├── .editorconfig ├── .git-blame-ignore-revs ├── .gitattributes ├── .gitconfig ├── .github ├── CODEOWNERS ├── FUNDING.yml ├── dependabot.yml └── workflows │ ├── docker-compose-check.yml │ └── flake-lock-maintenance.yml ├── .gitignore ├── LICENSE ├── README.md ├── checks └── deploy │ └── default.nix ├── default.nix ├── docker ├── docker-compose.yml ├── glance │ ├── docker-compose.yml │ └── glance.yml ├── h5ai │ └── docker-compose.yml ├── jellyfin │ └── docker-compose.yml ├── minecraft │ └── docker-compose.yml ├── pihole │ └── docker-compose.yml ├── qbittorrent │ └── docker-compose.yml ├── radarr │ └── docker-compose.yml └── sonarr │ └── docker-compose.yml ├── flake.lock ├── flake.nix ├── garnix.yaml ├── homes ├── aarch64-darwin │ ├── common.nix │ ├── yash@astra │ │ └── default.nix │ ├── yash@trinity │ │ └── default.nix │ └── ygarg@aurora │ │ └── default.nix ├── aarch64-linux │ ├── yash@cosmos │ │ └── default.nix │ └── yash@zenith │ │ └── default.nix └── x86_64-linux │ ├── yash@nebula │ └── default.nix │ └── yash@nova │ └── default.nix ├── justfile ├── lib ├── deploy │ └── default.nix ├── module │ └── default.nix ├── nix-config │ └── default.nix └── wayland │ └── default.nix ├── modules ├── darwin │ ├── agenix │ │ └── default.nix │ ├── home-manager │ │ └── default.nix │ ├── homebrew │ │ └── default.nix │ ├── networking │ │ └── default.nix │ ├── nix │ │ └── default.nix │ ├── stylix │ │ └── default.nix │ ├── system │ │ ├── default.nix │ │ ├── dock │ │ │ └── default.nix │ │ ├── finder │ │ │ └── default.nix │ │ └── fonts │ │ │ └── default.nix │ └── user │ │ └── default.nix ├── home │ ├── alacritty │ │ ├── default.nix │ │ └── settings.nix │ ├── aria2 │ │ └── default.nix │ ├── atuin │ │ └── default.nix │ ├── bat │ │ └── default.nix │ ├── btop │ │ └── default.nix │ ├── direnv │ │ └── default.nix │ ├── env │ │ └── default.nix │ ├── eza │ │ └── default.nix │ ├── fastfetch │ │ └── default.nix │ ├── firefox │ │ ├── default.nix │ │ ├── extensions.nix │ │ ├── policies.nix │ │ └── settings.nix │ ├── fonts │ │ └── default.nix │ ├── fzf │ │ ├── colors.nix │ │ └── default.nix │ ├── ghostty │ │ ├── config │ │ └── default.nix │ ├── git │ │ └── default.nix │ ├── gpg │ │ └── default.nix │ ├── home-manager │ │ └── default.nix │ ├── jq │ │ └── default.nix │ ├── jujutsu │ │ ├── config.toml │ │ └── default.nix │ ├── keychain │ │ └── default.nix │ ├── kitty │ │ ├── colors.nix │ │ └── default.nix │ ├── lazygit │ │ └── default.nix │ ├── lsd │ │ ├── colors.nix │ │ └── default.nix │ ├── micro │ │ ├── bindings.json │ │ ├── default.nix │ │ └── dracula.micro │ ├── mpv │ │ ├── config.nix │ │ └── default.nix │ ├── neovim │ │ └── default.nix │ ├── nix-index │ │ └── default.nix │ ├── obs-studio │ │ └── default.nix │ ├── oh-my-posh │ │ ├── config.omp.json │ │ └── default.nix │ ├── packages │ │ └── default.nix │ ├── shells │ │ ├── bash │ │ │ └── default.nix │ │ └── zsh │ │ │ └── default.nix │ ├── spotify │ │ └── default.nix │ ├── ssh │ │ └── default.nix │ ├── starship │ │ ├── config.toml │ │ └── default.nix │ ├── tmux │ │ └── default.nix │ ├── user │ │ └── default.nix │ ├── wezterm │ │ ├── config │ │ │ ├── utils.lua │ │ │ └── wezterm.lua │ │ └── default.nix │ ├── xdg │ │ └── default.nix │ ├── yazi │ │ └── default.nix │ ├── zellij │ │ ├── default.nix │ │ └── layouts │ │ │ ├── default.kdl │ │ │ ├── main.kdl │ │ │ └── multi.kdl │ └── zoxide │ │ └── default.nix └── nixos │ ├── agenix │ └── default.nix │ ├── desktop │ ├── android-dev │ │ └── default.nix │ ├── cosmic │ │ └── default.nix │ ├── default.nix │ ├── earlyoom │ │ └── default.nix │ ├── gaming │ │ └── default.nix │ ├── gnome │ │ └── default.nix │ └── stylix │ │ └── default.nix │ ├── hardware │ ├── audio │ │ └── default.nix │ ├── bluetooth │ │ └── default.nix │ └── networking │ │ └── default.nix │ ├── home-manager │ └── default.nix │ ├── nix │ └── default.nix │ ├── server │ └── default.nix │ ├── services │ ├── adguard │ │ └── default.nix │ ├── avahi │ │ └── default.nix │ ├── cifs │ │ └── default.nix │ ├── gatus │ │ └── default.nix │ ├── gitea │ │ └── default.nix │ ├── jellyfin │ │ └── default.nix │ ├── ksmbd │ │ └── default.nix │ ├── linkding │ │ └── default.nix │ ├── ollama │ │ └── default.nix │ ├── openrazer │ │ └── default.nix │ ├── plausible │ │ └── default.nix │ ├── printing │ │ └── default.nix │ ├── qbittorrent │ │ └── default.nix │ ├── samba │ │ └── default.nix │ ├── ssh │ │ └── default.nix │ ├── sso-auth │ │ ├── authelia │ │ │ ├── default.nix │ │ │ └── settings.nix │ │ ├── default.nix │ │ └── lldap │ │ │ └── default.nix │ ├── tailscale │ │ └── default.nix │ ├── traefik │ │ └── default.nix │ └── yubikey │ │ └── default.nix │ ├── system │ ├── boot │ │ └── default.nix │ ├── fonts │ │ └── default.nix │ ├── grub │ │ └── default.nix │ ├── locale │ │ └── default.nix │ ├── time │ │ └── default.nix │ ├── wsl │ │ └── default.nix │ └── xkb │ │ └── default.nix │ └── virtualisation │ └── default.nix ├── overlays ├── agenix │ └── default.nix ├── ghostty │ └── default.nix ├── nh_darwin │ └── default.nix ├── slack │ └── default.nix ├── spicetify │ └── default.nix ├── vesktop │ └── default.nix └── zjstatus │ └── default.nix ├── packages ├── README.md ├── monolisa-nerdfonts │ └── default.nix └── mpv-scripts │ ├── auto-profiles │ └── default.nix │ ├── better-chapters │ └── default.nix │ ├── boss-key │ └── default.nix │ ├── default.nix │ ├── repl │ └── default.nix │ └── status-line │ └── default.nix ├── scripts ├── aliases ├── functions └── shell-init ├── secrets ├── .gitconfig-freelance.age ├── .gitconfig-work.age ├── cosmos │ ├── tailscale.age │ └── user.age ├── nebula │ └── tailscale.age ├── nova │ ├── cifs.age │ └── samba.age ├── secrets.nix └── zenith │ ├── authelia │ ├── hmac.age │ ├── jwt.age │ ├── ldap.age │ ├── notifier.yml.age │ ├── oidc.age │ ├── session.age │ ├── storage.age │ └── users.yml.age │ ├── cf.env.age │ ├── homepage.env.age │ ├── lldap │ ├── jwt.age │ ├── key-seed.age │ └── user.age │ ├── plausible.age │ ├── tailscale.age │ └── user.age ├── statix.toml ├── systems ├── aarch64-darwin │ ├── astra │ │ └── default.nix │ ├── aurora │ │ └── default.nix │ └── trinity │ │ └── default.nix ├── aarch64-linux │ ├── cosmos │ │ ├── default.nix │ │ └── hardware-configuration.nix │ └── zenith │ │ ├── default.nix │ │ ├── disk-config.nix │ │ └── hardware-configuration.nix ├── x86_64-install-iso │ └── minimal │ │ └── default.nix └── x86_64-linux │ ├── nebula │ └── default.nix │ └── nova │ ├── default.nix │ └── hardware-configuration.nix ├── templates ├── cpp │ ├── .envrc │ ├── default.nix │ ├── flake.nix │ └── shell.nix ├── go │ ├── .envrc │ ├── default.nix │ ├── flake.nix │ └── shell.nix ├── node │ ├── .envrc │ ├── default.nix │ ├── flake.nix │ └── shell.nix └── rust │ ├── .envrc │ ├── default.nix │ ├── flake.nix │ ├── shell.nix │ └── toolchain.toml ├── topology └── default.nix ├── treefmt.nix └── windows └── profile.ps1 /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | [*] 7 | indent_style = space 8 | indent_size = 4 9 | end_of_line = lf 10 | charset = utf-8 11 | trim_trailing_whitespace = true 12 | insert_final_newline = true 13 | 14 | [*.yml] 15 | indent_style = space 16 | indent_size = 2 -------------------------------------------------------------------------------- /.git-blame-ignore-revs: -------------------------------------------------------------------------------- 1 | # reformat 2 | 62f379cc4abd4c87c93feb05e396406b2a9859ee 3 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.gitconfig: -------------------------------------------------------------------------------- 1 | [user] 2 | name = Yash-Garg 3 | email = me@yashgarg.dev 4 | signingKey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILx1G6WZ4MQ8c4hUZy2Be+GF5fZQJSssn4qnJoQ4MPxz 5 | 6 | [push] 7 | autoSetupRemote = true 8 | default = current 9 | 10 | [branch] 11 | sort = -committerdate 12 | 13 | [color] 14 | ui = true 15 | 16 | [column] 17 | ui = auto 18 | 19 | [alias] 20 | c = clone 21 | diff = diff -w 22 | cpa = cherry-pick --abort 23 | cpc = cherry-pick --continue 24 | su = submodule update --init --recursive 25 | undo = reset --soft HEAD^ 26 | sw = "!git switch $(git branch | fzf | tr -d '*[:space:]')" 27 | staash = stash --all 28 | fix = commit --fixup 29 | 30 | [core] 31 | editor = nano 32 | autocrlf = false 33 | # sshcommand = C:/Windows/System32/OpenSSH/ssh.exe 34 | compression = 9 35 | 36 | [diff] 37 | external = difft 38 | 39 | [commit] 40 | gpgsign = true 41 | 42 | [format] 43 | signoff = true 44 | 45 | [url "git@github.com:"] 46 | insteadOf = https://github.com/ 47 | insteadOf = git://github.com/ 48 | 49 | [pull] 50 | rebase = true 51 | 52 | [gpg] 53 | format = ssh 54 | 55 | [tag] 56 | gpgsign = true 57 | 58 | [init] 59 | defaultBranch = develop 60 | 61 | [merge] 62 | conflictstyle = diff3 63 | 64 | [rerere] 65 | enabled = true 66 | 67 | [diff] 68 | algorithm = histogram 69 | submodule = log 70 | colorMoved = default 71 | 72 | [submodule] 73 | recurse = true 74 | 75 | [status] 76 | submoduleSummary = true 77 | 78 | [gpg "ssh"] 79 | allowedSignersFile = allowed_signers 80 | 81 | [credential] 82 | helper = manager 83 | 84 | [fetch] 85 | writeCommitGraph = true 86 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @yash-garg -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [Yash-Garg] 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: "/" 5 | schedule: 6 | interval: weekly 7 | time: "03:00" 8 | commit-message: 9 | prefix: "chore" 10 | include: "scope" 11 | -------------------------------------------------------------------------------- /.github/workflows/docker-compose-check.yml: -------------------------------------------------------------------------------- 1 | name: Check docker compose services 2 | on: push 3 | jobs: 4 | file-changes: 5 | runs-on: ubuntu-latest 6 | outputs: 7 | any: ${{ steps.changed-files.outputs.any_changed }} 8 | steps: 9 | - uses: actions/checkout@v4 10 | with: 11 | submodules: "recursive" 12 | fetch-depth: 0 13 | - name: Get changed files 14 | id: changed-files 15 | uses: tj-actions/changed-files@v46 16 | with: 17 | files: | 18 | docker/**/*.yml 19 | docker/*.yml 20 | run-services: 21 | needs: [file-changes] 22 | runs-on: ubuntu-latest 23 | if: needs.file-changes.outputs.any == 'true' 24 | steps: 25 | - uses: actions/checkout@v4 26 | - name: Check docker compose services 27 | uses: hoverkraft-tech/compose-action@v2.2.0 28 | with: 29 | compose-file: "./docker/docker-compose.yml" 30 | -------------------------------------------------------------------------------- /.github/workflows/flake-lock-maintenance.yml: -------------------------------------------------------------------------------- 1 | name: Update flake.lock 2 | on: 3 | workflow_dispatch: 4 | schedule: 5 | - cron: '30 3 * * 0' 6 | permissions: 7 | contents: write 8 | jobs: 9 | update-flake-lock: 10 | uses: msfjarvis/shared-workflows/.github/workflows/update-flake-lock.yml@main 11 | secrets: 12 | github-token: ${{ secrets.GITHUB_TOKEN }} 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *DS_Store 2 | result/ 3 | packages/**/*.ttf 4 | result 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Yash Garg 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hosts 2 | 3 | A list of all hosts currently in use by me. 4 | 5 | - `aurora`: MacBook Pro 16" with M4 Pro chip & 48GB RAM. 6 | - `astra`: MacBook Pro 14" with M4 Pro chip & 24GB RAM. 7 | - `cosmos`: Raspberry Pi 5 running NixOS, hosting home services. 8 | - `helios`: Raspberry Pi 4 running Pi-hole, Home Assistant and Miniflux. 9 | - `nebula`: Development and testing environment using WSL2 on Windows 11. 10 | - `nova`: Main home machine running NixOS for daily use. 11 | - `trinity`: MacBook Pro 14" with M3 Pro chip & 18GB RAM. 12 | - `vortex`: VM running Minecraft Server and Pl3xMap. 13 | - `zenith`: Oracle Cloud VM running NixOS for development and as a remote builder. 14 | -------------------------------------------------------------------------------- /checks/deploy/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | builtins.mapAttrs (_: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib 3 | -------------------------------------------------------------------------------- /default.nix: -------------------------------------------------------------------------------- 1 | let 2 | inherit (builtins) currentSystem fromJSON readFile; 3 | 4 | getFlake = 5 | name: with (fromJSON (readFile ./flake.lock)).nodes.${name}.locked; { 6 | inherit rev; 7 | outPath = fetchTarball { 8 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 9 | sha256 = narHash; 10 | }; 11 | }; 12 | 13 | in 14 | { 15 | system ? currentSystem, 16 | pkgs ? import (getFlake "nixpkgs") { 17 | localSystem = { 18 | inherit system; 19 | }; 20 | }, 21 | }: 22 | let 23 | callPackage = pkg: pkgs.callPackage pkg; 24 | in 25 | { 26 | monolisa-nerdfonts = callPackage ./packages/monolisa-nerdfonts { }; 27 | mpv-scripts = callPackage ./packages/mpv-scripts { }; 28 | } 29 | -------------------------------------------------------------------------------- /docker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | include: 2 | - path: 3 | - glance/docker-compose.yml 4 | - h5ai/docker-compose.yml 5 | - jellyfin/docker-compose.yml 6 | - qbittorrent/docker-compose.yml 7 | volumes: 8 | h5ai-data: 9 | jellyfin-data: 10 | qbit-data: 11 | -------------------------------------------------------------------------------- /docker/glance/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | glance: 3 | container_name: glance 4 | image: glanceapp/glance 5 | volumes: 6 | - ../glance/glance.yml:/app/glance.yml 7 | - /etc/timezone:/etc/timezone:ro 8 | - /etc/localtime:/etc/localtime:ro 9 | ports: 10 | - 8080:8080 11 | restart: unless-stopped 12 | -------------------------------------------------------------------------------- /docker/glance/glance.yml: -------------------------------------------------------------------------------- 1 | pages: 2 | - name: Home 3 | columns: 4 | - size: small 5 | widgets: 6 | - type: calendar 7 | - type: weather 8 | location: Delhi, India 9 | - size: full 10 | widgets: 11 | - type: search 12 | search-engine: google 13 | bangs: 14 | - title: YouTube 15 | shortcut: "!yt" 16 | url: https://www.youtube.com/results?search_query={QUERY} 17 | - type: reddit 18 | show-thumbnails: true 19 | subreddit: technology 20 | - size: small 21 | widgets: 22 | - type: monitor 23 | cache: 1m 24 | title: Services 25 | sites: 26 | - title: h5ai 27 | url: http://localhost:80 28 | icon: si:files 29 | - title: jellyfin 30 | url: http://localhost:8096 31 | icon: si:jellyfin 32 | - title: qbittorrent 33 | url: http://localhost:3000 34 | icon: si:qbittorrent 35 | - type: bookmarks 36 | groups: 37 | - links: 38 | - title: Gmail 39 | url: https://mail.google.com/mail/u/0/ 40 | - title: Amazon 41 | url: https://www.amazon.com/ 42 | - title: Github 43 | url: https://github.com/ 44 | - title: Wikipedia 45 | url: https://en.wikipedia.org/ 46 | - title: Entertainment 47 | color: 10 70 50 48 | links: 49 | - title: Netflix 50 | url: https://www.netflix.com/ 51 | - title: YouTube 52 | url: https://www.youtube.com/ 53 | - title: Prime Video 54 | url: https://www.primevideo.com/ 55 | - title: Social 56 | color: 200 50 50 57 | links: 58 | - title: Reddit 59 | url: https://www.reddit.com/ 60 | - title: Twitter 61 | url: https://twitter.com/ 62 | - title: Instagram 63 | url: https://www.instagram.com/ 64 | - name: Feeds 65 | columns: 66 | - size: full 67 | widgets: 68 | - type: rss 69 | limit: 20 70 | collapse-after: 7 71 | cache: 3h 72 | feeds: 73 | - url: https://tailscale.dev/feed.xml 74 | title: tailscale.dev 75 | - url: https://fasterthanli.me/index.xml 76 | title: fasterthanli.me 77 | - url: https://xeiaso.net/blog.rss 78 | title: xeiaso.net 79 | - url: https://blog.bytebytego.com/feed 80 | title: bytebytego.com 81 | - url: https://netflixtechblog.com/feed 82 | title: netflixtechblog.com 83 | - url: https://www.jeffgeerling.com/blog.xml 84 | title: jeffgeerling.com 85 | - url: https://nadh.in/index.xml 86 | title: nadh.in 87 | - url: https://mitchellh.com/feed.xml 88 | title: mitchellh.com 89 | - type: lobsters 90 | sort-by: hot 91 | limit: 15 92 | collapse-after: 10 93 | - size: full 94 | widgets: 95 | - type: hacker-news 96 | - type: reddit 97 | subreddit: selfhosted 98 | - name: Videos 99 | columns: 100 | - size: full 101 | widgets: 102 | - type: videos 103 | style: grid-cards 104 | collapse-after-rows: 10 105 | limit: 50 106 | channels: 107 | - UCsWaVYzOFvEWDsEuvuZJ-8A # EmergentMind 108 | - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling 109 | - UCZNhwA1B5YqiY1nLzmM0ZRg # Christian Lempa 110 | - UCOk-gHyjcWZNj3Br4oxwh0A # Techno Tim 111 | - UC5--wS0Ljbin1TjWQX6eafA # bigboxSWE 112 | - UCBJycsmduvYEL83R_U4JriQ # MKBHD 113 | - UCWQaM7SpSECp9FELz-cHzuQ # Dreams of Code 114 | - UCbRP3c757lWg9M-U7TyEkXA # Theo 115 | - UCuGS5mN1_CpPzuOUAu2LluA # Nixhero 116 | - UCY1kMZp36IQSyNx_9h4mpCg # Mark Rober 117 | - UCrPseYLGpNygVi34QpGNqpA # Ludwig 118 | - size: small 119 | widgets: 120 | - type: twitch-channels 121 | collapse-after: 7 122 | channels: 123 | - theprimeagen 124 | - dreamsofcode_dev 125 | - christitustech 126 | - rakazone 127 | - ohnePixel 128 | - togglebit 129 | - typecraft 130 | - sinatraa 131 | - ottomated 132 | - ohnepixel 133 | - piratesoftware 134 | - tarik 135 | - type: twitch-top-games 136 | exclude: 137 | - just-chatting 138 | - pools-hot-tubs-and-beaches 139 | - music 140 | - art 141 | - asmr 142 | -------------------------------------------------------------------------------- /docker/h5ai/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | h5ai: 3 | image: awesometic/h5ai:latest 4 | container_name: h5ai 5 | environment: 6 | - PUID=1000 7 | - PGID=1000 8 | - TZ=Asia/Kolkata 9 | ports: 10 | - 90:80/tcp 11 | volumes: 12 | - h5ai-data:/config 13 | - /mnt/media:/h5ai 14 | restart: unless-stopped 15 | -------------------------------------------------------------------------------- /docker/jellyfin/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | jellyfin: 3 | image: lscr.io/linuxserver/jellyfin:latest 4 | container_name: jellyfin 5 | environment: 6 | - PUID=1000 7 | - PGID=1000 8 | - TZ=Asia/Kolkata 9 | volumes: 10 | - jellyfin-data:/config 11 | - /mnt/media/anime:/anime 12 | - /mnt/media/movies:/movies 13 | - /mnt/media/tv:/shows 14 | ports: 15 | - 8096:8096 16 | restart: unless-stopped 17 | -------------------------------------------------------------------------------- /docker/minecraft/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | mc-server: 3 | container_name: mc-server 4 | image: itzg/minecraft-server:latest 5 | tty: true 6 | stdin_open: true 7 | ports: 8 | - 1806:25565 9 | - 81:8080 10 | environment: 11 | UID: 1001 12 | GID: 1001 13 | SEED: "-5584399987456711267" 14 | VERSION: "1.21.4" 15 | EULA: "TRUE" 16 | TYPE: FABRIC 17 | MEMORY: 16G 18 | DIFFICULTY: NORMAL 19 | ICON: /extra/icon.jpeg 20 | OVERRIDE_ICON: "TRUE" 21 | MOTD: "§l§cPixel Paradise§r" 22 | ENFORCE_WHITELIST: "TRUE" 23 | WHITELIST_FILE: /extra/whitelist.json 24 | OPS_FILE: /extra/ops.json 25 | ONLINE_MODE: "TRUE" 26 | REMOVE_OLD_MODS: "TRUE" 27 | MAX_PLAYERS: 2 28 | USE_AIKAR_FLAGS: "TRUE" 29 | VANILLATWEAKS_SHARECODE: bmipN5,SLs3nU 30 | LOG_TIMESTAMP: "TRUE" 31 | TZ: Asia/Kolkata 32 | RCON_PASSWORD: "" 33 | MODRINTH_DOWNLOAD_DEPENDENCIES: "required" 34 | MODRINTH_ALLOWED_VERSION_TYPE: "alpha" 35 | MODRINTH_PROJECTS: |- 36 | beautified-chat-server 37 | c2me-fabric 38 | chunky 39 | fabric-api 40 | ferrite-core 41 | krypton 42 | leaves-us-in-peace 43 | lithium 44 | netherportalfix 45 | no-chat-reports 46 | pl3xmap 47 | scaffolding-drops-nearby 48 | villager-death-messages 49 | RCON_CMDS_STARTUP: |- 50 | /gamerule keepInventory true 51 | /chunky radius 1000 52 | /chunky start 53 | RCON_CMDS_FIRST_CONNECT: |- 54 | /chunky pause 55 | RCON_CMDS_LAST_DISCONNECT: |- 56 | /save-all 57 | /chunky continue 58 | volumes: 59 | - ./data:/data 60 | - ./extra:/extra 61 | restart: unless-stopped 62 | -------------------------------------------------------------------------------- /docker/pihole/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | pihole: 3 | container_name: pihole 4 | image: pihole/pihole:latest 5 | ports: 6 | - "53:53/tcp" 7 | - "53:53/udp" 8 | - "80:80/tcp" 9 | environment: 10 | TZ: 'Asia/Kolkata' 11 | # WEBPASSWORD: 'set a secure password here or it will be random' 12 | volumes: 13 | - './etc-pihole:/etc/pihole' 14 | - './etc-dnsmasq.d:/etc/dnsmasq.d' 15 | restart: unless-stopped 16 | -------------------------------------------------------------------------------- /docker/qbittorrent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | qbittorrent: 3 | image: lscr.io/linuxserver/qbittorrent:latest 4 | container_name: qbittorrent 5 | environment: 6 | - PUID=1000 7 | - PGID=1000 8 | - TZ=Asia/Kolkata 9 | - WEBUI_PORT=3000 10 | - TORRENTING_PORT=6881 11 | volumes: 12 | - qbit-data:/config 13 | - /mnt/media:/media 14 | ports: 15 | - 3000:3000 16 | - 6881:6881 17 | - 6881:6881/udp 18 | restart: unless-stopped 19 | -------------------------------------------------------------------------------- /docker/radarr/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | radarr: 3 | image: lscr.io/linuxserver/radarr:latest 4 | container_name: radarr 5 | environment: 6 | - PUID=1000 7 | - PGID=1000 8 | - TZ=Asia/Kolkata 9 | volumes: 10 | - radarr-data:/config 11 | - /mnt/media/movies:/movies 12 | - /mnt/media:/media 13 | ports: 14 | - 7878:7878 15 | restart: unless-stopped 16 | -------------------------------------------------------------------------------- /docker/sonarr/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | sonarr: 3 | image: lscr.io/linuxserver/sonarr:latest 4 | container_name: sonarr 5 | environment: 6 | - PUID=1000 7 | - PGID=1000 8 | - TZ=Asia/Kolkata 9 | volumes: 10 | - sonarr-data:/config 11 | - /mnt/media/tv:/shows 12 | - /mnt/media:/media 13 | ports: 14 | - 8989:8989 15 | restart: unless-stopped 16 | -------------------------------------------------------------------------------- /garnix.yaml: -------------------------------------------------------------------------------- 1 | builds: 2 | include: 3 | - homeConfigurations.* 4 | - nixosConfigurations.* 5 | - darwinConfigurations.* 6 | - packages.*.* 7 | - checks.*.* 8 | exclude: 9 | - packages.aarch64-linux.minimal-iso 10 | - packages.aarch64-darwin.minimal-iso 11 | -------------------------------------------------------------------------------- /homes/aarch64-darwin/common.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | profiles.${namespace} = { 10 | atuin = enabled; 11 | neovim = enabled; 12 | oh-my-posh = enabled; 13 | }; 14 | 15 | shells.${namespace}.zsh = enabled; 16 | 17 | home.packages = with pkgs; [ 18 | apktool 19 | nh-darwin 20 | nix-output-monitor 21 | scrcpy 22 | ]; 23 | 24 | home.stateVersion = "24.11"; 25 | } 26 | -------------------------------------------------------------------------------- /homes/aarch64-darwin/yash@astra/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | ... 