; 34 | font = { 35 | name = "Fira Sans"; 36 | package = pkgs.fira; 37 | size = 12; 38 | }; 39 | cursorTheme = { 40 | package = pkgs.apple-cursor; 41 | name = "macOS"; 42 | }; 43 | }; 44 | 45 | services.greetd = { 46 | enable = true; 47 | settings = { 48 | default_session = { 49 | command = sway-kiosk (lib.getExe config.programs.regreet.package); 50 | user = config.users.extraUsers.greeter.name; 51 | }; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /hosts/common/optional/lxd.nix: -------------------------------------------------------------------------------- 1 | { 2 | virtualisation.lxd = { 3 | enable = true; 4 | preseed = { 5 | networks = [ 6 | { 7 | name = "lxdbr0"; 8 | type = "bridge"; 9 | config = { 10 | "ipv4.address" = "10.0.100.1/24"; 11 | "ipv4.nat" = "true"; 12 | }; 13 | } 14 | ]; 15 | storage_pools = [ 16 | { 17 | name = "default"; 18 | driver = "dir"; 19 | config.source = "/var/lib/lxd/storage-pools/default"; 20 | } 21 | ]; 22 | profiles = [ 23 | { 24 | name = "default"; 25 | config = { 26 | "security.privileged" = "true"; 27 | }; 28 | devices = { 29 | eth0 = { 30 | name = "eth0"; 31 | network = "lxdbr0"; 32 | type = "nic"; 33 | }; 34 | root = { 35 | path = "/"; 36 | pool = "default"; 37 | type = "disk"; 38 | }; 39 | }; 40 | } 41 | ]; 42 | }; 43 | }; 44 | # https://github.com/NixOS/nixpkgs/issues/263359 45 | networking.firewall.trustedInterfaces = ["lxdbr0"]; 46 | } 47 | -------------------------------------------------------------------------------- /hosts/common/optional/mysql.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.mysql = { 3 | enable = true; 4 | package = pkgs.mariadb; 5 | }; 6 | 7 | environment.persistence = { 8 | "/persist".directories = ["/var/lib/mysql"]; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/common/optional/nginx.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | inherit (config.networking) hostName; 7 | in { 8 | services = { 9 | nginx = { 10 | enable = true; 11 | recommendedTlsSettings = true; 12 | recommendedProxySettings = true; 13 | recommendedGzipSettings = true; 14 | recommendedOptimisation = true; 15 | clientMaxBodySize = "300m"; 16 | 17 | virtualHosts."${hostName}.m7.rs" = { 18 | default = true; 19 | forceSSL = true; 20 | enableACME = true; 21 | locations."/metrics" = { 22 | proxyPass = "http://localhost:${toString config.services.prometheus.exporters.nginxlog.port}"; 23 | }; 24 | }; 25 | }; 26 | 27 | prometheus.exporters.nginxlog = { 28 | enable = true; 29 | group = "nginx"; 30 | settings.namespaces = [ 31 | { 32 | name = "filelogger"; 33 | source.files = ["/var/log/nginx/access.log"]; 34 | format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\""; 35 | } 36 | ]; 37 | }; 38 | 39 | uwsgi = { 40 | enable = true; 41 | user = "nginx"; 42 | group = "nginx"; 43 | plugins = ["cgi"]; 44 | instance = { 45 | type = "emperor"; 46 | vassals = lib.mkBefore {}; 47 | }; 48 | }; 49 | }; 50 | networking.firewall.allowedTCPPorts = [ 51 | 80 52 | 443 53 | ]; 54 | } 55 | -------------------------------------------------------------------------------- /hosts/common/optional/pantheon.nix: -------------------------------------------------------------------------------- 1 | { 2 | services = { 3 | xserver = { 4 | enable = true; 5 | desktopManager.pantheon = { 6 | enable = true; 7 | }; 8 | displayManager.lightdm = { 9 | enable = true; 10 | greeters.pantheon.enable = true; 11 | }; 12 | }; 13 | pantheon = { 14 | apps.enable = true; 15 | }; 16 | }; 17 | # Fix shutdown taking a long time 18 | # https://gist.github.com/worldofpeace/27fcdcb111ddf58ba1227bf63501a5fe 19 | systemd.extraConfig = '' 20 | DefaultTimeoutStopSec=10s 21 | DefaultTimeoutStartSec=10s 22 | ''; 23 | 24 | services.avahi.enable = false; 25 | networking.networkmanager.enable = false; 26 | } 27 | -------------------------------------------------------------------------------- /hosts/common/optional/peripherals.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.hardware = { 3 | openrgb = { 4 | enable = true; 5 | settings = { 6 | Detectors.detectors = { 7 | "ASUS Aura Motherboard" = true; 8 | "Razer Naga Epic Chroma" = true; 9 | "Keychron V3" = true; 10 | }; 11 | QMKOpenRGBDevices.devices = [{ 12 | name = "Keychron V3"; 13 | usb_pid = "0331"; 14 | usb_vid = "3434"; 15 | }]; 16 | }; 17 | }; 18 | }; 19 | hardware = { 20 | keyboard.qmk.enable = true; 21 | opentabletdriver.enable = true; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/common/optional/pipewire.nix: -------------------------------------------------------------------------------- 1 | { 2 | security.rtkit.enable = true; 3 | services.pulseaudio.enable = false; 4 | services.pipewire = { 5 | enable = true; 6 | alsa.enable = true; 7 | alsa.support32Bit = true; 8 | pulse.enable = true; 9 | jack.enable = true; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/common/optional/postgres.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.postgresql.enable = true; 3 | 4 | environment.persistence = { 5 | "/persist".directories = ["/var/lib/postgresql"]; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/common/optional/quietboot.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | console = { 7 | useXkbConfig = true; 8 | earlySetup = false; 9 | }; 10 | 11 | boot = { 12 | plymouth = { 13 | enable = true; 14 | theme = "spinner-monochrome"; 15 | themePackages = [ 16 | (pkgs.plymouth-spinner-monochrome.override {inherit (config.boot.plymouth) logo;}) 17 | ]; 18 | }; 19 | loader.timeout = 0; 20 | kernelParams = [ 21 | "quiet" 22 | "loglevel=3" 23 | "systemd.show_status=auto" 24 | "udev.log_level=3" 25 | "rd.udev.log_level=3" 26 | "vt.global_cursor_default=0" 27 | ]; 28 | consoleLogLevel = 0; 29 | initrd.verbose = false; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /hosts/common/optional/secure-boot.nix: -------------------------------------------------------------------------------- 1 | # Manual steps: 2 | # 1. bootctl status 3 | # 2. Make sure you have BIOS password and disk encryption 4 | # 3. sbctl create-keys 5 | # 4. Put secure boot into setup mode 6 | # 5. sbctl enroll-keys --microsoft 7 | # 6. Enable secure boot 8 | # 7. systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+7+12+13+14+15:sha256=0000000000000000000000000000000000000000000000000000000000000000 --wipe-slot=tpm2 9 | # Explanation: 10 | # - PCR7: Secure boot is on 11 | # - PCR0+2: UEFI integrity 12 | # - PCR12+13+14: Boot loader integrity 13 | # - PCR15: No LUKS partition has been opened yet 14 | {pkgs, inputs, lib, ...}: { 15 | imports = [ 16 | inputs.lanzaboote.nixosModules.lanzaboote 17 | ]; 18 | 19 | boot.loader.systemd-boot.enable = lib.mkForce false; 20 | 21 | boot.lanzaboote = { 22 | enable = true; 23 | pkiBundle = "/var/lib/sbctl"; 24 | }; 25 | 26 | environment.systemPackages = [pkgs.sbctl]; 27 | environment.persistence = { 28 | "/persist".directories = ["/var/lib/sbctl"]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/common/optional/starcitizen-fixes.nix: -------------------------------------------------------------------------------- 1 | { 2 | # https://github.com/starcitizen-lug/information-howtos/wiki 3 | 4 | # Avoids crashes 5 | boot.kernel.sysctl = { 6 | "vm.max_map_count" = 16777216; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/common/optional/systemd-boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | boot.loader = { 3 | systemd-boot = { 4 | enable = true; 5 | consoleMode = "max"; 6 | }; 7 | efi.canTouchEfiVariables = true; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/common/optional/tailscale-exit-node.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [../global/tailscale.nix]; 3 | services.tailscale = { 4 | useRoutingFeatures = "both"; 5 | extraUpFlags = ["--advertise-exit-node"]; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/common/optional/tlp.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | services.tlp.enable = true; 3 | services.power-profiles-daemon.enable = lib.mkAfter false; 4 | } 5 | -------------------------------------------------------------------------------- /hosts/common/optional/wireless.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: { 5 | hardware.bluetooth = { 6 | enable = true; 7 | }; 8 | 9 | # Wireless secrets stored through sops 10 | sops.secrets.wireless = { 11 | sopsFile = ../secrets.yaml; 12 | neededForUsers = true; 13 | }; 14 | 15 | networking.wireless = { 16 | enable = true; 17 | fallbackToWPA2 = false; 18 | # Declarative 19 | secretsFile = config.sops.secrets.wireless.path; 20 | networks = { 21 | "CAT_HOUSE" = { 22 | pskRaw = "ext:cat_house"; 23 | }; 24 | "Marcos_2.4Ghz" = { 25 | pskRaw = "ext:marcos_24"; 26 | }; 27 | "Marcos_5Ghz" = { 28 | pskRaw = "ext:marcos_50"; 29 | }; 30 | "Misterio" = { 31 | pskRaw = "ext:misterio"; 32 | authProtocols = ["WPA-PSK"]; 33 | # extraConfig = '' 34 | # mesh_fwding=1 35 | # ''; 36 | }; 37 | "VIVOFIBRA-FC41-5G" = { 38 | pskRaw = "ext:marcos_santos_5g"; 39 | }; 40 | "Nijland" = { 41 | pskRaw = "ext:nijland"; 42 | }; 43 | "eduroam" = { 44 | authProtocols = ["WPA-EAP"]; 45 | auth = '' 46 | pairwise=CCMP 47 | group=CCMP TKIP 48 | eap=TTLS 49 | domain_suffix_match="semfio.usp.br" 50 | ca_cert="${./eduroam-cert.pem}" 51 | identity="10856803@usp.br" 52 | password=ext:eduroam 53 | phase2="auth=MSCHAPV2" 54 | ''; 55 | }; 56 | }; 57 | 58 | # Imperative 59 | allowAuxiliaryImperativeNetworks = true; 60 | # https://discourse.nixos.org/t/is-networking-usercontrolled-working-with-wpa-gui-for-anyone/29659 61 | extraConfig = '' 62 | ctrl_interface=DIR=/run/wpa_supplicant GROUP=${config.users.groups.network.name} 63 | update_config=1 64 | ''; 65 | }; 66 | 67 | # Ensure group exists 68 | users.groups.network = {}; 69 | 70 | systemd.services.wpa_supplicant.preStart = "touch /etc/wpa_supplicant.conf"; 71 | } 72 | -------------------------------------------------------------------------------- /hosts/common/optional/wireshark.