├── .envrc ├── .gitattributes ├── .gitignore ├── .sops.yaml ├── README.md ├── flake.lock ├── flake.nix ├── home-managers ├── default.nix ├── qubes │ ├── code │ │ └── home.nix │ └── default.nix └── run.sh ├── hosts ├── darwins │ ├── default.nix │ ├── poseidon │ │ ├── darwin.nix │ │ └── home.nix │ ├── run.sh │ └── saturn │ │ ├── darwin.nix │ │ └── home.nix ├── default.nix └── nixoses │ ├── default.nix │ ├── hades │ ├── hardware-configuration.nix │ ├── home.nix │ ├── nixos.nix │ ├── secrets.sops.yaml │ ├── win10.nix │ └── win10.xml │ ├── hercules │ ├── README.md │ ├── hardware-configuration.nix │ ├── home.nix │ ├── nixos.nix │ ├── nvidia.nix │ ├── secrets.sops.yaml │ └── spectrum.nix │ ├── kore │ ├── hardware-configuration.nix │ ├── mjpg-streamer.nix │ ├── nixos.nix │ └── secrets.sops.yaml │ ├── laptop-cluster │ ├── laptop-server-x86-1 │ │ ├── hardware-configuration.nix │ │ ├── nixos.nix │ │ └── secrets.sops.yaml │ ├── laptop-server-x86-2 │ │ ├── hardware-configuration.nix │ │ └── nixos.nix │ ├── laptop-server-x86-3 │ │ ├── hardware-configuration.nix │ │ └── nixos.nix │ └── laptop-server-x86-4 │ │ ├── hardware-configuration.nix │ │ └── nixos.nix │ ├── prometheus │ ├── containers.nix │ ├── hardware-configuration.nix │ ├── k3s.nix │ ├── nixos.nix │ └── unifi.nix │ ├── run.sh │ ├── saturn-nixos-vm │ ├── hardware-configuration.nix │ ├── home.nix │ ├── nixos.nix │ └── secrets.sops.yaml │ └── zeus │ ├── README.md │ ├── hardware-configuration.nix │ ├── home.nix │ └── nixos.nix ├── lib └── mk-flake.nix ├── modules ├── default.nix ├── hardware │ ├── onlykey │ │ ├── default.nix │ │ ├── home.nix │ │ ├── nixos.nix │ │ └── secrets.sops.yaml │ └── yubikey │ │ ├── default.nix │ │ ├── home.nix │ │ └── nixos.nix ├── list.nix ├── programs │ ├── aidente │ │ ├── darwin.nix │ │ └── default.nix │ ├── android.nix │ ├── autorandr.nix │ ├── brave.nix │ ├── chromium │ │ ├── default.nix │ │ ├── home.nix │ │ ├── nixos.nix │ │ └── surfingkeys.js │ ├── dbeaver │ │ ├── credentials-config.json.sops │ │ ├── data-sources.json.sops │ │ ├── default.nix │ │ ├── home.nix │ │ └── nixos.nix │ ├── fzf │ │ └── default.nix │ ├── git │ │ └── default.nix │ ├── iterm2 │ │ ├── darwin.nix │ │ ├── default.nix │ │ └── home-manager.nix │ ├── mosh │ │ └── default.nix │ ├── neovim │ │ ├── common-home.nix │ │ ├── darwin-darwin.nix │ │ ├── darwin.nix │ │ ├── default.nix │ │ ├── linux.nix │ │ ├── nixos-nixos.nix │ │ ├── nixos.nix │ │ └── qubes.nix │ ├── pet │ │ ├── default.nix │ │ └── home.nix │ ├── rofi │ │ ├── default.nix │ │ └── home.nix │ ├── ssh │ │ └── default.nix │ ├── starship.nix │ ├── termite.nix │ ├── tmux │ │ └── default.nix │ ├── weechat │ │ ├── config │ │ │ ├── alias.conf │ │ │ ├── autosort.conf │ │ │ ├── buffer_autoset.conf │ │ │ ├── buflist.conf │ │ │ ├── certs │ │ │ │ ├── freenode.pem │ │ │ │ └── freenode.pem.sops │ │ │ ├── charset.conf │ │ │ ├── colorize_nicks.conf │ │ │ ├── exec.conf │ │ │ ├── fifo.conf │ │ │ ├── fset.conf │ │ │ ├── guile.conf │ │ │ ├── irc.conf │ │ │ ├── irc.conf.sops │ │ │ ├── logger.conf │ │ │ ├── lua.conf │ │ │ ├── perl.conf │ │ │ ├── perl │ │ │ │ ├── autoload │ │ │ │ │ ├── highmon.pl │ │ │ │ │ └── perlexec.pl │ │ │ │ ├── highmon.pl │ │ │ │ └── perlexec.pl │ │ │ ├── plugins.conf │ │ │ ├── python.conf │ │ │ ├── python │ │ │ │ ├── autojoinem.py │ │ │ │ ├── autoload │ │ │ │ │ ├── autojoinem.py │ │ │ │ │ ├── autosort.py │ │ │ │ │ ├── buffer_autoset.py │ │ │ │ │ ├── colorize_nicks.py │ │ │ │ │ ├── go.py │ │ │ │ │ ├── grep.py │ │ │ │ │ ├── notify_send.py │ │ │ │ │ ├── styurl.py │ │ │ │ │ ├── text_item.py │ │ │ │ │ ├── urlserver.py │ │ │ │ │ └── zerotab.py │ │ │ │ ├── autosort.py │ │ │ │ ├── buffer_autoclose.py │ │ │ │ ├── buffer_autoset.py │ │ │ │ ├── colorize_nicks.py │ │ │ │ ├── go.py │ │ │ │ ├── grep.py │ │ │ │ ├── notify_send.py │ │ │ │ ├── styurl.py │ │ │ │ ├── text_item.py │ │ │ │ ├── urlserver.py │ │ │ │ └── zerotab.py │ │ │ ├── relay.conf │ │ │ ├── ruby.conf │ │ │ ├── script.conf │ │ │ ├── sec.conf │ │ │ ├── sec.conf.sops │ │ │ ├── spell.conf │ │ │ ├── tcl.conf │ │ │ ├── trigger.conf │ │ │ ├── urlcolor_regexes.txt │ │ │ ├── urlgrab.conf │ │ │ ├── weechat-color-settings.png │ │ │ ├── weechat.conf │ │ │ └── xfer.conf │ │ ├── default.nix │ │ └── secrets.sops.yaml │ ├── wezterm │ │ ├── default.nix │ │ └── wezterm.lua │ └── zsh │ │ ├── default.nix │ │ ├── init-extra.zsh │ │ └── plugins │ │ └── functions │ │ ├── _sp │ │ ├── alias_function │ │ ├── check_root │ │ ├── debug │ │ ├── emulate_all_archs │ │ ├── functions.plugin.zsh │ │ ├── gcim │ │ ├── have │ │ ├── in_array │ │ ├── is_false │ │ ├── is_func │ │ ├── is_number │ │ ├── is_true │ │ ├── jsonpp │ │ ├── jspp │ │ ├── mkfs.enc │ │ ├── mkmine │ │ ├── mount.enc │ │ ├── need_root │ │ ├── nixos-start-vm │ │ ├── open_tunnel │ │ ├── pathappend │ │ ├── pathprepend │ │ ├── pathunmunge │ │ ├── pet_prev │ │ ├── print_error │ │ ├── print_info │ │ ├── print_warning │ │ ├── prompt │ │ ├── register_u2f │ │ ├── s │ │ ├── sapg │ │ ├── scprsa │ │ ├── sp │ │ ├── strip_ansi │ │ ├── swap │ │ ├── ugroups │ │ ├── ulimit_usage │ │ ├── umount.enc │ │ ├── vim_clean_swap │ │ └── xmlpp ├── services │ ├── borders │ │ ├── darwin.nix │ │ ├── default.nix │ │ └── home-manager.nix │ ├── dnsmasq │ │ └── default.nix │ ├── iscsid.nix │ ├── k3s │ │ ├── default.nix │ │ ├── longhorn-support.nix │ │ ├── nfs-support.nix │ │ ├── nixos.nix │ │ └── secrets.sops.yaml │ ├── nextcloud │ │ ├── default.nix │ │ ├── nextcloud.nasreddine.com.crt │ │ ├── nextcloud.nasreddine.com.key.sops │ │ └── secrets.sops.yaml │ ├── sketchybar │ │ ├── darwin.nix │ │ ├── default.nix │ │ ├── home-manager.nix │ │ └── src │ │ │ ├── config-dir │ │ │ ├── colors.sh │ │ │ ├── icons.sh │ │ │ ├── items │ │ │ │ ├── apple.sh │ │ │ │ ├── battery.sh │ │ │ │ ├── brew.sh │ │ │ │ ├── calendar.sh │ │ │ │ ├── cpu.sh │ │ │ │ ├── front_app.sh │ │ │ │ ├── github.sh │ │ │ │ ├── media.sh │ │ │ │ ├── spaces.sh │ │ │ │ ├── spotify.sh │ │ │ │ ├── volume.sh │ │ │ │ ├── wifi.sh │ │ │ │ └── yabai.sh │ │ │ └── plugins │ │ │ │ ├── battery.sh │ │ │ │ ├── brew.sh │ │ │ │ ├── calendar.sh │ │ │ │ ├── front_app.sh │ │ │ │ ├── github.sh │ │ │ │ ├── icon_map.sh │ │ │ │ ├── media.sh │ │ │ │ ├── space.sh │ │ │ │ ├── space_windows.sh │ │ │ │ ├── spotify.sh │ │ │ │ ├── volume.sh │ │ │ │ ├── volume_click.sh │ │ │ │ ├── wifi.sh │ │ │ │ ├── yabai.sh │ │ │ │ └── zen.sh │ │ │ └── helper │ │ │ ├── cpu.h │ │ │ ├── helper.c │ │ │ ├── makefile │ │ │ └── sketchybar.h │ ├── skhd │ │ ├── darwin.nix │ │ └── default.nix │ ├── sleep-on-lan │ │ ├── default.nix │ │ ├── nixos.nix │ │ └── secrets.sops.yaml │ ├── x11 │ │ └── window-managers │ │ │ └── i3.nix │ └── yabai │ │ ├── darwin.nix │ │ └── default.nix └── settings │ ├── fonts │ └── default.nix │ ├── gtk │ └── default.nix │ ├── home-manager │ └── default.nix │ ├── keyboard │ └── default.nix │ ├── networking │ ├── default.nix │ └── nextdns.nix │ ├── nix │ ├── default.nix │ ├── distributed-builds │ │ ├── darwin.nix │ │ ├── default.nix │ │ ├── home.nix │ │ ├── nixos.nix │ │ └── secrets.sops.yaml │ └── secrets.sops.yaml │ └── users │ ├── darwin.nix │ ├── default.nix │ └── nixos.nix ├── mysoxin ├── default.nix ├── hardware │ ├── fwupd.nix │ ├── intel-backlight.nix │ ├── lowbatt.nix │ ├── serial_console.nix │ ├── sound.nix │ └── zsa │ │ ├── default.nix │ │ ├── home.nix │ │ └── nixos.nix ├── list.nix ├── services │ ├── caffeine.nix │ ├── dunst.nix │ ├── networking │ │ ├── networkmanager.nix │ │ └── ssh │ │ │ └── sshd.nix │ ├── printing.nix │ └── x11 │ │ ├── window-managers │ │ ├── bar │ │ │ ├── default.nix │ │ │ ├── polybar-spotify-script.py │ │ │ └── polybar.lib.nix │ │ └── i3 │ │ │ ├── default.nix │ │ │ └── i3-config.lib.nix │ │ └── xserver.nix ├── soxin.nix └── virtualisation │ ├── docker │ ├── darwin.nix │ ├── default.nix │ └── nixos.nix │ ├── libvirtd.nix │ └── virtualbox.nix ├── os-specific └── darwin │ └── setup.sh ├── overlays └── default.nix ├── pkgs └── default.nix ├── profiles ├── cluster │ ├── default.nix │ └── laptop │ │ ├── common │ │ ├── default.nix │ │ └── nixos.nix │ │ └── default.nix ├── core │ ├── darwin.nix │ ├── default.nix │ ├── home.nix │ └── nixos.nix ├── default.nix ├── list.nix ├── miniserver │ ├── default.nix │ ├── home.nix │ └── nixos.nix ├── myself │ ├── darwin.nix │ ├── default.nix │ └── nixos.nix ├── neovim │ └── default.nix ├── personal │ ├── darwin.nix │ ├── default.nix │ ├── home-darwin.nix │ ├── home-qubes.nix │ ├── home.nix │ ├── home.sops.yaml │ └── nixos.nix ├── server │ ├── default.nix │ ├── home.nix │ └── nixos.nix └── workstation │ ├── chromeos │ ├── default.nix │ └── local │ │ ├── default.nix │ │ └── home.nix │ ├── common │ ├── default.nix │ ├── home-kubernetes-client.nix │ ├── home.nix │ └── nixos.nix │ ├── darwin │ ├── default.nix │ └── local │ │ ├── darwin.nix │ │ ├── default.nix │ │ └── home.nix │ ├── default.nix │ ├── linux │ ├── default.nix │ ├── local │ │ ├── default.nix │ │ └── home.nix │ └── remote │ │ ├── default.nix │ │ └── home.nix │ ├── nixos │ ├── default.nix │ ├── local │ │ ├── default.nix │ │ ├── home.nix │ │ ├── nixos.nix │ │ └── secrets.sops.yaml │ ├── remote │ │ ├── default.nix │ │ ├── home.nix │ │ └── nixos.nix │ └── vm-guest │ │ ├── default.nix │ │ ├── home.nix │ │ └── nixos.nix │ └── qubes │ ├── default.nix │ └── local │ ├── default.nix │ ├── home.nix │ └── split-ssh.nix ├── scripts ├── hm-generation.sh ├── qube │ ├── build.sh │ ├── update.sh │ ├── user-hm-generation.service │ └── user-hm-generation.sh ├── soxin.sh ├── update-keys.sh └── utm │ └── add_disks.sh └── vars ├── assets └── default.nix ├── default.nix ├── sops-keys ├── hosts │ ├── hades.asc │ ├── kore.asc │ ├── laptop-server-x86-1.asc │ ├── laptop-server-x86-2.asc │ ├── laptop-server-x86-3.asc │ ├── laptop-server-x86-4.asc │ ├── prometheus.asc │ └── zeus.asc └── users │ └── yl@0x8EBD95DC147755A2.asc └── users ├── darwin.nix ├── default.nix └── nixos.nix /.envrc: -------------------------------------------------------------------------------- 1 | 2 | # Watch the sops-keys directory so the environment gets reloaded anytime it 3 | # changes in order to calculate the new value for SOPS_PGP_FP. 4 | watch_dir vars/sops-keys 5 | 6 | use_flake 7 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Match all files ending with .sops 2 | *.sops diff=sopsdiffer 3 | 4 | # Match all files ending with .sops.yaml except .sops.yaml itself 5 | *[a-z0-9].sops.yaml diff=sopsdiffer 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.qcow2 2 | /.pre-commit-config.yaml 3 | /result* 4 | 5 | # soxin is used as a symlink to allow me to work on both projects in one editor 6 | /soxin 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # soxincfg 2 | Soxin configuration 3 | -------------------------------------------------------------------------------- /home-managers/default.nix: -------------------------------------------------------------------------------- 1 | inputs: 2 | 3 | import ./qubes inputs 4 | -------------------------------------------------------------------------------- /home-managers/qubes/code/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | soxincfg, 4 | ... 5 | }: 6 | 7 | { 8 | imports = [ 9 | soxincfg.nixosModules.profiles.myself 10 | soxincfg.nixosModules.profiles.personal 11 | soxincfg.nixosModules.profiles.workstation.qubes.local 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /home-managers/qubes/default.nix: -------------------------------------------------------------------------------- 1 | inputs@{ 2 | self, 3 | lib ? nixpkgs.lib, 4 | nixpkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mapAttrs recursiveUpdate; 10 | 11 | # the default channel to follow. 12 | channelName = "nixpkgs"; 13 | 14 | # the hostType of the installation 15 | hostType = "qubes-os"; 16 | in 17 | mapAttrs 18 | ( 19 | n: v: 20 | recursiveUpdate { 21 | specialArgs = { 22 | inherit hostType; 23 | }; 24 | } v 25 | ) 26 | { 27 | code = 28 | let 29 | system = "x86_64-linux"; 30 | in 31 | { 32 | inherit system; 33 | 34 | modules = [ 35 | ./code/home.nix 36 | { 37 | home = { 38 | username = "user"; 39 | homeDirectory = "/home/user"; 40 | stateVersion = "24.05"; 41 | }; 42 | } 43 | ]; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /home-managers/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | readonly action="${1:-}" 6 | readonly host="${2:-$(hostname)}" 7 | 8 | if type nom &> /dev/null 9 | then 10 | BUILDER=nom 11 | else 12 | BUILDER=nix 13 | fi 14 | 15 | readonly BUILDER 16 | 17 | case "${action}" in 18 | build) 19 | >&2 echo "Building $host" 20 | 21 | $BUILDER build ".#homeConfigurations.${host}.activationPackage" --show-trace 22 | ;; 23 | switch) 24 | >&2 echo "Switching $host" 25 | 26 | $0 build "$host" 27 | ./result/activate 28 | ;; 29 | *) 30 | usage 31 | exit 1 32 | ;; 33 | esac 34 | -------------------------------------------------------------------------------- /hosts/darwins/default.nix: -------------------------------------------------------------------------------- 1 | inputs@{ 2 | self, 3 | darwin, 4 | deploy-rs, 5 | lib ? nixpkgs.lib, 6 | nixpkgs, 7 | ... 8 | }: 9 | 10 | let 11 | inherit (lib) mapAttrs recursiveUpdate; 12 | 13 | # the default channel to follow. 14 | channelName = "nixpkgs"; 15 | 16 | # the operating mode of Soxin 17 | mode = "nix-darwin"; 18 | 19 | # the hostType of the installation 20 | hostType = "nix-darwin"; 21 | in 22 | mapAttrs 23 | ( 24 | n: v: 25 | recursiveUpdate { 26 | inherit mode; 27 | 28 | specialArgs = { 29 | inherit hostType; 30 | }; 31 | } v 32 | ) 33 | { 34 | ### 35 | # aarch64-darwin 36 | ### 37 | 38 | saturn = 39 | let 40 | system = "aarch64-darwin"; 41 | in 42 | { 43 | inherit channelName system; 44 | 45 | modules = [ ./saturn/darwin.nix ]; 46 | }; 47 | 48 | ### 49 | # x86_64-darwin 50 | ### 51 | 52 | poseidon = 53 | let 54 | system = "x86_64-darwin"; 55 | in 56 | { 57 | inherit channelName system; 58 | 59 | modules = [ ./poseidon/darwin.nix ]; 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /hosts/darwins/poseidon/darwin.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | soxincfg, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) singleton; 10 | in 11 | { 12 | imports = [ 13 | soxincfg.nixosModules.profiles.myself 14 | soxincfg.nixosModules.profiles.personal 15 | soxincfg.nixosModules.profiles.workstation.darwin.local 16 | ]; 17 | 18 | # XXX: This host was created prior to changing my username to wnasreddine. 19 | soxincfg.settings.users.userName = "yl"; 20 | 21 | # load home-manager configuration 22 | # TODO: Use users.user.name once the following commit is used 23 | # https://github.com/nix-community/home-manager/commit/216690777e47aa0fb1475e4dbe2510554ce0bc4b 24 | home-manager.users."${config.soxincfg.settings.users.userName}" = import ./home.nix { 25 | inherit soxincfg; 26 | }; 27 | 28 | system.stateVersion = 5; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/darwins/poseidon/home.nix: -------------------------------------------------------------------------------- 1 | # home-manager configuration for user `yl` 2 | { soxincfg }: 3 | { 4 | config, 5 | pkgs, 6 | home-manager, 7 | ... 8 | }: 9 | 10 | { 11 | imports = [ 12 | soxincfg.nixosModules.profiles.myself 13 | soxincfg.nixosModules.profiles.personal 14 | soxincfg.nixosModules.profiles.workstation.darwin.local 15 | ]; 16 | 17 | # XXX: This host was created prior to changing my username to wnasreddine. 18 | soxincfg.settings.users.userName = "yl"; 19 | 20 | home.stateVersion = "23.05"; 21 | 22 | sops.age.keyFile = "${config.home.homeDirectory}/.local/share/soxincfg/sops/age.key"; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/darwins/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | readonly action="${1:-}" 6 | readonly host="${2:-$(hostname)}" 7 | 8 | if type nom &> /dev/null 9 | then 10 | BUILDER=nom 11 | else 12 | BUILDER=nix 13 | fi 14 | 15 | readonly BUILDER 16 | 17 | case "${action}" in 18 | build) 19 | >&2 echo "Building $host" 20 | 21 | $BUILDER build ".#darwinConfigurations.${host}.system" --show-trace 22 | ;; 23 | switch) 24 | >&2 echo "Switching $host" 25 | 26 | # steps taken from https://github.com/LnL7/nix-darwin/blob/8b6ea26d5d2e8359d06278364f41fbc4b903b28a/pkgs/nix-tools/darwin-rebuild.sh 27 | 28 | # 1. build the host 29 | "$0" build "$host" 30 | 31 | # 2. setup the profile 32 | profile=/nix/var/nix/profiles/system 33 | systemConfig="$(readlink -f result)" 34 | sudo -H nix-env -p "$profile" --set "$systemConfig" 35 | 36 | # 3. call darwin-rebuild activate 37 | ./result/sw/bin/darwin-rebuild activate 38 | ;; 39 | *) 40 | usage 41 | exit 1 42 | ;; 43 | esac 44 | -------------------------------------------------------------------------------- /hosts/darwins/saturn/darwin.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | soxincfg, 4 | ... 5 | }: 6 | 7 | { 8 | imports = [ 9 | soxincfg.nixosModules.profiles.myself 10 | soxincfg.nixosModules.profiles.personal 11 | soxincfg.nixosModules.profiles.neovim 12 | soxincfg.nixosModules.profiles.workstation.darwin.local 13 | ]; 14 | 15 | homebrew = { 16 | brews = [ 17 | "ffmpeg" # Used by Audacity to open AAC files 18 | "qemu" # QEMU backend 19 | 20 | "siderolabs/tap/talosctl" 21 | ]; 22 | 23 | casks = [ 24 | "audacity" 25 | "autodesk-fusion" 26 | "obsidian" 27 | "discord" 28 | "gimp" 29 | "orcaslicer" 30 | "proton-mail" 31 | "protonvpn" 32 | "signal" 33 | "synology-drive" 34 | "tor-browser" 35 | "utm" # QEMU frontend 36 | "visual-studio-code" 37 | "tailscale" 38 | "whatsapp" 39 | "zen" 40 | 41 | "grishka/grishka/neardrop" 42 | ]; 43 | 44 | taps = [ 45 | "grishka/grishka" 46 | "siderolabs/tap" 47 | ]; 48 | }; 49 | 50 | # Determinate systems uses its own daemon and we shouldn't let nix-darwin manage Nix 51 | nix.enable = false; 52 | 53 | # load home-manager configuration 54 | # TODO: Use users.user.name once the following commit is used 55 | # https://github.com/nix-community/home-manager/commit/216690777e47aa0fb1475e4dbe2510554ce0bc4b 56 | home-manager.users."${config.soxincfg.settings.users.userName}" = import ./home.nix { 57 | inherit soxincfg; 58 | }; 59 | 60 | system.stateVersion = 5; 61 | } 62 | -------------------------------------------------------------------------------- /hosts/darwins/saturn/home.nix: -------------------------------------------------------------------------------- 1 | { soxincfg }: 2 | { 3 | config, 4 | ... 5 | }: 6 | 7 | let 8 | homePath = config.home.homeDirectory; 9 | in 10 | { 11 | imports = [ 12 | soxincfg.nixosModules.profiles.myself 13 | soxincfg.nixosModules.profiles.personal 14 | soxincfg.nixosModules.profiles.neovim 15 | soxincfg.nixosModules.profiles.workstation.darwin.local 16 | ]; 17 | 18 | home.stateVersion = "24.11"; 19 | 20 | sops = { 21 | age.keyFile = "${homePath}/Library/Application Support/sops/age/keys.txt"; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/default.nix: -------------------------------------------------------------------------------- 1 | inputs: 2 | 3 | (import ./nixoses inputs) // (import ./darwins inputs) 4 | -------------------------------------------------------------------------------- /hosts/nixoses/hades/win10.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: 6 | with lib; 7 | let 8 | buildWindows10 = vmName: { 9 | after = [ "libvirtd.service" ]; 10 | requires = [ "libvirtd.service" ]; 11 | serviceConfig = { 12 | Type = "oneshot"; 13 | RemainAfterExit = "yes"; 14 | }; 15 | restartIfChanged = false; 16 | 17 | script = 18 | let 19 | xml = pkgs.substituteAll { 20 | src = ./win10.xml; 21 | 22 | name = vmName; 23 | admin_source_dev = "eno1"; 24 | admin_mac_address = "ea:5e:04:11:a1:a3"; 25 | wifi_source_dev = "wlp110s0"; 26 | wifi_mac_address = "f6:ae:e7:2f:7c:93"; 27 | }; 28 | 29 | in 30 | '' 31 | uuid="$(${getBin pkgs.libvirt}/bin/virsh domuuid '${vmName}' || true)" 32 | ${getBin pkgs.libvirt}/bin/virsh define <(sed "s/UUID/$uuid/" '${xml}') 33 | ${getBin pkgs.libvirt}/bin/virsh start '${vmName}' 34 | ''; 35 | 36 | preStop = '' 37 | ${getBin pkgs.libvirt}/bin/virsh shutdown '${vmName}' 38 | let "timeout = $(date +%s) + 120" 39 | while [ "$(${getBin pkgs.libvirt}/bin/virsh list --name | grep --count '^${vmName}$')" -gt 0 ]; do 40 | if [ "$(date +%s)" -ge "$timeout" ]; then 41 | # Meh, we warned it... 42 | ${getBin pkgs.libvirt}/bin/virsh destroy '${vmName}' 43 | else 44 | # The machine is still running, let's give it some time to shut down 45 | sleep 0.5 46 | fi 47 | done 48 | ''; 49 | }; 50 | in 51 | { 52 | systemd.services.libvirtd-guest-win10 = buildWindows10 "win10"; 53 | } 54 | -------------------------------------------------------------------------------- /hosts/nixoses/hercules/spectrum.nix: -------------------------------------------------------------------------------- 1 | { 2 | nix.settings.substituters = [ "https://cache.dataaturservice.se/spectrum/" ]; 3 | nix.settings.trusted-public-keys = [ 4 | "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 5 | "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU=" 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/nixoses/kore/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | ... 4 | }: 5 | 6 | { 7 | # Common firmware, i.e. for wifi cards 8 | hardware.enableRedistributableFirmware = true; 9 | 10 | boot = { 11 | # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) 12 | loader.grub.enable = false; 13 | loader.generic-extlinux-compatible = { 14 | enable = true; 15 | configurationLimit = 2; 16 | }; 17 | 18 | kernelParams = [ "console=ttyS1,115200n8" ]; 19 | }; 20 | 21 | fileSystems."/" = { 22 | device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; 23 | fsType = "ext4"; 24 | }; 25 | 26 | swapDevices = [ 27 | { 28 | device = "/var/swapfile"; 29 | size = 4096; 30 | } 31 | ]; 32 | 33 | nix.settings.max-jobs = lib.mkDefault 4; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/nixoses/kore/mjpg-streamer.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | environment.systemPackages = [ pkgs.mjpg-streamer ]; 5 | 6 | services.mjpg-streamer = { 7 | enable = true; 8 | inputPlugin = "input_uvc.so -d /dev/v4l/by-id/usb-046d_HD_Pro_Webcam_C920_CA58666F-video-index0 -n -r 1920x1080 -timeout 15"; 9 | outputPlugin = "output_http.so -p 5000"; 10 | }; 11 | 12 | networking.firewall.allowedTCPPorts = [ 5000 ]; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-1/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: 10 | 11 | { 12 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 13 | 14 | boot = { 15 | # Use the systemd-boot EFI boot loader. 16 | loader.efi.canTouchEfiVariables = true; 17 | loader.systemd-boot = { 18 | configurationLimit = 2; 19 | enable = true; 20 | }; 21 | 22 | initrd.availableKernelModules = [ 23 | "xhci_pci" 24 | "ahci" 25 | "usb_storage" 26 | "usbhid" 27 | "sd_mod" 28 | ]; 29 | initrd.kernelModules = [ ]; 30 | kernelModules = [ 31 | "kvm-intel" 32 | "wl" 33 | ]; 34 | extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; 35 | }; 36 | 37 | fileSystems = { 38 | "/" = { 39 | device = "/dev/disk/by-uuid/c7792c28-9b61-44ad-a369-fa0248fe1d15"; 40 | fsType = "ext4"; 41 | }; 42 | 43 | "/boot" = { 44 | device = "/dev/disk/by-uuid/67E3-17ED"; 45 | fsType = "vfat"; 46 | }; 47 | }; 48 | 49 | swapDevices = [ ]; 50 | 51 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 52 | # (the default) this is the recommended approach. When using systemd-networkd it's 53 | # still possible to use this option, but it's recommended to use it in conjunction 54 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 55 | networking.useDHCP = lib.mkDefault true; 56 | 57 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 58 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 59 | } 60 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-1/nixos.nix: -------------------------------------------------------------------------------- 1 | { soxincfg, ... }: 2 | 3 | { 4 | imports = [ 5 | soxincfg.nixosModules.profiles.cluster.laptop.common 6 | 7 | ./hardware-configuration.nix 8 | ]; 9 | 10 | soxincfg.services.k3s = { 11 | enable = true; 12 | role = "server"; 13 | }; 14 | 15 | # Copy the NixOS configuration file and link it from the resulting system 16 | # (/run/current-system/configuration.nix). This is useful in case you 17 | # accidentally delete configuration.nix. 18 | # system.copySystemConfiguration = true; 19 | 20 | # This option defines the first version of NixOS you have installed on this particular machine, 21 | # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 22 | # 23 | # Most users should NEVER change this value after the initial install, for any reason, 24 | # even if you've upgraded your system to a new NixOS release. 25 | # 26 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 27 | # so changing it will NOT upgrade your system. 28 | # 29 | # This value being lower than the current NixOS release does NOT mean your system is 30 | # out of date, out of support, or vulnerable. 31 | # 32 | # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 33 | # and migrated your data accordingly. 34 | # 35 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 36 | system.stateVersion = "23.11"; # Did you read the comment? 