├── packages ├── default.nix ├── nixos │ ├── templates │ │ ├── home.nix │ │ ├── user.nix │ │ ├── configuration.nix │ │ └── hardware-configuration.nix │ └── default.nix ├── shizuku.nix ├── docker-nvidia-smi.nix ├── isy.nix ├── sshed │ └── default.nix ├── derive │ └── default.nix ├── agenix │ └── default.nix ├── mpd-url.nix ├── wrapWithFlags.nix ├── ipaddr.nix ├── sv.nix ├── enableWayland.nix ├── fetchgithub.nix ├── qr.nix ├── mkApplication.nix └── mkScript.nix ├── hosts ├── wit │ ├── README.md │ ├── ssh_host_ed25519_key.pub │ ├── users │ │ ├── jon.nix │ │ └── ness.nix │ ├── configuration.nix │ └── hardware-configuration.nix ├── cog │ ├── README.md │ ├── ssh_host_ed25519_key.pub │ ├── users │ │ ├── ness.nix │ │ └── jon │ │ │ └── home-configuration.nix │ └── hardware-configuration.nix ├── eve │ ├── README.md │ ├── ssh_host_ed25519_key.pub │ ├── users │ │ └── jon.nix │ └── hardware-configuration.nix ├── iso │ ├── README.md │ └── downloader.sh ├── sim │ ├── README.md │ ├── ssh_host_ed25519_key.pub │ ├── users │ │ └── jon.nix │ └── hardware-configuration.nix ├── kit │ ├── users │ │ └── jon │ │ │ └── withings-sync.age │ ├── ssh_host_ed25519_key.pub │ ├── README.md │ └── hardware-configuration.nix ├── fit │ ├── ssh_host_ed25519_key.pub │ ├── README.md │ ├── users │ │ └── jon.nix │ ├── configuration.nix │ └── hardware-configuration.nix ├── hub │ ├── ssh_host_ed25519_key.pub │ ├── users │ │ └── jon.nix │ ├── README.md │ └── hardware-configuration.nix ├── lux │ ├── ssh_host_ed25519_key.pub │ ├── users │ │ └── jon.nix │ ├── README.md │ └── hardware-configuration.nix └── README.md ├── modules ├── nixos │ ├── default │ │ ├── options │ │ │ ├── blocky │ │ │ │ ├── blacklist.txt │ │ │ │ └── whitelist.txt │ │ │ ├── default.nix │ │ │ ├── gitea │ │ │ │ └── gitea.age │ │ │ ├── freshrss │ │ │ │ └── freshrss.age │ │ │ ├── home-assistant │ │ │ │ ├── isy.age │ │ │ │ ├── isy.nix │ │ │ │ └── zwave.nix │ │ │ ├── keyd │ │ │ │ ├── local-overrides.quirks │ │ │ │ ├── keyboards │ │ │ │ │ ├── rii.nix │ │ │ │ │ ├── w3.nix │ │ │ │ │ ├── framework.nix │ │ │ │ │ ├── g600.nix │ │ │ │ │ ├── t480s.nix │ │ │ │ │ ├── apple.nix │ │ │ │ │ ├── k811.nix │ │ │ │ │ └── hhkb.nix │ │ │ │ └── monitor.sh │ │ │ ├── traefik │ │ │ │ ├── cloudflare.age │ │ │ │ ├── dns.nix │ │ │ │ └── ca.nix │ │ │ ├── tandoor-recipes │ │ │ │ └── tandoor-recipes.age │ │ │ ├── arr │ │ │ │ └── default.nix │ │ │ ├── earlyoom.nix │ │ │ ├── desktop.nix │ │ │ ├── tautulli.nix │ │ │ ├── ntfy-sh.nix │ │ │ ├── mysql.nix │ │ │ ├── whoami.nix │ │ │ ├── nfs.nix │ │ │ ├── rust-motd.nix │ │ │ ├── tiddlywiki.nix │ │ │ ├── beszel │ │ │ │ └── default.nix │ │ │ ├── syncthing.nix │ │ │ ├── jellyfin.nix │ │ │ ├── prometheus.nix │ │ │ ├── whoogle.nix │ │ │ └── bluetooth.nix │ │ ├── configs │ │ │ ├── default.nix │ │ │ ├── storage.nix │ │ │ ├── services.nix │ │ │ ├── nixpkgs.nix │ │ │ ├── disko.nix │ │ │ ├── groups.nix │ │ │ ├── nix-index.nix │ │ │ ├── neovim.nix │ │ │ ├── docker.nix │ │ │ └── programs.nix │ │ ├── overlays │ │ │ ├── default.nix │ │ │ ├── nvf │ │ │ │ ├── nvf.age │ │ │ │ └── default.nix │ │ │ ├── self.nix │ │ │ ├── unstable.nix │ │ │ ├── nur.nix │ │ │ ├── firefox.nix │ │ │ └── misc.nix │ │ └── default.nix │ ├── desktop │ │ ├── default │ │ │ ├── configs │ │ │ │ ├── default.nix │ │ │ │ ├── services.nix │ │ │ │ ├── sound.nix │ │ │ │ ├── programs.nix │ │ │ │ ├── fonts.nix │ │ │ │ └── codecs.nix │ │ │ ├── options │ │ │ │ ├── default.nix │ │ │ │ ├── localsend.nix │ │ │ │ ├── dolphin-emu.nix │ │ │ │ └── steam.nix │ │ │ └── default.nix │ │ └── homelab.nix │ └── hardware │ │ ├── vm.nix │ │ ├── framework-11th-gen-intel.nix │ │ ├── radeon-rx-580.nix │ │ └── linode.nix └── home │ ├── users │ ├── jon │ │ ├── default.nix │ │ ├── git-credentials.age │ │ ├── accounts │ │ │ ├── email-addresses.age │ │ │ ├── password-gmail.age │ │ │ ├── password-icloud.age │ │ │ ├── password-fastmail.age │ │ │ └── default.nix │ │ ├── git.nix │ │ ├── mine.nix │ │ ├── programs.nix │ │ ├── services.nix │ │ └── terminal.nix │ └── ness │ │ ├── default.nix │ │ └── storage.nix │ ├── default │ ├── configs │ │ ├── default.nix │ │ ├── services.nix │ │ ├── agenix.nix │ │ ├── networking.nix │ │ ├── nix.nix │ │ ├── nix-index.nix │ │ ├── neovim.nix │ │ └── impermanence.nix │ ├── options │ │ ├── default.nix │ │ ├── accounts.nix │ │ ├── zoxide.nix │ │ ├── desktop.nix │ │ ├── direnv.nix │ │ ├── sound.nix │ │ ├── cava.nix │ │ ├── ripgrep.nix │ │ ├── fzf.nix │ │ ├── bluetuith.nix │ │ └── neomutt │ │ │ └── search.nix │ └── default.nix │ └── desktop │ ├── default │ ├── configs │ │ ├── default.nix │ │ ├── services.nix │ │ ├── messages.nix │ │ ├── design.nix │ │ ├── productivity.nix │ │ ├── programs.nix │ │ └── media.nix │ ├── options │ │ ├── default.nix │ │ ├── localsend.nix │ │ ├── shotcut.nix │ │ ├── davinci-resolve │ │ │ ├── davinci-resolve-export.sh │ │ │ ├── davinci-resolve-import.sh │ │ │ └── default.nix │ │ ├── dolphin-emu.nix │ │ ├── slack.nix │ │ ├── telegram.nix │ │ ├── keyd │ │ │ └── lib.nix │ │ ├── bluebubbles.nix │ │ ├── fuzzel.nix │ │ ├── chromium │ │ │ └── registry.nix │ │ ├── onepassword.nix │ │ ├── freetube.nix │ │ ├── gimp.nix │ │ └── projectm.nix │ └── default.nix │ └── hyprland │ ├── rofi │ ├── scripts │ │ ├── rofi-cliphist.sh │ │ ├── rofi-toggle.sh │ │ └── default.nix │ ├── emoji.nix │ ├── sinks.nix │ ├── calc.nix │ ├── launcher.nix │ └── clips.nix │ ├── hypr │ ├── scripts │ │ ├── hypr-toggletitlebars.sh │ │ ├── hypr-resizefloating.sh │ │ ├── hypr-togglespecial.sh │ │ ├── hypr-togglegrouporkill.sh │ │ ├── hypr-button.sh │ │ ├── hypr-movewindoworgrouporactive.sh │ │ ├── hypr-togglegrouporlock.sh │ │ ├── hypr-tileorsplit.sh │ │ ├── default.nix │ │ ├── hypr-togglefloating.sh │ │ └── hypr-float.sh │ ├── fullscreen.nix │ ├── cursors.nix │ ├── special.nix │ ├── supertab.nix │ ├── default.nix │ ├── hyprexpo.nix │ ├── launchers.nix │ └── hyprbars.nix │ ├── desktop-entries.nix │ ├── swaylock.nix │ ├── keyd.nix │ ├── programs.nix │ ├── nautilus.nix │ ├── waybar │ ├── default.nix │ └── modules-center.nix │ ├── hypridle.nix │ ├── swww.nix │ ├── mako.nix │ └── default.nix ├── zones ├── ca.age ├── nest │ └── default.nix ├── default.nix ├── work │ └── default.nix ├── home │ └── default.nix └── tail │ ├── default.nix │ └── README.md ├── secrets ├── hex.age ├── id_age.pub ├── nixos │ ├── cog │ │ ├── 1b9676b6d210e90752464d5be6f1c5df-ca.age │ │ ├── bb6b80d9ab3a1e0dcf79c454dd497df7-nvf.age │ │ ├── ce380c3192d96d44e8617c0f0dcfee4b-hex.age │ │ ├── e974c96e03a7ce94d0e45a4b0658b299-cloudflare.age │ │ ├── 05042fc409b321d6bffa51259729525f-root-password.age │ │ ├── 1257f7a03c6157a670f86aa65e8c2003-btrbk-password.age │ │ ├── 99ace010b1f196cf4438963dbf0884be-jon-password.age │ │ ├── ce7fd49a1c5fb7aebf157ebb12e21ea0-ness-password.age │ │ └── c8d86144084464b7a6e6fd6473aec30e-beszel-password.age │ ├── eve │ │ ├── c4b0001d7888b122054221a32b33384e-nvf.age │ │ ├── e2aa0870ddbb9056daaed90fa5173751-hex.age │ │ ├── f2faf221e281b10433e3354e08075aea-ca.age │ │ ├── 73bc7cf16f98c1b1f2adf17e81c8653c-cloudflare.age │ │ ├── 0d352c0d6425469cfb2bbb086fdb394d-root-password.age │ │ ├── b673f161973e2e3fcdbd3fe7393adc52-jon-password.age │ │ ├── c83b08920ebb8f3efaac2a9ac0ff3b67-btrbk-password.age │ │ ├── e0e25b647a691b5ae303043625f1eae1-ness-password.age │ │ └── 5717cf320426005378d713c073fe6c94-beszel-password.age │ ├── fit │ │ ├── 30ca492b4d6939875230d0b3e332b993-ca.age │ │ ├── 6c0eac15697d46e817d7a100f381070e-nvf.age │ │ ├── b5b1fce2db48854a03eaced8b7157a56-hex.age │ │ ├── 3f28af14b7e08f6ea0c8cd0e76cc4192-cloudflare.age │ │ ├── 128c15c5d2345a97d7bb10959a4cb754-jon-password.age │ │ ├── 56c289c1fe7ab557c2cd4b7e5fa73053-ness-password.age │ │ ├── ae8f077423f6ece77c456304a68edc64-btrbk-password.age │ │ ├── d0e5058b382d25a07428be62cf97c38d-root-password.age │ │ └── d2787887eed4ac3083b0f2f8193aeb98-beszel-password.age │ ├── hub │ │ ├── 383198f39f2954a38f5ec51614d731fb-hex.age │ │ ├── 612ff83e610bdf4988fee8026d6d2afe-nvf.age │ │ ├── 959207e604a412ef80c8e5be2dafade8-ca.age │ │ ├── d67b839920e8e0372fec5e9e4d54e713-isy.age │ │ ├── 0063d939e50c47f4feec6c02927bb80c-cloudflare.age │ │ ├── 027bb9d20ecaf5718821a70c5efd5ff3-jon-password.age │ │ ├── 4d8e0e6f6d90f675853f79292ad1f237-root-password.age │ │ ├── 90c3ce68a4d9e6b86f7d2aa172643bc1-ness-password.age │ │ ├── ea2aa68bfb24f71bdf5c01483c97bee9-btrbk-password.age │ │ └── 3aadc745304eef90d2207e27bc288bfb-beszel-password.age │ ├── kit │ │ ├── 018d2ad37350709578daeb8df8ac561d-nvf.age │ │ ├── 1ad26efa68effbe856f9cd78449fdf35-ca.age │ │ ├── cd061829ddadf03ce674e67f9a12b0c3-hex.age │ │ ├── 2a5c0d08cc5c40b8f9f86a46c495fa3e-cloudflare.age │ │ ├── 184c84896dcc7ebc2bb44bc2536c9d63-root-password.age │ │ ├── 2bcc7f438125cf9a5194278c077375f4-ness-password.age │ │ ├── 5fb214185ab97108a3f578afb8ba437d-btrbk-password.age │ │ ├── e3eca8f972857d7eab593f76ae37f5bf-jon-password.age │ │ └── f6cb4adfb31d16acfa84cd18548b3cea-beszel-password.age │ ├── lux │ │ ├── 66fa236a54ae8bde35ca9c25468821a6-hex.age │ │ ├── a34055de7d43a00640e30be986e2cad9-ca.age │ │ ├── b0709e25b52a919e01d50b70d4321677-nvf.age │ │ ├── d1e280114c952a3b0350e3826f522401-gitea.age │ │ ├── ed6be4a768421b5d5b93792f2499fca9-cloudflare.age │ │ ├── 63e865959eb6b472c1a8e86090485d4d-btrbk-password.age │ │ ├── 90cd5a28cba49cb9522ce9972cb5d15b-root-password.age │ │ ├── abed9561e1d0c98da638c15bdf3a4f3c-jon-password.age │ │ ├── ff4bd4962e59fe610caf8781b4e91334-ness-password.age │ │ └── ac59b84bea412b0a9e297d1a89851595-beszel-password.age │ ├── sim │ │ ├── 43b6e185e25c1472aba47f99325c88f0-hex.age │ │ ├── 85608ad12bef1df680964cf56f3eee03-ca.age │ │ ├── 8e2664a83c157ff9d9177c3a91a2ae5b-nvf.age │ │ ├── 7ce2870222deffe90bb42fc268f01664-cloudflare.age │ │ ├── 029dbf371cf4b06b6c792ee2e0c16405-btrbk-password.age │ │ ├── 08ca44ad6aede1aeb27972e9f547745b-root-password.age │ │ ├── 700ee5ea1cc718758026d50c202cf1fd-ness-password.age │ │ ├── f7b1d0b59fa69b02393ee18e4ddada2f-jon-password.age │ │ └── 60fe32a1205480917ed2c6143f9b9853-beszel-password.age │ └── wit │ │ ├── 03bef144b13d79d0b1e9006a90389ab0-ca.age │ │ ├── a2e62f7e222bd51c04d555b073c6c05d-hex.age │ │ ├── c289be6399a0e7b6606254410f85391e-nvf.age │ │ ├── 1969619886755ebbeecb9264e696c4f4-cloudflare.age │ │ ├── 01210b2909ceb7847af7de8755228ec2-jon-password.age │ │ ├── 07dfceb8d2defc8620bb75d8bae96e00-ness-password.age │ │ ├── 0a87d9f804fda1f28409c5fbcce2afe1-btrbk-password.age │ │ ├── 715998ed49179dca354f358a1b2bf125-root-password.age │ │ └── f7b876b674771f6aa5c2e2cc12a40bd3-beszel-password.age └── home │ ├── cog-jon │ ├── 13d6a2287424ce33fe718bf2b26acf57-icloud.age │ ├── fa9a8f38d50238f700d5bfab8d78d2c0-gmail.age │ ├── bc384bd508ce60756e1bb14de78e6644-fastmail.age │ ├── 5f7cdffb2756041796218512731ebd11-addresses.age │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ ├── kit-jon │ ├── 13d6a2287424ce33fe718bf2b26acf57-icloud.age │ ├── fa9a8f38d50238f700d5bfab8d78d2c0-gmail.age │ ├── bc384bd508ce60756e1bb14de78e6644-fastmail.age │ ├── 5f7cdffb2756041796218512731ebd11-addresses.age │ ├── c41a6ce86ebc40383ecc7e4bc442d5b6-withings-sync.age │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ ├── eve-jon │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ ├── fit-jon │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ ├── hub-jon │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ ├── lux-jon │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ ├── sim-jon │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age │ └── wit-jon │ └── 16a0e6c1c621952c0ac855ae9371f816-git-credentials.age ├── users ├── jon │ ├── id_age.pub │ ├── password.age │ ├── id_ed25519.pub │ └── default.nix ├── ness │ ├── id_age.pub │ ├── password.age │ ├── id_ed25519.pub │ └── default.nix ├── root │ ├── id_age.pub │ ├── password.age │ ├── id_ed25519.pub │ └── default.nix ├── beszel │ ├── id_age.pub │ ├── password.age │ ├── default.nix │ └── id_ed25519.pub ├── btrbk │ ├── id_age.pub │ ├── password.age │ ├── default.nix │ └── id_ed25519.pub └── README.md ├── .gitignore ├── .envrc ├── lib ├── homeModules.nix ├── nixosModules.nix ├── genAttrs.nix ├── users.nix └── networking.nix └── devshell.nix /packages/default.nix: -------------------------------------------------------------------------------- 1 | nixos/default.nix -------------------------------------------------------------------------------- /hosts/wit/README.md: -------------------------------------------------------------------------------- 1 | # wit 2 | 3 | Thinkpad T480s 4 | -------------------------------------------------------------------------------- /hosts/cog/README.md: -------------------------------------------------------------------------------- 1 | # cog ⚙ 2 | 3 | Framework laptop 4 | -------------------------------------------------------------------------------- /hosts/eve/README.md: -------------------------------------------------------------------------------- 1 | # eve 2 | 3 | 2009 Mac Pro (at work) 4 | -------------------------------------------------------------------------------- /hosts/iso/README.md: -------------------------------------------------------------------------------- 1 | # iso 2 | 3 | Custom NixOS installer ISO 4 | -------------------------------------------------------------------------------- /hosts/sim/README.md: -------------------------------------------------------------------------------- 1 | # sim 2 | 3 | Virtual Machine for experiments 4 | -------------------------------------------------------------------------------- /modules/nixos/default/options/blocky/blacklist.txt: -------------------------------------------------------------------------------- 1 | *.000space.com 2 | -------------------------------------------------------------------------------- /zones/ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/zones/ca.age -------------------------------------------------------------------------------- /modules/home/users/jon/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/home/users/ness/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /secrets/hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/hex.age -------------------------------------------------------------------------------- /modules/home/default/configs/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/home/default/options/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /secrets/id_age.pub: -------------------------------------------------------------------------------- 1 | age1s2leywugfugxdqc233w6hshzw066cjws0q3yhdnu6khzfmye4y2s544jcn 2 | -------------------------------------------------------------------------------- /users/jon/id_age.pub: -------------------------------------------------------------------------------- 1 | age18d958z4nd5y6g8yt6v4jwxk5wr05ztdd7rgyvpqg6lgwnd3x7s0syjh2jt 2 | -------------------------------------------------------------------------------- /users/ness/id_age.pub: -------------------------------------------------------------------------------- 1 | age1kq9hjzvljd8d2zdq2e74200zuz5d533328k6u3t8t03c38wcreyqra2hjh 2 | -------------------------------------------------------------------------------- /users/root/id_age.pub: -------------------------------------------------------------------------------- 1 | age1aqsgua72hfvemrpfk55dysjr7e55tzy59vrzngc0rw456hdp6ghsgasmys 2 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/nixos/default/options/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /users/beszel/id_age.pub: -------------------------------------------------------------------------------- 1 | age1adyrlupnwcwue8tqrrwmrhd2jgfc00gccyn07mygt598u4xmcgksuzza60 2 | -------------------------------------------------------------------------------- /users/btrbk/id_age.pub: -------------------------------------------------------------------------------- 1 | age1stlqus5wrgjzc0vlgeffrh4hmprmmvyjq806zyy5at8vfg2jesms6f26u5 2 | -------------------------------------------------------------------------------- /zones/nest/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Nest network: ASUS RT-AC66U 3 | rt = "10.3.0.1"; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/configs/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/options/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: {imports = flake.lib.ls ./.;} 2 | -------------------------------------------------------------------------------- /users/btrbk/password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/users/btrbk/password.age -------------------------------------------------------------------------------- /users/jon/password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/users/jon/password.age -------------------------------------------------------------------------------- /users/ness/password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/users/ness/password.age -------------------------------------------------------------------------------- /users/root/password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/users/root/password.age -------------------------------------------------------------------------------- /modules/home/default/configs/services.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | services.ssh-agent.enable = true; 3 | } 4 | -------------------------------------------------------------------------------- /users/beszel/password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/users/beszel/password.age -------------------------------------------------------------------------------- /packages/nixos/templates/home.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [flake.homeModules.default]; 3 | } 4 | -------------------------------------------------------------------------------- /users/beszel/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | uid = null; 3 | isSystemUser = true; 4 | description = "beszel system user"; 5 | } 6 | -------------------------------------------------------------------------------- /users/btrbk/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | uid = null; 3 | isSystemUser = true; 4 | description = "btrbk system user"; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/kit/users/jon/withings-sync.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/hosts/kit/users/jon/withings-sync.age -------------------------------------------------------------------------------- /modules/home/default/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [./configs ./options]; 3 | home.stateVersion = "24.11"; 4 | } 5 | -------------------------------------------------------------------------------- /modules/home/desktop/default/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [./configs ./options]; 3 | desktop.enable = true; 4 | } 5 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/configs/services.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | # App Store 3 | services.flatpak.enable = true; 4 | } 5 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [./configs ./options]; 3 | desktop.enable = true; 4 | } 5 | -------------------------------------------------------------------------------- /users/jon/id_ed25519.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPviN4LtuWOvvSMomJeXbWn7AIZGDQoagNmkg4Y2UePa jon@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /modules/home/users/jon/git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/home/users/jon/git-credentials.age -------------------------------------------------------------------------------- /modules/nixos/default/overlays/nvf/nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/nixos/default/overlays/nvf/nvf.age -------------------------------------------------------------------------------- /users/beszel/id_ed25519.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPtxQpALWh4Yx6KiD/hGz+AKam94+l1G35YwdSb6X54 beszel@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /users/btrbk/id_ed25519.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJvp3r63P3UbmxvnioiQXn1KlQQ7CfhGarm9sNLClQT btrbk@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /users/ness/id_ed25519.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvP/T636hNNnfA6mQ3hOPB6lfGATlJVje5Npxaxc6UB ness@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /users/root/id_ed25519.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1IlL7y0Wjm+IpwQZ2R+1gLRLTkPKD62fHip+foJOas root@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/cog/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIahxD2qBtBqd4x5lK6k5ZiPKJb7bhgz6sk1ISwWf7Z3 cog@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/eve/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWWaCGQRakxftIvVXX+H04XWFIyTLIwWUux+rwmWIwI eve@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/fit/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJle2NTLr8V2mdaMqtN/3JNSQo6+Hrea0yNhtwuMV2rW fit@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/hub/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGp0ywoe2nuwEBdSzQDyV2XViKABbw+Mqz9xb9QCtwzD hub@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/kit/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxPh67KrpiyPJNHvE3qd1ZWdAfPaJx7zE3baeBAo5DU kit@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/lux/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9JvFqQyKQUHHc+N0sLXrHzQzviMARxkSKcnDbKn9K/ lux@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/sim/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKEb5HqzSaYjXrFkQ4MV5/80mcQCedPmE/sLiH2h6rI sim@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /hosts/wit/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTDDVOmiHvOvM0Fmbzg7tllrHiwShZfOKo7FcNxiUCc wit@bip85-hex32-index1 2 | -------------------------------------------------------------------------------- /modules/nixos/default/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [./configs ./options ./overlays]; 3 | system.stateVersion = "24.11"; 4 | } 5 | -------------------------------------------------------------------------------- /modules/nixos/default/options/gitea/gitea.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/nixos/default/options/gitea/gitea.age -------------------------------------------------------------------------------- /hosts/eve/users/jon.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.users.jon 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/hub/users/jon.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.users.jon 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /modules/home/users/jon/accounts/email-addresses.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/home/users/jon/accounts/email-addresses.age -------------------------------------------------------------------------------- /modules/home/users/jon/accounts/password-gmail.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/home/users/jon/accounts/password-gmail.age -------------------------------------------------------------------------------- /modules/home/users/jon/accounts/password-icloud.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/home/users/jon/accounts/password-icloud.age -------------------------------------------------------------------------------- /modules/nixos/default/options/freshrss/freshrss.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/nixos/default/options/freshrss/freshrss.age -------------------------------------------------------------------------------- /packages/nixos/templates/user.nix: -------------------------------------------------------------------------------- 1 | { 2 | uid = null; 3 | description = "User"; 4 | openssh.authorizedKeys.keyFiles = [./id_ed25519.pub]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/users/jon/accounts/password-fastmail.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/home/users/jon/accounts/password-fastmail.age -------------------------------------------------------------------------------- /modules/nixos/default/options/home-assistant/isy.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/nixos/default/options/home-assistant/isy.age -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/local-overrides.quirks: -------------------------------------------------------------------------------- 1 | [keyd] 2 | MatchUdevType=keyboard 3 | MatchVendor=0xFAC 4 | AttrKeyboardIntegration=internal 5 | -------------------------------------------------------------------------------- /modules/nixos/default/options/traefik/cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/nixos/default/options/traefik/cloudflare.age -------------------------------------------------------------------------------- /users/root/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | uid = 0; 3 | isSystemUser = true; 4 | openssh.authorizedKeys.keyFiles = [./id_ed25519.pub ../jon/id_ed25519.pub]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/home/default/options/accounts.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | # Extend accounts options 3 | options.accounts.enable = lib.options.mkEnableOption "accounts"; 4 | } 5 | -------------------------------------------------------------------------------- /secrets/nixos/cog/1b9676b6d210e90752464d5be6f1c5df-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/1b9676b6d210e90752464d5be6f1c5df-ca.age -------------------------------------------------------------------------------- /secrets/nixos/cog/bb6b80d9ab3a1e0dcf79c454dd497df7-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/bb6b80d9ab3a1e0dcf79c454dd497df7-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/cog/ce380c3192d96d44e8617c0f0dcfee4b-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/ce380c3192d96d44e8617c0f0dcfee4b-hex.age -------------------------------------------------------------------------------- /secrets/nixos/eve/c4b0001d7888b122054221a32b33384e-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/c4b0001d7888b122054221a32b33384e-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/eve/e2aa0870ddbb9056daaed90fa5173751-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/e2aa0870ddbb9056daaed90fa5173751-hex.age -------------------------------------------------------------------------------- /secrets/nixos/eve/f2faf221e281b10433e3354e08075aea-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/f2faf221e281b10433e3354e08075aea-ca.age -------------------------------------------------------------------------------- /secrets/nixos/fit/30ca492b4d6939875230d0b3e332b993-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/30ca492b4d6939875230d0b3e332b993-ca.age -------------------------------------------------------------------------------- /secrets/nixos/fit/6c0eac15697d46e817d7a100f381070e-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/6c0eac15697d46e817d7a100f381070e-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/fit/b5b1fce2db48854a03eaced8b7157a56-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/b5b1fce2db48854a03eaced8b7157a56-hex.age -------------------------------------------------------------------------------- /secrets/nixos/hub/383198f39f2954a38f5ec51614d731fb-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/383198f39f2954a38f5ec51614d731fb-hex.age -------------------------------------------------------------------------------- /secrets/nixos/hub/612ff83e610bdf4988fee8026d6d2afe-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/612ff83e610bdf4988fee8026d6d2afe-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/hub/959207e604a412ef80c8e5be2dafade8-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/959207e604a412ef80c8e5be2dafade8-ca.age -------------------------------------------------------------------------------- /secrets/nixos/hub/d67b839920e8e0372fec5e9e4d54e713-isy.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/d67b839920e8e0372fec5e9e4d54e713-isy.age -------------------------------------------------------------------------------- /secrets/nixos/kit/018d2ad37350709578daeb8df8ac561d-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/018d2ad37350709578daeb8df8ac561d-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/kit/1ad26efa68effbe856f9cd78449fdf35-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/1ad26efa68effbe856f9cd78449fdf35-ca.age -------------------------------------------------------------------------------- /secrets/nixos/kit/cd061829ddadf03ce674e67f9a12b0c3-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/cd061829ddadf03ce674e67f9a12b0c3-hex.age -------------------------------------------------------------------------------- /secrets/nixos/lux/66fa236a54ae8bde35ca9c25468821a6-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/66fa236a54ae8bde35ca9c25468821a6-hex.age -------------------------------------------------------------------------------- /secrets/nixos/lux/a34055de7d43a00640e30be986e2cad9-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/a34055de7d43a00640e30be986e2cad9-ca.age -------------------------------------------------------------------------------- /secrets/nixos/lux/b0709e25b52a919e01d50b70d4321677-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/b0709e25b52a919e01d50b70d4321677-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/sim/43b6e185e25c1472aba47f99325c88f0-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/43b6e185e25c1472aba47f99325c88f0-hex.age -------------------------------------------------------------------------------- /secrets/nixos/sim/85608ad12bef1df680964cf56f3eee03-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/85608ad12bef1df680964cf56f3eee03-ca.age -------------------------------------------------------------------------------- /secrets/nixos/sim/8e2664a83c157ff9d9177c3a91a2ae5b-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/8e2664a83c157ff9d9177c3a91a2ae5b-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/wit/03bef144b13d79d0b1e9006a90389ab0-ca.