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.wireshark = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/common/optional/x11-no-suspend.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.xserver.serverFlagsSection = '' 3 | Option "StandbyTime" "0" 4 | Option "SuspendTime" "0" 5 | Option "OffTime" "0" 6 | ''; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/common/users/gabriel/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; 8 | in { 9 | users.mutableUsers = false; 10 | users.users.gabriel = { 11 | isNormalUser = true; 12 | shell = pkgs.fish; 13 | extraGroups = ifTheyExist [ 14 | "audio" 15 | "deluge" 16 | "docker" 17 | "git" 18 | "i2c" 19 | "libvirtd" 20 | "lxd" 21 | "minecraft" 22 | "mysql" 23 | "network" 24 | "plugdev" 25 | "podman" 26 | "tss" 27 | "video" 28 | "wheel" 29 | "wireshark" 30 | ]; 31 | 32 | openssh.authorizedKeys.keys = lib.splitString "\n" (builtins.readFile ../../../../home/gabriel/ssh.pub); 33 | hashedPasswordFile = config.sops.secrets.gabriel-password.path; 34 | packages = [pkgs.home-manager]; 35 | }; 36 | 37 | sops.secrets.gabriel-password = { 38 | sopsFile = ../../secrets.yaml; 39 | neededForUsers = true; 40 | }; 41 | 42 | home-manager.users.gabriel = import ../../../../home/gabriel/${config.networking.hostName}.nix; 43 | 44 | security.pam.services = { 45 | swaylock = {}; 46 | hyprlock = {}; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/common/users/layla/default.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | imports = [./packages.nix]; 3 | 4 | users.mutableUsers = false; 5 | users.users.layla = { 6 | isNormalUser = true; 7 | extraGroups = [ 8 | "wheel" 9 | "video" 10 | "audio" 11 | ]; 12 | hashedPasswordFile = config.sops.secrets.layla-password.path; 13 | }; 14 | 15 | sops.secrets.layla-password = { 16 | sopsFile = ../../secrets.yaml; 17 | neededForUsers = true; 18 | }; 19 | 20 | # Persist entire home 21 | environment.persistence = { 22 | "/persist".directories = ["/home/layla"]; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /hosts/common/users/layla/packages.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: let 2 | steam-with-pkgs = pkgs.steam.override { 3 | extraPkgs = pkgs: 4 | with pkgs; [ 5 | xorg.libXcursor 6 | xorg.libXi 7 | xorg.libXinerama 8 | xorg.libXScrnSaver 9 | libpng 10 | libpulseaudio 11 | libvorbis 12 | stdenv.cc.cc.lib 13 | libkrb5 14 | keyutils 15 | ]; 16 | }; 17 | in { 18 | users.users.layla.packages = with pkgs; [ 19 | firefox 20 | 21 | steam-with-pkgs 22 | gamescope 23 | protontricks 24 | lutris 25 | prismlauncher 26 | ]; 27 | } 28 | -------------------------------------------------------------------------------- /hosts/maia/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.hardware.nixosModules.common-pc-ssd 8 | inputs.hardware.nixosModules.framework-13-7040-amd 9 | 10 | ./hardware-configuration.nix 11 | 12 | ../common/global 13 | ../common/users/gabriel 14 | 15 | ../common/optional/peripherals.nix 16 | ../common/optional/greetd.nix 17 | ../common/optional/pipewire.nix 18 | ../common/optional/quietboot.nix 19 | 20 | ../common/optional/wireless.nix 21 | ../common/optional/secure-boot.nix 22 | ]; 23 | 24 | networking = { 25 | hostName = "maia"; 26 | }; 27 | 28 | boot = { 29 | kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest; 30 | binfmt.emulatedSystems = [ 31 | "aarch64-linux" 32 | "i686-linux" 33 | ]; 34 | }; 35 | 36 | powerManagement.powertop.enable = true; 37 | programs = { 38 | light.enable = true; 39 | adb.enable = true; 40 | dconf.enable = true; 41 | }; 42 | environment.systemPackages = [pkgs.brightnessctl]; 43 | 44 | # Lid settings 45 | services.logind = { 46 | lidSwitch = "suspend"; 47 | lidSwitchExternalPower = "lock"; 48 | powerKey = "suspend"; 49 | powerKeyLongPress = "poweroff"; 50 | }; 51 | 52 | hardware.graphics.enable = true; 53 | 54 | system.stateVersion = "22.05"; 55 | } 56 | -------------------------------------------------------------------------------- /hosts/maia/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxULeLeCglKEBoiSMOIS1zUKRuPMr8e+FBI5nRuO/fU root@maia 2 | -------------------------------------------------------------------------------- /hosts/merope/default.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [ 3 | inputs.hardware.nixosModules.raspberry-pi-4 4 | 5 | ./services 6 | ./hardware-configuration.nix 7 | 8 | ../common/global 9 | ../common/optional/wireless.nix 10 | ../common/users/gabriel 11 | ]; 12 | 13 | boot.initrd.systemd.emergencyAccess = true; 14 | 15 | # Static IP address 16 | networking = { 17 | hostName = "merope"; 18 | useDHCP = true; 19 | interfaces = { 20 | # TODO change to eth0 21 | wlan0 = { 22 | useDHCP = true; 23 | wakeOnLan.enable = true; 24 | ipv4.addresses = [ 25 | { 26 | address = "192.168.0.11"; 27 | prefixLength = 24; 28 | } 29 | ]; 30 | ipv6.addresses = [ 31 | { 32 | address = "2804:14d:8082:877d::1"; 33 | prefixLength = 64; 34 | } 35 | ]; 36 | }; 37 | }; 38 | }; 39 | 40 | # Avoiding some heavy IO 41 | nix.settings.auto-optimise-store = false; 42 | 43 | # Enable argonone fan daemon 44 | services.hardware.argonone.enable = true; 45 | 46 | # Workaround for https://github.com/NixOS/nixpkgs/issues/154163 47 | nixpkgs.overlays = [ 48 | (_: prev: {makeModulesClosure = x: prev.makeModulesClosure (x // {allowMissing = true;});}) 49 | ]; 50 | 51 | system.stateVersion = "22.05"; 52 | } 53 | -------------------------------------------------------------------------------- /hosts/merope/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [../common/optional/ephemeral-btrfs.nix]; 3 | 4 | boot = { 5 | initrd = { 6 | availableKernelModules = ["xhci_pci"]; 7 | }; 8 | loader.timeout = 5; 9 | }; 10 | 11 | fileSystems = { 12 | "/boot" = { 13 | device = "/dev/disk/by-label/BOOT"; 14 | fsType = "vfat"; 15 | }; 16 | 17 | "/firmware" = { 18 | device = "/dev/disk/by-label/FIRMWARE"; 19 | fsType = "vfat"; 20 | }; 21 | }; 22 | 23 | swapDevices = [ 24 | { 25 | device = "/swap/swapfile"; 26 | size = 8196; 27 | } 28 | ]; 29 | 30 | hardware.raspberry-pi."4" = { 31 | i2c1.enable = true; 32 | fkms-3d.enable = true; 33 | }; 34 | 35 | nixpkgs.hostPlatform.system = "aarch64-linux"; 36 | 37 | powerManagement.cpuFreqGovernor = "powersave"; 38 | } 39 | -------------------------------------------------------------------------------- /hosts/merope/services/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ../../common/optional/nginx.nix 4 | ../../common/optional/mysql.nix 5 | ../../common/optional/postgres.nix 6 | 7 | ./deluge.nix 8 | ./files-server.nix 9 | ./navidrome.nix 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/merope/services/deluge.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | services.deluge = { 3 | enable = true; 4 | declarative = true; 5 | authFile = config.sops.secrets.deluge-accounts.path; 6 | config = { 7 | copy_torrent_file = true; 8 | move_completed = true; 9 | torrentfiles_location = "/srv/torrents/files"; 10 | download_location = "/srv/torrents/downloading"; 11 | move_completed_path = "/srv/torrents/completed"; 12 | dont_count_slow_torrents = true; 13 | max_active_seeding = -1; 14 | max_active_limit = -1; 15 | max_active_downloading = 8; 16 | max_connections_global = -1; 17 | # Daemon on 58846 18 | allow_remote = true; 19 | daemon_port = 58846; 20 | # Listen on 6880 only 21 | random_port = false; 22 | listen_ports = [ 23 | 6880 24 | 6880 25 | ]; 26 | # Outgoing is random 27 | random_outgoing_ports = true; 28 | }; 29 | openFirewall = true; # Forward listen ports 30 | }; 31 | 32 | sops.secrets.deluge-accounts = { 33 | sopsFile = ../secrets.yaml; 34 | owner = config.users.users.deluge.name; 35 | group = config.users.users.deluge.group; 36 | mode = "0600"; 37 | }; 38 | 39 | networking.firewall = { 40 | # Remote control port 41 | allowedTCPPorts = [58846]; 42 | # Listen 43 | allowedTCPPortRanges = [ 44 | { 45 | from = 6880; 46 | to = 6890; 47 | } 48 | ]; 49 | }; 50 | 51 | environment.persistence = { 52 | "/persist".directories = [ 53 | "/var/lib/deluge" 54 | "/srv/torrents" 55 | ]; 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /hosts/merope/services/files-server.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.nginx.virtualHosts = { 3 | "merope.m7.rs" = { 4 | forceSSL = true; 5 | enableACME = true; 6 | locations."/".root = "/srv/files"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/merope/services/navidrome.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: { 5 | services = { 6 | navidrome = { 7 | enable = true; 8 | settings = { 9 | Address = "0.0.0.0"; 10 | Port = 4533; 11 | MusicFolder = "/srv/music"; 12 | CovertArtPriority = "*.jpg, *.JPG, *.png, *.PNG, embedded"; 13 | AutoImportPlaylists = false; 14 | EnableSharing = true; 15 | "LastFM.Enabled" = true; 16 | "LastFM.ApiKey" = config.sops.secrets.last-fm-key.path; 17 | "LastFM.Secret" = config.sops.secrets.last-fm-secret.path; 18 | }; 19 | }; 20 | 21 | nginx.virtualHosts = { 22 | "music.m7.rs" = { 23 | forceSSL = true; 24 | enableACME = true; 25 | locations."