├── .editorconfig ├── .envrc ├── .github ├── dependabot.yml └── workflows │ ├── auto-upgrade-flakes.yaml │ └── flake-check.yaml ├── .gitignore ├── README.md ├── _to_migrate ├── hosts │ ├── ec2 │ │ └── system │ │ │ ├── configuration.nix │ │ │ ├── hardware.nix │ │ │ └── modules.nix │ ├── elitebook820 │ │ ├── home │ │ │ └── default.nix │ │ └── system │ │ │ ├── configuration.nix │ │ │ ├── hardware-configuration.nix │ │ │ └── modules.nix │ ├── imac │ │ ├── home │ │ │ └── default.nix │ │ └── system │ │ │ ├── configuration.nix │ │ │ ├── hardware-configuration.nix │ │ │ └── modules.nix │ ├── lw196205087 │ │ ├── activation.nix │ │ ├── configuration.nix │ │ ├── default.nix │ │ ├── home.nix │ │ └── packages.nix │ ├── minimac │ │ ├── home │ │ │ └── default.nix │ │ └── system │ │ │ ├── configuration.nix │ │ │ ├── hardware-configuration.nix │ │ │ └── modules.nix │ └── router │ │ ├── home │ │ └── home.nix │ │ └── system │ │ ├── caddy.nix │ │ ├── configuration.nix │ │ ├── grafana.old │ │ ├── modules.nix │ │ ├── pi-hole.nix │ │ ├── prometheus.old │ │ └── promtail.old └── imports │ └── checks.nix ├── files └── home │ └── pol │ ├── .face │ ├── Code │ └── .directory │ └── Pictures │ └── Backgrounds │ ├── Starry Nebula 219.png │ ├── nix-snowflake-wallpaper.svg │ └── nix-snowflake.svg ├── flake.lock ├── flake.nix ├── modules ├── ai │ ├── docling-serve.nix │ ├── litellm │ │ └── default.nix │ ├── ollama.nix │ ├── open-webui.nix │ ├── searx.nix │ └── tika │ │ ├── default.nix │ │ └── tika-config.xml ├── base │ ├── accessibility │ │ └── default.nix │ ├── admin │ │ └── nh.nix │ ├── boot │ │ ├── default.nix │ │ └── kernel.nix │ ├── command-not-found.nix │ ├── console │ │ └── console.nix │ ├── documentation.nix │ ├── editors │ │ └── micro.nix │ ├── home.nix │ ├── i18n.nix │ ├── network │ │ └── default.nix │ ├── nix.nix │ ├── passwords-mgmt │ │ └── password-store.nix │ ├── power-mgmt │ │ └── default.nix │ ├── security │ │ ├── rtkit.nix │ │ └── sudo-rs.nix │ ├── services.nix │ ├── system.nix │ ├── system │ │ ├── auto-upgrade │ │ │ └── default.nix │ │ └── default.nix │ ├── time │ │ └── default.nix │ └── xdg.nix ├── bluetooth │ └── default.nix ├── deploy-rs │ └── default.nix ├── desktop │ ├── environment │ │ ├── default.nix │ │ └── kdeplasma.nix │ ├── fonts │ │ └── fonts.nix │ └── web-browsers │ │ └── firefox.nix ├── dev │ ├── editors │ │ ├── vscode.nix │ │ └── zeditor.nix │ ├── git │ │ ├── gh-dash.nix │ │ ├── gh.nix │ │ ├── git.nix │ │ ├── gpg.nix │ │ ├── jujutsu.nix │ │ ├── lazygit.nix │ │ └── mergiraf.nix │ ├── languages │ │ └── nix.nix │ └── xdg.nix ├── email │ └── default.nix ├── facter │ └── facter.nix ├── flake-parts │ ├── flake-parts.nix │ ├── flake.nix │ ├── fmt.nix │ ├── git-hooks.nix │ ├── host-machines.nix │ ├── nixpkgs.nix │ └── unfree-packages.nix ├── fwupd │ └── default.nix ├── games │ └── enemy-territory.nix ├── guacamole │ ├── guacamole.nix │ └── user-mapping.xml ├── hosts │ ├── nixos │ │ ├── boot.nix │ │ ├── default.nix │ │ ├── facter.json │ │ ├── facter.nix │ │ ├── fileSystems.nix │ │ └── networking.nix │ ├── x13 │ │ ├── boot.nix │ │ ├── default.nix │ │ ├── facter.json │ │ ├── facter.nix │ │ ├── fileSystems.nix │ │ ├── hardware.nix │ │ ├── programs.nix │ │ ├── services.nix │ │ └── virtualisation.nix │ ├── x260 │ │ ├── boot.nix │ │ ├── default.nix │ │ ├── facter.json │ │ ├── facter.nix │ │ ├── fileSystems.nix │ │ └── services.nix │ ├── x280 │ │ ├── boot.nix │ │ ├── default.nix │ │ ├── facter.json │ │ ├── facter.nix │ │ ├── fileSystems.nix │ │ └── services.nix │ └── xeonixos │ │ ├── boot.nix │ │ ├── default.nix │ │ ├── facter.json │ │ ├── facter.nix │ │ ├── fileSystems.nix │ │ └── nvidia.nix ├── messaging │ └── default.nix ├── openssh │ └── default.nix ├── shell │ ├── bat.nix │ ├── bottom.nix │ ├── direnv.nix │ ├── eza.nix │ ├── fish.nix │ ├── fzf.nix │ ├── ghostty.nix │ ├── htop.nix │ ├── nix-your-shell.nix │ ├── ripgrep.nix │ ├── starship.nix │ └── zoxide.nix ├── sound │ └── default.nix ├── systems │ └── default.nix ├── users │ ├── pol │ │ └── default.nix │ └── root │ │ └── default.nix ├── virtualisation │ └── default.nix ├── vpn │ └── default.nix └── work │ ├── aws.nix │ └── displaylink.nix └── pkgs └── by-name ├── chromium-discord ├── discord-icon.svg └── package.nix ├── chromium-element ├── Element_logo.svg └── package.nix ├── chromium-meet ├── Google_Meet_icon.svg └── package.nix ├── chromium-protonmail ├── package.nix └── proton-mail-seeklogo.svg ├── chromium-teams ├── Microsoft_Office_Teams.svg └── package.nix ├── chromium-telegram └── package.nix └── gh-flake-update ├── package.nix └── src ├── bashly.yml ├── lib ├── attr_to_slug.sh ├── cleanup.sh ├── generate_pr_body.sh └── validations │ └── validate_is_attribute.sh └── root_command.sh /.editorconfig: -------------------------------------------------------------------------------- 1 | # This file is for unifying the coding style for different editors and IDEs 2 | # editorconfig.org 3 | 4 | root = true 5 | 6 | [*] 7 | charset = utf-8 8 | end_of_line = lf 9 | indent_size = 2 10 | indent_style = space 11 | max_line_length = 120 12 | trim_trailing_whitespace = true 13 | 14 | [**.{md,rst}] 15 | indent_size = 2 16 | max_line_length = 80 17 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: "/" 5 | schedule: 6 | interval: monthly 7 | open-pull-requests-limit: 10 8 | -------------------------------------------------------------------------------- /.github/workflows/auto-upgrade-flakes.yaml: -------------------------------------------------------------------------------- 1 | name: "Auto update flake lock file" 2 | on: 3 | workflow_dispatch: 4 | schedule: 5 | - cron: "0 12 * * 0" 6 | jobs: 7 | update-flake-lock: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Check out repository code 11 | uses: actions/checkout@v4 12 | - uses: cachix/install-nix-action@v31 13 | - name: Configure Git 14 | run: | 15 | git config --local user.email "action@github.com" 16 | git config --local user.name "GitHub Action" 17 | - name: Run script 18 | env: 19 | GH_TOKEN: ${{ github.token }} 20 | run: | 21 | nix run .#gh-flake-update -- \ 22 | --assignee drupol \ 23 | --reviewer drupol \ 24 | nixosConfigurations.x13.config.system.build.toplevel \ 25 | nixosConfigurations.xeonixos.config.system.build.toplevel 26 | -------------------------------------------------------------------------------- /.github/workflows/flake-check.yaml: -------------------------------------------------------------------------------- 1 | name: "Nix flake check" 2 | on: 3 | workflow_call: 4 | pull_request: 5 | push: 6 | jobs: 7 | tests: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v4 11 | - uses: cachix/install-nix-action@v31 12 | with: 13 | nix_path: nixpkgs=channel:nixos-unstable 14 | - run: nix flake check --accept-flake-config 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.direnv/ 2 | /private.pem 3 | .pre-commit-config.yaml 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![GitHub Workflow Status][github workflow status]][2] 2 | ![GitHub stars][github stars] 3 | ![License][mit] 4 | [![Donate!][donate github]][5] 5 | 6 | # Nix (dotfiles) configurations 7 | 8 | This repository contains the configuration of my local network at home. 9 | 10 | ## Upgrade manually 11 | 12 | ```shell 13 | sudo nixos-rebuild switch --upgrade-all --flake github:drupol/nixos-x260 -v --refresh 14 | ``` 15 | 16 | [github stars]: https://img.shields.io/github/stars/drupol/nixos-x260.svg?style=flat-square 17 | [github workflow status]: https://img.shields.io/github/actions/workflow/status/drupol/nixos-x260/check.yaml?branch=master&style=flat-square 18 | [license]: https://img.shields.io/packagist/l/drupol/nixos-x260.svg?style=flat-square 19 | [donate github]: https://img.shields.io/badge/Sponsor-Github-brightgreen.svg?style=flat-square 20 | [2]: https://github.com/drupol/nixos-x260/actions 21 | [mit]: https://img.shields.io/badge/License-MIT-green?style=flat-square 22 | [5]: https://github.com/sponsors/drupol 23 | -------------------------------------------------------------------------------- /_to_migrate/hosts/ec2/system/configuration.nix: -------------------------------------------------------------------------------- 1 | { lib, modulesPath, ... }: 2 | { 3 | imports = [ 4 | "${modulesPath}/virtualisation/amazon-image.nix" 5 | ./hardware.nix 6 | ]; 7 | 8 | # Use the GRUB 2 boot loader. 9 | # boot.loader.grub.enable = true; 10 | # boot.loader.grub.version = 2; 11 | # boot.loader.systemd-boot.enable = true; 12 | # boot.loader.grub.useOSProber = true; 13 | # boot.loader.efi.canTouchEfiVariables = true; 14 | # boot.loader.grub.efiSupport = true; 15 | # boot.loader.grub.efiInstallAsRemovable = true; 16 | # boot.loader.efi.efiSysMountPoint = "/boot/efi"; 17 | # Define on which hard drive you want to install Grub. 18 | # boot.loader.grub.device = "nodev"; # or "nodev" for efi only 19 | 20 | networking.hostName = "ec2"; # Define your hostname. 21 | networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant. 22 | 23 | # The global useDHCP flag is deprecated, therefore explicitly set to false here. 24 | # Per-interface useDHCP will be mandatory in the future, so this generated config 25 | # replicates the default behaviour. 26 | networking.useDHCP = false; 27 | # networking.interfaces.eno1.useDHCP = true; 28 | networking.interfaces.eth0.useDHCP = true; 29 | 30 | # services.acpid.enable = true; 31 | 32 | # Configure network proxy if necessary 33 | # networking.proxy.default = "http://user:password@proxy:port/"; 34 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 35 | 36 | # Select internationalisation properties. 37 | # i18n.defaultLocale = "en_BE.UTF-8"; 38 | # console = { 39 | # font = "Lat2-Terminus16"; 40 | # keyMap = "us"; 41 | # }; 42 | 43 | services.udisks2.enable = lib.mkForce false; 44 | 45 | # Configure keymap in X11 46 | services.xserver.xkb.layout = "gb"; 47 | services.xserver.xkb.options = "eurosign:e"; 48 | 49 | # Enable CUPS to print documents. 50 | # services.printing.enable = true; 51 | 52 | # Enable sound. 53 | #sound.enable = true; 54 | #hardware.pulseaudio.enable = true; 55 | #hardware.pulseaudio.support32Bit = true; 56 | #hardware.pulseaudio.package = pkgs.pulseaudioFull; 57 | 58 | security.rtkit.enable = true; 59 | 60 | # boot.extraModprobeConfig = '' 61 | # options snd_hda_intel enable=0,1 62 | # ''; 63 | 64 | # Enable touchpad support (enabled default in most desktopManager). 65 | # services.xserver.libinput.enable = true; 66 | 67 | security.sudo.wheelNeedsPassword = false; # Use 'sudo' without a password 68 | services.openssh.settings.PasswordAuthentication = false; 69 | 70 | powerManagement.enable = true; 71 | 72 | programs = { }; 73 | 74 | # Some programs need SUID wrappers, can be configured further or are 75 | # started in user sessions. 76 | # programs.mtr.enable = true; 77 | 78 | # List services that you want to enable: 79 | # services.cron = { 80 | # enable = false; 81 | # systemCronJobs = [ 82 | # "0 * * * * root nix-channel --update" 83 | # ]; 84 | # }; 85 | # Enable the OpenSSH daemon. 86 | # services.openssh.enable = false; 87 | 88 | # networking.firewall.allowedTCPPorts = [ 3389 ]; 89 | # networking.firewall.checkReversePath = false; 90 | # Open ports in the firewall. 91 | # networking.firewall.allowedTCPPorts = [ ... ]; 92 | # networking.firewall.allowedUDPPorts = [ ... ]; 93 | # Or disable the firewall altogether. 94 | # networking.firewall.enable = false; 95 | 96 | # This value determines the NixOS release from which the default 97 | # settings for stateful data, like file locations and database versions 98 | # on your system were taken. It‘s perfectly fine and recommended to leave 99 | # this value at the release version of the first install of this system. 100 | # Before changing this value read the documentation for this option 101 | # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 102 | system.stateVersion = "21.11"; # Did you read the comment? 103 | 104 | # Limit the systemd journal to 100 MB of disk or the 105 | # last 7 days of logs, whichever happens first. 106 | services.journald.extraConfig = '' 107 | SystemMaxUse=100M 108 | MaxFileSec=3day 109 | ''; 110 | 111 | # system.copySystemConfiguration = true; 112 | 113 | services.fwupd.enable = true; 114 | 115 | virtualisation.docker.enable = true; 116 | 117 | hardware.bluetooth.enable = true; 118 | # networking.resolvconf.dnsExtensionMechanism = false; 119 | } 120 | -------------------------------------------------------------------------------- /_to_migrate/hosts/ec2/system/hardware.nix: -------------------------------------------------------------------------------- 1 | { modulesPath, ... }: 2 | { 3 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 4 | 5 | fileSystems."/" = { 6 | device = "/dev/disk/by-label/nixos"; 7 | fsType = "ext4"; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /_to_migrate/hosts/ec2/system/modules.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | desktop.enable = true; 4 | sshd.enable = true; 5 | } 6 | -------------------------------------------------------------------------------- /_to_migrate/hosts/elitebook820/home/default.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | shell.enable = true; 4 | thunderbird.enable = true; 5 | firefox.enable = true; 6 | desktop.enable = true; 7 | } 8 | -------------------------------------------------------------------------------- /_to_migrate/hosts/elitebook820/system/configuration.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | # Use the GRUB 2 boot loader. 4 | # boot.loader.grub.enable = true; 5 | # boot.loader.grub.version = 2; 6 | boot.loader.systemd-boot.enable = true; 7 | # boot.loader.grub.useOSProber = true; 8 | boot.loader.efi.canTouchEfiVariables = true; 9 | # boot.loader.grub.efiSupport = true; 10 | # boot.loader.grub.efiInstallAsRemovable = true; 11 | # boot.loader.efi.efiSysMountPoint = "/boot/efi"; 12 | # Define on which hard drive you want to install Grub. 13 | # boot.loader.grub.device = "nodev"; # or "nodev" for efi only 14 | 15 | # services.acpid.enable = true; 16 | 17 | # Configure network proxy if necessary 18 | # networking.proxy.default = "http://user:password@proxy:port/"; 19 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 20 | 21 | # Select internationalisation properties. 22 | # i18n.defaultLocale = "en_BE.UTF-8"; 23 | # console = { 24 | # font = "Lat2-Terminus16"; 25 | # keyMap = "us"; 26 | # }; 27 | console.useXkbConfig = true; 28 | 29 | services = { 30 | pipewire = { 31 | enable = true; 32 | alsa.enable = true; 33 | alsa.support32Bit = true; 34 | pulse.enable = true; 35 | }; 36 | xserver = { 37 | enable = true; 38 | xkb = { 39 | layout = "be"; 40 | options = "eurosign:e"; 41 | }; 42 | }; 43 | }; 44 | 45 | # Enable CUPS to print documents. 46 | # services.printing.enable = true; 47 | 48 | security.rtkit.enable = true; 49 | 50 | security.sudo.wheelNeedsPassword = false; # Use 'sudo' without a password 51 | 52 | powerManagement.enable = true; 53 | 54 | # List services that you want to enable: 55 | # services.cron = { 56 | # enable = false; 57 | # systemCronJobs = [ 58 | # "0 * * * * root nix-channel --update" 59 | # ]; 60 | # }; 61 | 62 | networking = { 63 | hostName = "elitebook820"; 64 | networkmanager = { 65 | enable = true; 66 | }; 67 | useDHCP = false; 68 | }; 69 | 70 | # This value determines the NixOS release from which the default 71 | # settings for stateful data, like file locations and database versions 72 | # on your system were taken. It‘s perfectly fine and recommended to leave 73 | # this value at the release version of the first install of this system. 74 | # Before changing this value read the documentation for this option 75 | # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 76 | system.stateVersion = "21.11"; # Did you read the comment? 77 | 78 | virtualisation.docker.enable = false; 79 | 80 | hardware.bluetooth.enable = true; 81 | } 82 | -------------------------------------------------------------------------------- /_to_migrate/hosts/elitebook820/system/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | modulesPath, 5 | ... 6 | }: 7 | { 8 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 9 | 10 | boot.initrd.availableKernelModules = [ 11 | "xhci_pci" 12 | "ehci_pci" 13 | "ahci" 14 | "usb_storage" 15 | "sd_mod" 16 | "rtsx_pci_sdmmc" 17 | ]; 18 | boot.initrd.kernelModules = [ ]; 19 | boot.kernelModules = [ "kvm-intel" ]; 20 | boot.extraModulePackages = [ ]; 21 | 22 | fileSystems."/" = { 23 | device = "/dev/disk/by-uuid/0831c17a-27d6-42b8-a61b-f52cfb02f051"; 24 | fsType = "ext4"; 25 | }; 26 | 27 | fileSystems."/boot" = { 28 | device = "/dev/disk/by-uuid/5185-45FD"; 29 | fsType = "vfat"; 30 | }; 31 | 32 | swapDevices = [ { device = "/dev/disk/by-uuid/066ce479-3611-42e7-9117-f1ef77668010"; } ]; 33 | 34 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 35 | } 36 | -------------------------------------------------------------------------------- /_to_migrate/hosts/elitebook820/system/modules.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | vpn.enable = true; 4 | sshd.enable = true; 5 | } 6 | -------------------------------------------------------------------------------- /_to_migrate/hosts/imac/home/default.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | code.enable = true; 4 | desktop.enable = true; 5 | firefox.enable = true; 6 | shell.enable = true; 7 | thunderbird.enable = true; 8 | git.enable = true; 9 | games.enable = true; 10 | messaging.enable = true; 11 | } 12 | -------------------------------------------------------------------------------- /_to_migrate/hosts/imac/system/configuration.nix: -------------------------------------------------------------------------------- 1 | # Edit this configuration file to define what should be installed on 2 | # your system. Help is available in the configuration.nix(5) man page 3 | # and in the NixOS manual (accessible by running ‘nixos-help’). 4 | 5 | { config, pkgs, ... }: 6 | { 7 | imports = [ 8 | ./hardware-configuration.nix 9 | ]; 10 | 11 | # Bootloader. 12 | boot.loader.systemd-boot.enable = true; 13 | boot.loader.efi.canTouchEfiVariables = true; 14 | 15 | networking.hostName = "imac"; # Define your hostname. 16 | # networking.wireless.enable = false; # Enables wireless support via wpa_supplicant. 17 | 18 | # Configure network proxy if necessary 19 | # networking.proxy.default = "http://user:password@proxy:port/"; 20 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 21 | 22 | # Enable networking 23 | networking.networkmanager.enable = true; 24 | 25 | # Configure keymap in X11 26 | services.xserver.xkb = { 27 | layout = "be"; 28 | variant = ""; 29 | }; 30 | services.xserver.videoDrivers = [ "nvidia" ]; 31 | 32 | # Configure console keymap 33 | console.keyMap = "be-latin1"; 34 | 35 | # Enable sound with pipewire. 36 | hardware.pulseaudio.enable = false; 37 | security.rtkit.enable = true; 38 | services.pipewire = { 39 | enable = true; 40 | alsa.enable = true; 41 | alsa.support32Bit = true; 42 | pulse.enable = true; 43 | # If you want to use JACK applications, uncomment this 44 | #jack.enable = true; 45 | 46 | # use the example session manager (no others are packaged yet so this is enabled by default, 47 | # no need to redefine it in your config for now) 48 | #media-session.enable = true; 49 | }; 50 | 51 | system.stateVersion = "24.05"; # Did you read the comment? 