├── .envrc
├── .gitignore
├── files
└── home
│ └── pol
│ ├── Code
│ └── .directory
│ ├── .face
│ └── Pictures
│ └── Backgrounds
│ └── Starry_Nebula_219.png
├── _to_migrate
├── hosts
│ ├── ec2
│ │ └── system
│ │ │ ├── modules.nix
│ │ │ ├── hardware.nix
│ │ │ └── configuration.nix
│ ├── elitebook820
│ │ ├── system
│ │ │ ├── modules.nix
│ │ │ ├── hardware-configuration.nix
│ │ │ └── configuration.nix
│ │ └── home
│ │ │ └── default.nix
│ ├── minimac
│ │ ├── system
│ │ │ ├── modules.nix
│ │ │ ├── hardware-configuration.nix
│ │ │ └── configuration.nix
│ │ └── home
│ │ │ └── default.nix
│ └── lw196205087
│ │ ├── default.nix
│ │ ├── configuration.nix
│ │ ├── packages.nix
│ │ └── activation.nix
└── imports
│ └── checks.nix
├── modules
├── systems
│ └── default.nix
├── base
│ ├── security
│ │ ├── rtkit.nix
│ │ └── sudo-rs.nix
│ ├── time
│ │ └── default.nix
│ ├── accessibility
│ │ └── default.nix
│ ├── podman.nix
│ ├── boot
│ │ ├── kernel.nix
│ │ └── default.nix
│ ├── power-mgmt
│ │ └── default.nix
│ ├── system
│ │ ├── auto-upgrade
│ │ │ └── default.nix
│ │ └── default.nix
│ ├── command-not-found.nix
│ ├── yubikey.nix
│ ├── documentation.nix
│ ├── etc
│ │ └── motd.nix
│ ├── services.nix
│ ├── xdg.nix
│ ├── home.nix
│ ├── i18n.nix
│ ├── admin
│ │ └── nh.nix
│ ├── editors
│ │ └── micro.nix
│ ├── network
│ │ └── default.nix
│ ├── console
│ │ └── console.nix
│ ├── passwords-mgmt
│ │ └── password-store.nix
│ ├── gpg.nix
│ └── nix.nix
├── bluetooth
│ └── default.nix
├── flake-parts
│ ├── flake-parts.nix
│ ├── flake.nix
│ ├── git-hooks.nix
│ ├── fmt.nix
│ ├── host-machines.nix
│ ├── deploy.nix
│ └── nixpkgs.nix
├── dev
│ ├── ssh.nix
│ ├── git
│ │ ├── mergiraf.nix
│ │ ├── lazygit.nix
│ │ ├── gh.nix
│ │ ├── gh-dash.nix
│ │ ├── jujutsu.nix
│ │ └── git.nix
│ ├── languages
│ │ └── nix.nix
│ ├── xdg.nix
│ └── editors
│ │ ├── antigravity.nix
│ │ └── zeditor.nix
├── fwupd
│ └── default.nix
├── shell
│ ├── bat.nix
│ ├── lsd.nix
│ ├── bottom.nix
│ ├── ripgrep.nix
│ ├── fzf.nix
│ ├── zoxide.nix
│ ├── nix-your-shell.nix
│ ├── direnv.nix
│ ├── fish.nix
│ └── starship.nix
├── education
│ └── default.nix
├── tika
│ ├── tika-config.xml
│ └── default.nix
├── vpn
│ └── default.nix
├── sound
│ └── default.nix
├── ai
│ ├── ollama.nix
│ ├── open-webui.nix
│ └── litellm
│ │ └── default.nix
├── work
│ ├── displaylink.nix
│ └── aws.nix
├── lora
│ └── default.nix
├── openssh
│ └── default.nix
├── facter
│ └── facter.nix
├── desktop
│ ├── environment
│ │ ├── winbox.nix
│ │ ├── default.nix
│ │ └── kdeplasma.nix
│ ├── fonts
│ │ └── fonts.nix
│ └── web-browsers
│ │ └── firefox.nix
├── guacamole
│ ├── user-mapping.xml
│ └── guacamole.nix
├── hosts
│ ├── rpi4
│ │ ├── rpi4-sdimage.nix
│ │ └── default.nix
│ ├── x280
│ │ ├── Google_Messages.svg
│ │ ├── WhatsApp.svg
│ │ ├── crelan.svg
│ │ ├── BNP_Paribas.svg
│ │ └── default.nix
│ ├── elitebook820
│ │ └── default.nix
│ ├── x260
│ │ └── default.nix
│ ├── apollo
│ │ └── default.nix
│ ├── nixos
│ │ └── default.nix
│ ├── xeonixos
│ │ └── default.nix
│ ├── x13
│ │ └── default.nix
│ ├── imac
│ │ └── default.nix
│ └── x1c
│ │ └── default.nix
├── messaging
│ └── default.nix
├── docling
│ └── docling-serve.nix
├── users
│ ├── user
│ │ └── default.nix
│ ├── root
│ │ └── default.nix
│ └── pol
│ │ └── default.nix
├── benix
│ └── default.nix
├── games
│ └── enemy-territory.nix
├── searx
│ └── searx.nix
└── email
│ └── default.nix
├── pkgs
└── by-name
│ ├── gh-flake-update
│ ├── src
│ │ ├── lib
│ │ │ ├── attr_to_slug.sh
│ │ │ ├── validations
│ │ │ │ └── validate_is_attribute.sh
│ │ │ ├── cleanup.sh
│ │ │ └── generate_pr_body.sh
│ │ ├── bashly.yml
│ │ └── root_command.sh
│ └── package.nix
│ ├── meshtastic-client
│ └── package.nix
│ ├── chromium-protonmail
│ ├── package.nix
│ └── proton-mail-seeklogo.svg
│ ├── chromium-discord
│ ├── package.nix
│ └── discord-icon.svg
│ ├── chromium-element
│ ├── package.nix
│ └── Element_logo.svg
│ ├── chromium-meet
│ ├── package.nix
│ └── Google_Meet_icon.svg
│ ├── chromium-umons-webmail
│ ├── package.nix
│ └── Microsoft_Office_Outlook.svg
│ ├── chromium-umons-teams
│ ├── package.nix
│ └── Microsoft_Office_Teams.svg
│ ├── chromium-ec-teams
│ ├── package.nix
│ └── Microsoft_Office_Teams.svg
│ └── chromium-ec-element
│ ├── package.nix
│ └── Element_logo.svg
├── .github
├── dependabot.yml
└── workflows
│ ├── flake-check.yaml
│ └── auto-upgrade-flakes.yaml
├── .editorconfig
├── README.md
├── LICENSE
└── flake.nix
/.envrc:
--------------------------------------------------------------------------------
1 | use flake
2 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /.direnv/
2 | /private.pem
3 | .pre-commit-config.yaml
4 |
--------------------------------------------------------------------------------
/files/home/pol/Code/.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Icon=folder-git
3 |
--------------------------------------------------------------------------------
/files/home/pol/.face:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/drupol/infra/HEAD/files/home/pol/.face
--------------------------------------------------------------------------------
/_to_migrate/hosts/ec2/system/modules.nix:
--------------------------------------------------------------------------------
1 | {
2 | desktop.enable = true;
3 | sshd.enable = true;
4 | }
5 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/elitebook820/system/modules.nix:
--------------------------------------------------------------------------------
1 | {
2 | vpn.enable = true;
3 | sshd.enable = true;
4 | }
5 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/minimac/system/modules.nix:
--------------------------------------------------------------------------------
1 | {
2 | sshd.enable = true;
3 | desktop.enable = true;
4 | }
5 |
--------------------------------------------------------------------------------
/modules/systems/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | ...
4 | }:
5 | {
6 | systems = import inputs.systems;
7 | }
8 |
--------------------------------------------------------------------------------
/modules/base/security/rtkit.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | security.rtkit.enable = true;
4 | };
5 | }
6 |
--------------------------------------------------------------------------------
/modules/base/time/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | time.timeZone = "Europe/Brussels";
4 | };
5 | }
6 |
--------------------------------------------------------------------------------
/modules/bluetooth/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.bluetooth = {
3 | hardware.bluetooth.enable = true;
4 | };
5 | }
6 |
--------------------------------------------------------------------------------
/modules/flake-parts/flake-parts.nix:
--------------------------------------------------------------------------------
1 | { inputs, ... }:
2 | {
3 | imports = [ inputs.flake-parts.flakeModules.modules ];
4 | }
5 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/src/lib/attr_to_slug.sh:
--------------------------------------------------------------------------------
1 | # shellcheck shell=bash
2 |
3 | attr_to_slug() { echo "$1" | tr '.' '-'; }
4 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/lw196205087/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | imports = [
3 | ./home.nix
4 | ./configuration.nix
5 | ./packages.nix
6 | ];
7 | }
8 |
--------------------------------------------------------------------------------
/files/home/pol/Pictures/Backgrounds/Starry_Nebula_219.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/drupol/infra/HEAD/files/home/pol/Pictures/Backgrounds/Starry_Nebula_219.png
--------------------------------------------------------------------------------
/modules/base/accessibility/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | services.orca.enable = false;
4 | services.speechd.enable = false;
5 | };
6 | }
7 |
--------------------------------------------------------------------------------
/modules/dev/ssh.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.dev =
3 | { pkgs, ... }:
4 | {
5 | environment.systemPackages = with pkgs; [ corkscrew ];
6 | };
7 | }
8 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/elitebook820/home/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | shell.enable = true;
3 | thunderbird.enable = true;
4 | firefox.enable = true;
5 | desktop.enable = true;
6 | }
7 |
--------------------------------------------------------------------------------
/modules/base/podman.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.base = {
4 | services.podman = {
5 | enable = true;
6 | };
7 | };
8 | };
9 | }
10 |
--------------------------------------------------------------------------------
/modules/fwupd/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.fwupd = {
3 | services = {
4 | fwupd = {
5 | enable = true;
6 | };
7 | };
8 | };
9 | }
10 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: github-actions
4 | directory: "/"
5 | schedule:
6 | interval: monthly
7 | open-pull-requests-limit: 10
8 |
--------------------------------------------------------------------------------
/modules/base/boot/kernel.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base =
3 | { pkgs, lib, ... }:
4 | {
5 | boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
6 | };
7 | }
8 |
--------------------------------------------------------------------------------
/modules/dev/git/mergiraf.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.dev = {
4 | programs.mergiraf = {
5 | enable = true;
6 | };
7 | };
8 | };
9 | }
10 |
--------------------------------------------------------------------------------
/modules/base/security/sudo-rs.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | security.sudo-rs.enable = true;
4 | security.sudo-rs.wheelNeedsPassword = false; # Use 'sudo' without a password
5 | };
6 | }
7 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/minimac/home/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | code.enable = true;
3 | desktop.enable = true;
4 | firefox.enable = true;
5 | shell.enable = true;
6 | git.enable = true;
7 | messaging.enable = true;
8 | }
9 |
--------------------------------------------------------------------------------
/modules/flake-parts/flake.nix:
--------------------------------------------------------------------------------
1 | { lib, ... }:
2 | {
3 | options.flake.meta = lib.mkOption {
4 | type = with lib.types; lazyAttrsOf anything;
5 | };
6 |
7 | config.flake.meta.uri = "github:drupol/infra";
8 | }
9 |
--------------------------------------------------------------------------------
/modules/shell/bat.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | bat = {
6 | enable = true;
7 | };
8 | };
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/shell/lsd.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | lsd = {
6 | enable = true;
7 | };
8 | };
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/base/boot/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base.boot = {
3 | initrd.systemd.enable = true;
4 |
5 | tmp = {
6 | useTmpfs = true;
7 | cleanOnBoot = true;
8 | };
9 | };
10 | }
11 |
--------------------------------------------------------------------------------
/modules/education/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.education =
3 | {
4 | pkgs,
5 | ...
6 | }:
7 | {
8 | environment.systemPackages = with pkgs; [ zotero ];
9 | };
10 | }
11 |
--------------------------------------------------------------------------------
/modules/shell/bottom.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | bottom = {
6 | enable = true;
7 | };
8 | };
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/shell/ripgrep.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | ripgrep = {
6 | enable = true;
7 | };
8 | };
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/tika/tika-config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 3600000
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/modules/base/power-mgmt/default.nix:
--------------------------------------------------------------------------------
1 | { lib, ... }:
2 | {
3 | flake.modules.nixos.base = {
4 | powerManagement = {
5 | enable = true;
6 | cpuFreqGovernor = lib.mkDefault "powersave";
7 | };
8 | };
9 | }
10 |
--------------------------------------------------------------------------------
/modules/dev/languages/nix.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.dev =
4 | { pkgs, ... }:
5 | {
6 | home.packages = with pkgs; [
7 | nixpkgs-review
8 | ];
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/base/system/auto-upgrade/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | system.autoUpgrade = {
4 | enable = false;
5 | flake = "github:drupol/infra";
6 | allowReboot = true;
7 | };
8 | };
9 | }
10 |
--------------------------------------------------------------------------------
/modules/vpn/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.vpn = {
4 | services.netbird = {
5 | enable = true;
6 | ui.enable = true;
7 | useRoutingFeatures = "both";
8 | };
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/shell/fzf.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | fzf = {
6 | enable = true;
7 | enableFishIntegration = true;
8 | };
9 | };
10 | };
11 | };
12 | }
13 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/ec2/system/hardware.nix:
--------------------------------------------------------------------------------
1 | { modulesPath, ... }:
2 | {
3 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
4 |
5 | fileSystems."/" = {
6 | device = "/dev/disk/by-label/nixos";
7 | fsType = "ext4";
8 | };
9 | }
10 |
--------------------------------------------------------------------------------
/modules/shell/zoxide.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | zoxide = {
6 | enable = true;
7 | enableFishIntegration = true;
8 | };
9 | };
10 | };
11 | };
12 | }
13 |
--------------------------------------------------------------------------------
/modules/base/command-not-found.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.base = {
4 | programs.command-not-found.enable = false;
5 | };
6 |
7 | homeManager.base = {
8 | programs.command-not-found.enable = false;
9 | };
10 | };
11 | }
12 |
--------------------------------------------------------------------------------
/modules/base/yubikey.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.base = {
4 | services.pcscd.enable = true;
5 | };
6 |
7 | homeManager.base = {
8 | services.yubikey-agent = {
9 | enable = true;
10 | };
11 | };
12 | };
13 | }
14 |
--------------------------------------------------------------------------------
/modules/sound/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.sound = {
3 | services = {
4 | pipewire = {
5 | enable = true;
6 | alsa.enable = true;
7 | alsa.support32Bit = true;
8 | pulse.enable = true;
9 | };
10 | };
11 | };
12 | }
13 |
--------------------------------------------------------------------------------
/modules/dev/git/lazygit.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.dev = {
4 | programs = {
5 | lazygit = {
6 | enable = true;
7 | settings = {
8 | git.overrideGpg = true;
9 | };
10 | };
11 | };
12 | };
13 | };
14 | }
15 |
--------------------------------------------------------------------------------
/modules/dev/xdg.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.homeManager.dev =
3 | { config, ... }:
4 | {
5 | xdg = {
6 | userDirs = {
7 | extraConfig = {
8 | XDG_CODE_DIR = "${config.home.homeDirectory}/Code";
9 | };
10 | };
11 | };
12 | };
13 | }
14 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/lw196205087/configuration.nix:
--------------------------------------------------------------------------------
1 | { user, ... }:
2 | {
3 | home = {
4 | username = "${user}";
5 | homeDirectory = "/home/${user}";
6 | stateVersion = "22.05";
7 | };
8 |
9 | xdg.enable = true;
10 | xdg.mime.enable = true;
11 | targets.genericLinux.enable = true;
12 | }
13 |
--------------------------------------------------------------------------------
/modules/tika/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.tika = {
3 | services = {
4 | tika = {
5 | enable = true;
6 | listenAddress = "0.0.0.0";
7 | port = 9998;
8 | configFile = ./tika-config.xml;
9 | openFirewall = true;
10 | };
11 | };
12 | };
13 | }
14 |
--------------------------------------------------------------------------------
/modules/ai/ollama.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.ai = {
3 | services = {
4 | ollama = {
5 | enable = true;
6 | environmentVariables = {
7 | "OLLAMA_FLASH_ATTENTION" = "true";
8 | "OLLAMA_KV_CACHE_TYPE" = "q8_0";
9 | };
10 | };
11 | };
12 | };
13 | }
14 |
--------------------------------------------------------------------------------
/modules/work/displaylink.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.displaylink = {
4 | services = {
5 | xserver = {
6 | videoDrivers = [ "displaylink" ];
7 | };
8 | };
9 |
10 | nixpkgs = {
11 | config.allowUnfree = true;
12 | };
13 | };
14 | };
15 | }
16 |
--------------------------------------------------------------------------------
/modules/shell/nix-your-shell.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | nix-your-shell = {
6 | enable = true;
7 | enableNushellIntegration = false;
8 | enableZshIntegration = false;
9 | };
10 | };
11 | };
12 | };
13 | }
14 |
--------------------------------------------------------------------------------
/modules/work/aws.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.work =
4 | { pkgs, ... }:
5 | {
6 | nixpkgs = {
7 | config.allowUnfree = true;
8 | };
9 |
10 | home.packages = with pkgs; [
11 | aws-workspaces
12 | ];
13 | };
14 | };
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/modules/base/documentation.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | # https://mastodon.online/@nomeata/109915786344697931
4 | documentation = {
5 | enable = false;
6 | man.enable = false;
7 | doc.enable = false;
8 | info.enable = false;
9 | nixos.enable = false;
10 | };
11 | };
12 | }
13 |
--------------------------------------------------------------------------------
/pkgs/by-name/meshtastic-client/package.nix:
--------------------------------------------------------------------------------
1 | {
2 | lib,
3 | writeScriptBin,
4 | meshtastic-web,
5 | caddy,
6 | ...
7 | }:
8 |
9 | writeScriptBin "meshtastic-client" ''
10 | echo "Starting Meshtastic Web Client on http://0.0.0.0:8888"
11 | ${lib.getExe caddy} file-server --listen 0.0.0.0:8888 --root ${meshtastic-web}
12 | ''
13 |
--------------------------------------------------------------------------------
/modules/lora/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | ...
4 | }:
5 | {
6 | flake.modules = {
7 | nixos.lora =
8 | { pkgs, ... }:
9 | {
10 | nixpkgs.overlays = [
11 | inputs.self.overlays.default
12 | ];
13 |
14 | environment.systemPackages = [ pkgs.local.meshtastic-client ];
15 | };
16 | };
17 | }
18 |
--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
1 | # This file is for unifying the coding style for different editors and IDEs
2 | # editorconfig.org
3 |
4 | root = true
5 |
6 | [*]
7 | charset = utf-8
8 | end_of_line = lf
9 | indent_size = 2
10 | indent_style = space
11 | max_line_length = 120
12 | trim_trailing_whitespace = true
13 |
14 | [**.{md,rst}]
15 | indent_size = 2
16 | max_line_length = 80
17 |
--------------------------------------------------------------------------------
/modules/flake-parts/git-hooks.nix:
--------------------------------------------------------------------------------
1 | { inputs, ... }:
2 | {
3 | imports = [
4 | inputs.git-hooks.flakeModule
5 | inputs.make-shell.flakeModules.default
6 | ];
7 |
8 | perSystem =
9 | { config, ... }:
10 | {
11 | pre-commit.check.enable = false;
12 | make-shells.default.shellHook = config.pre-commit.installationScript;
13 | };
14 | }
15 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-protonmail/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "google-protonmail";
5 | categories = [
6 | "Network"
7 | "Email"
8 | ];
9 | class = "chrome-mail.proton.me__-Default";
10 | desktopName = "Protonmail";
11 | icon = ./proton-mail-seeklogo.svg;
12 | url = "https://mail.proton.me";
13 | }
14 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-discord/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "discord";
5 | categories = [
6 | "Network"
7 | "Chat"
8 | "InstantMessaging"
9 | ];
10 | class = "chrome-discord.com__app-Default";
11 | desktopName = "Discord";
12 | icon = ./discord-icon.svg;
13 | url = "https://discord.com/app";
14 | }
15 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-element/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "element";
5 | categories = [
6 | "Network"
7 | "Chat"
8 | "InstantMessaging"
9 | ];
10 | class = "chrome-app.element.io__-Default";
11 | desktopName = "Element";
12 | icon = ./Element_logo.svg;
13 | url = "https://app.element.io";
14 | }
15 |
--------------------------------------------------------------------------------
/modules/openssh/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.openssh = {
3 | services = {
4 | openssh = {
5 | enable = true;
6 | openFirewall = true;
7 | settings = {
8 | X11Forwarding = true;
9 | StreamLocalBindUnlink = "yes";
10 | PasswordAuthentication = false;
11 | };
12 | };
13 | };
14 | };
15 | }
16 |
--------------------------------------------------------------------------------
/modules/facter/facter.nix:
--------------------------------------------------------------------------------
1 | { inputs, ... }:
2 | {
3 | flake.modules = {
4 | nixos.facter =
5 | { pkgs, ... }:
6 | {
7 | imports = [ inputs.nixos-facter-modules.nixosModules.facter ];
8 | facter.detected.dhcp.enable = false;
9 |
10 | environment.systemPackages = [
11 | pkgs.nixos-facter
12 | ];
13 | };
14 | };
15 | }
16 |
--------------------------------------------------------------------------------
/modules/shell/direnv.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | direnv = {
6 | enable = true;
7 | config = {
8 | global = {
9 | hide_env_diff = true;
10 | };
11 | };
12 | nix-direnv.enable = true;
13 | };
14 | };
15 | };
16 | };
17 | }
18 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-meet/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "google-meet";
5 | categories = [
6 | "Network"
7 | "Chat"
8 | "InstantMessaging"
9 | ];
10 | class = "chrome-meet.google.com__-Default";
11 | desktopName = "Google Meet";
12 | icon = ./Google_Meet_icon.svg;
13 | url = "https://meet.google.com";
14 | }
15 |
--------------------------------------------------------------------------------
/modules/desktop/environment/winbox.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.desktop =
4 | { pkgs, ... }:
5 | {
6 | programs.winbox = {
7 | enable = true;
8 | package = pkgs.winbox4;
9 | openFirewall = true;
10 | };
11 |
12 | nixpkgs = {
13 | config.allowUnfree = true;
14 | };
15 | };
16 | };
17 | }
18 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-umons-webmail/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "umons-webmail";
5 | categories = [
6 | "Network"
7 | "Email"
8 | ];
9 | class = "chrome-outlook.office365.com__-Default";
10 | desktopName = "Webmail @ Umons";
11 | icon = ./Microsoft_Office_Outlook.svg;
12 | url = "https://outlook.office365.com";
13 | }
14 |
--------------------------------------------------------------------------------
/.github/workflows/flake-check.yaml:
--------------------------------------------------------------------------------
1 | name: "Nix flake check"
2 | on:
3 | workflow_call:
4 | pull_request:
5 | push:
6 | jobs:
7 | tests:
8 | runs-on: ubuntu-latest
9 | steps:
10 | - uses: actions/checkout@v6
11 | - uses: cachix/install-nix-action@v31
12 | with:
13 | nix_path: nixpkgs=channel:nixos-unstable
14 | - run: nix flake check --accept-flake-config
15 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-umons-teams/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "umons-teams";
5 | categories = [
6 | "Network"
7 | "Chat"
8 | "InstantMessaging"
9 | ];
10 | class = "chrome-teams.microsoft.com__-Default";
11 | desktopName = "MS Teams @ Umons";
12 | icon = ./Microsoft_Office_Teams.svg;
13 | url = "https://teams.microsoft.com";
14 | }
15 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-ec-teams/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "ec-teams";
5 | categories = [
6 | "Network"
7 | "Chat"
8 | "InstantMessaging"
9 | ];
10 | class = "chrome-teams.microsoft.com__-Default";
11 | desktopName = "MS Teams @ European Commission";
12 | icon = ./Microsoft_Office_Teams.svg;
13 | url = "https://teams.microsoft.com";
14 | }
15 |
--------------------------------------------------------------------------------
/modules/dev/git/gh.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.dev =
4 | { pkgs, ... }:
5 | {
6 | programs = {
7 | gh = {
8 | enable = true;
9 | extensions = [
10 | pkgs.gh-copilot
11 | ];
12 | };
13 | };
14 |
15 | nixpkgs = {
16 | config.allowUnfree = true;
17 | };
18 | };
19 | };
20 | }
21 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-ec-element/package.nix:
--------------------------------------------------------------------------------
1 | { pkgs }:
2 |
3 | pkgs.nix-webapps-lib.mkChromiumApp {
4 | appName = "ec-element";
5 | categories = [
6 | "Network"
7 | "Chat"
8 | "InstantMessaging"
9 | ];
10 | class = "chrome-chat.contact.ec.europa.eu__-Default";
11 | desktopName = "Matrix @ European Commission";
12 | icon = ./Element_logo.svg;
13 | url = "https://chat.contact.ec.europa.eu";
14 | }
15 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/src/lib/validations/validate_is_attribute.sh:
--------------------------------------------------------------------------------
1 | # shellcheck shell=bash
2 |
3 | declare -gA args
4 |
5 | validate_is_attribute() {
6 | IMPURE=${args[--impure]:-0}
7 |
8 | NIX_FLAGS=()
9 | if [ "$IMPURE" -eq 1 ]; then
10 | NIX_FLAGS=(--impure)
11 | fi
12 |
13 | if ! nix eval ".#$1" "${NIX_FLAGS[@]}" &>/dev/null; then
14 | echo "Attribute '$1' does not exist."