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/03bef144b13d79d0b1e9006a90389ab0-ca.age -------------------------------------------------------------------------------- /secrets/nixos/wit/a2e62f7e222bd51c04d555b073c6c05d-hex.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/a2e62f7e222bd51c04d555b073c6c05d-hex.age -------------------------------------------------------------------------------- /secrets/nixos/wit/c289be6399a0e7b6606254410f85391e-nvf.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/c289be6399a0e7b6606254410f85391e-nvf.age -------------------------------------------------------------------------------- /secrets/nixos/lux/d1e280114c952a3b0350e3826f522401-gitea.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/d1e280114c952a3b0350e3826f522401-gitea.age -------------------------------------------------------------------------------- /users/ness/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | uid = 1001; 3 | description = "Nessie Suderman"; 4 | openssh.authorizedKeys.keyFiles = [./id_ed25519.pub ../jon/id_ed25519.pub]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/nixos/default/options/blocky/whitelist.txt: -------------------------------------------------------------------------------- 1 | analytics.google.com 2 | *.godaddysites.com 3 | *.4chan.org 4 | *.7chan.org 5 | *.8chan.moe 6 | *.8kun.top 7 | *.gab.com 8 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/self.nix: -------------------------------------------------------------------------------- 1 | {perSystem, ...}: { 2 | nixpkgs.overlays = [ 3 | (_final: _prev: { 4 | inherit (perSystem) self; 5 | }) 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /secrets/home/cog-jon/13d6a2287424ce33fe718bf2b26acf57-icloud.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/cog-jon/13d6a2287424ce33fe718bf2b26acf57-icloud.age -------------------------------------------------------------------------------- /secrets/home/cog-jon/fa9a8f38d50238f700d5bfab8d78d2c0-gmail.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/cog-jon/fa9a8f38d50238f700d5bfab8d78d2c0-gmail.age -------------------------------------------------------------------------------- /secrets/home/kit-jon/13d6a2287424ce33fe718bf2b26acf57-icloud.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/kit-jon/13d6a2287424ce33fe718bf2b26acf57-icloud.age -------------------------------------------------------------------------------- /secrets/home/kit-jon/fa9a8f38d50238f700d5bfab8d78d2c0-gmail.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/kit-jon/fa9a8f38d50238f700d5bfab8d78d2c0-gmail.age -------------------------------------------------------------------------------- /modules/nixos/default/options/tandoor-recipes/tandoor-recipes.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/modules/nixos/default/options/tandoor-recipes/tandoor-recipes.age -------------------------------------------------------------------------------- /secrets/home/cog-jon/bc384bd508ce60756e1bb14de78e6644-fastmail.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/cog-jon/bc384bd508ce60756e1bb14de78e6644-fastmail.age -------------------------------------------------------------------------------- /secrets/home/kit-jon/bc384bd508ce60756e1bb14de78e6644-fastmail.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/kit-jon/bc384bd508ce60756e1bb14de78e6644-fastmail.age -------------------------------------------------------------------------------- /secrets/nixos/cog/e974c96e03a7ce94d0e45a4b0658b299-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/e974c96e03a7ce94d0e45a4b0658b299-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/eve/73bc7cf16f98c1b1f2adf17e81c8653c-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/73bc7cf16f98c1b1f2adf17e81c8653c-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/fit/3f28af14b7e08f6ea0c8cd0e76cc4192-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/3f28af14b7e08f6ea0c8cd0e76cc4192-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/hub/0063d939e50c47f4feec6c02927bb80c-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/0063d939e50c47f4feec6c02927bb80c-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/kit/2a5c0d08cc5c40b8f9f86a46c495fa3e-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/2a5c0d08cc5c40b8f9f86a46c495fa3e-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/lux/ed6be4a768421b5d5b93792f2499fca9-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/ed6be4a768421b5d5b93792f2499fca9-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/sim/7ce2870222deffe90bb42fc268f01664-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/7ce2870222deffe90bb42fc268f01664-cloudflare.age -------------------------------------------------------------------------------- /secrets/nixos/wit/1969619886755ebbeecb9264e696c4f4-cloudflare.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/1969619886755ebbeecb9264e696c4f4-cloudflare.age -------------------------------------------------------------------------------- /hosts/wit/users/jon.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.desktop.gnome 5 | flake.homeModules.users.jon 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/wit/users/ness.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.desktop.gnome 5 | flake.homeModules.users.ness 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/services.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | services.flatpak.enable = true; # app Store 3 | services.keyd.enable = true; # # watch window focus changes 4 | } 5 | -------------------------------------------------------------------------------- /secrets/home/cog-jon/5f7cdffb2756041796218512731ebd11-addresses.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/cog-jon/5f7cdffb2756041796218512731ebd11-addresses.age -------------------------------------------------------------------------------- /secrets/home/kit-jon/5f7cdffb2756041796218512731ebd11-addresses.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/kit-jon/5f7cdffb2756041796218512731ebd11-addresses.age -------------------------------------------------------------------------------- /secrets/nixos/cog/05042fc409b321d6bffa51259729525f-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/05042fc409b321d6bffa51259729525f-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/cog/1257f7a03c6157a670f86aa65e8c2003-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/1257f7a03c6157a670f86aa65e8c2003-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/cog/99ace010b1f196cf4438963dbf0884be-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/99ace010b1f196cf4438963dbf0884be-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/cog/ce7fd49a1c5fb7aebf157ebb12e21ea0-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/ce7fd49a1c5fb7aebf157ebb12e21ea0-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/eve/0d352c0d6425469cfb2bbb086fdb394d-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/0d352c0d6425469cfb2bbb086fdb394d-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/eve/b673f161973e2e3fcdbd3fe7393adc52-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/b673f161973e2e3fcdbd3fe7393adc52-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/eve/c83b08920ebb8f3efaac2a9ac0ff3b67-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/c83b08920ebb8f3efaac2a9ac0ff3b67-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/eve/e0e25b647a691b5ae303043625f1eae1-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/e0e25b647a691b5ae303043625f1eae1-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/fit/128c15c5d2345a97d7bb10959a4cb754-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/128c15c5d2345a97d7bb10959a4cb754-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/fit/56c289c1fe7ab557c2cd4b7e5fa73053-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/56c289c1fe7ab557c2cd4b7e5fa73053-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/fit/ae8f077423f6ece77c456304a68edc64-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/ae8f077423f6ece77c456304a68edc64-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/fit/d0e5058b382d25a07428be62cf97c38d-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/d0e5058b382d25a07428be62cf97c38d-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/hub/027bb9d20ecaf5718821a70c5efd5ff3-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/027bb9d20ecaf5718821a70c5efd5ff3-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/hub/4d8e0e6f6d90f675853f79292ad1f237-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/4d8e0e6f6d90f675853f79292ad1f237-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/hub/90c3ce68a4d9e6b86f7d2aa172643bc1-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/90c3ce68a4d9e6b86f7d2aa172643bc1-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/hub/ea2aa68bfb24f71bdf5c01483c97bee9-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/ea2aa68bfb24f71bdf5c01483c97bee9-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/kit/184c84896dcc7ebc2bb44bc2536c9d63-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/184c84896dcc7ebc2bb44bc2536c9d63-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/kit/2bcc7f438125cf9a5194278c077375f4-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/2bcc7f438125cf9a5194278c077375f4-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/kit/5fb214185ab97108a3f578afb8ba437d-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/5fb214185ab97108a3f578afb8ba437d-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/kit/e3eca8f972857d7eab593f76ae37f5bf-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/e3eca8f972857d7eab593f76ae37f5bf-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/lux/63e865959eb6b472c1a8e86090485d4d-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/63e865959eb6b472c1a8e86090485d4d-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/lux/90cd5a28cba49cb9522ce9972cb5d15b-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/90cd5a28cba49cb9522ce9972cb5d15b-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/lux/abed9561e1d0c98da638c15bdf3a4f3c-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/abed9561e1d0c98da638c15bdf3a4f3c-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/lux/ff4bd4962e59fe610caf8781b4e91334-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/ff4bd4962e59fe610caf8781b4e91334-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/sim/029dbf371cf4b06b6c792ee2e0c16405-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/029dbf371cf4b06b6c792ee2e0c16405-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/sim/08ca44ad6aede1aeb27972e9f547745b-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/08ca44ad6aede1aeb27972e9f547745b-root-password.age -------------------------------------------------------------------------------- /secrets/nixos/sim/700ee5ea1cc718758026d50c202cf1fd-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/700ee5ea1cc718758026d50c202cf1fd-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/sim/f7b1d0b59fa69b02393ee18e4ddada2f-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/f7b1d0b59fa69b02393ee18e4ddada2f-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/wit/01210b2909ceb7847af7de8755228ec2-jon-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/01210b2909ceb7847af7de8755228ec2-jon-password.age -------------------------------------------------------------------------------- /secrets/nixos/wit/07dfceb8d2defc8620bb75d8bae96e00-ness-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/07dfceb8d2defc8620bb75d8bae96e00-ness-password.age -------------------------------------------------------------------------------- /secrets/nixos/wit/0a87d9f804fda1f28409c5fbcce2afe1-btrbk-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/0a87d9f804fda1f28409c5fbcce2afe1-btrbk-password.age -------------------------------------------------------------------------------- /secrets/nixos/wit/715998ed49179dca354f358a1b2bf125-root-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/715998ed49179dca354f358a1b2bf125-root-password.age -------------------------------------------------------------------------------- /users/jon/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | uid = 1000; 3 | description = "Jon Suderman"; 4 | openssh.authorizedKeys.keyFiles = [./id_ed25519.pub]; 5 | extraGroups = ["wheel"]; # sudo 6 | } 7 | -------------------------------------------------------------------------------- /hosts/cog/users/ness.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.desktop.hyprland 5 | flake.homeModules.users.ness 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /secrets/home/kit-jon/c41a6ce86ebc40383ecc7e4bc442d5b6-withings-sync.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/kit-jon/c41a6ce86ebc40383ecc7e4bc442d5b6-withings-sync.age -------------------------------------------------------------------------------- /secrets/nixos/cog/c8d86144084464b7a6e6fd6473aec30e-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/cog/c8d86144084464b7a6e6fd6473aec30e-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/eve/5717cf320426005378d713c073fe6c94-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/eve/5717cf320426005378d713c073fe6c94-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/fit/d2787887eed4ac3083b0f2f8193aeb98-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/fit/d2787887eed4ac3083b0f2f8193aeb98-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/hub/3aadc745304eef90d2207e27bc288bfb-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/hub/3aadc745304eef90d2207e27bc288bfb-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/kit/f6cb4adfb31d16acfa84cd18548b3cea-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/kit/f6cb4adfb31d16acfa84cd18548b3cea-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/lux/ac59b84bea412b0a9e297d1a89851595-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/lux/ac59b84bea412b0a9e297d1a89851595-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/sim/60fe32a1205480917ed2c6143f9b9853-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/sim/60fe32a1205480917ed2c6143f9b9853-beszel-password.age -------------------------------------------------------------------------------- /secrets/nixos/wit/f7b876b674771f6aa5c2e2cc12a40bd3-beszel-password.