/".proxyPass = "http://localhost:${toString config.services.navidrome.settings.Port}"; 26 | }; 27 | "music.misterio.me" = { 28 | forceSSL = true; 29 | enableACME = true; 30 | locations."/".return = "302 https://music.m7.rs$request_uri"; 31 | }; 32 | }; 33 | }; 34 | 35 | sops.secrets = { 36 | last-fm-key = { 37 | sopsFile = ../secrets.yaml; 38 | owner = config.users.users.navidrome.name; 39 | group = config.users.users.navidrome.name; 40 | }; 41 | last-fm-secret = { 42 | sopsFile = ../secrets.yaml; 43 | owner = config.users.users.navidrome.name; 44 | group = config.users.users.navidrome.name; 45 | }; 46 | }; 47 | 48 | environment.persistence = { 49 | "/persist".directories = ["/var/lib/navidrome"]; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/merope/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLU54C9//LxUhSzlbnVDo9sl8NMij7knvnOGSvkH19t 2 | -------------------------------------------------------------------------------- /hosts/taygeta/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ./hardware-configuration.nix 4 | ./services 5 | 6 | ../common/global 7 | ../common/users/gabriel 8 | ]; 9 | 10 | networking = { 11 | hostName = "taygeta"; 12 | useDHCP = true; 13 | }; 14 | system.stateVersion = "22.11"; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/taygeta/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, inputs, config, ...}: { 2 | imports = [ 3 | (modulesPath + "/profiles/qemu-guest.nix") 4 | inputs.disko.nixosModules.disko 5 | ../common/optional/ephemeral-btrfs.nix 6 | ]; 7 | 8 | nixpkgs.hostPlatform.system = "x86_64-linux"; 9 | boot.binfmt.emulatedSystems = [ 10 | "aarch64-linux" 11 | "i686-linux" 12 | ]; 13 | 14 | boot = { 15 | initrd.availableKernelModules = ["ata_piix" "uhci_hcd"]; 16 | kernelModules = ["kvm-intel"]; 17 | }; 18 | 19 | disko.devices.disk.main = { 20 | device = "/dev/vda"; 21 | type = "disk"; 22 | content = { 23 | type = "gpt"; 24 | partitions = { 25 | boot = { 26 | size = "1M"; 27 | type = "EF02"; 28 | }; 29 | esp = { 30 | name = "ESP"; 31 | size = "512M"; 32 | type = "EF00"; 33 | content = { 34 | type = "filesystem"; 35 | format = "vfat"; 36 | mountpoint = "/boot"; 37 | }; 38 | }; 39 | taygeta = { 40 | size = "100%"; 41 | content = { 42 | type = "btrfs"; 43 | extraArgs = [ "-L${config.networking.hostName}" ]; 44 | postCreateHook = '' 45 | MNTPOINT=$(mktemp -d) 46 | mount -t btrfs "${config.disko.devices.disk.main.content.partitions.taygeta.device}" "$MNTPOINT" 47 | trap 'umount $MNTPOINT; rm -d $MNTPOINT' EXIT 48 | btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank 49 | ''; 50 | subvolumes = { 51 | "/root" = { 52 | mountOptions = ["compress=zstd"]; 53 | mountpoint = "/"; 54 | }; 55 | "/nix" = { 56 | mountOptions = ["compress=zstd" "noatime"]; 57 | mountpoint = "/nix"; 58 | }; 59 | "/persist" = { 60 | mountOptions = ["compress=zstd" "noatime"]; 61 | mountpoint = "/persist"; 62 | }; 63 | "/swap" = { 64 | mountOptions = ["compress=zstd" "noatime"]; 65 | mountpoint = "/swap"; 66 | swap.swapfile = { 67 | size = "8196M"; 68 | path = "swapfile"; 69 | }; 70 | }; 71 | }; 72 | }; 73 | }; 74 | }; 75 | }; 76 | }; 77 | fileSystems."/persist".neededForBoot = true; 78 | } 79 | -------------------------------------------------------------------------------- /hosts/taygeta/secrets.yaml: -------------------------------------------------------------------------------- 1 | minecraft-secrets: ENC[AES256_GCM,data:hLwPnL+7vK5jQJGYe4ngBrU6XPeD9IzLPrGlKde7KLUQDh3zl6ewgZc6cqTfRFGxM0bs8JQKy98TqzbJ5FyhOIw39+D2znnldbPGb5TbKu5GdM63eJwM68TiTtmHhQKhaebVOz7QjsLXv4PuitSnqs4c38KZHxOVXmkqORjKKw==,iv:A7fTWZdkQvGEtATzB6bfOVFRU8gISw9NF3ILqt1WlFE=,tag:CLHzt/4wedw2qZvtFPTv/g==,type:str] 2 | sops: 3 | kms: [] 4 | gcp_kms: [] 5 | azure_kv: [] 6 | hc_vault: [] 7 | age: 8 | - recipient: age1szxq4pz3wuxrs5ynqt3gys4wxslg27lr67smsqvg5guhap800szs3y73vd 9 | enc: | 10 | -----BEGIN AGE ENCRYPTED FILE----- 11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSmtvc3RQQTBxdUhZQmZG 12 | ZHZXeHpNemtYYkFzYWppNmVvTnp1aHpsYVE4ClRpZFJMWVpoM2RRWDB6aXNUMzBn 13 | NGJVOGhrNGlQVnh5TFNnVFFNTU9VRG8KLS0tIGVQcmtIK0YydmRNc21LcVRtdkxO 14 | ZmZuSTJKeTU1Vzdzcnp4b1NpQnRnYlkKxzNqnDG55P1j3ZwQCpoLzYmIMMLlgAfO 15 | pw//QqqFD4Y1tO/sUCHvdES1AJK/itAkOuuEdJ1YA6H4VN5NmKgrDg== 16 | -----END AGE ENCRYPTED FILE----- 17 | lastmodified: "2024-12-30T18:53:13Z" 18 | mac: ENC[AES256_GCM,data:Pm+XocUV/WInEabQxPoHUbNWxDKvYnrQwO3lS37A3ncdCevBmT1F/r18Se7pPFLU2FNwmTKbSS8JyCJoLUskG/prbzm7zqZfwy3t4dI0Mjn52VzD+6HJo/KcG34av0l5tIpLVhO/w/OiWtHmYvY6quZeVONlfDYHN646bQ5kzgY=,iv:FInXB7Nu2jintW19T/HJTTM/rE1shTlhFES1ACApvS0=,tag:5DE44rPMQ6htEqMowL7U8A==,type:str] 19 | pgp: 20 | - created_at: "2024-12-30T18:52:52Z" 21 | enc: |- 22 | -----BEGIN PGP MESSAGE----- 23 | 24 | hQGMAwa9kVfiDH1CAQv/fHyKmYXox/O+xohgDSVO1Fc/4jPy9rAmtGYoQqqIvhwV 25 | Qix2SRxlaeugYl7YhpP6Yn9Bh0HeJnQpVaeTVzQvSlazjUOhL9cTckWCIDRVjmnR 26 | +kwePxc+hJSt2IumNx3wUbQEbWbAcPbFyvflPabnp/a51NILcg909ygAIPIALmIs 27 | MQhDUapAxHdN8O5b4f0sGUyEuxQPFM+7bWecmeWUEfX2XwByNv+CdOZKamKBmJBZ 28 | wRr1t69gCJJwaM2bYg1i9hkUA7TcVWeOrynKMF59X343tbS+JhoPHox0hoIkbn66 29 | 0N+0DMqPfggdqaP4D6+GvmJb3ScIG890ixDcBS7pYwbnZEiQY2D/iv3jfKDMoat+ 30 | ym5nqV2fSblnmPvTGySHyNdZufmlAYBCfOLU752eK3YVya5wFUG6cjckud/0jNGf 31 | wljiRgmhffeFY1B30kWExcBzDhbora+qfDGIg1JFEMtJuyuifVJ8wfxANGsyek03 32 | HYOglrKZNAVWhwb/zt6+0lwBS7bvI4zIIaHFw8HmQo0vGOHt7FQWTVDv6GfWj9ic 33 | GEG+l+nR2F9I4vGYlAaXeN6qS/MDnvLf2YskQOt3n8UqI8b19Thlxn9NgbbBo4d3 34 | 9jYVy1vCaq/z4IWzwA== 35 | =1CGK 36 | -----END PGP MESSAGE----- 37 | fp: 7088C7421873E0DB97FF17C2245CAB70B4C225E9 38 | unencrypted_suffix: _unencrypted 39 | version: 3.9.2 40 | -------------------------------------------------------------------------------- /hosts/taygeta/services/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ../../common/optional/mysql.nix 4 | ./minecraft 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/taygeta/services/minecraft/aikar-flags.nix: -------------------------------------------------------------------------------- 1 | memory: "-Xms${memory} -Xmx${memory} -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 " 2 | -------------------------------------------------------------------------------- /hosts/taygeta/services/minecraft/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | lib, 5 | ... 6 | }: { 7 | imports = [ 8 | inputs.nix-minecraft.nixosModules.minecraft-servers 9 | ./servers/gtnh 10 | ]; 11 | 12 | sops.secrets.minecraft-secrets = { 13 | owner = "minecraft"; 14 | group = "minecraft"; 15 | mode = "0440"; 16 | # DATABASE_PASSWORD 17 | sopsFile = ../../secrets.yaml; 18 | }; 19 | 20 | services.minecraft-servers = { 21 | enable = true; 22 | eula = true; 23 | environmentFile = config.sops.secrets.minecraft-secrets.path; 24 | managementSystem = { 25 | tmux.enable = false; 26 | systemd-socket.enable = true; 27 | }; 28 | }; 29 | 30 | services.mysql = { 31 | ensureDatabases = ["minecraft"]; 32 | ensureUsers = [ 33 | { 34 | name = "minecraft"; 35 | ensurePermissions = { 36 | "minecraft.*" = "ALL PRIVILEGES"; 37 | }; 38 | } 39 | ]; 40 | }; 41 | # Set minecrafts' password (the plugins don't play well with socket auth) 42 | users.users.mysql.extraGroups = ["minecraft"]; # Get access to the secret 43 | systemd.services.mysql.postStart = lib.mkAfter '' 44 | source ${config.sops.secrets.minecraft-secrets.path} 45 | ${config.services.mysql.package}/bin/mysql < eula.txt 48 | fi 49 | ''; 50 | 51 | installPhase = '' 52 | mkdir $out 53 | ln -s $src $out/lib 54 | mainJar="$out/lib/lwjgl3ify-forgePatches.jar" 55 | # Get main_class and class_path from main jar 56 | { read main_class; read class_path; } < <(groovy -e ${lib.escapeShellArg readMetaInf} $mainJar $out/lib) 57 | # Add extra required jars to class_path 58 | class_path+="$(printf ':%s' $out/lib/mods/lwjgl3ify-*.jar)" 59 | # Collect mods and pass them as --mods. Has to be in runtime to get their path relative to PWD 60 | makeWrapper ${lib.getExe jre_headless} $out/bin/gt-new-horizons \ 61 | --run "$preStart $out" \ 62 | --run 'mods="$(find "$(realpath --relative-to="$PWD" '$out'/lib/mods)" -name "*.jar" | tr "\n" ",")"' \ 63 | --append-flags "@$out/lib/java9args.txt -cp $mainJar:$class_path $main_class nogui --mods \"\$mods\"" 64 | ''; 65 | } 66 | -------------------------------------------------------------------------------- /hosts/taygeta/services/minecraft/whitelist.nix: -------------------------------------------------------------------------------- 1 | # Whitelist for the private SMP servers (e.g. modpack) 2 | { 3 | "1Storce1" = "3d5bafe4-dc52-4b6e-9e0e-7cb989dfa9c9"; 4 | bakajin_ = "83ff700b-d3e3-4179-8772-0826f057302e"; 5 | Draconyum = "860f4bb3-4c8a-49fa-8e54-77489e7ab548"; 6 | EpicRon = "70d4caad-fb6a-487a-a4f9-6bbbcfba22f7"; 7 | figurantplusplus = "7862f7c3-9350-4f9d-b5d6-1a25aee78b48"; 8 | Leami3 = "06d70d21-d593-4e6a-8e33-795ff040c723"; 9 | Luana_MNP = "830b6d31-e82a-46bf-85b6-8253d2ef5d3e"; 10 | Misterio7x = "3fc76c64-b1b2-4a95-b3cf-0d7d94db2d75"; 11 | N0SenseG4ming = "b11ffa78-1708-4725-aa71-21e601b53533"; 12 | natanbc = "7ba397ae-990e-4619-b058-2f669f0be024"; 13 | PG231 = "eddfb535-16e1-4c6a-8b6e-3fcf4b85dc73"; 14 | epiclitebeans = "0fd1960c-dd17-3aef-b1e3-f0a390281899"; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/taygeta/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpHKrYlwE+rUpXUqJOrY84sTAZQNnKtrrMPmzlL4YTU root@taygeta 2 | -------------------------------------------------------------------------------- /hydra.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | }: let 5 | inherit (inputs.nixpkgs) lib; 6 | 7 | notBroken = pkg: !