├── .gitattributes ├── .gitignore ├── README.md ├── assets ├── README.md ├── screenshot.png └── wallpaper.jpg ├── flake.lock ├── flake.nix ├── hosts ├── puter │ ├── default.nix │ ├── disko.nix │ └── packages.nix ├── vm │ ├── default.nix │ ├── disko.nix │ └── packages.nix └── x220 │ ├── default.nix │ ├── disko.nix │ └── packages.nix ├── install.sh ├── lib ├── default.nix ├── fs.nix └── hosts.nix ├── modules ├── home │ └── caem │ │ ├── core │ │ ├── default.nix │ │ ├── security.nix │ │ └── zsh │ │ │ ├── conf.d │ │ │ ├── fzf-tab.zsh │ │ │ └── ps1.zsh │ │ │ └── default.nix │ │ ├── default.nix │ │ ├── desktop │ │ └── gnome │ │ │ └── default.nix │ │ ├── development │ │ ├── default.nix │ │ ├── emacs │ │ │ ├── default.nix │ │ │ └── emacs.d │ │ │ │ ├── core │ │ │ │ ├── appearance.el │ │ │ │ ├── completions.el │ │ │ │ ├── ido.el │ │ │ │ ├── init.el │ │ │ │ ├── litter.el │ │ │ │ ├── misc.el │ │ │ │ ├── nix.el │ │ │ │ ├── repositories.el │ │ │ │ └── tree-sitter.el │ │ │ │ ├── extras │ │ │ │ ├── elcord.el │ │ │ │ └── init.el │ │ │ │ ├── init.el │ │ │ │ ├── modes │ │ │ │ ├── c-mode.el │ │ │ │ ├── init.el │ │ │ │ ├── lisp │ │ │ │ │ ├── elisp-mode.el │ │ │ │ │ ├── init.el │ │ │ │ │ └── scheme-mode.el │ │ │ │ ├── meson-mode.el │ │ │ │ ├── nix-mode.el │ │ │ │ └── term-mode.el │ │ │ │ └── rei.el │ │ ├── ghostty.nix │ │ ├── git.nix │ │ └── tmux.nix │ │ ├── misc │ │ ├── default.nix │ │ └── fastfetch.nix │ │ ├── multimedia │ │ ├── default.nix │ │ ├── games │ │ │ └── default.nix │ │ └── web │ │ │ ├── default.nix │ │ │ └── firefox.nix │ │ └── packages.nix └── nixos │ ├── communication │ └── default.nix │ ├── core │ ├── default.nix │ ├── fonts.nix │ ├── impermanence.nix │ ├── nix.nix │ ├── security.nix │ ├── systemd.nix │ └── zsh.nix │ ├── desktop │ └── gnome │ │ └── default.nix │ ├── development │ └── default.nix │ ├── edv │ └── default.nix │ ├── hardware │ ├── audio │ │ └── default.nix │ ├── cpu │ │ ├── amd │ │ │ └── default.nix │ │ └── intel │ │ │ └── default.nix │ └── gpu │ │ ├── graphics.nix │ │ └── nvidia │ │ └── default.nix │ ├── multimedia │ ├── art │ │ └── default.nix │ ├── default.nix │ ├── games │ │ ├── default.nix │ │ └── steam.nix │ ├── music │ │ ├── default.nix │ │ └── tidal.nix │ ├── slop.nix │ ├── video │ │ └── default.nix │ └── web │ │ ├── default.nix │ │ ├── filesharing.nix │ │ └── firefox │ │ ├── default.nix │ │ ├── policies.nix │ │ └── preferences.nix │ └── user │ └── caem.nix └── overlays ├── nixpak ├── default.nix ├── firefox-esr.nix └── tor-browser.nix ├── nixpkgs └── unstable.nix └── steam.nix /.gitattributes: -------------------------------------------------------------------------------- 1 | assets/** linguist-vendored 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | dotfiles/zsh/.zcompdump 2 | dotfiles/nvim/lazy-lock.json 3 | result 4 | keys.txt 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # caenix 2 | 3 | 4 | 5 | 8 | 11 | 12 | 13 | 17 | 20 | 21 |
6 | About 7 | 9 | Screenshot 10 |
14 | This repository contains my personal NixOS configuration. 15 | Feel free to do whatever with it. 16 | 18 | Screenshot of my desktop 19 |
22 | 23 | ## Layout 24 | ``` 25 | . 26 | ├── .gitattributes 27 | ├── .gitignore 28 | ├── README.md 29 | ├── assets ; Binary assets such as screenshots and wallpapers 30 | │ └── ... 31 | ├── flake.lock 32 | ├── flake.nix 33 | ├── hosts ; Host configurations 34 | │ ├── puter 35 | │ │ ├── default.nix ; Host specific configuration options 36 | │ │ ├── disko.nix ; Host specific partitioning layout 37 | │ │ └── packages.nix ; Host specific package set 38 | │ └── ... 39 | ├── install.sh 40 | ├── lib ; Custom helper functions 41 | │ └── ... 42 | ├── modules ; Configuration modules 43 | │ ├── home ; Home-manager modules 44 | │ │ └── caem ; User home-manager modules 45 | │ │ ├── default.nix ; User specific configuration options 46 | │ │ ├── packages.nix ; User specific package set 47 | │ │ └── ... 48 | │ └── nixos ; NixOS modules 49 | │ ├── user ; User definition 50 | │ │ └── caem.nix 51 | │ └── ... 52 | └── overlays ; Overlays 53 | └── ... 54 | ``` 55 | 56 | ## Installation 57 | 58 | ### Setting up your secrets repository 59 | 60 | This step is required to install the system as it is built around nix-sops 61 | with encrypted files in a private repository in order to not expose even the 62 | encrypted secrets to the public. You don't need to be in a NixOS livecd or 63 | system in order to complete this step as long as you can install all 64 | requirements from step 1. 65 | 66 | #### 1. Ensure all required dependencies are present 67 | 68 | ```sh 69 | nix-shell -p sops age git wl-clipboard 70 | ``` 71 | 72 | #### 2. Initialize your secrets repo 73 | 74 | ```sh 75 | mkdir secrets 76 | cd secrets 77 | git init 78 | ``` 79 | 80 | #### 3. Create your gitignore 81 | 82 | You want this to make sure that you do not accidentally push your private key. 83 | 84 | ```sh 85 | echo "keys.txt" > .gitignore 86 | ``` 87 | 88 | #### 4. Generate your private key 89 | 90 | ```sh 91 | age-keygen -o ./keys.txt 92 | ``` 93 | 94 | #### 5. Create your sops configuration file 95 | 96 | ```sh 97 | cat < .sops.yaml 98 | keys: 99 | - &master $(age-keygen -y ./keys.txt) 100 | creation_rules: 101 | - path_regex: .*\.(yaml|json|env|ini)$ 102 | key_groups: 103 | - age: 104 | - *master 105 | EOF 106 | ``` 107 | 108 | #### 6. Create your secrets file 109 | 110 | ```sh 111 | mkpasswd | wl-copy 112 | sops upasswd.yaml 113 | ``` 114 | 115 | Then edit the file to look like this 116 | ```yaml 117 | upasswd: [The pasted password from mkpasswd] 118 | ``` 119 | 120 | #### 7. Create the flake to expose the secrets 121 | 122 | ```sh 123 | cat < flake.nix 124 | { 125 | outputs = { self, ... }: { 126 | paths = { 127 | upasswd = self + "/upasswd.yaml"; 128 | }; 129 | }; 130 | } 131 | EOF 132 | ``` 133 | 134 | #### 8. Commit and push your changes 135 | 136 | If your git forge supports creating the repository on push you can 137 | simply run the commands below, if it does not, like GitHub, create a private 138 | repository named "secrets" first before running the below commands. 139 | 140 | ```sh 141 | git remote add origin git@git.example.net:username/secrets 142 | git add . 143 | git commit -m "batman" 144 | git push --set-upstream origin master 145 | ``` 146 | 147 | #### 9. Back up your keys.txt 148 | 149 | **THIS STEP IS VERY IMPORTANT** 150 | 151 | Back up your keys.txt in a safe location where you can later transfer it on to the livecd. 152 | Keep it safe afterwards as it is required to decrypt your secrets. Do not share this with 153 | anyone else as it'd allow them to decrypt all your secrets. 154 | 155 | You also need to have a copy of your ssh private key or (preferably) deployment key to the repository 156 | ready to later clone your secrets repository. 157 | 158 | ### Installing the system 159 | 160 | #### 0. Boot in to a livcd image 161 | 162 | Any of the official NixOS livecds will work as long as you're able securely transfer files on to 163 | it. Non-nixos livecds might work if you install the required tools manually but is out of scope 164 | of this document. 165 | 166 | #### 1. Clone this repository 167 | 168 | ```sh 169 | git clone https://github.com/c4em/caenix.git 170 | cd caenix 171 | ``` 172 | 173 | #### 2. Fetch your keys.txt and ssh key 174 | 175 | Fetch your keys.txt from wherever you've stored them and **place them at the root of the configuration directory**. 176 | If you place them anywhere else the installation will fail. Do not move them later either. 177 | 178 | For your ssh key, place it in `~/.ssh` and create a symlink for the root user. 179 | ```sh 180 | sudo ln -sf /home/nixos/.ssh /root/.ssh 181 | ``` 182 | 183 | And start a instance of ssh-agent. 184 | ```sh 185 | eval $(ssh-agent -s) 186 | ssh-add ~/.ssh/[your key] 187 | ``` 188 | 189 | #### 3. Update the flake input for your secret 190 | 191 | In `flake.nix`, replace 192 | ```nix 193 | inputs = { 194 | secrets.url = "git+ssh://git@git.caem.dev/caem/secrets"; 195 | ``` 196 | with your url. 197 | ```nix 198 | inputs = { 199 | secrets.url = "git+ssh://git@git.example.com/username/secrets"; 200 | ``` 201 | 202 | #### 4. Update flake.lock (optional) 203 | This is very useful and will also tell you if cloning your secrets work, 204 | rather than only telling you after already having partitioned the drive. 205 | ```sh 206 | nix --extra-experimental-features 'nix-command flakes' flake update 207 | ``` 208 | 209 | #### 5. Run the installation script 210 | ```sh 211 | ./install.sh --host [your host] --device [the device to install NixOS on] 212 | ``` 213 | 214 | -------------------------------------------------------------------------------- /assets/README.md: -------------------------------------------------------------------------------- 1 | # assets 2 | 3 | The wallpaper used here is watermarked, the purchased version is stored in the secrets, inaccessible to the public. 4 | If you too want the watermark-free version you can [purchase it from the artist](https://wboss.huotan.com/p/TEcHBI) 5 | for mere ¥12. The artwork looks great, I'd highly recommend it. 6 | -------------------------------------------------------------------------------- /assets/screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c4em/caenix/18565ff9f9cb73dde205cd04ea5455ed44b05da1/assets/screenshot.png -------------------------------------------------------------------------------- /assets/wallpaper.