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/nixos/wit/f7b876b674771f6aa5c2e2cc12a40bd3-beszel-password.age -------------------------------------------------------------------------------- /zones/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Self-signed CA certificate 3 | ca = ./ca.crt; 4 | 5 | # Assume any subdomains are part of this internal network 6 | domainName = "suderman.org"; 7 | } 8 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/unstable.nix: -------------------------------------------------------------------------------- 1 | {perSystem, ...}: { 2 | nixpkgs.overlays = [ 3 | (_final: _prev: { 4 | unstable = perSystem.nixpkgs-unstable; 5 | }) 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /secrets/home/cog-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/cog-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/eve-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/eve-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/fit-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/fit-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/hub-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/hub-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/kit-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/kit-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/lux-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/lux-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/sim-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/sim-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /secrets/home/wit-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suderman/nixos/HEAD/secrets/home/wit-jon/16a0e6c1c621952c0ac855ae9371f816-git-credentials.age -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/scripts/rofi-cliphist.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [[ -n "${1-}" ]]; then 4 | printf %s "${1-}" | cliphist decode | wl-copy 5 | else 6 | cliphist list 7 | fi 8 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/configs/sound.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | # Sound & Bluetooth 3 | services.pipewire.enable = true; 4 | security.rtkit.enable = true; 5 | hardware.bluetooth.enable = true; 6 | } 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /scratch 2 | /hardware-configuration.nix 3 | /result 4 | .crush 5 | .data 6 | .direnv 7 | *.qcow2 8 | *.img 9 | /secrets/id_age 10 | /secrets/id_age_ 11 | /secrets/id_age.age 12 | ssh_host_ed25519_key 13 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/scripts/rofi-toggle.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | if $(pidof -q rofi >/dev/null); then 3 | kill $(pidof -s rofi) 4 | else 5 | if [[ -n "${@-}" ]]; then 6 | rofi "${@}" 7 | fi 8 | fi 9 | -------------------------------------------------------------------------------- /zones/work/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Work network: ASUS RT-AC66U 3 | rt = "10.2.0.1"; 4 | eve = "10.2.0.2"; 5 | pom = "10.2.0.3"; 6 | cog = "10.2.0.20"; 7 | cog-eth = "10.2.0.21"; 8 | phone = "10.2.0.30"; 9 | } 10 | -------------------------------------------------------------------------------- /modules/home/default/configs/agenix.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.inputs.agenix.homeManagerModules.default 4 | flake.inputs.agenix-rekey.homeManagerModules.default 5 | (flake + /secrets) 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/emoji.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.rofi = { 3 | plugins = [pkgs.unstable.rofi-emoji]; 4 | mode.slot2 = "emoji"; 5 | rasiConfig = [''emoji { display-name: ""; }'']; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /packages/nixos/templates/configuration.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | ./hardware-configuration.nix 4 | ./disk-configuration.nix 5 | flake.nixosModules.default 6 | ]; 7 | networking.domain = "home"; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/fit/README.md: -------------------------------------------------------------------------------- 1 | # fit 2 | 3 | 2009 mac pro (at home) 4 | 5 | home gym computer to run [zwift](https://github.com/netbrain/zwift/), and play 6 | music & movies during workouts. 7 | 8 | also, 4 drive bays are handy for home backups. 9 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/messages.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | # Telegram 3 | programs.telegram.enable = true; 4 | 5 | # iMessage 6 | programs.bluebubbles.enable = true; 7 | 8 | # Slack 9 | programs.slack.enable = true; 10 | } 11 | -------------------------------------------------------------------------------- /modules/nixos/desktop/homelab.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: let 2 | inherit (lib) mkOption types; 3 | in { 4 | options = { 5 | test = mkOption { 6 | type = types.anything; 7 | default = {}; 8 | }; 9 | }; 10 | config = {}; 11 | } 12 | -------------------------------------------------------------------------------- /modules/nixos/default/options/arr/default.nix: -------------------------------------------------------------------------------- 1 | # services.arr.enable = true; 2 | { 3 | lib, 4 | flake, 5 | ... 6 | }: let 7 | in { 8 | imports = flake.lib.ls ./.; 9 | options.services.arr.enable = lib.options.mkEnableOption "arr"; 10 | } 11 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/options/localsend.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.programs.localsend; 7 | in { 8 | config = lib.mkIf cfg.enable { 9 | programs.localsend.openFirewall = true; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/storage.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | environment.systemPackages = [pkgs.glib]; 7 | services.gvfs = { 8 | enable = lib.mkDefault true; 9 | package = lib.mkDefault pkgs.gvfs; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/localsend.nix: -------------------------------------------------------------------------------- 1 | { 2 | osConfig, 3 | lib, 4 | ... 5 | }: { 6 | config = lib.mkIf osConfig.programs.localsend.enable { 7 | persist.storage.directories = [".local/share/org.localsend.localsend_app"]; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /packages/shizuku.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | name = "shizuku"; 8 | path = [pkgs.android-tools]; 9 | text = "adb shell sh /storage/emulated/0/Android/data/moe.shizuku.privileged.api/start.sh"; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/lux/users/jon.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.users.jon 5 | ]; 6 | 7 | # Music daemon 8 | services.mpd = { 9 | enable = true; 10 | musicDirectory = "/media/music"; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/nur.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | nixpkgs.overlays = [ 3 | (final: _prev: { 4 | # Nix User Repositories 5 | nur = import flake.inputs.nur { 6 | pkgs = final; 7 | nurpkgs = final; 8 | }; 9 | }) 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Used by https://direnv.net 3 | 4 | # Automatically reload when this file changes 5 | watch_file devshell.nix 6 | 7 | # Load `nix develop` 8 | use flake 9 | 10 | # Extend the environment with per-user overrides 11 | source_env_if_exists .envrc.local 12 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-toggletitlebars.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | enabled="$(hyprctl getoption plugin:hyprbars:enabled)" 3 | if [[ $enabled == *1* ]]; then 4 | hyprctl keyword plugin:hyprbars:enabled false 5 | else 6 | hyprctl keyword plugin:hyprbars:enabled true 7 | fi 8 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-resizefloating.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | number="${1:-50}" 3 | is_floating="$(hyprctl activewindow -j | jq -r .floating)" 4 | if [[ "$is_floating" == "true" ]]; then 5 | hyprctl --batch "dispatch resizeactive exact $number% $number% ; dispatch centerwindow 1" 6 | fi 7 | -------------------------------------------------------------------------------- /users/README.md: -------------------------------------------------------------------------------- 1 | # NixOS user configurations 2 | 3 | Each of these directories are available under `flake.users.*` and represent a 4 | NixOS user configuration, along with generated keys and secrets. 5 | 6 | New users are added using this flake's default package: 7 | 8 | ```sh 9 | nixos add user 10 | ``` 11 | -------------------------------------------------------------------------------- /hosts/sim/users/jon.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.desktop.hyprland 5 | flake.homeModules.users.jon 6 | ]; 7 | 8 | # File sync 9 | services.syncthing.enable = true; 10 | 11 | # Music daemon 12 | services.mpd.enable = true; 13 | } 14 | -------------------------------------------------------------------------------- /lib/homeModules.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: let 2 | pathAttrs = path: 3 | inputs.blueprint.lib.importDir path 4 | (inputs.nixpkgs.lib.mapAttrs (_name: {path, ...}: path)); 5 | in { 6 | default = ../modules/home/default; 7 | desktop = pathAttrs ../modules/home/desktop; 8 | users = pathAttrs ../modules/home/users; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/lux/README.md: -------------------------------------------------------------------------------- 1 | # lux 2 | 3 | Intel NUC Panther Canyon PAHi7 With 11th Gen Core Processors i7 1165G7 4 | RNUC11PAHi70001 Mini PC Barebone System 5 | 6 | - Intel Core i7-1165G7 7 | - Intel Iris Xe Graphics 8 | - Memory Types DDR4-3200 1.2V SO-DIMM 9 | - Max Memory Size (dependent on memory type) 64GB 10 | - Thunderbolt Ports 11 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-togglespecial.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Move window to special workspace or restore 4 | id="$(hyprctl activewindow -j | jq -r .workspace.id)" 5 | if ((id < 0)); then 6 | hyprctl dispatch movetoworkspace e+0 7 | else 8 | hyprctl dispatch movetoworkspacesilent special 9 | fi 10 | -------------------------------------------------------------------------------- /packages/docker-nvidia-smi.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | name = "docker-nvidia-smi"; 8 | path = [pkgs.docker]; 9 | text = 10 | # bash 11 | '' 12 | docker run --rm --device=nvidia.com/gpu=all nvidia/cuda:12.5.0-base-ubuntu22.04 nvidia-smi 13 | ''; 14 | } 15 | -------------------------------------------------------------------------------- /lib/nixosModules.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: let 2 | pathAttrs = path: 3 | inputs.blueprint.lib.importDir path 4 | (inputs.nixpkgs.lib.mapAttrs (_name: {path, ...}: path)); 5 | in { 6 | default = ../modules/nixos/default; 7 | desktop = pathAttrs ../modules/nixos/desktop; 8 | hardware = pathAttrs ../modules/nixos/hardware; 9 | } 10 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/fullscreen.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | wayland.windowManager.hyprland.settings = { 3 | bind = [ 4 | "super, f, fullscreen, 1" # (focus) 5 | "super+alt, f, fullscreen, 0" # (full) 6 | ]; 7 | bindo = [ 8 | "super, f, fullscreen, 0" # (full on longpress) 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/home/default/configs/networking.nix: -------------------------------------------------------------------------------- 1 | { 2 | osConfig, 3 | lib, 4 | ... 5 | }: { 6 | options.networking = lib.mkOption { 7 | type = lib.types.anything; 8 | default = { 9 | inherit 10 | (osConfig.networking) 11 | address 12 | domain 13 | hostName 14 | ; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/nixos/default/options/earlyoom.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | services.earlyoom = { 3 | freeSwapThreshold = 10; # % default 4 | freeMemThreshold = 10; # % default 5 | extraArgs = [ 6 | "-g" 7 | # "--avoid '^(Hyprland|kitty)$'" 8 | # "--prefer '^(chromium|firefox|electron|libreoffice|gimp)$'" 9 | ]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-togglegrouporkill.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Disperse group (if exists) else kill window 4 | grouped_windows_count="$(hyprctl activewindow -j | jq '.grouped | length')" 5 | if ((grouped_windows_count > 1)); then 6 | hyprctl dispatch togglegroup 7 | else 8 | hyprctl dispatch killactive 9 | fi 10 | -------------------------------------------------------------------------------- /hosts/hub/README.md: -------------------------------------------------------------------------------- 1 | # hub 2 | 3 | Intel NUC Kit D34010WYK1, Mini HDMI, Mini DisplayPort, USB 3.0, 4th Gen Intel 4 | Core i3-4010U 5 | 6 | - 4th Generation Intel Core i3-4010U 1.70 GHz processor 7 | - 2 x SO-DIMM Slots supports up to 16GB 1333/1600 MHz DDR3L Memory 8 | - Intel HD Graphics 4400 9 | - mini HDMI 1.4a with audio support Mini DisplayPort 1.2 10 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/services.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | services.blocky.enable = lib.mkDefault true; 3 | services.earlyoom.enable = lib.mkDefault true; 4 | services.keyd.enable = lib.mkDefault true; 5 | services.tailscale.enable = lib.mkDefault true; 6 | services.traefik.enable = lib.mkDefault true; 7 | services.whoami.enable = lib.mkDefault true; 8 | } 9 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/options/dolphin-emu.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | flake, 6 | ... 7 | }: { 8 | # https://github.com/dolphin-emu/dolphin/blob/master/Data/51-usb-device.rules 9 | config = lib.mkIf (flake.lib.anyUser config (u: u.programs.dolphin-emu.enable)) { 10 | services.udev.packages = [pkgs.dolphin-emu]; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /packages/isy.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | flake, 5 | ... 6 | }: 7 | perSystem.self.mkScript { 8 | name = "isy"; 9 | path = [pkgs.adoptopenjdk-icedtea-web]; 10 | text = 11 | # bash 12 | '' 13 | # echo $ISY_BASIC_AUTH | base64 -d | cut -d':' -f2 | wl-copy 14 | javaws http://${flake.networking.zones.home.isy}/admin.jnlp 15 | ''; 16 | } 17 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-button.