37 | } 38 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-2/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: 10 | 11 | { 12 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 13 | 14 | boot = { 15 | # Use the systemd-boot EFI boot loader. 16 | loader.efi.canTouchEfiVariables = true; 17 | loader.systemd-boot = { 18 | configurationLimit = 2; 19 | enable = true; 20 | }; 21 | 22 | initrd.availableKernelModules = [ 23 | "xhci_pci" 24 | "ahci" 25 | "usb_storage" 26 | "usbhid" 27 | "sd_mod" 28 | ]; 29 | initrd.kernelModules = [ ]; 30 | kernelModules = [ 31 | "kvm-intel" 32 | "wl" 33 | ]; 34 | extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; 35 | }; 36 | 37 | fileSystems = { 38 | "/" = { 39 | device = "/dev/disk/by-uuid/faf9efa0-e9ad-426e-ad6b-b2238dc7ee60"; 40 | fsType = "ext4"; 41 | }; 42 | 43 | "/boot" = { 44 | device = "/dev/disk/by-uuid/67E3-17ED"; 45 | fsType = "vfat"; 46 | }; 47 | }; 48 | 49 | swapDevices = [ ]; 50 | 51 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 52 | # (the default) this is the recommended approach. When using systemd-networkd it's 53 | # still possible to use this option, but it's recommended to use it in conjunction 54 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 55 | networking.useDHCP = lib.mkDefault true; 56 | 57 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 58 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 59 | } 60 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-2/nixos.nix: -------------------------------------------------------------------------------- 1 | { soxincfg, ... }: 2 | 3 | { 4 | imports = [ 5 | soxincfg.nixosModules.profiles.cluster.laptop.common 6 | 7 | ./hardware-configuration.nix 8 | ]; 9 | 10 | soxincfg.services.k3s = { 11 | enable = true; 12 | role = "server"; 13 | serverAddr = "https://192.168.50.16:6443"; 14 | }; 15 | 16 | # Copy the NixOS configuration file and link it from the resulting system 17 | # (/run/current-system/configuration.nix). This is useful in case you 18 | # accidentally delete configuration.nix. 19 | # system.copySystemConfiguration = true; 20 | 21 | # This option defines the first version of NixOS you have installed on this particular machine, 22 | # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 23 | # 24 | # Most users should NEVER change this value after the initial install, for any reason, 25 | # even if you've upgraded your system to a new NixOS release. 26 | # 27 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 28 | # so changing it will NOT upgrade your system. 29 | # 30 | # This value being lower than the current NixOS release does NOT mean your system is 31 | # out of date, out of support, or vulnerable. 32 | # 33 | # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 34 | # and migrated your data accordingly. 35 | # 36 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 37 | system.stateVersion = "23.11"; # Did you read the comment? 38 | } 39 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-3/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: 10 | 11 | { 12 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 13 | 14 | boot = { 15 | # Use the systemd-boot EFI boot loader. 16 | loader.efi.canTouchEfiVariables = true; 17 | loader.systemd-boot = { 18 | configurationLimit = 2; 19 | enable = true; 20 | }; 21 | 22 | initrd.availableKernelModules = [ 23 | "xhci_pci" 24 | "ahci" 25 | "usbhid" 26 | "usb_storage" 27 | "sd_mod" 28 | ]; 29 | initrd.kernelModules = [ ]; 30 | kernelModules = [ 31 | "kvm-intel" 32 | "wl" 33 | ]; 34 | extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; 35 | }; 36 | 37 | fileSystems."/" = { 38 | device = "/dev/disk/by-uuid/8ceba00e-3e10-44a2-b4ec-5fb11d067690"; 39 | fsType = "ext4"; 40 | }; 41 | 42 | fileSystems."/boot" = { 43 | device = "/dev/disk/by-uuid/9CAE-B63A"; 44 | fsType = "vfat"; 45 | }; 46 | 47 | swapDevices = [ ]; 48 | 49 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 50 | # (the default) this is the recommended approach. When using systemd-networkd it's 51 | # still possible to use this option, but it's recommended to use it in conjunction 52 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 53 | networking.useDHCP = lib.mkDefault true; 54 | 55 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 56 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 57 | } 58 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-3/nixos.nix: -------------------------------------------------------------------------------- 1 | { soxincfg, ... }: 2 | 3 | { 4 | imports = [ 5 | soxincfg.nixosModules.profiles.cluster.laptop.common 6 | 7 | ./hardware-configuration.nix 8 | ]; 9 | 10 | services.k3s.extraFlags = builtins.concatStringsSep " " [ 11 | "--node-label nasreddine.com/has-zwave-device=yes" 12 | ]; 13 | soxincfg.services.k3s = { 14 | enable = true; 15 | role = "agent"; 16 | serverAddr = "https://192.168.50.16:6443"; 17 | }; 18 | 19 | # Copy the NixOS configuration file and link it from the resulting system 20 | # (/run/current-system/configuration.nix). This is useful in case you 21 | # accidentally delete configuration.nix. 22 | # system.copySystemConfiguration = true; 23 | 24 | # This option defines the first version of NixOS you have installed on this particular machine, 25 | # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 26 | # 27 | # Most users should NEVER change this value after the initial install, for any reason, 28 | # even if you've upgraded your system to a new NixOS release. 29 | # 30 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 31 | # so changing it will NOT upgrade your system. 32 | # 33 | # This value being lower than the current NixOS release does NOT mean your system is 34 | # out of date, out of support, or vulnerable. 35 | # 36 | # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 37 | # and migrated your data accordingly. 38 | # 39 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 40 | system.stateVersion = "23.11"; # Did you read the comment? 41 | } 42 | -------------------------------------------------------------------------------- /hosts/nixoses/laptop-cluster/laptop-server-x86-4/nixos.nix: -------------------------------------------------------------------------------- 1 | { soxincfg, ... }: 2 | 3 | { 4 | imports = [ 5 | soxincfg.nixosModules.profiles.cluster.laptop.common 6 | 7 | ./hardware-configuration.nix 8 | ]; 9 | 10 | soxincfg.services.k3s = { 11 | enable = true; 12 | role = "agent"; 13 | serverAddr = "https://192.168.50.16:6443"; 14 | }; 15 | 16 | # Copy the NixOS configuration file and link it from the resulting system 17 | # (/run/current-system/configuration.nix). This is useful in case you 18 | # accidentally delete configuration.nix. 19 | # system.copySystemConfiguration = true; 20 | 21 | # This option defines the first version of NixOS you have installed on this particular machine, 22 | # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 23 | # 24 | # Most users should NEVER change this value after the initial install, for any reason, 25 | # even if you've upgraded your system to a new NixOS release. 26 | # 27 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 28 | # so changing it will NOT upgrade your system. 29 | # 30 | # This value being lower than the current NixOS release does NOT mean your system is 31 | # out of date, out of support, or vulnerable. 32 | # 33 | # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 34 | # and migrated your data accordingly. 35 | # 36 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 37 | system.stateVersion = "23.11"; # Did you read the comment? 38 | } 39 | -------------------------------------------------------------------------------- /hosts/nixoses/prometheus/containers.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | ... 4 | }: 5 | 6 | let 7 | network_name = "web_network-br"; 8 | in 9 | { 10 | systemd.services.init-filerun-network-and-files = { 11 | description = "Create the network bridge ${network_name}."; 12 | after = [ "network.target" ]; 13 | wantedBy = [ "multi-user.target" ]; 14 | 15 | serviceConfig.Type = "oneshot"; 16 | script = 17 | let 18 | dockercli = "${config.virtualisation.docker.package}/bin/docker"; 19 | in 20 | '' 21 | # Put a true at the end to prevent getting non-zero return code, which will 22 | # crash the whole service. 23 | check=$(${dockercli} network ls | grep "${network_name}" || true) 24 | if [ -z "$check" ]; then 25 | ${dockercli} network create ${network_name} 26 | else 27 | echo "${network_name} already exists in docker" 28 | fi 29 | ''; 30 | }; 31 | 32 | virtualisation.docker.listenOptions = [ 33 | "/run/docker.sock" 34 | "38561" 35 | ]; 36 | 37 | virtualisation.oci-containers = { 38 | backend = "docker"; 39 | 40 | containers.postgres = { 41 | environment = { 42 | PGDATA = "/var/lib/postgresql/data"; 43 | POSTGRES_PASSWORD_FILE = "/run/secrets/postgres-passwd"; 44 | }; 45 | extraOptions = [ 46 | "--health-cmd=pg_isready -U postgres --dbname=postgres" 47 | "--health-interval=10s" 48 | "--health-timeout=5s" 49 | "--health-start-period=30s" 50 | "--network=${network_name}" 51 | "--shm-size=1G" 52 | ]; 53 | image = "postgres:16.1-alpine"; 54 | ports = [ "5432:5432" ]; 55 | volumes = [ 56 | "/persistence/postgres/data:/var/lib/postgresql/data" 57 | "/persistence/postgres/postgres-passwd:/run/secrets/postgres-passwd:ro" 58 | ]; 59 | }; 60 | 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /hosts/nixoses/prometheus/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: 10 | 11 | { 12 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 13 | 14 | boot = { 15 | # Use the systemd-boot EFI boot loader. 16 | loader.efi.canTouchEfiVariables = true; 17 | loader.systemd-boot = { 18 | configurationLimit = 5; 19 | enable = true; 20 | }; 21 | 22 | initrd.availableKernelModules = [ 23 | "xhci_pci" 24 | "nvme" 25 | "usb_storage" 26 | "sd_mod" 27 | ]; 28 | initrd.kernelModules = [ ]; 29 | kernelModules = [ "kvm-intel" ]; 30 | extraModulePackages = [ ]; 31 | }; 32 | 33 | fileSystems."/" = { 34 | device = "/dev/disk/by-uuid/b2025a5b-50da-478f-bc39-85e2a6cf979d"; 35 | fsType = "ext4"; 36 | }; 37 | 38 | swapDevices = [ ]; 39 | 40 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 41 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 42 | } 43 | -------------------------------------------------------------------------------- /hosts/nixoses/prometheus/k3s.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.k3s.extraFlags = builtins.concatStringsSep " " [ 3 | "--node-taint CriticalAddonsOnly=:NoExecute" 4 | "--node-label nasreddine.com/is-allowed-on-prometheus=yes" 5 | ]; 6 | 7 | soxincfg.services.k3s = { 8 | enable = true; 9 | role = "agent"; 10 | serverAddr = "https://192.168.50.16:6443"; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/nixoses/prometheus/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | soxincfg, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | soxincfg.nixosModules.profiles.server 9 | 10 | ./containers.nix 11 | ./hardware-configuration.nix 12 | ./unifi.nix 13 | ./k3s.nix 14 | ]; 15 | 16 | soxin.hardware.lowbatt.enable = true; 17 | 18 | environment.systemPackages = 19 | let 20 | inherit (pkgs) nfs-utils speedtest-cli; 21 | in 22 | [ 23 | nfs-utils 24 | speedtest-cli 25 | ]; 26 | 27 | # Don't allow systemd to stop the Tailscale service because that wreck havoc 28 | # on my network and containers. 29 | systemd.services.tailscaled.restartIfChanged = false; 30 | 31 | # Disable firewall for now 32 | # TODO: Fix the issue and re-enable the firewall. 33 | # When the firewall is open, I can't reach the right ports on the ifcsn0 34 | # interface. It's possible that I need to define that on the interface 35 | # directly. 36 | networking.firewall.enable = false; 37 | 38 | system.stateVersion = "23.05"; 39 | } 40 | -------------------------------------------------------------------------------- /hosts/nixoses/prometheus/unifi.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Unifi now runs on the Kubernetes cluster 3 | 4 | # Allow unifi controller inform on all interfaces 5 | networking.firewall.allowedTCPPorts = [ 6 | 53 # UniFi DNS 7 | 6789 # UniFi mobile speed test 8 | 8080 # UniFi Inform port 9 | 8443 # uniFi UI 10 | ]; 11 | 12 | networking.firewall.allowedUDPPorts = [ 13 | 53 # UniFi DNS 14 | 123 # NTP 15 | 1900 # UniFi used to "Make application discoverable on L2 network" in the UniFi Network settings. 16 | 3478 # UniFi STUN 17 | 5514 # UniFi remote syslog 18 | 10001 # UniFi device discovery 19 | ]; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/nixoses/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | readonly action="${1:-}" 6 | readonly host="${2:-$(hostname)}" 7 | 8 | if type nom &> /dev/null 9 | then 10 | BUILDER=nom 11 | else 12 | BUILDER=nix 13 | fi 14 | 15 | readonly BUILDER 16 | 17 | case "${action}" in 18 | boot) 19 | >&2 echo "Booting $host" 20 | 21 | nixos-rebuild --use-remote-sudo --flake ".#${host}" boot --show-trace 22 | ;; 23 | build) 24 | >&2 echo "Building $host" 25 | 26 | $BUILDER build ".#nixosConfigurations.${host}.config.system.build.toplevel" --show-trace 27 | ;; 28 | switch) 29 | >&2 echo "Switching $host" 30 | 31 | nixos-rebuild --use-remote-sudo --flake ".#${host}" switch --show-trace 32 | ;; 33 | test) 34 | >&2 echo "Testing $host" 35 | 36 | nixos-rebuild --use-remote-sudo --flake ".#${host}" test --show-trace 37 | ;; 38 | *) 39 | usage 40 | exit 1 41 | ;; 42 | esac 43 | -------------------------------------------------------------------------------- /hosts/nixoses/saturn-nixos-vm/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | boot = { 13 | loader.efi.canTouchEfiVariables = true; 14 | loader.systemd-boot = { 15 | enable = true; 16 | configurationLimit = 3; 17 | }; 18 | 19 | initrd.availableKernelModules = [ 20 | "xhci_pci" 21 | "sr_mod" 22 | ]; 23 | }; 24 | 25 | fileSystems."/" = { 26 | device = "/dev/disk/by-uuid/cd297986-6975-4e70-8e58-aa24c4605ef6"; 27 | fsType = "ext4"; 28 | }; 29 | 30 | fileSystems."/boot" = { 31 | device = "/dev/disk/by-uuid/A457-76B5"; 32 | fsType = "vfat"; 33 | options = [ 34 | "fmask=0077" 35 | "dmask=0077" 36 | ]; 37 | }; 38 | 39 | swapDevices = [ 40 | { device = "/dev/disk/by-uuid/79e28b78-e070-4228-b4b2-a8e91f782e8a"; } 41 | ]; 42 | 43 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 44 | # (the default) this is the recommended approach. When using systemd-networkd it's 45 | # still possible to use this option, but it's recommended to use it in conjunction 46 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 47 | networking.useDHCP = lib.mkDefault true; 48 | # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true; 49 | 50 | nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/nixoses/saturn-nixos-vm/home.nix: -------------------------------------------------------------------------------- 1 | # home-manager configuration for user `yl` 2 | { soxincfg }: 3 | 4 | { 5 | imports = [ 6 | soxincfg.nixosModules.profiles.myself 7 | soxincfg.nixosModules.profiles.personal 8 | soxincfg.nixosModules.profiles.workstation.nixos.vm-guest 9 | ]; 10 | 11 | home.stateVersion = "24.11"; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/nixoses/saturn-nixos-vm/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | soxincfg, 4 | ... 5 | }: 6 | let 7 | homePath = config.users.users.wnasreddine.home; 8 | owner = config.users.users.wnasreddine.name; 9 | sopsFile = ./secrets.sops.yaml; 10 | in 11 | { 12 | imports = [ 13 | soxincfg.nixosModules.profiles.myself 14 | soxincfg.nixosModules.profiles.personal 15 | soxincfg.nixosModules.profiles.workstation.nixos.vm-guest 16 | 17 | ./hardware-configuration.nix 18 | ]; 19 | 20 | sops = { 21 | age.keyFile = "${homePath}/.config/sops/age/keys.txt"; 22 | 23 | secrets = { 24 | _yl_bw_session_session = { 25 | inherit owner sopsFile; 26 | mode = "0400"; 27 | path = "${homePath}/.bw_session"; 28 | }; 29 | }; 30 | }; 31 | 32 | # load YL's home-manager configuration 33 | home-manager.users.wnasreddine = import ./home.nix { inherit soxincfg; }; 34 | 35 | networking.firewall.allowedTCPPorts = [ 36 | # allow me to use serve_this on my main machine 37 | 8000 38 | ]; 39 | 40 | system.stateVersion = "24.11"; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/nixoses/zeus/README.md: -------------------------------------------------------------------------------- 1 | zpool create \ 2 | -o ashift=12 \ 3 | -o autotrim=on \ 4 | -R /mnt \ 5 | -O acltype=posixacl \ 6 | -O canmount=off \ 7 | -O compression=zstd \ 8 | -O dnodesize=auto \ 9 | -O normalization=formD \ 10 | -O relatime=on \ 11 | -O xattr=sa \ 12 | -O mountpoint=none \ 13 | rpool \ 14 | /dev/nvme0n1p1 15 | 16 | zfs create -o canmount=noauto rpool/nixos 17 | 18 | zfs create -o canmount=noauto -o mountpoint=legacy rpool/nixos/root 19 | mount -t zfs rpool/nixos/root /mnt 20 | 21 | zfs create -o mountpoint=legacy rpool/nixos/home 22 | mkdir /mnt/home 23 | mount -t zfs rpool/nixos/home /mnt/home 24 | 25 | zfs create -o mountpoint=legacy rpool/nixos/var 26 | mkdir /mnt/var 27 | mount -t zfs rpool/nixos/var /mnt/var 28 | 29 | zfs create -o mountpoint=legacy rpool/nixos/var/lib 30 | mkdir /mnt/var/lib 31 | mount -t zfs rpool/nixos/var/lib /mnt/var/lib 32 | 33 | zfs create -o mountpoint=legacy rpool/nixos/var/log 34 | mkdir /mnt/var/log 35 | mount -t zfs rpool/nixos/var/log /mnt/var/log 36 | 37 | zfs snapshot rpool/nixos@start 38 | 39 | # create and mount the /boot partition, EFI 40 | 41 | nixos-generate-config --root /mnt 42 | 43 | nixos-install 44 | -------------------------------------------------------------------------------- /hosts/nixoses/zeus/home.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /modules/default.nix: -------------------------------------------------------------------------------- 1 | { imports = builtins.attrValues (import ./list.nix); } 2 | -------------------------------------------------------------------------------- /modules/hardware/onlykey/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf mkMerge; 10 | 11 | cfg = config.soxincfg.hardware.onlykey; 12 | 13 | homePath = config.soxincfg.settings.users.user.home; 14 | owner = config.soxincfg.settings.users.user.name; 15 | sopsFile = ./secrets.sops.yaml; 16 | in 17 | { 18 | config = mkIf cfg.enable (mkMerge [ 19 | { hardware.onlykey.enable = true; } 20 | 21 | (mkIf cfg.ssh-support.enable { 22 | sops.secrets._ssh_id_ed25519_sk_rk = { 23 | inherit owner sopsFile; 24 | path = "${homePath}/.ssh/id_ed25519_sk_rk"; 25 | }; 26 | }) 27 | ]); 28 | } 29 | -------------------------------------------------------------------------------- /modules/hardware/yubikey/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) mkIf; 9 | 10 | cfg = config.soxincfg.hardware.yubikey; 11 | in 12 | { 13 | config = mkIf cfg.enable { 14 | services.gpg-agent = mkIf cfg.gnupg-support.enable { 15 | enable = true; 16 | 17 | enableSshSupport = cfg.gnupg-support.ssh-support.enable; 18 | enableExtraSocket = cfg.gnupg-support.extra-socket; 19 | 20 | defaultCacheTtl = cfg.gnupg-support.default-cache-ttl; 21 | maxCacheTtl = cfg.gnupg-support.max-cache-ttl; 22 | 23 | defaultCacheTtlSsh = cfg.gnupg-support.ssh-support.default-cache-ttl; 24 | maxCacheTtlSsh = cfg.gnupg-support.ssh-support.max-cache-ttl; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/hardware/yubikey/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | let 10 | inherit (lib) mkIf; 11 | 12 | inherit (pkgs) 13 | yubico-piv-tool 14 | yubikey-manager 15 | yubikey-personalization 16 | yubikey-personalization-gui 17 | yubioath-desktop 18 | ; 19 | 20 | cfg = config.soxincfg.hardware.yubikey; 21 | in 22 | { 23 | config = mkIf cfg.enable { 24 | environment.systemPackages = [ 25 | yubico-piv-tool 26 | yubikey-manager 27 | yubikey-personalization 28 | yubikey-personalization-gui 29 | yubioath-desktop 30 | ]; 31 | 32 | programs.gnupg.agent = mkIf cfg.gnupg-support.enable { 33 | enable = true; 34 | 35 | enableSSHSupport = cfg.gnupg-support.ssh-support.enable; 36 | enableExtraSocket = cfg.gnupg-support.extra-socket; 37 | }; 38 | 39 | services.pcscd.enable = true; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/list.nix: -------------------------------------------------------------------------------- 1 | { 2 | # hardware 3 | onlykey = ./hardware/onlykey; 4 | yubikey = ./hardware/yubikey; 5 | 6 | # programs 7 | aidente = ./programs/aidente; 8 | android = ./programs/android.nix; 9 | autorandr = ./programs/autorandr.nix; 10 | brave = ./programs/brave.nix; 11 | chromium = ./programs/chromium; 12 | dbeaver = ./programs/dbeaver; 13 | fzf = ./programs/fzf; 14 | git = ./programs/git; 15 | iterm2 = ./programs/iterm2; 16 | mosh = ./programs/mosh; 17 | neovim = ./programs/neovim; 18 | pet = ./programs/pet; 19 | rofi = ./programs/rofi; 20 | ssh = ./programs/ssh; 21 | starship = ./programs/starship.nix; 22 | termite = ./programs/termite.nix; 23 | tmux = ./programs/tmux; 24 | weechat = ./programs/weechat; 25 | wezterm = ./programs/wezterm; 26 | zsh = ./programs/zsh; 27 | 28 | # services 29 | borders = ./services/borders; 30 | dnsmasq = ./services/dnsmasq; 31 | i3 = ./services/x11/window-managers/i3.nix; 32 | iscsid = ./services/iscsid.nix; 33 | k3s = ./services/k3s; 34 | nextcloud = ./services/nextcloud; 35 | sketchybar = ./services/sketchybar; 36 | skhd = ./services/skhd; 37 | sleep-on-lan = ./services/sleep-on-lan; 38 | yabai = ./services/yabai; 39 | 40 | # settings 41 | fonts = ./settings/fonts; 42 | gtk = ./settings/gtk; 43 | keyboard = ./settings/keyboard; 44 | networking = ./settings/networking; 45 | nix = ./settings/nix; 46 | users = ./settings/users; 47 | home-manager-settings = ./settings/home-manager; 48 | } 49 | -------------------------------------------------------------------------------- /modules/programs/aidente/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) 5 | mkIf 6 | ; 7 | 8 | cfg = config.soxincfg.programs.aidente; 9 | in 10 | { 11 | config = mkIf cfg.enable { 12 | homebrew = { 13 | casks = [ 14 | "aldente" 15 | ]; 16 | }; 17 | 18 | system.activationScripts.userDefaults.text = '' 19 | echo Configuring AIDente 20 | defaults write com.apphousekitchen.aldente-pro SUEnableAutomaticChecks -bool true 21 | defaults write com.apphousekitchen.aldente-pro launchAtLogin -bool true 22 | defaults write com.apphousekitchen.aldente-pro showDockIcon -bool false 23 | defaults write com.apphousekitchen.aldente-pro showPercentage -bool true 24 | ''; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /modules/programs/aidente/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption optionals; 5 | in 6 | { 7 | imports = optionals (mode == "nix-darwin") [ ./darwin.nix ]; 8 | 9 | options.soxincfg.programs.aidente.enable = mkEnableOption "Install and configure AIDente"; 10 | } 11 | -------------------------------------------------------------------------------- /modules/programs/android.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | pkgs, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.programs.android; 12 | in 13 | { 14 | options.soxincfg.programs.android = { 15 | enable = mkEnableOption "Enable Android"; 16 | }; 17 | 18 | config = mkIf cfg.enable (mkMerge [ 19 | { soxincfg.settings.users.groups = singleton "adbusers"; } 20 | 21 | (optionalAttrs (mode == "NixOS") { programs.adb.enable = true; }) 22 | ]); 23 | } 24 | -------------------------------------------------------------------------------- /modules/programs/brave.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | pkgs, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.programs.brave; 12 | in 13 | { 14 | options.soxincfg.programs.brave.enable = mkEnableOption "Install and configure Brave"; 15 | 16 | config = mkIf cfg.enable (mkMerge [ 17 | (optionalAttrs (mode == "home-manager") { home.packages = with pkgs; [ brave ]; }) 18 | ]); 19 | } 20 | -------------------------------------------------------------------------------- /modules/programs/chromium/default.nix: -------------------------------------------------------------------------------- 1 | # TODO(high): Surfingkeys must be composed of two files, the main one and the colemak bindings. 2 | { 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) 10 | mkEnableOption 11 | optionals 12 | ; 13 | in 14 | { 15 | imports = 16 | optionals (mode == "NixOS") [ ./nixos.nix ] 17 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 18 | 19 | options.soxincfg.programs.chromium.enable = mkEnableOption "Install and configure Chromium"; 20 | options.soxincfg.programs.chromium.surfingkeys.enable = 21 | mkEnableOption "Install and configure Surfingkeys"; 22 | } 23 | -------------------------------------------------------------------------------- /modules/programs/chromium/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf mkMerge; 10 | 11 | inherit (pkgs) chromium; 12 | 13 | cfg = config.soxincfg.programs.chromium; 14 | in 15 | { 16 | config = mkIf cfg.enable (mkMerge [ 17 | { home.packages = [ chromium ]; } 18 | 19 | (mkIf cfg.surfingkeys.enable { 20 | home.file.".surfingkeys.js".text = builtins.readFile ( 21 | pkgs.substituteAll { 22 | src = ./surfingkeys.js; 23 | 24 | home_dir = "${config.home.homeDirectory}"; 25 | } 26 | ); 27 | }) 28 | ]); 29 | } 30 | -------------------------------------------------------------------------------- /modules/programs/chromium/nixos.