├── modules ├── home-manager │ ├── desktop │ │ ├── dockutil.darwin.nix │ │ ├── services │ │ │ ├── swaync.nix │ │ │ ├── swayosd.nix │ │ │ ├── batsignal.nix │ │ │ ├── playerctl.nix │ │ │ └── xdg.nix │ │ ├── ags │ │ │ ├── config │ │ │ │ └── config.js │ │ │ └── default.nix │ │ ├── theme │ │ │ └── default.nix │ │ ├── default.nix │ │ ├── hyprland │ │ │ ├── hyprcursor.nix │ │ │ ├── hyprpaper.nix │ │ │ ├── packages.nix │ │ │ ├── hypridle.nix │ │ │ └── hyprlock.nix │ │ ├── xremap.nix │ │ ├── fonts.nix │ │ ├── gtk.nix │ │ └── rofi │ │ │ └── default.nix.old │ ├── casks │ │ ├── default.nix │ │ └── ncdu.nix │ ├── music │ │ ├── default.nix │ │ └── spotify.nix │ ├── apps │ │ ├── jq.nix │ │ ├── k9s.nix │ │ ├── tree.nix │ │ ├── blender.nix │ │ ├── calibre.nix │ │ ├── discord.nix │ │ ├── obs.nix │ │ ├── obsidian.nix │ │ ├── openscad.nix │ │ ├── ripgrep.nix │ │ ├── spacedrive.nix │ │ ├── bitwarden-cli.nix │ │ ├── cura.nix │ │ ├── davinci-resolve-studio.nix │ │ ├── orca-slicer.nix │ │ ├── prusa-slicer.nix │ │ ├── bat.nix │ │ ├── karabiner-elements │ │ │ └── default.nix │ │ ├── neovim.nix │ │ ├── neovim-unstable.nix │ │ ├── default.nix │ │ └── vscode │ │ │ ├── default.nix │ │ │ └── keybindings.json │ ├── dev │ │ ├── devenv.nix │ │ ├── xcodes.nix │ │ ├── kubectl.nix │ │ ├── turso.nix │ │ ├── go.nix │ │ ├── zig.nix │ │ ├── cargo-bins.nix │ │ ├── nodejs.nix │ │ ├── ollama.nix │ │ ├── lua.nix │ │ ├── opencode.nix │ │ ├── github.nix │ │ ├── llama-cpp.nix │ │ ├── llama-swap.nix │ │ ├── markdown.nix │ │ ├── python.nix │ │ ├── rust.nix │ │ └── default.nix │ ├── utils │ │ ├── age.nix │ │ ├── sdl2.nix │ │ ├── sops.nix │ │ ├── ranger.nix │ │ ├── ffmpeg.nix │ │ ├── pulseview.nix │ │ ├── ssh-to-age.nix │ │ └── default.nix │ ├── shell │ │ ├── zoxide.nix │ │ ├── fzf.nix │ │ ├── default.nix │ │ ├── starship.nix │ │ ├── git.nix │ │ └── zsh.nix │ ├── terminal │ │ ├── kitty.nix │ │ ├── default.nix │ │ ├── wezterm │ │ │ └── default.nix │ │ ├── ghostty │ │ │ ├── config │ │ │ └── default.nix │ │ ├── zellij │ │ │ ├── tertiary-layout.kdl │ │ │ ├── quaternary-layout.kdl │ │ │ ├── secondary-layout.kdl │ │ │ ├── primary-layout.kdl │ │ │ └── default.nix │ │ └── tmux.nix │ ├── browsers │ │ ├── firefox.nix │ │ ├── default.nix │ │ ├── vimium_c.json │ │ ├── brave.nix │ │ └── auto_tab_discard.json │ ├── monitoring │ │ ├── btop.nix │ │ ├── default.nix │ │ └── ncdu.nix │ └── default.nix ├── darwin │ ├── casks │ │ ├── obs.nix │ │ ├── zed.nix │ │ ├── zen.nix │ │ ├── cursor.nix │ │ ├── figma.nix │ │ ├── iina.nix │ │ ├── notion.nix │ │ ├── orion.nix │ │ ├── steam.nix │ │ ├── alt-tab.nix │ │ ├── blender.nix │ │ ├── calibre.nix │ │ ├── chatgpt.nix │ │ ├── devtoys.nix │ │ ├── firefox.nix │ │ ├── freecad.nix │ │ ├── ghostty.nix │ │ ├── obsidian.nix │ │ ├── openscad.nix │ │ ├── orbstack.nix │ │ ├── raycast.nix │ │ ├── spotify.nix │ │ ├── windsurf.nix │ │ ├── brave.nix │ │ ├── expo-orbit.nix │ │ ├── ice.nix │ │ ├── middleclick.nix │ │ ├── moonlight.nix │ │ ├── ocenaudio.nix │ │ ├── ollama-app.nix │ │ ├── orca-slicer.nix │ │ ├── thinkorswim.nix │ │ ├── xcodes-app.nix │ │ ├── balenaetcher.nix │ │ ├── google-chrome.nix │ │ ├── sublime-text.nix │ │ ├── zen-twilight.nix │ │ ├── autodesk-fusion.nix │ │ ├── coconutbattery.nix │ │ ├── insta360-studio.nix │ │ ├── logi-options-plus.nix │ │ ├── macs-fan-control.nix │ │ ├── scroll-reverser.nix │ │ ├── affinity.nix │ │ ├── karabiner-elements.nix │ │ ├── raspberry-pi-imager.nix │ │ ├── virtualhere.nix │ │ ├── private-internet-access.nix │ │ ├── bruno.nix │ │ ├── whisky.nix │ │ ├── kicad.nix │ │ ├── serif-apps.nix │ │ ├── heroic.nix │ │ └── default.nix │ ├── brews │ │ ├── sdl2.nix │ │ ├── docker.nix │ │ ├── groups │ │ │ ├── aws-dev.nix │ │ │ ├── mobile-dev.nix │ │ │ ├── arm-dev.nix │ │ │ ├── azure-dev.nix │ │ │ └── riscv.nix │ │ ├── llama-swap.nix │ │ └── default.nix │ ├── mas │ │ ├── overcast.nix │ │ ├── groups │ │ │ ├── social.nix │ │ │ ├── dev.nix │ │ │ ├── other.nix │ │ │ ├── networking.nix │ │ │ ├── core.nix │ │ │ ├── productivity.nix │ │ │ └── utilities.nix │ │ └── default.nix │ ├── apps │ │ ├── default.nix │ │ └── karabiner-elements │ │ │ └── default.nix │ ├── desktop │ │ ├── skhd │ │ │ └── default.nix │ │ ├── sketchybar │ │ │ ├── sketchybarrc │ │ │ └── default.nix │ │ ├── default.nix │ │ ├── yabai │ │ │ ├── scripts │ │ │ │ ├── moveWindowRightAndFollowFocus │ │ │ │ ├── window-focus-on-destroy.sh │ │ │ │ └── moveWindowLeftAndFollowFocus.sh │ │ │ └── default.nix │ │ └── spacebar │ │ │ └── default.nix │ ├── default.nix │ └── homebrew.nix └── nixos │ ├── apps │ ├── blueman.nix │ ├── neovim.nix │ ├── ripgrep.nix │ └── default.nix │ ├── monitoring │ ├── default.nix │ └── btop.nix │ ├── desktop │ ├── hyprland.nix │ ├── default.nix │ └── inputs.nix │ ├── networking │ ├── iwd.nix │ ├── tailscale.nix │ ├── network-manager.nix │ ├── bluetooth.nix │ ├── default.nix │ └── wireguard │ │ └── default.nix │ ├── dev │ ├── default.nix │ ├── docker.nix │ └── podman.nix │ ├── power │ ├── default.nix │ ├── powertop.nix │ └── tlp.nix │ ├── clipboard.nix │ ├── fonts.nix │ └── default.nix ├── hosts ├── vps │ ├── containers │ │ ├── traefik │ │ │ ├── file-provider │ │ │ │ ├── code.yml │ │ │ │ ├── ghost.yml │ │ │ │ ├── stream1.yml │ │ │ │ ├── stream2.yml │ │ │ │ ├── middleware │ │ │ │ │ ├── rate_limit.yml │ │ │ │ │ ├── https_redirect.yml │ │ │ │ │ ├── authelia.yml │ │ │ │ │ ├── rancher.yml │ │ │ │ │ └── landing_page.yml │ │ │ │ ├── traefik.yml │ │ │ │ ├── dns.yml │ │ │ │ ├── auth.yml │ │ │ │ ├── myst.yml │ │ │ │ ├── s3.yml │ │ │ │ ├── discourse.yomis.blog.yml │ │ │ │ ├── invoice.yml │ │ │ │ ├── ombi.yml │ │ │ │ ├── adguard.yml │ │ │ │ ├── firefly.yml │ │ │ │ ├── radarr.yml │ │ │ │ ├── sonarr.yml │ │ │ │ ├── fidi.yml │ │ │ │ ├── vaultwarden.yml │ │ │ │ ├── heimdall.yml │ │ │ │ ├── audiobookshelf.yml │ │ │ │ ├── finance.yml │ │ │ │ ├── nextcloud.yml │ │ │ │ ├── home.yml │ │ │ │ ├── actualbudget.yml │ │ │ │ ├── astrysk-proxmox-testflight.yml │ │ │ │ ├── photoprism.yml │ │ │ │ ├── astrysk-ollama-testflight.yml │ │ │ │ ├── jellyfin.yml │ │ │ │ ├── ollama.yml │ │ │ │ ├── local.yml │ │ │ │ ├── yomis.blog.yml │ │ │ │ └── yomitosh.media.yml │ │ │ ├── .gitignore │ │ │ ├── .env.example │ │ │ ├── docker-compose.yml │ │ │ └── docker-compose.nix │ │ ├── uptime-kuma │ │ │ ├── .gitignore │ │ │ ├── docker-compose.yml │ │ │ └── docker-compose.nix │ │ └── firefly │ │ │ ├── .cron.env.example │ │ │ ├── .db.env.example │ │ │ └── docker-compose.yml │ ├── apps │ │ ├── traefik │ │ │ ├── .gitignore │ │ │ ├── middleware │ │ │ │ ├── rate_limit.nix │ │ │ │ ├── https_redirect.nix │ │ │ │ ├── landing_page.nix │ │ │ │ └── authelia.nix │ │ │ ├── .env.example │ │ │ └── file-provider │ │ │ │ ├── auth.nix │ │ │ │ ├── home.nix │ │ │ │ ├── immich.nix │ │ │ │ ├── openchat.nix │ │ │ │ ├── jellyfin.nix │ │ │ │ ├── chat.nix │ │ │ │ ├── comfyui.nix │ │ │ │ ├── nextcloud.nix │ │ │ │ └── yomitosh.nix │ │ ├── uptime-kuma │ │ │ ├── default.nix │ │ │ └── router.nix │ │ ├── firefly-iii │ │ │ └── router.nix │ │ └── authelia │ │ │ └── default.nix │ ├── cloudinit.yml │ ├── hardware-configuration.nix │ ├── home.nix │ ├── wireguard.nix │ ├── networking.nix │ └── configuration.nix ├── knode │ ├── README.md │ ├── default.nix │ ├── minimal-configuration.nix │ ├── lxc.conf.md │ └── configuration.nix ├── x1c6 │ ├── calib-data.bin │ ├── zsh.nix │ └── hardware-configuration.nix ├── lxc │ ├── audio-share │ │ ├── README.md │ │ ├── default.nix │ │ └── lxc.conf │ ├── common.nix │ ├── network-share │ │ ├── README.md │ │ ├── default.nix │ │ └── lxc.conf │ ├── load-balancer │ │ ├── README.md │ │ ├── default.nix │ │ ├── lxc.conf │ │ ├── wireguard.nix │ │ └── configuration.nix │ ├── machine-learning │ │ ├── default.nix │ │ ├── README.md │ │ ├── lxc.conf │ │ ├── home.nix │ │ └── configuration.nix │ └── minimal-configuration.nix ├── mstdo │ ├── system.nix │ ├── homebrew.nix │ ├── configuration.nix │ ├── home.nix │ └── zsh.nix └── mbp14 │ ├── system.nix │ ├── secrets.enc.yaml │ ├── zsh.nix │ ├── configuration.nix │ └── homebrew.nix ├── .envrc ├── .gitignore ├── pkgs ├── nvfetcher.toml ├── default.nix ├── _sources │ ├── generated.nix │ └── generated.json └── firefly-iii-data-importer │ └── default.nix ├── TODO.md ├── .sops.yaml ├── README.md ├── overlays └── default.nix └── docs └── proxmox └── lxc_knode.md /modules/home-manager/desktop/dockutil.darwin.nix: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/code.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/ghost.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /hosts/vps/containers/uptime-kuma/.gitignore: -------------------------------------------------------------------------------- 1 | data/* -------------------------------------------------------------------------------- /hosts/vps/containers/firefly/.cron.env.example: -------------------------------------------------------------------------------- 1 | CRON_URL= -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/.gitignore: -------------------------------------------------------------------------------- 1 | logs/* 2 | acme/* -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/stream1.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/stream2.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/.gitignore: -------------------------------------------------------------------------------- 1 | data/logs/* 2 | data/acme/* -------------------------------------------------------------------------------- /modules/darwin/casks/obs.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["obs"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/zed.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["zed"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/zen.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["zen"]; 3 | } 4 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | export SOPS_AGE_KEY=$(ssh-to-age -i ~/.ssh/id_ed25519 -private-key) 2 | -------------------------------------------------------------------------------- /modules/darwin/brews/sdl2.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.brews = ["sdl2"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/cursor.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["cursor"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/figma.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["figma"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/iina.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["iina"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/notion.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["notion"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/orion.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["orion"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/steam.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["steam"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/alt-tab.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["alt-tab"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/blender.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["blender"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/calibre.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["calibre"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/chatgpt.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["chatgpt"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/devtoys.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["devtoys"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/firefox.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["firefox"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/freecad.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["freecad"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/ghostty.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["ghostty"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/obsidian.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["obsidian"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/openscad.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["openscad"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/orbstack.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["orbstack"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/raycast.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["raycast"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/spotify.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["spotify"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/windsurf.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["windsurf"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/casks/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | ncdu = import ./ncdu.nix; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/apps/blueman.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.blueman.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/monitoring/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | btop = import ./btop.nix; 3 | } 4 | -------------------------------------------------------------------------------- /hosts/knode/README.md: -------------------------------------------------------------------------------- 1 | # K-Node 2 | 3 | Kubernetes cluster is run in Proxmox LXCs. 4 | -------------------------------------------------------------------------------- /modules/darwin/brews/docker.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.brews = ["docker" "colima"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/brave.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["brave-browser"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/expo-orbit.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["expo-orbit"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/ice.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["jordanbaird-ice"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/middleclick.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["middleclick"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/moonlight.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["moonlight"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/ocenaudio.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["ocenaudio"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/ollama-app.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["ollama-app"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/orca-slicer.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["orcaslicer"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/thinkorswim.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["thinkorswim"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/xcodes-app.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["xcodes-app"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/music/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | spotify = import ./spotify.nix; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/balenaetcher.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["balenaetcher"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/google-chrome.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["google-chrome"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/sublime-text.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["sublime-text"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/zen-twilight.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["zen@twilight"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/desktop/hyprland.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | programs.hyprland.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/networking/iwd.nix: -------------------------------------------------------------------------------- 1 | { 2 | networking.wireless.iwd.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | 3 | *-privatekey 4 | 5 | secret.yaml 6 | secrets.yaml 7 | 8 | *.env -------------------------------------------------------------------------------- /modules/darwin/casks/autodesk-fusion.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["autodesk-fusion"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/coconutbattery.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = [ "coconutbattery" ]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/insta360-studio.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["insta360-studio"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/logi-options-plus.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["logi-options+"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/macs-fan-control.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["macs-fan-control"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/scroll-reverser.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["scroll-reverser"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/mas/overcast.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | homebrew.masApps = {Overcast = 888422857;}; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/jq.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [jq]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/k9s.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [k9s]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/apps/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | karabiner-elements = import ./karabiner-elements; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/brews/groups/aws-dev.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.brews = ["awscli" "aws-sam-cli"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/brews/groups/mobile-dev.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.brews = ["cocoapods" "fastlane"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/affinity.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["affinity"]; # Affinity Studio 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/karabiner-elements.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["karabiner-elements"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/tree.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}:{ 2 | home.packages = with pkgs; [tree]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/dev/devenv.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [devenv]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/dev/xcodes.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [xcodes]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/utils/age.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [age]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/utils/sdl2.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [SDL2]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/utils/sops.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [sops]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/raspberry-pi-imager.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["raspberry-pi-imager"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/darwin/casks/virtualhere.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["virtualhere" "virtualhereserver"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/blender.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [blender]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/calibre.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [calibre]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/discord.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [discord]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/obs.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [obs-studio]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/obsidian.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [obsidian]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/openscad.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [openscad]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/ripgrep.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ripgrep]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/dev/kubectl.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [kubectl]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/dev/turso.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [turso-cli]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/music/spotify.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [spotify]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/shell/zoxide.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.zoxide = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/kitty.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [kitty]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/utils/ranger.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ranger]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/apps/neovim.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | programs.neovim = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/x1c6/calib-data.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/abayomi185/nix-dotfiles/HEAD/hosts/x1c6/calib-data.bin -------------------------------------------------------------------------------- /modules/darwin/casks/private-internet-access.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = ["private-internet-access"]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/spacedrive.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [spacedrive]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/browsers/firefox.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.firefox = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/go.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | go 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/zig.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | zig 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/utils/ffmpeg.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ffmpeg_7-full]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/utils/pulseview.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [pulseview]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/utils/ssh-to-age.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ssh-to-age]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/dev/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | docker = import ./docker.nix; 3 | podman = import ./podman.nix; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/apps/bitwarden-cli.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [bitwarden-cli]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/services/swaync.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.swaync = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/cargo-bins.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [cargo-binstall]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/nixos/power/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | powertop = import ./powertop.nix; 3 | 4 | tlp = import ./tlp.nix; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/services/swayosd.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.swayosd = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/nodejs.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | nodejs_22 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/ollama.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | ollama 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/monitoring/btop.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | btop 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/monitoring/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | btop = import ./btop.nix; 3 | ncdu = import ./ncdu.nix; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/monitoring/ncdu.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | ncdu 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = import ./inputs.nix; 3 | hyprland = import ./hyprland.nix; 4 | } 5 | -------------------------------------------------------------------------------- /hosts/vps/containers/firefly/.db.env.example: -------------------------------------------------------------------------------- 1 | MYSQL_RANDOM_ROOT_PASSWORD= 2 | MYSQL_USER= 3 | MYSQL_PASSWORD= 4 | MYSQL_DATABASE= -------------------------------------------------------------------------------- /modules/darwin/brews/groups/arm-dev.