5 | }: 6 | with lib; 7 | with lib.${namespace}; 8 | { 9 | imports = [ ../common.nix ]; 10 | 11 | programs.ssh.matchBlocks = { 12 | "github.com".identityFile = mkForce null; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /homes/aarch64-darwin/yash@trinity/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ ../common.nix ]; 3 | } 4 | -------------------------------------------------------------------------------- /homes/aarch64-darwin/ygarg@aurora/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | with lib; 3 | { 4 | imports = [ ../common.nix ]; 5 | 6 | programs.ssh.matchBlocks = { 7 | "github.com".identityFile = mkForce "~/.ssh/git-work"; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /homes/aarch64-linux/yash@cosmos/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | profiles.${namespace}.starship = enabled; 5 | 6 | shells.${namespace}.bash = enabled; 7 | 8 | home.stateVersion = "24.11"; 9 | } 10 | -------------------------------------------------------------------------------- /homes/aarch64-linux/yash@zenith/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | profiles.${namespace} = { 5 | neovim = disabled; 6 | oh-my-posh = enabled; 7 | }; 8 | 9 | shells.${namespace}.zsh = enabled; 10 | 11 | home.stateVersion = "24.05"; 12 | } 13 | -------------------------------------------------------------------------------- /homes/x86_64-linux/yash@nebula/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | profiles.${namespace} = { 5 | atuin = enabled; 6 | keychain = enabled; 7 | neovim = enabled; 8 | oh-my-posh = enabled; 9 | zellij = enabled; 10 | }; 11 | 12 | shells.${namespace}.zsh = enabled; 13 | 14 | home.stateVersion = "24.11"; 15 | } 16 | -------------------------------------------------------------------------------- /homes/x86_64-linux/yash@nova/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | profiles.${namespace} = { 5 | atuin = enabled; 6 | firefox = enabled; 7 | kitty = enabled; 8 | mpv = enabled; 9 | neovim = enabled; 10 | obs = enabled; 11 | oh-my-posh = enabled; 12 | }; 13 | 14 | shells.${namespace}.zsh = enabled; 15 | 16 | home.stateVersion = "24.11"; 17 | } 18 | -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- 1 | default: 2 | @just --list --unsorted 3 | 4 | deploy: 5 | #!/usr/bin/env bash 6 | if [[ $(uname) == "Darwin" ]]; then 7 | nix run nix-darwin -- switch --flake . 8 | else 9 | nixos-rebuild switch --flake . --use-remote-sudo 10 | fi 11 | 12 | debug: 13 | nixos-rebuild switch --flake . --use-remote-sudo --show-trace --verbose 14 | 15 | update: 16 | nix flake update 17 | 18 | history: 19 | nix profile history --profile /nix/var/nix/profiles/system 20 | 21 | gc: 22 | sudo nix-collect-garbage --delete-old 23 | 24 | darwin-check: 25 | nom build .#darwinConfigurations.trinity.system 26 | 27 | topology sys: 28 | nom build .#topology.{{ sys }}.config.output 29 | 30 | eval conf: 31 | nix eval .#{{ conf }} --apply builtins.attrNames --json 32 | 33 | template name path: 34 | nix flake new --template .#templates.{{ name }} {{ path }} 35 | 36 | check flake: 37 | #!/usr/bin/env bash 38 | if [[ $(uname) == "Darwin" ]]; then 39 | nom build .#darwinConfigurations.{{ flake }}.system 40 | else 41 | nom build .#nixosConfigurations.{{ flake }}.config.system.build.toplevel 42 | fi 43 | -------------------------------------------------------------------------------- /lib/deploy/default.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | let 3 | inherit (inputs) deploy-rs; 4 | in 5 | { 6 | mkDeploy = 7 | { self }: 8 | let 9 | hosts = self.nixosConfigurations or { }; 10 | nodes = builtins.mapAttrs (_: machine: { 11 | hostname = machine.config.networking.hostName; 12 | fastConnection = true; 13 | remoteBuild = false; 14 | autoRollback = false; 15 | magicRollback = false; 16 | profiles.system = { 17 | user = "root"; 18 | sshUser = "root"; 19 | path = deploy-rs.lib.${machine.pkgs.system}.activate.nixos machine; 20 | }; 21 | }) hosts; 22 | in 23 | { 24 | inherit nodes; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /lib/module/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | with lib; 4 | rec { 5 | getSecret = name: hostName: snowfall.fs.get-file "secrets/${hostName}/${name}.age"; 6 | 7 | ## Create a NixOS module option. 8 | ## 9 | ## ```nix 10 | ## lib.mkOpt nixpkgs.lib.types.str "My default" "Description of my option." 11 | ## ``` 12 | ## 13 | #@ Type -> Any -> String 14 | mkOpt = 15 | type: default: description: 16 | mkOption { inherit type default description; }; 17 | 18 | ## Create a NixOS module option without a description. 19 | ## 20 | ## ```nix 21 | ## lib.mkOpt' nixpkgs.lib.types.str "My default" 22 | ## ``` 23 | ## 24 | #@ Type -> Any -> String 25 | mkOpt' = type: default: mkOpt type default null; 26 | 27 | ## Create a boolean NixOS module option. 28 | ## 29 | ## ```nix 30 | ## lib.mkBoolOpt true "Description of my option." 31 | ## ``` 32 | ## 33 | #@ Type -> Any -> String 34 | mkBoolOpt = mkOpt types.bool; 35 | 36 | ## Create a boolean NixOS module option without a description. 37 | ## 38 | ## ```nix 39 | ## lib.mkBoolOpt true 40 | ## ``` 41 | ## 42 | #@ Type -> Any -> String 43 | mkBoolOpt' = mkOpt' types.bool; 44 | 45 | enabled = { 46 | ## Quickly enable an option. 47 | ## 48 | ## ```nix 49 | ## services.nginx = enabled; 50 | ## ``` 51 | ## 52 | #@ true 53 | enable = true; 54 | }; 55 | 56 | disabled = { 57 | ## Quickly disable an option. 58 | ## 59 | ## ```nix 60 | ## services.nginx = enabled; 61 | ## ``` 62 | ## 63 | #@ false 64 | enable = false; 65 | }; 66 | } 67 | -------------------------------------------------------------------------------- /lib/nix-config/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mkNixConfig = 3 | { pkgs, lib }: 4 | { 5 | generateNixPathFromInputs = true; 6 | linkInputs = true; 7 | distributedBuilds = true; 8 | 9 | extraOptions = '' 10 | keep-outputs = true 11 | warn-dirty = false 12 | keep-derivations = true 13 | ''; 14 | 15 | settings = { 16 | accept-flake-config = true; 17 | allowed-users = [ 18 | "yash" 19 | "ygarg" 20 | ]; 21 | auto-optimise-store = false; 22 | builders-use-substitutes = true; 23 | experimental-features = lib.mkForce [ 24 | "auto-allocate-uids" 25 | "ca-derivations" 26 | "cgroups" 27 | "flakes" 28 | "nix-command" 29 | "recursive-nix" 30 | ]; 31 | flake-registry = "/etc/nix/registry.json"; 32 | http-connections = 50; 33 | keep-going = true; 34 | log-lines = 20; 35 | max-jobs = "auto"; 36 | sandbox = lib.mkForce (!pkgs.stdenv.isDarwin); 37 | trusted-users = [ 38 | "root" 39 | "yash" 40 | "ygarg" 41 | ]; 42 | warn-dirty = false; 43 | 44 | extra-trusted-substituters = [ 45 | "https://cache.garnix.io" 46 | "https://ai.cachix.org" 47 | "https://nixpkgs-wayland.cachix.org" 48 | "https://yash-garg.cachix.org" 49 | "https://cache.nixos.org" 50 | "https://raspberry-pi-nix.cachix.org" 51 | "https://cosmic.cachix.org/" 52 | ]; 53 | 54 | extra-trusted-public-keys = [ 55 | "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" 56 | "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" 57 | "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" 58 | "yash-garg.cachix.org-1:sHcKOvVej+RlINvt4XVAOE/Cnho3hnrHHRv0uq1u7Xs=" 59 | "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 60 | "raspberry-pi-nix.cachix.org-1:WmV2rdSangxW0rZjY/tBvBDSaNFQ3DyEQsVw8EvHn9o=" 61 | "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" 62 | ]; 63 | }; 64 | }; 65 | } 66 | -------------------------------------------------------------------------------- /lib/wayland/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mkWaylandVariant = 3 | { 4 | lib, 5 | package, 6 | symlinkJoin, 7 | makeBinaryWrapper, 8 | WebRTCPipeWireCapturer ? true, 9 | }: 10 | let 11 | enableFeatures = lib.concatStringsSep "," ( 12 | [ 13 | "UseOzonePlatform" 14 | "WaylandWindowDecorations" 15 | ] 16 | ++ (lib.optional WebRTCPipeWireCapturer "WebRTCPipeWireCapturer") 17 | ); 18 | in 19 | if lib.hasAttr "commandLineArgs" (lib.functionArgs package.override) then 20 | (package.override { 21 | commandLineArgs = [ 22 | "--enable-features=${enableFeatures}" 23 | "--ozone-platform=wayland" 24 | ]; 25 | }) 26 | else 27 | let 28 | mainProgram = 29 | if lib.hasAttr "mainProgram" package.meta then package.meta.mainProgram else package.pname; 30 | in 31 | symlinkJoin { 32 | name = "${mainProgram}-wayland"; 33 | paths = [ package ]; 34 | buildInputs = [ makeBinaryWrapper ]; 35 | postBuild = '' 36 | wrapProgram $out/bin/${mainProgram} \ 37 | --add-flags "--enable-features=${enableFeatures}" \ 38 | --add-flags "--ozone-platform=wayland" 39 | ''; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/darwin/agenix/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | age.identityPaths = [ 3 | # Generate manually via `sudo ssh-keygen -A` 4 | "/etc/ssh/ssh_host_ed25519_key" 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /modules/darwin/home-manager/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home-manager.backupFileExtension = "bkp"; 3 | home-manager.useGlobalPkgs = true; 4 | } 5 | -------------------------------------------------------------------------------- /modules/darwin/homebrew/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | casks = [ 11 | "ghostty" 12 | "iina" 13 | "jetbrains-toolbox" 14 | "maccy" 15 | "orbstack" 16 | "raycast" 17 | "spotify" 18 | "visual-studio-code" 19 | ] ++ cfg.additionalCasks; 20 | cfg = config.${namespace}.homebrew; 21 | hmModules = lib.snowfall.fs.get-snowfall-file "modules/home"; 22 | in 23 | { 24 | options.${namespace}.homebrew = { 25 | additionalCasks = mkOption { 26 | type = types.listOf types.str; 27 | default = [ ]; 28 | description = '' 29 | A list of additional casks to install. 30 | ''; 31 | }; 32 | 33 | brews = mkOption { 34 | type = types.listOf types.str; 35 | default = [ ]; 36 | description = '' 37 | A list of additional brews to install. 38 | ''; 39 | }; 40 | 41 | masApps = mkOption { 42 | type = types.attrsOf types.int; 43 | default = { }; 44 | description = '' 45 | A map of macOS App Store apps to install. 46 | ''; 47 | }; 48 | 49 | taps = mkOption { 50 | type = types.listOf types.str; 51 | default = [ ]; 52 | description = '' 53 | A list of additional taps to add. 54 | ''; 55 | }; 56 | }; 57 | 58 | config = { 59 | homebrew = enabled // { 60 | inherit (cfg) masApps taps; 61 | 62 | brews = [ 63 | "cocoapods" 64 | "ruby" 65 | "webp" 66 | ] ++ cfg.brews; 67 | 68 | caskArgs.appdir = "/Applications"; 69 | 70 | casks = map (cask: { 71 | name = cask; 72 | greedy = true; 73 | }) casks; 74 | 75 | global = { 76 | autoUpdate = true; 77 | brewfile = true; 78 | }; 79 | 80 | onActivation = { 81 | autoUpdate = false; 82 | cleanup = "none"; 83 | upgrade = true; 84 | }; 85 | }; 86 | 87 | # Since we aren't managing graphical apps with home-manager 88 | # on darwin, add the config files directly in xdg config 89 | snowfallorg.users.${config.${namespace}.user.name}.home.config = { 90 | xdg.configFile = { 91 | "ghostty/config".source = "${hmModules}/ghostty/config"; 92 | }; 93 | }; 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /modules/darwin/networking/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.knownNetworkServices = [ "Wi-Fi" ]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/nix/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | environment = { 10 | pathsToLink = [ "/share/zsh" ]; 11 | systemPackages = with pkgs; [ 12 | findutils 13 | gawk 14 | gnugrep 15 | gnused 16 | gnutls 17 | inetutils 18 | ]; 19 | systemPath = lib.mkBefore [ "/opt/homebrew/bin" ]; 20 | variables = { 21 | LANG = "en_US.UTF-8"; 22 | }; 23 | 24 | }; 25 | 26 | nix = mkNixConfig { inherit lib pkgs; } // { 27 | gc = { 28 | automatic = true; 29 | options = "--delete-older-than 3d"; 30 | }; 31 | }; 32 | 33 | # Add ability to use TouchID for sudo authentication 34 | security.pam.services.sudo_local.touchIdAuth = true; 35 | } 36 | -------------------------------------------------------------------------------- /modules/darwin/stylix/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | inputs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | { 11 | stylix = enabled // { 12 | autoEnable = false; 13 | base16Scheme = "${inputs.base16-schemes.outPath}/base16/catppuccin-mocha.yaml"; 14 | homeManagerIntegration.followSystem = true; 15 | image = pkgs.fetchurl { 16 | url = "https://w.wallhaven.cc/full/l8/wallhaven-l8x38r.jpg"; 17 | sha256 = "sha256-+fAcJv+KssqefsjRToDHybJpk1NG9uf4BRebeHTFq+g="; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/darwin/system/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | system = { 3 | defaults = { 4 | controlcenter = { 5 | BatteryShowPercentage = true; 6 | NowPlaying = false; 7 | }; 8 | 9 | CustomUserPreferences = { 10 | "com.apple.desktopservices" = { 11 | # Avoid creating .DS_Store files on network or USB volumes 12 | DSDontWriteNetworkStores = true; 13 | DSDontWriteUSBStores = true; 14 | }; 15 | 16 | NSGlobalDomain.AppleActionOnDoubleClick = "Minimize"; 17 | }; 18 | 19 | ".GlobalPreferences"."com.apple.mouse.scaling" = -1.0; 20 | 21 | loginwindow.GuestEnabled = false; 22 | 23 | NSGlobalDomain = { 24 | "com.apple.mouse.tapBehavior" = 1; 25 | "com.apple.sound.beep.feedback" = 0; 26 | "com.apple.trackpad.forceClick" = true; 27 | ApplePressAndHoldEnabled = false; 28 | AppleInterfaceStyle = null; 29 | AppleInterfaceStyleSwitchesAutomatically = true; 30 | AppleScrollerPagingBehavior = true; 31 | AppleWindowTabbingMode = "always"; 32 | InitialKeyRepeat = 10; 33 | KeyRepeat = 1; 34 | NSAutomaticCapitalizationEnabled = false; 35 | NSAutomaticDashSubstitutionEnabled = false; 36 | NSAutomaticPeriodSubstitutionEnabled = false; 37 | NSAutomaticQuoteSubstitutionEnabled = false; 38 | NSAutomaticSpellingCorrectionEnabled = false; 39 | }; 40 | 41 | screencapture = { 42 | disable-shadow = false; 43 | show-thumbnail = false; 44 | type = "png"; 45 | }; 46 | 47 | trackpad = { 48 | Clicking = true; 49 | TrackpadRightClick = true; 50 | TrackpadThreeFingerDrag = false; 51 | }; 52 | }; 53 | 54 | startup.chime = true; 55 | }; 56 | } 57 | -------------------------------------------------------------------------------- /modules/darwin/system/dock/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.dock; 11 | brewAppDir = config.homebrew.caskArgs.appdir; 12 | in 13 | { 14 | options.${namespace}.dock = { 15 | persistentApps = mkOption { 16 | default = [ ]; 17 | type = types.listOf types.str; 18 | description = '' 19 | A list of applications to appear in the persistent dock. 20 | ''; 21 | }; 22 | }; 23 | 24 | config = { 25 | system.defaults.dock = { 26 | autohide = true; 27 | largesize = 110; 28 | magnification = true; 29 | mineffect = "scale"; 30 | minimize-to-application = false; 31 | orientation = "bottom"; 32 | show-recents = false; 33 | tilesize = 35; 34 | 35 | persistent-apps = [ 36 | "/System/Applications/Launchpad.app" 37 | ] ++ map (app: "${brewAppDir}/${app}.app") cfg.persistentApps; 38 | 39 | # Disable all hot corners 40 | wvous-tl-corner = 1; 41 | wvous-bl-corner = 1; 42 | wvous-tr-corner = 1; 43 | wvous-br-corner = 1; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /modules/darwin/system/finder/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | system.defaults = { 3 | CustomUserPreferences."com.apple.finder" = { 4 | ShowExternalHardDrivesOnDesktop = true; 5 | ShowHardDrivesOnDesktop = false; 6 | ShowMountedServersOnDesktop = true; 7 | ShowRemovableMediaOnDesktop = true; 8 | _FXSortFoldersFirst = true; 9 | }; 10 | 11 | finder = { 12 | AppleShowAllExtensions = false; 13 | AppleShowAllFiles = true; 14 | _FXShowPosixPathInTitle = false; 15 | FXDefaultSearchScope = "SCcf"; 16 | FXEnableExtensionChangeWarning = false; 17 | FXPreferredViewStyle = "Nlsv"; 18 | QuitMenuItem = false; 19 | ShowPathbar = true; 20 | ShowStatusBar = true; 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /modules/darwin/system/fonts/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, namespace, ... }: 2 | { 3 | fonts = { 4 | packages = with pkgs; [ 5 | cabin 6 | nerd-fonts.caskaydia-cove 7 | nerd-fonts.jetbrains-mono 8 | pkgs.${namespace}.monolisa-nerdfonts 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/darwin/user/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | namespace, 5 | ... 6 | }: 7 | let 8 | inherit (lib) types mkIf; 9 | inherit (lib.${namespace}) mkOpt; 10 | cfg = config.${namespace}.user; 11 | in 12 | { 13 | options.${namespace}.user = { 14 | name = mkOpt types.str "yash" "The user account."; 15 | uid = mkOpt (types.nullOr types.int) 350 "The uid for the user account."; 16 | }; 17 | 18 | config = { 19 | users.users.${cfg.name} = { 20 | # NOTE: Setting the uid here is required for another 21 | # module to evaluate successfully since it reads 22 | # `users.users.${dots.user.name}.uid`. 23 | uid = mkIf (cfg.uid != null) cfg.uid; 24 | }; 25 | 26 | snowfallorg.users.${config.${namespace}.user.name}.home.config = { 27 | home = { 28 | file = { 29 | ".profile".text = '' 30 | # The default file limit is far too low and throws an error when rebuilding the system. 31 | # See the original with: ulimit -Sa 32 | ulimit -n 4096 33 | ''; 34 | }; 35 | }; 36 | }; 37 | 38 | system.primaryUser = cfg.name; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /modules/home/alacritty/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.profiles.${namespace}.alacritty; 11 | in 12 | { 13 | imports = [ ./settings.nix ]; 14 | 15 | options.profiles.${namespace}.alacritty = { 16 | enable = mkEnableOption "Enable alacritty profile"; 17 | }; 18 | 19 | config = mkIf cfg.enable { programs.alacritty = enabled; }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/alacritty/settings.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | programs.alacritty.settings = { 4 | env = { 5 | TERM = "xterm-256color"; 6 | }; 7 | 8 | font = lib.mkForce { 9 | size = 14; 10 | 11 | normal = { 12 | family = "CaskaydiaCove Nerd Font Mono"; 13 | style = "Regular"; 14 | }; 15 | 16 | bold = { 17 | family = "CaskaydiaCove Nerd Font Mono"; 18 | style = "Bold"; 19 | }; 20 | 21 | bold_italic = { 22 | family = "CaskaydiaCove Nerd Font Mono"; 23 | style = "Bold Italic"; 24 | }; 25 | 26 | italic = { 27 | family = "CaskaydiaCove Nerd Font Mono"; 28 | style = "Italic"; 29 | }; 30 | }; 31 | 32 | selection.save_to_clipboard = true; 33 | 34 | window = { 35 | dynamic_padding = true; 36 | startup_mode = "Windowed"; 37 | 38 | dimensions = { 39 | columns = 160; 40 | lines = 45; 41 | }; 42 | 43 | padding = { 44 | x = 16; 45 | y = 16; 46 | }; 47 | }; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /modules/home/aria2/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | programs.aria2 = enabled // { 5 | settings = { 6 | file-allocation = "none"; 7 | log-level = "warn"; 8 | max-connection-per-server = 16; 9 | min-split-size = "1M"; 10 | remote-time = true; 11 | allow-piece-length-change = true; 12 | parameterized-uri = true; 13 | optimize-concurrent-downloads = true; 14 | deferred-input = true; 15 | continue = true; 16 | check-integrity = true; 17 | realtime-chunk-checksum = true; 18 | piece-length = "1M"; 19 | split = 16; 20 | save-session-interval = 60; 21 | disk-cache = "32M"; 22 | save-not-found = true; 23 | download-result = "full"; 24 | truncate-console-readout = true; 25 | retry-wait = 30; 26 | max-tries = 15; 27 | enable-color = true; 28 | enable-http-keep-alive = true; 29 | enable-http-pipelining = true; 30 | http-accept-gzip = true; 31 | bt-save-metadata = true; 32 | seed-time = 0; 33 | bt-load-saved-metadata = true; 34 | metalink-preferred-protocol = "https"; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/home/atuin/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.profiles.${namespace}.atuin; 11 | in 12 | { 13 | options.profiles.${namespace}.atuin = { 14 | enable = mkEnableOption "Enable atuin profile"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | programs.atuin = enabled // { 19 | flags = [ "--disable-up-arrow" ]; 20 | settings = { 21 | max_preview_height = 2; 22 | search_mode = "skim"; 23 | show_preview = true; 24 | style = "compact"; 25 | }; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/bat/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | programs.bat = enabled // { 10 | config.theme = lib.mkForce "ansi"; 11 | extraPackages = with pkgs.bat-extras; [ 12 | batgrep 13 | batman 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/home/btop/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | ... 5 | }: 6 | with lib.${namespace}; 7 | { 8 | programs.btop = enabled // { 9 | settings = { 10 | color_theme = "TTY"; 11 | theme_background = false; 12 | cpu_bottom = true; 13 | base_10_sizes = true; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/home/direnv/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | programs.direnv = enabled // { 10 | enableBashIntegration = config.shells.${namespace}.bash.enable; 11 | enableZshIntegration = config.shells.${namespace}.zsh.enable; 12 | nix-direnv = enabled; 13 | silent = true; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /modules/home/env/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | with lib; 3 | { 4 | home.file = { 5 | ".nanorc".text = '' 6 | set tabsize 4 7 | set autoindent 8 | set softwrap 9 | set nonewlines 10 | set smarthome 11 | ''; 12 | 13 | ".functions" = { 14 | executable = true; 15 | source = snowfall.fs.get-file "scripts/functions"; 16 | }; 17 | 18 | ".aliases" = { 19 | executable = true; 20 | source = snowfall.fs.get-file "scripts/aliases"; 21 | }; 22 | 23 | ".shell-init" = { 24 | executable = true; 25 | source = snowfall.fs.get-file "scripts/shell-init"; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/eza/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | programs.eza = enabled // { 5 | icons = null; 6 | extraOptions = [ "--all" ]; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /modules/home/fastfetch/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | programs.fastfetch = enabled // { 10 | package = pkgs.fastfetch.override { 11 | x11Support = false; 12 | waylandSupport = false; 13 | rpmSupport = false; 14 | vulkanSupport = false; 15 | }; 16 | settings = { 17 | display = { 18 | size = { 19 | maxPrefix = "MB"; 20 | ndigits = 0; 21 | }; 22 | }; 23 | modules = [ 24 | "title" 25 | "separator" 26 | "os" 27 | "host" 28 | "kernel" 29 | "uptime" 30 | "packages" 31 | "shell" 32 | { 33 | type = "display"; 34 | compactType = "original"; 35 | key = "Resolution"; 36 | } 37 | "de" 38 | "wm" 39 | "wmtheme" 40 | "theme" 41 | "icons" 42 | "terminal" 43 | { 44 | type = "terminalfont"; 45 | format = "{/2}{-}{/}{2}{?3} {3}{?