15 | fi
16 | }
17 |
--------------------------------------------------------------------------------
/modules/base/etc/motd.nix:
--------------------------------------------------------------------------------
1 | { inputs, ... }:
2 | {
3 | flake.modules.nixos.base =
4 | { config, ... }:
5 | {
6 | users.motdFile = "/etc/motd";
7 | environment.etc.motd.text = ''
8 |
9 | NixOS release: ${config.system.nixos.release}
10 | Nixpkgs revision: ${inputs.nixpkgs.rev}
11 | drupol/infra revision: ${inputs.self.rev or inputs.self.dirtyRev}
12 |
13 | '';
14 | };
15 | }
16 |
--------------------------------------------------------------------------------
/modules/base/services.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | services = {
4 | flatpak = {
5 | enable = false;
6 | };
7 | # Limit the systemd journal to 100 MB of disk or the
8 | # last 3 days of logs, whichever happens first.
9 | journald.extraConfig = ''
10 | SystemMaxUse=100M
11 | MaxFileSec=3day
12 | '';
13 | nscd.enableNsncd = true;
14 | };
15 | };
16 | }
17 |
--------------------------------------------------------------------------------
/modules/base/xdg.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.homeManager.base = {
3 | xdg = {
4 | enable = true;
5 | mime.enable = true;
6 | userDirs = {
7 | enable = true;
8 | createDirectories = true;
9 | templates = null;
10 | music = null;
11 | videos = null;
12 | publicShare = null;
13 | };
14 | autostart = {
15 | enable = true;
16 | };
17 | };
18 | };
19 | }
20 |
--------------------------------------------------------------------------------
/modules/base/home.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.homeManager.base = {
3 | programs.home-manager.enable = true;
4 | # See https://ohai.social/@rycee/112502545466617762
5 | # See https://github.com/nix-community/home-manager/issues/5452
6 | systemd.user.startServices = "sd-switch";
7 |
8 | services = {
9 | home-manager.autoExpire = {
10 | enable = true;
11 | frequency = "weekly";
12 | store.cleanup = true;
13 | };
14 | };
15 | };
16 | }
17 |
--------------------------------------------------------------------------------
/modules/base/i18n.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base = {
3 | i18n.defaultLocale = "en_GB.UTF-8";
4 | i18n.extraLocaleSettings = {
5 | LC_ADDRESS = "fr_BE.UTF-8";
6 | LC_IDENTIFICATION = "fr_BE.UTF-8";
7 | LC_MEASUREMENT = "fr_BE.UTF-8";
8 | LC_MONETARY = "fr_BE.UTF-8";
9 | LC_NAME = "fr_BE.UTF-8";
10 | LC_NUMERIC = "fr_BE.UTF-8";
11 | LC_PAPER = "fr_BE.UTF-8";
12 | LC_TELEPHONE = "fr_BE.UTF-8";
13 | LC_TIME = "fr_BE.UTF-8";
14 | };
15 | };
16 | }
17 |
--------------------------------------------------------------------------------
/modules/base/admin/nh.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | ...
4 | }:
5 | {
6 | imports = [
7 | inputs.make-shell.flakeModules.default
8 | ];
9 |
10 | flake.modules.nixos.base = {
11 | programs = {
12 | nh = {
13 | enable = true;
14 | clean = {
15 | enable = true;
16 | extraArgs = "--keep 2";
17 | };
18 | };
19 | };
20 | };
21 |
22 | perSystem =
23 | { pkgs, ... }:
24 | {
25 | make-shells.default.packages = with pkgs; [ nh ];
26 | };
27 | }
28 |
--------------------------------------------------------------------------------
/modules/base/editors/micro.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.base = {
4 | programs = {
5 | micro = {
6 | enable = true;
7 | settings = {
8 | diffgutter = true;
9 | keymenu = true;
10 | mkparents = true;
11 | tabsize = 2;
12 | tabstospaces = true;
13 | };
14 | };
15 | };
16 |
17 | home.sessionVariables = {
18 | EDITOR = "micro";
19 | VISUAL = "micro";
20 | };
21 | };
22 | };
23 | }
24 |
--------------------------------------------------------------------------------
/modules/base/network/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base =
3 | { hostConfig, ... }:
4 | {
5 | networking = {
6 | hostName = hostConfig.name;
7 |
8 | networkmanager = {
9 | enable = true;
10 | };
11 |
12 | useDHCP = false;
13 | };
14 |
15 | systemd = {
16 | services.NetworkManager-wait-online.enable = false;
17 | network.wait-online.enable = false;
18 | };
19 |
20 | services.resolved = {
21 | enable = true;
22 | };
23 | };
24 | }
25 |
--------------------------------------------------------------------------------
/modules/base/console/console.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.base = {
4 | programs.fish.enable = true;
5 | };
6 |
7 | nixos.base =
8 | { pkgs, ... }:
9 | {
10 | users.defaultUserShell = pkgs.fish;
11 | programs.fish.enable = true;
12 |
13 | console = {
14 | earlySetup = true;
15 | font = "ter-124b";
16 | useXkbConfig = true;
17 | packages = with pkgs; [
18 | terminus_font
19 | ];
20 | };
21 | };
22 | };
23 | }
24 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/lw196205087/packages.nix:
--------------------------------------------------------------------------------
1 | { pkgs, ... }:
2 | {
3 | home.packages = with pkgs; [
4 | bottom # https://zaiste.net/posts/shell-commands-rust/
5 | cachix
6 | dina-font
7 | du-dust
8 | fd
9 | fira-code
10 | fira-code-symbols
11 | fish
12 | gnupg
13 | hack-font
14 | jetbrains-mono
15 | liberation_ttf
16 | neofetch
17 | p7zip
18 | procs
19 | ripgrep
20 | wget
21 |
22 | element-desktop
23 | graphviz
24 | jetbrains.phpstorm
25 | tdesktop
26 | teams
27 | ];
28 | }
29 |
--------------------------------------------------------------------------------
/modules/base/passwords-mgmt/password-store.nix:
--------------------------------------------------------------------------------
1 | topLevel: {
2 | flake.modules = {
3 | homeManager.base =
4 | { config, pkgs, ... }:
5 | {
6 | programs = {
7 | password-store = {
8 | enable = true;
9 | package = pkgs.gopass;
10 | settings = {
11 | PASSWORD_STORE_DIR = "${config.xdg.configHome}/.password-store";
12 | PASSWORD_STORE_KEY = topLevel.config.flake.meta.users.${config.home.username}.key;
13 | };
14 | };
15 | };
16 | };
17 | };
18 | }
19 |
--------------------------------------------------------------------------------
/modules/guacamole/user-mapping.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | rdp
5 | 127.0.0.1
6 | 3389
7 | true
8 |
9 |
10 |
11 | ssh
12 | 127.0.0.1
13 | 22
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/modules/dev/editors/antigravity.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.dev = {
4 | services = {
5 | gnome.gnome-keyring.enable = true;
6 | };
7 | };
8 |
9 | homeManager.dev =
10 | { pkgs, ... }:
11 | {
12 | nixpkgs = {
13 | config = {
14 | allowUnfree = true;
15 | };
16 | };
17 |
18 | home.packages = with pkgs; [
19 | # Using the FHS version to allow installation of extensions
20 | # I don't really need Nix to manage extensions for me
21 | antigravity-fhs
22 | ];
23 | };
24 | };
25 | }
26 |
--------------------------------------------------------------------------------
/modules/hosts/rpi4/rpi4-sdimage.nix:
--------------------------------------------------------------------------------
1 | { lib, ... }:
2 | {
3 | flake.modules.nixos.rpi4-sdimage =
4 | { modulesPath, ... }:
5 | {
6 | # Build with `nix-build -A nixosConfigurations.rpi4.config.system.build.sdImage`
7 | imports = [
8 | "${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
9 | ];
10 |
11 | sdImage = {
12 | # Do not compress the image to save time
13 | compressImage = false;
14 | };
15 |
16 | boot.supportedFilesystems = {
17 | # I don't need them
18 | zfs = lib.mkForce false;
19 | cifs = lib.mkForce false;
20 | };
21 | };
22 | }
23 |
--------------------------------------------------------------------------------
/modules/base/gpg.nix:
--------------------------------------------------------------------------------
1 | topLevel: {
2 | flake.modules = {
3 | homeManager.base =
4 | { config, ... }:
5 | {
6 | programs = {
7 | gpg = {
8 | enable = true;
9 | settings = {
10 | default-key = topLevel.config.flake.meta.users.${config.home.username}.key;
11 | };
12 | };
13 | };
14 |
15 | services = {
16 | gpg-agent = {
17 | enable = true;
18 | enableSshSupport = true;
19 | sshKeys = topLevel.config.flake.meta.users.${config.home.username}.keygrip;
20 | };
21 | };
22 | };
23 | };
24 | }
25 |
--------------------------------------------------------------------------------
/modules/messaging/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | ...
4 | }:
5 | {
6 | flake.modules = {
7 | homeManager.messaging =
8 | { pkgs, ... }:
9 | {
10 | nixpkgs.overlays = [
11 | inputs.self.overlays.default
12 | ];
13 |
14 | home.packages = [
15 | pkgs.local.chromium-discord
16 | pkgs.local.chromium-element
17 | pkgs.local.chromium-ec-element
18 | pkgs.local.chromium-ec-teams
19 | pkgs.local.chromium-meet
20 | pkgs.local.chromium-protonmail
21 | pkgs.local.chromium-umons-teams
22 | pkgs.signal-desktop
23 | ];
24 | };
25 |
26 | };
27 | }
28 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-meet/Google_Meet_icon.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/modules/docling/docling-serve.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.docling =
3 | { pkgs, ... }:
4 | {
5 | services = {
6 | docling-serve = {
7 | enable = true;
8 | host = "0.0.0.0";
9 | port = 5001;
10 | package = pkgs.docling-serve.override {
11 | withUI = true;
12 | withTesserocr = true;
13 | withCPU = true;
14 | withRapidocr = true;
15 | };
16 | environment = {
17 | DOCLING_SERVE_ENABLE_UI = "True";
18 | DOCLING_SERVE_MAX_SYNC_WAIT = "1200"; # Default is 120
19 | };
20 | openFirewall = true;
21 | };
22 | };
23 | };
24 | }
25 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/src/lib/cleanup.sh:
--------------------------------------------------------------------------------
1 | # shellcheck shell=bash
2 |
3 | cleanup() {
4 | if [ -z "$TMP_DIR" ]; then
5 | return
6 | fi
7 |
8 | echo "--- Cleaning up ---"
9 | cd - >/dev/null 2>&1 || true
10 | if git worktree list | grep -q "$WORKTREE_DIR"; then
11 | echo "Removing git worktree at '$WORKTREE_DIR'..."
12 | git worktree remove --force "$WORKTREE_DIR"
13 | fi
14 | if git rev-parse --quiet --verify "$BRANCH_NAME" >/dev/null; then
15 | echo "Removing local branch '$BRANCH_NAME'..."
16 | git branch -D "$BRANCH_NAME"
17 | fi
18 | if [ -d "$TMP_DIR" ]; then
19 | echo "Removing temporary directory '$TMP_DIR'..."
20 | rm -rf "$TMP_DIR"
21 | fi
22 | echo "Cleanup complete."
23 | }
24 |
--------------------------------------------------------------------------------
/modules/desktop/fonts/fonts.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.desktop =
4 | { pkgs, ... }:
5 | {
6 | fonts.packages = with pkgs; [
7 | dina-font
8 | aporetic
9 | monaspace
10 | victor-mono
11 | ];
12 |
13 | fonts.fontconfig = {
14 | defaultFonts = {
15 | monospace = [
16 | "Aporetic Sans Mono"
17 | ];
18 | sansSerif = [ "Aporetic Sans Mono" ];
19 | serif = [ "Aporetic Sans Mono" ];
20 | };
21 | };
22 | };
23 |
24 | homeManager.desktop = {
25 | fonts = {
26 | fontconfig = {
27 | enable = true;
28 | };
29 | };
30 | };
31 | };
32 | }
33 |
--------------------------------------------------------------------------------
/modules/flake-parts/fmt.nix:
--------------------------------------------------------------------------------
1 | { inputs, lib, ... }:
2 | {
3 | imports = [
4 | inputs.treefmt-nix.flakeModule
5 | inputs.git-hooks.flakeModule
6 | ];
7 |
8 | perSystem =
9 | { self', ... }:
10 | {
11 | treefmt = {
12 | projectRootFile = "flake.nix";
13 | programs = {
14 | deadnix.enable = true;
15 | jsonfmt.enable = true;
16 | nixfmt.enable = true;
17 | prettier.enable = true;
18 | shfmt.enable = true;
19 | statix.enable = true;
20 | yamlfmt.enable = true;
21 | };
22 | settings = {
23 | on-unmatched = "warn";
24 | };
25 | };
26 |
27 | pre-commit.settings.hooks.nix-fmt = {
28 | enable = true;
29 | entry = lib.getExe self'.formatter;
30 | };
31 | };
32 | }
33 |
--------------------------------------------------------------------------------
/modules/shell/fish.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.shell = {
4 | programs.fish.enable = true;
5 | };
6 |
7 | homeManager.shell =
8 | { pkgs, ... }:
9 | {
10 | home.shell.enableFishIntegration = true;
11 |
12 | programs = {
13 | fish = {
14 | enable = true;
15 | plugins = [
16 | {
17 | name = "autopair";
18 | src = pkgs.fishPlugins.autopair;
19 | }
20 | ];
21 | shellAliases = {
22 | ".." = "cd ..";
23 | "..." = "cd ../..";
24 | cat = "bat";
25 | grep = "rg";
26 | };
27 | functions = {
28 | fish_greeting = "";
29 | };
30 | };
31 | };
32 | };
33 | };
34 | }
35 |
--------------------------------------------------------------------------------
/modules/users/user/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake = {
7 | meta.users = {
8 | user = {
9 | name = "Utilisateur";
10 | key = "";
11 | username = "user";
12 | keygrip = [
13 | ];
14 | authorizedKeys = [
15 | ];
16 | };
17 | };
18 |
19 | modules.nixos.user = {
20 | users.users.user = {
21 | description = config.flake.meta.users.user.name;
22 | isNormalUser = true;
23 | createHome = true;
24 | extraGroups = [
25 | "audio"
26 | "input"
27 | "networkmanager"
28 | "sound"
29 | "tty"
30 | ];
31 | initialPassword = "id";
32 | };
33 |
34 | nix.settings.trusted-users = [ config.flake.meta.users.user.username ];
35 | };
36 | };
37 | }
38 |
--------------------------------------------------------------------------------
/modules/hosts/x280/Google_Messages.svg:
--------------------------------------------------------------------------------
1 |
6 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/lw196205087/activation.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | lib,
4 | pkgs,
5 | ...
6 | }:
7 | {
8 | home.activation = {
9 | linkDesktopApplications = {
10 | after = [
11 | "writeBoundary"
12 | "createXdgUserDirectories"
13 | ];
14 | before = [ ];
15 | data = ''
16 | rm -rf ${config.xdg.dataHome}/"applications/home-manager"
17 | mkdir -p ${config.xdg.dataHome}/"applications/home-manager"
18 | cp -Lr ${config.home.homeDirectory}/.nix-profile/share/applications/* ${config.xdg.dataHome}/"applications/home-manager/"
19 | '';
20 | };
21 | report-changes = ''
22 | PATH=$PATH:${
23 | lib.makeBinPath [
24 | pkgs.nvd
25 | pkgs.nix
26 | ]
27 | }
28 | nvd diff $(ls -dv /nix/var/nix/profiles/per-user/${config.home.username}/home-manager-*-link | tail -2)
29 | '';
30 | };
31 | }
32 |
--------------------------------------------------------------------------------
/.github/workflows/auto-upgrade-flakes.yaml:
--------------------------------------------------------------------------------
1 | name: "Auto update flake lock file"
2 | on:
3 | workflow_dispatch:
4 | schedule:
5 | - cron: "0 12 * * 0"
6 | jobs:
7 | update-flake-lock:
8 | runs-on: ubuntu-latest
9 | steps:
10 | - name: Check out repository code
11 | uses: actions/checkout@v6
12 | - uses: wimpysworld/nothing-but-nix@main
13 | - uses: cachix/install-nix-action@v31
14 | - name: Configure Git
15 | run: |
16 | git config --local user.email "action@github.com"
17 | git config --local user.name "GitHub Action"
18 | - name: Run script
19 | env:
20 | GH_TOKEN: ${{ github.token }}
21 | run: |
22 | nix run .#gh-flake-update -- \
23 | --assignee drupol \
24 | --reviewer drupol \
25 | nixosConfigurations.x13.config.system.build.toplevel \
26 | nixosConfigurations.xeonixos.config.system.build.toplevel
27 |
--------------------------------------------------------------------------------
/_to_migrate/imports/checks.nix:
--------------------------------------------------------------------------------
1 | { inputs, ... }:
2 | {
3 | perSystem =
4 | { system, ... }:
5 | {
6 | checks = inputs.deploy-rs.lib.${system}.deployChecks {
7 | nodes = inputs.nixpkgs.lib.foldr (
8 | config: acc:
9 | acc
10 | // {
11 | "${config.instance}" = {
12 | inherit (config) hostname;
13 | fastConnection = false;
14 | profiles.system = {
15 | inherit (config) remoteBuild;
16 | user = "root";
17 | sshUser = "pol";
18 | sshOpts = [ ];
19 | path =
20 | inputs.deploy-rs.lib.${config.system}.activate.nixos
21 | inputs.self.nixosConfigurations.${config.instance};
22 | };
23 | };
24 | }
25 | ) { } (builtins.filter (el: el.system == "x86_64-linux") (import ../hosts.nix));
26 | };
27 | };
28 | }
29 |
--------------------------------------------------------------------------------
/modules/base/system/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules =
3 | let
4 | stateVersion = "25.11";
5 | in
6 | {
7 | homeManager.base = {
8 | home = {
9 | inherit stateVersion;
10 | };
11 | };
12 |
13 | nixos.base = {
14 | system = {
15 | # This value determines the NixOS release from which the default
16 | # settings for stateful data, like file locations and database versions
17 | # on your system were taken. It‘s perfectly fine and recommended to leave
18 | # this value at the release version of the first install of this system.
19 | # Before changing this value read the documentation for this option
20 | # (e.g. man configuration.nix or on https://search.nixos.org/options?&show=system.stateVersion&from=0&size=50&sort=relevance&type=packages&query=stateVersion).
21 | inherit stateVersion;
22 | };
23 | };
24 | };
25 | }
26 |
--------------------------------------------------------------------------------
/modules/flake-parts/host-machines.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | lib,
4 | config,
5 | ...
