├── .envrc ├── .github └── workflows │ ├── flake-update.yml │ └── nodes.yml ├── .gitignore ├── .sops.yaml ├── README.md ├── ci ├── common.nix ├── flake-cron.nix ├── nix.nix ├── nodes.nix ├── packages.nix └── secrets.yaml ├── common ├── home.nix ├── network.nix ├── nix.nix └── overlay.nix ├── darwin ├── common │ ├── docs.nix │ ├── fonts.nix │ ├── gpg.nix │ ├── homebrew.nix │ ├── nix.nix │ ├── overlay.nix │ ├── shell.nix │ ├── system.nix │ └── touchid.nix ├── distributed.nix ├── home.nix ├── orbstack.nix └── packages.nix ├── default.nix ├── flake.lock ├── flake.nix ├── formatter.nix ├── home ├── environments │ ├── darwin │ │ └── konawall.nix │ ├── gnome │ │ ├── dconf.nix │ │ ├── extensions.nix │ │ ├── gtk.nix │ │ ├── konawall.nix │ │ └── ssh.nix │ ├── i3 │ │ ├── catppuccin.nix │ │ ├── conky │ │ │ ├── components.lua │ │ │ ├── conky.conf │ │ │ ├── conky.nix │ │ │ ├── cpu_sct.sh │ │ │ ├── ftcsv.lua │ │ │ ├── kat.lua │ │ │ └── liluat.lua │ │ ├── cursor.nix │ │ ├── dunst.nix │ │ ├── i3.nix │ │ ├── i3status-rust.nix │ │ ├── konawall.nix │ │ ├── konawall.yaml │ │ ├── picom.nix │ │ ├── redshift.nix │ │ └── rofi.nix │ ├── kde │ │ ├── gtk.nix │ │ ├── kde.nix │ │ ├── konawall.nix │ │ └── qt.nix │ ├── sway │ │ ├── barrier.nix │ │ ├── gtk.nix │ │ ├── layout.xkb │ │ ├── mako.nix │ │ ├── sway.nix │ │ ├── waybar.nix │ │ ├── waybar.sass │ │ ├── wofi.nix │ │ ├── wofi.sass │ │ ├── xdg.nix │ │ └── xkb.nix │ └── xfce │ │ ├── gtk.nix │ │ ├── konawall.nix │ │ ├── packages.nix │ │ ├── ssh.nix │ │ └── xfconf.nix ├── profiles │ ├── common │ │ ├── base16.nix │ │ ├── catppuccin.nix │ │ ├── docs.nix │ │ ├── modules.nix │ │ ├── nix.nix │ │ ├── packages.nix │ │ ├── profile-inheritance.nix │ │ ├── sops.nix │ │ └── xdg.nix │ ├── graphical │ │ ├── discord.nix │ │ ├── documents.nix │ │ ├── floorp │ │ │ ├── config.nix │ │ │ ├── containers.nix │ │ │ ├── main.nix │ │ │ ├── mtab.nix │ │ │ ├── tst.nix │ │ │ └── ublock.nix │ │ ├── gpg.nix │ │ ├── media.nix │ │ ├── packages.nix │ │ ├── secrets.yaml │ │ ├── syncplay.nix │ │ ├── vscode.nix │ │ └── wezterm.nix │ ├── neovim │ │ ├── default.nix │ │ ├── init.lua │ │ └── rust.lua │ └── shell │ │ ├── bitw.nix │ │ ├── direnv.nix │ │ ├── eza.nix │ │ ├── fzf.nix │ │ ├── git.nix │ │ ├── inputrc.nix │ │ ├── lc.nix │ │ ├── packages.nix │ │ ├── rink.nix │ │ ├── ssh.nix │ │ ├── starship.nix │ │ ├── tmux.nix │ │ ├── z.nix │ │ └── zsh.nix └── user │ ├── common.nix │ ├── darwin.nix │ ├── data.nix │ ├── default.nix │ ├── home.nix │ └── nixos.nix ├── modules ├── darwin │ └── blank.nix ├── home │ ├── base16.nix │ ├── blank.nix │ ├── disable.nix │ ├── i3.nix │ ├── i3 │ │ ├── functions.nix │ │ └── options.nix │ ├── state.nix │ ├── waybar.nix │ └── zsh.nix ├── nixos │ ├── blank.nix │ ├── mautrix-slack.nix │ └── scalpels.nix └── system │ ├── ci.nix │ ├── deploy.nix │ └── host.nix ├── nixos ├── arc.nix ├── common │ ├── access.nix │ ├── base16.nix │ ├── catppuccin.nix │ ├── console.nix │ ├── disable-documentation.nix │ ├── fonts.nix │ ├── locale.nix │ ├── login-notify.nix │ ├── mutable-users.nix │ ├── nftables.nix │ ├── nix-index.nix │ ├── nix.nix │ ├── packages.nix │ ├── secrets.nix │ ├── secrets.yaml │ ├── ssh.nix │ ├── sudo-nopasswd.nix │ ├── tailscale.nix │ ├── tzupdate.nix │ └── zsh.nix ├── environments │ ├── gnome │ │ ├── dconf.nix │ │ ├── packages.nix │ │ ├── profile-inheritance.nix │ │ └── xserver.nix │ ├── i3 │ │ └── xserver.nix │ ├── kde │ │ ├── dconf.nix │ │ ├── profile-inheritance.nix │ │ └── xserver.nix │ ├── openbox │ │ └── openbox.nix │ ├── sway │ │ ├── profile-inheritance.nix │ │ ├── sway.nix │ │ └── xdg-portals.nix │ └── xfce │ │ └── xfce.nix ├── hardware │ ├── b550m-itx-ac.nix │ ├── framework │ │ ├── boot.nix │ │ ├── fingerprint.nix │ │ ├── framework-icc.icm │ │ └── imports.nix │ ├── oracle_flex.nix │ └── oracle_micro.nix ├── profiles │ ├── bcachefs.nix │ ├── bootable │ │ ├── grub.nix │ │ ├── loader-config-limit.nix │ │ ├── splash.jpg │ │ ├── sysctl.nix │ │ └── tmp.nix │ ├── gaming │ │ ├── lutris.nix │ │ ├── minecraft.nix │ │ ├── parsec.nix │ │ ├── quest.nix │ │ └── steam.nix │ ├── graphical │ │ ├── avahi.nix │ │ ├── dns.nix │ │ ├── fonts.nix │ │ ├── gpg.nix │ │ ├── hardware.nix │ │ ├── infra.nix │ │ ├── kernel.nix │ │ ├── logitech.nix │ │ ├── mounting.nix │ │ ├── mullvad.nix │ │ ├── nfs.nix │ │ ├── packages.nix │ │ ├── pam.nix │ │ ├── profile-inheritance.nix │ │ ├── qt.nix │ │ ├── restic.nix │ │ ├── restic.yaml │ │ └── sound.nix │ ├── laptop │ │ └── cpufreq.nix │ ├── sdr.nix │ ├── secureboot.nix │ ├── server │ │ ├── loader-config-limit.nix │ │ ├── mosh.nix │ │ ├── nix.nix │ │ ├── secrets.yaml │ │ └── tailscale.nix │ ├── uefi.nix │ ├── virtualisation │ │ └── virt-manager.nix │ └── wireless │ │ ├── bluetooth.nix │ │ ├── firewall.nix │ │ └── wifi.nix └── servers │ ├── grafana-stack │ ├── grafana.nix │ ├── nginx.nix │ ├── prometheus.nix │ ├── scalpel.nix │ ├── secrets.nix │ ├── secrets.yaml │ ├── synapse-v2.rules │ └── telegraf.nix │ ├── matrix │ ├── cleanup.nix │ ├── discord.nix │ ├── nginx.nix │ ├── postgres.nix │ ├── restic.nix │ ├── restic.yaml │ ├── scalpel.nix │ ├── secrets.nix │ ├── secrets.yaml │ ├── signal.nix │ ├── signal.yaml │ ├── slack.nix │ ├── slack.yaml │ ├── synapse.nix │ ├── telegram.nix │ ├── telegram.yaml │ ├── whatsapp.nix │ └── whatsapp.yaml │ ├── monica │ ├── monica.nix │ └── secrets.yaml │ ├── postgres.nix │ ├── public-directory.nix │ ├── rustdesk.nix │ ├── thelounge │ ├── nginx.nix │ └── thelounge.nix │ ├── tt-rss │ ├── nginx.nix │ ├── postgres.nix │ └── service.nix │ ├── vaultwarden │ ├── nginx.nix │ ├── postgres.nix │ ├── scalpel.nix │ ├── secrets.yaml │ └── vaultwarden.nix │ ├── web │ ├── acme.nix │ ├── firewall.nix │ ├── nginx.nix │ ├── scalpel.nix │ ├── secrets.nix │ └── secrets.yaml │ └── weechat │ ├── buflist.nix │ ├── init.nix │ ├── irc.nix │ ├── matrix.nix │ ├── nginx.nix │ ├── perl.nix │ ├── python.nix │ ├── secrets.yaml │ ├── urlgrab.nix │ └── weechat.nix ├── outputs.nix ├── overlays.nix ├── packages ├── arcmenu │ ├── default.nix │ └── fix_gmenu.patch ├── chicago95.nix ├── commonalitysol.nix ├── cppyy │ └── default.nix ├── default.nix ├── kwin-blishhud-shader.nix ├── mautrix-slack.nix ├── nf-build-system │ ├── build-system.sh │ └── default.nix ├── nf-update │ ├── default.nix │ └── update.sh ├── outrun.nix ├── questpatcher │ ├── default.nix │ └── deps.nix └── synapse-cleanup │ ├── cleanup.sh │ └── default.nix ├── pkgs.nix ├── shells ├── default.nix ├── nix.nix └── repo.nix ├── std.nix ├── systems ├── daiyousei.nix ├── default.nix ├── fullhome.nix ├── goliath.nix ├── goliath.nix.old ├── koishi.nix ├── mai.nix ├── mei.nix └── renko.nix ├── tf ├── .envrc ├── .gitignore ├── cloudflare-zones.tf ├── cloudflare.tf ├── dork-pages.tf ├── export_oci_ipv4_addresses.sh ├── gmail.tf ├── gmail_dns │ ├── cloudflare_provider.tf │ ├── main.tf │ └── variables.tf ├── inskip-pages.tf ├── kw-bluesky.tf ├── kw-irc.tf ├── kw-mon.tf ├── kw-pages.tf ├── oci_common_private_network.tf ├── oci_common_private_network │ ├── default_route_table.tf │ ├── default_security_list.tf │ ├── firewalling_locals.tf │ ├── internet_gateway.tf │ ├── network_security_group.tf │ ├── providers.tf │ ├── subnet.tf │ └── virtual_cloud_network.tf ├── oci_compartment_bootstrap.tf ├── oci_compartment_bootstrap │ ├── api_key.tf │ ├── compartment.tf │ ├── group.tf │ ├── group_membership.tf │ ├── policy.tf │ ├── providers.tf │ ├── tls.tf │ └── user.tf ├── oci_servers.tf ├── oci_servers │ ├── cloudinit_flex_oracle.yaml │ ├── cloudinit_micro_ubuntu.yaml │ ├── common.tf │ ├── flex.tf │ ├── ipv4.tf │ ├── micro.tf │ ├── providers.tf │ └── vnic.tf ├── old_hcloud │ ├── hcloud-network.tf │ ├── hcloud.tf │ └── yukari-hcloud.tf ├── outputs.tf ├── tailnet-dns.tf ├── tailscale.tf ├── terraform.tf ├── terraform.tfvars.sops └── tf.tfvars ├── tree.nix └── wrappers ├── actions-test.sh ├── default.nix ├── exports.nix ├── generate.sh ├── nf-actions-test.nix └── nf-generate.nix /.envrc: -------------------------------------------------------------------------------- 1 | export REPO_ROOT="$(pwd)" 2 | export REPO_HOSTNAME=$(hostname -s) 3 | use flake 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | venv/ 3 | .direnv/ 4 | result 5 | .DS_Store 6 | /kittywitch 7 | data/ 8 | .terraform 9 | .terraform.lock.hcl 10 | .idea/ 11 | __pycache__/ 12 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | keys: 2 | - &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc 3 | - &mew 65BD3044771CB6FB 4 | - &yukari age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav 5 | - &yukari_kat age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh 6 | - &koishi age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc 7 | - &koishi_kat age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n 8 | - &mei age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5 9 | - &mai age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u 10 | - &daiyousei age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5 11 | - &goliath age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9 12 | - &goliath_kat age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz 13 | creation_rules: 14 | - path_regex: tf/terraform.tfvars.sops$ 15 | shamir_threshold: 1 16 | key_groups: 17 | - pgp: 18 | - *kat 19 | - path_regex: nixos/profiles/[^/]+/.*\.yaml$ 20 | shamir_threshold: 1 21 | key_groups: 22 | - pgp: 23 | - *kat 24 | age: &age_common 25 | - *yukari 26 | - *yukari_kat 27 | - *koishi 28 | - *koishi_kat 29 | - *mei 30 | - *mai 31 | - *daiyousei 32 | - *goliath 33 | - *goliath_kat 34 | - path_regex: ci/.*\.yaml 35 | shamir_threshold: 1 36 | key_groups: 37 | - pgp: 38 | - *kat 39 | age: *age_common 40 | - path_regex: home/[^/]+/.*\.yaml 41 | shamir_threshold: 1 42 | key_groups: 43 | - pgp: 44 | - *kat 45 | age: *age_common 46 | - path_regex: nixos/[^/]+/.*\.yaml 47 | shamir_threshold: 1 48 | key_groups: 49 | - pgp: 50 | - *kat 51 | age: *age_common 52 | - path_regex: nixos/servers/[^/]+/.*\.yaml 53 | shamir_threshold: 1 54 | key_groups: 55 | - pgp: 56 | - *kat 57 | age: *age_common 58 | - path_regex: systems/.*\.yaml$ 59 | shamir_threshold: 1 60 | key_groups: 61 | - pgp: 62 | - *kat 63 | age: *age_common 64 | - path_regex: cluster/cluster.tfvars.sops$ 65 | shamir_threshold: 1 66 | key_groups: 67 | - pgp: 68 | - *kat 69 | - path_regex: tf/tf.tfvars.sops$ 70 | shamir_threshold: 1 71 | key_groups: 72 | - pgp: 73 | - *kat 74 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # kittywitch infrastructure 2 | 3 | This repository is my personal infrastructure repository. It contains the Nix and Terraform I leverage. 4 | 5 | ## Usage 6 | 7 | ```bash 8 | # get the repo shell 9 | nix develop .#repo 10 | 11 | # get the repo shell from outside of the repo 12 | nix develop github:kittywitch/kittywitch#repo 13 | 14 | # use direnv to get the repo shell 15 | direnv allow 16 | 17 | # repl 18 | nix repl . 19 | nix repl 20 | :lf . 21 | 22 | # deploy locally 23 | sudo nixos-rebuild --flake .#$HOST switch --show-trace 24 | 25 | # deploy with deploy-rs (without checks) 26 | deploy-rs -s .#$HOST 27 | 28 | # edit a secret file 29 | sops ./systems/yukari.yaml 30 | 31 | # output a secret file 32 | sops -d ./systems/yukari.yaml 33 | 34 | # plan an apply 35 | cd tf/ 36 | terraform plan 37 | 38 | # update nodes CI 39 | # obtain storepath from nix run github:arcnmx/ci/v0.7 >~< 40 | nix run --argstr config "./ci/nodes.nix" -f "/nix/store/frf40m951652jv6qqkzfhr6n6r332gk9-source" run.gh-actions-generate --show-trace 41 | ``` 42 | -------------------------------------------------------------------------------- /ci/common.nix: -------------------------------------------------------------------------------- 1 | { 2 | channels, 3 | config, 4 | ... 5 | }: { 6 | nixpkgs.args = { 7 | localSystem = "x86_64-linux"; 8 | config = { 9 | allowUnfree = true; 10 | }; 11 | }; 12 | 13 | ci = { 14 | version = "v0.7"; 15 | gh-actions = { 16 | enable = true; 17 | }; 18 | }; 19 | 20 | nix.config.max-silent-time = 60 * 60; 21 | /* 22 | nix.config = { 23 | extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"]; 24 | #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"]; 25 | }; 26 | */ 27 | 28 | channels = { 29 | nixfiles.path = ../.; 30 | std.path = "${channels.nixfiles.inputs.std}"; 31 | nixpkgs.path = "${channels.nixfiles.inputs.nixpkgs}"; 32 | }; 33 | 34 | ci.gh-actions.checkoutOptions = { 35 | submodules = false; 36 | }; 37 | 38 | cache.cachix = { 39 | arc = { 40 | enable = true; 41 | publicKey = "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY="; 42 | signingKey = null; 43 | }; 44 | kittywitch = { 45 | enable = true; 46 | publicKey = "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0="; 47 | signingKey = "mewp"; 48 | }; 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /ci/flake-cron.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | ... 5 | }: 6 | with lib; { 7 | imports = [./common.nix]; 8 | config = { 9 | name = "flake-update"; 10 | 11 | gh-actions = { 12 | env = { 13 | CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; 14 | CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; 15 | DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; 16 | }; 17 | on = let 18 | paths = [ 19 | "default.nix" # sourceCache 20 | "ci/flake-cron.nix" 21 | config.ci.gh-actions.path 22 | ]; 23 | in { 24 | push = { 25 | inherit paths; 26 | }; 27 | pull_request = { 28 | inherit paths; 29 | }; 30 | schedule = [ 31 | { 32 | cron = "0 0 * * *"; 33 | } 34 | ]; 35 | workflow_dispatch = {}; 36 | }; 37 | jobs.flake-update = { 38 | step.flake-update = { 39 | name = "flake update build"; 40 | order = 500; 41 | run = "nix run .#nf-update"; 42 | env = { 43 | CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; 44 | CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; 45 | DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; 46 | NF_UPDATE_GIT_COMMIT = "1"; 47 | NF_UPDATE_CACHIX_PUSH = "1"; 48 | NF_CONFIG_ROOT = "\${{ github.workspace }}"; 49 | }; 50 | }; 51 | }; 52 | }; 53 | 54 | jobs = { 55 | flake-update = {...}: { 56 | imports = [./packages.nix]; 57 | }; 58 | }; 59 | 60 | ci.gh-actions.checkoutOptions = { 61 | fetch-depth = 0; 62 | }; 63 | }; 64 | } 65 | -------------------------------------------------------------------------------- /ci/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | ci = { 3 | workflowConfigs = [ 4 | "nodes.nix" 5 | "flake-cron.nix" 6 | ]; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /ci/packages.nix: -------------------------------------------------------------------------------- 1 | {channels, ...}: let 2 | inherit (channels.nixfiles) legacyPackages; 3 | in { 4 | tasks = { 5 | devShell.inputs = with legacyPackages.x86_64-linux; [ 6 | deploy-rs 7 | terraform 8 | tflint 9 | alejandra 10 | deadnix 11 | statix 12 | cachix 13 | ssh-to-age 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /common/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | tree, 4 | machine, 5 | systemType, 6 | std, 7 | inputs, 8 | nur, 9 | ... 10 | }: let 11 | inherit (std) list; 12 | in { 13 | home-manager = { 14 | useGlobalPkgs = true; 15 | useUserPackages = true; 16 | sharedModules = with tree; 17 | [ 18 | modules.home 19 | ] 20 | ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home; 21 | 22 | users.kat.imports = with tree.home.profiles; [ 23 | common 24 | ]; 25 | 26 | extraSpecialArgs = { 27 | inherit tree machine std inputs nur; 28 | parent = config; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /common/network.nix: -------------------------------------------------------------------------------- 1 | {machine, ...}: { 2 | networking.hostName = machine; 3 | } 4 | -------------------------------------------------------------------------------- /common/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | std, 5 | inputs, 6 | ... 7 | }: let 8 | inherit (std) set list; 9 | inherit (lib.strings) versionAtLeast; 10 | inputs' = set.filter (n: _: !list.elem n ["pypi-deps-db"]) (set.rename "self" "kat" inputs); 11 | in { 12 | nix = { 13 | nixPath = set.mapToValues (name: flake: "${name}=${flake.outPath}") inputs'; 14 | registry = set.map (_: flake: {inherit flake;}) inputs'; 15 | 16 | settings = { 17 | experimental-features = list.optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes"; 18 | substituters = ["https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org"]; 19 | trusted-public-keys = ["arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; 20 | auto-optimise-store = true; 21 | trusted-users = ["root" "@wheel"]; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /common/overlay.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | tree, 4 | ... 5 | }: { 6 | nixpkgs = { 7 | overlays = import tree.overlays {inherit inputs tree;}; 8 | config = { 9 | allowUnfree = true; 10 | permittedInsecurePackages = [ 11 | "olm-3.2.16" 12 | ]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /darwin/common/docs.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | documentation = { 3 | enable = false; 4 | man.enable = false; 5 | info.enable = false; 6 | doc.enable = false; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /darwin/common/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts = { 3 | fontDir.enable = true; 4 | fonts = with pkgs; [ 5 | monaspace 6 | ]; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /darwin/common/gpg.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.gnupg.agent = { 3 | enable = true; 4 | enableSSHSupport = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /darwin/common/homebrew.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | homebrew = { 3 | enable = true; 4 | onActivation = { 5 | upgrade = true; 6 | cleanup = "uninstall"; 7 | }; 8 | brews = [ 9 | "mas" 10 | ]; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /darwin/common/nix.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.nix-daemon.enable = true; 3 | nix = { 4 | extraOptions = '' 5 | extra-platforms = x86_64-darwin aarch64-darwin 6 | builders-use-substitutes = true 7 | build-fallback = true 8 | ''; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /darwin/common/overlay.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | system, 4 | ... 5 | }: { 6 | nixpkgs = { 7 | overlays = [ 8 | inputs.spacebar.overlay.${system} 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /darwin/common/shell.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zsh = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /darwin/common/system.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.activate-system.enable = true; 3 | system = { 4 | defaults = { 5 | SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; 6 | NSGlobalDomain = { 7 | ApplePressAndHoldEnabled = true; 8 | AppleInterfaceStyleSwitchesAutomatically = true; 9 | AppleShowAllFiles = true; 10 | AppleShowAllExtensions = true; 11 | }; 12 | dock = { 13 | autohide = true; 14 | orientation = "left"; 15 | tilesize = 32; 16 | wvous-tl-corner = 1; 17 | wvous-tr-corner = 10; 18 | wvous-bl-corner = 4; 19 | wvous-br-corner = 14; 20 | }; 21 | finder = { 22 | CreateDesktop = false; 23 | ShowPathbar = true; 24 | ShowStatusBar = true; 25 | AppleShowAllFiles = true; 26 | AppleShowAllExtensions = true; 27 | }; 28 | loginwindow = { 29 | GuestEnabled = false; 30 | }; 31 | }; 32 | keyboard = { 33 | enableKeyMapping = true; 34 | remapCapsLockToControl = true; 35 | userKeyMapping = [ 36 | { 37 | HIDKeyboardModifierMappingSrc = 30064771129; 38 | HIDKeyboardModifierMappingDst = 30064771299; 39 | } 40 | ]; 41 | }; 42 | }; 43 | users.users.kat.home = "/Users/kat"; 44 | users.users.root.home = "/var/root"; 45 | } 46 | -------------------------------------------------------------------------------- /darwin/common/touchid.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | security.pam.enableSudoTouchIdAuth = true; 3 | } 4 | -------------------------------------------------------------------------------- /darwin/distributed.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | nix.envVars = { 3 | "SSH_AUTH_SOCK" = "/Users/kat/.gnupg/S.gpg-agent.ssh"; 4 | }; 5 | 6 | launchd.daemons.start_nixos_native = { 7 | serviceConfig = { 8 | ProgramArguments = [ 9 | "/bin/sh" 10 | "-c" 11 | "/bin/wait4path /nix/store && ${pkgs.writeScript "start_nixos_native" '' 12 | /usr/bin/open "utm://start?name=NixOS Native" 13 | ''}" 14 | ]; 15 | Label = "org.kittywitch.start_nixos_native"; 16 | RunAtLoad = true; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /darwin/home.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | inherit (lib.modules) mkForce mkMerge; 7 | in { 8 | services.gpg-agent = { 9 | enable = mkForce false; 10 | pinentryFlavor = null; 11 | }; 12 | 13 | home.file."${config.programs.gpg.homedir}/gpg-agent.conf".text = mkMerge [ 14 | config.services.gpg-agent.extraConfig 15 | "pinentry-program /opt/homebrew/bin/pinentry-mac" 16 | ]; 17 | } 18 | -------------------------------------------------------------------------------- /darwin/orbstack.nix: -------------------------------------------------------------------------------- 1 | { 2 | tree, 3 | std, 4 | ... 5 | }: let 6 | inherit (std) string; 7 | in { 8 | home-manager.users.root.programs.ssh = { 9 | enable = true; 10 | extraConfig = '' 11 | Host orb 12 | HostName 127.0.0.1 13 | Port 32222 14 | User default 15 | IdentityFile /Users/kat/.orbstack/ssh/id_ed25519 16 | ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass 17 | ProxyUseFdpass yes 18 | ''; 19 | }; 20 | 21 | home-manager.users.kat = { 22 | home.file = { 23 | ".orbstack/ssh/authorized_keys".text = 24 | (string.concatSep "\n" tree.home.user.data.keys) 25 | + '' 26 | 27 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On 28 | ''; 29 | ".ssh/authorized_keys".text = '' 30 | ${string.concatSep "\n" tree.home.user.data.keys} 31 | ''; 32 | }; 33 | programs.ssh = { 34 | enable = true; 35 | extraConfig = '' 36 | Host orb 37 | HostName 127.0.0.1 38 | Port 32222 39 | User default 40 | IdentityFile /Users/kat/.orbstack/ssh/id_ed25519 41 | ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass 42 | ProxyUseFdpass yes 43 | ''; 44 | }; 45 | }; 46 | 47 | nix = { 48 | buildMachines = [ 49 | { 50 | hostName = "nixos@orb"; 51 | system = "aarch64-linux"; 52 | supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; 53 | } 54 | { 55 | hostName = "nixos@orb"; 56 | system = "x86_64-linux"; 57 | supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; 58 | } 59 | ]; 60 | distributedBuilds = true; 61 | extraOptions = '' 62 | builders-use-substitutes = true 63 | ''; 64 | }; 65 | 66 | homebrew = { 67 | casks = [ 68 | "orbstack" 69 | ]; 70 | }; 71 | } 72 | -------------------------------------------------------------------------------- /darwin/packages.