(pkg.meta.broken or false); 8 | isDistributable = pkg: (pkg.meta.license or {redistributable = true;}).redistributable; 9 | hasPlatform = sys: pkg: lib.elem sys (pkg.meta.platforms or [sys]); 10 | filterValidPkgs = sys: pkgs: 11 | lib.filterAttrs (_: pkg: 12 | lib.isDerivation pkg 13 | && hasPlatform sys pkg 14 | && notBroken pkg 15 | && isDistributable pkg) 16 | pkgs; 17 | in { 18 | pkgs = lib.mapAttrs filterValidPkgs outputs.packages; 19 | hosts = lib.mapAttrs (_: cfg: cfg.config.system.build.toplevel) outputs.nixosConfigurations; 20 | homes = lib.mapAttrs (_: cfg: cfg.activationPackage) outputs.homeConfigurations; 21 | } 22 | -------------------------------------------------------------------------------- /modules/home-manager/calendar-changes.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib) mkOption types; 3 | inherit (types) attrsOf submodule nullOr str listOf; 4 | in { 5 | options = { 6 | accounts.calendar.accounts = mkOption { 7 | type = attrsOf (submodule { 8 | options.vdirsyncer.accessTokenCommand = mkOption { 9 | type = nullOr (listOf str); 10 | default = null; 11 | example = [ 12 | "oama" 13 | "access" 14 | "example@example.com" 15 | ]; 16 | description = '' 17 | A command that prints the processed OAuth access token. 18 | ''; 19 | }; 20 | }); 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /modules/home-manager/colors.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.colorscheme; 8 | inherit (lib) types mkOption; 9 | 10 | hexColor = types.strMatching "#([0-9a-fA-F]{3}){1,2}"; 11 | in { 12 | options.colorscheme = { 13 | source = mkOption { 14 | type = types.either types.path hexColor; 15 | default = 16 | if config.wallpaper != null 17 | then config.wallpaper 18 | else "#2B3975"; 19 | }; 20 | mode = mkOption { 21 | type = types.enum ["dark" "light"]; 22 | default = "dark"; 23 | }; 24 | type = mkOption { 25 | type = types.str; 26 | default = "rainbow"; 27 | }; 28 | 29 | generatedDrv = mkOption { 30 | type = types.package; 31 | default = pkgs.inputs.themes.generateColorscheme (cfg.source.name or "default") cfg.source; 32 | }; 33 | rawColorscheme = mkOption { 34 | type = types.attrs; 35 | default = cfg.generatedDrv.imported.${cfg.type}; 36 | }; 37 | 38 | colors = mkOption { 39 | readOnly = true; 40 | type = types.attrsOf hexColor; 41 | default = cfg.rawColorscheme.colors.${cfg.mode}; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /modules/home-manager/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fonts = import ./fonts.nix; 3 | monitors = import ./monitors.nix; 4 | oama = import ./oama.nix; 5 | pass-secret-service = import ./pass-secret-service.nix; 6 | wallpaper = import ./wallpaper.nix; 7 | xpo = import ./xpo.nix; 8 | colors = import ./colors.nix; 9 | calendar-changes = import ./calendar-changes.nix; 10 | vdirsyncer = import ./vdirsyncer.nix; 11 | } 12 | -------------------------------------------------------------------------------- /modules/home-manager/fonts.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | mkFontOption = kind: { 7 | name = lib.mkOption { 8 | type = lib.types.str; 9 | default = null; 10 | description = "Family name for ${kind} font profile"; 11 | example = "Fira Code"; 12 | }; 13 | package = lib.mkOption { 14 | type = lib.types.package; 15 | default = null; 16 | description = "Package for ${kind} font profile"; 17 | example = "pkgs.fira-code"; 18 | }; 19 | size = lib.mkOption { 20 | type = lib.types.int; 21 | default = 12; 22 | description = "Size in pixels for ${kind} font profile"; 23 | example = "14"; 24 | }; 25 | }; 26 | cfg = config.fontProfiles; 27 | in { 28 | options.fontProfiles = { 29 | enable = lib.mkEnableOption "Whether to enable font profiles"; 30 | monospace = mkFontOption "monospace"; 31 | regular = mkFontOption "regular"; 32 | }; 33 | 34 | config = lib.mkIf cfg.enable { 35 | fonts.fontconfig.enable = true; 36 | home.packages = [ 37 | cfg.monospace.package 38 | cfg.regular.package 39 | ]; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/home-manager/monitors.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: let 6 | inherit (lib) mkOption types; 7 | in { 8 | options.monitors = mkOption { 9 | type = types.listOf ( 10 | types.submodule { 11 | options = { 12 | name = mkOption { 13 | type = types.str; 14 | example = "DP-1"; 15 | }; 16 | primary = mkOption { 17 | type = types.bool; 18 | default = false; 19 | }; 20 | width = mkOption { 21 | type = types.int; 22 | example = 1920; 23 | }; 24 | height = mkOption { 25 | type = types.int; 26 | example = 1080; 27 | }; 28 | refreshRate = mkOption { 29 | type = types.int; 30 | default = 60; 31 | }; 32 | position = mkOption { 33 | type = types.str; 34 | default = "auto"; 35 | }; 36 | scale = mkOption { 37 | type = types.str; 38 | default = "1"; 39 | }; 40 | enabled = mkOption { 41 | type = types.bool; 42 | default = true; 43 | }; 44 | workspace = mkOption { 45 | type = types.nullOr types.str; 46 | default = null; 47 | }; 48 | }; 49 | } 50 | ); 51 | default = []; 52 | }; 53 | config = { 54 | assertions = [ 55 | { 56 | assertion = 57 | ((lib.length config.monitors) != 0) 58 | -> ((lib.length (lib.filter (m: m.primary) config.monitors)) == 1); 59 | message = "Exactly one monitor must be set to primary."; 60 | } 61 | ]; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /modules/home-manager/oama.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.programs.oama; 8 | settingsFormat = pkgs.formats.json {}; 9 | settingsFile = settingsFormat.generate "oama" cfg.settings; 10 | in { 11 | options.programs.oama = { 12 | enable = lib.mkEnableOption "oama"; 13 | settings = lib.mkOption { 14 | type = settingsFormat.type; 15 | default = {}; 16 | }; 17 | package = lib.mkOption { 18 | readOnly = true; 19 | type = lib.types.package; 20 | default = pkgs.oama.overrideAttrs (old: { 21 | nativeBuildInputs = [pkgs.makeBinaryWrapper]; 22 | postInstall = '' 23 | wrapProgram $out/bin/oama \ 24 | --prefix PATH : ${lib.makeBinPath [ 25 | pkgs.coreutils 26 | pkgs.libsecret 27 | pkgs.gnupg 28 | ]} 29 | ''; 30 | }); 31 | }; 32 | }; 33 | 34 | config = lib.mkIf cfg.enable { 35 | home.packages = [cfg.package]; 36 | xdg.configFile."oama/config.yaml".source = settingsFile; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/home-manager/pass-secret-service.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | ... 6 | }: 7 | with lib; let 8 | cfg = config.services.pass-secret-service; 9 | in { 10 | disabledModules = ["services/pass-secret-service.nix"]; 11 | 12 | meta.maintainers = with maintainers; [ 13 | cab404 14 | cyntheticfox 15 | ]; 16 | 17 | options.services.pass-secret-service = { 18 | enable = mkEnableOption "Pass libsecret service"; 19 | 20 | package = mkPackageOption pkgs "pass-secret-service" {}; 21 | 22 | storePath = mkOption { 23 | type = with types; nullOr str; 24 | default = null; 25 | defaultText = "~/.password-store"; 26 | example = "/home/user/.local/share/password-store"; 27 | description = "Absolute path to password store."; 28 | }; 29 | 30 | extraArgs = lib.mkOption { 31 | type = with lib.types; listOf str; 32 | default = []; 33 | description = "Extra command-line arguments to be passed to the service."; 34 | }; 35 | }; 36 | 37 | config = mkIf cfg.enable { 38 | assertions = [(hm.assertions.assertPlatform "services.pass-secret-service" pkgs platforms.linux)]; 39 | 40 | services.pass-secret-service.extraArgs = optional (cfg.storePath != null) "--path=${cfg.storePath}"; 41 | 42 | systemd.user.services.pass-secret-service = { 43 | Unit = { 44 | AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service"; 45 | Description = "Pass libsecret service"; 46 | Documentation = "https://github.com/mdellweg/pass_secret_service"; 47 | PartOf = ["default.target"]; 48 | }; 49 | 50 | Service = { 51 | ExecStart = "${cfg.package}/bin/pass_secret_service ${lib.escapeShellArgs cfg.extraArgs}"; 52 | }; 53 | 54 | Install = { 55 | WantedBy = ["default.target"]; 56 | }; 57 | }; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /modules/home-manager/wallpaper.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib) types mkOption; 3 | in { 4 | options.wallpaper = mkOption { 5 | type = types.nullOr types.path; 6 | default = null; 7 | description = '' 8 | Wallpaper path 9 | ''; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/home-manager/xpo.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.programs.xpo; 8 | package = pkgs.xpo; 9 | in { 10 | options.programs.xpo = { 11 | enable = lib.mkEnableOption "xpo"; 12 | 13 | defaultServer = lib.mkOption { 14 | default = null; 15 | type = with lib.types; nullOr str; 16 | description = '' 17 | Default SSH server/endpoint to use when tunneling. 