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.brews = [ 3 | "arm-linux-gnueabihf-binutils" 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/apps/cura.nix: -------------------------------------------------------------------------------- 1 | # 3D Printer Slicer 2 | {pkgs, ...}: { 3 | home.packages = with pkgs; [cura]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/casks/ncdu.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | brewCasks.ncdu 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/services/batsignal.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.batsignal = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/services/playerctl.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.playerctld = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/apps/ripgrep.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | ripgrep 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/monitoring/btop.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | btop 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/darwin/apps/karabiner-elements/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.karabiner-elements = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/lua.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | lua-language-server 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/opencode.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | unstable.opencode 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/clipboard.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | wl-clipboard 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/power/powertop.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | powertop 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/darwin/casks/bruno.nix: -------------------------------------------------------------------------------- 1 | # Bruno is a Fast and Git-Friendly Opensource API client 2 | { 3 | homebrew.casks = ["bruno"]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/darwin/casks/whisky.nix: -------------------------------------------------------------------------------- 1 | # A modern Wine wrapper for macOS built with SwiftUI 2 | { 3 | homebrew.casks = ["whisky"]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/apps/davinci-resolve-studio.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [davinci-resolve-studio]; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home-manager/apps/orca-slicer.nix: -------------------------------------------------------------------------------- 1 | # 3D Printer Slicer 2 | {pkgs, ...}: { 3 | home.packages = with pkgs; [orca-slicer]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/dev/github.nix: -------------------------------------------------------------------------------- 1 | # GitHub CLI 2 | {pkgs, ...}: { 3 | home.packages = with pkgs; [gh github-copilot-cli]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/dev/llama-cpp.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs.unstable; [ 3 | llama-cpp 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/llama-swap.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs.unstable; [ 3 | llama-swap 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/shell/fzf.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.fzf = { 3 | enable = true; 4 | enableZshIntegration = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /modules/darwin/casks/kicad.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = [ 3 | "kicad" 4 | "zulu@21" # Required for KiCad Freerouting 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /modules/home-manager/apps/prusa-slicer.nix: -------------------------------------------------------------------------------- 1 | # 3D Printer Slicer 2 | {pkgs, ...}: { 3 | home.packages = with pkgs; [prusa-slicer]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home-manager/browsers/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Brave Browser 3 | brave = import ./brave.nix; 4 | firefox = import ./firefox.nix; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/dev/markdown.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | marksman 4 | markdown-oxide 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/lxc/audio-share/README.md: -------------------------------------------------------------------------------- 1 | # Audio Share (203) 2 | 3 | LXC container for outputting audio from various apps, containers, vms, services, etc. 4 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/ags/config/config.js: -------------------------------------------------------------------------------- 1 | App.config({ 2 | windows: [ 3 | // this is where window definitions will go 4 | ], 5 | }); 6 | -------------------------------------------------------------------------------- /modules/darwin/desktop/skhd/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.skhd = { 3 | enable = true; 4 | skhdConfig = builtins.readFile ./skhdrc; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /modules/darwin/casks/serif-apps.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.casks = [ 3 | "affinity-designer" 4 | "affinity-photo" 5 | "affinity-publisher" 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/social.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | socialApps = { 3 | Twitter = 1482454543; 4 | }; 5 | in { 6 | homebrew.masApps = socialApps; 7 | } 8 | -------------------------------------------------------------------------------- /modules/nixos/networking/tailscale.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | services.tailscale = { 3 | enable = true; 4 | # useRoutingFeatures = "client"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /modules/darwin/brews/llama-swap.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.taps = [ 3 | "mostlygeek/llama-swap" 4 | ]; 5 | homebrew.brews = [ 6 | "llama-swap" 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /modules/darwin/desktop/sketchybar/sketchybarrc: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | sketchybar --bar height=24 3 | sketchybar --update 4 | echo "sketchybar configuration loaded.." 5 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/theme/default.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | colorScheme = inputs.nix-colors.colorSchemes.catppuccin-mocha; 3 | } 4 | # Colorscheme 5 | 6 | -------------------------------------------------------------------------------- /modules/nixos/apps/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | neovim = import ./neovim.nix; 3 | 4 | ripgrep = import ./ripgrep.nix; 5 | 6 | blueman = import ./blueman.nix; 7 | } 8 | -------------------------------------------------------------------------------- /modules/nixos/desktop/inputs.nix: -------------------------------------------------------------------------------- 1 | { 2 | hardware.uinput.enable = true; 3 | users.groups.uinput.members = ["yomi"]; 4 | users.groups.input.members = ["yomi"]; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/vps/apps/uptime-kuma/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ./router.nix 4 | ]; 5 | 6 | services.uptime-kuma = { 7 | enable = true; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/home-manager/dev/python.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | python312 4 | python311 5 | python310 6 | virtualenv 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /modules/nixos/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts.packages = with pkgs; [ 3 | (nerdfonts.override {fonts = ["FiraCode" "DroidSansMono" "JetBrainsMono"];}) 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /pkgs/nvfetcher.toml: -------------------------------------------------------------------------------- 1 | [wezterm] 2 | src.git = "https://github.com/wez/wezterm" 3 | fetch.github = "wez/wezterm" 4 | git.fetchSubmodules = true 5 | cargo_locks = ["Cargo.lock"] 6 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/middleware/rate_limit.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | rate_limit: 4 | ratelimit: 5 | average: 1250 6 | burst: 50 -------------------------------------------------------------------------------- /modules/darwin/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | skhd = import ./skhd; 3 | sketchybar = import ./sketchybar; 4 | spacebar = import ./spacebar; 5 | yabai = import ./yabai; 6 | } 7 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/dev.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | devApps = { 3 | # Xcode = 497799835; 4 | Transporter = 1450874784; 5 | }; 6 | in { 7 | homebrew.masApps = devApps; 8 | } 9 | -------------------------------------------------------------------------------- /modules/darwin/brews/groups/azure-dev.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.taps = [ 3 | "azure/functions" 4 | ]; 5 | 6 | homebrew.brews = ["azure-cli" "azure-functions-core-tools@4"]; 7 | } 8 | -------------------------------------------------------------------------------- /modules/darwin/casks/heroic.nix: -------------------------------------------------------------------------------- 1 | # Heroic Games Launcher 2 | # A games launcher for GOG, Amazon and Epic Games for Linux, Windows and macOS 3 | { 4 | homebrew.casks = ["heroic"]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/other.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | otherApps = { 3 | MacTracker = 430255202; 4 | PoolsuiteFM = 1514817810; 5 | }; 6 | in { 7 | homebrew.masApps = otherApps; 8 | } 9 | -------------------------------------------------------------------------------- /modules/nixos/networking/network-manager.nix: -------------------------------------------------------------------------------- 1 | # NOTE: Refactor this into an options module so that nm-applet can be explicitly selected 2 | { 3 | programs.nm-applet.enable = true; 4 | } 5 | -------------------------------------------------------------------------------- /modules/nixos/networking/bluetooth.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Bluetooth 3 | hardware.bluetooth.enable = true; 4 | hardware.bluetooth.powerOnBoot = true; 5 | 6 | services.blueman.enable = true; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/middleware/https_redirect.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | https_redirect: 4 | redirectScheme: 5 | scheme: https 6 | permanent: true 7 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/networking.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | networkingApps = { 3 | Tailscale = 1475387142; 4 | WireGuard = 1451685025; 5 | }; 6 | in { 7 | homebrew.masApps = networkingApps; 8 | } 9 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | ags = import ./ags; 3 | 4 | hyprland = import ./hyprland; 5 | 6 | theme = import ./theme; 7 | 8 | xremap = import ./xremap.nix; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/lxc/common.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | programs.bash.interactiveShellInit = '' 3 | alias fetch_pull_rebuild="git fetch --all && git reset --hard origin/main && nixos-rebuild switch --flake" 4 | ''; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home-manager/shell/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fzf = import ./fzf.nix; 3 | git = import ./git.nix; 4 | starship = import ./starship.nix; 5 | zoxide = import ./zoxide.nix; 6 | zsh = import ./zsh.nix; 7 | } 8 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | ghostty = import ./ghostty; 3 | kitty = import ./kitty.nix; 4 | tmux = import ./tmux.nix; 5 | wezterm = import ./wezterm; 6 | zellij = import ./zellij; 7 | } 8 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/core.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | coreApps = { 3 | DaisyDisk = 411643860; 4 | HomeAssistant = 1099568401; 5 | Wipr = 1320666476; 6 | }; 7 | in { 8 | homebrew.masApps = coreApps; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/middleware/rate_limit.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.middlewares.global_rate_limit.rateLimit = { 4 | average = 1250; 5 | burst = 50; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /modules/darwin/desktop/sketchybar/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.spacebar = { 3 | enable = true; 4 | 5 | extraPackages = with pkgs; []; 6 | 7 | config = builtins.readFile ./sketchybarrc; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/nixos/dev/docker.nix: -------------------------------------------------------------------------------- 1 | { 2 | virtualisation.docker.enable = true; 3 | virtualisation.docker.rootless = { 4 | enable = true; 5 | setSocketVariable = true; 6 | }; 7 | users.users.yomi.extraGroups = ["docker"]; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/middleware/https_redirect.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.middlewares.https_redirect.redirectScheme = { 4 | scheme = "https"; 5 | permanent = true; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/.env.example: -------------------------------------------------------------------------------- 1 | MEDIA_DOMAIN_NAME= 2 | BLOG_DOMAIN_NAME= 3 | INTERNAL_DOMAIN_NAME= 4 | TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL= 5 | TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt-duckdns_ACME_EMAIL= 6 | CLOUDFLARE_DNS_API_TOKEN= -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/middleware/landing_page.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.middlewares.landing_page_redirect.headers.customRequestHeaders = { 4 | Host = ''{{env `MEDIA_DOMAIN_NAME`}}''; 5 | }; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/.env.example: -------------------------------------------------------------------------------- 1 | MEDIA_DOMAIN_NAME= 2 | BLOG_DOMAIN_NAME= 3 | INTERNAL_DOMAIN_NAME= 4 | TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL= 5 | TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt-duckdns_ACME_EMAIL= 6 | CLOUDFLARE_DNS_API_TOKEN= -------------------------------------------------------------------------------- /modules/darwin/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | apps = import ./apps; 3 | 4 | brews = import ./brews; 5 | 6 | casks = import ./casks; 7 | 8 | desktop = import ./desktop; 9 | 10 | homebrew = import ./homebrew.nix; 11 | 12 | mas = import ./mas; 13 | } 14 | -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- 1 | # TODO 2 | 3 | - [ ] Fix Nix-shell not using latest flake input nixpkgs unstable 4 | - [x] Fix `compinit:527: no such file or directory: /usr/local/share/zsh/site-functions/_brew` in shell 5 | [See Homebrew Docs](https://docs.brew.sh/Shell-Completion) 6 | -------------------------------------------------------------------------------- /modules/darwin/desktop/yabai/scripts/moveWindowRightAndFollowFocus: -------------------------------------------------------------------------------- 1 | #!/bin/dash 2 | curWindowId="$(yabai -m query --windows --window | jq -re ".id")" 3 | 4 | $(yabai -m window --display next || yabai -m window --display first) 5 | $(yabai -m window --focus "$curWindowId") 6 | -------------------------------------------------------------------------------- /modules/home-manager/apps/bat.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: { 6 | # home.packages = with pkgs; [bat]; 7 | # programs.zsh.envExtra = lib.mkBefore "export BAT_THEME=GitHub"; 8 | 9 | programs.bat = { 10 | enable = true; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/lxc/audio-share/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | }: 5 | inputs.nixpkgs-stable.lib.nixosSystem { 6 | system = "x86_64-linux"; 7 | specialArgs = { 8 | inherit inputs outputs; 9 | }; 10 | modules = [ 11 | ./configuration.nix 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/lxc/network-share/README.md: -------------------------------------------------------------------------------- 1 | # Network Share 2 | 3 | LXC container for sharing files over the network using Samba, NFS and FTP. 4 | 5 | This powers: 6 | 7 | - Time Machine backups 8 | - Sony camera wireless transfers via FTP 9 | - Powers NFS backbone for kubernetes 10 | -------------------------------------------------------------------------------- /modules/nixos/networking/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | bluetooth = import ./bluetooth.nix; 3 | 4 | iwd = import ./iwd.nix; 5 | 6 | network-manager = import ./network-manager.nix; 7 | 8 | tailscale = import ./tailscale.nix; 9 | 10 | # wireguard = import ./wireguard; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/lxc/network-share/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | }: 5 | inputs.nixpkgs-stable.lib.nixosSystem { 6 | system = "x86_64-linux"; 7 | specialArgs = { 8 | inherit inputs outputs; 9 | }; 10 | modules = [ 11 | ./configuration.nix 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/productivity.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | productivityApps = { 3 | ApplePages = 409201541; 4 | AppleNumbers = 409203825; 5 | AppleKeynote = 409183694; 6 | # XnConvert = 436203431; 7 | }; 8 | in { 9 | homebrew.masApps = productivityApps; 10 | } 11 | -------------------------------------------------------------------------------- /modules/darwin/mas/groups/utilities.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | utilitiesApps = { 3 | AppleConfigurator = 1037126344; 4 | # Cuprum = 1088670425; 5 | HiddenBar = 1452453066; 6 | # TheUnarchiver = 425424353; 7 | }; 8 | in { 9 | homebrew.masApps = utilitiesApps; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/lxc/load-balancer/README.md: -------------------------------------------------------------------------------- 1 | # Load Balancer (400) 2 | 3 | LXC container for resolving traffic and load balancing to internal services and kubernetes cluster. 4 | 5 | This manages traffic to: 6 | 7 | - Kubernetes cluster 8 | - LLM inference server 9 | - Monitoring dashboard 10 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/hyprland/hyprcursor.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [hyprcursor]; 3 | home.pointerCursor = { 4 | name = "phinger-cursors-dark"; 5 | package = pkgs.phinger-cursors; 6 | size = 32; 7 | gtk.enable = true; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/vps/cloudinit.yml: -------------------------------------------------------------------------------- 1 | # For use with Hetzner Cloud 2 | # From nixos-infect: https://github.com/elitak/nixos-infect 3 | runcmd: 4 | - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log 5 | -------------------------------------------------------------------------------- /modules/home-manager/utils/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | age = import ./age.nix; 3 | ffmpeg = import ./ffmpeg.nix; 4 | pulseview = import ./pulseview.nix; 5 | ranger = import ./ranger.nix; 6 | sdl2 = import ./sdl2.nix; 7 | sops = import ./sops.nix; 8 | ssh-to-age = import ./ssh-to-age.nix; 9 | } 10 | -------------------------------------------------------------------------------- /modules/home-manager/apps/karabiner-elements/default.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | # Set up symlink to karabiner config file 3 | xdg.configFile."karabiner/karabiner.json".source = 4 | config.lib.file.mkOutOfStoreSymlink "/Users/yomi/nix-dotfiles/modules/home-manager/apps/karabiner-elements/karabiner.json"; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/lxc/load-balancer/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | sops-nix, 5 | }: 6 | inputs.nixpkgs-stable.lib.nixosSystem { 7 | system = "x86_64-linux"; 8 | specialArgs = { 9 | inherit inputs outputs; 10 | }; 11 | modules = [ 12 | ./configuration.nix 13 | sops-nix.nixosModules.sops 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /modules/darwin/homebrew.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew = { 3 | enable = true; 4 | 5 | onActivation = { 6 | # cleanup = "uninstall"; # Default is none 7 | }; 8 | 9 | # global = {}; 10 | 11 | taps = [ 12 | "homebrew/bundle" 13 | ]; 14 | 15 | # brews = []; 16 | # casks = []; 17 | # masApps = {}; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /modules/darwin/desktop/yabai/scripts/window-focus-on-destroy.sh: -------------------------------------------------------------------------------- 1 | isFocused=$(yabai -m query --windows --window | jq -re ".id") 2 | echo $isFocused 3 | if [[ -z "$isFocused" ]]; then # -z >> true if it's null 4 | $(yabai -m window --focus $(yabai -m query --windows | jq -re ".[] | select((.visible == 1) and .focused != 1).id" | head -n 1)) 5 | echo hi 6 | fi 7 | -------------------------------------------------------------------------------- /modules/darwin/brews/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | group_armDev = import ./groups/arm-dev.nix; 3 | group_mobileDev = import ./groups/mobile-dev.nix; 4 | group_awsDev = import ./groups/aws-dev.nix; 5 | group_azureDev = import ./groups/azure-dev.nix; 6 | 7 | docker = import ./docker.nix; 8 | llama-swap = import ./llama-swap.nix; 9 | sdl2 = import ./sdl2.nix; 10 | } 11 | -------------------------------------------------------------------------------- /modules/darwin/brews/groups/riscv.nix: -------------------------------------------------------------------------------- 1 | { 2 | homebrew.taps = [ 3 | "riscv-software-src/riscv" 4 | ]; 5 | 6 | homebrew.brews = [ 7 | "gawk" 8 | "gnu-sed" 9 | "gmp" 10 | "mpfr" 11 | "libmpc" 12 | "isl" 13 | "zlib" 14 | "expat" 15 | "texinfo" 16 | "flock" 17 | "libslirp" 18 | 19 | "riscv-tools" # From tap 20 | ]; 21 | } 22 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/wezterm/default.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | programs.wezterm = { 3 | enable = true; 4 | enableZshIntegration = true; 5 | }; 6 | 7 | # Set up symlink to wezterm.lua 8 | xdg.configFile."wezterm/wezterm.lua".source = 9 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/wezterm/wezterm.lua"; 10 | } 11 | -------------------------------------------------------------------------------- /modules/home-manager/shell/starship.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.starship = { 3 | enable = true; 4 | 5 | settings = { 6 | nix_shell = { 7 | disabled = false; 8 | impure_msg = ""; 9 | symbol = ""; 10 | format = "[$symbol$state]($style) "; 11 | }; 12 | shlvl = { 13 | disabled = false; 14 | symbol = "λ "; 15 | }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/ghostty/config: -------------------------------------------------------------------------------- 1 | font-size = 18 2 | theme = dark:tokyonight,light:Builtin Solarized Light 3 | macos-titlebar-style = hidden 4 | macos-non-native-fullscreen = true 5 | macos-option-as-alt = true 6 | window-save-state = always 7 | scrollback-limit = 10485760 8 | 9 | keybind = alt+left=unbind 10 | keybind = alt+right=unbind 11 | keybind = alt+up=unbind 12 | keybind = alt+down=unbind 13 | -------------------------------------------------------------------------------- /hosts/vps/containers/uptime-kuma/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | uptime-kuma: 3 | image: louislam/uptime-kuma:latest 4 | container_name: uptime-kuma 5 | volumes: 6 | - /home/cloud/nix-dotfiles/containers/uptime-kuma/data:/app/data 7 | ports: 8 | - 127.0.0.1:3001:3001 9 | - 10.13.13.1:3001:3001 10 | restart: unless-stopped 11 | security_opt: 12 | - no-new-privileges:true 13 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/ags/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | imports = [inputs.ags.homeManagerModules.default]; 7 | 8 | programs.ags = { 9 | enable = true; 10 | 11 | configDir = ./config; 12 | 13 | # additional packages to add to gjs's runtime 14 | extraPackages = with pkgs; [ 15 | gtksourceview 16 | webkitgtk 17 | accountsservice 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/hyprland/hyprpaper.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.hyprpaper = { 3 | enable = true; 4 | 5 | settings = { 6 | splash = true; 7 | 8 | preload = [ 9 | "~/nix-dotfiles/modules/home-manager/desktop/wallpapers/modern_grey.png" 10 | ]; 11 | wallpaper = [ 12 | "eDP-1,~/nix-dotfiles/modules/home-manager/desktop/wallpapers/modern_grey.png" 13 | ]; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/xremap.