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c4em/caenix/18565ff9f9cb73dde205cd04ea5455ed44b05da1/assets/wallpaper.jpg -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "aagl": { 4 | "inputs": { 5 | "flake-compat": "flake-compat", 6 | "nixpkgs": [ 7 | "nixpkgs" 8 | ] 9 | }, 10 | "locked": { 11 | "lastModified": 1744237139, 12 | "narHash": "sha256-f395cE+MIvKcRfRZubYXc7TJfJJ7edwpt7tYIFDgYQo=", 13 | "owner": "ezKEa", 14 | "repo": "aagl-gtk-on-nix", 15 | "rev": "a1a00f83d74988e98af8757e9b86ddf04d2ecdfc", 16 | "type": "github" 17 | }, 18 | "original": { 19 | "owner": "ezKEa", 20 | "ref": "release-24.11", 21 | "repo": "aagl-gtk-on-nix", 22 | "type": "github" 23 | } 24 | }, 25 | "disko": { 26 | "inputs": { 27 | "nixpkgs": [ 28 | "nixpkgs" 29 | ] 30 | }, 31 | "locked": { 32 | "lastModified": 1746728054, 33 | "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", 34 | "owner": "nix-community", 35 | "repo": "disko", 36 | "rev": "ff442f5d1425feb86344c028298548024f21256d", 37 | "type": "github" 38 | }, 39 | "original": { 40 | "owner": "nix-community", 41 | "ref": "latest", 42 | "repo": "disko", 43 | "type": "github" 44 | } 45 | }, 46 | "flake-compat": { 47 | "flake": false, 48 | "locked": { 49 | "lastModified": 1733328505, 50 | "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", 51 | "owner": "edolstra", 52 | "repo": "flake-compat", 53 | "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", 54 | "type": "github" 55 | }, 56 | "original": { 57 | "owner": "edolstra", 58 | "repo": "flake-compat", 59 | "type": "github" 60 | } 61 | }, 62 | "flake-parts": { 63 | "inputs": { 64 | "nixpkgs-lib": "nixpkgs-lib" 65 | }, 66 | "locked": { 67 | "lastModified": 1743550720, 68 | "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", 69 | "owner": "hercules-ci", 70 | "repo": "flake-parts", 71 | "rev": "c621e8422220273271f52058f618c94e405bb0f5", 72 | "type": "github" 73 | }, 74 | "original": { 75 | "owner": "hercules-ci", 76 | "repo": "flake-parts", 77 | "type": "github" 78 | } 79 | }, 80 | "flake-parts_2": { 81 | "inputs": { 82 | "nixpkgs-lib": [ 83 | "nixpak", 84 | "nixpkgs" 85 | ] 86 | }, 87 | "locked": { 88 | "lastModified": 1743550720, 89 | "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", 90 | "owner": "hercules-ci", 91 | "repo": "flake-parts", 92 | "rev": "c621e8422220273271f52058f618c94e405bb0f5", 93 | "type": "github" 94 | }, 95 | "original": { 96 | "owner": "hercules-ci", 97 | "repo": "flake-parts", 98 | "type": "github" 99 | } 100 | }, 101 | "hercules-ci-effects": { 102 | "inputs": { 103 | "flake-parts": [ 104 | "nixpak", 105 | "flake-parts" 106 | ], 107 | "nixpkgs": [ 108 | "nixpak", 109 | "nixpkgs" 110 | ] 111 | }, 112 | "locked": { 113 | "lastModified": 1744693102, 114 | "narHash": "sha256-1Z4WPGVky4w3lrhrgs89OKsLzPdtkbi1bPLNFWsoLfY=", 115 | "owner": "hercules-ci", 116 | "repo": "hercules-ci-effects", 117 | "rev": "5b6cec51c9ec095a0d3fd4c8eeb53eb5c59ae33e", 118 | "type": "github" 119 | }, 120 | "original": { 121 | "owner": "hercules-ci", 122 | "repo": "hercules-ci-effects", 123 | "type": "github" 124 | } 125 | }, 126 | "home-manager": { 127 | "inputs": { 128 | "nixpkgs": [ 129 | "nixpkgs" 130 | ] 131 | }, 132 | "locked": { 133 | "lastModified": 1746171682, 134 | "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", 135 | "owner": "nix-community", 136 | "repo": "home-manager", 137 | "rev": "50eee705bbdbac942074a8c120e8194185633675", 138 | "type": "github" 139 | }, 140 | "original": { 141 | "owner": "nix-community", 142 | "ref": "release-24.11", 143 | "repo": "home-manager", 144 | "type": "github" 145 | } 146 | }, 147 | "impermanence": { 148 | "locked": { 149 | "lastModified": 1737831083, 150 | "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", 151 | "owner": "nix-community", 152 | "repo": "impermanence", 153 | "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", 154 | "type": "github" 155 | }, 156 | "original": { 157 | "owner": "nix-community", 158 | "repo": "impermanence", 159 | "type": "github" 160 | } 161 | }, 162 | "nixpak": { 163 | "inputs": { 164 | "flake-parts": "flake-parts_2", 165 | "hercules-ci-effects": "hercules-ci-effects", 166 | "nixpkgs": [ 167 | "nixpkgs" 168 | ] 169 | }, 170 | "locked": { 171 | "lastModified": 1746671073, 172 | "narHash": "sha256-vYbatLqJpwikH5QSoExgBGQJjeSeAJJHMKvOfBkOC+I=", 173 | "owner": "nixpak", 174 | "repo": "nixpak", 175 | "rev": "724c3bdd7a57af729dc26ba93f789e664e5003bd", 176 | "type": "github" 177 | }, 178 | "original": { 179 | "owner": "nixpak", 180 | "repo": "nixpak", 181 | "type": "github" 182 | } 183 | }, 184 | "nixpkgs": { 185 | "locked": { 186 | "lastModified": 1746557022, 187 | "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", 188 | "owner": "nixos", 189 | "repo": "nixpkgs", 190 | "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", 191 | "type": "github" 192 | }, 193 | "original": { 194 | "owner": "nixos", 195 | "ref": "nixos-24.11", 196 | "repo": "nixpkgs", 197 | "type": "github" 198 | } 199 | }, 200 | "nixpkgs-lib": { 201 | "locked": { 202 | "lastModified": 1743296961, 203 | "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", 204 | "owner": "nix-community", 205 | "repo": "nixpkgs.lib", 206 | "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", 207 | "type": "github" 208 | }, 209 | "original": { 210 | "owner": "nix-community", 211 | "repo": "nixpkgs.lib", 212 | "type": "github" 213 | } 214 | }, 215 | "nixpkgs-unstable": { 216 | "locked": { 217 | "lastModified": 1746663147, 218 | "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", 219 | "owner": "nixos", 220 | "repo": "nixpkgs", 221 | "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", 222 | "type": "github" 223 | }, 224 | "original": { 225 | "owner": "nixos", 226 | "ref": "nixos-unstable", 227 | "repo": "nixpkgs", 228 | "type": "github" 229 | } 230 | }, 231 | "root": { 232 | "inputs": { 233 | "aagl": "aagl", 234 | "disko": "disko", 235 | "flake-parts": "flake-parts", 236 | "home-manager": "home-manager", 237 | "impermanence": "impermanence", 238 | "nixpak": "nixpak", 239 | "nixpkgs": "nixpkgs", 240 | "nixpkgs-unstable": "nixpkgs-unstable", 241 | "secrets": "secrets", 242 | "sops-nix": "sops-nix" 243 | } 244 | }, 245 | "secrets": { 246 | "locked": { 247 | "lastModified": 1746041665, 248 | "narHash": "sha256-8j4PSYVf0lLV7QCEMxbJcSidP82tGTR/UUOCRg0lcFs=", 249 | "ref": "refs/heads/master", 250 | "rev": "4243708e72569b4568b774bddb251954d4c51447", 251 | "revCount": 5, 252 | "type": "git", 253 | "url": "ssh://git@git.caem.dev/caem/secrets.git" 254 | }, 255 | "original": { 256 | "type": "git", 257 | "url": "ssh://git@git.caem.dev/caem/secrets.git" 258 | } 259 | }, 260 | "sops-nix": { 261 | "inputs": { 262 | "nixpkgs": [ 263 | "nixpkgs" 264 | ] 265 | }, 266 | "locked": { 267 | "lastModified": 1746485181, 268 | "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", 269 | "owner": "Mic92", 270 | "repo": "sops-nix", 271 | "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", 272 | "type": "github" 273 | }, 274 | "original": { 275 | "owner": "Mic92", 276 | "repo": "sops-nix", 277 | "type": "github" 278 | } 279 | } 280 | }, 281 | "root": "root", 282 | "version": 7 283 | } 284 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "My NixOS configuration files."; 3 | 4 | inputs = { 5 | secrets.url = "git+ssh://git@git.caem.dev/caem/secrets.git"; 6 | 7 | nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; 8 | nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 9 | 10 | flake-parts.url = "github:hercules-ci/flake-parts"; 11 | 12 | home-manager = { 13 | url = "github:nix-community/home-manager/release-24.11"; 14 | inputs.nixpkgs.follows = "nixpkgs"; 15 | }; 16 | 17 | impermanence.url = "github:nix-community/impermanence"; 18 | 19 | disko = { 20 | url = "github:nix-community/disko/latest"; 21 | inputs.nixpkgs.follows = "nixpkgs"; 22 | }; 23 | 24 | sops-nix = { 25 | url = "github:Mic92/sops-nix"; 26 | inputs.nixpkgs.follows = "nixpkgs"; 27 | }; 28 | 29 | nixpak = { 30 | url = "github:nixpak/nixpak"; 31 | inputs.nixpkgs.follows = "nixpkgs"; 32 | }; 33 | 34 | aagl = { 35 | url = "github:ezKEa/aagl-gtk-on-nix/release-24.11"; 36 | inputs.nixpkgs.follows = "nixpkgs"; 37 | }; 38 | }; 39 | 40 | outputs = { 41 | nixpkgs, 42 | nixpkgs-unstable, 43 | flake-parts, 44 | impermanence, 45 | home-manager, 46 | disko, 47 | sops-nix, 48 | secrets, 49 | nixpak, 50 | aagl, 51 | ... 52 | } @ inputs: let 53 | lib = nixpkgs.lib.extend (final: prev: 54 | import ./lib { lib = final; } 55 | ); 56 | in { 57 | nixosConfigurations = lib.mkHosts { 58 | nixpkgs = nixpkgs; 59 | inputs = inputs; 60 | user = "caem"; 61 | modules = [ 62 | impermanence.nixosModules.impermanence 63 | disko.nixosModules.disko 64 | sops-nix.nixosModules.sops 65 | aagl.nixosModules.default 66 | home-manager.nixosModules.home-manager { 67 | home-manager = { 68 | useGlobalPkgs = true; 69 | useUserPackages = true; 70 | extraSpecialArgs = { 71 | inherit inputs; 72 | }; 73 | }; 74 | } 75 | ]; 76 | }; 77 | }; 78 | } 79 | 80 | -------------------------------------------------------------------------------- /hosts/puter/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, username, ... }: 2 | 3 | { 4 | imports = [ 5 | ./disko.nix 6 | ./packages.nix 7 | ]; 8 | 9 | time.timeZone = "Europe/Berlin"; 10 | 11 | networking = { 12 | hostName = "puter"; 13 | useDHCP = lib.mkDefault true; 14 | }; 15 | 16 | boot = { 17 | loader = { 18 | efi.canTouchEfiVariables = true; 19 | grub = { 20 | enable = true; 21 | # Keep "nodev" for efi systems 22 | device = "nodev"; 23 | efiSupport = true; 24 | gfxmodeEfi = "1920x1080"; 25 | }; 26 | }; 27 | 28 | tmp.useTmpfs = true; 29 | kernelPackages = pkgs.unstable.linuxPackages_xanmod_latest; 30 | supportedFilesystems = [ "btfs" "vfat" "xfs" ]; 31 | initrd = { 32 | availableKernelModules = [ "nvme" "xhci_pci" "ahci" 33 | "usbhid" "usb_storage" "sd_mod" ]; 34 | }; 35 | }; 36 | 37 | services = { 38 | fstrim.enable = true; 39 | btrfs.autoScrub.enable = true; 40 | }; 41 | 42 | fileSystems = { 43 | # These are system specific. If you have any additional drives that are not 44 | # your root device you can add and mount them here. Added nofail so that you can 45 | # install this configuration on a device without it exploding when you don't have 46 | # these specific partitions. 47 | 48 | "/home/${username}/mounts/vault" = { 49 | device = "/dev/disk/by-uuid/048d175b-0e3e-4ec7-955b-3d9a45f9f237"; 50 | options = [ "nofail" ]; 51 | fsType = "xfs"; 52 | }; 53 | 54 | "/home/${username}/mounts/attic" = { 55 | device = "/dev/disk/by-uuid/ec32ce36-9f53-4f44-ac8f-2c9163f0b3d7"; 56 | options = [ "nofail" ]; 57 | fsType = "xfs"; 58 | }; 59 | }; 60 | 61 | system.stateVersion = "24.11"; # [managed by install.sh] { state version } 62 | } 63 | 64 | -------------------------------------------------------------------------------- /hosts/puter/disko.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | disko.devices = { 5 | disk = { 6 | master = { 7 | type = "disk"; 8 | device = "/dev/nvme0n1"; # [managed by install.sh] 9 | content = { 10 | type = "gpt"; 11 | partitions = { 12 | efi = { 13 | priority = 1; 14 | name = "efi"; 15 | start = "1M"; 16 | end = "1024M"; 17 | type = "EF00"; 18 | content = { 19 | type = "filesystem"; 20 | format = "vfat"; 21 | mountpoint = "/boot"; 22 | mountOptions = [ 23 | "umask=0077" 24 | "noatime" 25 | ]; 26 | }; 27 | }; 28 | root = { 29 | size = "100%"; 30 | content = { 31 | type = "btrfs"; 32 | extraArgs = [ "-f" "-L nixos" ]; 33 | subvolumes = { 34 | /* Do not rename the root partition as it'll break impermanence */ 35 | "/root" = { 36 | mountpoint = "/"; 37 | mountOptions = [ 38 | "noatime" 39 | "compress=zstd" 40 | ]; 41 | }; 42 | 43 | "/nix" = { 44 | mountpoint = "/nix"; 45 | mountOptions = [ 46 | "noatime" 47 | "compress=zstd" 48 | ]; 49 | }; 50 | }; 51 | }; 52 | }; 53 | }; 54 | }; 55 | }; 56 | }; 57 | }; 58 | } 59 | -------------------------------------------------------------------------------- /hosts/puter/packages.