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf optional; 5 | 6 | cfg = config.soxincfg.programs.chromium; 7 | in 8 | { 9 | config = mkIf cfg.enable { 10 | programs.chromium = { 11 | enable = true; 12 | 13 | extensions = [ 14 | "nngceckbapebfimnlniiiahkandclblb" # BitWarden 15 | "kbfnbcaeplbcioakkpcpgfkobkghlhen" # Grammarly 16 | "gcbommkclmclpchllfjekcdonpmejbdp" # HTTPS Everywhere 17 | "gbmdgpbipfallnflgajpaliibnhdgobh" # JSON Viewer 18 | "neebplgakaahbhdphmkckjjcegoiijjo" # Keepa 19 | "ognfafcpbkogffpmmdglhbjboeojlefj" # Keybase 20 | "pneldbfhblmldbhmkolclpkijgnjcmng" # PR Monitor 21 | "hlepfoohegkhhmjieoechaddaejaokhf" # Refined GitHub 22 | "pogpjdbfdfnmlegpbhdmlebognmbamko" # Refined GitLab 23 | "jgpmhnmjbhgkhpbgelalfpplebgfjmbf" # Smile Always 24 | "jldhpllghnbhlbpcmnajkpdmadaolakh" # Todoist 25 | "djflhoibgkdhkhhcedjiklpkjnoahfmg" # User-Agent Switcher for Chrome 26 | "fpnmgdkabkmnadcjpehmlllkndpkmiak" # Wayback Machine 27 | "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin 28 | ] ++ optional cfg.surfingkeys.enable "gfbliohnnapiefjpjlpjnehglfpaknnc"; 29 | 30 | extraOpts = { 31 | BasicAuthOverHttpEnabled = false; 32 | }; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /modules/programs/dbeaver/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "NixOS") [ ./nixos.nix ] 9 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 10 | 11 | options.soxincfg.programs.dbeaver = { 12 | enable = mkEnableOption "programs.dbeaver"; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/programs/dbeaver/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf; 10 | 11 | inherit (pkgs.hostPlatform) isDarwin; 12 | 13 | homePath = config.home.homeDirectory; 14 | sopsFile = ./credentials-config.json.sops; 15 | 16 | cfg = config.soxincfg.programs.dbeaver; 17 | in 18 | { 19 | config = mkIf cfg.enable { 20 | home.packages = [ pkgs.dbeaver-bin ]; 21 | 22 | sops.secrets = mkIf isDarwin { 23 | credentials-config-json = { 24 | inherit sopsFile; 25 | format = "binary"; 26 | path = "${homePath}/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json"; 27 | }; 28 | 29 | data-sources-json = { 30 | inherit sopsFile; 31 | format = "binary"; 32 | path = "${homePath}/.local/share/DBeaverData/workspace6/General/.dbeaver/data-sources.json"; 33 | }; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /modules/programs/dbeaver/nixos.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf; 5 | 6 | homePath = config.soxincfg.settings.users.user.home; 7 | owner = config.soxincfg.settings.users.user.name; 8 | sopsFile = ./credentials-config.json.sops; 9 | 10 | cfg = config.soxincfg.programs.dbeaver; 11 | in 12 | { 13 | config = mkIf cfg.enable { 14 | sops.secrets = { 15 | credentials-config-json = { 16 | inherit sopsFile owner; 17 | format = "binary"; 18 | path = "${homePath}/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json"; 19 | }; 20 | 21 | data-sources-json = { 22 | inherit sopsFile owner; 23 | format = "binary"; 24 | path = "${homePath}/.local/share/DBeaverData/workspace6/General/.dbeaver/data-sources.json"; 25 | }; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/programs/fzf/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | pkgs, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.programs.fzf; 12 | in 13 | { 14 | options.soxincfg.programs.fzf = { 15 | enable = mkEnableOption "programs.fzf"; 16 | }; 17 | 18 | config = mkIf cfg.enable (mkMerge [ 19 | (optionalAttrs (mode == "home-manager") { 20 | programs.fzf = { 21 | enable = true; 22 | 23 | # TODO: Why was git piped to ag? 24 | # programs.fzf.defaultCommand = ''(${config.programs.ssh.package}/bin/git ls-tree -r --name-only HEAD || ${pkgs.silver-searcher}/bin/ag --hidden --ignore .git -g "")''; 25 | defaultCommand = "${config.programs.ssh.package}/bin/git ls-tree -r --name-only HEAD"; 26 | }; 27 | }) 28 | ]); 29 | } 30 | -------------------------------------------------------------------------------- /modules/programs/iterm2/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) 5 | mkIf 6 | ; 7 | 8 | cfg = config.soxincfg.programs.iterm2; 9 | in 10 | { 11 | config = mkIf cfg.enable { 12 | homebrew = { 13 | casks = [ 14 | "iterm2" 15 | ]; 16 | }; 17 | 18 | system.activationScripts.userDefaults.text = '' 19 | echo Configuring iTerm2 20 | defaults write com.googlecode.iterm2 LoadPrefsFromCustomFolder -bool true 21 | defaults write com.googlecode.iterm2 PrefsCustomFolder -string ${config.users.users.wnasreddine.home}/.config/iterm2 22 | ''; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/programs/iterm2/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "home-manager") [ ./home-manager.nix ] 9 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ]; 10 | 11 | options.soxincfg.programs.iterm2.enable = mkEnableOption "Install and configure iTerm2"; 12 | } 13 | -------------------------------------------------------------------------------- /modules/programs/mosh/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.programs.mosh; 12 | in 13 | { 14 | options = { 15 | soxincfg.programs.mosh = { 16 | enable = mkEnableOption '' 17 | Whether to enable mosh. 18 | 19 | On NixOS, this installs mosh and opens ports 60000 to 61000 in your firewall. 20 | 21 | On home-manager, this only install mosh. 22 | ''; 23 | }; 24 | }; 25 | 26 | config = mkIf cfg.enable (mkMerge [ 27 | (optionalAttrs (mode == "NixOS") { 28 | programs.mosh = { 29 | enable = true; 30 | }; 31 | 32 | networking.firewall.allowedUDPPortRanges = [ 33 | { 34 | from = 60000; 35 | to = 61000; 36 | } 37 | ]; 38 | }) 39 | 40 | (optionalAttrs (mode == "home-manager") { home.packages = [ pkgs.mosh ]; }) 41 | ]); 42 | } 43 | -------------------------------------------------------------------------------- /modules/programs/neovim/common-home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) 9 | mkIf 10 | singleton 11 | ; 12 | 13 | cfg = config.soxincfg.programs.neovim; 14 | in 15 | { 16 | config = mkIf cfg.enable { 17 | home = { 18 | sessionVariables.EDITOR = "nvim"; 19 | packages = singleton cfg.package; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/programs/neovim/darwin-darwin.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) 9 | mkIf 10 | singleton 11 | ; 12 | 13 | cfg = config.soxincfg.programs.neovim; 14 | in 15 | { 16 | config = mkIf cfg.enable { 17 | environment = { 18 | variables.EDITOR = "nvim"; 19 | systemPackages = singleton cfg.package; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/programs/neovim/darwin.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "nix-darwin") [ ./darwin-darwin.nix ] 9 | ++ optionals (mode == "home-manager") [ ./common-home.nix ]; 10 | } 11 | -------------------------------------------------------------------------------- /modules/programs/neovim/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | hostType, 4 | inputs, 5 | lib, 6 | pkgs, 7 | ... 8 | }: 9 | 10 | let 11 | inherit (lib) 12 | mkEnableOption 13 | mkOption 14 | optionals 15 | types 16 | ; 17 | 18 | cfg = config.soxincfg.programs.neovim; 19 | in 20 | { 21 | imports = 22 | optionals (hostType == "linux") [ ./linux.nix ] 23 | ++ optionals (hostType == "NixOS") [ ./nixos.nix ] 24 | ++ optionals (hostType == "nix-darwin") [ ./darwin.nix ] 25 | ++ optionals (hostType == "qubes-os") [ ./qubes.nix ]; 26 | 27 | options.soxincfg.programs.neovim = { 28 | enable = mkEnableOption "Enable NeoVim"; 29 | 30 | config = mkOption { 31 | type = with types; attrsOf anything; 32 | default = { }; 33 | description = "Configure NeoVim, extend my nixvim configuration"; 34 | }; 35 | 36 | package = mkOption { 37 | type = types.package; 38 | default = inputs.nixvim.packages."${pkgs.stdenv.hostPlatform.system}".default.extend cfg.config; 39 | defaultText = "kalbasit/nixvim extended with config"; 40 | description = "The package to use for NeoVim"; 41 | }; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /modules/programs/neovim/linux.nix: -------------------------------------------------------------------------------- 1 | { imports = [ ./common-home.nix ]; } 2 | -------------------------------------------------------------------------------- /modules/programs/neovim/nixos-nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) 9 | mkIf 10 | singleton 11 | ; 12 | 13 | cfg = config.soxincfg.programs.neovim; 14 | in 15 | { 16 | config = mkIf cfg.enable { 17 | environment = { 18 | variables.EDITOR = "nvim"; 19 | systemPackages = singleton cfg.package; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/programs/neovim/nixos.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "NixOS") [ ./nixos-nixos.nix ] 9 | ++ optionals (mode == "home-manager") [ ./common-home.nix ]; 10 | } 11 | -------------------------------------------------------------------------------- /modules/programs/neovim/qubes.nix: -------------------------------------------------------------------------------- 1 | { imports = [ ./common-home.nix ]; } 2 | -------------------------------------------------------------------------------- /modules/programs/pet/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption optionals; 5 | in 6 | { 7 | imports = optionals (mode == "home-manager") [ ./home.nix ]; 8 | 9 | options.soxincfg.programs.pet.enable = mkEnableOption "pet"; 10 | } 11 | -------------------------------------------------------------------------------- /modules/programs/rofi/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) 10 | mkEnableOption 11 | mkIf 12 | optionals 13 | ; 14 | 15 | cfg = config.soxincfg.programs.rofi; 16 | in 17 | { 18 | imports = optionals (mode == "home-manager") [ ./home.nix ]; 19 | 20 | options.soxincfg.programs.rofi = { 21 | enable = mkEnableOption "programs.rofi"; 22 | }; 23 | 24 | config = mkIf cfg.enable { 25 | soxin.programs.rofi = { 26 | enable = true; 27 | i3.enable = true; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/programs/rofi/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf singleton; 10 | 11 | cfg = config.soxincfg.programs.rofi; 12 | in 13 | { 14 | config = mkIf cfg.enable { programs.rofi.plugins = singleton pkgs.rofi-emoji; }; 15 | } 16 | -------------------------------------------------------------------------------- /modules/programs/starship.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.programs.starship; 12 | in 13 | { 14 | options = { 15 | soxincfg.programs.starship = { 16 | enable = mkEnableOption "starship prompt"; 17 | }; 18 | }; 19 | 20 | config = mkIf cfg.enable (mkMerge [ 21 | { soxin.programs.starship.enable = true; } 22 | 23 | (optionalAttrs (mode == "home-manager") { 24 | programs.starship = { 25 | settings = { 26 | battery = { 27 | full_symbol = "🔋 "; 28 | charging_symbol = "⚡️ "; 29 | discharging_symbol = "💀 "; 30 | }; 31 | battery.display = [ 32 | { 33 | threshold = 10; 34 | style = "bold red"; 35 | } 36 | { 37 | threshold = 15; 38 | style = "red"; 39 | } 40 | { 41 | threshold = 20; 42 | style = "bold yellow"; 43 | } 44 | { 45 | threshold = 30; 46 | style = "yellow"; 47 | } 48 | { 49 | threshold = 100; 50 | style = "bold green"; 51 | } 52 | ]; 53 | env_var = { 54 | variable = "ZSH_PROFILE"; 55 | symbol = "✍ "; 56 | }; 57 | kubernetes.disabled = false; 58 | time.disabled = false; 59 | }; 60 | }; 61 | }) 62 | ]); 63 | } 64 | -------------------------------------------------------------------------------- /modules/programs/termite.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.programs.termite; 12 | in 13 | { 14 | options = { 15 | soxincfg.programs.termite = { 16 | enable = mkEnableOption "termite"; 17 | }; 18 | }; 19 | 20 | config = mkIf cfg.enable (mkMerge [ 21 | { soxin.programs.termite.enable = true; } 22 | 23 | (optionalAttrs (mode == "home-manager") { 24 | programs.termite.font = "0xProto Nerd Font 12"; 25 | }) 26 | ]); 27 | } 28 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/alias.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- alias.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [cmd] 13 | AAWAY = "allserv /away" 14 | ANICK = "allserv /nick" 15 | BEEP = "print -beep" 16 | BYE = "quit" 17 | C = "buffer clear" 18 | cgrep = "/grep -C 3" 19 | CHAT = "dcc chat" 20 | CL = "buffer clear" 21 | CLOSE = "buffer close" 22 | EXIT = "quit" 23 | IG = "ignore" 24 | J = "join" 25 | K = "kick" 26 | KB = "kickban" 27 | LEAVE = "part" 28 | M = "msg" 29 | MSGBUF = "command -buffer $1 * /input send $2-" 30 | MUB = "unban *" 31 | N = "names" 32 | Q = "query" 33 | REDRAW = "window refresh" 34 | SAY = "msg *" 35 | shrug = "/msg * ¯\_(ツ)_/¯" 36 | SIGNOFF = "quit" 37 | T = "topic" 38 | UB = "unban" 39 | UMODE = "mode $nick" 40 | V = "command core version" 41 | W = "who" 42 | WC = "window close" 43 | WI = "whois" 44 | WII = "whois $1 $1" 45 | WM = "window merge" 46 | WW = "whowas" 47 | 48 | [completion] 49 | MSGBUF = "%(buffers_plugins_names)" 50 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/autosort.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- autosort.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [sorting] 13 | case_sensitive = off 14 | debug_log = off 15 | replacements = "" 16 | rules = "" 17 | signal_delay = 5 18 | signals = "buffer_opened buffer_merged buffer_unmerged buffer_renamed" 19 | sort_limit = 100 20 | sort_on_config_change = on 21 | 22 | [v3] 23 | helpers = "{"core_first": "${if:${buffer.full_name}!=core.weechat}", "irc_raw_first": "${if:${buffer.full_name}!=irc.irc_raw}", "irc_raw_last": "${if:${buffer.full_name}==irc.irc_raw}", "hashless_name": "${info:autosort_replace,#,,${info:autosort_escape,${buffer.name}}}", "script_or_plugin": "${if:${script_name}?${script_name}:${plugin}}"}" 24 | rules = "["${core_first}", "${info:autosort_order,${info:autosort_escape,${script_or_plugin}},core,*,irc,bitlbee,matrix,slack}", "${script_or_plugin}", "${irc_raw_first}", "${server}", "${info:autosort_order,${type},server,*,channel,private}", "${hashless_name}", "${buffer.full_name}", "irc.server.*.&* = 0", "irc.server.*.#* = 1", "irc.server.*.\\*status = 2"]" 25 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/buffer_autoset.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- buffer_autoset.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | instant = on 14 | timer = 1 15 | 16 | [buffer] 17 | core.weechat.notify = "3" 18 | irc.server.*.notify = "3" 19 | relay.relay.list.short_name = "relay" 20 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/certs/freenode.pem: -------------------------------------------------------------------------------- 1 | /run/secrets/_config_weechat_certs_freenode.pem -------------------------------------------------------------------------------- /modules/programs/weechat/config/charset.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- charset.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [default] 13 | decode = "iso-8859-1" 14 | encode = "" 15 | 16 | [decode] 17 | 18 | [encode] 19 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/colorize_nicks.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- colorize_nicks.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | blacklist_channels = "" 14 | blacklist_nicks = "so,root" 15 | colorize_input = off 16 | greedy_matching = on 17 | ignore_nicks_in_urls = off 18 | ignore_tags = "" 19 | match_limit = 20 20 | min_nick_length = 2 21 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/exec.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- exec.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [command] 13 | default_options = "" 14 | purge_delay = 0 15 | shell = "${env:SHELL}" 16 | 17 | [color] 18 | flag_finished = lightred 19 | flag_running = lightgreen 20 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/fifo.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- fifo.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [file] 13 | enabled = off 14 | path = "%h/weechat_fifo" 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/guile.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- guile.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | check_license = off 14 | eval_keep_context = on 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/irc.conf: -------------------------------------------------------------------------------- 1 | /run/secrets/_config_weechat_irc.conf -------------------------------------------------------------------------------- /modules/programs/weechat/config/logger.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- logger.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | backlog = 200 14 | backlog_conditions = "" 15 | 16 | [color] 17 | backlog_end = default 18 | backlog_line = default 19 | 20 | [file] 21 | auto_log = on 22 | color_lines = off 23 | flush_delay = 120 24 | fsync = off 25 | info_lines = off 26 | mask = "$plugin.$name.weechatlog" 27 | name_lower_case = on 28 | nick_prefix = "" 29 | nick_suffix = "" 30 | path = "%h/logs/" 31 | replacement_char = "_" 32 | time_format = "%Y-%m-%d %H:%M:%S" 33 | 34 | [level] 35 | irc = 3 36 | 37 | [mask] 38 | irc = "%Y/$server/$channel.%m.log" 39 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/lua.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- lua.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | check_license = off 14 | eval_keep_context = on 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/perl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- perl.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | check_license = off 14 | eval_keep_context = on 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/perl/autoload/highmon.pl: -------------------------------------------------------------------------------- 1 | ../highmon.pl -------------------------------------------------------------------------------- /modules/programs/weechat/config/perl/autoload/perlexec.pl: -------------------------------------------------------------------------------- 1 | ../perlexec.pl -------------------------------------------------------------------------------- /modules/programs/weechat/config/python.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- python.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | check_license = off 14 | eval_keep_context = on 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/autojoinem.py: -------------------------------------------------------------------------------- 1 | ../autojoinem.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/autosort.py: -------------------------------------------------------------------------------- 1 | ../autosort.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/buffer_autoset.py: -------------------------------------------------------------------------------- 1 | ../buffer_autoset.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/colorize_nicks.py: -------------------------------------------------------------------------------- 1 | ../colorize_nicks.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/go.py: -------------------------------------------------------------------------------- 1 | ../go.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/grep.py: -------------------------------------------------------------------------------- 1 | ../grep.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/notify_send.py: -------------------------------------------------------------------------------- 1 | ../notify_send.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/styurl.py: -------------------------------------------------------------------------------- 1 | ../styurl.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/text_item.py: -------------------------------------------------------------------------------- 1 | ../text_item.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/urlserver.py: -------------------------------------------------------------------------------- 1 | ../urlserver.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/python/autoload/zerotab.py: -------------------------------------------------------------------------------- 1 | ../zerotab.py -------------------------------------------------------------------------------- /modules/programs/weechat/config/relay.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- relay.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | auto_open_buffer = on 14 | raw_messages = 256 15 | 16 | [color] 17 | client = cyan 18 | status_active = green 19 | status_auth_failed = lightmagenta 20 | status_connecting = white 21 | status_disconnected = lightred 22 | status_waiting_auth = yellow 23 | text = default 24 | text_bg = default 25 | text_selected = white 26 | 27 | [network] 28 | allow_empty_password = off 29 | allowed_ips = "" 30 | auth_timeout = 60 31 | bind_address = "" 32 | clients_purge_delay = 0 33 | compression_level = 6 34 | ipv6 = on 35 | max_clients = 5 36 | nonce_size = 16 37 | password = "" 38 | password_hash_algo = "*" 39 | password_hash_iterations = 100000 40 | ssl_cert_key = "%h/ssl/relay.pem" 41 | ssl_priorities = "NORMAL:-VERS-SSL3.0" 42 | totp_secret = "" 43 | totp_window = 0 44 | websocket_allowed_origins = "" 45 | 46 | [irc] 47 | backlog_max_minutes = 0 48 | backlog_max_number = 1024 49 | backlog_since_last_disconnect = on 50 | backlog_since_last_message = off 51 | backlog_tags = "irc_privmsg" 52 | backlog_time_format = "[%H:%M] " 53 | 54 | [weechat] 55 | commands = "" 56 | 57 | [port] 58 | 59 | [path] 60 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/ruby.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- ruby.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | check_license = off 14 | eval_keep_context = on 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/script.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- script.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | columns = "%s %n %V %v %u | %d | %t" 14 | diff_color = on 15 | diff_command = "auto" 16 | display_source = on 17 | quiet_actions = on 18 | sort = "i,p,n" 19 | translate_description = on 20 | use_keys = on 21 | 22 | [color] 23 | status_autoloaded = cyan 24 | status_held = white 25 | status_installed = lightcyan 26 | status_obsolete = lightmagenta 27 | status_popular = yellow 28 | status_running = lightgreen 29 | status_unknown = lightred 30 | text = default 31 | text_bg = default 32 | text_bg_selected = red 33 | text_date = default 34 | text_date_selected = white 35 | text_delimiters = default 36 | text_description = default 37 | text_description_selected = white 38 | text_extension = default 39 | text_extension_selected = white 40 | text_name = cyan 41 | text_name_selected = lightcyan 42 | text_selected = white 43 | text_tags = brown 44 | text_tags_selected = yellow 45 | text_version = magenta 46 | text_version_loaded = default 47 | text_version_loaded_selected = white 48 | text_version_selected = lightmagenta 49 | 50 | [scripts] 51 | autoload = on 52 | cache_expire = 1440 53 | download_timeout = 30 54 | hold = "" 55 | path = "%h/script" 56 | url = "https://weechat.org/files/plugins.xml.gz" 57 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/sec.conf: -------------------------------------------------------------------------------- 1 | /run/secrets/_config_weechat_sec.conf -------------------------------------------------------------------------------- /modules/programs/weechat/config/spell.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- spell.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [color] 13 | misspelled = lightred 14 | suggestion = default 15 | suggestion_delimiter_dict = cyan 16 | suggestion_delimiter_word = cyan 17 | 18 | [check] 19 | commands = "away,command,cycle,kick,kickban,me,msg,notice,part,query,quit,topic" 20 | default_dict = "" 21 | during_search = off 22 | enabled = off 23 | real_time = off 24 | suggestions = -1 25 | word_min_length = 2 26 | 27 | [dict] 28 | 29 | [look] 30 | suggestion_delimiter_dict = " / " 31 | suggestion_delimiter_word = "," 32 | 33 | [option] 34 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/tcl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- tcl.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | check_license = off 14 | eval_keep_context = on 15 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/urlcolor_regexes.txt: -------------------------------------------------------------------------------- 1 | ((https?|ftp)://)(\S+(:\S*)?@)?(([1-9]\d?|1\d\d|2[01]\d|22[0-3])(\.(1?\d{1,2}|2[0-4]\d|25[0-5])){2}(\.([1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(([a-z0-9]-*)*[a-z0-9]+)(\.([a-z0-9]-*)*[a-z0-9]+)*(\.([a-z]{2,}))\.?)(:\d{2,5})?([/?#]\S*)? 2 | current: don't match: 8 3 | don't fail: 7 4 | 5 | ((https?|ftp)://)[^\s/$.?#].\S* 6 | stephen: don't match: 0 7 | don't fail: 15 8 | 9 | (https?|ftp)://(-\.)?([^\s/?\.#-]+\.?)+(/[^\s]*)? 10 | imme: don't match: 2 11 | don't fail: 13 12 | 13 | ((https?