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [ 3 | inputs.xremap.homeManagerModules.default 4 | ]; 5 | 6 | services.xremap = { 7 | withHypr = true; 8 | 9 | config = { 10 | modmap = [ 11 | # { 12 | # name = "Capslock to Super"; 13 | # remap = { 14 | # capslock = "Super_L"; 15 | # }; 16 | # } 17 | ]; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home-manager/dev/rust.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | nixpkgs.overlays = [ 7 | inputs.rust-overlay.overlays.default 8 | ]; 9 | 10 | home.packages = with pkgs; [ 11 | rust-bin.stable.latest.default 12 | # rust-bin.stable.latest.default.override 13 | # { 14 | # extensions = ["rust-src" "rust-analyzer"]; 15 | # targets = ["arm-unknown-linux-gnueabihf"]; 16 | # } 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | keys: 2 | - &mbp16 age1kak7nac7pp9kel9cl43m93jdrdtzdqhw07dkc62hk0qvq37u05nqce5mf5 3 | - &mba13 age1sx0dh82apfxxdv9z0l77dmu00e9vz5rn3pfwwnxhwumdxmwy7gsshaxxlc 4 | - &vps_arm age1wpz4fg9wcakl5vj92gcfj8pnsjg9l3el79le3fw0lh0tt2h3m9aqp6zz26 5 | creation_rules: 6 | - path_regex: .*secret?s\.(ya?ml|enc\.yaml|json|env|ini|sops)$ 7 | key_groups: 8 | - age: 9 | - *mbp16 10 | - *mba13 11 | - *vps_arm 12 | -------------------------------------------------------------------------------- /hosts/lxc/audio-share/lxc.conf: -------------------------------------------------------------------------------- 1 | ## NixOS LXC 2 | ## Load Balancer 3 | arch: amd64 4 | cmode: console 5 | cpulimit: 1 6 | features: nesting=1 7 | hostname: k-lb 8 | memory: 512 9 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:78:DC:AB,type=veth 10 | net2: name=eth1,bridge=vmbr2,firewall=1,hwaddr=BC:24:11:7C:18:3D,type=veth 11 | onboot: 0 12 | ostype: unmanaged 13 | rootfs: local-lvm:vm-400-disk-0,size=10G 14 | startup: order=7 15 | swap: 0 16 | -------------------------------------------------------------------------------- /hosts/lxc/load-balancer/lxc.conf: -------------------------------------------------------------------------------- 1 | ## NixOS LXC 2 | ## Load Balancer 3 | arch: amd64 4 | cmode: console 5 | cpulimit: 1 6 | features: nesting=1 7 | hostname: k-lb 8 | memory: 512 9 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:78:DC:AB,type=veth 10 | net2: name=eth1,bridge=vmbr2,firewall=1,hwaddr=BC:24:11:7C:18:3D,type=veth 11 | onboot: 0 12 | ostype: unmanaged 13 | rootfs: local-lvm:vm-400-disk-0,size=10G 14 | startup: order=7 15 | swap: 0 16 | -------------------------------------------------------------------------------- /hosts/knode/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | pNodeId, 5 | pK3sRole ? "agent", 6 | pK3sClusterInit ? false, 7 | pK3sServerId ? "1", 8 | }: 9 | inputs.nixpkgs-stable.lib.nixosSystem { 10 | system = "x86_64-linux"; 11 | specialArgs = { 12 | inherit inputs outputs pNodeId pK3sRole pK3sServerId pK3sClusterInit; 13 | }; 14 | modules = [ 15 | ./configuration.nix 16 | inputs.sops-nix.nixosModules.sops 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/middleware/authelia.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | authelia: 4 | forwardauth: 5 | address: "https://auth.local.{{env "MEDIA_DOMAIN_NAME"}}/api/verify?rd=https%3A%2F%2Fauth.{{env "MEDIA_DOMAIN_NAME"}}%2F" 6 | # trustForwardHeader: false 7 | authResponseHeaders: 8 | - "Remote-User" 9 | - "Remote-Groups" 10 | - "Remote-Name" 11 | - "Remote-Email" -------------------------------------------------------------------------------- /modules/home-manager/apps/neovim.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.neovim = { 3 | enable = true; 4 | defaultEditor = true; 5 | extraPackages = with pkgs; [ 6 | # Global Lua packages 7 | lua-language-server 8 | stylua 9 | selene 10 | # Global Nix packages 11 | alejandra 12 | deadnix 13 | nil 14 | statix 15 | # Other Global 16 | prettierd 17 | taplo 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/darwin/desktop/yabai/scripts/moveWindowLeftAndFollowFocus.sh: -------------------------------------------------------------------------------- 1 | #!/bin/dash 2 | # curWindowId="$(jq -re ".id" <<<$(yabai -m query --windows --window))" 3 | xx=$(yabai -m query --windows --window) 4 | curWindowId="$(echo $xx | jq -re ".id")" 5 | 6 | focusWindow() { 7 | $(yabai -m window --focus $1) # $1 is the first argument passed in (window id). 8 | } 9 | 10 | $(yabai -m window --display prev || yabai -m window --display last) 11 | focusWindow "$curWindowId" 12 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/middleware/authelia.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.middlewares.authelia = { 4 | forwardAuth = { 5 | address = ''http://localhost:9091/api/authz/forward-auth''; 6 | trustForwardHeader = true; 7 | authResponseHeaders = [ 8 | "Remote-User" 9 | "Remote-Groups" 10 | "Remote-Email" 11 | "Remote-Name" 12 | ]; 13 | }; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/darwin/mas/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | coreApps = import ./groups/core.nix; 3 | 4 | # Grouped by category 5 | devApps = import ./groups/dev.nix; 6 | networkingApps = import ./groups/networking.nix; 7 | otherApps = import ./groups/other.nix; 8 | productivityApps = import ./groups/productivity.nix; 9 | socialApps = import ./groups/social.nix; 10 | utilitiesApps = import ./groups/utilities.nix; 11 | 12 | # Individual apps 13 | overcast = import ./overcast.nix; 14 | } 15 | -------------------------------------------------------------------------------- /modules/home-manager/apps/neovim-unstable.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.neovim = { 3 | enable = true; 4 | package = pkgs.unstable.neovim-unwrapped; 5 | defaultEditor = true; 6 | extraPackages = with pkgs; [ 7 | # Global Lua packages 8 | lua-language-server 9 | stylua 10 | selene 11 | # Global Nix packages 12 | unstable.nil 13 | alejandra 14 | # Other Global 15 | prettierd 16 | taplo 17 | ]; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/lxc/machine-learning/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | }: 5 | inputs.nixpkgs-unstable.lib.nixosSystem { 6 | system = "x86_64-linux"; 7 | specialArgs = { 8 | inherit inputs outputs; 9 | }; 10 | modules = [ 11 | ./configuration.nix 12 | inputs.home-manager.nixosModules.home-manager 13 | { 14 | home-manager.useGlobalPkgs = true; 15 | home-manager.useUserPackages = true; 16 | home-manager.users.ml = ./home.nix; 17 | } 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/middleware/rancher.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | rancherHeader: 4 | headers: 5 | accessControlAllowOriginList: "*" 6 | customRequestHeaders: 7 | # X-Forwarded-For: "" 8 | # X-Proxy-Hostname: "" 9 | # X-Forwarded-Host: "media-club-hub.vercel.app" 10 | Host: "rancher.{{env "MEDIA_DOMAIN_NAME"}}" 11 | # X-Vercel-Forwarded-For: "media-club-hub.vercel.app" 12 | # X-Custom-Request-Header: "" 13 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts.fontconfig.enable = true; 3 | 4 | home.packages = with pkgs; [ 5 | noto-fonts 6 | font-awesome 7 | ubuntu_font_family 8 | (nerdfonts.override {fonts = ["FiraCode" "DroidSansMono" "JetBrainsMono"];}) 9 | ]; 10 | 11 | # fontconfig = { 12 | # defaultFonts = { 13 | # serif = ["Ubuntu"]; 14 | # sansSerif = [ "Ubuntu"]; 15 | # monospace = ["JetBrainsMono"]; 16 | # emoticons = ["Noto Color Emoji"]; 17 | # }; 18 | # }; 19 | } 20 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | # Custom packages, that can be defined similarly to ones from nixpkgs 2 | # You can build them using 'nix build .#example' 3 | {pkgs, ...}: { 4 | # example = pkgs.callPackage ./example { }; 5 | 6 | # wezterm-nightly = let 7 | # callPackage = 8 | # if pkgs.stdenv.isDarwin 9 | # then pkgs.darwin.apple_sdk_11_0.callPackage 10 | # else pkgs.callPackage; 11 | # in 12 | # callPackage ./wezterm-nightly {}; 13 | 14 | # firefly-iii-data-importer = pkgs.callPackage ./firefly-iii-data-importer {}; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/vps/apps/firefly-iii/router.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.finance = { 4 | rule = ''Host("finance.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "firefly-iii"; 6 | }; 7 | http.routers.finance-secure = { 8 | rule = ''Host("finance.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "firefly-iii"; 10 | tls.certResolver = "letsencrypt"; 11 | }; 12 | 13 | http.services.firefly-iii.loadBalancer.servers = [ 14 | {url = ''http://localhost:9080'';} 15 | ]; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/vps/apps/uptime-kuma/router.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.monitoring = { 4 | rule = ''Host("monitoring.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "uptime-kuma"; 6 | }; 7 | http.routers.monitoring-secure = { 8 | rule = ''Host("monitoring.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "uptime-kuma"; 10 | tls.certResolver = "letsencrypt"; 11 | }; 12 | 13 | http.services.uptime-kuma.loadBalancer.servers = [ 14 | {url = ''http://localhost:3001'';} 15 | ]; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/x1c6/zsh.nix: -------------------------------------------------------------------------------- 1 | # See common config here: ../../modules/home-manager/shell/zsh.nix 2 | { 3 | # Common configuration for Zsh 4 | programs.zsh = { 5 | extendedShellAliases = { 6 | hello = "echo 'Hello, world!'"; 7 | }; 8 | 9 | # zshenv equivalent 10 | envExtra = '' 11 | export lang=en_us.utf-8 12 | # export path=$home/bin:$path 13 | # other environment variables or initialization commands 14 | ''; 15 | 16 | # zplug = { 17 | # plugins = [ 18 | # ]; 19 | # }; 20 | }; 21 | 22 | programs.direnv.enable = true; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/auth.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.auth = { 4 | rule = ''Host("auth.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "auth"; 6 | }; 7 | http.routers.auth-secure = { 8 | rule = ''Host("auth.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "auth"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file"]; 12 | }; 13 | 14 | http.services.auth.loadBalancer.servers = [ 15 | {url = ''http://localhost:9091'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/traefik.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | traefik: 4 | entryPoints: 5 | - web 6 | rule: Host(`traefik.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: api@internal 10 | traefik-secure: 11 | entryPoints: 12 | - websecure 13 | middlewares: 14 | - authelia 15 | rule: Host(`traefik.{{env "MEDIA_DOMAIN_NAME"}}`) 16 | # middlewares: 17 | # - authelia 18 | tls: 19 | certResolver: letsencrypt 20 | service: api@internal 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Yomi's NixOS Config 2 | 3 | ## Structure 4 | 5 | - [x] **hosts**: host devices and their configurations 6 | - [x] **modules/home-manager**: home-manager modules 7 | - [x] **modules/nixos**: system modules 8 | - [x] **modules/darwin**: macOS packages 9 | - [x] **overlays**: overlay definitions and setup 10 | - [ ] **pkgs**: WIP - custom builds and packages 11 | 12 | ## Core Apps/Packages 13 | 14 | - ZSH 15 | - Neovim (AstroNvim) 16 | - Zellij 17 | - Starship 18 | - Wezterm/Ghostty 19 | - Hyprland (Old) 20 | 21 | ## Tips 22 | 23 | - Update a single flake input with `nix flake update nix-secrets` 24 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/hyprland/packages.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | home.packages = with pkgs; [ 7 | # prtsc # check https://github.com/spikespaz/dotfiles 8 | 9 | # Screenshot 10 | inputs.hyprland-contrib.packages.${pkgs.system}.grimblast 11 | drawing 12 | 13 | gnome.gnome-tweaks 14 | gnome.dconf-editor 15 | 16 | cinnamon.nemo # Better than nautilus 17 | 18 | qalculate-gtk 19 | 20 | brightnessctl 21 | killall 22 | libnotify 23 | pavucontrol 24 | networkmanagerapplet 25 | nwg-look 26 | wireplumber 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.home = { 4 | rule = ''Host("home.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "home"; 6 | }; 7 | http.routers.home-secure = { 8 | rule = ''Host("home.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "home"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file"]; 12 | }; 13 | 14 | http.services.home.loadBalancer.servers = [ 15 | {url = ''https://home.local.{{env `MEDIA_DOMAIN_NAME`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/nixos/networking/wireguard/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | networking.wg-quick.interfaces = { 3 | wg0 = { 4 | address = ["10.0.0.2/24"]; 5 | dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; 6 | privateKeyFile = "/root/wireguard-keys/privatekey"; 7 | 8 | peers = [ 9 | { 10 | publicKey = "{server public key}"; 11 | presharedKeyFile = "/root/wireguard-keys/preshared_from_peer0_key"; 12 | allowedIPs = ["0.0.0.0/0" "::/0"]; 13 | endpoint = "{server ip}:51820"; 14 | persistentKeepalive = 25; 15 | } 16 | ]; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/immich.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.immich = { 4 | rule = ''host("immich.{{env `media_domain_name`}}")''; 5 | service = "immich"; 6 | }; 7 | http.routers.immich-secure = { 8 | rule = ''host("immich.{{env `media_domain_name`}}")''; 9 | service = "immich"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file"]; 12 | }; 13 | 14 | http.services.immich.loadBalancer.servers = [ 15 | {url = ''https://immich.local.{{env `media_domain_name`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/openchat.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.openchat = { 4 | rule = ''Host("chat.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "openchat"; 6 | }; 7 | http.routers.openchat-secure = { 8 | rule = ''Host("chat.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "openchat"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file"]; 12 | }; 13 | 14 | http.services.openchat.loadBalancer.servers = [ 15 | {url = ''https://chat.local.{{env `MEDIA_DOMAIN_NAME`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/jellyfin.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.jellyfin = { 4 | rule = ''Host("jellyfin.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "jellyfin"; 6 | }; 7 | http.routers.jellyfin-secure = { 8 | rule = ''Host("jellyfin.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "jellyfin"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file"]; 12 | }; 13 | 14 | http.services.jellyfin.loadBalancer.servers = [ 15 | {url = ''https://jellyfin.local.{{env `MEDIA_DOMAIN_NAME`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/home-manager/dev/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | cargo-bins = import ./cargo-bins.nix; 3 | devenv = import ./devenv.nix; 4 | github = import ./github.nix; 5 | go = import ./go.nix; 6 | kubectl = import ./kubectl.nix; 7 | llama-cpp = import ./llama-cpp.nix; 8 | llama-swap = import ./llama-swap.nix; 9 | lua = import ./lua.nix; 10 | nodejs = import ./nodejs.nix; 11 | ollama = import ./ollama.nix; 12 | opencode = import ./opencode.nix; 13 | python = import ./python.nix; 14 | rust = import ./rust.nix; 15 | turso = import ./turso.nix; 16 | xcodes = import ./xcodes.nix; # For managing Xcode versions 17 | zig = import ./zig.nix; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/chat.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.chat = { 4 | rule = ''Host("chat-internal.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "chat"; 6 | }; 7 | http.routers.chat-secure = { 8 | rule = ''Host("chat-internal.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "chat"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file" "authelia@file"]; 12 | }; 13 | 14 | http.services.chat.loadBalancer.servers = [ 15 | {url = ''https://chat-internal.local.{{env `MEDIA_DOMAIN_NAME`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/comfyui.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.comfyui = { 4 | rule = ''Host("comfyui.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "comfyui"; 6 | }; 7 | http.routers.comfyui-secure = { 8 | rule = ''Host("comfyui.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "comfyui"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file" "authelia@file"]; 12 | }; 13 | 14 | http.services.comfyui.loadBalancer.servers = [ 15 | {url = ''https://comfyui.local.{{env `MEDIA_DOMAIN_NAME`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/nextcloud.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.nextcloud = { 4 | rule = ''Host("nextcloud.{{env `MEDIA_DOMAIN_NAME`}}")''; 5 | service = "nextcloud"; 6 | }; 7 | http.routers.nextcloud-secure = { 8 | rule = ''Host("nextcloud.{{env `MEDIA_DOMAIN_NAME`}}")''; 9 | service = "nextcloud"; 10 | tls.certResolver = "letsencrypt"; 11 | middlewares = ["global_rate_limit@file"]; 12 | }; 13 | 14 | http.services.nextcloud.loadBalancer.servers = [ 15 | {url = ''https://nextcloud.local.{{env `MEDIA_DOMAIN_NAME`}}'';} 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/dns.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | dns: 4 | entryPoints: 5 | - web 6 | rule: Host(`dns.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: dns 10 | dns-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`dns.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: dns 17 | 18 | services: 19 | dns: 20 | loadBalancer: 21 | servers: 22 | # Firefly backend 23 | - url: "http://localhost:53" 24 | # - url: "http://localhost:8077" 25 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/auth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | authelia: 4 | entryPoints: 5 | - web 6 | rule: Host(`auth.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: authelia 10 | authelia-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`auth.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: authelia 17 | 18 | services: 19 | authelia: 20 | loadBalancer: 21 | servers: 22 | # Authelia Backend 23 | - url: https://auth.local.{{env "MEDIA_DOMAIN_NAME"}} 24 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/middleware/landing_page.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | landing_page_redirect: 4 | headers: 5 | # hostsProxyHeaders: "X-Forwarded-Host" 6 | customRequestHeaders: 7 | # X-Forwarded-For: "" 8 | # X-Proxy-Hostname: "" 9 | Host: "{{env "MEDIA_DOMAIN_NAME"}}" 10 | # X-Custom-Request-Header: "" 11 | # customResponseHeaders: 12 | # sslProxyHeaders: 13 | # X-Forwarded-Proto: https 14 | # redirectRegex: 15 | # replacement: "https://{{env "MEDIA_DOMAIN_NAME"}}/${1}" 16 | # regex: "^https://{{env "MEDIA_DOMAIN_NAME"}}/(.*)" 17 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/myst.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | myst: 4 | entryPoints: 5 | - web 6 | rule: Host(`myst.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: myst 10 | myst-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`myst.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: myst 19 | 20 | services: 21 | myst: 22 | loadBalancer: 23 | servers: 24 | # Mysterium backend 25 | - url: http://localhost:4449 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/s3.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | s3: 4 | entryPoints: 5 | - web 6 | rule: Host(`s3.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: s3 10 | s3-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`s3.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: s3 19 | 20 | services: 21 | s3: 22 | loadBalancer: 23 | servers: 24 | # S3 backend 25 | - url: https://s3.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /hosts/vps/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, ...}: { 2 | imports = [(modulesPath + "/profiles/qemu-guest.nix")]; 3 | boot.kernelParams = ["console=tty"]; 4 | boot.loader.grub = { 5 | efiSupport = true; 6 | efiInstallAsRemovable = true; 7 | device = "nodev"; 8 | }; 9 | boot.loader.grub.configurationLimit = 2; 10 | fileSystems."/boot" = { 11 | device = "/dev/disk/by-uuid/6FB6-65E7"; 12 | fsType = "vfat"; 13 | }; 14 | boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; 15 | boot.initrd.kernelModules = ["nvme"]; 16 | fileSystems."/" = { 17 | device = "/dev/sda1"; 18 | fsType = "ext4"; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/nixos/dev/podman.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | virtualisation = { 3 | podman = { 4 | enable = true; 5 | # Create a `docker` alias for podman, to use it as a drop-in replacement 6 | dockerCompat = true; 7 | # Required for containers under podman-compose to be able to talk to each other. 8 | defaultNetwork.settings.dns_enabled = true; 9 | }; 10 | }; 11 | 12 | environment.systemPackages = with pkgs; [ 13 | dive # look into docker image layers 14 | podman-tui # status of containers in the terminal 15 | # docker-compose # start group of containers for dev 16 | podman-compose # start group of containers for dev 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/discourse.yomis.blog.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | discourse: 4 | entryPoints: 5 | - web 6 | rule: Host(`discourse.{{env "BLOG_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: discourse 10 | discourse-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`discourse.{{env "BLOG_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: discourse 17 | 18 | services: 19 | discourse: 20 | loadBalancer: 21 | servers: 22 | # discourse backend 23 | - url: "http://host.docker.internal:3000" 24 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/invoice.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | invoice: 4 | entryPoints: 5 | - web 6 | rule: Host(`invoice.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: invoice 10 | invoice-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`invoice.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: invoice 17 | 18 | services: 19 | invoice: 20 | loadBalancer: 21 | servers: 22 | # Invoice backend 23 | - url: http://localhost:8181 24 | # - url: http://localhost:8282 25 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/ombi.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | ombi: 4 | entryPoints: 5 | - web 6 | rule: Host(`ombi.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: ombi 10 | ombi-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`ombi.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: ombi 19 | 20 | services: 21 | ombi: 22 | loadBalancer: 23 | servers: 24 | # Ombi backend 25 | - url: https://ombi.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /modules/darwin/desktop/yabai/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.yabai = { 3 | enable = true; 4 | config = { 5 | window_placement = "second_child"; 6 | window_opacity = "off"; 7 | window_opacity_duration = 0.00; 8 | active_window_opacity = 1.0; 9 | auto_balance = "off"; 10 | split_ratio = 0.50; 11 | mouse_modifier = "ctrl"; 12 | mouse_action2 = "resize"; 13 | mouse_action1 = "move"; 14 | layout = "bsp"; 15 | top_padding = 2; 16 | bottom_padding = 2; 17 | left_padding = 2; 18 | right_padding = 2; 19 | window_gap = 12; 20 | }; 21 | 22 | extraConfig = builtins.readFile ./yabairc; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/adguard.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | adguard: 4 | entryPoints: 5 | - web 6 | rule: Host(`adguard.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: adguard 10 | adguard-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`adguard.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: adguard 17 | 18 | services: 19 | adguard: 20 | loadBalancer: 21 | servers: 22 | # Firefly backend 23 | - url: "http://localhost:3005" 24 | # - url: "http://localhost:8077" 25 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/firefly.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | firefly: 4 | entryPoints: 5 | - web 6 | rule: Host(`firefly.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: firefly 10 | firefly-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`firefly.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: firefly 17 | 18 | services: 19 | firefly: 20 | loadBalancer: 21 | servers: 22 | # Firefly backend 23 | # - url: "http://host.docker.internal:8077" 24 | - url: "http://localhost:8077" 25 | -------------------------------------------------------------------------------- /modules/nixos/default.nix: -------------------------------------------------------------------------------- 1 | # Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). 