18 | ''; 19 | }; 20 | }; 21 | 22 | config = lib.mkIf cfg.enable { 23 | home = { 24 | packages = [package]; 25 | sessionVariables.XPO_SERVER = lib.optionalString (cfg.defaultServer != null) cfg.defaultServer; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/nixos/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | satisfactory = import ./satisfactory.nix; 3 | hydra-auto-upgrade = import ./hydra-auto-upgrade.nix; 4 | openrgb = import ./openrgb.nix; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/openrgb.nix: -------------------------------------------------------------------------------- 1 | # Adds a settings option, for declarative config 2 | { pkgs, lib, config, ... }: 3 | 4 | let 5 | cfg = config.services.hardware.openrgb; 6 | settingsFormat = pkgs.formats.json {}; 7 | settingsFile = settingsFormat.generate "OpenRGB" cfg.settings; 8 | in { 9 | disabledModules = ["services/hardware/openrgb.nix"]; 10 | 11 | options.services.hardware.openrgb = { 12 | enable = lib.mkEnableOption "OpenRGB server, for RGB lighting control"; 13 | 14 | package = lib.mkPackageOption pkgs "openrgb" { }; 15 | 16 | settings = lib.mkOption { 17 | type = settingsFormat.type; 18 | default = {}; 19 | }; 20 | 21 | motherboard = lib.mkOption { 22 | type = lib.types.nullOr (lib.types.enum [ "amd" "intel" ]); 23 | default = if config.hardware.cpu.intel.updateMicrocode then "intel" 24 | else if config.hardware.cpu.amd.updateMicrocode then "amd" 25 | else null; 26 | defaultText = lib.literalMD '' 27 | if config.hardware.cpu.intel.updateMicrocode then "intel" 28 | else if config.hardware.cpu.amd.updateMicrocode then "amd" 29 | else null; 30 | ''; 31 | description = "CPU family of motherboard. Allows for addition motherboard i2c support."; 32 | }; 33 | 34 | server.port = lib.mkOption { 35 | type = lib.types.port; 36 | default = 6742; 37 | description = "Set server port of openrgb."; 38 | }; 39 | 40 | }; 41 | 42 | config = lib.mkIf cfg.enable { 43 | environment.systemPackages = [ cfg.package ]; 44 | services.udev.packages = [ cfg.package ]; 45 | 46 | boot.kernelModules = [ "i2c-dev" ] 47 | ++ lib.optionals (cfg.motherboard == "amd") [ "i2c-piix4" ] 48 | ++ lib.optionals (cfg.motherboard == "intel") [ "i2c-i801" ]; 49 | 50 | systemd.services.openrgb = { 51 | description = "OpenRGB server daemon"; 52 | wantedBy = [ "multi-user.target" ]; 53 | serviceConfig = { 54 | StateDirectory = "OpenRGB"; 55 | WorkingDirectory = "/var/lib/OpenRGB"; 56 | ExecStartPre = lib.optionalString (cfg.settings != {}) "${lib.getExe' pkgs.coreutils "cp"} --dereference ${settingsFile} /var/lib/OpenRGB/OpenRGB.json"; 57 | ExecStart = "${lib.getExe cfg.package} --verbose --server --server-port ${toString cfg.server.port} --config /var/lib/OpenRGB"; 58 | Restart = "always"; 59 | }; 60 | }; 61 | }; 62 | 63 | meta.maintainers = [ ]; 64 | } 65 | -------------------------------------------------------------------------------- /modules/nixos/satisfactory.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | with lib; let 8 | cfg = config.services.satisfactory-server; 9 | in { 10 | options.services.satisfactory-server = { 11 | enable = mkEnableOption "Satisfactory Dedicated Server"; 12 | 13 | steamcmdPackage = mkOption { 14 | type = types.package; 15 | default = pkgs.steamcmd; 16 | defaultText = "pkgs.steamcmd"; 17 | description = '' 18 | The package implementing SteamCMD 19 | ''; 20 | }; 21 | 22 | dataDir = mkOption { 23 | type = types.path; 24 | description = "Directory to store game server"; 25 | default = "/var/lib/satisfactory"; 26 | }; 27 | 28 | launchOptions = mkOption { 29 | type = types.str; 30 | description = "Launch options to use."; 31 | default = ""; 32 | }; 33 | 34 | openFirewall = mkOption { 35 | type = types.bool; 36 | default = false; 37 | description = '' 38 | Whether to open ports in the firewall for the server 39 | ''; 40 | }; 41 | }; 42 | 43 | config = mkIf cfg.enable { 44 | systemd.services.satisfactory-server = let 45 | steamcmd = "${cfg.steamcmdPackage}/bin/steamcmd"; 46 | steam-run = "${pkgs.steam-run}/bin/steam-run"; 47 | in { 48 | description = "Satisfactory Dedicated Server"; 49 | wantedBy = ["multi-user.target"]; 50 | after = ["network.target"]; 51 | 52 | serviceConfig = { 53 | TimeoutSec = "15min"; 54 | ExecStart = "${steam-run} ${cfg.dataDir}/FactoryServer.sh ${cfg.launchOptions}"; 55 | Restart = "always"; 56 | User = "satisfactory"; 57 | WorkingDirectory = cfg.dataDir; 58 | }; 59 | 60 | preStart = '' 61 | ${steamcmd} +force_install_dir "${cfg.dataDir}" +login anonymous +app_update 1690800 validate +quit 62 | ''; 63 | }; 64 | 65 | users.users.satisfactory = { 66 | description = "Satisfactory server service user"; 67 | home = cfg.dataDir; 68 | createHome = true; 69 | isSystemUser = true; 70 | group = "satisfactory"; 71 | }; 72 | users.groups.satisfactory = {}; 73 | 74 | networking.firewall = mkIf cfg.openFirewall { 75 | allowedUDPPorts = [ 76 | 15777 77 | 7777 78 | 15000 79 | ]; 80 | }; 81 | }; 82 | } 83 | -------------------------------------------------------------------------------- /overlays/hydra-restrict-eval.diff: -------------------------------------------------------------------------------- 1 | diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc 2 | index 2fe2c80f..d4c26574 100644 3 | --- a/src/hydra-eval-jobs/hydra-eval-jobs.cc 4 | +++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc 5 | @@ -314,7 +314,7 @@ int main(int argc, char * * argv) 6 | 7 | /* Prevent access to paths outside of the Nix search path and 8 | to the environment. */ 9 | - evalSettings.restrictEval = true; 10 | + evalSettings.restrictEval = !pureEval; 11 | 12 | /* When building a flake, use pure evaluation (no access to 13 | 'getEnv', 'currentSystem' etc. */ 14 | -------------------------------------------------------------------------------- /overlays/pass-wlclipboard-secret.diff: -------------------------------------------------------------------------------- 1 | diff --git a/src/password-store.sh b/src/password-store.sh 2 | index a0dcf2e..0723cf7 100755 3 | --- a/src/password-store.sh 4 | +++ b/src/password-store.sh 5 | @@ -156,7 +156,7 @@ check_sneaky_paths() { 6 | 7 | clip() { 8 | if [[ -n $WAYLAND_DISPLAY ]]; then 9 | - local copy_cmd=( wl-copy ) 10 | + local copy_cmd=( wl-copy -t text/secret ) 11 | local paste_cmd=( wl-paste -n ) 12 | if [[ $X_SELECTION == primary ]]; then 13 | copy_cmd+=( --primary ) 14 | @@ -170,31 +170,8 @@ clip() { 15 | else 16 | die "Error: No X11 or Wayland display detected" 17 | fi 18 | - local sleep_argv0="password store sleep on display $display_name" 19 | - 20 | - # This base64 business is because bash cannot store binary data in a shell 21 | - # variable. Specifically, it cannot store nulls nor (non-trivally) store 22 | - # trailing new lines. 23 | - pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 24 | - local before="$("${paste_cmd[@]}" 2>/dev/null | $BASE64)" 25 | echo -n "$1" | "${copy_cmd[@]}" || die "Error: Could not copy data to the clipboard" 26 | - ( 27 | - ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) 28 | - local now="$("${paste_cmd[@]}" | $BASE64)" 29 | - [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" 30 | - 31 | - # It might be nice to programatically check to see if klipper exists, 32 | - # as well as checking for other common clipboard managers. But for now, 33 | - # this works fine -- if qdbus isn't there or if klipper isn't running, 34 | - # this essentially becomes a no-op. 35 | - # 36 | - # Clipboard managers frequently write their history out in plaintext, 37 | - # so we axe it here: 38 | - qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null 39 | - 40 | - echo "$before" | $BASE64 -d | "${copy_cmd[@]}" 41 | - ) >/dev/null 2>&1 & disown 42 | - echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." 43 | + echo "Copied $2 to clipboard." 44 | } 45 | 46 | qrcode() { 47 | -------------------------------------------------------------------------------- /overlays/qutebrowser-refresh-tab-colorscheme.patch: -------------------------------------------------------------------------------- 1 | diff --git a/qutebrowser/app.py b/qutebrowser/app.py 2 | index 51603a2b9..21c412dd1 100644 3 | --- a/qutebrowser/app.py 4 | +++ b/qutebrowser/app.py 5 | @@ -553,6 +553,7 @@ class Application(QApplication): 6 | 7 | self.launch_time = datetime.datetime.now() 8 | self.focusObjectChanged.connect(self.on_focus_object_changed) 9 | + self.styleHints().colorSchemeChanged.connect(self._on_colorscheme_changed) 10 | 11 | if machinery.IS_QT5: 12 | # default and removed in Qt 6 13 | @@ -560,6 +561,14 @@ class Application(QApplication): 14 | 15 | self.new_window.connect(self._on_new_window) 16 | 17 | + def _on_colorscheme_changed(self, *args): 18 | + # Repaint all tabs when styleHints is updated 19 | + log.init.debug(f"Colorscheme changed to {args[0]}, refreshing tabs") 20 | + for window in objreg.window_registry.values(): 21 | + for tab in window.tabbed_browser.widgets(): 22 | + tab.refresh() 23 | + 24 | + 25 | @pyqtSlot(mainwindow.MainWindow) 26 | def _on_new_window(self, window): 27 | window.tabbed_browser.shutting_down.connect(functools.partial( 28 | diff --git a/qutebrowser/browser/webengine/webenginetab.py b/qutebrowser/browser/webengine/webenginetab.py 29 | index 02d912a50..402fa7b4f 100644 30 | --- a/qutebrowser/browser/webengine/webenginetab.py 31 | +++ b/qutebrowser/browser/webengine/webenginetab.py 32 | @@ -1660,6 +1660,13 @@ class WebEngineTab(browsertab.AbstractTab): 33 | else: 34 | selection.selectNone() 35 | 36 | + def refresh(self): 37 | + """Properly repaint the tab content.""" 38 | + settings = self.settings._settings 39 | + show_scroll_bars = settings.WebAttribute.ShowScrollBars 40 | + # Dirty hack 41 | + settings.setAttribute(show_scroll_bars, settings.testAttribute(show_scroll_bars)) 42 | + 43 | def _connect_signals(self): 44 | view = self._widget 45 | page = view.page() 46 | -------------------------------------------------------------------------------- /overlays/vim-numbertoggle-command-mode.patch: -------------------------------------------------------------------------------- 1 | diff --git a/plugin/number_toggle.vim b/plugin/number_toggle.vim 2 | index d5dad54..80aa97e 100644 3 | --- a/plugin/number_toggle.vim 4 | +++ b/plugin/number_toggle.vim 5 | @@ -4,6 +4,6 @@ 6 | 7 | augroup numbertoggle 8 | autocmd! 