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | homebrew = { 3 | brewPrefix = "/opt/homebrew/bin"; 4 | brews = [ 5 | # Security 6 | "gnupg" # GPG 7 | "pinentry-mac" # Pinentry for GPG 8 | 9 | # Utilities 10 | "pandoc" 11 | ]; 12 | casks = [ 13 | # Browsers 14 | "firefox" 15 | "google-chrome" 16 | 17 | # Chat 18 | "signal" 19 | "telegram" 20 | "discord" 21 | "element" 22 | "slack" 23 | "keybase" 24 | 25 | # Media 26 | "spotify" 27 | "deluge" 28 | 29 | # Exocortex 30 | "obsidian" 31 | 32 | # Security 33 | "bitwarden" 34 | "mullvadvpn" 35 | "pycharm-ce" 36 | 37 | # Development Tools 38 | "iterm2" 39 | "cyberduck" 40 | "boop" 41 | 42 | # Utilities 43 | "disk-inventory-x" 44 | "devtoys" 45 | "contexts" 46 | "rectangle" 47 | "syncthing" 48 | "anki" 49 | "bartender" 50 | ]; 51 | 52 | taps = [ 53 | "homebrew/cask-versions" 54 | ]; 55 | masApps = { 56 | # Security 57 | 58 | Tailscale = 1475387142; 59 | # Utilities 60 | Dato = 1470584107; 61 | Lungo = 1263070803; 62 | "Battery Indicator" = 1206020918; 63 | }; 64 | }; 65 | } 66 | -------------------------------------------------------------------------------- /default.nix: -------------------------------------------------------------------------------- 1 | let 2 | lock = builtins.fromJSON (builtins.readFile ./flake.lock); 3 | flakeCompat = fetchTarball { 4 | url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; 5 | sha256 = lock.nodes.flake-compat.locked.narHash; 6 | }; 7 | kittywitch = import flakeCompat { 8 | src = ./.; 9 | }; 10 | in 11 | kittywitch.defaultNix 12 | -------------------------------------------------------------------------------- /formatter.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | inputs.utils.lib.eachDefaultSystem (system: { 7 | ${system} = pkgs.${system}.alejandra; 8 | }) 9 | -------------------------------------------------------------------------------- /home/environments/darwin/konawall.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | inputs, 4 | pkgs, 5 | ... 6 | }: let 7 | konawallConfig = { 8 | interval = 3000; 9 | rotate = true; 10 | source = "konachan"; 11 | tags = [ 12 | "rating:s" 13 | "nobody" 14 | "score:>=50" 15 | "width:>=1500" 16 | ]; 17 | logging = { 18 | file = "INFO"; 19 | console = "DEBUG"; 20 | }; 21 | }; 22 | in { 23 | home.file."Library/Application Support/konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; 24 | 25 | launchd.agents.konawall = { 26 | enable = true; 27 | config = let 28 | konawallInitialize = pkgs.writeScriptBin "konawall-initialize" '' 29 | #!/usr/bin/env bash 30 | set -xeuo pipefail 31 | # get a temporary directory 32 | tmpDir=$(mktemp -d) 33 | # copy the repository to the temporary directory recursively without keeping the permissions from the nix store 34 | ${pkgs.coreutils}/bin/cp -r --no-preserve=mode,ownership "${inputs.konawall-py.outPath}" "$tmpDir/konawall" 35 | # change directory to the copy 36 | cd $tmpDir/konawall 37 | # install the dependencies 38 | ${pkgs.poetry}/bin/poetry install 39 | # run the package 40 | ${pkgs.poetry}/bin/poetry run gui 41 | ''; 42 | in { 43 | # yeah if https://github.com/NixOS/nixpkgs/issues/233265 and https://github.com/NixOS/nixpkgs/issues/101360 44 | # and https://github.com/NixOS/nixpkgs/issues/105156 were ok we might be able to do this 45 | #Program = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; 46 | #ProgramArguments = ["${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"]; 47 | # it's unfortunate that this has to be done this way, for the most part. 48 | ProgramArguments = [ 49 | "/usr/bin/env" 50 | "bash" 51 | "${konawallInitialize}/bin/konawall-initialize" 52 | ]; 53 | RunAtLoad = true; 54 | KeepAlive = true; 55 | }; 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /home/environments/gnome/dconf.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | dconf = { 3 | enable = true; 4 | settings = { 5 | "org/gnome/shell" = { 6 | favorite-apps = [ 7 | "firefox.desktop" 8 | "thunderbird.desktop" 9 | "nheko.desktop" 10 | "discord.desktop" 11 | "signal-desktop.desktop" 12 | "org.telegram.desktop.desktop" 13 | "codium.desktop" 14 | "obsidian.desktop" 15 | "org.wezfurlong.wezterm.desktop" 16 | "spotify.desktop" 17 | "steam.desktop" 18 | "org.gnome.Nautilus.desktop" 19 | "bitwarden.desktop" 20 | ]; 21 | }; 22 | "org/gnome/desktop/interface" = { 23 | color-scheme = "prefer-dark"; 24 | enable-hot-corners = false; 25 | }; 26 | "org/gnome/desktop/wm/preferences" = { 27 | workspace-names = ["Main"]; 28 | resize-with-right-button = true; 29 | }; 30 | "org/gnome/desktop/input-sources" = { 31 | xkb-options = ["terminate:ctrl_alt_bksp" "caps:ctrl_modifier"]; 32 | }; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /home/environments/gnome/extensions.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | dconf = { 3 | settings = { 4 | "org/gnome/shell" = { 5 | disable-user-extensions = false; 6 | 7 | # `gnome-extensions list` for a list 8 | enabled-extensions = [ 9 | "user-theme@gnome-shell-extensions.gcampax.github.com" 10 | "Vitals@CoreCoding.com" 11 | "dash-to-panel@jderose9.github.com" 12 | "space-bar@luchrioh" 13 | "appindicatorsupport@rgcjonas.gmail.com" 14 | "arcmenu@arcmenu.com" 15 | "date-menu-formatter@marcinjakubowski.github.com" 16 | ]; 17 | }; 18 | "org/gnome/shell/extensions/daerte-menu-formatter" = { 19 | pattern = "y-MM-dd HH:mm:ss "; 20 | "font-size" = "12"; 21 | }; 22 | "org/gnome/shell/extensions/vitals" = { 23 | "hot-sensors" = ["_memory_usage_" "_system_load_1m_" "__network-rx_max__" "_temperature_k10temp_tctl_"]; 24 | }; 25 | }; 26 | }; 27 | 28 | home.packages = with pkgs.gnomeExtensions; [ 29 | pkgs.arcmenu 30 | space-bar 31 | user-themes 32 | tray-icons-reloaded 33 | appindicator 34 | caffeine 35 | vitals 36 | dash-to-panel 37 | date-menu-formatter 38 | ]; 39 | } 40 | -------------------------------------------------------------------------------- /home/environments/gnome/gtk.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | gtk = { 3 | enable = true; 4 | iconTheme = { 5 | name = "Numix-Square"; 6 | package = pkgs.numix-icon-theme-square; 7 | }; 8 | 9 | theme = { 10 | name = "Arc-Dark"; 11 | package = pkgs.arc-theme; 12 | }; 13 | 14 | cursorTheme = { 15 | name = "Numix-Cursor"; 16 | package = pkgs.numix-cursor-theme; 17 | }; 18 | }; 19 | 20 | home.sessionVariables.GTK_THEME = "Arc-Dark"; 21 | } 22 | -------------------------------------------------------------------------------- /home/environments/gnome/konawall.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | inputs, 5 | ... 6 | }: let 7 | konawallConfig = { 8 | interval = 30 * 60; 9 | rotate = true; 10 | source = "konachan"; 11 | tags = [ 12 | "rating:s" 13 | "touhou" 14 | "score:>=50" 15 | "width:>=1500" 16 | ]; 17 | logging = { 18 | file = "INFO"; 19 | console = "DEBUG"; 20 | }; 21 | }; 22 | in { 23 | xdg.configFile = { 24 | "konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; 25 | }; 26 | systemd.user.services.konawall-py-gnome = { 27 | Unit = { 28 | Description = "konawall-py"; 29 | X-Restart-Triggers = [(toString config.xdg.configFile."konawall/config.toml".source)]; 30 | After = ["gnome-session.target" "network-online.target"]; 31 | Environment = [ 32 | "PYSTRAY_BACKEND=gtk" 33 | ]; 34 | }; 35 | Service = { 36 | ExecStart = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; 37 | Restart = "on-failure"; 38 | RestartSec = "1s"; 39 | }; 40 | Install = {WantedBy = ["gnome-session.target"];}; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /home/environments/gnome/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: let 6 | inherit (lib.strings) fileContents; 7 | in { 8 | home.sessionVariables.GSM_SKIP_SSH_AGENT_WORKAROUND = "1"; 9 | 10 | # Disable gnome-keyring ssh-agent 11 | xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = '' 12 | ${fileContents "${pkgs.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop"} 13 | Hidden=true 14 | ''; 15 | } 16 | -------------------------------------------------------------------------------- /home/environments/i3/catppuccin.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: let 2 | inherit (config.catppuccin) sources; 3 | inherit (lib) mkBefore; 4 | cfg = config.catppuccin.sway; 5 | theme = "${sources.sway}/catppuccin-${cfg.flavor}"; 6 | in { 7 | xsession.windowManager.i3.extraConfigEarly = '' 8 | ${builtins.readFile theme} 9 | ''; 10 | } 11 | -------------------------------------------------------------------------------- /home/environments/i3/conky/conky.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: { 2 | home.packages = with pkgs; [ 3 | jq 4 | conky 5 | ]; 6 | 7 | xdg.configFile.conky = { 8 | recursive = true; 9 | source = config.lib.file.mkOutOfStoreSymlink ./.; 10 | }; 11 | 12 | systemd.user.services.conky = { 13 | Unit = { 14 | Description = "Conky - Lightweight system monitor"; 15 | After = [ "graphical-session.target" ]; 16 | X-Restart-Triggers = [ 17 | ./conky.conf 18 | ]; 19 | }; 20 | 21 | Service = { 22 | Restart = "always"; 23 | RestartSec = "3"; 24 | ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; 25 | ExecStart = toString ([ "${pkgs.conky}/bin/conky"]); 26 | }; 27 | 28 | Install.WantedBy = [ "graphical-session.target" ]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /home/environments/i3/conky/cpu_sct.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | CPU_JSON=$(lscpu --json | jq '.lscpu | reduce .[] as $i ({}; .[$i.field] = $i.data)') 4 | CPU_SOCKETS=$(echo "$CPU_JSON" | jq '."Socket(s):"' -r) 5 | CPU_CORES_PER_SOCKET=$(echo "$CPU_JSON" | jq '."Core(s) per socket:"' -r) 6 | CPU_THREADS_PER_CORE=$(echo "$CPU_JSON" | jq '."Thread(s) per core:"' -r) 7 | CPU_TOTAL_THREADS_PER_SOCKET=$(($CPU_CORES_PER_SOCKET*$CPU_THREADS_PER_CORE)) 8 | if [ $CPU_SOCKETS -eq 1 ]; then 9 | echo "${CPU_CORES_PER_SOCKET}c${CPU_TOTAL_THREADS_PER_SOCKET}t" 10 | else 11 | echo "${CPU_SOCKETS}s${CPU_CORES_PER_SOCKET}t${CPU_TOTAL_THREADS_PER_SOCKET}t" 12 | fi 13 | -------------------------------------------------------------------------------- /home/environments/i3/conky/kat.lua: -------------------------------------------------------------------------------- 1 | local _dir_ = debug.getinfo(1, "S").source:sub(2):match("(.*[/\\])") or "./" 2 | 3 | kat = { root_dir = _dir_, exec_interval = 3600 } 4 | 5 | return kat 6 | -------------------------------------------------------------------------------- /home/environments/i3/cursor.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | home.pointerCursor = { 3 | enable = true; 4 | package = pkgs.graphite-cursors; 5 | size = 16; 6 | name = "graphite-dark"; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/environments/i3/dunst.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.dunst = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /home/environments/i3/i3status-rust.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | programs.i3status-rust = { 3 | enable = true; 4 | bars = { 5 | # YOU! I WANNA TAKE YOU TO A 6 | gaybar = { 7 | settings = { 8 | icons = { 9 | icons = "awesome6"; 10 | overrides = { 11 | caffeine_on = ""; 12 | caffeine_off = ""; 13 | }; 14 | }; 15 | }; 16 | blocks = [ 17 | { 18 | block = "cpu"; 19 | interval = 1; 20 | } 21 | { 22 | block = "load"; 23 | interval = 1; 24 | format = " $icon $1m "; 25 | } 26 | { 27 | block = "memory"; 28 | format = " $icon $mem_used_percents.eng(w:2) $zram_comp_ratio "; 29 | } 30 | { 31 | block = "memory"; 32 | format = " $icon_swap $swap_used_percents.eng(w:2) "; 33 | } 34 | { 35 | block = "nvidia_gpu"; 36 | format = " $icon $utilization $memory $temperature "; 37 | } 38 | { 39 | block = "hueshift"; 40 | } 41 | { 42 | block = "music"; 43 | format = " $icon {$combo.str(max_w:60) $play |}"; 44 | } 45 | { 46 | block = "sound"; 47 | format = " $icon {$volume.eng(w:2) |}"; 48 | } 49 | { 50 | block = "notify"; 51 | format = " $icon {($notification_count.eng(w:1)) |}"; 52 | } 53 | { 54 | block = "toggle"; 55 | command_on = "${pkgs.xorg.xset}/bin/xset -dpms"; 56 | command_off = "${pkgs.xorg.xset}/bin/xset +dpms"; 57 | format = " $icon DPMS "; 58 | command_state = ''${pkgs.xorg.xset}/bin/xset q | ${pkgs.gnugrep}/bin/grep -F "DPMS is Disabled"''; 59 | icon_on = "caffeine_on"; 60 | icon_off = "caffeine_off"; 61 | state_on = "info"; 62 | } 63 | { 64 | block = "time"; 65 | interval = 1; 66 | format = " $icon $timestamp.datetime(f:'%F %T %Z') "; 67 | } 68 | ]; 69 | theme = "ctp-latte"; 70 | }; 71 | }; 72 | }; 73 | } 74 | -------------------------------------------------------------------------------- /home/environments/i3/konawall.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | config, 5 | ... 6 | }: let 7 | konawallConfig = { 8 | interval = 30 * 60; 9 | rotate = true; 10 | source = "e621"; 11 | tags = [ 12 | "rating:s" 13 | "-five_nights_at_freddy's" 14 | #"touhou" 15 | "-large_breasts" 16 | "-scalie" 17 | #"-my_little_pony" 18 | "-sonic_the_hedgehog" 19 | "-amputee" 20 | "-inflation" 21 | "-pool_toy" 22 | "-cuckold" 23 | "-gore" 24 | "-human" 25 | "-animated" 26 | "-hyper" 27 | "-death" 28 | "ratio:>=1.3" 29 | "-muscular_male" 30 | "-model_sheet" 31 | "score:>=100" 32 | "width:>=1500" 33 | ]; 34 | logging = { 35 | file = "INFO"; 36 | console = "DEBUG"; 37 | }; 38 | }; 39 | in { 40 | sops.secrets.konawall-py-env = { 41 | sopsFile = ./konawall.yaml; 42 | }; 43 | home.packages = [ 44 | inputs.konawall-py.packages.${pkgs.system}.konawall-py 45 | ]; 46 | xdg.configFile = { 47 | "konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; 48 | }; 49 | systemd.user.services.konawall-py = { 50 | Unit = { 51 | Description = "konawall-py"; 52 | X-Restart-Triggers = [(toString config.xdg.configFile."konawall/config.toml".source)]; 53 | After = ["graphical-session.target" "network-online.target"]; 54 | }; 55 | Service = { 56 | ExecStart = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; 57 | Restart = "on-failure"; 58 | RestartSec = "1s"; 59 | EnvironmentFile = config.sops.secrets.konawall-py-env.path; 60 | }; 61 | Install = {WantedBy = ["graphical-session.target"];}; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /home/environments/i3/picom.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.picom = { 3 | enable = true; 4 | backend = "glx"; 5 | shadow = false; 6 | vSync = false; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/environments/i3/redshift.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.gammastep = { 3 | enable = true; 4 | provider = "geoclue2"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/environments/i3/rofi.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: { 2 | home.packages = [ 3 | config.programs.rofi.finalPackage 4 | ]; 5 | programs.rofi = { 6 | enable = true; 7 | font = "Monaspace Krypton"; 8 | terminal = "wezterm"; 9 | plugins = with pkgs; [ 10 | rofi-games 11 | rofimoji 12 | rofi-rbw 13 | ]; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /home/environments/kde/gtk.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | } 3 | -------------------------------------------------------------------------------- /home/environments/kde/kde.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.sessionVariables = { 3 | QT_QPA_PLATFORMTHEME = "qt5ct"; 4 | }; 5 | home.packages = with pkgs.kdePackages; [ 6 | kscreen 7 | pkgs.xwayland 8 | kscreen 9 | libkscreen 10 | kscreenlocker 11 | kactivitymanagerd 12 | kde-cli-tools 13 | kglobalacceld # keyboard shortcut daemon 14 | kwrited # wall message proxy, not to be confused with kwrite 15 | baloo # system indexer 16 | milou # search engine atop baloo 17 | kdegraphics-thumbnailers # pdf etc thumbnailer 18 | polkit-kde-agent-1 # polkit auth ui 19 | plasma-desktop 20 | plasma-workspace 21 | drkonqi # crash handler 22 | kde-inotify-survey # warns the user on low inotifywatch limits 23 | 24 | # Application integration 25 | libplasma # provides Kirigami platform theme 26 | plasma-integration # provides Qt platform theme 27 | kde-gtk-config # syncs KDE settings to GTK 28 | 29 | # Artwork + themes 30 | breeze 31 | breeze-icons 32 | breeze-gtk 33 | ocean-sound-theme 34 | plasma-workspace-wallpapers 35 | pkgs.hicolor-icon-theme # fallback icons 36 | qqc2-breeze-style 37 | qqc2-desktop-style 38 | 39 | # misc Plasma extras 40 | kdeplasma-addons 41 | pkgs.xdg-user-dirs # recommended upstream 42 | 43 | # Plasma utilities 44 | kmenuedit 45 | kinfocenter 46 | plasma-systemmonitor 47 | ksystemstats 48 | libksysguard 49 | systemsettings 50 | kcmutils 51 | ]; 52 | programs.plasma = { 53 | configFile = { 54 | "kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1; 55 | "kdeglobals"."WM"."activeBackground" = "231,232,235"; 56 | "kdeglobals"."WM"."activeBlend" = "231,232,235"; 57 | "kdeglobals"."WM"."activeForeground" = "92,97,108"; 58 | "kdeglobals"."WM"."inactiveBackground" = "231,232,235"; 59 | "kdeglobals"."WM"."inactiveBlend" = "231,232,235"; 60 | "kdeglobals"."WM"."inactiveForeground" = "163,165,172"; 61 | "kdeglobals"."General"."BrowserApplication" = "firefox.desktop"; 62 | "kdeglobals"."General"."TerminalService" = "org.wezfurlong.wezterm.desktop"; 63 | "kxkbrc"."Layout"."ResetOldOptions" = true; 64 | "kxkbrc"."Layout"."Options" = "terminate:ctrl_alt_bksp,ctrl:hyper_capscontrol"; 65 | }; 66 | }; 67 | } 68 | -------------------------------------------------------------------------------- /home/environments/kde/konawall.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: let 6 | konawallWithDelay = pkgs.writeShellScriptBin "konawally" '' 7 | sleep 5 && XDG_BACKEND=x11 GDK_BACKEND=x11 ${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall 8 | ''; 9 | desktop_entry = '' 10 | [Desktop Entry] 11 | Exec=${konawallWithDelay}/bin/konawally 12 | Icon= 13 | Name=konawall 14 | Path= 15 | Terminal=False 16 | Type=Application 17 | ''; 18 | konawallConfig = { 19 | interval = 30 * 60; 20 | rotate = true; 21 | source = "konachan"; 22 | tags = [ 23 | #"rating:s" 24 | "touhou" 25 | "score:>=50" 26 | "width:>=1500" 27 | ]; 28 | logging = { 29 | file = "INFO"; 30 | console = "DEBUG"; 31 | }; 32 | }; 33 | in { 34 | home.packages = [ 35 | konawallWithDelay 36 | inputs.konawall-py.packages.${pkgs.system}.konawall-py 37 | ]; 38 | xdg.configFile = { 39 | "konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; 40 | "autostart/konawall.desktop".text = desktop_entry; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /home/environments/kde/qt.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | xdg.configFile."menus/applications.menu".source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu"; 3 | qt = { 4 | enable = false; 5 | platformTheme.package = with pkgs.kdePackages; [ 6 | plasma-integration 7 | # I don't remember why I put this is here, maybe it fixes the theme of the system setttings 8 | systemsettings 9 | ]; 10 | style = { 11 | package = pkgs.kdePackages.breeze; 12 | name = "Breeze"; 13 | }; 14 | }; 15 | systemd.user.sessionVariables = {QT_QPA_PLATFORMTHEME = "qt6ct";}; 16 | } 17 | -------------------------------------------------------------------------------- /home/environments/sway/barrier.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.barrier.client = { 3 | enable = true; 4 | enableCrypto = true; 5 | enableDragDrop = true; 6 | server = "10.1.1.153"; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/environments/sway/gtk.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | adwaita-icon-theme 4 | ]; 5 | 6 | gtk = { 7 | enable = true; 8 | font = { 9 | name = "Iosevka"; 10 | size = 9; 11 | }; 12 | iconTheme = { 13 | name = "Maia"; 14 | package = pkgs.maia-icon-theme; 15 | }; 16 | theme = { 17 | name = "Adapta"; 18 | package = pkgs.adapta-gtk-theme; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /home/environments/sway/layout.xkb: -------------------------------------------------------------------------------- 1 | default partial alphanumeric_keys 2 | xkb_symbols "basic" { 3 | include "us(altgr-intl)" 4 | name[Group1] = "English (US, international with pound sign)"; 5 | key { [ e, E, EuroSign, cent ] }; 6 | key { [ 3, numbersign, sterling] }; 7 | }; 8 | -------------------------------------------------------------------------------- /home/environments/sway/mako.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | inherit (config.base16) palette; 7 | in { 8 | systemd.user.services = { 9 | mako = { 10 | Unit = { 11 | Description = "mako"; 12 | X-Restart-Triggers = [(toString config.xdg.configFile."mako/config".source)]; 13 | }; 14 | Service = { 15 | ExecStart = "${pkgs.mako}/bin/mako"; 16 | Restart = "always"; 17 | }; 18 | Install = {WantedBy = ["graphical-session.target"];}; 19 | }; 20 | }; 21 | 22 | services.mako = { 23 | enable = true; 24 | font = "Iosevka 10"; 25 | defaultTimeout = 3000; 26 | borderColor = palette.base08; 27 | backgroundColor = "${palette.base00}BF"; 28 | textColor = palette.base05; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /home/environments/sway/waybar.sass: -------------------------------------------------------------------------------- 1 | * 2 | padding: 0 3 | margin: 0 4 | border: none 5 | border-radius: 0 6 | background: none 7 | font-family: "Iosevka", "Font Awesome 6 Free", "Font Awesome 6 Brands" 8 | font-size: $font_size 9 | text-shadow: none 10 | box-shadow: none 11 | 12 | %widget_unpadded 13 | transition: none 14 | background: $base01 15 | color: $base07 16 | margin: 0 4px 17 | 18 | %widget 19 | @extend %widget_unpadded 20 | padding: 0 4px 21 | 22 | window#waybar 23 | background: rgba($base00, 0.9) 24 | border-bottom: 2px solid transparent 25 | 26 | // sway/workspaces 27 | #workspaces 28 | @extend %widget_unpadded 29 | button 30 | color: $base06 31 | &.focused 32 | color: $base07 33 | background: $base0D 34 | 35 | &:hover 36 | transition: none 37 | box-shadow: inherit 38 | text-shadow: inherit 39 | background: $base06 40 | color: $base0C 41 | 42 | 43 | // widgets 44 | #mode, window#waybar #window, 45 | #custom-clock, #mpris, 46 | #pulseaudio, #backlight, #network, #temperature, #battery, #idle_inhibitor, #tray, #tray menu 47 | @extend %widget 48 | 49 | // hide when empty 50 | window#waybar.empty #window 51 | opacity: 0 52 | 53 | 54 | // tooltips 55 | tooltip 56 | background: rgba($base00, 0.9) 57 | label 58 | color: $base07 59 | 60 | // mpris player and state 61 | #mpris 62 | &.spotify 63 | background: #191414 64 | color: #1DB954 65 | 66 | &.paused 67 | background: $base01 68 | color: $base03 69 | 70 | /*.modules-left 71 | #window 72 | widget 73 | label 74 | margin: 0 75 | 76 | &:first-child 77 | margin-left: 0 78 | 79 | &:last-child 80 | margin-right: 0*/ 81 | 82 | .modules-center 83 | 84 | .modules-right 85 | -------------------------------------------------------------------------------- /home/environments/sway/wofi.nix: -------------------------------------------------------------------------------- 1 | {kittywitch, ...}: { 2 | programs.wofi = { 3 | enable = true; 4 | settings = { 5 | style = let 6 | template = kittywitch.sassTemplate { 7 | name = "wofi-style"; 8 | src = ./wofi.sass; 9 | }; 10 | in 11 | template.source; 12 | insensitive = true; 13 | allow_images = true; 14 | hide_scroll = true; 15 | width = "25%"; 16 | mode = "dmenu"; 17 | prompt = ""; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /home/environments/sway/wofi.sass: -------------------------------------------------------------------------------- 1 | #scroll 2 | background: $base01 3 | border: 1px solid $base03 4 | 5 | #input 6 | background: $base01 7 | border: 1px solid $base0C 8 | margin: 1em 9 | background: $base02 10 | color: $base04 11 | 12 | window 13 | font-family: $font 14 | background: rgba($base00, .9) 15 | border-radius: 1em 16 | font-size: $font_size 17 | color: $base07 18 | 19 | #outer-box 20 | margin: 1em 21 | 22 | #entry 23 | border-bottom: 1px dashed $base04 24 | padding: .75em 25 | &:selected 26 | background-color: $base0D 27 | -------------------------------------------------------------------------------- /home/environments/sway/xdg.