6 | }:
7 | let
8 | prefix = "hosts/";
9 | in
10 | {
11 | flake.nixosConfigurations = lib.pipe config.flake.modules.nixos [
12 | (lib.filterAttrs (name: _: lib.hasPrefix prefix name))
13 | (lib.mapAttrs' (
14 | name: module:
15 | let
16 | specialArgs = {
17 | inherit inputs;
18 | hostConfig = {
19 | name = lib.removePrefix prefix name;
20 | };
21 | };
22 | in
23 | {
24 | name = lib.removePrefix prefix name;
25 | value = inputs.nixpkgs.lib.nixosSystem {
26 | inherit specialArgs;
27 | modules = [
28 | module
29 | inputs.home-manager.nixosModules.home-manager
30 | {
31 | home-manager.extraSpecialArgs = specialArgs;
32 | }
33 | ];
34 | };
35 | }
36 | ))
37 | ];
38 | }
39 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/elitebook820/system/hardware-configuration.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | lib,
4 | modulesPath,
5 | ...
6 | }:
7 | {
8 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
9 |
10 | boot.initrd.availableKernelModules = [
11 | "xhci_pci"
12 | "ehci_pci"
13 | "ahci"
14 | "usb_storage"
15 | "sd_mod"
16 | "rtsx_pci_sdmmc"
17 | ];
18 | boot.initrd.kernelModules = [ ];
19 | boot.kernelModules = [ "kvm-intel" ];
20 | boot.extraModulePackages = [ ];
21 |
22 | fileSystems."/" = {
23 | device = "/dev/disk/by-uuid/0831c17a-27d6-42b8-a61b-f52cfb02f051";
24 | fsType = "ext4";
25 | };
26 |
27 | fileSystems."/boot" = {
28 | device = "/dev/disk/by-uuid/5185-45FD";
29 | fsType = "vfat";
30 | };
31 |
32 | swapDevices = [ { device = "/dev/disk/by-uuid/066ce479-3611-42e7-9117-f1ef77668010"; } ];
33 |
34 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
35 | }
36 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [![GitHub Workflow Status][github workflow status]][2]
2 | ![GitHub stars][github stars]
3 | ![License][mit]
4 | [![Donate!][donate github]][5]
5 |
6 | # Nix (dotfiles) configurations
7 |
8 | This repository contains the configuration of my local network at home.
9 |
10 | ## Upgrade manually
11 |
12 | ```shell
13 | sudo nixos-rebuild switch --upgrade-all --flake github:drupol/infra -v --refresh
14 | ```
15 |
16 | [github stars]: https://img.shields.io/github/stars/drupol/infra.svg?style=flat-square
17 | [github workflow status]: https://img.shields.io/github/actions/workflow/status/drupol/infra/flake-check.yaml?style=flat-square&branch=master
18 | [license]: https://img.shields.io/packagist/l/drupol/infra.svg?style=flat-square
19 | [donate github]: https://img.shields.io/badge/Sponsor-Github-brightgreen.svg?style=flat-square
20 | [2]: https://github.com/drupol/infra/actions
21 | [mit]: https://img.shields.io/badge/License-MIT-green?style=flat-square
22 | [5]: https://github.com/sponsors/drupol
23 |
--------------------------------------------------------------------------------
/modules/base/nix.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.base =
3 | { pkgs, ... }:
4 | {
5 | nix = {
6 | # See https://discourse.nixos.org/t/24-05-add-flake-to-nix-path/46310/9
7 | # See https://hachyderm.io/@leftpaddotpy/112539055867932912
8 | channel.enable = false;
9 | nixPath = [ "nixpkgs=${pkgs.path}" ];
10 |
11 | # From https://jackson.dev/post/nix-reasonable-defaults/
12 | extraOptions = ''
13 | connect-timeout = 5
14 | log-lines = 50
15 | min-free = 128000000
16 | max-free = 1000000000
17 | fallback = true
18 | '';
19 | optimise.automatic = true;
20 | settings = {
21 | trusted-users = [
22 | "root"
23 | ];
24 | auto-optimise-store = true;
25 | experimental-features = [
26 | "nix-command"
27 | "flakes"
28 | ];
29 | warn-dirty = false;
30 | tarball-ttl = 60 * 60 * 24;
31 | };
32 | };
33 | };
34 | }
35 |
--------------------------------------------------------------------------------
/modules/benix/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake = {
7 | meta.users = {
8 | benix = {
9 | name = "Benix User Group";
10 | email = "demo@example.com";
11 | key = "";
12 | username = "benix";
13 | keygrip = [
14 | ];
15 | authorizedKeys = [
16 | ];
17 | };
18 | };
19 |
20 | modules.nixos.benix = {
21 | users.users.benix = {
22 | description = "Benix User Group";
23 | isNormalUser = true;
24 | createHome = true;
25 | extraGroups = [
26 | "audio"
27 | "input"
28 | "networkmanager"
29 | "sound"
30 | "tty"
31 | ];
32 | initialPassword = "benix";
33 | };
34 |
35 | nix.settings.trusted-users = [ config.flake.meta.users.user.username ];
36 | };
37 |
38 | modules.homeManager.benix =
39 | { pkgs, ... }:
40 | {
41 | home.packages = with pkgs; [
42 | cowsay
43 | ];
44 | };
45 | };
46 | }
47 |
--------------------------------------------------------------------------------
/modules/guacamole/guacamole.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.guacamole = {
3 | services.guacamole-server = {
4 | enable = true;
5 | host = "127.0.0.1";
6 | userMappingXml = ./user-mapping.xml;
7 | };
8 |
9 | services.guacamole-client = {
10 | enable = true;
11 | settings = {
12 | guacd-port = 4822;
13 | guacd-hostname = "localhost";
14 | };
15 | };
16 |
17 | services.caddy = {
18 | enable = true;
19 | virtualHosts."http://".extraConfig = ''
20 | handle_path /* {
21 | rewrite * /guacamole{path}
22 | reverse_proxy 127.0.0.1:8080 {
23 | flush_interval -1
24 | }
25 | }
26 | '';
27 | };
28 |
29 | services.xrdp = {
30 | enable = true;
31 | defaultWindowManager = "startplasma-x11";
32 | openFirewall = true;
33 | };
34 |
35 | networking = {
36 | firewall = {
37 | allowedTCPPorts = [
38 | 80
39 | 443
40 | ];
41 | };
42 | };
43 | };
44 | }
45 |
--------------------------------------------------------------------------------
/modules/flake-parts/deploy.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | ...
4 | }:
5 | {
6 | imports = [
7 | inputs.make-shell.flakeModules.default
8 | ];
9 |
10 | perSystem =
11 | { pkgs, ... }:
12 | {
13 | make-shells.default = {
14 | packages = [
15 | pkgs.deploy-rs
16 | ];
17 | };
18 | };
19 |
20 | flake =
21 | { lib, config, ... }:
22 | {
23 | deploy.nodes = lib.mapAttrs' (
24 | hostname: nixosConfiguration:
25 | let
26 | inherit (nixosConfiguration.config.nixpkgs.hostPlatform) system;
27 | in
28 | {
29 | name = hostname;
30 | value = {
31 | inherit hostname;
32 | fastConnection = false;
33 | profiles.system = {
34 | sshUser = "root";
35 | remoteBuild = true;
36 | confirmTimeout = 300;
37 | path = inputs.deploy-rs.lib.${system}.activate.nixos nixosConfiguration;
38 | };
39 | };
40 | }
41 | ) config.nixosConfigurations;
42 | };
43 | }
44 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/src/bashly.yml:
--------------------------------------------------------------------------------
1 | name: gh-flake-update
2 | help: Create a pull request to update flake attributes in a GitHub repository, with a diff of the changes.
3 | version: 0.0.2
4 | args:
5 | - name: attributes
6 | required: true
7 | repeatable: true
8 | unique: true
9 | help: A list of flake attributes to update, separated by spaces
10 | validate: is_attribute
11 | flags:
12 | - long: --assignee
13 | short: -a
14 | arg: assignee
15 | help: Username to assign the pull request to
16 | required: false
17 | - long: --reviewer
18 | short: -r
19 | arg: reviewer
20 | help: Username to add as a reviewer to the pull request
21 | required: false
22 | - long: --impure
23 | help: Enable impure flag for Nix commands (nix build and nix eval)
24 | required: false
25 | examples:
26 | - gh-flake-update nixosConfigurations.x13.config.system.build.toplevel
27 | environment_variables:
28 | - name: GH_TOKEN
29 | help: Github API token
30 | required: false
31 | dependencies:
32 | - gh
33 | - git
34 | - dix
35 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2025 Pol Dellaiera
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/modules/users/root/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake = {
7 | meta.users = {
8 | root = {
9 | authorizedKeys = [
10 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfxTd6cA45DZPJsk3TmFmRPu1NQQ0XX0kow18mqFsLLaxiUQX1gsfW1kTVRGNh4s77StdsmnU/5oSQEXE6D8p3uEWCwNL74Sf4Lz4UyzSrsjyEEhNTQJromlgrVkf7N3wvEOakSZJICcpl05Z3UeResnkuZGSQ6zDVAKcB3KP1uYbR4SQGmWLHI1meznRkTDM5wHoiyWJnGpQjYVsRZT4LTUJwfhildAOx6ZIZUTsJrl35L2S81E6bv696CVGPvxV+PGbwGTavMYXfrSW4pqCnDPhQCLElQS4Od1qMicfYRSmk/W2oAKb8HZwFoWQSFUStF8ldQRnPyn2wiBQnhxnczt2jUhq1Uj6Nkq/edb1Ywgn7jlBR4BgRLD3K3oMvzJ/d3xDHjU56jc5lCA6lFLDMBV6Q9DKzMwL2jG3aQbehbUwTz7zbUwAHlCFIY5HGs4d9veXHyCsUikCLPvHL/hQU/vFRHHB7WNEyQJZK+ieOAW+un+1eF88iyKsOXE9y8PjLvXYcPHdzGaQKnqzEJSQcTUw9QSzOZQQpmpy8z6Lf08D2I4GHq1REp6d4krJOOW0gXadjsGEhLqQqWGnHE47QBPnlHlDWzOaf3UX59rFsl8xZDXoXzzwJ1stpeJx+Tn/uSNnaf44yXFyeFK/IDUeOrXYD4fSTLP1P/lCFCfeYqw== (none)"
11 | ];
12 | };
13 | };
14 |
15 | modules.nixos.root = {
16 | users.users.root = {
17 | openssh.authorizedKeys.keys = config.flake.meta.users.pol.authorizedKeys;
18 | initialPassword = "id";
19 | };
20 | };
21 | };
22 | }
23 |
--------------------------------------------------------------------------------
/modules/flake-parts/nixpkgs.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | withSystem,
4 | ...
5 | }:
6 | {
7 | imports = [
8 | inputs.pkgs-by-name-for-flake-parts.flakeModule
9 | ];
10 |
11 | perSystem =
12 | { system, ... }:
13 | {
14 | _module.args.pkgs = import inputs.nixpkgs {
15 | inherit system;
16 | config = {
17 | allowUnfreePredicate = _pkg: true;
18 | };
19 | overlays = [
20 | (final: _prev: {
21 | master = import inputs.nixpkgs-master {
22 | inherit (final) config;
23 | inherit system;
24 | };
25 | })
26 | (final: _prev: {
27 | unstable = import inputs.nixpkgs-unstable {
28 | inherit (final) config;
29 | inherit system;
30 | };
31 | })
32 | inputs.nix-webapps.overlays.lib
33 | # inputs.deploy-rs.overlays.default
34 | # (self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; }; })
35 | ];
36 | };
37 | pkgsDirectory = ../../pkgs/by-name;
38 | };
39 |
40 | flake = {
41 | overlays.default = _final: prev: {
42 | local = withSystem prev.stdenv.hostPlatform.system ({ config, ... }: config.packages);
43 | };
44 | };
45 | }
46 |
--------------------------------------------------------------------------------
/modules/games/enemy-territory.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.games =
4 | { pkgs, lib, ... }:
5 | {
6 | home.packages = with pkgs; [
7 | pkgsi686Linux.etlegacy
8 | ];
9 |
10 | xdg.desktopEntries.et-fr-beginner-xps = {
11 | name = "Enemy Territory @ France Beginner XPS";
12 | exec = "${lib.getExe pkgs.etlegacy} +connect 46.105.209.160:27960";
13 | icon = "etl";
14 | categories = [ "Game" ];
15 | terminal = false;
16 | };
17 |
18 | xdg.desktopEntries.et-fr-jaymod-xps = {
19 | name = "Enemy Territory @ Jaymod";
20 | exec = "${lib.getExe pkgs.pkgsi686Linux.etlegacy} +connect 77.202.125.157:27962";
21 | icon = "etl";
22 | categories = [ "Game" ];
23 | terminal = false;
24 | };
25 |
26 | xdg.desktopEntries.et-fr-chti-clan = {
27 | name = "Enemy Territory @ Chti Clan";
28 | exec = "${lib.getExe pkgs.etlegacy} +connect 92.158.15.163:27960";
29 | icon = "etl";
30 | categories = [ "Game" ];
31 | terminal = false;
32 | };
33 |
34 | nixpkgs = {
35 | config.allowUnfree = true;
36 | };
37 | };
38 |
39 | nixos.games = {
40 | # Only to play enemy territory with Jaymod
41 | hardware.graphics.enable32Bit = true;
42 | };
43 | };
44 | }
45 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-element/Element_logo.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-ec-element/Element_logo.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/package.nix:
--------------------------------------------------------------------------------
1 | {
2 | stdenvNoCC,
3 | lib,
4 | bashly,
5 | makeBinaryWrapper,
6 | gh,
7 | gitMinimal,
8 | shellcheck,
9 | dix,
10 | versionCheckHook,
11 | }:
12 | stdenvNoCC.mkDerivation {
13 | pname = "gh-flake-update";
14 | version = "0.0.2";
15 |
16 | src = ./.;
17 |
18 | nativeBuildInputs = [
19 | bashly
20 | makeBinaryWrapper
21 | ];
22 |
23 | buildPhase = ''
24 | runHook preBuild
25 |
26 | bashly build -q
27 |
28 | runHook postBuild
29 | '';
30 |
31 | installPhase = ''
32 | runHook preInstall
33 |
34 | install -Dm755 gh-flake-update -t $out/bin
35 |
36 | wrapProgram $out/bin/gh-flake-update \
37 | --prefix PATH : ${
38 | lib.makeBinPath [
39 | gh
40 | gitMinimal
41 | dix
42 | ]
43 | }
44 |
45 | runHook postInstall
46 | '';
47 |
48 | doCheck = true;
49 | nativeCheckInputs = [
50 | shellcheck
51 | ];
52 | checkPhase = ''
53 | runHook preCheck
54 |
55 | shellcheck ./gh-flake-update
56 |
57 | runHook postCheck
58 | '';
59 |
60 | doInstallCheck = true;
61 | nativeInstallCheckInputs = [ versionCheckHook ];
62 | versionCheckProgramArg = "--version";
63 |
64 | meta = {
65 | description = "A tool to update flake inputs using GitHub CLI";
66 | homepage = "https://github.com/drupol/infra";
67 | license = lib.licenses.mit;
68 | maintainers = with lib.maintainers; [ drupol ];
69 | platforms = lib.platforms.unix;
70 | mainProgram = "gh-flake-update";
71 | };
72 | }
73 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-protonmail/proton-mail-seeklogo.svg:
--------------------------------------------------------------------------------
1 |
17 |
--------------------------------------------------------------------------------
/modules/hosts/elitebook820/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake.modules.nixos."hosts/elitebook820" = {
7 | imports =
8 | with config.flake.modules.nixos;
9 | [
10 | # Modules
11 | base
12 | bluetooth
13 | desktop
14 | dev
15 | facter
16 | fwupd
17 | shell
18 | sound
19 | vpn
20 |
21 | # Users
22 | root
23 | pol
24 | ]
25 | # Specific Home-Manager modules
26 | ++ [
27 | {
28 | home-manager.users.pol = {
29 | imports = with config.flake.modules.homeManager; [
30 | base
31 | desktop
32 | dev
33 | shell
34 | pol
35 | ];
36 | };
37 | }
38 | ];
39 |
40 | boot = {
41 | loader = {
42 | systemd-boot.enable = true;
43 | efi.canTouchEfiVariables = true;
44 | };
45 |
46 | initrd.availableKernelModules = [
47 | "xhci_pci"
48 | "ahci"
49 | "usb_storage"
50 | "sd_mod"
51 | "rtsx_pci_sdmmc"
52 | ];
53 |
54 | kernelModules = [ "kvm-intel" ];
55 | };
56 |
57 | facter.reportPath = ./facter.json;
58 |
59 | fileSystems."/" = {
60 | device = "/dev/disk/by-uuid/0831c17a-27d6-42b8-a61b-f52cfb02f051";
61 | fsType = "ext4";
62 | };
63 |
64 | fileSystems."/boot" = {
65 | device = "/dev/disk/by-uuid/5185-45FD";
66 | fsType = "vfat";
67 | };
68 |
69 | swapDevices = [ { device = "/dev/disk/by-uuid/066ce479-3611-42e7-9117-f1ef77668010"; } ];
70 | };
71 | }
72 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/minimac/system/hardware-configuration.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | lib,
4 | inputs,
5 | modulesPath,
6 | ...
7 | }:
8 | {
9 | imports = [
10 | inputs.nixos-hardware.nixosModules.apple-macmini-4-1
11 | (modulesPath + "/installer/scan/not-detected.nix")
12 | ];
13 |
14 | boot.initrd.availableKernelModules = [
15 | "ohci_pci"
16 | "ehci_pci"
17 | "ahci"
18 | "firewire_ohci"
19 | "usb_storage"
20 | "usbhid"
21 | "sd_mod"
22 | "sr_mod"
23 | "sdhci_pci"
24 | ];
25 | boot.initrd.kernelModules = [ ];
26 | boot.kernelModules = [
27 | "kvm-intel"
28 | "wl"
29 | ];
30 | boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
31 |
32 | fileSystems."/" = {
33 | device = "/dev/disk/by-uuid/4b8ff738-fe53-403a-ba16-a851b41b8c78";
34 | fsType = "ext4";
35 | };
36 |
37 | fileSystems."/boot" = {
38 | device = "/dev/disk/by-uuid/151D-2898";
39 | fsType = "vfat";
40 | };
41 |
42 | swapDevices = [ { device = "/dev/disk/by-uuid/ce60e82c-87ac-47c2-8880-26949434cc3a"; } ];
43 |
44 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
45 | # (the default) this is the recommended approach. When using systemd-networkd it's
46 | # still possible to use this option, but it's recommended to use it in conjunction
47 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`.
48 | networking.useDHCP = lib.mkDefault true;
49 | # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true;
50 | # networking.interfaces.wlp3s0b1.useDHCP = lib.mkDefault true;
51 |
52 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
53 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
54 | }
55 |
--------------------------------------------------------------------------------
/modules/hosts/rpi4/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | inputs,
4 | ...
5 | }:
6 | {
7 | flake.modules.nixos."hosts/rpi4" = {
8 | imports =
9 | with config.flake.modules.nixos;
10 | [
11 | # Modules
12 | base
13 | bluetooth
14 | facter
15 | openssh
16 | rpi4-sdimage
17 | shell
18 | vpn
19 |
20 | # Users
21 | root
22 | pol
23 | ]
24 | # Specific Home-Manager modules
25 | ++ [
26 | {
27 | home-manager.users.pol = {
28 | imports = with config.flake.modules.homeManager; [
29 | base
30 | pol
31 | shell
32 | ];
33 | };
34 | }
35 | ];
36 |
37 | nixpkgs = {
38 | overlays = [
39 | (final: _prev: {
40 | master = import inputs.nixpkgs-master {
41 | inherit (final) config system;
42 | };
43 | })
44 | # Disable U-Boot "Hit any key" prompt. Default bootdelay=2 waits for keypress.
45 | # -2 skips autoboot delay entirely. Combined with boot.loader.timeout=0
46 | # for extlinux menu, this gives instant boot on headless systems.
47 | (_final: prev: {
48 | ubootRaspberryPi4_64bit = prev.ubootRaspberryPi4_64bit.override {
49 | extraConfig = ''
50 | CONFIG_BOOTDELAY=-2
51 | '';
52 | };
53 | })
54 | ];
55 | };
56 |
57 | boot.loader.timeout = 0;
58 | boot.loader.grub.enable = false;
59 | boot.loader.generic-extlinux-compatible.enable = true;
60 |
61 | facter.reportPath = ./facter.json;
62 |
63 | fileSystems = {
64 | "/" = {
65 | device = "/dev/disk/by-label/NIXOS_SD";
66 | fsType = "ext4";
67 | options = [ "noatime" ];
68 | };
69 | };
70 | };
71 | }
72 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-discord/discord-icon.svg:
--------------------------------------------------------------------------------
1 |
2 |
8 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/src/lib/generate_pr_body.sh:
--------------------------------------------------------------------------------
1 | # shellcheck shell=bash
2 |
3 | generate_pr_body() {
4 | local flake_update_output=$1
5 | local -n all_attrs_ref=$2
6 | local -n build_failures_ref=$3
7 | local attr_reports=""
8 |
9 | for attr in "${all_attrs_ref[@]}"; do
10 | local slug
11 | slug=$(attr_to_slug "$attr")
12 | local current_build_path="$TMP_DIR/$slug.current"
13 | local next_build_path="$TMP_DIR/$slug.next"
14 |
15 | if [[ -v "build_failures_ref[$attr]" ]]; then
16 | attr_reports+=$(
17 | cat <<-EOF
18 |
19 | Attribute: ${attr} (Build Failed)
20 |
21 | \`\`\`console
22 | ${build_failures_ref[$attr]}
23 | \`\`\`
24 |
25 |
26 | EOF
27 | )
28 | elif [ ! -L "$current_build_path" ]; then
29 | attr_reports+=$(
30 | cat <<-EOF
31 |
32 | Attribute: ${attr} (Initial Build Failed)
33 |
34 | This attribute was already broken before the update and was skipped.
35 |
36 | EOF
37 | )
38 | elif [ ! -L "$next_build_path" ]; then
39 | attr_reports+=$(
40 | cat <<-EOF
41 |
42 | Attribute: ${attr} (Update Build Failed)
43 |
44 | The build for this attribute failed after the flake update.