2 | # These should be stuff you would like to share with others, not your personal configurations. 3 | { 4 | # List your module files here 5 | 6 | # Uncategorized 7 | clipboard = import ./clipboard.nix; 8 | fonts = import ./fonts.nix; 9 | 10 | # Apps 11 | apps = import ./apps; 12 | 13 | # Dev 14 | dev = import ./dev; 15 | 16 | # Desktop 17 | desktop = import ./desktop; 18 | 19 | # Monitoring 20 | monitoring = import ./monitoring; 21 | 22 | # Networking 23 | networking = import ./networking; 24 | 25 | # Power 26 | power = import ./power; 27 | } 28 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/radarr.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | radarr: 4 | entryPoints: 5 | - web 6 | rule: Host(`radarr.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: radarr 10 | radarr-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`radarr.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: radarr 19 | 20 | services: 21 | radarr: 22 | loadBalancer: 23 | servers: 24 | # Radarr backend 25 | - url: https://radarr.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/sonarr.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | sonarr: 4 | entryPoints: 5 | - web 6 | rule: Host(`sonarr.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: sonarr 10 | sonarr-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`sonarr.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: sonarr 19 | 20 | services: 21 | sonarr: 22 | loadBalancer: 23 | servers: 24 | # Sonarr backend 25 | - url: https://sonarr.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /hosts/mstdo/system.nix: -------------------------------------------------------------------------------- 1 | { 2 | system.defaults = { 3 | CustomUserPreferences = {}; 4 | 5 | dock = { 6 | mineffect = "scale"; 7 | minimize-to-application = true; 8 | mru-spaces = false; 9 | orientation = "bottom"; 10 | tilesize = 52; 11 | }; 12 | 13 | NSGlobalDomain = { 14 | ApplePressAndHoldEnabled = false; 15 | "com.apple.sound.beep.feedback" = 0; 16 | "com.apple.trackpad.scaling" = 2.5; 17 | }; 18 | 19 | screencapture = { 20 | type = "jpg"; 21 | disable-shadow = true; 22 | }; 23 | 24 | trackpad = { 25 | ActuationStrength = 0; 26 | FirstClickThreshold = 0; 27 | SecondClickThreshold = 0; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/fidi.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | fidi: 4 | entryPoints: 5 | - web 6 | rule: Host(`fidi.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: fidi 10 | fidi-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`fidi.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | # middlewares: 15 | # - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: fidi 19 | 20 | services: 21 | fidi: 22 | loadBalancer: 23 | servers: 24 | # Firefly Data Importer backend 25 | # - url: "http://localhost:8078" 26 | - url: "http://nop" 27 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/vaultwarden.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | vaultwarden: 4 | entryPoints: 5 | - web 6 | rule: Host(`vaultwarden.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: vaultwarden 10 | vaultwarden-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`vaultwarden.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: vaultwarden 19 | 20 | services: 21 | vaultwarden: 22 | loadBalancer: 23 | servers: 24 | # Vaultwarden backend 25 | - url: http://localhost:8088 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/heimdall.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | heimdall: 4 | entryPoints: 5 | - web 6 | rule: Host(`heimdall.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: heimdall 10 | heimdall-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`heimdall.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: heimdall 19 | 20 | services: 21 | heimdall: 22 | loadBalancer: 23 | servers: 24 | # Heimdall backend 25 | - url: https://heimdall.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/audiobookshelf.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | audiobookshelf: 4 | entryPoints: 5 | - web 6 | rule: Host(`audiobookshelf.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: audiobookshelf 10 | audiobookshelf-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`audiobookshelf.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: audiobookshelf 17 | 18 | services: 19 | audiobookshelf: 20 | loadBalancer: 21 | servers: 22 | # AudioBookShelf backend 23 | - url: https://audiobookshelf.local.{{env "MEDIA_DOMAIN_NAME"}} 24 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/finance.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | firefly: 4 | entryPoints: 5 | - web 6 | rule: Host(`finance.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: firefly 10 | firefly-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`finance.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: firefly 17 | 18 | services: 19 | firefly: 20 | loadBalancer: 21 | servers: 22 | # Firefly backend 23 | # - url: "http://localhost:8077" 24 | # - url: "http://localhost:3001" 25 | - url: "http://127.0.0.1:3001" 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/nextcloud.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | nextcloud: 4 | entryPoints: 5 | - web 6 | rule: Host(`nextcloud.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: nextcloud 10 | nextcloud-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`nextcloud.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: nextcloud 19 | 20 | services: 21 | nextcloud: 22 | loadBalancer: 23 | servers: 24 | # Nextcloud backend 25 | - url: https://nextcloud.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/home.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | homeassistant: 4 | entryPoints: 5 | - web 6 | rule: Host(`home.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: homeassistant 10 | homeassistant-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`home.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: homeassistant 19 | 20 | services: 21 | homeassistant: 22 | loadBalancer: 23 | servers: 24 | # Home Assistant backend 25 | - url: https://home.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/actualbudget.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | actualbudget: 4 | entryPoints: 5 | - web 6 | rule: Host(`actualbudget.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: actualbudget 10 | actualbudget-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`actualbudget.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | service: actualbudget 17 | 18 | services: 19 | actualbudget: 20 | loadBalancer: 21 | servers: 22 | # actual_budget backend 23 | # - url: "http://host.docker.internal:5006" 24 | - url: "http://localhost:5006" 25 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/astrysk-proxmox-testflight.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | astrysk-proxmox-testflight: 4 | entryPoints: 5 | - web 6 | rule: Host(`astrysk-proxmox-testflight.duckdns.org`) 7 | middlewares: 8 | - https_redirect 9 | service: astrysk-proxmox-testflight 10 | astrysk-proxmox-testflight-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`astrysk-proxmox-testflight.duckdns.org`) 14 | tls: 15 | certResolver: letsencrypt-duckdns 16 | service: astrysk-proxmox-testflight 17 | 18 | services: 19 | astrysk-proxmox-testflight: 20 | loadBalancer: 21 | servers: 22 | # Backend 23 | - url: http://nop 24 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/photoprism.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | photoprism: 4 | entryPoints: 5 | - web 6 | rule: Host(`photoprism.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: photoprism 10 | photoprism-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`photoprism.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: photoprism 19 | 20 | services: 21 | photoprism: 22 | loadBalancer: 23 | servers: 24 | # Photoprism backend 25 | - url: https://photoprism.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/zellij/tertiary-layout.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | cwd "/Users/yomi" 3 | default_tab_template { 4 | children 5 | pane size=1 borderless=true { 6 | plugin location="zellij:compact-bar" 7 | } 8 | } 9 | new_tab_template { 10 | pane cwd="/Users/yomi" 11 | pane size=1 borderless=true { 12 | plugin location="compact-bar" 13 | } 14 | } 15 | tab name="misc-1" focus=true { 16 | pane focus=true 17 | } 18 | tab name="misc-2" { 19 | pane focus=true 20 | } 21 | tab name="misc-3" { 22 | pane focus=true 23 | } 24 | tab name="misc-4" { 25 | pane focus=true 26 | } 27 | tab name="misc-5" { 28 | pane focus=true 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/astrysk-ollama-testflight.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | astrysk-ollama-testflight: 4 | entryPoints: 5 | - web 6 | rule: Host(`astrysk-ollama-testflight.duckdns.org`) 7 | middlewares: 8 | - https_redirect 9 | service: astrysk-ollama-testflight 10 | astrysk-ollama-testflight-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`astrysk-ollama-testflight.duckdns.org`) 14 | tls: 15 | certResolver: letsencrypt-duckdns 16 | service: astrysk-ollama-testflight 17 | 18 | services: 19 | astrysk-ollama-testflight: 20 | loadBalancer: 21 | servers: 22 | # Backend 23 | - url: https://ollama-testflight.local.{{env "MEDIA_DOMAIN_NAME"}} 24 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/jellyfin.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | jellyfin: 4 | entryPoints: 5 | - web 6 | rule: Host(`jellyfin.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: jellyfin 10 | jellyfin-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`jellyfin.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | # middlewares: 15 | # - authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: jellyfin 19 | 20 | services: 21 | jellyfin: 22 | loadBalancer: 23 | servers: 24 | # Jellyfin backend 25 | # - url: http://jellyfin.local.${MEDIA_DOMAIN_NAME} 26 | - url: https://jellyfin.local.{{env "MEDIA_DOMAIN_NAME"}} -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/ollama.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | ollama: 4 | entryPoints: 5 | - web 6 | rule: Host(`ollama.{{env "MEDIA_DOMAIN_NAME"}}`) || Host(`chat.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: ollama 10 | ollama-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`ollama.{{env "MEDIA_DOMAIN_NAME"}}`) || Host(`chat.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | #middlewares: 15 | #- authelia 16 | tls: 17 | certResolver: letsencrypt 18 | service: ollama 19 | 20 | services: 21 | ollama: 22 | loadBalancer: 23 | servers: 24 | # Ollama backend 25 | - url: https://ollama.local.{{env "MEDIA_DOMAIN_NAME"}} 26 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/zellij/quaternary-layout.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | cwd "/Users/yomi" 3 | default_tab_template { 4 | children 5 | pane size=1 borderless=true { 6 | plugin location="zellij:compact-bar" 7 | } 8 | } 9 | new_tab_template { 10 | pane cwd="/Users/yomi" 11 | pane size=1 borderless=true { 12 | plugin location="compact-bar" 13 | } 14 | } 15 | tab name="misc-1" focus=true { 16 | pane focus=true 17 | } 18 | tab name="misc-2" { 19 | pane focus=true 20 | } 21 | tab name="misc-3" { 22 | pane focus=true 23 | } 24 | tab name="misc-4" { 25 | pane focus=true 26 | } 27 | tab name="misc-5" { 28 | pane focus=true 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/zellij/secondary-layout.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | cwd "/Users/yomi" 3 | default_tab_template { 4 | children 5 | pane size=1 borderless=true { 6 | plugin location="zellij:compact-bar" 7 | } 8 | } 9 | new_tab_template { 10 | pane cwd="/Users/yomi" 11 | pane size=1 borderless=true { 12 | plugin location="compact-bar" 13 | } 14 | } 15 | tab name="misc-1" focus=true { 16 | pane focus=true 17 | } 18 | tab name="misc-2" { 19 | pane focus=true 20 | } 21 | tab name="misc-3" { 22 | pane focus=true 23 | } 24 | tab name="misc-4" { 25 | pane focus=true 26 | } 27 | tab name="misc-5" { 28 | pane focus=true 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | traefik: 3 | image: traefik:v2.9 4 | container_name: traefik 5 | restart: unless-stopped 6 | network_mode: host 7 | #command: 8 | #- "--log.level=DEBUG" 9 | #- "--api.insecure=true" 10 | #- "--providers.docker=true" 11 | #- "--providers.docker.exposedbydefault=false" 12 | #- "--entrypoints.web.address=:80" 13 | ports: 14 | - 80:80 15 | - 443:443 16 | extra_hosts: 17 | - host.docker.internal:host-gateway 18 | volumes: 19 | - /var/run/docker.sock:/var/run/docker.sock:ro 20 | - ./traefik.yml:/etc/traefik/traefik.yml:ro 21 | - ./file-provider:/etc/traefik/file-provider:ro 22 | - ./logs:/logs 23 | - ./acme:/etc/traefik/acme 24 | env_file: 25 | - .env 26 | -------------------------------------------------------------------------------- /hosts/lxc/machine-learning/README.md: -------------------------------------------------------------------------------- 1 | # machine-learning 2 | 3 | ylac: Yomi's local AI Cloud/Compute 4 | 5 | Install nix on Ubuntu/Debian 6 | 7 | ```bash 8 | sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon 9 | ``` 10 | 11 | Clone this repository 12 | 13 | ```bash 14 | git clone git@github.com:abayomi185/nix-dotfiles.git 15 | ``` 16 | 17 | Run home manager for this host 18 | 19 | ```bash 20 | nix --extra-experimental-features "nix-command flakes" run nixpkgs#home-manager -- --extra-experimental-features "nix-command flakes" switch --flake .#ml@machine-learning 21 | # Optionally with home-manager backup 22 | # nix --extra-experimental-features "nix-command flakes" run nixpkgs#home-manager -- --extra-experimental-features "nix-command flakes" switch --flake .#ml@machine-learning -b backup 23 | ``` 24 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/local.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | local: 4 | entryPoints: 5 | - web 6 | rule: Host(`local.{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: local 10 | local-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`local.{{env "MEDIA_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | domains: 17 | - main: "local.{{env "MEDIA_DOMAIN_NAME"}}" 18 | sans: 19 | - "*.local.{{env "MEDIA_DOMAIN_NAME"}}" 20 | service: local 21 | 22 | services: 23 | local: 24 | loadBalancer: 25 | servers: 26 | # Local backend for certs DNS challenge 27 | - url: https://local.{{env "MEDIA_DOMAIN_NAME"}} 28 | -------------------------------------------------------------------------------- /modules/nixos/power/tlp.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Included in Gnome 3 | services.tlp = { 4 | enable = true; 5 | settings = { 6 | CPU_SCALING_GOVERNOR_ON_AC = "performance"; 7 | CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; 8 | 9 | # $ cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences 10 | CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power"; 11 | CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; 12 | 13 | CPU_MIN_PERF_ON_AC = 0; 14 | CPU_MAX_PERF_ON_AC = 100; 15 | CPU_MIN_PERF_ON_BAT = 0; 16 | CPU_MAX_PERF_ON_BAT = 20; 17 | 18 | #Optional helps save long term battery health 19 | START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge 20 | STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /modules/home-manager/shell/git.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.git = { 3 | enable = true; 4 | userName = "Yomi Ikuru"; 5 | userEmail = "captyomjnr@gmail.com"; 6 | 7 | extraConfig = { 8 | init.defaultBranch = "main"; 9 | core.pager = "bat --paging=always"; 10 | push.autoSetupRemote = true; 11 | 12 | merge = { 13 | tool = "diffview"; 14 | }; 15 | mergetool = { 16 | diffview.cmd = ''nvim -n +DiffviewOpen "$MERGE"''; 17 | keepBackup = false; 18 | prompt = false; 19 | }; 20 | }; 21 | 22 | ignores = [".DS_Store" ".direnv/"]; 23 | }; 24 | 25 | programs.lazygit = { 26 | enable = true; 27 | package = pkgs.unstable.lazygit; 28 | }; 29 | 30 | # Other git related tools 31 | home.packages = with pkgs; [bfg-repo-cleaner]; 32 | } 33 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/yomis.blog.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | blog: 4 | entryPoints: 5 | - web 6 | rule: Host(`{{env "BLOG_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: blog 10 | blog-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`{{env "BLOG_DOMAIN_NAME"}}`) 14 | tls: 15 | certResolver: letsencrypt 16 | domains: 17 | - main: "{{env "BLOG_DOMAIN_NAME"}}" 18 | sans: 19 | - "*.{{env "BLOG_DOMAIN_NAME"}}" 20 | service: blog 21 | 22 | services: 23 | blog: 24 | loadBalancer: 25 | servers: 26 | # Blog backend 27 | - url: "http://localhost:2368" 28 | # - url: "http://host.docker.internal:2368" 29 | # - url: "http://172.17.0.1:2368" -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/file-provider/yomitosh.media.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | landing_page: 4 | entryPoints: 5 | - web 6 | rule: Host(`{{env "MEDIA_DOMAIN_NAME"}}`) 7 | middlewares: 8 | - https_redirect 9 | service: landing_page 10 | landing_page-secure: 11 | entryPoints: 12 | - websecure 13 | rule: Host(`{{env "MEDIA_DOMAIN_NAME"}}`) 14 | middlewares: 15 | - landing_page_redirect 16 | tls: 17 | certResolver: letsencrypt 18 | domains: 19 | - main: "{{env "MEDIA_DOMAIN_NAME"}}" 20 | sans: 21 | - "*.{{env "MEDIA_DOMAIN_NAME"}}" 22 | service: landing_page 23 | 24 | services: 25 | landing_page: 26 | loadBalancer: 27 | servers: 28 | # Landing page on Vercel 29 | - url: "https://media-club-hub.vercel.app" 30 | -------------------------------------------------------------------------------- /hosts/lxc/load-balancer/wireguard.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | ... 5 | }: let 6 | secretsPath = builtins.toString inputs.nix-secrets; 7 | secretsAttributeSet = builtins.fromTOML (builtins.readFile "${secretsPath}/hosts/lxc/load-balancer/secrets.toml"); 8 | 9 | secret_address = secretsAttributeSet.wireguard.interface.address; 10 | secret_peers = secretsAttributeSet.wireguard.peers; 11 | 12 | wireguardSopsFile = "${inputs.nix-secrets}/hosts/lxc/load-balancer/wireguard.enc.yaml"; 13 | in { 14 | sops.secrets.wireguardPrivateKey = { 15 | format = "yaml"; 16 | sopsFile = wireguardSopsFile; 17 | key = "privateKey"; 18 | }; 19 | 20 | networking.wg-quick.interfaces = { 21 | wg0 = { 22 | address = secret_address; 23 | 24 | privateKeyFile = config.sops.secrets.wireguardPrivateKey.path; 25 | 26 | peers = secret_peers; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /modules/home-manager/default.nix: -------------------------------------------------------------------------------- 1 | # Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module). 2 | # These should be stuff you would like to share with others, not your personal configurations. 3 | { 4 | # List your module files here 5 | # my-module = import ./my-module.nix; 6 | 7 | # Apps 8 | apps = import ./apps; 9 | 10 | # Browsers 11 | browsers = import ./browsers; 12 | 13 | # Casks - For macOS only using brew-nix 14 | casks = import ./casks; 15 | 16 | # Desktop 17 | desktop = import ./desktop; 18 | 19 | # Dev 20 | dev = import ./dev; 21 | 22 | # Monitoring 23 | monitoring = import ./monitoring; 24 | 25 | # Music 26 | music = import ./music; 27 | 28 | # Shell 29 | shell = import ./shell; 30 | 31 | # Terminal 32 | terminal = import ./terminal; 33 | 34 | # Utils 35 | utils = import ./utils; 36 | } 37 | -------------------------------------------------------------------------------- /modules/home-manager/browsers/vimium_c.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Vimium C", 3 | "@time": "24/06/2024, 18:33:38", 4 | "time": 1719250418243, 5 | "environment": { 6 | "extension": "1.99.994", 7 | "platform": "mac", 8 | "chromium": 126 9 | }, 10 | "exclusionRules": [ 11 | { 12 | "passKeys": "", 13 | "pattern": ":https://mail.google.com/" 14 | }, 15 | { 16 | "passKeys": "", 17 | "pattern": ":https://proxmox.local.yomitosh.media/" 18 | }, 19 | { 20 | "passKeys": "", 21 | "pattern": ":https://proxmox.local.yomitosh.media/" 22 | }, 23 | { 24 | "passKeys": "", 25 | "pattern": ":https://console.hetzner.cloud/console" 26 | } 27 | ], 28 | "keyLayout": 2, 29 | "keyMappings": [ 30 | "#!no-check", 31 | "map visitPreviousTab", 32 | "map C removeTab", 33 | "map J nextTab", 34 | "map K previousTab", 35 | "unmap ", 36 | "" 37 | ], 38 | "vimSync": true 39 | } 40 | -------------------------------------------------------------------------------- /pkgs/_sources/generated.nix: -------------------------------------------------------------------------------- 1 | # This file was generated by nvfetcher, please do not modify it manually. 2 | { fetchgit, fetchurl, fetchFromGitHub, dockerTools }: 3 | { 4 | wezterm = { 5 | pname = "wezterm"; 6 | version = "79ce027d3805ed43ff533b19802a4a2e7d9a9623"; 7 | src = fetchFromGitHub { 8 | owner = "wez"; 9 | repo = "wezterm"; 10 | rev = "79ce027d3805ed43ff533b19802a4a2e7d9a9623"; 11 | fetchSubmodules = true; 12 | sha256 = "sha256-hws7UpwYFdWE2t1h6iBZx8yONMAoHHPjFASTNqo3GqM="; 13 | }; 14 | cargoLock."Cargo.lock" = { 15 | lockFile = ./wezterm-79ce027d3805ed43ff533b19802a4a2e7d9a9623/Cargo.lock; 16 | outputHashes = { 17 | "xcb-imdkit-0.3.0" = "sha256-fTpJ6uNhjmCWv7dZqVgYuS2Uic36XNYTbqlaly5QBjI="; 18 | "sqlite-cache-0.1.3" = "sha256-sBAC8MsQZgH+dcWpoxzq9iw5078vwzCijgyQnMOWIkk="; 19 | }; 20 | }; 21 | date = "2024-05-10"; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/lxc/network-share/lxc.conf: -------------------------------------------------------------------------------- 1 | ## NixOS LXC 2 | ## Network Share 3 | arch: amd64 4 | cmode: console 5 | cpulimit: 8 6 | features: mount=nfs;cifs,nesting=1 7 | hostname: network-share 8 | memory: 2048 9 | mp0: /mnt/mopower,mp=/mnt/mopower 10 | mp1: /mnt/mospeed,mp=/mnt/mospeed 11 | mp2: /mnt/mofp0/kubernetes/home-cluster/configs,mp=/mnt/mofp0/kubernetes/home-cluster/configs 12 | mp3: /mnt/mofp0/kubernetes/home-cluster/data,mp=/mnt/mofp0/kubernetes/home-cluster/data 13 | mp4: /mnt/mofp0/backups/TimeMachine,mp=/mnt/mofp0/backups/TimeMachine 14 | mp5: /mnt/mofp0/data,mp=/mnt/mofp0/data 15 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BA:63:03:3D:DB:ED,type=veth 16 | net1: name=eth1,bridge=vmbr1,firewall=1,hwaddr=3E:7D:3A:7D:BB:43,type=veth 17 | net2: name=eth2,bridge=vmbr2,firewall=1,hwaddr=4E:08:AB:17:5C:81,type=veth 18 | onboot: 1 19 | ostype: unmanaged 20 | rootfs: local-lvm:vm-202-disk-0,size=10G 21 | startup: order=4 22 | swap: 0 23 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/services/xdg.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | # xdg.mimeApps = { 3 | # enable = true; 4 | # defaultApplications = { 5 | # "application/pdf" = ["brave-browser.desktop"]; 6 | # "x-scheme-handler/http" = ["brave-browser.desktop"]; 7 | # "x-scheme-handler/https" = ["brave-browser.desktop"]; 8 | # "text/html" = ["brave-browser.desktop"]; 9 | # }; 10 | # }; 11 | 12 | xdg.portal = { 13 | enable = true; 14 | xdgOpenUsePortal = true; 15 | 16 | config = { 17 | common = { 18 | default = ["gtk"]; 19 | "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; 20 | "org.freedesktop.impl.portal.FileChooser" = ["nemo"]; 21 | }; 22 | hyprland = { 23 | default = ["gtk" "hyprland"]; 24 | }; 25 | }; 26 | 27 | extraPortals = with pkgs; [ 28 | xdg-desktop-portal-gtk 29 | xdg-desktop-portal-hyprland 30 | ]; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/home-manager/apps/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | bat = import ./bat.nix; 3 | bitwarden-cli = import ./bitwarden-cli.nix; 4 | blender = import ./blender.nix; 5 | calibre = import ./calibre.nix; 6 | cura = import ./cura.nix; 7 | davinci-resolve-studio = import ./davinci-resolve-studio.nix; 8 | discord = import ./discord.nix; 9 | jq = import ./jq.nix; 10 | k9s = import ./k9s.nix; 11 | karabiner-elements = import ./karabiner-elements; 12 | neovim = import ./neovim.nix; 13 | neovim-unstable = import ./neovim-unstable.nix; 14 | obs = import ./obs.nix; 15 | obsidian = import ./obsidian.nix; 16 | openscad = import ./openscad.nix; 17 | skhd = import ./skhd.nix; 18 | orca-slicer = import ./orca-slicer.nix; 19 | prusa-slicer = import ./prusa-slicer.nix; 20 | ripgrep = import ./ripgrep.nix; 21 | spacedrive = import ./spacedrive.nix; 22 | tree = import ./tree.nix; 23 | vscode = import ./vscode; 24 | yabai = import ./yabai.nix; 25 | } 26 | -------------------------------------------------------------------------------- /hosts/vps/apps/traefik/file-provider/yomitosh.