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | xdg = { 3 | enable = true; 4 | userDirs = { 5 | enable = true; 6 | pictures = "$HOME/pictures"; 7 | videos = "$HOME/videos"; 8 | documents = "$HOME/docs"; 9 | download = "$HOME/downloads"; 10 | desktop = "$HOME/desktop"; 11 | templates = "$HOME/templates"; 12 | publicShare = "$HOME/shared"; 13 | music = "$HOME/music"; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /home/environments/sway/xkb.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home.file = { 3 | ".xkb/symbols/us_gbp_map".source = ./layout.xkb; 4 | }; 5 | 6 | home.keyboard = null; 7 | } 8 | -------------------------------------------------------------------------------- /home/environments/xfce/gtk.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.pointerCursor = { 3 | gtk.enable = true; 4 | # x11.enable = true; 5 | package = pkgs.chicago95; 6 | name = "Chicago95"; 7 | size = 16; 8 | }; 9 | 10 | gtk = { 11 | enable = true; 12 | iconTheme = { 13 | name = "Chicago95-tux"; 14 | package = pkgs.chicago95; 15 | }; 16 | 17 | theme = { 18 | name = "Chicago95"; 19 | package = pkgs.chicago95; 20 | }; 21 | 22 | cursorTheme = { 23 | name = "Chicago95"; 24 | package = pkgs.chicago95; 25 | }; 26 | 27 | font = { 28 | name = "Monaspace Krypton"; 29 | size = 11; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /home/environments/xfce/konawall.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | config, 5 | ... 6 | }: let 7 | konawallConfig = { 8 | interval = 60 * 5; 9 | rotate = true; 10 | source = "konachan"; 11 | tags = [ 12 | "rating:s" 13 | "touhou" 14 | "score:>=50" 15 | "width:>=1500" 16 | ]; 17 | logging = { 18 | file = "INFO"; 19 | console = "DEBUG"; 20 | }; 21 | }; 22 | in { 23 | systemd.user.services.konawall-py = { 24 | Unit = { 25 | Description = "konawall-py"; 26 | X-Restart-Triggers = [(toString config.xdg.configFile."konawall/config.toml".source)]; 27 | After = ["gnome-session.target" "network-online.target"]; 28 | Environment = [ 29 | "PYSTRAY_BACKEND=gtk" 30 | ]; 31 | }; 32 | Service = { 33 | ExecStart = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; 34 | Restart = "on-failure"; 35 | RestartSec = "1s"; 36 | }; 37 | Install = {WantedBy = ["graphical-session.target"];}; 38 | }; 39 | xdg.configFile = { 40 | "konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /home/environments/xfce/packages.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | pavucontrol 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /home/environments/xfce/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: let 6 | inherit (lib.strings) fileContents; 7 | in { 8 | home.sessionVariables.GSM_SKIP_SSH_AGENT_WORKAROUND = "1"; 9 | 10 | # Disable gnome-keyring ssh-agent 11 | xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = '' 12 | ${fileContents "${pkgs.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop"} 13 | Hidden=true 14 | ''; 15 | } 16 | -------------------------------------------------------------------------------- /home/environments/xfce/xfconf.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | xfconf = { 3 | settings = { 4 | xsettings = { 5 | "Xfce4/SyncThemes" = true; 6 | "Net/IconThemeName" = "Chicago95-tux"; 7 | "Net/ThemeName" = "Chicago95"; 8 | }; 9 | xfce4-keyboard-shortcuts = { 10 | "commands/custom/Super_L" = "xfce4-popup-whiskermenu"; 11 | }; 12 | xfce4-session = { 13 | "startup/ssh-agent/enabled" = false; 14 | }; 15 | xfce4-power-manager = { 16 | "xfce4-power-manager/show-tray-icon" = false; 17 | "xfce4-power-manager/general-notification" = true; 18 | }; 19 | xfwm4 = { 20 | "general/theme" = "Chicago95"; 21 | "general/title_font" = "Sans Bold 8"; 22 | "general/show_dock_shadow" = false; 23 | }; 24 | xfce4-notifyd = { 25 | "theme" = "Chicago95"; 26 | "notify-location" = "bottom-right"; 27 | }; 28 | }; 29 | enable = true; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /home/profiles/common/base16.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | inputs, 5 | ... 6 | }: let 7 | inherit (inputs.base16-data.lib.base16-data) schemeSources; 8 | in { 9 | base16 = { 10 | vim = { 11 | enable = false; 12 | template = inputs.base16-data.legacyPackages.${pkgs.system}.base16-templates.vim.withTemplateData; 13 | }; 14 | shell.enable = true; 15 | schemes = { 16 | light = { 17 | schemeData = schemeSources.tinted.schemes.catppuccin-latte; 18 | ansi.palette.background.alpha = "d000"; 19 | }; 20 | dark = { 21 | schemeData = schemeSources.tinted.schemes.catppuccin-mocha; 22 | ansi.palette.background.alpha = "d000"; 23 | }; 24 | }; 25 | defaultSchemeName = "dark"; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /home/profiles/common/catppuccin.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: let 2 | inherit (lib) mkForce; 3 | in { 4 | catppuccin = { 5 | enable = true; 6 | flavor = "frappe"; 7 | gtk = { 8 | enable = true; 9 | icon.enable = true; 10 | gnomeShellTheme = mkForce false; 11 | }; 12 | }; 13 | dconf.settings = mkForce { }; 14 | gtk.enable = true; 15 | } 16 | -------------------------------------------------------------------------------- /home/profiles/common/docs.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | manual = { 3 | html.enable = false; 4 | json.enable = false; 5 | manpages.enable = false; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/profiles/common/modules.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | disabledModules = [ 3 | "services/window-managers/i3-sway/i3.nix" 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /home/profiles/common/nix.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | # TODO: add the same treatment as the other nix gc script 3 | nix.gc = { 4 | automatic = true; 5 | frequency = "weekly"; 6 | persistent = true; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/profiles/common/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | home.packages = [ 3 | pkgs.magic-wormhole 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /home/profiles/common/profile-inheritance.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: { 2 | imports = with tree.home.profiles; [ 3 | shell 4 | neovim 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /home/profiles/common/sops.nix: -------------------------------------------------------------------------------- 1 | {parent, ...}: { 2 | sops = { 3 | age.sshKeyPaths = [ 4 | "/home/kat/.ssh/id_ed25519" 5 | ]; 6 | inherit (parent.sops) defaultSopsFile; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/profiles/common/xdg.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | xdg = { 3 | enable = true; 4 | userDirs = { 5 | enable = true; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/profiles/graphical/discord.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: let 6 | inherit (lib.generators) toJSON; 7 | in { 8 | home.packages = with pkgs; [ 9 | (discord-krisp.override { 10 | withOpenASAR = true; 11 | withVencord = true; # can do this here too 12 | }) 13 | vesktop 14 | #betterdiscordctl 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /home/profiles/graphical/documents.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | home.packages = with pkgs; [ 3 | calibre 4 | pkgs.kdePackages.okular 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /home/profiles/graphical/floorp/containers.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: let 2 | inherit (lib.attrsets) listToAttrs nameValuePair; 3 | inherit (lib.modules) mkMerge; 4 | in { 5 | programs.floorp.profiles.main = { 6 | containersForce = true; 7 | containers = { 8 | main = { 9 | name = "Primary"; 10 | id = 0; 11 | color = "turquoise"; 12 | icon = "pet"; 13 | }; 14 | gay = { 15 | name = "Gay"; 16 | id = 1; 17 | color = "purple"; 18 | icon = "pet"; 19 | }; 20 | work = { 21 | name = "Work"; 22 | id = 2; 23 | color = "pink"; 24 | icon = "briefcase"; 25 | }; 26 | banking = { 27 | name = "Banking"; 28 | id = 3; 29 | color = "turquoise"; 30 | }; 31 | }; 32 | }; 33 | } 34 | 35 | -------------------------------------------------------------------------------- /home/profiles/graphical/floorp/main.nix: -------------------------------------------------------------------------------- 1 | {pkgs, nur, ...}: let 2 | defaultFont = "Monaspace Krypton"; 3 | in { 4 | home.sessionVariables = { 5 | BROWSER = "floorp"; 6 | }; 7 | 8 | home.packages = [ pkgs.ff2mpv-rust ]; 9 | programs.floorp = { 10 | nativeMessagingHosts = [ 11 | pkgs.ff2mpv-rust 12 | ]; 13 | enable = true; 14 | profiles = { 15 | main = { 16 | id = 0; 17 | isDefault = true; 18 | containersForce = true; 19 | extensions = { 20 | packages = with nur.repos.rycee.firefox-addons; [ 21 | sponsorblock 22 | link-cleaner 23 | canvasblocker 24 | a11ycss 25 | view-image 26 | wappalyzer 27 | auto-tab-discard 28 | bitwarden 29 | darkreader 30 | decentraleyes 31 | clearurls 32 | df-youtube 33 | old-reddit-redirect 34 | privacy-badger 35 | reddit-enhancement-suite 36 | refined-github 37 | stylus 38 | temporary-containers 39 | multi-account-containers 40 | dearrow 41 | betterttv 42 | violentmonkey 43 | return-youtube-dislikes 44 | ff2mpv 45 | terms-of-service-didnt-read 46 | ]; 47 | force = true; 48 | }; 49 | userChrome = '' 50 | #urlbar { 51 | font-family: "${defaultFont}", monospace; 52 | } 53 | ''; 54 | }; 55 | }; 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /home/profiles/graphical/floorp/tst.nix: -------------------------------------------------------------------------------- 1 | { nur, ... }: { 2 | programs.floorp.profiles.main = { 3 | extensions = { 4 | packages = with nur.repos.rycee.firefox-addons; [ 5 | tree-style-tab 6 | move-unloaded-tabs-for-tst 7 | tab-unload-for-tree-style-tab 8 | tst-bookmarks-subpanel 9 | tst-indent-line 10 | tst-tab-search 11 | tst-wheel-and-double 12 | tst-more-tree-commands 13 | ]; 14 | settings = { 15 | "treestyletab@piro.sakura.ne.jp".settings = { 16 | cachedExternalAddons = [ 17 | "tst-active-tab-on-scrollbar@piro.sakura.ne.jp" 18 | "tst-indent-line@piro.sakura.ne.jp" 19 | ]; 20 | faviconizePinnedTabs = false; 21 | lastSelectedSubPanelProviderId = "tst-bookmarks-subpanel@piro.sakura.ne.jp"; 22 | showExpertOptions = true; 23 | skipCollapsedTabsForTabSwitchingShortcuts = true; 24 | tabPreviewTooltip = true; 25 | }; 26 | }; 27 | }; 28 | userChrome = '' 29 | /* Hide horizontal tabs at the top of the window */ 30 | #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar { 31 | opacity: 0; 32 | pointer-events: none; 33 | } 34 | #main-window #TabsToolbar { 35 | visibility: collapse !important; 36 | } 37 | /* Hide the "Tree Style Tab" header at the top of the sidebar */ 38 | #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header { 39 | display: none; 40 | } 41 | ''; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /home/profiles/graphical/floorp/ublock.nix: -------------------------------------------------------------------------------- 1 | { nur, ... }: { 2 | programs.floorp.profiles.main.extensions = { 3 | packages = with nur.repos.rycee.firefox-addons; [ 4 | ublock-origin 5 | ]; 6 | settings = { 7 | "uBlock@raymondhill.net".settings = { 8 | selectedFilterLists = [ 9 | "user-filters" 10 | "ublock-filters" 11 | "ublock-badware" 12 | "ublock-privacy" 13 | "ublock-quick-fixes" 14 | "ublock-unbreak" 15 | "easylist" 16 | "adguard-generic" 17 | "adguard-mobile" 18 | "easyprivacy" 19 | "adguard-spyware" 20 | "adguard-spyware-url" 21 | "urlhaus-1" 22 | "plowe-0" 23 | "fanboy-cookiemonster" 24 | "ublock-cookies-easylist" 25 | "adguard-cookies" 26 | "ublock-cookies-adguard" 27 | "fanboy-social" 28 | "adguard-social" 29 | "easylist-chat" 30 | "easylist-newsletters" 31 | "easylist-notifications" 32 | "easylist-annoyances" 33 | "adguard-mobile-app-banners" 34 | "adguard-other-annoyances" 35 | "adguard-popup-overlays" 36 | "adguard-widgets" 37 | "ublock-annoyances" 38 | ]; 39 | }; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /home/profiles/graphical/gpg.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib.modules) mkDefault mkMerge; 3 | in { 4 | services.gpg-agent = { 5 | enable = mkDefault true; 6 | enableExtraSocket = true; 7 | enableSshSupport = true; 8 | sshKeys = [ 9 | "59921D2F4E6DF7EEC3CB2934BD3D53666007B1AB" # kat@inskip.me 10 | ]; 11 | extraConfig = mkMerge [ 12 | "auto-expand-secmem 0x30000" # otherwise "gpg: public key decryption failed: Cannot allocate memory" 13 | "pinentry-timeout 30" 14 | "allow-loopback-pinentry" 15 | "enable-ssh-support" 16 | "no-allow-external-cache" 17 | ]; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /home/profiles/graphical/media.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | inputs, 5 | ... 6 | }: let 7 | inherit (lib.attrsets) mapAttrsToList; 8 | in { 9 | programs.mpv = { 10 | enable = true; 11 | scripts = with pkgs.mpvScripts; [ 12 | sponsorblock 13 | paused 14 | ]; 15 | config = { 16 | profile = "gpu-hq"; 17 | hwdec = "auto"; 18 | vo = "gpu"; 19 | volume-max = 200; 20 | opengl-waitvsync = true; 21 | script-opts = 22 | builtins.concatStringsSep "," 23 | (mapAttrsToList (k: v: "${k}=${builtins.toString v}") { 24 | ytdl_hook-ytdl_path = "${pkgs.yt-dlp}/bin/yt-dlp"; 25 | osc-layout = "slimbox"; 26 | osc-vidscale = "no"; 27 | osc-deadzonesize = 0.75; 28 | osc-minmousemove = 4; 29 | osc-hidetimeout = 2000; 30 | osc-valign = 0.9; 31 | osc-timems = "yes"; 32 | osc-seekbarstyle = "knob"; 33 | osc-seekbarkeyframes = "no"; 34 | osc-seekrangestyle = "slider"; 35 | }); 36 | }; 37 | }; 38 | 39 | programs.zsh.shellAliases = { 40 | yt = "mpv --ytdl-format='bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best[height<=720]'"; # Laptop doesn't like above 720p :c 41 | }; 42 | home.packages = with pkgs; [ 43 | yt-dlp # Watch videos from multiple sources without having to use a browser for it 44 | ytcc # Subscriptions manager and RSS feed exporter for YouTube 45 | ]; 46 | } 47 | -------------------------------------------------------------------------------- /home/profiles/graphical/packages.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | # Password manager 4 | bitwarden 5 | 6 | # Task managers 7 | btop 8 | htop 9 | 10 | # Mail 11 | thunderbird 12 | 13 | # Music 14 | spotify 15 | 16 | # Chat 17 | tdesktop # Telegram 18 | dino # XMPP 19 | signal-desktop 20 | mumble 21 | keymapp 22 | # Archivery 23 | unzip 24 | zip 25 | p7zip 26 | 27 | # Misc 28 | exiftool # EXIF Stripping 29 | lm_sensors # Sensor Data 30 | cryptsetup # Encrypted block devices 31 | yubikey-manager # Yubikey 32 | v4l-utils # Webcam 33 | obsidian 34 | remmina 35 | alsa-utils 36 | pwvucontrol 37 | veracrypt 38 | gimp 39 | ]; 40 | } 41 | -------------------------------------------------------------------------------- /home/profiles/graphical/syncplay.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.syncplay = { 3 | enable = true; 4 | username = "kat"; 5 | defaultRoom = "lounge"; 6 | server = { 7 | host = "syncplay.local.gensokyo.zone"; 8 | }; 9 | playerArgs = [ 10 | "--ytdl-format=bestvideo[height<=1080]+bestaudio/best[height<=1080]/bestvideo+bestaudio/best" 11 | ]; 12 | # gui = false; 13 | config = { 14 | client_settings = { 15 | onlyswitchtotrusteddomains = false; 16 | autoplayrequiresamefiles = false; 17 | readyatstart = true; 18 | pauseonleave = false; 19 | rewindondesync = false; 20 | rewindthreshold = 6.0; 21 | fastforwardthreshold = 6.0; 22 | unpauseaction = "Always"; 23 | }; 24 | gui = { 25 | #autosavejoinstolist = false; 26 | showdurationnotification = false; 27 | }; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /home/profiles/graphical/vscode.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.vscode = { 3 | enable = false; 4 | extensions = with pkgs.vscode-extensions; [ 5 | vscodevim.vim 6 | catppuccin.catppuccin-vsc 7 | kamadorueda.alejandra 8 | mkhl.direnv 9 | hashicorp.terraform 10 | jnoortheen.nix-ide 11 | pkgs.outrun 12 | ]; 13 | userSettings = { 14 | "nix.enableLanguageServer" = true; 15 | "workbench.colorTheme" = "Outrun Night"; 16 | "editor.suggest.preview" = true; 17 | "[nix]" = { 18 | "editor.defaultFormatter" = "kamadorueda.alejandra"; 19 | "editor.formatOnPaste" = true; 20 | "editor.formatOnSave" = true; 21 | "editor.formatOnType" = false; 22 | }; 23 | "files.eol" = "\n"; 24 | "alejandra.program" = "${pkgs.alejandra}/bin/alejandra"; 25 | "editor.fontFamily" = ''"Monaspace Krypton", "Font Awesome 6 Free", "Font Awesome 6 Brands"''; 26 | "editor.fontLigatures" = true; 27 | "terraform.experimentalFeatures.prefillRequiredFields" = true; 28 | "terraform.experimentalFeatures.validateOnSave" = true; 29 | "terraform.codelens.referenceCount" = true; 30 | "go.alternateTools" = { 31 | gopls = "${pkgs.gopls}/bin/gopls"; 32 | }; 33 | "vim.useSystemClipboard" = true; 34 | go = { 35 | inlayHints = { 36 | assignVariableTypes = true; 37 | compositeLiteralFields = true; 38 | compositeLiteralTypes = true; 39 | constantValues = true; 40 | functionTypeParameters = true; 41 | parameterNames = true; 42 | rangeVariableTypes = true; 43 | }; 44 | }; 45 | }; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /home/profiles/graphical/wezterm.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | programs.wezterm = { 7 | enable = true; 8 | package = inputs.wezterm.outputs.packages.${pkgs.system}.default; 9 | extraConfig = '' 10 | local wezterm = require 'wezterm'; 11 | return { 12 | font = wezterm.font_with_fallback({ 13 | "Monaspace Krypton", 14 | -- , BuiltIn 15 | "JetBrains Mono", 16 | 17 | -- /nix/store/mc76mhlam0rggcgx3z695025phl07pi1-noto-fonts-color-emoji-2.042/share/fonts/noto/NotoColorEmoji.ttf, FontConfig 18 | -- Assumed to have Emoji Presentation 19 | -- Pixel sizes: [128] 20 | "Noto Color Emoji", 21 | 22 | -- , BuiltIn 23 | "Symbols Nerd Font Mono", 24 | 25 | }), 26 | window_decorations = "TITLE | RESIZE", 27 | enable_wayland = true, 28 | warn_about_missing_glyphs = false, 29 | font_size = 12.0, 30 | check_for_updates = false, 31 | enable_tab_bar = false 32 | } 33 | ''; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /home/profiles/neovim/rust.lua: -------------------------------------------------------------------------------- 1 | local bufnr = vim.api.nvim_get_current_buf() 2 | vim.keymap.set( 3 | "n", 4 | "a", 5 | function() 6 | vim.cmd.RustLsp('codeAction') -- supports rust-analyzer's grouping 7 | -- or vim.lsp.buf.codeAction() if you don't want grouping. 8 | end, 9 | { silent = true, buffer = bufnr } 10 | ) 11 | vim.keymap.set( 12 | "n", 13 | "K", -- Override Neovim's built-in hover keymap with rustaceanvim's hover actions 14 | function() 15 | vim.cmd.RustLsp({'hover', 'actions'}) 16 | end, 17 | { silent = true, buffer = bufnr } 18 | ) 19 | -------------------------------------------------------------------------------- /home/profiles/shell/bitw.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | tree, 4 | ... 5 | }: { 6 | programs.rbw = { 7 | enable = true; 8 | settings = { 9 | inherit (tree.home.user.data) email; 10 | base_url = "https://bw.gensokyo.zone"; 11 | identity_url = null; 12 | pinentry = pkgs.pinentry-gnome3; 13 | lock_timeout = 3600; 14 | }; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /home/profiles/shell/direnv.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.direnv = { 3 | enable = true; 4 | enableZshIntegration = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/profiles/shell/eza.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.eza = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /home/profiles/shell/fzf.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | std, 4 | ... 5 | }: let 6 | inherit (std) list; 7 | in { 8 | programs.fzf = { 9 | enable = true; 10 | enableZshIntegration = true; 11 | }; 12 | programs.zsh.plugins = list.optional (pkgs.hostPlatform == pkgs.buildPlatform) { 13 | name = "fzf-tab"; 14 | src = "${pkgs.zsh-fzf-tab}/share/fzf-tab"; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /home/profiles/shell/git.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | tree, 4 | ... 5 | }: { 6 | home.packages = with pkgs; [ 7 | gitAndTools.git-remote-gcrypt 8 | git-crypt 9 | git-revise 10 | ]; 11 | 12 | programs.git = { 13 | inherit (tree.home.user.data) userName userEmail; 14 | package = pkgs.gitAndTools.gitFull; 15 | enable = true; 16 | extraConfig = { 17 | init = {defaultBranch = "main";}; 18 | protocol.gcrypt.allow = "always"; 19 | merge.conflictstyle = "diff3"; 20 | annex = { 21 | autocommit = false; 22 | backend = "BLAKE2B512"; 23 | synccontent = true; 24 | }; 25 | }; 26 | signing = { 27 | inherit (tree.home.user.data) key; 28 | signByDefault = true; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /home/profiles/shell/inputrc.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | xdg.configFile."inputrc".text = '' 3 | set editing-mode vi 4 | set keyseq-timeout 1 5 | set mark-symlinked-directories on 6 | set completion-prefix-display-length 8 7 | set show-all-if-ambiguous on 8 | set show-all-if-unmodified on 9 | set visible-stats on 10 | set colored-stats on 11 | set bell-style audible 12 | set meta-flag on 13 | set input-meta on 14 | set convert-meta off 15 | set output-meta on 16 | ''; 17 | 18 | home.sessionVariables.INPUTRC = "${config.xdg.configHome}/inputrc"; 19 | } 20 | -------------------------------------------------------------------------------- /home/profiles/shell/lc.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home.language = let 3 | ca = "en_CA.UTF-8"; 4 | in { 5 | base = ca; 6 | ctype = ca; 7 | time = ca; 8 | numeric = ca; 9 | collate = ca; 10 | monetary = ca; 11 | messages = ca; 12 | paper = ca; 13 | name = ca; 14 | address = ca; 15 | telephone = ca; 16 | measurement = ca; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /home/profiles/shell/packages.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | # task managers 4 | htop 5 | btop 6 | # disk usage 7 | duc-cli 8 | # nix formatting 9 | nixpkgs-fmt 10 | # show type of files 11 | file 12 | # command monitoring 13 | pv 14 | # cat but better 15 | bat 16 | # sed replacement 17 | sd 18 | # sops 19 | sops 20 | # find replacement 21 | fd 22 | # ripgrep / grep replacement 23 | ripgrep 24 | # rename with sed 25 | rename 26 | # remote tmux 27 | tmate 28 | # remote utilities 29 | socat 30 | rsync 31 | wget 32 | whois 33 | ]; 34 | } 35 | -------------------------------------------------------------------------------- /home/profiles/shell/rink.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | std, 4 | ... 5 | }: let 6 | inherit (std) serde; 7 | in { 8 | home.packages = with pkgs; [ 9 | rink 10 | ]; 11 | 12 | xdg.configFile."rink/config.toml".text = serde.toTOML { 13 | colors = { 14 | enabled = true; 15 | theme = "my_theme"; 16 | }; 17 | currency = { 18 | cache_duration = "1h"; 19 | enabled = true; 20 | endpoint = "https://rinkcalc.app/data/currency.json"; 21 | timeout = "2s"; 22 | }; 23 | rink = { 24 | long_output = true; 25 | prompt = "> "; 26 | }; 27 | themes = { 28 | my_theme = { 29 | date_time = "default"; 30 | doc_string = "italic"; 31 | error = "red"; 32 | number = "default"; 33 | plain = "default"; 34 | pow = "default"; 35 | prop_name = "cyan"; 36 | quantity = "dimmed cyan"; 37 | unit = "cyan"; 38 | user_input = "bold"; 39 | }; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /home/profiles/shell/ssh.