}"; 46 | } 47 | "cpu" 48 | { 49 | type = "gpu"; 50 | key = "GPU"; 51 | } 52 | { 53 | type = "memory"; 54 | format = "{/1}{-}{/}{/2}{-}{/}{} / {}"; 55 | } 56 | "break" 57 | "colors" 58 | ]; 59 | }; 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /modules/home/firefox/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.firefox; 12 | css-hacks = pkgs.fetchFromGitHub { 13 | owner = "MrOtherGuy"; 14 | repo = "firefox-csshacks"; 15 | rev = "9a9dd88871104528422ada76ebb7e35ca3c2bc6b"; 16 | sha256 = "sha256-e0NRl02detYub0abhe8glRgokyHdyt9Hxc8rSTYanEw="; 17 | }; 18 | in 19 | { 20 | imports = [ 21 | ./extensions.nix 22 | ./policies.nix 23 | ./settings.nix 24 | ]; 25 | 26 | options.profiles.${namespace}.firefox = { 27 | enable = mkEnableOption "Enable firefox profile"; 28 | }; 29 | 30 | config = mkIf cfg.enable { 31 | programs.firefox = enabled // { 32 | package = pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { }; 33 | profiles = { 34 | yash = { 35 | isDefault = true; 36 | search = { 37 | force = true; 38 | default = "google"; 39 | privateDefault = "google"; 40 | engines = { 41 | "bing".metaData.hidden = true; 42 | "ddg".metaData.hidden = true; 43 | "wikipedia".metaData.hidden = true; 44 | 45 | "Nix Packages" = { 46 | urls = [ 47 | { 48 | template = "https://search.nixos.org/packages"; 49 | params = [ 50 | { 51 | name = "channel"; 52 | value = "unstable"; 53 | } 54 | { 55 | name = "query"; 56 | value = "{searchTerms}"; 57 | } 58 | ]; 59 | } 60 | ]; 61 | icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 62 | definedAliases = [ "@np" ]; 63 | }; 64 | }; 65 | }; 66 | userChrome = '' 67 | @import url("${css-hacks}/chrome/auto_devtools_theme_for_rdm.css"); 68 | @import url("${css-hacks}/chrome/compact_extensions_panel.css"); 69 | @import url("${css-hacks}/chrome/tabs_on_bottom.css"); 70 | @import url("${css-hacks}/chrome/tabs_on_bottom_menubar_on_top_patch.css"); 71 | ''; 72 | }; 73 | }; 74 | }; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /modules/home/firefox/extensions.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, ... }: 2 | { 3 | programs.firefox.profiles.yash.extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ 4 | betterttv 5 | bitwarden 6 | darkreader 7 | (buildFirefoxXpiAddon { 8 | pname = "dark-space-full-transparent"; 9 | version = "1.3"; 10 | addonId = "{24aca621-5029-4aa4-95a9-81d4bd3eba76}"; 11 | url = "https://addons.mozilla.org/firefox/downloads/file/3888121/dark_space_full_transparent-1.3.xpi"; 12 | sha256 = "sha256-63emiqUdRBPIYnqXX7aftmNIs4TF5aWXKj0Fn/xnTng="; 13 | meta = with lib; { 14 | platforms = platforms.all; 15 | }; 16 | }) 17 | keepa 18 | (buildFirefoxXpiAddon { 19 | pname = "material-icons-for-github"; 20 | version = "1.8.23"; 21 | addonId = "{eac6e624-97fa-4f28-9d24-c06c9b8aa713}"; 22 | url = "https://addons.mozilla.org/firefox/downloads/file/4326942/material_icons_for_github-1.8.23.xpi"; 23 | sha256 = "sha256-Pee0D0bUCmIB5P4GvwIa8NRXuKzW1LpIpKJSMXVNWbg="; 24 | meta = with lib; { 25 | platforms = platforms.all; 26 | }; 27 | }) 28 | multi-account-containers 29 | protondb-for-steam 30 | raindropio 31 | return-youtube-dislikes 32 | sponsorblock 33 | steam-database 34 | ublock-origin 35 | ]; 36 | } 37 | -------------------------------------------------------------------------------- /modules/home/firefox/policies.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.firefox.policies = { 3 | AppAutoUpdate = false; 4 | AutofillAddressEnabled = false; 5 | AutofillCreditCardEnabled = false; 6 | DefaultDownloadDirectory = "\${HOME}/Downloads"; 7 | DisableAppUpdate = true; 8 | DisableFirefoxAccounts = true; 9 | DisableFormHistory = true; 10 | DisablePocket = true; 11 | DisableTelemetry = true; 12 | DNSOverHTTPS = true; 13 | DontCheckDefaultBrowser = true; 14 | Homepage.StartPage = "previous-session"; 15 | NoDefaultBookmarks = true; 16 | OfferToSaveLogins = false; 17 | OfferToSaveLoginsDefault = false; 18 | Permissions.Notifications.Allow = [ ]; 19 | PictureInPicture = false; 20 | UserMessaging = { 21 | ExtensionRecommendations = false; 22 | FeatureRecommendations = false; 23 | UrlbarInterventions = false; 24 | SkipOnboarding = true; 25 | MoreFromMozilla = false; 26 | Locked = true; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /modules/home/firefox/settings.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.firefox.profiles.yash.settings = { 3 | "browser.discovery.enabled" = false; 4 | "browser.safebrowsing.downloads.remote.block_dangerous" = false; 5 | "browser.safebrowsing.downloads.remote.block_dangerous_host" = false; 6 | "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false; 7 | "browser.safebrowsing.downloads.remote.block_uncommon" = false; 8 | "browser.safebrowsing.downloads.remote.url" = false; 9 | "browser.safebrowsing.downloads.remote.enabled" = false; 10 | "browser.safebrowsing.downloads.enabled" = false; 11 | "browser.toolbars.keyboard_navigation" = false; 12 | "browser.translations.automaticallyPopup" = false; 13 | 14 | # Reduce search engine noise in the urlbar's completion window 15 | "browser.urlbar.suggest.searches" = false; 16 | "browser.urlbar.shortcuts.bookmarks" = false; 17 | "browser.urlbar.shortcuts.history" = false; 18 | "browser.urlbar.shortcuts.tabs" = false; 19 | "browser.urlbar.suggest.quicksuggest.sponsored" = false; 20 | "browser.urlbar.showSearchSuggestionsFirst" = false; 21 | "browser.urlbar.speculativeConnect.enabled" = false; 22 | 23 | # Disable crash reports 24 | "breakpad.reportURL" = ""; 25 | "browser.tabs.crashReporting.sendReport" = false; 26 | "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; 27 | 28 | # Disable Form autofill 29 | # https://wiki.mozilla.org/Firefox/Features/Form_Autofill 30 | "browser.formfill.enable" = false; 31 | "extensions.formautofill.addresses.enabled" = false; 32 | "extensions.formautofill.available" = "off"; 33 | "extensions.formautofill.creditCards.available" = false; 34 | "extensions.formautofill.creditCards.enabled" = false; 35 | "extensions.formautofill.heuristics.enabled" = false; 36 | 37 | "datareporting.healthreport.service.enabled" = false; 38 | "font.name.monospace.x-western" = "JetBrainsMono Nerd Font Mono"; 39 | "reader.parse-on-load.enabled" = false; 40 | "svg.context-properties.content.enabled" = true; 41 | "toolkit.legacyUserProfileCustomizations.stylesheets" = true; 42 | "toolkit.telemetry.enabled" = false; 43 | "toolkit.telemetry.unified" = false; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /modules/home/fonts/default.nix: -------------------------------------------------------------------------------- 1 | # NOTE: Run "fc-cache -rf" to update fonts cache. 2 | { lib, namespace, ... }: with lib.${namespace}; { fonts.fontconfig = enabled; } 3 | -------------------------------------------------------------------------------- /modules/home/fzf/colors.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | programs.fzf.colors = lib.mkForce { 4 | bg = "-1"; 5 | "bg+" = "-1"; 6 | fg = "-1"; 7 | "fg+" = "-1"; 8 | hl = "red"; 9 | "hl+" = "red"; 10 | info = "blue"; 11 | prompt = "green"; 12 | pointer = "cyan"; 13 | marker = "blue"; 14 | spinner = "blue"; 15 | header = "green"; 16 | border = "blue"; 17 | scrollbar = "dim"; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /modules/home/fzf/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | imports = [ ./colors.nix ]; 5 | 6 | programs.fzf = enabled // { 7 | defaultCommand = "fd --type f --strip-cwd-prefix --hidden --follow --exclude .git --no-ignore"; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/home/ghostty/config: -------------------------------------------------------------------------------- 1 | theme = dark:catppuccin-mocha,light:catppuccin-latte 2 | 3 | font-family = CaskaydiaCove Nerd Font Mono 4 | font-style = SemiBold 5 | font-style-bold = Bold 6 | font-feature = calt 7 | font-size = 17 8 | 9 | cursor-style = block 10 | cursor-style-blink = true 11 | mouse-hide-while-typing = true 12 | background-opacity = 0.98 13 | background-blur-radius = 30 14 | window-height = 35 15 | window-width = 120 16 | shell-integration = zsh 17 | shell-integration-features = no-cursor 18 | macos-titlebar-style = transparent 19 | macos-icon = blueprint 20 | macos-icon-frame = chrome 21 | window-padding-x = 10 22 | -------------------------------------------------------------------------------- /modules/home/ghostty/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.ghostty; 12 | in 13 | { 14 | options.profiles.${namespace}.ghostty = { 15 | enable = mkEnableOption "ghostty, a fast, feature-rich, and cross-platform terminal emulator that uses platform-native UI and GPU acceleration."; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs.ghostty = enabled // { 20 | package = pkgs.ghostty; 21 | }; 22 | 23 | xdg.configFile."ghostty/config".source = ./config; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/home/git/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | ... 5 | }: 6 | with lib; 7 | with lib.${namespace}; 8 | { 9 | programs.git = enabled // { 10 | ignores = [ 11 | "key.properties" 12 | "keystore.properties" 13 | "*.jks" 14 | ".direnv/" 15 | ".DS_Store" 16 | ".vscode/" 17 | ".idea/" 18 | ]; 19 | 20 | includes = [ 21 | { path = snowfall.fs.get-file ".gitconfig"; } 22 | ]; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/gpg/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.gpg; 12 | in 13 | { 14 | options.profiles.${namespace}.gpg = { 15 | enable = mkEnableOption "Enable GPG and Pinentry agents"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs.gpg = enabled // { 20 | settings = { 21 | auto-key-locate = "nodefault,wkd"; 22 | }; 23 | scdaemonSettings = { 24 | disable-ccid = true; 25 | }; 26 | }; 27 | 28 | services.gpg-agent = enabled // { 29 | enableScDaemon = true; 30 | enableSshSupport = true; 31 | pinentry.package = mkMerge [ 32 | (mkIf pkgs.stdenv.isLinux pkgs.pinentry-gnome3) 33 | (mkIf pkgs.stdenv.isDarwin pkgs.pinentry_mac) 34 | ]; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/home/home-manager/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: with lib.${namespace}; { programs.home-manager = enabled; } 2 | -------------------------------------------------------------------------------- /modules/home/jq/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: with lib.${namespace}; { programs.jq = enabled; } 2 | -------------------------------------------------------------------------------- /modules/home/jujutsu/config.toml: -------------------------------------------------------------------------------- 1 | "$schema" = "https://jj-vcs.github.io/jj/latest/config-schema.json" 2 | 3 | [user] 4 | name = "Yash Garg" 5 | email = "me@yashgarg.dev" 6 | 7 | [ui] 8 | color = "always" 9 | conflict-marker-style = "git" 10 | default-command = "log" 11 | editor = "nvim" 12 | pager = ":builtin" 13 | 14 | [ui.diff] 15 | tool = "difft" 16 | 17 | [ui.streampager] 18 | interface = "full-screen-clear-output" 19 | show-ruler = false 20 | wrapping = "none" 21 | 22 | [aliases] 23 | c = ["git", "clone"] 24 | g = ["git"] 25 | 26 | [git] 27 | sign-on-push = true 28 | write-change-id-header = true 29 | 30 | [merge-tools.difft] 31 | command = "difft" 32 | diff-args = ["--color=always", "$left", "$right"] 33 | diff-expected-exit-codes = [0, 1] 34 | 35 | # only for windows 36 | [revset-aliases] 37 | HEAD = "@" 38 | 39 | [signing] 40 | behavior = "force" 41 | backend = "ssh" 42 | key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILx1G6WZ4MQ8c4hUZy2Be+GF5fZQJSssn4qnJoQ4MPxz" 43 | 44 | [snapshot] 45 | auto-update-stale = true 46 | -------------------------------------------------------------------------------- /modules/home/jujutsu/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | ... 5 | }: 6 | with lib; 7 | with lib.${namespace}; 8 | let 9 | settings = builtins.readFile ./config.toml; 10 | in 11 | { 12 | programs.jujutsu = enabled // { 13 | settings = builtins.fromTOML settings; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /modules/home/keychain/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | let 10 | cfg = config.profiles.${namespace}.keychain; 11 | command = "eval `keychain --eval --agents ssh ${cfg.authKey}`"; 12 | in 13 | { 14 | options.profiles.${namespace}.keychain = { 15 | enable = mkEnableOption "Enable keychain integration"; 16 | 17 | authKey = mkOption { 18 | type = types.str; 19 | description = "Private ssh key to be added to the ssh-agent"; 20 | default = "$HOME/.ssh/git-ssh"; 21 | }; 22 | }; 23 | 24 | config = mkIf cfg.enable { 25 | home.packages = [ pkgs.keychain ]; 26 | 27 | programs = { 28 | bash.profileExtra = mkIf config.shells.${namespace}.bash.enable command; 29 | zsh.profileExtra = mkIf config.shells.${namespace}.zsh.enable command; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/home/kitty/colors.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.kitty.settings = { 3 | active_border_color = "#c4c4b5"; 4 | inactive_border_color = "#191919"; 5 | bell_border_color = "#f3005f"; 6 | url_color = "#61ffca"; 7 | 8 | active_tab_foreground = "#c4c4b5"; 9 | active_tab_background = "#191919"; 10 | inactive_tab_foreground = "#615e4b"; 11 | inactive_tab_background = "#191919"; 12 | 13 | cursor = "#f6f6ec"; 14 | foreground = "#c4c4b5"; 15 | background = "#191919"; 16 | selection_foreground = "#191919"; 17 | selection_background = "#343434"; 18 | 19 | color0 = "#191919"; 20 | color8 = "#615e4b"; 21 | 22 | color1 = "#f3005f"; 23 | color9 = "#f3005f"; 24 | 25 | color2 = "#97e023"; 26 | color10 = "#97e023"; 27 | 28 | color3 = "#fa8419"; 29 | color11 = "#dfd561"; 30 | 31 | color4 = "#9c64fe"; 32 | color12 = "#9c64fe"; 33 | 34 | color5 = "#f3005f"; 35 | color13 = "#f3005f"; 36 | 37 | color6 = "#57d1ea"; 38 | color14 = "#57d1ea"; 39 | 40 | color7 = "#c4c4b5"; 41 | color15 = "#f6f6ee"; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /modules/home/kitty/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.kitty; 12 | in 13 | { 14 | imports = [ ./colors.nix ]; 15 | 16 | options.profiles.${namespace}.kitty = { 17 | enable = mkEnableOption "Enable kitty profile"; 18 | }; 19 | 20 | config = mkIf cfg.enable { 21 | programs.kitty = enabled // { 22 | font = mkForce { 23 | name = "CaskaydiaCove Nerd Font Mono"; 24 | package = pkgs.nerd-fonts.caskaydia-cove; 25 | size = 14; 26 | }; 27 | 28 | keybindings = { 29 | "ctrl+c" = "copy_and_clear_or_interrupt"; 30 | "ctrl+v" = "paste_from_clipboard"; 31 | }; 32 | 33 | settings = { 34 | confirm_os_window_close = 0; 35 | copy_on_select = true; 36 | disable_ligatures = false; 37 | enable_audio_bell = false; 38 | hide_window_decorations = true; 39 | intital_window_width = 140; 40 | initial_window_height = 35; 41 | scrollback_lines = 2000; 42 | show_hyperlink_targets = true; 43 | tab_bar_edge = "top"; 44 | window_padding_width = 10; 45 | }; 46 | }; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /modules/home/lazygit/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | ... 5 | }: 6 | with lib; 7 | with lib.${namespace}; 8 | { 9 | programs.lazygit = enabled // { 10 | settings = { 11 | git.autoFetch = false; 12 | gui = { 13 | paging.useConfig = true; 14 | showBottomLine = false; 15 | showCommandLog = false; 16 | showRandomTip = false; 17 | theme.selectedLineBgColor = [ "black" ]; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /modules/home/lsd/colors.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | # https://github.com/hardhackerlabs/theme-lsd/blob/master/hardhacker.yaml 3 | programs.lsd.colors = { 4 | user = "cyan"; 5 | group = "yellow"; 6 | permission = { 7 | read = "green"; 8 | write = "yellow"; 9 | exec = "red"; 10 | exec-sticky = "magenta"; 11 | no-access = "dark_grey"; 12 | }; 13 | date = { 14 | hour-old = "grey"; 15 | day-old = "grey"; 16 | older = "dark_grey"; 17 | }; 18 | size = { 19 | none = "green"; 20 | small = "green"; 21 | medium = "green"; 22 | large = "green"; 23 | }; 24 | inode = { 25 | valid = "blue"; 26 | invalid = "dark_grey"; 27 | }; 28 | links = { 29 | valid = "blue"; 30 | invalid = "dark_grey"; 31 | }; 32 | tree-edge = "dark_grey"; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /modules/home/lsd/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.profiles.${namespace}.lsd; 11 | in 12 | { 13 | imports = [ ./colors.nix ]; 14 | 15 | options.profiles.${namespace}.lsd = { 16 | enable = mkEnableOption "Enable lsd profile"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | programs.lsd = enabled // { 21 | enableAliases = true; 22 | settings = { 23 | date = "relative"; 24 | icons.when = "never"; 25 | }; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/micro/bindings.json: -------------------------------------------------------------------------------- 1 | { 2 | "\u001b[1;2A": "SelectUp", 3 | "\u001b[1;2B": "SelectDown", 4 | "\u001b[1;2C": "SelectRight", 5 | "\u001b[1;2D": "SelectLeft", 6 | "\u001b[1;3D": "WordLeft", 7 | "\u001b[1;3C": "WordRight", 8 | "\u001b[1;3A": "MoveLinesUp", 9 | "\u001b[1;3B": "MoveLinesDown", 10 | "\u001b[1;4C": "SelectWordRight", 11 | "\u001b[1;4D": "SelectWordLeft", 12 | "\u001b[1;5D": "StartOfLine", 13 | "\u001b[1;5C": "EndOfLine", 14 | "\u001b[1;6D": "SelectToStartOfLine", 15 | "\u001b[1;6C": "SelectToEndOfLine", 16 | "\u001b[1;5A": "CursorStart", 17 | "\u001b[1;5B": "CursorEnd", 18 | "\u001b[1;6A": "SelectToStart", 19 | "\u001b[1;6B": "SelectToEnd" 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/micro/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | programs.micro = enabled // { 5 | settings = { 6 | colorscheme = "dracula"; 7 | mkparents = true; 8 | softwrap = false; 9 | wordwrap = true; 10 | }; 11 | }; 12 | 13 | xdg.configFile = { 14 | microEditorColorschemes = { 15 | source = ./dracula.micro; 16 | target = "./micro/colorschemes/dracula.micro"; 17 | }; 18 | 19 | microEditorBindings = { 20 | source = ./bindings.json; 21 | target = "./micro/bindings.json"; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/micro/dracula.micro: -------------------------------------------------------------------------------- 1 | color-link default "#F8F8F2,#00000000" 2 | color-link comment "#6272A4" 3 | 4 | color-link identifier "#50FA7B" 5 | color-link identifier.class "#8BE9FD" 6 | color-link identifier.var "#F8F8F2" 7 | 8 | color-link constant "#BD93F9" 9 | color-link constant.number "#F8F8F2" 10 | color-link constant.string "#F1FA8C" 11 | 12 | color-link symbol "#FF79C6" 13 | color-link symbol.brackets "#F8F8F2" 14 | color-link symbol.tag "#AE81FF" 15 | 16 | color-link type "italic #8BE9FD" 17 | color-link type.keyword "#FF79C6" 18 | 19 | color-link special "#FF79C6" 20 | color-link statement "#FF79C6" 21 | color-link preproc "#FF79C6" 22 | 23 | color-link underlined "#FF79C6" 24 | color-link error "bold #FF5555" 25 | color-link todo "bold #FF79C6" 26 | 27 | color-link diff-added "#50FA7B" 28 | color-link diff-modified "#FFB86C" 29 | color-link diff-deleted "#FF5555" 30 | 31 | color-link gutter-error "#FF5555" 32 | color-link gutter-warning "#E6DB74" 33 | 34 | color-link statusline "#282A36,#F8F8F2" 35 | color-link tabbar "#282A36,#F8F8F2" 36 | color-link indent-char "#6272A4" 37 | color-link line-number "#6272A4" 38 | color-link current-line-number "#F8F8F2" 39 | 40 | color-link cursor-line "#44475A,#F8F8F2" 41 | color-link color-column "#44475A" 42 | color-link type.extended "default" -------------------------------------------------------------------------------- /modules/home/mpv/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.mpv.config = { 3 | # General 4 | profile = "gpu-hq"; 5 | vo = "gpu-next"; 6 | gpu-api = "vulkan"; 7 | vd-lavc-dr = true; 8 | spirv-compiler = "auto"; 9 | vulkan-async-compute = true; 10 | vulkan-async-transfer = true; 11 | vulkan-queue-count = 1; 12 | hwdev = "nvdec"; 13 | video-sync = "display-resample"; 14 | 15 | # Demuxer 16 | cache = true; 17 | cache-pause = true; 18 | cache-pause-wait = 1; 19 | demuxer-thread = "yes"; 20 | demuxer-readahead-secs = "600"; 21 | demuxer-max-bytes = "1000M"; 22 | demuxer-max-back-bytes = "200M"; 23 | demuxer-mkv-subtitle-preroll = true; 24 | 25 | # Resizers 26 | scale = "ewa_lanczos"; 27 | dscale = "ewa_lanczos"; 28 | cscale = "sinc"; 29 | cscale-window = "blackman"; 30 | cscale-radius = 3; 31 | 32 | # Deband 33 | deband = true; 34 | deband-iterations = 4; 35 | deband-threshold = 48; 36 | deband-range = 18; 37 | deband-grain = 32; 38 | 39 | # Audio 40 | volume = 80; 41 | volume-max = 200; 42 | audio-file-auto = "fuzzy"; 43 | audio-pitch-correction = true; 44 | 45 | # Subtitles 46 | sub-ass-vsfilter-blur-compat = true; 47 | stretch-image-subs-to-screen = true; 48 | sub-fix-timing = true; 49 | sub-font = "Cabin"; 50 | sub-font-size = 20; 51 | sub-border-size = 2; 52 | sub-auto = "fuzzy"; 53 | sub-bold = true; 54 | sub-scale = 1; 55 | 56 | # Window 57 | osc = false; 58 | osd-bar = false; 59 | border = false; 60 | osd-font = "CaskaydiaCove Nerd Font Mono"; 61 | osd-font-size = 16; 62 | title = "\${media-title} [\${time-pos}\${!duration==0: / \${duration}}]"; 63 | force-window-position = true; 64 | autofit-larger = "100%x85%"; 65 | cursor-autohide = 100; 66 | force-window = true; 67 | keep-open = true; 68 | 69 | # Track Selection 70 | slang = "en,eng"; 71 | alang = "en,eng,ja,jp,jpn"; 72 | 73 | # Screenshot 74 | screenshot-format = "png"; 75 | screenshot-high-bit-depth = false; 76 | screenshot-tag-colorspace = true; 77 | screenshot-png-compression = 9; 78 | screenshot-directory = "~/Pictures/Screenshots"; 79 | screenshot-template = "mpvshot-%03n %tHh%tMm%tSs"; 80 | 81 | # Streaming 82 | hls-bitrate = "max"; 83 | ytdl-format = "bestvideo[height<=?1440]+bestaudio/bestvideo+bestaudio/best"; 84 | ytdl-raw-options = "ignore-errors="; 85 | load-unsafe-playlists = true; 86 | 87 | glsl-shaders = "~~/shaders/FSRCNNX_x2_8-0-4-1.glsl:~~/shaders/FSRCNNX_x2_16-0-4-1.glsl:~~/shaders/SSimDownscaler.glsl:~~/shaders/KrigBilateral.glsl"; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /modules/home/mpv/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.mpv; 12 | in 13 | { 14 | imports = [ ./config.nix ]; 15 | 16 | options.profiles.${namespace}.mpv = { 17 | enable = mkEnableOption "Enable mpv profile"; 18 | }; 19 | 20 | config = mkIf cfg.enable { 21 | home.packages = [ pkgs.jellyfin-mpv-shim ]; 22 | 23 | programs.mpv = enabled // { 24 | bindings = { 25 | BS = "cycle pause"; 26 | SPACE = "cycle pause"; 27 | UP = "add volume 2"; 28 | DOWN = "add volume -2"; 29 | b = "cycle audio"; 30 | v = "cycle sub"; 31 | }; 32 | package = pkgs.mpv-unwrapped.wrapper { 33 | mpv = pkgs.mpv-unwrapped.override { 34 | ffmpeg = pkgs.ffmpeg-full; 35 | lua = pkgs.luajit; 36 | }; 37 | scripts = 38 | with pkgs.