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.traefik.dynamicConfigOptions = { 3 | http.routers.landing_page = { 4 | entryPoints = ["web"]; 5 | rule = ''Host("{{env `MEDIA_DOMAIN_NAME`}}")''; 6 | middlewares = ["https_redirect"]; 7 | service = "landing_page"; 8 | }; 9 | 10 | http.routers.landing_page-secure = { 11 | entryPoints = ["websecure"]; 12 | rule = ''Host("{{env `MEDIA_DOMAIN_NAME`}}")''; 13 | middlewares = ["landing_page_redirect"]; 14 | service = "landing_page"; 15 | tls = { 16 | certResolver = "letsencrypt"; 17 | domains = [ 18 | { 19 | main = ''{{env `MEDIA_DOMAIN_NAME`}}''; 20 | sans = [''*.{{env `MEDIA_DOMAIN_NAME`}}'']; 21 | } 22 | ]; 23 | }; 24 | }; 25 | 26 | http.services.landing_page.loadBalancer.servers = [ 27 | {url = ''https://media-club-hub.vercel.app'';} 28 | ]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/mbp14/system.nix: -------------------------------------------------------------------------------- 1 | { 2 | system.defaults = { 3 | CustomUserPreferences = {}; 4 | 5 | dock = { 6 | autohide = true; 7 | mineffect = "scale"; 8 | minimize-to-application = true; 9 | mru-spaces = false; 10 | orientation = "bottom"; 11 | tilesize = 45; 12 | }; 13 | 14 | finder = { 15 | ShowPathbar = true; 16 | }; 17 | 18 | NSGlobalDomain = { 19 | AppleInterfaceStyleSwitchesAutomatically = true; 20 | ApplePressAndHoldEnabled = false; 21 | AppleShowAllExtensions = false; 22 | "com.apple.sound.beep.feedback" = 0; 23 | "com.apple.trackpad.scaling" = 2.5; 24 | InitialKeyRepeat = 15; 25 | KeyRepeat = 2; 26 | # NSStatusItemSpacing = 12; 27 | # NSStatusItemSelectionPadding = 8; 28 | }; 29 | 30 | screencapture = { 31 | type = "jpg"; 32 | disable-shadow = true; 33 | }; 34 | 35 | trackpad = { 36 | ActuationStrength = 0; 37 | FirstClickThreshold = 0; 38 | SecondClickThreshold = 0; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/lxc/machine-learning/lxc.conf: -------------------------------------------------------------------------------- 1 | arch: amd64 2 | cpulimit: 10 3 | features: nesting=1 4 | hostname: machine-learning 5 | memory: 98304 6 | mp0: /mnt/mofp0/data/machine_learning,mp=/exports 7 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=4A:23:40:4C:78:7B,type=veth # ip=dhcp, 8 | net1: name=eth1,bridge=vmbr2,firewall=1,hwaddr=42:EB:1A:B1:49:F2,type=veth # ip=10.0.7.250/24 9 | onboot: 1 10 | ostype: ubuntu 11 | rootfs: mofp0:250/vm-250-disk-1.raw,size=320G 12 | swap: 16384 13 | unprivileged: 1 14 | lxc.cgroup2.devices.allow: c 195:* rwm 15 | lxc.cgroup2.devices.allow: c 507:* rwm 16 | lxc.mount.entry: /dev/nvidia0 dev/nvidia0 none bind,optional,create=file 17 | lxc.mount.entry: /dev/nvidiactl dev/nvidiactl none bind,optional,create=file 18 | lxc.mount.entry: /dev/nvidia-uvm dev/nvidia-uvm none bind,optional,create=file 19 | lxc.mount.entry: /dev/nvidia-uvm-tools dev/nvidia-uvm-tools none bind,optional,create=file 20 | lxc.idmap: u 0 100000 1001 21 | lxc.idmap: g 0 100000 100 22 | lxc.idmap: u 1001 1001 1 23 | lxc.idmap: g 100 100 1 24 | lxc.idmap: u 1002 101002 64534 25 | lxc.idmap: g 101 100101 65435 26 | -------------------------------------------------------------------------------- /pkgs/_sources/generated.json: -------------------------------------------------------------------------------- 1 | { 2 | "wezterm": { 3 | "cargoLocks": { 4 | "Cargo.lock": [ 5 | "./wezterm-79ce027d3805ed43ff533b19802a4a2e7d9a9623/Cargo.lock", 6 | { 7 | "sqlite-cache-0.1.3": "sha256-sBAC8MsQZgH+dcWpoxzq9iw5078vwzCijgyQnMOWIkk=", 8 | "xcb-imdkit-0.3.0": "sha256-fTpJ6uNhjmCWv7dZqVgYuS2Uic36XNYTbqlaly5QBjI=" 9 | } 10 | ] 11 | }, 12 | "date": "2024-05-10", 13 | "extract": null, 14 | "name": "wezterm", 15 | "passthru": null, 16 | "pinned": false, 17 | "src": { 18 | "deepClone": false, 19 | "fetchSubmodules": true, 20 | "leaveDotGit": false, 21 | "name": null, 22 | "owner": "wez", 23 | "repo": "wezterm", 24 | "rev": "79ce027d3805ed43ff533b19802a4a2e7d9a9623", 25 | "sha256": "sha256-hws7UpwYFdWE2t1h6iBZx8yONMAoHHPjFASTNqo3GqM=", 26 | "type": "github" 27 | }, 28 | "version": "79ce027d3805ed43ff533b19802a4a2e7d9a9623" 29 | } 30 | } -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | # This file defines overlays 2 | {inputs, ...}: { 3 | # This one brings our custom packages from the 'pkgs' directory 4 | additions = final: _prev: import ../pkgs {pkgs = final;}; 5 | 6 | # This one contains whatever you want to overlay 7 | # You can change versions, add patches, set compilation flags, anything really. 8 | # https://nixos.wiki/wiki/Overlays 9 | modifications = final: prev: { 10 | # example = prev.example.overrideAttrs (oldAttrs: rec { 11 | # ... 12 | # }); 13 | }; 14 | 15 | # When applied, the unstable nixpkgs set (declared in the flake inputs) will 16 | # be accessible through 'pkgs.unstable' 17 | unstable-packages = final: _prev: { 18 | unstable = import inputs.nixpkgs-unstable { 19 | system = final.system; 20 | config.allowUnfree = true; 21 | }; 22 | }; 23 | 24 | # When applied, the stable nixpkgs set (declared in the flake inputs) will 25 | # be accessible through 'pkgs.stable' 26 | stable-packages = final: _prev: { 27 | stable = import inputs.nixpkgs-stable { 28 | inherit (final) system; 29 | config.allowUnfree = true; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /hosts/vps/containers/firefly/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | app: 3 | image: fireflyiii/core:latest 4 | hostname: firefly-app 5 | restart: unless-stopped 6 | volumes: 7 | - firefly_iii_upload:/var/www/html/storage/upload 8 | env_file: .env 9 | ports: 10 | - 127.0.0.1:8077:8080 11 | depends_on: 12 | - db 13 | 14 | db: 15 | image: mariadb:lts 16 | hostname: firefly-db 17 | restart: unless-stopped 18 | env_file: .db.env 19 | volumes: 20 | - firefly_iii_db:/var/lib/mysql 21 | 22 | fidi: 23 | image: fireflyiii/data-importer:latest 24 | restart: always 25 | env_file: .fidi.env 26 | ports: 27 | - 127.0.0.1:8078:8080 28 | depends_on: 29 | - app 30 | 31 | cron: 32 | image: alpine 33 | restart: unless-stopped 34 | container_name: firefly_iii_cron 35 | env_file: .cron.env 36 | command: sh -c "echo \"0 3 * * * wget -qO- $CRON_URL\" | crontab - && crond -f -L /dev/stdout" 37 | networks: 38 | - firefly_iii 39 | 40 | volumes: 41 | firefly_iii_upload: 42 | firefly_iii_db: 43 | 44 | 45 | networks: 46 | firefly_iii: 47 | driver: bridge 48 | -------------------------------------------------------------------------------- /modules/home-manager/browsers/brave.nix: -------------------------------------------------------------------------------- 1 | # Make sure that the brave package in nixpkgs has an override method 2 | # which supports the commandLineArgs attribute. 3 | # If it doesn't, you will need to find a different approach to customize the package, 4 | # such as using wrapProgram in a pkgs.stdenv.mkDerivation 5 | { 6 | programs.brave = { 7 | enable = true; 8 | commandLineArgs = [ 9 | "--enable-features=UseOzonePlatform,TouchpadOverscrollHistoryNavigation" 10 | "--ozone-platform=wayland" 11 | # "--password-store=gnome-libsecret" 12 | ]; 13 | extensions = [ 14 | {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # Ublock Origin 15 | {id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";} # Dark Reader 16 | {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} # Vimium C 17 | {id = "nffaoalbilbmmfgbnbgppjihopabppdk";} # Video speed controller 18 | {id = "mnjggcdmjocbbbhaepdhchncahnbgone";} # SponsorBlock 19 | # {id = "nngceckbapebfimnlniiiahkandclblb";} # Bitwarden 20 | {id = "jhnleheckmknfcgijgkadoemagpecfol";} # Auto Tab Discard 21 | {id = "niloccemoadcdkdjlinkgdfekeahmflj";} # Pocket 22 | # {id = "bmnlcjabgnpnenekpadlanbbkooimhnj";} # Honey 23 | ]; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/ghostty/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | ghostty-mock = pkgs.writeShellScriptBin "gostty-mock" '' 7 | true 8 | ''; 9 | in { 10 | # Ghostty is broken on macOS, so we mock it 11 | # Using homebrew cask instead 12 | programs.ghostty = { 13 | enable = true; 14 | package = ghostty-mock; # Set explicitly to null, as it is managed externally 15 | enableZshIntegration = true; 16 | installBatSyntax = false; 17 | # Consider using this key at a later point 18 | # settings = { 19 | # theme = "dark:tokyonight,light:zenwritten_light"; 20 | # macos-titlebar-style = "hidden"; 21 | # macos-non-native-fullscreen = "true"; 22 | # macos-option-as-alt = "true"; 23 | # window-save-state = "always"; 24 | # keybind = [ 25 | # "alt+left=unbind" 26 | # "alt+right=unbind" 27 | # "alt+up=unbind" 28 | # "alt+down=unbind" 29 | # ]; 30 | # }; 31 | }; 32 | 33 | # Set up symlink to wezterm.lua 34 | xdg.configFile."ghostty/config".source = 35 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/ghostty/config"; 36 | } 37 | -------------------------------------------------------------------------------- /modules/home-manager/apps/vscode/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | userDir = 7 | if pkgs.stdenv.hostPlatform.isDarwin 8 | then "Library/Application Support/Code/User" 9 | else "${config.xdg.configHome}/Code/User"; 10 | in { 11 | programs.vscode = { 12 | enable = true; 13 | profiles.default = { 14 | extensions = with pkgs.vscode-extensions; [ 15 | ms-vscode-remote.remote-ssh 16 | vscodevim.vim 17 | github.copilot 18 | eamodio.gitlens 19 | donjayamanne.githistory 20 | emroussel.atomize-atom-one-dark-theme 21 | vscode-icons-team.vscode-icons 22 | oderwat.indent-rainbow 23 | alefragnani.bookmarks 24 | kamikillerto.vscode-colorize 25 | esbenp.prettier-vscode 26 | ]; 27 | }; 28 | }; 29 | 30 | # Symlinks for VSCode settings and keybindings 31 | home.file."${userDir}/settings.json".source = 32 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/apps/vscode/settings.json"; 33 | 34 | home.file."${userDir}/keybindings.json".source = 35 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/apps/vscode/keybindings.json"; 36 | } 37 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/gtk.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | # gtk = { 7 | # enable = true; 8 | # font = { 9 | # package = pkgs.nerdfonts.override {fonts = ["Mononoki"];}; 10 | # name = "Mononoki Nerd Font Regular"; 11 | # size = 18; 12 | # }; 13 | # }; 14 | 15 | gtk = { 16 | enable = true; 17 | iconTheme = { 18 | name = "Papirus-Dark"; 19 | package = pkgs.catppuccin-papirus-folders.override { 20 | flavor = "mocha"; 21 | accent = "pink"; 22 | }; 23 | }; 24 | theme = { 25 | name = "Catppuccin-Macchiato-Compact-Pink-Dark"; 26 | package = pkgs.catppuccin-gtk.override { 27 | accents = ["pink"]; 28 | size = "compact"; 29 | tweaks = ["rimless" "black"]; 30 | variant = "macchiato"; 31 | }; 32 | }; 33 | }; 34 | 35 | # Now symlink the `~/.config/gtk-4.0/` folder declaratively: 36 | xdg.configFile = { 37 | "gtk-4.0/assets".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/assets"; 38 | "gtk-4.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk.css"; 39 | "gtk-4.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk-dark.css"; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/darwin/desktop/spacebar/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.spacebar = { 3 | enable = true; 4 | package = pkgs.spacebar; 5 | 6 | config = { 7 | position = "top"; 8 | display = "main"; 9 | height = 26; 10 | title = "on"; 11 | spaces = "on"; 12 | clock = "on"; 13 | power = "on"; 14 | padding_left = 20; 15 | padding_right = 20; 16 | spacing_left = 25; 17 | spacing_right = 15; 18 | text_font = ''"Menlo:Regular:12.0"''; 19 | icon_font = ''"Font Awesome 5 Free:Solid:12.0"''; 20 | background_color = "0xff202020"; 21 | foreground_color = "0xffa8a8a8"; 22 | power_icon_color = "0xffcd950c"; 23 | battery_icon_color = "0xffd75f5f"; 24 | dnd_icon_color = "0xffa8a8a8"; 25 | clock_icon_color = "0xffa8a8a8"; 26 | power_icon_strip = " "; 27 | space_icon = "•"; 28 | space_icon_strip = "1 2 3 4 5 6 7 8 9 10"; 29 | spaces_for_all_displays = "on"; 30 | display_separator = "on"; 31 | display_separator_icon = ""; 32 | space_icon_color = "0xff458588"; 33 | space_icon_color_secondary = "0xff78c4d4"; 34 | space_icon_color_tertiary = "0xfffff9b0"; 35 | clock_icon = ""; 36 | dnd_icon = ""; 37 | clock_format = ''"%d/%m/%y %R"''; 38 | right_shell = "on"; 39 | right_shell_icon = ""; 40 | right_shell_command = "whoami"; 41 | }; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/zellij/primary-layout.kdl: -------------------------------------------------------------------------------- 1 | layout { 2 | cwd "/Users/yomi" 3 | default_tab_template { 4 | children 5 | pane size=1 borderless=true { 6 | plugin location="zellij:compact-bar" 7 | } 8 | } 9 | new_tab_template { 10 | pane cwd="/Users/yomi" 11 | pane size=1 borderless=true { 12 | plugin location="compact-bar" 13 | } 14 | } 15 | tab name="nix-dotfiles" focus=true { 16 | pane cwd="nix-dotfiles" focus=true 17 | } 18 | tab name="dev-templates" { 19 | pane cwd="s-projek/nix-dev-templates" 20 | } 21 | tab name="bike-computer" { 22 | pane cwd="h-projek/bike_computer" 23 | } 24 | tab name="velo" { 25 | pane cwd="h-projek/velo-genesis" 26 | } 27 | tab name="yomitosh" { 28 | pane cwd="s-projek/yomitosh-dev" 29 | } 30 | tab name="astrysk" { 31 | pane cwd="s-projek/astrysk" 32 | } 33 | tab name="astrysk-dev" { 34 | pane cwd="s-projek/astrysk/apps/astrysk" 35 | } 36 | tab name="leetcode" { 37 | pane cwd="s-projek/leetcode-grind" 38 | } 39 | tab name="home-ops" { 40 | pane cwd="s-projek/home-ops" 41 | } 42 | tab name="nvim" { 43 | pane cwd=".config/nvim" 44 | } 45 | tab name="blog" { 46 | pane cwd="s-projek/yomis-blog" 47 | } 48 | tab name="wayom" { 49 | pane cwd="s-projek/wayom-ts" 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /hosts/knode/minimal-configuration.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, ...}: let 2 | timeZone = "Europe/London"; 3 | defaultLocale = "en_GB.UTF-8"; 4 | in { 5 | imports = [ 6 | # Include the default lxc/lxd configuration. 7 | "${modulesPath}/virtualisation/lxc-container.nix" 8 | ]; 9 | 10 | nix.settings.experimental-features = ["nix-command" "flakes"]; 11 | 12 | boot.isContainer = true; 13 | networking.hostName = "knode"; 14 | 15 | time.timeZone = timeZone; 16 | 17 | i18n = { 18 | defaultLocale = defaultLocale; 19 | extraLocaleSettings = { 20 | LC_ADDRESS = defaultLocale; 21 | LC_IDENTIFICATION = defaultLocale; 22 | LC_MEASUREMENT = defaultLocale; 23 | LC_MONETARY = defaultLocale; 24 | LC_NAME = defaultLocale; 25 | LC_NUMERIC = defaultLocale; 26 | LC_PAPER = defaultLocale; 27 | LC_TELEPHONE = defaultLocale; 28 | LC_TIME = defaultLocale; 29 | }; 30 | }; 31 | 32 | # Supress systemd units that don't work because of LXC. 33 | # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak 34 | systemd.suppressedSystemUnits = [ 35 | "dev-mqueue.mount" 36 | "sys-kernel-debug.mount" 37 | "sys-fs-fuse-connections.mount" 38 | ]; 39 | 40 | networking.interfaces = { 41 | eth0 = { 42 | ipv4.addresses = [ 43 | { 44 | address = "10.0.1.49"; 45 | prefixLength = 24; 46 | } 47 | ]; 48 | }; 49 | }; 50 | networking.defaultGateway = "10.0.1.1"; 51 | networking.nameservers = ["1.0.1.53"]; 52 | 53 | system.stateVersion = "24.05"; 54 | } 55 | -------------------------------------------------------------------------------- /hosts/vps/home.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.username = "cloud"; 3 | home.homeDirectory = "/home/cloud"; 4 | home.packages = with pkgs; [ 5 | age 6 | alejandra 7 | nil 8 | nixpkgs-fmt 9 | btop 10 | lazygit 11 | lua-language-server 12 | nodejs_22 13 | stylua 14 | selene 15 | ssh-to-age 16 | ]; 17 | 18 | # NOTE: Shells 19 | programs.zsh = { 20 | enable = true; 21 | autosuggestion.enable = true; 22 | enableCompletion = true; 23 | syntaxHighlighting.enable = true; 24 | history.size = 10000; 25 | shellAliases = { 26 | la = "ls -la"; 27 | check = "nix flake check"; 28 | update = "sudo nixos-rebuild switch"; 29 | garbage = "sudo nix-collect-garbage --delete-older-than"; 30 | develop = "nix develop -c $SHELL"; 31 | }; 32 | # zshrc equivalent 33 | # initExtra = ""; 34 | # zshenv equivalent 35 | # envExtra = ""; 36 | # zprofile equivalent 37 | # profileExtra = ""; 38 | 39 | oh-my-zsh = { 40 | enable = true; 41 | plugins = ["git" "vi-mode"]; 42 | theme = "robbyrussell"; 43 | }; 44 | }; 45 | programs.direnv = { 46 | enable = true; 47 | enableZshIntegration = true; 48 | nix-direnv.enable = true; 49 | }; 50 | programs.bat = { 51 | enable = true; 52 | }; 53 | programs.git = { 54 | enable = true; 55 | userName = "Yomi Ikuru"; 56 | userEmail = "yomi+git_cloud_vps@yomitosh.com"; 57 | }; 58 | 59 | programs.home-manager.enable = true; 60 | systemd.user.startServices = "sd-switch"; 61 | home.stateVersion = "23.11"; 62 | } 63 | -------------------------------------------------------------------------------- /modules/home-manager/browsers/auto_tab_discard.json: -------------------------------------------------------------------------------- 1 | { 2 | "chrome.storage.local": { 3 | "./plugins/blank/core.js": true, 4 | "./plugins/dummy/core.js": false, 5 | "./plugins/focus/core.js": false, 6 | "./plugins/force/core.js": false, 7 | "./plugins/new/core.js": false, 8 | "./plugins/next/core.js": false, 9 | "./plugins/previous/core.js": false, 10 | "./plugins/trash/core.js": false, 11 | "./plugins/unloaded/core.js": false, 12 | "./plugins/youtube/core.js": false, 13 | "audio": true, 14 | "battery": false, 15 | "click": "click.popup", 16 | "faqs": true, 17 | "favicon": false, 18 | "favicon-delay": 100, 19 | "force.hostnames": [], 20 | "form": true, 21 | "go-hidden": false, 22 | "idle": false, 23 | "idle-timeout": 300, 24 | "last-update": 1726430204230, 25 | "link.context": true, 26 | "log": false, 27 | "max.single.discard": 50, 28 | "memory-enabled": false, 29 | "memory-value": 60, 30 | "mode": "time-based", 31 | "notification.permission": false, 32 | "number": 6, 33 | "online": true, 34 | "page.context": false, 35 | "paused": false, 36 | "period": 600, 37 | "pinned": true, 38 | "prepends": "💤", 39 | "simultaneous-jobs": 10, 40 | "startup-pinned": false, 41 | "startup-release-pinned": false, 42 | "startup-unpinned": false, 43 | "tab.context": true, 44 | "trash.period": 24, 45 | "trash.unloaded": false, 46 | "trash.whitelist-url": [], 47 | "whitelist": [], 48 | "whitelist-url": [] 49 | }, 50 | "localStorage": { 51 | "click": "popup" 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /hosts/lxc/minimal-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | modulesPath, 3 | pkgs, 4 | ... 5 | }: let 6 | timeZone = "Europe/London"; 7 | defaultLocale = "en_GB.UTF-8"; 8 | 9 | hostname = "temp_lxc_node"; 10 | default_gateway = "10.0.1.1"; 11 | nameservers = ["10.0.1.53"]; 12 | 13 | ipv4_address = "10.0.1.254"; 14 | in { 15 | imports = [ 16 | # Include the default lxc/lxd configuration. 17 | "${modulesPath}/virtualisation/lxc-container.nix" 18 | ]; 19 | 20 | nix.settings.experimental-features = ["nix-command" "flakes"]; 21 | 22 | boot.isContainer = true; 23 | networking.hostName = hostname; 24 | 25 | time.timeZone = timeZone; 26 | 27 | i18n = { 28 | defaultLocale = defaultLocale; 29 | extraLocaleSettings = { 30 | LC_ADDRESS = defaultLocale; 31 | LC_IDENTIFICATION = defaultLocale; 32 | LC_MEASUREMENT = defaultLocale; 33 | LC_MONETARY = defaultLocale; 34 | LC_NAME = defaultLocale; 35 | LC_NUMERIC = defaultLocale; 36 | LC_PAPER = defaultLocale; 37 | LC_TELEPHONE = defaultLocale; 38 | LC_TIME = defaultLocale; 39 | }; 40 | }; 41 | 42 | # Supress systemd units that don't work because of LXC. 43 | # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak 44 | systemd.suppressedSystemUnits = [ 45 | "dev-mqueue.mount" 46 | "sys-kernel-debug.mount" 47 | "sys-fs-fuse-connections.mount" 48 | ]; 49 | 50 | environment.systemPackages = with pkgs; [git]; 51 | 52 | networking.interfaces = { 53 | eth0 = { 54 | ipv4.addresses = [ 55 | { 56 | address = ipv4_address; 57 | prefixLength = 24; 58 | } 59 | ]; 60 | }; 61 | }; 62 | networking.defaultGateway = default_gateway; 63 | networking.nameservers = nameservers; 64 | 65 | system.stateVersion = "24.05"; 66 | } 67 | -------------------------------------------------------------------------------- /hosts/vps/containers/traefik/docker-compose.nix: -------------------------------------------------------------------------------- 1 | # Auto-generated using compose2nix v0.2.1-pre. 2 | { 3 | config, 4 | inputs, 5 | lib, 6 | pkgs, 7 | ... 8 | }: let 9 | basePath = "/home/cloud/nix-dotfiles/hosts/vps/containers/traefik"; 10 | in { 11 | # Secrets 12 | age.secrets.vps_containers_traefik.file = "${inputs.nix-secrets}/hosts/vps/containers/traefik/env.age"; 13 | 14 | # Containers 15 | virtualisation.oci-containers.containers."traefik" = { 16 | image = "traefik:v2.9"; 17 | environmentFiles = [ 18 | config.age.secrets.vps_containers_traefik.path 19 | ]; 20 | volumes = [ 21 | "${basePath}/acme:/etc/traefik/acme:rw" 22 | "${basePath}/file-provider:/etc/traefik/file-provider:ro" 23 | "${basePath}/logs:/logs:rw" 24 | "${basePath}/traefik.yml:/etc/traefik/traefik.yml:ro" 25 | "/run/podman/podman.sock:/var/run/docker.sock:ro" 26 | ]; 27 | ports = [ 28 | "80:80/tcp" 29 | "443:443/tcp" 30 | ]; 31 | log-driver = "journald"; 32 | # extraOptions = [ 33 | # "--add-host=host.docker.internal:host-gateway" 34 | # "--network=host" 35 | # ]; 36 | }; 37 | systemd.services."podman-traefik" = { 38 | serviceConfig = { 39 | Restart = lib.mkOverride 500 "always"; 40 | }; 41 | partOf = [ 42 | "podman-compose-traefik-root.target" 43 | ]; 44 | wantedBy = [ 45 | "podman-compose-traefik-root.target" 46 | ]; 47 | }; 48 | 49 | # Root service 50 | # When started, this will automatically create all resources and start 51 | # the containers. When stopped, this will teardown all resources. 52 | systemd.targets."podman-compose-traefik-root" = { 53 | unitConfig = { 54 | Description = "Root target generated by compose2nix."; 55 | }; 56 | wantedBy = ["multi-user.target"]; 57 | }; 58 | } 59 | -------------------------------------------------------------------------------- /modules/home-manager/shell/zsh.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: { 6 | options.programs.zsh.extendedShellAliases = lib.mkOption { 7 | type = lib.types.attrsOf lib.types.str; 8 | default = {}; 9 | description = "Shell aliases for Zsh."; 10 | }; 11 | 12 | config = { 13 | # Common configuration for Zsh 14 | programs.zsh = { 15 | enable = lib.mkDefault true; 16 | 17 | enableCompletion = true; 18 | autosuggestion.enable = true; 19 | syntaxHighlighting.enable = true; 20 | 21 | history.size = lib.mkDefault 10000; 22 | 23 | # Define default shell aliases 24 | shellAliases = lib.mkMerge [ 25 | { 26 | batl = "bat --theme=OneHalfLight"; 27 | check = "nix flake check"; 28 | develop = "nix develop -c $SHELL"; 29 | dv = "eval $(direnv hook zsh)"; 30 | garbage = "sudo nix-collect-garbage --delete-older-than"; 31 | gc = "nix-collect-garbage"; 32 | la = "ls -la"; 33 | lg = "lazygit"; 34 | update = lib.mkDefault "sudo nixos-rebuild switch"; 35 | vim = "nvim"; 36 | ns = "NIXPKGS_ALLOW_UNFREE=1 nix-shell -p"; 37 | } 38 | config.programs.zsh.extendedShellAliases 39 | ]; 40 | 41 | # zshrc equivalent 42 | initExtra = lib.mkDefault ""; 43 | 44 | # zshenv equivalent 45 | envExtra = lib.mkDefault ""; 46 | 47 | # zprofile equivalent 48 | profileExtra = lib.mkDefault ""; 49 | 50 | oh-my-zsh = { 51 | enable = lib.mkDefault true; 52 | plugins = [ 53 | "git" 54 | "vi-mode" 55 | # "direnv" 56 | ]; 57 | }; 58 | }; 59 | 60 | programs.direnv = { 61 | enable = lib.mkDefault false; 62 | enableZshIntegration = true; 63 | nix-direnv.enable = true; 64 | }; 65 | }; 66 | } 67 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/hyprland/hypridle.