|ftp)://)(\S+(:\S*)?@)?(([1-9]\d?|1\d\d|2[01]\d|22[0-3])(\.(1?\d{1,2}|2[0-4]\d|25[0-5])){2}(\.([1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(([a-z0-9]+-?)*[a-z0-9]+)(\.([a-z0-9]+-?)*[a-z0-9]+)*(\.([a-z]{2,})))(:\d{2,5})?(/[^\s]*)? 14 | diego: don't match: 8 15 | don't fail: 6 16 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/urlgrab.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- urlgrab.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [color] 13 | color_bg_selected = black 14 | color_buffer = red 15 | color_buffer_selected = red 16 | color_time = cyan 17 | color_time_selected = cyan 18 | color_url = blue 19 | color_url_selected = blue 20 | 21 | [default] 22 | copycmd = "xsel -i" 23 | historysize = 10 24 | localcmd = "firefox '%s'" 25 | method = "local" 26 | output_main_buffer = on 27 | remotecmd = "ssh -x localhost -i ~/.ssh/id_rsa -C "export DISPLAY=":0.0" && firefox '%s'"" 28 | time_format = "%H:%M:%S" 29 | url_log = "~/.weechat/urls.log" 30 | -------------------------------------------------------------------------------- /modules/programs/weechat/config/weechat-color-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kalbasit/soxincfg/222c001e5470538f685ab78b7b6e96e8edf04c47/modules/programs/weechat/config/weechat-color-settings.png -------------------------------------------------------------------------------- /modules/programs/weechat/config/xfer.conf: -------------------------------------------------------------------------------- 1 | # 2 | # weechat -- xfer.conf 3 | # 4 | # WARNING: It is NOT recommended to edit this file by hand, 5 | # especially if WeeChat is running. 6 | # 7 | # Use /set or similar command to change settings in WeeChat. 8 | # 9 | # For more info, see: https://weechat.org/doc/quickstart 10 | # 11 | 12 | [look] 13 | auto_open_buffer = on 14 | progress_bar_size = 100 15 | pv_tags = "notify_private" 16 | 17 | [color] 18 | status_aborted = lightred 19 | status_active = lightblue 20 | status_connecting = yellow 21 | status_done = lightgreen 22 | status_failed = lightred 23 | status_waiting = lightcyan 24 | text = default 25 | text_bg = default 26 | text_selected = white 27 | 28 | [network] 29 | blocksize = 65536 30 | fast_send = on 31 | own_ip = "" 32 | port_range = "" 33 | send_ack = on 34 | speed_limit_recv = 0 35 | speed_limit_send = 0 36 | timeout = 300 37 | 38 | [file] 39 | auto_accept_chats = off 40 | auto_accept_files = off 41 | auto_accept_nicks = "" 42 | auto_check_crc32 = on 43 | auto_rename = on 44 | auto_resume = on 45 | convert_spaces = on 46 | download_path = "%h/xfer" 47 | download_temporary_suffix = ".part" 48 | upload_path = "~" 49 | use_nick_in_filename = on 50 | -------------------------------------------------------------------------------- /modules/programs/wezterm/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | let 10 | inherit (lib) 11 | mkEnableOption 12 | mkIf 13 | mkMerge 14 | optionalAttrs 15 | singleton 16 | ; 17 | 18 | inherit (pkgs) substituteAll wezterm; 19 | 20 | cfg = config.soxincfg.programs.wezterm; 21 | in 22 | { 23 | options = { 24 | soxincfg.programs.wezterm = { 25 | enable = mkEnableOption "WezTerm terminal emulator"; 26 | }; 27 | }; 28 | 29 | config = mkIf cfg.enable (mkMerge [ 30 | (optionalAttrs (mode == "home-manager") { 31 | home.packages = singleton pkgs.wezterm; 32 | 33 | xdg.configFile."wezterm/wezterm.lua".source = substituteAll { 34 | src = ./wezterm.lua; 35 | terminfo_dirs = "${wezterm.terminfo}/share/terminfo"; 36 | }; 37 | }) 38 | ]); 39 | } 40 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/_sp: -------------------------------------------------------------------------------- 1 | #compdef sp 2 | 3 | local profiles=() 4 | local i= 5 | local p= 6 | 7 | for i in ${HOME}/.zsh/profiles/*.zsh; do 8 | p="$( basename "${i}" )" 9 | profiles=(${profiles[@]} ${p%%.zsh}) 10 | done 11 | 12 | _arguments -C \ 13 | '(-L --log-depth)'{-L,--log-depth}'[change the depth of the log Default: 0]' \ 14 | '(-l --list)'{-l,--list}'[list the profiles]' \ 15 | '(-k --kill)'{-k,--kill}'[kill the profile]' \ 16 | "1: :(${profiles[*]})" 17 | 18 | # vim:ft=zsh: 19 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/alias_function: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # Usage: alias_function new_name old_name 6 | # Credit: http://mivok.net/2009/09/20/bashfunctionoverrist.html 7 | function alias_function() { 8 | if [[ "${1}" = "-h" || "${1}" = "--help" ]]; then 9 | print_info "${log_depth:-0}" "Usage: alias_function " 10 | return 11 | fi 12 | 13 | # save the function in a variable 14 | local orig_func=$(declare -f "${2}") 15 | # declare $1 (the new name) with the body of the original function 16 | eval "$1${orig_func#$2}" 17 | } 18 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/check_root: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function check_root() { test "$(id -u)" -eq 0 } 6 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/debug: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function debug() { 6 | if is_true "${DEBUG}"; then 7 | echo -e "[DEBUG][${funcstack[2]}()] ${@}" >&2 8 | fi 9 | } 10 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/emulate_all_archs: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # emulate_all_archs enables the emulation of all architectures supported by QEMU. 6 | # Read the documentation at https://github.com/multiarch/qemu-user-static for more information. 7 | function emulate_all_archs() { 8 | docker run --rm --privileged multiarch/qemu-user-static --reset -p yes 9 | } 10 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/functions.plugin.zsh: -------------------------------------------------------------------------------- 1 | functions_root="${${(%):-%x}:A:h}" 2 | 3 | # load the important functions 4 | source "${functions_root}/debug" 5 | source "${functions_root}/have" 6 | source "${functions_root}/is_func" 7 | source "${functions_root}/pathappend" 8 | source "${functions_root}/pathprepend" 9 | source "${functions_root}/pathunmunge" 10 | source "${functions_root}/sp" 11 | 12 | # autoload all of the functions 13 | for func in $functions_root/*; do 14 | local func_name="$(basename ${func})" 15 | case "${func_name}" in 16 | _*) ;; 17 | 18 | debug) ;; 19 | have) ;; 20 | is_func) ;; 21 | pathappend) ;; 22 | pathprepend) ;; 23 | pathunmunge) ;; 24 | sp) ;; 25 | 26 | *) 27 | autoload -U "${func_name}" 28 | ;; 29 | esac 30 | done 31 | unset func 32 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/gcim: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function gcim() { 6 | { # begin the always block 7 | function $0_help() 8 | { 9 | print_info "${log_depth}" "USAGE: gcim [options] " 10 | print_info "${log_depth}" "\t -h, --help - this message" 11 | print_info "${log_depth}" "\t --log-depth - change the depth of the log Default: ${log_depth}" 12 | print_info "${log_depth}" "" 13 | print_info "${log_depth}" "\texport GIT_DISABLE_GPG_SIGN=1 to disable GPG sigining of the commit" 14 | } 15 | 16 | local log_depth=0 17 | 18 | while [[ $# -ge 1 ]]; do 19 | case "${1}" in 20 | -h|--help) 21 | $0_help 22 | return 0 23 | ;; 24 | --log-depth) 25 | log_depth="${2}" 26 | if [[ -z "${log_depth}" ]]; then 27 | print_error "${log_depth}" "--log-depth requires an argument" 28 | $0_help 29 | return 1 30 | fi 31 | shift 2 32 | ;; 33 | *) 34 | local message="${@}" 35 | break 36 | ;; 37 | esac 38 | done 39 | 40 | if [[ -z "${message}" ]]; then 41 | print_error "${log_depth}" "message is required" 42 | $0_help 43 | return 1 44 | fi 45 | 46 | if [[ "x$(@git_bin@ rev-parse --git-dir 2> /dev/null)" = "x" ]]; then 47 | print_error "${log_depth}" "not inside a git repository" 48 | return 1 49 | fi 50 | 51 | local branch="$(git_current_branch)" 52 | local story="$(echo "${branch}" | grep '^[[:alpha:]][[:alpha:]]*-[[:digit:]][[:digit:]]*$')" 53 | 54 | if [[ "x${story}" != "x" ]]; then 55 | story=" (${story})" 56 | fi 57 | 58 | @git_bin@ commit -m "${message}${story}" 59 | } always { 60 | unfunction -m "$0_*" 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/have: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # have returns 0 if $1 is callable (alias, function or a binary) 6 | # Credit: https://github.com/Daenyth/dotfiles/blob/a22723420e780f04a77ebab8dd2737cfaba43c42/.bashrc#L47 7 | function have() { type "$1" &>/dev/null } 8 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/in_array: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function in_array() { 6 | [[ "${#}" -lt "2" ]] && return 1 7 | local needle="${1}" 8 | shift 9 | local haystack=(${@}) 10 | local i 11 | for i in "${haystack[@]}"; do 12 | [[ "${needle}" = "${i}" ]] && return 0 13 | done 14 | return 1 15 | } 16 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/is_false: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function is_false() { 6 | case "${1}" in 7 | [Ff][Aa][Ll][Ss][Ee]) 8 | return 0 9 | ;; 10 | [Ff]) 11 | return 0 12 | ;; 13 | [Nn][Oo]) 14 | return 0 15 | ;; 16 | [Nn]) 17 | return 0 18 | ;; 19 | 0) 20 | return 0 21 | ;; 22 | esac 23 | return 1 24 | } 25 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/is_func: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # is_func returns 0 if $1 is a function 6 | function is_func() { 7 | typeset -f "$1" &>/dev/null 8 | } 9 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/is_number: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function is_number() { 6 | [[ "${#}" -lt "1" ]] && return 1 7 | 8 | case "${1}" in 9 | [0-9]*) 10 | return 0 11 | ;; 12 | *) 13 | return 1 14 | ;; 15 | esac 16 | } 17 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/is_true: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function is_true() { 6 | case "${1}" in 7 | [Tt][Rr][Uu][Ee]) 8 | return 0 9 | ;; 10 | [Tt]) 11 | return 0 12 | ;; 13 | [Yy][Ee][Ss]) 14 | return 0 15 | ;; 16 | [Yy]) 17 | return 0 18 | ;; 19 | 1) 20 | return 0 21 | ;; 22 | *) 23 | return 1 24 | ;; 25 | esac 26 | } 27 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/jsonpp: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function jsonpp() { 6 | if [[ "${#}" -eq 0 ]]; then 7 | # only colorize the output if STDOUT is a terminal 8 | if [[ -t 1 ]]; then 9 | @python_bin@ -m json.tool | @pygmentize_bin@ -l javascript 10 | else 11 | @python_bin@ -m json.tool 12 | fi 13 | else 14 | local input_file="${1}" 15 | local output_file="${2}" 16 | if [[ -z "${output_file}" ]]; then 17 | output_file="`mktemp /tmp/jsonpp.XXXXXXXX`" 18 | fi 19 | 20 | @python_bin@ -m json.tool < "${input_file}" > "${output_file}" || return 21 | mv "${output_file}" "${input_file}" 22 | fi 23 | } 24 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/jspp: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function jspp() { 6 | if [[ "${#}" -eq 0 ]]; then 7 | @js-beautify_bin@ --stdin --indent-size=2 8 | else 9 | local input_file="${1}" 10 | @js-beautify_bin@ --replace --indent-size=2 "${input_file}" 11 | fi 12 | } 13 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/mkmine: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function mkmine() { 6 | local user="$( id -u )" 7 | local group="$( id -g )" 8 | local i= 9 | local flagsdone=false 10 | local args=() 11 | 12 | # should we recursively chown? 13 | for i in {0..${#}}; do 14 | if [[ "${1}" =~ ^- ]]; then 15 | if is_true "{flagsdone}"; then 16 | # the user entered FLAG* FILE FLAG* 17 | print_error 0 "USAGE: mkmine [FLAG,...] " 18 | return 1 19 | fi 20 | args=("${args[@]}" ${1}) 21 | shift 22 | else 23 | flagsdone=true 24 | fi 25 | done 26 | 27 | debug "args=(${args[@]})" 28 | debug "user=${user}" 29 | debug "group=${group}" 30 | debug "\${@} = ${@}" 31 | 32 | # chown the requested paths 33 | debug sudo chown ${args[@]} "${user}:${group}" "${@}" 34 | sudo chown "${args[@]}" "${user}:${group}" "${@}" 35 | } 36 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/need_root: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function need_root() { 6 | if ! check_root; then 7 | print_warning 0 "Re-Running the script under root." 8 | if have sudo; then 9 | if yes 'NOPASS' | sudo -S -l 2> /dev/null | grep -q "NOPASSWD"; then 10 | sudo "${0}" ${@} 11 | else 12 | # We need the user to put a password. 13 | print_info 1 "You must enter the password for '${USER}' to open a root session." 14 | sudo "${0}" ${@} 15 | fi 16 | else 17 | local PreserveEnvironment="" 18 | 19 | # There is no sudo command, we have to use 'su'. 20 | print_info 1 "You must enter the password for 'root' to open a root session." 21 | 22 | # Try to preserve the environment, if possible, on linux 23 | # it is possible, but on FreeBSD-like system it is not, unless 24 | # the caller has uid 0 (a.k.a root) which isn't the case. 25 | # 26 | # Enable it by default it on Linux, and disable it in case 27 | # it's a FreeBSD and for everything else... 28 | if [ "$( uname )" = "Linux" ]; then 29 | PreserveEnvironment="-p" 30 | fi 31 | 32 | # the actual su command 33 | su -l root ${PreserveEnvironment} -c "export HOME=${HOME}; ${0} ${@}" 34 | fi 35 | exit "${?}" 36 | else 37 | return 0 38 | fi 39 | } 40 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/nixos-start-vm: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function nixos-start-vm() { 6 | local nix_disk_image="${HOME}/storage/qemu/$(hostname -s).qcow2" 7 | 8 | mkdir -p "$( dirname "${nix_disk_image}" )" 9 | rm -f "${nix_disk_image}" 10 | 11 | QEMU_NET_OPTS="hostfwd=tcp::2222-:22" \ 12 | NIX_DISK_IMAGE="${nix_disk_image}" \ 13 | ./result/bin/run-*-vm 14 | } 15 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/pathappend: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function pathappend() { 6 | local var="${1}" 7 | shift 8 | while [[ $# -ge 1 ]]; do 9 | if [[ -d "${1}" ]] && ! [[ "${(P)var}" =~ (^|:)$1($|:) ]]; then 10 | eval "$var=${(P)var}:$1; export $var;" 11 | fi 12 | shift 13 | done 14 | } 15 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/pathprepend: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function pathprepend() { 6 | local var="${1}" 7 | shift 8 | while [[ $# -ge 1 ]]; do 9 | if [[ -d "${1}" ]] && ! [[ "${(P)var}" =~ (^|:)$1($|:) ]]; then 10 | eval "$var=$1:${(P)var}; export $var;" 11 | fi 12 | shift 13 | done 14 | } 15 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/pathunmunge: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function pathunmunge() { 6 | local var="${1}" 7 | local value="${(P)var}" 8 | shift 9 | while [[ $# -ge 1 ]]; do 10 | local newpath="" 11 | local sep="" 12 | local p= 13 | for p in ${(s,:,)value}; do 14 | debug "p=${p}" 15 | if [[ "x${p}" != "x${1}" ]]; then 16 | newpath="${newpath}${sep}${p}" 17 | sep=":" 18 | fi 19 | done 20 | value="${newpath}" 21 | shift 22 | done 23 | eval "$var=${value}; export $var;" 24 | } 25 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/pet_prev: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function pet_prev() { 6 | PREV=$(fc -lrn | head -n 1) 7 | sh -c "@pet_bin@ new $(printf %q "$PREV")" 8 | } 9 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/print_error: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function print_error() { 6 | GOOD="${ERROR}" print_info "${@}" >&2 7 | } 8 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/print_info: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # print_info(printlevel, print [, newline [, prefixline ] ]) 6 | function print_info() { 7 | local NEWLINE='1' 8 | local PREFIXLINE='1' 9 | local STR='' 10 | local PREFIXTEXT='' 11 | 12 | # NOT ENOUGH ARGS 13 | if [ "${#}" -lt '2' ] ; then return 1; fi 14 | 15 | # WRONG printlevel 16 | if [ "${1}" -lt "0" ]; then 17 | print_error 1 "printlevel must be above or equal 0" 18 | return 1 19 | fi 20 | 21 | # If printlevel is 0, the text must be bolded 22 | if [ "${1}" -eq "0" ]; then 23 | PREFIXTEXT="${FG_WHITE_B}" 24 | fi 25 | 26 | # IF 3 OR MORE ARGS, CHECK IF WE WANT A NEWLINE AFTER PRINT 27 | if [ "${#}" -gt '2' ] 28 | then 29 | if is_true "${3}" 30 | then 31 | NEWLINE='1'; 32 | else 33 | NEWLINE='0'; 34 | fi 35 | fi 36 | 37 | # IF 4 OR MORE ARGS, CHECK IF WE WANT TO PREFIX WITH A * 38 | if [ "${#}" -gt '3' ] 39 | then 40 | if is_true "${4}" 41 | then 42 | PREFIXLINE='1' 43 | else 44 | PREFIXLINE='0' 45 | fi 46 | fi 47 | 48 | # STRUCTURE printlevel 49 | if [ "${1}" -gt "1" ]; then 50 | PRINTLEVEL="$(for i in $(seq 1 ${1}); do echo -ne " "; done)" 51 | else 52 | PRINTLEVEL=" " 53 | fi 54 | 55 | # STRUCTURE DATA TO BE OUTPUT TO SCREEN, AND OUTPUT IT 56 | if [ "${PREFIXLINE}" = '1' ] 57 | then 58 | STR="${GOOD}*${FG_CLEAR}${PRINTLEVEL}${PREFIXTEXT}${2}${FG_CLEAR}" 59 | else 60 | STR="${PREFIXTEXT}${2}${FG_CLEAR}" 61 | fi 62 | 63 | if [ "${NEWLINE}" = '0' ] 64 | then 65 | echo -ne "${STR}" 66 | else 67 | echo -e "${STR}" 68 | fi 69 | 70 | return 0 71 | } 72 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/print_warning: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function print_warning() { 6 | GOOD="${WARN}" print_info "${@}" 7 | } 8 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/prompt: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # prompt reads y/n over a question and returns true only if given answer was Y/y. 6 | function prompt() { 7 | local question="$@" answer 8 | 9 | printf "$question (y/n)? " 10 | read answer 11 | 12 | if [[ "$answer" != "${answer#[Yy]}" ]]; then 13 | return 0 14 | else 15 | return 1 16 | fi 17 | } 18 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/register_u2f: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function register_u2f() { 6 | # TODO: The location of the u2f_keys should be set to 7 | # security.pam.u2f.authfile after the PR 8 | # https://github.com/NixOS/nixpkgs/pull/11886 is merged! 9 | local u2f_keys="${HOME}/.config/Yubico/u2f_keys" 10 | mkdir -p "$( dirname "${u2f_keys}" )" 11 | (@pamu2fcfg_bin@; echo) >> "${u2f_keys}" 12 | } 13 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/s: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function s() { 6 | { # begin the always block 7 | function $0_help() 8 | { 9 | print_info "${log_depth}" "USAGE: s [story]" 10 | print_info "${log_depth}" "\t -h, --help - this message" 11 | } 12 | 13 | local log_depth=0 14 | 15 | while [[ $# -ge 1 ]]; do 16 | case "${1}" in 17 | -h|--help) 18 | $0_help 19 | return 0 20 | ;; 21 | *) 22 | local story="${@}" 23 | break 24 | ;; 25 | esac 26 | done 27 | 28 | if [[ -n "${story}" ]]; then 29 | if ! swm story list --name-only | grep -q "^${story}$"; then 30 | swm story create --name "$story" --branch-name "user/$USER/$story" 31 | fi 32 | 33 | swm --story-name "$story" tmux switch-client 34 | else 35 | swm tmux switch-client 36 | fi 37 | } always { 38 | unfunction -m "$0_*" 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/sapg: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # generate passwords with apg 6 | function sapg() { 7 | if [[ "${1}" == "-h" ]]; then 8 | print_error 0 "usage: ${0} " 9 | else 10 | if [[ "${1}" -le "2" ]]; then 11 | print_error 0 "password too small!" 12 | return 1 13 | fi 14 | @apg_bin@ -x "${1}" -m "${1}" -n "${2}" -t -M NCL 15 | fi 16 | } 17 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/scprsa: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function scprsa() { 6 | local server="$1" 7 | local ssh_key="${2:-$HOME/.ssh/id_ed25519_sk_rk.pub}" 8 | 9 | if [[ -z "${server}" ]]; then 10 | print_error 0 "!! You need to enter a hostname in order to send your public key !!" 11 | return 1 12 | fi 13 | 14 | print_info 0 "Copying SSH public key to server..." 15 | TERM=linux ssh "${server}" "set -e; mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && cat - >> ~/.ssh/authorized_keys" < "${ssh_key}" 16 | print_info 0 "All done!" 17 | } 18 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/strip_ansi: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function strip_ansi() { 6 | if [[ "${#}" -eq 0 ]]; then 7 | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" 8 | else 9 | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" ${@} 10 | fi 11 | } 12 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/swap: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # swap() -- switch 2 filenames around 6 | # Credit: https://github.com/Daenyth/dotfiles/blob/a22723420e780f04a77ebab8dd2737cfaba43c42/.bashrc#L77-L85 7 | function swap() { 8 | if [[ "${#}" -ne 2 ]]; then 9 | echo "USAGE: swap " 10 | echo " rename to and to " 11 | return 1 12 | fi 13 | 14 | local TMPFILE="$( mktemp -p . swap.XXXXXXX )" 15 | mv "$1" "${TMPFILE}" 16 | mv "$2" "$1" 17 | mv "${TMPFILE}" "$2" 18 | } 19 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/ugroups: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function ugroups() { 6 | id -Gn $1 | sed 's/ /\n/g' 7 | } 8 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/ulimit_usage: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function() ulimit_usage() { 6 | @paste_bin@ <(grep 'open files\|processes\|pending signals' /proc/self/limits | @cut_bin@ -c27-38) \ 7 | <(i=`whoami` ; @lsof_bin@ -u $i | tail -n +2 | @awk_bin@ {'print $9'} | wc -l; 8 | ps --no-headers -U $i -u $i u | wc -l ; 9 | ps -u $i -o pid= | xargs printf "/proc/%s/status\n" | 10 | xargs grep -s 'SigPnd' | 11 | @sed_bin@ 's/.*\t//' | @paste_bin@ -sd+ | @bc_bin@ ; ) | 12 | while read a b ; do echo $((${b}00/a))%; done 13 | } 14 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/umount.enc: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function umount.enc() { 6 | { # begin an always block 7 | 8 | function $0_help() { 9 | print_info "${log_depth}" "USAGE: umount.enc [options] lo_file" 10 | print_info "${log_depth}" "\t -h, --help - this message" 11 | print_info "${log_depth}" "\t --log-depth - change the depth of the log Default: ${log_depth}" 12 | } 13 | 14 | local lo_file= 15 | local log_depth= 16 | 17 | while [[ $# -ge 1 ]]; do 18 | case "${1}" in 19 | -h|--help) 20 | $0_help 21 | return 0 22 | ;; 23 | --log-depth) 24 | log_depth="${2}" 25 | if [[ -z "${log_depth}" ]]; then 26 | print_error "${log_depth}" "--log-depth requires an argument" 27 | $0_help 28 | return 1 29 | fi 30 | shift 2 31 | ;; 32 | *) 33 | # Make sure we have only one argument left 34 | if [[ -n "${2}" ]]; then 35 | print_error "${log_depth}" "must only have one argument, the lo_file of the volume" 36 | $0_help 37 | return 1 38 | fi 39 | # set the lo_file 40 | lo_file="${1}" 41 | shift 42 | esac 43 | done 44 | 45 | # make sure we have a sudo session 46 | sudo -v 47 | # find the mount name the encrypted volume 48 | local name="$(basename ${lo_file})" 49 | # mount the filesystem 50 | print_info "${log_depth}" "umounting the device" 51 | sudo umount "/mnt/${name}" || return 1 52 | # close the cryptsetup 53 | print_info "${log_depth}" "closing the encrypted device ${name}" 54 | sudo @cryptsetup_bin@ close "${name}" || return 1 55 | } always { 56 | unfunction -m "$0_*" 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/vim_clean_swap: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | # vim_clean_swap goes through all of Vim's swap files and: 6 | # - delete the swap file if it's the same as the original file 7 | # - opens vim in diff mode between the swap file and the original file 8 | function vim_clean_swap() { 9 | { # begin an always block 10 | local TMPDIR=$(mktemp -d /tmp/vimrecovery.XXXXXXXX) 11 | local RECTXT="$TMPDIR/vim.recovery.$USER.txt" 12 | local RECFN="$TMPDIR/vim.recovery.$USER.fn" 13 | local q= 14 | for q in ~/.local/share/nvim/swap/*; do 15 | [[ -f $q ]] || continue 16 | if [[ `du $q | awk '{print $1}'` -eq 0 ]]; then 17 | rm -f $q 18 | continue 19 | fi 20 | rm -f "$RECTXT" "$RECFN" 21 | @vim_bin@ -X -r "$q" \ 22 | -c "w! $RECTXT" \ 23 | -c "let fn=expand('%')" \ 24 | -c "new $RECFN" \ 25 | -c "exec setline( 1, fn )" \ 26 | -c w\! \ 27 | -c "qa" 28 | if [[ ! -f $RECFN ]]; then 29 | echo "nothing to recover from $q" 30 | rm -f "$q" 31 | continue 32 | fi 33 | local CRNT="$(cat $RECFN)" 34 | if diff --strip-trailing-cr --brief "$CRNT" "$RECTXT"; then 35 | echo "removing redundant $q" 36 | echo " for $CRNT" 37 | rm -f "$q" 38 | else 39 | echo "$q contains changes" 40 | if /usr/bin/vim -n -d "$CRNT" "$RECTXT"; then 41 | rm -i "$q" 42 | fi 43 | fi 44 | done 45 | } always { 46 | rm -f "$RECTXT" "$RECFN" 47 | rmdir "$TMPDIR" 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /modules/programs/zsh/plugins/functions/xmlpp: -------------------------------------------------------------------------------- 1 | # 2 | # vim:ft=zsh: 3 | # 4 | 5 | function xmlpp() { 6 | if [[ "${#}" -eq 0 ]]; then 7 | @xmllint_bin@ --format - 8 | else 9 | local input_file="${1}" 10 | local output_file="${2}" 11 | if [[ -z "${output_file}" ]]; then 12 | output_file="`mktemp /tmp/xmlpp.XXXXXXXX`" 13 | fi 14 | 15 | @xmllint_bin@ --format --output "${output_file}" "${input_file}" || return 16 | mv "${output_file}" "${input_file}" 17 | fi 18 | } 19 | -------------------------------------------------------------------------------- /modules/services/borders/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf; 5 | 6 | cfg = config.soxincfg.services.borders; 7 | in 8 | { 9 | config = mkIf cfg.enable { 10 | homebrew = { 11 | brews = [ "FelixKratz/Formulae/borders" ]; 12 | taps = [ "FelixKratz/formulae" ]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /modules/services/borders/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "home-manager") [ ./home-manager.nix ] 9 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ]; 10 | 11 | options.soxincfg.services.borders.enable = mkEnableOption "Install and configure Janky Borders"; 12 | } 13 | -------------------------------------------------------------------------------- /modules/services/borders/home-manager.