52 | 53 | nixpkgs.config.nvidia.acceptLicense = true; 54 | nixpkgs.config.allowBroken = true; 55 | hardware.graphics.enable = true; 56 | hardware.nvidia = { 57 | 58 | # Modesetting is required. 59 | modesetting.enable = true; 60 | 61 | # Nvidia power management. Experimental, and can cause sleep/suspend to fail. 62 | # Enable this if you have graphical corruption issues or application crashes after waking 63 | # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 64 | # of just the bare essentials. 65 | powerManagement.enable = false; 66 | 67 | # Fine-grained power management. Turns off GPU when not in use. 68 | # Experimental and only works on modern Nvidia GPUs (Turing or newer). 69 | powerManagement.finegrained = false; 70 | 71 | # Use the NVidia open source kernel module (not to be confused with the 72 | # independent third-party "nouveau" open source driver). 73 | # Support is limited to the Turing and later architectures. Full list of 74 | # supported GPUs is at: 75 | # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 76 | # Only available from driver 515.43.04+ 77 | # Currently "beta quality", so false is currently the recommended setting. 78 | open = false; 79 | 80 | # Enable the Nvidia settings menu, 81 | # accessible via `nvidia-settings`. 82 | nvidiaSettings = true; 83 | 84 | # Optionally, you may need to select the appropriate driver version for your specific GPU. 85 | package = pkgs.linuxPackages_latest.nvidiaPackages.legacy_390; 86 | }; 87 | 88 | boot.extraModulePackages = [ pkgs.linuxPackages_latest.broadcom_sta ]; 89 | } 90 | -------------------------------------------------------------------------------- /_to_migrate/hosts/imac/system/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | inputs, 8 | modulesPath, 9 | ... 10 | }: 11 | { 12 | imports = [ 13 | inputs.nixos-hardware.nixosModules.apple-imac-14-2 14 | (modulesPath + "/installer/scan/not-detected.nix") 15 | ]; 16 | 17 | boot.initrd.availableKernelModules = [ 18 | "xhci_pci" 19 | "ahci" 20 | "nvme" 21 | "usb_storage" 22 | "usbhid" 23 | "sd_mod" 24 | "sdhci_pci" 25 | ]; 26 | boot.initrd.kernelModules = [ ]; 27 | boot.kernelModules = [ "kvm-intel" ]; 28 | 29 | fileSystems."/" = { 30 | device = "/dev/disk/by-uuid/7f407c85-1ca8-4d01-8e4a-73a6f607caa7"; 31 | fsType = "ext4"; 32 | }; 33 | 34 | fileSystems."/boot" = { 35 | device = "/dev/disk/by-uuid/F509-F532"; 36 | fsType = "vfat"; 37 | options = [ 38 | "fmask=0077" 39 | "dmask=0077" 40 | ]; 41 | }; 42 | 43 | swapDevices = [ 44 | { device = "/dev/disk/by-uuid/c9e3a23f-d2c6-49c7-94ad-0372aa4f94e5"; } 45 | ]; 46 | 47 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 48 | # (the default) this is the recommended approach. When using systemd-networkd it's 49 | # still possible to use this option, but it's recommended to use it in conjunction 50 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 51 | networking.useDHCP = lib.mkDefault true; 52 | # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 53 | 54 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 55 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 56 | } 57 | -------------------------------------------------------------------------------- /_to_migrate/hosts/imac/system/modules.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | sshd.enable = true; 4 | vpn.enable = true; 5 | desktop.enable = true; 6 | } 7 | -------------------------------------------------------------------------------- /_to_migrate/hosts/lw196205087/activation.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | { 8 | home.activation = { 9 | linkDesktopApplications = { 10 | after = [ 11 | "writeBoundary" 12 | "createXdgUserDirectories" 13 | ]; 14 | before = [ ]; 15 | data = '' 16 | rm -rf ${config.xdg.dataHome}/"applications/home-manager" 17 | mkdir -p ${config.xdg.dataHome}/"applications/home-manager" 18 | cp -Lr ${config.home.homeDirectory}/.nix-profile/share/applications/* ${config.xdg.dataHome}/"applications/home-manager/" 19 | ''; 20 | }; 21 | report-changes = '' 22 | PATH=$PATH:${ 23 | lib.makeBinPath [ 24 | pkgs.nvd 25 | pkgs.nix 26 | ] 27 | } 28 | nvd diff $(ls -dv /nix/var/nix/profiles/per-user/${config.home.username}/home-manager-*-link | tail -2) 29 | ''; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /_to_migrate/hosts/lw196205087/configuration.nix: -------------------------------------------------------------------------------- 1 | { user, ... }: 2 | { 3 | home = { 4 | username = "${user}"; 5 | homeDirectory = "/home/${user}"; 6 | stateVersion = "22.05"; 7 | }; 8 | 9 | xdg.enable = true; 10 | xdg.mime.enable = true; 11 | targets.genericLinux.enable = true; 12 | } 13 | -------------------------------------------------------------------------------- /_to_migrate/hosts/lw196205087/default.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | imports = [ 4 | ./home.nix 5 | ./configuration.nix 6 | ./packages.nix 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /_to_migrate/hosts/lw196205087/home.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | { 3 | fonts = { 4 | fontconfig = { 5 | enable = true; 6 | }; 7 | }; 8 | 9 | home.file = { 10 | ".face" = { 11 | source = ./. + "/../../files/home/pol/.face"; 12 | recursive = true; 13 | }; 14 | ".face.icon" = { 15 | source = ./. + "/../../files/home/pol/.face"; 16 | recursive = true; 17 | }; 18 | "${config.xdg.configHome}/.password-store/.keep" = { 19 | text = ""; 20 | recursive = true; 21 | }; # Credits to https://store.kde.org/p/1272202 22 | "Pictures/Backgrounds/" = { 23 | source = ./. + "/../../files/home/pol/Pictures/Backgrounds/"; 24 | recursive = true; 25 | }; 26 | }; 27 | 28 | programs = { 29 | bat = { 30 | enable = true; 31 | }; 32 | browserpass = { 33 | enable = true; 34 | browsers = [ "firefox" ]; 35 | }; 36 | command-not-found = { 37 | enable = false; 38 | }; 39 | direnv = { 40 | enable = true; 41 | nix-direnv.enable = true; 42 | }; 43 | eza = { 44 | enable = true; 45 | }; 46 | firefox = { 47 | enable = true; 48 | profiles.default = { 49 | id = 0; 50 | name = "Default"; 51 | settings = { 52 | # Browser settings go here 53 | "browser.startup.homepage" = ""; 54 | # Enable HTTPS-Only Mode 55 | "dom.security.https_only_mode" = true; 56 | "dom.security.https_only_mode_ever_enabled" = true; 57 | # Privacy settings 58 | "privacy.donottrackheader.enabled" = true; 59 | "privacy.trackingprotection.enabled" = true; 60 | "privacy.trackingprotection.socialtracking.enabled" = true; 61 | "privacy.partition.network_state.ocsp_cache" = true; 62 | # Disable all sorts of telemetry 63 | "browser.newtabpage.activity-stream.feeds.telemetry" = false; 64 | "browser.newtabpage.activity-stream.telemetry" = false; 65 | "browser.ping-centre.telemetry" = false; 66 | "toolkit.telemetry.archive.enabled" = false; 67 | "toolkit.telemetry.bhrPing.enabled" = false; 68 | "toolkit.telemetry.enabled" = false; 69 | "toolkit.telemetry.firstShutdownPing.enabled" = false; 70 | "toolkit.telemetry.hybridContent.enabled" = false; 71 | "toolkit.telemetry.newProfilePing.enabled" = false; 72 | "toolkit.telemetry.reportingpolicy.firstRun" = false; 73 | "toolkit.telemetry.shutdownPingSender.enabled" = false; 74 | "toolkit.telemetry.unified" = false; 75 | "toolkit.telemetry.updatePing.enabled" = false; 76 | 77 | # As well as Firefox 'experiments' 78 | "experiments.activeExperiment" = false; 79 | "experiments.enabled" = false; 80 | "experiments.supported" = false; 81 | "network.allow-experiments" = false; 82 | # Disable Pocket Integration 83 | "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; 84 | "extensions.pocket.enabled" = false; 85 | "extensions.pocket.api" = ""; 86 | "extensions.pocket.oAuthConsumerKey" = ""; 87 | "extensions.pocket.showHome" = false; 88 | "extensions.pocket.site" = ""; 89 | }; 90 | }; 91 | }; 92 | fish = { 93 | enable = true; 94 | plugins = [ 95 | { 96 | name = "bobthefish"; 97 | src = pkgs.bobthefish-src; 98 | } 99 | { 100 | name = "z"; 101 | src = pkgs.z-src; 102 | } 103 | ]; 104 | shellAliases = { 105 | ".." = "cd .."; 106 | "..." = "cd ../.."; 107 | ll = "eza -lha"; 108 | cat = "bat"; 109 | ls = "eza"; 110 | grep = "rg"; 111 | }; 112 | }; 113 | git = { 114 | enable = true; 115 | difftastic = { 116 | enable = true; 117 | }; 118 | userName = "Pol Dellaiera"; 119 | userEmail = "pol.dellaiera@protonmail.com"; 120 | aliases = { 121 | ll = "log --stat --abbrev-commit"; 122 | co = "checkout"; 123 | patch = "format-patch --stdout HEAD~1"; 124 | rpatch = "reset --hard HEAD~1"; 125 | lgg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; 126 | lol = "log --graph --decorate --pretty=oneline --abbrev-commit"; 127 | lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all"; 128 | clb = "!/home/user/bin/git-clean-local-branches"; 129 | pf = "push --force-with-lease"; 130 | rewrite = "rebase - x 'git commit - -amend - C HEAD - -date=\"$(date -R)\" && sleep 1.05'"; 131 | # From https://gist.github.com/pksunkara/988716 132 | a = "add --all"; 133 | ai = "add -i"; 134 | ############# 135 | ap = "apply"; 136 | as = "apply --stat"; 137 | ac = "apply --check"; 138 | ############# 139 | ama = "am --abort"; 140 | amr = "am --resolved"; 141 | ams = "am --skip"; 142 | ############# 143 | b = "branch"; 144 | ba = "branch -a"; 145 | bd = "branch -d"; 146 | bdd = "branch -D"; 147 | br = "branch -r"; 148 | bc = "rev-parse --abbrev-ref HEAD"; 149 | bu = "!git rev-parse --abbrev-ref --symbolic-full-name \"@{u}\""; 150 | recent-branches = "branch --sort=-committerdate"; 151 | ############# 152 | c = "commit"; 153 | ca = "commit -a"; 154 | cm = "commit -m"; 155 | cam = "commit -am"; 156 | cem = "commit --allow-empty -m"; 157 | cd = "commit --amend"; 158 | cad = "commit -a --amend"; 159 | ced = "commit --allow-empty --amend"; 160 | ############# 161 | cl = "clone"; 162 | cld = "clone --depth 1"; 163 | clg = "!sh -c 'git clone git://github.com/$1 $(basename $1)' -"; 164 | clgp = "!sh -c 'git clone git@github.com:$(git config --get user.username)/$1 $1' -"; 165 | ############# 166 | co-pr = "!sh -c 'git fetch origin refs/pull/$1/head:pull/$1 && git checkout pull/$1' -"; 167 | cp = "cherry-pick"; 168 | cpa = "cherry-pick --abort"; 169 | cpc = "cherry-pick --continue"; 170 | ############# 171 | d = "diff"; 172 | dp = "diff --patience"; 173 | dc = "diff --cached"; 174 | dk = "diff --check"; 175 | dck = "diff --cached --check"; 176 | dt = "difftool"; 177 | dct = "difftool --cached"; 178 | ############# 179 | f = "fetch"; 180 | fo = "fetch origin"; 181 | fu = "fetch upstream"; 182 | ############# 183 | fp = "format-patch"; 184 | ############# 185 | fk = "fsck"; 186 | ############# 187 | g = "grep -p"; 188 | ############# 189 | l = "log --oneline"; 190 | lg = "log --oneline --graph --decorate"; 191 | ############# 192 | ls = "ls-files"; 193 | lsf = "!git ls-files | grep -i"; 194 | ############# 195 | m = "merge"; 196 | ma = "merge --abort"; 197 | mc = "merge --continue"; 198 | ms = "merge --skip"; 199 | ############# 200 | o = "checkout"; 201 | ob = "checkout -b"; 202 | ############# 203 | pr = "prune -v"; 204 | ############# 205 | ps = "push"; 206 | psf = "push -f"; 207 | psu = "push -u"; 208 | pst = "push --tags"; 209 | ############# 210 | pso = "push origin"; 211 | psao = "push --all origin"; 212 | psfo = "push -f origin"; 213 | psuo = "push -u origin"; 214 | ############# 215 | psom = "push origin master"; 216 | psaom = "push --all origin master"; 217 | psfom = "push -f origin master"; 218 | psuom = "push -u origin master"; 219 | psoc = "!git push origin $(git bc)"; 220 | psaoc = "!git push --all origin $(git bc)"; 221 | psfoc = "!git push -f origin $(git bc)"; 222 | psuoc = "!git push -u origin $(git bc)"; 223 | psdc = "!git push origin :$(git bc)"; 224 | ############# 225 | pl = "pull"; 226 | pb = "pull --rebase"; 227 | ############# 228 | plo = "pull origin"; 229 | pbo = "pull --rebase origin"; 230 | plom = "pull origin master"; 231 | ploc = "!git pull origin $(git bc)"; 232 | pbom = "pull --rebase origin master"; 233 | pboc = "!git pull --rebase origin $(git bc)"; 234 | ############# 235 | plu = "pull upstream"; 236 | plum = "pull upstream master"; 237 | pluc = "!git pull upstream $(git bc)"; 238 | pbum = "pull --rebase upstream master"; 239 | pbuc = "!git pull --rebase upstream $(git bc)"; 240 | ############# 241 | rb = "rebase"; 242 | rba = "rebase --abort"; 243 | rbc = "rebase --continue"; 244 | rbi = "rebase --interactive"; 245 | rbs = "rebase --skip"; 246 | ############# 247 | re = "reset"; 248 | rh = "reset HEAD"; 249 | reh = "reset --hard"; 250 | rem = "reset --mixed"; 251 | res = "reset --soft"; 252 | rehh = "reset --hard HEAD"; 253 | remh = "reset --mixed HEAD"; 254 | resh = "reset --soft HEAD"; 255 | ############# 256 | r = "remote"; 257 | ra = "remote add"; 258 | rr = "remote rm"; 259 | rv = "remote -v"; 260 | rn = "remote rename"; 261 | rp = "remote prune"; 262 | rs = "remote show"; 263 | rao = "remote add origin"; 264 | rau = "remote add upstream"; 265 | rro = "remote remove origin"; 266 | rru = "remote remove upstream"; 267 | rso = "remote show origin"; 268 | rsu = "remote show upstream"; 269 | rpo = "remote prune origin"; 270 | rpu = "remote prune upstream"; 271 | ############# 272 | rmf = "rm -f"; 273 | rmrf = "rm -r -f"; 274 | ############# 275 | s = "status"; 276 | sb = "status -s -b"; 277 | ############# 278 | sa = "stash apply"; 279 | sc = "stash clear"; 280 | sd = "stash drop"; 281 | sl = "stash list"; 282 | sp = "stash pop"; 283 | ss = "stash save"; 284 | ssk = "stash save -k"; 285 | sw = "stash show"; 286 | st = "!git stash list | wc -l 2>/dev/null | grep -oEi '[0-9][0-9]*'"; 287 | ############# 288 | t = "tag"; 289 | td = "tag -d"; 290 | ############# 291 | w = "show"; 292 | wp = "show -p"; 293 | wr = "show -p --no-color"; 294 | ############# 295 | subadd = "!sh -c 'git submodule add git://github.com/$1 $2/$(basename $1)' -"; 296 | subup = "submodule update --init --recursive"; 297 | subpull = "!git submodule foreach git pull --tags origin master"; 298 | ############# 299 | assume = "update-index --assume-unchanged"; 300 | unassume = "update-index --no-assume-unchanged"; 301 | assumed = "!git ls -v | grep ^h | cut -c 3-"; 302 | unassumeall = "!git assumed | xargs git unassume"; 303 | assumeall = "!git status -s | awk {'print $2'} | xargs git assume"; 304 | ############# 305 | bump = "!sh -c 'git commit -am \"Version bump v$1\" && git psuoc && git release $1' -"; 306 | release = "!sh -c 'git tag v$1 && git pst' -"; 307 | unrelease = "!sh -c 'git tag -d v$1 && git pso :v$1' -"; 308 | merged = "!sh -c 'git o master && git plom && git bd $1 && git rpo' -"; 309 | aliases = "!git config -l | grep alias | cut -c 7-"; 310 | snap = "!git stash save 'snapshot: $(date)' && git stash apply 'stash@{0}'"; 311 | bare = "!sh -c 'git symbolic-ref HEAD refs/heads/$1 && git rm --cached -r . && git clean -xfd' -"; 312 | whois = "!sh -c 'git log -i -1 --author=\"$1\" --pretty=\"format:%an <%ae>\"' -"; 313 | serve = "daemon --reuseaddr --verbose --base-path=. --export-all ./.git"; 314 | ############# 315 | behind = "!git rev-list --left-only --count $(git bu)...HEAD"; 316 | ahead = "!git rev-list --right-only --count $(git bu)...HEAD"; 317 | ############# 318 | ours = "!f() { git checkout --ours $@ && git add $@; }; f"; 319 | theirs = "!f() { git checkout --theirs $@ && git add $@; }; f"; 320 | subrepo = "!sh -c 'git filter-branch --prune-empty --subdirectory-filter $1 master' -"; 321 | human = "name-rev --name-only --refs=refs/heads/*"; 322 | }; 323 | extraConfig = { 324 | branch = { 325 | autosetupmerge = "always"; 326 | }; 327 | color = { 328 | ui = "auto"; 329 | }; 330 | core = { 331 | autocrlf = "input"; 332 | editor = "micro"; 333 | safecrlf = "warn"; 334 | excludesfile = "~/.gitignore_global"; 335 | }; 336 | diff = { 337 | mnemonicprefix = true; 338 | }; 339 | init = { 340 | defaultBranch = "main"; 341 | }; 342 | merge = { 343 | conflictstyle = "diff3"; 344 | commit = "no"; 345 | ff = "no"; 346 | tool = "splice"; 347 | }; 348 | push = { 349 | autoSetupRemote = true; 350 | default = "current"; 351 | }; 352 | pull = { 353 | default = "current"; 354 | rebase = true; 355 | }; 356 | rerere = { 357 | enabled = true; 358 | }; 359 | include = { 360 | path = "~/.gitconfig.local"; 361 | }; 362 | signing = { 363 | signByDefault = true; 364 | key = "0AAF2901E8040715"; 365 | }; 366 | commit = { 367 | gpgsign = true; 368 | }; 369 | }; 370 | }; 371 | home-manager = { 372 | enable = true; 373 | }; 374 | htop = { 375 | enable = true; 376 | }; 377 | password-store = { 378 | enable = true; 379 | settings = { 380 | PASSWORD_STORE_DIR = "${config.xdg.configHome}/.password-store"; 381 | }; 382 | }; 383 | }; 384 | 385 | services = { 386 | gpg-agent = { 387 | enable = true; 388 | enableSshSupport = true; 389 | sshKeys = [ "143BC4FB7B3AC7C4F902ADCB579D2F66CDA1844A" ]; 390 | }; 391 | }; 392 | } 393 | -------------------------------------------------------------------------------- /_to_migrate/hosts/lw196205087/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | bottom # https://zaiste.net/posts/shell-commands-rust/ 5 | cachix 6 | dina-font 7 | du-dust 8 | fd 9 | fira-code 10 | fira-code-symbols 11 | fish 12 | gnupg 13 | hack-font 14 | jetbrains-mono 15 | liberation_ttf 16 | neofetch 17 | p7zip 18 | procs 19 | ripgrep 20 | wget 21 | 22 | element-desktop 23 | graphviz 24 | jetbrains.phpstorm 25 | tdesktop 26 | teams 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /_to_migrate/hosts/minimac/home/default.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | code.enable = true; 4 | desktop.enable = true; 5 | firefox.enable = true; 6 | shell.enable = true; 7 | git.enable = true; 8 | messaging.enable = true; 9 | } 10 | -------------------------------------------------------------------------------- /_to_migrate/hosts/minimac/system/configuration.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | # Bootloader. 4 | boot.loader.systemd-boot.enable = true; 5 | boot.loader.efi.canTouchEfiVariables = true; 6 | 7 | # 4G is way too small... 8 | boot.tmp.useTmpfs = lib.mkForce false; 9 | 10 | # The global useDHCP flag is deprecated, therefore explicitly set to false here. 11 | # Per-interface useDHCP will be mandatory in the future, so this generated config 12 | # replicates the default behaviour. 13 | 14 | # services.acpid.enable = true; 15 | 16 | # Configure network proxy if necessary 17 | # networking.proxy.default = "http://user:password@proxy:port/"; 18 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 19 | 20 | # Select internationalisation properties. 21 | # i18n.defaultLocale = "en_BE.UTF-8"; 22 | # console = { 23 | # font = "Lat2-Terminus16"; 24 | # keyMap = "us"; 25 | # }; 26 | console.useXkbConfig = true; 27 | 28 | services = { 29 | pipewire = { 30 | enable = true; 31 | alsa.enable = true; 32 | alsa.support32Bit = true; 33 | pulse.enable = true; 34 | }; 35 | xserver = { 36 | enable = true; 37 | xkb = { 38 | layout = "gb"; 39 | options = "eurosign:e"; 40 | }; 41 | }; 42 | }; 43 | 44 | # Enable CUPS to print documents. 