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Get first argument (if set), otherwise cat contents of /run/keyd/button 4 | btn="${1-$([[ -e /run/keyd/button ]] && cat /run/keyd/button)}" 5 | 6 | # Echo value of right, middle, or left (default) 7 | case "$btn" in 8 | right) echo right ;; 9 | middle) echo middle ;; 10 | *) echo left ;; 11 | esac 12 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-movewindoworgrouporactive.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | is_floating="$(hyprctl activewindow -j | jq -r .floating)" 3 | dir="${1-l}" # [l]eft [d]own [u]p [r]ight 4 | x="${2-0}" y="${3-0}" # distance to move window 5 | if [[ "$is_floating" == "true" ]]; then 6 | hyprctl dispatch moveactive $x $y 7 | else 8 | hyprctl dispatch movewindoworgroup $dir 9 | fi 10 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/desktop-entries.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | xdg.desktopEntries = { 3 | # GIMP 4 | "gimp-2.99" = { 5 | name = "GIMP"; 6 | icon = "org.gimp.GIMP"; 7 | noDisplay = true; 8 | }; 9 | 10 | # Sushi (Quick Look) 11 | "org.gnome.NautilusPreviewer" = { 12 | name = "Sushi"; 13 | icon = "image-viewer"; 14 | noDisplay = true; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/fit/users/jon.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | flake.homeModules.default 4 | flake.homeModules.desktop.hyprland 5 | flake.homeModules.users.jon 6 | ]; 7 | 8 | # Hyprland on AMD desktop 9 | wayland.windowManager.hyprland = { 10 | settings.exec-once = ["freetube" "zwift"]; 11 | enablePlugins = false; # set false if plugins barf errors 12 | }; 13 | 14 | programs.zwift.enable = true; # fitness 15 | } 16 | -------------------------------------------------------------------------------- /modules/home/users/ness/storage.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | home.directories = { 3 | XDG_DESKTOP_DIR.persist = "storage"; 4 | XDG_DOWNLOAD_DIR.persist = "scratch"; 5 | XDG_DOCUMENTS_DIR.persist = "storage"; 6 | XDG_MUSIC_DIR.persist = "storage"; 7 | XDG_PICTURES_DIR.persist = "storage"; 8 | XDG_VIDEOS_DIR.persist = "storage"; 9 | XDG_PUBLICSHARE_DIR.enable = false; 10 | XDG_TEMPLATES_DIR.enable = false; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /packages/sshed/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | name = "sshed"; 8 | path = [ 9 | perSystem.self.agenix 10 | perSystem.self.derive 11 | perSystem.self.ipaddr 12 | pkgs.git 13 | pkgs.gnugrep 14 | pkgs.gum 15 | pkgs.inetutils 16 | pkgs.iptables 17 | pkgs.netcat 18 | ]; 19 | 20 | # Bash script 21 | text = builtins.readFile ./sshed.sh; 22 | } 23 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/nixpkgs.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | # Default to x86 linux 3 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 4 | 5 | # Accept agreements for unfree software 6 | nixpkgs.config = { 7 | allowUnfree = true; 8 | nvidia.acceptLicense = true; 9 | }; 10 | 11 | # Temporary workaround 12 | nixpkgs.config.permittedInsecurePackages = [ 13 | "mbedtls-2.28.10" 14 | "python3.12-ecdsa-0.19.1" 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/options/steam.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | flake, 5 | ... 6 | }: let 7 | inherit (lib) mkIf; 8 | enable = flake.lib.anyUser config (user: user.programs.steam.enable); 9 | in { 10 | config = mkIf enable { 11 | programs.steam = { 12 | enable = true; 13 | remotePlay.openFirewall = true; 14 | dedicatedServer.openFirewall = true; 15 | gamescopeSession.enable = true; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /zones/home/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Home network: Unifi Controller 3 | logos = "10.1.0.1"; # USG 3P 4 | ethos = "10.1.0.2"; # US 8 150W 5 | pathos = "10.1.0.3"; # nanoHD 6 | hub = "10.1.0.4"; 7 | lux = "10.1.0.5"; 8 | kit = "10.1.0.6"; 9 | fit = "10.1.0.7"; 10 | isy = "10.1.0.8"; 11 | bub = "10.1.0.9"; 12 | cog = "10.1.0.20"; 13 | cog-eth = "10.1.0.21"; 14 | wit = "10.1.0.22"; 15 | phone = "10.1.0.30"; 16 | printer = "10.1.0.50"; 17 | } 18 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/shotcut.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.shotcut; 8 | inherit (lib) mkIf; 9 | in { 10 | options.programs.shotcut = { 11 | enable = lib.options.mkEnableOption "Shotcut"; 12 | }; 13 | config = mkIf cfg.enable { 14 | home.packages = [pkgs.shotcut pkgs.ffmpeg]; 15 | persist.storage.directories = [".config/Meltytech" ".local/share/Meltytech"]; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-togglegrouporlock.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # count number in group 4 | grouped_windows_count="$(hyprctl activewindow -j | jq '.grouped | length')" 5 | 6 | # if a group of 2 or more windows, toggle group lock 7 | if ((grouped_windows_count > 1)); then 8 | hyprctl dispatch lockactivegroup toggle 9 | 10 | # if a group of 1 (or not a group at all) toggle group status 11 | else 12 | hyprctl dispatch togglegroup 13 | fi 14 | -------------------------------------------------------------------------------- /modules/home/default/options/zoxide.nix: -------------------------------------------------------------------------------- 1 | # programs.zoxide.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.zoxide; 9 | inherit (lib) mkIf; 10 | in { 11 | config = mkIf cfg.enable { 12 | programs.zoxide = { 13 | enableBashIntegration = true; 14 | enableZshIntegration = true; 15 | package = pkgs.zoxide; 16 | }; 17 | 18 | persist.storage.directories = [".local/share/zoxide"]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/cursors.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.wayland.windowManager.hyprland; 8 | in { 9 | wayland.windowManager.hyprland = lib.mkIf cfg.enablePlugins { 10 | plugins = [pkgs.unstable.hyprlandPlugins.hypr-dynamic-cursors]; 11 | settings = { 12 | "plugin:dynamic-cursors" = { 13 | ignore_warps = false; 14 | }; 15 | }; 16 | }; 17 | home.packages = [pkgs.hyprcursor]; 18 | } 19 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/disko.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | flake, 5 | ... 6 | }: { 7 | imports = [ 8 | flake.inputs.disko.nixosModules.disko 9 | ]; 10 | 11 | # Allow disk override using disko cli, default to all disks 12 | # disko disk-configuration.nix -m destroy,format,mount --arg disks '["ssd1"]' 13 | _module.args.disks = []; 14 | 15 | environment.systemPackages = [ 16 | perSystem.disko.default 17 | pkgs.nixos-anywhere 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /zones/tail/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | # VPN: Tailscale 3 | cog = "100.99.91.44"; 4 | eve = "100.69.75.29"; 5 | fit = "100.122.127.88"; 6 | hub = "100.97.117.105"; 7 | kit = "100.67.76.42"; 8 | lux = "100.90.63.125"; 9 | sol = "100.69.160.76"; 10 | wit = "100.76.94.96"; 11 | phone = "100.73.89.6"; 12 | gemini = "100.92.80.11"; 13 | agate = "100.119.189.110"; 14 | bub = "100.93.245.77"; 15 | sim = "100.103.157.55"; 16 | } 17 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/swaylock.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | programs.swaylock = { 3 | enable = true; 4 | settings = { 5 | color = lib.mkDefault "000000"; 6 | font = lib.mkDefault "monospace"; 7 | line-color = lib.mkDefault "000000"; 8 | ring-color = lib.mkDefault "ffffff70"; 9 | indicator-radius = 150; 10 | indicator-thickness = 30; 11 | show-failed-attempts = true; 12 | ignore-empty-password = true; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /packages/derive/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | name = "derive"; 8 | path = [ 9 | (pkgs.python3.withPackages (ps: [ps.cryptography])) 10 | pkgs.age 11 | pkgs.gnugrep 12 | pkgs.openssh 13 | pkgs.ssh-to-age 14 | ]; 15 | 16 | # Paths to python scripts 17 | env = { 18 | path_to_hex_py = ./hex.py; 19 | path_to_ssh_py = ./ssh.py; 20 | }; 21 | 22 | # Bash script 23 | text = builtins.readFile ./derive.sh; 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/default/options/desktop.nix: -------------------------------------------------------------------------------- 1 | # This option is set true by homeModules.desktop.default 2 | # desktop.enable = true; 3 | # 4 | # Can be used elsewhere to set config exclusively on desktop 5 | # programs = config.desktop { foo.bar = []; }; 6 | {lib, ...}: { 7 | options.desktop = lib.mkOption { 8 | type = lib.types.anything; 9 | }; 10 | config.desktop = { 11 | enable = lib.mkDefault false; 12 | __functor = self: attrs: 13 | if self.enable 14 | then attrs 15 | else {}; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-tileorsplit.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | toggle_or_swap="${1:-toggle}" # toggle/swap 3 | addr="$(hyprctl activewindow -j | jq -r .address)" 4 | is_floating="$(hyprctl activewindow -j | jq -r .floating)" 5 | 6 | # If already tiled, togglesplit or swapsplit 7 | if [[ "$is_floating" != "true" ]]; then 8 | hyprctl dispatch "${toggle_or_swap}split" 9 | 10 | # Else, set tiled 11 | else 12 | hyprctl --batch "dispatch settiled address:$addr ; dispatch focuswindow address:$addr" 13 | fi 14 | -------------------------------------------------------------------------------- /modules/nixos/default/options/desktop.nix: -------------------------------------------------------------------------------- 1 | # This option is set true by nixosModules.desktop.default 2 | # desktop.enable = true; 3 | # 4 | # Can be used elsewhere to set config exclusively on desktop 5 | # programs = config.desktop { foo.bar = []; }; 6 | {lib, ...}: { 7 | options.desktop = lib.mkOption { 8 | type = lib.types.anything; 9 | }; 10 | config.desktop = { 11 | enable = lib.mkDefault false; 12 | __functor = self: attrs: 13 | if self.enable 14 | then attrs 15 | else {}; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/home/default/configs/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | flake, 4 | ... 5 | }: { 6 | # Enable flakes and pipes 7 | xdg.configFile = { 8 | "nix/nix.conf".text = "experimental-features = nix-command flakes pipe-operators"; 9 | }; 10 | 11 | # Binary caches 12 | nix.settings = { 13 | substituters = lib.imap1 (index: key: flake.lib.cacheUrl index key) flake.caches; 14 | trusted-public-keys = flake.caches; 15 | }; 16 | 17 | # Bounce user services when switching 18 | systemd.user.startServices = "sd-switch"; 19 | } 20 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/special.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | wayland.windowManager.hyprland.settings = { 3 | bind = [ 4 | # Super+p to toggle visibility of floating windows on each workspace 5 | "super, p, exec, hypr-togglefullscreenorhidden" 6 | 7 | # Toggle special workspace 8 | "super, escape, togglespecialworkspace" 9 | 10 | # Minimize windows (send to special workspace) and restore 11 | "super+alt, escape, exec, hypr-togglespecial" # movetoworkspacesilent special 12 | ]; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/groups.nix: -------------------------------------------------------------------------------- 1 | # GIDs 900-909 are custom shared groups in my flake 2 | # UID/GIDs 910-999 are custom system users/groups in my flake 3 | {config, ...}: { 4 | # Create secrets group 5 | ids.gids.secrets = 900; 6 | users.groups.secrets.gid = config.ids.gids.secrets; 7 | 8 | # Create media group 9 | ids.gids.media = 901; 10 | users.groups.media.gid = config.ids.gids.media; 11 | 12 | # Create photos group 13 | ids.gids.photos = 902; 14 | users.groups.photos.gid = config.ids.gids.photos; 15 | } 16 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/davinci-resolve/davinci-resolve-export.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Check if input file is provided 4 | if [ -z "${1-}" ]; then 5 | echo "Usage: $0 " 6 | exit 1 7 | fi 8 | 9 | file="$1" 10 | output="${file%.*}-final.mp4" 11 | 12 | echo "Converting $file to H.264 (x264) with AAC audio as $output" 13 | 14 | # Convert to x264 video codec and AAC audio codec 15 | ffmpeg -i "$file" -c:v libx264 -crf 23 -preset medium -c:a aac -b:a 192k "$output" 16 | 17 | echo "Finished conversion: $output" 18 | -------------------------------------------------------------------------------- /modules/home/users/jon/accounts/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | flake, 5 | ... 6 | }: { 7 | # yes | vdirsyncer discover 8 | # vdirsyncer sync 9 | # vdirsyncer discover calendar_calendars 10 | # vdirsyncer discover contacts_contacts 11 | imports = flake.lib.ls ./.; 12 | config = lib.mkIf config.accounts.enable { 13 | # Passwords for accounts 14 | age.secrets.fastmail.rekeyFile = ./password-fastmail.age; 15 | age.secrets.gmail.rekeyFile = ./password-gmail.age; 16 | age.secrets.icloud.rekeyFile = ./password-icloud.age; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/firefox.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | nixpkgs.overlays = [ 3 | (_final: prev: { 4 | # Enable policies and import personal Certificate Authority 5 | firefox = prev.firefox.override { 6 | extraPolicies = { 7 | DontCheckDefaultBrowser = true; 8 | DisablePocket = true; 9 | DisableFirefoxStudies = true; 10 | Certificates = { 11 | ImportEnterpriseRoots = true; 12 | Install = [flake.networking.ca]; 13 | }; 14 | }; 15 | }; 16 | }) 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /packages/agenix/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | flake, 5 | ... 6 | }: 7 | perSystem.self.mkScript { 8 | name = "agenix"; # Use same name as existing agenix command we're extending 9 | path = [ 10 | perSystem.agenix-rekey.default # agenix command to extend 11 | perSystem.self.derive 12 | perSystem.self.qr 13 | pkgs.age 14 | pkgs.git 15 | pkgs.gum 16 | ]; 17 | 18 | # Derivation index for hex 19 | env.derivation_index = toString flake.derivationIndex; 20 | 21 | # Bash script 22 | text = builtins.readFile ./agenix.sh; 23 | } 24 | -------------------------------------------------------------------------------- /packages/mpd-url.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | # add URL streams to mpd using yt-dlp 8 | # https://github.com/suderman/mpd-url 9 | name = "mpd-url"; 10 | path = with pkgs; [curl gawk jq mpc netcat-gnu yt-dlp]; 11 | text = let 12 | repo = pkgs.fetchFromGitHub { 13 | owner = "suderman"; 14 | repo = "mpd-url"; 15 | rev = "09200dd2dbc3d51312cbf5881efc00678dce9a11"; 16 | sha256 = "sha256-Wcl+wenrdkGOcjwFEmhCIVHIoZs97oMOrJzP1fbxtUE="; 17 | }; 18 | in 19 | builtins.readFile "${repo}/mpd-url"; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/design.