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.ssh = { 3 | enable = true; 4 | controlMaster = "auto"; 5 | controlPersist = "10m"; 6 | hashKnownHosts = true; 7 | compression = true; 8 | forwardAgent = true; 9 | /* 10 | extraConfig = '' 11 | RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra 12 | ''; 13 | */ 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /home/profiles/shell/starship.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.starship = { 3 | enable = true; 4 | enableZshIntegration = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/profiles/shell/tmux.nix: -------------------------------------------------------------------------------- 1 | { 2 | std, 3 | inputs, 4 | ... 5 | }: let 6 | inherit (std) set list; 7 | in { 8 | programs.zsh.shellAliases = { 9 | tt = "tmux new -AD -s"; 10 | }; 11 | programs.tmux = { 12 | enable = true; 13 | terminal = "tmux-256color"; 14 | keyMode = "vi"; 15 | baseIndex = 1; 16 | extraConfig = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; '' 17 | # proper title handling 18 | set -g set-titles on 19 | set -g set-titles-string "#T" 20 | set -ga terminal-overrides ",xterm-256color:Tc" 21 | 22 | # modes 23 | setw -g clock-mode-colour colour8 24 | setw -g mode-style 'fg=${base07} bg=${base02} bold' 25 | 26 | # panes 27 | set -g pane-border-style 'fg=${base06} bg=${base02}' 28 | set -g pane-active-border-style 'bg=${base0D} fg=${base07}' 29 | 30 | # statusbar 31 | set -g status-position bottom 32 | set -g status-justify left 33 | set -g status-style 'bg=${base00} fg=${base06}' 34 | set -g status-left '#[fg=${base06} bg=${base01}] #S@#h ' 35 | set -g status-right '#[fg=${base07},bg=${base01}] %F #[fg=${base07},bg=${base02}] %H:%M:%S %Z ' 36 | set -g status-right-length 50 37 | set -g status-left-length 20 38 | 39 | setw -g window-status-current-style 'fg=${base07} bg=${base0D} bold' 40 | setw -g window-status-current-format ' #I#[fg=${base07}]:#[fg=${base07}]#W#[fg=${base07}]#F ' 41 | 42 | setw -g window-status-style 'fg=${base06} bg=${base03}' 43 | setw -g window-status-format ' #I#[fg=${base07}]:#[fg=${base06}]#W#[${base06}]#F ' 44 | 45 | setw -g window-status-bell-style 'fg=colour255 bg=colour1 bold' 46 | 47 | # messages 48 | set -g message-style 'fg=colour232 bg=colour16 bold' 49 | 50 | # mouse 51 | set -g mouse on 52 | ''; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /home/profiles/shell/z.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | # ensure .local/share/z is created 7 | xdg.dataFile."z/.keep".text = ""; 8 | 9 | programs.zsh = { 10 | localVariables = { 11 | _Z_DATA = "${config.xdg.dataHome}/z/data"; 12 | }; 13 | plugins = 14 | map (plugin: (with pkgs.${plugin}; { 15 | name = pname; 16 | inherit src; 17 | })) [ 18 | "zsh-z" 19 | ]; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /home/user/common.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | tree, 4 | ... 5 | }: { 6 | users.users.kat = { 7 | inherit (tree.home.user.data) description; 8 | shell = pkgs.zsh; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /home/user/darwin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | users.users.kat = { 3 | name = "kat"; 4 | home = "/Users/kat"; 5 | uid = 501; 6 | }; 7 | users.knownUsers = [ 8 | "kat" 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /home/user/data.nix: -------------------------------------------------------------------------------- 1 | _: rec { 2 | description = "Kat Inskip"; 3 | email = "kat@inskip.me"; 4 | keys = [ 5 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== pgp-${email}" 6 | ]; 7 | keyid = "9CC644B569CDA59BC874C4C9E8DDE3ED1C90F3A0"; 8 | keygrip = "59921D2F4E6DF7EEC3CB2934BD3D53666007B1AB"; 9 | userName = description; 10 | userEmail = email; 11 | key = keyid; 12 | } 13 | -------------------------------------------------------------------------------- /home/user/default.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: 2 | tree.prev 3 | // { 4 | nixos = { 5 | imports = with tree.prev; [ 6 | nixos 7 | common 8 | ]; 9 | }; 10 | darwin = { 11 | imports = with tree.prev; [ 12 | darwin 13 | common 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /home/user/home.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home = { 3 | homeDirectory = "/home/kat"; 4 | stateVersion = "22.11"; 5 | username = "kat"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/user/nixos.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: { 2 | users.users.kat = { 3 | uid = 1000; 4 | isNormalUser = true; 5 | linger = true; 6 | openssh.authorizedKeys = { 7 | inherit (tree.home.user.data) keys; 8 | }; 9 | extraGroups = [ 10 | "wheel" 11 | "video" 12 | "systemd-journal" 13 | "networkmanager" 14 | "plugdev" 15 | "input" 16 | "uinput" 17 | "adbusers" 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/darwin/blank.nix: -------------------------------------------------------------------------------- 1 | _: {} 2 | -------------------------------------------------------------------------------- /modules/home/base16.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | std, 6 | ... 7 | }: let 8 | inherit (lib.options) mkOption; 9 | inherit (lib.types) attrsOf str enum; 10 | inherit (lib.modules) mkIf; 11 | inherit (std) string set tuple list; 12 | cfg = config.base16; 13 | in { 14 | options.base16 = { 15 | palette = mkOption { 16 | type = attrsOf str; 17 | }; 18 | sass = { 19 | variables = mkOption { 20 | type = attrsOf str; 21 | default = 22 | cfg.palette 23 | // { 24 | term_font = "Iosevka"; 25 | font = "Iosevka"; 26 | font_size = "12px"; 27 | }; 28 | }; 29 | css_style = mkOption { 30 | type = enum ["nested" "compressed" "compact" "expanded"]; 31 | default = "expanded"; 32 | }; 33 | }; 34 | }; 35 | config = mkIf (cfg.schemes != {}) { 36 | base16 = { 37 | palette = set.fromList (set.mapToValues ( 38 | k: v: 39 | tuple.tuple2 40 | k 41 | "#${v.hex}" 42 | ) 43 | (set.filter (n: _: string.hasPrefix "base" n) 44 | cfg.defaultScheme)); 45 | }; 46 | 47 | lib.kittywitch.sassTemplate = { 48 | name, 49 | src, 50 | }: let 51 | variables = pkgs.writeText "base-variables.sass" '' 52 | ${(string.concatSep "\n" (set.mapToValues (var: con: "\$${var}: ${con}") cfg.sass.variables))} 53 | ''; 54 | source = 55 | pkgs.callPackage 56 | ({ 57 | sass, 58 | stdenv, 59 | }: 60 | stdenv.mkDerivation { 61 | inherit name src variables; 62 | nativeBuildInputs = list.singleton pkgs.sass; 63 | phases = ["buildPhase"]; 64 | buildPhase = '' 65 | cat $variables $src > src-mut.sass 66 | sass src-mut.sass $out --sourcemap=none --trace --style=${cfg.sass.css_style} 67 | ''; 68 | }) 69 | {}; 70 | in { 71 | inherit source; 72 | text = builtins.readFile source; 73 | }; 74 | _module.args = {inherit (config.lib) kittywitch;}; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /modules/home/blank.nix: -------------------------------------------------------------------------------- 1 | _: {} 2 | -------------------------------------------------------------------------------- /modules/home/disable.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, ...}: { 2 | disabledModules = map (x: /. + "${toString modulesPath}/${x}") []; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home/state.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home.stateVersion = "22.11"; 3 | } 4 | -------------------------------------------------------------------------------- /modules/home/waybar.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | inherit (lib.modules) mkIf; 7 | in 8 | mkIf config.programs.waybar.enable { 9 | systemd.user.services.waybar.Unit.X-Restart-Triggers = [ 10 | (builtins.toString config.programs.waybar.style) 11 | ]; 12 | } 13 | -------------------------------------------------------------------------------- /modules/home/zsh.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zsh.initExtraFirst = '' 3 | source /etc/static/zshrc 4 | ''; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/blank.nix: -------------------------------------------------------------------------------- 1 | _: {} 2 | -------------------------------------------------------------------------------- /modules/nixos/scalpels.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib.types) listOf path; 3 | inherit (lib.options) mkOption; 4 | in { 5 | options.scalpels = mkOption { 6 | type = listOf path; 7 | default = []; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/system/ci.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | inherit (lib.options) mkOption mkEnableOption; 7 | in { 8 | options.ci = with lib.types; { 9 | enable = 10 | mkEnableOption "build via CI" 11 | // { 12 | default = config.system == "x86_64-linux"; 13 | }; 14 | allowFailure = mkOption { 15 | type = bool; 16 | default = false; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /modules/system/deploy.nix: -------------------------------------------------------------------------------- 1 | { 2 | name, 3 | config, 4 | lib, 5 | inputs, 6 | ... 7 | }: let 8 | inherit (lib.modules) mkIf mkOptionDefault; 9 | in { 10 | options = let 11 | inherit (lib.types) nullOr; 12 | inherit (lib.options) mkOption; 13 | in { 14 | deploy = mkOption { 15 | type = nullOr inputs.arcexprs.lib.json.types.attrs; 16 | }; 17 | }; 18 | config = { 19 | deploy = let 20 | nixos = config.built; 21 | in { 22 | sshUser = mkOptionDefault "deploy"; 23 | user = mkOptionDefault "root"; 24 | sshOpts = mkIf (config.type == "NixOS") ( 25 | mkOptionDefault ["-p" "${builtins.toString (builtins.head nixos.config.services.openssh.ports)}"] 26 | ); 27 | autoRollback = mkOptionDefault true; 28 | magicRollback = mkOptionDefault true; 29 | fastConnection = mkOptionDefault false; 30 | hostname = mkOptionDefault "${name}.devices.inskip.me"; 31 | profiles.system = { 32 | user = "root"; 33 | path = inputs.deploy-rs.lib.${config.system}.activate.nixos inputs.self.nixosConfigurations.${name}; 34 | }; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /nixos/arc.nix: -------------------------------------------------------------------------------- 1 | ({pkgs, ...}: { 2 | users.users.arc = { 3 | uid = 1001; 4 | isNormalUser = true; 5 | extraGroups = ["wheel"]; 6 | openssh.authorizedKeys.keys = [ 7 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8Z6briIboxIdedPGObEWB6QEQkvxKvnMW/UVU9t/ac mew-pgp" 8 | ]; 9 | shell = pkgs.zsh; 10 | }; 11 | }) 12 | -------------------------------------------------------------------------------- /nixos/common/access.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | std, 4 | ... 5 | }: let 6 | inherit (std) list set; 7 | commonUser = { 8 | openssh.authorizedKeys.keys = list.concat (set.mapToValues 9 | (_: user: 10 | if list.elem "wheel" user.extraGroups 11 | then user.openssh.authorizedKeys.keys 12 | else []) 13 | config.users.users); 14 | }; 15 | in { 16 | security = { 17 | pam.sshAgentAuth.enable = true; 18 | sudo.enable = true; 19 | pam.services.sudo.sshAgentAuth = true; 20 | }; 21 | users.users = { 22 | root = commonUser; 23 | deploy = 24 | commonUser 25 | // { 26 | isNormalUser = true; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /nixos/common/base16.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | base16 = { 3 | inherit (config.home-manager.users.kat.base16) defaultSchemeName defaultScheme schemes; 4 | console = { 5 | enable = false; 6 | getty.enable = false; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /nixos/common/catppuccin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | catppuccin = { 3 | enable = true; 4 | flavor = "frappe"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/common/console.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | console = { 3 | font = "Tamzen7x14"; 4 | earlySetup = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/common/disable-documentation.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib.modules) mkForce; 3 | in { 4 | documentation.nixos.enable = mkForce false; 5 | } 6 | -------------------------------------------------------------------------------- /nixos/common/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts = { 3 | packages = with pkgs; [ 4 | font-awesome 5 | twitter-color-emoji 6 | iosevka-bin 7 | monaspace 8 | ]; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /nixos/common/locale.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts.packages = [ 3 | pkgs.tamzen 4 | ]; 5 | i18n = { 6 | defaultLocale = "en_CA.UTF-8"; 7 | supportedLocales = [ 8 | "en_CA.UTF-8/UTF-8" 9 | "en_GB.UTF-8/UTF-8" 10 | "en_US.UTF-8/UTF-8" 11 | "en_DK.UTF-8/UTF-8" 12 | ]; 13 | }; 14 | console = { 15 | packages = [pkgs.tamzen]; 16 | font = "Tamzen7x14"; 17 | earlySetup = true; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /nixos/common/login-notify.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | inherit (lib.modules) mkAfter mkDefault; 8 | in { 9 | sops.secrets.sshd-environment = { 10 | sopsFile = ./secrets.yaml; 11 | }; 12 | security.pam.services.sshd.text = let 13 | notify = pkgs.writeShellScriptBin "notify" '' 14 | export $(cat ${config.sops.secrets.sshd-environment.path} | xargs) 15 | 16 | if [ "$PAM_USER" = "deploy" ]; then 17 | if [ "$PAM_TYPE" = "open_session" ]; then 18 | message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." 19 | elif [ "$PAM_TYPE" = "close_session" ]; then 20 | message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}." 21 | fi 22 | else 23 | if [ "$PAM_TYPE" = "open_session" ]; then 24 | message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}." 25 | elif [ "$PAM_TYPE" = "close_session" ]; then 26 | message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}." 27 | fi 28 | fi 29 | 30 | if [ -n "$message" ]; then 31 | ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK 32 | fi 33 | ''; 34 | in 35 | mkDefault (mkAfter '' 36 | session required pam_exec.so seteuid ${notify}/bin/notify 37 | ''); 38 | } 39 | -------------------------------------------------------------------------------- /nixos/common/mutable-users.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | users.mutableUsers = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/common/nftables.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.nftables.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/common/nix-index.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.command-not-found.enable = false; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/common/nix.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | nix = { 3 | gc = { 4 | automatic = true; 5 | dates = "weekly"; 6 | }; 7 | settings = { 8 | auto-optimise-store = true; 9 | trusted-users = [ 10 | "deploy" 11 | ]; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /nixos/common/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | environment.systemPackages = [ 3 | pkgs.magic-wormhole 4 | ]; 5 | } -------------------------------------------------------------------------------- /nixos/common/secrets.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | users.groups.secrets = {}; 3 | systemd.tmpfiles.rules = [ 4 | "v /var/lib/secrets 700 deploy secrets" 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/common/ssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | std, 5 | ... 6 | }: let 7 | inherit (lib.modules) mkDefault; 8 | inherit (std) list; 9 | in { 10 | networking.firewall = { 11 | allowedTCPPorts = [(list.unsafeHead config.services.openssh.ports)]; 12 | }; 13 | 14 | programs.mosh.enable = true; 15 | 16 | services.openssh = { 17 | enable = true; 18 | settings = { 19 | KexAlgorithms = ["curve25519-sha256@libssh.org"]; 20 | PasswordAuthentication = false; 21 | KbdInteractiveAuthentication = false; 22 | PermitRootLogin = mkDefault "prohibit-password"; 23 | }; 24 | extraConfig = '' 25 | PubkeyAcceptedAlgorithms +ssh-rsa 26 | StreamLocalBindUnlink yes 27 | LogLevel VERBOSE 28 | ''; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /nixos/common/sudo-nopasswd.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | security.sudo.extraRules = [ 3 | { 4 | users = ["deploy"]; 5 | commands = [ 6 | { 7 | command = "ALL"; 8 | options = [ 9 | "NOPASSWD" 10 | "SETENV" 11 | ]; 12 | } 13 | ]; 14 | } 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /nixos/common/tzupdate.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.tzupdate.enable = true; 3 | 4 | systemd.timers."tzupdate" = { 5 | wantedBy = ["timers.target"]; 6 | timerConfig = { 7 | OnBootSec = "5m"; 8 | OnUnitActiveSec = "5m"; 9 | Unit = "tzupdate.service"; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /nixos/common/zsh.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zsh = { 3 | enable = true; 4 | enableCompletion = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/environments/gnome/dconf.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.dconf.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/environments/gnome/packages.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.gnome.excludePackages = with pkgs; [ 3 | gnome-photos 4 | gnome-tour 5 | cheese # webcam tool 6 | epiphany # web browser 7 | geary # email reader 8 | gnome-characters 9 | gnome-contacts 10 | gnome-initial-setup 11 | ]; 12 | environment.systemPackages = with pkgs; [ 13 | gnome-tweaks 14 | gnome-extension-manager 15 | ]; 16 | services.udev.packages = [pkgs.gnome.gnome-settings-daemon]; 17 | } 18 | -------------------------------------------------------------------------------- /nixos/environments/gnome/profile-inheritance.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: { 2 | imports = with tree.nixos.profiles; [ 3 | graphical 4 | ]; 5 | 6 | home-manager.users.kat.imports = with tree.home.environments; [ 7 | gnome 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /nixos/environments/gnome/xserver.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.xserver = { 3 | enable = true; 4 | displayManager.gdm.enable = true; 5 | desktopManager.gnome.enable = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /nixos/environments/i3/xserver.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.xserver = { 3 | enable = true; 4 | displayManager = { 5 | defaultSession = "none+i3"; 6 | }; 7 | windowManager.i3 = { 8 | enable = true; 9 | extraPackages = with pkgs; [ 10 | dmenu 11 | i3lock 12 | ]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /nixos/environments/kde/dconf.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.dconf.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/environments/kde/profile-inheritance.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: { 2 | imports = with tree.nixos.profiles; [ 3 | graphical 4 | ]; 5 | 6 | home-manager.users.kat.imports = with tree.home.environments; [ 7 | kde 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /nixos/environments/kde/xserver.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | xclip 4 | wl-clipboard 5 | ]; 6 | services = { 7 | displayManager.sddm = { 8 | enable = true; 9 | wayland.enable = true; 10 | }; 11 | xserver = { 12 | enable = true; 13 | }; 14 | desktopManager.plasma6.enable = true; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /nixos/environments/openbox/openbox.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services = { 3 | gnome.gnome-keyring.enable = true; 4 | xserver = { 5 | enable = true; 6 | libinput.touchpad = { 7 | tappingButtonMap = "lrm"; 8 | clickMethod = "clickfinger"; 9 | }; 10 | windowManager = { 11 | openbox.enable = true; 12 | }; 13 | displayManager.defaultSession = "none+openbox"; 14 | xkbOptions = "ctrl:nocaps"; 15 | }; 16 | colord.enable = true; 17 | }; 18 | programs.xfconf.enable = true; 19 | 20 | environment.systemPackages = with pkgs; [ 21 | menumaker 22 | xclip 23 | obconf 24 | numix-gtk-theme 25 | ]; 26 | } 27 | -------------------------------------------------------------------------------- /nixos/environments/sway/profile-inheritance.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: { 2 | imports = with tree.nixos.profiles; [ 3 | graphical 4 | ]; 5 | 6 | home-manager.users.kat.imports = with tree.home.environments; [ 7 | sway 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /nixos/environments/sway/sway.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | tree, 5 | std, 6 | lib, 7 | ... 8 | }: let 9 | inherit (std) set list; 10 | inherit (lib.modules) mkForce; 11 | in { 12 | imports = with tree.nixos.profiles; [ 13 | graphical 14 | ]; 15 | programs.sway = { 16 | enable = list.any (user: user.wayland.windowManager.sway.enable) (set.values config.home-manager.users); 17 | package = pkgs.swayfx; 18 | extraPackages = with pkgs; mkForce [xwayland swaylock swayidle swaylock-fancy wmctrl]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /nixos/environments/sway/xdg-portals.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | xdg = { 3 | portal = { 4 | enable = true; 5 | extraPortals = with pkgs; [ 6 | xdg-desktop-portal-wlr 7 | xdg-desktop-portal-gtk 8 | ]; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /nixos/environments/xfce/xfce.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services = { 3 | gnome.gnome-keyring.enable = true; 4 | xserver = { 5 | enable = true; 6 | libinput.touchpad = { 7 | tappingButtonMap = "lrm"; 8 | clickMethod = "clickfinger"; 9 | }; 10 | desktopManager = { 11 | xterm.enable = false; 12 | xfce.enable = true; 13 | }; 14 | displayManager.gdm.enable = true; 15 | displayManager.defaultSession = "xfce"; 16 | xkbOptions = "ctrl:nocaps"; 17 | }; 18 | 19 | colord.enable = true; 20 | }; 21 | programs.xfconf.enable = true; 22 | 23 | environment.systemPackages = with pkgs; [ 24 | xfce.xfce4-pulseaudio-plugin 25 | xfce.xfce4-whiskermenu-plugin 26 | xclip 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /nixos/hardware/framework/boot.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | boot = { 3 | plymouth = { 4 | enable = true; 5 | }; 6 | consoleLogLevel = 0; 7 | kernelParams = ["quiet"]; 8 | initrd = { 9 | verbose = false; 10 | systemd.enable = true; 11 | availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /nixos/hardware/framework/fingerprint.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services = { 3 | fwupd = { 4 | enable = true; 5 | package = 6 | (import (builtins.fetchTarball { 7 | url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; 8 | sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; 9 | }) { 10 | inherit (pkgs) system; 11 | }) 12 | .fwupd; 13 | }; 14 | fprintd.enable = true; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /nixos/hardware/framework/framework-icc.icm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kittywitch/nixfiles/3150cf3c120f26012f92df7762227d5529f50c8a/nixos/hardware/framework/framework-icc.icm -------------------------------------------------------------------------------- /nixos/hardware/framework/imports.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | tree, 4 | ... 