9 | - autocmd BufEnter,FocusGained,InsertLeave,WinEnter * if &nu && mode() != "i" | set rnu | endif 10 | - autocmd BufLeave,FocusLost,InsertEnter,WinLeave * if &nu | set nornu | endif 11 | + autocmd BufEnter,FocusGained,InsertLeave,WinEnter,CmdlineLeave * if &nu && mode() != "i" | set rnu | endif 12 | + autocmd BufLeave,FocusLost,InsertEnter,WinLeave,CmdlineEnter * if &nu | set nornu | redraw | endif 13 | augroup END 14 | -------------------------------------------------------------------------------- /overlays/wl-clipboard-secrets.diff: -------------------------------------------------------------------------------- 1 | diff --git a/src/util/string.c b/src/util/string.c 2 | index bfea1de..445a869 100644 3 | --- a/src/util/string.c 4 | +++ b/src/util/string.c 5 | @@ -55,6 +55,12 @@ int mime_type_is_text(const char *mime_type) { 6 | return basic || common || special; 7 | } 8 | 9 | +int mime_type_is_sensitive(const char *mime_type) { 10 | + /* A heuristic to detect sensitive mime types */ 11 | + 12 | + return str_has_suffix(mime_type, "secret"); 13 | +} 14 | + 15 | int str_has_prefix(const char *string, const char *prefix) { 16 | size_t prefix_length = strlen(prefix); 17 | return strncmp(string, prefix, prefix_length) == 0; 18 | diff --git a/src/util/string.h b/src/util/string.h 19 | index 1477944..08307d1 100644 20 | --- a/src/util/string.h 21 | +++ b/src/util/string.h 22 | @@ -25,6 +25,7 @@ 23 | typedef char * const *argv_t; 24 | 25 | int mime_type_is_text(const char *mime_type); 26 | +int mime_type_is_sensitive(const char *mime_type); 27 | 28 | int str_has_prefix(const char *string, const char *prefix); 29 | int str_has_suffix(const char *string, const char *suffix); 30 | diff --git a/src/wl-paste.c b/src/wl-paste.c 31 | index dee2fad..bd68567 100644 32 | --- a/src/wl-paste.c 33 | +++ b/src/wl-paste.c 34 | @@ -53,6 +53,7 @@ struct types { 35 | int inferred_available; 36 | int plain_text_utf8_available; 37 | int plain_text_available; 38 | + int sensitive; 39 | const char *having_explicit_as_prefix; 40 | const char *any_text; 41 | const char *any; 42 | @@ -99,6 +100,9 @@ static struct types classify_offer_types(struct offer *offer) { 43 | ) { 44 | types.having_explicit_as_prefix = mime_type; 45 | } 46 | + if (mime_type_is_sensitive(mime_type)) { 47 | + types.sensitive = 1; 48 | + } 49 | } 50 | return types; 51 | } 52 | @@ -319,7 +323,7 @@ static void selection_callback(struct offer *offer, int primary) { 53 | wl_display_flush(wl_display); 54 | 55 | close(pipefd[1]); 56 | - rc = run_paste_command(pipefd[0], "data"); 57 | + rc = run_paste_command(pipefd[0], types.sensitive == 1 ? "sensitive" : "data"); 58 | if (!rc) { 59 | if (options.watch) { 60 | /* Try to cope without exiting completely */ 61 | 62 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs ? import {}, ...}: rec { 2 | # Packages with an actual source 3 | lyrics = pkgs.python3Packages.callPackage ./lyrics {}; 4 | 5 | # Personal scripts 6 | minicava = pkgs.callPackage ./minicava {}; 7 | pass-wofi = pkgs.callPackage ./pass-wofi {}; 8 | xpo = pkgs.callPackage ./xpo {}; 9 | 10 | # My slightly customized plymouth theme, just makes the blue outline white 11 | plymouth-spinner-monochrome = pkgs.callPackage ./plymouth-spinner-monochrome {}; 12 | } 13 | -------------------------------------------------------------------------------- /pkgs/formats/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs}: { 2 | gzipJson = {}: { 3 | generate = name: value: 4 | pkgs.callPackage ( 5 | { 6 | runCommand, 7 | gzip, 8 | }: 9 | runCommand name 10 | { 11 | nativeBuildInputs = [gzip]; 12 | value = builtins.toJSON value; 13 | passAsFile = ["value"]; 14 | } 15 | '' 16 | gzip "$valuePath" -c > "$out" 17 | '' 18 | ) {}; 19 | 20 | type = (pkgs.formats.json {}).type; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /pkgs/lyrics/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchFromGitHub, 3 | buildPythonPackage, 4 | dbus-python, 5 | }: 6 | buildPythonPackage rec { 7 | pname = "lyrics"; 8 | version = "1.5.0"; 9 | 10 | src = fetchFromGitHub { 11 | owner = "jugran"; 12 | repo = "lyrics-in-terminal"; 13 | rev = version; 14 | hash = "sha256-61l4W7X66WHm1k/M/JM55dNj+mMh4R9ohKbByk9dIVA="; 15 | }; 16 | 17 | propagatedBuildInputs = [dbus-python]; 18 | 19 | doCheck = false; 20 | 21 | patches = [./fix-config-in-build-phase.diff]; 22 | } 23 | -------------------------------------------------------------------------------- /pkgs/minicava/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenv, 4 | fetchFromGitHub, 5 | makeWrapper, 6 | cava, 7 | gnused, 8 | }: 9 | with lib; 10 | stdenv.mkDerivation { 11 | pname = "minicava"; 12 | version = "0.1"; 13 | src = fetchFromGitHub { 14 | owner = "Misterio77"; 15 | repo = "minicava"; 16 | rev = "c24681fe7c91548e0fb4f55a1882b0145c48d097"; 17 | sha256 = "sha256-t+NHZP2I7clDHrnCDdYMaLcua7inVKm2t3aYZ3uBAlk="; 18 | }; 19 | 20 | dontBuild = true; 21 | dontConfigure = true; 22 | 23 | nativeBuildInputs = [makeWrapper]; 24 | 25 | installPhase = '' 26 | install -Dm 0755 minicava.sh $out/bin/minicava 27 | wrapProgram $out/bin/minicava --set PATH \ 28 | "${ 29 | makeBinPath [ 30 | cava 31 | gnused 32 | ] 33 | }" 34 | ''; 35 | 36 | meta = { 37 | description = "A miniature cava sound visualizer"; 38 | homepage = "https://github.com/Misterio77/minicava"; 39 | license = licenses.mit; 40 | platforms = platforms.all; 41 | mainProgram = "minicava"; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /pkgs/pass-wofi/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenv, 4 | makeWrapper, 5 | pass, 6 | jq, 7 | wofi, 8 | libnotify, 9 | wl-clipboard, 10 | wtype, 11 | findutils, 12 | gnused, 13 | coreutils, 14 | }: 15 | stdenv.mkDerivation { 16 | name = "pass-wofi"; 17 | version = "1.0"; 18 | src = ./pass-wofi.sh; 19 | 20 | nativeBuildInputs = [makeWrapper]; 21 | 22 | dontUnpack = true; 23 | dontBuild = true; 24 | dontConfigure = true; 25 | 26 | installPhase = '' 27 | install -Dm 0755 $src $out/bin/pass-wofi 28 | wrapProgram $out/bin/pass-wofi --prefix PATH ':' \ 29 | "${ 30 | lib.makeBinPath [ 31 | pass 32 | jq 33 | wofi 34 | libnotify 35 | wl-clipboard 36 | wtype 37 | findutils 38 | gnused 39 | coreutils 40 | ] 41 | }" 42 | ''; 43 | 44 | meta = { 45 | description = "A wofi graphical menu for pass"; 46 | license = lib.licenses.mit; 47 | platforms = lib.platforms.all; 48 | mainProgram = "pass-wofi"; 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | stdenv, 3 | logo ? null, 4 | lib, 5 | ... 6 | }: 7 | stdenv.mkDerivation { 8 | pname = "plymouth-spinner-monochrome"; 9 | version = "1.0"; 10 | src = ./src; 11 | 12 | buildPhase = lib.optionalString (logo != null) '' 13 | ln -s ${logo} watermark.png 14 | ''; 15 | installPhase = '' 16 | mkdir -p $out/share/plymouth/themes 17 | cp -rT . $out/share/plymouth/themes/spinner-monochrome 18 | ''; 19 | 20 | meta = { 21 | platforms = lib.platforms.all; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0001.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0002.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0003.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0004.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0005.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0006.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0007.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0008.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0008.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0009.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0010.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0010.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0011.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0012.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0013.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0014.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0015.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0015.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0016.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0016.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0017.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0017.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0018.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0018.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0019.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0019.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0020.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0020.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0021.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0021.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0022.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0022.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0023.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0023.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0024.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0025.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0026.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0026.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0027.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0027.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0028.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0028.