45 | # services.printing.enable = true; 46 | 47 | security.rtkit.enable = true; 48 | 49 | security.sudo.wheelNeedsPassword = false; # Use 'sudo' without a password 50 | powerManagement.enable = true; 51 | 52 | # List services that you want to enable: 53 | # services.cron = { 54 | # enable = false; 55 | # systemCronJobs = [ 56 | # "0 * * * * root nix-channel --update" 57 | # ]; 58 | # }; 59 | 60 | networking = { 61 | hostName = "minimac"; 62 | networkmanager = { 63 | enable = true; 64 | }; 65 | useDHCP = false; 66 | }; 67 | 68 | # This value determines the NixOS release from which the default 69 | # settings for stateful data, like file locations and database versions 70 | # on your system were taken. It‘s perfectly fine and recommended to leave 71 | # this value at the release version of the first install of this system. 72 | # Before changing this value read the documentation for this option 73 | # (e.g. man configuration.nix or on https://search.nixos.org/options?&show=system.stateVersion&from=0&size=50&sort=relevance&type=packages&query=stateVersion). 74 | system.stateVersion = "24.11"; # Did you read the comment? 75 | 76 | hardware.bluetooth.enable = true; 77 | 78 | services.avahi.enable = true; 79 | } 80 | -------------------------------------------------------------------------------- /_to_migrate/hosts/minimac/system/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | inputs, 5 | modulesPath, 6 | ... 7 | }: 8 | { 9 | imports = [ 10 | inputs.nixos-hardware.nixosModules.apple-macmini-4-1 11 | (modulesPath + "/installer/scan/not-detected.nix") 12 | ]; 13 | 14 | boot.initrd.availableKernelModules = [ 15 | "ohci_pci" 16 | "ehci_pci" 17 | "ahci" 18 | "firewire_ohci" 19 | "usb_storage" 20 | "usbhid" 21 | "sd_mod" 22 | "sr_mod" 23 | "sdhci_pci" 24 | ]; 25 | boot.initrd.kernelModules = [ ]; 26 | boot.kernelModules = [ 27 | "kvm-intel" 28 | "wl" 29 | ]; 30 | boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; 31 | 32 | fileSystems."/" = { 33 | device = "/dev/disk/by-uuid/4b8ff738-fe53-403a-ba16-a851b41b8c78"; 34 | fsType = "ext4"; 35 | }; 36 | 37 | fileSystems."/boot" = { 38 | device = "/dev/disk/by-uuid/151D-2898"; 39 | fsType = "vfat"; 40 | }; 41 | 42 | swapDevices = [ { device = "/dev/disk/by-uuid/ce60e82c-87ac-47c2-8880-26949434cc3a"; } ]; 43 | 44 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 45 | # (the default) this is the recommended approach. When using systemd-networkd it's 46 | # still possible to use this option, but it's recommended to use it in conjunction 47 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 48 | networking.useDHCP = lib.mkDefault true; 49 | # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 50 | # networking.interfaces.wlp3s0b1.useDHCP = lib.mkDefault true; 51 | 52 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 53 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 54 | } 55 | -------------------------------------------------------------------------------- /_to_migrate/hosts/minimac/system/modules.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | sshd.enable = true; 4 | desktop.enable = true; 5 | } 6 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/home/home.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | shell.enable = true; 4 | } 5 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/caddy.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | networking = { 4 | firewall = { 5 | allowedTCPPorts = [ 6 | 80 7 | 443 8 | ]; 9 | }; 10 | }; 11 | 12 | services.caddy = { 13 | enable = true; 14 | 15 | # From https://www.reddit.com/r/pihole/comments/xf7059/pihole_behind_caddy_reverse_proxy_redirecting_to/ 16 | virtualHosts."router.lan:80".extraConfig = '' 17 | handle_path /pihole/* { 18 | redir / /admin{path} 19 | reverse_proxy 127.0.0.1:8093 20 | } 21 | handle_path /grafana/* { 22 | reverse_proxy 127.0.0.1:8888 23 | } 24 | ''; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/configuration.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | boot = { 4 | loader = { 5 | grub.enable = lib.mkDefault false; 6 | generic-extlinux-compatible.enable = lib.mkDefault true; 7 | }; 8 | kernel = { 9 | sysctl = { 10 | "net.ipv4.conf.all.forwarding" = lib.mkDefault true; 11 | "net.ipv6.conf.all.forwarding" = lib.mkDefault true; 12 | }; 13 | }; 14 | }; 15 | 16 | fileSystems = { 17 | "/" = { 18 | device = "/dev/disk/by-label/NIXOS_SD"; 19 | fsType = "ext4"; 20 | options = [ "noatime" ]; 21 | }; 22 | "/var/log" = { 23 | device = "none"; 24 | fsType = "tmpfs"; 25 | options = [ 26 | "defaults" 27 | "size=2G" 28 | "nosuid" 29 | "noatime" 30 | ]; 31 | }; 32 | "/tmp" = { 33 | device = "none"; 34 | fsType = "tmpfs"; 35 | options = [ 36 | "defaults" 37 | "size=1G" 38 | "nosuid" 39 | "noatime" 40 | ]; 41 | }; 42 | }; 43 | 44 | systemd.network.networks = { 45 | wan = { 46 | DHCP = "no"; 47 | linkConfig.RequiredForOnline = "no"; 48 | matchConfig.MACAddress = "00:0e:c6:52:c6:b3"; 49 | addresses = [ { addressConfig.Address = "192.168.1.2/24"; } ]; 50 | routes = [ { routeConfig.Gateway = "192.168.1.1"; } ]; 51 | dns = [ "8.8.8.8" ]; 52 | }; 53 | lan = { 54 | DHCP = "no"; 55 | linkConfig.RequiredForOnline = "no"; 56 | matchConfig.MACAddress = "dc:a6:32:e5:bf:9e"; 57 | networkConfig = { 58 | IPMasquerade = "yes"; 59 | }; 60 | addresses = [ { addressConfig.Address = "192.168.2.10/24"; } ]; 61 | }; 62 | }; 63 | systemd.services.NetworkManager-wait-online.enable = false; 64 | systemd.network.wait-online.enable = false; 65 | services.resolved.enable = false; 66 | 67 | networking = { 68 | domain = "lan"; 69 | hostName = "router"; 70 | useNetworkd = true; 71 | useDHCP = false; 72 | 73 | firewall = { 74 | enable = true; 75 | extraCommands = '' 76 | iptables -t nat -A PREROUTING ! -s 192.168.2.10 -p udp --dport 53 -j DNAT --to 192.168.2.10 77 | iptables -t nat -A PREROUTING ! -s 192.168.2.10 -p tcp --dport 53 -j DNAT --to 192.168.2.10 78 | iptables -I INPUT -p tcp --sport 853 -j DROP 79 | iptables -I INPUT -p udp --sport 853 -j DROP 80 | iptables -I OUTPUT -p tcp --dport 853 -j DROP 81 | iptables -I OUTPUT -p udp --dport 853 -j DROP 82 | ''; 83 | }; 84 | }; 85 | 86 | security.sudo.wheelNeedsPassword = false; 87 | 88 | system.stateVersion = "24.11"; 89 | 90 | hardware.enableRedistributableFirmware = true; 91 | 92 | virtualisation = { 93 | docker = { 94 | autoPrune = { 95 | dates = "daily"; 96 | flags = [ 97 | "--all" 98 | "--volumes" 99 | ]; 100 | }; 101 | enable = true; 102 | }; 103 | }; 104 | } 105 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/grafana.old: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | services.caddy.virtualHosts."grafana.router.lan".extraConfig = '' 4 | tls internal 5 | reverse_proxy 127.0.0.1:8888 6 | ''; 7 | 8 | services.grafana = { 9 | enable = true; 10 | settings = { 11 | server = { 12 | domain = "grafana.router.lan"; 13 | http_port = 8888; 14 | http_addr = "0.0.0.0"; 15 | root_url = "%(protocol)s://%(domain)s:%(http_port)s/"; 16 | }; 17 | 18 | analytics.reporting_enabled = false; 19 | 20 | smtp = { 21 | enabled = true; 22 | host = "smtp.scarlet.be:25"; 23 | from_address = "pol.dellaiera@protonmail.com"; 24 | }; 25 | }; 26 | 27 | dataDir = "/var/lib/grafana"; 28 | provision = { 29 | enable = true; 30 | # Set up the datasources 31 | datasources.settings.datasources = [ 32 | { 33 | name = "Prometheus"; 34 | type = "prometheus"; 35 | url = "http://127.0.0.1:${toString config.services.prometheus.port}"; 36 | isDefault = true; 37 | } 38 | { 39 | name = "Loki"; 40 | type = "loki"; 41 | url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; 42 | isDefault = false; 43 | } 44 | ]; 45 | }; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/modules.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | sshd.enable = true; 4 | vpn.enable = true; 5 | } 6 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/pi-hole.nix: -------------------------------------------------------------------------------- 1 | 2 | { 3 | services.caddy.virtualHosts."pi-hole.router.lan".extraConfig = '' 4 | tls internal 5 | handle_path /* { 6 | rewrite * /admin{uri} 7 | reverse_proxy 127.0.0.1:8093 8 | } 9 | ''; 10 | 11 | networking = { 12 | firewall = { 13 | allowedTCPPorts = [ 14 | 53 15 | 67 16 | ]; 17 | allowedUDPPorts = [ 18 | 53 19 | 67 20 | 547 21 | ]; 22 | }; 23 | }; 24 | 25 | virtualisation = { 26 | containers = { 27 | enable = true; 28 | }; 29 | 30 | oci-containers.backend = "docker"; 31 | oci-containers.containers = { 32 | pi-hole = { 33 | autoStart = true; 34 | image = "pihole/pihole:latest"; 35 | environment = { 36 | BLOCKING_ENABLED = "true"; 37 | CUSTOM_CACHE_SIZE = "10000"; 38 | DNSMASQ_LISTENING = "all"; 39 | DNSMASQ_USER = "root"; 40 | DHCP_ACTIVE = "true"; 41 | DHCP_IPv6 = "true"; 42 | DHCP_START = "192.168.2.100"; 43 | DHCP_END = "192.168.2.200"; 44 | DHCP_ROUTER = "192.168.2.10"; 45 | DHCP_LEASETIME = "24"; 46 | DHCP_rapid_commit = "true"; 47 | DNS_BOGUS_PRIV = "true"; 48 | DNS_FQDN_REQUIRED = "true"; 49 | DNSSEC = "false"; 50 | FTLCONF_LOCAL_IPV4 = "192.168.2.10"; 51 | FTLCONF_LOCAL_IPV6 = "0:0:0:0:0:ffff:c0a8:020a"; 52 | FTLCONF_MAXDBDAYS = "7"; 53 | FTLCONF_MOZILLA_CANARY = "false"; 54 | FTLCONF_PRIVACYLEVEL = "0"; 55 | FTLCONF_PIHOLE_PTR = "HOSTNAMEFQDN"; 56 | FTLCONF_RATE_LIMIT = "1000/60"; 57 | IPv6 = "true"; 58 | PIHOLE_DOMAIN = "lan"; 59 | PIHOLE_DNS_ = "8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844;208.67.222.222;208.67.220.220;1.1.1.1;1.0.0.1;2620:119:35::35;2620:119:53::53;2606:4700:4700::1111;2606:4700:4700::1001"; 60 | QUERY_LOGGING = "true"; 61 | REV_SERVER = "false"; 62 | SKIPGRAVITYONBOOT = "1"; 63 | TEMPERATUREUNIT = "c"; 64 | TZ = "Europe/Brussels"; 65 | WEB_BIND_ADDR = "192.168.2.10"; 66 | WEB_PORT = "8093"; 67 | WEBLOGS_STDOUT = "1"; 68 | WEBPASSWORD = "webpassword"; 69 | WEBTHEME = "default-dark"; 70 | WEBUIBOXEDLAYOUT = "traditional"; 71 | }; 72 | volumes = [ 73 | "pihole:/etc/pihole" 74 | "dnsmasq:/etc/dnsmasq.d" 75 | ]; 76 | extraOptions = [ 77 | "--cap-add=NET_ADMIN" 78 | "--network=host" 79 | "--pull=always" 80 | ]; 81 | }; 82 | }; 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/prometheus.old: -------------------------------------------------------------------------------- 1 | 2 | { 3 | services.prometheus = { 4 | enable = true; 5 | port = 9990; 6 | exporters = { 7 | node = { 8 | enable = true; 9 | enabledCollectors = [ 10 | "systemd" 11 | "netdev" 12 | ]; 13 | port = 9991; 14 | }; 15 | shelly = { 16 | enable = true; 17 | metrics-file = "/shelly-metrics.json"; 18 | }; 19 | pihole = { 20 | enable = true; 21 | password = "webpassword"; 22 | piholeHostname = "127.0.0.1"; 23 | piholePort = 8093; 24 | }; 25 | }; 26 | scrapeConfigs = [ 27 | # Scrape the current system 28 | { 29 | job_name = "node"; 30 | static_configs = [ { targets = [ "127.0.0.1:9991" ]; } ]; 31 | scrape_interval = "15s"; 32 | } 33 | # Scrape the current system 34 | { 35 | job_name = "shelly"; 36 | static_configs = [ { targets = [ "127.0.0.1:9784" ]; } ]; 37 | scrape_interval = "15s"; 38 | } 39 | { 40 | job_name = "pihole"; 41 | static_configs = [ { targets = [ "127.0.0.1:9617" ]; } ]; 42 | scrape_interval = "15s"; 43 | } 44 | ]; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /_to_migrate/hosts/router/system/promtail.old: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | systemd.tmpfiles.rules = [ 4 | "d /var/lib/loki 0700 loki loki - -" 5 | "d /var/lib/loki/ruler 0700 loki loki - -" 6 | ]; 7 | 8 | services.loki = { 9 | enable = true; 10 | configuration = { 11 | auth_enabled = false; 12 | server = { 13 | http_listen_port = 3100; 14 | }; 15 | analytics.reporting_enabled = false; 16 | common = { 17 | path_prefix = "/var/lib/loki"; 18 | storage.filesystem = { 19 | chunks_directory = "/var/lib/loki/chunks"; 20 | rules_directory = "/var/lib/loki/rules"; 21 | }; 22 | replication_factor = 1; 23 | ring = { 24 | instance_addr = "127.0.0.1"; 25 | kvstore.store = "inmemory"; 26 | }; 27 | }; 28 | 29 | schema_config = { 30 | configs = [ 31 | { 32 | from = "2022-05-15"; 33 | store = "boltdb-shipper"; 34 | object_store = "filesystem"; 35 | schema = "v11"; 36 | index = { 37 | prefix = "index_"; 38 | period = "24h"; 39 | }; 40 | } 41 | ]; 42 | }; 43 | 44 | ruler.alertmanager_url = "http://127.0.0.1:9001"; 45 | }; 46 | }; 47 | 48 | services.promtail = { 49 | enable = true; 50 | configuration = { 51 | server = { 52 | http_listen_port = 28183; 53 | grpc_listen_port = 0; 54 | }; 55 | positions = { 56 | filename = "/tmp/positions.yaml"; 57 | }; 58 | clients = [ 59 | { 60 | url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; 61 | } 62 | ]; 63 | scrape_configs = [ 64 | { 65 | job_name = "journal"; 66 | journal = { 67 | max_age = "12h"; 68 | labels = { 69 | job = "systemd-journal"; 70 | host = "local"; 71 | }; 72 | }; 73 | relabel_configs = [ 74 | { 75 | source_labels = [ "__journal__systemd_unit" ]; 76 | target_label = "unit"; 77 | } 78 | ]; 79 | } 80 | ]; 81 | }; 82 | # extraFlags 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /_to_migrate/imports/checks.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | perSystem = 4 | { system, ... }: 5 | { 6 | checks = inputs.deploy-rs.lib.${system}.deployChecks { 7 | nodes = ( 8 | inputs.nixpkgs.lib.foldr ( 9 | config: acc: 10 | acc 11 | // { 12 | "${config.instance}" = { 13 | inherit (config) hostname; 14 | fastConnection = false; 15 | profiles.system = { 16 | inherit (config) remoteBuild; 17 | user = "root"; 18 | sshUser = "pol"; 19 | sshOpts = [ ]; 20 | path = 21 | inputs.deploy-rs.lib.${config.system}.activate.nixos 22 | inputs.self.nixosConfigurations.${config.instance}; 23 | }; 24 | }; 25 | } 26 | ) { } (builtins.filter (el: el.system == "x86_64-linux") (import ../hosts.nix)) 27 | ); 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /files/home/pol/.face: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/drupol/infra/4794806ff1cbaf88afaae1c2dcdd431e32f6fa31/files/home/pol/.face -------------------------------------------------------------------------------- /files/home/pol/Code/.directory: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Icon=folder-git 3 | -------------------------------------------------------------------------------- /files/home/pol/Pictures/Backgrounds/Starry Nebula 219.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/drupol/infra/4794806ff1cbaf88afaae1c2dcdd431e32f6fa31/files/home/pol/Pictures/Backgrounds/Starry Nebula 219.png -------------------------------------------------------------------------------- /files/home/pol/Pictures/Backgrounds/nix-snowflake.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | image/svg+xml 49 | 50 | 51 | 52 | 53 | 54 | 57 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "My Nix infrastructure at home"; 3 | 4 | inputs = { 5 | nixpkgs.url = "github:/nixos/nixpkgs/nixos-unstable"; 6 | nixpkgs-master.url = "github:NixOS/nixpkgs/master"; 7 | nixpkgs-unstable.url = "github:/nixos/nixpkgs/nixpkgs-unstable"; 8 | 9 | nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 10 | 11 | home-manager.url = "github:nix-community/home-manager"; 12 | home-manager.inputs.nixpkgs.follows = "nixpkgs"; 13 | 14 | deploy-rs.url = "github:serokell/deploy-rs"; 15 | deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; 16 | 17 | plasma-manager.url = "github:nix-community/plasma-manager"; 18 | plasma-manager.inputs.nixpkgs.follows = "nixpkgs"; 19 | 20 | nur.url = "github:nix-community/NUR"; 21 | 22 | systems.url = "github:nix-systems/default"; 23 | 24 | flake-parts.url = "github:hercules-ci/flake-parts"; 25 | flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; 26 | 27 | git-hooks.url = "github:cachix/git-hooks.nix"; 28 | git-hooks.inputs.nixpkgs.follows = "nixpkgs"; 29 | 30 | nix-oracle-db.url = "github:drupol/nix-oracle-db"; 31 | 32 | nixos-generators.url = "github:nix-community/nixos-generators"; 33 | nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; 34 | 35 | pkgs-by-name-for-flake-parts.url = "github:drupol/pkgs-by-name-for-flake-parts"; 36 | 37 | nix-webapps.url = "github:TLATER/nix-webapps"; 38 | 39 | import-tree.url = "github:vic/import-tree"; 40 | 41 | nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; 42 | 43 | treefmt-nix.url = "github:numtide/treefmt-nix"; 44 | 45 | make-shell.url = "github:nicknovitski/make-shell"; 46 | }; 47 | 48 | outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules); 49 | } 50 | -------------------------------------------------------------------------------- /modules/ai/docling-serve.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.ai = 3 | { pkgs, ... }: 4 | { 5 | services = { 6 | docling-serve = { 7 | enable = true; 8 | host = "0.0.0.0"; 9 | port = 5001; 10 | package = pkgs.docling-serve.override { 11 | withUI = true; 12 | withTesserocr = true; 13 | withCPU = true; 14 | withRapidocr = true; 15 | }; 16 | environment = { 17 | DOCLING_SERVE_ENABLE_UI = "True"; 18 | }; 19 | openFirewall = true; 20 | }; 21 | }; 22 | 23 | networking.firewall.allowedTCPPorts = [ 24 | 5001 25 | ]; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/ai/litellm/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.ai = { 3 | services = { 4 | litellm = { 5 | enable = true; 6 | host = "0.0.0.0"; 7 | port = 8888; 8 | settings = { 9 | model_list = [ 10 | { 11 | model_name = "*"; 12 | litellm_params = { 13 | model = "openai/*"; 14 | api_key = "os.environ/OPENAI_API_KEY"; 15 | }; 16 | } 17 | { 18 | model_name = "gpt-4o"; 19 | litellm_params = { 20 | model = "openai/gpt-4o"; 21 | api_key = "os.environ/OPENAI_API_KEY"; 22 | }; 23 | } 24 | { 25 | model_name = "deepseek-v3"; 26 | litellm_params = { 27 | model = "github/deepseek-v3"; 28 | api_key = "os.environ/GITHUB_API_KEY"; 29 | }; 30 | } 31 | { 32 | model_name = "deepseek-r1"; 33 | litellm_params = { 34 | model = "github/deepseek-r1"; 35 | api_key = "os.environ/GITHUB_API_KEY"; 36 | }; 37 | } 38 | { 39 | model_name = "Llama-3.3-70B-Instruct"; 40 | litellm_params = { 41 | model = "github/Llama-3.3-70B-Instruct"; 42 | api_key = "os.environ/GITHUB_API_KEY"; 43 | }; 44 | } 45 | { 46 | model_name = "Gemini"; 47 | litellm_params = { 48 | model = "gemini/gemini-2.5-pro-exp-03-25"; 49 | api_key = "os.environ/GEMINI_API_KEY"; 50 | }; 51 | } 52 | { 53 | model_name = "mistral/open-mistral-nemo"; 54 | litellm_params = { 55 | model = "mistral/open-mistral-nemo"; 56 | api_key = "os.environ/MISTRAL_API_KEY"; 57 | }; 58 | } 59 | ]; 60 | }; 61 | environmentFile = "/home/pol/Code/drupol/litellm-secrets.env"; 62 | openFirewall = true; 63 | }; 64 | }; 65 | }; 66 | } 67 | -------------------------------------------------------------------------------- /modules/ai/ollama.