5 | }: { 6 | imports = 7 | (with tree.nixos.profiles; [ 8 | uefi 9 | ]) 10 | ++ [ 11 | inputs.nixos-hardware.outputs.nixosModules.framework-13-7040-amd 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/hardware/oracle_flex.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, ...}: { 2 | imports = [(modulesPath + "/profiles/qemu-guest.nix")]; 3 | zramSwap.enable = true; 4 | fileSystems = { 5 | "/boot" = { 6 | device = "/dev/disk/by-uuid/92B6-AAE1"; 7 | fsType = "vfat"; 8 | }; 9 | "/" = { 10 | device = "/dev/sda3"; 11 | fsType = "xfs"; 12 | }; 13 | }; 14 | swapDevices = [{device = "/dev/sda2";}]; 15 | boot = { 16 | supportedFilesystems = ["xfs"]; 17 | tmp.cleanOnBoot = true; 18 | initrd = { 19 | availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; 20 | kernelModules = ["nvme"]; 21 | }; 22 | loader = { 23 | grub = { 24 | efiSupport = true; 25 | efiInstallAsRemovable = true; 26 | device = "nodev"; 27 | configurationLimit = 1; 28 | }; 29 | systemd-boot.configurationLimit = 1; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /nixos/hardware/oracle_micro.nix: -------------------------------------------------------------------------------- 1 | {modulesPath, ...}: { 2 | imports = [(modulesPath + "/profiles/qemu-guest.nix")]; 3 | zramSwap.enable = true; 4 | boot = { 5 | tmp.cleanOnBoot = true; 6 | loader = { 7 | grub = { 8 | efiSupport = true; 9 | efiInstallAsRemovable = true; 10 | device = "nodev"; 11 | configurationLimit = 1; 12 | }; 13 | systemd-boot.configurationLimit = 1; 14 | }; 15 | initrd = { 16 | availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; 17 | kernelModules = ["nvme"]; 18 | }; 19 | }; 20 | fileSystems = { 21 | "/boot" = { 22 | device = "/dev/disk/by-uuid/1F52-C11D"; 23 | fsType = "vfat"; 24 | }; 25 | "/" = { 26 | device = "/dev/sda1"; 27 | fsType = "ext4"; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /nixos/profiles/bcachefs.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: let 6 | inherit (lib.types) submodule loaOf; 7 | inherit (lib.modules) mkDefault mkAfter; 8 | inherit (lib.options) mkOption; 9 | in { 10 | options.security.pam.services = mkOption { 11 | type = loaOf (submodule { 12 | config.text = mkDefault (mkAfter "session required pam_keyinit.so force revoke"); 13 | }); 14 | }; 15 | config = { 16 | boot = { 17 | supportedFilesystems = ["bcachefs"]; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /nixos/profiles/bootable/grub.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | inherit (lib.modules) mkIf; 7 | in { 8 | boot.loader = mkIf config.boot.loader.grub.enable { 9 | timeout = null; 10 | grub = { 11 | useOSProber = true; 12 | splashImage = ./splash.jpg; 13 | extraConfig = '' 14 | set color_normal=black/black 15 | set menu_color_normal=black/black 16 | set menu_color_highlight=magenta/cyan 17 | ''; 18 | memtest86.enable = true; 19 | extraEntries = '' 20 | if [ ''${grub_platform} == "efi" ]; then 21 | menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { 22 | fwsetup 23 | } 24 | fi 25 | menuentry "System restart" { 26 | echo "System rebooting..." 27 | reboot 28 | } 29 | menuentry "System shutdown" { 30 | echo "System shutting down..." 31 | halt 32 | } 33 | ''; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /nixos/profiles/bootable/loader-config-limit.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | boot = { 3 | loader = { 4 | grub.configurationLimit = 8; 5 | systemd-boot.configurationLimit = 8; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/profiles/bootable/splash.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kittywitch/nixfiles/3150cf3c120f26012f92df7762227d5529f50c8a/nixos/profiles/bootable/splash.jpg -------------------------------------------------------------------------------- /nixos/profiles/bootable/sysctl.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib.modules) mkDefault; 3 | in { 4 | boot = { 5 | kernel.sysctl = { 6 | "fs.inotify.max_user_watches" = 524288; 7 | "net.core.rmem_max" = 16777216; 8 | "net.core.wmem_max" = 16777216; 9 | "net.ipv4.tcp_rmem" = "4096 87380 16777216"; 10 | "net.ipv4.tcp_wmem" = "4096 65536 16777216"; 11 | "net.ipv4.ip_forward" = mkDefault "1"; 12 | "net.ipv6.conf.all.forwarding" = "1"; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /nixos/profiles/bootable/tmp.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | boot = { 3 | tmp = { 4 | tmpfsSize = "80%"; 5 | useTmpfs = true; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/profiles/gaming/lutris.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | hardware.graphics = { 7 | enable32Bit = true; 8 | extraPackages32 = with pkgs; [ 9 | driversi686Linux.mesa 10 | ]; 11 | }; 12 | programs.gamescope = { 13 | enable = true; 14 | package = pkgs.gamescope; 15 | }; 16 | environment.systemPackages = with pkgs; [ 17 | (lutris.override { 18 | extraPkgs = pkgs: [ 19 | pkgs.gamescope 20 | pkgs.libnghttp2 21 | pkgs.winetricks 22 | pkgs.jansson 23 | pkgs.samba 24 | pkgs.mangohud 25 | pkgs.vkbasalt 26 | ]; 27 | extraLibraries = pkgs: [ 28 | pkgs.jansson 29 | pkgs.samba 30 | pkgs.xz 31 | ]; 32 | }) 33 | 34 | vkbasalt 35 | mangohud 36 | 37 | # support 32-bit only 38 | wine 39 | 40 | # support 64-bit only 41 | wine64 42 | 43 | # wine-staging (version with experimental features) 44 | wineWowPackages.staging 45 | 46 | # winetricks (all versions) 47 | winetricks 48 | 49 | # native wayland support (unstable) 50 | wineWowPackages.waylandFull 51 | ]; 52 | } 53 | -------------------------------------------------------------------------------- /nixos/profiles/gaming/minecraft.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.java = { 3 | enable = true; 4 | }; 5 | environment.systemPackages = with pkgs; [ 6 | prismlauncher 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/profiles/gaming/parsec.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | parsec-bin 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /nixos/profiles/gaming/quest.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | gsettings-desktop-schemas 4 | ]; 5 | programs.adb.enable = true; 6 | users.users.kat.extraGroups = ["adbusers"]; 7 | services.udev.extraRules = '' 8 | SUBSYSTEM=="usb",ATTR{idVendor}=="2833",ATTR{idProduct}=="0186",MODE="0660",GROUP="adbusers",TAG+="uaccess",SYMLINK+="android",SYMLINK+="android%n" 9 | ''; 10 | home-manager.users.kat.xdg.systemDirs.data = [ 11 | "${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}" 12 | "${pkgs.gtk3}/share/gsettings-schemas/${pkgs.gtk3.name}" 13 | ]; 14 | } 15 | -------------------------------------------------------------------------------- /nixos/profiles/gaming/steam.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.steam = { 3 | enable = true; 4 | remotePlay.openFirewall = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/avahi.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.avahi = { 3 | nssmdns4 = true; 4 | enable = true; 5 | ipv4 = true; 6 | ipv6 = true; 7 | publish = { 8 | enable = true; 9 | addresses = true; 10 | workstation = true; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/dns.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib.modules) mkForce; 3 | in { 4 | networking = { 5 | networkmanager.dns = mkForce "none"; 6 | nameservers = [ 7 | #"172.20.0.1" 8 | "1.1.1.1#cloudflare-dns.com" 9 | "1.0.0.1#cloudflare-dns.com" 10 | "8.8.8.8#dns.google" 11 | ]; 12 | }; 13 | services.resolved = { 14 | enable = false; 15 | domains = ["~."]; 16 | dnssec = "false"; 17 | extraConfig = '' 18 | DNSOverTLS=yes 19 | ''; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts = { 3 | packages = with pkgs; [ 4 | font-awesome 5 | twitter-color-emoji 6 | iosevka-bin 7 | monaspace 8 | corefonts 9 | vistafonts 10 | open-dyslexic 11 | ]; 12 | enableDefaultPackages = true; 13 | fontDir.enable = true; 14 | fontconfig = { 15 | enable = true; 16 | allowBitmaps = true; 17 | defaultFonts = { 18 | emoji = [ 19 | "Twitter Color Emoji" 20 | ]; 21 | }; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/gpg.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.pcscd.enable = true; 3 | services.udev.packages = [pkgs.yubikey-personalization]; 4 | 5 | programs.gnupg.agent = { 6 | enable = true; 7 | enableSSHSupport = true; 8 | pinentryPackage = pkgs.pinentry-gnome3; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/hardware.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | hardware.enableAllFirmware = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/infra.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: let 2 | inherit (lib.modules) mkIf mkDefault; 3 | in { 4 | gensokyo-zone = { 5 | access = { 6 | tail.enable = mkDefault true; 7 | local.enable = mkDefault (config.networking.hostName == "goliath"); 8 | }; 9 | nix = { 10 | enable = true; 11 | cache.infrastructure.enable = true; 12 | builder.enable = true; 13 | }; 14 | kyuuto = { 15 | enable = mkDefault true; 16 | shared.enable = mkDefault true; 17 | #domain = mkIf config.gensokyo-zone.access.local.enable "local.${domain}"; 18 | }; 19 | /*krb5 = { 20 | enable = mkDefault true; 21 | sssd = { 22 | enable = mkDefault true; 23 | # TODO: sssd ldap backend config is currently broken for unknown reasons 24 | # EDIT: wait ifp was disabled maybe it's actually just fine and I'm dumb? 25 | backend = "ipa"; 26 | }; 27 | nfs.enable = mkDefault true; 28 | #nfs.debug.enable = true; 29 | ipa.enable = mkDefault true; 30 | };*/ 31 | dns = { 32 | enable = mkDefault true; 33 | }; 34 | monitoring = { 35 | enable = mkIf config.gensokyo-zone.access.local.enable (mkDefault true); 36 | }; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/kernel.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | boot.zfs.package = pkgs.zfs_cachyos; 3 | boot.kernelPackages = pkgs.linuxPackages_cachyos; 4 | } 5 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/logitech.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.solaar = { 3 | enable = true; 4 | window = "hide"; 5 | package = pkgs.solaar; 6 | batteryIcons = "regular"; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/mounting.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services = { 3 | gvfs.enable = true; 4 | udisks2.enable = true; 5 | devmon.enable = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/mullvad.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.mullvad-vpn.enable = true; 3 | } -------------------------------------------------------------------------------- /nixos/profiles/graphical/nfs.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | boot.supportedFilesystems = ["nfs"]; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/packages.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | environment.systemPackages = with pkgs; [ 7 | jmtpfs 8 | dnsutils 9 | usbutils 10 | plexamp 11 | super-slicer-beta 12 | nvidia-vaapi-driver 13 | nv-codec-headers-12 14 | ]; 15 | programs.obs-studio = { 16 | enable = true; 17 | enableVirtualCamera = true; 18 | package = pkgs.obs-studio.override { 19 | cudaSupport = true; 20 | }; 21 | plugins = with pkgs.obs-studio-plugins; [ 22 | obs-vaapi 23 | ]; 24 | }; 25 | services.udev.packages = [ 26 | pkgs.android-udev-rules 27 | pkgs.zsa-udev-rules 28 | pkgs.via 29 | ]; 30 | } 31 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/pam.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | security.pam.services = { 3 | login.u2fAuth = true; 4 | sudo.u2fAuth = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/profile-inheritance.nix: -------------------------------------------------------------------------------- 1 | {tree, ...}: { 2 | imports = with tree.nixos.profiles; [ 3 | bootable 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/qt.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | qt = { 3 | enable = true; 4 | #platformTheme = "qt5ct"; 5 | #style = "kvantum"; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/restic.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.restic-password-file = { 3 | sopsFile = ./restic.yaml; 4 | }; 5 | services.restic.backups = { 6 | ${config.networking.hostName} = { 7 | paths = [ 8 | "/home/kat/Documents" 9 | "/home/kat/Pictures" 10 | ]; 11 | exclude = [ 12 | ]; 13 | extraOptions = [ 14 | "sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'" 15 | ]; 16 | pruneOpts = [ 17 | "--keep-daily 7" 18 | "--keep-weekly 2" 19 | "--keep-monthly 6" 20 | ]; 21 | initialize = true; 22 | passwordFile = config.sops.secrets.restic-password-file.path; 23 | repository = "sftp:u401227@u401227.your-storagebox.de:/restic/${config.networking.hostName}"; 24 | timerConfig = { 25 | OnCalendar = "00:05"; 26 | RandomizedDelaySec = "5h"; 27 | }; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /nixos/profiles/graphical/sound.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [pulsemixer]; 3 | 4 | services.pulseaudio.enable = false; 5 | 6 | security.rtkit.enable = true; 7 | 8 | services.pipewire.extraConfig.pipewire-pulse."92-subpar-latency" = { 9 | pulse.properties = { 10 | pulse.min.req = "1024/48000"; 11 | pulse.default.req = "1024/48000"; 12 | pulse.min.quantum = "1024/48000"; 13 | }; 14 | }; 15 | services.pipewire = { 16 | enable = true; 17 | pulse.enable = true; 18 | alsa.support32Bit = true; 19 | jack.enable = true; 20 | alsa.enable = true; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /nixos/profiles/laptop/cpufreq.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | } -------------------------------------------------------------------------------- /nixos/profiles/sdr.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | rtl-sdr 4 | sdrpp 5 | sdrangel 6 | ]; 7 | hardware.rtl-sdr.enable = true; 8 | users.users.kat.extraGroups = ["plugdev"]; 9 | } 10 | -------------------------------------------------------------------------------- /nixos/profiles/secureboot.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: let 6 | inherit (lib.modules) mkForce; 7 | in { 8 | environment.systemPackages = with pkgs; [ 9 | sbctl 10 | ]; 11 | boot = { 12 | loader = { 13 | systemd-boot.enable = mkForce false; 14 | }; 15 | lanzaboote = { 16 | enable = true; 17 | pkiBundle = "/etc/secureboot"; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /nixos/profiles/server/loader-config-limit.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | boot = { 3 | loader = { 4 | grub.configurationLimit = 1; 5 | systemd-boot.configurationLimit = 1; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/profiles/server/mosh.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.mosh.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/profiles/server/tailscale.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | # Enable tailscale 3 | services.tailscale = { 4 | enable = true; 5 | }; 6 | 7 | # Allow tailscale through firewall 8 | networking.firewall = { 9 | enable = true; 10 | trustedInterfaces = ["tailscale0"]; 11 | allowedUDPPorts = [config.services.tailscale.port]; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/profiles/uefi.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | boot.loader = { 3 | grub = { 4 | devices = ["nodev"]; 5 | efiSupport = true; 6 | gfxmodeEfi = "1920x1080"; 7 | }; 8 | efi = { 9 | canTouchEfiVariables = true; 10 | efiSysMountPoint = "/boot"; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/profiles/virtualisation/virt-manager.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | users.users.kat.extraGroups = ["libvirtd"]; 3 | 4 | environment.systemPackages = with pkgs; [ 5 | virt-viewer 6 | spice 7 | spice-gtk 8 | spice-protocol 9 | win-virtio 10 | win-spice 11 | adwaita-icon-theme 12 | ]; 13 | 14 | services.spice-vdagentd.enable = true; 15 | 16 | programs.virt-manager.enable = true; 17 | 18 | virtualisation = { 19 | libvirtd = { 20 | enable = true; 21 | qemu = { 22 | swtpm.enable = true; 23 | ovmf.enable = true; 24 | ovmf.packages = [pkgs.OVMFFull.fd]; 25 | }; 26 | }; 27 | spiceUSBRedirection.enable = true; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /nixos/profiles/wireless/bluetooth.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [bluez5-experimental]; 3 | 4 | services.pipewire.wireplumber.configPackages = [ 5 | (pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/10-bluez.conf" '' 6 | bluez_monitor.properties = { 7 | ["bluez5.enable-sbc-xq"] = true, 8 | ["bluez5.enable-msbc"] = true, 9 | ["bluez5.enable-hw-volume"] = true, 10 | ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" 11 | } 12 | '') 13 | ]; 14 | 15 | hardware.bluetooth = { 16 | enable = true; 17 | package = pkgs.bluez5-experimental; 18 | settings = { 19 | General = { 20 | Enable = "Source,Sink,Media,Socket"; 21 | }; 22 | }; 23 | }; 24 | 25 | services = { 26 | blueman.enable = true; 27 | }; 28 | 29 | home-manager.sharedModules = [ 30 | { 31 | xsession.preferStatusNotifierItems = true; 32 | services.blueman-applet.enable = false; 33 | } 34 | ]; 35 | } 36 | -------------------------------------------------------------------------------- /nixos/profiles/wireless/firewall.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall = { 3 | allowedUDPPorts = [5353]; # MDNS 4 | allowedUDPPortRanges = [ 5 | { 6 | from = 32768; 7 | to = 60999; 8 | } 9 | ]; # Chromecast 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /nixos/profiles/wireless/wifi.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: let 6 | inherit (lib.modules) mkForce; 7 | in { 8 | systemd.services.NetworkManager-wait-online = { 9 | serviceConfig.ExecStart = ["" "${pkgs.networkmanager}/bin/nm-online -q"]; 10 | }; 11 | 12 | networking = { 13 | networkmanager = { 14 | enable = true; 15 | wifi.backend = "iwd"; 16 | connectionConfig = { 17 | "ipv6.ip6-privacy" = mkForce 0; 18 | }; 19 | }; 20 | }; 21 | 22 | home-manager.sharedModules = [ 23 | { 24 | xsession.preferStatusNotifierItems = true; 25 | #services.network-manager-applet.enable = true; 26 | } 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /nixos/servers/grafana-stack/grafana.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.grafana = { 3 | enable = true; 4 | settings.server = { 5 | domain = "mon.kittywit.ch"; 6 | http_port = 2342; 7 | http_addr = "127.0.0.1"; 8 | root_url = "https://mon.kittywit.ch/"; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /nixos/servers/grafana-stack/nginx.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { 3 | enableACME = true; 4 | forceSSL = true; 5 | locations."/" = { 6 | proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; 7 | proxyWebsockets = true; 8 | }; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /nixos/servers/grafana-stack/scalpel.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | prev, 5 | ... 6 | }: let 7 | inherit (lib.strings) addContextFrom; 8 | inherit (lib.modules) mkForce; 9 | telegraf_start = prev.config.systemd.services.telegraf.serviceConfig.ExecStart; 10 | telegraf_cfgfile = builtins.head (builtins.match "^.*-config ([^\ ]*).*$" "${telegraf_start}"); 11 | prometheus_start = prev.config.systemd.services.prometheus.serviceConfig.ExecStart; 12 | prometheus_cfgfile = builtins.head (builtins.match "^.*-config\.file=([^\ ]*).*$" "${prometheus_start}"); 13 | in { 14 | systemd.services.telegraf.serviceConfig.ExecStart = mkForce ( 15 | builtins.replaceStrings ["${telegraf_cfgfile}"] ["${config.scalpel.trafos."config.toml".destination} "] "${telegraf_start}" 16 | ); 17 | scalpel.trafos."config.toml" = { 18 | source = addContextFrom telegraf_start telegraf_cfgfile; 19 | matchers."TELEGRAF_API_KEY".secret = config.sops.secrets.telegraf_api_key.path; 20 | owner = "telegraf"; 21 | group = "telegraf"; 22 | mode = "0440"; 23 | }; 24 | systemd.services.prometheus.serviceConfig.ExecStart = mkForce ( 25 | builtins.replaceStrings ["${prometheus_cfgfile}"] ["${config.scalpel.trafos."prometheus.yml".destination} "] "${prometheus_start}" 26 | ); 27 | scalpel.trafos."prometheus.yml" = { 28 | source = addContextFrom prometheus_start prometheus_cfgfile; 29 | matchers."HOME_ASSISTANT_API_TOKEN".secret = config.sops.secrets.home_assistant_api_key.path; 30 | owner = "prometheus"; 31 | group = "prometheus"; 32 | mode = "0440"; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /nixos/servers/grafana-stack/secrets.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.telegraf_api_key = { 3 | format = "yaml"; 4 | sopsFile = ./secrets.yaml; 5 | }; 6 | sops.secrets.home_assistant_api_key = { 7 | format = "yaml"; 8 | sopsFile = ./secrets.yaml; 9 | }; 10 | scalpels = [ 11 | ./scalpel.nix 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/servers/grafana-stack/telegraf.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | users.users.telegraf = { 3 | extraGroups = [ 4 | "nginx" 5 | ]; 6 | }; 7 | systemd.services.telegraf = { 8 | serviceConfig = { 9 | AmbientCapabilities = [ 10 | "CAP_NET_RAW" 11 | ]; 12 | CapabilityBoundingSet = [ 13 | "CAP_NET_RAW" 14 | ]; 15 | }; 16 | }; 17 | services.telegraf = { 18 | enable = true; 19 | extraConfig = { 20 | inputs = { 21 | nginx = { 22 | urls = [ 23 | "http://localhost/nginx_status" 24 | ]; 25 | response_timeout = "5s"; 26 | }; 27 | tail = { 28 | name_override = "nginxlog"; 29 | files = [ 30 | "/var/log/nginx/access.log" 31 | ]; 32 | from_beginning = true; 33 | pipe = false; 34 | data_format = "grok"; 35 | grok_patterns = ["%{COMBINED_LOG_FORMAT}"]; 36 | }; 37 | cpu = { 38 | percpu = true; 39 | }; 40 | disk = { 41 | }; 42 | diskio = { 43 | }; 44 | net = { 45 | }; 46 | mem = { 47 | }; 48 | ping = { 49 | interval = "60s"; 50 | method = "native"; 51 | urls = [ 52 | "8.8.8.8" 53 | "2001:4860:4860:0:0:0:0:8888" 54 | ]; 55 | count = 3; 56 | timeout = 2.0; 57 | }; 58 | system = { 59 | }; 60 | }; 61 | outputs = { 62 | prometheus_client = { 63 | listen = "127.0.0.1:9125"; 64 | }; 65 | http = { 66 | url = "http://localhost:${toString config.services.grafana.settings.server.http_port}/api/live/push/custom_stream_id"; 67 | data_format = "influx"; 68 | headers = { 69 | Authorization = "Bearer !!TELEGRAF_API_KEY!!"; 70 | }; 71 | }; 72 | }; 73 | }; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /nixos/servers/matrix/cleanup.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | sops.secrets.synapse-cleanup-environment = { 7 | sopsFile = ./secrets.yaml; 8 | }; 9 | systemd = { 10 | services.synapse-cleanup = { 11 | restartIfChanged = false; 12 | serviceConfig = { 13 | Type = "exec"; 14 | User = "root"; 15 | EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path; 16 | ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup"; 17 | }; 18 | }; 19 | timers.synapse-cleanup = { 20 | timerConfig = { 21 | OnCalendar = "weekly"; 22 | Persistent = true; 23 | Unit = "synapse-cleanup.service"; 24 | }; 25 | wantedBy = ["timers.target"]; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /nixos/servers/matrix/discord.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.mx-puppet-discord = { 3 | #inherit (config.services.matrix-synapse) enable; 4 | settings = { 5 | bridge = { 6 | bindAddress = "localhost"; 7 | domain = "kittywit.ch"; 8 | homeserverUrl = "https://yukari.gensokyo.zone"; 9 | }; 10 | provisioning.whitelist = ["@.*:kittywit.ch"]; 11 | relay.whitelist = ["@.*:kittywit.ch"]; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /nixos/servers/matrix/nginx.