${namespace}; 39 | [ 40 | auto-profiles 41 | better-chapters 42 | boss-key 43 | repl 44 | status-line 45 | ] 46 | ++ (with pkgs.mpvScripts; [ 47 | acompressor 48 | autocrop 49 | autoload 50 | mpv-playlistmanager 51 | reload 52 | uosc 53 | ]); 54 | }; 55 | scriptOpts = { 56 | autoload = { 57 | disabled = false; 58 | images = false; 59 | videos = true; 60 | audio = true; 61 | ignore_hidden = true; 62 | }; 63 | uosc = { 64 | buffered_time_threshold = 600; 65 | controls = "menu,gap,subtitles,audio,video,editions,stream-quality,gap,space,play-pause,space,gap,fullscreen"; 66 | controls_persistency = "paused,idle"; 67 | font_bold = true; 68 | scale_fullscreen = 1.1; 69 | stream_quality_options = ""; 70 | timeline_persistency = "paused,idle"; 71 | timeline_style = "bar"; 72 | top_bar_alt_title = "\${filename}"; 73 | top_bar_persistency = "paused,idle"; 74 | volume = "left"; 75 | }; 76 | }; 77 | }; 78 | 79 | xdg.configFile = { 80 | "mpv/shaders".source = 81 | let 82 | fsrcnnx-x2-16-0-4-1 = pkgs.fetchurl { 83 | url = "https://github.com/igv/FSRCNN-TensorFlow/releases/download/1.1/FSRCNNX_x2_16-0-4-1.glsl"; 84 | sha256 = "sha256-1aJKJx5dmj9/egU7FQxGCkTCWzz393CFfVfMOi4cmWU="; 85 | }; 86 | fsrcnnx-x2-8-0-4-1 = pkgs.fetchurl { 87 | url = "https://github.com/igv/FSRCNN-TensorFlow/releases/download/1.1/FSRCNNX_x2_8-0-4-1.glsl"; 88 | sha256 = "sha256-6ADbxcHJUYXMgiFsWXckUz/18ogBefJW7vYA8D6Nwq4="; 89 | }; 90 | ssimdownscaler = pkgs.fetchurl { 91 | url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl"; 92 | sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w="; 93 | }; 94 | krigbilateral = pkgs.fetchurl { 95 | url = "https://gist.githubusercontent.com/igv/a015fc885d5c22e6891820ad89555637/raw/038064821c5f768dfc6c00261535018d5932cdd5/KrigBilateral.glsl"; 96 | sha256 = "sha256-ikeYq7d7g2Rvzg1xmF3f0UyYBuO+SG6Px/WlqL2UDLA="; 97 | }; 98 | in 99 | pkgs.stdenvNoCC.mkDerivation { 100 | name = "mpv-shaders"; 101 | dontUnpack = true; 102 | 103 | buildPhase = '' 104 | runHook preBuild 105 | 106 | mkdir -p $out 107 | cp ${fsrcnnx-x2-16-0-4-1} $out/${fsrcnnx-x2-16-0-4-1.name} 108 | cp ${fsrcnnx-x2-8-0-4-1} $out/${fsrcnnx-x2-8-0-4-1.name} 109 | cp ${ssimdownscaler} $out/${ssimdownscaler.name} 110 | cp ${krigbilateral} $out/${krigbilateral.name} 111 | 112 | runHook postBuild 113 | ''; 114 | }; 115 | }; 116 | }; 117 | } 118 | -------------------------------------------------------------------------------- /modules/home/neovim/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | let 10 | cfg = config.profiles.${namespace}.neovim; 11 | in 12 | { 13 | options.profiles.${namespace}.neovim = { 14 | enable = mkEnableOption "Enable neovim profile"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | home.packages = [ pkgs.${namespace}.neovim ]; 19 | 20 | programs.tmux.plugins = [ pkgs.tmuxPlugins.vim-tmux-navigator ]; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/home/nix-index/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib.${namespace}; 3 | { 4 | programs.nix-index = enabled; 5 | programs.nix-index-database.comma = enabled; 6 | } 7 | -------------------------------------------------------------------------------- /modules/home/obs-studio/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.obs; 12 | in 13 | { 14 | options.profiles.${namespace}.obs = { 15 | enable = mkEnableOption "Enable obs profile"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs.obs-studio = enabled // { 20 | plugins = with pkgs.obs-studio-plugins; [ 21 | obs-pipewire-audio-capture 22 | wlrobs 23 | ]; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /modules/home/oh-my-posh/config.omp.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json", 3 | "final_space": true, 4 | "disable_notice": true, 5 | "version": 2, 6 | "console_title_template": "{{ .Folder }}", 7 | "blocks": [ 8 | { 9 | "type": "prompt", 10 | "alignment": "left", 11 | "newline": true, 12 | "segments": [ 13 | { 14 | "type": "nix-shell", 15 | "style": "plain", 16 | "template": "(nix-{{ .Type }}) ", 17 | "background": "transparent", 18 | "foreground": "#00f7ff" 19 | }, 20 | { 21 | "foreground": "lightYellow", 22 | "style": "plain", 23 | "template": "{{ if .WSL }}(wsl) {{ end }}", 24 | "type": "session" 25 | }, 26 | { 27 | "type": "session", 28 | "style": "plain", 29 | "template": "{{ if .SSHSession }}(ssh@{{ .HostName }}) {{ end }}", 30 | "foreground": "#ff00ae" 31 | }, 32 | { 33 | "type": "path", 34 | "style": "plain", 35 | "background": "transparent", 36 | "foreground": "blue", 37 | "template": "{{ .Path | lower }}", 38 | "properties": { 39 | "style": "full" 40 | } 41 | }, 42 | { 43 | "type": "git", 44 | "background": "transparent", 45 | "foreground": "#ff94df", 46 | "style": "plain", 47 | "template": " on <#DDB15F>git({{ .HEAD }}{{ if or (.Working.Changed) (.Staging.Changed) }}*{{ end }}<#DDB15F>) {{ if gt .Behind 0 }}↓{{ end }}{{ if gt .Ahead 0 }}↑{{ end }}", 48 | "properties": { 49 | "branch_icon": "", 50 | "commit_icon": "@", 51 | "fetch_status": true, 52 | "fetch_stash_count": true 53 | } 54 | } 55 | ] 56 | }, 57 | { 58 | "type": "rprompt", 59 | "overflow": "hidden", 60 | "segments": [ 61 | { 62 | "type": "executiontime", 63 | "style": "plain", 64 | "foreground": "yellow", 65 | "background": "transparent", 66 | "template": "{{ .FormattedMs }}", 67 | "properties": { 68 | "threshold": 5000 69 | } 70 | } 71 | ] 72 | }, 73 | { 74 | "type": "prompt", 75 | "alignment": "left", 76 | "newline": true, 77 | "segments": [ 78 | { 79 | "type": "text", 80 | "style": "plain", 81 | "foreground_templates": [ 82 | "{{if gt .Code 0}}red{{end}}", 83 | "{{if eq .Code 0}}magenta{{end}}" 84 | ], 85 | "background": "transparent", 86 | "template": "\u276f" 87 | } 88 | ] 89 | } 90 | ], 91 | "transient_prompt": { 92 | "foreground_templates": [ 93 | "{{if gt .Code 0}}red{{end}}", 94 | "{{if eq .Code 0}}magenta{{end}}" 95 | ], 96 | "background": "transparent", 97 | "template": "\u276f " 98 | }, 99 | "secondary_prompt": { 100 | "foreground": "magenta", 101 | "background": "transparent", 102 | "template": "\u276f\u276f " 103 | } 104 | } -------------------------------------------------------------------------------- /modules/home/oh-my-posh/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.profiles.${namespace}.oh-my-posh; 11 | ompConfig = builtins.readFile ./config.omp.json; 12 | in 13 | { 14 | options.profiles.${namespace}.oh-my-posh = { 15 | enable = mkEnableOption "Enable oh-my-posh profile"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs.oh-my-posh = enabled // { 20 | settings = builtins.fromJSON ompConfig; 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /modules/home/packages/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | age 5 | agenix 6 | asciinema 7 | cachix 8 | charm-freeze 9 | curl 10 | deploy-rs 11 | difftastic 12 | dnscontrol 13 | dogdns 14 | du-dust 15 | erdtree 16 | fd 17 | fzf-git-sh 18 | gh 19 | httpie 20 | hyperfine 21 | ijq 22 | just 23 | jq 24 | mediainfo 25 | nixfmt-rfc-style 26 | nix-inspect 27 | nixos-generators 28 | nixpkgs-review 29 | nurl 30 | nvd 31 | ookla-speedtest 32 | ripgrep 33 | restic 34 | ruff 35 | scc 36 | unzip 37 | uv 38 | whois 39 | zip 40 | ]; 41 | } 42 | -------------------------------------------------------------------------------- /modules/home/shells/bash/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.shells.${namespace}.bash; 11 | profiles = config.profiles.${namespace}; 12 | in 13 | { 14 | options.shells.${namespace}.bash = { 15 | enable = mkEnableOption "Bash profile"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs = { 20 | bash = enabled // { 21 | enableCompletion = true; 22 | historySize = 10000; 23 | historyFile = "$HOME/.bash_history"; 24 | historyControl = [ 25 | "ignorespace" 26 | "erasedups" 27 | ]; 28 | initExtra = "source $HOME/.shell-init"; 29 | }; 30 | 31 | atuin.enableBashIntegration = true; 32 | eza.enableBashIntegration = true; 33 | fzf.enableBashIntegration = true; 34 | ghostty.enableBashIntegration = profiles.ghostty.enable; 35 | kitty.shellIntegration.enableBashIntegration = profiles.kitty.enable; 36 | nix-index.enableBashIntegration = true; 37 | oh-my-posh.enableBashIntegration = profiles.oh-my-posh.enable; 38 | starship.enableBashIntegration = profiles.starship.enable; 39 | wezterm.enableBashIntegration = profiles.wezterm.enable; 40 | yazi.enableBashIntegration = true; 41 | zellij.enableBashIntegration = false; 42 | zoxide.enableBashIntegration = true; 43 | }; 44 | 45 | services.gpg-agent.enableBashIntegration = profiles.gpg.enable; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/home/shells/zsh/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.shells.${namespace}.zsh; 11 | profiles = config.profiles.${namespace}; 12 | in 13 | { 14 | options.shells.${namespace}.zsh = { 15 | enable = mkEnableOption "Zsh profile"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs = { 20 | zsh = enabled // { 21 | enableCompletion = true; 22 | autosuggestion = enabled; 23 | syntaxHighlighting = enabled; 24 | history = { 25 | size = 10000; 26 | path = "$HOME/.zsh_history"; 27 | ignoreDups = true; 28 | }; 29 | initContent = "source $HOME/.shell-init"; 30 | }; 31 | 32 | atuin.enableZshIntegration = true; 33 | eza.enableZshIntegration = true; 34 | fzf.enableZshIntegration = true; 35 | ghostty.enableZshIntegration = profiles.ghostty.enable; 36 | kitty.shellIntegration.enableZshIntegration = profiles.kitty.enable; 37 | nix-index.enableZshIntegration = true; 38 | oh-my-posh.enableZshIntegration = profiles.oh-my-posh.enable; 39 | starship.enableZshIntegration = profiles.starship.enable; 40 | wezterm.enableZshIntegration = profiles.wezterm.enable; 41 | yazi.enableZshIntegration = true; 42 | zellij.enableZshIntegration = false; 43 | zoxide.enableZshIntegration = true; 44 | }; 45 | 46 | services.gpg-agent.enableZshIntegration = profiles.gpg.enable; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /modules/home/spotify/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.spotify; 12 | in 13 | { 14 | options.profiles.${namespace}.spotify = { 15 | enable = mkEnableOption "Enable Spotify"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs.spicetify = enabled // { 20 | theme = pkgs.spicetify.themes.catppuccin; 21 | colorScheme = "mocha"; 22 | enabledExtensions = with pkgs.spicetify.extensions; [ 23 | hidePodcasts 24 | lastfm 25 | ]; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/ssh/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | pkgs, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | { 10 | programs.ssh = enabled // { 11 | addKeysToAgent = "yes"; 12 | package = pkgs.openssh_hpn; 13 | serverAliveInterval = 60; 14 | includes = [ "~/.ssh/work" ]; 15 | matchBlocks = { 16 | "*" = { 17 | sendEnv = [ "COLORTERM" ]; 18 | setEnv = { 19 | TERM = "xterm-256color"; 20 | }; 21 | extraOptions = mkIf pkgs.stdenv.isDarwin { 22 | IgnoreUnknown = "UseKeychain"; 23 | UseKeychain = "yes"; 24 | }; 25 | }; 26 | "github.com".identityFile = "~/.ssh/git-ssh"; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /modules/home/starship/config.toml: -------------------------------------------------------------------------------- 1 | add_newline = true 2 | command_timeout = 10000 3 | palette = "catppuccin_mocha" 4 | 5 | [username] 6 | show_always = true 7 | format = "[$user]($style)" 8 | 9 | [nix_shell] 10 | symbol = "nix" 11 | format = "via [$symbol-$state]($style) " 12 | 13 | [cmd_duration] 14 | min_time = 0 15 | 16 | [hostname] 17 | disabled = false 18 | ssh_only = false 19 | format = ' at [$hostname](bold red) in ' 20 | 21 | [gradle] 22 | format = "via [gradle-$version]($style) " 23 | 24 | [aws] 25 | disabled = true 26 | 27 | [azure] 28 | disabled = true 29 | 30 | [battery] 31 | disabled = true 32 | 33 | [buf] 34 | disabled = true 35 | 36 | [bun] 37 | disabled = true 38 | 39 | [cobol] 40 | disabled = true 41 | 42 | [conda] 43 | disabled = true 44 | 45 | [crystal] 46 | disabled = true 47 | 48 | [daml] 49 | disabled = true 50 | 51 | [deno] 52 | disabled = true 53 | 54 | [docker_context] 55 | disabled = true 56 | 57 | [dotnet] 58 | disabled = true 59 | 60 | [elm] 61 | disabled = true 62 | 63 | [erlang] 64 | disabled = true 65 | 66 | [fennel] 67 | disabled = true 68 | 69 | [gcloud] 70 | disabled = true 71 | 72 | [haskell] 73 | disabled = true 74 | 75 | [haxe] 76 | disabled = true 77 | 78 | [helm] 79 | disabled = true 80 | 81 | [java] 82 | disabled = true 83 | 84 | [julia] 85 | disabled = true 86 | 87 | [kotlin] 88 | disabled = true 89 | 90 | [kubernetes] 91 | disabled = true 92 | 93 | [lua] 94 | disabled = true 95 | 96 | [meson] 97 | disabled = true 98 | 99 | [nim] 100 | disabled = true 101 | 102 | [nodejs] 103 | disabled = true 104 | 105 | [ocaml] 106 | disabled = true 107 | 108 | [opa] 109 | disabled = true 110 | 111 | [openstack] 112 | disabled = true 113 | 114 | [perl] 115 | disabled = true 116 | 117 | [php] 118 | disabled = true 119 | 120 | [pulumi] 121 | disabled = true 122 | 123 | [purescript] 124 | disabled = true 125 | 126 | [python] 127 | disabled = true 128 | 129 | [rlang] 130 | disabled = true 131 | 132 | [raku] 133 | disabled = true 134 | 135 | [red] 136 | disabled = true 137 | 138 | [ruby] 139 | disabled = true 140 | 141 | [scala] 142 | disabled = true 143 | 144 | [spack] 145 | disabled = true 146 | 147 | [swift] 148 | disabled = true 149 | 150 | [terraform] 151 | disabled = true 152 | 153 | [vagrant] 154 | disabled = true 155 | 156 | [vlang] 157 | disabled = true 158 | 159 | [zig] 160 | disabled = true 161 | -------------------------------------------------------------------------------- /modules/home/starship/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | inputs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.starship; 12 | palette = builtins.readFile "${inputs.catppuccin-starship}/themes/mocha.toml"; 13 | settings = builtins.readFile ./config.toml; 14 | in 15 | { 16 | options.profiles.${namespace}.starship = { 17 | enable = mkEnableOption "Enable starship profile"; 18 | }; 19 | 20 | config = mkIf cfg.enable { 21 | programs.starship = enabled // { 22 | settings = mkMerge [ 23 | (builtins.fromTOML settings) 24 | (builtins.fromTOML palette) 25 | ]; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/tmux/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib.${namespace}; 9 | let 10 | shellPath = if config.shells.${namespace}.bash.enable then null else "${pkgs.zsh}/bin/zsh"; 11 | in 12 | { 13 | programs.tmux = enabled // { 14 | baseIndex = 1; 15 | keyMode = "vi"; 16 | mouse = true; 17 | newSession = true; 18 | aggressiveResize = !pkgs.stdenv.isDarwin; 19 | shell = shellPath; 20 | shortcut = "b"; 21 | sensibleOnTop = false; 22 | terminal = "tmux-256color"; 23 | plugins = with pkgs.tmuxPlugins; [ 24 | { 25 | plugin = catppuccin; 26 | extraConfig = '' 27 | set -g @catppuccin_flavor "mocha" 28 | set -g @catppuccin_window_status_style "basic" 29 | set -g @catppuccin_status_background "none" 30 | ''; 31 | } 32 | yank 33 | ]; 34 | extraConfig = '' 35 | set -ga terminal-overrides ",xterm-256color:Tc" 36 | set -sg escape-time 100 37 | set-option -g status-position bottom 38 | 39 | # Key Bindings 40 | unbind c 41 | unbind p 42 | bind n new-window 43 | bind p split-window -h 44 | bind-key Right next-window 45 | bind-key Left previous-window 46 | ''; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /modules/home/user/default.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | home = { 4 | username = config.snowfallorg.user.name; 5 | homeDirectory = config.snowfallorg.user.home.directory; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /modules/home/wezterm/config/utils.lua: -------------------------------------------------------------------------------- 1 | local wezterm = require("wezterm") 2 | local module = {} 3 | 4 | -- Returns a bool based on whether the host operating system's 5 | -- appearance is light or dark. 6 | function module.is_dark() 7 | -- wezterm.gui is not always available, depending on what 8 | -- environment wezterm is operating in. Just return true 9 | -- if it's not defined. 10 | if wezterm.gui then 11 | -- Some systems report appearance like "Dark High Contrast" 12 | -- so let's just look for the string "Dark" and if we find 13 | -- it assume appearance is dark. 14 | return wezterm.gui.get_appearance():find("Dark") 15 | end 16 | return true 17 | end 18 | 19 | function module.is_linux() 20 | return wezterm.target_triple:find("linux") ~= nil 21 | end 22 | 23 | function module.is_darwin() 24 | return wezterm.target_triple:find("darwin") ~= nil 25 | end 26 | 27 | function module.is_windows() 28 | return wezterm.target_triple:find("windows") ~= nil 29 | end 30 | 31 | return module 32 | -------------------------------------------------------------------------------- /modules/home/wezterm/config/wezterm.lua: -------------------------------------------------------------------------------- 1 | local w = require("wezterm") 2 | local utils = require("utils") 3 | 4 | local font_name 5 | if utils.is_windows() then 6 | font_name = "CaskaydiaMono Nerd Font Mono" 7 | else 8 | font_name = "CaskaydiaCove Nerd Font Mono" 9 | end 10 | 11 | local harfbuzz_features = { "ss02", "ss19", "ss20" } 12 | 13 | local config = { 14 | adjust_window_size_when_changing_font_size = false, 15 | automatically_reload_config = true, 16 | bold_brightens_ansi_colors = true, 17 | check_for_updates = false, 18 | color_scheme = "Aura (Gogh)", 19 | default_cursor_style = "SteadyBlock", 20 | disable_default_key_bindings = false, 21 | enable_scroll_bar = false, 22 | enable_tab_bar = false, 23 | font = w.font({ 24 | family = font_name, 25 | weight = "DemiBold", 26 | harfbuzz_features = harfbuzz_features, 27 | }), 28 | font_rules = { 29 | { 30 | intensity = "Bold", 31 | italic = false, 32 | font = w.font({ 33 | family = font_name, 34 | weight = "Bold", 35 | style = "Normal", 36 | harfbuzz_features = harfbuzz_features, 37 | }), 38 | }, 39 | { 40 | intensity = "Normal", 41 | italic = true, 42 | font = w.font({ 43 | family = font_name, 44 | weight = "DemiBold", 45 | style = "Italic", 46 | harfbuzz_features = harfbuzz_features, 47 | }), 48 | }, 49 | { 50 | intensity = "Bold", 51 | italic = true, 52 | font = w.font({ 53 | family = font_name, 54 | weight = "Bold", 55 | style = "Italic", 56 | harfbuzz_features = harfbuzz_features, 57 | }), 58 | }, 59 | }, 60 | font_size = 17, 61 | initial_cols = 130, 62 | initial_rows = 35, 63 | scrollback_lines = 5000, 64 | use_fancy_tab_bar = true, 65 | window_background_opacity = 1, 66 | window_close_confirmation = "NeverPrompt", 67 | window_padding = { 68 | left = 10, 69 | right = 10, 70 | top = 15, 71 | bottom = 15, 72 | }, 73 | win32_system_backdrop = "Acrylic", 74 | } 75 | 76 | if utils.is_windows() then 77 | config.default_prog = { "pwsh" } 78 | config.font_size = 14 79 | config.window_background_opacity = 1 80 | end 81 | 82 | return config 83 | -------------------------------------------------------------------------------- /modules/home/wezterm/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.wezterm; 12 | in 13 | { 14 | options.profiles.${namespace}.wezterm = { 15 | enable = mkEnableOption "Enable wezterm, a GPU-accelerated terminal emulator"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | programs.wezterm = enabled // { 20 | package = pkgs.wezterm; 21 | extraConfig = mkMerge [ 22 | (builtins.readFile ./config/utils.lua) 23 | (builtins.readFile ./config/wezterm.lua) 24 | ]; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/home/xdg/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | xdg = enabled // { 10 | mime.enable = !pkgs.stdenv.isDarwin; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /modules/home/yazi/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | namespace, 4 | ... 5 | }: 6 | with lib.${namespace}; 7 | { 8 | programs.yazi = enabled // { 9 | settings = { 10 | manager = { 11 | show_hidden = true; 12 | sort_dir_first = true; 13 | }; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/home/zellij/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.profiles.${namespace}.zellij; 12 | in 13 | { 14 | options.profiles.${namespace}.zellij = { 15 | enable = mkEnableOption "Enable zellij profile"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | home.packages = [ pkgs.zjstatus ]; 20 | 21 | programs.zellij = enabled // { 22 | settings = { 23 | mouse_mode = true; 24 | on_force_close = "detach"; 25 | scroll_buffer_size = 100000; 26 | simplified_ui = false; 27 | ui.pane_frames = { 28 | hide_session_name = false; 29 | rounded_corners = true; 30 | }; 31 | }; 32 | }; 33 | 34 | xdg.configFile.zellijLayouts = { 35 | source = ./layouts; 36 | target = "./zellij/layouts"; 37 | }; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /modules/home/zellij/layouts/default.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | pane borderless=true 3 | 4 | pane size=1 borderless=true { 5 | plugin location="zellij:compact-bar" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /modules/home/zellij/layouts/main.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | tab name="main" { 3 | pane size=1 borderless=true { 4 | plugin location="zellij:compact-bar" 5 | } 6 | 7 | pane split_direction="vertical" { 8 | pane cwd="~/projects/work" 9 | pane cwd="~/dotfiles" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/home/zellij/layouts/multi.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | tab name="dotfiles" { 3 | pane size=1 borderless=true { 4 | plugin location="zellij:tab-bar" 5 | } 6 | 7 | pane split_direction="vertical" { 8 | pane cwd="~/dotfiles" size="60%" 9 | pane size="40%" 10 | } 11 | 12 | pane size=2 borderless=true { 13 | plugin location="zellij:status-bar" 14 | } 15 | } 16 | 17 | tab name="work" focus=true cwd="~/projects/work" { 18 | pane size=1 borderless=true { 19 | plugin location="zellij:tab-bar" 20 | } 21 | 22 | pane split_direction="horizontal" { 23 | pane split_direction="vertical" { 24 | pane 25 | pane 26 | } 27 | 28 | pane 29 | } 30 | 31 | pane size=2 borderless=true { 32 | plugin location="zellij:status-bar" 33 | } 34 | } 35 | 36 | tab name="personal" { 37 | pane size=1 borderless=true { 38 | plugin location="zellij:tab-bar" 39 | } 40 | 41 | pane 42 | 43 | pane size=2 borderless=true { 44 | plugin location="zellij:status-bar" 45 | } 46 | } 47 | 48 | tab name="misc" { 49 | pane size=1 borderless=true { 50 | plugin location="zellij:tab-bar" 51 | } 52 | 53 | pane command="btop" start_suspended=true 54 | 55 | pane size=2 borderless=true { 56 | plugin location="zellij:status-bar" 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /modules/home/zoxide/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: with lib.${namespace}; { programs.zoxide = enabled; } 2 | -------------------------------------------------------------------------------- /modules/nixos/agenix/default.nix: -------------------------------------------------------------------------------- 1 | _: { age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; } 2 | -------------------------------------------------------------------------------- /modules/nixos/desktop/android-dev/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.desktop.android-dev; 12 | defaultJdk = pkgs.openjdk17; 13 | toolchains = [ 14 | pkgs.openjdk11 15 | pkgs.openjdk21 16 | defaultJdk 17 | ]; 18 | mapOpenJdk = pkg: "${pkg}/lib/openjdk"; 19 | in 20 | { 21 | options.