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.ai = { 3 | services = { 4 | ollama = { 5 | enable = true; 6 | environmentVariables = { 7 | "OLLAMA_FLASH_ATTENTION" = "true"; 8 | "OLLAMA_KV_CACHE_TYPE" = "q8_0"; 9 | }; 10 | }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/ai/open-webui.nix: -------------------------------------------------------------------------------- 1 | { 2 | nixpkgs = { 3 | allowedUnfreePackages = [ 4 | "open-webui" 5 | ]; 6 | }; 7 | 8 | flake.modules.nixos.ai = { 9 | services = { 10 | open-webui = { 11 | enable = true; 12 | host = "0.0.0.0"; 13 | port = 8080; 14 | environment = { 15 | CONTENT_EXTRACTION_ENGINE = "tika"; 16 | DEVICE_TYPE = "cpu"; 17 | ENABLE_OLLAMA_API = "True"; 18 | ENABLE_OPENAI_API = "True"; 19 | ENABLE_RAG_HYBRID_SEARCH = "True"; 20 | ENABLE_RAG_WEB_LOADER_SSL_VERIFICATION = "False"; 21 | ENABLE_RAG_WEB_SEARCH = "True"; 22 | OLLAMA_BASE_URL = "http://127.0.0.1:11434"; 23 | OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api"; 24 | OPENAI_API_BASE_URL = "http://127.0.0.1:8888/v1"; 25 | OPENAI_API_KEY = ""; 26 | PDF_EXTRACT_IMAGES = "True"; 27 | RAG_EMBEDDING_ENGINE = "ollama"; 28 | RAG_EMBEDDING_MODEL = "bge-m3:latest"; 29 | RAG_EMBEDDING_MODEL_AUTO_UPDATE = "True"; 30 | RAG_FILE_MAX_COUNT = "2"; 31 | RAG_RERANKING_MODEL = "BAAI/bge-reranker-v2-m3"; 32 | RAG_TEXT_SPLITTER = "token"; 33 | RAG_WEB_SEARCH_ENGINE = "searxng"; 34 | RAG_WEB_SEARCH_RESULT_COUNT = "5"; 35 | RESET_CONFIG_ON_START = "True"; 36 | SEARXNG_QUERY_URL = "http://127.0.0.1:3002/search?q="; 37 | TIKA_SERVER_URL = "http://127.0.0.1:9998/"; 38 | WEBUI_AUTH = "False"; 39 | WEBUI_NAME = "LLM @ Home"; 40 | }; 41 | }; 42 | 43 | caddy = { 44 | enable = true; 45 | virtualHosts."192.168.2.164:80".extraConfig = '' 46 | reverse_proxy 127.0.0.1:8080 47 | ''; 48 | }; 49 | }; 50 | 51 | networking.firewall.allowedTCPPorts = [ 52 | 80 53 | ]; 54 | }; 55 | } 56 | -------------------------------------------------------------------------------- /modules/ai/searx.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.ai = { 3 | services = { 4 | searx = { 5 | enable = true; 6 | settings = { 7 | use_default_settings = true; 8 | 9 | general = { 10 | privacypolicy_url = false; 11 | enable_metrics = true; 12 | debug = false; 13 | }; 14 | 15 | default_doi_resolver = "sci-hub.se"; 16 | 17 | server = { 18 | port = 3002; 19 | bind_address = "127.0.0.1"; 20 | secret_key = "spotting-gumminess-chamomile-unsuited-purple"; 21 | image_proxy = true; 22 | base_url = "/searx"; 23 | limiter = false; 24 | public_instance = false; 25 | }; 26 | 27 | enabled_plugins = [ 28 | "Hash plugin" 29 | "Search on category select" 30 | "Tracker URL remover" 31 | "Hostname replace" 32 | "Unit converter plugin" 33 | "Basic Calculator" 34 | "Open Access DOI rewrite" 35 | ]; 36 | 37 | search = { 38 | safe_search = 0; # 0 = None, 1 = Moderate, 2 = Strict 39 | formats = [ 40 | "html" 41 | "json" 42 | "rss" 43 | ]; 44 | autocomplete = "google"; # "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default 45 | default_lang = "en"; 46 | }; 47 | }; 48 | }; 49 | 50 | caddy = { 51 | enable = true; 52 | virtualHosts."http://192.168.2.164".extraConfig = '' 53 | handle_path /searx/* { 54 | reverse_proxy 127.0.0.1:3002 55 | } 56 | ''; 57 | virtualHosts."https://192.168.2.164".extraConfig = '' 58 | handle_path /searx/* { 59 | reverse_proxy 127.0.0.1:3002 60 | } 61 | ''; 62 | }; 63 | }; 64 | 65 | networking.firewall.allowedTCPPorts = [ 66 | 80 67 | 443 68 | ]; 69 | }; 70 | } 71 | -------------------------------------------------------------------------------- /modules/ai/tika/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.ai = { 3 | services = { 4 | tika = { 5 | enable = true; 6 | configFile = ./tika-config.xml; 7 | }; 8 | }; 9 | 10 | networking.firewall.allowedTCPPorts = [ 11 | 80 12 | ]; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/ai/tika/tika-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 3600000 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /modules/base/accessibility/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | services.orca.enable = false; 4 | services.speechd.enable = false; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /modules/base/admin/nh.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: 5 | { 6 | imports = [ 7 | inputs.make-shell.flakeModules.default 8 | ]; 9 | 10 | flake.modules.nixos.base = { 11 | programs = { 12 | nh = { 13 | enable = true; 14 | clean = { 15 | enable = true; 16 | extraArgs = "--keep 2"; 17 | }; 18 | }; 19 | }; 20 | }; 21 | 22 | perSystem = 23 | { pkgs, ... }: 24 | { 25 | make-shells.default.packages = with pkgs; [ nh ]; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/base/boot/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base.boot = { 3 | initrd.systemd.enable = true; 4 | 5 | tmp = { 6 | useTmpfs = true; 7 | cleanOnBoot = true; 8 | }; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /modules/base/boot/kernel.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = 3 | { pkgs, ... }: 4 | { 5 | boot.kernelPackages = pkgs.linuxPackages_latest; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /modules/base/command-not-found.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | nixos.base = { 4 | programs.command-not-found.enable = false; 5 | }; 6 | 7 | homeManager.base = { 8 | programs.command-not-found.enable = false; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/base/console/console.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | console.useXkbConfig = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/base/documentation.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | # https://mastodon.online/@nomeata/109915786344697931 4 | documentation.nixos.enable = false; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /modules/base/editors/micro.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.base = { 4 | programs = { 5 | micro = { 6 | enable = true; 7 | settings = { 8 | diffgutter = true; 9 | keymenu = true; 10 | mkparents = true; 11 | tabsize = 2; 12 | tabstospaces = true; 13 | }; 14 | }; 15 | }; 16 | 17 | home.sessionVariables = { 18 | EDITOR = "micro"; 19 | VISUAL = "micro"; 20 | }; 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /modules/base/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.homeManager.base = { 3 | programs.home-manager.enable = true; 4 | # See https://ohai.social/@rycee/112502545466617762 5 | # See https://github.com/nix-community/home-manager/issues/5452 6 | systemd.user.startServices = "sd-switch"; 7 | 8 | services = { 9 | home-manager.autoExpire = { 10 | enable = true; 11 | frequency = "weekly"; 12 | store.cleanup = true; 13 | }; 14 | gpg-agent = { 15 | enable = true; 16 | enableSshSupport = true; 17 | sshKeys = [ "143BC4FB7B3AC7C4F902ADCB579D2F66CDA1844A" ]; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /modules/base/i18n.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | i18n.defaultLocale = "en_GB.UTF-8"; 4 | i18n.extraLocaleSettings = { 5 | LC_ADDRESS = "fr_BE.UTF-8"; 6 | LC_IDENTIFICATION = "fr_BE.UTF-8"; 7 | LC_MEASUREMENT = "fr_BE.UTF-8"; 8 | LC_MONETARY = "fr_BE.UTF-8"; 9 | LC_NAME = "fr_BE.UTF-8"; 10 | LC_NUMERIC = "fr_BE.UTF-8"; 11 | LC_PAPER = "fr_BE.UTF-8"; 12 | LC_TELEPHONE = "fr_BE.UTF-8"; 13 | LC_TIME = "fr_BE.UTF-8"; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/base/network/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = 3 | { hostConfig, ... }: 4 | { 5 | networking = { 6 | hostName = hostConfig.name; 7 | 8 | networkmanager = { 9 | enable = true; 10 | }; 11 | 12 | useDHCP = false; 13 | }; 14 | 15 | systemd = { 16 | services.NetworkManager-wait-online.enable = false; 17 | network.wait-online.enable = false; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/base/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = 3 | { pkgs, ... }: 4 | { 5 | nix = { 6 | # See https://discourse.nixos.org/t/24-05-add-flake-to-nix-path/46310/9 7 | # See https://hachyderm.io/@leftpaddotpy/112539055867932912 8 | channel.enable = false; 9 | settings.nix-path = [ "nixpkgs=${pkgs.path}" ]; 10 | 11 | # From https://jackson.dev/post/nix-reasonable-defaults/ 12 | extraOptions = '' 13 | connect-timeout = 5 14 | log-lines = 50 15 | min-free = 128000000 16 | max-free = 1000000000 17 | fallback = true 18 | ''; 19 | optimise.automatic = true; 20 | settings = { 21 | trusted-users = [ 22 | "root" 23 | ]; 24 | auto-optimise-store = true; 25 | experimental-features = [ 26 | "nix-command" 27 | "flakes" 28 | ]; 29 | warn-dirty = false; 30 | }; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /modules/base/passwords-mgmt/password-store.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.base = 4 | { config, ... }: 5 | { 6 | programs = { 7 | password-store = { 8 | enable = true; 9 | settings = { 10 | PASSWORD_STORE_DIR = "${config.xdg.configHome}/.password-store"; 11 | }; 12 | }; 13 | }; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/base/power-mgmt/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | flake.modules.nixos.base = { 4 | powerManagement = { 5 | enable = true; 6 | cpuFreqGovernor = lib.mkDefault "powersave"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/base/security/rtkit.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | security.rtkit.enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/base/security/sudo-rs.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | security.sudo-rs.enable = true; 4 | security.sudo-rs.wheelNeedsPassword = false; # Use 'sudo' without a password 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /modules/base/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | services = { 4 | flatpak = { 5 | enable = false; 6 | }; 7 | # Limit the systemd journal to 100 MB of disk or the 8 | # last 3 days of logs, whichever happens first. 9 | journald.extraConfig = '' 10 | SystemMaxUse=100M 11 | MaxFileSec=3day 12 | ''; 13 | nscd.enableNsncd = true; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/base/system.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | # See https://github.com/NixOS/nixpkgs/pull/308801 4 | system.switch = { 5 | enable = false; 6 | enableNg = true; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/base/system/auto-upgrade/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | system.autoUpgrade = { 4 | enable = false; 5 | flake = "github:drupol/infra"; 6 | allowReboot = true; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/base/system/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = 3 | let 4 | stateVersion = "25.05"; 5 | in 6 | { 7 | homeManager.base = { 8 | home = { 9 | inherit stateVersion; 10 | }; 11 | }; 12 | 13 | nixos.base = { 14 | system = { 15 | # This value determines the NixOS release from which the default 16 | # settings for stateful data, like file locations and database versions 17 | # on your system were taken. It‘s perfectly fine and recommended to leave 18 | # this value at the release version of the first install of this system. 19 | # Before changing this value read the documentation for this option 20 | # (e.g. man configuration.nix or on https://search.nixos.org/options?&show=system.stateVersion&from=0&size=50&sort=relevance&type=packages&query=stateVersion). 21 | inherit stateVersion; 22 | rebuild.enableNg = true; 23 | }; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /modules/base/time/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.base = { 3 | time.timeZone = "Europe/Brussels"; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/base/xdg.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.homeManager.base = { 3 | xdg = { 4 | enable = true; 5 | mime.enable = true; 6 | userDirs = { 7 | enable = true; 8 | createDirectories = true; 9 | templates = null; 10 | music = null; 11 | videos = null; 12 | publicShare = null; 13 | }; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/bluetooth/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.bluetooth = { 3 | hardware.bluetooth.enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/deploy-rs/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | ... 6 | }: 7 | { 8 | flake = { 9 | deploy.nodes = 10 | let 11 | prefix = "nixosConfigurations/"; 12 | in 13 | lib.pipe (config.flake.modules.nixos or { }) [ 14 | (lib.filterAttrs (name: _module: lib.hasPrefix prefix name)) 15 | (lib.mapAttrs' ( 16 | name: module: 17 | let 18 | hostname = lib.removePrefix prefix name; 19 | system = inputs.self.nixosConfigurations.${hostname}.config.nixpkgs.hostPlatform.system; 20 | in 21 | { 22 | name = hostname; 23 | value = { 24 | inherit hostname; 25 | fastConnection = false; 26 | profiles.system = { 27 | user = "root"; 28 | sshUser = "pol"; 29 | sshOpts = [ ]; 30 | path = inputs.deploy-rs.lib.${system}.activate.nixos inputs.self.nixosConfigurations.${hostname}; 31 | }; 32 | }; 33 | } 34 | )) 35 | ]; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/desktop/environment/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: 5 | { 6 | flake.modules = { 7 | nixos.desktop = 8 | { pkgs, ... }: 9 | { 10 | xdg = { 11 | portal = { 12 | enable = true; 13 | config.common.default = "kde"; 14 | extraPortals = with pkgs; [ kdePackages.xdg-desktop-portal-kde ]; 15 | }; 16 | }; 17 | 18 | services = { 19 | xserver = { 20 | enable = true; 21 | xkb = { 22 | options = "eurosign:e"; 23 | }; 24 | }; 25 | desktopManager = { 26 | plasma6 = { 27 | enable = true; 28 | }; 29 | }; 30 | displayManager = { 31 | sddm = { 32 | enable = true; 33 | }; 34 | }; 35 | }; 36 | 37 | # Only for Winbox 38 | networking = { 39 | firewall.allowedUDPPorts = [ 5678 ]; 40 | }; 41 | }; 42 | 43 | homeManager.desktop = 44 | { pkgs, ... }: 45 | { 46 | nixpkgs = { 47 | config.allowUnfree = true; 48 | overlays = [ 49 | inputs.self.overlays.default 50 | ]; 51 | }; 52 | 53 | home.packages = with pkgs; [ 54 | kdePackages.akonadi-search 55 | kdePackages.akregator 56 | kdePackages.ark 57 | kdePackages.filelight 58 | kdePackages.kate 59 | kdePackages.kcalc 60 | kdePackages.kdialog 61 | kdePackages.kgpg 62 | kdePackages.kpipewire 63 | kdePackages.krdc 64 | kdePackages.krfb 65 | kdePackages.ksystemlog 66 | kdePackages.kweather 67 | kdePackages.okular 68 | kdePackages.plasma-browser-integration 69 | kdePackages.sddm-kcm 70 | kdePackages.spectacle 71 | kdePackages.xdg-desktop-portal-kde 72 | kdePackages.yakuake 73 | krita 74 | vlc 75 | winbox4 76 | zotero 77 | pkgs.local.gh-flake-update 78 | ]; 79 | }; 80 | }; 81 | } 82 | -------------------------------------------------------------------------------- /modules/desktop/fonts/fonts.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | nixos.desktop = 4 | { pkgs, ... }: 5 | { 6 | fonts.packages = with pkgs; [ 7 | dina-font 8 | aporetic 9 | monaspace 10 | ]; 11 | 12 | fonts.fontconfig = { 13 | defaultFonts = { 14 | monospace = [ 15 | "Aporetic Sans Mono" 16 | ]; 17 | sansSerif = [ "Aporetic Sans Mono" ]; 18 | serif = [ "Aporetic Sans Mono" ]; 19 | }; 20 | }; 21 | }; 22 | 23 | homeManager.desktop = { 24 | fonts = { 25 | fontconfig = { 26 | enable = true; 27 | }; 28 | }; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /modules/desktop/web-browsers/firefox.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: 5 | { 6 | flake.modules = { 7 | homeManager.desktop = 8 | { pkgs, ... }: 9 | { 10 | nixpkgs.overlays = [ 11 | inputs.nur.overlays.default 12 | ]; 13 | 14 | programs.firefox = 15 | let 16 | defaultFont = "Aporetic Sans Mono"; 17 | in 18 | { 19 | enable = true; 20 | nativeMessagingHosts = [ 21 | pkgs.browserpass 22 | ]; 23 | profiles.default = { 24 | id = 0; 25 | isDefault = true; 26 | name = "Default"; 27 | extensions.packages = [ 28 | pkgs.nur.repos.rycee.firefox-addons.browserpass 29 | # pkgs.nur.repos.rycee.firefox-addons.bypass-paywalls-clean 30 | pkgs.nur.repos.rycee.firefox-addons.enhancer-for-youtube 31 | pkgs.nur.repos.rycee.firefox-addons.private-relay 32 | pkgs.nur.repos.rycee.firefox-addons.foxyproxy-standard 33 | pkgs.nur.repos.rycee.firefox-addons.french-dictionary 34 | pkgs.nur.repos.rycee.firefox-addons.istilldontcareaboutcookies 35 | pkgs.nur.repos.rycee.firefox-addons.kristofferhagen-nord-theme 36 | pkgs.nur.repos.rycee.firefox-addons.languagetool 37 | pkgs.nur.repos.rycee.firefox-addons.multi-account-containers 38 | pkgs.nur.repos.rycee.firefox-addons.privacy-badger 39 | pkgs.nur.repos.rycee.firefox-addons.refined-saved-replies 40 | pkgs.nur.repos.rycee.firefox-addons.simple-tab-groups 41 | pkgs.nur.repos.rycee.firefox-addons.tournesol 42 | pkgs.nur.repos.rycee.firefox-addons.ublock-origin 43 | pkgs.nur.repos.rycee.firefox-addons.violentmonkey 44 | ]; 45 | search = { 46 | default = "google"; 47 | force = true; 48 | engines = { 49 | "autonomous-system-number-search" = { 50 | urls = [ { template = "https://bgp.tools/search?q={searchTerms}"; } ]; 51 | icon = "https://bgp.tools/favicon-32x32.png"; 52 | updateInterval = 24 * 60 * 60 * 1000; # every day 53 | definedAliases = [ "@asn" ]; 54 | }; 55 | 56 | "nix-packages" = { 57 | urls = [ 58 | { 59 | template = "https://search.nixos.org/packages"; 60 | params = [ 61 | { 62 | name = "type"; 63 | value = "packages"; 64 | } 65 | { 66 | name = "query"; 67 | value = "{searchTerms}"; 68 | } 69 | ]; 70 | } 71 | ]; 72 | 73 | icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 74 | definedAliases = [ "@np" ]; 75 | }; 76 | 77 | "nixpkgs-prs" = { 78 | urls = [ { template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}"; } ]; 79 | icon = "https://nixos.org/favicon.png"; 80 | updateInterval = 24 * 60 * 60 * 1000; # every day 81 | definedAliases = [ "@npr" ]; 82 | }; 83 | 84 | "nixos-wiki" = { 85 | urls = [ { template = "https://wiki.nixos.org/index.php?search={searchTerms}"; } ]; 86 | icon = "https://wiki.nixos.org/favicon.png"; 87 | updateInterval = 24 * 60 * 60 * 1000; # every day 88 | definedAliases = [ "@nw" ]; 89 | }; 90 | 91 | "noogle-dev-search" = { 92 | urls = [ { template = "https://noogle.dev/?term=%22{searchTerms}%22"; } ]; 93 | icon = "https://noogle.dev/favicon.png"; 94 | updateInterval = 24 * 60 * 60 * 1000; # every day 95 | definedAliases = [ 96 | "@ngd" 97 | "@nog" 98 | ]; 99 | }; 100 | 101 | "bing".metaData.hidden = true; 102 | "duckduckgo".metaData.hidden = true; 103 | "amazonnl".metaData.hidden = true; 104 | "ebay".metaData.hidden = true; 105 | "google".metaData.alias = "@g"; 106 | }; 107 | }; 108 | settings = { 109 | "app.update.auto" = false; 110 | "browser.aboutConfig.showWarning" = false; 111 | "browser.urlbar.update2.engineAliasRefresh" = true; 112 | "browser.shell.checkDefaultBrowser" = false; 113 | "browser.startup.homepage" = ""; 114 | "cookiebanners.service.mode" = 2; 115 | # Enable HTTPS-Only Mode 116 | "dom.security.https_only_mode" = true; 117 | "dom.security.https_only_mode_ever_enabled" = true; 118 | # Privacy settings 119 | "privacy.donottrackheader.enabled" = true; 120 | "privacy.trackingprotection.enabled" = true; 121 | "privacy.trackingprotection.socialtracking.enabled" = true; 122 | "privacy.partition.network_state.ocsp_cache" = true; 123 | # Disable all sorts of telemetry 124 | "browser.newtabpage.activity-stream.feeds.telemetry" = false; 125 | "browser.newtabpage.activity-stream.telemetry" = false; 126 | "browser.fullscreen.autohide" = false; 127 | "browser.newtabpage.activity-stream.topSitesRows" = 0; 128 | "browser.urlbar.quickactions.enabled" = true; 129 | "browser.safebrowsing.malware.enabled" = false; 130 | "browser.search.hiddenOneOffs" = "Google,Yahoo,Bing,Amazon.com,Twitter"; 131 | "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; 132 | "browser.urlbar.trimURLs" = false; 133 | "browser.ping-centre.telemetry" = false; 134 | "browser.urlbar.suggest.bookmark" = false; 135 | "browser.urlbar.suggest.quicksuggest.nonsponsored" = false; 136 | "browser.urlbar.suggest.quicksuggest.sponsored" = false; 137 | "browser.urlbar.suggest.searches" = false; 138 | "toolkit.telemetry.archive.enabled" = false; 139 | "toolkit.telemetry.bhrPing.enabled" = false; 140 | "toolkit.telemetry.enabled" = false; 141 | "toolkit.telemetry.firstShutdownPing.enabled" = false; 142 | "toolkit.telemetry.hybridContent.enabled" = false; 143 | "toolkit.telemetry.newProfilePing.enabled" = false; 144 | "toolkit.telemetry.reportingpolicy.firstRun" = false; 145 | "toolkit.telemetry.shutdownPingSender.enabled" = false; 146 | "toolkit.telemetry.unified" = false; 147 | "toolkit.telemetry.updatePing.enabled" = false; 148 | 149 | # As well as Firefox 'experiments' 150 | "experiments.activeExperiment" = false; 151 | "experiments.enabled" = false; 152 | "experiments.supported" = false; 153 | "network.allow-experiments" = false; 154 | # Disable Pocket Integration 155 | "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; 156 | "extensions.pocket.enabled" = false; 157 | "extensions.pocket.api" = ""; 158 | "extensions.pocket.oAuthConsumerKey" = ""; 159 | "extensions.pocket.showHome" = false; 160 | "extensions.pocket.site" = ""; 161 | # Allow copy to clipboard 162 | "dom.events.asyncClipboard.clipboardItem" = true; 163 | "trailhead.firstrun.didSeeAboutWelcome" = true; 164 | "widget.use-xdg-desktop-portal.file-picker" = 1; 165 | "widget.use-xdg-desktop-portal.location" = 1; 166 | "widget.use-xdg-desktop-portal.mime-handler" = 1; 167 | "widget.use-xdg-desktop-portal.open-uri" = 1; 168 | "widget.use-xdg-desktop-portal.settings" = 1; 169 | 170 | "privacy.donottrackheader.value" = 1; 171 | "findbar.modalHighlight" = true; 172 | "datareporting.healthreport.uploadEnabled" = false; 173 | 174 | # override fonts 175 | "font.minimum-size.x-western" = 12; 176 | "font.size.fixed.x-western" = 14; 177 | "font.size.monospace.x-western" = 14; 178 | "font.size.variable.x-western" = 14; 179 | "font.name.monospace.x-western" = "${defaultFont}"; 180 | "font.name.sans-serif.x-western" = "${defaultFont}"; 181 | "font.name.serif.x-western" = "${defaultFont}"; 182 | "browser.display.use_document_fonts" = 0; 183 | }; 184 | }; 185 | }; 186 | }; 187 | }; 188 | } 189 | -------------------------------------------------------------------------------- /modules/dev/editors/vscode.