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) 9 | mkIf 10 | ; 11 | 12 | cfg = config.soxincfg.services.borders; 13 | in 14 | { 15 | config = mkIf cfg.enable { 16 | xdg.configFile."borders/bordersrc" = { 17 | executable = true; 18 | 19 | text = '' 20 | options=( 21 | style=round 22 | width=6.0 23 | hidpi=off 24 | active_color=0xffe2e2e3 25 | inactive_color=0xff414550 26 | ) 27 | 28 | borders "''${options[@]}" 29 | ''; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/services/k3s/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) 5 | mkEnableOption 6 | mkOption 7 | optionals 8 | types 9 | ; 10 | in 11 | { 12 | imports = optionals (mode == "NixOS") [ ./nixos.nix ]; 13 | 14 | options.soxincfg.services.k3s = { 15 | enable = mkEnableOption "Install and configure k3s either as the server or agent"; 16 | 17 | role = mkOption { 18 | description = '' 19 | What's the role of this node? 20 | ''; 21 | 22 | default = "server"; 23 | type = types.enum [ 24 | "server" 25 | "agent" 26 | ]; 27 | }; 28 | 29 | serverAddr = mkOption { 30 | type = types.str; 31 | description = lib.mdDoc '' 32 | The k3s server to connect to. 33 | 34 | Servers and agents need to communicate each other. Read 35 | [the networking docs](https://rancher.com/docs/k3s/latest/en/installation/installation-requirements/#networking) 36 | to know how to configure the firewall. 37 | ''; 38 | example = "https://10.0.0.10:6443"; 39 | default = ""; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /modules/services/k3s/longhorn-support.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf; 10 | 11 | cfg = config.soxincfg.services.k3s; 12 | in 13 | { 14 | config = mkIf cfg.enable { 15 | environment.systemPackages = 16 | let 17 | inherit (pkgs) util-linux; 18 | in 19 | [ 20 | # longhorn requires nsenter, this package provides it 21 | util-linux 22 | ]; 23 | 24 | # longhorn looks for nsenter in specific paths, /usr/local/bin is one of 25 | # them so symlink the entire system/bin directory there. 26 | # https://github.com/longhorn/longhorn/issues/2166#issuecomment-1864656450 27 | systemd.tmpfiles.rules = [ "L+ /usr/local/bin - - - - /run/current-system/sw/bin/" ]; 28 | 29 | services.openiscsi = { 30 | enable = true; 31 | name = config.networking.hostName; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /modules/services/k3s/nfs-support.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf; 10 | 11 | cfg = config.soxincfg.services.k3s; 12 | in 13 | { 14 | config = mkIf cfg.enable { 15 | environment.systemPackages = 16 | let 17 | inherit (pkgs) nfs-utils; 18 | in 19 | [ 20 | # needed for NFS persistent volume 21 | nfs-utils 22 | ]; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/services/sketchybar/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf; 5 | 6 | cfg = config.soxincfg.services.sketchybar; 7 | in 8 | { 9 | config = mkIf cfg.enable { 10 | homebrew = { 11 | brews = [ "FelixKratz/formulae/sketchybar" ]; 12 | taps = [ "FelixKratz/formulae" ]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /modules/services/sketchybar/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "home-manager") [ ./home-manager.nix ] 9 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ]; 10 | 11 | options.soxincfg.services.sketchybar.enable = mkEnableOption "Install and configure Sketchybar"; 12 | } 13 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/colors.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Color Palette 4 | export BLACK=0xff181926 5 | export WHITE=0xffcad3f5 6 | export RED=0xffed8796 7 | export GREEN=0xffa6da95 8 | export BLUE=0xff8aadf4 9 | export YELLOW=0xffeed49f 10 | export ORANGE=0xfff5a97f 11 | export MAGENTA=0xffc6a0f6 12 | export GREY=0xff939ab7 13 | export TRANSPARENT=0x00000000 14 | 15 | # General bar colors 16 | export BAR_COLOR=0xff1e1e2e 17 | export BAR_BORDER_COLOR=0xff494d64 #0xa024273a 18 | export ICON_COLOR=$WHITE # Color of all icons 19 | export LABEL_COLOR=$WHITE # Color of all labels 20 | export BACKGROUND_1=0x603c3e4f 21 | export BACKGROUND_2=0x60494d64 22 | 23 | export POPUP_BACKGROUND_COLOR=0xff1e1e2e 24 | export POPUP_BORDER_COLOR=$WHITE 25 | 26 | export SHADOW_COLOR=$BLACK 27 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/icons.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # General Icons 4 | LOADING=􀖇 5 | APPLE=􀣺 6 | PREFERENCES=􀺽 7 | ACTIVITY=􀒓 8 | LOCK=􀒳 9 | BELL=􀋚 10 | BELL_DOT=􀝗 11 | TERMINAL=􀪏 12 | 13 | # Git Icons 14 | GIT_ISSUE=􀍷 15 | GIT_DISCUSSION=􀒤 16 | GIT_PULL_REQUEST=􀙡 17 | GIT_COMMIT=􀡚 18 | GIT_INDICATOR=􀂓 19 | 20 | # Spotify Icons 21 | SPOTIFY_BACK=􀊎 22 | SPOTIFY_PLAY_PAUSE=􀊈 23 | SPOTIFY_NEXT=􀊐 24 | SPOTIFY_SHUFFLE=􀊝 25 | SPOTIFY_REPEAT=􀊞 26 | 27 | # Yabai Icons 28 | YABAI_STACK=􀏭 29 | YABAI_FULLSCREEN_ZOOM=􀏜 30 | YABAI_PARENT_ZOOM=􀥃 31 | YABAI_FLOAT=􀢌 32 | YABAI_GRID=􀧍 33 | 34 | # Battery Icons 35 | BATTERY_100=􀛨 36 | BATTERY_75=􀺸 37 | BATTERY_50=􀺶 38 | BATTERY_25=􀛩 39 | BATTERY_0=􀛪 40 | BATTERY_CHARGING=􀢋 41 | 42 | # Volume Icons 43 | VOLUME_100=􀊩 44 | VOLUME_66=􀊧 45 | VOLUME_33=􀊥 46 | VOLUME_10=􀊡 47 | VOLUME_0=􀊣 48 | 49 | # WiFi 50 | WIFI_CONNECTED=􀙇 51 | WIFI_DISCONNECTED=􀙈 52 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/apple.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | POPUP_OFF='sketchybar --set apple.logo popup.drawing=off' 4 | POPUP_CLICK_SCRIPT='sketchybar --set $NAME popup.drawing=toggle' 5 | 6 | apple_logo=( 7 | icon=$APPLE 8 | icon.font="$FONT:Black:16.0" 9 | icon.color=$GREEN 10 | padding_right=15 11 | label.drawing=off 12 | click_script="$POPUP_CLICK_SCRIPT" 13 | popup.height=35 14 | ) 15 | 16 | apple_prefs=( 17 | icon=$PREFERENCES 18 | label="Preferences" 19 | click_script="open -a 'System Preferences'; $POPUP_OFF" 20 | ) 21 | 22 | apple_terminal=( 23 | icon=$TERMINAL 24 | label="Terminal" 25 | click_script="open -a 'iTerm'; $POPUP_OFF" 26 | ) 27 | 28 | apple_activity=( 29 | icon=$ACTIVITY 30 | label="Activity" 31 | click_script="open -a 'Activity Monitor'; $POPUP_OFF" 32 | ) 33 | 34 | apple_lock=( 35 | icon=$LOCK 36 | label="Lock Screen" 37 | click_script="pmset displaysleepnow; $POPUP_OFF" 38 | ) 39 | 40 | sketchybar --add item apple.logo left \ 41 | --set apple.logo "${apple_logo[@]}" \ 42 | \ 43 | --add item apple.prefs popup.apple.logo \ 44 | --set apple.prefs "${apple_prefs[@]}" \ 45 | \ 46 | --add item apple.terminal popup.apple.logo \ 47 | --set apple.terminal "${apple_terminal[@]}" \ 48 | \ 49 | --add item apple.activity popup.apple.logo \ 50 | --set apple.activity "${apple_activity[@]}" \ 51 | \ 52 | --add item apple.lock popup.apple.logo \ 53 | --set apple.lock "${apple_lock[@]}" 54 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/battery.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | battery=( 4 | script="$PLUGIN_DIR/battery.sh" 5 | icon.font="$FONT:Regular:19.0" 6 | padding_right=5 7 | padding_left=0 8 | label.drawing=off 9 | update_freq=120 10 | updates=on 11 | ) 12 | 13 | sketchybar --add item battery right \ 14 | --set battery "${battery[@]}" \ 15 | --subscribe battery power_source_change system_woke 16 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/brew.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Trigger the brew_udpate event when brew update or upgrade is run from cmdline 4 | # e.g. via function in .zshrc 5 | 6 | brew=( 7 | icon=􀐛 8 | label=? 9 | padding_right=10 10 | script="$PLUGIN_DIR/brew.sh" 11 | ) 12 | 13 | sketchybar --add event brew_update \ 14 | --add item brew right \ 15 | --set brew "${brew[@]}" \ 16 | --subscribe brew brew_update 17 | 18 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/calendar.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | calendar=( 4 | icon=cal 5 | icon.font="$FONT:Black:12.0" 6 | icon.padding_right=0 7 | label.width=45 8 | label.align=right 9 | padding_left=15 10 | update_freq=30 11 | script="$PLUGIN_DIR/calendar.sh" 12 | click_script="$PLUGIN_DIR/zen.sh" 13 | ) 14 | 15 | sketchybar --add item calendar right \ 16 | --set calendar "${calendar[@]}" \ 17 | --subscribe calendar system_woke 18 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/cpu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cpu_top=( 4 | label.font="$FONT:Semibold:7" 5 | label=CPU 6 | icon.drawing=off 7 | width=0 8 | padding_right=15 9 | y_offset=6 10 | ) 11 | 12 | cpu_percent=( 13 | label.font="$FONT:Heavy:12" 14 | label=CPU 15 | y_offset=-4 16 | padding_right=15 17 | width=55 18 | icon.drawing=off 19 | update_freq=4 20 | mach_helper="$HELPER" 21 | ) 22 | 23 | cpu_sys=( 24 | width=0 25 | graph.color=$RED 26 | graph.fill_color=$RED 27 | label.drawing=off 28 | icon.drawing=off 29 | background.height=30 30 | background.drawing=on 31 | background.color=$TRANSPARENT 32 | ) 33 | 34 | cpu_user=( 35 | graph.color=$BLUE 36 | label.drawing=off 37 | icon.drawing=off 38 | background.height=30 39 | background.drawing=on 40 | background.color=$TRANSPARENT 41 | ) 42 | 43 | sketchybar --add item cpu.top right \ 44 | --set cpu.top "${cpu_top[@]}" \ 45 | \ 46 | --add item cpu.percent right \ 47 | --set cpu.percent "${cpu_percent[@]}" \ 48 | \ 49 | --add graph cpu.sys right 75 \ 50 | --set cpu.sys "${cpu_sys[@]}" \ 51 | \ 52 | --add graph cpu.user right 75 \ 53 | --set cpu.user "${cpu_user[@]}" 54 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/front_app.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | front_app=( 4 | label.font="$FONT:Black:12.0" 5 | icon.background.drawing=on 6 | display=active 7 | script="$PLUGIN_DIR/front_app.sh" 8 | click_script="open -a 'Mission Control'" 9 | ) 10 | 11 | sketchybar --add item front_app left \ 12 | --set front_app "${front_app[@]}" \ 13 | --subscribe front_app front_app_switched 14 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/github.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | POPUP_CLICK_SCRIPT="sketchybar --set \$NAME popup.drawing=toggle" 4 | 5 | github_bell=( 6 | padding_right=6 7 | update_freq=180 8 | icon=$BELL 9 | icon.font="$FONT:Bold:15.0" 10 | icon.color=$BLUE 11 | label=$LOADING 12 | label.highlight_color=$BLUE 13 | popup.align=right 14 | script="$PLUGIN_DIR/github.sh" 15 | click_script="$POPUP_CLICK_SCRIPT" 16 | ) 17 | 18 | github_template=( 19 | drawing=off 20 | background.corner_radius=12 21 | padding_left=7 22 | padding_right=7 23 | icon.background.height=2 24 | icon.background.y_offset=-12 25 | ) 26 | 27 | sketchybar --add event github.update \ 28 | --add item github.bell right \ 29 | --set github.bell "${github_bell[@]}" \ 30 | --subscribe github.bell mouse.entered \ 31 | mouse.exited \ 32 | mouse.exited.global \ 33 | system_woke \ 34 | github.update \ 35 | \ 36 | --add item github.template popup.github.bell \ 37 | --set github.template "${github_template[@]}" 38 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/media.sh: -------------------------------------------------------------------------------- 1 | media=( 2 | icon.background.drawing=on 3 | icon.background.image=media.artwork 4 | icon.background.image.corner_radius=9 5 | script="$PLUGIN_DIR/media.sh" 6 | label.max_chars=15 7 | scroll_texts=on 8 | updates=on 9 | ) 10 | 11 | sketchybar --add item media center \ 12 | --set media "${media[@]}" \ 13 | --subscribe media media_change 14 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/spaces.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SPACE_ICONS=("1" "2" "3" "4" "5" "6" "7" "8" "9" "10" "11" "12") 4 | 5 | # Destroy space on right click, focus space on left click. 6 | # New space by left clicking separator (>) 7 | 8 | sid=0 9 | spaces=() 10 | for i in "${!SPACE_ICONS[@]}" 11 | do 12 | sid=$(($i+1)) 13 | 14 | space=( 15 | space=$sid 16 | icon="${SPACE_ICONS[i]}" 17 | icon.padding_left=10 18 | icon.padding_right=10 19 | padding_left=2 20 | padding_right=2 21 | label.padding_right=20 22 | icon.highlight_color=$RED 23 | label.color=$GREY 24 | label.highlight_color=$WHITE 25 | label.font="sketchybar-app-font:Regular:16.0" 26 | label.y_offset=-1 27 | background.color=$BACKGROUND_1 28 | background.border_color=$BACKGROUND_2 29 | script="$PLUGIN_DIR/space.sh" 30 | ) 31 | 32 | sketchybar --add space space.$sid left \ 33 | --set space.$sid "${space[@]}" \ 34 | --subscribe space.$sid mouse.clicked 35 | done 36 | 37 | space_creator=( 38 | icon=􀆊 39 | icon.font="$FONT:Heavy:16.0" 40 | padding_left=10 41 | padding_right=8 42 | label.drawing=off 43 | display=active 44 | click_script='yabai -m space --create' 45 | script="$PLUGIN_DIR/space_windows.sh" 46 | icon.color=$WHITE 47 | ) 48 | 49 | sketchybar --add item space_creator left \ 50 | --set space_creator "${space_creator[@]}" \ 51 | --subscribe space_creator space_windows_change 52 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/volume.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | volume_slider=( 4 | script="$PLUGIN_DIR/volume.sh" 5 | updates=on 6 | label.drawing=off 7 | icon.drawing=off 8 | slider.highlight_color=$BLUE 9 | slider.background.height=5 10 | slider.background.corner_radius=3 11 | slider.background.color=$BACKGROUND_2 12 | slider.knob=􀀁 13 | slider.knob.drawing=on 14 | ) 15 | 16 | volume_icon=( 17 | click_script="$PLUGIN_DIR/volume_click.sh" 18 | padding_left=10 19 | icon=$VOLUME_100 20 | icon.width=0 21 | icon.align=left 22 | icon.color=$GREY 23 | icon.font="$FONT:Regular:14.0" 24 | label.width=25 25 | label.align=left 26 | label.font="$FONT:Regular:14.0" 27 | ) 28 | 29 | status_bracket=( 30 | background.color=$BACKGROUND_1 31 | background.border_color=$BACKGROUND_2 32 | ) 33 | 34 | sketchybar --add slider volume right \ 35 | --set volume "${volume_slider[@]}" \ 36 | --subscribe volume volume_change \ 37 | mouse.clicked \ 38 | \ 39 | --add item volume_icon right \ 40 | --set volume_icon "${volume_icon[@]}" 41 | 42 | sketchybar --add bracket status brew github.bell wifi volume_icon \ 43 | --set status "${status_bracket[@]}" 44 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/wifi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source "$CONFIG_DIR/icons.sh" 4 | 5 | wifi=( 6 | padding_right=7 7 | label.width=0 8 | icon="$WIFI_DISCONNECTED" 9 | script="$PLUGIN_DIR/wifi.sh" 10 | ) 11 | 12 | sketchybar --add item wifi right \ 13 | --set wifi "${wifi[@]}" \ 14 | --subscribe wifi wifi_change mouse.clicked 15 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/items/yabai.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | yabai=( 4 | icon.width=0 5 | label.width=0 6 | script="$PLUGIN_DIR/yabai.sh" 7 | icon.font="$FONT:Bold:16.0" 8 | display=active 9 | ) 10 | 11 | sketchybar --add event window_focus \ 12 | --add item yabai left \ 13 | --set yabai "${yabai[@]}" \ 14 | --subscribe yabai window_focus \ 15 | mouse.clicked 16 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/battery.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source "$CONFIG_DIR/icons.sh" 4 | source "$CONFIG_DIR/colors.sh" 5 | 6 | BATTERY_INFO="$(pmset -g batt)" 7 | PERCENTAGE=$(echo "$BATTERY_INFO" | grep -Po "\d+%" | cut -d% -f1) 8 | CHARGING=$(echo "$BATTERY_INFO" | grep 'AC Power') 9 | 10 | if [ $PERCENTAGE = "" ]; then 11 | exit 0 12 | fi 13 | 14 | DRAWING=on 15 | COLOR=$WHITE 16 | case ${PERCENTAGE} in 17 | 9[0-9]|100) ICON=$BATTERY_100; DRAWING=off 18 | ;; 19 | [6-8][0-9]) ICON=$BATTERY_75; DRAWING=off 20 | ;; 21 | [3-5][0-9]) ICON=$BATTERY_50 22 | ;; 23 | [1-2][0-9]) ICON=$BATTERY_25; COLOR=$ORANGE 24 | ;; 25 | *) ICON=$BATTERY_0; COLOR=$RED 26 | esac 27 | 28 | if [[ $CHARGING != "" ]]; then 29 | ICON=$BATTERY_CHARGING 30 | DRAWING=off 31 | fi 32 | 33 | sketchybar --set $NAME drawing=$DRAWING icon="$ICON" icon.color=$COLOR 34 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/brew.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source "$CONFIG_DIR/colors.sh" 4 | 5 | COUNT="$(brew outdated | wc -l | tr -d ' ')" 6 | 7 | COLOR=$RED 8 | 9 | case "$COUNT" in 10 | [3-5][0-9]) COLOR=$ORANGE 11 | ;; 12 | [1-2][0-9]) COLOR=$YELLOW 13 | ;; 14 | [1-9]) COLOR=$WHITE 15 | ;; 16 | 0) COLOR=$GREEN 17 | COUNT=􀆅 18 | ;; 19 | esac 20 | 21 | sketchybar --set $NAME label=$COUNT icon.color=$COLOR 22 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/calendar.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sketchybar --set $NAME icon="$(date '+%a %d. %b')" label="$(date '+%H:%M')" 4 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/front_app.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$SENDER" = "front_app_switched" ]; then 4 | # Set the app name and app icon and then animate a bounce for the icon size 5 | sketchybar --set $NAME label="$INFO" icon.background.image="app.$INFO" \ 6 | --animate tanh 10 --set $NAME icon.background.image.scale=1.2 \ 7 | icon.background.image.scale=1 8 | fi 9 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/icon_map.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | source $APP_FONT_MAP 4 | icon_map "$1" 5 | echo $icon_result 6 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/media.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | update_media() { 4 | STATE="$(echo "$INFO" | jq -r '.state')" 5 | 6 | if [ "$STATE" = "playing" ]; then 7 | APP=$(echo "$INFO" | jq -r '.app') 8 | MEDIA="$(echo "$INFO" | jq -r '.title + " - " + .artist')" 9 | sketchybar --set $NAME label="$MEDIA" drawing=on 10 | else 11 | sketchybar --set $NAME drawing=off 12 | fi 13 | } 14 | 15 | case "$SENDER" in 16 | "media_change") update_media 17 | ;; 18 | esac 19 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/space.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | update() { 4 | source "$CONFIG_DIR/colors.sh" 5 | COLOR=$BACKGROUND_2 6 | if [ "$SELECTED" = "true" ]; then 7 | COLOR=$GREY 8 | fi 9 | sketchybar --set $NAME icon.highlight=$SELECTED \ 10 | label.highlight=$SELECTED \ 11 | background.border_color=$COLOR 12 | } 13 | 14 | set_space_label() { 15 | sketchybar --set $NAME icon="$@" 16 | } 17 | 18 | mouse_clicked() { 19 | if [ "$BUTTON" = "right" ]; then 20 | yabai -m space --destroy $SID 21 | else 22 | if [ "$MODIFIER" = "shift" ]; then 23 | SPACE_LABEL="$(osascript -e "return (text returned of (display dialog \"Give a name to space $NAME:\" default answer \"\" with icon note buttons {\"Cancel\", \"Continue\"} default button \"Continue\"))")" 24 | if [ $? -eq 0 ]; then 25 | if [ "$SPACE_LABEL" = "" ]; then 26 | set_space_label "${NAME:6}" 27 | else 28 | set_space_label "${NAME:6} ($SPACE_LABEL)" 29 | fi 30 | fi 31 | else 32 | yabai -m space --focus $SID 2>/dev/null 33 | fi 34 | fi 35 | } 36 | 37 | case "$SENDER" in 38 | "mouse.clicked") mouse_clicked 39 | ;; 40 | *) update 41 | ;; 42 | esac 43 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/space_windows.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$SENDER" = "space_windows_change" ]; then 4 | args=(--animate sin 10) 5 | 6 | space="$(echo "$INFO" | jq -r '.space')" 7 | apps="$(echo "$INFO" | jq -r '.apps | keys[]')" 8 | 9 | icon_strip=" " 10 | if [ "${apps}" != "" ]; then 11 | while read -r app 12 | do 13 | icon_strip+=" $($CONFIG_DIR/plugins/icon_map.sh "$app")" 14 | done <<< "${apps}" 15 | else 16 | icon_strip=" —" 17 | fi 18 | args+=(--set space.$space label="$icon_strip") 19 | 20 | sketchybar -m "${args[@]}" 21 | fi 22 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/volume.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | WIDTH=100 4 | 5 | volume_change() { 6 | source "$CONFIG_DIR/icons.sh" 7 | case $INFO in 8 | [6-9][0-9]|100) ICON=$VOLUME_100 9 | ;; 10 | [3-5][0-9]) ICON=$VOLUME_66 11 | ;; 12 | [1-2][0-9]) ICON=$VOLUME_33 13 | ;; 14 | [1-9]) ICON=$VOLUME_10 15 | ;; 16 | 0) ICON=$VOLUME_0 17 | ;; 18 | *) ICON=$VOLUME_100 19 | esac 20 | 21 | sketchybar --set volume_icon label=$ICON \ 22 | --set $NAME slider.percentage=$INFO 23 | 24 | INITIAL_WIDTH="$(sketchybar --query $NAME | jq -r ".slider.width")" 25 | if [ "$INITIAL_WIDTH" -eq "0" ]; then 26 | sketchybar --animate tanh 30 --set $NAME slider.width=$WIDTH 27 | fi 28 | 29 | sleep 2 30 | 31 | # Check wether the volume was changed another time while sleeping 32 | FINAL_PERCENTAGE="$(sketchybar --query $NAME | jq -r ".slider.percentage")" 33 | if [ "$FINAL_PERCENTAGE" -eq "$INFO" ]; then 34 | sketchybar --animate tanh 30 --set $NAME slider.width=0 35 | fi 36 | } 37 | 38 | mouse_clicked() { 39 | osascript -e "set volume output volume $PERCENTAGE" 40 | } 41 | 42 | case "$SENDER" in 43 | "volume_change") volume_change 44 | ;; 45 | "mouse.clicked") mouse_clicked 46 | ;; 47 | esac 48 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/volume_click.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | WIDTH=100 4 | 5 | detail_on() { 6 | sketchybar --animate tanh 30 --set volume slider.width=$WIDTH 7 | } 8 | 9 | detail_off() { 10 | sketchybar --animate tanh 30 --set volume slider.width=0 11 | } 12 | 13 | toggle_detail() { 14 | INITIAL_WIDTH=$(sketchybar --query volume | jq -r ".slider.width") 15 | if [ "$INITIAL_WIDTH" -eq "0" ]; then 16 | detail_on 17 | else 18 | detail_off 19 | fi 20 | } 21 | 22 | toggle_devices() { 23 | which SwitchAudioSource >/dev/null || exit 0 24 | source "$CONFIG_DIR/colors.sh" 25 | 26 | args=(--remove '/volume.device\.*/' --set "$NAME" popup.drawing=toggle) 27 | COUNTER=0 28 | CURRENT="$(SwitchAudioSource -t output -c)" 29 | while IFS= read -r device; do 30 | COLOR=$GREY 31 | if [ "${device}" = "$CURRENT" ]; then 32 | COLOR=$WHITE 33 | fi 34 | args+=(--add item volume.device.$COUNTER popup."$NAME" \ 35 | --set volume.device.$COUNTER label="${device}" \ 36 | label.color="$COLOR" \ 37 | click_script="SwitchAudioSource -s \"${device}\" && sketchybar --set /volume.device\.*/ label.color=$GREY --set \$NAME label.color=$WHITE --set $NAME popup.drawing=off") 38 | COUNTER=$((COUNTER+1)) 39 | done <<< "$(SwitchAudioSource -a -t output)" 40 | 41 | sketchybar -m "${args[@]}" > /dev/null 42 | } 43 | 44 | if [ "$BUTTON" = "right" ] || [ "$MODIFIER" = "shift" ]; then 45 | toggle_devices 46 | else 47 | toggle_detail 48 | fi 49 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/wifi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | update() { 4 | source "$CONFIG_DIR/icons.sh" 5 | INFO="$(/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport -I | awk -F ' SSID: ' '/ SSID: / {print $2}')" 6 | LABEL="$INFO ($(ipconfig getifaddr en0))" 7 | ICON="$([ -n "$INFO" ] && echo "$WIFI_CONNECTED" || echo "$WIFI_DISCONNECTED")" 8 | 9 | sketchybar --set $NAME icon="$ICON" label="$LABEL" 10 | } 11 | 12 | click() { 13 | CURRENT_WIDTH="$(sketchybar --query $NAME | jq -r .label.width)" 14 | 15 | WIDTH=0 16 | if [ "$CURRENT_WIDTH" -eq "0" ]; then 17 | WIDTH=dynamic 18 | fi 19 | 20 | sketchybar --animate sin 20 --set $NAME label.width="$WIDTH" 21 | } 22 | 23 | case "$SENDER" in 24 | "wifi_change") update 25 | ;; 26 | "mouse.clicked") click 27 | ;; 28 | esac 29 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/yabai.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | window_state() { 4 | source "$CONFIG_DIR/colors.sh" 5 | source "$CONFIG_DIR/icons.sh" 6 | 7 | WINDOW=$(yabai -m query --windows --window) 8 | STACK_INDEX=$(echo "$WINDOW" | jq '.["stack-index"]') 9 | 10 | COLOR=$BAR_BORDER_COLOR 11 | ICON="" 12 | 13 | if [ "$(echo "$WINDOW" | jq '.["is-floating"]')" = "true" ]; then 14 | ICON+=$YABAI_FLOAT 15 | COLOR=$RED 16 | elif [ "$(echo "$WINDOW" | jq '.["has-fullscreen-zoom"]')" = "true" ]; then 17 | ICON+=$YABAI_FULLSCREEN_ZOOM 18 | COLOR=$GREEN 19 | elif [ "$(echo "$WINDOW" | jq '.["has-parent-zoom"]')" = "true" ]; then 20 | ICON+=$YABAI_PARENT_ZOOM 21 | COLOR=$BLUE 22 | elif [[ $STACK_INDEX -gt 0 ]]; then 23 | LAST_STACK_INDEX=$(yabai -m query --windows --window stack.last | jq '.["stack-index"]') 24 | ICON+=$YABAI_STACK 25 | LABEL="$(printf "[%s/%s]" "$STACK_INDEX" "$LAST_STACK_INDEX")" 26 | COLOR=$MAGENTA 27 | fi 28 | 29 | args=(--bar border_color=$COLOR --animate sin 10 --set $NAME icon.color=$COLOR) 30 | 31 | [ -z "$LABEL" ] && args+=(label.width=0) \ 32 | || args+=(label="$LABEL" label.width=40) 33 | 34 | [ -z "$ICON" ] && args+=(icon.width=0) \ 35 | || args+=(icon="$ICON" icon.width=30) 36 | 37 | sketchybar -m "${args[@]}" 38 | } 39 | 40 | 41 | mouse_clicked() { 42 | yabai -m window --toggle float 43 | window_state 44 | } 45 | 46 | case "$SENDER" in 47 | "mouse.clicked") mouse_clicked 48 | ;; 49 | "window_focus") window_state 50 | ;; 51 | esac 52 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/config-dir/plugins/zen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | zen_on() { 4 | sketchybar --set wifi drawing=off \ 5 | --set apple.logo drawing=off \ 6 | --set '/cpu.