${namespace}.desktop.android-dev = { 22 | enable = mkEnableOption "Configure a development environment for Android apps"; 23 | }; 24 | 25 | config = mkIf cfg.enable { 26 | users.users.yash.packages = with pkgs; [ 27 | android-tools 28 | androidStudioPackages.stable 29 | androidStudioPackages.beta 30 | apktool 31 | flutter 32 | kotlin 33 | scrcpy 34 | maestro 35 | ]; 36 | 37 | programs = { 38 | adb = enabled; 39 | java = enabled // { 40 | package = defaultJdk; 41 | binfmt = false; 42 | }; 43 | nix-ld = enabled // { 44 | package = pkgs.nix-ld-rs; 45 | libraries = with pkgs; [ 46 | icu 47 | openssl 48 | stdenv.cc.cc 49 | zlib 50 | ]; 51 | }; 52 | }; 53 | 54 | snowfallorg.users.yash.home.config = { 55 | programs.gradle = enabled // { 56 | settings = { 57 | "org.gradle.caching" = true; 58 | "org.gradle.parallel" = true; 59 | "org.gradle.jvmargs" = "-XX:MaxMetaspaceSize=1024m -XX:+UseG1GC"; 60 | "org.gradle.java.home" = mapOpenJdk defaultJdk; 61 | "org.gradle.java.installations.auto-detect" = false; 62 | "org.gradle.java.installations.auto-download" = false; 63 | "org.gradle.java.installations.paths" = lib.concatMapStringsSep "," mapOpenJdk toolchains; 64 | }; 65 | }; 66 | }; 67 | }; 68 | } 69 | -------------------------------------------------------------------------------- /modules/nixos/desktop/cosmic/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.desktop.cosmic; 11 | in 12 | { 13 | options.${namespace}.desktop.cosmic = { 14 | enable = mkEnableOption "Setup desktop with Cosmic DE"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | services.desktopManager.cosmic = enabled; 19 | services.displayManager.cosmic-greeter = enabled; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.desktop; 12 | in 13 | { 14 | options.${namespace}.desktop = { 15 | enable = mkEnableOption "Profile for desktop machines"; 16 | 17 | extraPackages = mkOption { 18 | type = types.listOf types.package; 19 | default = [ ]; 20 | description = "Extra packages to install on desktop machines"; 21 | }; 22 | }; 23 | 24 | config = mkIf cfg.enable { 25 | # Common configuration for desktop machines 26 | dots = { 27 | desktop = { 28 | android-dev = enabled; 29 | earlyoom = enabled; 30 | gaming = enabled; 31 | stylix = enabled; 32 | }; 33 | 34 | hardware = { 35 | audio = enabled; 36 | bluetooth = enabled; 37 | networking = enabled; 38 | }; 39 | 40 | services = { 41 | openrazer = disabled; 42 | printing = enabled; 43 | ssh = enabled; 44 | tailscale = enabled; 45 | yubikey = enabled; 46 | }; 47 | 48 | system = { 49 | boot = enabled; 50 | xkb = enabled; 51 | }; 52 | }; 53 | 54 | environment.systemPackages = with pkgs; [ inetutils ]; 55 | 56 | # Enable the X11 windowing system. 57 | services.xserver = enabled; 58 | 59 | # Common packages for desktop machines 60 | users.users.yash.packages = 61 | # CLI 62 | with pkgs; 63 | [ 64 | caligula 65 | ddcutil 66 | git-lfs 67 | nh 68 | qemu_kvm 69 | sshfs 70 | xclip 71 | ] 72 | # GUI 73 | ++ (with pkgs; [ 74 | collision 75 | curtail 76 | emblem 77 | foliate 78 | google-chrome 79 | handbrake 80 | jetbrains.idea-ultimate 81 | newsflash 82 | obsidian 83 | slack 84 | spotify 85 | telegram-desktop 86 | textpieces 87 | transmission_4-gtk 88 | vesktop 89 | vscode 90 | ]) 91 | ++ cfg.extraPackages; 92 | }; 93 | } 94 | -------------------------------------------------------------------------------- /modules/nixos/desktop/earlyoom/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.desktop.earlyoom; 12 | in 13 | { 14 | options.${namespace}.desktop.earlyoom = { 15 | enable = mkEnableOption "Enable earlyoom for desktop machines"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | # https://dataswamp.org/~solene/2022-09-28-earlyoom.html 20 | # avoid the linux kernel from locking itself when we're putting too much strain on the memory 21 | # this helps avoid having to shut down forcefully when we OOM 22 | services = { 23 | earlyoom = enabled // { 24 | enableNotifications = true; # annoying, but we want to know what's killed 25 | freeSwapThreshold = 2; 26 | freeMemThreshold = 2; 27 | extraArgs = [ 28 | "-g" 29 | "--avoid '^(gnome.*|firefox.*|pipewire.*)$'" # things we want to not kill 30 | "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently 31 | ]; 32 | 33 | # we should ideally write the logs into a designated log file; or even better, to the journal 34 | # for now we can hope this echo sends the log to somewhere we can observe later 35 | killHook = pkgs.writeShellScript "earlyoom-kill-hook" '' 36 | echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" 37 | ''; 38 | }; 39 | 40 | systembus-notify.enable = lib.mkForce true; 41 | }; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /modules/nixos/desktop/gaming/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.desktop.gaming; 12 | quantum = 64; 13 | rate = 48000; 14 | qr = "${toString quantum}/${toString rate}"; 15 | in 16 | { 17 | options.${namespace}.desktop.gaming = { 18 | enable = mkEnableOption "Enable gaming for desktop machines"; 19 | }; 20 | 21 | config = mkIf cfg.enable { 22 | boot.kernel.sysctl = { 23 | # 20-shed.conf 24 | "kernel.sched_cfs_bandwidth_slice_us" = 3000; 25 | # 20-net-timeout.conf 26 | # This is required due to some games being unable to reuse their TCP ports 27 | # if they are killed and restarted quickly - the default timeout is too large. 28 | "net.ipv4.tcp_fin_timeout" = 5; 29 | # 30-vm.conf 30 | # USE MAX_INT - MAPCOUNT_ELF_CORE_MARGIN. 31 | # see comment in include/linux/mm.h in the kernel tree. 32 | "vm.max_map_count" = 2147483642; 33 | }; 34 | 35 | programs.gamescope = enabled // { 36 | capSysNice = true; 37 | args = [ 38 | "--steam" 39 | "--expose-wayland" 40 | "--rt" 41 | "-W 2560" 42 | "-H 1440" 43 | "--force-grab-cursor" 44 | "--grab" 45 | "--fullscreen" 46 | ]; 47 | }; 48 | 49 | programs.steam = enabled // { 50 | # Graphical glitches and broken rendering 51 | gamescopeSession = disabled; 52 | }; 53 | 54 | # Pipewire LowLatency configuration from nix-gaming 55 | # ref: https://github.com/fufexan/nix-gaming/blob/6caa391790442baea22260296041429fb365e0ce/modules/pipewireLowLatency.nix 56 | services.pipewire = { 57 | extraConfig.pipewire = { 58 | "99-lowlatency" = { 59 | context = { 60 | properties.default.clock.min-quantum = quantum; 61 | modules = [ 62 | { 63 | name = "libpipewire-module-rtkit"; 64 | flags = [ 65 | "ifexists" 66 | "nofail" 67 | ]; 68 | args = { 69 | nice.level = -15; 70 | rt = { 71 | prio = 88; 72 | time.soft = 200000; 73 | time.hard = 200000; 74 | }; 75 | }; 76 | } 77 | { 78 | name = "libpipewire-module-protocol-pulse"; 79 | args = { 80 | server.address = [ "unix:native" ]; 81 | pulse.min = { 82 | req = qr; 83 | quantum = qr; 84 | frag = qr; 85 | }; 86 | }; 87 | } 88 | ]; 89 | 90 | stream.properties = { 91 | node.latency = qr; 92 | resample.quality = 1; 93 | }; 94 | }; 95 | }; 96 | }; 97 | }; 98 | 99 | users.users.yash.packages = with pkgs; [ 100 | (prismlauncher.override { 101 | jdks = [ openjdk21 ]; 102 | }) 103 | ]; 104 | 105 | environment.sessionVariables.VK_DRIVER_FILES = "/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json"; 106 | }; 107 | } 108 | -------------------------------------------------------------------------------- /modules/nixos/desktop/stylix/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | inputs, 6 | namespace, 7 | ... 8 | }: 9 | with lib; 10 | with lib.${namespace}; 11 | let 12 | cfg = config.${namespace}.desktop.stylix; 13 | in 14 | { 15 | options.${namespace}.desktop.stylix = { 16 | enable = mkEnableOption "Stylix profile for desktop machines"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | stylix = enabled // { 21 | autoEnable = false; 22 | homeManagerIntegration.followSystem = true; 23 | image = pkgs.fetchurl { 24 | url = "https://w.wallhaven.cc/full/p9/wallhaven-p9qpyp.jpg"; 25 | sha256 = "sha256-GeB4yYgmgbkQ82wQv4g+jh+Mh4UNJHK0y4/JPY2HeiU="; 26 | }; 27 | base16Scheme = "${inputs.base16-schemes.outPath}/base16/catppuccin-mocha.yaml"; 28 | cursor = { 29 | package = pkgs.rose-pine-cursor; 30 | name = "BreezeX-RosePine-Linux"; 31 | size = 28; 32 | }; 33 | fonts = { 34 | emoji = { 35 | name = "Noto Color Emoji"; 36 | package = pkgs.noto-fonts-color-emoji; 37 | }; 38 | monospace = { 39 | name = "JetBrainsMono Nerd Font Mono Regular"; 40 | package = pkgs.nerd-fonts.jetbrains-mono; 41 | }; 42 | sansSerif = { 43 | name = "Roboto Regular"; 44 | package = pkgs.roboto; 45 | }; 46 | serif = { 47 | name = "Roboto Serif 20pt Regular"; 48 | package = pkgs.roboto-serif; 49 | }; 50 | sizes = { 51 | applications = 12; 52 | terminal = 10; 53 | }; 54 | }; 55 | polarity = "dark"; 56 | targets = { 57 | chromium = enabled; 58 | nixos-icons = enabled; 59 | }; 60 | }; 61 | 62 | snowfallorg.users.yash.home.config = { 63 | stylix.targets = { 64 | alacritty = enabled; 65 | vesktop = enabled; 66 | wezterm = enabled; 67 | zellij = enabled; 68 | }; 69 | }; 70 | }; 71 | } 72 | -------------------------------------------------------------------------------- /modules/nixos/hardware/audio/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.hardware.audio; 12 | noise-suppression-for-voice = pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-noise-cancellation.conf" '' 13 | context.modules = [ 14 | { name = libpipewire-module-filter-chain 15 | args = { 16 | node.description = "Noise Canceling source" 17 | media.name = "Noise Canceling source" 18 | filter.graph = { 19 | nodes = [ 20 | { 21 | type = ladspa 22 | name = rnnoise 23 | plugin = ${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so 24 | label = noise_suppressor_mono 25 | control = { 26 | "VAD Threshold (%)" = 50.0 27 | } 28 | } 29 | ] 30 | } 31 | capture.props = { 32 | node.name = "effect_input.rnnoise" 33 | node.passive = true 34 | audio.rate = 48000 35 | } 36 | playback.props = { 37 | node.name = "effect_output.rnnoise" 38 | media.class = Audio/Source 39 | audio.rate = 48000 40 | } 41 | } 42 | } 43 | ] 44 | ''; 45 | in 46 | { 47 | options.${namespace}.hardware.audio = { 48 | enable = mkEnableOption "Profile for audio hardware"; 49 | noise-cancellation = mkBoolOpt true "Enable noise cancellation for voice"; 50 | }; 51 | 52 | config = mkIf cfg.enable { 53 | security.rtkit = enabled; 54 | 55 | services.pulseaudio = disabled; 56 | services.pipewire = enabled // { 57 | alsa = enabled // { 58 | support32Bit = true; 59 | }; 60 | configPackages = mkIf cfg.noise-cancellation [ noise-suppression-for-voice ]; 61 | pulse = enabled; 62 | }; 63 | }; 64 | } 65 | -------------------------------------------------------------------------------- /modules/nixos/hardware/bluetooth/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | let 9 | cfg = config.${namespace}.hardware.bluetooth; 10 | in 11 | { 12 | options.${namespace}.hardware.bluetooth = { 13 | enable = mkEnableOption "Profile for bluetooth hardware"; 14 | }; 15 | 16 | config = mkIf cfg.enable { hardware.bluetooth.enable = mkDefault true; }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/nixos/hardware/networking/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.hardware.networking; 11 | in 12 | { 13 | options.${namespace}.hardware.networking = with types; { 14 | enable = mkBoolOpt false "Whether or not to enable networking support"; 15 | domain = mkOpt str "" "The domain name of the machine"; 16 | hostName = mkOpt str "nixos" "The hostname of the machine"; 17 | hosts = mkOpt attrs { } (mdDoc "An attribute set to merge with `networking.hosts`"); 18 | extra = mkBoolOpt true "Whether or not to enable extra networking features"; 19 | tcpPorts = mkOpt (listOf port) [ 20 | 80 21 | 443 22 | 8080 23 | ] "A list of ports to open in the firewall"; 24 | }; 25 | 26 | config = mkIf cfg.enable { 27 | networking = { 28 | inherit (cfg) domain; 29 | inherit (cfg) hosts; 30 | hostName = mkDefault cfg.hostName; 31 | 32 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 33 | # (the default) this is the recommended approach. When using systemd-networkd it's 34 | # still possible to use this option, but it's recommended to use it in conjunction 35 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 36 | interfaces.wlan0.useDHCP = mkDefault true; 37 | useDHCP = mkDefault true; 38 | 39 | # Enable networking 40 | networkmanager.enable = cfg.extra; 41 | nftables.enable = cfg.extra; 42 | 43 | firewall = enabled // { 44 | allowPing = true; 45 | allowedTCPPorts = cfg.tcpPorts; 46 | }; 47 | }; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /modules/nixos/home-manager/default.nix: -------------------------------------------------------------------------------- 1 | _: { home-manager.backupFileExtension = "bkp"; } 2 | -------------------------------------------------------------------------------- /modules/nixos/nix/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | documentation = enabled // { 10 | doc = disabled; 11 | man = enabled; 12 | dev = disabled; 13 | }; 14 | 15 | users.users.yash.packages = with pkgs; [ nix-output-monitor ]; 16 | 17 | nix = mkNixConfig { inherit lib pkgs; } // { 18 | gc = { 19 | automatic = true; 20 | dates = "daily"; 21 | options = "--delete-older-than 3d"; 22 | persistent = true; 23 | }; 24 | 25 | optimise.automatic = true; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/nixos/server/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.server; 12 | in 13 | { 14 | options.${namespace}.server = { 15 | enable = mkEnableOption "Profile for servers"; 16 | 17 | extraPackages = mkOption { 18 | type = types.listOf types.package; 19 | default = [ ]; 20 | description = "Extra packages to install on servers"; 21 | }; 22 | }; 23 | 24 | config = mkIf cfg.enable { 25 | users.users.yash.packages = with pkgs; [ 26 | nh 27 | ]; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /modules/nixos/services/adguard/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.adguard; 11 | in 12 | { 13 | options.${namespace}.services.adguard = { 14 | enable = mkEnableOption "Adguard Home Server"; 15 | 16 | port = mkOption { 17 | type = types.int; 18 | default = 4000; 19 | description = "The port to serve HTTP on"; 20 | }; 21 | }; 22 | 23 | config = mkIf cfg.enable { 24 | networking.firewall = { 25 | allowedTCPPorts = [ 53 ]; 26 | allowedUDPPorts = [ 53 ]; 27 | }; 28 | 29 | services.adguardhome = enabled // { 30 | inherit (cfg) port; 31 | host = "127.0.0.1"; 32 | mutableSettings = true; 33 | openFirewall = true; 34 | settings = { 35 | http = { 36 | address = "127.0.0.1:${toString cfg.port}"; 37 | }; 38 | }; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/nixos/services/avahi/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.avahi; 11 | in 12 | { 13 | options.${namespace}.services.avahi = { 14 | enable = mkEnableOption "Avahi"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | services.avahi = enabled // { 19 | nssmdns4 = true; 20 | publish = enabled // { 21 | addresses = true; 22 | domain = true; 23 | hinfo = true; 24 | userServices = true; 25 | workstation = true; 26 | }; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /modules/nixos/services/cifs/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.services.cifs; 12 | cifsShare = path: { 13 | device = "//${path}"; 14 | fsType = "cifs"; 15 | options = 16 | let 17 | automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; 18 | in 19 | [ "${automount_opts},credentials=/etc/nixos/smb-secrets" ]; 20 | }; 21 | in 22 | { 23 | options.${namespace}.services.cifs = { 24 | enable = mkEnableOption "CIFS Shares Auto-Mounting"; 25 | 26 | cifsHost = mkOption { 27 | type = types.str; 28 | default = "nova"; 29 | description = "The key name for cifs credentials"; 30 | }; 31 | 32 | mounts = mkOption { 33 | type = types.attrsOf ( 34 | types.submodule { 35 | options = { 36 | path = mkOption { 37 | type = types.str; 38 | description = "The CIFS share path in the format /."; 39 | }; 40 | }; 41 | } 42 | ); 43 | default = { }; 44 | description = "List of CIFS shares to be mounted."; 45 | }; 46 | }; 47 | 48 | config = mkIf cfg.enable { 49 | age.secrets.cifs-creds.file = snowfall.fs.get-file "secrets/${cfg.cifsHost}/cifs.age"; 50 | 51 | environment.etc."nixos/smb-secrets".source = config.age.secrets.cifs-creds.path; 52 | environment.etc."nixos/smb-secrets".mode = "0600"; 53 | environment.systemPackages = [ pkgs.cifs-utils ]; 54 | 55 | fileSystems = listToAttrs ( 56 | mapAttrsToList (name: mount: { 57 | name = "/mnt/${name}"; 58 | value = cifsShare mount.path; 59 | }) cfg.mounts 60 | ); 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /modules/nixos/services/gatus/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.gatus; 11 | in 12 | { 13 | options.${namespace}.services.gatus = { 14 | enable = mkEnableOption "Gatus Uptime Monitor"; 15 | domain = mkOpt types.str "yashgarg.dev" "Base domain for Gatus"; 16 | port = mkOpt types.int 3333 "Port for Gatus"; 17 | monitorPoints = mkOption { 18 | type = 19 | with types; 20 | listOf (submodule { 21 | options = { 22 | name = mkOption { 23 | type = str; 24 | description = "Display name of the monitored service"; 25 | }; 26 | group = mkOption { 27 | type = str; 28 | default = "internal"; 29 | description = "Group name for the monitored service"; 30 | }; 31 | url = mkOption { 32 | type = str; 33 | description = "URL of the monitored service"; 34 | }; 35 | }; 36 | }); 37 | default = [ ]; 38 | description = "List of services to monitor, each with a name and URL."; 39 | }; 40 | }; 41 | 42 | config = mkIf cfg.enable { 43 | services = { 44 | gatus = enabled // { 45 | settings = { 46 | web.port = cfg.port; 47 | connectivity.checker = { 48 | target = "1.1.1.1:53"; 49 | interval = "60s"; 50 | }; 51 | ui = { 52 | title = "Homelab Status | Yash Garg"; 53 | description = "Monitoring for My Services"; 54 | header = "Yash's Homelab Status"; 55 | link = "https://status.${cfg.domain}"; 56 | dark-mode = true; 57 | }; 58 | endpoints = map (endpoint: { 59 | inherit (endpoint) name group url; 60 | ui = { 61 | hide-conditions = true; 62 | hide-hostname = true; 63 | hide-url = true; 64 | }; 65 | interval = "10m"; 66 | conditions = [ 67 | "[STATUS] == 200" 68 | "[RESPONSE_TIME] < 500" 69 | ]; 70 | }) cfg.monitorPoints; 71 | }; 72 | }; 73 | 74 | traefik.dynamicConfigOptions.http = { 75 | routers.gatus = { 76 | rule = "Host(`status.${cfg.domain}`)"; 77 | entryPoints = [ "websecure" ]; 78 | service = "gatus"; 79 | tls.certResolver = "letsencrypt"; 80 | }; 81 | services.gatus.loadBalancer = { 82 | servers = [ { url = "http://localhost:${toString cfg.port}"; } ]; 83 | }; 84 | }; 85 | }; 86 | }; 87 | } 88 | -------------------------------------------------------------------------------- /modules/nixos/services/gitea/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.gitea; 11 | in 12 | { 13 | options.${namespace}.services.gitea = { 14 | enable = mkEnableOption { description = "Whether to enable gitea"; }; 15 | domain = mkOpt types.str "" "The domain name for gitea"; 16 | openFirewall = mkBoolOpt false "Whether to open the firewall for gitea"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 21 | config.services.gitea.settings.server.HTTP_PORT 22 | ]; 23 | 24 | services.gitea = enabled // { 25 | lfs = enabled; 26 | settings = { 27 | actions.ENABLED = false; 28 | database.type = "sqlite3"; 29 | markdown.ENABLE_MATH = true; 30 | other.SHOW_FOOTER_POWERED_BY = false; 31 | repository.DISABLE_STARS = false; 32 | server = { 33 | DOMAIN = cfg.domain; 34 | DISABLE_SSH = true; 35 | ENABLE_GZIP = true; 36 | LANDING_PAGE = "explore"; 37 | ROOT_URL = "https://${cfg.domain}/"; 38 | }; 39 | service = { 40 | COOKIE_SECURE = true; 41 | DISABLE_REGISTRATION = true; 42 | }; 43 | ui.DEFAULT_THEME = "catppuccin-mocha-mauve"; 44 | }; 45 | }; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/nixos/services/jellyfin/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.jellyfin; 11 | in 12 | { 13 | options.${namespace}.services.jellyfin = { 14 | enable = mkEnableOption "Jellyfin server profile"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | services.jellyfin = enabled // { 19 | openFirewall = true; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/nixos/services/ksmbd/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.services.ksmbd; 12 | smbToString = x: if builtins.typeOf x == "bool" then lib.boolToString x else toString x; 13 | shareConfig = 14 | name: 15 | let 16 | share = lib.getAttr name cfg.shares; 17 | in 18 | "[${name}]\n " 19 | + (smbToString ( 20 | map (key: "${key} = ${smbToString (lib.getAttr key share)}\n") (lib.attrNames share) 21 | )); 22 | in 23 | { 24 | options.${namespace}.services.ksmbd = with types; { 25 | enable = mkEnableOption "Enable cifsd kernel server"; 26 | extraConfig = mkOpt lines "" "Additional global section and extra section lines go in here."; 27 | openFirewall = mkBoolOpt false "Whether to automatically open the necessary ports in the firewall."; 28 | user = mkOpt str "yash" "User to add to the server"; 29 | passwordFile = mkOpt path null "Path to a file containing password for user"; 30 | securityType = mkOpt str "user" "Samba security type"; 31 | shares = mkOption { 32 | default = { }; 33 | description = '' 34 | A set describing shared resources. 35 | See man smb.conf for options. 36 | ''; 37 | type = attrsOf (attrsOf unspecified); 38 | example = literalExample '' 39 | { public = 40 | { path = "/srv/public"; 41 | "read only" = true; 42 | browseable = "yes"; 43 | "guest ok" = "yes"; 44 | comment = "Public samba share."; 45 | }; 46 | } 47 | ''; 48 | }; 49 | }; 50 | 51 | config = mkIf cfg.enable { 52 | boot.kernelModules = [ "ksmbd" ]; 53 | 54 | environment.systemPackages = [ pkgs.ksmbd-tools ]; 55 | environment.etc."ksmbd/ksmbd.conf".text = '' 56 | [global] 57 | security = ${cfg.securityType} 58 | ${cfg.extraConfig} 59 | 60 | ${smbToString (map shareConfig (attrNames cfg.shares))} 61 | ''; 62 | 63 | networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 445 ]; 64 | 65 | services.samba-wsdd = enabled // { 66 | discovery = true; 67 | inherit (cfg) openFirewall; 68 | }; 69 | 70 | systemd.services.ksmbd = { 71 | wantedBy = [ "multi-user.target" ]; 72 | after = [ "network.target" ]; 73 | path = [ pkgs.ksmbd-tools ]; 74 | preStart = "${pkgs.ksmbd-tools}/bin/ksmbd.adduser -P /run/ksmbd/passwd -a ${cfg.user} < ${cfg.passwordFile}"; 75 | serviceConfig = { 76 | Type = "forking"; 77 | ExecStart = "${pkgs.ksmbd-tools}/bin/ksmbd.mountd -C /etc/ksmbd/ksmbd.conf -P /run/ksmbd/passwd"; 78 | Restart = "always"; 79 | PrivateTmp = true; 80 | RuntimeDirectory = "ksmbd"; 81 | }; 82 | }; 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /modules/nixos/services/linkding/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.linkding; 11 | in 12 | { 13 | options.