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = let 5 | modules = ../../modules/nixos; 6 | in [ 7 | "${modules}/core" 8 | "${modules}/hardware/audio" 9 | "${modules}/hardware/gpu/nvidia" 10 | "${modules}/hardware/cpu/amd" 11 | "${modules}/multimedia" 12 | "${modules}/desktop/gnome" 13 | "${modules}/communication" 14 | "${modules}/development" 15 | "${modules}/edv" 16 | ]; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /hosts/vm/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, modulesPath, ... }: 2 | 3 | { 4 | imports = [ 5 | ./disko.nix 6 | ./packages.nix 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | time.timeZone = "Europe/Berlin"; 11 | 12 | networking = { 13 | hostName = "vm"; 14 | useDHCP = lib.mkDefault true; 15 | }; 16 | 17 | boot = { 18 | loader = { 19 | grub = { 20 | enable = true; 21 | # device = "/dev/sda"; # [managed by install.sh] 22 | gfxmodeEfi = "1920x1080"; 23 | }; 24 | }; 25 | 26 | tmp.useTmpfs = true; 27 | kernelPackages = pkgs.linuxPackages_xanmod_latest; 28 | supportedFilesystems = [ "btfs" "vfat" "xfs" ]; 29 | initrd = { 30 | availableKernelModules = [ "nvme" "xhci_pci" "ahci" 31 | "usbhid" "usb_storage" "sd_mod" ]; 32 | }; 33 | }; 34 | 35 | services = { 36 | fstrim.enable = true; 37 | btrfs.autoScrub.enable = true; 38 | }; 39 | 40 | fileSystems = { 41 | # These are system specific. If you have any additional drives that are not 42 | # your root device you can add and mount them here. Added nofail so that you can 43 | # install this configuration on a device without it exploding when you don't have 44 | # these specific partitions. 45 | }; 46 | 47 | system.stateVersion = "24.11"; # [managed by install.sh] 48 | } 49 | 50 | -------------------------------------------------------------------------------- /hosts/vm/disko.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | disko.devices = { 5 | disk = { 6 | master = { 7 | type = "disk"; 8 | device = "/dev/vda"; # [managed by install.sh] 9 | content = { 10 | type = "gpt"; 11 | partitions = { 12 | grub_mbr = { 13 | size = "1M"; 14 | type = "EF02"; # for grub MBR 15 | }; 16 | boot = { 17 | size = "1G"; 18 | content = { 19 | type = "filesystem"; 20 | format = "ext4"; 21 | mountpoint = "/boot"; 22 | }; 23 | }; 24 | root = { 25 | size = "100%"; 26 | content = { 27 | type = "btrfs"; 28 | extraArgs = [ "-f" "-L nixos" ]; 29 | subvolumes = { 30 | /* Do not rename the root partition as it'll break impermanence */ 31 | "/root" = { 32 | mountpoint = "/"; 33 | mountOptions = [ 34 | "noatime" 35 | "compress=zstd" 36 | ]; 37 | }; 38 | 39 | "/nix" = { 40 | mountpoint = "/nix"; 41 | mountOptions = [ 42 | "noatime" 43 | "compress=zstd" 44 | ]; 45 | }; 46 | }; 47 | }; 48 | }; 49 | }; 50 | }; 51 | }; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /hosts/vm/packages.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = let 5 | modules = ../../modules/nixos; 6 | in [ 7 | "${modules}/core" 8 | "${modules}/hardware/audio" 9 | "${modules}/hardware/gpu/graphics.nix" 10 | "${modules}/multimedia" 11 | "${modules}/desktop/gnome" 12 | ]; 13 | } 14 | 15 | -------------------------------------------------------------------------------- /hosts/x220/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, username, ... }: 2 | 3 | { 4 | imports = [ 5 | ./disko.nix 6 | ./packages.nix 7 | ]; 8 | 9 | time.timeZone = "Europe/Berlin"; 10 | 11 | console = { 12 | earlySetup = true; 13 | keyMap = "de"; 14 | }; 15 | 16 | networking = { 17 | hostName = "x220"; 18 | useDHCP = lib.mkDefault true; 19 | }; 20 | 21 | boot = { 22 | loader = { 23 | efi.canTouchEfiVariables = true; 24 | grub = { 25 | enable = true; 26 | # device = "/dev/sda"; # [managed by install.sh] 27 | gfxmodeEfi = "1366x768"; 28 | }; 29 | }; 30 | 31 | tmp.useTmpfs = true; 32 | kernelPackages = pkgs.unstable.linuxPackages_xanmod_latest; 33 | supportedFilesystems = [ "btfs" "vfat" "xfs" ]; 34 | initrd = { 35 | availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" 36 | "usb_storage" "sd_mod" "sdhci_pci" ]; 37 | }; 38 | }; 39 | 40 | services = { 41 | fstrim.enable = true; 42 | btrfs.autoScrub.enable = true; 43 | }; 44 | 45 | environment.persistence."/nix/persist".directories = [ 46 | "/etc/NetworkManager/system-connections" 47 | ]; 48 | 49 | fileSystems = { 50 | # These are system specific. If you have any additional drives that are not 51 | # your root device you can add and mount them here. Added nofail so that you can 52 | # install this configuration on a device without it exploding when you don't have 53 | # these specific partitions. 54 | }; 55 | 56 | system.stateVersion = "24.11"; # [managed by install.sh] { state version } 57 | } 58 | 59 | -------------------------------------------------------------------------------- /hosts/x220/disko.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | disko.devices = { 5 | disk = { 6 | master = { 7 | type = "disk"; 8 | device = "/dev/sda"; # [managed by install.sh] 9 | content = { 10 | type = "gpt"; 11 | partitions = { 12 | grub_mbr = { 13 | size = "1M"; 14 | type = "EF02"; 15 | }; 16 | boot = { 17 | size = "1G"; 18 | content = { 19 | type = "filesystem"; 20 | format = "ext4"; 21 | mountpoint = "/boot"; 22 | }; 23 | }; 24 | luks = { 25 | size = "100%"; 26 | content = { 27 | type = "luks"; 28 | name = "crypted"; 29 | content = { 30 | type = "btrfs"; 31 | extraArgs = [ "-f" "-L nixos" ]; 32 | subvolumes = { 33 | /* Do not rename the root partition as it'll break impermanence */ 34 | "/root" = { 35 | mountpoint = "/"; 36 | mountOptions = [ 37 | "noatime" 38 | "compress=zstd" 39 | ]; 40 | }; 41 | 42 | "/nix" = { 43 | mountpoint = "/nix"; 44 | mountOptions = [ 45 | "noatime" 46 | "compress=zstd" 47 | ]; 48 | }; 49 | }; 50 | }; 51 | }; 52 | }; 53 | }; 54 | }; 55 | }; 56 | }; 57 | }; 58 | } 59 | -------------------------------------------------------------------------------- /hosts/x220/packages.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = let 5 | modules = ../../modules/nixos; 6 | in [ 7 | "${modules}/core" 8 | "${modules}/hardware/audio" 9 | "${modules}/hardware/cpu/intel" 10 | "${modules}/multimedia/video" 11 | "${modules}/multimedia/art" 12 | "${modules}/multimedia/web" 13 | "${modules}/multimedia/music" 14 | "${modules}/desktop/gnome" 15 | "${modules}/communication" 16 | "${modules}/development" 17 | "${modules}/edv" 18 | ]; 19 | } 20 | 21 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Author: caem - https://caem.dev 4 | 5 | # install.sh - Installation script for my NixOS configuration 6 | # 7 | # This script aims to automate the deployment of my configuration 8 | # on a new machine. 9 | 10 | args_ensure_extra_arg() { 11 | if [ -z "$2" ] || [ "$(echo "$2" | cut -c 1-1)" = "-" ]; then 12 | >&2 echo "Argument '$1' requires an extra argument. Run --help for more info." 13 | exit 1 14 | fi 15 | } 16 | 17 | args_ensure_is_set() { 18 | if [ -z "$2" ]; then 19 | >&2 echo "Argument '$1' is required to be set. Please consult the README or run again with --help." 20 | exit 1 21 | fi 22 | } 23 | 24 | args() { 25 | while [ -n "$1" ]; do 26 | case "$1" in 27 | "-h" | "--help") 28 | echo "" 29 | echo "$0 - Installation script for my NixOS configuration" 30 | echo "" 31 | echo "arguments:" 32 | echo " -h|--help Print this and exit" 33 | echo " -d|--device [device] (required) The device you want to install NixOS on to" 34 | echo " -o|--host [hostname] (required) The host from ./hosts you want to install" 35 | echo " -b|--build Build the system without installing" 36 | echo "" 37 | echo "origin: https://github.com/c4em/caenix" 38 | echo "" 39 | exit 0 40 | ;; 41 | 42 | "-d" | "--device") 43 | args_ensure_extra_arg "$@" 44 | if [ ! -b "$2" ]; then 45 | >&2 echo "'$2' is not a valid block device. Make sure you selected the right drive" 46 | exit 1 47 | fi 48 | 49 | CAENIX_INSTALL_DEVICE="$2" 50 | shift 2 51 | ;; 52 | 53 | "-o" | "--host") 54 | args_ensure_extra_arg "$@" 55 | 56 | if [ ! -d "./hosts/$2" ]; then 57 | >&2 echo "Invalid hostname '$2'. Make sure it exists in ./hosts" 58 | exit 1 59 | fi 60 | 61 | CAENIX_HOSTNAME="$2" 62 | shift 2 63 | ;; 64 | "-b" | "--build") 65 | CAENIX_DO_ONLY_BUILD=1 66 | shift 1 67 | ;; 68 | *) 69 | >&2 echo "Unrecognized argument '$1'. Run with --help to view accepted arguments." 70 | exit 1 71 | ;; 72 | esac 73 | done 74 | 75 | args_ensure_is_set "--host" "$CAENIX_HOSTNAME" 76 | if [ -z "$CAENIX_DO_ONLY_BUILD" ]; then 77 | args_ensure_is_set "--device" "$CAENIX_INSTALL_DEVICE" 78 | fi 79 | } 80 | 81 | sed_safe () { 82 | # I got this off of some random StackOverflow answer. Don't put too much trust in this. 83 | printf "%s" "$1" | sed -r 's/([\$\.\*\/\[\\^])/\\\1/g' | sed 's/[]]/\[]]/g' 84 | } 85 | 86 | update_managed_values() { 87 | sed -i 's/\( *device = \)".*"\(; # [managed by install\.sh].*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$CAENIX_HOSTNAME/default.nix" 88 | sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$CAENIX_HOSTNAME/disko.nix" 89 | sed -i 's/\( *system.stateVersion = \)".*"\(; #.*\)/\1"'"$(sed_safe "$(nixos-version | cut -f1,2 -d '.')")"'"\2/' "./hosts/$CAENIX_HOSTNAME/default.nix" 90 | } 91 | 92 | build() { 93 | nix build ".#nixosConfigurations.${CAENIX_HOSTNAME}.config.system.build.toplevel" 94 | } 95 | 96 | permissions() { 97 | if [ "$(id -u)" = "0" ]; then 98 | sudo () { 99 | "$@" 100 | } 101 | else 102 | sudo -v 103 | fi 104 | } 105 | 106 | ensure_confirmation() { 107 | printf "\e[1;31m=== ARE YOU SURE YOU WANT TO CONTINUE WITH THE INSTALLATION ===\e[0m\n\n" 108 | printf "This will \e[1;31mIRREVERSIBLY\e[0m wipe all data in '%s'\n" "$CAENIX_INSTALL_DEVICE" 109 | printf "This disk contains following partitions:\n\n" 110 | lsblk -o NAME,SIZE,TYPE,FSTYPE "$CAENIX_INSTALL_DEVICE" 111 | printf "\n" 112 | 113 | printf "Please write 'Yes, do as I say!' to continue with the installation\n> " 114 | read -r install_prompt 115 | if [ "$install_prompt" != "Yes, do as I say!" ]; then 116 | echo "Cancelling installation" 117 | exit 0 118 | else 119 | CAENIX_CONFIRM_DISK_NUKE="yes" 120 | fi 121 | } 122 | 123 | partition_disk() { 124 | if [ "$CAENIX_CONFIRM_DISK_NUKE" = "yes" ]; then 125 | sudo nix --experimental-features 'flakes nix-command' run github:nix-community/disko/latest -- \ 126 | --mode destroy,format,mount --yes-wipe-all-disks "./hosts/$CAENIX_HOSTNAME/disko.nix" 127 | else 128 | >&2 echo "Aborted installation due to invalid state in the partitioning step." 129 | exit 1 130 | fi 131 | } 132 | 133 | install() { 134 | yes | sudo nixos-install --no-root-passwd --flake ".