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0029.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0029.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0030.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0030.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0031.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0031.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0032.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0032.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0033.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0033.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0034.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0034.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0035.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0035.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/animation-0036.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/animation-0036.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/bullet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/bullet.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/capslock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/capslock.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/entry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/entry.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/keyboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/keyboard.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/keymap-render.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/keymap-render.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/lock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/lock.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/spinner-monochrome.plymouth: -------------------------------------------------------------------------------- 1 | [Plymouth Theme] 2 | Name[be]=Круцёлка 3 | Name[cs]=Točítko 4 | Name[da]=Snurre 5 | Name[de]=Spinner 6 | Name[eo]=Turnilo 7 | Name[es]=Spinner 8 | Name[eu]=Spinner 9 | Name[fr]=Roulette 10 | Name[fur]=Roulette 11 | Name[hu]=Forgó 12 | Name[id]=Spinner 13 | Name[it]=Spinner 14 | Name[nl]=Spinner 15 | Name[pa]=ਸਪਿੱਨਰ 16 | Name[pl]=Spinner 17 | Name[pt_BR]=Spinner 18 | Name[ru]=Числовое поле с кнопками 19 | Name[sr]=Предилица 20 | Name[sv]=Spinnare 21 | Name[uk]=Крутний індикатор 22 | Name[zh_CN]=Spinner 23 | Name[ms]=Spinner 24 | Name[he]=שבשבת טעינה 25 | Name[fa]=چرخنده 26 | Name[fi]=Spinneri 27 | Name=Spinner 28 | Description=A theme designed by jimmac that features a simple spinner. 29 | ModuleName=two-step 30 | 31 | [two-step] 32 | Font=Fira Sans 12 33 | TitleFont=Fira Sans 30 34 | ImageDir=/etc/plymouth/themes/spinner-monochrome 35 | DialogHorizontalAlignment=.5 36 | DialogVerticalAlignment=.382 37 | TitleHorizontalAlignment=.5 38 | TitleVerticalAlignment=.382 39 | HorizontalAlignment=.5 40 | VerticalAlignment=.7 41 | WatermarkHorizontalAlignment=.5 42 | WatermarkVerticalAlignment=.96 43 | Transition=none 44 | TransitionDuration=0.0 45 | BackgroundStartColor=0x000000 46 | BackgroundEndColor=0x000000 47 | ProgressBarBackgroundColor=0x606060 48 | ProgressBarForegroundColor=0xffffff 49 | MessageBelowAnimation=true 50 | 51 | [boot-up] 52 | UseEndAnimation=false 53 | 54 | [shutdown] 55 | UseEndAnimation=false 56 | 57 | [reboot] 58 | UseEndAnimation=false 59 | 60 | [updates] 61 | SuppressMessages=true 62 | ProgressBarShowPercentComplete=true 63 | UseProgressBar=true 64 | Title=Installing Updates... 65 | SubTitle=Do not turn off your computer 66 | 67 | [system-upgrade] 68 | SuppressMessages=true 69 | ProgressBarShowPercentComplete=true 70 | UseProgressBar=true 71 | Title=Upgrading System... 72 | SubTitle=Do not turn off your computer 73 | 74 | [firmware-upgrade] 75 | SuppressMessages=true 76 | ProgressBarShowPercentComplete=true 77 | UseProgressBar=true 78 | Title=Upgrading Firmware... 79 | SubTitle=Do not turn off your computer 80 | -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0001.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0002.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0003.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0004.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0005.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0006.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0007.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0008.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0008.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0009.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0010.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0010.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0011.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0012.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0013.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0014.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0015.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0015.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0016.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0016.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0017.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0017.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0018.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0018.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0019.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0019.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0020.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0020.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0021.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0021.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0022.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0022.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0023.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0023.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0024.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0025.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0026.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0026.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0027.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0027.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0028.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0028.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0029.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0029.png -------------------------------------------------------------------------------- /pkgs/plymouth-spinner-monochrome/src/throbber-0030.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Misterio77/nix-config/cd76c0c5a1bb6b23bee00346ba6723af83e959a4/pkgs/plymouth-spinner-monochrome/src/throbber-0030.png -------------------------------------------------------------------------------- /pkgs/vim-plugins/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs}: { 2 | gemini-vim-syntax = pkgs.callPackage ./gemini-vim-syntax {}; 3 | vim-syntax-shakespeare = pkgs.callPackage ./vim-syntax-shakespeare {}; 4 | vim-medieval = pkgs.callPackage ./vim-medieval {}; 5 | mermaid-vim = pkgs.callPackage ./mermaid-vim {}; 6 | nvim-femaco = pkgs.callPackage ./nvim-femaco {}; 7 | hunk-nvim = pkgs.callPackage ./hunk-nvim {}; 8 | } 9 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/gemini-vim-syntax/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | vimUtils, 3 | fetchFromGitea, 4 | }: let 5 | pname = "gemini-vim-syntax"; 6 | in 7 | vimUtils.buildVimPlugin { 8 | inherit pname; 9 | version = "2021-11-15"; 10 | dontBuild = true; 11 | src = fetchFromGitea { 12 | domain = "tildegit.org"; 13 | owner = "sloum"; 14 | repo = pname; 15 | rev = "596d1f36b386e5b2cc1af4f2f8285134626878d1"; 16 | sha256 = "sha256-4Ma74KdAWtr00NNV0DbDL0SwY6s4d2Ok1HaUvVzCrMA="; 17 | }; 18 | meta.homepage = "https://tildegit.org/sloum/${pname}"; 19 | } 20 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/hunk-nvim/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | vimUtils, 3 | fetchFromGitHub, 4 | }: 5 | vimUtils.buildVimPlugin { 6 | pname = "hunk-nvim"; 7 | version = "2021-11-15"; 8 | dontBuild = true; 9 | src = fetchFromGitHub { 10 | owner = "julienvincent"; 11 | repo = "hunk.nvim"; 12 | rev = "0834cb91c9eb1f315fbf49ad4ea9abc9ac8b5157"; 13 | sha256 = "sha256-wtR2mPPmBK99loE1pOKqrRY8mHrTT5WsO8085wOuPuM="; 14 | }; 15 | meta.homepage = "https://github.com/julienvincent/hunk.nvim"; 16 | } 17 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/mermaid-vim/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | vimUtils, 3 | fetchFromGitHub, 4 | }: 5 | vimUtils.buildVimPlugin { 6 | pname = "mermaid-vim"; 7 | version = "2022-02-15"; 8 | dontBuild = true; 9 | src = fetchFromGitHub { 10 | owner = "mracos"; 11 | repo = "mermaid.vim"; 12 | rev = "a8470711907d47624d6860a2bcbd0498a639deb6"; 13 | sha256 = "sha256-LRuuCFamwvBm9e5mbQ8CkGgclEY9iv52uRl/2kGBUc8="; 14 | }; 15 | meta.homepage = "https://github.org/mracos/mermaid.vim"; 16 | } 17 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/nvim-femaco/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | vimUtils, 3 | fetchFromGitHub, 4 | }: 5 | vimUtils.buildVimPlugin { 6 | pname = "nvim-femaco"; 7 | version = "2022-10-10"; 8 | dontBuild = true; 9 | src = fetchFromGitHub { 10 | owner = "acksld"; 11 | repo = "nvim-femaco.lua"; 12 | rev = "469465fc1adf8bddc2c9bbe549d38304de95e9f7"; 13 | sha256 = "sha256-fayT1gtbxO0B3qK3pISsgarFVL9Kt/NWOyI26+S9Y+c="; 14 | }; 15 | meta.homepage = "https://github.com/AckslD/nvim-FeMaco.lua"; 16 | } 17 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/vim-medieval/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | vimUtils, 3 | fetchFromGitHub, 4 | }: let 5 | pname = "vim-medieval"; 6 | in 7 | vimUtils.buildVimPlugin { 8 | inherit pname; 9 | version = "2022-02-07"; 10 | dontBuild = true; 11 | src = fetchFromGitHub { 12 | owner = "gpanders"; 13 | repo = "${pname}"; 14 | rev = "029ba76340cc51d481d5fa0ad19e25b0ee13b3c5"; 15 | sha256 = "sha256-JYkevNxW/RYLVfxXSGYvVSQwmjk2zSvzxLVTbR0lzek="; 16 | }; 17 | patches = [./preview-instead-of-scratch.patch]; 18 | } 19 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/vim-medieval/preview-instead-of-scratch.patch: -------------------------------------------------------------------------------- 1 | diff --git a/autoload/medieval.vim b/autoload/medieval.vim 2 | index eee3adc..91e99b9 100644 3 | --- a/autoload/medieval.vim 4 | +++ b/autoload/medieval.vim 5 | @@ -1,3 +1,4 @@ 6 | +let s:tempfile = fnamemodify(tempname(), ':h') . '/medieval' 7 | let s:fences = [{'start': '[`~]\{3,}'}, {'start': '\$\$'}] 8 | let s:opts = ['name', 'target', 'require', 'tangle'] 9 | let s:optspat = '\(' . join(s:opts, '\|') . '\):\s*\([0-9A-Za-z_+.