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | fqdn = "${config.networking.hostName}.inskip.me"; 3 | in { 4 | services.nginx = { 5 | virtualHosts = { 6 | "${fqdn}" = { 7 | enableACME = true; 8 | forceSSL = true; 9 | locations = { 10 | "/".extraConfig = '' 11 | return 404; 12 | ''; 13 | "/_matrix".proxyPass = "http://[::1]:8008"; 14 | "/_synapse".proxyPass = "http://[::1]:8008"; 15 | }; 16 | extraConfig = '' 17 | http2_max_requests 100000; 18 | keepalive_requests 100000; 19 | ''; 20 | }; 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /nixos/servers/matrix/postgres.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.postgresql = { 3 | ensureUsers = [ 4 | { 5 | name = "matrix-synapse"; 6 | ensureDBOwnership = true; 7 | } 8 | ]; 9 | ensureDatabases = [ 10 | "matrix-synapse" 11 | ]; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/servers/matrix/restic.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.restic-password-file = { 3 | sopsFile = ./restic.yaml; 4 | }; 5 | services.restic.backups = { 6 | "${config.networking.hostName}-matrix" = { 7 | paths = [ 8 | "/var/lib/matrix-synapse" 9 | "/var/lib/mx-puppet-discord" 10 | "/var/lib/mautrix-whatsapp" 11 | "/var/lib/mautrix-signal" 12 | "/var/lib/mautrix-telegram" 13 | "/var/lib/mautrix-slack" 14 | ]; 15 | exclude = [ 16 | ]; 17 | extraOptions = [ 18 | "sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'" 19 | ]; 20 | pruneOpts = [ 21 | "--keep-daily 7" 22 | "--keep-weekly 2" 23 | "--keep-monthly 6" 24 | ]; 25 | initialize = true; 26 | passwordFile = config.sops.secrets.restic-password-file.path; 27 | repository = "sftp:u401227@u401227.your-storagebox.de:/restic/yukari/matrix"; 28 | timerConfig = { 29 | OnCalendar = "00:05"; 30 | RandomizedDelaySec = "5h"; 31 | }; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /nixos/servers/matrix/scalpel.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | config, 4 | prev, 5 | ... 6 | }: let 7 | inherit (lib.modules) mkForce; 8 | start = prev.config.systemd.services.matrix-synapse.serviceConfig.ExecStart; 9 | synapse_cfgfile = builtins.head (builtins.match "^.*--config-path ([^\ ]*).*$" "${start}"); 10 | in { 11 | systemd.services.matrix-synapse.serviceConfig.ExecStart = mkForce ( 12 | builtins.replaceStrings ["${synapse_cfgfile}"] ["${config.scalpel.trafos."homeserver.yaml".destination} "] "${start}" 13 | ); 14 | scalpel.trafos."homeserver.yaml" = { 15 | source = synapse_cfgfile; 16 | matchers."MATRIX_SHARED_REGISTRATION_SECRET".secret = config.sops.secrets.matrix_shared_registration_secret.path; 17 | owner = "matrix-synapse"; 18 | group = "matrix-synapse"; 19 | mode = "0440"; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /nixos/servers/matrix/secrets.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.matrix_shared_registration_secret = { 3 | format = "yaml"; 4 | sopsFile = ./secrets.yaml; 5 | }; 6 | 7 | scalpels = [ 8 | ./scalpel.nix 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /nixos/servers/matrix/signal.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.mautrix-signal-environment = { 3 | sopsFile = ./signal.yaml; 4 | }; 5 | services.mautrix-signal = { 6 | #inherit (config.services.matrix-synapse) enable; 7 | environmentFile = config.sops.secrets.mautrix-signal-environment.path; 8 | settings = { 9 | homeserver = { 10 | domain = "kittywit.ch"; 11 | address = "https://yukari.gensokyo.zone"; 12 | software = "standard"; 13 | }; 14 | appservice = { 15 | port = 9048; 16 | ephemeral_events = false; 17 | }; 18 | signal = { 19 | }; 20 | bridge = { 21 | history_sync = { 22 | request_full_sync = true; 23 | }; 24 | private_chat_portal_meta = true; 25 | mute_bridging = true; 26 | encryption = { 27 | allow = true; 28 | default = true; 29 | require = true; 30 | }; 31 | provisioning = { 32 | shared_secret = "disable"; 33 | }; 34 | permissions = { 35 | "kittywit.ch" = "user"; 36 | "@kat:kittywit.ch" = "admin"; 37 | "@signal:kittywit.ch" = "admin"; 38 | }; 39 | }; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /nixos/servers/matrix/slack.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.mautrix-slack-environment = { 3 | sopsFile = ./slack.yaml; 4 | }; 5 | services.mautrix-slack = { 6 | #inherit (config.services.matrix-synapse) enable; 7 | environmentFile = config.sops.secrets.mautrix-slack-environment.path; 8 | settings = { 9 | homeserver = { 10 | domain = "kittywit.ch"; 11 | address = "https://yukari.gensokyo.zone"; 12 | software = "standard"; 13 | }; 14 | appservice = { 15 | ephemeral_events = false; 16 | }; 17 | slack = { 18 | }; 19 | bridge = { 20 | history_sync = { 21 | request_full_sync = true; 22 | }; 23 | private_chat_portal_meta = true; 24 | mute_bridging = true; 25 | encryption = { 26 | allow = true; 27 | default = true; 28 | require = true; 29 | }; 30 | provisioning = { 31 | shared_secret = "disable"; 32 | }; 33 | permissions = { 34 | "kittywit.ch" = "full"; 35 | "@kat:kittywit.ch" = "admin"; 36 | "@slack:kittywit.ch" = "admin"; 37 | }; 38 | }; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /nixos/servers/matrix/telegram.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.mautrix-telegram-environment = { 3 | sopsFile = ./telegram.yaml; 4 | }; 5 | services.mautrix-telegram = { 6 | #inherit (config.services.matrix-synapse) enable; 7 | environmentFile = config.sops.secrets.mautrix-telegram-environment.path; 8 | settings = { 9 | homeserver = { 10 | domain = "kittywit.ch"; 11 | address = "https://yukari.gensokyo.zone"; 12 | software = "standard"; 13 | }; 14 | appservice = { 15 | port = 9047; 16 | }; 17 | telegram = { 18 | }; 19 | bridge = { 20 | permissions = { 21 | "kittywit.ch" = "full"; 22 | "@kat:kittywit.ch" = "admin"; 23 | }; 24 | }; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /nixos/servers/matrix/whatsapp.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.mautrix-whatsapp-environment = { 3 | sopsFile = ./whatsapp.yaml; 4 | }; 5 | services.mautrix-whatsapp = { 6 | #inherit (config.services.matrix-synapse) enable; 7 | environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path; 8 | settings = { 9 | homeserver = { 10 | domain = "kittywit.ch"; 11 | address = "https://yukari.gensokyo.zone"; 12 | software = "standard"; 13 | }; 14 | appservice = { 15 | port = 9049; 16 | }; 17 | whatsapp = { 18 | }; 19 | bridge = { 20 | encryption = { 21 | allow = true; 22 | default = true; 23 | require = true; 24 | }; 25 | permissions = { 26 | "kittywit.ch" = "full"; 27 | "@whatsapp:kittywit.ch" = "admin"; 28 | "@kat:kittywit.ch" = "admin"; 29 | }; 30 | }; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /nixos/servers/monica/monica.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.monica_appkey = { 3 | sopsFile = ./secrets.yaml; 4 | owner = config.services.monica.user; 5 | inherit (config.services.monica) group; 6 | }; 7 | services.monica = { 8 | enable = true; 9 | hostname = "monica.kittywit.ch"; 10 | appURL = "https://monica.kittywit.ch"; 11 | appKeyFile = config.sops.secrets.monica_appkey.path; 12 | nginx = { 13 | serverName = "monica.kittywit.ch"; 14 | serverAliases = [ 15 | "monica.kittywit.ch" 16 | ]; 17 | enableACME = true; 18 | forceSSL = true; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /nixos/servers/postgres.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.postgresql.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/servers/public-directory.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.nginx = { 3 | virtualHosts = { 4 | "public.gensokyo.zone" = { 5 | extraConfig = '' 6 | allow 103.21.244.0/22; 7 | allow 103.22.200.0/22; 8 | allow 103.31.4.0/22; 9 | allow 104.16.0.0/12; 10 | allow 108.162.192.0/18; 11 | allow 131.0.72.0/22; 12 | allow 141.101.64.0/18; 13 | allow 162.158.0.0/15; 14 | allow 172.64.0.0/13; 15 | allow 173.245.48.0/20; 16 | allow 188.114.96.0/20; 17 | allow 190.93.240.0/20; 18 | allow 197.234.240.0/22; 19 | allow 198.41.128.0/17; 20 | 21 | # IPv6 22 | allow 2400:cb00::/32; 23 | allow 2405:b500::/32; 24 | allow 2606:4700::/32; 25 | allow 2803:f800::/32; 26 | allow 2c0f:f248::/32; 27 | allow 2a06:98c0::/29; 28 | 29 | deny all; 30 | ''; 31 | locations."/kat-is-a-cute-girl/" = { 32 | alias = "/var/www/public/"; 33 | extraConfig = '' 34 | autoindex on; 35 | ''; 36 | }; 37 | }; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /nixos/servers/rustdesk.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.rustdesk-server = { 3 | enable = true; 4 | relayHosts = [ "100.89.32.57" ]; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/servers/thelounge/nginx.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.nginx = { 3 | virtualHosts = { 4 | "irc.kittywit.ch" = { 5 | enableACME = true; 6 | forceSSL = true; 7 | locations."/" = { 8 | proxyPass = "http://[::1]:9000"; 9 | proxyWebsockets = true; 10 | }; 11 | }; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /nixos/servers/thelounge/thelounge.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.thelounge = { 3 | enable = true; 4 | extraConfig = { 5 | reverseProxy = true; 6 | public = false; 7 | fileUpload = { 8 | enable = true; 9 | }; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /nixos/servers/tt-rss/nginx.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.nginx = { 3 | virtualHosts."rss.kittywit.ch" = { 4 | enableACME = true; 5 | forceSSL = true; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/servers/tt-rss/postgres.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.postgresql = { 3 | ensureDatabases = ["tt_rss"]; 4 | ensureUsers = [ 5 | { 6 | name = "tt_rss"; 7 | ensureDBOwnership = true; 8 | } 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /nixos/servers/tt-rss/service.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.tt-rss = { 3 | enable = true; 4 | virtualHost = "rss.kittywit.ch"; 5 | selfUrlPath = "https://rss.kittywit.ch"; 6 | database = { 7 | type = "pgsql"; 8 | host = null; 9 | name = "tt_rss"; 10 | createLocally = false; 11 | }; 12 | plugins = [ 13 | "auth_internal" 14 | "auth_ldap" 15 | "note" 16 | "updater" 17 | "api_feedreader" 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /nixos/servers/vaultwarden/nginx.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.nginx.virtualHosts."vault.kittywit.ch" = { 3 | enableACME = true; 4 | forceSSL = true; 5 | acmeRoot = null; 6 | locations = { 7 | "/" = { 8 | proxyPass = "http://localhost:4000"; 9 | proxyWebsockets = true; 10 | }; 11 | "/notifications/hub" = { 12 | proxyPass = "http://localhost:3012"; 13 | proxyWebsockets = true; 14 | }; 15 | "/notifications/hub/negotiate" = { 16 | proxyPass = "http://localhost:4000"; 17 | proxyWebsockets = true; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /nixos/servers/vaultwarden/postgres.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.postgresql = { 3 | ensureDatabases = ["bitwarden_rs"]; 4 | ensureUsers = [ 5 | { 6 | name = "bitwarden_rs"; 7 | ensureDBOwnership = true; 8 | } 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /nixos/servers/vaultwarden/scalpel.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | secrets.files.vaultwarden-env = { 3 | owner = "bitwarden_rs"; 4 | group = "bitwarden_rs"; 5 | }; 6 | 7 | services.vaultwarden = { 8 | environmentFile = config.secrets.files.vaultwarden-env.path; 9 | }; 10 | 11 | scalpel.trafos."environment_file" = { 12 | source = "/etc/vaultwarden/environment_file_template"; 13 | matchers."VAULTWARDEN_ADMIN_TOKEN".secret = config.sops.secrets.vaultwarden_admin_token.path; 14 | owner = "acme"; 15 | group = "acme"; 16 | mode = "0440"; 17 | }; 18 | 19 | services.vaultwarden.environmentFile = config.scalpel.trafos."environment_file".destination; 20 | } 21 | -------------------------------------------------------------------------------- /nixos/servers/vaultwarden/vaultwarden.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | users.users.vaultwarden.name = "bitwarden_rs"; 3 | users.groups.vaultwarden.name = "bitwarden_rs"; 4 | 5 | services.vaultwarden = { 6 | enable = true; 7 | dbBackend = "postgresql"; 8 | config = { 9 | rocketPort = 4000; 10 | websocketEnabled = true; 11 | signupsAllowed = false; 12 | domain = "https://vault.kittywit.ch"; 13 | databaseUrl = "postgresql://bitwarden_rs@/bitwarden_rs"; 14 | }; 15 | }; 16 | 17 | environment.etc."vaultwarden/environment_file_template".text = '' 18 | ADMIN_TOKEN=!!VAULTWARDEN_ADMIN_TOKEN!! 19 | ''; 20 | } 21 | -------------------------------------------------------------------------------- /nixos/servers/web/acme.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | environment.etc."ssl/credentials_template".text = '' 3 | CF_API_EMAIL=!!CLOUDFLARE_EMAIL!! 4 | CLOUDFLARE_API_KEY=!!CLOUDFLARE_API_KEY!! 5 | ''; 6 | 7 | security.acme = { 8 | defaults = { 9 | dnsProvider = "cloudflare"; 10 | email = "acme@inskip.me"; 11 | }; 12 | acceptTerms = true; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /nixos/servers/web/firewall.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [ 3 | 80 4 | 443 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /nixos/servers/web/nginx.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.nginx = { 3 | enable = true; 4 | recommendedTlsSettings = true; 5 | recommendedOptimisation = true; 6 | recommendedGzipSettings = true; 7 | recommendedProxySettings = true; 8 | statusPage = true; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /nixos/servers/web/scalpel.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | scalpel.trafos."credentials_file" = { 3 | source = "/etc/ssl/credentials_template"; 4 | matchers."CLOUDFLARE_EMAIL".secret = config.sops.secrets.cloudflare_email.path; 5 | matchers."CLOUDFLARE_API_KEY".secret = config.sops.secrets.cloudflare_api_key.path; 6 | owner = "acme"; 7 | group = "acme"; 8 | mode = "0440"; 9 | }; 10 | 11 | security.acme.defaults.credentialsFile = config.scalpel.trafos."credentials_file".destination; 12 | } 13 | -------------------------------------------------------------------------------- /nixos/servers/web/secrets.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | secretConfig = { 3 | format = "yaml"; 4 | sopsFile = ./secrets.yaml; 5 | }; 6 | in { 7 | sops.secrets.cloudflare_email = secretConfig; 8 | sops.secrets.cloudflare_api_key = secretConfig; 9 | 10 | scalpels = [ 11 | ./scalpel.nix 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/servers/weechat/buflist.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | home-manager.users.kat.programs.weechat.config.buflist = { 3 | format = with config.base16.defaultScheme.map.ansiStr; { 4 | indent = " "; # default " " 5 | buffer_current = "\${color:,${base02}}\${format_buffer}"; 6 | hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})"; 7 | hotlist_highlight = "\${color:${base0E}}"; 8 | hotlist_low = "\${color:${base03}}"; 9 | hotlist_message = "\${color:${base08}}"; 10 | hotlist_none = "\${color:${base05}}"; 11 | hotlist_private = "\${color:${base09}}"; 12 | hotlist_separator = "\${color:${base04}},"; 13 | number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }"; 14 | }; 15 | look.use_items = 4; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /nixos/servers/weechat/init.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib.modules) mkMerge mkBefore mkAfter; 3 | in { 4 | home-manager.users.kat = {config, ...}: { 5 | sops.secrets = let 6 | common = { 7 | sopsFile = ./secrets.yaml; 8 | }; 9 | in { 10 | weechat-secret = common; 11 | liberachat-cert = common; 12 | espernet-cert = common; 13 | softnet-cert = common; 14 | }; 15 | 16 | programs.weechat = { 17 | init = mkMerge [ 18 | (mkBefore '' 19 | /exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path} 20 | /set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path} 21 | /set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path} 22 | /set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path} 23 | /key bind meta-g /go 24 | /key bind meta-v /input jump_last_buffer_displayed 25 | /key bind meta-c /buffer close 26 | /key bind meta-n /bar toggle nicklist 27 | /key bind meta-b /bar toggle buflist 28 | /relay add weechat 9000 29 | '') 30 | (mkAfter '' 31 | /matrix connect kittywitch 32 | /matrix connect kittywitch-discord 33 | /matrix connect kittywitch-telegram 34 | /matrix connect kittywitch-whatsapp 35 | /matrix connect kittywitch-signal 36 | '') 37 | ]; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /nixos/servers/weechat/irc.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home-manager.users.kat.programs.weechat.config.irc = { 3 | look = { 4 | server_buffer = "independent"; 5 | color_nicks_in_nicklist = true; 6 | }; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /nixos/servers/weechat/matrix.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home-manager.users.kat.programs.weechat = { 3 | scripts = with pkgs.weechatScripts; [ 4 | weechat-matrix 5 | ]; 6 | plugins = { 7 | python = { 8 | packages = ["weechat-matrix"]; 9 | }; 10 | }; 11 | config.matrix = { 12 | network = { 13 | max_backlog_sync_events = 30; 14 | lazy_load_room_users = true; 15 | autoreconnect_delay_max = 5; 16 | lag_min-show = 1000; 17 | }; 18 | look = { 19 | server_buffer = "independent"; 20 | redactions = "notice"; 21 | }; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /nixos/servers/weechat/nginx.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.nginx.virtualHosts."irc.kittywit.ch" = { 3 | enableACME = true; 4 | forceSSL = true; 5 | locations = { 6 | "/" = {root = pkgs.glowing-bear;}; 7 | "^~ /weechat" = { 8 | proxyPass = "http://127.0.0.1:9000"; 9 | proxyWebsockets = true; 10 | }; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /nixos/servers/weechat/perl.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home-manager.users.kat.programs.weechat = { 3 | plugins = { 4 | perl = { 5 | enable = true; 6 | }; 7 | }; 8 | scripts = with pkgs.weechatScripts; [ 9 | highmon 10 | parse_relayed_msg 11 | ]; 12 | config.plugins.var.perl = { 13 | highmon = { 14 | short_names = "on"; 15 | output = "buffer"; 16 | merge_private = "on"; 17 | alignment = "nchannel,nick"; 18 | }; 19 | parse_relayed_msg = { 20 | servername = "espernet"; 21 | supported_bot_names = "cord"; 22 | }; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /nixos/servers/weechat/python.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | std, 5 | inputs, 6 | lib, 7 | ... 8 | }: let 9 | inherit (builtins) toJSON; 10 | inherit (std) list set; 11 | in { 12 | home-manager.users.kat.programs.weechat = { 13 | plugins = { 14 | python = { 15 | enable = true; 16 | }; 17 | }; 18 | scripts = with pkgs.weechatScripts; [ 19 | colorize_nicks 20 | title 21 | weechat-go 22 | vimode-develop 23 | auto_away 24 | weechat-autosort 25 | urlgrab 26 | unread_buffer 27 | ]; 28 | config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; { 29 | python = { 30 | vimode = { 31 | copy_clipboard_cmd = "wl-copy"; 32 | paste_clipboard_cmd = "wl-paste --no-newline"; 33 | imap_esc_timeout = "100"; 34 | search_vim = true; 35 | user_mappings = toJSON { 36 | "," = "/buffer #{1}"; 37 | "``" = "/input jump_last_buffer_displayed"; 38 | "`n" = "/input jump_smart"; 39 | "k" = "/input history_previous"; 40 | "j" = "/input history_next"; 41 | "p" = "a/input clipboard_paste"; 42 | "P" = "/input clipboard_paste"; 43 | #"u" = "/input undo"; 44 | #"\\x01R" = "/input redo"; 45 | "\\x01K" = "/buffer move -1"; 46 | "\\x01J" = "/buffer move +1"; 47 | }; 48 | user_mappings_noremap = toJSON { 49 | "\\x01P" = "p"; 50 | "/" = "i/"; 51 | }; 52 | user_search_mapping = "?"; 53 | mode_indicator_cmd_color_bg = base01; 54 | mode_indicator_cmd_color = base04; 55 | mode_indicator_insert_color_bg = base01; 56 | mode_indicator_insert_color = base04; 57 | mode_indicator_normal_color_bg = base01; 58 | mode_indicator_normal_color = base04; 59 | mode_indicator_replace_color_bg = base01; 60 | mode_indicator_replace_color = base0E; 61 | mode_indicator_search_color_bg = base0E; 62 | mode_indicator_search_color = base04; 63 | no_warn = true; 64 | }; 65 | title = { 66 | title_prefix = "weechat - "; 67 | show_hotlist = true; 68 | current_buffer_suffix = " ["; 69 | title_suffix = " ]"; 70 | }; 71 | notify_send.icon = ""; 72 | go.short_name = true; 73 | }; 74 | }; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /nixos/servers/weechat/urlgrab.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard"; 3 | } 4 | -------------------------------------------------------------------------------- /nixos/servers/weechat/weechat.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | home-manager.users.kat = { 3 | services.weechat.enable = true; 4 | programs.weechat = { 5 | enable = true; 6 | config.weechat = with config.base16.defaultScheme.map.ansiStr; { 7 | look = { 8 | mouse = true; 9 | separator_horizontal = ""; 10 | read_marker_string = "─"; 11 | prefix_same_nick = "↳"; 12 | highlight_disable_regex = "signal|discord|telegram|whatsapp"; 13 | highlight = "kat,kittywitch"; 14 | }; 15 | # color overrides 16 | color = { 17 | chat_nick_self = base0E; 18 | separator = base06; 19 | chat_read_marker = base0B; 20 | chat_read_marker_bg = base03; 21 | }; 22 | # bars config 23 | bar = { 24 | buflist = { 25 | size_max = 24; 26 | color_delim = base0E; 27 | }; 28 | input = { 29 | items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]"; 30 | color_delim = base0E; 31 | conditions = "\${window.buffer.full_name} != perl.highmon"; 32 | }; 33 | nicklist = { 34 | size_max = 18; 35 | color_delim = base0E; 36 | }; 37 | status = { 38 | color_bg = base02; 39 | color_fg = base06; 40 | color_delim = base0E; 41 | items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion"; 42 | conditions = "\${window.buffer.full_name} != perl.highmon"; 43 | }; 44 | title = { 45 | color_bg = base02; 46 | color_fg = base06; 47 | color_delim = base0E; 48 | conditions = "\${window.buffer.full_name} != perl.highmon"; 49 | }; 50 | }; 51 | }; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /outputs.nix: -------------------------------------------------------------------------------- 1 | {inputs}: let 2 | std = import ./std.nix {inherit inputs;}; 3 | tree = import ./tree.nix {inherit inputs pkgs;}; 4 | inherit (inputs.nixpkgs) lib; 5 | overlay = import ./packages {inherit inputs tree;}; 6 | systems = import ./systems {inherit inputs tree lib std pkgs;}; 7 | shells = import ./shells {inherit inputs tree lib std pkgs;}; 8 | inherit (import ./pkgs.nix {inherit inputs tree overlay;}) pkgs; 9 | formatter = import ./formatter.nix {inherit inputs pkgs;}; 10 | wrappers = import ./wrappers {inherit inputs;}; 11 | inherit (std) set; 12 | checks = set.map (_: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib; 13 | in 14 | { 15 | inherit inputs tree std pkgs formatter lib checks; 16 | legacyPackages = pkgs; 17 | packages = set.merge [pkgs wrappers.packages]; 18 | } 19 | // systems 20 | // shells 21 | -------------------------------------------------------------------------------- /overlays.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | tree, 4 | ... 