#$CAENIX_HOSTNAME" 135 | } 136 | 137 | copy_files_to_new_install() { 138 | username="$(grep user ./flake.nix | sed -e 's/.*user = "\(.*\)";.*/\1/')" 139 | if [ -z "$username" ]; then 140 | >&2 echo "Cannot determine username" 141 | exit 1 142 | fi 143 | 144 | sudo cp -vr . /mnt/nix/config 145 | sudo mkdir -p "/mnt/nix/persist/home/$username/programming/personal" 146 | sudo ln -svf /nix/config "/mnt/nix/persist/home/$username/programming/personal/caenix" 147 | sudo chown -R 1000:100 "/mnt/nix/persist/home/$username" 148 | sudo chown -R 1000:100 "/mnt/nix/config" 149 | } 150 | 151 | reboot_on_consent() { 152 | printf "\n\nInstallation finished. Would you like to reboot?\n[y/n] > " 153 | read -r do_reboot 154 | if [ "$do_reboot" = "y" ] || [ "$do_reboot" = "Y" ]; then 155 | sudo reboot 156 | fi 157 | } 158 | 159 | main () { 160 | args "$@" 161 | permissions 162 | 163 | if [ -n "$CAENIX_DO_ONLY_BUILD" ]; then 164 | if [ -n "$CAENIX_INSTALL_DEVICE" ]; then 165 | update_managed_values 166 | fi 167 | 168 | build 169 | exit 0 170 | fi 171 | 172 | ensure_confirmation 173 | update_managed_values 174 | partition_disk 175 | copy_files_to_new_install 176 | install 177 | reboot_on_consent 178 | } 179 | 180 | set -e 181 | main "$@" 182 | 183 | -------------------------------------------------------------------------------- /lib/default.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | 3 | let 4 | fs = import ./fs.nix { inherit lib; }; 5 | hosts = import ./hosts.nix { inherit lib; }; 6 | in 7 | fs // hosts 8 | 9 | -------------------------------------------------------------------------------- /lib/fs.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | 3 | { 4 | getDirsInDir = 5 | path: let 6 | dirs = builtins.readDir path; 7 | in 8 | builtins.filter (type: dirs.${type} == "directory") (builtins.attrNames dirs); 9 | 10 | getModuleImports = 11 | path: let 12 | files = builtins.attrNames (builtins.removeAttrs (builtins.readDir path) ["default.nix"]); 13 | in 14 | map (file: "${path}/${file}") files; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /lib/hosts.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | 3 | { 4 | mkHosts = { 5 | nixpkgs, 6 | inputs, 7 | modules, 8 | user, 9 | }: builtins.listToAttrs (builtins.map (host: { 10 | name = host; 11 | value = nixpkgs.lib.nixosSystem { 12 | system = "x86_64-linux"; 13 | modules = modules ++ [ 14 | ../hosts/${host} 15 | ../modules/nixos/user/${user}.nix 16 | ]; 17 | specialArgs = { 18 | inherit inputs lib; 19 | username = user; 20 | cfgPath = ../.; 21 | }; 22 | }; 23 | }) (lib.getDirsInDir ../hosts)); 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/caem/core/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | 7 | -------------------------------------------------------------------------------- /modules/home/caem/core/security.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | 3 | { 4 | programs.gpg = { 5 | enable = true; 6 | homedir = "${config.xdg.dataHome}/gnupg"; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /modules/home/caem/core/zsh/conf.d/fzf-tab.zsh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env zsh 2 | 3 | zstyle ':completion:*:git-checkout:*' sort false 4 | zstyle ':completion:*:descriptions' format '[%d]' 5 | zstyle ':completion:*' list-colors ${(s.:.)LS_COLORS} 6 | zstyle ':completion:*' menu no 7 | zstyle ':fzf-tab:*' fzf-flags --color 16 --bind=tab:accept 8 | [ -n "$TMUX" ] && zstyle ':fzf-tab:*' fzf-command ftb-tmux-popup 9 | -------------------------------------------------------------------------------- /modules/home/caem/core/zsh/conf.d/ps1.zsh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env zsh 2 | 3 | local c0=$'%{\e[0m%}' 4 | local c31=$'%{\e[31m%}' 5 | local c33=$'%{\e[33m%}' 6 | local c34=$'%{\e[34m%}' 7 | local c35=$'%{\e[35m%}' 8 | local c38=$'%{\e[38m%}' 9 | 10 | local nix_shell_ps1_t=" $c34{$c33󱄅 shell$c34}$c0" 11 | local path_no_ghostty="$(echo "$PATH" | sed -e 's/:\/nix\/store\/.*-ghostty-.*\/bin://g')" 12 | if [ -n "$IN_NIX_SHELL" ]; then 13 | local nix_shell_ps1="$nix_shell_ps1_t" 14 | elif [[ "$path_no_ghostty" == *"/nix/store"* ]]; then 15 | IN_NIX_SHELL=true 16 | local nix_shell_ps1="$nix_shell_ps1_t" 17 | fi 18 | 19 | setopt prompt_subst 20 | autoload -Uz vcs_info 21 | zstyle ':vcs_info:*' enable git 22 | zstyle ':vcs_info:*' formats " ${c34}${c0}${c31}(%b)${c0}" 23 | precmd () { vcs_info } 24 | 25 | export PS1='${c38}[${c35}%3~${c0}${vcs_info_msg_0_}${nix_shell_ps1}${c38}]${c0}# ' 26 | -------------------------------------------------------------------------------- /modules/home/caem/core/zsh/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | 3 | { 4 | home.packages = with pkgs; [ 5 | lsd 6 | bat 7 | fd 8 | ripgrep 9 | fzf 10 | tre-command 11 | btop 12 | zsh-completions 13 | nix-zsh-completions 14 | ]; 15 | 16 | programs.bat = { 17 | enable = true; 18 | config = { 19 | theme = "ansi"; 20 | }; 21 | }; 22 | 23 | programs.btop = { 24 | enable = true; 25 | settings = { 26 | color_theme = "TTY"; 27 | }; 28 | }; 29 | 30 | home.file.".zshenv".enable = false; 31 | home.file.".config/zsh/conf.d" = { 32 | source = ./conf.d; 33 | recursive = true; 34 | }; 35 | 36 | programs.zsh = { 37 | enable = true; 38 | enableCompletion = true; 39 | autosuggestion.enable = true; 40 | syntaxHighlighting.enable = true; 41 | dotDir = ".config/zsh"; 42 | autocd = true; 43 | 44 | history.size = 10000; 45 | history.ignoreAllDups = true; 46 | /* Not persisted on purpose */ 47 | history.path = "${config.xdg.cacheHome}/zsh_history"; 48 | 49 | shellAliases = { 50 | cat = "bat --paging=never --wrap=never --style='changes,snip,numbers'"; 51 | ls = "lsd"; 52 | tree = "tre"; 53 | }; 54 | 55 | initExtra = '' 56 | alias -g -- -h='-h 2>&1 | bat --language=help --style=plain' 57 | alias -g -- --help='--help 2>&1 | bat --language=help --style=plain' 58 | 59 | for dotfile in "$ZDOTDIR/conf.d/"*; do 60 | source "$dotfile" 61 | done 62 | ''; 63 | 64 | plugins = [ 65 | { 66 | name = "zsh-nix-shell"; 67 | file = "nix-shell.plugin.zsh"; 68 | src = pkgs.fetchFromGitHub { 69 | owner = "chisui"; 70 | repo = "zsh-nix-shell"; 71 | rev = "v0.8.0"; 72 | sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7"; 73 | }; 74 | } 75 | { 76 | name = "fzf-tab"; 77 | file = "fzf-tab.plugin.zsh"; 78 | src = pkgs.fetchFromGitHub { 79 | owner = "Aloxaf"; 80 | repo = "fzf-tab"; 81 | rev = "v1.2.0"; 82 | sha256 = "sha256-q26XVS/LcyZPRqDNwKKA9exgBByE0muyuNb0Bbar2lY="; 83 | }; 84 | } 85 | ]; 86 | }; 87 | } 88 | -------------------------------------------------------------------------------- /modules/home/caem/default.nix: -------------------------------------------------------------------------------- 1 | { lib, config, ... }: 2 | 3 | { 4 | imports = [ 5 | ./packages.nix 6 | ]; 7 | 8 | home = { 9 | username = "caem"; 10 | homeDirectory = "/home/caem"; 11 | stateVersion = "24.11"; 12 | }; 13 | 14 | home.file."${config.xdg.configHome}/user-dirs.dirs".force = lib.mkForce true; 15 | xdg = { 16 | enable = true; 17 | userDirs = { 18 | enable = true; 19 | 20 | documents = "${config.home.homeDirectory}/documents"; 21 | download = "${config.home.homeDirectory}/download"; 22 | music = "${config.home.homeDirectory}/music"; 23 | pictures = "${config.home.homeDirectory}/images"; 24 | videos = "${config.home.homeDirectory}/videos"; 25 | 26 | /* I do not use these */ 27 | desktop = "${config.xdg.dataHome}/xdg/desktop"; 28 | publicShare = "${config.xdg.dataHome}/xdg/publicShare"; 29 | templates = "${config.xdg.dataHome}/xdg/templates"; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/home/caem/desktop/gnome/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, inputs, config, ... }: 2 | 3 | let 4 | picture-uri = if builtins.hasAttr "wallpaper" inputs.secrets.paths 5 | then builtins.toString inputs.secrets.paths.wallpaper 6 | else builtins.toString ../../../../../assets/wallpaper.jpg; 7 | in { 8 | xdg.mimeApps = { 9 | enable = true; 10 | defaultApplications = { 11 | "application/pdf" = "org.gnome.Evince.desktop"; 12 | "image/avif" = "org.gnome.Loupe.desktop"; 13 | "image/apng" = "org.gnome.Loupe.desktop"; 14 | "image/bmp" = "org.gnome.Loupe.desktop"; 15 | "image/gif" = "org.gnome.Loupe.desktop"; 16 | "image/jpeg" = "org.gnome.Loupe.desktop"; 17 | "image/vnd.microsoft.icon" = "org.gnome.Loupe.desktop"; 18 | "image/png" = "org.gnome.Loupe.desktop"; 19 | "image/tiff" = "org.gnome.Loupe.desktop"; 20 | "image/webp" = "org.gnome.Loupe.desktop"; 21 | "video/mp4" = "mpv.desktop"; 22 | "video/mpeg" = "mpv.desktop"; 23 | "video/ogg" = "mpv.desktop"; 24 | "video/webm" = "mpv.desktop"; 25 | "video/x-matroska" = "mpv.desktop"; 26 | "video/x-msvideo" = "mpv.desktop"; 27 | "video/quicktime" = "mpv.desktop"; 28 | "x-scheme-handler/mailto" = "tutanota-desktop.desktop"; 29 | }; 30 | }; 31 | 32 | gtk = { 33 | enable = true; 34 | gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; 35 | gtk3.extraConfig = { 36 | gtk-application-prefer-dark-theme = true; 37 | }; 38 | }; 39 | 40 | dconf.settings = { 41 | "org/gnome/desktop/background".picture-uri = picture-uri; 42 | "org/gnome/desktop/background".picture-uri-dark = picture-uri; 43 | "org/gnome/desktop/screensaver".picture-uri = picture-uri; 44 | "org/gnome/desktop/interface" = { 45 | accent-color = "slate"; 46 | color-scheme = "prefer-dark"; 47 | }; 48 | "org/gnome/desktop/input-sources" = { 49 | sources = [ 50 | (lib.hm.gvariant.mkTuple ["xkb" "de"]) 51 | ]; 52 | }; 53 | "org/gnome/desktop/peripherals/mouse" = { 54 | accel-profile = "flat"; 55 | }; 56 | "org/gnome/shell" = { 57 | disable-user-extensions = false; 58 | allow-extension-installation = false; 59 | enabled-extensions = with pkgs.gnomeExtensions; [ 60 | caffeine.extensionUuid 61 | accent-directories.extensionUuid 62 | just-perfection.extensionUuid 63 | quick-settings-tweaker.extensionUuid 64 | mpris-label.extensionUuid 65 | weather-or-not.extensionUuid 66 | dash-to-dock.extensionUuid 67 | rounded-window-corners-reborn.extensionUuid 68 | unite.extensionUuid 69 | ]; 70 | favorite-apps = [ 71 | "org.mozilla.firefox-esr.desktop" 72 | "emacs.desktop" 73 | "com.mitchellh.ghostty.desktop" 74 | "signal-desktop.desktop" 75 | "vesktop.desktop" 76 | "tutanota-desktop.desktop" 77 | "element-desktop.desktop" 78 | "tidal-hifi.desktop" 