${namespace}.services.linkding = { 14 | enable = mkEnableOption "Easy to use self-hosted bookmark manager"; 15 | 16 | port = mkOption { 17 | type = types.int; 18 | default = 9090; 19 | description = "Port on which the linkding will listen"; 20 | }; 21 | 22 | proxy = { 23 | enable = mkEnableOption "Enable the linkding service"; 24 | domain = mkOption { 25 | type = types.str; 26 | default = "yashgarg.dev"; 27 | description = "The domain name for the linkding service"; 28 | }; 29 | }; 30 | }; 31 | 32 | config = mkIf cfg.enable { 33 | systemd.tmpfiles.rules = [ 34 | "d /var/lib/linkding 0750 nobody nogroup -" 35 | ]; 36 | 37 | virtualisation.oci-containers.containers.linkding = { 38 | image = "sissbruecker/linkding:latest"; 39 | autoStart = true; 40 | 41 | ports = [ "${toString cfg.port}:9090" ]; 42 | volumes = [ "/var/lib/linkding:/app/data" ]; 43 | environment = { 44 | LD_SUPERUSER_NAME = "yash"; 45 | # change on first run 46 | LD_SUPERUSER_PASSWORD = "changeme1234"; 47 | }; 48 | }; 49 | 50 | services.traefik.dynamicConfigOptions.http = mkIf cfg.proxy.enable { 51 | routers.linkding = { 52 | rule = "Host(`links.${cfg.proxy.domain}`)"; 53 | entryPoints = [ "websecure" ]; 54 | service = "linkding"; 55 | middlewares = [ "auth" ]; 56 | tls.certResolver = "letsencrypt"; 57 | }; 58 | services.linkding.loadBalancer = { 59 | servers = [ { url = "http://localhost:${toString cfg.port}"; } ]; 60 | }; 61 | }; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /modules/nixos/services/ollama/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.ollama; 11 | in 12 | { 13 | options.${namespace}.services.ollama = { 14 | enable = mkEnableOption "Ollama AI"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | services.ollama = enabled // { 19 | loadModels = [ "dolphin-mistral" ]; 20 | openFirewall = true; 21 | port = 11434; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/nixos/services/openrazer/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.services.openrazer; 12 | in 13 | { 14 | options.${namespace}.services.openrazer = { 15 | enable = mkEnableOption { description = "Whether to configure openrazer settings"; }; 16 | 17 | users = mkOption { 18 | type = with lib.types; listOf str; 19 | default = [ "yash" ]; 20 | description = "List of users to add to the openrazer group"; 21 | }; 22 | 23 | gui = mkBoolOpt false "Whether to enable the polychromatic GUI"; 24 | }; 25 | 26 | config = mkIf cfg.enable { 27 | environment.systemPackages = [ pkgs.openrazer-daemon ]; 28 | 29 | hardware.openrazer = enabled // { 30 | inherit (cfg) users; 31 | batteryNotifier = disabled; 32 | devicesOffOnScreensaver = false; 33 | syncEffectsEnabled = false; 34 | }; 35 | 36 | users.users.yash.packages = mkIf cfg.gui [ pkgs.polychromatic ]; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/nixos/services/plausible/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.plausible; 11 | in 12 | { 13 | options.${namespace}.services.plausible = { 14 | enable = mkEnableOption "Enable plausible analytics"; 15 | 16 | baseUrl = mkOption { 17 | type = types.str; 18 | default = "yashgarg.dev"; 19 | description = "Base URL for the plausible server"; 20 | }; 21 | 22 | secretKeybaseFile = mkOption { 23 | type = types.path; 24 | default = null; 25 | description = "Path to a file containing a Tailscale authkey that this device can use to authenticate itself"; 26 | }; 27 | 28 | openFirewall = mkBoolOpt true "Open firewall for Plausible"; 29 | 30 | port = mkOption { 31 | type = types.int; 32 | default = 8181; 33 | description = "Port on which the plausible server will listen"; 34 | }; 35 | }; 36 | 37 | config = mkIf cfg.enable { 38 | networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; 39 | 40 | services = { 41 | plausible = enabled // { 42 | database.postgres.setup = true; 43 | server = { 44 | baseUrl = "https://analytics.${cfg.baseUrl}"; 45 | disableRegistration = "invite_only"; 46 | inherit (cfg) port secretKeybaseFile; 47 | }; 48 | }; 49 | 50 | traefik.dynamicConfigOptions.http = { 51 | routers.plausible = { 52 | rule = "Host(`analytics.${cfg.baseUrl}`)"; 53 | entryPoints = [ "websecure" ]; 54 | service = "plausible"; 55 | tls.certResolver = "letsencrypt"; 56 | }; 57 | services.plausible.loadBalancer = { 58 | servers = [ { url = "http://localhost:${toString cfg.port}"; } ]; 59 | }; 60 | }; 61 | }; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /modules/nixos/services/printing/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.printing; 11 | in 12 | { 13 | options.${namespace}.services.printing = with types; { 14 | enable = mkBoolOpt false "Whether or not to configure printing support."; 15 | }; 16 | 17 | config = mkIf cfg.enable { services.printing = enabled; }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/nixos/services/qbittorrent/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.services.qbittorrent; 12 | configDir = "${cfg.dataDir}/.config"; 13 | in 14 | { 15 | options.${namespace}.services.qbittorrent = { 16 | enable = mkBoolOpt false "Enable qbittorrent-nox service."; 17 | 18 | dataDir = mkOption { 19 | type = types.path; 20 | default = "/var/lib/qbittorrent"; 21 | description = '' 22 | Directory where qBittorrent-nox will create files. 23 | ''; 24 | }; 25 | 26 | user = mkOption { 27 | type = types.str; 28 | default = "qbittorrent"; 29 | description = "The user which qbittorrent will run on"; 30 | }; 31 | 32 | group = mkOption { 33 | type = types.str; 34 | default = "qbittorrent"; 35 | description = "The group of the user which qbittorrent will run on"; 36 | }; 37 | 38 | openFirewall = mkBoolOpt true "Open the firewall for qbittorrent"; 39 | 40 | port = mkOption { 41 | type = types.int; 42 | default = 3000; 43 | description = "The port for the webui"; 44 | }; 45 | }; 46 | 47 | config = mkIf cfg.enable { 48 | environment.systemPackages = [ pkgs.qbittorrent-nox ]; 49 | 50 | networking.firewall = mkIf cfg.openFirewall { 51 | allowedTCPPorts = [ cfg.port ]; 52 | allowedUDPPorts = [ cfg.port ]; 53 | }; 54 | 55 | systemd.services.qbittorrent = { 56 | after = [ "network.target" ]; 57 | description = "qBittorrent Daemon"; 58 | wantedBy = [ "multi-user.target" ]; 59 | path = [ pkgs.qbittorrent-nox ]; 60 | serviceConfig = { 61 | ExecStart = '' 62 | ${pkgs.qbittorrent-nox}/bin/qbittorrent-nox \ 63 | --profile=${configDir} \ 64 | --webui-port=${toString cfg.port} 65 | ''; 66 | Restart = "on-success"; 67 | User = cfg.user; 68 | Group = cfg.group; 69 | }; 70 | }; 71 | 72 | systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -" ]; 73 | 74 | users.users = mkIf (cfg.user == "qbittorrent") { 75 | qbittorrent = { 76 | description = "qBittorrent Daemon user"; 77 | inherit (cfg) group; 78 | home = cfg.dataDir; 79 | isSystemUser = true; 80 | }; 81 | }; 82 | 83 | users.groups = mkIf (cfg.group == "qbittorrent") { 84 | qbittorrent = { 85 | gid = null; 86 | }; 87 | }; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /modules/nixos/services/samba/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.samba; 11 | bool-to-yes-no = value: if value then "yes" else "no"; 12 | 13 | shares-submodule = 14 | with types; 15 | submodule ( 16 | { name, ... }: 17 | { 18 | options = { 19 | path = mkOpt str null "The path to serve."; 20 | public = mkBoolOpt false "Whether the share is public."; 21 | browseable = mkBoolOpt true "Whether the share is browseable."; 22 | comment = mkOpt str name "An optional comment."; 23 | read-only = mkBoolOpt false "Whether the share should be read only."; 24 | only-owner-editable = mkBoolOpt false "Whether the share is only writable by the system owner (plusultra.user.name)."; 25 | 26 | extra-config = mkOpt attrs { } "Extra configuration options for the share."; 27 | }; 28 | } 29 | ); 30 | in 31 | { 32 | options.${namespace}.services.samba = { 33 | enable = mkEnableOption "Samba"; 34 | workgroup = mkOpt types.str "WORKGROUP" "The workgroup to use."; 35 | browseable = mkBoolOpt true "Whether the shares are browseable."; 36 | 37 | shares = mkOpt (types.attrsOf shares-submodule) { } "The shares to serve."; 38 | }; 39 | 40 | config = mkIf cfg.enable { 41 | services.samba = enabled // { 42 | openFirewall = true; 43 | 44 | settings = mapAttrs ( 45 | name: value: 46 | { 47 | inherit (value) path comment; 48 | 49 | public = bool-to-yes-no value.public; 50 | browseable = bool-to-yes-no value.browseable; 51 | "read only" = bool-to-yes-no value.read-only; 52 | } 53 | // (optionalAttrs value.only-owner-editable { 54 | "write list" = config.${namespace}.user.name; 55 | "read list" = "guest, nobody"; 56 | "create mask" = "0755"; 57 | }) 58 | // value.extra-config 59 | ) cfg.shares; 60 | }; 61 | 62 | # Advertise shares to Windows hosts 63 | services.samba-wsdd = enabled // { 64 | discovery = true; 65 | openFirewall = true; 66 | workgroup = "WORKGROUP"; 67 | }; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /modules/nixos/services/ssh/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.services.ssh; 12 | bool-to-yes-no = value: if value then "yes" else "no"; 13 | in 14 | { 15 | options.${namespace}.services.ssh = { 16 | enable = mkEnableOption "Setup SSH"; 17 | 18 | keys = mkOption { 19 | type = types.listOf types.str; 20 | default = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILx1G6WZ4MQ8c4hUZy2Be+GF5fZQJSssn4qnJoQ4MPxz" ]; 21 | description = "List of SSH keys to add to the authorized_keys file"; 22 | }; 23 | 24 | addRootKeys = mkBoolOpt false "Add the same keys to the root user"; 25 | 26 | package = mkPackageOption pkgs "openssh" { }; 27 | 28 | passwordAuth = mkBoolOpt true "Allow password authentication"; 29 | 30 | permitRootLogin = mkBoolOpt false "Allow root login"; 31 | }; 32 | 33 | config = mkIf cfg.enable { 34 | services.openssh = enabled // { 35 | inherit (cfg) package; 36 | settings = { 37 | X11Forwarding = mkDefault true; 38 | PermitRootLogin = mkDefault (bool-to-yes-no cfg.permitRootLogin); 39 | PasswordAuthentication = mkDefault cfg.passwordAuth; 40 | }; 41 | openFirewall = true; 42 | }; 43 | 44 | users.users.yash.openssh.authorizedKeys.keys = cfg.keys; 45 | users.users.root.openssh.authorizedKeys.keys = mkIf cfg.addRootKeys cfg.keys; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/nixos/services/sso-auth/authelia/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.authelia; 11 | in 12 | { 13 | options.${namespace}.services.authelia = { 14 | enable = mkEnableOption "Enable Authelia OIDC"; 15 | domain = mkOpt types.str "yashgarg.dev" "Base domain for Authelia"; 16 | host = mkOpt types.str "zenith" "Host for Authelia"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | age.secrets = 21 | let 22 | hostPath = "${cfg.host}/authelia"; 23 | secretAttrs = { 24 | owner = config.services.authelia.instances.main.user; 25 | inherit (config.services.authelia.instances.main) group; 26 | mode = "0600"; 27 | }; 28 | in 29 | { 30 | jwtSecret = secretAttrs // { 31 | file = getSecret "jwt" hostPath; 32 | }; 33 | sessionSecret = secretAttrs // { 34 | file = getSecret "session" hostPath; 35 | }; 36 | storageEncryptionKey = secretAttrs // { 37 | file = getSecret "storage" hostPath; 38 | }; 39 | usersFile = secretAttrs // { 40 | file = getSecret "users.yml" hostPath; 41 | }; 42 | oidcIssuerPrivateKey = secretAttrs // { 43 | file = getSecret "oidc" hostPath; 44 | }; 45 | oidcHmacSecretKey = secretAttrs // { 46 | file = getSecret "hmac" hostPath; 47 | }; 48 | notifierSettings = secretAttrs // { 49 | file = getSecret "notifier.yml" hostPath; 50 | }; 51 | ldapPassword = secretAttrs // { 52 | file = getSecret "ldap" hostPath; 53 | }; 54 | }; 55 | 56 | services = { 57 | authelia = { 58 | instances.main = enabled // { 59 | environmentVariables = { 60 | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.age.secrets.ldapPassword.path; 61 | }; 62 | secrets = { 63 | jwtSecretFile = config.age.secrets.jwtSecret.path; 64 | sessionSecretFile = config.age.secrets.sessionSecret.path; 65 | storageEncryptionKeyFile = config.age.secrets.storageEncryptionKey.path; 66 | oidcIssuerPrivateKeyFile = config.age.secrets.oidcIssuerPrivateKey.path; 67 | oidcHmacSecretFile = config.age.secrets.oidcHmacSecretKey.path; 68 | }; 69 | settings = import ./settings.nix { inherit lib config namespace; }; 70 | settingsFiles = [ config.age.secrets.notifierSettings.path ]; 71 | }; 72 | }; 73 | 74 | traefik.dynamicConfigOptions.http = { 75 | routers.authelia = { 76 | rule = "Host(`auth.${cfg.domain}`)"; 77 | entryPoints = [ "websecure" ]; 78 | service = "authelia"; 79 | tls.certResolver = "letsencrypt"; 80 | }; 81 | services.authelia.loadBalancer = { 82 | servers = [ { url = "http://localhost:9091"; } ]; 83 | }; 84 | }; 85 | }; 86 | }; 87 | } 88 | -------------------------------------------------------------------------------- /modules/nixos/services/sso-auth/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.sso; 11 | in 12 | { 13 | options.${namespace}.sso = { 14 | enable = mkEnableOption "Enable SSO Auth for Services"; 15 | domain = mkOpt types.str "ipx.ovh" "Base domain for SSO Auth"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | dots.services = { 20 | authelia = enabled // { 21 | inherit (cfg) domain; 22 | }; 23 | lldap = enabled // { 24 | inherit (cfg) domain; 25 | }; 26 | }; 27 | 28 | services.postgresql = enabled // { 29 | ensureDatabases = [ 30 | "authelia-main" 31 | "lldap" 32 | ]; 33 | ensureUsers = [ 34 | { 35 | name = "root"; 36 | ensureClauses.superuser = true; 37 | } 38 | { 39 | name = "authelia-main"; 40 | ensureDBOwnership = true; 41 | } 42 | { 43 | name = "lldap"; 44 | ensureDBOwnership = true; 45 | } 46 | ]; 47 | }; 48 | 49 | systemd.services.authelia-main = 50 | let 51 | dependencies = [ 52 | "lldap.service" 53 | "postgresql.service" 54 | ]; 55 | in 56 | { 57 | after = dependencies; 58 | requires = dependencies; 59 | }; 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /modules/nixos/services/sso-auth/lldap/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.lldap; 11 | in 12 | { 13 | options.${namespace}.services.lldap = { 14 | enable = mkEnableOption "Enable lldap user directory"; 15 | domain = mkOpt types.str "yashgarg.dev" "Base domain for lldap"; 16 | host = mkOpt types.str "zenith" "Host for lldap"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | age.secrets = { 21 | jwtPrivate = { 22 | file = getSecret "jwt" "${cfg.host}/lldap"; 23 | owner = "lldap"; 24 | mode = "0600"; 25 | }; 26 | userPassword = { 27 | file = getSecret "user" "${cfg.host}/lldap"; 28 | owner = "lldap"; 29 | mode = "0600"; 30 | }; 31 | keySeed = { 32 | file = getSecret "key-seed" "${cfg.host}/lldap"; 33 | owner = "lldap"; 34 | mode = "0600"; 35 | }; 36 | }; 37 | 38 | services = { 39 | lldap = enabled // { 40 | environment = { 41 | LLDAP_JWT_SECRET_FILE = config.age.secrets.jwtPrivate.path; 42 | LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.userPassword.path; 43 | LLDAP_KEY_SEED_FILE = config.age.secrets.keySeed.path; 44 | }; 45 | settings = { 46 | ldap_base_dn = "dc=${concatStringsSep ",dc=" (splitString "." cfg.domain)}"; 47 | ldap_user_email = "alt@${cfg.domain}"; 48 | database_url = "postgresql://lldap@localhost/lldap?host=/run/postgresql"; 49 | }; 50 | }; 51 | 52 | traefik.dynamicConfigOptions.http = { 53 | routers.lldap = { 54 | rule = "Host(`users.${cfg.domain}`)"; 55 | entryPoints = [ "websecure" ]; 56 | service = "lldap"; 57 | middlewares = [ "auth" ]; 58 | tls.certResolver = "letsencrypt"; 59 | }; 60 | services.lldap.loadBalancer = { 61 | servers = [ 62 | { url = "http://localhost:${toString config.services.lldap.settings.http_port}"; } 63 | ]; 64 | }; 65 | }; 66 | }; 67 | 68 | users = { 69 | users.lldap = { 70 | group = "lldap"; 71 | isSystemUser = true; 72 | }; 73 | groups.lldap = { }; 74 | }; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /modules/nixos/services/tailscale/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.tailscale; 11 | in 12 | { 13 | options.${namespace}.services.tailscale = { 14 | enable = mkEnableOption "Tailscale"; 15 | 16 | authKeyFile = mkOption { 17 | type = types.nullOr types.path; 18 | default = null; 19 | description = "Path to a file containing a Tailscale authkey that this device can use to authenticate itself"; 20 | }; 21 | 22 | exitNode = mkBoolOpt false "Advertise this device as an exit node"; 23 | 24 | # https://tailscale.com/kb/1241/tailscale-up 25 | extraOptions = mkOption { 26 | type = types.listOf types.str; 27 | description = "List of extra flags passed to the `tailscale` invocation"; 28 | default = [ ]; 29 | example = [ "--ssh" ]; 30 | }; 31 | 32 | openFirewall = mkBoolOpt true "Open firewall for Tailscale"; 33 | 34 | setNameservers = mkBoolOpt true "Set nameservers to Tailscale's DNS servers"; 35 | 36 | ssh = mkBoolOpt false "Enable SSH access to this device via Tailscale"; 37 | 38 | subnetRouting = { 39 | enable = mkEnableOption "Enable subnet routing"; 40 | routes = mkOption { 41 | type = types.listOf types.str; 42 | description = "List of subnets to advertise to Tailscale"; 43 | default = [ ]; 44 | example = [ "10.0.0.0/24" ]; 45 | }; 46 | }; 47 | 48 | tailnet = mkOpt types.str "turtle-lake.ts.net" "Tailscale network name"; 49 | }; 50 | 51 | config = mkIf cfg.enable { 52 | # always allow traffic from Tailscale network 53 | networking.firewall.trustedInterfaces = mkIf cfg.openFirewall [ "tailscale0" ]; 54 | networking = { 55 | nameservers = mkIf cfg.setNameservers [ 56 | "100.100.100.100" 57 | "8.8.8.8" 58 | "1.1.1.1" 59 | ]; 60 | search = [ cfg.tailnet ]; 61 | }; 62 | 63 | services.tailscale = enabled // { 64 | inherit (cfg) authKeyFile openFirewall; 65 | extraUpFlags = concatLists [ 66 | (optional cfg.exitNode "--advertise-exit-node") 67 | (optionals cfg.ssh [ 68 | "--accept-risk=lose-ssh" 69 | "--ssh" 70 | ]) 71 | (optionals cfg.subnetRouting.enable [ 72 | "--advertise-routes=${concatStringsSep "," cfg.subnetRouting.routes}" 73 | ]) 74 | cfg.extraOptions 75 | ]; 76 | permitCertUid = "caddy"; 77 | useRoutingFeatures = "both"; 78 | }; 79 | }; 80 | } 81 | -------------------------------------------------------------------------------- /modules/nixos/services/traefik/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.services.traefik; 11 | 12 | mkRouter = name: { 13 | inherit name; 14 | value = { 15 | rule = "Host(`${name}.${cfg.domain}`)"; 16 | entryPoints = [ "websecure" ]; 17 | service = name; 18 | tls.certResolver = "letsencrypt"; 19 | middlewares = 20 | (cfg.services.${name}.middlewares or [ ]) 21 | ++ optional (cfg.services.${name}.useAuth or true) "auth"; 22 | }; 23 | }; 24 | 25 | mkService = 26 | { 27 | name, 28 | url, 29 | useInsecure ? false, 30 | useAuth ? true, 31 | middlewares ? [ ], 32 | }: 33 | { 34 | inherit name; 35 | value = { 36 | loadBalancer = { 37 | servers = [ { inherit url; } ]; 38 | serversTransport = mkIf useInsecure "insecure"; 39 | }; 40 | }; 41 | }; 42 | in 43 | { 44 | options.${namespace}.services.traefik = { 45 | enable = mkEnableOption "Setup traefik reverse proxy"; 46 | 47 | domain = mkOpt types.str "ipx.ovh" "Base domain for all services"; 48 | 49 | services = mkOption { 50 | type = types.attrsOf ( 51 | types.submodule { 52 | options = { 53 | url = mkOpt types.str "https://${name}.${cfg.domain}" "URL of the service"; 54 | useAuth = mkBoolOpt true "Whether to use authentication middleware"; 55 | useInsecure = mkBoolOpt false "Whether to use insecure transport"; 56 | middlewares = mkOpt (types.listOf types.str) [ ] "Additional middlewares to apply"; 57 | }; 58 | } 59 | ); 60 | default = { }; 61 | description = "Service configurations"; 62 | }; 63 | }; 64 | 65 | config = mkIf cfg.enable { 66 | services.traefik = enabled // { 67 | staticConfigOptions = { 68 | api = { 69 | dashboard = true; 70 | insecure = false; 71 | }; 72 | 73 | certificatesResolvers.letsencrypt.acme = { 74 | email = "spam@${cfg.domain}"; 75 | storage = "${config.services.traefik.dataDir}/acme.json"; 76 | caServer = "https://acme-v02.api.letsencrypt.org/directory"; 77 | dnsChallenge = { 78 | provider = "cloudflare"; 79 | delayBeforeCheck = 0; 80 | }; 81 | }; 82 | 83 | entryPoints = { 84 | web.address = ":80"; 85 | websecure.address = ":443"; 86 | }; 87 | 88 | global = { 89 | checkNewVersion = false; 90 | sendAnonymousUsage = false; 91 | }; 92 | 93 | log = { 94 | level = "WARN"; 95 | format = "json"; 96 | }; 97 | }; 98 | 99 | dynamicConfigOptions.http = { 100 | routers = builtins.listToAttrs ( 101 | map mkRouter (builtins.attrNames cfg.services) 102 | ++ [ 103 | { 104 | name = "traefik"; 105 | value = { 106 | rule = "Host(`traefik.${cfg.domain}`)"; 107 | entryPoints = [ "websecure" ]; 108 | service = "api@internal"; 109 | tls.certResolver = "letsencrypt"; 110 | middlewares = [ "auth" ]; 111 | }; 112 | } 113 | ] 114 | ); 115 | 116 | services = builtins.listToAttrs ( 117 | map (name: mkService (cfg.services.${name} // { inherit name; })) (builtins.attrNames cfg.services) 118 | ); 119 | 120 | middlewares = { 121 | auth.forwardAuth = { 122 | address = "http://localhost:9091/api/authz/forward-auth"; 123 | trustForwardHeader = true; 124 | authResponseHeaders = [ 125 | "Remote-User" 126 | "Remote-Groups" 127 | "Remote-Email" 128 | "Remote-Name" 129 | ]; 130 | }; 131 | 132 | jellyfin-redirect.redirectRegex = { 133 | permanent = true; 134 | regex = "^https://stream.${cfg.domain}/?$"; 135 | replacement = "https://stream.${cfg.domain}/sso/OID/start/authelia"; 136 | }; 137 | }; 138 | 139 | serversTransports.insecure = { 140 | insecureSkipVerify = true; 141 | }; 142 | }; 143 | }; 144 | }; 145 | } 146 | -------------------------------------------------------------------------------- /modules/nixos/services/yubikey/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.services.yubikey; 12 | in 13 | { 14 | options.${namespace}.services.yubikey = { 15 | enable = mkEnableOption "Enable yubikey support"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | security.pam = { 20 | sshAgentAuth = enabled; 21 | services = { 22 | login.u2fAuth = true; 23 | sudo = { 24 | u2fAuth = true; 25 | sshAgentAuth = true; 26 | }; 27 | }; 28 | u2f = enabled // { 29 | settings.cue = false; 30 | }; 31 | }; 32 | 33 | services = { 34 | pcscd = enabled; 35 | udev.packages = [ pkgs.yubikey-personalization ]; 36 | yubikey-agent = enabled; 37 | }; 38 | 39 | users.users.yash.packages = with pkgs; [ 40 | pam_u2f 41 | yubikey-manager 42 | yubioath-flutter 43 | ]; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /modules/nixos/system/boot/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.system.boot; 12 | in 13 | { 14 | options.${namespace}.system.boot = with types; { 15 | enable = mkBoolOpt false "Whether or not to enable booting"; 16 | 17 | secure = { 18 | enable = mkBoolOpt false "Enable Secure Boot"; 19 | pkiBundle = mkOption { 20 | type = str; 21 | default = "/etc/secureboot"; 22 | description = "The path to the PKI bundle"; 23 | }; 24 | }; 25 | }; 26 | 27 | config = mkIf cfg.enable { 28 | boot = { 29 | # Use latest kernel by default. 30 | kernelPackages = mkDefault pkgs.linuxPackages_latest; 31 | 32 | # Secure Boot 33 | lanzaboote = { 34 | inherit (cfg.secure) enable; 35 | inherit (cfg.secure) pkiBundle; 36 | }; 37 | 38 | # Bootloader 39 | loader = { 40 | efi = { 41 | efiSysMountPoint = "/boot"; 42 | # Set to true only the first time 43 | canTouchEfiVariables = false; 44 | }; 45 | 46 | systemd-boot.enable = mkForce (!cfg.secure.enable); 47 | timeout = mkDefault 60; 48 | }; 49 | }; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /modules/nixos/system/fonts/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, namespace, ... }: 2 | { 3 | fonts = { 4 | packages = with pkgs; [ 5 | cabin 6 | dejavu_fonts 7 | pkgs.