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | audacity 4 | imagemagick # animate compare composite conjure convert display identify import magick magick-script mogrify montage stream 5 | inkscape-with-extensions 6 | ]; 7 | 8 | programs.gimp.enable = true; 9 | 10 | programs.obs-studio = with pkgs; { 11 | enable = true; 12 | package = obs-studio; 13 | plugins = with obs-studio-plugins; [ 14 | # droidcam-obs 15 | # obs-backgroundremoval 16 | obs-pipewire-audio-capture 17 | # wlrobs 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/keyd.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | services.keyd = { 3 | enable = true; 4 | systemdTarget = config.wayland.systemd.target; 5 | windows = { 6 | "*" = { 7 | # Map meta a/z to ctrl a/z 8 | "super.a" = "C-a"; 9 | "super.z" = "C-z"; 10 | 11 | # Quick access to escape key 12 | "j+k" = "esc"; 13 | 14 | # # Media keys 15 | # "alt.a" = "volumedown"; 16 | # "alt.s" = "volumeup"; 17 | # "alt.d" = "mute"; 18 | # "alt.space" = "playpause"; 19 | }; 20 | }; 21 | layers = {}; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/rii.nix: -------------------------------------------------------------------------------- 1 | # Rii Bluetooth Keyboard with Touchpad 2 | # https://www.amazon.ca/gp/product/B081CTNB5W/ 3 | { 4 | ids = ["1997:2466"]; 5 | settings = 6 | { 7 | main = { 8 | # Use tab as custom modifier 9 | tab = "overloadt2(nav, tab, 200)"; 10 | 11 | # Assign super to leftalt key 12 | leftalt = "layer(super)"; 13 | 14 | # Assign alt to compose key 15 | compose = "layer(alt)"; 16 | 17 | # Assign super to homepage key 18 | homepage = "layer(super)"; 19 | }; 20 | } 21 | // import ./all.nix; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/iso/downloader.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | # Ensure root 5 | if [[ "$(id -u)" != "0" ]]; then 6 | echo "Must run this script as root" 7 | exit 1 8 | fi 9 | 10 | # URL to this repo on Github 11 | url="https://github.com/suderman/nixos" 12 | 13 | # On first run, clone repo to /etc/nixos 14 | if [ ! -d "/etc/nixos/.git" ]; then 15 | rm -rf /etc/nixos 16 | git clone "$url" /etc/nixos 17 | cd /etc/nixos 18 | 19 | # Else git pull for the latest 20 | else 21 | cd /etc/nixos 22 | git pull 23 | fi 24 | 25 | # Run the installer script in this repo 26 | bash /etc/nixos/hosts/iso/installer.sh 27 | -------------------------------------------------------------------------------- /modules/home/default/options/direnv.nix: -------------------------------------------------------------------------------- 1 | # programs.direnv.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.programs.direnv; 8 | inherit (lib) mkDefault mkIf; 9 | in { 10 | config = mkIf cfg.enable { 11 | programs.direnv = { 12 | nix-direnv.enable = mkDefault true; 13 | config = { 14 | global.load_dotenv = true; 15 | global.strict_env = true; 16 | whitelist.prefix = [ 17 | "/etc/nixos" 18 | "${config.home.homeDirectory}/Code" 19 | "${config.home.homeDirectory}/Work" 20 | ]; 21 | }; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/supertab.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | wayland.windowManager.hyprland.settings = { 3 | bind = [ 4 | # Navigation windows with super tab 5 | "super, tab, exec, hypr-supertab" 6 | "super+alt, tab, exec, hypr-supertab next" 7 | "super+shift, tab, exec, hypr-supertab prev" 8 | 9 | # Toggle marked window 10 | "super, m, exec, hypr-supertab mark" 11 | ]; 12 | 13 | bindo = [ 14 | # Clear all marked windows 15 | "super, m, exec, hypr-supertab clear" 16 | ]; 17 | 18 | windowrule = [ 19 | "bordersize 1, tag:mark" 20 | ]; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/home/default/configs/nix-index.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | flake, 4 | ... 5 | }: { 6 | imports = [ 7 | flake.inputs.nix-index-database.homeModules.nix-index 8 | ]; 9 | 10 | # Prepare nix-index module with weekly updated database and comma integration 11 | programs = let 12 | inherit (lib) mkDefault; 13 | in { 14 | nix-index-database.comma.enable = mkDefault true; 15 | nix-index.enableBashIntegration = mkDefault false; 16 | nix-index.enableZshIntegration = mkDefault false; 17 | nix-index.enableFishIntegration = mkDefault false; 18 | command-not-found.enable = mkDefault false; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/nix-index.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | flake, 4 | ... 5 | }: { 6 | imports = [ 7 | flake.inputs.nix-index-database.nixosModules.nix-index 8 | ]; 9 | 10 | # Prepare nix-index module with weekly updated database and comma integration 11 | programs = let 12 | inherit (lib) mkDefault; 13 | in { 14 | nix-index-database.comma.enable = mkDefault true; 15 | nix-index.enableBashIntegration = mkDefault false; 16 | nix-index.enableZshIntegration = mkDefault false; 17 | nix-index.enableFishIntegration = mkDefault false; 18 | command-not-found.enable = mkDefault false; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/programs.nix: -------------------------------------------------------------------------------- 1 | # Programs and packages required by my Hyprland 2 | {pkgs, ...}: { 3 | # Check modules directory for extra configuration 4 | programs = { 5 | bluetuith.enable = true; # bluetooth tui 6 | cava.enable = true; # audio visualizer 7 | }; 8 | 9 | # Add these to my path 10 | home.packages = with pkgs; [ 11 | brightnessctl 12 | 13 | unstable.wiremix # sound control 14 | font-awesome # icon font 15 | jetbrains-mono # mono font 16 | 17 | nemo-with-extensions # file manager gui 18 | junction # browser chooser 19 | 20 | # quickemu # virtual machines 21 | ]; 22 | } 23 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/configs/programs.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [ 3 | desktop-file-utils # desktop-file-edit desktop-file-install desktop-file-validate update-desktop-database 4 | hicolor-icon-theme # fallback icon theme 5 | shared-mime-info # update-mime-database 6 | wl-clipboard # wl-copy wl-paste 7 | xdg-user-dirs # xdg-user-dir xdg-user-dirs-update 8 | xdg-utils # xdg-desktop-icon xdg-desktop-menu xdg-email xdg-icon-resource xdg-mime xdg-open xdg-screensaver xdg-settings xdg-terminal 9 | ]; 10 | 11 | # AirDrop alternative 12 | programs.localsend.enable = true; 13 | } 14 | -------------------------------------------------------------------------------- /modules/home/users/jon/git.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | programs.git = { 3 | enable = true; 4 | settings.user = { 5 | name = "Jon Suderman"; 6 | email = "jon@suderman.net"; 7 | }; 8 | }; 9 | age.secrets.git-credentials.rekeyFile = ./git-credentials.age; 10 | tmpfiles.files = [ 11 | { 12 | target = ".git-credentials"; 13 | source = config.age.secrets.git-credentials.path; 14 | mode = 600; 15 | } 16 | ]; 17 | # home.activation.git-credentials = lib.hm.dag.entryAfter ["linkGeneration"] '' 18 | # cat ${config.age.secrets.git-credentials.path} >${config.home.homeDirectory}/.git-credentials 19 | # ''; 20 | } 21 | -------------------------------------------------------------------------------- /modules/home/users/jon/mine.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | perSystem, 5 | ... 6 | }: let 7 | inherit (perSystem.self) mkScript; 8 | inherit (config.networking) hostName; 9 | 10 | xmrigd = mkScript { 11 | name = "xmrigd"; 12 | inputs = [pkgs.xmrig]; 13 | # source ${config.age.secrets.btc-env.path} 14 | text = '' 15 | export MINER_USER="BTC:''${MINER_ADD}.${hostName}#''${MINER_REF}" 16 | xmrig --url=rx.unmineable.com:3333 --algo=rx --keepalive --user="''${MINER_USER}" --pass=x --cpu-max-threads-hint="''${1:-100}" 17 | ''; 18 | }; 19 | in { 20 | home.packages = with pkgs; [ 21 | xmrig 22 | xmrigd 23 | ]; 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/productivity.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | programs = { 7 | onepassword.enable = lib.mkDefault true; 8 | gmail.enable = lib.mkDefault true; 9 | google-calendar.enable = lib.mkDefault true; 10 | google-meet.enable = lib.mkDefault true; 11 | google-analytics.enable = lib.mkDefault true; 12 | harvest.enable = lib.mkDefault true; 13 | asana.enable = lib.mkDefault true; 14 | }; 15 | 16 | home.packages = with pkgs; [ 17 | lapce # text editor 18 | libreoffice # office suite (writing, spreadsheets, etc) 19 | neovide # text editor 20 | qalculate-gtk # calculator 21 | ]; 22 | } 23 | -------------------------------------------------------------------------------- /modules/home/users/jon/programs.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | # Personal browser extensions 3 | programs = config.desktop { 4 | chromium.externalExtensions = { 5 | inherit 6 | (config.programs.chromium.registry) 7 | auto-tab-discard-suspend 8 | dark-reader 9 | fake-data 10 | floccus-bookmarks-sync 11 | i-still-dont-care-about-cookies 12 | one-password 13 | return-youtube-dislike 14 | sponsorblock 15 | ublock-origin 16 | ; 17 | }; 18 | }; 19 | 20 | # Pixel Buds Pro 21 | sound.extraSinks = [ 22 | "bluez_output.AC_3E_B1_9F_43_35.1" 23 | "bluez_output.10_D9_A2_4C_BB_F7.1" 24 | ]; 25 | } 26 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/configs/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts.packages = with pkgs; [ 3 | nerd-fonts.fira-code 4 | nerd-fonts.jetbrains-mono 5 | nerd-fonts.monofur 6 | nerd-fonts.symbols-only 7 | 8 | # serif & sans-serif 9 | cantarell-fonts 10 | dejavu_fonts 11 | eb-garamond 12 | fira-sans 13 | liberation_ttf 14 | merriweather 15 | montserrat 16 | noto-fonts 17 | open-sans 18 | roboto 19 | source-sans-pro 20 | 21 | # emoji & symbols 22 | noto-fonts-color-emoji 23 | openmoji-black 24 | openmoji-color 25 | # symbola 26 | twemoji-color-font 27 | twitter-color-emoji 28 | # joypixels 29 | ]; 30 | } 31 | -------------------------------------------------------------------------------- /packages/wrapWithFlags.nix: -------------------------------------------------------------------------------- 1 | # perSystem.self.wrapWithFlags {} 2 | {pkgs, ...}: { 3 | package ? pkgs.hello, 4 | flags ? [], 5 | name ? null, 6 | }: let 7 | inherit (pkgs) lib makeWrapper symlinkJoin; 8 | inherit (lib) concatStringsSep getName; 9 | 10 | binName = 11 | if name != null 12 | then name 13 | else if package.meta ? mainProgram 14 | then package.meta.mainProgram 15 | else getName package; 16 | in 17 | symlinkJoin { 18 | name = "${binName}-wrapped"; 19 | paths = [package]; 20 | buildInputs = [makeWrapper]; 21 | postBuild = '' 22 | wrapProgram $out/bin/${binName} \ 23 | --add-flags "${concatStringsSep " " flags}" 24 | ''; 25 | } 26 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | perSystem, 5 | ... 6 | }: let 7 | scripts = with builtins; 8 | attrNames ( 9 | lib.filterAttrs 10 | (n: v: v == "regular" && lib.hasSuffix ".sh" n) 11 | (readDir ./.) 12 | ); 13 | 14 | path = with pkgs; [ 15 | gawk 16 | gnugrep 17 | gnused 18 | hyprpicker 19 | jq 20 | libnotify 21 | socat 22 | wl-clipboard 23 | ]; 24 | in { 25 | home.packages = 26 | map (name: ( 27 | perSystem.self.mkScript { 28 | inherit path; 29 | name = lib.removeSuffix ".sh" name; 30 | text = ./${name}; 31 | } 32 | )) 33 | scripts; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/wit/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | flake, 4 | ... 5 | }: { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ./disk-configuration.nix 9 | flake.inputs.hardware.nixosModules.lenovo-thinkpad-t480s 10 | flake.nixosModules.default 11 | flake.nixosModules.desktop.gnome 12 | ]; 13 | 14 | # Boot with good ol' grub 15 | boot.loader = { 16 | grub.enable = true; 17 | grub.efiSupport = true; 18 | grub.efiInstallAsRemovable = true; 19 | }; 20 | 21 | # Mobile computing 22 | networking.domain = "tail"; 23 | 24 | # Snapshots and backups 25 | services.btrbk.volumes = { 26 | "/mnt/main" = ["ssh://fit/mnt/pool/backups/${config.networking.hostName}"]; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/nixos/default/options/tautulli.nix: -------------------------------------------------------------------------------- 1 | # services.tautulli.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.services.tautulli; 8 | inherit (lib) mkIf mkOption types; 9 | in { 10 | options.services.tautulli = { 11 | name = mkOption { 12 | type = types.str; 13 | default = "tautulli"; 14 | }; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | services.tautulli = { 19 | user = "plexpy"; 20 | group = "nogroup"; 21 | port = cfg.port; 22 | openFirewall = true; 23 | }; 24 | 25 | services.traefik = { 26 | enable = true; 27 | proxy.${cfg.name} = "http://127.0.0.1:${toString cfg.port}"; # 8181 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/home/users/jon/services.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | # Custom user service 7 | systemd.user.services.foobar-hm = { 8 | Unit = { 9 | Description = "Foobar Home-Manager"; 10 | After = ["graphical-session.target"]; 11 | Requires = ["graphical-session.target"]; 12 | }; 13 | Install.WantedBy = ["default.target"]; 14 | Service = { 15 | Type = "oneshot"; 16 | RemainAfterExit = "yes"; 17 | Environment = ''"FOO=bar"''; 18 | ExecStart = with pkgs; 19 | writeShellScript "foobar-hm" '' 20 | PATH=${lib.makeBinPath [coreutils]} 21 | touch /tmp/foobar-hm.txt 22 | date >>/tmp/foobar-hm.txt 23 | ''; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/dolphin-emu.nix: -------------------------------------------------------------------------------- 1 | # config.programs.dolphin-emu.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.steam; 9 | inherit (lib) mkIf options; 10 | in { 11 | options.programs.dolphin-emu.enable = options.mkEnableOption "dolphin-emu"; 12 | config = mkIf cfg.enable { 13 | home.packages = [pkgs.dolphin-emu]; 14 | persist.storage.directories = [ 15 | ".config/dolphin-emu" # global settings, controller configs, paths 16 | ".local/share/dolphin-emu" # memory cards, save states, NAND/Wii data 17 | ]; 18 | persist.scratch.directories = [ 19 | ".cache/dolphin-emu" # shader cache; rebuildable, but avoids stutter 20 | ]; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/sinks.nix: -------------------------------------------------------------------------------- 1 | # sinks 2 | { 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.rofi; 8 | in { 9 | home.packages = [ 10 | (pkgs.self.mkScript { 11 | name = "sinks"; 12 | text = toString [ 13 | "rofi-toggle" 14 | "-show sinks" 15 | "${toString cfg.args}" 16 | ]; 17 | }) 18 | ]; 19 | 20 | programs.rofi = { 21 | mode.slot5 = "sinks:rofi-sinks"; 22 | rasiConfig = [''sinks { display-name: "󰕾"; }'']; 23 | }; 24 | 25 | wayland.windowManager.hyprland.settings = { 26 | bind = [", XF86AudioMedia, exec, sinks"]; 27 | bindsn = [ 28 | "super_l, a&s, exec, sinks" 29 | "super_r, a&s, exec, sinks" 30 | ]; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/nixos/hardware/vm.