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.hypridle = { 3 | enable = true; 4 | 5 | settings = { 6 | general = { 7 | lock_cmd = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock"; 8 | before_sleep_cmd = "${pkgs.systemd}/bin/loginctl lock-session"; 9 | after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on"; 10 | }; 11 | 12 | listener = [ 13 | { 14 | timeout = 180; # 3 minutes 15 | on-timeout = '' 16 | cat /sys/class/leds/tpacpi::kbd_backlight/brightness > /tmp/kbd_backlight 17 | echo 0 > /sys/class/leds/tpacpi::kbd_backlight/brightness 18 | ''; # turn off keyboard backlight 19 | on-resume = '' 20 | if [ -f /tmp/kbd_backlight ]; then 21 | cat /tmp/kbd_backlight > /sys/class/leds/tpacpi::kbd_backlight/brightness 22 | fi 23 | ''; # restore keyboard backlight 24 | } 25 | { 26 | timeout = 405; # 6 minutes 50 seconds 27 | on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor. 28 | on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; # monitor backlight restore 29 | } 30 | { 31 | timeout = 420; # 7 minutes 32 | on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off"; # screen off when timeout has passed 33 | on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on"; # screen on when activity is detected 34 | } 35 | { 36 | timeout = 430; # 7 minutes 10 seconds 37 | on-timeout = "${pkgs.systemd}/bin/loginctl lock-session"; # screen off when timeout has passed 38 | } 39 | { 40 | timeout = 600; # 10 minutes 41 | on-timeout = "${pkgs.systemd}/bin/systemctl suspend"; # screen off when timeout has passed 42 | } 43 | ]; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /hosts/mstdo/homebrew.nix: -------------------------------------------------------------------------------- 1 | {outputs, ...}: { 2 | imports = [ 3 | # Add main homebrew module 4 | outputs.darwinModules.homebrew 5 | 6 | # Brews - See ../../modules/darwin/brews/default.nix 7 | outputs.darwinModules.brews.llama-swap 8 | outputs.darwinModules.brews.group_mobileDev 9 | 10 | # Casks - See ../../modules/darwin/casks/default.nix 11 | outputs.darwinModules.casks.autodesk-fusion 12 | outputs.darwinModules.casks.brave 13 | outputs.darwinModules.casks.calibre 14 | outputs.darwinModules.casks.chatgpt 15 | outputs.darwinModules.casks.coconutbattery 16 | outputs.darwinModules.casks.figma 17 | outputs.darwinModules.casks.firefox 18 | outputs.darwinModules.casks.iina 19 | outputs.darwinModules.casks.karabiner-elements 20 | outputs.darwinModules.casks.kicad 21 | outputs.darwinModules.casks.notion 22 | outputs.darwinModules.casks.obs 23 | outputs.darwinModules.casks.obsidian 24 | outputs.darwinModules.casks.ollama-app 25 | outputs.darwinModules.casks.orca-slicer 26 | outputs.darwinModules.casks.raycast 27 | outputs.darwinModules.casks.serif-apps 28 | outputs.darwinModules.casks.spotify 29 | outputs.darwinModules.casks.sublime-text 30 | outputs.darwinModules.casks.xcodes-app 31 | outputs.darwinModules.casks.zen 32 | 33 | # Mas - See ../../modules/darwin/mas/default.nix 34 | outputs.darwinModules.mas.coreApps 35 | outputs.darwinModules.mas.devApps 36 | outputs.darwinModules.mas.networkingApps 37 | outputs.darwinModules.mas.otherApps 38 | outputs.darwinModules.mas.productivityApps 39 | outputs.darwinModules.mas.socialApps 40 | outputs.darwinModules.mas.utilitiesApps 41 | ]; 42 | 43 | nix-homebrew = { 44 | enable = true; 45 | enableRosetta = true; 46 | user = "yomi"; 47 | autoMigrate = true; 48 | extraEnv = { 49 | HOMEBREW_NO_ANALYTICS = "1"; 50 | }; 51 | }; 52 | 53 | homebrew.onActivation.cleanup = "none"; # Don't break things on MBP16! 54 | } 55 | -------------------------------------------------------------------------------- /hosts/mstdo/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | outputs, 4 | ... 5 | }: { 6 | imports = [ 7 | # Darwin Apps - See ../../modules/darwin/apps/default.nix 8 | # outputs.darwinModules.apps.karabiner-elements 9 | 10 | # Desktop (darwin) - See ../../modules/darwin/desktop/default.nix 11 | outputs.darwinModules.desktop.skhd 12 | # outputs.darwinModules.desktop.spacebar 13 | outputs.darwinModules.desktop.yabai 14 | 15 | # Homebrew - See ./brew.nix 16 | ./homebrew.nix 17 | 18 | # Defaults - See ./system.nix 19 | ./system.nix 20 | ]; 21 | 22 | # Use a custom configuration.nix location. 23 | # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix 24 | # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; 25 | 26 | # nix.package = pkgs.nix; 27 | 28 | nix.gc.automatic = true; 29 | 30 | # Deduplicate and optimize nix store 31 | nix.optimise.automatic = true; 32 | 33 | nix.settings = { 34 | # Enable flakes and new 'nix' command 35 | experimental-features = "nix-command flakes"; 36 | }; 37 | 38 | # Define a user account 39 | system.primaryUser = "yomi"; # Required for darwin 40 | users.users = { 41 | yomi = { 42 | home = "/Users/yomi"; 43 | shell = "${pkgs.zsh}/bin/zsh"; 44 | 45 | openssh.authorizedKeys.keys = [ 46 | # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect 47 | ]; 48 | 49 | packages = with pkgs; [ 50 | # NOTE: Packages are installed via home-manager 51 | home-manager 52 | # firefox 53 | # thunderbird 54 | ]; 55 | }; 56 | }; 57 | 58 | # $ nix-env -qaP | grep wget 59 | environment.systemPackages = []; 60 | 61 | # Creates global /etc/zshrc that loads the nix-darwin environment 62 | programs.zsh.enable = true; # Important! 63 | 64 | # Add ability to used TouchID for sudo authentication 65 | security.pam.services.sudo_local.touchIdAuth = true; 66 | 67 | # Used for backwards compatibility, please read the changelog before changing. 68 | # $ darwin-rebuild changelog 69 | system.stateVersion = 5; 70 | } 71 | -------------------------------------------------------------------------------- /hosts/vps/containers/uptime-kuma/docker-compose.nix: -------------------------------------------------------------------------------- 1 | # Auto-generated using compose2nix v0.1.9. 2 | { 3 | pkgs, 4 | lib, 5 | ... 6 | }: let 7 | basePath = "/home/cloud/nix-dotfiles/hosts/vps/containers/uptime-kuma"; 8 | in { 9 | # Containers 10 | virtualisation.oci-containers.containers."uptime-kuma" = { 11 | image = "louislam/uptime-kuma:latest"; 12 | volumes = [ 13 | "${basePath}/data:/app/data:rw" 14 | ]; 15 | ports = [ 16 | "127.0.0.1:3001:3001/tcp" 17 | "10.13.13.1:3001:3001/tcp" 18 | ]; 19 | log-driver = "journald"; 20 | extraOptions = [ 21 | "--network-alias=uptime-kuma" 22 | "--network=uptime-kuma_default" 23 | "--security-opt=no-new-privileges:true" 24 | ]; 25 | }; 26 | systemd.services."podman-uptime-kuma" = { 27 | serviceConfig = { 28 | Restart = lib.mkOverride 500 "always"; 29 | }; 30 | after = [ 31 | "podman-network-uptime-kuma_default.service" 32 | ]; 33 | requires = [ 34 | "podman-network-uptime-kuma_default.service" 35 | ]; 36 | partOf = [ 37 | "podman-compose-uptime-kuma-root.target" 38 | ]; 39 | wantedBy = [ 40 | "podman-compose-uptime-kuma-root.target" 41 | ]; 42 | }; 43 | 44 | # Networks 45 | systemd.services."podman-network-uptime-kuma_default" = { 46 | path = [pkgs.podman]; 47 | serviceConfig = { 48 | Type = "oneshot"; 49 | RemainAfterExit = true; 50 | ExecStop = "${pkgs.podman}/bin/podman network rm -f uptime-kuma_default"; 51 | }; 52 | script = '' 53 | podman network inspect uptime-kuma_default || podman network create uptime-kuma_default 54 | ''; 55 | partOf = ["podman-compose-uptime-kuma-root.target"]; 56 | wantedBy = ["podman-compose-uptime-kuma-root.target"]; 57 | }; 58 | 59 | # Root service 60 | # When started, this will automatically create all resources and start 61 | # the containers. When stopped, this will teardown all resources. 62 | systemd.targets."podman-compose-uptime-kuma-root" = { 63 | unitConfig = { 64 | Description = "Root target generated by compose2nix."; 65 | }; 66 | wantedBy = ["multi-user.target"]; 67 | }; 68 | } 69 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/hyprland/hyprlock.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.hyprlock = { 3 | enable = true; 4 | 5 | settings = { 6 | general = { 7 | hide_cursor = true; 8 | }; 9 | 10 | # images = [ 11 | # {} 12 | # ]; 13 | 14 | label = [ 15 | # Time 16 | { 17 | text = "$TIME"; 18 | color = "$foreground"; 19 | #color = rgba(255, 255, 255, 0.6) 20 | font_size = 120; 21 | font_family = "JetBrains Mono Nerd Font Mono ExtraBold"; 22 | position = "0, -300"; 23 | halign = "center"; 24 | valign = "top"; 25 | } 26 | # User 27 | # { 28 | # text = "Hi there, $USER"; 29 | # color = "$foreground"; 30 | # #color = rgba(255, 255, 255, 0.6) 31 | # font_size = 25; 32 | # font_family = "JetBrains Mono Nerd Font Mono"; 33 | # position = { 34 | # x = 0; 35 | # y = -20; 36 | # }; 37 | # halign = "center"; 38 | # valign = "center"; 39 | # } 40 | ]; 41 | 42 | background = [ 43 | { 44 | path = "/home/yomi/nix-dotfiles/modules/home-manager/desktop/wallpapers/grey.png"; 45 | blur_size = 15; 46 | blur_passes = 2; 47 | } 48 | ]; 49 | 50 | input-field = [ 51 | { 52 | size = "250, 60"; 53 | position = "0, -80"; 54 | halign = "center"; 55 | valign = "center"; 56 | # font_family = "JetBrains Mono Nerd Font Mono"; 57 | placeholder_text = ''Input Password...''; 58 | outer_color = "rgba(0, 0, 0, 0)"; 59 | inner_color = "rgba(0, 0, 0, 0.5)"; 60 | font_color = "rgb(200, 200, 200)"; 61 | outline_thickness = 2; 62 | dots_size = 0.2; # Scale of input-field height, 0.2 - 0.8 63 | dots_spacing = 0.2; # Scale of dots' absolute size, 0.0 - 1.0 64 | dots_center = true; 65 | fade_on_empty = false; 66 | hide_input = false; 67 | } 68 | ]; 69 | }; 70 | 71 | # extraConfig = '' 72 | # ''; 73 | }; 74 | } 75 | -------------------------------------------------------------------------------- /modules/home-manager/apps/vscode/keybindings.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "key": "ctrl+`", 4 | "command": "workbench.action.terminal.focus" 5 | }, 6 | { 7 | "key": "ctrl+`", 8 | "command": "workbench.action.focusActiveEditorGroup", 9 | "when": "terminalFocus" 10 | }, 11 | { 12 | "key": "h", 13 | "command": "editor.action.scrollLeftHover", 14 | "when": "editorHoverFocused" 15 | }, 16 | { 17 | "key": "j", 18 | "command": "editor.action.scrollDownHover", 19 | "when": "editorHoverFocused" 20 | }, 21 | { 22 | "key": "k", 23 | "command": "editor.action.scrollUpHover", 24 | "when": "editorHoverFocused" 25 | }, 26 | { 27 | "key": "l", 28 | "command": "editor.action.scrollRightHover", 29 | "when": "editorHoverFocused" 30 | }, 31 | { 32 | "key": "alt+j", 33 | "command": "vim.remap", 34 | "when": "inputFocus && vim.mode == 'Normal' || vim.mode == 'Visual'", 35 | "args": { 36 | "after": ["alt+j"] 37 | } 38 | }, 39 | { 40 | "key": "alt+k", 41 | "command": "vim.remap", 42 | "when": "inputFocus && vim.mode == 'Normal' || vim.mode == 'Visual'", 43 | "args": { 44 | "after": ["alt+k"] 45 | } 46 | }, 47 | { 48 | "key": "tab", 49 | "command": "selectNextSuggestion", 50 | "when": "suggestWidgetMultipleSuggestions && suggestWidgetVisible && textInputFocus" 51 | }, 52 | { 53 | "key": "shift+tab", 54 | "command": "selectPrevSuggestion", 55 | "when": "suggestWidgetMultipleSuggestions && suggestWidgetVisible && textInputFocus" 56 | }, 57 | { 58 | "key": "ctrl+enter", 59 | "command": "mdb.runAllPlaygroundBlocks", 60 | "when": "mdb.isPlayground" 61 | }, 62 | { 63 | "key": "ctrl+alt+r", 64 | "command": "-mdb.runAllPlaygroundBlocks", 65 | "when": "mdb.isPlayground" 66 | }, 67 | { 68 | "key": "ctrl+j", 69 | "command": "workbench.action.togglePanel", 70 | "when": "terminalFocus" 71 | }, 72 | // TERMINAL 73 | { 74 | "key": "ctrl+t", 75 | "command": "workbench.action.terminal.focus", 76 | "when": "editorTextFocus" 77 | }, 78 | { 79 | "key": "ctrl+l", 80 | "command": "workbench.action.previousEditor", 81 | "when": "terminalFocus" 82 | } 83 | ] 84 | -------------------------------------------------------------------------------- /modules/darwin/casks/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | affinity = import ./affinity.nix; 3 | alt-tab = import ./alt-tab.nix; 4 | autodesk-fusion = import ./autodesk-fusion.nix; 5 | balenaetcher = import ./balenaetcher.nix; 6 | blender = import ./blender.nix; 7 | brave = import ./brave.nix; 8 | bruno = import ./bruno.nix; 9 | calibre = import ./calibre.nix; 10 | chatgpt = import ./chatgpt.nix; 11 | coconutbattery = import ./coconutbattery.nix; 12 | cursor = import ./cursor.nix; 13 | devtoys = import ./devtoys.nix; 14 | expo-orbit = import ./expo-orbit.nix; 15 | figma = import ./figma.nix; 16 | firefox = import ./firefox.nix; 17 | freecad = import ./freecad.nix; 18 | ghostty = import ./ghostty.nix; 19 | google-chrome = import ./google-chrome.nix; 20 | heroic = import ./heroic.nix; 21 | ice = import ./ice.nix; 22 | iina = import ./iina.nix; 23 | insta360-studio = import ./insta360-studio.nix; 24 | karabiner-elements = import ./karabiner-elements.nix; 25 | kicad = import ./kicad.nix; 26 | logi-options-plus = import ./logi-options-plus.nix; 27 | macs-fan-control = import ./macs-fan-control.nix; 28 | middleclick = import ./middleclick.nix; 29 | moonlight = import ./moonlight.nix; 30 | notion = import ./notion.nix; 31 | obs = import ./obs.nix; 32 | obsidian = import ./obsidian.nix; 33 | ollama-app = import ./ollama-app.nix; 34 | openscad = import ./openscad.nix; 35 | ocenaudio = import ./ocenaudio.nix; 36 | orbstack = import ./orbstack.nix; 37 | orca-slicer = import ./orca-slicer.nix; 38 | orion = import ./orion.nix; 39 | private-internet-access = import ./private-internet-access.nix; 40 | raspberry-pi-imager = import ./raspberry-pi-imager.nix; 41 | raycast = import ./raycast.nix; 42 | scroll-reverser = import ./scroll-reverser.nix; 43 | serif-apps = import ./serif-apps.nix; 44 | spotify = import ./spotify.nix; 45 | steam = import ./steam.nix; 46 | sublime-text = import ./sublime-text.nix; 47 | thinkorswim = import ./thinkorswim.nix; 48 | virtualhere = import ./virtualhere.nix; 49 | whisky = import ./whisky.nix; 50 | windsurf = import ./windsurf.nix; 51 | xcodes-app = import ./xcodes-app.nix; 52 | zed = import ./zed.nix; 53 | zen = import ./zen.nix; 54 | zen-twilight = import ./zen-twilight.nix; 55 | } 56 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/zellij/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | programs.zellij = { 7 | enable = true; 8 | package = pkgs.unstable.zellij; 9 | }; 10 | 11 | # Set up symlink to config file 12 | xdg.configFile."zellij/config.kdl".source = 13 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/config.kdl"; 14 | 15 | xdg.configFile."zellij/layouts/primary.kdl".source = 16 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/primary-layout.kdl"; 17 | xdg.configFile."zellij/layouts/primary.swap.kdl".source = 18 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/layout.swap.kdl"; 19 | 20 | xdg.configFile."zellij/layouts/secondary.kdl".source = 21 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/secondary-layout.kdl"; 22 | xdg.configFile."zellij/layouts/secondary.swap.kdl".source = 23 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/base-layout.swap.kdl"; 24 | 25 | xdg.configFile."zellij/layouts/tertiary.kdl".source = 26 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/tertiary-layout.kdl"; 27 | xdg.configFile."zellij/layouts/tertiary.swap.kdl".source = 28 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/base-layout.swap.kdl"; 29 | 30 | xdg.configFile."zellij/layouts/quaternary.kdl".source = 31 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/quaternary-layout.kdl"; 32 | xdg.configFile."zellij/layouts/quaternary.swap.kdl".source = 33 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/modules/home-manager/terminal/zellij/base-layout.swap.kdl"; 34 | 35 | xdg.configFile."zellij/layouts/default.kdl".text = '' 36 | layout { 37 | floating_panes { 38 | pane { 39 | x 1 40 | y "10%" 41 | width "50%" 42 | height "50%" 43 | } 44 | } 45 | } 46 | ''; 47 | } 48 | -------------------------------------------------------------------------------- /hosts/mbp14/secrets.enc.yaml: -------------------------------------------------------------------------------- 1 | example: 2 | test: ENC[AES256_GCM,data:QeDJ6wMX6kmaCmA=,iv:7R9jPpUUZRHsC48tbj4fEDCZNU+KdEXr2wJzZKf1VBI=,tag:jWuILjat7NV0qx2TfOXhBw==,type:str] 3 | sops: 4 | kms: [] 5 | gcp_kms: [] 6 | azure_kv: [] 7 | hc_vault: [] 8 | age: 9 | - recipient: age1kak7nac7pp9kel9cl43m93jdrdtzdqhw07dkc62hk0qvq37u05nqce5mf5 10 | enc: | 11 | -----BEGIN AGE ENCRYPTED FILE----- 12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVkFPRW9lQnpFZjdLaU1N 13 | TzlNSkhEaEppZVJveUhHTisreFRDMmZVcDNFCkhIK2M0T243VHVRb0t0U3Q3SXdV 14 | VEtvb0NqeC84aDVBOHR3Y2lYVE90SHcKLS0tIDFpNjh0RlhHdTR1WlI3RWJQUEVm 15 | Q1lEWVUrTiswczZlZWpUSnF0MWY5NU0KMgxo0dvJ16GJbXiURYHDCR6UZRxMoErR 16 | WwSEN/5QoRtX+o4UWYxmDNBts9Q+WToVXJphqlkpRQth+c/FI2TO4w== 17 | -----END AGE ENCRYPTED FILE----- 18 | - recipient: age1sx0dh82apfxxdv9z0l77dmu00e9vz5rn3pfwwnxhwumdxmwy7gsshaxxlc 19 | enc: | 20 | -----BEGIN AGE ENCRYPTED FILE----- 21 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdmlrV2xFdTc4NzJhc3ht 22 | L0dxMG41S0Jrenp3cDg2ZVpKU3RmYnJVTzNZCjBRK1hTL2pqNHZFSzJVTmZWVTZa 23 | YWtjVmNpYWhYeXR5dkUvcmZqY0pNeGcKLS0tIDRTeTdsRE9URitvQ3Y0MTMzSjVu 24 | TFpLN3Y2dklLRTBabWN2elU1UTBxWW8K1KWoDNDlHRWxf5rczYpAJoY+oSdHatC6 25 | OQPdMQJ1TaLrYWLzYbG9d1TC5z68wX9/9P0hFB6gG5nGbFpE0VmgAA== 26 | -----END AGE ENCRYPTED FILE----- 27 | - recipient: age1wpz4fg9wcakl5vj92gcfj8pnsjg9l3el79le3fw0lh0tt2h3m9aqp6zz26 28 | enc: | 29 | -----BEGIN AGE ENCRYPTED FILE----- 30 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArem1oMnJ1bGNRanBNb0I5 31 | Y2swWXR6N3ArUndmQU5rQ1ZKMmJ2YXJ4TEZ3CkxLQ1JweFdLMGdyZ3lVSW5PbURn 32 | OXNLNjAyWW41ZkliSlRnUVdyZmg0ODAKLS0tIGxtSThMSlhrM0xWREw3K003YjBm 33 | ajBpQ200YkNRQnU5TWhXL0M2b2hDeGcKNqw3RTP3GlmExM3GLYfBYCkxzYm5RSS2 34 | 33Wn6Ddw+SW84+jMi594RtorbGLL+qeiOOeQ03teJK+6I+xE2+xLKA== 35 | -----END AGE ENCRYPTED FILE----- 36 | lastmodified: "2024-07-11T07:46:56Z" 37 | mac: ENC[AES256_GCM,data:itHpmK1WHEr5BckphvOapc6oAfxek2J4bx5y8cBBvis7H5lwHrz/MGZguD9eBLYmOlsl8CBP4vFV7QFMTSeNwWteRnkdlvyj6LoYiPAs/S95zOc4uHBJ4xKHhNaRbAdx5Ud2JgMdLm6rqaT+2cV0mJDzQOIH6gLI6IbFeFhELYk=,iv:Cj9r76HeOquA10fPHuqdB4NC0JYUoLUOyxUNeK/VW8w=,tag:1YS/2zaVDT3dR3FmuuTYJA==,type:str] 38 | pgp: [] 39 | unencrypted_suffix: _unencrypted 40 | version: 3.8.1 41 | -------------------------------------------------------------------------------- /hosts/x1c6/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; 16 | boot.initrd.kernelModules = []; 17 | 18 | boot.kernelPackages = pkgs.linuxPackages_6_8; # or pkgs.linuxPackages_latest 19 | boot.kernelParams = ["mem_sleep_default=deep"]; 20 | boot.kernelModules = ["kvm-intel"]; 21 | boot.extraModulePackages = []; 22 | # boot.extraModprobeConfig = '' 23 | # ''; 24 | 25 | fileSystems."/" = { 26 | device = "/dev/disk/by-uuid/f6d7f4c9-8e91-493c-bdc8-365687614175"; 27 | fsType = "ext4"; 28 | }; 29 | 30 | boot.initrd.luks.devices."luks-5cbd9301-3397-4942-adf0-96b133f48261".device = "/dev/disk/by-uuid/5cbd9301-3397-4942-adf0-96b133f48261"; 31 | 32 | fileSystems."/boot" = { 33 | device = "/dev/disk/by-uuid/0E8D-0219"; 34 | fsType = "vfat"; 35 | }; 36 | 37 | swapDevices = [ 38 | {device = "/dev/disk/by-uuid/66b3382d-d414-4b45-b910-a63eba59676c";} 39 | ]; 40 | 41 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 42 | # (the default) this is the recommended approach. When using systemd-networkd it's 43 | # still possible to use this option, but it's recommended to use it in conjunction 44 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 45 | networking.useDHCP = lib.mkDefault true; 46 | # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; 47 | # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 48 | 49 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 50 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 51 | 52 | # Power 53 | powerManagement.enable = true; 54 | # services.thermald.enable = true; 55 | 56 | # Button/Switch behaviours 57 | services.logind = { 58 | powerKey = "suspend"; 59 | lidSwitch = "suspend"; 60 | lidSwitchExternalPower = "suspend"; 61 | lidSwitchDocked = "ignore"; 62 | }; 63 | 64 | # Undervolt 65 | services.undervolt = { 66 | enable = true; 67 | 68 | coreOffset = -85; 69 | gpuOffset = -85; 70 | }; 71 | } 72 | -------------------------------------------------------------------------------- /hosts/knode/lxc.conf.md: -------------------------------------------------------------------------------- 1 | ## 401 2 | 3 | ```conf 4 | #nixos 5 | arch: amd64 6 | cmode: console 7 | cores: 2 8 | cpulimit: 2 9 | features: mount=nfs,nesting=1 10 | hostname: knode1 11 | memory: 4096 12 | nameserver: 10.0.1.53 13 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:53:0C:FF,type=veth 14 | net1: name=eth1,bridge=vmbr2,firewall=1,hwaddr=BC:24:11:36:A2:0D,type=veth 15 | onboot: 1 16 | ostype: unmanaged 17 | rootfs: local-lvm:vm-401-disk-0,size=25G 18 | startup: order=6 19 | swap: 2048 20 | lxc.apparmor.profile: unconfined 21 | lxc.cgroup2.devices.allow: a 22 | lxc.cap.drop: 23 | lxc.mount.auto: "proc:rw sys:rw" 24 | lxc.mount.entry: /dev/net dev/net none bind,create=dir 25 | lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir 26 | ``` 27 | 28 | ## 402 29 | 30 | ```conf 31 | 32 | ``` 33 | 34 | ## 403 35 | 36 | Should have GPU access 37 | 38 | ```conf 39 | #nixos 40 | arch: amd64 41 | cmode: console 42 | cores: 4 43 | cpulimit: 6 44 | features: mount=nfs,nesting=1 45 | hostname: knode3 46 | memory: 8192 47 | nameserver: 10.0.1.53 48 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=62:49:F8:0F:F1:2A,type=veth 49 | net1: name=eth1,bridge=vmbr2,firewall=1,hwaddr=6A:20:07:C3:E4:2A,type=veth 50 | onboot: 1 51 | ostype: unmanaged 52 | rootfs: local-lvm:vm-403-disk-0,size=25G 53 | startup: order=6 54 | swap: 2048 55 | lxc.apparmor.profile: unconfined 56 | lxc.cgroup2.devices.allow: a 57 | lxc.cap.drop: 58 | lxc.mount.auto: "proc:rw sys:rw" 59 | lxc.mount.entry: /dev/net dev/net none bind,create=dir 60 | lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir 61 | ``` 62 | 63 | ## 499 (Template) 64 | 65 | ```conf 66 | ## NixOS LXC 67 | #user%3A root 68 | #pass%3A nixos 69 | arch: amd64 70 | cmode: console 71 | features: nesting=1 72 | hostname: knode 73 | memory: 2048 74 | net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:F1:08:3B,ip=dhcp,type=veth 75 | # NOTE: Change these 76 | # net0: name=eth0,bridge=vmbr0,firewall=1,gw=10.0.1.1,hwaddr=BC:24:11:F1:08:3B,ip=10.0.1.41/24,type=veth 77 | # net1: name=eth1,bridge=vmbr2,firewall=1,hwaddr=BC:24:11:F1:08:3B,ip=10.0.7.41/24,type=veth 78 | onboot: 1 79 | ostype: unmanaged 80 | rootfs: local-lvm:base-299-disk-0,size=10G 81 | startup: order=6 82 | swap: 2048 83 | template: 1 84 | unprivileged: 1 85 | lxc.apparmor.profile: unconfined 86 | lxc.cgroup2.devices.allow: a 87 | lxc.cap.drop: 88 | lxc.mount.auto: "proc:rw sys:rw" 89 | lxc.mount.entry: /dev/net dev/net none bind,create=dir 90 | lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=di 91 | ``` 92 | -------------------------------------------------------------------------------- /hosts/vps/wireguard.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | pkgs, 5 | ... 6 | }: let 7 | secretsPath = builtins.toString inputs.nix-secrets; 8 | secretsJson = builtins.fromTOML (builtins.readFile "${secretsPath}/hosts/vps/secrets.toml"); 9 | 10 | secret_allowedTcpPorts = secretsJson.wireguard.allowed_tcp_ports; 11 | secret_allowedUdpPorts = secretsJson.wireguard.allowed_udp_ports; 12 | secret_addresses = secretsJson.wireguard.addresses; 13 | secret_peers = secretsJson.wireguard.peers; 14 | secret_listenPort = secretsJson.wireguard.listen_port; 15 | 16 | secret_wireguardRoute_address = secretsJson.wireguard.route.address; 17 | secret_wireguardRoute_via = secretsJson.wireguard.route.via; 18 | 19 | wireguardSecrets.sopsFile = "${inputs.nix-secrets}/hosts/vps/wireguard.enc.yaml"; 20 | in { 21 | sops.secrets = { 22 | "privateKey" = wireguardSecrets; 23 | }; 24 | 25 | age.secrets.vps_wireguard.file = "${inputs.nix-secrets}/hosts/vps/wireguard.age"; 26 | 27 | boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; 28 | boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = "1"; 29 | 30 | networking.nat = { 31 | enable = true; 32 | enableIPv6 = true; 33 | externalInterface = "eth0"; 34 | internalInterfaces = ["wg0"]; 35 | }; 36 | 37 | networking.firewall = { 38 | allowedTCPPorts = secret_allowedTcpPorts; 39 | allowedUDPPorts = secret_allowedUdpPorts; 40 | }; 41 | 42 | services = { 43 | dnsmasq = { 44 | enable = true; 45 | settings = { 46 | interface = "wg0"; 47 | }; 48 | }; 49 | }; 50 | 51 | networking.wg-quick.interfaces = { 52 | wg0 = { 53 | address = secret_addresses; 54 | 55 | privateKeyFile = config.sops.secrets."privateKey".path; 56 | 57 | listenPort = secret_listenPort; 58 | 59 | postUp = '' 60 | ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT 61 | ${pkgs.iptables}/bin/iptables -A FORWARD -o wg0 -j ACCEPT 62 | ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 63 | ''; 64 | preDown = '' 65 | ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT 66 | ${pkgs.iptables}/bin/iptables -D FORWARD -o wg0 -j ACCEPT 67 | ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE 68 | ''; 69 | 70 | peers = secret_peers; 71 | }; 72 | }; 73 | 74 | networking.interfaces.wg0.ipv4.routes = [ 75 | { 76 | address = secret_wireguardRoute_address; 77 | prefixLength = 24; 78 | via = secret_wireguardRoute_via; 79 | } 80 | ]; 81 | } 82 | -------------------------------------------------------------------------------- /hosts/lxc/machine-learning/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | outputs, 4 | pkgs, 5 | ... 