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | ... 5 | }: 6 | { 7 | flake.modules = { 8 | nixos.dev = { 9 | services = { 10 | # needed for store VS Code auth token 11 | gnome.gnome-keyring.enable = true; 12 | }; 13 | }; 14 | 15 | homeManager.dev = 16 | { pkgs, ... }: 17 | { 18 | nixpkgs = { 19 | overlays = [ 20 | (final: prev: { 21 | master = import inputs.nixpkgs-master { 22 | inherit (final) config system; 23 | }; 24 | }) 25 | ]; 26 | }; 27 | 28 | home.packages = with pkgs; [ 29 | vscode-runner 30 | ]; 31 | 32 | programs.vscode = { 33 | enable = true; 34 | mutableExtensionsDir = false; 35 | profiles = { 36 | default = { 37 | enableExtensionUpdateCheck = false; 38 | enableUpdateCheck = false; 39 | extensions = [ 40 | pkgs.vscode-extensions.anweber.vscode-httpyac 41 | pkgs.vscode-extensions.arcticicestudio.nord-visual-studio-code 42 | pkgs.vscode-extensions.bbenoist.nix 43 | pkgs.vscode-extensions.bmewburn.vscode-intelephense-client 44 | pkgs.vscode-extensions.charliermarsh.ruff 45 | pkgs.vscode-extensions.christian-kohler.path-intellisense 46 | pkgs.vscode-extensions.coder.coder-remote 47 | pkgs.vscode-extensions.codezombiech.gitignore 48 | pkgs.vscode-extensions.dhall.vscode-dhall-lsp-server 49 | pkgs.vscode-extensions.dhall.dhall-lang 50 | pkgs.vscode-extensions.donjayamanne.githistory 51 | pkgs.vscode-extensions.editorconfig.editorconfig 52 | pkgs.vscode-extensions.esbenp.prettier-vscode 53 | 54 | pkgs.vscode-extensions.github.copilot 55 | pkgs.vscode-extensions.github.copilot-chat 56 | 57 | pkgs.vscode-extensions.github.github-vscode-theme 58 | pkgs.vscode-extensions.github.vscode-pull-request-github 59 | pkgs.vscode-extensions.golang.go 60 | pkgs.vscode-extensions.jebbs.plantuml 61 | pkgs.vscode-extensions.jnoortheen.nix-ide 62 | pkgs.vscode-extensions.mkhl.direnv 63 | pkgs.vscode-extensions.mongodb.mongodb-vscode 64 | 65 | pkgs.vscode-extensions.ms-python.debugpy 66 | pkgs.vscode-extensions.ms-python.mypy-type-checker 67 | pkgs.vscode-extensions.ms-python.python 68 | pkgs.vscode-extensions.ms-python.vscode-pylance 69 | 70 | pkgs.vscode-extensions.ms-toolsai.jupyter 71 | pkgs.vscode-extensions.ms-vscode-remote.remote-containers 72 | pkgs.vscode-extensions.ms-vscode-remote.remote-ssh 73 | pkgs.vscode-extensions.ms-vsliveshare.vsliveshare 74 | pkgs.vscode-extensions.myriad-dreamin.tinymist 75 | pkgs.vscode-extensions.pkief.material-icon-theme 76 | pkgs.vscode-extensions.redhat.vscode-yaml 77 | pkgs.vscode-extensions.redhat.vscode-xml 78 | pkgs.vscode-extensions.rust-lang.rust-analyzer 79 | pkgs.vscode-extensions.tamasfe.even-better-toml 80 | pkgs.vscode-extensions.tekumara.typos-vscode 81 | pkgs.vscode-extensions.usernamehw.errorlens 82 | 83 | pkgs.vscode-extensions.visualjj.visualjj 84 | 85 | pkgs.vscode-extensions.yzhang.markdown-all-in-one 86 | pkgs.vscode-extensions.zhuangtongfa.material-theme 87 | ]; 88 | userSettings = { 89 | "[css]" = { 90 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 91 | }; 92 | "[go]" = { 93 | "editor.defaultFormatter" = "golang.go"; 94 | }; 95 | "[graphql]" = { 96 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 97 | }; 98 | "[handlebars]" = { 99 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 100 | }; 101 | "[html]" = { 102 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 103 | }; 104 | "[javascript]" = { 105 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 106 | }; 107 | "[javascriptreact]" = { 108 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 109 | }; 110 | "[json]" = { 111 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 112 | }; 113 | "[jsonc]" = { 114 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 115 | }; 116 | "[json5]" = { 117 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 118 | }; 119 | "[less]" = { 120 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 121 | }; 122 | "[markdown]" = { 123 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 124 | }; 125 | "[mdx]" = { 126 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 127 | }; 128 | "[nix]" = { 129 | "editor.defaultFormatter" = "jnoortheen.nix-ide"; 130 | }; 131 | "[php]" = { 132 | "editor.defaultFormatter" = "bmewburn.vscode-intelephense-client"; 133 | }; 134 | "[postcss]" = { 135 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 136 | }; 137 | "[scss]" = { 138 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 139 | }; 140 | "[toml]" = { 141 | "editor.defaultFormatter" = "tamasfe.even-better-toml"; 142 | }; 143 | "[txt]" = { 144 | "editor.formatOnSave" = false; 145 | }; 146 | "[typescript]" = { 147 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 148 | }; 149 | "[typescriptreact]" = { 150 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 151 | }; 152 | "[typst]" = { 153 | "editor.defaultFormatter" = "myriad-dreamin.tinymist"; 154 | }; 155 | "[vue]" = { 156 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 157 | }; 158 | "[yaml]" = { 159 | "editor.defaultFormatter" = "redhat.vscode-yaml"; 160 | }; 161 | "debug.console.fontFamily" = "'Aporetic Sans Mono'"; 162 | "diffEditor.ignoreTrimWhitespace" = false; 163 | "editor.bracketPairColorization.enabled" = true; 164 | "editor.cursorSmoothCaretAnimation" = "on"; 165 | "editor.fontFamily" = "'Aporetic Sans Mono'"; 166 | "editor.fontLigatures" = true; 167 | "editor.fontSize" = 14; 168 | "editor.formatOnSave" = false; 169 | "editor.guides.bracketPairs" = true; 170 | "editor.inlineSuggest.enabled" = true; 171 | "editor.inlineSuggest.edits" = { 172 | renderSideBySide = true; 173 | }; 174 | "editor.renderWhitespace" = "boundary"; 175 | "editor.suggestFontSize" = 0; 176 | "editor.suggest.preview" = true; 177 | "editor.suggest.showStatusBar" = true; 178 | "editor.mouseWheelZoom" = true; 179 | "editor.rulers" = [ 180 | 80 181 | 120 182 | ]; 183 | "editor.stickyScroll.enabled" = true; 184 | "editor.stickyScroll.maxLineCount" = 10; 185 | "editor.suggestSelection" = "first"; 186 | "editor.unicodeHighlight.ambiguousCharacters" = false; 187 | "editor.unicodeHighlight.invisibleCharacters" = false; 188 | "editor.unicodeHighlight.nonBasicASCII" = false; 189 | "errorLens.enabled" = false; 190 | "explorer.confirmDelete" = false; 191 | "explorer.confirmDragAndDrop" = false; 192 | "explorer.fileNesting.enabled" = true; 193 | "explorer.fileNesting.patterns" = { 194 | "*.md" = "\${capture}.*.md"; 195 | "config.toml" = "config.*.toml,params.toml"; 196 | }; 197 | "extensions.autoCheckUpdates" = false; 198 | "extensions.autoUpdate" = false; 199 | "extensions.ignoreRecommendations" = true; 200 | "files.autoSave" = "afterDelay"; 201 | "files.autoSaveDelay" = 500; 202 | "files.insertFinalNewline" = true; 203 | "files.trimFinalNewlines" = true; 204 | "files.trimTrailingWhitespace" = true; 205 | "git.allowForcePush" = true; 206 | "git.autofetch" = true; 207 | "git.autoStash" = true; 208 | "git.blame.editorDecoration.enabled" = true; 209 | "git.blame.statusBarItem.enabled" = true; 210 | "git.blame.editorDecoration.template" = "\${subject}, \${authorName} (\${authorDateAgo})"; 211 | "git.blame.statusBarItem.template" = "\${subject}, \${authorName} (\${authorDateAgo})"; 212 | "git.confirmForcePush" = false; 213 | "git.confirmSync" = false; 214 | "git.enableSmartCommit" = true; 215 | "git.showPushSuccessNotification" = true; 216 | "github.copilot.nextEditSuggestions" = true; 217 | "github.copilot.enable" = { 218 | "*" = true; 219 | yaml = true; 220 | plaintext = true; 221 | markdown = true; 222 | }; 223 | "githubPullRequests.pullBranch" = "always"; 224 | "markdown.preview.fontFamily" = "'Aporetic Sans Mono'"; 225 | "nix.formatterPath" = [ (lib.getExe pkgs.nixfmt-rfc-style) ]; 226 | "nix.serverPath" = lib.getExe pkgs.nixd; 227 | "nix.enableLanguageServer" = true; 228 | "nix.serverSettings".nixd.formatting.command = [ (lib.getExe pkgs.nixfmt-rfc-style) ]; 229 | "plantuml.previewSnapIndicators" = true; 230 | "plantuml.render" = "Local"; 231 | "plantuml.server" = "https://www.plantuml.com/plantuml"; 232 | "python.analysis.autoImportCompletions" = true; 233 | "redhat.telemetry.enabled" = false; 234 | "search.seedWithNearestWord" = true; 235 | "search.showLineNumbers" = true; 236 | "search.useGlobalIgnoreFiles" = true; 237 | "search.useIgnoreFiles" = true; 238 | "search.exclude" = { 239 | "**/.direnv" = true; 240 | "**/.git" = true; 241 | "**/.jj" = true; 242 | "**/.venv" = true; 243 | "**/node_modules" = true; 244 | "*.lock" = true; 245 | "dist" = true; 246 | "tmp" = true; 247 | }; 248 | "security.workspace.trust.untrustedFiles" = "open"; 249 | "telemetry.telemetryLevel" = "off"; 250 | "terminal.integrated.defaultProfile.linux" = "fish"; 251 | "terminal.integrated.fontSize" = 14; 252 | "terminal.integrated.tabs.enabled" = true; 253 | "tinymist.preview.scrollSync" = "onSelectionChange"; 254 | "tinymist.formatterMode" = "typstyle"; 255 | "update.mode" = "none"; 256 | "update.showReleaseNotes" = true; 257 | "window.dialogStyle" = "custom"; 258 | "window.menuBarVisibility" = "toggle"; 259 | "window.newWindowDimensions" = "inherit"; 260 | "window.titleBarStyle" = "custom"; 261 | "window.zoomLevel" = 0; 262 | "workbench.colorCustomizations" = { }; 263 | "workbench.colorTheme" = "GitHub Dark Default"; 264 | "workbench.commandPalette.experimental.suggestCommands" = true; 265 | "workbench.editor.enablePreview" = false; # Prevents temporary editor tabs 266 | "workbench.editor.highlightModifiedTabs" = true; 267 | "workbench.iconTheme" = "material-icon-theme"; 268 | "workbench.panel.defaultLocation" = "bottom"; 269 | "workbench.startupEditor" = "none"; 270 | }; 271 | }; 272 | }; 273 | }; 274 | }; 275 | }; 276 | 277 | nixpkgs = { 278 | allowedUnfreePackages = [ 279 | "vscode" 280 | "vscode-extension-bmewburn-vscode-intelephense-client" 281 | "vscode-extension-github-copilot" 282 | "vscode-extension-github-copilot-chat" 283 | "vscode-extension-MS-python-vscode-pylance" 284 | "vscode-extension-ms-vscode-remote-remote-containers" 285 | "vscode-extension-ms-vscode-remote-remote-ssh" 286 | "vscode-extension-ms-vsliveshare-vsliveshare" 287 | "vscode-extension-visualjj-visualjj" 288 | ]; 289 | }; 290 | } 291 | -------------------------------------------------------------------------------- /modules/dev/editors/zeditor.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | ... 5 | }: 6 | { 7 | flake.modules = { 8 | homeManager.dev = 9 | { pkgs, ... }: 10 | { 11 | nixpkgs.overlays = [ 12 | (final: prev: { 13 | unstable = import inputs.nixpkgs-unstable { 14 | inherit (final) config system; 15 | }; 16 | }) 17 | ]; 18 | 19 | programs.zed-editor = { 20 | enable = true; 21 | extensions = [ 22 | "docker-compose" 23 | "dockerfile" 24 | "git-firefly" 25 | "graphviz" 26 | "http" 27 | "just" 28 | "latex" 29 | "make" 30 | "material-icon-theme" 31 | "nix" 32 | "plantuml" 33 | "pylsp" 34 | "ruff" 35 | "toml" 36 | "typos" 37 | "typst" 38 | ]; 39 | userSettings = { 40 | assistant = { 41 | default_model = { 42 | provider = "copilot_chat"; 43 | model = "gpt-4o"; 44 | }; 45 | version = "2"; 46 | }; 47 | # assistant = { 48 | # default_model = { 49 | # provider = "zed.dev"; 50 | # model = "claude-3-5-sonnet-latest"; 51 | # }; 52 | # version = "2"; 53 | # }; 54 | auto_update = false; 55 | autosave = { 56 | after_delay = { 57 | milliseconds = 1000; 58 | }; 59 | }; 60 | base_keymap = "VSCode"; 61 | ensure_final_newline_on_save = true; 62 | buffer_font_family = "Aporetic Sans Mono"; 63 | buffer_font_features = { 64 | calt = true; 65 | ligatures = true; 66 | }; 67 | buffer_font_size = 14; 68 | edit_predictions = { 69 | disabled_globs = [ 70 | "**/.env*" 71 | "**/*.pem" 72 | "**/*.key" 73 | "**/*.cert" 74 | "**/*.crt" 75 | "**/secrets.yml" 76 | ]; 77 | }; 78 | features = { 79 | inline_completion_provider = "copilot"; 80 | edit_prediction_provider = "copilot"; 81 | }; 82 | format_on_save = "on"; 83 | hour_format = "hour24"; 84 | icon_theme = { 85 | mode = "system"; 86 | light = "Material Icon Theme"; 87 | dark = "Material Icon Theme"; 88 | }; 89 | inlay_hints = { 90 | enable = true; 91 | }; 92 | languages = { 93 | Markdown = { 94 | format_on_save = "on"; 95 | preferred_line_length = 120; 96 | soft_wrap = "preferred_line_length"; 97 | }; 98 | Nix = { 99 | language_servers = [ 100 | "nixd" 101 | "!nil" 102 | ]; 103 | formatter.external = { 104 | command = "${lib.getExe pkgs.nixfmt-rfc-style}"; 105 | arguments = [ 106 | "--quiet" 107 | "--" 108 | ]; 109 | }; 110 | }; 111 | Typst = { 112 | formatter = { 113 | language_server = { 114 | name = "tinymist"; 115 | }; 116 | }; 117 | }; 118 | Python = { 119 | language_servers = [ 120 | "pylsp" 121 | "pyright" 122 | "ruff" 123 | ]; 124 | format_on_save = "on"; 125 | formatter = [ 126 | { 127 | code_actions = { 128 | "source.organizeImports.ruff" = true; 129 | "source.fixAll.ruff" = true; 130 | }; 131 | } 132 | { 133 | language_server = { 134 | name = "ruff"; 135 | }; 136 | } 137 | ]; 138 | show_inline_completions = true; 139 | }; 140 | }; 141 | load_direnv = "direct"; 142 | lsp = { 143 | nixd = { 144 | binary.path = lib.getExe pkgs.nixd; 145 | }; 146 | pyright = { 147 | binary = { 148 | path_lookup = pkgs.pyright; 149 | }; 150 | }; 151 | pylsp = { 152 | settings = { 153 | plugins = { 154 | pycodestyle = { 155 | enabled = false; 156 | }; 157 | mypy = { 158 | enabled = true; 159 | }; 160 | }; 161 | }; 162 | }; 163 | tinymist = { 164 | binary.path = lib.getExe pkgs.tinymist; 165 | }; 166 | typos = { 167 | binary.path = lib.getExe pkgs.typos-lsp; 168 | }; 169 | }; 170 | preview_tabs = { 171 | enabled = true; 172 | enable_preview_from_file_finder = true; 173 | enable_preview_from_code_navigation = true; 174 | }; 175 | show_edit_predictions = true; 176 | tabs = { 177 | file_icons = true; 178 | git_status = true; 179 | }; 180 | tab_size = 2; 181 | telemetry = { 182 | diagnostics = false; 183 | metrics = false; 184 | }; 185 | terminal.env = { 186 | EDITOR = "zed --wait"; 187 | VISUAL = "zed --wait"; 188 | }; 189 | ui_font_family = "Aporetic Sans Mono"; 190 | ui_font_size = 14; 191 | wrap_guides = [ 192 | 80 193 | 120 194 | ]; 195 | }; 196 | }; 197 | }; 198 | }; 199 | } 200 | -------------------------------------------------------------------------------- /modules/dev/git/gh-dash.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.dev = 4 | { pkgs, ... }: 5 | { 6 | programs = { 7 | gh-dash = { 8 | enable = true; 9 | settings = { 10 | prSections = [ 11 | { 12 | title = "To review"; 13 | filters = "repo:NixOS/nixpkgs is:open draft:false status:success"; 14 | } 15 | { 16 | title = "1st contribution"; 17 | filters = ''repo:NixOS/nixpkgs is:open draft:false label:"12. first-time contribution"''; 18 | } 19 | { 20 | title = "1st approval"; 21 | filters = ''repo:NixOS/nixpkgs is:open draft:false status:success label:"12.approvals: 1"''; 22 | } 23 | { 24 | title = "From r-ryantm only"; 25 | filters = ''repo:NixOS/nixpkgs is:open draft:false status:success base:master -label:"1.severity: mass-rebuild" -label:"1.severity: mass-darwin-rebuild" author:r-ryantm''; 26 | } 27 | { 28 | title = "My PRs"; 29 | filters = "is:open author:@me"; 30 | } 31 | { 32 | title = "Needs my review"; 33 | filters = "is:open review-requested:@me"; 34 | } 35 | { 36 | title = "Involved"; 37 | filters = "is:open involves:@me -author:@me"; 38 | } 39 | ]; 40 | defaults = { 41 | prsLimit = 25; 42 | issuesLimit = 10; 43 | view = "prs"; 44 | preview = { 45 | open = false; 46 | width = 100; 47 | }; 48 | refetchIntervalMinutes = 10; 49 | }; 50 | keybindings = { 51 | prs = [ 52 | { 53 | key = "V"; 54 | command = "cd {{.RepoPath}} && code . && gh pr checkout {{.PrNumber}}"; 55 | } 56 | ]; 57 | }; 58 | repoPaths = { 59 | "NixOS/*" = "~/Code/NixOS/*"; 60 | }; 61 | theme.ui.table.showSeparator = false; 62 | }; 63 | }; 64 | gh = { 65 | extensions = [ 66 | pkgs.gh-dash 67 | ]; 68 | }; 69 | }; 70 | }; 71 | }; 72 | } 73 | -------------------------------------------------------------------------------- /modules/dev/git/gh.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.dev = 4 | { pkgs, ... }: 5 | { 6 | programs = { 7 | gh = { 8 | enable = true; 9 | extensions = [ 10 | pkgs.gh-copilot 11 | ]; 12 | }; 13 | }; 14 | }; 15 | }; 16 | 17 | nixpkgs.allowedUnfreePackages = [ 18 | "gh-copilot" 19 | ]; 20 | } 21 | -------------------------------------------------------------------------------- /modules/dev/git/git.nix: -------------------------------------------------------------------------------- 1 | topLevel@{ 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules = { 7 | homeManager.dev = 8 | { config, ... }: 9 | { 10 | programs = { 11 | git = { 12 | enable = true; 13 | userName = topLevel.config.flake.meta.users.${config.home.username}.name; 14 | userEmail = topLevel.config.flake.meta.users.${config.home.username}.email; 15 | ignores = [ 16 | ".direnv" 17 | ]; 18 | aliases = { 19 | ll = "log --stat --abbrev-commit"; 20 | co = "checkout"; 21 | patch = "format-patch --stdout HEAD~1"; 22 | rpatch = "reset --hard HEAD~1"; 23 | lgg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; 24 | lol = "log --graph --decorate --pretty=oneline --abbrev-commit"; 25 | lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all"; 26 | clb = "!