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | config = { 11 | boot = { 12 | kernelParams = ["console=ttyS0" "console=tty1" "boot.shell_on_fail"]; 13 | kernelPackages = pkgs.linuxPackages_latest; 14 | initrd.kernelModules = ["virtio_pci"]; 15 | loader = { 16 | grub.enable = true; # Enable GRUB instead of systemd-boot 17 | systemd-boot.enable = false; # Disable systemd-boot 18 | efi.canTouchEfiVariables = false; # No UEFI support needed for legacy BIOS boot 19 | }; 20 | }; 21 | 22 | services.qemuGuest.enable = true; 23 | services.openssh.enable = true; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-togglefloating.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Save active window address 4 | addr="$(hyprctl activewindow -j | jq -r .address)" 5 | 6 | # Toggle floating and get status 7 | hyprctl --batch "dispatch togglefloating address:$addr ; dispatch focuswindow address:$addr" 8 | 9 | # If window is now floating (wasn't before), resize and centre 10 | if [[ "$(hyprctl activewindow -j | jq -r .floating)" = "true" ]]; then 11 | # Rseize & center if window's x/y position is offscreen (or even exactly on the edge) 12 | read -r x y < <(hyprctl activewindow -j | jq -r '.at | "\(.[0]) \(.[1])"') 13 | if ((x <= 0 || y < 55)); then 14 | hyprctl --batch "dispatch resizeactive exact 50% 50% ; dispatch centerwindow 1" 15 | fi 16 | fi 17 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/w3.nix: -------------------------------------------------------------------------------- 1 | # WeChip W3 Air Mouse 2 | # https://www.amazon.ca/gp/product/B081CTNB5W/ 3 | { 4 | ids = ["25a7:0124"]; 5 | settings = 6 | { 7 | main = { 8 | # Assign tab to capslock key, and use as custom modifier 9 | capslock = "overloadt2(nav, tab, 200)"; 10 | 11 | # Assign super to leftalt key 12 | leftalt = "layer(super)"; 13 | 14 | # Assign alt to compose key 15 | compose = "layer(alt)"; 16 | 17 | # Homepage/back button 18 | # Short press is super (default is back), long press is oneshot super (default is homepage) 19 | back = "layer(super)"; 20 | homepage = "oneshot(super)"; 21 | }; 22 | } 23 | // import ./all.nix; 24 | } 25 | -------------------------------------------------------------------------------- /modules/home/default/configs/neovim.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home = { 3 | packages = [ 4 | # Personal neovim configuration 5 | # https://github.com/NotAShelf/nvf 6 | pkgs.nvf 7 | 8 | # Also create wrapper for nvf with expected name nvim 9 | (pkgs.self.mkScript { 10 | name = "nvim"; 11 | text = ''exec ${pkgs.nvf}/bin/nvf "$@"''; 12 | }) 13 | ]; 14 | 15 | sessionVariables.EDITOR = "nvim"; 16 | 17 | shellAliases = { 18 | v = "nvim"; 19 | vi = "nvim"; 20 | vim = "nvim"; 21 | vimdiff = "nvim -d"; 22 | diff = "nvim -d"; 23 | nvim_ = "${pkgs.neovim}/bin/nvim"; # access to classic neovim 24 | vim_ = "${pkgs.vim}/bin/vim"; # access to classic vim 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/home/default/options/sound.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.sound; 7 | in { 8 | options.sound = { 9 | hiddenSinks = lib.mkOption { 10 | type = with lib.types; listOf str; 11 | default = []; 12 | description = "List of PulseAudio/PipeWire sink names to hide from menus."; 13 | }; 14 | extraSinks = lib.mkOption { 15 | type = with lib.types; listOf str; 16 | default = []; 17 | description = "List of sinks to always show, even if disconnected (e.g. Bluetooth devices)."; 18 | }; 19 | }; 20 | config.xdg.configFile = { 21 | "pulse/extra-sinks".text = lib.concatStringsSep "\n" cfg.extraSinks; 22 | "pulse/hidden-sinks".text = lib.concatStringsSep "\n" cfg.hiddenSinks; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/nixos/default/options/ntfy-sh.nix: -------------------------------------------------------------------------------- 1 | # services.ntfy-sh.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.services.ntfy-sh; 8 | inherit (lib) mkIf mkOption types; 9 | in { 10 | options.services.ntfy-sh = { 11 | name = mkOption { 12 | type = types.str; 13 | default = "ntfy"; 14 | }; 15 | }; 16 | 17 | config = mkIf cfg.enable { 18 | # Open firewall 19 | networking.firewall.allowedTCPPorts = [2586]; 20 | 21 | # Use reverse proxy 22 | services.ntfy-sh.settings = { 23 | base-url = "https://${cfg.name}.${config.networking.hostName}"; 24 | behind-proxy = true; 25 | }; 26 | 27 | # Create reverse proxy 28 | services.traefik.proxy.${cfg.name} = "http://127.0.0.1:2586"; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/slack.nix: -------------------------------------------------------------------------------- 1 | # programs.slack.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.slack; 9 | inherit (lib) mkIf; 10 | inherit (config.lib.keyd) mkClass; 11 | 12 | # Window class name 13 | class = "slack"; 14 | in { 15 | options.programs.slack = { 16 | enable = lib.options.mkEnableOption "slack"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | home.packages = [pkgs.slack]; 21 | 22 | # keyboard shortcuts 23 | services.keyd.windows."${mkClass class}" = {}; 24 | 25 | wayland.windowManager.hyprland.settings = { 26 | windowrule = []; 27 | }; 28 | 29 | # Persist reboots, skip backups 30 | persist.scratch.directories = [".config/Slack"]; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/neovim.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment = { 3 | systemPackages = [ 4 | # Personal neovim configuration 5 | # https://github.com/NotAShelf/nvf 6 | pkgs.nvf 7 | 8 | # Also create wrapper for nvf with expected name nvim 9 | (pkgs.self.mkScript { 10 | name = "nvim"; 11 | text = ''exec ${pkgs.nvf}/bin/nvf "$@"''; 12 | }) 13 | ]; 14 | 15 | sessionVariables.EDITOR = "nvim"; 16 | 17 | shellAliases = { 18 | v = "nvim"; 19 | vi = "nvim"; 20 | vim = "nvim"; 21 | vimdiff = "nvim -d"; 22 | diff = "nvim -d"; 23 | nvim_ = "${pkgs.neovim}/bin/nvim"; # access to classic neovim 24 | vim_ = "${pkgs.vim}/bin/vim"; # access to classic vim 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /packages/nixos/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | flake, 5 | ... 6 | }: 7 | perSystem.self.mkScript { 8 | name = "nixos"; 9 | path = [ 10 | perSystem.self.agenix 11 | perSystem.self.derive 12 | perSystem.self.ipaddr 13 | pkgs.age 14 | pkgs.alejandra 15 | pkgs.bat 16 | pkgs.git 17 | pkgs.gnugrep 18 | pkgs.gum 19 | pkgs.inetutils 20 | pkgs.iptables 21 | pkgs.netcat 22 | pkgs.openssh 23 | pkgs.passh 24 | # pkgs.qemu (install separately on desktop) 25 | ]; 26 | 27 | # Path to template files 28 | env.templates = ./templates; 29 | 30 | # Derivation path for key 31 | env.derivation_path = "bip85-hex32-index${toString flake.derivationIndex}"; 32 | 33 | # Bash script 34 | text = builtins.readFile ./nixos.sh; 35 | } 36 | -------------------------------------------------------------------------------- /modules/home/default/options/cava.nix: -------------------------------------------------------------------------------- 1 | # programs.cava.enable = true; 2 | {config, ...}: { 3 | programs.cava = { 4 | settings = { 5 | input = { 6 | method = "pulse"; 7 | source = "auto"; 8 | }; 9 | 10 | color = with config.lib.stylix.colors.withHashtag; { 11 | background = "'${base00}'"; 12 | gradient = 1; 13 | gradient_count = 8; 14 | gradient_color_1 = "'${base08}'"; 15 | gradient_color_2 = "'${base09}'"; 16 | gradient_color_3 = "'${base0A}'"; 17 | gradient_color_4 = "'${base0B}'"; 18 | gradient_color_5 = "'${base0C}'"; 19 | gradient_color_6 = "'${base0D}'"; 20 | gradient_color_7 = "'${base0E}'"; 21 | gradient_color_8 = "'${base0F}'"; 22 | }; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/nautilus.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | nautilus 4 | ]; 5 | 6 | # keyboard shortcuts 7 | services.keyd.windows = { 8 | org-gnome-nautilus = { 9 | "alt.enter" = "f2"; 10 | "alt.r" = "f2"; 11 | "super.r" = "f2"; 12 | "alt.i" = "C-i"; 13 | "alt.h" = "A-left"; 14 | "alt.j" = "A-down"; 15 | "alt.k" = "A-up"; 16 | "alt.l" = "A-left"; 17 | "super.t" = "C-t"; # new tab 18 | "super.n" = "C-n"; # new window 19 | "super.w" = "C-w"; # close tab 20 | "super+shift.n" = "C-S-n"; # new folder 21 | "super.[" = "C-pageup"; # prev tab 22 | "super.]" = "C-pagedown"; # next tab 23 | "super.c" = "C-c"; 24 | "super.x" = "C-x"; 25 | "super.v" = "C-v"; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/fit/configuration.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = [ 3 | ./hardware-configuration.nix 4 | ./disk-configuration.nix 5 | flake.nixosModules.hardware.radeon-rx-580 6 | flake.nixosModules.default 7 | flake.nixosModules.desktop.hyprland 8 | ]; 9 | 10 | # Boot with newfangled systemd-boot 11 | boot.loader = { 12 | systemd-boot.enable = true; 13 | systemd-boot.consoleMode = "max"; 14 | efi.canTouchEfiVariables = true; 15 | }; 16 | 17 | # Always at home in my gym 18 | networking.domain = "home"; 19 | 20 | # Remove undesired route 21 | services.tailscale.deleteRoute = "10.1.0.0/16"; 22 | 23 | # Bigger banana 24 | stylix.cursor.size = 46; 25 | 26 | # Snapshots and backups 27 | services.btrbk.volumes = { 28 | "/mnt/main" = []; 29 | "/mnt/pool" = []; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /modules/nixos/hardware/framework-11th-gen-intel.nix: -------------------------------------------------------------------------------- 1 | # Framework Laptop 13 2 | { 3 | config, 4 | lib, 5 | flake, 6 | ... 7 | }: { 8 | # https://github.com/NixOS/nixos-hardware/tree/master/framework/13-inch/11th-gen-intel 9 | imports = [flake.inputs.hardware.nixosModules.framework-11th-gen-intel]; 10 | 11 | # https://github.com/NixOS/nixos-hardware/blob/master/framework/13-inch/common/audio.nix 12 | hardware.framework.laptop13.audioEnhancement = { 13 | enable = lib.mkDefault false; 14 | rawDeviceName = lib.mkDefault "alsa_output.pci-0000_00_1f.3.analog-stereo"; 15 | }; 16 | 17 | # fwupdmgr update 18 | services.fwupd.enable = lib.mkDefault true; 19 | 20 | # Keyboard control 21 | services.keyd = { 22 | quirks = lib.mkDefault true; 23 | keyboard = config.services.keyd.internalKeyboards.framework; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/nixos/desktop/default/configs/codecs.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: let 2 | # OBS, MPV, HandBrake, Davinci Resolve, etc 3 | FFmpeg = with pkgs; [ 4 | ffmpeg-full # Full FFmpeg build with codec support 5 | libvpx # VP8/VP9 video codec 6 | x264 7 | x265 # H.264 / H.265 encoding 8 | dav1d # Fast AV1 decoder 9 | lame # MP3 encoding 10 | flac # FLAC audio codec 11 | ]; 12 | 13 | # GNOME media players, PipeWire, etc 14 | GStreamer = with pkgs.gst_all_1; [ 15 | gst-libav # FFmpeg-based codecs (H.264, AAC, MP3, etc.) 16 | gst-plugins-good # Commonly used codecs (FLAC, VP8, WebM, Matroska, etc.) 17 | gst-plugins-bad # Additional formats (DTS, WebRTC, etc.) 18 | gst-plugins-ugly # Proprietary codecs (MP3, MPEG-2, DVD playback, etc.) 19 | ]; 20 | in { 21 | environment.systemPackages = FFmpeg ++ GStreamer; 22 | } 23 | -------------------------------------------------------------------------------- /modules/home/default/options/ripgrep.nix: -------------------------------------------------------------------------------- 1 | # programs.ripgrep.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.ripgrep; 9 | inherit (lib) mkIf; 10 | in { 11 | config = mkIf cfg.enable { 12 | programs.ripgrep = { 13 | package = pkgs.ripgrep; 14 | arguments = [ 15 | "--max-columns=150" 16 | "--max-columns-preview" 17 | "--colors=line:style:bold" # pretty 18 | "--smart-case" 19 | "--hidden" # search hidden files/directories 20 | "--glob=!package-lock.json" 21 | "--glob=!node_modules/*" 22 | "--glob=!.git/*" 23 | "--glob=!yarn.lock" 24 | "--glob=!.yarn/*" 25 | "--glob=!dist/*" 26 | "--glob=!build/*" 27 | "--glob=!.cache/*" 28 | "--glob=!.vscode/*" 29 | ]; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/scripts/hypr-float.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | addr="$(hyprctl activewindow -j | jq -r .address)" 3 | is_floating="$(hyprctl activewindow -j | jq -r .floating)" 4 | is_pinned="$(hyprctl activewindow -j | jq -r .pinned)" 5 | 6 | # If already floating, keep floating. If also pinned, unpin 7 | if [[ "$is_floating" == "true" ]]; then 8 | [[ "$is_pinned" == "true" ]] && hyprctl dispatch pin 9 | 10 | # Float and focus 11 | else 12 | hyprctl --batch "dispatch setfloating address:$addr ; dispatch focuswindow address:$addr" 13 | 14 | # Resize & center if window's x/y position is offscreen (or even exactly on the edge) 15 | read -r x y < <(hyprctl activewindow -j | jq -r '.at | "\(.[0]) \(.[1])"') 16 | if ((x <= 0 || y < 55)); then 17 | hyprctl --batch "dispatch resizeactive exact 50% 50% ; dispatch centerwindow 1" 18 | fi 19 | fi 20 | -------------------------------------------------------------------------------- /lib/genAttrs.nix: -------------------------------------------------------------------------------- 1 | # Extend nixpkgs' genAttrs to first convert provided paths or attrs to a list 2 | { lib, flake, ... }: x: fn: let 3 | 4 | # Ensure string and strip .nix suffix from any entries 5 | fromList = list: map (name: lib.removeSuffix ".nix" (toString name)) list; 6 | 7 | # List of directory and filenames in given path 8 | fromPath = path: fromList ( flake.lib.ls { 9 | inherit path; asPath = false; dirsExcept = []; 10 | }); 11 | 12 | # List of attribute names in given attr set 13 | fromAttrs = attrs: fromList (builtins.attrNames attrs); 14 | 15 | inherit (builtins) isAttrs isPath isList; 16 | list = if (isPath x) then (fromPath x) 17 | else if (isList x) then (fromList x) 18 | else if (isAttrs x) then (fromAttrs x) 19 | else []; 20 | 21 | # Pass along modified list and provided function to nixpkgs's genAttrs 22 | in lib.genAttrs list fn 23 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/scripts/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.rofi; 8 | scripts = with builtins; 9 | attrNames ( 10 | lib.filterAttrs 11 | (n: v: v == "regular" && lib.hasSuffix ".sh" n) 12 | (readDir ./.) 13 | ); 14 | 15 | path = with pkgs; [ 16 | bluez # bluetoothctl 17 | cliphist # clipboard 18 | gawk # awk 19 | gettext # envsubst 20 | gnugrep # grep 21 | gnused # sed 22 | jq 23 | procps # pidof kill 24 | pulseaudio # pactl 25 | ]; 26 | in { 27 | config = lib.mkIf cfg.enable { 28 | home.packages = 29 | map (name: ( 30 | pkgs.self.mkScript { 31 | inherit path; 32 | name = lib.removeSuffix ".sh" name; 33 | text = ./${name}; 34 | } 35 | )) 36 | scripts; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/nvf/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | perSystem, 4 | ... 