${namespace}.monolisa-nerdfonts 8 | nerd-fonts.caskaydia-cove 9 | nerd-fonts.jetbrains-mono 10 | noto-fonts 11 | noto-fonts-cjk-sans 12 | noto-fonts-emoji 13 | unifont 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/nixos/system/grub/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | let 10 | cfg = config.${namespace}.profiles.grub; 11 | in 12 | { 13 | options.${namespace}.profiles.grub = { 14 | enable = mkEnableOption "Enable the GRUB bootloader"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | boot.loader.grub = { 19 | enable = lib.mkDefault true; 20 | devices = [ "nodev" ]; 21 | efiSupport = true; 22 | useOSProber = true; 23 | gfxmodeEfi = "2560x1440"; 24 | backgroundColor = "#000000"; 25 | fontSize = 36; 26 | splashImage = ../desktop/stylix/background.png; 27 | font = "${pkgs.source-code-pro}/share/fonts/opentype/SourceCodePro-Medium.otf"; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/nixos/system/locale/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | console.keyMap = lib.mkForce "us"; 4 | i18n.defaultLocale = "en_US.UTF-8"; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/system/time/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | time.hardwareClockInLocalTime = true; 3 | time.timeZone = "Asia/Kolkata"; 4 | } 5 | -------------------------------------------------------------------------------- /modules/nixos/system/wsl/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | cfg = config.${namespace}.system.wsl; 12 | in 13 | { 14 | options.${namespace}.system.wsl = with types; { 15 | enable = mkBoolOpt false "Whether or not to enable WSL support"; 16 | 17 | hostname = mkOption { 18 | type = str; 19 | default = ""; 20 | description = "The hostname of the WSL instance"; 21 | }; 22 | 23 | user = mkOption { 24 | type = str; 25 | default = "yash"; 26 | description = "The default user for the WSL instance"; 27 | }; 28 | }; 29 | 30 | config = mkIf cfg.enable { 31 | wsl = enabled // { 32 | defaultUser = cfg.user; 33 | startMenuLaunchers = true; 34 | usbip = enabled; 35 | wslConf.network.hostname = cfg.hostname; 36 | 37 | # Binaries for Docker Desktop wsl-distro-proxy 38 | extraBin = with pkgs; [ 39 | { src = "${coreutils}/bin/mkdir"; } 40 | { src = "${coreutils}/bin/cat"; } 41 | { src = "${coreutils}/bin/whoami"; } 42 | { src = "${coreutils}/bin/ls"; } 43 | { src = "${busybox}/bin/addgroup"; } 44 | { src = "${su}/bin/groupadd"; } 45 | { src = "${su}/bin/usermod"; } 46 | ]; 47 | }; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /modules/nixos/system/xkb/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.system.xkb; 11 | in 12 | { 13 | options.${namespace}.system.xkb = with types; { 14 | enable = mkBoolOpt false "Whether or not to configure xkb."; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | console.useXkbConfig = true; 19 | 20 | services.xserver = { 21 | xkb = { 22 | layout = "us"; 23 | variant = "intl"; 24 | }; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/nixos/virtualisation/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | cfg = config.${namespace}.virtualisation; 11 | in 12 | { 13 | options.${namespace}.virtualisation = with types; { 14 | enable = mkBoolOpt false "Whether or not to enable virtualisation support"; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | virtualisation = { 19 | docker = enabled // { 20 | rootless = enabled // { 21 | setSocketVariable = true; 22 | }; 23 | }; 24 | 25 | oci-containers.backend = "docker"; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /overlays/agenix/default.nix: -------------------------------------------------------------------------------- 1 | { agenix, ... }: _final: prev: { agenix = agenix.packages.${prev.system}.default; } 2 | -------------------------------------------------------------------------------- /overlays/ghostty/default.nix: -------------------------------------------------------------------------------- 1 | { ghostty, ... }: _final: prev: { ghostty = ghostty.packages.${prev.system}.ghostty-releasefast; } 2 | -------------------------------------------------------------------------------- /overlays/nh_darwin/default.nix: -------------------------------------------------------------------------------- 1 | { nh_darwin, ... }: _final: prev: { nh-darwin = nh_darwin.packages.${prev.system}.default; } 2 | -------------------------------------------------------------------------------- /overlays/slack/default.nix: -------------------------------------------------------------------------------- 1 | _: _final: prev: { 2 | slack = prev.slack.overrideAttrs (prevAttrs: { 3 | installPhase = 4 | prevAttrs.installPhase 5 | + '' 6 | rm $out/bin/slack 7 | 8 | makeWrapper $out/lib/slack/slack $out/bin/slack \ 9 | --add-flags "--enable-features=WebRTCPipeWireCapturer" \ 10 | --add-flags "--enable-features=WaylandWindowDecorations" \ 11 | --add-flags "--ozone-platform-hint=auto" 12 | ''; 13 | }); 14 | } 15 | -------------------------------------------------------------------------------- /overlays/spicetify/default.nix: -------------------------------------------------------------------------------- 1 | { spicetify-nix, ... }: _final: prev: { spicetify = spicetify-nix.packages.${prev.system}.default; } 2 | -------------------------------------------------------------------------------- /overlays/vesktop/default.nix: -------------------------------------------------------------------------------- 1 | _: _final: prev: { vesktop = prev.vesktop.override { withSystemVencord = false; }; } 2 | -------------------------------------------------------------------------------- /overlays/zjstatus/default.nix: -------------------------------------------------------------------------------- 1 | { zjstatus, ... }: _final: prev: { zjstatus = zjstatus.packages.${prev.system}.default; } 2 | -------------------------------------------------------------------------------- /packages/README.md: -------------------------------------------------------------------------------- 1 | NixOS packages for personal use. 2 | -------------------------------------------------------------------------------- /packages/monolisa-nerdfonts/default.nix: -------------------------------------------------------------------------------- 1 | { stdenvNoCC, lib }: 2 | stdenvNoCC.mkDerivation { 3 | pname = "monolisa-nerdfonts"; 4 | version = "2.015"; 5 | src = ./.; 6 | 7 | installPhase = '' 8 | mkdir -p $out/share/fonts/truetype/ 9 | if [ -d "$src/fonts" ]; then 10 | cp -r $src/fonts/*.ttf $out/share/fonts/truetype/ 11 | else 12 | echo "No fonts found in $src/fonts" 13 | exit 0 14 | fi 15 | ''; 16 | 17 | meta = with lib; { 18 | description = "Monolisa Nerd Fonts"; 19 | homepage = "https://www.monolisa.dev/"; 20 | platforms = platforms.all; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /packages/mpv-scripts/auto-profiles/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchFromGitHub, 3 | stdenvNoCC, 4 | lib, 5 | }: 6 | stdenvNoCC.mkDerivation rec { 7 | pname = "auto-profiles"; 8 | version = "v1.4"; 9 | 10 | src = fetchFromGitHub { 11 | owner = "Moodkiller"; 12 | repo = "MPV-Made-Easy"; 13 | rev = "57b0a488e6a7238b46f94a472368973f77e1054c"; 14 | hash = "sha256-FSIrs/4QVNOg7tJFKRmnx0eRRDKlDahYn/ckntkwmCg="; 15 | }; 16 | 17 | installPhase = '' 18 | runHook preInstall 19 | 20 | mkdir -p $out/share/mpv/scripts 21 | cp scripts/${pname}.lua $out/share/mpv/scripts 22 | 23 | runHook postInstall 24 | ''; 25 | 26 | passthru.scriptName = "${pname}.lua"; 27 | 28 | meta = with lib; { 29 | license = licenses.gpl2; 30 | homepage = "https://github.com/Moodkiller/MPV-Made-Easy"; 31 | platforms = platforms.all; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /packages/mpv-scripts/better-chapters/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchurl, 3 | stdenvNoCC, 4 | lib, 5 | }: 6 | stdenvNoCC.mkDerivation rec { 7 | name = "betterchapters"; 8 | dontUnpack = true; 9 | 10 | src = fetchurl { 11 | url = "https://gist.githubusercontent.com/Hakkin/4f978a5c87c31f7fe3ae/raw/1d1daf22f0ec5f0219e4e72216e772828f5c8e4c/betterchapters.lua"; 12 | hash = "sha256-bPH9sm/aO/FnWYY8K+2DFjFahaOCrSj5Es2bqfBk9ow="; 13 | }; 14 | 15 | installPhase = '' 16 | runHook preInstall 17 | 18 | mkdir -p $out/share/mpv/scripts 19 | cp ${src} $out/share/mpv/scripts/${name}.lua 20 | 21 | runHook postInstall 22 | ''; 23 | 24 | passthru.scriptName = "${name}.lua"; 25 | 26 | meta = with lib; { 27 | homepage = "https://gist.github.com/Hakkin/4f978a5c87c31f7fe3ae"; 28 | platforms = platforms.all; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /packages/mpv-scripts/boss-key/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchFromGitHub, 3 | stdenvNoCC, 4 | lib, 5 | }: 6 | stdenvNoCC.mkDerivation rec { 7 | name = "boss-key"; 8 | 9 | src = fetchFromGitHub { 10 | owner = "detuur"; 11 | repo = "mpv-scripts"; 12 | rev = "0125d5eaaa6614464fbb0ee4fb7aa22a942367e8"; 13 | hash = "sha256-b3Z9T1NfNdUzUF3to1DhBm6CpiXnoBDfaRqzXrIE8ds="; 14 | }; 15 | 16 | installPhase = '' 17 | runHook preInstall 18 | 19 | mkdir -p $out/share/mpv/scripts 20 | cp ${name}.lua $out/share/mpv/scripts 21 | 22 | runHook postInstall 23 | ''; 24 | 25 | passthru.scriptName = "${name}.lua"; 26 | 27 | meta = with lib; { 28 | license = licenses.mit; 29 | homepage = "https://github.com/detuur/mpv-scripts"; 30 | platforms = platforms.all; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /packages/mpv-scripts/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | let 3 | callPackage = pkg: pkgs.callPackage pkg; 4 | in 5 | { 6 | auto-profiles = callPackage ./auto-profiles { }; 7 | better-chapters = callPackage ./better-chapters { }; 8 | boss-key = callPackage ./boss-key { }; 9 | repl = callPackage ./repl { }; 10 | status-line = callPackage ./status-line { }; 11 | } 12 | -------------------------------------------------------------------------------- /packages/mpv-scripts/repl/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchFromGitHub, 3 | stdenvNoCC, 4 | lib, 5 | }: 6 | stdenvNoCC.mkDerivation rec { 7 | name = "repl"; 8 | 9 | src = fetchFromGitHub { 10 | owner = "rossy"; 11 | repo = "mpv-repl"; 12 | rev = "f7538adea92b441f2c7edd5dc07dd50dac28d3d5"; 13 | hash = "sha256-e7BG21XQLjMHxZCIrvc6EKdT97YZiP+JQbJXksZyflo="; 14 | }; 15 | 16 | installPhase = '' 17 | runHook preInstall 18 | 19 | mkdir -p $out/share/mpv/scripts 20 | cp ${name}.lua $out/share/mpv/scripts 21 | 22 | runHook postInstall 23 | ''; 24 | 25 | passthru.scriptName = "${name}.lua"; 26 | 27 | meta = with lib; { 28 | license = licenses.mit; 29 | homepage = "https://github.com/detuur/mpv-scripts"; 30 | platforms = platforms.all; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /packages/mpv-scripts/status-line/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchurl, 3 | stdenvNoCC, 4 | lib, 5 | }: 6 | stdenvNoCC.mkDerivation rec { 7 | name = "status-line"; 8 | dontUnpack = true; 9 | 10 | src = fetchurl { 11 | url = "https://raw.githubusercontent.com/mpv-player/mpv/daa6068d02fd8a68a5f7d23c0f8f1b4166f75fbe/TOOLS/lua/status-line.lua"; 12 | hash = "sha256-xSndfsboaHzSS1KfO3ZM+q6TYZ1GMUVonQVlmNCbw1Q="; 13 | }; 14 | 15 | installPhase = '' 16 | runHook preInstall 17 | 18 | mkdir -p $out/share/mpv/scripts 19 | cp ${src} $out/share/mpv/scripts/${name}.lua 20 | 21 | runHook postInstall 22 | ''; 23 | 24 | passthru.scriptName = "${name}.lua"; 25 | 26 | meta = with lib; { 27 | homepage = "https://github.com/mpv-player/mpv/tree/master/TOOLS/lua"; 28 | platforms = platforms.all; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /scripts/aliases: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | alias cls='clear' 4 | alias gw='./gradlew' 5 | 6 | if type bat &>/dev/null; then 7 | alias cat='bat' 8 | fi 9 | 10 | if type dust &>/dev/null; then 11 | alias du='dust' 12 | fi 13 | 14 | if type fastfetch &>/dev/null; then 15 | alias fetch='fastfetch' 16 | fi 17 | 18 | if type lazygit &>/dev/null; then 19 | alias lg='lazygit' 20 | fi 21 | 22 | if type git &>/dev/null; then 23 | alias gcp='git cherry-pick' 24 | alias amend='git commit --amend' 25 | alias add='git add --all' 26 | alias st='git status' 27 | alias push='git push' 28 | alias fpush='git push --force-with-lease' 29 | alias pull='git pull' 30 | alias commit='git commit -m' 31 | alias rst='git reset; git restore .' 32 | alias branch='git switch -c -m' 33 | fi 34 | 35 | if type nvim &>/dev/null; then 36 | export EDITOR='nvim' 37 | fi 38 | 39 | if type micro &>/dev/null; then 40 | alias m='micro' 41 | fi 42 | 43 | if type rg &>/dev/null; then 44 | alias grep='rg' 45 | fi 46 | 47 | if type xclip &>/dev/null; then 48 | alias xclip='xclip -selection c' 49 | fi 50 | 51 | if type zoxide &>/dev/null; then 52 | alias cd='z' 53 | fi 54 | 55 | if type kubectl &>/dev/null; then 56 | alias k='kubectl' 57 | fi 58 | 59 | if type kitty &>/dev/null; then 60 | alias s='kitten ssh' 61 | fi 62 | 63 | if type batman &>/dev/null; then 64 | alias man='batman' 65 | fi 66 | 67 | if type zellij &>/dev/null; then 68 | alias zj='zellij' 69 | alias zl='zellij --layout' 70 | alias zr='zellij run -d right -c --' 71 | alias zrf='zellij run -f -c --' 72 | alias zri='zellij run -d right -i -c --' 73 | alias zkill='zellij ka && zellij da' 74 | fi 75 | 76 | if type nh_darwin &>/dev/null; then 77 | alias nh='nh_darwin' 78 | fi 79 | 80 | if type just &>/dev/null; then 81 | alias j='just' 82 | fi 83 | -------------------------------------------------------------------------------- /scripts/functions: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function v() { 4 | file=$(fzf --preview 'bat --color=always --style=numbers {}') 5 | 6 | if [ -n "$file" ]; then 7 | ${VISUAL:-${EDITOR:-nano}} $file 8 | fi 9 | } 10 | 11 | function glog() { 12 | count=$1 13 | 14 | if [ -z "$count" ]; then 15 | count=10 16 | fi 17 | 18 | git log --oneline --decorate --graph --all -n $count 19 | } 20 | 21 | function gdiff() { 22 | sha=$1 23 | 24 | if [ -z "$sha" ]; then 25 | sha="HEAD" 26 | fi 27 | 28 | git diff -w $sha 29 | } 30 | 31 | function cmb() { 32 | if [ -d .git ]; then 33 | git log --graph --color=always \ 34 | --format="%C(auto)%h%d %s %C(#6e6e6e)%C(bold)%cr" "$@" | 35 | fzf --ansi --no-sort --reverse --tiebreak=index --bind=ctrl-s:toggle-sort \ 36 | --bind "ctrl-m:execute: 37 | (grep -o '[a-f0-9]\{7\}' | head -1 | 38 | xargs -I % sh -c 'git show -w --color=always % | less -R') << 'FZF-EOF' 39 | {} 40 | FZF-EOF" 41 | else 42 | echo "not a git directory" 43 | fi 44 | } 45 | -------------------------------------------------------------------------------- /scripts/shell-init: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | [ -f "$HOME/.functions" ] && source "$HOME/.functions" 4 | [ -f "$HOME/.aliases" ] && source "$HOME/.aliases" 5 | 6 | [ -d "$HOME/.sdkman" ] && source "$HOME/.sdkman/bin/sdkman-init.sh" 7 | 8 | [ -d "$HOME/Android/Sdk" ] && export ANDROID_HOME="$HOME/Android/Sdk" 9 | 10 | [ -d "$HOME/Library/Android/Sdk" ] && export ANDROID_HOME="$HOME/Library/Android/Sdk" 11 | 12 | [ -d "$HOME/Android/Flutter" ] && export PATH="$HOME/Android/Flutter/bin:$PATH" 13 | 14 | for dir in "platform-tools" "cmdline-tools/latest/bin"; do 15 | [ -d "$ANDROID_HOME/$dir" ] && export PATH="$ANDROID_HOME/$dir:$PATH" 16 | done 17 | 18 | if command -v gpgconf >/dev/null 2>&1; then 19 | gpgconf --launch gpg-agent 20 | fi 21 | -------------------------------------------------------------------------------- /secrets/.gitconfig-freelance.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/.gitconfig-freelance.age -------------------------------------------------------------------------------- /secrets/.gitconfig-work.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/.gitconfig-work.age -------------------------------------------------------------------------------- /secrets/cosmos/tailscale.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/cosmos/tailscale.age -------------------------------------------------------------------------------- /secrets/cosmos/user.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/cosmos/user.age -------------------------------------------------------------------------------- /secrets/nebula/tailscale.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/nebula/tailscale.age -------------------------------------------------------------------------------- /secrets/nova/cifs.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/nova/cifs.age -------------------------------------------------------------------------------- /secrets/nova/samba.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/nova/samba.age -------------------------------------------------------------------------------- /secrets/secrets.nix: -------------------------------------------------------------------------------- 1 | let 2 | main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILx1G6WZ4MQ8c4hUZy2Be+GF5fZQJSssn4qnJoQ4MPxz"; 3 | alt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGT/WxAzpXRNz4AInl2lvZtegbKW0mZxzJjmMcAy1iOx"; 4 | work = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFoj8ysWSPSV8T93j0YUtKhaaR71yoJQS553Yd1KqQLT"; 5 | freelance = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa4RyjHhuaFIwkeP9kWIyAPjfdPyam4LY6WdCO5JIKN"; 6 | 7 | users = [ 8 | main 9 | alt 10 | ]; 11 | 12 | aurora = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5zDrFQlu00xY1AqRlYStqSdd8yFRVhylxY1iwtbkaV"; 13 | astra = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsXHN40eJNizwBCx98q/o4YYrQl+FBSgJWwdlNIjCfF"; 14 | cosmos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFzLPmJL5Knew+jBin2NG/78lZfR0lNNWoUOeUTvdS6"; 15 | nebula = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0oDlwxn0cKRuNrpb0neWGczQzQbQbX8fPkvc1zIcwe"; 16 | nova = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4Sgn2sPpoVG1nAIZfS0bwmWRZyfKgsoymFzOt1pp0G"; 17 | zenith = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPm7C0lqhkp+TvLU9toLpL32Clgj+phKTbaSAzPLO8E"; 18 | in 19 | { 20 | ".gitconfig-work.age".publicKeys = users ++ [ work ] ++ [ aurora ]; 21 | ".gitconfig-freelance.age".publicKeys = users ++ [ freelance ] ++ [ astra ]; 22 | 23 | "cosmos/tailscale.age".publicKeys = users ++ [ 24 | cosmos 25 | zenith 26 | ]; 27 | "cosmos/user.age".publicKeys = users ++ [ 28 | cosmos 29 | zenith 30 | ]; 31 | 32 | "nebula/tailscale.age".publicKeys = users ++ [ nebula ]; 33 | 34 | "nova/cifs.age".publicKeys = users ++ [ nova ]; 35 | "nova/samba.age".publicKeys = users ++ [ nova ]; 36 | 37 | "zenith/authelia/jwt.age".publicKeys = users ++ [ zenith ]; 38 | "zenith/authelia/session.age".publicKeys = users ++ [ zenith ]; 39 | "zenith/authelia/storage.age".publicKeys = users ++ [ zenith ]; 40 | "zenith/authelia/users.yml.age".publicKeys = users ++ [ zenith ]; 41 | "zenith/authelia/notifier.yml.age".publicKeys = users ++ [ zenith ]; 42 | "zenith/authelia/oidc.age".publicKeys = users ++ [ zenith ]; 43 | "zenith/authelia/hmac.age".publicKeys = users ++ [ zenith ]; 44 | "zenith/authelia/ldap.age".publicKeys = users ++ [ zenith ]; 45 | 46 | "zenith/lldap/jwt.age".publicKeys = users ++ [ zenith ]; 47 | "zenith/lldap/user.age".publicKeys = users ++ [ zenith ]; 48 | "zenith/lldap/key-seed.age".publicKeys = users ++ [ zenith ]; 49 | 50 | "zenith/cf.env.age".publicKeys = users ++ [ zenith ]; 51 | "zenith/homepage.env.age".publicKeys = users ++ [ zenith ]; 52 | "zenith/plausible.age".publicKeys = users ++ [ zenith ]; 53 | "zenith/tailscale.age".publicKeys = users ++ [ zenith ]; 54 | "zenith/user.age".publicKeys = users ++ [ zenith ]; 55 | } 56 | -------------------------------------------------------------------------------- /secrets/zenith/authelia/hmac.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/hmac.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/jwt.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/jwt.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/ldap.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/ldap.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/notifier.yml.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/notifier.yml.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/oidc.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/oidc.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/session.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/session.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/storage.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/storage.age -------------------------------------------------------------------------------- /secrets/zenith/authelia/users.yml.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/authelia/users.yml.age -------------------------------------------------------------------------------- /secrets/zenith/cf.env.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/cf.env.age -------------------------------------------------------------------------------- /secrets/zenith/homepage.env.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/homepage.env.age -------------------------------------------------------------------------------- /secrets/zenith/lldap/jwt.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/lldap/jwt.age -------------------------------------------------------------------------------- /secrets/zenith/lldap/key-seed.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/lldap/key-seed.age -------------------------------------------------------------------------------- /secrets/zenith/lldap/user.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/lldap/user.age -------------------------------------------------------------------------------- /secrets/zenith/plausible.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/plausible.age -------------------------------------------------------------------------------- /secrets/zenith/tailscale.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/tailscale.age -------------------------------------------------------------------------------- /secrets/zenith/user.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Yash-Garg/dotfiles/0ad65ebbf3e3c2235e83bfa73a9803a9024ce074/secrets/zenith/user.age -------------------------------------------------------------------------------- /statix.toml: -------------------------------------------------------------------------------- 1 | disabled = ["repeated_keys"] 2 | ignore = ['.direnv'] 3 | nix_version = '2.90' 4 | -------------------------------------------------------------------------------- /systems/aarch64-darwin/astra/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | username = config.