45 |
46 | EOF
47 | )
48 | else
49 | attr_reports+=$(
50 | cat <<-EOF
51 |
52 | Attribute: ${attr} (Diff)
53 |
54 | \`\`\`console
55 | $(dix "$current_build_path" "$next_build_path" || echo "dix command failed for $attr")
56 | \`\`\`
57 |
58 |
59 | EOF
60 | )
61 | fi
62 | done
63 |
64 | # Final PR body content
65 | cat <<-EOF
66 | This PR was generated automatically to update the flake inputs.
67 |
68 |
69 | Flake update summary (from commit message)
70 |
71 | \`\`\`console
72 | ${flake_update_output}
73 | \`\`\`
74 |
75 |
76 |
77 | ${attr_reports}
78 | EOF
79 | }
80 |
--------------------------------------------------------------------------------
/modules/searx/searx.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.searx = {
3 | services = {
4 | searx = {
5 | enable = true;
6 | settings = {
7 | use_default_settings = true;
8 |
9 | general = {
10 | privacypolicy_url = false;
11 | enable_metrics = true;
12 | debug = false;
13 | };
14 |
15 | default_doi_resolver = "sci-hub.se";
16 |
17 | server = {
18 | port = 3002;
19 | bind_address = "0.0.0.0";
20 | secret_key = "spotting-gumminess-chamomile-unsuited-purple";
21 | image_proxy = true;
22 | base_url = "/searx";
23 | limiter = false;
24 | public_instance = false;
25 | };
26 |
27 | enabled_plugins = [
28 | "Hash plugin"
29 | "Search on category select"
30 | "Tracker URL remover"
31 | "Hostname replace"
32 | "Unit converter plugin"
33 | "Basic Calculator"
34 | "Open Access DOI rewrite"
35 | ];
36 |
37 | search = {
38 | safe_search = 0; # 0 = None, 1 = Moderate, 2 = Strict
39 | formats = [
40 | "html"
41 | "json"
42 | "rss"
43 | ];
44 | autocomplete = "google"; # "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
45 | default_lang = "en";
46 | };
47 | };
48 | };
49 |
50 | caddy = {
51 | enable = true;
52 | virtualHosts."http://".extraConfig = ''
53 | handle_path /searx/* {
54 | reverse_proxy 127.0.0.1:3002
55 | }
56 | '';
57 | virtualHosts."https://".extraConfig = ''
58 | handle_path /searx/* {
59 | reverse_proxy 127.0.0.1:3002
60 | }
61 | '';
62 | };
63 | };
64 |
65 | networking.firewall.allowedTCPPorts = [
66 | 3002
67 | ];
68 | };
69 | }
70 |
--------------------------------------------------------------------------------
/modules/ai/open-webui.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.ai = {
4 | nixpkgs = {
5 | config.allowUnfree = true;
6 | };
7 |
8 | services = {
9 | open-webui = {
10 | enable = true;
11 | host = "0.0.0.0";
12 | port = 8080;
13 | environment = {
14 | CONTENT_EXTRACTION_ENGINE = "tika";
15 | DEVICE_TYPE = "cpu";
16 | ENABLE_OLLAMA_API = "True";
17 | ENABLE_OPENAI_API = "True";
18 | ENABLE_RAG_HYBRID_SEARCH = "True";
19 | ENABLE_RAG_WEB_LOADER_SSL_VERIFICATION = "False";
20 | ENABLE_RAG_WEB_SEARCH = "True";
21 | OLLAMA_BASE_URL = "http://127.0.0.1:11434";
22 | OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
23 | OPENAI_API_BASE_URL = "http://127.0.0.1:8888/v1";
24 | OPENAI_API_KEY = "";
25 | PDF_EXTRACT_IMAGES = "True";
26 | RAG_EMBEDDING_ENGINE = "ollama";
27 | RAG_EMBEDDING_MODEL = "embeddinggemma:latest";
28 | RAG_EMBEDDING_MODEL_AUTO_UPDATE = "True";
29 | RAG_FILE_MAX_COUNT = "2";
30 | RAG_RERANKING_MODEL = "BAAI/bge-reranker-v2-m3";
31 | RAG_TEXT_SPLITTER = "token";
32 | RAG_WEB_SEARCH_ENGINE = "searxng";
33 | RAG_WEB_SEARCH_RESULT_COUNT = "5";
34 | RESET_CONFIG_ON_START = "True";
35 | SEARXNG_QUERY_URL = "http://apollo:3002/search?q=";
36 | TIKA_SERVER_URL = "http://apollo:9998/";
37 | WEBUI_AUTH = "False";
38 | WEBUI_NAME = "LLM @ Home";
39 | };
40 | };
41 |
42 | caddy = {
43 | enable = true;
44 | virtualHosts."http://".extraConfig = ''
45 | reverse_proxy 127.0.0.1:8080
46 | '';
47 | virtualHosts."https://".extraConfig = ''
48 | reverse_proxy 127.0.0.1:8080
49 | '';
50 | };
51 | };
52 |
53 | networking.firewall.allowedTCPPorts = [
54 | 80
55 | 443
56 | ];
57 | };
58 | };
59 | }
60 |
--------------------------------------------------------------------------------
/modules/ai/litellm/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.nixos.ai = {
3 | services = {
4 | litellm = {
5 | enable = true;
6 | host = "0.0.0.0";
7 | port = 8888;
8 | settings = {
9 | model_list = [
10 | {
11 | model_name = "*";
12 | litellm_params = {
13 | model = "openai/*";
14 | api_key = "os.environ/OPENAI_API_KEY";
15 | };
16 | }
17 | {
18 | model_name = "gpt-4o";
19 | litellm_params = {
20 | model = "openai/gpt-4o";
21 | api_key = "os.environ/OPENAI_API_KEY";
22 | };
23 | }
24 | {
25 | model_name = "deepseek-v3";
26 | litellm_params = {
27 | model = "github/deepseek-v3";
28 | api_key = "os.environ/GITHUB_API_KEY";
29 | };
30 | }
31 | {
32 | model_name = "deepseek-r1";
33 | litellm_params = {
34 | model = "github/deepseek-r1";
35 | api_key = "os.environ/GITHUB_API_KEY";
36 | };
37 | }
38 | {
39 | model_name = "Llama-3.3-70B-Instruct";
40 | litellm_params = {
41 | model = "github/Llama-3.3-70B-Instruct";
42 | api_key = "os.environ/GITHUB_API_KEY";
43 | };
44 | }
45 | {
46 | model_name = "Gemini";
47 | litellm_params = {
48 | model = "gemini/gemini-2.5-pro-exp-03-25";
49 | api_key = "os.environ/GEMINI_API_KEY";
50 | };
51 | }
52 | {
53 | model_name = "mistral/open-mistral-nemo";
54 | litellm_params = {
55 | model = "mistral/open-mistral-nemo";
56 | api_key = "os.environ/MISTRAL_API_KEY";
57 | };
58 | }
59 | ];
60 | };
61 | environmentFile = "/home/pol/Code/drupol/litellm-secrets.env";
62 | openFirewall = true;
63 | };
64 | };
65 | };
66 | }
67 |
--------------------------------------------------------------------------------
/modules/hosts/x260/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake.modules.nixos."hosts/x260" = {
7 | imports =
8 | with config.flake.modules.nixos;
9 | [
10 | # Modules
11 | base
12 | bluetooth
13 | desktop
14 | dev
15 | facter
16 | fwupd
17 | shell
18 | sound
19 | vpn
20 |
21 | # Users
22 | root
23 | pol
24 | ]
25 | # Specific Home-Manager modules
26 | ++ [
27 | {
28 | home-manager.users.pol = {
29 | imports = with config.flake.modules.homeManager; [
30 | base
31 | desktop
32 | dev
33 | shell
34 | pol
35 | ];
36 | };
37 | }
38 | ];
39 |
40 | boot = {
41 | loader = {
42 | systemd-boot.enable = true;
43 | efi.canTouchEfiVariables = true;
44 | };
45 |
46 | initrd.availableKernelModules = [
47 | "xhci_pci"
48 | "ahci"
49 | "usb_storage"
50 | "sd_mod"
51 | "rtsx_pci_sdmmc"
52 | ];
53 |
54 | kernelModules = [ "kvm-intel" ];
55 | };
56 |
57 | facter.reportPath = ./facter.json;
58 |
59 | fileSystems."/" = {
60 | device = "/dev/disk/by-uuid/0441f1d3-2c4c-4038-a76b-b3b4beb755f9";
61 | fsType = "ext4";
62 | };
63 |
64 | fileSystems."/boot" = {
65 | device = "/dev/disk/by-uuid/7104-F69A";
66 | fsType = "vfat";
67 | };
68 |
69 | fileSystems."/nix" = {
70 | device = "/dev/disk/by-uuid/1c6de7e9-6a0d-47c5-ac8b-47f0ba6eecc2";
71 | fsType = "ext4";
72 | neededForBoot = true;
73 | options = [ "noatime" ];
74 | };
75 |
76 | fileSystems."/home" = {
77 | device = "/dev/disk/by-uuid/2523be1d-4020-4442-b6c6-6983137be565";
78 | fsType = "ext4";
79 | };
80 |
81 | swapDevices = [ { device = "/dev/disk/by-uuid/d71fd11a-2609-4c3f-abc2-5ab794180d89"; } ];
82 |
83 | services = {
84 | xserver = {
85 | xkb = {
86 | layout = "be";
87 | };
88 | };
89 | thermald.enable = true;
90 | avahi.enable = true;
91 | };
92 | };
93 | }
94 |
--------------------------------------------------------------------------------
/modules/hosts/apollo/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake.modules.nixos."hosts/apollo" =
7 | { lib, pkgs, ... }:
8 | {
9 | imports =
10 | with config.flake.modules.nixos;
11 | [
12 | # Modules
13 | base
14 | desktop
15 | dev
16 | docling
17 | facter
18 | guacamole
19 | openssh
20 | searx
21 | shell
22 | tika
23 | vpn
24 |
25 | # Users
26 | root
27 | pol
28 | ]
29 | # Specific Home-Manager modules
30 | ++ [
31 | {
32 | home-manager.users.pol = {
33 | imports = with config.flake.modules.homeManager; [
34 | base
35 | desktop
36 | dev
37 | shell
38 | ];
39 |
40 | home.packages = with pkgs; [
41 | thunderbird
42 | ];
43 | };
44 | }
45 | ];
46 |
47 | boot = {
48 | # Use the GRUB 2 boot loader.
49 | loader.grub.enable = true;
50 | loader.grub.device = "/dev/sdb";
51 | loader.grub.useOSProber = false;
52 |
53 | # boot.loader.grub.efiSupport = true;
54 | # boot.loader.grub.efiInstallAsRemovable = true;
55 | # boot.loader.efi.efiSysMountPoint = "/boot/efi";
56 | kernel = {
57 | sysctl = {
58 | "net.ipv4.conf.all.forwarding" = lib.mkForce true;
59 | "net.ipv6.conf.all.forwarding" = lib.mkForce true;
60 | };
61 | };
62 |
63 | initrd.availableKernelModules = [
64 | "ehci_pci"
65 | "ahci"
66 | "xhci_pci"
67 | "firewire_ohci"
68 | "usb_storage"
69 | "usbhid"
70 | "sd_mod"
71 | ];
72 |
73 | kernelModules = [ "kvm-intel" ];
74 | };
75 |
76 | facter.reportPath = ./facter.json;
77 |
78 | fileSystems."/" = {
79 | device = "/dev/disk/by-uuid/6fb8e36f-069c-43db-a843-1e345b17ec04";
80 | fsType = "ext4";
81 | };
82 |
83 | swapDevices = [
84 | { device = "/dev/disk/by-uuid/f70058b0-0600-4a7c-a226-37bf10eb307d"; }
85 | ];
86 | };
87 | }
88 |
--------------------------------------------------------------------------------
/flake.nix:
--------------------------------------------------------------------------------
1 | {
2 | description = "My Nix infrastructure at home";
3 |
4 | inputs = {
5 | nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
6 | nixpkgs-master.url = "github:NixOS/nixpkgs/master";
7 | nixpkgs-unstable.url = "github:/nixos/nixpkgs/nixpkgs-unstable";
8 |
9 | nixos-hardware.url = "github:NixOS/nixos-hardware/master";
10 |
11 | home-manager.url = "github:nix-community/home-manager";
12 | home-manager.inputs.nixpkgs.follows = "nixpkgs";
13 |
14 | deploy-rs.url = "github:serokell/deploy-rs";
15 | deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
16 |
17 | plasma-manager.url = "github:nix-community/plasma-manager";
18 | plasma-manager.inputs.nixpkgs.follows = "nixpkgs";
19 |
20 | nur.url = "github:nix-community/NUR";
21 |
22 | systems.url = "github:nix-systems/default";
23 |
24 | flake-parts.url = "github:hercules-ci/flake-parts";
25 | flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
26 |
27 | git-hooks.url = "github:cachix/git-hooks.nix";
28 | git-hooks.inputs.nixpkgs.follows = "nixpkgs";
29 |
30 | nix-oracle-db.url = "github:drupol/nix-oracle-db";
31 |
32 | nixos-generators.url = "github:nix-community/nixos-generators";
33 | nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
34 |
35 | pkgs-by-name-for-flake-parts.url = "github:drupol/pkgs-by-name-for-flake-parts";
36 |
37 | nix-webapps.url = "github:TLATER/nix-webapps";
38 |
39 | import-tree.url = "github:vic/import-tree";
40 |
41 | nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
42 |
43 | treefmt-nix.url = "github:numtide/treefmt-nix";
44 |
45 | make-shell.url = "github:nicknovitski/make-shell";
46 |
47 | lazy-apps = {
48 | url = "sourcehut:~rycee/lazy-apps";
49 | inputs.nixpkgs.follows = "nixpkgs";
50 | };
51 |
52 | disko = {
53 | url = "github:nix-community/disko";
54 | inputs.nixpkgs.follows = "nixpkgs";
55 | };
56 |
57 | # This is a private repository.
58 | # If you want to clone this project, it won't work unless you have access to it.
59 | # To remove it, remove all the occurrences of `inputs.infra-private` in all the
60 | # files of this project.
61 | infra-private.url = "github:drupol/infra-private";
62 | };
63 |
64 | outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
65 | }
66 |
--------------------------------------------------------------------------------
/modules/hosts/nixos/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake.modules.nixos."hosts/nixos" =
7 | { lib, ... }:
8 | {
9 | imports =
10 | with config.flake.modules.nixos;
11 | [
12 | # Modules
13 | ai
14 | base
15 | dev
16 | facter
17 | openssh
18 | shell
19 | vpn
20 |
21 | # Users
22 | root
23 | pol
24 | ]
25 | # Specific Home-Manager modules
26 | ++ [
27 | {
28 | home-manager.users.pol = {
29 | imports = with config.flake.modules.homeManager; [
30 | base
31 | shell
32 | ];
33 | };
34 | }
35 | ];
36 |
37 | boot = {
38 | # Use the GRUB 2 boot loader.
39 | loader.grub.enable = true;
40 | # boot.loader.grub.efiSupport = true;
41 | # boot.loader.grub.efiInstallAsRemovable = true;
42 | # boot.loader.efi.efiSysMountPoint = "/boot/efi";
43 | # Define on which hard drive you want to install Grub.
44 | loader.grub.device = "/dev/sda"; # or "nodev" for efi only
45 | kernel = {
46 | sysctl = {
47 | "net.ipv4.conf.all.forwarding" = lib.mkForce true;
48 | "net.ipv6.conf.all.forwarding" = lib.mkForce true;
49 | };
50 | };
51 |
52 | initrd.availableKernelModules = [
53 | "xhci_pci"
54 | "ehci_pci"
55 | "ahci"
56 | "usbhid"
57 | "usb_storage"
58 | "sd_mod"
59 | "sr_mod"
60 | ];
61 |
62 | kernelModules = [ "kvm-intel" ];
63 | };
64 |
65 | facter.reportPath = ./facter.json;
66 |
67 | fileSystems."/" = {
68 | device = "/dev/disk/by-uuid/7bb30cda-a7fd-4f83-9cea-a4a80ede8a6e";
69 | fsType = "ext4";
70 | };
71 |
72 | fileSystems."/home" = {
73 | device = "/dev/disk/by-uuid/661a3104-2529-42d8-85fa-36249b1fda5d";
74 | fsType = "ext4";
75 | };
76 |
77 | fileSystems."/boot" = {
78 | device = "/dev/disk/by-uuid/1f4fd44f-280a-452a-9a48-e0b8e402e680";
79 | fsType = "ext4";
80 | };
81 |
82 | swapDevices = [ { device = "/dev/disk/by-uuid/87129bb6-05de-4828-8031-2673a2be7ed4"; } ];
83 |
84 | networking = {
85 | interfaces.eno1.useDHCP = true;
86 | };
87 | };
88 | }
89 |
--------------------------------------------------------------------------------
/modules/hosts/x280/WhatsApp.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/modules/hosts/xeonixos/default.nix:
--------------------------------------------------------------------------------
1 | toplevel: {
2 | flake.modules.nixos."hosts/xeonixos" =
3 | {
4 | lib,
5 | pkgs,
6 | config,
7 | ...
8 | }:
9 | {
10 | imports =
11 | with toplevel.config.flake.modules.nixos;
12 | [
13 | # Modules
14 | base
15 | desktop
16 | dev
17 | facter
18 | guacamole
19 | openssh
20 | shell
21 | vpn
22 |
23 | # Users
24 | root
25 | pol
26 | ]
27 | # Specific Home-Manager modules
28 | ++ [
29 | {
30 | home-manager.users.pol.imports = with toplevel.config.flake.modules.homeManager; [
31 | base
32 | desktop
33 | dev
34 | shell
35 | ];
36 | }
37 | ];
38 |
39 | boot = {
40 | # Use the GRUB 2 boot loader.
41 | loader.grub.enable = true;
42 | loader.grub.device = "/dev/sdb";
43 | loader.grub.useOSProber = false;
44 |
45 | # boot.loader.grub.efiSupport = true;
46 | # boot.loader.grub.efiInstallAsRemovable = true;
47 | # boot.loader.efi.efiSysMountPoint = "/boot/efi";
48 | kernel = {
49 | sysctl = {
50 | "net.ipv4.conf.all.forwarding" = lib.mkForce true;
51 | "net.ipv6.conf.all.forwarding" = lib.mkForce true;
52 | };
53 | };
54 |
55 | initrd.availableKernelModules = [
56 | "ehci_pci"
57 | "ahci"
58 | "xhci_pci"
59 | "firewire_ohci"
60 | "usb_storage"
61 | "usbhid"
62 | "sd_mod"
63 | ];
64 |
65 | kernelModules = [ "kvm-intel" ];
66 | };
67 |
68 | facter.reportPath = ./facter.json;
69 |
70 | fileSystems."/" = {
71 | device = "/dev/disk/by-uuid/6fb8e36f-069c-43db-a843-1e345b17ec04";
72 | fsType = "ext4";
73 | };
74 |
75 | swapDevices = [
76 | { device = "/dev/disk/by-uuid/f70058b0-0600-4a7c-a226-37bf10eb307d"; }
77 | ];
78 |
79 | hardware.nvidia.open = false;
80 | services.xserver.videoDrivers = [ "nvidia" ];
81 | hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_390;
82 | boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_12;
83 |
84 | nixpkgs.config.nvidia.acceptLicense = true;
85 | nixpkgs.config.allowUnfree = true;
86 | };
87 |
88 | }
89 |
--------------------------------------------------------------------------------
/modules/hosts/x280/crelan.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/modules/desktop/environment/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | nixos.desktop =
4 | { pkgs, ... }:
5 | {
6 | programs = {
7 | kdeconnect.enable = true;
8 | partition-manager.enable = true;
9 | };
10 |
11 | xdg = {
12 | portal = {
13 | enable = true;
14 | config.common.default = "kde";
15 | extraPortals = with pkgs; [ kdePackages.xdg-desktop-portal-kde ];
16 | };
17 | };
18 |
19 | networking.firewall = rec {
20 | allowedTCPPortRanges = [
21 | {
22 | from = 1714;
23 | to = 1764;
24 | }
25 | ];
26 | allowedUDPPortRanges = allowedTCPPortRanges;
27 | };
28 |
29 | services = {
30 | xserver = {
31 | enable = true;
32 | xkb = {
33 | options = "eurosign:e";
34 | };
35 | };
36 | desktopManager = {
37 | plasma6 = {
38 | enable = true;
39 | };
40 | };
41 | displayManager = {
42 | sddm = {
43 | enable = true;
44 | };
45 | };
46 | };
47 |
48 | # See https://github.com/NixOS/nixpkgs/issues/414909#issuecomment-3216038215
49 | system.userActivationScripts = {
50 | "restart-plasma" = ''
51 | ${pkgs.xdg-utils}/bin/xdg-desktop-menu forceupdate
52 | '';
53 | };
54 |
55 | };
56 |
57 | homeManager.desktop =
58 | { pkgs, ... }:
59 | {
60 | home = {
61 | packages = with pkgs; [
62 | kdePackages.akonadi-search
63 | kdePackages.akregator
64 | kdePackages.ark
65 | kdePackages.filelight
66 | kdePackages.isoimagewriter
67 | kdePackages.kate
68 | kdePackages.kcalc
69 | kdePackages.kdialog
70 | kdePackages.kgpg
71 | kdePackages.kpipewire
72 | kdePackages.krdc
73 | kdePackages.krfb
74 | kdePackages.ksystemlog
75 | kdePackages.kweather
76 | kdePackages.okular
77 | kdePackages.plasma-browser-integration
78 | kdePackages.sddm-kcm
79 | kdePackages.spectacle
80 | kdePackages.xdg-desktop-portal-kde
81 | kdePackages.yakuake
82 | vlc
83 | ];
84 | };
85 | };
86 | };
87 | }
88 |
--------------------------------------------------------------------------------
/modules/dev/git/gh-dash.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.dev =
4 | { pkgs, ... }:
5 | {
6 | programs = {
7 | gh-dash = {
8 | enable = true;
9 | settings = {
10 | prSections = [
11 | {
12 | title = "To review";
13 | filters = "repo:NixOS/nixpkgs is:open draft:false status:success";
14 | }
15 | {
16 | title = "1st contribution";
17 | filters = ''repo:NixOS/nixpkgs is:open draft:false label:"12. first-time contribution"'';
18 | }
19 | {
20 | title = "1st approval";
21 | filters = ''repo:NixOS/nixpkgs is:open draft:false status:success label:"12.approvals: 1"'';
22 | }
23 | {
24 | title = "From r-ryantm only";
25 | filters = ''repo:NixOS/nixpkgs is:open draft:false status:success base:master -label:"1.severity: mass-rebuild" -label:"1.severity: mass-darwin-rebuild" author:r-ryantm'';
26 | }
27 | {
28 | title = "My PRs";
29 | filters = "is:open author:@me";
30 | }
31 | {
32 | title = "Needs my review";
33 | filters = "is:open review-requested:@me";
34 | }
35 | {
36 | title = "Involved";
37 | filters = "is:open involves:@me -author:@me";
38 | }
39 | ];
40 | defaults = {
41 | prsLimit = 25;
42 | issuesLimit = 10;
43 | view = "prs";
44 | preview = {
45 | open = false;
46 | width = 100;
47 | };
48 | refetchIntervalMinutes = 10;
49 | };
50 | keybindings = {
51 | prs = [
52 | {
53 | key = "V";
54 | command = "cd {{.RepoPath}} && code . && gh pr checkout {{.PrNumber}}";
55 | }
56 | ];
57 | };
58 | repoPaths = {
59 | "NixOS/*" = "~/Code/NixOS/*";
60 | };
61 | theme.ui.table.showSeparator = false;
62 | };
63 | };
64 | gh = {
65 | extensions = [
66 | pkgs.gh-dash
67 | ];
68 | };
69 | };
70 | };
71 | };
72 | }
73 |
--------------------------------------------------------------------------------
/modules/shell/starship.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules = {
3 | homeManager.shell = {
4 | programs = {
5 | starship = {
6 | enable = true;
7 | enableTransience = true;
8 | settings = {
9 | custom.jj1 = {
10 | when = "jj root --ignore-working-copy";
11 | detect_folders = [ ".jj" ];
12 | ignore_timeout = true;
13 | format = "$output ";
14 | command = ''
15 | jj log --revisions @ --no-graph --ignore-working-copy --color always --limit 1 --template '
16 | surround("[", "",
17 | separate(" ",
18 | change_id.shortest(),
19 | commit_id.shortest(),
20 | bookmarks,
21 | "|",
22 | concat(
23 | if(conflict, "💥"),
24 | if(divergent, "🚧"),
25 | if(hidden, "👻"),
26 | if(immutable, "🔒"),
27 | ),
28 | raw_escape_sequence("\x1b[1;32m") ++ if(empty, "(empty)"),
29 | raw_escape_sequence("\x1b[1;32m") ++ coalesce(
30 | truncate_end(29, description.first_line(), "..."),
31 | "(no description)",
32 | ) ++ raw_escape_sequence("\x1b[0m"),
33 | )
34 | )
35 | '
36 | '';
37 | };
38 |
39 | custom.jj2 = {
40 | when = "jj root --ignore-working-copy";
41 | detect_folders = [ ".jj" ];
42 | ignore_timeout = true;
43 | format = "$output ";
44 | command = ''
45 | jj log --revisions "streams()" --no-graph --ignore-working-copy --color always --template '
46 | surround("", "]",
47 | bookmarks
48 | )
49 | '
50 | '';
51 | };
52 |
53 | git_state = {
54 | disabled = true;
55 | };
56 |
57 | git_status = {
58 | disabled = true;
59 | };
60 |
61 | git_commit = {
62 | disabled = true;
63 | };
64 |
65 | git_metrics = {
66 | disabled = true;
67 | };
68 |
69 | git_branch = {
70 | disabled = true;
71 | };
72 | };
73 | };
74 | };
75 | };
76 | };
77 | }
78 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/minimac/system/configuration.nix:
--------------------------------------------------------------------------------
1 | { lib, ... }:
2 | {
3 | # Bootloader.