5 | }: [ 6 | inputs.rbw-bitw.overlays.default 7 | inputs.arcexprs.overlays.default 8 | inputs.darwin.overlays.default 9 | inputs.deploy-rs.overlay 10 | inputs.neorg-overlay.overlays.default 11 | (import tree.packages.default {inherit inputs tree;}) 12 | ] 13 | -------------------------------------------------------------------------------- /packages/arcmenu/default.nix: -------------------------------------------------------------------------------- 1 | { lib, stdenv, fetchFromGitLab, glib, gettext, substituteAll, gnome-menus }: 2 | 3 | stdenv.mkDerivation rec { 4 | pname = "gnome-shell-extension-arcmenu"; 5 | version = "63"; 6 | 7 | src = fetchFromGitLab { 8 | owner = "arcmenu"; 9 | repo = "ArcMenu"; 10 | rev = "v${version}"; 11 | hash = "sha256-XlDkdNINTnUAqr2bxL0u2tHWfiggqT1oOryED7sG/vs="; 12 | }; 13 | 14 | patches = [ 15 | (substituteAll { 16 | src = ./fix_gmenu.patch; 17 | gmenu_path = "${gnome-menus}/lib/girepository-1.0"; 18 | }) 19 | ]; 20 | 21 | buildInputs = [ 22 | glib gettext 23 | ]; 24 | 25 | makeFlags = [ "INSTALLBASE=${placeholder "out"}/share/gnome-shell/extensions" ]; 26 | 27 | passthru = { 28 | extensionUuid = "arcmenu@arcmenu.com"; 29 | extensionPortalSlug = "arcmenu"; 30 | }; 31 | 32 | meta = with lib; { 33 | description = "Application menu for GNOME Shell, designed to provide a more traditional user experience and workflow"; 34 | license = licenses.gpl2Plus; 35 | maintainers = with maintainers; [ dkabot ]; 36 | homepage = "https://gitlab.com/arcmenu/ArcMenu"; 37 | }; 38 | } -------------------------------------------------------------------------------- /packages/arcmenu/fix_gmenu.patch: -------------------------------------------------------------------------------- 1 | --- a/menuWidgets.js 2 | +++ b/menuWidgets.js 3 | @@ -3,7 +3,11 @@ 4 | import Atk from 'gi://Atk'; 5 | import Clutter from 'gi://Clutter'; 6 | import Gio from 'gi://Gio'; 7 | import GLib from 'gi://GLib'; 8 | -import GMenu from 'gi://GMenu'; 9 | + 10 | +import GIRepository from 'gi://GIRepository'; 11 | +GIRepository.Repository.prepend_search_path('@gmenu_path@'); 12 | +const {default: GMenu} = await import('gi://GMenu'); 13 | + 14 | import GObject from 'gi://GObject'; 15 | import Graphene from 'gi://Graphene'; 16 | import Pango from 'gi://Pango'; 17 | --- a/menulayouts/baseMenuLayout.js 18 | +++ b/menulayouts/baseMenuLayout.js 19 | @@ -1,7 +1,11 @@ 20 | import Clutter from 'gi://Clutter'; 21 | import Gio from 'gi://Gio'; 22 | import GLib from 'gi://GLib'; 23 | -import GMenu from 'gi://GMenu'; 24 | + 25 | +import GIRepository from 'gi://GIRepository'; 26 | +GIRepository.Repository.prepend_search_path('@gmenu_path@'); 27 | +const {default: GMenu} = await import('gi://GMenu'); 28 | + 29 | import GObject from 'gi://GObject'; 30 | import Shell from 'gi://Shell'; 31 | import St from 'gi://St'; 32 | -------------------------------------------------------------------------------- /packages/chicago95.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenvNoCC, 4 | fetchFromGitHub, 5 | gdk-pixbuf, 6 | xfce, 7 | ... 8 | }: 9 | stdenvNoCC.mkDerivation rec { 10 | pname = "chicago95"; 11 | version = "3.0.1"; 12 | 13 | buildInputs = [gdk-pixbuf xfce.xfce4-panel-profiles]; 14 | 15 | src = fetchFromGitHub { 16 | owner = "grassmunk"; 17 | repo = "Chicago95"; 18 | rev = "v${version}"; 19 | hash = "sha256-EHcDIct2VeTsjbQWnKB2kwSFNb97dxuydAu+i/VquBA="; 20 | }; 21 | 22 | # the Makefile is just for maintainers 23 | dontBuild = true; 24 | 25 | installPhase = '' 26 | runHook preInstall 27 | 28 | mkdir -p $out/share/{themes,icons,sounds} 29 | cp -r Theme/Chicago95 $out/share/themes 30 | cp -r Icons/* $out/share/icons 31 | cp -r Cursors/* $out/share/icons 32 | cp -r sounds/Chicago95 $out/share/sounds 33 | 34 | runHook postInstall 35 | ''; 36 | 37 | meta = with lib; { 38 | description = "A rendition of everyone's favorite 1995 Microsoft operating system for Linux."; 39 | homepage = "https://github.com/grassmunk/Chicago95"; 40 | license = with licenses; [gpl3Plus mit]; 41 | platforms = platforms.linux; 42 | maintainers = with maintainers; []; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /packages/commonalitysol.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenvNoCC, 4 | fetchgit, 5 | openssh, 6 | findutils, 7 | ... 8 | }: 9 | stdenvNoCC.mkDerivation rec { 10 | pname = "commonality-sol"; 11 | version = "0.0.1"; 12 | 13 | buildInputs = [ 14 | openssh 15 | ]; 16 | 17 | src = fetchgit { 18 | url = "https://www.opencode.net/phob1an/commonality.git"; 19 | rev = "0c6b872ff6ca1248f4180fb95fb389b4f9d987bd"; 20 | hash = "sha256-wBsEBd49Go5AuG0DxO+GcXral0D3tDEYtEbxpOpvnMk="; 21 | }; 22 | 23 | dontBuild = true; 24 | dontCheckForBrokenSymlinks = true; 25 | 26 | installPhase = '' 27 | runHook preInstall 28 | 29 | mkdir -p $out/share/{aurorae/themes,plasma/look-and-feel,plasma/themes,Kvantum,sddm/themes,themes,icons,color-schemes,wallpapers,plasma/desktoptheme} 30 | cp -r themes/Commonality $out/share/aurorae/themes 31 | cp -r icons/* $out/share/icons 32 | cp -r Commonality.colors $out/share/color-schemes 33 | cp -r sddm/themes/Commonality $out/share/sddm/themes 34 | cp -r look-and-feel/* $out/share/plasma/look-and-feel 35 | cp -r wallpapers/Commonality $out/share/wallpapers 36 | cp -r Kvantum/commonality $out/share/Kvantum 37 | cp -r desktoptheme/* $out/share/plasma/desktoptheme 38 | cd SOL 39 | cp -r themes/commonalitysol $out/share/aurorae/themes 40 | cp -r CommonalitySol.colors $out/share/color-schemes 41 | cp -r look-and-feel/* $out/share/plasma/look-and-feel 42 | cp -r sddm/themes/CommonalitySol $out/share/sddm/themes 43 | cp -r wallpapers/CommonalitySol $out/share/wallpapers 44 | cp -r Kvantum/commonalitysol $out/share/Kvantum 45 | cp -r desktoptheme/* $out/share/plasma/desktoptheme 46 | 47 | runHook postInstall 48 | ''; 49 | 50 | meta = with lib; { 51 | description = "Commonality brings the style of CDE to the Plasma desktop. Its a strongly functional and easily readable design."; 52 | homepage = "https://www.opencode.net/phob1an/commonality"; 53 | platforms = platforms.linux; 54 | maintainers = with maintainers; []; 55 | }; 56 | } 57 | -------------------------------------------------------------------------------- /packages/cppyy/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | stdenv, 3 | lib, 4 | fetchFromGitHub, 5 | pkg-config, 6 | cmake, 7 | setuptools, 8 | python, 9 | }: let 10 | cppyy = python.buildPythonPackage rec { 11 | pname = "cppyy"; 12 | version = "3.5.0"; 13 | 14 | src = fetchFromGitHub { 15 | owner = "wlav"; 16 | repo = pname; 17 | rev = version; 18 | sha256 = lib.fakeSha256; 19 | }; 20 | 21 | pythonImportsCheck = ["cppyy" "test"]; 22 | 23 | meta = with lib; { 24 | homepage = "https://github.com/wlav/cppyy"; 25 | description = "Python C++ bindings interface based on Cling/LLVM"; 26 | license = licenses.bsd3Lbnl; 27 | }; 28 | }; 29 | in cppyy -------------------------------------------------------------------------------- /packages/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | tree, 4 | ... 5 | }: _: prev: let 6 | # formerly final: prev:, but deadnix 7 | inherit (inputs.std.lib) set; 8 | in 9 | set.map (_: package: prev.callPackage package {}) (removeAttrs tree.packages ["default"]) 10 | -------------------------------------------------------------------------------- /packages/kwin-blishhud-shader.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | stdenv, 4 | fetchFromGitHub, 5 | extra-cmake-modules, 6 | qt6, 7 | libepoxy, 8 | kwin, 9 | }: 10 | stdenv.mkDerivation rec { 11 | pname = "kwin-blishhud-shader"; 12 | version = "1.0.0"; 13 | 14 | dontWrapQtApps = true; 15 | src = fetchFromGitHub { 16 | owner = "FloFri"; 17 | repo = pname; 18 | rev = "a7e4439a6450dc796bbfb99b64db788c592183eb"; 19 | hash = "sha256-yCm57OCYTJpPY+OYpL/MlChhddccml3tH2jv/hgEAbo="; 20 | }; 21 | 22 | nativeBuildInputs = [ 23 | kwin 24 | qt6.full 25 | libepoxy 26 | extra-cmake-modules 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /packages/mautrix-slack.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | buildGoModule, 4 | fetchFromGitHub, 5 | olm, 6 | }: 7 | buildGoModule rec { 8 | pname = "mautrix-slack"; 9 | version = "2024-05-01"; 10 | 11 | src = fetchFromGitHub { 12 | owner = "mautrix"; 13 | repo = "slack"; 14 | rev = "75d2ffd88b6f1d097697fab363099ed7d37fff6f"; 15 | hash = "sha256-l0pZPp11VJ7xP0uuctjOEZHCDnS4OAbxMRkcNQLbMzs="; 16 | }; 17 | 18 | buildInputs = [ 19 | olm 20 | ]; 21 | 22 | vendorHash = "sha256-FL0wObZIvGV9V7pLmrxTILQ/TGEMSH8/2wFPlu6idcA="; 23 | 24 | doCheck = false; 25 | 26 | meta = with lib; { 27 | homepage = "https://github.com/mautrix/slack"; 28 | description = "A Matrix-Slack puppeting bridge"; 29 | license = licenses.agpl3Plus; 30 | maintainers = with maintainers; [kittywitch]; 31 | mainProgram = "mautrix-slack"; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /packages/nf-build-system/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | wrapShellScriptBin, 3 | pkgs, 4 | }: 5 | wrapShellScriptBin "nf-build-system" ./build-system.sh { 6 | depsRuntimePath = with pkgs; [ 7 | git 8 | cachix 9 | jq 10 | nix 11 | curl 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /packages/nf-update/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | wrapShellScriptBin, 3 | pkgs, 4 | }: 5 | wrapShellScriptBin "nf-update" ./update.sh { 6 | depsRuntimePath = with pkgs; [ 7 | git 8 | cachix 9 | jq 10 | curl 11 | ]; 12 | } 13 | -------------------------------------------------------------------------------- /packages/nf-update/update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -eu 3 | 4 | DISCORD_WEBHOOK_LINK=${DISCORD_WEBHOOK_LINK:-""} 5 | 6 | # Helper functions 7 | send_discord_message() { 8 | local message="$1" 9 | local escaped_message=$(printf '%s' "$message" | jq -R -s '.') 10 | curl -s -H "Accept: application/json" -H "Content-Type: application/json" \ 11 | -X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK" 12 | } 13 | 14 | if [[ -n ${CACHIX_AUTH_TOKEN-} ]]; then 15 | export NF_UPDATE_CACHIX_PUSH=1 16 | fi 17 | 18 | cd "$NF_CONFIG_ROOT" 19 | 20 | send_discord_message "Beginning flake update cron job" 21 | 22 | nix flake update "$@" 23 | 24 | if [[ -n $(git status --porcelain ./flake.lock) ]]; then 25 | git -P diff ./flake.lock 26 | else 27 | echo "no source changes" >&2 28 | exit 29 | fi 30 | 31 | echo "checking that nodes still build..." >&2 32 | if [[ -n ${NF_UPDATE_CACHIX_PUSH-} ]]; then 33 | export NF_ACTIONS_TEST_OUTLINK=${NF_ACTIONS_TEST_OUTLINK-result} 34 | fi 35 | if [[ -z ${NF_UPDATE_SKIP-} ]]; then 36 | send_discord_message "checking that nodes still build..." 37 | if [[ -n ${NF_UPDATE_CACHIX_PUSH-} ]]; then 38 | export NF_ACTIONS_TEST_OUTLINK=${NF_ACTIONS_TEST_OUTLINK-result} 39 | fi 40 | nix run .#nf-actions-test -- -L 41 | fi 42 | 43 | if [[ -n ${NF_UPDATE_CACHIX_PUSH-} && -v NF_ACTIONS_TEST_OUTLINK ]]; then 44 | send_discord_message "Cachix pushing" 45 | cachix push kittywitch "./${NF_ACTIONS_TEST_OUTLINK}"*/ & 46 | CACHIX_PUSH=$! 47 | fi 48 | 49 | if [[ -z ${NF_UPDATE_GIT_COMMIT-} ]]; then 50 | wait ${CACHIX_PUSH-} 51 | exit 52 | fi 53 | 54 | if [[ -n $(git diff --staged) ]]; then 55 | echo "git working tree dirty, refusing to commit..." >&2 56 | exit 1 57 | fi 58 | 59 | git add flake.lock 60 | env \ 61 | GIT_{COMMITTER,AUTHOR}_EMAIL=github@kittywit.ch \ 62 | GIT_{COMMITTER,AUTHOR}_NAME="flake cron job" \ 63 | git commit --message="chore(ci): flake update" 64 | 65 | if [[ ${GITHUB_REF-} = refs/heads/${NF_UPDATE_BRANCH-main} ]]; then 66 | git push origin HEAD:${NF_UPDATE_BRANCH-main} 67 | send_discord_message "Pushed a new commit!" 68 | fi 69 | 70 | wait ${CACHIX_PUSH-} 71 | -------------------------------------------------------------------------------- /packages/outrun.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | vscode-utils, 4 | }: 5 | vscode-utils.buildVscodeMarketplaceExtension { 6 | mktplcRef = { 7 | name = "outrun"; 8 | publisher = "samrapdev"; 9 | version = "0.2.2"; 10 | hash = "sha256-d0LPpUQbz9g9Scv24oS13vQ0X4lA35unRBgRWM+G+5s="; 11 | }; 12 | meta = { 13 | description = "A theme for VS Code inspired by the colors, style, and culture of the synthwave music scene."; 14 | homepage = "https://github.com/samrap/outrun-theme-vscode"; 15 | downloadPage = "https://marketplace.visualstudio.com/items?itemName=samrapdev.outrun"; 16 | license = lib.licenses.mit; 17 | maintainers = with lib.maintainers; [pandapip1]; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /packages/questpatcher/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | fetchFromGitHub, 3 | buildDotnetModule, 4 | lib, 5 | fontconfig, 6 | libX11, 7 | libSM, 8 | xorg, 9 | android-tools, 10 | }: 11 | buildDotnetModule rec { 12 | pname = "QuestPatcher"; 13 | version = "2.6.2"; 14 | 15 | src = fetchFromGitHub { 16 | owner = "lauriethefish"; 17 | repo = pname; 18 | rev = version; 19 | sha256 = "sha256-EubMlYOxoPvwIBS1bxKHob+xaVGNswt7CSCXu/CmUzw="; 20 | }; 21 | 22 | nugetDeps = ./deps.nix; 23 | 24 | runtimeDeps = [ 25 | fontconfig 26 | libX11 27 | libSM 28 | xorg.libICE 29 | ]; 30 | 31 | makeWrapperArgs = [ 32 | "--prefix PATH : ${android-tools}/bin" 33 | ]; 34 | 35 | projectFile = "QuestPatcher/QuestPatcher.csproj"; 36 | 37 | meta = with lib; { 38 | homepage = "https://github.com/Lauriethefish/QuestPatcher"; 39 | description = "Generic il2cpp modding tool for Oculus Quest (1/2) apps."; 40 | license = licenses.zlib; 41 | maintainers = with maintainers; [kittywitch]; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /packages/synapse-cleanup/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | wrapShellScriptBin, 3 | pkgs, 4 | }: 5 | wrapShellScriptBin "synapse-cleanup" ./cleanup.sh { 6 | depsRuntimePath = with pkgs; [ 7 | matrix-synapse-tools.rust-synapse-compress-state 8 | curl 9 | gawk 10 | sudo 11 | postgresql 12 | rink 13 | jq 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /pkgs.nix: -------------------------------------------------------------------------------- 1 | { 2 | tree, 3 | inputs, 4 | ... 5 | }: let 6 | overlays = import tree.overlays {inherit inputs tree;}; 7 | in 8 | inputs.utils.lib.eachDefaultSystem (system: { 9 | pkgs = import inputs.nixpkgs { 10 | inherit system overlays; 11 | config = { 12 | allowUnfree = true; 13 | permittedInsecurePackages = [ 14 | "olm-3.2.16" 15 | ]; 16 | }; 17 | }; 18 | }) 19 | -------------------------------------------------------------------------------- /shells/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | tree, 4 | inputs, 5 | std, 6 | pkgs, 7 | ... 8 | }: let 9 | inherit (std) set; 10 | in 11 | inputs.utils.lib.eachDefaultSystem (system: { 12 | devShells = let 13 | shells = set.map (_: path: 14 | import path { 15 | inherit tree inputs system lib std; 16 | pkgs = pkgs.${system}; 17 | }) 18 | tree.shells; 19 | in 20 | shells // {default = shells.repo;}; 21 | }) 22 | -------------------------------------------------------------------------------- /shells/nix.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: 2 | with pkgs; 3 | mkShell { 4 | nativeBuildInputs = [ 5 | deadnix # dead-code scanner 6 | alejandra # code formatter 7 | statix # anti-pattern finder 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /shells/repo.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | std, 5 | ... 6 | }: 7 | with pkgs; let 8 | repo = import ../outputs.nix {inherit inputs;}; 9 | inherit (std) set; 10 | repoShell = mkShell { 11 | nativeBuildInputs = 12 | [ 13 | nf-build-system 14 | nf-update 15 | nix 16 | fd # fd, better fine! 17 | ripgrep # rg, better grep! 18 | sops 19 | deadnix # dead-code scanner 20 | alejandra # code formatter 21 | statix # anti-pattern finder 22 | deploy-rs.deploy-rs # deployment system 23 | ] 24 | ++ set.values (set.map (name: _: (pkgs.writeShellScriptBin "${name}-rebuild" '' 25 | ${pkgs.darwin-rebuild}/bin/darwin-rebuild switch --flake $REPO_ROOT#${name} $@ 26 | '')) 27 | repo.darwinConfigurations); 28 | shellHook = '' 29 | export CI_PLATFORM="impure" 30 | sops 31 | echo -e "\e[39m\e[1m$USER@$REPO_HOSTNAME - \e[35m''$(realpath --relative-to=../ ./nixos/)\e[0m" 32 | echo -e "\e[35mRunning alejandra\e[0m" 33 | alejandra -cq $(fd -e nix) 34 | echo -e "\e[35mRunning statix\e[0m" 35 | statix check 36 | echo -e "\e[35mRunning deadnix\e[0m" 37 | deadnix 38 | ''; 39 | }; 40 | in 41 | repoShell 42 | -------------------------------------------------------------------------------- /systems/daiyousei.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | hostConfig = { 3 | tree, 4 | modulesPath, 5 | ... 6 | }: { 7 | imports = 8 | [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ] 11 | ++ (with tree.nixos.profiles; [ 12 | server 13 | ]) 14 | ++ (with tree.nixos.hardware; [ 15 | oracle_flex 16 | ]) 17 | ++ (with tree.nixos.servers; [ 18 | weechat 19 | matrix 20 | postgres 21 | web 22 | ]); 23 | 24 | system.stateVersion = "23.11"; 25 | }; 26 | in { 27 | arch = "aarch64"; 28 | deploy.hostname = "daiyousei.inskip.me"; 29 | type = "NixOS"; 30 | modules = [ 31 | hostConfig 32 | ]; 33 | } 34 | -------------------------------------------------------------------------------- /systems/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | tree, 4 | lib, 5 | std, 6 | pkgs, 7 | }: let 8 | # The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain. 9 | inherit (lib.modules) evalModules; 10 | inherit (std) set; 11 | hostConfigs = set.map (name: path: 12 | evalModules { 13 | modules = [ 14 | path 15 | tree.modules.system 16 | ]; 17 | specialArgs = { 18 | machine = name; 19 | inherit name inputs std tree pkgs; 20 | }; 21 | }) 22 | (set.map (_: c: c) tree.systems); 23 | processHost = name: cfg: let 24 | host = cfg.config; 25 | in 26 | set.optional (host.type != null) { 27 | deploy.nodes.${name} = host.deploy; 28 | 29 | "${host.folder}Configurations".${name} = host.built; 30 | }; 31 | in 32 | { 33 | # Ensure the existence of keys that are operated over 34 | nixosConfigurations = {}; 35 | homeConfigurations = {}; 36 | darwinConfigurations = {}; 37 | } 38 | // { 39 | systems = hostConfigs; 40 | } 41 | // set.merge (set.mapToValues processHost hostConfigs) 42 | -------------------------------------------------------------------------------- /systems/fullhome.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | hostConfig = {tree, ...}: { 3 | imports = with tree.home.profiles; [ 4 | common 5 | devops 6 | graphical 7 | neovim 8 | shell 9 | ]; 10 | }; 11 | in { 12 | arch = "x86_64"; 13 | type = "Home"; 14 | ci.enable = false; # TODO: fix arcnmx/nixexprs overlay issue??? 15 | modules = [ 16 | hostConfig 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /systems/mai.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | hostConfig = { 3 | tree, 4 | modulesPath, 5 | ... 6 | }: { 7 | imports = 8 | [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ] 11 | ++ (with tree.nixos.profiles; [ 12 | server 13 | ]) 14 | ++ (with tree.nixos.hardware; [ 15 | oracle_micro 16 | ]) 17 | ++ (with tree.nixos.servers; [ 18 | ]); 19 | 20 | system.stateVersion = "23.11"; 21 | }; 22 | in { 23 | arch = "x86_64"; 24 | type = "NixOS"; 25 | modules = [ 26 | hostConfig 27 | ]; 28 | } 29 | -------------------------------------------------------------------------------- /systems/mei.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | hostConfig = { 3 | tree, 4 | modulesPath, 5 | ... 6 | }: { 7 | imports = 8 | [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ] 11 | ++ (with tree.nixos.profiles; [ 12 | server 13 | ]) 14 | ++ (with tree.nixos.hardware; [ 15 | oracle_micro 16 | ]) 17 | ++ (with tree.nixos.servers; [ 18 | rustdesk 19 | ]); 20 | 21 | system.stateVersion = "23.11"; 22 | }; 23 | in { 24 | arch = "x86_64"; 25 | type = "NixOS"; 26 | modules = [ 27 | hostConfig 28 | ]; 29 | } 30 | -------------------------------------------------------------------------------- /tf/.envrc: -------------------------------------------------------------------------------- 1 | sops -d ./tf.tfvars.sops > tf.tfvars 2 | export TF_CLI_ARGS="--var-file=tf.tfvars" -------------------------------------------------------------------------------- /tf/.gitignore: -------------------------------------------------------------------------------- 1 | terraform.tfvars 2 | -------------------------------------------------------------------------------- /tf/cloudflare-zones.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | account_id = "0467b993b65d8fd4a53fe24ed2fbb2a1" 3 | zones = { 4 | dork = "dork.dev" 5 | inskip = "inskip.me" 6 | kittywitch = "kittywit.ch" 7 | } 8 | zone_ids = { 9 | dork = cloudflare_zone.dork_zone.id 10 | inskip = cloudflare_zone.inskip_zone.id 11 | kittywitch = cloudflare_zone.kittywitch_zone.id 12 | } 13 | } 14 | 15 | resource "cloudflare_zone" "dork_zone" { 16 | account_id = local.account_id 17 | paused = false 18 | plan = "free" 19 | type = "full" 20 | zone = local.zones.dork 21 | } 22 | 23 | resource "cloudflare_zone" "inskip_zone" { 24 | account_id = local.account_id 25 | paused = false 26 | plan = "free" 27 | type = "full" 28 | zone = local.zones.inskip 29 | } 30 | 31 | resource "cloudflare_zone" "kittywitch_zone" { 32 | account_id = local.account_id 33 | paused = false 34 | plan = "free" 35 | type = "full" 36 | zone = local.zones.kittywitch 37 | } 38 | -------------------------------------------------------------------------------- /tf/cloudflare.tf: -------------------------------------------------------------------------------- 1 | variable "cloudflare_api_key" { 2 | sensitive = true 3 | } 4 | 5 | provider "cloudflare" { 6 | email = "kat@inskip.me" 7 | api_key = var.cloudflare_api_key 8 | } -------------------------------------------------------------------------------- /tf/dork-pages.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_pages_project" "dorkdev" { 2 | account_id = local.account_id 3 | name = "dorkdev" 4 | production_branch = "site" 5 | 6 | source { 7 | type = "github" 8 | config { 9 | owner = "kittywitch" 10 | repo_name = "dork.dev" 11 | production_branch = "site" 12 | deployments_enabled = true 13 | pr_comments_enabled = false 14 | production_deployment_enabled = true 15 | 16 | } 17 | } 18 | lifecycle { 19 | ignore_changes = [ 20 | deployment_configs, 21 | source 22 | ] 23 | } 24 | } 25 | 26 | resource "cloudflare_pages_domain" "dorkdev_root" { 27 | account_id = local.account_id 28 | project_name = "dorkdev" 29 | domain = local.zones.dork 30 | 31 | } 32 | 33 | resource "cloudflare_record" "dorkdev_root_pages" { 34 | name = local.zones.dork 35 | proxied = false 36 | ttl = 3600 37 | type = "CNAME" 38 | value = "${cloudflare_pages_project.dorkdev.name}.pages.dev" 39 | zone_id = local.zone_ids.dork 40 | } -------------------------------------------------------------------------------- /tf/export_oci_ipv4_addresses.sh: -------------------------------------------------------------------------------- 1 | export DAIYOUSEI_IPV4="$(terraform output --raw daiyousei_public_ipv4)" 2 | export MEI_IPV4="$(terraform output --raw mei_public_ipv4)" 3 | export MAI_IPV4="$(terraform output --raw mai_public_ipv4)" 4 | 5 | echo "Daiyousei - Flex: ${DAIYOUSEI_IPV4}" 6 | echo "Mei - Micro: ${MEI_IPV4}" 7 | echo "Mai - Micro: ${MAI_IPV4}" -------------------------------------------------------------------------------- /tf/gmail.