*/' drawing=off \ 7 | --set calendar icon.drawing=off \ 8 | --set separator drawing=off \ 9 | --set front_app drawing=off \ 10 | --set volume_icon drawing=off \ 11 | --set spotify.anchor drawing=off \ 12 | --set spotify.play updates=off \ 13 | --set brew drawing=off \ 14 | --set volume drawing=off \ 15 | --set github.bell drawing=off 16 | } 17 | 18 | zen_off() { 19 | sketchybar --set wifi drawing=on \ 20 | --set apple.logo drawing=on \ 21 | --set '/cpu.*/' drawing=on \ 22 | --set calendar icon.drawing=on \ 23 | --set separator drawing=on \ 24 | --set front_app drawing=on \ 25 | --set volume_icon drawing=on \ 26 | --set spotify.play updates=on \ 27 | --set brew drawing=on \ 28 | --set volume drawing=on \ 29 | --set github.bell drawing=on 30 | } 31 | 32 | if [ "$1" = "on" ]; then 33 | zen_on 34 | elif [ "$1" = "off" ]; then 35 | zen_off 36 | else 37 | if [ "$(sketchybar --query apple.logo | jq -r ".geometry.drawing")" = "on" ]; then 38 | zen_on 39 | else 40 | zen_off 41 | fi 42 | fi 43 | 44 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/helper/helper.c: -------------------------------------------------------------------------------- 1 | #include "cpu.h" 2 | #include "sketchybar.h" 3 | 4 | struct cpu g_cpu; 5 | 6 | void handler(env env) { 7 | // Environment variables passed from sketchybar can be accessed as seen below 8 | char* name = env_get_value_for_key(env, "NAME"); 9 | char* sender = env_get_value_for_key(env, "SENDER"); 10 | char* info = env_get_value_for_key(env, "INFO"); 11 | char* selected = env_get_value_for_key(env, "SELECTED"); 12 | 13 | if ((strcmp(name, "cpu.percent") == 0)) { 14 | // CPU graph updates 15 | cpu_update(&g_cpu); 16 | 17 | if (strlen(g_cpu.command) > 0) sketchybar(g_cpu.command); 18 | } 19 | } 20 | 21 | int main (int argc, char** argv) { 22 | cpu_init(&g_cpu); 23 | 24 | if (argc < 2) { 25 | printf("Usage: helper \"\"\n"); 26 | exit(1); 27 | } 28 | 29 | event_server_begin(handler, argv[1]); 30 | return 0; 31 | } 32 | -------------------------------------------------------------------------------- /modules/services/sketchybar/src/helper/makefile: -------------------------------------------------------------------------------- 1 | helper: helper.c cpu.h sketchybar.h 2 | clang -std=c99 -O3 helper.c -o helper 3 | -------------------------------------------------------------------------------- /modules/services/skhd/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) 5 | mkEnableOption 6 | optionals 7 | ; 8 | in 9 | { 10 | imports = optionals (mode == "nix-darwin") [ ./darwin.nix ]; 11 | 12 | options.soxincfg.services.skhd.enable = mkEnableOption "Install and configure Skhd"; 13 | } 14 | -------------------------------------------------------------------------------- /modules/services/sleep-on-lan/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) mkEnableOption optionals; 9 | in 10 | { 11 | imports = optionals (mode == "NixOS") [ ./nixos.nix ]; 12 | 13 | options.soxincfg.services.sleep-on-lan = { 14 | enable = mkEnableOption "services.sleep-on-lan"; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/services/sleep-on-lan/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf; 10 | 11 | cfg = config.soxincfg.services.sleep-on-lan; 12 | sopsFile = ./secrets.sops.yaml; 13 | in 14 | { 15 | config = mkIf cfg.enable { 16 | sops.secrets.etc_sol_json = { 17 | inherit sopsFile; 18 | path = "/etc/sol.json"; 19 | }; 20 | 21 | systemd.services.sleep-on-lan = { 22 | description = "Sleep-On-LAN daemon"; 23 | serviceConfig = { 24 | User = "root"; 25 | ExecStart = "${pkgs.sleep-on-lan}/bin/sleep-on-lan"; 26 | Restart = "always"; 27 | }; 28 | restartTriggers = [ "/etc/sol.json" ]; 29 | wantedBy = [ "multi-user.target" ]; 30 | }; 31 | 32 | networking.firewall = { 33 | allowedTCPPorts = [ 8009 ]; 34 | allowedUDPPorts = [ 9 ]; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/services/yabai/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) 5 | mkEnableOption 6 | optionals 7 | ; 8 | in 9 | { 10 | imports = optionals (mode == "nix-darwin") [ ./darwin.nix ]; 11 | 12 | options.soxincfg.services.yabai.enable = mkEnableOption "Install and configure Yabai"; 13 | } 14 | -------------------------------------------------------------------------------- /modules/settings/fonts/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.settings.fonts; 12 | packages = with pkgs; [ 13 | material-design-icons 14 | font-awesome 15 | 16 | (nerdfonts.override { 17 | fonts = [ 18 | # symbols icon only 19 | "NerdFontsSymbolsOnly" 20 | # Characters 21 | "0xProto" 22 | ]; 23 | }) 24 | ]; 25 | in 26 | { 27 | # TODO: find a nice way of selecting a default font. 28 | options = { 29 | soxincfg.settings.fonts = { 30 | enable = mkEnableOption "Enable default settings for fonts."; 31 | }; 32 | }; 33 | 34 | config = mkIf cfg.enable (mkMerge [ 35 | (optionalAttrs (mode == "NixOS") { 36 | fonts = { 37 | inherit packages; 38 | 39 | enableDefaultPackages = true; 40 | enableGhostscriptFonts = true; 41 | fontDir.enable = true; 42 | fontconfig.enable = true; 43 | }; 44 | }) 45 | 46 | (optionalAttrs (mode == "home-manager") { fonts.fontconfig.enable = true; }) 47 | ]); 48 | } 49 | -------------------------------------------------------------------------------- /modules/settings/gtk/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.settings.gtk; 12 | in 13 | { 14 | options = { 15 | soxincfg.settings.gtk = { 16 | enable = mkEnableOption "GTK"; 17 | }; 18 | }; 19 | 20 | config = mkIf cfg.enable (mkMerge [ 21 | (optionalAttrs (mode == "NixOS") { services.dbus.packages = [ pkgs.dconf ]; }) 22 | 23 | (optionalAttrs (mode == "home-manager") { 24 | gtk = { 25 | enable = true; 26 | font = { 27 | name = "0xProto Nerd Font:style=Regular:size=12:antialias=true"; 28 | }; 29 | iconTheme = { 30 | package = pkgs.arc-icon-theme; 31 | name = "Arc"; 32 | }; 33 | theme = { 34 | package = pkgs.arc-theme; 35 | name = "Arc-dark"; 36 | }; 37 | }; 38 | }) 39 | ]); 40 | } 41 | -------------------------------------------------------------------------------- /modules/settings/networking/default.nix: -------------------------------------------------------------------------------- 1 | { imports = [ ./nextdns.nix ]; } 2 | -------------------------------------------------------------------------------- /modules/settings/networking/nextdns.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxincfg.settings.networking.nextdns; 12 | in 13 | { 14 | options = { 15 | soxincfg.settings.networking.nextdns = { 16 | enable = mkEnableOption '' 17 | Whether to enable nextdns. 18 | ''; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable (mkMerge [ 23 | (optionalAttrs (mode == "NixOS") { 24 | networking.networkmanager.dns = "systemd-resolved"; 25 | 26 | # Set my own nextdns endpoints. 27 | networking.nameservers = [ 28 | "45.90.28.0#96893a.dns.nextdns.io" 29 | "45.90.30.0#96893a.dns.nextdns.io" 30 | "2a07:a8c0::#96893a.dns.nextdns.io" 31 | "2a07:a8c1::#96893a.dns.nextdns.io" 32 | ]; 33 | 34 | services.resolved = { 35 | enable = true; 36 | extraConfig = '' 37 | DNSOverTLS=yes 38 | ''; 39 | }; 40 | }) 41 | ]); 42 | } 43 | -------------------------------------------------------------------------------- /modules/settings/nix/default.nix: -------------------------------------------------------------------------------- 1 | { imports = [ ./distributed-builds ]; } 2 | -------------------------------------------------------------------------------- /modules/settings/nix/distributed-builds/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf; 5 | 6 | cfg = config.soxincfg.settings.nix.distributed-builds; 7 | 8 | keyStore = "${config.users.users.yl.home}/.config/nix/distributed-builds"; 9 | 10 | sopsFile = ./secrets.sops.yaml; 11 | in 12 | { 13 | config = mkIf cfg.enable { 14 | nix = { 15 | distributedBuilds = true; 16 | buildMachines = [ 17 | { 18 | hostName = "aarch64.nixos.community"; 19 | maxJobs = 64; 20 | sshKey = "${keyStore}/aarch64_nixos_community.key"; 21 | sshUser = "kalbasit"; 22 | system = "aarch64-linux"; 23 | supportedFeatures = [ "big-parallel" ]; 24 | } 25 | 26 | # { 27 | # hostName = "kore.wael-nasreddine.gmail.com.beta.tailscale.net"; 28 | # maxJobs = 1; 29 | # sshKey = "${keyStore}/kore.key"; 30 | # sshUser = "builder"; 31 | # system = "aarch64-linux"; 32 | # supportedFeatures = [ ]; 33 | # } 34 | ]; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/settings/nix/distributed-builds/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) mkEnableOption optionals; 9 | in 10 | { 11 | imports = 12 | optionals (mode == "NixOS") [ ./nixos.nix ] 13 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ] 14 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 15 | 16 | options.soxincfg.settings.nix.distributed-builds.enable = 17 | mkEnableOption "Configure Nix distributed-builds"; 18 | } 19 | -------------------------------------------------------------------------------- /modules/settings/nix/distributed-builds/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) mkIf; 10 | 11 | inherit (pkgs.hostPlatform) isDarwin; 12 | 13 | sopsFile = ./secrets.sops.yaml; 14 | homePath = config.home.homeDirectory; 15 | 16 | keyStore = "${homePath}/.config/nix/distributed-builds"; 17 | 18 | cfg = config.soxincfg.settings.nix.distributed-builds; 19 | in 20 | { 21 | config = mkIf cfg.enable { 22 | sops.age = mkIf isDarwin { 23 | generateKey = true; 24 | keyFile = "${homePath}/.local/share/soxincfg/sops/age.key"; 25 | }; 26 | 27 | sops.secrets = mkIf isDarwin { 28 | ssh_key_aarch64_nixos_community = { 29 | inherit sopsFile; 30 | path = "${keyStore}/aarch64_nixos_community.key"; 31 | }; 32 | ssh_key_kore = { 33 | inherit sopsFile; 34 | path = "${keyStore}/kore.key"; 35 | }; 36 | }; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/settings/nix/distributed-builds/nixos.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf; 5 | 6 | cfg = config.soxincfg.settings.nix.distributed-builds; 7 | 8 | sopsFile = ./secrets.sops.yaml; 9 | in 10 | { 11 | config = mkIf cfg.enable { 12 | nix = { 13 | distributedBuilds = true; 14 | buildMachines = [ 15 | { 16 | hostName = "aarch64.nixos.community"; 17 | maxJobs = 64; 18 | sshKey = builtins.toString config.sops.secrets.ssh_key_aarch64_nixos_community.path; 19 | sshUser = "kalbasit"; 20 | system = "aarch64-linux"; 21 | supportedFeatures = [ "big-parallel" ]; 22 | } 23 | 24 | # { 25 | # hostName = "kore.wael-nasreddine.gmail.com.beta.tailscale.net"; 26 | # maxJobs = 1; 27 | # sshKey = builtins.toString config.sops.secrets.ssh_key_kore.path; 28 | # sshUser = "builder"; 29 | # system = "aarch64-linux"; 30 | # supportedFeatures = [ ]; 31 | # } 32 | ]; 33 | }; 34 | 35 | sops.secrets = { 36 | ssh_key_aarch64_nixos_community = { 37 | inherit sopsFile; 38 | }; 39 | ssh_key_kore = { 40 | inherit sopsFile; 41 | }; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /modules/settings/users/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) 10 | mkOption 11 | optionals 12 | types 13 | ; 14 | in 15 | { 16 | imports = 17 | optionals (mode == "NixOS") [ ./nixos.nix ] 18 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ]; 19 | 20 | options.soxincfg.settings.users = { 21 | enable = mkOption { 22 | type = types.bool; 23 | default = true; 24 | description = '' 25 | Enable the management of users and groups. 26 | ''; 27 | }; 28 | 29 | userName = mkOption { 30 | type = types.str; 31 | default = "wnasreddine"; 32 | description = '' 33 | The default username for the main user. 34 | ''; 35 | }; 36 | 37 | groups = mkOption { 38 | type = types.listOf types.str; 39 | default = [ ]; 40 | description = '' 41 | The list of groups to add all users to. 42 | ''; 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /mysoxin/default.nix: -------------------------------------------------------------------------------- 1 | builtins.mapAttrs (_: import) (import ./list.nix) 2 | -------------------------------------------------------------------------------- /mysoxin/hardware/fwupd.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.hardware.fwupd; 12 | in 13 | { 14 | options = { 15 | soxin.hardware.fwupd = { 16 | enable = mkEnableOption "Firmware Update"; 17 | }; 18 | }; 19 | 20 | config = mkIf cfg.enable (mkMerge [ 21 | (optionalAttrs (mode == "NixOS") { services.fwupd.enable = true; }) 22 | ]); 23 | } 24 | -------------------------------------------------------------------------------- /mysoxin/hardware/intel-backlight.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.hardware.intelBacklight; 12 | in 13 | { 14 | options = { 15 | soxin.hardware.intelBacklight = { 16 | enable = mkEnableOption "Enable Intel backlight by a group of users."; 17 | group = mkOption { 18 | type = types.str; 19 | default = "video"; 20 | description = '' 21 | Group of users allowed to adjust the backlight. 22 | ''; 23 | }; 24 | }; 25 | }; 26 | 27 | config = mkIf cfg.enable (mkMerge [ 28 | (optionalAttrs (mode == "NixOS") { 29 | # Give people part of the ${cfg.group} group access to adjust the backlight 30 | services.udev.extraRules = '' 31 | ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp ${cfg.group} /sys/class/backlight/%k/brightness" 32 | ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" 33 | ''; 34 | }) 35 | ]); 36 | } 37 | -------------------------------------------------------------------------------- /mysoxin/hardware/serial_console.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | with lib; 9 | 10 | { 11 | options.soxin.hardware.serial_console.enable = mkEnableOption "Enable serial console"; 12 | 13 | config = mkIf config.soxin.hardware.serial_console.enable (mkMerge [ 14 | (optionalAttrs (mode == "NixOS") { 15 | boot.kernelParams = [ "console=tty0 console=ttyS0,115200n8" ]; 16 | boot.loader.grub.extraConfig = '' 17 | serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 18 | terminal_input serial console 19 | terminal_output serial console 20 | ''; 21 | }) 22 | ]); 23 | } 24 | -------------------------------------------------------------------------------- /mysoxin/hardware/sound.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.hardware.sound; 12 | in 13 | { 14 | options = { 15 | soxin.hardware.sound = { 16 | enable = mkEnableOption "sound"; 17 | 18 | # TODO 19 | # https://github.com/Focusrite-Scarlett-on-Linux/sound-usb-kernel-module 20 | focusRiteGen3Support = mkEnableOption "support for Focusrite Scarlet Gen3"; 21 | }; 22 | }; 23 | 24 | config = mkIf cfg.enable (mkMerge [ 25 | (optionalAttrs (mode == "NixOS") { 26 | # TODO: Possibly replace pulseaudio with pipewire but for now, in order to build on 24.11 and not sure why it's enabled in the first place. 27 | services.pipewire.enable = false; 28 | 29 | hardware = { 30 | pulseaudio = { 31 | enable = true; 32 | package = mkIf config.soxin.hardware.bluetooth.enable pkgs.pulseaudioFull; 33 | }; 34 | }; 35 | 36 | environment.systemPackages = with pkgs; [ 37 | pavucontrol 38 | pa_applet 39 | ]; 40 | }) 41 | 42 | (optionalAttrs (mode == "NixOS") ( 43 | mkIf cfg.focusRiteGen3Support { 44 | boot.extraModprobeConfig = "options snd_usb_audio vid=0x1235 pid=0x8210 device_setup=1"; 45 | } 46 | )) 47 | ]); 48 | } 49 | -------------------------------------------------------------------------------- /mysoxin/hardware/zsa/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) optionals; 9 | in 10 | { 11 | imports = 12 | optionals (mode == "NixOS") [ ./nixos.nix ] 13 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 14 | } 15 | -------------------------------------------------------------------------------- /mysoxin/hardware/zsa/home.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption; 5 | 6 | cfg = config.soxin.hardware.zsa; 7 | in 8 | { 9 | options.soxin.hardware.zsa = { 10 | enable = mkEnableOption "hardware.zsa"; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /mysoxin/hardware/zsa/nixos.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkEnableOption mkIf; 5 | 6 | cfg = config.soxin.hardware.zsa; 7 | in 8 | { 9 | options.soxin.hardware.zsa = { 10 | enable = mkEnableOption "hardware.zsa"; 11 | }; 12 | 13 | config = mkIf cfg.enable { soxincfg.settings.users.defaultGroups = [ "plugdev" ]; }; 14 | } 15 | -------------------------------------------------------------------------------- /mysoxin/list.nix: -------------------------------------------------------------------------------- 1 | { 2 | # hardware 3 | fwupd = ./hardware/fwupd.nix; 4 | intelBacklight = ./hardware/intel-backlight.nix; 5 | lowbatt = ./hardware/lowbatt.nix; 6 | serial_console = ./hardware/serial_console.nix; 7 | sound = ./hardware/sound.nix; 8 | zsa = ./hardware/zsa; 9 | 10 | # services 11 | caffeine = ./services/caffeine.nix; 12 | dunst = ./services/dunst.nix; 13 | i3 = ./services/x11/window-managers/i3; 14 | networkmanager = ./services/networking/networkmanager.nix; 15 | polybar = ./services/x11/window-managers/bar; 16 | printing = ./services/printing.nix; 17 | sshd = ./services/networking/ssh/sshd.nix; 18 | xserver = ./services/x11/xserver.nix; 19 | 20 | # virtualisation 21 | docker = ./virtualisation/docker; 22 | libvirtd = ./virtualisation/libvirtd.nix; 23 | virtualbox = ./virtualisation/virtualbox.nix; 24 | } 25 | -------------------------------------------------------------------------------- /mysoxin/services/caffeine.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.services.caffeine; 12 | in 13 | { 14 | options = { 15 | soxin.services.caffeine = { 16 | enable = mkEnableOption "Whether to enable caffeine-ng."; 17 | }; 18 | }; 19 | 20 | config = mkIf cfg.enable (mkMerge [ 21 | (optionalAttrs (mode == "home-manager") { 22 | systemd.user.services.caffeine-ng = { 23 | Unit = { 24 | Description = "Caffeine-ng, a locker inhibitor"; 25 | After = [ "graphical-session-pre.target" ]; 26 | PartOf = [ "graphical-session.target" ]; 27 | }; 28 | 29 | Install = { 30 | WantedBy = [ "graphical-session.target" ]; 31 | }; 32 | 33 | Service = { 34 | ExecStart = "${pkgs.caffeine-ng}/bin/caffeine"; 35 | }; 36 | }; 37 | }) 38 | ]); 39 | } 40 | -------------------------------------------------------------------------------- /mysoxin/services/networking/networkmanager.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.services.networkmanager; 12 | in 13 | { 14 | options = { 15 | soxin.services.networkmanager = { 16 | enable = mkEnableOption '' 17 | Whether to enable NetworkManager. 18 | ''; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable (mkMerge [ 23 | (optionalAttrs (mode == "NixOS") { 24 | networking.networkmanager.enable = true; 25 | 26 | programs.nm-applet.enable = true; 27 | 28 | soxincfg.settings.users.groups = [ "networkmanager" ]; 29 | }) 30 | ]); 31 | } 32 | -------------------------------------------------------------------------------- /mysoxin/services/networking/ssh/sshd.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.services.openssh; 12 | in 13 | { 14 | options = { 15 | soxin.services.openssh = { 16 | enable = mkEnableOption '' 17 | Whether to enable the OpenSSH secure shell daemon, which allows secure 18 | remote logins. 19 | ''; 20 | }; 21 | }; 22 | 23 | config = mkIf cfg.enable (mkMerge [ 24 | (optionalAttrs (mode == "NixOS") { 25 | services.openssh = { 26 | enable = true; 27 | settings.PasswordAuthentication = false; 28 | extraConfig = '' 29 | StreamLocalBindUnlink yes 30 | ''; 31 | }; 32 | }) 33 | ]); 34 | } 35 | -------------------------------------------------------------------------------- /mysoxin/services/printing.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.services.printing; 12 | in 13 | { 14 | options = { 15 | soxin.services.printing = { 16 | enable = mkEnableOption '' 17 | Whether to enable printing support through the CUPS daemon. 18 | ''; 19 | 20 | autoDiscovery = recursiveUpdate (mkEnableOption '' 21 | Enable autodiscovery of printers in the local network. 22 | '') { default = true; }; 23 | 24 | brands = mkOption { 25 | type = with types; listOf (enum (attrNames cfg.brandsPackages)); 26 | default = [ ]; 27 | description = '' 28 | List of brands' drivers to be installed as CUPS drivers. 29 | ''; 30 | }; 31 | 32 | brandsPackages = mkOption { 33 | type = with types; attrsOf (listOf types.path); 34 | default = { }; 35 | description = '' 36 | List of drivers associated with brands. 37 | ''; 38 | }; 39 | }; 40 | }; 41 | 42 | config = mkIf cfg.enable (mkMerge [ 43 | { 44 | soxin.services.printing = { 45 | brandsPackages = { 46 | hp = mkDefault [ pkgs.hplip ]; 47 | epson = mkDefault [ pkgs.epson-escpr ]; 48 | }; 49 | }; 50 | } 51 | 52 | (optionalAttrs (mode == "NixOS") { 53 | services.printing = { 54 | enable = true; 55 | drivers = flatten (attrValues (filterAttrs (n: _: any (e: e == n) cfg.brands) cfg.brandsPackages)); 56 | }; 57 | 58 | services.avahi = mkIf cfg.autoDiscovery { 59 | enable = true; 60 | nssmdns4 = true; 61 | }; 62 | }) 63 | ]); 64 | } 65 | -------------------------------------------------------------------------------- /mysoxin/services/x11/window-managers/i3/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | master, 7 | ... 8 | }: 9 | 10 | with lib; 11 | let 12 | cfg = config.soxin.services.xserver.windowManager.i3; 13 | in 14 | { 15 | options = { 16 | soxin.services.xserver.windowManager.i3 = { 17 | enable = mkEnableOption "i3"; 18 | }; 19 | }; 20 | 21 | config = mkIf cfg.enable (mkMerge [ 22 | (optionalAttrs (mode == "home-manager") { 23 | xsession = { 24 | enable = true; 25 | 26 | windowManager = { 27 | i3 = import ./i3-config.lib.nix { 28 | inherit 29 | config 30 | pkgs 31 | lib 32 | master 33 | ; 34 | }; 35 | }; 36 | 37 | initExtra = '' 38 | exec &> ~/.xsession-errors 39 | 40 | # fix the look of Java applications 41 | export _JAVA_OPTIONS='-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel' 42 | ''; 43 | 44 | scriptPath = ".hm-xsession"; 45 | }; 46 | }) 47 | ]); 48 | } 49 | -------------------------------------------------------------------------------- /mysoxin/services/x11/xserver.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | pkgs, 5 | lib, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.services.xserver; 12 | in 13 | { 14 | options = { 15 | soxin.services.xserver = { 16 | enable = mkEnableOption "Whether to enable Xorg."; 17 | }; 18 | }; 19 | 20 | config = mkIf cfg.enable (mkMerge [ 21 | (optionalAttrs (mode == "NixOS") { 22 | services = { 23 | displayManager = { 24 | autoLogin = { 25 | enable = true; 26 | user = "yl"; 27 | }; 28 | }; 29 | 30 | libinput = { 31 | enable = true; 32 | mouse.naturalScrolling = true; 33 | touchpad.naturalScrolling = true; 34 | }; 35 | 36 | xserver = { 37 | enable = true; 38 | autorun = true; 39 | autoRepeatDelay = 200; 40 | autoRepeatInterval = 30; 41 | 42 | xkb.options = concatStringsSep "," [ "ctrl:nocaps" ]; 43 | 44 | displayManager = { 45 | lightdm.enable = true; 46 | }; 47 | 48 | desktopManager.session = [ 49 | { 50 | name = "home-manager"; 51 | start = '' 52 | ${pkgs.runtimeShell} $HOME/.hm-xsession & 53 | waitPID=$! 54 | ''; 55 | } 56 | ]; 57 | }; 58 | }; 59 | }) 60 | ]); 61 | } 62 | -------------------------------------------------------------------------------- /mysoxin/soxin.nix: -------------------------------------------------------------------------------- 1 | { imports = builtins.attrValues (import ./list.nix); } 2 | -------------------------------------------------------------------------------- /mysoxin/virtualisation/docker/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf singleton; 5 | 6 | cfg = config.soxin.virtualisation.docker; 7 | in 8 | { 9 | config = mkIf cfg.enable { homebrew.casks = singleton "docker"; }; 10 | } 11 | -------------------------------------------------------------------------------- /mysoxin/virtualisation/docker/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) mkEnableOption optionals recursiveUpdate; 9 | in 10 | { 11 | imports = 12 | optionals (mode == "NixOS") [ ./nixos.nix ] 13 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ]; 14 | 15 | options = { 16 | soxin.virtualisation.docker = { 17 | enable = mkEnableOption "Enable docker."; 18 | 19 | addAdminUsersToGroup = recursiveUpdate (mkEnableOption '' 20 | Whether to add admin users declared in soxincfg.settings.users to the `docker` 21 | group. 22 | '') { default = true; }; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /mysoxin/virtualisation/docker/nixos.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | let 4 | inherit (lib) mkIf optional; 5 | 6 | cfg = config.soxin.virtualisation.docker; 7 | in 8 | { 9 | config = mkIf cfg.enable { 10 | virtualisation.docker.enable = true; 11 | 12 | soxincfg.settings.users.groups = optional cfg.addAdminUsersToGroup "docker"; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /mysoxin/virtualisation/libvirtd.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: 8 | 9 | with lib; 10 | let 11 | cfg = config.soxin.virtualisation.libvirtd; 12 | in 13 | { 14 | options = { 15 | soxin.virtualisation.libvirtd = { 16 | enable = mkEnableOption "Enable libvirtd."; 17 | addAdminUsersToGroup = recursiveUpdate (mkEnableOption '' 18 | Whether to add admin users declared in soxincfg.settings.users to the 19 | `libvirtd` group. 