4 | boot.loader.systemd-boot.enable = true;
5 | boot.loader.efi.canTouchEfiVariables = true;
6 |
7 | # 4G is way too small...
8 | boot.tmp.useTmpfs = lib.mkForce false;
9 |
10 | # The global useDHCP flag is deprecated, therefore explicitly set to false here.
11 | # Per-interface useDHCP will be mandatory in the future, so this generated config
12 | # replicates the default behaviour.
13 |
14 | # services.acpid.enable = true;
15 |
16 | # Configure network proxy if necessary
17 | # networking.proxy.default = "http://user:password@proxy:port/";
18 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
19 |
20 | # Select internationalisation properties.
21 | # i18n.defaultLocale = "en_BE.UTF-8";
22 | # console = {
23 | # font = "Lat2-Terminus16";
24 | # keyMap = "us";
25 | # };
26 | console.useXkbConfig = true;
27 |
28 | services = {
29 | pipewire = {
30 | enable = true;
31 | alsa.enable = true;
32 | alsa.support32Bit = true;
33 | pulse.enable = true;
34 | };
35 | xserver = {
36 | enable = true;
37 | xkb = {
38 | layout = "gb";
39 | options = "eurosign:e";
40 | };
41 | };
42 | };
43 |
44 | # Enable CUPS to print documents.
45 | # services.printing.enable = true;
46 |
47 | security.rtkit.enable = true;
48 |
49 | security.sudo.wheelNeedsPassword = false; # Use 'sudo' without a password
50 | powerManagement.enable = true;
51 |
52 | # List services that you want to enable:
53 | # services.cron = {
54 | # enable = false;
55 | # systemCronJobs = [
56 | # "0 * * * * root nix-channel --update"
57 | # ];
58 | # };
59 |
60 | networking = {
61 | hostName = "minimac";
62 | networkmanager = {
63 | enable = true;
64 | };
65 | useDHCP = false;
66 | };
67 |
68 | # This value determines the NixOS release from which the default
69 | # settings for stateful data, like file locations and database versions
70 | # on your system were taken. It‘s perfectly fine and recommended to leave
71 | # this value at the release version of the first install of this system.
72 | # Before changing this value read the documentation for this option
73 | # (e.g. man configuration.nix or on https://search.nixos.org/options?&show=system.stateVersion&from=0&size=50&sort=relevance&type=packages&query=stateVersion).
74 | system.stateVersion = "24.11"; # Did you read the comment?
75 |
76 | hardware.bluetooth.enable = true;
77 |
78 | services.avahi.enable = true;
79 | }
80 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/elitebook820/system/configuration.nix:
--------------------------------------------------------------------------------
1 | {
2 | # Use the GRUB 2 boot loader.
3 | # boot.loader.grub.enable = true;
4 | # boot.loader.grub.version = 2;
5 | boot.loader.systemd-boot.enable = true;
6 | # boot.loader.grub.useOSProber = true;
7 | boot.loader.efi.canTouchEfiVariables = true;
8 | # boot.loader.grub.efiSupport = true;
9 | # boot.loader.grub.efiInstallAsRemovable = true;
10 | # boot.loader.efi.efiSysMountPoint = "/boot/efi";
11 | # Define on which hard drive you want to install Grub.
12 | # boot.loader.grub.device = "nodev"; # or "nodev" for efi only
13 |
14 | # services.acpid.enable = true;
15 |
16 | # Configure network proxy if necessary
17 | # networking.proxy.default = "http://user:password@proxy:port/";
18 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
19 |
20 | # Select internationalisation properties.
21 | # i18n.defaultLocale = "en_BE.UTF-8";
22 | # console = {
23 | # font = "Lat2-Terminus16";
24 | # keyMap = "us";
25 | # };
26 | console.useXkbConfig = true;
27 |
28 | services = {
29 | pipewire = {
30 | enable = true;
31 | alsa.enable = true;
32 | alsa.support32Bit = true;
33 | pulse.enable = true;
34 | };
35 | xserver = {
36 | enable = true;
37 | xkb = {
38 | layout = "be";
39 | options = "eurosign:e";
40 | };
41 | };
42 | };
43 |
44 | # Enable CUPS to print documents.
45 | # services.printing.enable = true;
46 |
47 | security.rtkit.enable = true;
48 |
49 | security.sudo.wheelNeedsPassword = false; # Use 'sudo' without a password
50 |
51 | powerManagement.enable = true;
52 |
53 | # List services that you want to enable:
54 | # services.cron = {
55 | # enable = false;
56 | # systemCronJobs = [
57 | # "0 * * * * root nix-channel --update"
58 | # ];
59 | # };
60 |
61 | networking = {
62 | hostName = "elitebook820";
63 | networkmanager = {
64 | enable = true;
65 | };
66 | useDHCP = false;
67 | };
68 |
69 | # This value determines the NixOS release from which the default
70 | # settings for stateful data, like file locations and database versions
71 | # on your system were taken. It‘s perfectly fine and recommended to leave
72 | # this value at the release version of the first install of this system.
73 | # Before changing this value read the documentation for this option
74 | # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
75 | system.stateVersion = "21.11"; # Did you read the comment?
76 |
77 | virtualisation.docker.enable = false;
78 |
79 | hardware.bluetooth.enable = true;
80 | }
81 |
--------------------------------------------------------------------------------
/modules/users/pol/default.nix:
--------------------------------------------------------------------------------
1 | topLevel@{
2 | inputs,
3 | ...
4 | }:
5 | {
6 | flake = {
7 | meta.users = {
8 | pol = {
9 | email = "pol.dellaiera@protonmail.com";
10 | name = "Pol Dellaiera";
11 | username = "pol";
12 | key = "0AAF2901E8040715"; # ed25519/0x0AAF2901E8040715
13 | keygrip = [
14 | "143BC4FB7B3AC7C4F902ADCB579D2F66CDA1844A" # rsa4096/0xD476DFE9C67467CA
15 | ];
16 | authorizedKeys = [
17 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfxTd6cA45DZPJsk3TmFmRPu1NQQ0XX0kow18mqFsLLaxiUQX1gsfW1kTVRGNh4s77StdsmnU/5oSQEXE6D8p3uEWCwNL74Sf4Lz4UyzSrsjyEEhNTQJromlgrVkf7N3wvEOakSZJICcpl05Z3UeResnkuZGSQ6zDVAKcB3KP1uYbR4SQGmWLHI1meznRkTDM5wHoiyWJnGpQjYVsRZT4LTUJwfhildAOx6ZIZUTsJrl35L2S81E6bv696CVGPvxV+PGbwGTavMYXfrSW4pqCnDPhQCLElQS4Od1qMicfYRSmk/W2oAKb8HZwFoWQSFUStF8ldQRnPyn2wiBQnhxnczt2jUhq1Uj6Nkq/edb1Ywgn7jlBR4BgRLD3K3oMvzJ/d3xDHjU56jc5lCA6lFLDMBV6Q9DKzMwL2jG3aQbehbUwTz7zbUwAHlCFIY5HGs4d9veXHyCsUikCLPvHL/hQU/vFRHHB7WNEyQJZK+ieOAW+un+1eF88iyKsOXE9y8PjLvXYcPHdzGaQKnqzEJSQcTUw9QSzOZQQpmpy8z6Lf08D2I4GHq1REp6d4krJOOW0gXadjsGEhLqQqWGnHE47QBPnlHlDWzOaf3UX59rFsl8xZDXoXzzwJ1stpeJx+Tn/uSNnaf44yXFyeFK/IDUeOrXYD4fSTLP1P/lCFCfeYqw== (none)"
18 | ];
19 | };
20 | };
21 |
22 | modules.nixos.pol = {
23 | users.users.pol = {
24 | description = topLevel.config.flake.meta.users.pol.name;
25 | isNormalUser = true;
26 | createHome = true;
27 | extraGroups = [
28 | "audio"
29 | "dialout" # Or else: Permission denied: ‘/dev/ttyUSB0’
30 | "input"
31 | "networkmanager"
32 | "sound"
33 | "tty"
34 | "wheel"
35 | ];
36 | openssh.authorizedKeys.keys = topLevel.config.flake.meta.users.pol.authorizedKeys;
37 | initialPassword = "id";
38 | };
39 |
40 | nix.settings.trusted-users = [ topLevel.config.flake.meta.users.pol.username ];
41 | };
42 |
43 | modules.homeManager.pol = {
44 | # Remove this part if no access to the private repository.
45 | imports = [
46 | (if inputs ? infra-private then inputs.infra-private.homeModules.pol else { })
47 | ];
48 |
49 | home.file = {
50 | ".face" = {
51 | source = ../../../files/home/pol/.face;
52 | recursive = true;
53 | };
54 | ".face.icon" = {
55 | source = ../../../files/home/pol/.face;
56 | recursive = true;
57 | };
58 | # Credits to https://store.kde.org/p/1272202
59 | "Pictures/Backgrounds/" = {
60 | source = ../../../files/home/pol/Pictures/Backgrounds;
61 | recursive = true;
62 | };
63 | };
64 | };
65 | };
66 | }
67 |
--------------------------------------------------------------------------------
/modules/hosts/x13/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | inputs,
4 | ...
5 | }:
6 | {
7 | flake.modules.nixos."hosts/x13" = {
8 | imports =
9 | with config.flake.modules.nixos;
10 | [
11 | inputs.nixos-hardware.nixosModules.common-pc-ssd
12 | ]
13 | ++ [
14 | # Modules
15 | base
16 | bluetooth
17 | desktop
18 | displaylink
19 | dev
20 | facter
21 | fwupd
22 | games
23 | shell
24 | sound
25 | vpn
26 |
27 | # Users
28 | root
29 | pol
30 | ]
31 | # Specific Home-Manager modules
32 | ++ [
33 | {
34 | home-manager.users.pol = {
35 | imports = with config.flake.modules.homeManager; [
36 | base
37 | desktop
38 | dev
39 | email
40 | messaging
41 | games
42 | shell
43 | pol
44 | ];
45 | };
46 | }
47 | ];
48 |
49 | boot = {
50 | loader = {
51 | systemd-boot.enable = true;
52 | efi.canTouchEfiVariables = true;
53 | efi.efiSysMountPoint = "/boot/efi";
54 | };
55 |
56 | initrd = {
57 | availableKernelModules = [
58 | "xhci_pci"
59 | "thunderbolt"
60 | "nvme"
61 | "usb_storage"
62 | "sd_mod"
63 | ];
64 | };
65 |
66 | kernelModules = [ "kvm-intel" ];
67 | };
68 |
69 | facter.reportPath = ./facter.json;
70 |
71 | fileSystems."/" = {
72 | device = "/dev/disk/by-uuid/204faa11-b822-4a93-a1ce-9aad34208909";
73 | fsType = "ext4";
74 | };
75 |
76 | fileSystems."/boot/efi" = {
77 | device = "/dev/disk/by-uuid/9C5C-728F";
78 | fsType = "vfat";
79 | };
80 |
81 | fileSystems."/home" = {
82 | device = "/dev/disk/by-uuid/5ebb905e-0d3e-4e43-ac34-7038c7bbdef7";
83 | fsType = "ext4";
84 | };
85 |
86 | fileSystems."/nix" = {
87 | device = "/dev/disk/by-uuid/5b4f6c73-28b0-4792-bda6-c407d8a75a78";
88 | fsType = "ext4";
89 | };
90 |
91 | swapDevices = [ { device = "/dev/disk/by-uuid/4d6748a8-dddc-40c5-86ed-04bd3c75c9c0"; } ];
92 |
93 | programs = {
94 | noisetorch = {
95 | enable = true;
96 | };
97 | projecteur = {
98 | enable = true;
99 | };
100 | };
101 |
102 | services = {
103 | xserver = {
104 | xkb = {
105 | layout = "gb";
106 | };
107 | };
108 | thermald.enable = true;
109 | avahi.enable = true;
110 | };
111 | };
112 | }
113 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-ec-teams/Microsoft_Office_Teams.svg:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-umons-teams/Microsoft_Office_Teams.svg:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/pkgs/by-name/gh-flake-update/src/root_command.sh:
--------------------------------------------------------------------------------
1 | # shellcheck shell=bash
2 | declare -A build_failures
3 | declare -a successful_attrs=()
4 |
5 | GITHUB_REVIEWER=${args[--reviewer]}
6 | readonly GITHUB_REVIEWER
7 | GITHUB_ASSIGNEE=${args[--assignee]}
8 | readonly GITHUB_ASSIGNEE
9 | IMPURE=${args[--impure]:-0}
10 | all_attrs=()
11 | eval "all_attrs=(${args[attributes]})"
12 |
13 | NIX_FLAGS=()
14 | if [ "$IMPURE" -eq 1 ]; then
15 | NIX_FLAGS=(--impure)
16 | fi
17 |
18 | # --- Runtime Setup ---
19 | # This section now runs ONLY when main is called, after arg validation.
20 | TMP_DIR=$(mktemp -d -t gh-flake-update.XXXXXXXXXX)
21 | readonly TMP_DIR
22 | WORKTREE_DIR="$TMP_DIR/worktree"
23 | readonly WORKTREE_DIR
24 | COMMIT_MESSAGE_FILE="$TMP_DIR/commit-message.txt"
25 | readonly COMMIT_MESSAGE_FILE
26 | PR_BODY_FILE="$TMP_DIR/pr-body.md"
27 | readonly PR_BODY_FILE
28 | BRANCH_NAME="flake-update-$(date '+%F')"
29 | readonly BRANCH_NAME
30 | COMMIT_TITLE="chore(deps): update flake inputs"
31 | readonly COMMIT_TITLE
32 | trap cleanup EXIT INT TERM
33 |
34 | echo "--- Starting update process for attributes: ${all_attrs[*]} ---"
35 |
36 | git worktree add -B "$BRANCH_NAME" "$WORKTREE_DIR"
37 | cd "$WORKTREE_DIR" || {
38 | echo "Error: Failed to change directory to worktree '$WORKTREE_DIR'." >&2
39 | exit 1
40 | }
41 |
42 | echo "--- Building 'current' configurations (pre-update) ---"
43 | for attr in "${all_attrs[@]}"; do
44 | echo "Building current state for attribute: $attr"
45 | local slug
46 | slug=$(attr_to_slug "$attr")
47 | if ! build_output=$(nix build ".#${attr}" "${NIX_FLAGS[@]}" --quiet --out-link "$TMP_DIR/$slug.current" 2>&1); then
48 | echo "WARNING: Initial build failed for '$attr'. It will be skipped." >&2
49 | build_failures["$attr"]="$build_output"
50 | else
51 | successful_attrs+=("$attr")
52 | fi
53 | done
54 |
55 | echo "--- Updating flake.lock ---"
56 | local flake_update_output
57 | flake_update_output=$(nix flake update 2>&1)
58 | echo "$flake_update_output"
59 |
60 | if git diff --quiet flake.lock; then
61 | echo "No changes to flake.lock. Nothing to do."
62 | # The trap will still call cleanup, which is correct here.
63 | exit 0
64 | fi
65 |
66 | if [ ${#successful_attrs[@]} -gt 0 ]; then
67 | echo "--- Building 'next' configurations (post-update) ---"
68 | for attr in "${successful_attrs[@]}"; do
69 | echo "Building next state for attribute: $attr"
70 | local slug
71 | slug=$(attr_to_slug "$attr")
72 | if ! build_output=$(nix build ".#${attr}" "${NIX_FLAGS[@]}" --quiet --out-link "$TMP_DIR/$slug.next" 2>&1); then
73 | echo "WARNING: Post-update build failed for '$attr'." >&2
74 | # shellcheck disable=SC2034
75 | build_failures["$attr"]="$build_output"
76 | fi
77 | done
78 | fi
79 |
80 | echo "--- Generating content for commit and PR body ---"
81 | echo -e "$COMMIT_TITLE\n\n$flake_update_output" >"$COMMIT_MESSAGE_FILE"
82 | generate_pr_body "$flake_update_output" all_attrs build_failures >"$PR_BODY_FILE"
83 |
84 | echo "--- Committing and Pushing ---"
85 | git add flake.lock
86 | git commit \
87 | -F "$COMMIT_MESSAGE_FILE" \
88 | --no-signoff \
89 | --no-verify \
90 | --no-edit \
91 | --cleanup=verbatim
92 |
93 | git push --force origin "$BRANCH_NAME"
94 |
95 | if [ -n "$GH_TOKEN" ] || [ -n "$GITHUB_TOKEN" ]; then
96 | echo "--- Creating GitHub PR ---"
97 | declare -a pr_opts=()
98 | if [ -n "$GITHUB_ASSIGNEE" ]; then
99 | pr_opts+=(--assignee "$GITHUB_ASSIGNEE")
100 | echo "Assignee: $GITHUB_ASSIGNEE"
101 | fi
102 | if [ -n "$GITHUB_REVIEWER" ]; then
103 | pr_opts+=(--reviewer "$GITHUB_REVIEWER")
104 | echo "Reviewer: $GITHUB_REVIEWER"
105 | fi
106 |
107 | gh pr create \
108 | --title "$COMMIT_TITLE" \
109 | --body-file "$PR_BODY_FILE" \
110 | --head "$BRANCH_NAME" \
111 | "${pr_opts[@]}"
112 |
113 | echo "--- Successfully created PR for flake update! ---"
114 | else
115 | echo "Error: GitHub token (GH_TOKEN or GITHUB_TOKEN) is not available. Skipping PR creation." >&2
116 | fi
117 |
--------------------------------------------------------------------------------
/_to_migrate/hosts/ec2/system/configuration.nix:
--------------------------------------------------------------------------------
1 | { lib, modulesPath, ... }:
2 | {
3 | imports = [
4 | "${modulesPath}/virtualisation/amazon-image.nix"
5 | ./hardware.nix
6 | ];
7 |
8 | # Use the GRUB 2 boot loader.
9 | # boot.loader.grub.enable = true;
10 | # boot.loader.grub.version = 2;
11 | # boot.loader.systemd-boot.enable = true;
12 | # boot.loader.grub.useOSProber = true;
13 | # boot.loader.efi.canTouchEfiVariables = true;
14 | # boot.loader.grub.efiSupport = true;
15 | # boot.loader.grub.efiInstallAsRemovable = true;
16 | # boot.loader.efi.efiSysMountPoint = "/boot/efi";
17 | # Define on which hard drive you want to install Grub.
18 | # boot.loader.grub.device = "nodev"; # or "nodev" for efi only
19 |
20 | networking.hostName = "ec2"; # Define your hostname.
21 | networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
22 |
23 | # The global useDHCP flag is deprecated, therefore explicitly set to false here.