$#&/-]\+\)' 10 | @@ -196,18 +197,9 @@ function! s:callback(context, output) abort 11 | call append(tstart + 1, a:output) 12 | endif 13 | else 14 | - " Open result in scratch buffer 15 | - if &splitbelow 16 | - botright new 17 | - else 18 | - topleft new 19 | - endif 20 | - 21 | - call append(0, a:output) 22 | - call deletebufline('%', '$') 23 | - exec 'resize' &previewheight 24 | - setlocal buftype=nofile bufhidden=delete nobuflisted noswapfile winfixheight 25 | - wincmd p 26 | + " Open result in preview window 27 | + call writefile(a:output, s:tempfile) 28 | + exec 'pedit ' . s:tempfile 29 | endif 30 | endfunction 31 | 32 | -------------------------------------------------------------------------------- /pkgs/vim-plugins/vim-syntax-shakespeare/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | vimUtils, 3 | fetchFromGitHub, 4 | }: let 5 | pname = "vim-syntax-shakespeare"; 6 | in 7 | vimUtils.buildVimPlugin { 8 | inherit pname; 9 | version = "2021-12-14"; 10 | dontBuild = true; 11 | src = fetchFromGitHub { 12 | owner = "pbrisbin"; 13 | repo = pname; 14 | rev = "2f4f61eae55b8f1319ce3a086baf9b5ab57743f3"; 15 | sha256 = "sha256-sdCXJOvB+vJE0ir+qsT/u1cHNxrksMnqeQi4D/Vg6UA="; 16 | }; 17 | meta.homepage = "https://github.com/pbrisbin/${pname}"; 18 | } 19 | -------------------------------------------------------------------------------- /pkgs/xpo/default.nix: -------------------------------------------------------------------------------- 1 | # Exposes a port through SSH 2 | # xpo [local port] [remote host] [remote port] 3 | { 4 | lib, 5 | writeShellApplication, 6 | openssh, 7 | }: 8 | (writeShellApplication { 9 | name = "xpo"; 10 | runtimeInputs = [openssh]; 11 | text = builtins.readFile ./xpo.sh; 12 | }) 13 | // { 14 | meta = with lib; { 15 | licenses = licenses.mit; 16 | platforms = platforms.all; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /pkgs/xpo/xpo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Exposes a port through SSH 3 | # xpo [local port] [remote host] [remote port] 4 | # 5 | # Arguments: 6 | # - local port: defaults to 8080 7 | # - remote host: defaults to $XPO_SERVER 8 | # - remote port: defaults to randomly chosen 9 | # 10 | # Environment variables: 11 | # - $XPO_SERVER: server to ssh into 12 | # - $XPO_SSH_USER: override user used to ssh, defaults to $USER 13 | # - $XPO_SSH_OPTS: additional ssh options, defaults to "-A" 14 | 15 | socket="${XDG_RUNTIME_DIR:-/run/user/${UID:-1000}}/xpo-$BASHPID.sock" 16 | server="${2:-$XPO_SERVER}" 17 | user="${XPO_SSH_USER:-$USER}" 18 | l_port="${1:-8080}" 19 | ssh_opts="${XPO_SSH_OPTS:-"-A"}" 20 | 21 | # Open master ssh connection 22 | ssh -fTN "$ssh_opts" -MS "$socket" "$user@$server" 23 | 24 | echo "Forwarding :$l_port" >&2 25 | 26 | # If port was supplied 27 | if [ -n "${3:-}" ]; then 28 | r_port="$3" 29 | ssh -S "$socket" -O forward -R "*:$r_port:localhost:$l_port" xpo 30 | else 31 | # Forward port and record it 32 | r_port="$(ssh -S "$socket" -O forward -R "*:0:localhost:$l_port" xpo)" 33 | fi 34 | 35 | echo "$server:$r_port" 36 | 37 | # Open it through iptables 38 | echo -n "Opening $r_port on firewall... " >&2 39 | ssh "$ssh_opts" -t -S "$socket" xpo -- sudo iptables -I INPUT -p tcp --dport "$r_port" -j ACCEPT 40 | echo "done" >&2 41 | 42 | clean() { 43 | # Close it 44 | echo "Closing $r_port on firewall... " >&2 45 | ssh "$ssh_opts" -t -S "$socket" xpo -- sudo iptables -D INPUT -p tcp --dport "$r_port" -j ACCEPT 46 | echo "done" >&2 47 | # Close the ssh connection 48 | ssh -S "$socket" -O exit xpo 49 | } 50 | trap clean EXIT 51 | 52 | sleep infinity 53 | -------------------------------------------------------------------------------- /shell.nix: -------------------------------------------------------------------------------- 1 | {pkgs ? import {}, ...}: { 2 | default = pkgs.mkShell { 3 | NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations"; 4 | nativeBuildInputs = with pkgs; [ 5 | nix 6 | home-manager 7 | git 8 | 9 | sops 10 | ssh-to-age 11 | gnupg 12 | age 13 | ]; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /templates/python/.gitignore: -------------------------------------------------------------------------------- 1 | .venv/ 2 | build/ 3 | *.egg-info/ 4 | venv/ 5 | __pycache__/ 6 | *.py[cod] 7 | -------------------------------------------------------------------------------- /templates/python/README.md: -------------------------------------------------------------------------------- 1 | # Foo Bar 2 | 3 | TODO 4 | 5 | ## Installation 6 | 7 | You can install the package using `pipx` 8 | ```bash 9 | pipx install git+https://github.com/misterio77/foo-bar 10 | ``` 11 | 12 | Alternatively, use pip with `--user`: 13 | ```bash 14 | pip install --user git+https://github.com/misterio77/foo-bar 15 | ``` 16 | 17 | Or use nix: 18 | ```bash 19 | nix shell github:misterio77/foo-bar 20 | ``` 21 | 22 | ## Usage 23 | 24 | TODO 25 | 26 | ## Hacking 27 | 28 | Use [poetry](https://python-poetry.org/), like so: 29 | 30 | ```bash 31 | poetry install 32 | poetry shell 33 | ``` 34 | 35 | Or use nix: 36 | ```bash 37 | nix develop -c $SHELL 38 | ``` 39 | 40 | You can then use `python -m` to run it, as well as all the usual dev tools: 41 | 42 | ```bash 43 | python -m foo_bar # Run 44 | 45 | mypy # Type check 46 | ruff check # Lint 47 | ruff format # Format 48 | pytest # Run tests 49 | ``` 50 | 51 | Python LSP will also be available. Check your editor docs on how to enable it. 52 | -------------------------------------------------------------------------------- /templates/python/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = { 3 | nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; 4 | systems.url = "github:nix-systems/default"; 5 | poetry2nix.url = "github:nix-community/poetry2nix"; 6 | poetry2nix.inputs.nixpkgs.follows = "nixpkgs"; 7 | }; 8 | 9 | outputs = { 10 | nixpkgs, 11 | systems, 12 | poetry2nix, 13 | ... 14 | }: let 15 | forEachSystem = nixpkgs.lib.genAttrs (import systems); 16 | in { 17 | packages = forEachSystem (system: let 18 | pkgs = nixpkgs.legacyPackages.${system}; 19 | p2nix = poetry2nix.lib.mkPoetry2Nix {inherit pkgs;}; 20 | in { 21 | default = p2nix.mkPoetryApplication { 22 | projectDir = ./.; 23 | preferWheels = true; 24 | checkPhase = '' 25 | mypy 26 | ruff check 27 | pytest 28 | ''; 29 | }; 30 | }); 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /templates/python/foo_bar/__init__.py: -------------------------------------------------------------------------------- 1 | def hello_world() -> str: 2 | return "Hello, world!" 3 | -------------------------------------------------------------------------------- /templates/python/foo_bar/__main__.py: -------------------------------------------------------------------------------- 1 | from foo_bar import hello_world 2 | 3 | 4 | def main() -> None: 5 | print(hello_world()) 6 | 7 | 8 | if __name__ == "__main__": 9 | main() 10 | -------------------------------------------------------------------------------- /templates/python/pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = ["poetry-core"] 3 | build-backend = "poetry.core.masonry.api" 4 | 5 | [tool.poetry] 6 | name = "foo-bar" 7 | version = "0.1.0" 8 | authors = [] 9 | description = "" 10 | 11 | [tool.poetry.dependencies] 12 | python = "^3.12" 13 | 14 | [tool.poetry.group.dev.dependencies] 15 | pytest = "^8.3" 16 | ruff = "0.6.1" 17 | mypy = "^1.11" 18 | python-lsp-server = "^1.12" 19 | pylsp-mypy = "^0.6" 20 | 21 | [tool.poetry.scripts] 22 | foo-bar = "foo_bar.__main__:main" 23 | 24 | [tool.ruff] 25 | line-length = 88 26 | [tool.mypy] 27 | files = "." 28 | strict = true 29 | [tool.pytest.ini_options] 30 | testpaths = ["tests/*"] 31 | pythonpath = ["."] 32 | -------------------------------------------------------------------------------- /templates/python/tests/example.py: -------------------------------------------------------------------------------- 1 | from foo_bar import hello_world 2 | 3 | 4 | def test_hello_world() -> None: 5 | assert hello_world() == "Hello, world!" 6 | --------------------------------------------------------------------------------