79 | "org.gnome.Nautilus.desktop" 80 | ]; 81 | }; 82 | "org/gnome/shell/extensions/just-perfection" = { 83 | calendar = false; 84 | events-button = false; 85 | quick-settings-dark-mode = false; 86 | world-clock = false; 87 | panel-size = 28; 88 | }; 89 | "org/gnome/shell/extensions/quick-settings-tweaks" = { 90 | notifications-enabled = false; 91 | }; 92 | "org/gnome/shell/extensions/mpris-label" = { 93 | divider-string = " - "; 94 | extension-index = 0; 95 | extension-place = "right"; 96 | icon-padding = 5; 97 | left-padding = 0; 98 | right-padding = 0; 99 | second-field = "xesam:title"; 100 | use-whitelisted-sources-only = true; 101 | mpris-sources-whitelist = "tidal-hifi"; 102 | }; 103 | "org/gnome/shell/extensions/unite" = { 104 | extend-left-box = false; 105 | greyscale-try-icons = false; 106 | hide-activities-button = "never"; 107 | hide-app-menu-icon = false; 108 | hide-window-titlebars = "never"; 109 | notifications-position = "center"; 110 | reduce-panel-spacing = true; 111 | show-appmenu-button = true; 112 | show-desktop-name = false; 113 | show-window-buttons = "never"; 114 | show-window-title = "never"; 115 | use-activities-text = false; 116 | }; 117 | "org/gnome/shell/extensions/weatherornot" = { 118 | position = "right"; 119 | }; 120 | "org/gnome/shell/extensions/dash-to-dock" = { 121 | always-center-icons = false; 122 | apply-custom-theme = false; 123 | background-color = "rgb(27,27,27)"; 124 | custom-background-color = true; 125 | background-opacity = 0.95; 126 | custom-theme-shrink = true; 127 | dash-max-icon-size = 48; 128 | dock-fixed = true; 129 | dock-position = "LEFT"; 130 | extend-height = true; 131 | height-fraction = 0.9; 132 | hide-tooltip = false; 133 | hot-keys = false; 134 | show-apps-always-in-the-edge = true; 135 | show-mounts = false; 136 | show-icons-emblems = true; 137 | show-show-apps-button = true; 138 | show-trash = false; 139 | transparency-mode = "FIXED"; 140 | }; 141 | "org/gnome/desktop/wm/preferences" = { 142 | audible-bell = false; 143 | num-workspaces = 9; 144 | }; 145 | "org/gnome/mutter" = { 146 | dynamic-workspaces = false; 147 | }; 148 | "org/gnome/shell/window-switcher" = { 149 | current-workspace-only = true; 150 | }; 151 | "org/gnome/shell/keybindings" = { 152 | switch-windows = ["Tab"]; 153 | activate-window-menu = []; 154 | switch-to-application-1 = []; 155 | switch-to-application-2 = []; 156 | switch-to-application-3 = []; 157 | switch-to-application-4 = []; 158 | switch-to-application-5 = []; 159 | switch-to-application-6 = []; 160 | switch-to-application-7 = []; 161 | switch-to-application-8 = []; 162 | switch-to-application-9 = []; 163 | }; 164 | "org/gnome/desktop/wm/keybindings" = { 165 | switch-to-workspace-1 = ["1"]; 166 | switch-to-workspace-2 = ["2"]; 167 | switch-to-workspace-3 = ["3"]; 168 | switch-to-workspace-4 = ["4"]; 169 | switch-to-workspace-5 = ["5"]; 170 | switch-to-workspace-6 = ["6"]; 171 | switch-to-workspace-7 = ["7"]; 172 | switch-to-workspace-8 = ["8"]; 173 | switch-to-workspace-9 = ["9"]; 174 | move-to-workspace-1 = ["1"]; 175 | move-to-workspace-2 = ["2"]; 176 | move-to-workspace-3 = ["3"]; 177 | move-to-workspace-4 = ["4"]; 178 | move-to-workspace-5 = ["5"]; 179 | move-to-workspace-6 = ["6"]; 180 | move-to-workspace-7 = ["7"]; 181 | move-to-workspace-8 = ["8"]; 182 | move-to-workspace-9 = ["9"]; 183 | }; 184 | }; 185 | } 186 | -------------------------------------------------------------------------------- /modules/home/caem/development/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | 3 | let 4 | emacs-package = pkgs.emacs30-pgtk; 5 | in { 6 | services.emacs = { 7 | enable = true; 8 | package = emacs-package; 9 | socketActivation.enable = true; 10 | }; 11 | 12 | programs.emacs = { 13 | enable = true; 14 | package = emacs-package; 15 | extraPackages = epkgs: with epkgs; [ 16 | treesit-grammars.with-all-grammars 17 | vterm 18 | paredit 19 | nix-mode 20 | meson-mode 21 | rainbow-delimiters 22 | darktooth-theme 23 | smex 24 | amx 25 | # Why the fuck would you put a '+' in your package's name 26 | (builtins.getAttr "ido-completing-read+" epkgs) 27 | no-littering 28 | treesit-auto 29 | ]; 30 | }; 31 | 32 | home.file."${config.xdg.configHome}/emacs".source = ./emacs.d; 33 | } 34 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/appearance.el: -------------------------------------------------------------------------------- 1 | (tool-bar-mode 0) 2 | (menu-bar-mode 0) 3 | (scroll-bar-mode 0) 4 | 5 | (setq display-line-numbers-type 'relative) 6 | (global-display-line-numbers-mode t) 7 | (global-hl-line-mode t) 8 | 9 | (add-to-list 'default-frame-alist 10 | '(font . "Go Mono Nerd Font-12")) 11 | 12 | (let ((opacity 95)) 13 | (set-frame-parameter nil 'alpha-background opacity) 14 | (add-to-list 'default-frame-alist `(alpha-background . ,opacity))) 15 | 16 | (setq compilation-scroll-output t) 17 | 18 | (use-package rainbow-delimiters 19 | :ensure nil 20 | :hook 21 | ((prog-mode . rainbow-delimiters-mode))) 22 | 23 | (use-package darktooth-theme 24 | :ensure nil 25 | :config 26 | (load-theme 'darktooth-dark t) 27 | (set-face-background 'hl-line "#262626")) 28 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/completions.el: -------------------------------------------------------------------------------- 1 | (use-package lsp-mode 2 | :ensure t 3 | :init 4 | (setq lsp-keymap-prefix "C-c l") 5 | :hook 6 | (prog-mode . lsp) 7 | :commands lsp) 8 | 9 | (use-package lsp-ui 10 | :ensure t 11 | :commands lsp-ui-mode) 12 | 13 | (use-package company 14 | :ensure t 15 | :hook 16 | (after-init-hook . global-company-mode)) 17 | 18 | (use-package flycheck 19 | :ensure t 20 | :hook 21 | (after-init-hook . global-flycheck-mode) 22 | :init 23 | (setq flycheck-emacs-lisp-load-path 'inherit 24 | flycheck-emacs-lisp-initialize-packages t)) 25 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/ido.el: -------------------------------------------------------------------------------- 1 | (use-package smex 2 | :ensure nil 3 | :bind 4 | (("M-x" . smex) 5 | ("M-X" . smex-major-mode-commands)) 6 | :config (smex-initialize)) 7 | 8 | (use-package ido-completing-read+ 9 | :ensure nil 10 | :config (ido-ubiquitous-mode 1)) 11 | 12 | (use-package amx 13 | :ensure nil 14 | :config (amx-mode 1)) 15 | 16 | (ido-mode 1) 17 | (ido-everywhere 1) 18 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/init.el: -------------------------------------------------------------------------------- 1 | (rei/load "nix.el") 2 | (rei/load "repositories.el") 3 | (rei/load "litter.el") 4 | (rei/load "appearance.el") 5 | (rei/load "tree-sitter.el") 6 | (rei/load "ido.el") 7 | (rei/load "completions.el") 8 | (rei/load "misc.el") 9 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/litter.el: -------------------------------------------------------------------------------- 1 | (setq custom-file "/dev/null" 2 | inhibit-splash-screen t 3 | backup-by-copying t) 4 | 5 | (use-package no-littering 6 | :ensure nil 7 | :init 8 | (setq no-littering-etc-directory (file-name-concat (xdg-data-home) "emacs") 9 | no-littering-var-directory (file-name-concat (xdg-data-home) "emacs")) 10 | (no-littering-theme-backups)) 11 | 12 | ;; Not the perfect place for this but it needs to be called after 13 | ;; no littering is set up. 14 | (use-package gnu-elpa-keyring-update 15 | :ensure t) 16 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/misc.el: -------------------------------------------------------------------------------- 1 | (setq scroll-step 1 2 | scroll-margin 8) 3 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/nix.el: -------------------------------------------------------------------------------- 1 | ;; If we're already using Nix, make sure we're only using 2 | ;; the Nix provided packages instead of downloading them from 3 | ;; (m)elpa and co as it's not really necassary as we've already 4 | ;; got Nix to do this job and this is a much cleaner solution. 5 | (if (file-exists-p "/nix/store") 6 | (setq using-nix t 7 | use-package-always-ensure nil) 8 | (setq using-nix nil 9 | use-package-always-ensure t)) 10 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/repositories.el: -------------------------------------------------------------------------------- 1 | (setq package-user-dir (file-name-concat (xdg-data-home) "emacs" "elpa")) 2 | (setq package-gnupghome-dir (file-name-concat package-user-dir "gnupg")) 3 | 4 | (require 'package) 5 | (if using-nix 6 | (progn 7 | (add-to-list 'package-archives '("melpa" . "https://melpa.org/packages/")) 8 | (package-initialize)) 9 | (progn 10 | (setq package-archives nil) 11 | (package-initialize))) 12 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/core/tree-sitter.el: -------------------------------------------------------------------------------- 1 | (require 'treesit) 2 | 3 | (setq treesit-font-lock-level 4) 4 | 5 | (use-package treesit-auto 6 | :ensure nil 7 | :custom 8 | (treesit-auto-install 'prompt) 9 | :config 10 | (treesit-auto-add-to-auto-mode-alist 'all) 11 | (global-treesit-auto-mode)) 12 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/extras/elcord.el: -------------------------------------------------------------------------------- 1 | (defvar elcord-dir "~/.local/share/emacs/my/elcord") 2 | (if (file-directory-p elcord-dir) 3 | (progn 4 | (add-to-list 'load-path elcord-dir) 5 | (require 'elcord) 6 | (setq elcord-icon-base "https://raw.githubusercontent.com/c4em/elcord/master/icons/" 7 | elcord-refresh-rate 10 8 | elcord-use-major-mode-as-main-icon t)) 9 | (use-package elcord 10 | :ensure t 11 | :custom 12 | (elcord-use-major-mode-as-main-icon t) 13 | (elcord-refresh-rate 10))) 14 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/extras/init.el: -------------------------------------------------------------------------------- 1 | (rei/load "elcord.el") 2 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/init.el: -------------------------------------------------------------------------------- 1 | (require 'xdg) 2 | (setq user-emacs-directory (file-name-concat (xdg-config-home) "emacs")) 3 | (add-to-list 'load-path user-emacs-directory) 4 | 5 | (require 'rei) 6 | (rei/load "core") 7 | (rei/load "modes") 8 | (rei/load "extras") 9 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/c-mode.el: -------------------------------------------------------------------------------- 1 | (add-hook 'c-mode-hook 2 | (lambda () 3 | (setq indent-tabs-mode nil) 4 | (setq tab-width 4))) 5 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/init.el: -------------------------------------------------------------------------------- 1 | (use-package paredit 2 | :ensure nil 3 | :hook 4 | ((prog-mode . enable-paredit-mode)) 5 | :config 6 | (show-paren-mode 1) 7 | (setq show-paren-style 'parenthesis)) 8 | 9 | (rei/load "nix-mode.el") 10 | (rei/load "c-mode.el") 11 | (rei/load "lisp") 12 | (rei/load "meson-mode.el") 13 | (rei/load "term-mode.el") 14 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/lisp/elisp-mode.el: -------------------------------------------------------------------------------- 1 | (add-hook 'emacs-lisp-mode-hook 2 | (lambda () 3 | (setq indent-tabs-mode nil) 4 | (setq tab-width 2))) 5 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/lisp/init.el: -------------------------------------------------------------------------------- 1 | (rei/load "scheme-mode.el") 2 | (rei/load "elisp-mode.el") 3 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/lisp/scheme-mode.el: -------------------------------------------------------------------------------- 1 | (add-hook 'scheme-mode-hook 2 | (lambda () 3 | (setq indent-tabs-mode nil) 4 | (setq tab-wdith 2))) 5 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/meson-mode.el: -------------------------------------------------------------------------------- 1 | (use-package meson-mode 2 | :ensure nil 3 | :mode ("meson\\.build\\'")) 4 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/nix-mode.el: -------------------------------------------------------------------------------- 1 | (use-package nix-mode 2 | :ensure nil 3 | :mode ("\\.nix\\'" "\\.nix.in\\'") 4 | :hook 5 | (nix-mode . (lambda () 6 | (paredit-mode -1))) 7 | :init 8 | (global-nix-prettify-mode 1)) 9 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/modes/term-mode.el: -------------------------------------------------------------------------------- 1 | (defun reset-scroll-config () 2 | (setq-local scroll-margin 0)) 3 | 4 | (add-hook 'term-mode-hook #'reset-scroll-config) 5 | -------------------------------------------------------------------------------- /modules/home/caem/development/emacs/emacs.d/rei.el: -------------------------------------------------------------------------------- 1 | (provide 'rei) 2 | 3 | (defun rei/load (path) 4 | "Load a configuraion file relative to the current file. 5 | When the specified path is a directory it will look for a init.el file to load." 6 | (when load-file-name 7 | (let ((fp (file-name-concat (file-name-directory load-file-name) path))) 8 | (if (file-directory-p fp) 9 | (let ((fdp (file-name-concat fp "init.el"))) 10 | (if (file-exists-p fdp) 11 | (load fdp) 12 | (error "Cannot load %s directory as it's missing an init.el file." path))) 13 | (load fp))))) 14 | -------------------------------------------------------------------------------- /modules/home/caem/development/ghostty.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | programs.ghostty = { 5 | enable = true; 6 | enableZshIntegration = true; 7 | settings = let 8 | literally_a_billion_million = 10000000000000; 9 | in { 10 | font-family = "Go Mono Nerd Font"; 11 | font-size = 12; 12 | background-opacity = 0.85; 13 | scrollback-limit = literally_a_billion_million; 14 | theme = "Tomorrow Night Burns"; 15 | window-padding-x = 4; 16 | window-padding-y = 4; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /modules/home/caem/development/git.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | home.packages = with pkgs; [ 5 | git 6 | ]; 7 | 8 | programs.git = { 9 | enable = true; 10 | userName = "caem"; 11 | userEmail = "me@caem.dev"; 12 | signing = { 13 | signByDefault = true; 14 | key = "E50FC66B5062070DC462661C69A830D03203405F"; 15 | }; 16 | extraConfig = { 17 | pull.rebase = true; 18 | init.defaultBranch = "master"; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /modules/home/caem/development/tmux.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | home.packages = with pkgs; [ 5 | tmux 6 | wl-clipboard 7 | ]; 8 | 9 | programs.tmux = { 10 | enable = true; 11 | baseIndex = 1; 12 | historyLimit = 9999999; 13 | mouse = true; 14 | newSession = true; 15 | terminal = "xterm-256color"; 16 | clock24 = true; 17 | extraConfig = '' 18 | set -s copy-command 'wl-copy' 19 | ''; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /modules/home/caem/misc/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/caem/misc/fastfetch.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | home.packages = with pkgs; [ 5 | fastfetch 6 | ]; 7 | 8 | programs.fastfetch = { 9 | enable = true; 10 | settings = { 11 | modules = [ 12 | "title" 13 | "separator" 14 | "os" 15 | "kernel" 16 | "initsystem" 17 | "uptime" 18 | "datetime" 19 | "packages" 20 | "terminal" 21 | "wm" 22 | "shell" 23 | "cpu" 24 | "gpu" 25 | "memory" 26 | "break" 27 | "colors" 28 | ]; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /modules/home/caem/multimedia/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/caem/multimedia/games/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/caem/multimedia/web/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/caem/multimedia/web/firefox.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/caem/packages.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./development 6 | ./core 7 | ./desktop/gnome 8 | ./multimedia 9 | ./misc 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /modules/nixos/communication/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | environment.systemPackages = with pkgs; [ 5 | tutanota-desktop 6 | signal-desktop 7 | element-desktop 8 | vesktop 9 | ]; 10 | 11 | environment.persistence."/nix/persist" = { 12 | users."${username}" = { 13 | directories = [ 14 | ".config/Signal" 15 | ".config/vesktop" 16 | ".config/tutanota-desktop" 17 | ".config/tuta_integration" 18 | ".config/Element" 19 | ]; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/nixos/core/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | 7 | -------------------------------------------------------------------------------- /modules/nixos/core/fonts.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | fonts = { 5 | packages = with pkgs; [ 6 | unstable.nerd-fonts.go-mono 7 | ipafont 8 | noto-fonts-emoji 9 | cantarell-fonts 10 | newcomputermodern 11 | ]; 12 | 13 | fontconfig = { 14 | enable = true; 15 | cache32Bit = true; 16 | subpixel.rgba = "rgb"; 17 | defaultFonts = { 18 | monospace = [ "Go Mono Nerd Font" ]; 19 | }; 20 | }; 21 | }; 22 | } 23 | 24 | -------------------------------------------------------------------------------- /modules/nixos/core/impermanence.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | { 4 | /* Required to be able to allowOther on user persisted directories */ 5 | programs.fuse.userAllowOther = true; 6 | 7 | boot.initrd.postDeviceCommands = lib.mkAfter '' 8 | mkdir /btrfs_tmp 9 | mount "${config.fileSystems."/".device}" /btrfs_tmp 10 | if [[ -e /btrfs_tmp/root ]]; then 11 | mkdir -p /btrfs_tmp/old_roots 12 | timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") 13 | mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" 14 | fi 15 | 16 | delete_subvolume_recursively() { 17 | IFS=$'\n' 18 | for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do 19 | delete_subvolume_recursively "/btrfs_tmp/$i" 20 | done 21 | btrfs subvolume delete "$1" 22 | } 23 | 24 | for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do 25 | delete_subvolume_recursively "$i" 26 | done 27 | 28 | btrfs subvolume create /btrfs_tmp/root 29 | umount /btrfs_tmp 30 | ''; 31 | 32 | environment.persistence."/nix/persist" = { 33 | hideMounts = true; 34 | directories = [ 35 | "/var/log" 36 | "/var/lib/nixos" 37 | ]; 38 | files = [ 39 | "/etc/machine-id" 40 | ]; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /modules/nixos/core/nix.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, inputs, cfgPath, ... }: 2 | 3 | let 4 | importOverlays = builtins.map 5 | (overlay: import overlay { 6 | inherit cfgPath lib inputs; 7 | }) 8 | (builtins.filter 9 | (file: builtins.match ".*\.nix" (builtins.toString file) != null) 10 | (lib.filesystem.listFilesRecursive "${cfgPath}/overlays")); 11 | in { 12 | nix = { 13 | settings = { 14 | auto-optimise-store = true; 15 | use-xdg-base-directories = true; 16 | trusted-users = [ "@wheel" ]; 17 | allowed-users = [ "@wheel" ]; 18 | }; 19 | extraOptions = '' 20 | experimental-features = nix-command flakes 21 | ''; 22 | }; 23 | nixpkgs = { 24 | config = { 25 | allowUnfree = true; 26 | }; 27 | hostPlatform = lib.mkDefault "x86_64-linux"; 28 | overlays = importOverlays; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/nixos/core/security.nix: -------------------------------------------------------------------------------- 1 | { username, ... }: 2 | 3 | { 4 | programs.gnupg.agent = { 5 | enable = true; 6 | enableSSHSupport = true; 7 | }; 8 | 9 | /* 10 | * Sudo is scheduled to be replaced by systemd's run0. 11 | * The blocker for this is persistent authentication support. 12 | * 13 | * https://github.com/systemd/systemd/issues/33366 14 | * https://github.com/polkit-org/polkit/issues/472 15 | */ 16 | security.sudo = { 17 | enable = true; 18 | execWheelOnly = true; 19 | extraConfig = '' 20 | Defaults lecture="never" 21 | ''; 22 | }; 23 | 24 | security.apparmor.enable = true; 25 | networking.firewall.enable = true; 26 | 27 | /* Disable the root user */ 28 | users = { 29 | users.root.hashedPassword = "!"; 30 | mutableUsers = false; 31 | }; 32 | 33 | sops.age.keyFile = "/nix/config/keys.txt"; 34 | 35 | environment.persistence."/nix/persist" = { 36 | files = [ 37 | "/root/.ssh/known_hosts" 38 | ]; 39 | users."${username}".directories = let 40 | baseAttrs = { 41 | user = "${username}"; 42 | group = "users"; 43 | mode = "u=rwx,g=,o="; 44 | }; 45 | in [ 46 | (baseAttrs // { directory = ".ssh"; }) 47 | (baseAttrs // { directory = ".local/share/gnupg"; }) 48 | (baseAttrs // { directory = ".local/share/keyrings"; }) 49 | ]; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /modules/nixos/core/systemd.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | /* https://files.catbox.moe/s5diss.mp4 */ 5 | systemd.extraConfig = '' 6 | DefaultTimeoutStopSec=5s 7 | ''; 8 | } 9 | -------------------------------------------------------------------------------- /modules/nixos/core/zsh.