24 | # Per-interface useDHCP will be mandatory in the future, so this generated config
25 | # replicates the default behaviour.
26 | networking.useDHCP = false;
27 | # networking.interfaces.eno1.useDHCP = true;
28 | networking.interfaces.eth0.useDHCP = true;
29 |
30 | # services.acpid.enable = true;
31 |
32 | # Configure network proxy if necessary
33 | # networking.proxy.default = "http://user:password@proxy:port/";
34 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
35 |
36 | # Select internationalisation properties.
37 | # i18n.defaultLocale = "en_BE.UTF-8";
38 | # console = {
39 | # font = "Lat2-Terminus16";
40 | # keyMap = "us";
41 | # };
42 |
43 | services.udisks2.enable = lib.mkForce false;
44 |
45 | # Configure keymap in X11
46 | services.xserver.xkb.layout = "gb";
47 | services.xserver.xkb.options = "eurosign:e";
48 |
49 | # Enable CUPS to print documents.
50 | # services.printing.enable = true;
51 |
52 | # Enable sound.
53 | #sound.enable = true;
54 | #hardware.pulseaudio.enable = true;
55 | #hardware.pulseaudio.support32Bit = true;
56 | #hardware.pulseaudio.package = pkgs.pulseaudioFull;
57 |
58 | security.rtkit.enable = true;
59 |
60 | # boot.extraModprobeConfig = ''
61 | # options snd_hda_intel enable=0,1
62 | # '';
63 |
64 | # Enable touchpad support (enabled default in most desktopManager).
65 | # services.xserver.libinput.enable = true;
66 |
67 | security.sudo.wheelNeedsPassword = false; # Use 'sudo' without a password
68 | services.openssh.settings.PasswordAuthentication = false;
69 |
70 | powerManagement.enable = true;
71 |
72 | programs = { };
73 |
74 | # Some programs need SUID wrappers, can be configured further or are
75 | # started in user sessions.
76 | # programs.mtr.enable = true;
77 |
78 | # List services that you want to enable:
79 | # services.cron = {
80 | # enable = false;
81 | # systemCronJobs = [
82 | # "0 * * * * root nix-channel --update"
83 | # ];
84 | # };
85 | # Enable the OpenSSH daemon.
86 | # services.openssh.enable = false;
87 |
88 | # networking.firewall.allowedTCPPorts = [ 3389 ];
89 | # networking.firewall.checkReversePath = false;
90 | # Open ports in the firewall.
91 | # networking.firewall.allowedTCPPorts = [ ... ];
92 | # networking.firewall.allowedUDPPorts = [ ... ];
93 | # Or disable the firewall altogether.
94 | # networking.firewall.enable = false;
95 |
96 | # This value determines the NixOS release from which the default
97 | # settings for stateful data, like file locations and database versions
98 | # on your system were taken. It‘s perfectly fine and recommended to leave
99 | # this value at the release version of the first install of this system.
100 | # Before changing this value read the documentation for this option
101 | # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
102 | system.stateVersion = "21.11"; # Did you read the comment?
103 |
104 | # Limit the systemd journal to 100 MB of disk or the
105 | # last 7 days of logs, whichever happens first.
106 | services.journald.extraConfig = ''
107 | SystemMaxUse=100M
108 | MaxFileSec=3day
109 | '';
110 |
111 | # system.copySystemConfiguration = true;
112 |
113 | services.fwupd.enable = true;
114 |
115 | virtualisation.docker.enable = true;
116 |
117 | hardware.bluetooth.enable = true;
118 | # networking.resolvconf.dnsExtensionMechanism = false;
119 | }
120 |
--------------------------------------------------------------------------------
/modules/hosts/imac/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake.modules.nixos."hosts/imac" =
7 | { pkgs, ... }:
8 | {
9 | imports =
10 | with config.flake.modules.nixos;
11 | [
12 | # Modules
13 | base
14 | bluetooth
15 | desktop
16 | dev
17 | facter
18 | fwupd
19 | openssh
20 | sound
21 | vpn
22 |
23 | # Users
24 | root
25 | pol
26 | ]
27 | # Specific Home-Manager modules
28 | ++ [
29 | {
30 | home-manager.users.pol = {
31 | imports = with config.flake.modules.homeManager; [
32 | base
33 | desktop
34 | dev
35 | pol
36 | ];
37 | };
38 | }
39 | ];
40 |
41 | boot.loader = {
42 | systemd-boot.enable = true;
43 | efi.canTouchEfiVariables = true;
44 | };
45 |
46 | facter.reportPath = ./facter.json;
47 |
48 | fileSystems."/" = {
49 | device = "/dev/disk/by-uuid/7f407c85-1ca8-4d01-8e4a-73a6f607caa7";
50 | fsType = "ext4";
51 | };
52 |
53 | fileSystems."/boot" = {
54 | device = "/dev/disk/by-uuid/F509-F532";
55 | fsType = "vfat";
56 | options = [
57 | "fmask=0077"
58 | "dmask=0077"
59 | ];
60 | };
61 |
62 | swapDevices = [
63 | { device = "/dev/disk/by-uuid/c9e3a23f-d2c6-49c7-94ad-0372aa4f94e5"; }
64 | ];
65 |
66 | services.xserver.videoDrivers = [
67 | "nvidia"
68 | "intel"
69 | ];
70 |
71 | # Enable sound with pipewire.
72 | services.pulseaudio.enable = false;
73 | security.rtkit.enable = true;
74 | services.pipewire = {
75 | enable = true;
76 | alsa.enable = true;
77 | alsa.support32Bit = true;
78 | pulse.enable = true;
79 | };
80 |
81 | system.stateVersion = "25.05";
82 |
83 | nixpkgs.config.nvidia.acceptLicense = true;
84 | nixpkgs.config.allowBroken = true;
85 | hardware = {
86 | opengl = {
87 | enable = true;
88 | driSupport = true;
89 | driSupport32Bit = true;
90 | };
91 | graphics.enable = true;
92 | nvidia = {
93 | # Optionally, you may need to select the appropriate driver version for your specific GPU.
94 | package = pkgs.linuxPackages_latest.nvidiaPackages.legacy_390;
95 |
96 | # Modesetting is required.
97 | modesetting.enable = true;
98 |
99 | # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
100 | # Enable this if you have graphical corruption issues or application crashes after waking
101 | # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
102 | # of just the bare essentials.
103 | powerManagement.enable = true;
104 |
105 | # Fine-grained power management. Turns off GPU when not in use.
106 | # Experimental and only works on modern Nvidia GPUs (Turing or newer).
107 | powerManagement.finegrained = false;
108 |
109 | # Use the NVidia open source kernel module (not to be confused with the
110 | # independent third-party "nouveau" open source driver).
111 | # Support is limited to the Turing and later architectures. Full list of
112 | # supported GPUs is at:
113 | # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
114 | # Only available from driver 515.43.04+
115 | # Currently "beta quality", so false is currently the recommended setting.
116 | open = false;
117 |
118 | # Enable the Nvidia settings menu,
119 | # accessible via `nvidia-settings`.
120 | nvidiaSettings = true;
121 | };
122 | };
123 |
124 | boot.blacklistedKernelModules = [
125 | "nouveau"
126 | "rivafb"
127 | "nvidiafb"
128 | "rivatv"
129 | "nv"
130 | "uvcvideo"
131 | ];
132 | boot.extraModulePackages = [
133 | pkgs.linuxPackages_latest.broadcom_sta
134 | config.boot.kernelPackages.nvidia_x11
135 | ];
136 |
137 | nixpkgs.config.permittedInsecurePackages = [
138 | "broadcom-sta-6.30.223.271-59-6.17.9"
139 | ];
140 | };
141 | }
142 |
--------------------------------------------------------------------------------
/modules/hosts/x280/BNP_Paribas.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/modules/hosts/x1c/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | inputs,
4 | ...
5 | }:
6 | {
7 | flake.modules.nixos."hosts/x1c" = {
8 | imports =
9 | with config.flake.modules.nixos;
10 | [
11 | inputs.disko.nixosModules.disko
12 |
13 | # Modules
14 | base
15 | bluetooth
16 | desktop
17 | # displaylink
18 | dev
19 | education
20 | facter
21 | fwupd
22 | games
23 | lora
24 | shell
25 | sound
26 | vpn
27 |
28 | # Users
29 | root
30 | pol
31 | ]
32 | # Specific Home-Manager modules
33 | ++ [
34 | {
35 | home-manager.users.pol = {
36 | imports = with config.flake.modules.homeManager; [
37 | base
38 | desktop
39 | dev
40 | email
41 | messaging
42 | pol
43 | games
44 | shell
45 | work
46 | ];
47 | };
48 | }
49 | ];
50 |
51 | nixpkgs = {
52 | overlays = [
53 | (final: _prev: {
54 | master = import inputs.nixpkgs-master {
55 | inherit (final) config system;
56 | };
57 | })
58 | ];
59 | };
60 |
61 | boot = {
62 | binfmt.emulatedSystems = [ "aarch64-linux" ];
63 |
64 | plymouth.enable = true;
65 |
66 | loader = {
67 | systemd-boot.enable = true;
68 | efi.canTouchEfiVariables = true;
69 | };
70 |
71 | kernelModules = [ "kvm-intel" ];
72 |
73 | kernelParams = [
74 | "quiet"
75 | "splash"
76 | ];
77 | };
78 |
79 | facter.reportPath = ./facter.json;
80 |
81 | programs = {
82 | noisetorch = {
83 | enable = true;
84 | };
85 | projecteur = {
86 | enable = true;
87 | };
88 | };
89 |
90 | services = {
91 | xserver = {
92 | xkb = {
93 | layout = "us";
94 | };
95 | };
96 | thermald.enable = true;
97 | avahi.enable = true;
98 | fprintd = {
99 | enable = true;
100 | };
101 | logind = {
102 | settings.Login = {
103 | # Only suspend on lid closed when laptop is disconnected
104 | HandleLidSwitch = "ignore";
105 | HandleLidSwitchDocked = "ignore";
106 | HandleLidSwitchExternalPower = "lock";
107 | };
108 | };
109 | };
110 |
111 | # To share ethernet connection
112 | networking.firewall.allowedUDPPorts = [
113 | 53
114 | 67
115 | ];
116 |
117 | disko.devices = {
118 | disk.ssd = {
119 | type = "disk";
120 | device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLC1T0HFLU-00BLL_S7SDNF0Y868204";
121 | content = {
122 | type = "gpt";
123 | partitions = {
124 | ESP = {
125 | type = "EF00";
126 | size = "1000M";
127 | content = {
128 | type = "filesystem";
129 | format = "vfat";
130 | mountpoint = "/boot";
131 | };
132 | };
133 | luks = {
134 | size = "100%";
135 | content = {
136 | type = "luks";
137 | name = "crypted";
138 | settings.allowDiscards = true;
139 | content = {
140 | type = "lvm_pv";
141 | vg = "pool";
142 | };
143 | };
144 | };
145 | };
146 | };
147 | };
148 | lvm_vg = {
149 | pool = {
150 | type = "lvm_vg";
151 | lvs = {
152 | swap = {
153 | size = "32G";
154 | content = {
155 | type = "swap";
156 | randomEncryption = true;
157 | };
158 | };
159 | home = {
160 | size = "75%";
161 | content = {
162 | type = "filesystem";
163 | format = "ext4";
164 | mountpoint = "/home";
165 | };
166 | };
167 | nix = {
168 | size = "100%FREE";
169 | content = {
170 | type = "filesystem";
171 | format = "ext4";
172 | mountpoint = "/nix";
173 | mountOptions = [
174 | "noatime"
175 | ];
176 | };
177 | };
178 |
179 | root = {
180 | size = "10G";
181 | content = {
182 | type = "filesystem";
183 | format = "ext4";
184 | mountpoint = "/";
185 | mountOptions = [
186 | "defaults"
187 | ];
188 | };
189 | };
190 | };
191 | };
192 | };
193 | };
194 |
195 | };
196 | }
197 |
--------------------------------------------------------------------------------
/modules/hosts/x280/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | config,
3 | ...
4 | }:
5 | {
6 | flake.modules.homeManager.user =
7 | { lib, ... }:
8 | {
9 | programs.plasma = {
10 | fonts = lib.mkForce { };
11 |
12 | input.keyboard.layouts = lib.mkForce [
13 | {
14 | layout = "be";
15 | }
16 | ];
17 |
18 | configFile = {
19 | plasma-localerc = lib.mkForce {
20 | Formats = {
21 | LANG = "fr_BE.UTF-8";
22 | };
23 | };
24 | };
25 | };
26 |
27 | xdg.desktopEntries = {
28 | whatsapp = {
29 | type = "Application";
30 | name = "Whatsapp";
31 | genericName = "Messenger";
32 | comment = "Whatsapp";
33 | exec = "firefox --new-window https://web.whatsapp.com";
34 | icon = ./WhatsApp.svg;
35 | terminal = false;
36 | categories = [
37 | "AudioVideo"
38 | "Network"
39 | ];
40 | };
41 | messages = {
42 | type = "Application";
43 | name = "Messages";
44 | genericName = "Messenger";
45 | comment = "Google Messages Web";
46 | exec = "firefox --new-window https://messages.google.com/web/conversations";
47 | icon = ./Google_Messages.svg;
48 | terminal = false;
49 | categories = [
50 | "AudioVideo"
51 | "Network"
52 | ];
53 | };
54 | crelan = {
55 | type = "Application";
56 | name = "Crelan";
57 | genericName = "Banking";
58 | comment = "Crelan Online Banking";
59 | exec = "firefox --new-window https://mycrelan.crelan.be/";
60 | icon = ./crelan.svg;
61 | terminal = false;
62 | categories = [
63 | "Network"
64 | "Office"
65 | ];
66 | };
67 | bnpparibas = {
68 | type = "Application";
69 | name = "BNP Paribas Fortis";
70 | genericName = "Banking";
71 | comment = "BNP Paribas Fortis Online Banking";
72 | exec = "firefox --new-window https://www.bnpparibasfortis.be/en/generic/logon";
73 | icon = ./BNP_Paribas.svg;
74 | terminal = false;
75 | categories = [
76 | "Network"
77 | "Office"
78 | ];
79 | };
80 | };
81 |
82 | programs.firefox.languagePacks = lib.mkForce [ "fr" ];
83 | programs.firefox.profiles.default.settings."intl.locale.requested" = lib.mkForce "fr,it";
84 | programs.firefox.profiles.default.settings."intl.accept_languages" = lib.mkForce "fr,it";
85 | programs.firefox.profiles.default.settings."font.name.monospace.x-western" = lib.mkForce "";
86 | programs.firefox.profiles.default.settings."font.name.sans-serif.x-western" = lib.mkForce "";
87 | programs.firefox.profiles.default.settings."font.name.serif.x-western" = lib.mkForce "";
88 |
89 | programs.thunderbird = {
90 | settings = {
91 | "intl.locale.requested" = lib.mkForce "fr,it";
92 | "intl.accept_languages" = lib.mkForce "fr,it";
93 | };
94 | };
95 | };
96 |
97 | flake.modules.nixos."hosts/x280" =
98 | { pkgs, lib, ... }:
99 | {
100 | imports =
101 | with config.flake.modules.nixos;
102 | [
103 | # Modules
104 | base
105 | bluetooth
106 | desktop
107 | facter
108 | fwupd
109 | openssh
110 | sound
111 | vpn
112 |
113 | # Users
114 | root
115 | user
116 | ]
117 | # Specific Home-Manager modules
118 | ++ [
119 | {
120 | home-manager.users.user = {
121 | imports = with config.flake.modules.homeManager; [
122 | base
123 | desktop
124 | user
125 | ];
126 | };
127 | }
128 | ];
129 |
130 | boot.loader = {
131 | systemd-boot.enable = true;
132 | efi.canTouchEfiVariables = true;
133 | efi.efiSysMountPoint = "/boot/efi";
134 | };
135 |
136 | programs.firefox.policies.SecurityDevices.p11-kit-proxy = "${pkgs.p11-kit}/lib/p11-kit-proxy.so";
137 |
138 | services = {
139 | xserver = {
140 | xkb = {
141 | layout = "be";
142 | };
143 | };
144 | thermald.enable = true;
145 | avahi.enable = true;
146 | pcscd.enable = true;
147 |
148 | };
149 |
150 | facter.reportPath = ./facter.json;
151 |
152 | fileSystems = {
153 | "/" = {
154 | device = "/dev/disk/by-uuid/89a4586a-eefb-4dd4-bf06-3953902edc1e";
155 | fsType = "ext4";
156 | };
157 |
158 | "/boot/efi" = {
159 | device = "/dev/disk/by-uuid/155B-2355";
160 | fsType = "vfat";
161 | };
162 |
163 | "/home" = {
164 | device = "/dev/disk/by-uuid/ce407b75-260e-47f0-822e-1984866571db";
165 | fsType = "ext4";
166 | };
167 |
168 | "/nix" = {
169 | device = "/dev/disk/by-uuid/c56d5d01-df37-471e-8827-dc193ceb182b";
170 | fsType = "ext4";
171 | };
172 | };
173 |
174 | swapDevices = [ { device = "/dev/disk/by-uuid/005040e5-7773-438e-8ede-f3f63a242d7d"; } ];
175 |
176 | environment.systemPackages = with pkgs; [
177 | thunderbird
178 | libreoffice
179 | eid-mw
180 | beidconnect
181 | ];
182 |
183 | system.autoUpgrade = lib.mkForce {
184 | enable = true;
185 | flake = "https://github.com/drupol/infra";
186 | allowReboot = true;
187 | };
188 |
189 | i18n.defaultLocale = lib.mkForce "fr_BE.UTF-8";
190 |
191 | fonts.packages = lib.mkForce [ ];
192 | };
193 | }
194 |
--------------------------------------------------------------------------------
/modules/dev/editors/zeditor.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | lib,
4 | ...
5 | }:
6 | {
7 | flake.modules = {
8 | homeManager.dev =
9 | { pkgs, ... }:
10 | {
11 | nixpkgs.overlays = [
12 | (final: _prev: {
13 | unstable = import inputs.nixpkgs-unstable {
14 | inherit (final) config system;
15 | };
16 | })
17 | ];
18 |
19 | programs.zed-editor = {
20 | enable = true;
21 | extensions = [
22 | "docker-compose"
23 | "dockerfile"
24 | "git-firefly"
25 | "graphviz"
26 | "http"
27 | "just"
28 | "latex"
29 | "make"
30 | "material-icon-theme"
31 | "nix"
32 | "plantuml"
33 | "pylsp"
34 | "ruff"
35 | "toml"
36 | "typos"
37 | "typst"
38 | ];
39 | userSettings = {
40 | agent = {
41 | default_model = {
42 | provider = "copilot_chat";
43 | model = "gpt-4o";
44 | };
45 | };
46 | file_types = {
47 | Dockerfile = [ "*Containerfile*" ];
48 | };
49 | # assistant = {
50 | # default_model = {
51 | # provider = "zed.dev";
52 | # model = "claude-3-5-sonnet-latest";
53 | # };
54 | # version = "2";
55 | # };
56 | auto_update = false;
57 | autosave = {
58 | after_delay = {
59 | milliseconds = 1000;
60 | };
61 | };
62 | base_keymap = "VSCode";
63 | ensure_final_newline_on_save = true;
64 | buffer_font_family = "Aporetic Sans Mono";
65 | buffer_font_features = {
66 | calt = true;
67 | ligatures = true;
68 | };
69 | buffer_font_size = 14;
70 | edit_predictions = {
71 | disabled_globs = [
72 | "**/.env*"
73 | "**/*.pem"
74 | "**/*.key"
75 | "**/*.cert"
76 | "**/*.crt"
77 | "**/secrets.yml"
78 | ];
79 | };
80 | features = {
81 | edit_prediction_provider = "copilot";
82 | };
83 | format_on_save = "on";
84 | icon_theme = {
85 | mode = "system";
86 | light = "Material Icon Theme";
87 | dark = "Material Icon Theme";
88 | };
89 | inlay_hints = {
90 | enabled = true;
91 | };
92 | languages = {
93 | Markdown = { };
94 | Nix = {
95 | language_servers = [
96 | "nixd"
97 | "!nil"
98 | ];
99 | formatter.external = {
100 | command = "${lib.getExe pkgs.nixfmt}";
101 | arguments = [
102 | "--quiet"
103 | "--"
104 | ];
105 | };
106 | show_edit_predictions = true;
107 | };
108 | Typst = {
109 | formatter = {
110 | language_server = {
111 | name = "tinymist";
112 | };
113 | };
114 | show_edit_predictions = true;
115 | };
116 | Python = {
117 | language_servers = [
118 | "pylsp"
119 | "pyright"
120 | "ruff"
121 | ];
122 | format_on_save = "on";
123 | formatter = [
124 | {
125 | code_action = "source.fixAll.ruff";
126 | }
127 | {
128 | code_action = "source.organizeImports.ruff";
129 | }
130 | {
131 | language_server = {
132 | name = "ruff";
133 | };
134 | }
135 | ];
136 | show_edit_predictions = true;
137 | };
138 | };
139 | load_direnv = "direct";
140 | lsp = {
141 | nixd = {
142 | binary.path = lib.getExe pkgs.nixd;
143 | };
144 | pyright = {
145 | binary.path = pkgs.pyright;
146 | };
147 | pylsp = {
148 | settings = {
149 | plugins = {
150 | pycodestyle = {
151 | enabled = false;
152 | };
153 | mypy = {
154 | enabled = true;
155 | };
156 | };
157 | };
158 | };
159 | tinymist = {
160 | binary.path = lib.getExe pkgs.tinymist;
161 | };
162 | typos = {
163 | binary.path = lib.getExe pkgs.typos-lsp;
164 | };
165 | };
166 | preview_tabs = {
167 | enabled = true;
168 | enable_preview_from_file_finder = true;
169 | enable_preview_from_code_navigation = true;
170 | };
171 | show_edit_predictions = true;
172 | tabs = {
173 | file_icons = true;
174 | git_status = true;
175 | };
176 | tab_size = 2;
177 | telemetry = {
178 | diagnostics = false;
179 | metrics = false;
180 | };
181 | terminal.env = {
182 | EDITOR = "zed --wait";
183 | VISUAL = "zed --wait";
184 | };
185 | ui_font_family = "Aporetic Sans Mono";
186 | ui_font_size = 14;
187 | wrap_guides = [
188 | 80
189 | 120
190 | ];
191 | };
192 | };
193 | };
194 | };
195 | }
196 |
--------------------------------------------------------------------------------
/modules/email/default.nix:
--------------------------------------------------------------------------------
1 | {
2 | flake.modules.homeManager.email =
3 | { pkgs, ... }:
4 | {
5 | programs.thunderbird = {
6 | enable = true;
7 | # Importing ggp key with `pkgs.thunderbird` doesn't work.