${namespace}.user.name; 11 | in 12 | { 13 | age.secrets.gitconfig = { 14 | file = snowfall.fs.get-file "secrets/.gitconfig-freelance.age"; 15 | mode = "0500"; 16 | owner = username; 17 | }; 18 | 19 | dots = { 20 | dock.persistentApps = [ 21 | "Ghostty" 22 | "Xcode" 23 | "Cursor" 24 | "Spotify" 25 | "Discord" 26 | "Arc" 27 | "OrbStack" 28 | "WhatsApp" 29 | "Telegram" 30 | ]; 31 | 32 | homebrew = { 33 | additionalCasks = [ 34 | "arc" 35 | "chatgpt" 36 | "chromedriver" 37 | "cursor" 38 | "discord" 39 | "flutter" 40 | "google-chrome" 41 | "notion-calendar" 42 | "obsidian" 43 | ]; 44 | 45 | masApps = { 46 | Amphetamine = 937984704; 47 | Bitwarden = 1352778147; 48 | Tailscale = 1475387142; 49 | Telegram = 747648890; 50 | Unread = 1363637349; 51 | WhatsApp = 310633997; 52 | }; 53 | }; 54 | }; 55 | 56 | environment.variables = { 57 | GPG_TTY = "$(tty)"; 58 | # SSH_AUTH_SOCK = "$(gpgconf --list-dirs agent-ssh-socket)"; 59 | SSH_AUTH_SOCK = "$HOME/Library/Containers/com.bitwarden.desktop/Data/.bitwarden-ssh-agent.sock"; 60 | }; 61 | 62 | snowfallorg.users.${username}.home.config = { 63 | programs.git.includes = mkAfter [ 64 | { 65 | condition = "gitdir/i:~/projects/work/**"; 66 | inherit (config.age.secrets.gitconfig) path; 67 | } 68 | ]; 69 | 70 | }; 71 | 72 | system.stateVersion = 5; 73 | } 74 | -------------------------------------------------------------------------------- /systems/aarch64-darwin/aurora/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | namespace, 5 | ... 6 | }: 7 | with lib; 8 | with lib.${namespace}; 9 | let 10 | username = config.${namespace}.user.name; 11 | in 12 | { 13 | age.secrets.gitconfig = { 14 | file = snowfall.fs.get-file "secrets/.gitconfig-work.age"; 15 | mode = "0500"; 16 | owner = username; 17 | }; 18 | 19 | dots = { 20 | dock.persistentApps = [ 21 | "Ghostty" 22 | "Xcode" 23 | "Windsurf" 24 | "Spotify" 25 | "Android Studio" 26 | "Linear" 27 | "Slack" 28 | "Arc" 29 | "OrbStack" 30 | "zoom.us" 31 | ]; 32 | 33 | homebrew = { 34 | additionalCasks = [ 35 | "arc" 36 | "linear-linear" 37 | "obsidian" 38 | "slack" 39 | "temurin@21" 40 | "windsurf" 41 | "yubico-yubikey-manager" 42 | "zoom" 43 | ]; 44 | 45 | brews = [ "cloudflared" ]; 46 | }; 47 | 48 | user.name = "ygarg"; 49 | }; 50 | 51 | snowfallorg.users.${username}.home.config = { 52 | programs.git.includes = mkAfter [ 53 | { inherit (config.age.secrets.gitconfig) path; } 54 | ]; 55 | }; 56 | 57 | system.stateVersion = 5; 58 | } 59 | -------------------------------------------------------------------------------- /systems/aarch64-darwin/trinity/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | dots = { 3 | dock.persistentApps = [ 4 | "Ghostty" 5 | "Xcode" 6 | "Visual Studio Code" 7 | "Spotify" 8 | "Android Studio" 9 | "ChatGPT" 10 | "Slack" 11 | "Discord" 12 | "Arc" 13 | "WhatsApp" 14 | "Telegram" 15 | ]; 16 | 17 | homebrew = { 18 | additionalCasks = [ 19 | "actual" 20 | "arc" 21 | "chatgpt" 22 | "discord" 23 | "flutter" 24 | "notion-calendar" 25 | "obsidian" 26 | "slack" 27 | ]; 28 | 29 | masApps = { 30 | Amphetamine = 937984704; 31 | Bitwarden = 1352778147; 32 | "Prime Video" = 545519333; 33 | Tailscale = 1475387142; 34 | Telegram = 747648890; 35 | Unread = 1363637349; 36 | WhatsApp = 310633997; 37 | }; 38 | }; 39 | }; 40 | 41 | system.stateVersion = 5; 42 | } 43 | -------------------------------------------------------------------------------- /systems/aarch64-linux/cosmos/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | let 11 | hostName = "cosmos"; 12 | in 13 | { 14 | imports = [ ./hardware-configuration.nix ]; 15 | 16 | age.secrets = { 17 | passwordfile-cosmos.file = getSecret "user" hostName; 18 | tsauthkey.file = getSecret "tailscale" hostName; 19 | }; 20 | 21 | boot.initrd.systemd.tpm2.enable = mkForce false; 22 | 23 | dots = { 24 | hardware.networking = enabled // { 25 | inherit hostName; 26 | extra = false; 27 | tcpPorts = [ 28 | 80 29 | 90 30 | 443 31 | ]; 32 | }; 33 | 34 | services = { 35 | avahi = enabled; 36 | 37 | samba = enabled // { 38 | shares = { 39 | media.path = "/mnt/wd500"; 40 | evo.path = "/mnt/evo970"; 41 | }; 42 | }; 43 | 44 | ssh = enabled // { 45 | package = pkgs.openssh_hpn; 46 | passwordAuth = true; 47 | permitRootLogin = true; 48 | }; 49 | 50 | tailscale = enabled // { 51 | authKeyFile = config.age.secrets.tsauthkey.path; 52 | exitNode = true; 53 | ssh = true; 54 | subnetRouting = enabled // { 55 | routes = [ 56 | "10.0.0.0/24" 57 | "10.0.1.0/24" 58 | ]; 59 | }; 60 | }; 61 | }; 62 | }; 63 | 64 | environment = { 65 | pathsToLink = [ "/share/bash-completion" ]; 66 | systemPackages = with pkgs; [ 67 | git 68 | bluez 69 | bluez-tools 70 | ]; 71 | }; 72 | 73 | topology.self.name = "Raspberry Pi 5"; 74 | 75 | users = { 76 | mutableUsers = false; 77 | users.yash = { 78 | isNormalUser = true; 79 | hashedPasswordFile = config.age.secrets.passwordfile-cosmos.path; 80 | ignoreShellProgramCheck = true; 81 | extraGroups = [ 82 | "docker" 83 | "wheel" 84 | ]; 85 | }; 86 | }; 87 | 88 | system.stateVersion = "24.11"; 89 | } 90 | -------------------------------------------------------------------------------- /systems/aarch64-linux/cosmos/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | namespace, 8 | modulesPath, 9 | ... 10 | }: 11 | with lib.${namespace}; 12 | { 13 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 14 | 15 | boot = { 16 | extraModulePackages = [ ]; 17 | initrd.availableKernelModules = [ ]; 18 | initrd.kernelModules = [ ]; 19 | kernelModules = [ ]; 20 | kernelParams = [ 21 | "8250.nr_uarts=11" 22 | "console=ttyAMA10,9600" 23 | "console=tty0" 24 | ]; 25 | }; 26 | 27 | hardware = { 28 | bluetooth = enabled; 29 | raspberry-pi.config = { 30 | pi5 = { 31 | dt-overlays = { 32 | vc4-kms-v3d-pi5 = enabled // { 33 | params = { }; 34 | }; 35 | }; 36 | }; 37 | all = { 38 | base-dt-params = { 39 | krnbt = enabled // { 40 | value = "on"; 41 | }; 42 | }; 43 | }; 44 | }; 45 | }; 46 | 47 | fileSystems."/" = { 48 | device = "/dev/disk/by-label/NIXOS_SD"; 49 | fsType = "ext4"; 50 | }; 51 | 52 | fileSystems."/boot/firmware" = { 53 | device = "/dev/disk/by-label/FIRMWARE"; 54 | fsType = "vfat"; 55 | options = [ 56 | "fmask=0022" 57 | "dmask=0022" 58 | ]; 59 | }; 60 | 61 | fileSystems."/mnt/wd500" = { 62 | device = "/dev/disk/by-uuid/ec2f35a7-a498-451f-b0c9-1d6677023277"; 63 | fsType = "ext4"; 64 | options = [ 65 | "nofail" 66 | "rw" 67 | ]; 68 | }; 69 | 70 | fileSystems."/mnt/evo970" = { 71 | device = "/dev/disk/by-uuid/382ba8fb-7d26-4b71-b59c-667f87566853"; 72 | fsType = "ext4"; 73 | options = [ 74 | "nofail" 75 | "rw" 76 | ]; 77 | }; 78 | 79 | raspberry-pi-nix.board = "bcm2712"; 80 | raspberry-pi-nix.pin-inputs.enable = true; 81 | 82 | swapDevices = [ ]; 83 | 84 | nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 85 | } 86 | -------------------------------------------------------------------------------- /systems/aarch64-linux/zenith/disk-config.nix: -------------------------------------------------------------------------------- 1 | { 2 | disko.devices = { 3 | disk = { 4 | main = { 5 | type = "disk"; 6 | device = "/dev/sda"; 7 | content = { 8 | type = "gpt"; 9 | partitions = { 10 | boot = { 11 | size = "512M"; 12 | type = "EF00"; 13 | content = { 14 | type = "filesystem"; 15 | format = "vfat"; 16 | mountpoint = "/boot"; 17 | }; 18 | }; 19 | root = { 20 | size = "100%"; 21 | content = { 22 | type = "filesystem"; 23 | format = "ext4"; 24 | mountpoint = "/"; 25 | }; 26 | }; 27 | }; 28 | }; 29 | }; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /systems/aarch64-linux/zenith/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | 3 | lib, 4 | modulesPath, 5 | ... 6 | }: 7 | { 8 | imports = [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | boot = { 13 | initrd.availableKernelModules = [ 14 | "xhci_pci" 15 | "virtio_scsi" 16 | ]; 17 | initrd.kernelModules = [ ]; 18 | kernelModules = [ ]; 19 | extraModulePackages = [ ]; 20 | }; 21 | 22 | networking.useDHCP = lib.mkDefault true; 23 | # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; 24 | 25 | nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 26 | } 27 | -------------------------------------------------------------------------------- /systems/x86_64-install-iso/minimal/default.nix: -------------------------------------------------------------------------------- 1 | { lib, namespace, ... }: 2 | with lib; 3 | with lib.${namespace}; 4 | { 5 | # `install-iso` adds wireless support that 6 | # is incompatible with networkmanager. 7 | networking.wireless.enable = mkForce false; 8 | 9 | dots = { 10 | hardware = { 11 | networking = enabled; 12 | }; 13 | 14 | services = { 15 | ssh = enabled; 16 | }; 17 | 18 | system = { 19 | boot = enabled; 20 | xkb = enabled; 21 | }; 22 | }; 23 | 24 | users.users.yash = { 25 | group = "users"; 26 | isNormalUser = true; 27 | }; 28 | 29 | system.stateVersion = "24.11"; 30 | } 31 | -------------------------------------------------------------------------------- /systems/x86_64-linux/nebula/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | pkgs, 5 | namespace, 6 | ... 7 | }: 8 | with lib; 9 | with lib.${namespace}; 10 | { 11 | age.secrets.tsauthkey.file = snowfall.fs.get-file "secrets/nebula/tailscale.age"; 12 | 13 | dots = { 14 | server = enabled; 15 | 16 | system.wsl = enabled // { 17 | hostname = "nebula"; 18 | }; 19 | 20 | services = { 21 | ssh = enabled; 22 | 23 | tailscale = enabled // { 24 | authKeyFile = config.age.secrets.tsauthkey.path; 25 | setNameservers = false; 26 | ssh = true; 27 | }; 28 | }; 29 | }; 30 | 31 | security.sudo.wheelNeedsPassword = false; 32 | topology.self.name = "WSL"; 33 | 34 | environment = { 35 | pathsToLink = [ "/share/zsh" ]; 36 | variables = { 37 | LANG = "en_US.UTF-8"; 38 | }; 39 | }; 40 | 41 | users.users.yash = { 42 | isNormalUser = true; 43 | shell = pkgs.zsh; 44 | ignoreShellProgramCheck = true; 45 | extraGroups = [ 46 | "wheel" 47 | "docker" 48 | ]; 49 | packages = [ pkgs.wget ]; 50 | }; 51 | 52 | programs.nix-ld = enabled // { 53 | package = pkgs.nix-ld-rs; 54 | }; 55 | 56 | system.stateVersion = "24.11"; 57 | } 58 | -------------------------------------------------------------------------------- /systems/x86_64-linux/nova/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | namespace, 5 | ... 6 | }: 7 | with lib.${namespace}; 8 | { 9 | imports = [ ./hardware-configuration.nix ]; 10 | 11 | age.secrets.samba-passwd.file = lib.snowfall.fs.get-file "secrets/nova/samba.age"; 12 | 13 | dots = { 14 | desktop = enabled // { 15 | extraPackages = [ ]; 16 | gnome = enabled; 17 | }; 18 | 19 | hardware.networking.hostName = "nova"; 20 | 21 | services = { 22 | cifs = enabled // { 23 | cifsHost = "nova"; 24 | mounts = { 25 | evo.path = "cosmos.local/evo"; 26 | wd.path = "cosmos.local/media"; 27 | }; 28 | }; 29 | 30 | samba = enabled // { 31 | shares = { 32 | downloads.path = "/mnt/sshd"; 33 | }; 34 | }; 35 | }; 36 | 37 | system.boot.secure = enabled; 38 | }; 39 | 40 | topology.self.name = "Desktop"; 41 | 42 | users.users.yash = { 43 | isNormalUser = true; 44 | description = "Yash Garg"; 45 | extraGroups = [ 46 | "networkmanager" 47 | "wheel" 48 | ]; 49 | shell = pkgs.zsh; 50 | ignoreShellProgramCheck = true; 51 | }; 52 | 53 | # This value determines the NixOS release from which the default 54 | # settings for stateful data, like file locations and database versions 55 | # on your system were taken. It‘s perfectly fine and recommended to leave 56 | # this value at the release version of the first install of this system. 57 | # Before changing this value read the documentation for this option 58 | # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 59 | system.stateVersion = "24.11"; # Did you read the comment? 60 | } 61 | -------------------------------------------------------------------------------- /systems/x86_64-linux/nova/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | namespace, 8 | modulesPath, 9 | ... 10 | }: 11 | with lib.${namespace}; 12 | let 13 | driverPkg = config.boot.kernelPackages.nvidiaPackages.beta; 14 | in 15 | { 16 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 17 | 18 | boot = { 19 | binfmt.emulatedSystems = [ "aarch64-linux" ]; 20 | extraModulePackages = [ ]; 21 | initrd.availableKernelModules = [ 22 | "xhci_pci" 23 | "ahci" 24 | "nvme" 25 | "usbhid" 26 | "usb_storage" 27 | "sd_mod" 28 | ]; 29 | initrd.kernelModules = [ ]; 30 | kernelModules = [ 31 | "kvm-intel" 32 | "i2c-dev" 33 | ]; 34 | kernelParams = [ "module_blacklist=i915" ]; 35 | }; 36 | 37 | hardware.i2c = enabled; 38 | 39 | # Enable OpenGL 40 | hardware.graphics = enabled // { 41 | enable32Bit = true; 42 | package = driverPkg; 43 | }; 44 | 45 | # Load nvidia driver for Xorg and Wayland 46 | services.xserver.videoDrivers = [ "nvidia" ]; 47 | 48 | hardware.nvidia = { 49 | # Modesetting is required. 50 | modesetting = enabled; 51 | 52 | # Nvidia power management. Experimental, and can cause sleep/suspend to fail. 53 | powerManagement = disabled // { 54 | # Fine-grained power management. Turns off GPU when not in use. 55 | # Experimental and only works on modern Nvidia GPUs (Turing or newer). 56 | finegrained = false; 57 | }; 58 | 59 | # Use the NVidia open source kernel module (not to be confused with the 60 | # independent third-party "nouveau" open source driver). 61 | # Support is limited to the Turing and later architectures. Full list of 62 | # supported GPUs is at: 63 | # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 64 | # Only available from driver 515.43.04+ 65 | # Currently alpha-quality/buggy, so false is currently the recommended setting. 66 | open = false; 67 | 68 | # Enable the Nvidia settings menu, 69 | # accessible via `nvidia-settings`. 70 | nvidiaSettings = true; 71 | 72 | # Optionally, you may need to select the appropriate driver version for your specific GPU. 73 | package = driverPkg; 74 | }; 75 | 76 | fileSystems."/" = { 77 | device = "/dev/disk/by-uuid/3a260301-7f2c-43e1-8ec8-59caa9c38d23"; 78 | fsType = "ext4"; 79 | }; 80 | 81 | fileSystems."/boot" = { 82 | device = "/dev/disk/by-uuid/03EC-2AF2"; 83 | fsType = "vfat"; 84 | }; 85 | 86 | fileSystems."/mnt/sshd" = { 87 | device = "/dev/disk/by-uuid/7838708038703F66"; 88 | fsType = "ntfs"; 89 | }; 90 | 91 | swapDevices = [ { device = "/dev/disk/by-uuid/29c26536-b342-4c31-bf42-10614bfc61fd"; } ]; 92 | 93 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 94 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 95 | } 96 | -------------------------------------------------------------------------------- /templates/cpp/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/cpp/default.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.defaultNix 26 | -------------------------------------------------------------------------------- /templates/cpp/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "devshell for a C++ project"; 3 | 4 | inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 5 | 6 | inputs.devshell.url = "github:numtide/devshell"; 7 | inputs.devshell.inputs.nixpkgs.follows = "nixpkgs"; 8 | 9 | inputs.flake-utils.url = "github:numtide/flake-utils"; 10 | 11 | inputs.flake-compat.url = "github:nix-community/flake-compat"; 12 | inputs.flake-compat.flake = false; 13 | 14 | outputs = 15 | { 16 | nixpkgs, 17 | devshell, 18 | flake-utils, 19 | ... 20 | }: 21 | flake-utils.lib.eachDefaultSystem ( 22 | system: 23 | let 24 | pkgs = import nixpkgs { 25 | inherit system; 26 | overlays = [ devshell.overlays.default ]; 27 | }; 28 | in 29 | { 30 | devShells.default = pkgs.devshell.mkShell { 31 | bash = { 32 | interactive = ""; 33 | }; 34 | 35 | env = [ 36 | { 37 | name = "DEVSHELL_NO_MOTD"; 38 | value = 1; 39 | } 40 | ]; 41 | 42 | packages = with pkgs; [ 43 | clang_13 44 | clang-tools 45 | cmake 46 | just 47 | lld_13 48 | pkg-config 49 | ]; 50 | }; 51 | } 52 | ); 53 | } 54 | -------------------------------------------------------------------------------- /templates/cpp/shell.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.shellNix 26 | -------------------------------------------------------------------------------- /templates/go/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/go/default.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.defaultNix 26 | -------------------------------------------------------------------------------- /templates/go/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "devshell for a Go project"; 3 | 4 | inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 5 | 6 | inputs.devshell.url = "github:numtide/devshell"; 7 | inputs.devshell.inputs.nixpkgs.follows = "nixpkgs"; 8 | 9 | inputs.flake-utils.url = "github:numtide/flake-utils"; 10 | 11 | inputs.flake-compat.url = "github:nix-community/flake-compat"; 12 | inputs.flake-compat.flake = false; 13 | 14 | outputs = 15 | { 16 | nixpkgs, 17 | devshell, 18 | flake-utils, 19 | ... 20 | }: 21 | flake-utils.lib.eachDefaultSystem ( 22 | system: 23 | let 24 | pkgs = import nixpkgs { 25 | inherit system; 26 | config.allowUnfree = true; 27 | overlays = [ devshell.overlays.default ]; 28 | }; 29 | in 30 | { 31 | devShells.default = pkgs.devshell.mkShell { 32 | bash = { 33 | interactive = ""; 34 | }; 35 | 36 | env = [ 37 | { 38 | name = "DEVSHELL_NO_MOTD"; 39 | value = 1; 40 | } 41 | ]; 42 | 43 | packages = with pkgs; [ 44 | go-outline 45 | go 46 | golangci-lint 47 | golangci-lint-langserver 48 | gopls 49 | gotools 50 | govulncheck 51 | just 52 | ]; 53 | }; 54 | } 55 | ); 56 | } 57 | -------------------------------------------------------------------------------- /templates/go/shell.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.shellNix 26 | -------------------------------------------------------------------------------- /templates/node/.envrc: -------------------------------------------------------------------------------- 1 | use flake -------------------------------------------------------------------------------- /templates/node/default.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.defaultNix 26 | -------------------------------------------------------------------------------- /templates/node/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 3 | 4 | inputs.devshell.url = "github:numtide/devshell"; 5 | inputs.devshell.inputs.nixpkgs.follows = "nixpkgs"; 6 | 7 | inputs.flake-utils.url = "github:numtide/flake-utils"; 8 | 9 | inputs.flake-compat.url = "github:nix-community/flake-compat"; 10 | inputs.flake-compat.flake = false; 11 | 12 | outputs = 13 | { 14 | nixpkgs, 15 | devshell, 16 | flake-utils, 17 | ... 18 | }: 19 | flake-utils.lib.eachDefaultSystem ( 20 | system: 21 | let 22 | pkgs = import nixpkgs { 23 | inherit system; 24 | overlays = [ devshell.overlays.default ]; 25 | }; 26 | in 27 | { 28 | devShells.default = pkgs.devshell.mkShell { 29 | env = [ 30 | { 31 | name = "DEVSHELL_NO_MOTD"; 32 | value = 1; 33 | } 34 | ]; 35 | 36 | packages = with pkgs; [ 37 | bun 38 | just 39 | nodejs_20 40 | ]; 41 | }; 42 | } 43 | ); 44 | } 45 | -------------------------------------------------------------------------------- /templates/node/shell.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.shellNix 26 | -------------------------------------------------------------------------------- /templates/rust/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/rust/default.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.defaultNix 26 | -------------------------------------------------------------------------------- /templates/rust/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "devshell for a Rust project"; 3 | 4 | inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 5 | 6 | inputs.devshell.url = "github:numtide/devshell"; 7 | inputs.devshell.inputs.nixpkgs.follows = "nixpkgs"; 8 | 9 | inputs.flake-utils.url = "github:numtide/flake-utils"; 10 | 11 | inputs.flake-compat.url = "github:nix-community/flake-compat"; 12 | inputs.flake-compat.flake = false; 13 | 14 | inputs.fenix.url = "github:nix-community/fenix"; 15 | inputs.fenix.inputs.nixpkgs.follows = "nixpkgs"; 16 | 17 | inputs.crane.url = "github:ipetkov/crane"; 18 | inputs.crane.inputs.nixpkgs.follows = "nixpkgs"; 19 | 20 | outputs = 21 | { 22 | nixpkgs, 23 | crane, 24 | devshell, 25 | fenix, 26 | flake-utils, 27 | ... 28 | }: 29 | flake-utils.lib.eachDefaultSystem ( 30 | system: 31 | let 32 | pkgs = import nixpkgs { 33 | inherit system; 34 | overlays = [ devshell.overlays.default ]; 35 | }; 36 | 37 | rustStable = (import fenix { inherit pkgs; }).fromToolchainFile { 38 | file = ./toolchain.toml; 39 | sha256 = "sha256-6eN/GKzjVSjEhGO9FhWObkRFaE1Jf+uqMSdQnb8lcB4="; 40 | }; 41 | 42 | craneLib = (crane.mkLib pkgs).overrideToolchain rustStable; 43 | 44 | custom-package = craneLib.buildPackage { 45 | src = craneLib.cleanCargoSource (craneLib.path ./.); 46 | buildInputs = [ ]; 47 | nativeBuildInputs = [ ]; 48 | cargoClippyExtraArgs = "--all-targets -- --deny warnings"; 49 | }; 50 | in 51 | { 52 | checks = { 53 | inherit custom-package; 54 | }; 55 | 56 | packages.default = custom-package; 57 | 58 | apps.default = flake-utils.lib.mkApp { drv = custom-package; }; 59 | 60 | devShells.default = pkgs.devshell.mkShell { 61 | env = [ 62 | { 63 | name = "DEVSHELL_NO_MOTD"; 64 | value = 1; 65 | } 66 | ]; 67 | 68 | packages = with pkgs; [ 69 | gcc 70 | just 71 | libressl 72 | rustStable 73 | ]; 74 | }; 75 | } 76 | ); 77 | } 78 | -------------------------------------------------------------------------------- /templates/rust/shell.nix: -------------------------------------------------------------------------------- 1 | # This file provides backward compatibility to nix < 2.4 clients 2 | { 3 | system ? builtins.currentSystem, 4 | }: 5 | let 6 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 7 | 8 | inherit (lock.nodes.flake-compat.locked) 9 | owner 10 | repo 11 | rev 12 | narHash 13 | ; 14 | 15 | flake-compat = fetchTarball { 16 | url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; 17 | sha256 = narHash; 18 | }; 19 | 20 | flake = import flake-compat { 21 | inherit system; 22 | src = ./.; 23 | }; 24 | in 25 | flake.shellNix 26 | -------------------------------------------------------------------------------- /templates/rust/toolchain.toml: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "stable" 3 | components = ["rustfmt", "rust-src", "clippy"] 4 | profile = "minimal" 5 | targets = ["x86_64-unknown-linux-gnu", "wasm32-unknown-unknown"] 6 | -------------------------------------------------------------------------------- /topology/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | networks.home = { 3 | name = "Home"; 4 | cidrv4 = "192.168.29.1/24"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /treefmt.nix: -------------------------------------------------------------------------------- 1 | { 2 | projectRootFile = "flake.nix"; 3 | 4 | programs = { 5 | deadnix.enable = true; 6 | just.enable = true; 7 | nixfmt.enable = true; 8 | shellcheck.enable = true; 9 | statix.enable = true; 10 | stylua.enable = true; 11 | taplo.enable = true; 12 | yamlfmt.enable = true; 13 | }; 14 | 15 | settings = { 16 | formatter = { 17 | deadnix.includes = [ "*.nix" ]; 18 | nixfmt.includes = [ "*.nix" ]; 19 | statix.includes = [ "*.nix" ]; 20 | shellcheck.excludes = [ "*.envrc" ]; 21 | }; 22 | }; 23 | } 24 | --------------------------------------------------------------------------------