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | programs.zsh = { 5 | enable = true; 6 | shellInit = '' 7 | export ZDOTDIR=$HOME/.config/zsh 8 | ''; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /modules/nixos/desktop/gnome/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | services.xserver = { 5 | enable = false; 6 | displayManager.gdm.enable = true; 7 | desktopManager.gnome.enable = true; 8 | }; 9 | 10 | environment.gnome.excludePackages = with pkgs; [ 11 | orca 12 | geary 13 | gnome-disk-utility 14 | gnome-backgrounds 15 | gnome-user-docs 16 | epiphany 17 | yelp 18 | gnome-software 19 | totem 20 | snapshot 21 | simple-scan 22 | gnome-console 23 | gnome-text-editor 24 | gnome-tour 25 | gnome-bluetooth 26 | gnome-music 27 | gnome-maps 28 | gnome-contacts 29 | gnome-calendar 30 | gnome-connections 31 | gnome-system-monitor 32 | ]; 33 | 34 | environment.systemPackages = with pkgs; [ 35 | ghostty 36 | dconf-editor 37 | resources 38 | newsflash 39 | ffmpegthumbnailer 40 | ] ++ (with pkgs.gnomeExtensions; [ 41 | caffeine 42 | accent-directories 43 | just-perfection 44 | quick-settings-tweaker 45 | mpris-label 46 | weather-or-not 47 | dash-to-dock 48 | rounded-window-corners-reborn 49 | unite 50 | ]); 51 | 52 | environment.persistence."/nix/persist" = { 53 | directories = [ 54 | "/var/lib/AccountsService" 55 | ]; 56 | users."${username}" = { 57 | directories = [ 58 | ".config/dconf" 59 | ".local/share/news-flash" 60 | 61 | # Right now I don't really modify much here other than the tab group tab colour 62 | # but I might in the future want to manage these files using home-manager instead 63 | # of having them set imperatively and simply persisted. 64 | ".config/forge" 65 | ]; 66 | files = [ 67 | ".config/monitors.xml" 68 | ]; 69 | }; 70 | }; 71 | } 72 | -------------------------------------------------------------------------------- /modules/nixos/development/default.nix: -------------------------------------------------------------------------------- 1 | { username, ... }: 2 | 3 | { 4 | environment.persistence."/nix/persist" = { 5 | users."${username}".directories = [ 6 | ".local/share/emacs" 7 | ]; 8 | }; 9 | 10 | virtualisation.containers.enable = true; 11 | } 12 | -------------------------------------------------------------------------------- /modules/nixos/edv/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | environment.persistence."/nix/persist" = { 5 | users."${username}".directories = [ 6 | ".config/libreoffice" 7 | ]; 8 | }; 9 | 10 | environment.systemPackages = with pkgs; [ 11 | libreoffice-fresh 12 | hunspell 13 | hunspellDicts.de_DE 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /modules/nixos/hardware/audio/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | boot.kernelParams = [ "preempt=full" ]; 5 | security.rtkit.enable = true; 6 | services.pipewire = { 7 | enable = true; 8 | alsa = { 9 | enable = true; 10 | support32Bit = true; 11 | }; 12 | pulse.enable = true; 13 | jack.enable = true; 14 | 15 | # Reduce latency 16 | # https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup 17 | extraConfig = let 18 | rate = builtins.toString 48000; 19 | 20 | # The default value in the wiki is 32 but might result in crackling audio. 21 | # If you get audio crackling try increasing this value until it's gone. 22 | quantum = builtins.toString 128; 23 | in { 24 | pipewire."92-low-latency" = { 25 | "context.properties" = { 26 | "default.clock.rate" = "${rate}"; 27 | "default.clock.quantum" = "${quantum}"; 28 | "default.clock.min-quantum" = "${quantum}"; 29 | "default.clock.max-quantum" = "${quantum}"; 30 | }; 31 | }; 32 | 33 | pipewire-pulse."92-low-latency" = { 34 | "context.properties" = [ 35 | { 36 | name = "libpipewire-module-protocol-pulse"; 37 | args = { }; 38 | } 39 | ]; 40 | "pulse.properties" = { 41 | "pulse.min.req" = "${quantum}/${rate}"; 42 | "pulse.default.req" = "${quantum}/${rate}"; 43 | "pulse.max.req" = "${quantum}/${rate}"; 44 | "pulse.min.quantum" = "${quantum}/${rate}"; 45 | "pulse.max.quantum" = "${quantum}/${rate}"; 46 | }; 47 | "stream.properties" = { 48 | "node.latency" = "${quantum}/${rate}"; 49 | "resample.quality" = 1; 50 | }; 51 | }; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /modules/nixos/hardware/cpu/amd/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | boot = { 5 | kernelModules = [ "kvm-amd" ]; 6 | extraModprobeConfig = "options kvm_amd nested=1"; 7 | }; 8 | 9 | hardware.cpu.amd.updateMicrocode = true; 10 | hardware.firmware = with pkgs; [ linux-firmware ]; 11 | } 12 | -------------------------------------------------------------------------------- /modules/nixos/hardware/cpu/intel/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | boot = { 5 | kernelModules = [ "kvm-intel"]; 6 | }; 7 | 8 | hardware.cpu.intel.updateMicrocode = true; 9 | hardware.firmware = with pkgs; [ linux-firmware ]; 10 | } 11 | -------------------------------------------------------------------------------- /modules/nixos/hardware/gpu/graphics.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | hardware = { 4 | graphics = { 5 | enable = true; 6 | enable32Bit = true; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/nixos/hardware/gpu/nvidia/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | ../graphics.nix 6 | ]; 7 | 8 | hardware = { 9 | nvidia = { 10 | open = true; 11 | modesetting.enable = true; 12 | package = config.boot.kernelPackages.nvidiaPackages.beta; 13 | nvidiaSettings = false; 14 | powerManagement = { 15 | enable = true; 16 | }; 17 | }; 18 | }; 19 | 20 | boot.kernelParams = [ 21 | "nvidia_drm.fbdev=1" 22 | ]; 23 | 24 | services.xserver.videoDrivers = [ "nvidia" ]; 25 | 26 | environment.sessionVariables = { 27 | LIBVA_DRIVER_NAME = "nvidia"; 28 | GBM_BACKEND = "nvidia-drm"; 29 | __GLX_VENDOR_LIBRARY_NAME = "nvidia"; 30 | NVD_BACKEND = "direct"; 31 | NIXOS_OZONE_WL = 1; 32 | SDL_VIDEODRIVER = "wayland"; 33 | GDK_BACKEND = "wayland"; 34 | CLUTTER_BACKEND = "wayland"; 35 | }; 36 | 37 | nixpkgs.config.cudaSupport = true; 38 | nix = { 39 | settings = { 40 | substituters = [ 41 | "https://nix-community.cachix.org" 42 | ]; 43 | trusted-public-keys = [ 44 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 45 | ]; 46 | }; 47 | }; 48 | } 49 | 50 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/art/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | environment.persistence."/nix/persist" = { 5 | users."${username}".directories = [ 6 | ".local/share/krita" 7 | ".config/GIMP" 8 | ".config/OpenTabletDriver" 9 | ]; 10 | }; 11 | 12 | environment.systemPackages = with pkgs; [ 13 | krita 14 | gimp 15 | blender 16 | ]; 17 | 18 | hardware.opentabletdriver = { 19 | enable = true; 20 | daemon.enable = true; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/games/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, inputs, ... }: 2 | 3 | { 4 | imports = [ 5 | ./steam.nix 6 | ]; 7 | 8 | programs.gamescope.enable = true; 9 | programs.gamemode.enable = true; 10 | users.users."${username}".extraGroups = [ "gamemode" ]; 11 | 12 | nix.settings = inputs.aagl.nixConfig; 13 | programs.anime-game-launcher.enable = true; 14 | 15 | environment.systemPackages = with pkgs; [ 16 | unstable.osu-lazer-bin 17 | ]; 18 | 19 | environment.persistence."/nix/persist" = { 20 | users."${username}".directories = [ 21 | ".local/share/osu" 22 | ".local/share/anime-game-launcher" 23 | ]; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/games/steam.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | programs.steam = { 5 | enable = true; 6 | gamescopeSession.enable = true; 7 | }; 8 | 9 | environment.systemPackages = with pkgs; [ 10 | protonup-qt 11 | protontricks 12 | ]; 13 | 14 | # Sometimes a Steam game that runs natively on Linux 15 | # creates a folder somewhere in ~/.local/share or ~/.config 16 | # and in the usual case you would have to persist each game 17 | # folder individually but since we set the nix home to this 18 | # directory instead of the actual home directory, it all gets 19 | # stored in here and by persisting the entire path this becomes 20 | # a none issue. 21 | environment.persistence."/nix/persist" = { 22 | users."${username}".directories = [ 23 | ".local/share/steam_home" 24 | ]; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/music/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/music/tidal.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | environment.systemPackages = with pkgs; [ 5 | tidal-hifi 6 | ]; 7 | 8 | environment.persistence."/nix/persist" = { 9 | users."${username}".directories = [ 10 | ".config/tidal-hifi" 11 | ]; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/slop.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | environment.systemPackages = [ 5 | (pkgs.unstable.alpaca.override { 6 | ollama = pkgs.unstable.ollama-cuda; 7 | }) 8 | ]; 9 | 10 | environment.persistence."/nix/persist" = { 11 | users."${username}".directories = [ 12 | ".config/com.jeffser.Alpaca" 13 | ".local/share/com.jeffser.Alpaca" 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/video/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, username, ... }: 2 | 3 | { 4 | environment.persistence."/nix/persist" = { 5 | users."${username}".directories = [ 6 | ]; 7 | }; 8 | 9 | environment.systemPackages = with pkgs; [ 10 | mpv 11 | handbrake 12 | parabolic 13 | ]; 14 | } 15 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/web/default.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, username, ... }: 2 | 3 | { 4 | imports = lib.getModuleImports ./.; 5 | environment = { 6 | persistence."/nix/persist".users."${username}".directories = [ 7 | ".config/chromium" 8 | ]; 9 | systemPackages = with pkgs; [ 10 | unstable.cromite 11 | ]; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/web/filesharing.nix: -------------------------------------------------------------------------------- 1 | { username, ... }: 2 | 3 | { 4 | environment.persistence."/nix/persist" = { 5 | users."${username}".directories = [ 6 | ".local/share/org.localsend.localsend_app" 7 | ]; 8 | }; 9 | 10 | programs.localsend = { 11 | enable = true; 12 | openFirewall = true; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/web/firefox/default.nix: -------------------------------------------------------------------------------- 1 | { username, pkgs, ... }: 2 | 3 | { 4 | environment.systemPackages = with pkgs; [ 5 | tor-browser 6 | firefox-esr 7 | (pkgs.makeDesktopItem { 8 | name = "org.mozilla.firefox-esr"; 9 | desktopName = "Firefox ESR"; 10 | exec = "firefox-esr %U"; 11 | icon = "firefox-esr"; 12 | comment = "Browse the Web"; 13 | categories = [ "Network" "WebBrowser" ]; 14 | startupNotify = true; 15 | mimeTypes = [ 16 | "text/html" 17 | "text/xml" 18 | "application/xhtml+xml" 19 | "application/vnd.mozilla.xul+xml" 20 | "x-scheme-handler/http" 21 | "x-scheme-handler/https" 22 | "x-scheme-handler/ftp" 23 | ]; 24 | }) 25 | ]; 26 | 27 | environment.persistence."