8 | # Works without any issues with `pkgs.thunderbird-bin`.
9 | package = pkgs.thunderbird-bin;
10 | settings =
11 | let
12 | mkColumn = visible: ordinal: { inherit visible ordinal; };
13 | columns = {
14 | selectCol = mkColumn false 1;
15 | threadCol = mkColumn true 5;
16 | flaggedCol = mkColumn true 7;
17 | attachmentCol = mkColumn false 9;
18 | subjectCol = mkColumn true 11;
19 | unreadButtonColHeader = mkColumn false 3;
20 | senderCol = mkColumn false 13;
21 | recipientCol = mkColumn false 15;
22 | correspondentCol = mkColumn true 17;
23 | junkStatusCol = mkColumn false 19;
24 | receivedCol = mkColumn false 21;
25 | dateCol = mkColumn true 23;
26 | statusCol = mkColumn false 25;
27 | sizeCol = mkColumn false 27;
28 | tagsCol = mkColumn false 29;
29 | accountCol = mkColumn true 31;
30 | priorityCol = mkColumn false 33;
31 | unreadCol = mkColumn false 35;
32 | totalCol = mkColumn false 37;
33 | locationCol = mkColumn true 39;
34 | idCol = mkColumn false 41;
35 | deleteCol = mkColumn false 43;
36 | };
37 | in
38 | {
39 | "app.update.auto" = false;
40 |
41 | "intl.date_time.pattern_override.date_short" = "yyyy.MM.dd";
42 | "intl.date_time.pattern_override.date_medium" = "yyyy.MM.dd";
43 | "intl.date_time.pattern_override.date_long" = "yyyy.MM.dd";
44 | "intl.date_time.pattern_override.date_full" = "yyyy.MM.dd";
45 | "intl.date_time.pattern_override.time_short" = "HH:mm";
46 | "intl.date_time.pattern_override.time_medium" = "HH:mm";
47 | "intl.date_time.pattern_override.time_long" = "HH:mm";
48 | "intl.date_time.pattern_override.time_full" = "HH:mm";
49 | "intl.date_time.pattern_override.connector_short" = " ";
50 |
51 | "mail.biff.play_sound" = false;
52 | "mail.biff.show_alert" = false;
53 | "mail.default_send_format" = 1; # plain text
54 | "mail.identity.default.archive_enabled" = true;
55 | "mail.identity.default.archive_keep_folder_structure" = true;
56 | "mail.identity.default.auto_quote" = true;
57 | "mail.identity.default.compose_html" = false;
58 | "mail.identity.default.doCc" = true; # enable Cc field by default
59 | "mail.identity.default.protectSubject" = true;
60 | "mail.identity.default.reply_on_top" = 1;
61 | "mail.identity.default.sig_on_reply" = false;
62 | "mail.identity.default.sig_bottom" = false;
63 | "mail.identity.default.fcc_reply_follows_parent" = false;
64 | "mail.pane_config.dynamic" = 1; # Wide layout
65 | "mail.sanitize_date_header" = true;
66 | "mail.server.default.allow_utf8_accept" = true;
67 | "mail.server.default.max_articles" = 1000000;
68 | "mail.server.default.check_all_folders_for_new" = true;
69 | "mail.shell.checkDefaultClient" = false;
70 | "mail.show_headers" = 1;
71 | "mail.threadpane.listview" = 1;
72 | "mail.uifontsize" = 14;
73 | "mail.uidensity" = 0;
74 | "mail.collect_addressbook" = "jsaddrbook://history.sqlite";
75 |
76 | "privacy.donottrackheader.enabled" = true;
77 |
78 | "mailnews.database.global.views.conversation.columns" = columns;
79 | "mailnews.database.global.views.global.columns" = columns;
80 | "mailnews.start_page.enabled" = false;
81 |
82 | # Sorting
83 | # Sort them by the newest reply in thread.
84 | "mailnews.sort_threads_by_root" = false;
85 | "mailnews.default_sort_order" = 2; # descending
86 | "mailnews.default_sort_type" = 18; # by date
87 | "mailnews.default_view_flags" = 1; # Threaded view
88 |
89 | "mailnews.headers.showMessageId" = true;
90 | "mailnews.headers.showOrganization" = true;
91 | "mailnews.headers.showReferences" = true;
92 | "mailnews.headers.showUserAgent" = true;
93 |
94 | "msgcompose.font_face" = "monospace";
95 |
96 | "calendar.timezone.local" = "Europe/Brussels";
97 | "calendar.week.start" = 1;
98 | "calendar.view.visiblehours" = 16;
99 | "calendar.dayendhour" = 24;
100 | "calendar.alarms.eventalarmlen" = 0;
101 | "calendar.alarms.onforevents" = 1;
102 | "calendar.alarms.onfortodos" = 1;
103 | "calendar.alarms.playsound" = false;
104 | "calendar.alarms.todoalarmlen" = 0;
105 | "calendar.event.defaultlength" = 30;
106 | "calendar.events.defaultActionEdit" = true;
107 | "calendar.item.editInTab" = true;
108 | "calendar.task.defaultdueoffset" = 0;
109 | "calendar.task.defaultdue" = "offsetcurrent";
110 | "calendar.timezone.useSystemTimezone" = true;
111 |
112 | # Disable telemetry
113 | "toolkit.telemetry.enabled" = false;
114 | "toolkit.telemetry.rejected" = true;
115 | "toolkit.telemetry.prompted" = 2;
116 |
117 | "font.name.monospace.x-western" = "Aporetic Sans Mono";
118 | "font.size.monospace.x-western" = 12;
119 | "font.name.sans-serif.x-western" = "Aporetic Sans Mono";
120 | "font.size.variable.x-western" = 14;
121 | "font.name.serif.x-western" = "Aporetic Sans Mono";
122 | };
123 | profiles.default = {
124 | isDefault = true;
125 | withExternalGnupg = true;
126 | };
127 | };
128 |
129 | xdg.mimeApps.defaultApplications = {
130 | "x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
131 | "message/rfc822" = "thunderbird.desktop";
132 | "text/calendar" = "thunderbird.desktop";
133 | "text/x-vcard" = "thunderbird.desktop";
134 | };
135 | };
136 | }
137 |
--------------------------------------------------------------------------------
/pkgs/by-name/chromium-umons-webmail/Microsoft_Office_Outlook.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/modules/desktop/web-browsers/firefox.nix:
--------------------------------------------------------------------------------
1 | {
2 | inputs,
3 | ...
4 | }:
5 | {
6 | flake.modules = {
7 | homeManager.desktop =
8 | { pkgs, ... }:
9 | {
10 | nixpkgs.overlays = [
11 | inputs.nur.overlays.default
12 | ];
13 |
14 | programs.firefox =
15 | let
16 | defaultFont = "Aporetic Sans Mono";
17 | in
18 | {
19 | enable = true;
20 | package = pkgs.firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; };
21 | nativeMessagingHosts = [
22 | pkgs.browserpass
23 | pkgs.web-eid-app
24 | ];
25 | profiles.default = {
26 | id = 0;
27 | isDefault = true;
28 | name = "Default";
29 | extensions.packages = [
30 | pkgs.nur.repos.rycee.firefox-addons.belgium-eid
31 | pkgs.nur.repos.rycee.firefox-addons.browserpass
32 | # pkgs.nur.repos.rycee.firefox-addons.bypass-paywalls-clean
33 | # pkgs.nur.repos.rycee.firefox-addons.enhancer-for-youtube
34 | pkgs.nur.repos.rycee.firefox-addons.private-relay
35 | pkgs.nur.repos.rycee.firefox-addons.foxyproxy-standard
36 | pkgs.nur.repos.rycee.firefox-addons.french-dictionary
37 | pkgs.nur.repos.rycee.firefox-addons.istilldontcareaboutcookies
38 | pkgs.nur.repos.rycee.firefox-addons.kristofferhagen-nord-theme
39 | pkgs.nur.repos.rycee.firefox-addons.multi-account-containers
40 | pkgs.nur.repos.rycee.firefox-addons.privacy-badger
41 | pkgs.nur.repos.rycee.firefox-addons.refined-saved-replies
42 | pkgs.nur.repos.rycee.firefox-addons.simple-tab-groups
43 | pkgs.nur.repos.rycee.firefox-addons.tournesol
44 | pkgs.nur.repos.rycee.firefox-addons.ublock-origin
45 | pkgs.nur.repos.rycee.firefox-addons.violentmonkey
46 | pkgs.nur.repos.rycee.firefox-addons.web-eid
47 | ];
48 | search = {
49 | default = "google";
50 | force = true;
51 | engines = {
52 | "autonomous-system-number-search" = {
53 | urls = [ { template = "https://bgp.tools/search?q={searchTerms}"; } ];
54 | icon = "https://bgp.tools/favicon-32x32.png";
55 | updateInterval = 24 * 60 * 60 * 1000; # every day
56 | definedAliases = [ "@asn" ];
57 | };
58 |
59 | "nix-packages" = {
60 | urls = [
61 | {
62 | template = "https://search.nixos.org/packages";
63 | params = [
64 | {
65 | name = "type";
66 | value = "packages";
67 | }
68 | {
69 | name = "query";
70 | value = "{searchTerms}";
71 | }
72 | ];
73 | }
74 | ];
75 |
76 | icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
77 | definedAliases = [ "@np" ];
78 | };
79 |
80 | "nixpkgs-prs" = {
81 | urls = [ { template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}"; } ];
82 | icon = "https://nixos.org/favicon.png";
83 | updateInterval = 24 * 60 * 60 * 1000; # every day
84 | definedAliases = [ "@npr" ];
85 | };
86 |
87 | "nixos-wiki" = {
88 | urls = [ { template = "https://wiki.nixos.org/index.php?search={searchTerms}"; } ];
89 | icon = "https://wiki.nixos.org/favicon.png";
90 | updateInterval = 24 * 60 * 60 * 1000; # every day
91 | definedAliases = [ "@nw" ];
92 | };
93 |
94 | "noogle-dev-search" = {
95 | urls = [ { template = "https://noogle.dev/?term=%22{searchTerms}%22"; } ];
96 | icon = "https://noogle.dev/favicon.png";
97 | updateInterval = 24 * 60 * 60 * 1000; # every day
98 | definedAliases = [
99 | "@ngd"
100 | "@nog"
101 | ];
102 | };
103 |
104 | "bing".metaData.hidden = true;
105 | "duckduckgo".metaData.hidden = true;
106 | "amazonnl".metaData.hidden = true;
107 | "ebay".metaData.hidden = true;
108 | "google".metaData.alias = "@g";
109 | };
110 | };
111 | settings = {
112 | "app.update.auto" = false;
113 | "browser.aboutConfig.showWarning" = false;
114 | "browser.urlbar.update2.engineAliasRefresh" = true;
115 | "browser.shell.checkDefaultBrowser" = false;
116 | "browser.startup.homepage" = "";
117 | "cookiebanners.service.mode" = 2;
118 | # Enable HTTPS-Only Mode
119 | "dom.security.https_only_mode" = true;
120 | "dom.security.https_only_mode_ever_enabled" = true;
121 | # Privacy settings
122 | "privacy.donottrackheader.enabled" = true;
123 | "privacy.trackingprotection.enabled" = true;
124 | "privacy.trackingprotection.socialtracking.enabled" = true;
125 | "privacy.partition.network_state.ocsp_cache" = true;
126 | # Disable all sorts of telemetry
127 | "browser.newtabpage.activity-stream.feeds.telemetry" = false;
128 | "browser.newtabpage.activity-stream.telemetry" = false;
129 | "browser.fullscreen.autohide" = false;
130 | "browser.newtabpage.activity-stream.topSitesRows" = 0;
131 | "browser.urlbar.quickactions.enabled" = true;
132 | "browser.safebrowsing.malware.enabled" = false;
133 | "browser.search.hiddenOneOffs" = "Google,Yahoo,Bing,Amazon.com,Twitter";
134 | "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false;
135 | "browser.urlbar.trimURLs" = false;
136 | "browser.ping-centre.telemetry" = false;
137 | "browser.urlbar.suggest.bookmark" = false;
138 | "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
139 | "browser.urlbar.suggest.quicksuggest.sponsored" = false;
140 | "browser.urlbar.suggest.searches" = false;
141 | "toolkit.telemetry.archive.enabled" = false;
142 | "toolkit.telemetry.bhrPing.enabled" = false;
143 | "toolkit.telemetry.enabled" = false;
144 | "toolkit.telemetry.firstShutdownPing.enabled" = false;
145 | "toolkit.telemetry.hybridContent.enabled" = false;
146 | "toolkit.telemetry.newProfilePing.enabled" = false;
147 | "toolkit.telemetry.reportingpolicy.firstRun" = false;
148 | "toolkit.telemetry.shutdownPingSender.enabled" = false;
149 | "toolkit.telemetry.unified" = false;
150 | "toolkit.telemetry.updatePing.enabled" = false;
151 |
152 | # As well as Firefox 'experiments'
153 | "experiments.activeExperiment" = false;
154 | "experiments.enabled" = false;
155 | "experiments.supported" = false;
156 | "network.allow-experiments" = false;
157 | # Disable Pocket Integration
158 | "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
159 | "extensions.pocket.enabled" = false;
160 | "extensions.pocket.api" = "";
161 | "extensions.pocket.oAuthConsumerKey" = "";
162 | "extensions.pocket.showHome" = false;
163 | "extensions.pocket.site" = "";
164 | # Allow copy to clipboard
165 | "dom.events.asyncClipboard.clipboardItem" = true;
166 | "trailhead.firstrun.didSeeAboutWelcome" = true;
167 | "widget.use-xdg-desktop-portal.file-picker" = 1;
168 | "widget.use-xdg-desktop-portal.location" = 1;
169 | "widget.use-xdg-desktop-portal.mime-handler" = 1;
170 | "widget.use-xdg-desktop-portal.open-uri" = 1;
171 | "widget.use-xdg-desktop-portal.settings" = 1;
172 |
173 | "privacy.donottrackheader.value" = 1;
174 | "findbar.modalHighlight" = true;
175 | "datareporting.healthreport.uploadEnabled" = false;
176 |
177 | # override fonts
178 | "font.minimum-size.x-western" = 12;
179 | "font.size.fixed.x-western" = 14;
180 | "font.size.monospace.x-western" = 14;
181 | "font.size.variable.x-western" = 14;
182 | "font.name.monospace.x-western" = "${defaultFont}";
183 | "font.name.sans-serif.x-western" = "${defaultFont}";
184 | "font.name.serif.x-western" = "${defaultFont}";
185 | "browser.display.use_document_fonts" = 0;
186 |
187 | # Disable mailto popup
188 | "network.protocol-handler.external.mailto" = false;
189 |
190 | # Don't use the built-in password manager.
191 | "signon.rememberSignons" = false;
192 | };
193 | };
194 | };
195 | };
196 | };
197 | }
198 |
--------------------------------------------------------------------------------
/modules/desktop/environment/kdeplasma.nix:
--------------------------------------------------------------------------------
1 | { inputs, ... }:
2 | {
3 | flake.modules.homeManager.desktop =
4 | { pkgs, ... }:
5 | {
6 | imports = [
7 | inputs.plasma-manager.homeManagerModules.plasma-manager
8 | ];
9 |
10 | programs.plasma = {
11 | enable = true;
12 |
13 | fonts = {
14 | fixedWidth = {
15 | family = "Aporetic Sans Mono";
16 | pointSize = 10;
17 | };
18 | general = {
19 | family = "Aporetic Sans Mono";
20 | pointSize = 10;
21 | };
22 | menu = {
23 | family = "Aporetic Sans Mono";
24 | pointSize = 10;
25 | };
26 | small = {
27 | family = "Aporetic Sans Mono";
28 | pointSize = 8;
29 | };
30 | toolbar = {
31 | family = "Aporetic Sans Mono";
32 | pointSize = 10;
33 | };
34 | windowTitle = {
35 | family = "Aporetic Sans Mono";
36 | pointSize = 10;
37 | };
38 | };
39 |
40 | input = {
41 | keyboard = {
42 | layouts = [
43 | {
44 | layout = "us";
45 | }
46 | {
47 | layout = "fr";
48 | }
49 | {
50 | layout = "be";
51 | }
52 | ];
53 | repeatDelay = 600;
54 | repeatRate = 25;
55 | };
56 | };
57 |
58 | kwin = {
59 | effects = {
60 | blur.enable = false;
61 | cube.enable = false;
62 | desktopSwitching.animation = "off";
63 | dimAdminMode.enable = false;
64 | dimInactive.enable = false;
65 | fallApart.enable = false;
66 | fps.enable = false;
67 | minimization.animation = "off";
68 | shakeCursor.enable = false;
69 | slideBack.enable = false;
70 | snapHelper.enable = false;
71 | translucency.enable = false;
72 | windowOpenClose.animation = "off";
73 | wobblyWindows.enable = false;
74 | };
75 | };
76 |
77 | panels = [
78 | {
79 | location = "bottom";
80 | hiding = "none";
81 | height = 40;
82 | floating = false;
83 | widgets = [
84 | {
85 | name = "org.kde.plasma.kicker"; # or "org.kde.plasma.kickoff"
86 | config = {
87 | General = {
88 | icon = "nix-snowflake-white";
89 | };
90 | };
91 | }
92 | {
93 | name = "org.kde.plasma.taskmanager";
94 | config = {
95 | General = {
96 | fill = false;
97 | launchers = [
98 | "applications:org.kde.konsole.desktop"
99 | "applications:org.kde.dolphin.desktop"
100 | "applications:firefox.desktop"
101 | "applications:thunderbird.desktop"
102 | ];
103 | };
104 | };
105 | }
106 | {
107 | name = "org.kde.plasma.panelspacer";
108 | config = {
109 | expanding = true;
110 | };
111 | }
112 | {
113 | name = "org.kde.plasma.pager";
114 | config = {
115 | General.displayedText = "Name";
116 | };
117 | }
118 | {
119 | name = "org.kde.plasma.panelspacer";
120 | config = {
121 | expanding = false;
122 | };
123 | }
124 | {
125 | systemTray.items = {
126 | hidden = [
127 | "org.kde.plasma.clipboard"
128 | "Yakuake"
129 | "KGpg"
130 | "Wallet Manager"
131 | ];
132 | shown = [
133 | "org.kde.plasma.bluetooth"
134 | "org.kde.plasma.keyboardlayout"
135 | "org.kde.plasma.volume"
136 | "org.kde.plasma.brightness"
137 | "org.kde.plasma.battery"
138 | "org.kde.plasma.weather"
139 | "org.kde.plasma.networkmanagement"
140 | "org.kde.kdeconnect"
141 | ];
142 | };
143 | }
144 | {
145 | name = "org.kde.plasma.digitalclock";
146 | config = {
147 | Appearance = {
148 | use24hFormat = true;
149 | };
150 | };
151 | }
152 | "org.kde.plasma.showdesktop"
153 | ];
154 | }
155 | ];
156 |
157 | workspace = {
158 | enableMiddleClickPaste = true;
159 | clickItemTo = "select";
160 | colorScheme = "BreezeDark";
161 | splashScreen.engine = "none";
162 | splashScreen.theme = "none";
163 | tooltipDelay = 1;
164 | wallpaper = ../../../files/home/pol/Pictures/Backgrounds/Starry_Nebula_219.png;
165 | };
166 |
167 | desktop = {
168 | icons = {
169 | arrangement = "leftToRight";
170 | alignment = "left";
171 | };
172 | };
173 |
174 | shortcuts = {
175 | yakuake = {
176 | toggle-window-state = "Meta+Space";
177 | };
178 | };
179 |
180 | powerdevil = {
181 | general.pausePlayersOnSuspend = true;
182 |
183 | AC = {
184 | dimKeyboard.enable = true;
185 | displayBrightness = 50;
186 | keyboardBrightness = 30;
187 | inhibitLidActionWhenExternalMonitorConnected = true;
188 | powerProfile = "performance";
189 | autoSuspend = {
190 | idleTimeout = 1800;
191 | };
192 | turnOffDisplay = {
193 | idleTimeout = 600;
194 | };
195 | };
196 |
197 | battery = {
198 | dimKeyboard.enable = true;
199 | displayBrightness = 10;
200 | keyboardBrightness = 0;
201 | powerProfile = "powerSaving";
202 | dimDisplay = {
203 | enable = true;
204 | idleTimeout = 60;
205 | };
206 | turnOffDisplay = {
207 | idleTimeout = 120;
208 | };
209 | autoSuspend = {
210 | action = "sleep";
211 | idleTimeout = 140;
212 | };
213 | };
214 |
215 | batteryLevels = {
216 | lowLevel = 20;
217 | criticalLevel = 5;
218 | };
219 | };
220 |
221 | configFile = {
222 | # Not working yet
223 | # See: https://github.com/nix-community/plasma-manager/issues/539
224 | # kactivitymanagerd-statsrc =
225 | # let
226 | # appList = [
227 | # "applications:element.desktop"
228 | # "applications:ec-teams.desktop"
229 | # "applications:firefox.desktop"
230 | # "applications:google-protonmail.desktop"
231 | # "applications:dev.zed.Zed.desktop"
232 | # "applications:code.desktop"
233 | # "applications:signal.desktop"
234 | # "applications:thunderbird.desktop"
235 | # "applications:et-fr-beginner-xps.desktop"
236 | # ];
237 | # in
238 | # {
239 | # "Favorites-org.kde.plasma.kickoff.favorites.instance-3-global" = {
240 | # ordering = lib.concatStringsSep "," appList;
241 | # };
242 | # };
243 |
244 | kdeglobals = {
245 | "KFileDialog Settings" = {
246 | "Sort directories first" = true;
247 | "Show Speedbar" = true;
248 | "View Style" = "DetailTree";
249 | "Show Inline Previews" = true;
250 | "Breadcrumb Navigation" = true;
251 | };
252 | };
253 |
254 | klaunchrc = {
255 | BusyCursorSettings = {
256 | Bouncing = false;
257 | };
258 | FeedbackStyle = {
259 | BusyCursor = false;
260 | };
261 | };
262 |