/home/user/bin/git-clean-local-branches"; 27 | pf = "push --force-with-lease"; 28 | rewrite = "rebase - x 'git commit - -amend - C HEAD - -date=\"$(date -R)\" && sleep 1.05'"; 29 | # From https://gist.github.com/pksunkara/988716 30 | a = "add --all"; 31 | ai = "add -i"; 32 | ############# 33 | ap = "apply"; 34 | as = "apply --stat"; 35 | ac = "apply --check"; 36 | ############# 37 | ama = "am --abort"; 38 | amr = "am --resolved"; 39 | ams = "am --skip"; 40 | ############# 41 | b = "branch"; 42 | ba = "branch -a"; 43 | bd = "branch -d"; 44 | bdd = "branch -D"; 45 | br = "branch -r"; 46 | bc = "rev-parse --abbrev-ref HEAD"; 47 | bu = ''!git rev-parse --abbrev-ref --symbolic-full-name "@{u}"''; 48 | recent-branches = "branch --sort=-committerdate"; 49 | ############# 50 | c = "commit"; 51 | ca = "commit -a"; 52 | cm = "commit -m"; 53 | cam = "commit -am"; 54 | cem = "commit --allow-empty -m"; 55 | cd = "commit --amend"; 56 | cad = "commit -a --amend"; 57 | ced = "commit --allow-empty --amend"; 58 | ############# 59 | cl = "clone"; 60 | cld = "clone --depth 1"; 61 | clg = "!sh -c 'git clone git://github.com/$1 $(basename $1)' -"; 62 | clgp = "!sh -c 'git clone git@github.com:$(git config --get user.username)/$1 $1' -"; 63 | ############# 64 | co-pr = "!sh -c 'git fetch origin refs/pull/$1/head:pull/$1 && git checkout pull/$1' -"; 65 | cp = "cherry-pick"; 66 | cpa = "cherry-pick --abort"; 67 | cpc = "cherry-pick --continue"; 68 | ############# 69 | d = "diff"; 70 | dp = "diff --patience"; 71 | dc = "diff --cached"; 72 | dk = "diff --check"; 73 | dck = "diff --cached --check"; 74 | dt = "difftool"; 75 | dct = "difftool --cached"; 76 | ############# 77 | f = "fetch"; 78 | fo = "fetch origin"; 79 | fu = "fetch upstream"; 80 | ############# 81 | fp = "format-patch"; 82 | ############# 83 | fk = "fsck"; 84 | ############# 85 | g = "grep -p"; 86 | ############# 87 | l = "log --oneline"; 88 | lg = "log --oneline --graph --decorate"; 89 | ############# 90 | ls = "ls-files"; 91 | lsf = "!git ls-files | grep -i"; 92 | ############# 93 | m = "merge"; 94 | ma = "merge --abort"; 95 | mc = "merge --continue"; 96 | ms = "merge --skip"; 97 | ############# 98 | o = "checkout"; 99 | ob = "checkout -b"; 100 | ############# 101 | pr = "prune -v"; 102 | ############# 103 | ps = "push"; 104 | psf = "push -f"; 105 | psu = "push -u"; 106 | pst = "push --tags"; 107 | ############# 108 | pso = "push origin"; 109 | psao = "push --all origin"; 110 | psfo = "push -f origin"; 111 | psuo = "push -u origin"; 112 | ############# 113 | psom = "push origin master"; 114 | psaom = "push --all origin master"; 115 | psfom = "push -f origin master"; 116 | psuom = "push -u origin master"; 117 | psoc = "!git push origin $(git bc)"; 118 | psaoc = "!git push --all origin $(git bc)"; 119 | psfoc = "!git push -f origin $(git bc)"; 120 | psuoc = "!git push -u origin $(git bc)"; 121 | psdc = "!git push origin :$(git bc)"; 122 | ############# 123 | pl = "pull"; 124 | pb = "pull --rebase"; 125 | ############# 126 | plo = "pull origin"; 127 | pbo = "pull --rebase origin"; 128 | plom = "pull origin master"; 129 | ploc = "!git pull origin $(git bc)"; 130 | pbom = "pull --rebase origin master"; 131 | pboc = "!git pull --rebase origin $(git bc)"; 132 | ############# 133 | plu = "pull upstream"; 134 | plum = "pull upstream master"; 135 | pluc = "!git pull upstream $(git bc)"; 136 | pbum = "pull --rebase upstream master"; 137 | pbuc = "!git pull --rebase upstream $(git bc)"; 138 | ############# 139 | rb = "rebase"; 140 | rba = "rebase --abort"; 141 | rbc = "rebase --continue"; 142 | rbi = "rebase --interactive"; 143 | rbs = "rebase --skip"; 144 | ############# 145 | re = "reset"; 146 | rh = "reset HEAD"; 147 | reh = "reset --hard"; 148 | rem = "reset --mixed"; 149 | res = "reset --soft"; 150 | rehh = "reset --hard HEAD"; 151 | remh = "reset --mixed HEAD"; 152 | resh = "reset --soft HEAD"; 153 | ############# 154 | r = "remote"; 155 | ra = "remote add"; 156 | rr = "remote rm"; 157 | rv = "remote -v"; 158 | rn = "remote rename"; 159 | rp = "remote prune"; 160 | rs = "remote show"; 161 | rao = "remote add origin"; 162 | rau = "remote add upstream"; 163 | rro = "remote remove origin"; 164 | rru = "remote remove upstream"; 165 | rso = "remote show origin"; 166 | rsu = "remote show upstream"; 167 | rpo = "remote prune origin"; 168 | rpu = "remote prune upstream"; 169 | ############# 170 | rmf = "rm -f"; 171 | rmrf = "rm -r -f"; 172 | ############# 173 | s = "status"; 174 | sb = "status -s -b"; 175 | ############# 176 | sa = "stash apply"; 177 | sc = "stash clear"; 178 | sd = "stash drop"; 179 | sl = "stash list"; 180 | sp = "stash pop"; 181 | ss = "stash save"; 182 | ssk = "stash save -k"; 183 | sw = "stash show"; 184 | st = "!git stash list | wc -l 2>/dev/null | grep -oEi '[0-9][0-9]*'"; 185 | ############# 186 | t = "tag"; 187 | td = "tag -d"; 188 | ############# 189 | w = "show"; 190 | wp = "show -p"; 191 | wr = "show -p --no-color"; 192 | ############# 193 | subadd = "!sh -c 'git submodule add git://github.com/$1 $2/$(basename $1)' -"; 194 | subup = "submodule update --init --recursive"; 195 | subpull = "!git submodule foreach git pull --tags origin master"; 196 | ############# 197 | assume = "update-index --assume-unchanged"; 198 | unassume = "update-index --no-assume-unchanged"; 199 | assumed = "!git ls -v | grep ^h | cut -c 3-"; 200 | unassumeall = "!git assumed | xargs git unassume"; 201 | assumeall = "!git status -s | awk {'print $2'} | xargs git assume"; 202 | ############# 203 | bump = ''!sh -c 'git commit -am "Version bump v$1" && git psuoc && git release $1' -''; 204 | release = "!sh -c 'git tag v$1 && git pst' -"; 205 | unrelease = "!sh -c 'git tag -d v$1 && git pso :v$1' -"; 206 | merged = "!sh -c 'git o master && git plom && git bd $1 && git rpo' -"; 207 | aliases = "!git config -l | grep alias | cut -c 7-"; 208 | snap = "!git stash save 'snapshot = $(date)' && git stash apply 'stash@{0}'"; 209 | bare = "!sh -c 'git symbolic-ref HEAD refs/heads/$1 && git rm --cached -r . && git clean -xfd' -"; 210 | whois = ''!sh -c 'git log -i -1 --author="$1" --pretty="format:%an <%ae>"' -''; 211 | serve = "daemon --reuseaddr --verbose --base-path=. --export-all ./.git"; 212 | ############# 213 | behind = "!git rev-list --left-only --count $(git bu)...HEAD"; 214 | ahead = "!git rev-list --right-only --count $(git bu)...HEAD"; 215 | ############# 216 | ours = "!f() { git checkout --ours $@ && git add $@; }; f"; 217 | theirs = "!f() { git checkout --theirs $@ && git add $@; }; f"; 218 | subrepo = "!sh -c 'git filter-branch --prune-empty --subdirectory-filter $1 master' -"; 219 | human = "name-rev --name-only --refs=refs/heads/*"; 220 | }; 221 | extraConfig = { 222 | branch = { 223 | autosetuprebase = "always"; 224 | }; 225 | color = { 226 | ui = "auto"; 227 | }; 228 | core = { 229 | autocrlf = "input"; 230 | editor = "micro"; 231 | safecrlf = "warn"; 232 | excludesfile = "~/.gitignore_global"; 233 | }; 234 | diff = { 235 | mnemonicprefix = true; 236 | }; 237 | include = { 238 | path = "~/.gitconfig.local"; 239 | }; 240 | init = { 241 | defaultBranch = "main"; 242 | }; 243 | merge = { 244 | conflictstyle = "diff3"; 245 | commit = "no"; 246 | ff = "no"; 247 | tool = "splice"; 248 | }; 249 | push = { 250 | autoSetupRemote = true; 251 | default = "current"; 252 | }; 253 | pull = { 254 | default = "matching"; 255 | rebase = true; 256 | }; 257 | rebase = { 258 | instructionFormat = "(%an <%ae>) %s"; 259 | updateRefs = true; 260 | }; 261 | rerere = { 262 | enabled = true; 263 | }; 264 | sequence = { 265 | editor = "code --wait"; 266 | }; 267 | signing = { 268 | signByDefault = true; 269 | key = topLevel.config.flake.meta.users.${config.home.username}.key; 270 | }; 271 | commit = { 272 | gpgsign = true; 273 | }; 274 | }; 275 | }; 276 | }; 277 | }; 278 | }; 279 | } 280 | -------------------------------------------------------------------------------- /modules/dev/git/gpg.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.dev = { 4 | programs = { 5 | gpg = { 6 | enable = true; 7 | settings = { 8 | default-key = "0AAF2901E8040715"; 9 | }; 10 | }; 11 | }; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/dev/git/jujutsu.nix: -------------------------------------------------------------------------------- 1 | topLevel@{ 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules = { 7 | homeManager.dev = 8 | { pkgs, config, ... }: 9 | { 10 | home.packages = [ 11 | pkgs.watchman 12 | ]; 13 | programs = { 14 | jujutsu = { 15 | enable = true; 16 | settings = { 17 | core = { 18 | fsmonitor = "watchman"; 19 | watchman.register-snapshot-trigger = true; 20 | }; 21 | 22 | snapshot.max-new-file-size = "15M"; 23 | 24 | user = { 25 | name = topLevel.config.flake.meta.users.${config.home.username}.name; 26 | email = topLevel.config.flake.meta.users.${config.home.username}.email; 27 | }; 28 | 29 | ui = { 30 | default-command = "l"; 31 | diff-editor = ":builtin"; 32 | graph.style = "square"; 33 | pager = ":builtin"; 34 | show-cryptographic-signatures = true; 35 | }; 36 | git = { 37 | private-commits = "description(glob:'wip:*') | description(glob:'private:*')"; 38 | auto-local-bookmark = true; 39 | fetch = [ 40 | "origin" 41 | ]; 42 | write-change-id-header = true; 43 | }; 44 | revset-aliases = { 45 | "immutable_heads()" = "trunk() | tags() | remote_bookmarks(remote=origin)"; 46 | "closest_bookmark(to)" = "heads(::to & bookmarks())"; 47 | "closest_pushable(to)" = 48 | "heads(::to & mutable() & ~description(exact:\"\") & (~empty() | merges()))"; 49 | # Source: https://github.com/bryceberger/config/blob/38c6caf0823517b5423b2ca2a25f7fd79d445e0e/home/jj/config.toml 50 | "mine()" = "author(exact:'@name@') | author(exact:'@email@')"; 51 | "wip()" = "description(glob:'wip:*')"; 52 | "private()" = "description(glob:'private:*')"; 53 | "stack()" = "ancestors(mutable() & (..@ | @::), 2)"; 54 | "stack(x)" = "ancestors(mutable() & (..x | x::), 2)"; 55 | "stack(x, n)" = "ancestors(mutable() & (..x | x::), n)"; 56 | "streams()" = "heads(::@ & bookmarks())"; 57 | "streams(x)" = "heads(::x & bookmarks())"; 58 | "base_point(x)" = "heads(immutable_heads() & ::x)"; 59 | "open()" = "stack(trunk().. & mine(), 2)"; 60 | "open(n)" = "stack(trunk().. & mine(), n)"; 61 | "why_immutable(r)" = "(r & immutable()) | roots(r:: & immutable_heads())"; 62 | }; 63 | revsets = { 64 | log = '' 65 | none() 66 | | base_point(@) 67 | | ancestors(@, 10) & trunk()..@ 68 | | trunk() 69 | | bookmarks() 70 | | mutable() & visible_heads() 71 | | fork_point(mutable() & visible_heads()) 72 | | (mutable() & merges())- 73 | ''; 74 | short-prefixes = "stack(@)"; 75 | }; 76 | 77 | template-aliases = { 78 | "link(target, text)" = 79 | ''raw_escape_sequence("\x1b]8;;" ++ target ++ "\x1b\\") ++ label("text link", text) ++ raw_escape_sequence("\x1b]8;;\x1b\\")''; 80 | "italic(text)" = ''raw_escape_sequence("\x1b[3m") ++ text ++ raw_escape_sequence("\x1b[23m")''; 81 | "dim(text)" = ''raw_escape_sequence("\x1b[2m") ++ text ++ raw_escape_sequence("\x1b[22m")''; 82 | 83 | "commit_description_verbose(commit)" = '' 84 | concat( 85 | commit_description(commit), 86 | "JJ: ignore-rest\n", 87 | diff.git(), 88 | ) 89 | ''; 90 | "commit_description(commit)" = '' 91 | concat( 92 | commit.description(), "\n", 93 | "JJ: This commit contains the following changes:\n", 94 | indent("JJ: ", diff.stat(72)), 95 | ) 96 | ''; 97 | 98 | annotate_header = '' 99 | if(first_line_in_hunk, surround("\n", "\n", separate("\n", 100 | separate(" ", 101 | format_short_change_id_with_hidden_and_divergent_info(commit), 102 | format_short_id(commit.commit_id()), 103 | format_short_cryptographic_signature(commit.signature()), 104 | commit.description().first_line(), 105 | ), 106 | commit_timestamp(commit).local().format('%Y-%m-%d %H:%M:%S') 107 | ++ " " 108 | ++ commit.author(), 109 | ))) ++ pad_start(4, line_number) ++ ": " ++ content 110 | ''; 111 | 112 | # 00000000 ........ yyyy-mm-dd HH:MM:SS 1: 113 | annotate = '' 114 | if(first_line_in_hunk, 115 | separate(" ", 116 | format_short_id(commit.change_id()), 117 | pad_end(8, truncate_end(8, commit.author().email().local())), 118 | commit_timestamp(commit).local().format('%Y-%m-%d %H:%M:%S'), 119 | ), 120 | pad_end(37, ""), 121 | ) ++ pad_start(4, line_number) ++ ": " ++ content 122 | ''; 123 | 124 | "format_commit_info(commit)" = '' 125 | separate(" ", 126 | format_short_change_id_with_hidden_and_divergent_info(commit), 127 | format_short_id(commit.commit_id()), 128 | format_short_cryptographic_signature(commit.signature()), 129 | )''; 130 | 131 | "format_commit_bookmarks(commit)" = '' 132 | separate(" ", 133 | commit.working_copies(), 134 | commit.tags(), 135 | commit.bookmarks(), 136 | )''; 137 | 138 | "format_description(commit)" = '' 139 | separate(" ", 140 | if(empty, label("empty", "(empty)")), 141 | coalesce( 142 | if(commit.description(), 143 | truncate_end(48, commit.description().first_line(), " [...]"), 144 | if(!empty, label("description placeholder", "(no description)")), 145 | ) 146 | ) 147 | )''; 148 | 149 | "format_author(commit)" = '' 150 | separate(" ", 151 | commit.author().email(), 152 | commit.author().name(), 153 | ) 154 | ''; 155 | 156 | "format_commit_date(commit)" = '' 157 | separate(" ", 158 | commit_timestamp(commit).local().format('%Y-%m-%d %H:%M:%S'), 159 | ) 160 | ''; 161 | 162 | default_log = '' 163 | separate(" ", 164 | format_commit_info(self), 165 | format_commit_bookmarks(self), 166 | format_description(self), 167 | format_author(self), 168 | format_commit_date(self), 169 | )''; 170 | }; 171 | 172 | templates = { 173 | draft_commit_description = "commit_description(self)"; 174 | 175 | file_annotate = "annotate_header"; 176 | 177 | log = "default_log"; 178 | log_node = '' 179 | label("node", coalesce( 180 | if(!self, label("elided", "~")), 181 | label( 182 | separate(" ", 183 | if(current_working_copy, "working_copy"), 184 | if(conflict, "conflict"), 185 | if(immutable, "immutable"), 186 | if(description.starts_with("wip:"), "wip"), 187 | if(description.starts_with("private:"), "wip"), 188 | ), 189 | coalesce( 190 | if(current_working_copy, "@"), 191 | if(conflict, "x"), 192 | if(immutable, "◆"), 193 | if(description.starts_with("wip:"), "!"), 194 | if(description.starts_with("private:"), "◇"), 195 | "○", 196 | ) 197 | ) 198 | )) 199 | ''; 200 | }; 201 | 202 | aliases = { 203 | tug = [ 204 | "bookmark" 205 | "move" 206 | "--from" 207 | "closest_bookmark(@)" 208 | "--to" 209 | "closest_pushable(@)" 210 | ]; 211 | ds = [ 212 | "diff" 213 | "--stat" 214 | ]; 215 | dv = [ 216 | "--config=templates.draft_commit_description=commit_description_verbose(self)" 217 | "describe" 218 | ]; 219 | # Too slow - TODO investigate why 220 | # l = ["log" "-T" "builtin_log_compact"]; 221 | # ll = ["log" "-T" "builtin_log_detailed"]; 222 | l = [ 223 | "log" 224 | "-r" 225 | "all()" 226 | ]; 227 | ll = [ 228 | "log" 229 | "-r" 230 | "all()" 231 | "-T" 232 | "builtin_log_detailed" 233 | ]; 234 | xl = [ 235 | "log" 236 | "-T" 237 | "builtin_log_detailed" 238 | ]; 239 | evolve = [ 240 | "rebase" 241 | "--skip-empty" 242 | "-d" 243 | "main" 244 | ]; 245 | streams = [ 246 | "log" 247 | "--no-graph" 248 | "-r" 249 | "streams()" 250 | "-T" 251 | "bookmarks.map(|b| b ++ ' ')" 252 | ]; 253 | open = [ 254 | "log" 255 | "-r" 256 | "open()" 257 | ]; 258 | stack = [ 259 | "log" 260 | "-r" 261 | "stack()" 262 | ]; 263 | s = [ "stack" ]; 264 | yank = [ 265 | "rebase" 266 | "--skip-emptied" 267 | "-s" 268 | "all:roots(mutable() & mine())" 269 | "-d" 270 | "trunk()" 271 | ]; 272 | }; 273 | }; 274 | }; 275 | }; 276 | }; 277 | }; 278 | } 279 | -------------------------------------------------------------------------------- /modules/dev/git/lazygit.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.dev = { 4 | programs = { 5 | lazygit = { 6 | enable = true; 7 | settings = { 8 | git.overrideGpg = true; 9 | }; 10 | }; 11 | }; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/dev/git/mergiraf.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.dev = { 4 | programs.mergiraf = { 5 | enable = true; 6 | }; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/dev/languages/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.dev = 4 | { pkgs, ... }: 5 | { 6 | home.packages = with pkgs; [ 7 | nixpkgs-review 8 | ]; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/dev/xdg.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.homeManager.dev = 3 | { config, ... }: 4 | { 5 | xdg = { 6 | userDirs = { 7 | extraConfig = { 8 | XDG_CODE_DIR = "${config.home.homeDirectory}/Code"; 9 | }; 10 | }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/email/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.homeManager.email = 3 | { pkgs, ... }: 4 | { 5 | home.packages = with pkgs; [ 6 | kdePackages.accounts-qt 7 | kdePackages.kaccounts-integration 8 | kdePackages.kaccounts-providers 9 | kdePackages.kaddressbook 10 | kdePackages.kauth 11 | kdePackages.kmail 12 | kdePackages.kmail-account-wizard 13 | kdePackages.kmailtransport 14 | kdePackages.kontact 15 | kdePackages.korganizer 16 | ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/facter/facter.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | flake.modules = { 4 | nixos.facter = { 5 | imports = [ inputs.nixos-facter-modules.nixosModules.facter ]; 6 | facter.detected.dhcp.enable = false; 7 | }; 8 | 9 | homeManager.facter = 10 | { pkgs, ... }: 11 | { 12 | home.packages = with pkgs; [ nixos-facter ]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /modules/flake-parts/flake-parts.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | imports = [ inputs.flake-parts.flakeModules.modules ]; 4 | } 5 | -------------------------------------------------------------------------------- /modules/flake-parts/flake.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | options.flake.meta = lib.mkOption { 4 | type = with lib.types; lazyAttrsOf anything; 5 | }; 6 | 7 | config.flake.meta.uri = "github:drupol/infra"; 8 | } 9 | -------------------------------------------------------------------------------- /modules/flake-parts/fmt.nix: -------------------------------------------------------------------------------- 1 | { inputs, lib, ... }: 2 | { 3 | imports = [ inputs.treefmt-nix.flakeModule ]; 4 | 5 | perSystem = 6 | { self', ... }: 7 | { 8 | treefmt = { 9 | projectRootFile = "flake.nix"; 10 | programs = { 11 | jsonfmt.enable = true; 12 | nixfmt.enable = true; 13 | prettier.enable = true; 14 | shfmt.enable = true; 15 | yamlfmt.enable = true; 16 | }; 17 | settings = { 18 | on-unmatched = "fatal"; 19 | global.excludes = [ 20 | "*.envrc" 21 | ".editorconfig" 22 | "*.directory" 23 | "*.face" 24 | "*.fish" 25 | "*.png" 26 | "*.toml" 27 | "*.svg" 28 | "*.xml" 29 | "*/.gitignore" 30 | "_to_migrate/*" 31 | "LICENSE" 32 | ]; 33 | }; 34 | }; 35 | 36 | pre-commit.settings.hooks.nix-fmt = { 37 | enable = true; 38 | entry = lib.getExe self'.formatter; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/flake-parts/git-hooks.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | imports = [ 4 | inputs.git-hooks.flakeModule 5 | inputs.make-shell.flakeModules.default 6 | ]; 7 | 8 | perSystem = 9 | { config, ... }: 10 | { 11 | pre-commit.check.enable = false; 12 | make-shells.default.shellHook = config.pre-commit.installationScript; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/flake-parts/host-machines.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | lib, 4 | config, 5 | ... 