/nix/persist" = { 28 | users."${username}".directories = [ 29 | ".config/mozilla" 30 | ]; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/web/firefox/policies.nix: -------------------------------------------------------------------------------- 1 | { 2 | EnableTrackingProtection = { 3 | Value = true; 4 | Cryptomining = true; 5 | Fingerprinting = true; 6 | EmailTracking = true; 7 | Level = "strict"; 8 | }; 9 | 10 | DisableTelemetry = true; 11 | DisablePocket = true; 12 | DisableFirefoxStudies = true; 13 | DisableFirefoxAccounts = false; 14 | DisableAccounts = false; 15 | DontCheckDefaultBrowser = true; 16 | OverrideFirstRunPage = ""; 17 | OverridePostUpdatePage = ""; 18 | NoDefaultBookmarks = true; 19 | Cookies = { 20 | Behaviour = "reject-foreign"; 21 | BehaviourPrivateBrowsing = "reject-foreign"; 22 | }; 23 | 24 | UserMessaging = { 25 | WhatsNew = false; 26 | ExtensionRecommendations = false; 27 | FeatureRecommendations = false; 28 | UrlbarInterventions = false; 29 | UrlbarTopSitesEnabled = false; 30 | SkipOnboarding = true; 31 | MoreFromMozilla = false; 32 | }; 33 | 34 | FirefoxHome = { 35 | Search = false; 36 | TopSites = false; 37 | SponsoredTopSites = false; 38 | Highlights = false; 39 | Pocket = false; 40 | SponsoredPocket = false; 41 | Snippets = false; 42 | Locked = true; 43 | }; 44 | 45 | SearchSuggestEnabled = false; 46 | NewTabPage = false; 47 | 48 | SearchEngines = { # ESR only 49 | Default = "Kagi"; 50 | PreventInstalls = true; 51 | DisableSearchEngineUpdate = true; 52 | Remove = ["Google" "Bing" "Amazon.com" "DuckDuckGo" 53 | "eBay" "Twitter" "Wikipedia (en)"]; 54 | Add = [ 55 | { 56 | Name = "Kagi"; 57 | URLTemplate = "https://kagi.com/search?q={searchTerms}"; 58 | Method = "GET"; 59 | IconURL = "https://kagi.com/favicon.ico"; 60 | Alias = "@k"; 61 | Default = true; 62 | } 63 | ]; 64 | }; 65 | 66 | FirefoxSuggest = { 67 | WebSuggestions = false; 68 | SponsoredSuggestions = false; 69 | ImproveSuggest = false; 70 | Locked = true; 71 | }; 72 | } 73 | -------------------------------------------------------------------------------- /modules/nixos/multimedia/web/firefox/preferences.nix: -------------------------------------------------------------------------------- 1 | let 2 | prefToString = value: 3 | if builtins.isBool value then 4 | if value then "true" else "false" 5 | else if (builtins.isInt value) || (builtins.isNull value) then 6 | builtins.toString value 7 | else if builtins.isString value then 8 | ''"${value}"'' 9 | else 10 | builtins.throw 11 | "Pref expected one of (Bool, String, Int, Null) got instead ${builtins.typeOf value}"; 12 | 13 | mkPrefs = prefs: builtins.concatStringsSep 14 | "\n" 15 | (builtins.attrValues 16 | (builtins.mapAttrs 17 | (n: v: ''pref("${n}", ${prefToString v});'') prefs)); 18 | in 19 | mkPrefs { 20 | "browser.urlbar.suggest.topsites" = false; 21 | "browser.startup.homepage" = "about:blank"; 22 | "browser.download.useDownloadDir" = false; 23 | "general.autoScroll" = true; 24 | } 25 | -------------------------------------------------------------------------------- /modules/nixos/user/caem.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, inputs, ... }: 2 | 3 | { 4 | sops.secrets.upasswd = { 5 | neededForUsers = true; 6 | sopsFile = inputs.secrets.paths.upasswd; 7 | }; 8 | 9 | environment.persistence."/nix/persist" = { 10 | users.caem = { 11 | directories = [ 12 | "documents" 13 | "download" 14 | "music" 15 | "images" 16 | "videos" 17 | "programming" 18 | ]; 19 | }; 20 | }; 21 | 22 | users.users.caem = { 23 | isNormalUser = true; 24 | shell = pkgs.zsh; 25 | hashedPasswordFile = config.sops.secrets.upasswd.path; 26 | extraGroups = [ 27 | "wheel" 28 | ]; 29 | }; 30 | 31 | home-manager.users.caem = import ../../home/caem; 32 | } 33 | -------------------------------------------------------------------------------- /overlays/nixpak/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, lib, ... }: final: prev: { 2 | mkNixPak = let 3 | pkgs = prev; 4 | in inputs.nixpak.lib.nixpak { 5 | inherit (pkgs) lib; 6 | inherit pkgs; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /overlays/nixpak/firefox-esr.nix: -------------------------------------------------------------------------------- 1 | # NOTE: This overlay package is not compatible with the `programs.firefox` module 2 | # for both NixOS and home-manager. If you want to modify the configuration of 3 | # Firefox, you have to do it through modifying the overrides for the intermediary 4 | # package below. This configuration already sets sane defaults so it shouldn't be needed 5 | # but it is there in case you want it. 6 | 7 | # Shamelessly stolen most parts from here: 8 | # https://github.com/ryan4yin/nix-config/blob/7deed26cc5a3af2072b8c89a688f265607babc80/hardening/nixpaks/firefox.nix 9 | # https://github.com/schizofox/schizofox/blob/cdf69b2a445ff12680657a3bd44ce7c406bf2ae6/flake/modules/home-manager/default.nix 10 | 11 | { cfgPath, ... }: final: prev: { 12 | firefox-esr = let 13 | intermediary-firefox-esr = let 14 | policiesFile = "${cfgPath}/modules/nixos/multimedia/web/firefox/policies.nix"; 15 | prefsFile = "${cfgPath}/modules/nixos/multimedia/web/firefox/preferences.nix"; 16 | in prev.firefox-esr.override { 17 | extraPolicies = import policiesFile; 18 | extraPrefs = import prefsFile; 19 | }; 20 | 21 | sandboxed-firefox-esr = prev.mkNixPak { 22 | config = { sloth, ... }: { 23 | app.package = intermediary-firefox-esr; 24 | app.binPath = "bin/firefox-esr"; 25 | flatpak.appId = "org.mozilla.firefox-esr"; 26 | 27 | dbus.policies = { 28 | "org.a11y.Bus" = "talk"; 29 | "org.gnome.SessionManager" = "talk"; 30 | "org.freedesktop.ScreenSaver" = "talk"; 31 | "org.gtk.vfs.*" = "talk"; 32 | "org.gtk.vfs" = "talk"; 33 | "org.freedesktop.Notifications" = "talk"; 34 | "org.freedesktop.portal.FileChooser" = "talk"; 35 | "org.freedesktop.portal.Settings" = "talk"; 36 | "org.mpris.MediaPlayer2.firefox.*" = "own"; 37 | "org.mozilla.firefox.*" = "own"; 38 | "org.mozilla.firefox_beta.*" = "own"; 39 | "org.freedesktop.DBus" = "talk"; 40 | "org.freedesktop.DBus.*" = "talk"; 41 | "ca.desrt.dconf" = "talk"; 42 | "org.freedesktop.portal.*" = "talk"; 43 | "org.freedesktop.NetworkManager" = "talk"; 44 | "org.freedesktop.FileManager1" = "talk"; 45 | }; 46 | 47 | gpu.enable = true; 48 | gpu.provider = "bundle"; 49 | fonts.enable = true; 50 | locale.enable = true; 51 | etc.sslCertificates.enable = true; 52 | 53 | bubblewrap = let 54 | envSuffix = envKey: sloth.concat' (sloth.env envKey); 55 | in { 56 | bind.dev = [ "/dev/shm" ]; 57 | tmpfs = [ "/tmp" ]; 58 | 59 | bind.rw = [ 60 | (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus") 61 | (envSuffix "XDG_RUNTIME_DIR" "/gvfsd") 62 | (envSuffix "XDG_RUNTIME_DIR" "/pulse") 63 | (envSuffix "XDG_RUNTIME_DIR" "/doc") 64 | (envSuffix "XDG_RUNTIME_DIR" "/dconf") 65 | 66 | [(sloth.mkdir (sloth.concat' sloth.xdgConfigHome "/mozilla")) (sloth.concat' sloth.homeDir "/.mozilla")] 67 | ]; 68 | 69 | bind.ro = [ 70 | "/sys/bus/pci" 71 | "/etc/resolv.conf" 72 | "/etc/localtime" 73 | "/etc/fonts" 74 | ["${intermediary-firefox-esr}/lib/firefox" "/app/etc/firefox"] 75 | (sloth.concat' sloth.xdgConfigHome "/dconf") 76 | (sloth.concat' sloth.xdgConfigHome "/gtk-2.0") 77 | (sloth.concat' sloth.xdgConfigHome "/gtk-3.0") 78 | (sloth.concat' sloth.xdgConfigHome "/gtk-4.0") 79 | (sloth.concat' sloth.xdgConfigHome "/dconf") 80 | "/run/current-system/sw/share/icons" 81 | "/run/current-system/sw/share/themes" 82 | ]; 83 | 84 | sockets = { 85 | x11 = false; 86 | wayland = true; 87 | pipewire = true; 88 | }; 89 | }; 90 | }; 91 | }; 92 | in 93 | sandboxed-firefox-esr.config.env; 94 | } 95 | -------------------------------------------------------------------------------- /overlays/nixpak/tor-browser.nix: -------------------------------------------------------------------------------- 1 | # Refer to firefox.nix in the same directory for more information and a 2 | # better version of this. This is barebones on purpose. 3 | 4 | # TODO: Fix file permissions. Right now it for some reason can't download anywhere. 5 | 6 | { ... }: final: prev: { 7 | tor-browser = let 8 | sandboxed-tor-browser = prev.mkNixPak { 9 | config = { sloth, ... }: { 10 | app.package = prev.tor-browser; 11 | app.binPath = "bin/tor-browser"; 12 | flatpak.appId = "org.torproject.tor-browser"; 13 | 14 | dbus.policies = { 15 | "org.a11y.Bus" = "talk"; 16 | "org.gnome.SessionManager" = "talk"; 17 | "org.freedesktop.ScreenSaver" = "talk"; 18 | "org.gtk.vfs.*" = "talk"; 19 | "org.gtk.vfs" = "talk"; 20 | "org.freedesktop.Notifications" = "talk"; 21 | "org.freedesktop.portal.FileChooser" = "talk"; 22 | "org.freedesktop.portal.Settings" = "talk"; 23 | "org.torproject.tor-browser.*" = "own"; 24 | "org.freedesktop.DBus" = "talk"; 25 | "org.freedesktop.DBus.*" = "talk"; 26 | "org.freedesktop.portal.*" = "talk"; 27 | "org.freedesktop.NetworkManager" = "talk"; 28 | "org.freedesktop.FileManager1" = "talk"; 29 | }; 30 | 31 | gpu.enable = true; 32 | gpu.provider = "bundle"; 33 | 34 | bubblewrap = let 35 | envSuffix = envKey: sloth.concat' (sloth.env envKey); 36 | in { 37 | bind.dev = [ "/dev/shm" ]; 38 | 39 | bind.rw = [ 40 | (envSuffix "XDG_RUNTIME_DIR" "/gvfsd") 41 | [(sloth.mkdir "/tmp/tor-browser") (sloth.concat' sloth.homeDir "/.tor project")] 42 | ]; 43 | 44 | bind.ro = [ 45 | "/sys/bus/pci" 46 | ["${prev.tor-browser}/lib/firefox" "/app/etc/firefox"] 47 | ]; 48 | 49 | sockets = { 50 | x11 = false; 51 | wayland = true; 52 | pipewire = true; 53 | }; 54 | }; 55 | }; 56 | }; 57 | in 58 | sandboxed-tor-browser.config.env; 59 | } 60 | -------------------------------------------------------------------------------- /overlays/nixpkgs/unstable.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: final: prev: { 2 | unstable = import inputs.nixpkgs-unstable { 3 | inherit (prev) system config overlays; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /overlays/steam.nix: -------------------------------------------------------------------------------- 1 | { ... }: final: prev: { 2 | steam = prev.steam.override { 3 | extraBwrapArgs = [ 4 | "--bind $HOME/.local/share/steam_home $HOME" 5 | "--bind $HOME/mounts $HOME/mounts" 6 | "--unsetenv XDG_CACHE_HOME" 7 | "--unsetenv XDG_CONFIG_HOME" 8 | "--unsetenv XDG_DATA_HOME" 9 | "--unsetenv XDG_STATE_HOME" 10 | ]; 11 | }; 12 | } 13 | 14 | --------------------------------------------------------------------------------