20 | '') { default = true; }; 21 | }; 22 | }; 23 | 24 | config = mkIf cfg.enable (mkMerge [ 25 | (optionalAttrs (mode == "NixOS") { 26 | virtualisation.libvirtd = { 27 | enable = true; 28 | qemu = { 29 | ovmf = { 30 | enable = true; 31 | packages = [ pkgs.OVMFFull.fd ]; 32 | }; 33 | package = pkgs.qemu_kvm; 34 | runAsRoot = false; 35 | swtpm.enable = true; 36 | }; 37 | }; 38 | 39 | # libvirtd now requires polkit 40 | security.polkit.enable = true; 41 | 42 | soxincfg.settings.users.groups = optional cfg.addAdminUsersToGroup "libvirtd"; 43 | 44 | environment.systemPackages = with pkgs; [ 45 | virt-manager 46 | spice-gtk 47 | ]; 48 | }) 49 | ]); 50 | } 51 | -------------------------------------------------------------------------------- /mysoxin/virtualisation/virtualbox.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | config, 4 | lib, 5 | ... 6 | }: 7 | 8 | with lib; 9 | let 10 | cfg = config.soxin.virtualisation.virtualbox; 11 | in 12 | { 13 | options = { 14 | soxin.virtualisation.virtualbox = { 15 | enable = mkEnableOption "Enable virtualbox."; 16 | addAdminUsersToGroup = recursiveUpdate (mkEnableOption '' 17 | Whether to add admin users declared in soxincfg.settings.users to the `virtualbox` 18 | group. 19 | '') { default = true; }; 20 | }; 21 | }; 22 | 23 | config = mkIf cfg.enable (mkMerge [ 24 | (optionalAttrs (mode == "NixOS") { 25 | virtualisation.virtualbox.host.enable = true; 26 | virtualisation.virtualbox.host.enableExtensionPack = true; 27 | 28 | soxincfg.settings.users.groups = optional cfg.addAdminUsersToGroup "vboxusers"; 29 | }) 30 | ]); 31 | } 32 | -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | final: prev: { } 2 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | channels: 2 | 3 | let 4 | inherit (channels.nixpkgs) lib system; 5 | inherit (lib) findSingle filterAttrs platforms; 6 | 7 | pkgs = { }; 8 | 9 | hasElement = list: elem: (findSingle (x: x == elem) "none" "multiple" list) != "none"; 10 | in 11 | filterAttrs (name: pkg: hasElement (pkg.meta.platforms or platforms.all) system) pkgs 12 | -------------------------------------------------------------------------------- /profiles/cluster/default.nix: -------------------------------------------------------------------------------- 1 | { laptop = import ./laptop; } 2 | -------------------------------------------------------------------------------- /profiles/cluster/laptop/common/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) optionals; 5 | in 6 | { 7 | imports = optionals (mode == "NixOS") [ ./nixos.nix ]; 8 | } 9 | -------------------------------------------------------------------------------- /profiles/cluster/laptop/common/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | soxincfg, 3 | nixos-hardware, 4 | ... 5 | }: 6 | 7 | { 8 | imports = [ 9 | soxincfg.nixosModules.profiles.server 10 | 11 | nixos-hardware.nixosModules.apple-macbook-air-3 12 | ]; 13 | 14 | soxin.hardware.lowbatt.enable = true; 15 | 16 | # Don't allow systemd to stop the Tailscale service because that wreck havoc 17 | # on my network and containers. 18 | systemd.services.tailscaled.restartIfChanged = false; 19 | 20 | # https://www.reddit.com/r/NixOS/comments/14qa7d8/comment/jqo1cpw/?utm_source=share&utm_medium=web2x&context=3 21 | services = { 22 | logind = { 23 | lidSwitch = "ignore"; 24 | extraConfig = '' 25 | HandlePowerKey=ignore 26 | ''; 27 | }; 28 | acpid = { 29 | enable = true; 30 | lidEventCommands = '' 31 | export PATH=$PATH:/run/current-system/sw/bin 32 | 33 | lid_state=$(cat /proc/acpi/button/lid/LID0/state | awk '{print $NF}') 34 | if [ $lid_state = "closed" ]; then 35 | # Set brightness to zero 36 | echo 0 > /sys/class/backlight/acpi_video0/brightness 37 | else 38 | # Reset the brightness 39 | echo 50 > /sys/class/backlight/acpi_video0/brightness 40 | fi 41 | ''; 42 | 43 | powerEventCommands = "systemctl suspend"; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /profiles/cluster/laptop/default.nix: -------------------------------------------------------------------------------- 1 | { common = import ./common; } 2 | -------------------------------------------------------------------------------- /profiles/core/darwin.nix: -------------------------------------------------------------------------------- 1 | { 2 | soxincfg, 3 | inputs, 4 | pkgs, 5 | soxin, 6 | ... 7 | }: 8 | { 9 | nix = { 10 | # enable the Nix sandbox 11 | # TODO: Re-enable the sandbox once https://github.com/NixOS/nix/issues/4119 is resolved. 12 | #settings.sandbox = true; 13 | 14 | useDaemon = true; 15 | 16 | # setup NIX_PATH to allow users to access the nixpkgs that built the system 17 | nixPath = [ 18 | "nixpkgs-unstable=${inputs.nixpkgs-unstable}" 19 | "nixpkgs=${pkgs.path}" 20 | "soxin=${soxin}" 21 | "soxincfg=${soxincfg}" 22 | ]; 23 | 24 | extraOptions = '' 25 | extra-platforms = x86_64-darwin aarch64-darwin 26 | extra-experimental-features = auto-allocate-uids 27 | ''; 28 | }; 29 | 30 | # set the timeZone 31 | time.timeZone = "America/Los_Angeles"; 32 | } 33 | -------------------------------------------------------------------------------- /profiles/core/default.nix: -------------------------------------------------------------------------------- 1 | { mode, lib, ... }: 2 | 3 | let 4 | inherit (lib) optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "NixOS") [ ./nixos.nix ] 9 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ] 10 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 11 | 12 | # configure the keyboard 13 | soxincfg.settings.keyboard.enable = true; 14 | 15 | # configure the theme 16 | soxin.settings.theme = "gruvbox-dark"; 17 | } 18 | -------------------------------------------------------------------------------- /profiles/core/home.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /profiles/core/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | soxin, 5 | soxincfg, 6 | inputs, 7 | lib, 8 | mode, 9 | ... 10 | }: 11 | 12 | { 13 | nix = { 14 | settings = { 15 | # enable the Nix sandbox 16 | sandbox = true; 17 | 18 | substituters = [ 19 | # add my home cache to the list of substituters 20 | "https://nix-cache.cluster.ifcsn0.nasreddine.com" 21 | 22 | # add nix-community maintained cache 23 | "https://nix-community.cachix.org" 24 | ]; 25 | 26 | trusted-public-keys = [ 27 | "nix-cache.cluster.nasreddine.com:gAaW+smlYAvg/u94P1XmbI45aIhJ9/5upB5QrKY33B0=" 28 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 29 | ]; 30 | }; 31 | 32 | # setup NIX_PATH to allow users to access the nixpkgs that built the system 33 | nixPath = [ 34 | "nixpkgs-unstable=${inputs.nixpkgs-unstable}" 35 | "nixpkgs=${pkgs.path}" 36 | "soxin=${soxin}" 37 | "soxincfg=${soxincfg}" 38 | ]; 39 | }; 40 | 41 | boot.tmp.useTmpfs = true; 42 | 43 | # Set the ssh authorized keys for the root user 44 | users.users.root = 45 | let 46 | users = soxincfg.vars.users { 47 | inherit lib mode; 48 | inherit (config.soxincfg.settings.users) userName; 49 | }; 50 | 51 | inherit (config.soxincfg.settings.users) userName; 52 | userAttrs = users."${userName}"; 53 | in 54 | { 55 | inherit (userAttrs) hashedPassword; 56 | 57 | openssh.authorizedKeys.keys = userAttrs.sshKeys; 58 | }; 59 | 60 | # set the default locale and the timeZone 61 | i18n.defaultLocale = "en_US.UTF-8"; 62 | time.timeZone = "America/Los_Angeles"; 63 | 64 | # set my location narrowed to the USPS Post Office of a nearby town (for privacy) 65 | location.latitude = 38.5811902710705; 66 | location.longitude = -121.49817303671485; 67 | } 68 | -------------------------------------------------------------------------------- /profiles/default.nix: -------------------------------------------------------------------------------- 1 | builtins.mapAttrs (_: import) (import ./list.nix) 2 | -------------------------------------------------------------------------------- /profiles/list.nix: -------------------------------------------------------------------------------- 1 | { 2 | cluster = ./cluster; 3 | core = ./core; 4 | miniserver = ./miniserver; 5 | myself = ./myself; 6 | neovim = ./neovim; 7 | personal = ./personal; 8 | server = ./server; 9 | workstation = ./workstation; 10 | } 11 | -------------------------------------------------------------------------------- /profiles/miniserver/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | soxincfg, 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) 10 | mkDefault 11 | mkEnableOption 12 | mkIf 13 | optionalAttrs 14 | optionals 15 | ; 16 | in 17 | { 18 | imports = 19 | [ soxincfg.nixosModules.profiles.neovim ] 20 | ++ optionals (mode == "NixOS") [ ./nixos.nix ] 21 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 22 | 23 | config = { 24 | soxin = { 25 | hardware = { 26 | fwupd.enable = true; 27 | }; 28 | 29 | services = { 30 | openssh.enable = true; 31 | }; 32 | }; 33 | 34 | soxincfg = { 35 | programs = { 36 | git.enable = true; 37 | ssh.enable = true; 38 | zsh.enable = true; 39 | }; 40 | 41 | settings = { 42 | nix.distributed-builds.enable = true; 43 | }; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /profiles/miniserver/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) optionals; 10 | in 11 | { 12 | home.packages = with pkgs; [ 13 | binutils # for strings 14 | dnsutils # for dig 15 | screen 16 | duf # du replacement on steroids 17 | ncdu 18 | file 19 | gnupg 20 | jq 21 | killall 22 | nix-zsh-completions 23 | unzip 24 | ]; 25 | } 26 | -------------------------------------------------------------------------------- /profiles/miniserver/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) singleton; 10 | in 11 | { 12 | environment.homeBinInPath = true; 13 | 14 | # Feed the kernel some entropy 15 | services.haveged.enable = true; 16 | 17 | # Enable the installation of my neovim 18 | # TODO: Need a minimal neovim with just my keybindings 19 | # soxincfg.programs.neovim.enable = true; 20 | environment.systemPackages = with pkgs; [ neovim ]; 21 | 22 | # Enable TailScale for zero-config VPN service. 23 | services.tailscale.enable = true; 24 | 25 | # Enable eternal-terminal 26 | # TODO: I have not used this. Do I need it? 27 | # networking.firewall.allowedTCPPorts = singleton config.services.eternal-terminal.port; 28 | # services.eternal-terminal.enable = true; 29 | 30 | # Setup my keyboard layout 31 | soxin.settings.keyboard = { 32 | layouts = [ 33 | { 34 | console = { 35 | keyMap = "colemak"; 36 | }; 37 | } 38 | ]; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /profiles/myself/darwin.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | soxincfg, 6 | ... 7 | }: 8 | 9 | { 10 | config = { 11 | soxincfg.settings.users = { 12 | users = soxincfg.vars.users { 13 | inherit lib mode; 14 | inherit (config.soxincfg.settings.users) userName; 15 | }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /profiles/myself/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "NixOS") [ ./nixos.nix ] 9 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ]; 10 | } 11 | -------------------------------------------------------------------------------- /profiles/myself/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | mode, 5 | soxincfg, 6 | ... 7 | }: 8 | 9 | { 10 | config = { 11 | soxincfg.settings.users = { 12 | # allow my user to access secrets 13 | groups = [ "keys" ]; 14 | 15 | users = soxincfg.vars.users { 16 | inherit lib mode; 17 | inherit (config.soxincfg.settings.users) userName; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /profiles/neovim/default.nix: -------------------------------------------------------------------------------- 1 | { soxincfg.programs.neovim.enable = true; } 2 | -------------------------------------------------------------------------------- /profiles/personal/darwin.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /profiles/personal/default.nix: -------------------------------------------------------------------------------- 1 | { lib, mode, ... }: 2 | 3 | let 4 | inherit (lib) optionals; 5 | in 6 | { 7 | imports = 8 | optionals (mode == "NixOS") [ ./nixos.nix ] 9 | ++ optionals (mode == "nix-darwin") [ ./darwin.nix ] 10 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 11 | } 12 | -------------------------------------------------------------------------------- /profiles/server/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | soxincfg, 3 | lib, 4 | mode, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) 10 | mkDefault 11 | mkEnableOption 12 | mkIf 13 | optionalAttrs 14 | optionals 15 | ; 16 | in 17 | { 18 | imports = 19 | [ soxincfg.nixosModules.profiles.neovim ] 20 | ++ optionals (mode == "NixOS") [ ./nixos.nix ] 21 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 22 | 23 | config = { 24 | soxin = { 25 | hardware = { 26 | fwupd.enable = true; 27 | }; 28 | 29 | services = { 30 | openssh.enable = true; 31 | }; 32 | 33 | virtualisation = { 34 | docker.enable = true; 35 | }; 36 | }; 37 | 38 | soxincfg = { 39 | programs = { 40 | fzf.enable = true; 41 | git.enable = true; 42 | mosh.enable = true; 43 | ssh.enable = true; 44 | starship.enable = true; 45 | tmux.enable = true; 46 | zsh.enable = true; 47 | }; 48 | 49 | settings = { 50 | nix.distributed-builds.enable = true; 51 | }; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /profiles/server/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) optionals; 10 | in 11 | { 12 | # programs 13 | programs.bat.enable = true; 14 | programs.direnv.enable = true; 15 | 16 | # files 17 | home.file = { 18 | ".npmrc".text = "prefix=${config.home.homeDirectory}/.filesystem"; 19 | }; 20 | 21 | home.packages = 22 | with pkgs; 23 | [ 24 | amazon-ecr-credential-helper 25 | binutils # for strings 26 | dnsutils # for dig 27 | screen 28 | docker-credential-gcr 29 | duf # du replacement on steroids 30 | ncdu 31 | file 32 | fx # JSON viewer 33 | gdb 34 | gh 35 | gist 36 | git-quick-stats 37 | gnupg 38 | jq 39 | killall 40 | lf # curses-based file manager 41 | mercurial 42 | nix-index 43 | nixpkgs-review 44 | nix-zsh-completions 45 | unzip 46 | ] 47 | ++ (optionals stdenv.isLinux [ 48 | # 49 | # Linux applications 50 | # 51 | 52 | glances 53 | gotop 54 | ]); 55 | } 56 | -------------------------------------------------------------------------------- /profiles/server/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) singleton; 10 | in 11 | { 12 | environment.homeBinInPath = true; 13 | 14 | # Feed the kernel some entropy 15 | services.haveged.enable = true; 16 | 17 | # Enable TailScale for zero-config VPN service. 18 | services.tailscale.enable = true; 19 | 20 | # Setup my keyboard layout 21 | soxin.settings.keyboard = { 22 | layouts = [ 23 | { 24 | console = { 25 | keyMap = "colemak"; 26 | }; 27 | } 28 | ]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /profiles/workstation/chromeos/default.nix: -------------------------------------------------------------------------------- 1 | { local = import ./local; } 2 | -------------------------------------------------------------------------------- /profiles/workstation/chromeos/local/home.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /profiles/workstation/common/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | ... 5 | }: 6 | 7 | let 8 | inherit (lib) optionals; 9 | in 10 | { 11 | imports = 12 | optionals (mode == "NixOS") [ ./nixos.nix ] 13 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 14 | } 15 | -------------------------------------------------------------------------------- /profiles/workstation/common/home-kubernetes-client.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | ... 4 | }: 5 | 6 | { 7 | home.packages = [ 8 | pkgs.argocd 9 | pkgs.k9s 10 | pkgs.kubecolor 11 | pkgs.kubeconform 12 | pkgs.kubectl 13 | pkgs.kubectl-tree 14 | pkgs.kubectx 15 | pkgs.kubernetes-helm 16 | pkgs.kubeseal 17 | pkgs.kubespy 18 | pkgs.kubetail 19 | pkgs.kubeval 20 | pkgs.kustomize 21 | ]; 22 | 23 | programs.zsh.shellAliases = { 24 | kc = "kubecolor"; 25 | kcc = "kubectx"; 26 | kcn = "kubens"; 27 | ks = "kubeseal"; 28 | kt = "kubetail"; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /profiles/workstation/common/nixos.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /profiles/workstation/darwin/default.nix: -------------------------------------------------------------------------------- 1 | { local = import ./local; } 2 | -------------------------------------------------------------------------------- /profiles/workstation/darwin/local/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | soxincfg, 5 | ... 6 | }: 7 | 8 | { 9 | imports = [ 10 | soxincfg.nixosModules.profiles.neovim 11 | soxincfg.nixosModules.profiles.workstation.common 12 | ]; 13 | 14 | home.activation.screenshots-directory = lib.hm.dag.entryAnywhere '' 15 | mkdir -p ${config.home.homeDirectory}/Pictures/Screenshots 16 | ''; 17 | 18 | } 19 | -------------------------------------------------------------------------------- /profiles/workstation/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | chromeos = import ./chromeos; 3 | common = import ./common; 4 | darwin = import ./darwin; 5 | linux = import ./linux; 6 | nixos = import ./nixos; 7 | qubes = import ./qubes; 8 | } 9 | -------------------------------------------------------------------------------- /profiles/workstation/linux/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | local = import ./local; 3 | remote = import ./remote; 4 | } 5 | -------------------------------------------------------------------------------- /profiles/workstation/linux/local/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | home-manager, 4 | lib, 5 | mode, 6 | soxincfg, 7 | ... 8 | }: 9 | 10 | let 11 | inherit (lib) optionals; 12 | in 13 | { 14 | imports = [ 15 | soxincfg.nixosModules.profiles.neovim 16 | #soxincfg.nixosModules.profiles.workstation.common 17 | ] ++ optionals (mode == "home-manager") [ ./home.nix ]; 18 | 19 | soxin = { 20 | hardware = { 21 | # yubikey.enable = true; 22 | }; 23 | 24 | programs = { 25 | less.enable = true; 26 | }; 27 | }; 28 | 29 | soxincfg = { 30 | programs = { 31 | dbeaver.enable = true; 32 | fzf.enable = true; 33 | git.enable = true; 34 | mosh.enable = true; 35 | pet.enable = true; 36 | ssh.enable = true; 37 | starship.enable = true; 38 | tmux.enable = true; 39 | zsh.enable = true; 40 | }; 41 | 42 | settings = { 43 | nix.distributed-builds.enable = true; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /profiles/workstation/linux/local/home.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /profiles/workstation/linux/remote/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | soxincfg, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) optionals; 10 | in 11 | { 12 | imports = [ 13 | soxincfg.nixosModules.profiles.neovim 14 | ] ++ optionals (mode == "home-manager") [ ./home.nix ]; 15 | 16 | config = { 17 | soxin = { 18 | programs = { 19 | less.enable = true; 20 | }; 21 | }; 22 | 23 | soxincfg = { 24 | programs = { 25 | fzf.enable = true; 26 | git.enable = true; 27 | pet.enable = true; 28 | ssh.enable = true; 29 | starship.enable = true; 30 | tmux.enable = true; 31 | zsh.enable = true; 32 | }; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /profiles/workstation/linux/remote/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: 6 | 7 | { 8 | imports = [ 9 | ../../common/home-kubernetes-client.nix 10 | ]; 11 | 12 | config = { 13 | # programs 14 | programs.bat.enable = true; 15 | programs.direnv.enable = true; 16 | 17 | # files 18 | home.file = { 19 | ".npmrc".text = "prefix=${config.home.homeDirectory}/.filesystem"; 20 | }; 21 | 22 | home.packages = with pkgs; [ 23 | _2048-in-terminal 24 | amazon-ecr-credential-helper 25 | awscli2 26 | binutils # for strings 27 | bitwarden-cli 28 | colordiff 29 | devbox 30 | dnsutils # for dig 31 | docker-credential-gcr 32 | duf # du replacement on steroids 33 | esptool 34 | file 35 | fx # JSON viewer 36 | gdb 37 | gh # GitHub command line client 38 | gist 39 | gnugrep 40 | hexyl # hex viewer with nice colors 41 | imagemagick # for convert 42 | inetutils # for telnet 43 | jq 44 | mbuffer # memory buffer within pipeline 45 | mercurial 46 | nix-index 47 | nixpkgs-review 48 | nix-zsh-completions 49 | nur.repos.kalbasit.swm 50 | pv # generic progress of data through a pipeline 51 | scrcpy # mirror Android device via USB 52 | screen # needed to open up terminal devices 53 | sqlitebrowser # graphical sqlite3 client 54 | unzip 55 | ]; 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | local = import ./local; 3 | remote = import ./remote; 4 | vm-guest = import ./vm-guest; 5 | } 6 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/local/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | services = { 3 | clipmenu.enable = true; 4 | flameshot.enable = true; 5 | betterlockscreen = { 6 | enable = true; 7 | inactiveInterval = 5; 8 | arguments = [ "--show-layout" ]; 9 | }; 10 | 11 | screen-locker = { 12 | enable = true; 13 | xss-lock = { 14 | screensaverCycle = 300; 15 | }; 16 | xautolock = { 17 | enable = false; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/remote/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | home-manager, 3 | lib, 4 | mode, 5 | soxincfg, 6 | ... 7 | }: 8 | 9 | let 10 | inherit (lib) optionals; 11 | in 12 | { 13 | imports = 14 | [ 15 | soxincfg.nixosModules.profiles.neovim 16 | soxincfg.nixosModules.profiles.workstation.common 17 | ] 18 | ++ optionals (mode == "NixOS") [ ./nixos.nix ] 19 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 20 | 21 | soxin = { 22 | hardware = { 23 | fwupd.enable = true; 24 | }; 25 | 26 | programs = { 27 | keybase = { 28 | enable = true; 29 | enableFs = true; 30 | }; 31 | less.enable = true; 32 | }; 33 | 34 | services = { 35 | openssh.enable = true; 36 | }; 37 | virtualisation = { 38 | docker.enable = true; 39 | }; 40 | }; 41 | 42 | soxincfg = { 43 | programs = { 44 | fzf.enable = true; 45 | git.enable = true; 46 | mosh.enable = true; 47 | pet.enable = true; 48 | ssh.enable = true; 49 | starship.enable = true; 50 | tmux.enable = true; 51 | zsh.enable = true; 52 | }; 53 | 54 | settings = { 55 | nix.distributed-builds.enable = true; 56 | }; 57 | }; 58 | } 59 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/remote/home.nix: -------------------------------------------------------------------------------- 1 | { } 2 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/remote/nixos.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | environment.homeBinInPath = true; 5 | 6 | services = { 7 | eternal-terminal.enable = true; 8 | 9 | # Enable TailScale for zero-config VPN service. 10 | tailscale.enable = true; 11 | 12 | # Allow the forwarding of the GnuPG extra socket. 13 | # https://wiki.gnupg.org/AgentForwarding 14 | openssh.extraConfig = '' 15 | StreamLocalBindUnlink yes 16 | ''; 17 | }; 18 | 19 | # While creating the user runtime directories, create the gnupg directories 20 | # as well if the user is YL. 21 | # This is meant to solve this ssh issue: 22 | # 23 | # > ssh zeus 24 | # Error: remote port forwarding failed for listen path /run/user/2000/gnupg/S.gpg-agent 25 | systemd.services."user-runtime-dir@".serviceConfig.ExecStartPost = 26 | with pkgs; 27 | let 28 | script = writeScript "create-run-user-gnupg.sh" '' 29 | #!${runtimeShell} 30 | set -euo pipefail 31 | 32 | if [[ "$1" != "${builtins.toString config.users.users.yl.uid}" ]]; then exit 0; fi 33 | 34 | mkdir -m 700 /run/user/$1/gnupg 35 | chown $1 /run/user/$1/gnupg 36 | ''; 37 | in 38 | "${script} %i"; 39 | } 40 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/vm-guest/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | soxincfg, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) optionals; 10 | in 11 | { 12 | imports = 13 | [ soxincfg.nixosModules.profiles.neovim ] 14 | ++ optionals (mode == "NixOS") [ ./nixos.nix ] 15 | ++ optionals (mode == "home-manager") [ ./home.nix ]; 16 | 17 | config = { 18 | soxin = { 19 | programs = { 20 | keybase.enable = true; 21 | less.enable = true; 22 | }; 23 | 24 | services = { 25 | openssh.enable = true; 26 | }; 27 | 28 | virtualisation = { 29 | docker.enable = true; 30 | }; 31 | }; 32 | 33 | soxincfg = { 34 | programs = { 35 | fzf.enable = true; 36 | git.enable = true; 37 | pet.enable = true; 38 | ssh.enable = true; 39 | starship.enable = true; 40 | termite.enable = true; 41 | tmux.enable = true; 42 | zsh.enable = true; 43 | }; 44 | 45 | settings = { 46 | fonts.enable = true; 47 | gtk.enable = true; 48 | }; 49 | }; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/vm-guest/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: 6 | 7 | { 8 | imports = [ ../../common/home-kubernetes-client.nix ]; 9 | 10 | # programs 11 | programs.bat.enable = true; 12 | programs.direnv.enable = true; 13 | 14 | # files 15 | home.file = { 16 | ".npmrc".text = "prefix=${config.home.homeDirectory}/.filesystem"; 17 | }; 18 | 19 | home.packages = with pkgs; [ 20 | amazon-ecr-credential-helper 21 | awscli2 22 | binutils # for strings 23 | # TODO: build is failing on darwin because the dependency python3.11-agate-dbf-0.2.3 is failing. 