6 | }: 7 | let 8 | prefix = "hosts/"; 9 | collectHostsModules = modules: lib.filterAttrs (name: _: lib.hasPrefix prefix name) modules; 10 | in 11 | { 12 | flake.nixosConfigurations = lib.pipe (collectHostsModules config.flake.modules.nixos) [ 13 | (lib.mapAttrs' ( 14 | name: module: 15 | let 16 | specialArgs = { 17 | inherit inputs; 18 | hostConfig = module // { 19 | name = lib.removePrefix prefix name; 20 | }; 21 | }; 22 | in 23 | { 24 | name = lib.removePrefix prefix name; 25 | value = inputs.nixpkgs.lib.nixosSystem { 26 | inherit specialArgs; 27 | modules = module.imports ++ [ 28 | inputs.home-manager.nixosModules.home-manager 29 | { 30 | home-manager.extraSpecialArgs = specialArgs; 31 | } 32 | ]; 33 | }; 34 | } 35 | )) 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /modules/flake-parts/nixpkgs.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | withSystem, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | inputs.pkgs-by-name-for-flake-parts.flakeModule 9 | ]; 10 | 11 | perSystem = 12 | { system, ... }: 13 | { 14 | _module.args.pkgs = import inputs.nixpkgs { 15 | inherit system; 16 | config = { 17 | allowUnfreePredicate = pkg: true; 18 | }; 19 | overlays = [ 20 | (final: prev: { 21 | master = import inputs.nixpkgs-master { 22 | inherit (final) config; 23 | inherit system; 24 | }; 25 | }) 26 | (final: prev: { 27 | unstable = import inputs.nixpkgs-unstable { 28 | inherit (final) config; 29 | inherit system; 30 | }; 31 | }) 32 | inputs.nix-webapps.overlays.lib 33 | inputs.deploy-rs.overlays.default 34 | ]; 35 | }; 36 | pkgsDirectory = ../../pkgs/by-name; 37 | }; 38 | 39 | flake = { 40 | overlays.default = 41 | final: prev: 42 | withSystem prev.stdenv.hostPlatform.system ( 43 | { config, ... }: 44 | { 45 | local = config.packages; 46 | } 47 | ); 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /modules/flake-parts/unfree-packages.nix: -------------------------------------------------------------------------------- 1 | { lib, config, ... }: 2 | { 3 | options.nixpkgs.allowedUnfreePackages = lib.mkOption { 4 | type = lib.types.listOf lib.types.str; 5 | default = [ ]; 6 | }; 7 | 8 | config.flake = { 9 | modules = 10 | let 11 | predicate = pkg: builtins.elem (lib.getName pkg) config.nixpkgs.allowedUnfreePackages; 12 | in 13 | { 14 | nixos.base.nixpkgs.config.allowUnfreePredicate = predicate; 15 | 16 | homeManager.base = args: { 17 | nixpkgs.config = { 18 | allowUnfreePredicate = predicate; 19 | }; 20 | }; 21 | }; 22 | 23 | meta.nixpkgs.allowedUnfreePackages = config.nixpkgs.allowedUnfreePackages; 24 | }; 25 | 26 | } 27 | -------------------------------------------------------------------------------- /modules/fwupd/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.fwupd = { 3 | services = { 4 | fwupd = { 5 | enable = true; 6 | }; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/games/enemy-territory.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.games = 4 | { pkgs, ... }: 5 | { 6 | home.packages = with pkgs; [ 7 | etlegacy 8 | ]; 9 | }; 10 | }; 11 | 12 | nixpkgs.allowedUnfreePackages = [ 13 | "etlegacy" 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /modules/guacamole/guacamole.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.guacamole = { 3 | services.guacamole-server = { 4 | enable = true; 5 | host = "127.0.0.1"; 6 | userMappingXml = ./user-mapping.xml; 7 | }; 8 | 9 | services.guacamole-client = { 10 | enable = true; 11 | settings = { 12 | guacd-port = 4822; 13 | guacd-hostname = "localhost"; 14 | }; 15 | }; 16 | 17 | services.caddy = { 18 | enable = true; 19 | virtualHosts."0.0.0.0:80".extraConfig = '' 20 | handle_path /* { 21 | rewrite * /guacamole{path} 22 | reverse_proxy 127.0.0.1:8080 { 23 | flush_interval -1 24 | } 25 | } 26 | ''; 27 | }; 28 | 29 | services.xrdp = { 30 | enable = true; 31 | defaultWindowManager = "startplasma-x11"; 32 | openFirewall = true; 33 | }; 34 | 35 | networking = { 36 | firewall = { 37 | allowedTCPPorts = [ 38 | 80 39 | 443 40 | ]; 41 | }; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /modules/guacamole/user-mapping.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | rdp 5 | 127.0.0.1 6 | 3389 7 | true 8 | 9 | 10 | 11 | ssh 12 | 127.0.0.1 13 | 22 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /modules/hosts/nixos/boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/nixos" = { 7 | boot = { 8 | # Use the GRUB 2 boot loader. 9 | loader.grub.enable = true; 10 | # boot.loader.grub.efiSupport = true; 11 | # boot.loader.grub.efiInstallAsRemovable = true; 12 | # boot.loader.efi.efiSysMountPoint = "/boot/efi"; 13 | # Define on which hard drive you want to install Grub. 14 | loader.grub.device = "/dev/sda"; # or "nodev" for efi only 15 | kernel = { 16 | sysctl = { 17 | "net.ipv4.conf.all.forwarding" = lib.mkForce true; 18 | "net.ipv6.conf.all.forwarding" = lib.mkForce true; 19 | }; 20 | }; 21 | 22 | initrd.availableKernelModules = [ 23 | "xhci_pci" 24 | "ehci_pci" 25 | "ahci" 26 | "usbhid" 27 | "usb_storage" 28 | "sd_mod" 29 | "sr_mod" 30 | ]; 31 | 32 | kernelModules = [ "kvm-intel" ]; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /modules/hosts/nixos/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/nixos".imports = 7 | with (config.flake.modules.nixos); 8 | [ 9 | # Modules 10 | base 11 | ai 12 | dev 13 | facter 14 | openssh 15 | shell 16 | vpn 17 | 18 | # Users 19 | root 20 | pol 21 | ] 22 | # Specific Home-Manager modules 23 | ++ [ 24 | { 25 | home-manager.users.pol.imports = with config.flake.modules.homeManager; [ 26 | base 27 | dev 28 | facter 29 | shell 30 | vpn 31 | ]; 32 | } 33 | ]; 34 | } 35 | -------------------------------------------------------------------------------- /modules/hosts/nixos/facter.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/nixos".facter.reportPath = ./facter.json; 3 | } 4 | -------------------------------------------------------------------------------- /modules/hosts/nixos/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/nixos" = { 3 | fileSystems."/" = { 4 | device = "/dev/disk/by-uuid/7bb30cda-a7fd-4f83-9cea-a4a80ede8a6e"; 5 | fsType = "ext4"; 6 | }; 7 | 8 | fileSystems."/home" = { 9 | device = "/dev/disk/by-uuid/661a3104-2529-42d8-85fa-36249b1fda5d"; 10 | fsType = "ext4"; 11 | }; 12 | 13 | fileSystems."/boot" = { 14 | device = "/dev/disk/by-uuid/1f4fd44f-280a-452a-9a48-e0b8e402e680"; 15 | fsType = "ext4"; 16 | }; 17 | 18 | swapDevices = [ { device = "/dev/disk/by-uuid/87129bb6-05de-4828-8031-2673a2be7ed4"; } ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/hosts/nixos/networking.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/nixos" = { 3 | networking = { 4 | interfaces.eno1.useDHCP = true; 5 | }; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /modules/hosts/x13/boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x13".boot = { 3 | loader = { 4 | systemd-boot.enable = true; 5 | efi.canTouchEfiVariables = true; 6 | efi.efiSysMountPoint = "/boot/efi"; 7 | }; 8 | 9 | initrd = { 10 | availableKernelModules = [ 11 | "xhci_pci" 12 | "thunderbolt" 13 | "nvme" 14 | "usb_storage" 15 | "sd_mod" 16 | ]; 17 | }; 18 | 19 | kernelModules = [ "kvm-intel" ]; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /modules/hosts/x13/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/x13".imports = 7 | # Import the nixos modules for the host `x13`. 8 | with (config.flake.modules.nixos); 9 | [ 10 | # Modules 11 | base 12 | bluetooth 13 | desktop 14 | displaylink 15 | dev 16 | facter 17 | fwupd 18 | shell 19 | sound 20 | vpn 21 | virtualisation 22 | 23 | # Users 24 | root 25 | pol 26 | ] 27 | # Specific Home-Manager modules 28 | ++ [ 29 | { 30 | home-manager.users.pol.imports = with config.flake.modules.homeManager; [ 31 | base 32 | desktop 33 | dev 34 | email 35 | facter 36 | messaging 37 | games 38 | shell 39 | vpn 40 | work 41 | ]; 42 | } 43 | ]; 44 | } 45 | -------------------------------------------------------------------------------- /modules/hosts/x13/facter.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x13".facter.reportPath = ./facter.json; 3 | } 4 | -------------------------------------------------------------------------------- /modules/hosts/x13/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x13" = { 3 | fileSystems."/" = { 4 | device = "/dev/disk/by-uuid/204faa11-b822-4a93-a1ce-9aad34208909"; 5 | fsType = "ext4"; 6 | }; 7 | 8 | fileSystems."/boot/efi" = { 9 | device = "/dev/disk/by-uuid/9C5C-728F"; 10 | fsType = "vfat"; 11 | }; 12 | 13 | fileSystems."/home" = { 14 | device = "/dev/disk/by-uuid/5ebb905e-0d3e-4e43-ac34-7038c7bbdef7"; 15 | fsType = "ext4"; 16 | }; 17 | 18 | fileSystems."/nix" = { 19 | device = "/dev/disk/by-uuid/5b4f6c73-28b0-4792-bda6-c407d8a75a78"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | swapDevices = [ { device = "/dev/disk/by-uuid/4d6748a8-dddc-40c5-86ed-04bd3c75c9c0"; } ]; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/hosts/x13/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/x13" = { 7 | imports = with inputs.nixos-hardware.nixosModules; [ 8 | common-pc-ssd 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/hosts/x13/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x13" = { 3 | programs = { 4 | noisetorch = { 5 | enable = true; 6 | }; 7 | projecteur = { 8 | enable = true; 9 | }; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /modules/hosts/x13/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x13" = { 3 | services = { 4 | xserver = { 5 | xkb = { 6 | layout = "gb"; 7 | }; 8 | }; 9 | thermald.enable = true; 10 | avahi.enable = true; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/hosts/x13/virtualisation.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x13" = { 3 | virtualisation = { 4 | containers.storage.settings = { 5 | storage = { 6 | driver = "overlay"; 7 | graphroot = "/home/pol/.podman/var/lib/containers/storage"; 8 | runroot = "/home/pol/.podman/run/containers/storage"; 9 | }; 10 | }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/hosts/x260/boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x260".boot = { 3 | loader = { 4 | systemd-boot.enable = true; 5 | efi.canTouchEfiVariables = true; 6 | }; 7 | 8 | initrd.availableKernelModules = [ 9 | "xhci_pci" 10 | "ahci" 11 | "usb_storage" 12 | "sd_mod" 13 | "rtsx_pci_sdmmc" 14 | ]; 15 | 16 | kernelModules = [ "kvm-intel" ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/hosts/x260/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/x260".imports = 7 | with (config.flake.modules.nixos); 8 | [ 9 | # Modules 10 | base 11 | bluetooth 12 | desktop 13 | dev 14 | facter 15 | fwupd 16 | shell 17 | sound 18 | vpn 19 | 20 | # Users 21 | root 22 | pol 23 | ] 24 | # Specific Home-Manager modules 25 | ++ [ 26 | { 27 | home-manager.users.pol.imports = with config.flake.modules.homeManager; [ 28 | base 29 | desktop 30 | dev 31 | facter 32 | shell 33 | vpn 34 | ]; 35 | } 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /modules/hosts/x260/facter.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x260".facter.reportPath = ./facter.json; 3 | } 4 | -------------------------------------------------------------------------------- /modules/hosts/x260/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x260" = { 3 | fileSystems."/" = { 4 | device = "/dev/disk/by-uuid/0441f1d3-2c4c-4038-a76b-b3b4beb755f9"; 5 | fsType = "ext4"; 6 | }; 7 | 8 | fileSystems."/boot" = { 9 | device = "/dev/disk/by-uuid/7104-F69A"; 10 | fsType = "vfat"; 11 | }; 12 | 13 | fileSystems."/nix" = { 14 | device = "/dev/disk/by-uuid/1c6de7e9-6a0d-47c5-ac8b-47f0ba6eecc2"; 15 | fsType = "ext4"; 16 | neededForBoot = true; 17 | options = [ "noatime" ]; 18 | }; 19 | 20 | fileSystems."/home" = { 21 | device = "/dev/disk/by-uuid/2523be1d-4020-4442-b6c6-6983137be565"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | swapDevices = [ { device = "/dev/disk/by-uuid/d71fd11a-2609-4c3f-abc2-5ab794180d89"; } ]; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/hosts/x260/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x260" = { 3 | services = { 4 | xserver = { 5 | xkb = { 6 | layout = "be"; 7 | }; 8 | }; 9 | thermald.enable = true; 10 | avahi.enable = true; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/hosts/x280/boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x280".boot = { 3 | loader = { 4 | systemd-boot.enable = true; 5 | efi.canTouchEfiVariables = true; 6 | efi.efiSysMountPoint = "/boot/efi"; 7 | }; 8 | 9 | initrd.availableKernelModules = [ 10 | "xhci_pci" 11 | "nvme" 12 | "usb_storage" 13 | "sd_mod" 14 | ]; 15 | initrd.kernelModules = [ ]; 16 | kernelModules = [ "kvm-intel" ]; 17 | extraModulePackages = [ ]; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /modules/hosts/x280/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/x280".imports = 7 | with (config.flake.modules.nixos); 8 | [ 9 | # Modules 10 | base 11 | bluetooth 12 | desktop 13 | dev 14 | facter 15 | fwupd 16 | shell 17 | sound 18 | vpn 19 | 20 | # Users 21 | root 22 | pol 23 | ] 24 | # Specific Home-Manager modules 25 | ++ [ 26 | { 27 | home-manager.users.pol.imports = with config.flake.modules.homeManager; [ 28 | base 29 | desktop 30 | dev 31 | facter 32 | shell 33 | vpn 34 | ]; 35 | } 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /modules/hosts/x280/facter.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x280".facter.reportPath = ./facter.json; 3 | } 4 | -------------------------------------------------------------------------------- /modules/hosts/x280/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x280" = { 3 | fileSystems."/" = { 4 | device = "/dev/disk/by-uuid/89a4586a-eefb-4dd4-bf06-3953902edc1e"; 5 | fsType = "ext4"; 6 | }; 7 | 8 | fileSystems."/boot/efi" = { 9 | device = "/dev/disk/by-uuid/155B-2355"; 10 | fsType = "vfat"; 11 | }; 12 | 13 | fileSystems."/home" = { 14 | device = "/dev/disk/by-uuid/ce407b75-260e-47f0-822e-1984866571db"; 15 | fsType = "ext4"; 16 | }; 17 | 18 | fileSystems."/nix" = { 19 | device = "/dev/disk/by-uuid/c56d5d01-df37-471e-8827-dc193ceb182b"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | swapDevices = [ { device = "/dev/disk/by-uuid/005040e5-7773-438e-8ede-f3f63a242d7d"; } ]; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/hosts/x280/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/x280" = { 3 | services = { 4 | xserver = { 5 | xkb = { 6 | layout = "be"; 7 | }; 8 | }; 9 | thermald.enable = true; 10 | avahi.enable = true; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/hosts/xeonixos/boot.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/xeonixos" = { 7 | boot = { 8 | # Use the GRUB 2 boot loader. 9 | loader.grub.enable = true; 10 | loader.grub.device = "/dev/sdb"; 11 | loader.grub.useOSProber = false; 12 | 13 | # boot.loader.grub.efiSupport = true; 14 | # boot.loader.grub.efiInstallAsRemovable = true; 15 | # boot.loader.efi.efiSysMountPoint = "/boot/efi"; 16 | kernel = { 17 | sysctl = { 18 | "net.ipv4.conf.all.forwarding" = lib.mkForce true; 19 | "net.ipv6.conf.all.forwarding" = lib.mkForce true; 20 | }; 21 | }; 22 | 23 | initrd.availableKernelModules = [ 24 | "ehci_pci" 25 | "ahci" 26 | "xhci_pci" 27 | "firewire_ohci" 28 | "usb_storage" 29 | "usbhid" 30 | "sd_mod" 31 | ]; 32 | 33 | kernelModules = [ "kvm-intel" ]; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /modules/hosts/xeonixos/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: 5 | { 6 | flake.modules.nixos."hosts/xeonixos".imports = 7 | with (config.flake.modules.nixos); 8 | [ 9 | # Modules 10 | base 11 | desktop 12 | dev 13 | facter 14 | guacamole 15 | openssh 16 | shell 17 | virtualisation 18 | vpn 19 | 20 | # Users 21 | root 22 | pol 23 | ] 24 | # Specific Home-Manager modules 25 | ++ [ 26 | { 27 | home-manager.users.pol.imports = with config.flake.modules.homeManager; [ 28 | base 29 | desktop 30 | dev 31 | facter 32 | shell 33 | vpn 34 | ]; 35 | } 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /modules/hosts/xeonixos/facter.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/xeonixos".facter.reportPath = ./facter.json; 3 | } 4 | -------------------------------------------------------------------------------- /modules/hosts/xeonixos/fileSystems.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos."hosts/xeonixos" = { 3 | fileSystems."/" = { 4 | device = "/dev/disk/by-uuid/6fb8e36f-069c-43db-a843-1e345b17ec04"; 5 | fsType = "ext4"; 6 | }; 7 | 8 | swapDevices = [ 9 | { device = "/dev/disk/by-uuid/f70058b0-0600-4a7c-a226-37bf10eb307d"; } 10 | ]; 11 | 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/hosts/xeonixos/nvidia.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | flake.modules.nixos."hosts/xeonixos" = 4 | { config, pkgs, ... }: 5 | { 6 | hardware.nvidia.open = false; 7 | services.xserver.videoDrivers = [ "nvidia" ]; 8 | hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_390; 9 | boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_12; 10 | 11 | nixpkgs.config.nvidia.acceptLicense = true; 12 | }; 13 | 14 | nixpkgs.allowedUnfreePackages = [ 15 | "nvidia-x11-390" 16 | "nvidia-x11" 17 | "nvidia-settings" 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /modules/messaging/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: 5 | { 6 | flake.modules = { 7 | homeManager.messaging = 8 | { pkgs, ... }: 9 | { 10 | nixpkgs.overlays = [ 11 | inputs.self.overlays.default 12 | ]; 13 | 14 | home.packages = [ 15 | pkgs.local.chromium-discord 16 | pkgs.local.chromium-element 17 | pkgs.local.chromium-meet 18 | pkgs.local.chromium-protonmail 19 | pkgs.local.chromium-teams 20 | pkgs.local.chromium-telegram 21 | pkgs.signal-desktop 22 | ]; 23 | }; 24 | 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /modules/openssh/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.openssh = { 3 | services = { 4 | openssh = { 5 | enable = true; 6 | openFirewall = true; 7 | settings = { 8 | X11Forwarding = true; 9 | }; 10 | }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/shell/bat.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | bat = { 6 | enable = true; 7 | }; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/shell/bottom.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | bottom = { 6 | enable = true; 7 | }; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/shell/direnv.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | direnv = { 6 | enable = true; 7 | config = { 8 | global = { 9 | hide_env_diff = true; 10 | }; 11 | }; 12 | nix-direnv.enable = true; 13 | }; 14 | }; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/shell/eza.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | eza = { 6 | enable = true; 7 | }; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/shell/fish.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | nixos.shell = { 4 | programs.fish.enable = true; 5 | }; 6 | 7 | homeManager.shell = 8 | { pkgs, ... }: 9 | { 10 | home.shell.enableFishIntegration = true; 11 | 12 | programs = { 13 | fish = { 14 | enable = true; 15 | plugins = [ 16 | { 17 | name = "autopair"; 18 | src = pkgs.fishPlugins.autopair; 19 | } 20 | ]; 21 | shellAliases = { 22 | ".." = "cd .."; 23 | "..." = "cd ../.."; 24 | cat = "bat"; 25 | ls = "eza"; 26 | grep = "rg"; 27 | }; 28 | functions = { 29 | fish_greeting = ""; 30 | }; 31 | }; 32 | }; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /modules/shell/fzf.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | fzf = { 6 | enable = true; 7 | }; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/shell/ghostty.