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | dkims = { 3 | inskip = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxag/EmXQ89XQmLrBDPpPtZ7EtEJT0hgvWf/+AFiOfBOm902tq9NbTTvRJ2dLeBLPaV+hNvq2Alc7UfkKUDlLTWQjeuiC6aOnRKQQg3LZ2W25U3AlIj0jd2IPiUhg9JGV4c66XiqQ5ylTBniShfUUyeAXxbPhYFBCkBg62LZcO/tFpFsdKWtZzLjgac5vTJID+M4F8duHpkA/ZCNNUEmtt7RNQB/LLI1Gr5yR4GdQl9z7NmwtOTo9pghbZuvljr8phYjdDrwZeFTMKQnvR1l2Eh/dZ8I0C4nP5Bk4QEfmLq666P1HzOxwT6iCU6Tc+P/pkWbrx0HJh39E1aKGyLJMQIDAQAB" 4 | dork = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziwoHJbM1rmeUiIXOgg0cujTL5BFW9PQOksUhKza1XpDP2rpzTlQr21NFYMJMc08xiE3AbvScMTX0jX3gc7+XoIYLD1VigRRvkyTubVfRmatqj+Pk41Fle1jWXHv5vNIYjjcsUTrpnrXYKoYrz34TtsmYHnu0G9MgmmcQGmbRU+WY+1R/ukhavlgXasfEW6r4tjLgVxQnser1Zjr80AUcu23od/+o+m6C9rDGMMnv6NIc2DOT7Ei6o60458f2Iwcpg38te22dy46A8AeGynbpB9+jF33Se0m22eKk5qZN5mfju/wxWMsl7ifCY/eqLZXRxJaEd5bMI8px5KvZp1TWwIDAQAB" 5 | kittywitch = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdmyA2+/si8UV3bodFZhtv5y68QnYr/kk9wnDHnk3JfJKusbrctXfETVu/9GXQ/U8tRquesF7aXKYHM/K3O6H58gAgIFm8JVnr9EUFh5PWBTKJxHgDo/6pprhpdAJg8k4f4p5yvqE0nUI6TC0UpN+ZmQMimgxvGGwQ6mpl7qmc7JxmTOiJbO1yz6eokU27S0NHfpdiE3TGG93i2r/LwAnHuhT/4weGO+vcXwKRTFGFFjvMo0XgjL2JnP01nk6dpDFwkkt5I26J4DkuNMkLefgDiGOoxDmG5EgPu0YwAm7Vk2/kX0W6rLe16lHGDkB0/atQ/IB9uch31GQrLP9etmdwIDAQAB" 6 | } 7 | } 8 | 9 | module "inskip-gmail" { 10 | source = "./gmail_dns" 11 | cloudflare_api_key = var.cloudflare_api_key 12 | zone_id = local.zone_ids.inskip 13 | zone_name = local.zones.inskip 14 | dkim = local.dkims.inskip 15 | } 16 | module "dork-gmail" { 17 | source = "./gmail_dns" 18 | cloudflare_api_key = var.cloudflare_api_key 19 | zone_id = local.zone_ids.dork 20 | zone_name = local.zones.dork 21 | dkim = local.dkims.dork 22 | } 23 | module "kittywitch-gmail" { 24 | source = "./gmail_dns" 25 | cloudflare_api_key = var.cloudflare_api_key 26 | zone_id = local.zone_ids.kittywitch 27 | zone_name = local.zones.kittywitch 28 | dkim = local.dkims.kittywitch 29 | } 30 | -------------------------------------------------------------------------------- /tf/gmail_dns/cloudflare_provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | cloudflare = { 4 | source = "cloudflare/cloudflare" 5 | version = "4.4.0" 6 | } 7 | } 8 | } 9 | 10 | provider "cloudflare" { 11 | email = "kat@inskip.me" 12 | api_key = var.cloudflare_api_key 13 | } 14 | -------------------------------------------------------------------------------- /tf/gmail_dns/main.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_record" "gmail_mx_1_aspmx" { 2 | name = var.zone_name 3 | priority = 1 4 | proxied = false 5 | ttl = 3600 6 | type = "MX" 7 | value = "aspmx.l.google.com" 8 | zone_id = var.zone_id 9 | } 10 | 11 | resource "cloudflare_record" "gmail_mx_5_alt1" { 12 | name = var.zone_name 13 | priority = 5 14 | proxied = false 15 | ttl = 3600 16 | type = "MX" 17 | value = "alt1.aspmx.l.google.com" 18 | zone_id = var.zone_id 19 | } 20 | 21 | resource "cloudflare_record" "gmail_mx_5_alt2" { 22 | name = var.zone_name 23 | priority = 5 24 | proxied = false 25 | ttl = 3600 26 | type = "MX" 27 | value = "alt2.aspmx.l.google.com" 28 | zone_id = var.zone_id 29 | } 30 | 31 | resource "cloudflare_record" "gmail_mx_10_alt3" { 32 | name = var.zone_name 33 | priority = 10 34 | proxied = false 35 | ttl = 3600 36 | type = "MX" 37 | value = "alt3.aspmx.l.google.com" 38 | zone_id = var.zone_id 39 | } 40 | resource "cloudflare_record" "gmail_mx_10_alt4" { 41 | name = var.zone_name 42 | priority = 10 43 | proxied = false 44 | ttl = 3600 45 | type = "MX" 46 | value = "alt4.aspmx.l.google.com" 47 | zone_id = var.zone_id 48 | } 49 | 50 | resource "cloudflare_record" "gmail_dkim" { 51 | name = "google._domainkey" 52 | proxied = false 53 | ttl = 3600 54 | type = "TXT" 55 | value = var.dkim 56 | zone_id = var.zone_id 57 | } 58 | 59 | resource "cloudflare_record" "gmail_spf" { 60 | name = var.zone_name 61 | proxied = false 62 | ttl = 3600 63 | type = "TXT" 64 | value = "v=spf1 include:_spf.google.com -all" 65 | zone_id = var.zone_id 66 | } -------------------------------------------------------------------------------- /tf/gmail_dns/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cloudflare_api_key" { 2 | sensitive = true 3 | } 4 | variable "zone_id" { 5 | type = string 6 | } 7 | 8 | variable "dkim" { 9 | type = string 10 | } 11 | 12 | variable "zone_name" { 13 | type = string 14 | } -------------------------------------------------------------------------------- /tf/inskip-pages.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_pages_project" "inskip_root" { 2 | account_id = local.account_id 3 | name = "inskip-root" 4 | production_branch = "main" 5 | 6 | source { 7 | type = "github" 8 | config { 9 | owner = "kittywitch" 10 | repo_name = "inskip.me" 11 | production_branch = "main" 12 | deployments_enabled = true 13 | pr_comments_enabled = false 14 | production_deployment_enabled = true 15 | } 16 | } 17 | build_config { 18 | build_command = "hugo" 19 | destination_dir = "public" 20 | root_dir = "/" 21 | } 22 | lifecycle { 23 | ignore_changes = [ 24 | deployment_configs, 25 | source 26 | ] 27 | } 28 | } 29 | 30 | resource "cloudflare_pages_domain" "inskip_root" { 31 | account_id = local.account_id 32 | project_name = "inskip-root" 33 | domain = local.zones.inskip 34 | } 35 | 36 | resource "cloudflare_record" "inskip_root_pages" { 37 | name = local.zones.inskip 38 | proxied = false 39 | ttl = 3600 40 | type = "CNAME" 41 | value = cloudflare_pages_project.inskip_root.subdomain 42 | zone_id = local.zone_ids.inskip 43 | } -------------------------------------------------------------------------------- /tf/kw-bluesky.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_record" "bluesky_did" { 2 | name = "_atproto" 3 | proxied = false 4 | ttl = 1 5 | type = "TXT" 6 | value = "did=did:plc:4rkjqsakfq3chmepfcd3al6e" 7 | zone_id = local.zone_ids.kittywitch 8 | } -------------------------------------------------------------------------------- /tf/kw-irc.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_record" "irc" { 2 | name = "irc" 3 | proxied = false 4 | ttl = 3600 5 | type = "CNAME" 6 | value = "daiyousei.inskip.me" 7 | zone_id = local.zone_ids.kittywitch 8 | } -------------------------------------------------------------------------------- /tf/kw-mon.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_record" "mon" { 2 | name = "mon" 3 | proxied = false 4 | ttl = 3600 5 | type = "CNAME" 6 | value = "yukari.gensokyo.zone" 7 | zone_id = local.zone_ids.kittywitch 8 | } -------------------------------------------------------------------------------- /tf/kw-pages.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_pages_project" "kittywitch" { 2 | account_id = local.account_id 3 | name = "kittywitch" 4 | production_branch = "main" 5 | 6 | source { 7 | type = "github" 8 | config { 9 | owner = "kittywitch" 10 | repo_name = "kittywit.ch" 11 | production_branch = "main" 12 | deployments_enabled = true 13 | pr_comments_enabled = false 14 | production_deployment_enabled = true 15 | 16 | } 17 | } 18 | lifecycle { 19 | ignore_changes = [ 20 | deployment_configs, 21 | source 22 | ] 23 | } 24 | } 25 | 26 | resource "cloudflare_pages_domain" "kittywitch_root" { 27 | account_id = local.account_id 28 | project_name = "kittywitch" 29 | domain = local.zones.kittywitch 30 | } 31 | 32 | resource "cloudflare_record" "kittywitch_root_pages" { 33 | name = local.zones.kittywitch 34 | proxied = false 35 | ttl = 3600 36 | type = "CNAME" 37 | value = "${cloudflare_pages_project.kittywitch.name}.pages.dev" 38 | zone_id = local.zone_ids.kittywitch 39 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network.tf: -------------------------------------------------------------------------------- 1 | module "oci_common_private_network" { 2 | source = "./oci_common_private_network" 3 | 4 | cidr_blocks = [ 5 | "10.25.0.0/16" 6 | ] 7 | 8 | display_name = "CoreNetwork" 9 | dns_label = "core" 10 | tenancy_ocid = module.oci_compartment_bootstrap.child_compartment_id 11 | 12 | providers = { 13 | oci = oci.oci_compartment 14 | } 15 | 16 | depends_on = [ 17 | module.oci_compartment_bootstrap 18 | ] 19 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network/default_route_table.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "oci_core_default_route_table" "this" { 3 | manage_default_resource_id = local.vcn.default_route_table_id 4 | 5 | display_name = oci_core_vcn.this.display_name 6 | 7 | route_rules { 8 | network_entity_id = local.igw.id 9 | 10 | description = "Internet v4" 11 | destination = "0.0.0.0/0" 12 | } 13 | route_rules { 14 | network_entity_id = local.igw.id 15 | 16 | description = "Internet v6" 17 | destination = "::/0" 18 | } 19 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network/default_security_list.tf: -------------------------------------------------------------------------------- 1 | resource "oci_core_default_security_list" "this" { 2 | manage_default_resource_id = local.vcn.default_security_list_id 3 | 4 | dynamic "ingress_security_rules" { 5 | for_each = [ 6 | { from = 60000 7 | to = 61000 } 8 | ] 9 | iterator = port 10 | content { 11 | protocol = local.protocol_number.udp 12 | source = "0.0.0.0/0" 13 | 14 | description = "Mosh traffic from any origin" 15 | 16 | udp_options { 17 | max = port.value.to 18 | min = port.value.from 19 | } 20 | } 21 | } 22 | 23 | dynamic "ingress_security_rules" { 24 | for_each = [22, 80, 443] 25 | iterator = port 26 | content { 27 | protocol = local.protocol_number.tcp 28 | source = "0.0.0.0/0" 29 | 30 | description = "SSH and HTTPS traffic from any origin" 31 | 32 | tcp_options { 33 | max = port.value 34 | min = port.value 35 | } 36 | } 37 | } 38 | 39 | egress_security_rules { 40 | destination = "0.0.0.0/0" 41 | protocol = "all" 42 | 43 | description = "All traffic to any destination" 44 | } 45 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network/firewalling_locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | protocol_number = { 3 | icmp = 1 4 | icmpv6 = 58 5 | tcp = 6 6 | udp = 17 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /tf/oci_common_private_network/internet_gateway.tf: -------------------------------------------------------------------------------- 1 | resource "oci_core_internet_gateway" "this" { 2 | display_name = "internet" 3 | compartment_id = var.tenancy_ocid 4 | vcn_id = local.vcn.id 5 | } 6 | 7 | locals { 8 | igw = oci_core_internet_gateway.this 9 | } 10 | 11 | output "internet_gateway_id" { 12 | value = local.igw.id 13 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network/network_security_group.tf: -------------------------------------------------------------------------------- 1 | resource "oci_core_network_security_group" "this" { 2 | compartment_id = var.tenancy_ocid 3 | vcn_id = oci_core_vcn.this.id 4 | 5 | display_name = oci_core_vcn.this.display_name 6 | } 7 | 8 | resource "oci_core_network_security_group_security_rule" "icmp_in" { 9 | direction = "INGRESS" 10 | network_security_group_id = oci_core_network_security_group.this.id 11 | protocol = local.protocol_number.icmp 12 | source = "0.0.0.0/0" 13 | } 14 | 15 | resource "oci_core_network_security_group_security_rule" "ssh_in" { 16 | direction = "INGRESS" 17 | network_security_group_id = oci_core_network_security_group.this.id 18 | protocol = local.protocol_number.tcp 19 | source = "0.0.0.0/0" 20 | 21 | tcp_options { 22 | destination_port_range { 23 | max = 22 24 | min = 22 25 | } 26 | } 27 | } 28 | 29 | output "nsg_id" { 30 | value = oci_core_network_security_group.this.id 31 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | # Vendor: Hashicorp 4 | tls = { 5 | source = "hashicorp/tls" 6 | version = "4.0.5" 7 | } 8 | # Vendor: Oracle 9 | oci = { 10 | source = "oracle/oci" 11 | version = "5.45.0" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tf/oci_common_private_network/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "oci_core_subnet" "this" { 2 | cidr_block = oci_core_vcn.this.cidr_blocks.0 3 | compartment_id = var.tenancy_ocid 4 | vcn_id = oci_core_vcn.this.id 5 | 6 | display_name = oci_core_vcn.this.display_name 7 | dns_label = "subnet" 8 | } 9 | 10 | locals { 11 | subnet = oci_core_subnet.this 12 | } 13 | 14 | output "subnet_id" { 15 | value = local.subnet.id 16 | } -------------------------------------------------------------------------------- /tf/oci_common_private_network/virtual_cloud_network.tf: -------------------------------------------------------------------------------- 1 | variable "tenancy_ocid" { 2 | type = string 3 | } 4 | 5 | variable "cidr_blocks" { 6 | type = list(string) 7 | } 8 | 9 | variable "display_name" { 10 | type = string 11 | } 12 | 13 | variable "dns_label" { 14 | type = string 15 | } 16 | 17 | resource "oci_core_vcn" "this" { 18 | compartment_id = var.tenancy_ocid 19 | 20 | cidr_blocks = var.cidr_blocks 21 | display_name = var.display_name 22 | dns_label = var.dns_label 23 | 24 | is_ipv6enabled = true 25 | } 26 | 27 | locals { 28 | vcn = oci_core_vcn.this 29 | } 30 | 31 | output "vcn_id" { 32 | value = local.vcn.id 33 | } -------------------------------------------------------------------------------- /tf/oci_compartment_bootstrap/api_key.tf: -------------------------------------------------------------------------------- 1 | resource "oci_identity_api_key" "this" { 2 | key_value = local.child_compartment_public_key 3 | user_id = local.child_compartment_user 4 | } 5 | 6 | locals { 7 | child_compartment_api_key = oci_identity_api_key.this 8 | } 9 | 10 | output "child_compartment_key_fingerprint" { 11 | value = local.child_compartment_api_key.fingerprint 12 | } 13 | 14 | output "child_compartment_key_id" { 15 | value = local.child_compartment_api_key.id 16 | } 17 | 18 | output "child_compartment_key_value" { 19 | value = local.child_compartment_api_key.key_value 20 | } 21 | 22 | output "child_compartment_key_state" { 23 | value = local.child_compartment_api_key.state 24 | } -------------------------------------------------------------------------------- /tf/oci_compartment_bootstrap/compartment.tf: -------------------------------------------------------------------------------- 1 | variable "tenancy_ocid" { 2 | type = string 3 | } 4 | 5 | resource "oci_identity_compartment" "this" { 6 | # Compartment ID is Tenancy ID for this case 7 | compartment_id = var.tenancy_ocid 8 | description = "Compartment for Terraform usage" 9 | name = "kittywitch-tf" 10 | 11 | } 12 | 13 | locals { 14 | child_compartment_id = oci_identity_compartment.this.compartment_id 15 | } 16 | 17 | output "child_compartment_id" { 18 | value = local.child_compartment_id 19 | } -------------------------------------------------------------------------------- /tf/oci_compartment_bootstrap/group.tf: -------------------------------------------------------------------------------- 1 | resource "oci_identity_group" "this" { 2 | compartment_id = var.tenancy_ocid 3 | 4 | name = "terraform" 5 | description = "terraform" 6 | } -------------------------------------------------------------------------------- /tf/oci_compartment_bootstrap/group_membership.tf: -------------------------------------------------------------------------------- 1 | resource "oci_identity_user_group_membership" "this" { 2 | user_id = oci_identity_user.this.id 3 | group_id = oci_identity_group.this.id 4 | } -------------------------------------------------------------------------------- /tf/oci_compartment_bootstrap/policy.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | policy_multi_line_statement = < device.addresses[0] if device.user == "kat@gensokyo.zone" } 10 | name = "${each.key}.devices" 11 | proxied = false 12 | ttl = 3600 13 | type = "A" 14 | value = each.value 15 | zone_id = local.zone_ids.inskip 16 | } 17 | 18 | resource "cloudflare_record" "tailscale_device_v6_record" { 19 | for_each = { for device_name, device in local.tailscale_devices : split(".", device.name)[0] => device.addresses[1] if device.user == "kat@gensokyo.zone" } 20 | name = "${each.key}.devices" 21 | proxied = false 22 | ttl = 3600 23 | type = "AAAA" 24 | value = each.value 25 | zone_id = local.zone_ids.inskip 26 | } -------------------------------------------------------------------------------- /tf/tailscale.tf: -------------------------------------------------------------------------------- 1 | variable "tailscale_oauth_client_id" { 2 | sensitive = true 3 | } 4 | 5 | variable "tailscale_oauth_client_secret" { 6 | sensitive = true 7 | } 8 | 9 | variable "tailnet" { 10 | sensitive = false 11 | } 12 | 13 | provider "tailscale" { 14 | oauth_client_id = var.tailscale_oauth_client_id 15 | oauth_client_secret = var.tailscale_oauth_client_secret 16 | tailnet = var.tailnet 17 | } -------------------------------------------------------------------------------- /tf/terraform.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | # Vendor: Hashicorp 4 | tls = { 5 | source = "hashicorp/tls" 6 | version = "4.0.5" 7 | } 8 | # Vendor: Oracle 9 | oci = { 10 | source = "oracle/oci" 11 | version = "5.45.0" 12 | } 13 | hcloud = { 14 | source = "hetznercloud/hcloud" 15 | version = "1.38.2" 16 | } 17 | tailscale = { 18 | source = "tailscale/tailscale" 19 | version = "0.13.7" 20 | } 21 | cloudflare = { 22 | source = "cloudflare/cloudflare" 23 | version = "4.4.0" 24 | } 25 | } 26 | 27 | /* 28 | # Settings for local applies 29 | backend "remote" { 30 | hostname = "app.terraform.io" 31 | organization = "kittywitch" 32 | workspaces { 33 | name = "nixfiles" 34 | } 35 | } 36 | */ 37 | 38 | #/* 39 | # Settings for remote applies 40 | cloud { 41 | organization = "kittywitch" 42 | ## Required for Terraform Enterprise; Defaults to app.terraform.io for Terraform Cloud 43 | hostname = "app.terraform.io" 44 | 45 | workspaces { 46 | name = "nixfiles" 47 | } 48 | } 49 | #*/ 50 | } -------------------------------------------------------------------------------- /tf/tf.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kittywitch/nixfiles/3150cf3c120f26012f92df7762227d5529f50c8a/tf/tf.tfvars -------------------------------------------------------------------------------- /wrappers/actions-test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -eu 3 | 4 | if [[ ${GITHUB_ACTIONS-} = true && ${RUNNER_NAME-} = "Github Actions"* ]]; then 5 | # low disk space available on public runners... 6 | echo "enabled GC between builds due to restricted disk space..." >&2 7 | export NF_ACTIONS_TEST_GC=1 8 | fi 9 | 10 | NIX_BUILD_ARGS=( 11 | --show-trace 12 | ) 13 | NIX_BUILD_ARGS_ASYNC=() 14 | 15 | init_nfargs() { 16 | nflinksuffix="$1" 17 | shift 18 | 19 | nfargs=( 20 | "${NIX_BUILD_ARGS[@]}" 21 | ) 22 | 23 | if [[ -n "${NF_ACTIONS_TEST_OUTLINK-}" || -n "${NF_UPDATE_CACHIX_PUSH-}" ]]; then 24 | nfargs+=( 25 | -o "${NF_ACTIONS_TEST_OUTLINK-result}$nflinksuffix" 26 | ) 27 | else 28 | nfargs+=( 29 | --no-link 30 | ) 31 | fi 32 | } 33 | 34 | nfgc() { 35 | if [[ -n ${NF_ACTIONS_TEST_GC-} ]]; then 36 | if [[ -n ${NF_UPDATE_CACHIX_PUSH-} ]]; then 37 | cachix push kittywitch "./${NF_ACTIONS_TEST_OUTLINK-result}$nflinksuffix"*/ 38 | rm -f "./${NF_ACTIONS_TEST_OUTLINK-result}$nflinksuffix"* 39 | fi 40 | nix-collect-garbage -d 41 | fi 42 | } 43 | 44 | for nfsystem in "${NF_NIX_SYSTEMS[@]}"; do 45 | nfinstallable="${NF_CONFIG_ROOT}#nixosConfigurations.${nfsystem}.config.system.build.toplevel" 46 | init_nfargs "-$nfsystem" 47 | 48 | nfwarn= 49 | if [[ " ${NF_NIX_SYSTEMS_WARN[*]} " = *" $nfsystem "* ]]; then 50 | nfwarn=1 51 | fi 52 | 53 | if [[ -n ${NF_ACTIONS_TEST_ASYNC-} && -z $nfwarn ]]; then 54 | NIX_BUILD_ARGS_ASYNC+=("$nfinstallable") 55 | continue 56 | fi 57 | 58 | echo "building ${nfsystem}..." >&2 59 | echo >&2 60 | 61 | nfbuildexit=0 62 | nix build "$nfinstallable" \ 63 | "${nfargs[@]}" \ 64 | "$@" || nfbuildexit=$? 65 | 66 | if [[ $nfbuildexit -ne 0 ]]; then 67 | if [[ -n $nfwarn ]]; then 68 | echo "build failure allowed for ${nfsystem}, ignoring..." >&2 69 | continue 70 | fi 71 | exit $nfbuildexit 72 | fi 73 | 74 | nfgc 75 | done 76 | 77 | if [[ -n ${NF_ACTIONS_TEST_ASYNC-} ]]; then 78 | init_nfargs "" 79 | nix build \ 80 | "${nfargs[@]}" \ 81 | "${NIX_BUILD_ARGS_ASYNC[@]}" \ 82 | "$@" 83 | 84 | nfgc 85 | fi 86 | -------------------------------------------------------------------------------- /wrappers/default.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...} @ args: 2 | inputs.utils.lib.eachDefaultSystem (system: let 3 | newArgs = args // {inherit system;}; 4 | in { 5 | packages = { 6 | nf-actions-test = import ./nf-actions-test.nix newArgs; 7 | nf-generate = import ./nf-generate.nix newArgs; 8 | }; 9 | }) 10 | -------------------------------------------------------------------------------- /wrappers/exports.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: let 2 | inherit (inputs.std.lib) string set; 3 | inherit (inputs.self) systems; 4 | enabledNixosSystems = set.filter (_: system: system.config.ci.enable && system.config.type == "NixOS") systems; 5 | in { 6 | exports = '' 7 | export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ../.}} 8 | export CI_CONFIG_ROOT=$NF_CONFIG_ROOT 9 | ''; 10 | exportsSystems = let 11 | warnSystems = set.filter (_: system: system.config.ci.allowFailure) enabledNixosSystems; 12 | toSystems = systems: string.concatMapSep " " string.escapeShellArg (set.keys systems); 13 | in '' 14 | NF_NIX_SYSTEMS=(${toSystems enabledNixosSystems}) 15 | NF_NIX_SYSTEMS_WARN=(${toSystems warnSystems}) 16 | ''; 17 | } 18 | -------------------------------------------------------------------------------- /wrappers/generate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -eu 3 | 4 | for ciconfig in "${NF_CONFIG_FILES[@]}"; do 5 | echo "processing ${ciconfig}..." >&2 6 | nix run --argstr config "$NF_CONFIG_ROOT/ci/$ciconfig" -f "$NF_INPUT_CI" run.gh-actions-generate 7 | done 8 | -------------------------------------------------------------------------------- /wrappers/nf-actions-test.nix: -------------------------------------------------------------------------------- 1 | { 2 | system, 3 | inputs, 4 | ... 5 | } @ args: let 6 | exportFile = import ./exports.nix args; 7 | inherit (exportFile) exports exportsSystems; 8 | inherit (inputs.self.legacyPackages.${system}) pkgs; 9 | nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" '' 10 | ${exports} 11 | ${exportsSystems} 12 | source ${./actions-test.sh} 13 | ''; 14 | in 15 | nf-actions-test 16 | -------------------------------------------------------------------------------- /wrappers/nf-generate.nix: -------------------------------------------------------------------------------- 1 | { 2 | system, 3 | inputs, 4 | ... 5 | } @ args: let 6 | inherit (inputs.nixpkgs) lib; 7 | exportFile = import ./exports.nix args; 8 | inherit (exportFile) exports; 9 | inherit (lib.strings) makeBinPath; 10 | inherit (inputs.std.lib) string; 11 | inherit (inputs.self.legacyPackages.${system}) pkgs; 12 | inherit (import ../ci/nix.nix) ci; 13 | nf-generate = pkgs.writeShellScriptBin "nf-generate" '' 14 | ${exports} 15 | export PATH="$PATH:${makeBinPath [pkgs.jq]}" 16 | NF_INPUT_CI=${string.escapeShellArg inputs.ci} 17 | NF_CONFIG_FILES=(${string.concatMapSep " " string.escapeShellArg ci.workflowConfigs}) 18 | source ${./generate.sh} 19 | ''; 20 | in 21 | nf-generate 22 | --------------------------------------------------------------------------------