24 | #csvkit 25 | colordiff 26 | docker-credential-gcr 27 | duf # du replacement on steroids 28 | file 29 | fx # JSON viewer 30 | gh # GitHub command line client 31 | gist 32 | git-quick-stats 33 | gnugrep 34 | gnupg 35 | go 36 | graphite-cli 37 | hexyl # hex viewer with nice colors 38 | imagemagick # for convert 39 | inetutils # for telnet 40 | jq 41 | killall 42 | lazygit 43 | lf # curses-based file manager 44 | mercurial 45 | nix-index 46 | nixpkgs-review 47 | nix-zsh-completions 48 | nixos-generators 49 | nur.repos.kalbasit.nixify 50 | nur.repos.kalbasit.swm 51 | pv # generic progress of data through a pipeline 52 | signal-cli 53 | unzip 54 | xsel 55 | 56 | # 57 | # Linux applications 58 | # 59 | 60 | bitwarden-cli 61 | # TODO: Re-enable once it builds again. It depends on libarcus and it has been marked as broken. 62 | # cura # slicing software for 3d printers 63 | dnsutils # for dig 64 | gdb 65 | glances 66 | gotop 67 | mbuffer # memory buffer within pipeline 68 | remmina 69 | ]; 70 | } 71 | -------------------------------------------------------------------------------- /profiles/workstation/nixos/vm-guest/nixos.nix: -------------------------------------------------------------------------------- 1 | { 2 | environment.homeBinInPath = true; 3 | 4 | services = { 5 | qemuGuest.enable = true; 6 | 7 | # Feed the kernel some entropy 8 | haveged.enable = true; 9 | 10 | xserver = { 11 | enable = true; 12 | displayManager.gdm.enable = true; 13 | desktopManager.gnome.enable = true; 14 | }; 15 | }; 16 | 17 | # Enable dconf required by most guis 18 | programs.dconf.enable = true; 19 | } 20 | -------------------------------------------------------------------------------- /profiles/workstation/qubes/default.nix: -------------------------------------------------------------------------------- 1 | { local = import ./local; } 2 | -------------------------------------------------------------------------------- /profiles/workstation/qubes/local/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | mode, 4 | soxincfg, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) optionals; 10 | in 11 | { 12 | imports = [ 13 | soxincfg.nixosModules.profiles.neovim 14 | ] ++ optionals (mode == "home-manager") [ ./home.nix ]; 15 | 16 | config = { 17 | soxin = { 18 | programs = { 19 | git = { 20 | signing = { 21 | key = "wael.nasreddine@gmail.com"; 22 | signByDefault = true; 23 | }; 24 | }; 25 | less.enable = true; 26 | }; 27 | }; 28 | 29 | soxincfg = { 30 | programs = { 31 | fzf.enable = true; 32 | git.enable = true; 33 | pet.enable = true; 34 | ssh.enable = true; 35 | starship.enable = true; 36 | tmux.enable = true; 37 | zsh.enable = true; 38 | }; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /profiles/workstation/qubes/local/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | ... 6 | }: 7 | 8 | let 9 | inherit (lib) optionals; 10 | in 11 | { 12 | imports = [ 13 | ../../common/home-kubernetes-client.nix 14 | ./split-ssh.nix 15 | ]; 16 | 17 | config = { 18 | sops.gnupg.qubes-split-gpg = { 19 | enable = true; 20 | domain = "vault-gpg"; 21 | }; 22 | 23 | # programs 24 | programs.bat.enable = true; 25 | programs.direnv.enable = true; 26 | 27 | # files 28 | home.file = { 29 | ".npmrc".text = "prefix=${config.home.homeDirectory}/.filesystem"; 30 | }; 31 | 32 | home.packages = with pkgs; [ 33 | _2048-in-terminal 34 | amazon-ecr-credential-helper 35 | awscli2 36 | binutils # for strings 37 | bitwarden-cli 38 | devbox 39 | dnsutils # for dig 40 | docker-credential-gcr 41 | duf # du replacement on steroids 42 | esptool 43 | file 44 | fx # JSON viewer 45 | gdb 46 | gh # GitHub command line client 47 | gist 48 | gnugrep 49 | hexyl # hex viewer with nice colors 50 | imagemagick # for convert 51 | inetutils # for telnet 52 | jq 53 | mbuffer # memory buffer within pipeline 54 | mercurial 55 | nix-index 56 | nixpkgs-review 57 | nix-zsh-completions 58 | nur.repos.kalbasit.swm 59 | pv # generic progress of data through a pipeline 60 | scrcpy # mirror Android device via USB 61 | screen # needed to open up terminal devices 62 | sqlitebrowser # graphical sqlite3 client 63 | unzip 64 | ]; 65 | }; 66 | } 67 | -------------------------------------------------------------------------------- /profiles/workstation/qubes/local/split-ssh.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | home.file = { 5 | ".npmrc".text = "prefix=${config.home.homeDirectory}/.filesystem"; 6 | 7 | # xinit will start an ssh-agent overshadowing the agent I created for qubes 8 | ".profile".text = "export SSH_AUTH_SOCK=/run/user/$(id -u)/qubes-ssh-agent.socket"; 9 | }; 10 | 11 | systemd.user.services.qubes-ssh-agent = { 12 | Unit = { 13 | Description = "Split SSH Agent Socket for Vault SSH"; 14 | }; 15 | 16 | Service = { 17 | ExecStart = '' 18 | ${pkgs.socat}/bin/socat -d -d "UNIX-LISTEN:%t/qubes-ssh-agent.socket,mode=600,fork,unlink-early" "EXEC:qrexec-client-vm vault qubes.SshAgent" 19 | ''; 20 | Restart = "always"; 21 | }; 22 | 23 | Install = { 24 | WantedBy = [ "default.target" ]; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /scripts/hm-generation.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | readonly here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 6 | readonly root="$( cd "${here}/.." && pwd )" 7 | 8 | if [[ "${#}" -ne 1 ]]; then 9 | echo "USAGE: $0 " 10 | exit 1 11 | fi 12 | 13 | readonly userName="${1}" 14 | 15 | isDarwin() { 16 | local os="$(uname -s)" 17 | [[ "${os}" == "Darwin" ]] 18 | } 19 | 20 | isLinux() { 21 | local os="$(uname -s)" 22 | [[ "${os}" == "Linux" ]] 23 | } 24 | 25 | if isLinux; then 26 | readonly homeManagerService="result/etc/systemd/system/home-manager-${userName}.service" 27 | 28 | if ! [[ -f "${homeManagerService}" ]]; then 29 | echo "ERR: ${homeManagerService} does not exist" 30 | exit 1 31 | fi 32 | 33 | awk '/ExecStart=/ {print $2}' "${homeManagerService}" 34 | elif isDarwin; then 35 | readonly activation_user="$(awk "/activation-$userName/ {print \$5}" result/activate)" 36 | readonly activate="$(awk '/exec/ {print $2}' "$activation_user")" 37 | dirname "$activate" 38 | else 39 | >&2 echo "OS is not supported" 40 | exit 1 41 | fi 42 | -------------------------------------------------------------------------------- /scripts/qube/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | root_dir="$(cd -- "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" 6 | readonly root_dir 7 | 8 | if [[ "$#" -ne 1 ]] 9 | then 10 | echo "USAGE: $0 " >&2 11 | exit 1 12 | fi 13 | 14 | host="$1" 15 | readonly host 16 | 17 | nom build ".#homeConfigurations.${host}.activationPackage" 18 | -------------------------------------------------------------------------------- /scripts/qube/update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | root_dir="$(cd -- "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" 6 | readonly root_dir 7 | 8 | if [[ "$#" -ne 1 ]] 9 | then 10 | echo "USAGE: $0 " >&2 11 | exit 1 12 | fi 13 | 14 | host="$1" 15 | readonly host 16 | 17 | hm_generation="$(nom build --print-out-paths ".#homeConfigurations.${host}.activationPackage")" 18 | readonly hm_generation 19 | 20 | echo "Install the hm generation link and the installation script" 21 | sudo ln -nsf "$hm_generation" /user-hm-generation 22 | sudo cp "$root_dir/scripts/qube/user-hm-generation.sh" /user-hm-generation.sh 23 | sudo chmod +x /user-hm-generation.sh 24 | 25 | echo "Deploy the systemd service" 26 | sudo cp "$root_dir/scripts/qube/user-hm-generation.service" /etc/systemd/system 27 | sudo systemctl daemon-reload 28 | sudo systemctl enable user-hm-generation.service 29 | 30 | echo "Starting the systemd service" 31 | sudo systemctl start user-hm-generation.service 32 | 33 | echo "Show the status" 34 | systemctl status user-hm-generation.service 35 | -------------------------------------------------------------------------------- /scripts/qube/user-hm-generation.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Activate user home generation 3 | After=qubes-early-vm-config.service 4 | Requires=nix-daemon.socket 5 | 6 | [Service] 7 | Type=oneshot 8 | User=user 9 | ExecStart=/user-hm-generation.sh 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /scripts/qube/user-hm-generation.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ "$(id -u)" -ne "$(id -u user)" ]] 4 | then 5 | echo "You must run this script under the user 'user'" >&2 6 | exit 1 7 | fi 8 | 9 | if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then 10 | . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' 11 | fi 12 | 13 | if [[ -d /home/user/.local/state/nix/profiles ]] && 14 | [[ "$(find /home/user/.local/state/nix/profiles/ -xtype l | wc -l)" -gt 0 ]] 15 | then 16 | echo "Found dead profile links that will break home-manager activation, going to remove all profiles" 17 | rm -rf /home/user/.local/state/nix/profiles 18 | fi 19 | 20 | /bin/bash /user-hm-generation/activate 21 | -------------------------------------------------------------------------------- /scripts/soxin.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | readonly soxin_path="$(readlink -f ../../SoxinOS/soxin)" 6 | 7 | if [[ ! -d "$soxin_path" ]]; then 8 | >&2 echo "ERR: $soxin_path does not exist. Did you create the project?" 9 | exit 1 10 | fi 11 | 12 | ln -nsf "$soxin_path" soxin 13 | nix flake lock --override-input soxin "path:$soxin_path" 14 | -------------------------------------------------------------------------------- /scripts/update-keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | readonly root_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd )" 5 | 6 | if [[ ! -v IN_NIX_SHELL ]]; then 7 | >&2 echo "FATAL: You must run this from within soxincfg devShell. TIP: Use Direnv to automatically load it for you." 8 | exit 1 9 | fi 10 | 11 | cd "$root_dir" 12 | 13 | find . \( \( -name '*.sops.yaml' -or -name '*.sops.yml' -or -name '*.sops.json' -or -name '*.sops' \) -and -not \( -name '.sops.yaml' \) \) -print0 | 14 | xargs -0L1 sops updatekeys --yes 15 | 16 | -------------------------------------------------------------------------------- /vars/assets/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | } 3 | -------------------------------------------------------------------------------- /vars/default.nix: -------------------------------------------------------------------------------- 1 | inputs: 2 | 3 | { 4 | users = import ./users; 5 | assets = import ./assets; 6 | } 7 | -------------------------------------------------------------------------------- /vars/sops-keys/hosts/hades.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEADV/u1fcWhq1ar5H64ORfc1cpVh/DkA8gb7BMbec2OzuWU5m/Nk 4 | fqH0FL6SGEhSyrtE3dHrJm887xxDprf0FzTNNuWn2Qm1ZMKr217ZuEeIhVVU8FWP 5 | LJ49bOZbIxyyV4xDZ5Bdw2s9hYGr3ml33peR6jTWLcB5USyDzyDzxQ0ww8H/Y2Zt 6 | hxLv9a07fXuZS9N3lRmIfOfiWVsEibMyQfCGXN6PCVK6333pHUyIBVgPcMFnYMAc 7 | 5iyDzxQ93HffWDYxwuDT4ZtcqrAKrQsyBOoZdBc3/+tDR4Wz6nEXq+2Q/2Z4PpBf 8 | QYd88IKzcn3eVJ1pcIidunSTC+eHF3tNpe5Pj4XW35M+inMAM6p24PIWTCQbvkSJ 9 | ECxlfbqe1AnIpDFAqOGKLNn0fZLdNEtQpNWDsqc+qZd6cXLbPIySfiKww34NIY9Y 10 | 5i4SY3Fvpc9hfh4hQqWnYI2R6FHdQDHb98bonQUajyavPiJ/m/mLQpmJV6ASye27 11 | Q6pAI+DkRa5v6sqzSYPEf0xpLreWOL1DcUUPOj3srfUXRbR+eYBclPXPZPJMQhRe 12 | kEKRpeGXTJr4oU0RIfUwMXIJXOoztJiygVbHUxRzomIMBlTffvc4+3C/tqQAxoPj 13 | kBodDE//49SIkbfXmeXuqVc/ZCSoO+C3312OCCb4lEBRA0jPJ+MT0qi0TwARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQyD3/11F533YCGw8CGQEAAHWPEACcTmxGKEqSo6Qxx882xGDz 16 | J9KGAGhcG9s2jUOZ4vqM+uOXWNdJlv7gL3ScGLIQpsP8iGX0FCeLIR9aJqGJX2jY 17 | ikESE6Dg05O5Zawk1Pz7LemJvAEHuBCR0ZOKLYM0B8bvFOQWlpm14bvt2jpmo2S8 18 | HHjPl1xdUBCvPFeYcxSnICTnaYPm2zSwqnLaLVDwZsFRQK5Iw4FQ5ujMDcGiYkeC 19 | fZNWUDB3qQtE/VstVaHTqgw1kesszZphbBPVHH0QIJx2NZlbcpV4HelnVnWpfn/f 20 | mJW6W1bb7y5Q6bumzY0pVXvmTNmAoUCKPlPxccBRwQLN08RNa1j2XbP7sZ9FkCg9 21 | 8mlqYW/EZUAhkEXhyOgIUsESFATL5m1TRCzeLhIOJhV3ZkZzmhVtDWnvAMwaWN2d 22 | tWZB0d3So/VT6wSXH4ML6UXuE2Rr6KewFXUSAzG1nYHOAvgMWHqqjACe5V06/2Fw 23 | A2bjwqzbdyuKiR0fqeXya5mnKfusP+aeyZm8XX5SCCL2RFpe72B1Vx53/yGRzeJx 24 | IQ8cJJuZXDdfSqffWxZXAScxfn7Ep5HpyiQUiig69+yk7FE81BrRv9lNK+be3Rbe 25 | +kwOkoCHhW6YR0tvYon9YABTXzTWaiEbBJ3Rs26MqC3EN+AqIJcEy4zu5WTN55On 26 | h7m0aZ1njZO9/pNBUfLoDA== 27 | =Zqmj 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/kore.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEAC5SGHQgvxRdmhqqI7SKLgbfbX36QV2nhy3xF0j3WzcCxIeX0ZH 4 | IMQAn7L1hJ1IBJbnWxNiqnHba6hwRswdeGjnU/HnLUWcEoraOm1jzfuGj+hQHnNt 5 | JYb2LihpNXA4fhU6JA3b243e+mjeXj3rjNsyNb2nKc5jx/mU0htpDXHT2aiZZ8MU 6 | yZlyewtJYudBTCoOxY4EROR1EuHWfugMnjuN6zZZI8o/NrWLXTkD8zh8WVQu3TM7 7 | Gwpdf7rPQvMWflav7dUNeD2QhLjRZpu6jNtRXYi1XouamacRomLZWcIULwAbnZSj 8 | m/gZhOw5i48zzJXZ7r/0bTLs+vkyXyxqCUiLcQVMZ8e+ZK0zofFf3gfW3AT1DRV+ 9 | /RidaIe/cP5jyg6dObi+FPz6UKFJfjhb6hmLOpjhem/fB/C5y9CALVpE4Vm0G5dG 10 | GpHn/B8ySfHmWr+3/Qxt9zh3PcV+VXDMM4OiNLiqc2aaKldG51gRql6DprBX3c3L 11 | QHPXnXMnhSZPkBRkKDJoSJ6SxagRXieDxxa9Rrv1grRYbXN2/PV7YD6aYz573cHF 12 | Suk+SDbJUK1GQRAfORFnkNyDGCFBo1DfHr+cawNMq9yvxnctOZDdlYkcFQwYcl1l 13 | DmADcAE6U33hCqPAU9PZ/bpdhAZ1PCs1tzbMCa51/mJY7qMaqlPz+UxEAQARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQ9dw5+w0amR0CGw8CGQEAAGtgEABAqXMg/8DpbejjobGx2OqE 16 | smy4yReOpdHWEpPvuhp2Fw2KrB3nYt6k/Re7HfnnKR9+da8GFaDmpHPWwPgHal13 17 | +dFjHqRIY/FOeNL+cTY8dC5/bnCqMRL0aNrOhzrtqRSMHxdpEGa/0u/HKRqaBaUK 18 | dZyV7e+NCvbcQoc7kLVCpT80k1gI4Qj8Oa3q76kU18cdpSFJVG2pS9SsdtHlCRWy 19 | GeuVYSGO9CoqWQW32k/xLdbzv89yAD8u6OQrUuhYGTLo+EzrVx3sJ62F3xnv3IOh 20 | ibpUi3GJ/+NkcjOwvBgQ4sQdfqMfPUjaqOEP1ALPNIHrctgiJC2AjDblckk32DtL 21 | NRHhv324vaPfLMDR1DW4lpS1PeIsnj6ffxq/FfrT4OXw52CEazcN3gxwR5Ri4CQL 22 | f++/+RXrCWsXzcn46/D7aMk79nzGTMPpNOUy52vUI67/MVFyCELZKxs0Jq7R13FY 23 | GkuDM4fjRJRfx6EsVZpzJS/ZyPvYT+YvvR9AioegX1JoNYWN/abKNHe6Zwk1RsGf 24 | F+TXpXSS3dKBsq5Z+WicT7Zu0lra6aGKbIFv/mFRL2HlfV2x0N90fKjVYfIshPzn 25 | FtNvASeVFIT2qea+7p0ebRnmHs4a9c6oDQ9hl9UR8wG3FsBjYBmAWdFrcK1m7QdE 26 | xbccnKtetlXVgiHyJHj1+Q== 27 | =lAiK 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/laptop-server-x86-1.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEAC+1w3jd5P1yqJWbW2jUckoH4XxiOx9B3mlOOJMELFBsC2ablbu 4 | 6a35PhZr3IsG7xaeOS7VwOVfs/Mla2cGlvLHxX/+MMg6T+WHPSTJTCP2zxWzI2IQ 5 | QKJ/ktnjccq8/dRAHuHZX71R9y7yHwpc+v75m3rcUX+boaL18cSBu/sUgfhOXyYM 6 | dteDzeCNH0wcNQkFF0pwp1P8ihHRdbYJutV/vyh+AQR0my0RRloI1JFTlwkp3pgf 7 | SKVQzVqNP+ojCFvP1epd8CBA6BOcCUweYnNsfXFmcuUipUK19OtGUS/SuhuQEoi8 8 | VbfYyd3vT2gLH3RWguU60EJXHz3QhZcZV3kiN9QcH23tqq3QeOu+1pzOb4d2vCcK 9 | V3+6Knur908LW4G5NLGsT8kL0C0gf4h+5CXAurrQqB3CtO+NFF70leHCxMUf76i0 10 | Njy6SjUeQ0TGPiDxzD5zPqDDqfr0lgixxLDlrmyxWVDxQs6H+vH//LFtUid0tqUK 11 | mtvgwfi3a9HPquEQTPk2M9V8jfpoYVSA4cyoATI9YgRlTgd6JnVR5TNXU9YCNqO3 12 | EWVlIos72fRaTxm6xVtCcE4VX0P9sRwYOjbLyTBTAjH77GB4nxnxIl2vEWKKjQNt 13 | WjypFIi2ejLtWBmLNH23Od/yflHPp6EDHqPX03rVw4hD/UT96gym9hKSDQARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQt7MVz2FB/m8CGw8CGQEAAFOaEABaDtSayfLrIC1E8Dlek9g4 16 | xH2hYuJppvpe4Ldt34YpXMrVJFZWwn4hAMDC1jgIdp5BhPmhXm75NHA8+TafgCSe 17 | u7kDghRF6i49PLJihvXj0PwIakC84ZyNoiDiAEUwT8ueCyg8wtv+pRc4yZgZmrAt 18 | xysZ/UV71mxDsyLrZ6Vn2wsb7tdWRtoph6CESJpMPV+LfjdLlvi5vmxyVk5cMmAt 19 | Z84g+gSTrwPNUlXdGIIarF9bXZmJJdhPIrutZrR4SkAqJXvwSe0BWXlqcSn4LUIr 20 | mu+WnG+ado8ic2vqCaI9CoQ0IY6qWE7h1LpVKgHGSp2h0pYJD0JQhRbwSJ83cGgb 21 | JFvtadiOgpseAC2sUfi58HbglSgsYF7Zs03tWs4CU1imHhOBNcGGOzC5OaCDelWb 22 | EM+15K3RsL5Lq2SxrmNl+8qvD300AVXE4lLnBISoK0w6nB9NQuF+P8RySY/0ojhO 23 | u3R7RmPcWDbO5cWd8PGeKAlfpnUX4rDPGj4J0SRbfwZfy74pj26a71UOaVoIgu7q 24 | 63z+ZOB3sgbPDkPsCELb9ICX04HvJHb4u4CqY0gTSGfgc4v4g4zJ48qIifG9c+ZQ 25 | wS2sCAPEdx+DfF9JOAQ4w4gzQ4BUGIOerY+FJ8YiZA7k1vbFc0lHdm2lIh0CCNPq 26 | 7mZPfKijq+YAb1nuIADRSA== 27 | =U766 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/laptop-server-x86-2.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEACwJ2N7AuCC3HnLmI3dFZYyB38BnhURIE+XELSRvMmsYU1jSb42 4 | nRiNcnPo8sUIzjX08ZJ6a/VYUZD/OCeYEvuxK45CEWaFT6OTQN4I1jOg/9wKP60d 5 | yxy/+VVP8j5GwmlIsof3j/xNVJQw++aGQqam84jVdNdBiJdazz9qTGrMgKeDyxgW 6 | I/8//9dxmy5oGQpEYf7JOOFwcgbUmkXfXQpc2MKEVfGIgwGSt/rpZgZBa6bCYcS4 7 | Ad7keDMAtUJi3iaBvlvKeAIiMMVqqfRvhiIA/uFnvQ67q2UWD1QOAGYaEwDjoTTK 8 | h5ckz2DC48vmpUmNqB376z/oeeqEesqnraGLnKOtOTOY6UOyizJfdxNh2UsBnuhe 9 | y8iNL3AH8NEuA68sjRV0x5tUZU2sUvAYnD9xv8jBgBKc/c/4EypSjZQaKI+3owHj 10 | oKFQnj2uuoaGk+Wx4zeDLZWofBRi5TBCL+9oF0qCGvQ5wJUJtsmogooeULoBzXOC 11 | +tUPGdUyjtrDeONoWP6QenzmmcH+GdSgYMohK717hRF+pDQFquvEonDCo0rd7Rz2 12 | XLnJqik/flQQ94L9IRCFd2ZZqem2zyZgTtuyrZe9BMNynOiqlW7bcq3v943U0RLy 13 | 0L3RKnuVFS3/Age1r6yMrMuQW/L0UZ2oVn9PEJCY6booqoZNPHfKpxX9XwARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQ1xaQ6mfoU8YCGw8CGQEAAEvbEACVkbjRWWrTa/8DlbqZF+wl 16 | N+hWeNCnQ1wkTXvX1jlu3mstBR6PwLQk/1MPm6s0UbMX9T3sXeXZfp1jAsQjVfoN 17 | yVLQ5xwsyepEeAbrYIZPWp0yB2nE36iXZVVa3xne50dAy6rT2KuyX9z9Y23unLxC 18 | VThiF32lA1qSc4pkqdbI/C4yWIaJKSZ8UpdUEsAuurA5IITtJ6nBU1ZsbKjgXYBk 19 | f8/ffzsmQKwdYInZ5LJXR4bB2K0H4g7C1rlI/t//7zwFuO15wIm6Mm3ISRZobRvl 20 | H3RoCLTWHWSYBq1eXPVZPn0l8/MdwApvM55L+vNC4Kw/OBIfaFnaULFXvqLgQTfo 21 | JhBfnBWl1Jqn7KkI3jcyg7WcvoYBhZmh5FcCFCOMaiA3Z4e/UoNN6f+uf7Nw97Rc 22 | 280fT3WxKvuqlLAMsuPLH2Lz6Rz3cBokRAtZaHqmcqcYMbZA5u0eGcWuRwZnb0Vn 23 | dO24+gbh8JH51LbQUmUOIRLOIZGycoap/13xtsEoXQOxblMMUh0/qaAZZ06aNHgt 24 | dUfCfieHcGJ3fS0JZwfRJYDGY4rJoe4qKWt7v/B+kv5oG1Z3NAC3HyvIbdENn03v 25 | fZ8ovan4XqYC2q9A1mOXIn0XXM76YALBpSR1stDxrNPy8EstcA21fhwOWl1wxEBH 26 | T+Ze06qPXO+E2Oz2yrPwIA== 27 | =6tmw 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/laptop-server-x86-3.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEADq0MgDmPjGo3ZeHBvXyhOjNUAPpQm8w9Eg1wwb1QTBaE4zn4Si 4 | h/RsRdPiYwfLfJa70pGHRIC/D/9Y90MSApT0rPWcv7mSn1XPG9s/WaIU+WaRHRgf 5 | KjjOAIPYJWV2u1bDy1hOvzyA8umZMAZKjs5cQ5knfUzdSR4qNo2olSjd8JTTbXI6 6 | MfNgE6LRLjJjNcxp805DQ4QmnBBuUsm2xmxB7A9NW4HBEr3Jd8lm5FJh0UsrNhyh 7 | EY9T3BtBfw58hZ4DQ7vj6O8w8ao/ctH8JXADUvYkkLAr2WCgUgRNTXCwW6lzB7j9 8 | URjErJXdKbwlQT4LdTroo/YeYThLVbtXTwXHzacGZ3CB5UzRo2LCi+m/Tq1TEgtN 9 | ZISizpCV1ccsKSz1/JxBxItGP/BZxqMYVbGj6ms7jYtKVle+uG0QkYzZuEjJvOTz 10 | 4PsZ4/7FnLmkS/SdxkXj2KFcimx4t+77jawunCriKPmXtIEGosgMNQT18AKYpNPy 11 | lxAA+fSt0gC0SYtkNKAV+MU6fC0bQguexldbpc6veupPOr6HATlvubd6kWhhXjQq 12 | P1/cuJ3p6WePuhJ7C8QV40PH9YC3pGFer5TX8f+KpmUo8xCyWhy7//WEmtkJ8Kl6 13 | qsOapZ54T9lJ7pagHjx64YaXM4F3nBHOO+WK9xNvphvb1dhRQ1IPKf7C8wARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQfFVSoEOwG/sCGw8CGQEAAHnkEACmRsi+ndfXo0zAS2NJXveV 16 | xtKVZASiGZzaiXGLo3Mw4J5coGAd6r4U6UbcmEmZkBd29lN1F5+BB9Nc3KNilUmX 17 | U+8/ybVSWAim1GGuBLhTDcRQ/703+QFKp+RI4tUOm0P1hnbsUK5Jb6NMQrbMwgqG 18 | xAHDzZEemBeGvHEXZBr5ldcrMb2AlTiFGIsaShcw1++e6Cg3nGLGnA1HgQXXG8KI 19 | dbRHKqgPFTxOYlVaWa9AT8IKKThSM0/FxQUhSxONv7vQyGep/92kL2U1QvC2lulK 20 | lsbioCtsJff04rC+NhYECHzJv7Dd8Pp8LgRu8aqfq8oDcekGcv4xjbKK5id0o9A0 21 | Pj5NUta4tKvHDcQXjAS3mQR1SdhnDfyS/pKn4SFSfmeYnlUo7vwc82r2fs01I8VY 22 | IiPBozpUtOoAjxRuBokWr8RT4AiEl/LaDJ3rU2derxjE1lwdpDxcAUBsG2VtgjAi 23 | B3+aWcU321PEFa9cwHz5IMC5LI3G4Ew7ILbCO3ezQIRcOroDLhuJ0jqU2fYBDo+R 24 | 2/DF/kkqYanBJuawQqtHalrqfzEes+3wK0YDWtbKsoRkDY7Akta33eAjVRlmJvMs 25 | TRfU8o+3+TSKt1xvfOOuslmguyug6liMA52rnKuJxAS+kBY7MIHqkptV8i/KLomo 26 | l/7ZLfBDf2xFfpYDPz11eA== 27 | =moF+ 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/laptop-server-x86-4.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEADJPTUnFAGnY3r/w6oYmsPEAtBPnVjZgSgn/IrDDGknSl0CQn5b 4 | iGYvP6kCFZ1PWV/d2RYNgU28FdOPOkJrn5lYRyR4W/fKzZH3PoDhCM7WtOlnqIhS 5 | 2vCq2bW/F5eUXiAJKXxuuV3h8sh4eCG9EVXsOcMJHv36D48abCbph+NHrR+HFs6B 6 | JTwIjICGxC7LGvhpA7IsE8FNuWlRaptHjt/ApiDNGIZknPuVaRJEQh5SSu7Wy9LL 7 | iX69afYr1PTn2V+xi8dngkyHPm7Sr+lpqDRk+0rknO9Vfbd9QuOxLt7d2ta/hPqB 8 | qLCzjb3mdiCoLjz4nLwvZDCwFVHIo0T2hSFTt6lnrZGG3PxW3fXzNdO9m06SyXTd 9 | SU58X4/qfgmGcCRwuDsznqC33bxtWFG1qi8WRqiH7auz1gRXwHJ3tt41XadlyGKC 10 | zYXRMOisXEx9xoGSOscq1PeDWflug2EyhlxQlu3VHc/ioB75LwchjyAWRbB1+Rwn 11 | fTxaLMo6pPcA4p92ip1SlOaSPaxYu7mF6GdCIwcjbWFiatk86ZLaL8KJsDOrYcSM 12 | H40K6WP5bA+ko/iO8/OyHBrOLsVPjrVILRbNwGBNPuvNpppQrKhTOys/RT87lGQw 13 | khliQWxYlEHHniWY9YiblF33E9qnQkhex6G/jQlYOvD6P6ipYypGVO0+8QARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQ+63DfqcACf4CGw8CGQEAAHiVEACC/5jR+VuklVbSw1/XEQOv 16 | iFZgvZa8cn6fpTcksTbjEq/bXMMugWDn0K3BXrLHU1EWkX76Gjq6YX1bRl8Ul2tO 17 | K0W/KQKGYSX4k+X55kL3Kn5lm/kYL2jJFyod8B7ksXBVfvvHl2M+l5kTuS0TKTGb 18 | ZnQqrJ7yOgNetCXHOSIQyG36yZW8OC986h7ObZT+Ihh+Npbp3kXcTEEAAylC+RJf 19 | mlJcAiUpyRsCRaKeH9Z68zmMsPhG30z8QDmG3ARF8nEv0IAiscmAc3pune/kwrWu 20 | 3J//AbDc1NHm32kJNCpTqxG/oKi3v3osUwCUi0y1YpQ7NHBrVXmlo/opjH7kJ7n1 21 | JMJsPwnLTtlcbleGx36Q8TPgW4L4AgAuefbzGTSJVgd1/y1/OVBbP23oqzF2MLC0 22 | 4yVpMntPOqoES1BoAAr3zAEqhH/AVS1+rLPw9pd9jKQEVnUPFfEG5oB801L6z6qA 23 | zF2Lba0OTkTOnwYoVW4Wfe5LqDBtBc0vRqOXQT3ZUYfIDAYDq4GzXKkBIVaoQUM/ 24 | bB9eoEAH+8MSE7807RDJd95iKZkquTW95jz7qNZagOfWTt7llpZ5FdjYDNS2ZBht 25 | 19XAHbyqmilvTQSL1iqICO44BsyTntA3uF15THrQfKDeJJfBjUpprKoTLHV3degr 26 | y8VSj5aA/LrdzufV460a7w== 27 | =QBCg 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/prometheus.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEADCiNjL615gTpamP4e1krUDUEdfOP/q4X8wLchHXhfdWJfwSmo9 4 | I/jyl+bckZEQgn2DCr5cV5Tadb012cYP29oJUFS05ST+B3hr31Ro7vSyDiML0Hig 5 | SnsCIrvPttl683ma38jqfJp8yla93EjpMrhwgbtqFj7AzcVlLqMia8sUO57MhS5p 6 | 545rJJUxOndN67MH3Wkbh+yTTjrG31/U9z/erFDKXshvqJLEfupEhF8PHCodui9U 7 | Ogt+CrpdUSnTEjad1aZvm7RU82Jy9oVN3ydOlCUNuH+ar53tJj5rh4+9yfi09mO7 8 | IJEeJcRE+pFp2rUyG0DXgSPpaNXcO46D03c0mbTINGkbnZ7/LEeSqhyQDZjpZu/B 9 | 4QJR0q30wGZwmQcxL2/XByYndBQL/UuVPnJ2hJVtPcDqsiQLYub2IxRunA9SRAgk 10 | yGX0ANAmNMbYPbZMKb9xbMxTJgSUcAc0x05ijiHRkdD7AA72QNh4T1Hx673EAWT9 11 | hJ3RCtxpzLH1QxIhEgnub0reGQyB3e2/wGuhPHJW+7wOlQk7XB7F2isVEQQb/mY3 12 | t/6A1/3YZNIxFbg81b8UcxkJBqZ1C4/qd/fnPJqBYMg6WXfQeM+1hvv9ueyCBWGL 13 | b5s83OFvHuRkQGKoy29hAoPOmy/SOmajyACkfrB+Iz0almRi/tspUc5EQwARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQKVMsAADuAOQCGw8CGQEAAH64EAAsVnjyeBITgjHUpqP8vjK1 16 | 1ioAJYly/bywEhl32gbeE4pDuy3sgOH4hVkc+mL075OnoSavGYsOWgxG0P4miBCA 17 | uPJ/ZglYhNFWenia4xpW0S1wGnQxKp9yQWqaHzFpp1ygNf2ikSWnKrobDP9fjFjw 18 | XCfhG64C338NDdCcTBkj9SRb01TBGnuiz4vxwPlsY0LSCqu27zlcqWrcLKF4Np08 19 | bGeSUlVyhymueA/pwsiZqphvrybhD9OW6sWyBaMdEDwIPZsE2ctD4ZTXa8an/vcn 20 | QncrcpH64cdUt9FE4YlufymB0wSHnPkBWxrHM8mmJ65bAl1FmC3+KCAU3Ja169TA 21 | 58AdPO7OCzhUth5Qw/m/Z3F2/24MVwcg2LlvCeDxMT+wF4VUDLrOE/0Ce6ASGPaJ 22 | hT+Lgj6XkdJKr5D7NrZvIvyPZ1eCz7AoF8iaacrOWeeMsG1IVz6yXLOazc7LmSfo 23 | nzvD3mcROzu1rp97OKnp5fm4QvMXNOUG3KgtLR8YrUxXINhNVcgV4lVx5RhITBFq 24 | K2ng1HxDj/BuAbCkx3cLFgZQZCGu8ozjFzg5PgzMNHCWAw6z7pLJ4vUcy+PPbLI0 25 | TR9Iei0/ujmK5vKLdxP8s23VasrmShoS55CU1Z9RjeRBkRPbFA2QSGyI++uT8d89 26 | Uuy32BvK9zwjFDVNf40wuA== 27 | =oiro 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/sops-keys/hosts/zeus.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | xsFNBAAAAAABEAC6ySm3ZNNmmZFFHfR7VjjYnGQYwmSrh0V9MKfvY96eAM5/NwTo 4 | /f1JAmP8EKfnM0zWU75JdOH6tUAa8a5JCU1VNqIzLjnHLSp6zqo1QDmXRXujWSRJ 5 | Xc6Q2tE8VEkQrOGhUX4RHSsZ1sWQAsRHcVAlznClH4aSjqxcwq2yeU1tqdp6CmYw 6 | +tJc4Xdj8kPZT8cwvyhvCLFg49usvc4i9R3xXVvSKswNlJOq5OJHNS+CiA/50ZkZ 7 | WWHisLjBvxvTb3uvGpgB6mWr7EwndUNGHANRhgDB4JXiKVZGwAZU1wZNX8YgW7Yl 8 | IafZB+noWpUIUmu8e4T7TvoAvuEZLqMrTYF7oZqC0YjzJnAHFyPlgyeDXT/0CeiJ 9 | 36BGeOPN+yskMxP0+LPLCOgyJMGo5awHscAZ3QUbrqBqpIGaxfi9qwjWebSHxxwK 10 | +4U9DaPjTH0uCRfcdZ9ewu4ynUy4QvnWDDNvRY8gUgvdoMp2qhFi3MDxNawPSV0Z 11 | /xwgPRN5A3D4UYE6gmI8Weaqk5oQ8Cs3qn4ojJXZkMxG4sbg7cuwawvcByHNLJAO 12 | 6DSI7M0xVvgPD5/mMxmPWaxc4CdaSGbdHisLWIechzxmtT0NgtddUzEO5LESWxap 13 | AuvluNVQzhZQ0xOHkY+bt8GtBwjkuqN4Umlq+XjnRKpsiX7pJi00YR+mhQARAQAB 14 | zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT 15 | AQgAFgUCAAAAAAkQhfGjZB++/UQCGw8CGQEAADWmEAB3+VJK0RG1RgCveDgjM207 16 | QlZjSXR/bPL8t49ozHna+CYDAvd1XYp4LudddDlbLcakduR4V/onondpksk0uwbN 17 | OKZ1p9XWbTFG5XriAzSQBLu6CMHLSDEi9qlBc3NNdgM8ls8GKseMlhL3dP6OGYqL 18 | dT0UPUfQ5oT9HKMZ1A8lE5iEBF+hY/EExeYL+i9xwIQICUqT1CGLhYf13izQsnjn 19 | Mof2Pc6FqmZY9xJq6+thAVP4O3M6SC3EAX3YQqu/9HJdZJHylVSpWiMH09kz9Qoj 20 | 3Z6ucgSykZ+3XOIWu65U3b97hDP8pTEB/kt+fmAKpCiII9YbTTT8/eXQ9mjCZl2E 21 | C0Tzko6mbxkSTVjHtJiaHn+fWDnGG2iaj7sXCqqtFmMTp95OdIlsBypEXNQVOr7g 22 | /15dUOMftyw4RyOUr+S9t9q0sWAbqjCKuJ7S+QwgJyZ/LTTaHNyW974yQQX//sSK 23 | Ctm09mn6uk594gd8fcLlIKFU9D8VjAkyJ8LqXye/TbQak2JgRbozAGLZbxpcVraN 24 | I7Z9KM/Z8x1OsF65wMjemJNtKQdpHcQ081Lj2xlAsfr45oSPEAolqza3mScmDG13 25 | b5O7WbLSKiIpUWD06TkSQxDwE4Y/XKpS+1Pl7lEti46XK56qTySs9V60dgk6tBpT 26 | 3h5WPLGml8dIVzAjtGSt+Q== 27 | =Txv8 28 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /vars/users/darwin.nix: -------------------------------------------------------------------------------- 1 | userName: 2 | 3 | { 4 | "${userName}" = { 5 | home = "/Users/${userName}"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /vars/users/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | mode, 3 | lib, 4 | userName, 5 | }: 6 | 7 | let 8 | inherit (lib) optionalAttrs; 9 | in 10 | optionalAttrs (mode == "NixOS") (import ./nixos.nix userName) 11 | // optionalAttrs (mode == "nix-darwin") (import ./darwin.nix userName) 12 | --------------------------------------------------------------------------------