6 | }: { 7 | imports = [ 8 | outputs.homeManagerModules.terminal.zellij 9 | ]; 10 | 11 | nix = { 12 | package = pkgs.nix; 13 | settings.experimental-features = ["nix-command" "flakes"]; 14 | }; 15 | 16 | home.username = "ml"; 17 | home.homeDirectory = "/home/ml"; 18 | home.packages = with pkgs; [ 19 | age 20 | alejandra 21 | nil 22 | nixpkgs-fmt 23 | btop 24 | lazygit 25 | llama-cpp 26 | unstable.llama-swap 27 | lua-language-server 28 | nodejs_22 29 | stylua 30 | selene 31 | ssh-to-age 32 | uv 33 | ]; 34 | 35 | programs.zsh = { 36 | enable = true; 37 | autosuggestion.enable = true; 38 | enableCompletion = true; 39 | syntaxHighlighting.enable = true; 40 | history.size = 10000; 41 | shellAliases = { 42 | la = "ls -la"; 43 | check = "nix flake check"; 44 | update = "sudo nixos-rebuild switch"; 45 | garbage = "sudo nix-collect-garbage --delete-older-than"; 46 | develop = "nix develop -c $SHELL"; 47 | }; 48 | # zshrc equivalent 49 | # initExtra = ""; 50 | # zshenv equivalent 51 | # envExtra = ""; 52 | # zprofile equivalent 53 | # profileExtra = ""; 54 | 55 | oh-my-zsh = { 56 | enable = true; 57 | plugins = ["git" "vi-mode"]; 58 | theme = "robbyrussell"; 59 | }; 60 | }; 61 | 62 | programs.direnv = { 63 | enable = true; 64 | enableZshIntegration = true; 65 | nix-direnv.enable = true; 66 | }; 67 | 68 | programs.bat = { 69 | enable = true; 70 | }; 71 | 72 | programs.git = { 73 | enable = true; 74 | userName = "Yomi Ikuru"; 75 | userEmail = "yomi+git_homelab_lxc_ml_ml@yomitosh.com"; 76 | }; 77 | 78 | programs.starship = { 79 | enable = true; 80 | 81 | settings = { 82 | nix_shell = { 83 | disabled = false; 84 | impure_msg = ""; 85 | symbol = ""; 86 | format = "[$symbol$state]($style) "; 87 | }; 88 | shlvl = { 89 | disabled = false; 90 | symbol = "λ "; 91 | }; 92 | }; 93 | }; 94 | 95 | xdg.configFile."llama-swap/config.yaml".source = 96 | config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-dotfiles/hosts/lxc/machine-learning/configs/llama-swap.yaml"; 97 | 98 | programs.home-manager.enable = true; 99 | systemd.user.startServices = "sd-switch"; 100 | home.stateVersion = "25.05"; 101 | } 102 | -------------------------------------------------------------------------------- /hosts/mbp14/zsh.nix: -------------------------------------------------------------------------------- 1 | # See common config here: ../../modules/home-manager/shell/zsh.nix 2 | # WARN: Ensure that a `.zshrc.zwc` does not exist or this config won't work - this is a compiled zshrc file 3 | {pkgs, ...}: { 4 | # Common configuration for Zsh 5 | programs.zsh = { 6 | enable = true; 7 | 8 | extendedShellAliases = { 9 | update = "sudo darwin-rebuild switch"; 10 | }; 11 | 12 | # zshrc equivalent 13 | initExtra = '' 14 | ''; 15 | 16 | # zshenv equivalent 17 | envExtra = '' 18 | # Homebrew 19 | export PATH="/opt/homebrew/bin:$PATH" 20 | 21 | # Cargo 22 | . "$HOME/.cargo/env" 23 | 24 | # dotfiles 25 | alias config='/usr/bin/git --git-dir=$HOME/dotfiles/ --work-tree=$HOME' 26 | 27 | # ESP-IDF things 28 | alias get_esprs='. $HOME/export-esp.sh' 29 | 30 | export SAM_CLI_TELEMETRY=0 31 | 32 | alias k=kubectl 33 | 34 | alias vi="nvim" 35 | 36 | alias tailscale="/Applications/Tailscale.app/Contents/MacOS/Tailscale" 37 | 38 | alias la="ls -la" 39 | alias check="nix flake check" 40 | alias update="sudo darwin-rebuild switch" 41 | alias garbage="sudo nix-collect-garbage --delete-older-than" 42 | alias develop="nix develop -c $SHELL" 43 | alias batl="bat --theme=base16" 44 | alias batp="bat -P" 45 | 46 | alias txt="echo 'Hello, world!'" 47 | 48 | alias python=python3 49 | 50 | alias opencode="npx opencode-ai@latest" 51 | ''; 52 | 53 | # zprofile equivalent 54 | profileExtra = '' 55 | # LANG config - fixes issues with SSH and tmux 56 | export LANG="en_US.UTF-8" 57 | 58 | export XDG_CONFIG_HOME="$HOME/.config" 59 | 60 | #To allow Multi-threading scripts macOS 61 | export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES 62 | ''; 63 | 64 | oh-my-zsh = { 65 | enable = true; 66 | plugins = [ 67 | "virtualenv" 68 | "bundler" 69 | "fzf" 70 | # "direnv" 71 | "dotenv" 72 | "macos" 73 | "ruby" 74 | "sudo" 75 | # "autoupdate" not found 76 | # "zsh-autosuggestions" 77 | ]; 78 | }; 79 | 80 | plugins = [ 81 | { 82 | name = "autoswitch_virtualenv"; 83 | src = pkgs.fetchFromGitHub { 84 | owner = "MichaelAquilina"; 85 | repo = "zsh-autoswitch-virtualenv"; 86 | rev = "3.7.1"; 87 | sha256 = "0bj4qnvq8mbznhv8yd3w2vxjfgbbap2w012lwj4pmn8l6g03s247"; 88 | }; 89 | } 90 | ]; 91 | }; 92 | 93 | programs.direnv.enable = true; 94 | } 95 | -------------------------------------------------------------------------------- /pkgs/firefly-iii-data-importer/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | fetchFromGitHub, 4 | stdenvNoCC, 5 | nodejs, 6 | fetchNpmDeps, 7 | buildPackages, 8 | php83, 9 | nixosTests, 10 | nix-update-script, 11 | dataDir ? "/var/lib/firefly-iii-data-importer", 12 | }: let 13 | pname = "firefly-iii-data-importer"; 14 | version = "1.5.5"; 15 | 16 | src = fetchFromGitHub { 17 | owner = "firefly-iii"; 18 | repo = "data-importer"; 19 | rev = "v${version}"; 20 | hash = "sha256-XnPdoNtUoJpOpKVzQlFirh7u824H4xKAe2VRXfGIKeg="; 21 | }; 22 | in 23 | stdenvNoCC.mkDerivation (finalAttrs: { 24 | inherit pname src version; 25 | 26 | buildInputs = [php83]; 27 | 28 | nativeBuildInputs = [ 29 | nodejs 30 | nodejs.python 31 | buildPackages.npmHooks.npmConfigHook 32 | php83.composerHooks.composerInstallHook 33 | php83.packages.composer-local-repo-plugin 34 | ]; 35 | 36 | composerNoDev = true; 37 | composerNoPlugins = true; 38 | composerNoScripts = true; 39 | composerStrictValidation = true; 40 | strictDeps = true; 41 | 42 | vendorHash = "sha256-EjEco8zBR787eQuPhNsRScfuPQ6eS6TIJmMJOcmZA+Q="; 43 | 44 | npmDeps = fetchNpmDeps { 45 | inherit src; 46 | name = "${pname}-npm-deps"; 47 | hash = "sha256-VP1wM0+ca17aQU4FJ9gSbT2Np/sxb8wZ4pCJ6FV1V7w="; 48 | }; 49 | 50 | composerRepository = php83.mkComposerRepository { 51 | inherit 52 | (finalAttrs) 53 | pname 54 | src 55 | vendorHash 56 | version 57 | ; 58 | composerNoDev = true; 59 | composerNoPlugins = true; 60 | composerNoScripts = true; 61 | composerStrictValidation = true; 62 | }; 63 | 64 | preInstall = '' 65 | npm run build --workspace=v2 66 | ''; 67 | 68 | passthru = { 69 | phpPackage = php83; 70 | tests = nixosTests.firefly-iii-data-importer; 71 | updateScript = nix-update-script {}; 72 | }; 73 | 74 | postInstall = '' 75 | rm -R $out/share/php/firefly-iii-data-importer/{storage,bootstrap/cache,node_modules} 76 | mv $out/share/php/firefly-iii-data-importer/* $out/ 77 | rm -R $out/share 78 | ln -s ${dataDir}/storage $out/storage 79 | ln -s ${dataDir}/cache $out/bootstrap/cache 80 | ''; 81 | 82 | meta = { 83 | changelog = "https://github.com/firefly-iii/data-importer/releases/tag/v${version}"; 84 | description = "Firefly III Data Importer can import data into Firefly III."; 85 | homepage = "https://github.com/firefly-iii/data-importer"; 86 | license = lib.licenses.agpl3Only; 87 | }; 88 | }) 89 | -------------------------------------------------------------------------------- /hosts/mstdo/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | ... 5 | }: { 6 | imports = [ 7 | # Apps - See ../../modules/home-manager/apps/default.nix 8 | outputs.homeManagerModules.apps.bat 9 | outputs.homeManagerModules.apps.discord 10 | outputs.homeManagerModules.apps.jq 11 | outputs.homeManagerModules.apps.k9s 12 | outputs.homeManagerModules.apps.karabiner-elements 13 | outputs.homeManagerModules.apps.neovim-unstable 14 | outputs.homeManagerModules.apps.ripgrep 15 | outputs.homeManagerModules.apps.tree 16 | 17 | # Dev - See ../../modules/home-manager/dev/default.nix 18 | outputs.homeManagerModules.dev.github 19 | outputs.homeManagerModules.dev.llama-cpp 20 | outputs.homeManagerModules.dev.kubectl 21 | outputs.homeManagerModules.dev.turso 22 | outputs.homeManagerModules.dev.xcodes 23 | 24 | # Monitoring - See ../../modules/home-manager/monitoring/default.nix 25 | outputs.homeManagerModules.monitoring.btop 26 | # outputs.homeManagerModules.monitoring.ncdu 27 | 28 | # Shell - See ../../modules/home-manager/shell/default.nix 29 | outputs.homeManagerModules.shell.fzf 30 | outputs.homeManagerModules.shell.git 31 | outputs.homeManagerModules.shell.starship 32 | outputs.homeManagerModules.shell.zsh 33 | 34 | # Terminal - See ../../modules/home-manager/terminal/default.nix 35 | outputs.homeManagerModules.terminal.zellij 36 | outputs.homeManagerModules.terminal.wezterm 37 | 38 | # Utils - See ../../modules/home-manager/utils/default.nix 39 | outputs.homeManagerModules.utils.age 40 | outputs.homeManagerModules.utils.ranger 41 | outputs.homeManagerModules.utils.sops 42 | outputs.homeManagerModules.utils.ssh-to-age 43 | 44 | # ZSH (custom) - See ./zsh.nix 45 | ./zsh.nix 46 | ]; 47 | 48 | nixpkgs = { 49 | overlays = [ 50 | outputs.overlays.additions 51 | outputs.overlays.modifications 52 | outputs.overlays.unstable-packages 53 | inputs.brew-nix.overlays.default 54 | ]; 55 | 56 | config = { 57 | # Disable if you don't want unfree packages 58 | allowUnfree = true; 59 | # Workaround for https://github.com/nix-community/home-manager/issues/2942 60 | allowUnfreePredicate = _: true; 61 | }; 62 | }; 63 | 64 | # homebrew = { 65 | # enable = true; 66 | # casks = 67 | # }; 68 | 69 | home = { 70 | username = "yomi"; 71 | homeDirectory = "/Users/yomi"; 72 | }; 73 | 74 | # Enable home-manager 75 | programs.home-manager.enable = true; 76 | 77 | # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion 78 | home.stateVersion = "23.11"; 79 | } 80 | -------------------------------------------------------------------------------- /modules/home-manager/terminal/tmux.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.tmux = { 3 | enable = true; 4 | plugins = with pkgs.tmuxPlugins; [ 5 | sensible 6 | { 7 | plugin = dracula; 8 | extraConfig = '' 9 | set -g @dracula-plugins 'battery time' 10 | set -g @dracula-show-powerline true 11 | # set -g @dracula-show-farenheit false 12 | set -g @dracula-military-time true 13 | ''; 14 | } 15 | # Tmux Session Manager 16 | { 17 | plugin = resurrect; 18 | extraConfig = '' 19 | ''; 20 | } 21 | { 22 | plugin = continuum; 23 | extraConfig = '' 24 | set -g @continuum-restore 'on' 25 | ''; 26 | } 27 | ]; 28 | # terminal = "tmux-256color"; 29 | terminal = "xterm-256color"; 30 | mouse = true; 31 | keyMode = "vi"; 32 | clock24 = true; 33 | extraConfig = '' 34 | bind -T copy-mode-vi v send -X begin-selection 35 | bind -T copy-mode-vi y send-keys -X copy-pipe-and-cancel "pbcopy" 36 | # bind -T copy-mode-vi y send-keys -X copy-pipe "pbcopy" 37 | bind P paste-buffer 38 | # bind -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "pbcopy" 39 | bind -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe "pbcopy" 40 | 41 | set -sa terminal-overrides ",xterm*:Tc" 42 | 43 | # Other examples: 44 | # set -g @plugin 'github_username/plugin_name' 45 | # set -g @plugin 'github_username/plugin_name#branch' 46 | # set -g @plugin 'git@github.com:user/plugin' 47 | # set -g @plugin 'git@bitbucket.com:user/plugin' 48 | 49 | # set -g default-terminal "screen-256color" 50 | # set -ga terminal-overrides ",xterm-256color:Tc" 51 | 52 | # Clipboard integration with OSC52 53 | # set -g set-clipboard on 54 | # allow other apps to passthrough sequences (including OSC52) 55 | # set -g allow-passthrough on 56 | # set -ag terminal-overrides "vte*:XT:Ms=\\E]52;c;%p2%s\\7,xterm*:XT:Ms=\\E]52;c;%p2%s\\7" 57 | 58 | # Bindings for more window/pane movement 59 | bind - switch-client -Tabove9 60 | bind -Tabove9 0 select-window -t:10 61 | bind -Tabove9 1 select-window -t:11 62 | bind -Tabove9 2 select-window -t:12 63 | bind -Tabove9 3 select-window -t:13 64 | bind -Tabove9 4 select-window -t:14 65 | bind -Tabove9 5 select-window -t:15 66 | bind -Tabove9 6 select-window -t:16 67 | bind -Tabove9 7 select-window -t:17 68 | bind -Tabove9 8 select-window -t:18 69 | bind -Tabove9 9 select-window -t:19 70 | ''; 71 | }; 72 | } 73 | -------------------------------------------------------------------------------- /hosts/mbp14/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | outputs, 4 | pkgs, 5 | ... 6 | }: { 7 | imports = [ 8 | # Darwin Apps - See ../../modules/darwin/apps/default.nix 9 | # outputs.darwinModules.apps.karabiner-elements 10 | 11 | # Darwin Desktop - See ../../modules/darwin/desktop/default.nix 12 | outputs.darwinModules.desktop.skhd 13 | # outputs.darwinModules.desktop.spacebar 14 | outputs.darwinModules.desktop.yabai 15 | 16 | # Homebrew - See ./brew.nix 17 | ./homebrew.nix 18 | 19 | # Defaults - See ./system.nix 20 | ./system.nix 21 | ]; 22 | 23 | # Use a custom configuration.nix location. 24 | # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix 25 | # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; 26 | 27 | # nix.package = pkgs.nix; 28 | 29 | nix.gc = { 30 | automatic = true; 31 | options = "--delete-older-than 30d"; 32 | }; 33 | 34 | # Deduplicate and optimize nix store 35 | nix.optimise.automatic = true; 36 | 37 | nix.settings = { 38 | # Enable flakes and new 'nix' command 39 | experimental-features = "nix-command flakes"; 40 | trusted-users = ["yomi"]; # For devenv/cachix 41 | }; 42 | 43 | # nixpkgs = { 44 | # # You can add overlays here 45 | # overlays = [ 46 | # # Add overlays your own flake exports (from overlays and pkgs dir): 47 | # outputs.overlays.additions 48 | # outputs.overlays.modifications 49 | # outputs.overlays.stable-packages 50 | # outputs.overlays.unstable-packages 51 | # ]; 52 | # }; 53 | 54 | # Define a user account 55 | system.primaryUser = "yomi"; # Required for darwin 56 | users.users = { 57 | yomi = { 58 | home = "/Users/yomi"; 59 | shell = "${pkgs.zsh}/bin/zsh"; 60 | 61 | openssh.authorizedKeys.keys = [ 62 | # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect 63 | ]; 64 | 65 | packages = with pkgs; [ 66 | # NOTE: Packages are installed via home-manager 67 | home-manager 68 | # firefox 69 | # thunderbird 70 | ]; 71 | }; 72 | }; 73 | 74 | # $ nix-env -qaP | grep wget 75 | environment.systemPackages = with pkgs; [ 76 | inputs.agenix.packages.${system}.default 77 | # inputs.wezterm.packages.${system}.default 78 | ]; 79 | 80 | # Creates global /etc/zshrc that loads the nix-darwin environment 81 | programs.zsh.enable = true; # Important! 82 | 83 | # Add ability to used TouchID for sudo authentication 84 | security.pam.services.sudo_local.touchIdAuth = true; 85 | 86 | # Used for backwards compatibility, please read the changelog before changing. 87 | # $ darwin-rebuild changelog 88 | system.stateVersion = 5; 89 | } 90 | -------------------------------------------------------------------------------- /hosts/vps/networking.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | lib, 5 | ... 6 | }: let 7 | secretsPath = builtins.toString inputs.nix-secrets; 8 | secretsJson = builtins.fromTOML (builtins.readFile "${secretsPath}/hosts/vps/secrets.toml"); 9 | 10 | secret_nameservers = secretsJson.network.nameservers; 11 | secret_defaultGateway = secretsJson.network.default_gateway; 12 | secret_macAddress = secretsJson.network.mac_address; 13 | secret_ipv4Address = secretsJson.network.ipv4_address; 14 | secret_ipv6Address = secretsJson.network.ipv6_address; 15 | secret_enp7s0MacAddress = secretsJson.network.enp7s0_mac_address; 16 | secret_enp7s0Ipv4Address = secretsJson.network.enp7s0_ipv4_address; 17 | 18 | secret__dnsmasq_address = secretsJson.dnsmasq.address; 19 | secret__dnsmasq_server = secretsJson.dnsmasq.server; 20 | in { 21 | # This file was populated at runtime with the networking 22 | # details gathered from the active system. 23 | networking = { 24 | nameservers = secret_nameservers; 25 | defaultGateway = secret_defaultGateway; 26 | defaultGateway6 = { 27 | address = "fe80::1"; 28 | interface = "eth0"; 29 | }; 30 | dhcpcd.enable = false; 31 | usePredictableInterfaceNames = lib.mkForce false; 32 | interfaces = { 33 | eth0 = { 34 | ipv4.addresses = [ 35 | { 36 | address = secret_ipv4Address; 37 | prefixLength = 32; 38 | } 39 | ]; 40 | ipv6.addresses = [ 41 | { 42 | address = secret_ipv6Address; 43 | prefixLength = 64; 44 | } 45 | { 46 | address = "fe80::9400:3ff:fe5c:7467"; 47 | prefixLength = 64; 48 | } 49 | ]; 50 | ipv4.routes = [ 51 | { 52 | address = secret_defaultGateway; 53 | prefixLength = 32; 54 | } 55 | ]; 56 | ipv6.routes = [ 57 | { 58 | address = "fe80::1"; 59 | prefixLength = 128; 60 | } 61 | ]; 62 | }; 63 | enp7s0 = { 64 | ipv4.addresses = [ 65 | { 66 | address = secret_enp7s0Ipv4Address; 67 | prefixLength = 32; 68 | } 69 | ]; 70 | ipv6.addresses = [ 71 | { 72 | address = "fe80::8400:ff:fe8d:e4d1"; 73 | prefixLength = 64; 74 | } 75 | ]; 76 | }; 77 | }; 78 | }; 79 | services.udev.extraRules = '' 80 | ATTR{address}=="${secret_macAddress}", NAME="eth0" 81 | ATTR{address}=="${secret_enp7s0MacAddress}", NAME="enp7s0" 82 | ''; 83 | 84 | # DNS 85 | services.dnsmasq = { 86 | enable = true; 87 | settings = { 88 | address = secret__dnsmasq_address; 89 | server = secret__dnsmasq_server; 90 | }; 91 | }; 92 | } 93 | -------------------------------------------------------------------------------- /modules/home-manager/desktop/rofi/default.nix.old: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | # See this dotfile: https://github.com/karstenpedersen/dotfiles 7 | programs.rofi = { 8 | enable = true; 9 | package = pkgs.rofi-wayland; 10 | pass = { 11 | enable = true; 12 | package = pkgs.rofi-pass-wayland; 13 | extraConfig = '' 14 | backend=wtype 15 | clipboard_backend=wl-clipboard 16 | ''; 17 | }; 18 | font = "Noto Sans 12"; 19 | theme = let 20 | inherit (config.lib.formats.rasi) mkLiteral; 21 | in { 22 | "*" = { 23 | background = mkLiteral "#${config.colorScheme.colors.base01}"; 24 | background-alt = mkLiteral "#${config.colorScheme.colors.base00}"; 25 | foreground = mkLiteral "#${config.colorScheme.colors.base04}"; 26 | foreground-alt = mkLiteral "#${config.colorScheme.colors.base05}"; 27 | primary = mkLiteral "#${config.colorScheme.colors.base06}aa"; 28 | 29 | background-color = mkLiteral "transparent"; 30 | text-color = mkLiteral "@foreground"; 31 | accent-color = mkLiteral "@foreground"; 32 | 33 | margin = 0; 34 | padding = 0; 35 | spacing = 0; 36 | border = 0; 37 | 38 | width = mkLiteral "800px"; 39 | }; 40 | window = { 41 | text-color = mkLiteral "@foreground"; 42 | background-color = mkLiteral "@background"; 43 | border = mkLiteral "2px"; 44 | border-color = mkLiteral "@primary"; 45 | border-radius = mkLiteral "3px"; 46 | padding = mkLiteral "6px"; 47 | transparency = "real"; 48 | }; 49 | mainbox = { 50 | children = mkLiteral "[inputbar, listview]"; 51 | }; 52 | inputbar = { 53 | text-color = mkLiteral "@foreground"; 54 | background-color = mkLiteral "@background"; 55 | padding = mkLiteral "8px 8px"; 56 | spacing = mkLiteral "8px"; 57 | children = mkLiteral "[prompt, entry]"; 58 | }; 59 | prompt = { 60 | text-color = mkLiteral "@foreground"; 61 | }; 62 | entry = { 63 | text-color = mkLiteral "@foreground-alt"; 64 | }; 65 | listview = { 66 | lines = 10; 67 | scrollbar = true; 68 | }; 69 | scrollbar = { 70 | background-color = mkLiteral "@background-alt"; 71 | handle-color = mkLiteral "@foreground-alt"; 72 | margin-left = mkLiteral "6px"; 73 | handle-width = mkLiteral "5px"; 74 | }; 75 | element = { 76 | text-color = mkLiteral "@foreground"; 77 | padding = mkLiteral "6px 8px"; 78 | spacing = mkLiteral "8px"; 79 | children = mkLiteral "[element-text]"; 80 | }; 81 | "element selected" = { 82 | text-color = mkLiteral "@foreground-alt"; 83 | background-color = mkLiteral "@background-alt"; 84 | }; 85 | element-text = { 86 | text-color = mkLiteral "inherit"; 87 | }; 88 | }; 89 | extraConfig = { 90 | # show-icons = true; 91 | terminal = "wezterm"; 92 | }; 93 | }; 94 | } 95 | -------------------------------------------------------------------------------- /hosts/lxc/load-balancer/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | modulesPath, 5 | pkgs, 6 | ... 7 | }: let 8 | timeZone = "Europe/London"; 9 | defaultLocale = "en_GB.UTF-8"; 10 | 11 | hostname = "k-lb"; 12 | ipv4_lan_address = "10.0.1.40"; 13 | ipv4_cluster_address = "10.0.7.40"; 14 | default_gateway = "10.0.1.1"; 15 | nameservers = ["10.0.1.53"]; 16 | 17 | traefikEnvSecretsSopsFile = "${inputs.nix-secrets}/hosts/lxc/load-balancer/traefik.enc.env"; 18 | 19 | traefik_staticConfig = import ./traefik/static_config.nix {inherit config inputs;}; 20 | traefik_dynamicConfig = import ./traefik/dynamic_config.nix {inherit inputs;}; 21 | in { 22 | imports = [ 23 | # Include the default lxc/lxd configuration. 24 | "${modulesPath}/virtualisation/lxc-container.nix" 25 | 26 | # For common settings across all LXC containers. 27 | ../common.nix 28 | 29 | # Wireguard VPN for access from VPS to home lab. 30 | ./wireguard.nix 31 | ]; 32 | 33 | sops.secrets.traefikEnv = { 34 | format = "dotenv"; 35 | sopsFile = traefikEnvSecretsSopsFile; 36 | }; 37 | 38 | nix.settings = { 39 | experimental-features = "nix-command flakes"; 40 | auto-optimise-store = true; 41 | }; 42 | 43 | boot.isContainer = true; 44 | 45 | time.timeZone = timeZone; 46 | i18n = { 47 | defaultLocale = defaultLocale; 48 | extraLocaleSettings = { 49 | LC_ADDRESS = defaultLocale; 50 | LC_IDENTIFICATION = defaultLocale; 51 | LC_MEASUREMENT = defaultLocale; 52 | LC_MONETARY = defaultLocale; 53 | LC_NAME = defaultLocale; 54 | LC_NUMERIC = defaultLocale; 55 | LC_PAPER = defaultLocale; 56 | LC_TELEPHONE = defaultLocale; 57 | LC_TIME = defaultLocale; 58 | }; 59 | }; 60 | 61 | # Supress systemd units that don't work because of LXC. 62 | # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak 63 | systemd.suppressedSystemUnits = [ 64 | "dev-mqueue.mount" 65 | "sys-kernel-debug.mount" 66 | "sys-fs-fuse-connections.mount" 67 | ]; 68 | 69 | environment.systemPackages = with pkgs; [git neovim]; 70 | 71 | networking.interfaces = { 72 | eth0 = { 73 | ipv4.addresses = [ 74 | { 75 | address = ipv4_lan_address; 76 | prefixLength = 24; 77 | } 78 | ]; 79 | }; 80 | eth1 = { 81 | ipv4.addresses = [ 82 | { 83 | address = ipv4_cluster_address; 84 | prefixLength = 24; 85 | } 86 | ]; 87 | }; 88 | }; 89 | networking.defaultGateway = default_gateway; 90 | networking.hostName = hostname; 91 | networking.firewall.allowedTCPPorts = [80 443]; 92 | networking.nameservers = nameservers; 93 | 94 | users.groups = { 95 | users = { 96 | gid = 100; 97 | }; 98 | }; 99 | 100 | services.traefik = { 101 | enable = true; 102 | dynamicConfigOptions = traefik_dynamicConfig; 103 | staticConfigOptions = traefik_staticConfig; 104 | environmentFiles = [ 105 | config.sops.secrets.traefikEnv.path 106 | ]; 107 | }; 108 | 109 | system.stateVersion = "24.11"; 110 | } 111 | -------------------------------------------------------------------------------- /hosts/mbp14/homebrew.nix: -------------------------------------------------------------------------------- 1 | {outputs, ...