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.homeManager.shell = { 3 | programs = { 4 | ghostty = { 5 | enable = true; 6 | enableFishIntegration = true; 7 | 8 | settings = { 9 | font-family = "Aporetic Sans Mono"; 10 | gtk-titlebar = false; 11 | gtk-adwaita = false; 12 | background-opacity = "0.95"; 13 | window-theme = "system"; 14 | }; 15 | }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/shell/htop.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | htop = { 6 | enable = true; 7 | }; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/shell/nix-your-shell.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | nix-your-shell = { 6 | enable = true; 7 | enableNushellIntegration = false; 8 | enableZshIntegration = false; 9 | }; 10 | }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /modules/shell/ripgrep.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | ripgrep = { 6 | enable = true; 7 | }; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/shell/starship.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | starship = { 6 | enable = true; 7 | enableTransience = true; 8 | settings = { 9 | custom.jj1 = { 10 | when = "jj root --ignore-working-copy"; 11 | detect_folders = [ ".jj" ]; 12 | ignore_timeout = true; 13 | format = "$output "; 14 | command = '' 15 | jj log --revisions @ --no-graph --ignore-working-copy --color always --limit 1 --template ' 16 | surround("[", "", 17 | separate(" ", 18 | change_id.shortest(), 19 | commit_id.shortest(), 20 | bookmarks, 21 | "|", 22 | concat( 23 | if(conflict, "💥"), 24 | if(divergent, "🚧"), 25 | if(hidden, "👻"), 26 | if(immutable, "🔒"), 27 | ), 28 | raw_escape_sequence("\x1b[1;32m") ++ if(empty, "(empty)"), 29 | raw_escape_sequence("\x1b[1;32m") ++ coalesce( 30 | truncate_end(29, description.first_line(), "..."), 31 | "(no description)", 32 | ) ++ raw_escape_sequence("\x1b[0m"), 33 | ) 34 | ) 35 | ' 36 | ''; 37 | }; 38 | 39 | custom.jj2 = { 40 | when = "jj root --ignore-working-copy"; 41 | detect_folders = [ ".jj" ]; 42 | ignore_timeout = true; 43 | format = "$output "; 44 | command = '' 45 | jj log --revisions "streams()" --no-graph --ignore-working-copy --color always --template ' 46 | surround("", "]", 47 | bookmarks 48 | ) 49 | ' 50 | ''; 51 | }; 52 | 53 | git_state = { 54 | disabled = true; 55 | }; 56 | 57 | git_status = { 58 | disabled = true; 59 | }; 60 | 61 | git_commit = { 62 | disabled = true; 63 | }; 64 | 65 | git_metrics = { 66 | disabled = true; 67 | }; 68 | 69 | git_branch = { 70 | disabled = true; 71 | }; 72 | }; 73 | }; 74 | }; 75 | }; 76 | }; 77 | } 78 | -------------------------------------------------------------------------------- /modules/shell/zoxide.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | homeManager.shell = { 4 | programs = { 5 | zoxide = { 6 | enable = true; 7 | enableFishIntegration = true; 8 | }; 9 | }; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /modules/sound/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.sound = { 3 | services = { 4 | pipewire = { 5 | enable = true; 6 | alsa.enable = true; 7 | alsa.support32Bit = true; 8 | pulse.enable = true; 9 | }; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /modules/systems/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | ... 4 | }: 5 | { 6 | systems = import inputs.systems; 7 | } 8 | -------------------------------------------------------------------------------- /modules/users/pol/default.nix: -------------------------------------------------------------------------------- 1 | topLevel@{ 2 | config, 3 | ... 4 | }: 5 | { 6 | flake = { 7 | meta.users = { 8 | pol = { 9 | email = "pol.dellaiera@protonmail.com"; 10 | name = "Pol Dellaiera"; 11 | username = "pol"; 12 | key = "0AAF2901E8040715"; 13 | authorizedKeys = [ 14 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfxTd6cA45DZPJsk3TmFmRPu1NQQ0XX0kow18mqFsLLaxiUQX1gsfW1kTVRGNh4s77StdsmnU/5oSQEXE6D8p3uEWCwNL74Sf4Lz4UyzSrsjyEEhNTQJromlgrVkf7N3wvEOakSZJICcpl05Z3UeResnkuZGSQ6zDVAKcB3KP1uYbR4SQGmWLHI1meznRkTDM5wHoiyWJnGpQjYVsRZT4LTUJwfhildAOx6ZIZUTsJrl35L2S81E6bv696CVGPvxV+PGbwGTavMYXfrSW4pqCnDPhQCLElQS4Od1qMicfYRSmk/W2oAKb8HZwFoWQSFUStF8ldQRnPyn2wiBQnhxnczt2jUhq1Uj6Nkq/edb1Ywgn7jlBR4BgRLD3K3oMvzJ/d3xDHjU56jc5lCA6lFLDMBV6Q9DKzMwL2jG3aQbehbUwTz7zbUwAHlCFIY5HGs4d9veXHyCsUikCLPvHL/hQU/vFRHHB7WNEyQJZK+ieOAW+un+1eF88iyKsOXE9y8PjLvXYcPHdzGaQKnqzEJSQcTUw9QSzOZQQpmpy8z6Lf08D2I4GHq1REp6d4krJOOW0gXadjsGEhLqQqWGnHE47QBPnlHlDWzOaf3UX59rFsl8xZDXoXzzwJ1stpeJx+Tn/uSNnaf44yXFyeFK/IDUeOrXYD4fSTLP1P/lCFCfeYqw== (none)" 15 | ]; 16 | }; 17 | }; 18 | 19 | modules.nixos.pol = 20 | { pkgs, ... }: 21 | { 22 | 23 | programs.fish.enable = true; 24 | 25 | users.users.pol = { 26 | description = config.flake.meta.users.pol.name; 27 | isNormalUser = true; 28 | createHome = true; 29 | extraGroups = [ 30 | "audio" 31 | "input" 32 | "networkmanager" 33 | "sound" 34 | "tty" 35 | "wheel" 36 | ]; 37 | shell = pkgs.fish; 38 | openssh.authorizedKeys.keys = config.flake.meta.users.pol.authorizedKeys; 39 | initialPassword = "id"; 40 | }; 41 | 42 | nix.settings.trusted-users = [ config.flake.meta.users.pol.username ]; 43 | 44 | home-manager.users.pol = 45 | { config, ... }: 46 | { 47 | home.file = { 48 | ".face" = { 49 | source = ../../../files/home/pol/.face; 50 | recursive = true; 51 | }; 52 | ".face.icon" = { 53 | source = ../../../files/home/pol/.face; 54 | recursive = true; 55 | }; 56 | "${config.xdg.configHome}/.password-store/.keep" = { 57 | text = ""; 58 | recursive = true; 59 | }; 60 | # Credits to https://store.kde.org/p/1272202 61 | "Pictures/Backgrounds/" = { 62 | source = ../../../files/home/pol/Pictures/Backgrounds; 63 | recursive = true; 64 | }; 65 | }; 66 | }; 67 | }; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /modules/users/root/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.root = 3 | { pkgs, ... }: 4 | { 5 | users.users.root = { 6 | shell = pkgs.fish; 7 | initialPassword = "id"; 8 | }; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /modules/virtualisation/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.virtualisation = { 3 | virtualisation = { 4 | oci-containers.backend = "podman"; 5 | 6 | containers.registries.search = [ 7 | "docker.io" 8 | ]; 9 | 10 | podman = { 11 | enable = true; 12 | defaultNetwork.settings = { 13 | dns_enabled = true; 14 | }; 15 | dockerCompat = true; 16 | dockerSocket.enable = true; 17 | 18 | autoPrune = { 19 | enable = true; 20 | flags = [ "--all" ]; 21 | dates = "weekly"; 22 | }; 23 | }; 24 | }; 25 | 26 | users.users.pol = { 27 | extraGroups = [ 28 | "podman" 29 | ]; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/vpn/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules = { 3 | nixos.vpn = { 4 | services.netbird = { 5 | enable = true; 6 | }; 7 | }; 8 | 9 | homeManager.vpn = 10 | { pkgs, ... }: 11 | { 12 | home.packages = with pkgs; [ 13 | netbird-ui 14 | ]; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/work/aws.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.homeManager.work = 3 | { pkgs, ... }: 4 | { 5 | home.packages = with pkgs; [ 6 | aws-workspaces 7 | ]; 8 | }; 9 | 10 | nixpkgs.allowedUnfreePackages = [ 11 | "aws-workspaces" 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /modules/work/displaylink.nix: -------------------------------------------------------------------------------- 1 | { 2 | flake.modules.nixos.displaylink = { 3 | services = { 4 | xserver = { 5 | videoDrivers = [ "displaylink" ]; 6 | }; 7 | }; 8 | }; 9 | 10 | nixpkgs.allowedUnfreePackages = [ 11 | "displaylink" 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-discord/discord-icon.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-discord/package.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | pkgs.nix-webapps-lib.mkChromiumApp { 4 | appName = "discord"; 5 | categories = [ 6 | "Network" 7 | "Chat" 8 | "InstantMessaging" 9 | ]; 10 | class = "chrome-discord.com__app-Default"; 11 | desktopName = "Discord"; 12 | icon = ./discord-icon.svg; 13 | url = "https://discord.com/app"; 14 | } 15 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-element/Element_logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-element/package.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | pkgs.nix-webapps-lib.mkChromiumApp { 4 | appName = "element"; 5 | categories = [ 6 | "Network" 7 | "Chat" 8 | "InstantMessaging" 9 | ]; 10 | class = "chrome-app.element.io__-Default"; 11 | desktopName = "Element"; 12 | icon = ./Element_logo.svg; 13 | url = "https://app.element.io"; 14 | } 15 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-meet/Google_Meet_icon.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-meet/package.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | pkgs.nix-webapps-lib.mkChromiumApp { 4 | appName = "google-meet"; 5 | categories = [ 6 | "Network" 7 | "Chat" 8 | "InstantMessaging" 9 | ]; 10 | class = "chrome-meet.google.com__-Default"; 11 | desktopName = "Google Meet"; 12 | icon = ./Google_Meet_icon.svg; 13 | url = "https://meet.google.com"; 14 | } 15 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-protonmail/package.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | pkgs.nix-webapps-lib.mkChromiumApp { 4 | appName = "google-protonmail"; 5 | categories = [ 6 | "Network" 7 | "Email" 8 | ]; 9 | class = "chrome-mail.proton.me__-Default"; 10 | desktopName = "Protonmail"; 11 | icon = ./proton-mail-seeklogo.svg; 12 | url = "https://mail.proton.me"; 13 | } 14 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-protonmail/proton-mail-seeklogo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-teams/Microsoft_Office_Teams.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-teams/package.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | pkgs.nix-webapps-lib.mkChromiumApp { 4 | appName = "teams"; 5 | categories = [ 6 | "Network" 7 | "Chat" 8 | "InstantMessaging" 9 | ]; 10 | class = "chrome-teams.microsoft.com__-Default"; 11 | desktopName = "Microsoft Teams"; 12 | icon = ./Microsoft_Office_Teams.svg; 13 | url = "https://teams.microsoft.com"; 14 | } 15 | -------------------------------------------------------------------------------- /pkgs/by-name/chromium-telegram/package.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | pkgs.nix-webapps-lib.mkChromiumApp { 4 | appName = "telegram"; 5 | categories = [ 6 | "Network" 7 | "Chat" 8 | "InstantMessaging" 9 | ]; 10 | class = "chrome-web.telegram.org__-Default"; 11 | desktopName = "Telegram"; 12 | url = "https://web.telegram.org"; 13 | } 14 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/package.nix: -------------------------------------------------------------------------------- 1 | { 2 | stdenvNoCC, 3 | lib, 4 | bashly, 5 | makeBinaryWrapper, 6 | gh, 7 | gitMinimal, 8 | nvd, 9 | versionCheckHook, 10 | }: 11 | stdenvNoCC.mkDerivation { 12 | pname = "gh-flake-update"; 13 | version = "0.0.1"; 14 | 15 | src = ./.; 16 | 17 | nativeBuildInputs = [ 18 | bashly 19 | makeBinaryWrapper 20 | ]; 21 | 22 | buildPhase = '' 23 | runHook preBuild 24 | 25 | bashly build 26 | 27 | runHook postBuild 28 | ''; 29 | 30 | installPhase = '' 31 | runHook preInstall 32 | 33 | install -Dm755 gh-flake-update -t $out/bin 34 | 35 | wrapProgram $out/bin/gh-flake-update \ 36 | --prefix PATH : ${ 37 | lib.makeBinPath [ 38 | gh 39 | gitMinimal 40 | nvd 41 | ] 42 | } 43 | 44 | runHook postInstall 45 | ''; 46 | 47 | doInstallCheck = true; 48 | nativeInstallCheckInputs = [ versionCheckHook ]; 49 | versionCheckProgramArg = "--version"; 50 | 51 | meta = { 52 | description = "A tool to update flake inputs using GitHub CLI"; 53 | homepage = "https://github.com/drupol/infra"; 54 | license = lib.licenses.mit; 55 | maintainers = with lib.maintainers; [ drupol ]; 56 | platforms = lib.platforms.unix; 57 | mainProgram = "gh-flake-update"; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/src/bashly.yml: -------------------------------------------------------------------------------- 1 | name: gh-flake-update 2 | help: Create a pull request to update flake attributes in a GitHub repository, with a diff of the changes. 3 | version: 0.0.1 4 | args: 5 | - name: attributes 6 | required: true 7 | repeatable: true 8 | unique: true 9 | help: A list of flake attributes to update, separated by spaces 10 | validate: is_attribute 11 | flags: 12 | - long: --assignee 13 | short: -a 14 | arg: assignee 15 | help: Username to assign the pull request to 16 | required: false 17 | - long: --reviewer 18 | short: -r 19 | arg: reviewer 20 | help: Username to add as a reviewer to the pull request 21 | required: false 22 | examples: 23 | - gh-flake-update nixosConfigurations.x13.config.system.build.toplevel 24 | environment_variables: 25 | - name: GH_TOKEN 26 | help: Github API token 27 | required: false 28 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/src/lib/attr_to_slug.sh: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | 3 | attr_to_slug() { echo "$1" | tr '.' '-'; } 4 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/src/lib/cleanup.sh: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | 3 | cleanup() { 4 | if [ -z "$TMP_DIR" ]; then 5 | return 6 | fi 7 | 8 | echo "--- Cleaning up ---" 9 | cd - >/dev/null 2>&1 || true 10 | if git worktree list | grep -q "$WORKTREE_DIR"; then 11 | echo "Removing git worktree at '$WORKTREE_DIR'..." 12 | git worktree remove --force "$WORKTREE_DIR" 13 | fi 14 | if git rev-parse --quiet --verify "$BRANCH_NAME" >/dev/null; then 15 | echo "Removing local branch '$BRANCH_NAME'..." 16 | git branch -D "$BRANCH_NAME" 17 | fi 18 | if [ -d "$TMP_DIR" ]; then 19 | echo "Removing temporary directory '$TMP_DIR'..." 20 | rm -rf "$TMP_DIR" 21 | fi 22 | echo "Cleanup complete." 23 | } 24 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/src/lib/generate_pr_body.sh: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | 3 | generate_pr_body() { 4 | local flake_update_output=$1 5 | local -n all_attrs_ref=$2 6 | local attr_reports="" 7 | 8 | for attr in "${all_attrs_ref[@]}"; do 9 | local slug 10 | slug=$(attr_to_slug "$attr") 11 | local current_build_path="$TMP_DIR/$slug.current" 12 | local next_build_path="$TMP_DIR/$slug.next" 13 | 14 | if [ ! -L "$current_build_path" ]; then 15 | attr_reports+=$( 16 | cat <<-EOF 17 |
18 | Attribute: ${attr} (Initial Build Failed) 19 | 20 | This attribute was already broken before the update and was skipped. 21 |
22 | EOF 23 | ) 24 | elif [ ! -L "$next_build_path" ]; then 25 | attr_reports+=$( 26 | cat <<-EOF 27 |
28 | Attribute: ${attr} (Update Build Failed) 29 | 30 | The build for this attribute failed after the flake update. 31 |
32 | EOF 33 | ) 34 | else 35 | attr_reports+=$( 36 | cat <<-EOF 37 |
38 | Attribute: ${attr} (Diff) 39 | 40 | \`\`\`console 41 | $(nvd diff "$current_build_path" "$next_build_path" || echo "nvd diff command failed for $attr") 42 | \`\`\` 43 | 44 |
45 | EOF 46 | ) 47 | fi 48 | done 49 | 50 | # Final PR body content 51 | cat <<-EOF 52 | This PR was generated automatically to update the flake inputs. 53 | 54 |
55 | Flake update summary (from commit message) 56 | 57 | \`\`\`console 58 | ${flake_update_output} 59 | \`\`\` 60 | 61 |
62 | 63 | ${attr_reports} 64 | EOF 65 | } 66 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/src/lib/validations/validate_is_attribute.sh: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | 3 | validate_is_attribute() { 4 | if ! nix eval ".#$1" &>/dev/null; then 5 | echo "Attribute '$1' does not exist." 6 | fi 7 | } 8 | -------------------------------------------------------------------------------- /pkgs/by-name/gh-flake-update/src/root_command.sh: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | GITHUB_REVIEWER=${args[--reviewer]} 3 | readonly GITHUB_REVIEWER 4 | GITHUB_ASSIGNEE=${args[--assignee]} 5 | readonly GITHUB_ASSIGNEE 6 | all_attrs=() 7 | eval "all_attrs=(${args[attributes]})" 8 | 9 | # --- Runtime Setup --- 10 | # This section now runs ONLY when main is called, after arg validation. 11 | TMP_DIR=$(mktemp -d -t gh-flake-update.XXXXXXXXXX) 12 | readonly TMP_DIR 13 | WORKTREE_DIR="$TMP_DIR/worktree" 14 | readonly WORKTREE_DIR 15 | COMMIT_MESSAGE_FILE="$TMP_DIR/commit-message.txt" 16 | readonly COMMIT_MESSAGE_FILE 17 | PR_BODY_FILE="$TMP_DIR/pr-body.md" 18 | readonly PR_BODY_FILE 19 | BRANCH_NAME="flake-update-$(date '+%F')" 20 | readonly BRANCH_NAME 21 | COMMIT_TITLE="chore(deps): update flake inputs" 22 | readonly COMMIT_TITLE 23 | trap cleanup EXIT INT TERM 24 | 25 | echo "--- Starting update process for attributes: ${all_attrs[*]} ---" 26 | 27 | git worktree add -B "$BRANCH_NAME" "$WORKTREE_DIR" 28 | cd "$WORKTREE_DIR" || { 29 | echo "Error: Failed to change directory to worktree '$WORKTREE_DIR'." >&2 30 | exit 1 31 | } 32 | 33 | declare -a successful_attrs=() 34 | echo "--- Building 'current' configurations (pre-update) ---" 35 | for attr in "${all_attrs[@]}"; do 36 | echo "Building current state for attribute: $attr" 37 | local slug 38 | slug=$(attr_to_slug "$attr") 39 | if ! nix build ".#${attr}" --quiet --out-link "$TMP_DIR/$slug.current" 2>/dev/null; then 40 | echo "WARNING: Initial build failed for '$attr'. It will be skipped." >&2 41 | else 42 | successful_attrs+=("$attr") 43 | fi 44 | done 45 | 46 | echo "--- Updating flake.lock ---" 47 | local flake_update_output 48 | flake_update_output=$(nix flake update 2>&1) 49 | echo "$flake_update_output" 50 | 51 | if git diff --quiet flake.lock; then 52 | echo "No changes to flake.lock. Nothing to do." 53 | # The trap will still call cleanup, which is correct here. 54 | exit 0 55 | fi 56 | 57 | if [ ${#successful_attrs[@]} -gt 0 ]; then 58 | echo "--- Building 'next' configurations (post-update) ---" 59 | # ... (rest of logic is unchanged) ... 60 | for attr in "${successful_attrs[@]}"; do 61 | echo "Building next state for attribute: $attr" 62 | local slug 63 | slug=$(attr_to_slug "$attr") 64 | if ! nix build ".#${attr}" --quiet --out-link "$TMP_DIR/$slug.next" 2>/dev/null; then 65 | echo "WARNING: Post-update build failed for '$attr'." >&2 66 | fi 67 | done 68 | fi 69 | 70 | echo "--- Generating content for commit and PR body ---" 71 | echo -e "$COMMIT_TITLE\n\n$flake_update_output" >"$COMMIT_MESSAGE_FILE" 72 | generate_pr_body "$flake_update_output" all_attrs >"$PR_BODY_FILE" 73 | 74 | echo "--- Committing and Pushing ---" 75 | git add flake.lock 76 | git commit \ 77 | -F "$COMMIT_MESSAGE_FILE" \ 78 | --no-signoff \ 79 | --no-verify \ 80 | --no-edit \ 81 | --cleanup=verbatim 82 | 83 | git push --force origin "$BRANCH_NAME" 84 | 85 | if [ -n "$GH_TOKEN" ] || [ -n "$GITHUB_TOKEN" ]; then 86 | echo "--- Creating GitHub PR ---" 87 | declare -a pr_opts=() 88 | if [ -n "$GITHUB_ASSIGNEE" ]; then 89 | pr_opts+=(--assignee "$GITHUB_ASSIGNEE") 90 | echo "Assignee: $GITHUB_ASSIGNEE" 91 | fi 92 | if [ -n "$GITHUB_REVIEWER" ]; then 93 | pr_opts+=(--reviewer "$GITHUB_REVIEWER") 94 | echo "Reviewer: $GITHUB_REVIEWER" 95 | fi 96 | 97 | gh pr create \ 98 | --title "$COMMIT_TITLE" \ 99 | --body-file "$PR_BODY_FILE" \ 100 | --head "$BRANCH_NAME" \ 101 | "${pr_opts[@]}" 102 | 103 | echo "--- Successfully created PR for flake update! ---" 104 | else 105 | echo "Error: GitHub token (GH_TOKEN or GITHUB_TOKEN) is not available. Skipping PR creation." >&2 106 | fi 107 | --------------------------------------------------------------------------------