263 | kscreenlockerrc = {
264 | Daemon = {
265 | Timeout = 15;
266 | };
267 | };
268 |
269 | kwalletrc = {
270 | Wallet = {
271 | Enabled = true;
272 | "First Use" = false;
273 | "Close When Idle" = false;
274 | "Close on Screensaver" = false;
275 | "Leave Open" = true;
276 | "Prompt on Open" = false;
277 | };
278 | "org.freedesktop.secrets"."apiEnabled" = true;
279 | };
280 |
281 | kwinrc = {
282 | Desktops = {
283 | Number = "1";
284 | };
285 |
286 | EdgeBarrier = {
287 | CornerBarrier = "false";
288 | EdgeBarrier = "0";
289 | };
290 | };
291 |
292 | plasma-localerc = {
293 | Formats = {
294 | LANG = "en_US.UTF-8";
295 | };
296 | };
297 |
298 | plasmarc = {
299 | PlasmaToolTips = {
300 | Delay = 1;
301 | };
302 | Theme = {
303 | name = "breeze-dark";
304 | };
305 | };
306 |
307 | yakuakerc = {
308 | Dialogs = {
309 | FirstRun = false;
310 | };
311 | Window = {
312 | DynamicTabTitles = true;
313 | KeepAbove = false;
314 | KeepOpen = true;
315 |
316 | ToggleToFocus = false;
317 |
318 | Height = 90;
319 | Width = 100;
320 |
321 | ShowTabBar = true;
322 | };
323 |
324 | Shortcuts = {
325 | # Creates a new session with 2x2 terminal grid
326 | new-session-quad = "Ctrl+Shift+Up";
327 |
328 | # Switches between sessions
329 | next-session = "Ctrl+Shift+Right";
330 | previous-session = "Ctrl+Shift+Left";
331 |
332 | # Switches between terminal within a session
333 | next-terminal = "Shift+Right";
334 | previous-terminal = "Shift+Left";
335 |
336 | move-session-left = "Ctrl+Left";
337 | move-session-right = "Ctrl+Right";
338 |
339 | toggle-window-state = "Meta+Space";
340 | };
341 | };
342 | };
343 | };
344 |
345 | xdg.autostart.entries = [
346 | "${pkgs.kdePackages.yakuake}/share/applications/org.kde.yakuake.desktop"
347 | ];
348 | };
349 | }
350 |
--------------------------------------------------------------------------------
/modules/dev/git/jujutsu.nix:
--------------------------------------------------------------------------------
1 | topLevel: {
2 | flake.modules = {
3 | homeManager.dev =
4 | { pkgs, config, ... }:
5 | {
6 | home.packages = [
7 | pkgs.watchman
8 | ];
9 | programs = {
10 | jujutsu = {
11 | enable = true;
12 | settings = {
13 | fsmonitor = {
14 | backend = "watchman";
15 | watchman.register-snapshot-trigger = true;
16 | };
17 |
18 | snapshot = {
19 | auto-update-stale = true;
20 | max-new-file-size = "15M";
21 | };
22 |
23 | user = {
24 | inherit (topLevel.config.flake.meta.users.${config.home.username}) name;
25 | inherit (topLevel.config.flake.meta.users.${config.home.username}) email;
26 | };
27 |
28 | ui = {
29 | default-command = "l";
30 | diff-editor = ":builtin";
31 | graph.style = "square";
32 | pager = ":builtin";
33 | show-cryptographic-signatures = true;
34 | revsets-use-glob-by-default = true;
35 | };
36 |
37 | git = {
38 | private-commits = "description(glob:'wip:*') | description(glob:'private:*')";
39 | fetch = [
40 | "origin"
41 | ];
42 | write-change-id-header = true;
43 | };
44 |
45 | remotes = {
46 | origin = {
47 | auto-track-bookmarks = "glob:*";
48 | };
49 | };
50 |
51 | revset-aliases = {
52 | "immutable_heads()" = "trunk() | tags() | remote_bookmarks(remote=origin)";
53 | "closest_bookmark(to)" = "heads(::to & bookmarks())";
54 | "closest_pushable(to)" =
55 | "heads(::to & mutable() & ~description(exact:\"\") & (~empty() | merges()))";
56 | # Source: https://github.com/bryceberger/config/blob/38c6caf0823517b5423b2ca2a25f7fd79d445e0e/home/jj/config.toml
57 | "mine()" = "author(exact:'@name@') | author(exact:'@email@')";
58 | "wip()" = "description(glob:'wip:*')";
59 | "private()" = "description(glob:'private:*')";
60 | "stack()" = "ancestors(mutable() & (..@ | @::), 2)";
61 | "stack(x)" = "ancestors(mutable() & (..x | x::), 2)";
62 | "stack(x, n)" = "ancestors(mutable() & (..x | x::), n)";
63 | "streams()" = "heads(::@ & bookmarks())";
64 | "streams(x)" = "heads(::x & bookmarks())";
65 | "base_point(x)" = "heads(immutable_heads() & ::x)";
66 | "open()" = "stack(trunk().. & mine(), 2)";
67 | "open(n)" = "stack(trunk().. & mine(), n)";
68 | "why_immutable(r)" = "(r & immutable()) | roots(r:: & immutable_heads())";
69 | };
70 |
71 | revsets = {
72 | log = ''
73 | none()
74 | | base_point(@)
75 | | ancestors(@, 10) & trunk()..@
76 | | trunk()
77 | | bookmarks()
78 | | mutable() & visible_heads()
79 | | fork_point(mutable() & visible_heads())
80 | | (mutable() & merges())-
81 | '';
82 | short-prefixes = "stack(@)";
83 | };
84 |
85 | template-aliases = {
86 | "link(target, text)" =
87 | ''raw_escape_sequence("\x1b]8;;" ++ target ++ "\x1b\\") ++ label("text link", text) ++ raw_escape_sequence("\x1b]8;;\x1b\\")'';
88 | "italic(text)" = ''raw_escape_sequence("\x1b[3m") ++ text ++ raw_escape_sequence("\x1b[23m")'';
89 | "dim(text)" = ''raw_escape_sequence("\x1b[2m") ++ text ++ raw_escape_sequence("\x1b[22m")'';
90 |
91 | "commit_description_verbose(commit)" = ''
92 | concat(
93 | commit_description(commit),
94 | "JJ: ignore-rest\n",
95 | diff.git(),
96 | )
97 | '';
98 | "commit_description(commit)" = ''
99 | concat(
100 | commit.description(), "\n",
101 | "JJ: This commit contains the following changes:\n",
102 | indent("JJ: ", diff.stat(72)),
103 | )
104 | '';
105 |
106 | annotate_header = ''
107 | if(first_line_in_hunk, surround("\n", "\n", separate("\n",
108 | separate(" ",
109 | format_short_change_id_with_hidden_and_divergent_info(commit),
110 | format_short_id(commit.commit_id()),
111 | format_short_cryptographic_signature(commit.signature()),
112 | commit.description().first_line(),
113 | ),
114 | commit_timestamp(commit).local().format('%Y-%m-%d %H:%M:%S')
115 | ++ " "
116 | ++ commit.author(),
117 | ))) ++ pad_start(4, line_number) ++ ": " ++ content
118 | '';
119 |
120 | # 00000000 ........ yyyy-mm-dd HH:MM:SS 1:
121 | annotate = ''
122 | if(first_line_in_hunk,
123 | separate(" ",
124 | format_short_id(commit.change_id()),
125 | pad_end(8, truncate_end(8, commit.author().email().local())),
126 | commit_timestamp(commit).local().format('%Y-%m-%d %H:%M:%S'),
127 | ),
128 | pad_end(37, ""),
129 | ) ++ pad_start(4, line_number) ++ ": " ++ content
130 | '';
131 |
132 | "format_commit_info(commit)" = ''
133 | separate(" ",
134 | format_short_change_id_with_hidden_and_divergent_info(commit),
135 | format_short_id(commit.commit_id()),
136 | format_short_cryptographic_signature(commit.signature()),
137 | )'';
138 |
139 | "format_commit_bookmarks(commit)" = ''
140 | separate(" ",
141 | commit.working_copies(),
142 | commit.tags(),
143 | commit.bookmarks(),
144 | )'';
145 |
146 | "format_description(commit)" = ''
147 | separate(" ",
148 | if(empty, label("empty", "(empty)")),
149 | coalesce(
150 | if(commit.description(),
151 | truncate_end(48, commit.description().first_line(), " [...]"),
152 | if(!empty, label("description placeholder", "(no description)")),
153 | )
154 | )
155 | )'';
156 |
157 | "format_author(commit)" = ''
158 | separate(" ",
159 | commit.author().email(),
160 | commit.author().name(),
161 | )
162 | '';
163 |
164 | "format_commit_date(commit)" = ''
165 | separate(" ",
166 | commit_timestamp(commit).local().format('%Y-%m-%d %H:%M:%S'),
167 | )
168 | '';
169 |
170 | default_log = ''
171 | separate(" ",
172 | format_commit_info(self),
173 | format_commit_bookmarks(self),
174 | format_description(self),
175 | format_author(self),
176 | format_commit_date(self),
177 | )'';
178 | };
179 |
180 | templates = {
181 | draft_commit_description = "commit_description(self)";
182 |
183 | file_annotate = "annotate_header";
184 |
185 | log = "default_log";
186 | log_node = ''
187 | label("node", coalesce(
188 | if(!self, label("elided", "~")),
189 | label(
190 | separate(" ",
191 | if(current_working_copy, "working_copy"),
192 | if(conflict, "conflict"),
193 | if(immutable, "immutable"),
194 | if(description.starts_with("wip:"), "wip"),
195 | if(description.starts_with("private:"), "wip"),
196 | ),
197 | coalesce(
198 | if(current_working_copy, "@"),
199 | if(conflict, "x"),
200 | if(immutable, "◆"),
201 | if(description.starts_with("wip:"), "!"),
202 | if(description.starts_with("private:"), "◇"),
203 | "○",
204 | )
205 | )
206 | ))
207 | '';
208 | };
209 |
210 | aliases = {
211 | tug = [
212 | "bookmark"
213 | "move"
214 | "--from"
215 | "closest_bookmark(@)"
216 | "--to"
217 | "closest_pushable(@)"
218 | ];
219 | ds = [
220 | "diff"
221 | "--stat"
222 | ];
223 | dv = [
224 | "--config=templates.draft_commit_description=commit_description_verbose(self)"
225 | "describe"
226 | ];
227 | # Too slow - TODO investigate why
228 | # l = ["log" "-T" "builtin_log_compact"];
229 | # ll = ["log" "-T" "builtin_log_detailed"];
230 | l = [
231 | "log"
232 | "-r"
233 | "all()"
234 | ];
235 | ll = [
236 | "log"
237 | "-r"
238 | "all()"
239 | "-T"
240 | "builtin_log_detailed"
241 | ];
242 | xl = [
243 | "log"
244 | "-T"
245 | "builtin_log_detailed"
246 | ];
247 | evolve = [
248 | "rebase"
249 | "--skip-empty"
250 | "-d"
251 | "main"
252 | ];
253 | streams = [
254 | "log"
255 | "--no-graph"
256 | "-r"
257 | "streams()"
258 | "-T"
259 | "bookmarks.map(|b| b ++ ' ')"
260 | ];
261 | open = [
262 | "log"
263 | "-r"
264 | "open()"
265 | ];
266 | stack = [
267 | "log"
268 | "-r"
269 | "stack()"
270 | ];
271 | s = [ "stack" ];
272 | yank = [
273 | "rebase"
274 | "--skip-emptied"
275 | "-s"
276 | "all:roots(mutable() & mine())"
277 | "-d"
278 | "trunk()"
279 | ];
280 | };
281 | };
282 | };
283 | };
284 | };
285 | };
286 | }
287 |
--------------------------------------------------------------------------------
/modules/dev/git/git.nix:
--------------------------------------------------------------------------------
1 | topLevel: {
2 | flake.modules = {
3 | homeManager.dev =
4 | { config, ... }:
5 | {
6 | programs = {
7 | git = {
8 | enable = true;
9 | ignores = [
10 | ".direnv/"
11 | "result"
12 | ];
13 | settings = {
14 | user = {
15 | inherit (topLevel.config.flake.meta.users.${config.home.username}) name;
16 | inherit (topLevel.config.flake.meta.users.${config.home.username}) email;
17 | };
18 | branch = {
19 | autosetuprebase = "always";
20 | };
21 | color = {
22 | ui = "auto";
23 | };
24 | core = {
25 | autocrlf = "input";
26 | editor = "micro";
27 | safecrlf = "warn";
28 | excludesfile = "~/.gitignore_global";
29 | };
30 | diff = {
31 | mnemonicprefix = true;
32 | };
33 | include = {
34 | path = "~/.gitconfig.local";
35 | };
36 | init = {
37 | defaultBranch = "main";
38 | };
39 | merge = {
40 | conflictstyle = "diff3";
41 | commit = "no";
42 | ff = "no";
43 | tool = "splice";
44 | };
45 | push = {
46 | autoSetupRemote = true;
47 | default = "current";
48 | };
49 | pull = {
50 | default = "matching";
51 | autoSetupRemote = true;
52 | rebase = true;
53 | useForceIfIncludes = true;
54 | };
55 | rebase = {
56 | autostash = true;
57 | autosquash = true;
58 | instructionFormat = "(%an <%ae>) %s";
59 | updateRefs = true;
60 | };
61 | rerere = {
62 | enabled = true;
63 | };
64 | sequence = {
65 | editor = "code --wait";
66 | };
67 | signing = {
68 | signByDefault = true;
69 | inherit (topLevel.config.flake.meta.users.${config.home.username}) key;
70 | };
71 | commit = {
72 | gpgsign = true;
73 | };
74 | alias = {
75 | ll = "log --stat --abbrev-commit";
76 | co = "checkout";
77 | patch = "format-patch --stdout HEAD~1";
78 | rpatch = "reset --hard HEAD~1";
79 | lgg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
80 | lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
81 | lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
82 | clb = "!/home/user/bin/git-clean-local-branches";
83 | pf = "push --force-with-lease";
84 | rewrite = "rebase - x 'git commit - -amend - C HEAD - -date=\"$(date -R)\" && sleep 1.05'";
85 | # From https://gist.github.com/pksunkara/988716
86 | a = "add --all";
87 | ai = "add -i";
88 | #############
89 | ap = "apply";
90 | as = "apply --stat";
91 | ac = "apply --check";
92 | #############
93 | ama = "am --abort";
94 | amr = "am --resolved";
95 | ams = "am --skip";
96 | #############
97 | b = "branch";
98 | ba = "branch -a";
99 | bd = "branch -d";
100 | bdd = "branch -D";
101 | br = "branch -r";
102 | bc = "rev-parse --abbrev-ref HEAD";
103 | bu = ''!git rev-parse --abbrev-ref --symbolic-full-name "@{u}"'';
104 | recent-branches = "branch --sort=-committerdate";
105 | #############
106 | c = "commit";
107 | ca = "commit -a";
108 | cm = "commit -m";
109 | cam = "commit -am";
110 | cem = "commit --allow-empty -m";
111 | cd = "commit --amend";
112 | cad = "commit -a --amend";
113 | ced = "commit --allow-empty --amend";
114 | #############
115 | cl = "clone";
116 | cld = "clone --depth 1";
117 | clg = "!sh -c 'git clone git://github.com/$1 $(basename $1)' -";
118 | clgp = "!sh -c 'git clone git@github.com:$(git config --get user.username)/$1 $1' -";
119 | #############
120 | co-pr = "!sh -c 'git fetch origin refs/pull/$1/head:pull/$1 && git checkout pull/$1' -";
121 | cp = "cherry-pick";
122 | cpa = "cherry-pick --abort";
123 | cpc = "cherry-pick --continue";
124 | #############
125 | d = "diff";
126 | dp = "diff --patience";
127 | dc = "diff --cached";
128 | dk = "diff --check";
129 | dck = "diff --cached --check";
130 | dt = "difftool";
131 | dct = "difftool --cached";
132 | #############
133 | f = "fetch";
134 | fo = "fetch origin";
135 | fu = "fetch upstream";
136 | #############
137 | fp = "format-patch";
138 | #############
139 | fk = "fsck";
140 | #############
141 | g = "grep -p";
142 | #############
143 | l = "log --oneline";
144 | lg = "log --oneline --graph --decorate";
145 | #############
146 | ls = "ls-files";
147 | lsf = "!git ls-files | grep -i";
148 | #############
149 | m = "merge";
150 | ma = "merge --abort";
151 | mc = "merge --continue";
152 | ms = "merge --skip";
153 | #############
154 | o = "checkout";
155 | ob = "checkout -b";
156 | #############
157 | pr = "prune -v";
158 | #############
159 | ps = "push";
160 | psf = "push -f";
161 | psu = "push -u";
162 | pst = "push --tags";
163 | #############
164 | pso = "push origin";
165 | psao = "push --all origin";
166 | psfo = "push -f origin";
167 | psuo = "push -u origin";
168 | #############
169 | psom = "push origin master";
170 | psaom = "push --all origin master";
171 | psfom = "push -f origin master";
172 | psuom = "push -u origin master";
173 | psoc = "!git push origin $(git bc)";
174 | psaoc = "!git push --all origin $(git bc)";
175 | psfoc = "!git push -f origin $(git bc)";
176 | psuoc = "!git push -u origin $(git bc)";
177 | psdc = "!git push origin :$(git bc)";
178 | #############
179 | pl = "pull";
180 | pb = "pull --rebase";
181 | #############
182 | plo = "pull origin";
183 | pbo = "pull --rebase origin";
184 | plom = "pull origin master";
185 | ploc = "!git pull origin $(git bc)";
186 | pbom = "pull --rebase origin master";
187 | pboc = "!git pull --rebase origin $(git bc)";
188 | #############
189 | plu = "pull upstream";
190 | plum = "pull upstream master";
191 | pluc = "!git pull upstream $(git bc)";
192 | pbum = "pull --rebase upstream master";
193 | pbuc = "!git pull --rebase upstream $(git bc)";
194 | #############
195 | rb = "rebase";
196 | rba = "rebase --abort";
197 | rbc = "rebase --continue";
198 | rbi = "rebase --interactive";
199 | rbs = "rebase --skip";
200 | #############
201 | re = "reset";
202 | rh = "reset HEAD";
203 | reh = "reset --hard";
204 | rem = "reset --mixed";
205 | res = "reset --soft";
206 | rehh = "reset --hard HEAD";
207 | remh = "reset --mixed HEAD";
208 | resh = "reset --soft HEAD";
209 | #############
210 | r = "remote";
211 | ra = "remote add";
212 | rr = "remote rm";
213 | rv = "remote -v";
214 | rn = "remote rename";
215 | rp = "remote prune";
216 | rs = "remote show";
217 | rao = "remote add origin";
218 | rau = "remote add upstream";
219 | rro = "remote remove origin";
220 | rru = "remote remove upstream";
221 | rso = "remote show origin";
222 | rsu = "remote show upstream";
223 | rpo = "remote prune origin";
224 | rpu = "remote prune upstream";
225 | #############
226 | rmf = "rm -f";
227 | rmrf = "rm -r -f";
228 | #############
229 | s = "status";
230 | sb = "status -s -b";
231 | #############
232 | sa = "stash apply";
233 | sc = "stash clear";
234 | sd = "stash drop";
235 | sl = "stash list";
236 | sp = "stash pop";
237 | ss = "stash save";
238 | ssk = "stash save -k";
239 | sw = "stash show";
240 | st = "!git stash list | wc -l 2>/dev/null | grep -oEi '[0-9][0-9]*'";
241 | #############
242 | t = "tag";
243 | td = "tag -d";
244 | #############
245 | w = "show";
246 | wp = "show -p";
247 | wr = "show -p --no-color";
248 | #############
249 | subadd = "!sh -c 'git submodule add git://github.com/$1 $2/$(basename $1)' -";
250 | subup = "submodule update --init --recursive";
251 | subpull = "!git submodule foreach git pull --tags origin master";
252 | #############
253 | assume = "update-index --assume-unchanged";
254 | unassume = "update-index --no-assume-unchanged";
255 | assumed = "!git ls -v | grep ^h | cut -c 3-";
256 | unassumeall = "!git assumed | xargs git unassume";
257 | assumeall = "!git status -s | awk {'print $2'} | xargs git assume";
258 | #############
259 | bump = ''!sh -c 'git commit -am "Version bump v$1" && git psuoc && git release $1' -'';
260 | release = "!sh -c 'git tag v$1 && git pst' -";
261 | unrelease = "!sh -c 'git tag -d v$1 && git pso :v$1' -";
262 | merged = "!sh -c 'git o master && git plom && git bd $1 && git rpo' -";
263 | aliases = "!git config -l | grep alias | cut -c 7-";
264 | snap = "!git stash save 'snapshot = $(date)' && git stash apply 'stash@{0}'";
265 | bare = "!sh -c 'git symbolic-ref HEAD refs/heads/$1 && git rm --cached -r . && git clean -xfd' -";
266 | whois = ''!sh -c 'git log -i -1 --author="$1" --pretty="format:%an <%ae>"' -'';
267 | serve = "daemon --reuseaddr --verbose --base-path=. --export-all ./.git";
268 | #############
269 | behind = "!git rev-list --left-only --count $(git bu)...HEAD";
270 | ahead = "!git rev-list --right-only --count $(git bu)...HEAD";
271 | #############
272 | ours = "!f() { git checkout --ours $@ && git add $@; }; f";
273 | theirs = "!f() { git checkout --theirs $@ && git add $@; }; f";
274 | subrepo = "!sh -c 'git filter-branch --prune-empty --subdirectory-filter $1 master' -";
275 | human = "name-rev --name-only --refs=refs/heads/*";
276 | };
277 | };
278 | };
279 | };
280 | };
281 | };
282 | }
283 |
--------------------------------------------------------------------------------