}: { 2 | imports = [ 3 | # Add main homebrew module 4 | outputs.darwinModules.homebrew 5 | 6 | # Brews - See ../../modules/darwin/brews/default.nix 7 | outputs.darwinModules.brews.group_armDev 8 | outputs.darwinModules.brews.group_mobileDev 9 | outputs.darwinModules.brews.group_awsDev 10 | outputs.darwinModules.brews.group_azureDev 11 | # outputs.darwinModules.brews.docker # Using OrbStack 12 | outputs.darwinModules.brews.sdl2 13 | 14 | # Casks - See ../../modules/darwin/casks/default.nix 15 | outputs.darwinModules.casks.affinity 16 | outputs.darwinModules.casks.alt-tab 17 | outputs.darwinModules.casks.autodesk-fusion 18 | outputs.darwinModules.casks.balenaetcher 19 | outputs.darwinModules.casks.blender 20 | outputs.darwinModules.casks.bruno 21 | outputs.darwinModules.casks.calibre 22 | outputs.darwinModules.casks.chatgpt 23 | outputs.darwinModules.casks.coconutbattery 24 | outputs.darwinModules.casks.cursor 25 | outputs.darwinModules.casks.devtoys 26 | outputs.darwinModules.casks.expo-orbit 27 | outputs.darwinModules.casks.figma 28 | outputs.darwinModules.casks.firefox 29 | outputs.darwinModules.casks.freecad 30 | outputs.darwinModules.casks.ghostty 31 | outputs.darwinModules.casks.google-chrome 32 | outputs.darwinModules.casks.heroic 33 | outputs.darwinModules.casks.ice 34 | outputs.darwinModules.casks.iina 35 | outputs.darwinModules.casks.karabiner-elements 36 | outputs.darwinModules.casks.kicad 37 | outputs.darwinModules.casks.macs-fan-control 38 | outputs.darwinModules.casks.middleclick 39 | outputs.darwinModules.casks.moonlight 40 | outputs.darwinModules.casks.notion 41 | outputs.darwinModules.casks.obs 42 | outputs.darwinModules.casks.obsidian 43 | outputs.darwinModules.casks.ocenaudio 44 | outputs.darwinModules.casks.openscad 45 | outputs.darwinModules.casks.orbstack 46 | outputs.darwinModules.casks.orca-slicer 47 | outputs.darwinModules.casks.private-internet-access 48 | outputs.darwinModules.casks.raspberry-pi-imager 49 | outputs.darwinModules.casks.raycast 50 | outputs.darwinModules.casks.scroll-reverser 51 | outputs.darwinModules.casks.serif-apps 52 | outputs.darwinModules.casks.spotify 53 | outputs.darwinModules.casks.steam 54 | outputs.darwinModules.casks.sublime-text 55 | outputs.darwinModules.casks.thinkorswim 56 | outputs.darwinModules.casks.virtualhere 57 | outputs.darwinModules.casks.whisky 58 | outputs.darwinModules.casks.windsurf 59 | outputs.darwinModules.casks.xcodes-app 60 | outputs.darwinModules.casks.zed 61 | outputs.darwinModules.casks.zen 62 | 63 | # Mas - See ../../modules/darwin/mas/default.nix 64 | outputs.darwinModules.mas.coreApps 65 | outputs.darwinModules.mas.networkingApps 66 | ]; 67 | 68 | # Temporary Cask installs until moved to modules 69 | homebrew.casks = [ 70 | "audacity" 71 | "diffusionbee" 72 | "lm-studio" 73 | "propresenter" 74 | "sidequest" 75 | "handbrake-app" 76 | "mu-editor" 77 | "stremio" 78 | ]; 79 | 80 | nix-homebrew = { 81 | enable = true; 82 | enableRosetta = true; 83 | user = "yomi"; 84 | autoMigrate = true; 85 | extraEnv = { 86 | HOMEBREW_NO_ANALYTICS = "1"; 87 | }; 88 | }; 89 | 90 | homebrew.onActivation.cleanup = "uninstall"; 91 | } 92 | -------------------------------------------------------------------------------- /docs/proxmox/lxc_knode.md: -------------------------------------------------------------------------------- 1 | # Setting up NixOS LXC container 2 | 3 | Reference: [mtlynch nixos-proxmox](https://mtlynch.io/notes/nixos-proxmox/) 4 | 5 | Download image from [Hydra - proxmox lxc builds](https://hydra.nixos.org/job/nixos/release-24.05/nixos.proxmoxLXC.x86_64-linux) or [Hydra - lxd builds](https://hydra.nixos.org/job/nixos/release-24.05/nixos.lxdContainerImage.x86_64-linux) 6 | 7 | ```sh 8 | # Where the template file is located 9 | TEMPLATE_STORAGE='local' 10 | # Name of the template file downloaded from Hydra. 11 | TEMPLATE_FILE='nixos-system-proxmox-x86_64-linux.tar.xz' 12 | # Name to assign to new NixOS container. 13 | CONTAINER_HOSTNAME='nixos' 14 | # Which storage location to place the new NixOS container. 15 | CONTAINER_STORAGE='local-lvm' 16 | # How much RAM to assign the new container. 17 | CONTAINER_RAM_IN_MB='1024' 18 | # How much disk space to assign the new container. 19 | CONTAINER_DISK_SIZE_IN_GB='10' 20 | ``` 21 | 22 | ```sh 23 | sudo pct create 299 \ 24 | --arch amd64 \ 25 | "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE_FILE}" \ 26 | --ostype unmanaged \ 27 | --description nixos \ 28 | --hostname "${CONTAINER_HOSTNAME}" \ 29 | --net0 name=eth0,bridge=vmbr0,ip=dhcp,firewall=1 \ 30 | --storage "${CONTAINER_STORAGE}" \ 31 | --memory "${CONTAINER_RAM_IN_MB}" \ 32 | --rootfs ${CONTAINER_STORAGE}:${CONTAINER_DISK_SIZE_IN_GB} \ 33 | --unprivileged 1 \ 34 | --features nesting=1 \ 35 | --cmode console \ 36 | --onboot 1 \ 37 | --start 1 38 | ``` 39 | 40 | Default login should be `root` and no password. If it doesn't work, use `pct enter 299` to set a new password 41 | 42 | ```sh 43 | source /etc/set-environment # Source default linux binaries 44 | passwd # Change root password 45 | ``` 46 | 47 | The container is unmanaged so Proxmox won't be able to set up the network and this will need to be done manually once before the nix config comes into effect: 48 | 49 | ```sh 50 | ip addr add 10.0.1.41/24 dev eth0 51 | ip link set eth0 up 52 | ip route add default via 10.0.1.1 53 | # If DNS is not resolving, add the following 54 | # echo "nameserver 8.8.8.8" >> /etc/resolv.conf 55 | # echo "nameserver 8.8.4.4" >> /etc/resolv.conf 56 | ``` 57 | 58 | Get minimal configuration from the repo and set up nix channels 59 | 60 | ```sh 61 | curl \ 62 | --show-error \ 63 | --fail \ 64 | https://raw.githubusercontent.com/abayomi185/nix-dotfiles/refs/heads/main/hosts/knode/minimal-configuration.nix \ 65 | > /etc/nixos/configuration.nix 66 | ``` 67 | 68 | ```sh 69 | nix-channel --add https://nixos.org/channels/nixos-unstable nixos 70 | nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs 71 | # This may be needed if sandboxing causes issues 72 | # export NIX_CONFIG="sandbox = false" 73 | nix-channel --update 74 | ``` 75 | 76 | After Nix channels are set up, the system can be switched. 77 | 78 | ```sh 79 | nixos-rebuild switch --upgrade 80 | ``` 81 | 82 | ```sh 83 | nix-shell -p git ssh-to-age 84 | git clone https://github.com/abayomi185/nix-dotfiles.git 85 | cd nix-dotfiles 86 | nixos-rebuild switch --flake .#knode # not needed if hostname is knode 87 | # Sandbox flags may be needed if there are issues 88 | # nixos-rebuild switch --upgrade --flake .#knode --option sandbox false 89 | ``` 90 | 91 | ```sh 92 | pct push 40 /boot/config-$(uname -r) /boot/config-$(uname -r) 93 | ``` 94 | 95 | ```sh 96 | #!/bin/sh -e 97 | if [ ! -e /dev/kmsg ]; then 98 | ln -s /dev/console /dev/kmsg 99 | fi 100 | mount --make-rshared / 101 | ``` 102 | -------------------------------------------------------------------------------- /hosts/lxc/machine-learning/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | modulesPath, 4 | pkgs, 5 | ... 6 | }: let 7 | timeZone = "Europe/London"; 8 | defaultLocale = "en_GB.UTF-8"; 9 | 10 | hostname = "machine-learning"; 11 | ipv4_lan_address = "10.0.1.250"; 12 | ipv4_cluster_address = "10.0.7.250"; 13 | default_gateway = "10.0.1.1"; 14 | nameservers = ["10.0.1.53"]; 15 | in { 16 | imports = [ 17 | # Include the default lxc/lxd configuration. 18 | "${modulesPath}/virtualisation/lxc-container.nix" 19 | ]; 20 | 21 | nix.settings = { 22 | experimental-features = "nix-command flakes"; 23 | auto-optimise-store = true; 24 | }; 25 | 26 | boot.isContainer = true; 27 | networking.hostName = hostname; 28 | 29 | time.timeZone = timeZone; 30 | 31 | i18n = { 32 | defaultLocale = defaultLocale; 33 | extraLocaleSettings = { 34 | LC_ADDRESS = defaultLocale; 35 | LC_IDENTIFICATION = defaultLocale; 36 | LC_MEASUREMENT = defaultLocale; 37 | LC_MONETARY = defaultLocale; 38 | LC_NAME = defaultLocale; 39 | LC_NUMERIC = defaultLocale; 40 | LC_PAPER = defaultLocale; 41 | LC_TELEPHONE = defaultLocale; 42 | LC_TIME = defaultLocale; 43 | }; 44 | }; 45 | 46 | # Supress systemd units that don't work because of LXC. 47 | # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak 48 | systemd.suppressedSystemUnits = [ 49 | "dev-mqueue.mount" 50 | "sys-kernel-debug.mount" 51 | "sys-fs-fuse-connections.mount" 52 | ]; 53 | 54 | environment.systemPackages = with pkgs; [ 55 | llama-cpp 56 | neovim 57 | uv 58 | ]; 59 | 60 | networking.interfaces = { 61 | eth0 = { 62 | ipv4.addresses = [ 63 | { 64 | address = ipv4_lan_address; 65 | prefixLength = 24; 66 | } 67 | ]; 68 | }; 69 | eth1 = { 70 | ipv4.addresses = [ 71 | { 72 | address = ipv4_cluster_address; 73 | prefixLength = 24; 74 | } 75 | ]; 76 | }; 77 | }; 78 | networking.defaultGateway = default_gateway; 79 | networking.nameservers = nameservers; 80 | 81 | services.xserver.videoDrivers = ["nvidia"]; 82 | hardware.graphics.enable = true; 83 | hardware.nvidia = { 84 | modesetting.enable = true; 85 | open = true; 86 | nvidiaSettings = true; 87 | package = config.boot.kernelPackages.nvidiaPackages.mkDriver { 88 | version = "570.181"; 89 | ha256_64bit = "sha256-8G0lzj8YAupQetpLXcRrPCyLOFA9tvaPPvAWurjj3Pk="; 90 | sha256_aarch64 = "sha256-1pUDdSm45uIhg0HEhfhak9XT/IE/XUVbdtrcpabZ3KU="; 91 | openSha256 = "sha256-U/uqAhf83W/mns/7b2cU26B7JRMoBfQ3V6HiYEI5J48="; 92 | settingsSha256 = "sha256-iBx/X3c+1NSNmG+11xvGyvxYSMbVprijpzySFeQVBzs="; 93 | persistencedSha256 = "sha256-RoAcutBf5dTKdAfkxDPtMsktFVQt5uPIPtkAkboQwcQ="; 94 | }; 95 | }; 96 | 97 | users.groups = { 98 | users = { 99 | gid = 100; 100 | }; 101 | }; 102 | 103 | users.users.ml = { 104 | isNormalUser = true; 105 | description = "ai/ml"; 106 | shell = pkgs.zsh; 107 | extraGroups = ["docker" "wheel"]; 108 | }; 109 | 110 | programs.bash.interactiveShellInit = '' 111 | alias fetch_pull_rebuild="git fetch --all && git reset --hard origin/main && nixos-rebuild switch --flake .#machine-learning" 112 | ''; 113 | 114 | programs.git = { 115 | enable = true; 116 | config = { 117 | pull.rebase = true; 118 | user = { 119 | name = "Yomi Ikuru"; 120 | email = "yomi+git_homelab_lxc_ml_root@yomitosh.com"; 121 | }; 122 | }; 123 | }; 124 | 125 | programs.nix-ld.enable = true; 126 | 127 | programs.zsh.enable = true; 128 | 129 | system.stateVersion = "24.11"; 130 | } 131 | -------------------------------------------------------------------------------- /hosts/vps/apps/authelia/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | ... 5 | }: let 6 | defaultInstanceDataPath = "/var/lib/authelia-default"; 7 | autheliaSecrets = { 8 | sopsFile = "${inputs.nix-secrets}/hosts/vps/apps/authelia.enc.yaml"; 9 | owner = config.systemd.services.authelia-default.serviceConfig.User; 10 | }; 11 | in { 12 | sops.secrets = { 13 | "authelia_jwtSecret" = autheliaSecrets; 14 | "authelia_storageEncryptionKey" = autheliaSecrets; 15 | "authelia_defaultRedirectionUrl" = autheliaSecrets; 16 | "authelia_domain" = autheliaSecrets; 17 | "authelia_duoApi_hostname" = autheliaSecrets; 18 | "authelia_duoApi_integrationKey" = autheliaSecrets; 19 | "authelia_duoApi_secretKey" = autheliaSecrets; 20 | "authelia_smtp_username" = autheliaSecrets; 21 | "authelia_smtp_password" = autheliaSecrets; 22 | }; 23 | 24 | sops.templates."authelia-addon-secrets.yaml" = { 25 | owner = config.systemd.services.authelia-default.serviceConfig.User; 26 | content = '' 27 | session: 28 | cookies: 29 | - domain: "${config.sops.placeholder."authelia_domain"}" 30 | authelia_url: "${config.sops.placeholder."authelia_defaultRedirectionUrl"}" 31 | 32 | # identity_providers: 33 | # oidc: 34 | # clients: 35 | # - client_id: "open-webui-internal" 36 | # client_name: "Open WebUI Internal" 37 | # client_secret: "" 38 | # public: false 39 | # authorization_policy: "two_factor" 40 | # redirect_uris: 41 | # - 'https://chat.example.com/oauth/oidc/callback' 42 | # scopes: 43 | # - 'openid' 44 | # - 'profile' 45 | # - 'groups' 46 | # - 'email' 47 | # userinfo_signed_response_alg: 'RS256' 48 | 49 | notifier: 50 | smtp: 51 | username: "${config.sops.placeholder."authelia_smtp_username"}" 52 | password: "${config.sops.placeholder."authelia_smtp_password"}" 53 | sender: "authelia@${config.sops.placeholder."authelia_domain"}" 54 | 55 | access_control: 56 | rules: 57 | - domain: "*.${config.sops.placeholder."authelia_domain"}" 58 | policy: two_factor 59 | ''; 60 | }; 61 | 62 | services.authelia.instances.default = { 63 | enable = true; 64 | secrets = { 65 | jwtSecretFile = config.sops.secrets."authelia_jwtSecret".path; 66 | storageEncryptionKeyFile = config.sops.secrets."authelia_storageEncryptionKey".path; 67 | }; 68 | settingsFiles = [ 69 | "${config.sops.templates."authelia-addon-secrets.yaml".path}" 70 | ]; 71 | settings = { 72 | log.level = "info"; # debug, trace 73 | authentication_backend = { 74 | file.path = "${defaultInstanceDataPath}/users_database.yml"; 75 | }; 76 | server = { 77 | endpoints = { 78 | authz = { 79 | forward-auth = { 80 | implementation = "ForwardAuth"; 81 | }; 82 | }; 83 | }; 84 | }; 85 | totp.issuer = "authelia.com"; 86 | duo_api = { 87 | enable_self_enrollment = true; 88 | }; 89 | access_control = { 90 | default_policy = "deny"; 91 | }; 92 | session = { 93 | expiration = 5400; 94 | inactivity = 1800; 95 | remember_me = 864000; 96 | }; 97 | regulation = { 98 | max_retries = 3; 99 | find_time = 120; 100 | ban_time = 300; 101 | }; 102 | notifier = { 103 | smtp = { 104 | address = "smtp.gmail.com"; 105 | }; 106 | }; 107 | storage = { 108 | local = { 109 | path = "${defaultInstanceDataPath}/db.sqlite3"; 110 | }; 111 | }; 112 | }; 113 | }; 114 | } 115 | -------------------------------------------------------------------------------- /hosts/knode/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | pNodeId, 5 | pK3sRole, 6 | pK3sServerId, 7 | pK3sClusterInit, 8 | modulesPath, 9 | pkgs, 10 | ... 11 | }: let 12 | timeZone = "Europe/London"; 13 | defaultLocale = "en_GB.UTF-8"; 14 | in { 15 | imports = [ 16 | # Include the default lxc/lxd configuration. 17 | "${modulesPath}/virtualisation/lxc-container.nix" 18 | ]; 19 | 20 | nix.settings = { 21 | experimental-features = "nix-command flakes"; 22 | auto-optimise-store = true; 23 | }; 24 | 25 | boot.isContainer = true; 26 | networking.hostName = "knode${pNodeId}"; 27 | 28 | boot.supportedFilesystems = ["nfs"]; 29 | services.rpcbind.enable = true; 30 | 31 | sops = { 32 | age.sshKeyPaths = ["/root/.ssh/id_ed25519"]; 33 | defaultSopsFile = "${inputs.nix-secrets}/hosts/knode/default.enc.yaml"; 34 | secrets = { 35 | k3s_token = {}; 36 | }; 37 | }; 38 | 39 | services.openssh.enable = true; 40 | 41 | time.timeZone = timeZone; 42 | 43 | i18n = { 44 | defaultLocale = defaultLocale; 45 | extraLocaleSettings = { 46 | LC_ADDRESS = defaultLocale; 47 | LC_IDENTIFICATION = defaultLocale; 48 | LC_MEASUREMENT = defaultLocale; 49 | LC_MONETARY = defaultLocale; 50 | LC_NAME = defaultLocale; 51 | LC_NUMERIC = defaultLocale; 52 | LC_PAPER = defaultLocale; 53 | LC_TELEPHONE = defaultLocale; 54 | LC_TIME = defaultLocale; 55 | }; 56 | }; 57 | 58 | # Supress systemd units that don't work because of LXC. 59 | # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak 60 | systemd.suppressedSystemUnits = [ 61 | "dev-mqueue.mount" 62 | "sys-kernel-debug.mount" 63 | "sys-fs-fuse-connections.mount" 64 | ]; 65 | 66 | environment.systemPackages = with pkgs; [ 67 | git 68 | ]; 69 | 70 | networking.hosts = { 71 | "10.0.7.41" = ["knode1"]; 72 | "10.0.7.42" = ["knode2"]; 73 | "10.0.7.43" = ["knode3"]; 74 | }; 75 | 76 | networking.interfaces = { 77 | eth0 = { 78 | ipv4.addresses = [ 79 | { 80 | address = "10.0.1.4${pNodeId}"; 81 | prefixLength = 24; 82 | } 83 | ]; 84 | }; 85 | eth1 = { 86 | ipv4.addresses = [ 87 | { 88 | address = "10.0.7.4${pNodeId}"; 89 | prefixLength = 24; 90 | } 91 | ]; 92 | }; 93 | }; 94 | networking.defaultGateway = "10.0.1.1"; 95 | networking.nameservers = ["10.0.1.53"]; 96 | 97 | networking.firewall.allowedTCPPorts = [ 98 | 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) 99 | 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration 100 | 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration 101 | ]; 102 | networking.firewall.allowedUDPPorts = [ 103 | 8472 # k3s, flannel: required if using multi-node for inter-node networking 104 | ]; 105 | 106 | services.k3s = { 107 | enable = true; 108 | role = pK3sRole; # "server" or "agent" 109 | tokenFile = config.sops.secrets.k3s_token.path; 110 | clusterInit = pK3sClusterInit; 111 | extraFlags = toString [ 112 | "--disable=traefik,servicelb" 113 | ]; 114 | serverAddr = 115 | if pK3sServerId != "" 116 | then "https://knode${pK3sServerId}:6443" 117 | else ""; 118 | }; 119 | 120 | systemd.services.createDevKmsgSymlink = { 121 | description = "Create /dev/kmsg symlink to /dev/console for kubelet"; 122 | after = ["sysinit.target"]; 123 | serviceConfig = { 124 | Type = "oneshot"; 125 | ExecStart = ["${pkgs.coreutils}/bin/ln -sf /dev/console /dev/kmsg"]; 126 | RemainAfterExit = true; 127 | }; 128 | wantedBy = ["multi-user.target"]; 129 | }; 130 | 131 | system.stateVersion = "24.05"; 132 | } 133 | -------------------------------------------------------------------------------- /hosts/mstdo/zsh.nix: -------------------------------------------------------------------------------- 1 | # See common config here: ../../modules/home-manager/shell/zsh.nix 2 | # WARN: Ensure that a `.zshrc.zwc` does not exist or this config won't work - this is a compiled zshrc file 3 | {pkgs, ...}: { 4 | # Common configuration for Zsh 5 | programs.zsh = { 6 | enable = true; 7 | 8 | extendedShellAliases = { 9 | update = "sudo darwin-rebuild switch"; 10 | }; 11 | 12 | # zshrc equivalent 13 | initContent = '' 14 | # zmodload zsh/zprof 15 | # test -e "''${HOME}/.iterm2_shell_integration.zsh" && source "''${HOME}/.iterm2_shell_integration.zsh" 16 | 17 | # export ZSH=~/.oh-my-zsh 18 | # source $ZSH/oh-my-zsh.sh 19 | 20 | export PATH="/usr/local/opt/util-linux/bin:$PATH" 21 | export PATH="/usr/local/opt/util-linux/sbin:$PATH" 22 | 23 | export PATH="$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$PATH" 24 | 25 | # [ -f ~/.fzf.zsh ] && source ~/.fzf.zsh # NOTE: Remember to delete the script 26 | # export FZF_DEFAULT_OPTS="--extended" 27 | ''; 28 | 29 | # zshenv equivalent 30 | envExtra = '' 31 | # Cargo 32 | . "$HOME/.cargo/env" 33 | 34 | # dotfiles 35 | alias config='/usr/bin/git --git-dir=$HOME/dotfiles/ --work-tree=$HOME' 36 | 37 | # ESP-IDF things 38 | alias get_esprs='. $HOME/export-esp.sh' 39 | 40 | export SAM_CLI_TELEMETRY=0 41 | 42 | alias python=python3 43 | alias pip=pip3 44 | 45 | alias k=kubectl 46 | 47 | alias vi="nvim" 48 | 49 | alias tailscale="/Applications/Tailscale.app/Contents/MacOS/Tailscale" 50 | 51 | alias la="ls -la" 52 | alias check="nix flake check" 53 | alias update="sudo darwin-rebuild switch" 54 | alias garbage="sudo nix-collect-garbage --delete-older-than" 55 | alias develop="nix develop -c $SHELL" 56 | alias batl="bat --theme=base16" 57 | alias batp="bat -P" 58 | 59 | alias txt="echo 'Hello, world!'" 60 | ''; 61 | 62 | # zprofile equivalent 63 | profileExtra = '' 64 | # LANG config - fixes issues with SSH and tmux 65 | export LANG="en_US.UTF-8" 66 | 67 | # Terminal color config 68 | export TERM=xterm-256color 69 | 70 | # export THEOS=~/theos # Theos path for iOS tweak development 71 | 72 | # export PATH="/usr/local/opt/python/libexec/bin:/usr/local/sbin:$PATH" 73 | 74 | export XDG_CONFIG_HOME="$HOME/.config" 75 | 76 | # Make the terminal safe 77 | set -o noclobber 78 | #alias cp='cp -i' 79 | #alias mv='mv -i' 80 | 81 | #Pico things 82 | export PICO_SDK_PATH="$HOME/pico/pico-sdk" 83 | 84 | #To allow Multi-threading scripts macOS 85 | export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES 86 | 87 | #Disable Homebrew auto update 88 | # export HOMEBREW_NO_AUTO_UPDATE=1 # Handled by nix-homebrew 89 | 90 | # Homebrew Apple Silicon 91 | # eval "$(/opt/homebrew/bin/brew shellenv)" # Handled by nix-homebrew 92 | 93 | # fnm 94 | eval "$(fnm env --use-on-cd)" 95 | 96 | # rbenv 97 | eval "$(rbenv init - zsh)" 98 | ''; 99 | 100 | oh-my-zsh = { 101 | enable = true; 102 | plugins = [ 103 | "virtualenv" 104 | "bundler" 105 | "fzf" 106 | # "direnv" 107 | "dotenv" 108 | "macos" 109 | "ruby" 110 | "sudo" 111 | # "autoupdate" not found 112 | # "zsh-autosuggestions" 113 | ]; 114 | }; 115 | 116 | plugins = [ 117 | { 118 | name = "autoswitch_virtualenv"; 119 | src = pkgs.fetchFromGitHub { 120 | owner = "MichaelAquilina"; 121 | repo = "zsh-autoswitch-virtualenv"; 122 | rev = "3.7.1"; 123 | sha256 = "0bj4qnvq8mbznhv8yd3w2vxjfgbbap2w012lwj4pmn8l6g03s247"; 124 | }; 125 | } 126 | ]; 127 | }; 128 | 129 | programs.direnv.enable = true; 130 | } 131 | -------------------------------------------------------------------------------- /hosts/vps/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | outputs, 5 | pkgs, 6 | ... 7 | }: let 8 | secretsPath = builtins.toString inputs.nix-secrets; 9 | secretsJson = builtins.fromTOML (builtins.readFile "${secretsPath}/hosts/vps/secrets.toml"); 10 | 11 | secret_user_initialPassword = secretsJson.user.initial_password; 12 | secret_ssh_authorizedKeys = secretsJson.ssh.authorized_keys; 13 | 14 | secret_network_ipv4Address = secretsJson.network.ipv4_address; 15 | 16 | homeDir = "/home/cloud"; 17 | in { 18 | imports = [ 19 | ./hardware-configuration.nix 20 | ./networking.nix 21 | ./wireguard.nix 22 | 23 | # Containers 24 | # ./containers/traefik/docker-compose.nix # Traefik 25 | # ./containers/firefly/docker-compose.nix # Firefly 26 | 27 | # Services 28 | ./apps/authelia 29 | # ./apps/firefly-iii 30 | ./apps/traefik 31 | ./apps/uptime-kuma 32 | ]; 33 | 34 | # Secrets 35 | sops = { 36 | age.sshKeyPaths = ["/home/cloud/.ssh/id_ed25519"]; 37 | defaultSopsFile = "${inputs.nix-secrets}/hosts/vps/default.enc.yaml"; 38 | }; 39 | age.identityPaths = ["${homeDir}/.ssh/id_ed25519"]; 40 | 41 | # Hetzner 42 | boot.tmp.cleanOnBoot = true; 43 | zramSwap.enable = true; 44 | networking.hostName = "vps-arm64"; 45 | networking.domain = ""; 46 | 47 | programs.nix-ld.enable = true; # Enable nix-ld - it just works 48 | 49 | nix = { 50 | settings = { 51 | experimental-features = "nix-command flakes"; 52 | auto-optimise-store = true; 53 | }; 54 | }; 55 | 56 | nixpkgs = { 57 | overlays = [ 58 | outputs.overlays.additions 59 | outputs.overlays.modifications 60 | outputs.overlays.unstable-packages 61 | ]; 62 | }; 63 | 64 | # Shell 65 | programs.zsh = {enable = true;}; 66 | # Define a user account 67 | users.users = { 68 | cloud = { 69 | isNormalUser = true; 70 | description = "cloud"; 71 | shell = pkgs.zsh; 72 | extraGroups = ["wheel" "docker" "oci" "podman"]; 73 | initialPassword = secret_user_initialPassword; 74 | }; 75 | }; 76 | 77 | # Containers 78 | # virtualisation.docker.enable = true; 79 | virtualisation.podman = { 80 | enable = true; 81 | autoPrune.enable = true; 82 | dockerCompat = true; 83 | dockerSocket.enable = true; 84 | defaultNetwork.settings = { 85 | # Required for container networking to be able to use names. 86 | dns_enabled = true; 87 | }; 88 | }; 89 | virtualisation.oci-containers.backend = "podman"; 90 | networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353]; 91 | 92 | # Programs 93 | programs.neovim = { 94 | enable = true; 95 | defaultEditor = true; 96 | }; 97 | 98 | # Services 99 | services.openssh = { 100 | enable = true; 101 | # Let's not repeat last time's mistake 102 | # settings = { 103 | # PermitRootLogin = "no"; 104 | # }; 105 | }; 106 | users.users.root.openssh.authorizedKeys.keys = []; 107 | users.users.cloud.openssh.authorizedKeys.keys = secret_ssh_authorizedKeys; 108 | 109 | services.flaresolverr = { 110 | enable = true; 111 | openFirewall = true; 112 | }; 113 | 114 | services.tinyproxy = { 115 | enable = true; 116 | settings = { 117 | Listen = secret_network_ipv4Address; 118 | BasicAuth = "tinyproxy ${secret_user_initialPassword}"; 119 | }; 120 | }; 121 | networking.firewall.allowedTCPPorts = [config.services.tinyproxy.settings.Port]; 122 | 123 | # Fail2ban 124 | # services.fail2ban.enable = true; 125 | # NixOS by default is pre-configured with SSH jail 126 | 127 | # System Packages 128 | environment.systemPackages = with pkgs; [ 129 | inputs.compose2nix.packages.${system}.default 130 | inputs.agenix.packages.${system}.default 131 | podman-tui 132 | podman-compose 133 | sops 134 | zig 135 | ]; 136 | 137 | system.stateVersion = "23.11"; 138 | } 139 | --------------------------------------------------------------------------------