5 | }: { 6 | age.secrets.nvf = { 7 | rekeyFile = ./nvf.age; 8 | mode = "440"; 9 | group = "users"; 10 | }; 11 | nixpkgs.overlays = [ 12 | (_final: _prev: { 13 | nvf = ( 14 | perSystem.self.mkScript { 15 | name = "nvf"; 16 | text = 17 | # bash 18 | '' 19 | if [[ -f ${config.age.secrets.nvf.path} ]]; then 20 | while IFS='=' read -r key value; do 21 | if [[ -n "$key" && -z "''${!key-}" ]]; then 22 | export "$key"="$value" 23 | fi 24 | done <${config.age.secrets.nvf.path} 25 | fi 26 | exec ${perSystem.neovim.default}/bin/nvim "$@" 27 | ''; 28 | } 29 | ); 30 | }) 31 | ]; 32 | } 33 | -------------------------------------------------------------------------------- /modules/nixos/default/options/mysql.nix: -------------------------------------------------------------------------------- 1 | # services.mysql.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.services.mysql; 9 | admins = config.users.groups.wheel.members ++ ["root"]; 10 | inherit (lib) mkIf; 11 | in { 12 | config = mkIf cfg.enable { 13 | services.mysql = { 14 | user = "mysql"; 15 | group = "mysql"; 16 | 17 | package = pkgs.mysql80; 18 | ensureUsers = 19 | map ( 20 | name: { 21 | inherit name; 22 | ensurePermissions = { 23 | "*.*" = "ALL PRIVILEGES"; 24 | }; 25 | } 26 | ) 27 | admins; 28 | }; 29 | 30 | services.mysqlBackup = { 31 | enable = true; 32 | location = cfg.dataDir; 33 | }; 34 | 35 | # Persist data between reboots 36 | persist.storage.directories = [cfg.dataDir]; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/telegram.nix: -------------------------------------------------------------------------------- 1 | # programs.telegram.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.telegram; 9 | inherit (lib) mkIf; 10 | inherit (config.lib.keyd) mkClass; 11 | 12 | # Window class name 13 | class = "org.telegram.desktop"; 14 | in { 15 | options.programs.telegram = { 16 | enable = lib.options.mkEnableOption "telegram"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | home.packages = [pkgs.telegram-desktop]; 21 | 22 | # keyboard shortcuts 23 | services.keyd.windows."${mkClass class}" = {}; 24 | 25 | wayland.windowManager.hyprland.settings.windowrule = [ 26 | "float, class:^(${class}|telegramdesktop)$, title:^(Media viewer)$" 27 | ]; 28 | 29 | # Persist reboots, skip backups 30 | persist.scratch.directories = [".local/share/TelegramDesktop/tdata"]; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/keyd/lib.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.services.keyd; 7 | inherit (lib) removePrefix removeSuffix replaceStrings toLower; 8 | 9 | # Create window class name from hyprland string to what keyd-application-mapper makes: 10 | # 427 def normalize_class(s): 11 | # 423 return re.sub('[^A-Za-z0-9]+', '-', s).strip('-').lower() 12 | mkClass = str: let 13 | invalid = ["." "_" "/" "(" ")" "$" "<" ">" "[" "]" ":"]; 14 | repeats = ["-------" "------" "-----" "----" "---" "--"]; 15 | hyphens = map (_: "-"); 16 | strValidated = replaceStrings invalid (hyphens invalid) str; 17 | strShortened = replaceStrings repeats (hyphens repeats) strValidated; 18 | strTrimmed = removeSuffix "-" (removePrefix "-" strShortened); 19 | in 20 | toLower strTrimmed; 21 | in { 22 | lib.keyd = { 23 | inherit mkClass; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /modules/home/users/jon/terminal.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | yo # example script 4 | self.fetchgithub # fetch hash from repo 5 | self.shizuku # connect android to pc and run 6 | ]; 7 | 8 | # Aliases 9 | home.shellAliases = { 10 | neofetch = "fastfetch"; 11 | 12 | # 5 second countdown until the clipboard gets typed out 13 | type-clipboard = '' 14 | sh -c 'sleep 5.0; ydotool type -- "$(wl-paste)"' 15 | ''; 16 | 17 | # Force adoption of unifi devices 18 | unifi-adopt = '' 19 | for x in 1 2 3; do 20 | echo "10.1.0.$x set-inform http://10.1.0.4:8080/inform" 21 | ssh $USER@10.1.0.$x "/usr/bin/mca-cli-op set-inform http://10.1.0.4:8080/inform; exit" 22 | done 23 | ''; 24 | 25 | # Bashly CLI 26 | bashly = "docker run --rm -it --user $(id -u):$(id -g) --volume \"$PWD:/app\" dannyben/bashly"; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/calc.nix: -------------------------------------------------------------------------------- 1 | # calc 2 | { 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.rofi; 8 | in { 9 | home.packages = [ 10 | (pkgs.self.mkScript { 11 | name = "calc"; 12 | text = toString [ 13 | "rofi-toggle" 14 | "-show calc" 15 | "-modi calc" 16 | "-no-show-match" 17 | "-no-sort" 18 | "-no-history" 19 | "-theme-str 'window {width: 25%;}'" 20 | "${toString cfg.args}" 21 | ]; 22 | }) 23 | ]; 24 | 25 | programs.rofi = { 26 | plugins = [pkgs.unstable.rofi-calc]; 27 | # mode.slot4 = "calc"; 28 | args = ["-calc-command \"echo -n '{result}' | wl-copy\""]; 29 | rasiConfig = [''calc { display-name: ""; }'']; 30 | }; 31 | 32 | wayland.windowManager.hyprland.settings.bind = [ 33 | "super+alt, c, exec, calc" 34 | "alt+ctrl, insert, exec, calc" 35 | ]; 36 | } 37 | -------------------------------------------------------------------------------- /modules/home/default/options/fzf.nix: -------------------------------------------------------------------------------- 1 | # programs.fzf.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.programs.fzf; 8 | inherit (lib) mkDefault mkIf; 9 | in { 10 | config = mkIf cfg.enable { 11 | programs.fzf.enableZshIntegration = lib.mkDefault true; 12 | 13 | home.sessionVariables = let 14 | rg = "rg --glob '!package-lock.json' --glob '!.git/*' --glob '!yarn.lock' --glob '!.yarn/*' --smart-case --hidden"; 15 | in { 16 | FZF_DEFAULT_COMMAND = "command ${rg} --files --no-ignore-vcs"; 17 | FZF_DEFAULT_OPTS = mkDefault (toString [ 18 | "--cycle" 19 | "--filepath-word" 20 | "--inline-info" 21 | "--reverse" 22 | "--pointer='*'" 23 | "--preview='head -100 {}'" 24 | "--preview-window=right:hidden" 25 | "--bind=ctrl-space:toggle-preview" 26 | "--color=light" 27 | ]); 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | # manage ~/.config/mimeapps.list. 7 | xdg.mimeApps.enable = true; 8 | xdg.mime.enable = true; 9 | 10 | programs = { 11 | kitty.enable = true; # terminal 12 | chromium.enable = true; # browser 13 | firefox.enable = true; # alt browser 14 | 15 | # Home Automation 16 | home-assistant = { 17 | enable = true; 18 | url = lib.mkDefault "https://hass.hub"; 19 | }; 20 | isy.enable = true; 21 | }; 22 | 23 | # TODO: remove or convert to modules 24 | services.flatpak.apps = [ 25 | "io.github.dvlv.boxbuddyrs" 26 | "org.emptyflow.ArdorQuery" 27 | "com.github.treagod.spectator" 28 | ]; 29 | 30 | home.packages = with pkgs; [ 31 | gnome-disk-utility # format and partition gui 32 | xorg.xeyes # test for x11 33 | ripdrag # drag + drop files from/to the terminal 34 | ]; 35 | } 36 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | flake, 5 | ... 6 | }: { 7 | imports = flake.lib.ls ./.; 8 | 9 | # Source extra config at the end 10 | wayland.windowManager.hyprland.extraConfig = '' 11 | source = ~/.config/hypr/extra/hyprland.conf 12 | ''; 13 | 14 | # Persist extra config 15 | persist.storage.directories = [".config/hypr/extra"]; 16 | tmpfiles.files = [".config/hypr/extra/hyprland.conf"]; 17 | 18 | # Use a real file for the hyprland config to ease real-time tinkering 19 | home.localStorePath = [".config/hypr/hyprland.conf"]; 20 | 21 | # Temporarily pause autoreload during activation 22 | home.activation.localStoreHyprland = lib.hm.dag.entryBefore ["checkLinkTargets"] '' 23 | conf="${config.home.homeDirectory}/.config/hypr/hyprland.conf" 24 | if [ -L "$conf" ]; then 25 | echo "misc:disable_autoreload=true" >> "$conf" 2>/dev/null || true 26 | fi 27 | ''; 28 | } 29 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/launcher.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | cfg = config.programs.rofi; 7 | in { 8 | programs.rofi = { 9 | mode.slot1 = "combi"; 10 | extraConfig.combi-modes = ["hyprland:rofi-hyprland" "drun" "run" "ssh"]; 11 | rasiConfig = [ 12 | '' 13 | combi { display-name: ""; } 14 | hyprland { display-name: ""; } 15 | drun { display-name: "󰌧"; } 16 | run { display-name: ""; } 17 | ssh { display-name: ""; } 18 | '' 19 | ]; 20 | }; 21 | 22 | # launcher 23 | home.packages = [ 24 | (pkgs.self.mkScript { 25 | name = "launcher"; 26 | text = "rofi-toggle -show combi ${toString cfg.args}"; 27 | }) 28 | ]; 29 | 30 | # Left Super is app launcher/switcher 31 | wayland.windowManager.hyprland.settings = { 32 | bindr = ["super, Super_L, exec, launcher"]; 33 | bind = ["super, space, exec, launcher"]; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /modules/home/desktop/default/configs/media.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | programs = { 7 | zathura.enable = true; # pdf reader 8 | mpv.enable = true; # media player 9 | imv.enable = true; # image viewer 10 | freetube.enable = true; # youtube client 11 | 12 | # Photo Library 13 | immich = { 14 | enable = true; 15 | url = lib.mkDefault "https://immich.lux"; 16 | }; 17 | # Media Library 18 | jellyfin = { 19 | enable = true; 20 | url = lib.mkDefault "https://jellyfin.lux"; 21 | }; 22 | }; 23 | 24 | home.packages = with pkgs; [ 25 | pulseaudio # pactl 26 | pavucontrol # sound control gui 27 | ncpamixer # sound control tui 28 | tauon # music player 29 | asunder # cd ripper 30 | newsflash # rss reader 31 | ]; 32 | 33 | services.flatpak.apps = ["io.gitlab.zehkira.Monophony"]; 34 | 35 | # Remember audio settings 36 | persist.storage.directories = [".local/state/wireplumber"]; 37 | } 38 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/rofi/clips.nix: -------------------------------------------------------------------------------- 1 | # clips 2 | { 3 | config, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.rofi; 8 | in { 9 | home.packages = [ 10 | (pkgs.self.mkScript { 11 | name = "clips"; 12 | text = toString [ 13 | "rofi-toggle" 14 | "-show clips" 15 | "${toString cfg.args}" 16 | ]; 17 | }) 18 | ]; 19 | 20 | programs.rofi = { 21 | mode.slot3 = "clips:rofi-cliphist"; 22 | rasiConfig = [''clips { display-name: ""; }'']; 23 | }; 24 | 25 | wayland.windowManager.hyprland.settings.bind = [ 26 | "super+alt, v, exec, clips" 27 | "alt+shift, insert, exec, clips" 28 | ]; 29 | 30 | services.cliphist = { 31 | enable = true; 32 | allowImages = true; 33 | extraOptions = [ 34 | "-max-dedupe-search" 35 | "10" 36 | "-max-items" 37 | "500" 38 | ]; 39 | }; 40 | 41 | # Persist clipboard history database 42 | persist.storage.directories = [".cache/cliphist"]; 43 | } 44 | -------------------------------------------------------------------------------- /modules/nixos/default/options/traefik/dns.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.services.traefik; 8 | # Enable if Traefik is enabled and there is at least one public hostName 9 | enableDns = (builtins.length cfg.publicHostNames > 0) && (cfg.enable == true); 10 | in { 11 | config = lib.mkIf enableDns { 12 | systemd.services."traefik-dns" = { 13 | description = "Create public DNS records in CloudFlare when needed by Traefik"; 14 | after = ["multi-user.target"]; 15 | requires = ["multi-user.target"]; 16 | wantedBy = ["sysinit.target"]; 17 | serviceConfig = { 18 | Type = "oneshot"; 19 | EnvironmentFile = [config.age.secrets.cloudflare-env.path]; 20 | }; 21 | path = with pkgs; [cfdyndns]; 22 | script = lib.concatStringsSep "\n" ( 23 | map (hostName: '' 24 | cfdyndns -t $CF_DNS_API_TOKEN -r ${hostName} 25 | '') 26 | cfg.publicHostNames 27 | ); 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/bluebubbles.nix: -------------------------------------------------------------------------------- 1 | # programs.bluebubbles.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.programs.bluebubbles; 8 | inherit (lib) mkIf; 9 | inherit (config.lib.keyd) mkClass; 10 | 11 | # Window class name 12 | class = "bluebubbles"; 13 | in { 14 | options.programs.bluebubbles = { 15 | enable = lib.options.mkEnableOption "bluebubbles"; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | services.flatpak = { 20 | enable = true; 21 | apps = ["app.bluebubbles.BlueBubbles"]; 22 | }; 23 | 24 | # keyboard shortcuts 25 | services.keyd.windows."${mkClass class}" = { 26 | "super.c" = "C-c"; 27 | "super.v" = "C-v"; 28 | }; 29 | 30 | wayland.windowManager.hyprland.settings = { 31 | windowrule = []; 32 | }; 33 | 34 | persist.storage.directories = [ 35 | ".var/app/app.bluebubbles.BlueBubbles/config" 36 | ".var/app/app.bluebubbles.BlueBubbles/data" 37 | ]; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /packages/nixos/templates/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Replace with a generated version using `nixos-generate-config` when possible. 2 | # sudo nixos-generate-config --no-filesystems --show-hardware-config 2>/dev/null | alejandra -q 3 | { 4 | config, 5 | lib, 6 | modulesPath, 7 | ... 8 | }: { 9 | imports = [ 10 | (modulesPath + "/installer/scan/not-detected.nix") 11 | ]; 12 | 13 | # Minimal initrd/kernel modules (generic) 14 | boot.initrd.availableKernelModules = []; 15 | boot.initrd.kernelModules = []; 16 | boot.kernelModules = []; 17 | boot.extraModulePackages = []; 18 | 19 | # Enable DHCP on all interfaces by default 20 | networking.useDHCP = lib.mkDefault true; 21 | 22 | # Host platform 23 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 24 | 25 | # CPU microcode updates 26 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 27 | hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 28 | } 29 | -------------------------------------------------------------------------------- /modules/nixos/hardware/radeon-rx-580.nix: -------------------------------------------------------------------------------- 1 | # AMD Radeon RX 580 8GB 2 | { 3 | pkgs, 4 | flake, 5 | ... 6 | }: { 7 | # https://github.com/NixOS/nixos-hardware/tree/master/common/gpu/amd 8 | imports = [flake.inputs.hardware.nixosModules.common-gpu-amd]; 9 | 10 | # LTS kernel 11 | boot.kernelPackages = pkgs.linuxPackages_6_12; 12 | 13 | hardware.graphics = { 14 | enable = true; 15 | enable32Bit = true; 16 | extraPackages = with pkgs; [libvdpau-va-gl vaapiVdpau]; 17 | extraPackages32 = with pkgs; [libvdpau-va-gl vaapiVdpau]; 18 | }; 19 | 20 | # rocm-smi 21 | environment.systemPackages = [pkgs.rocmPackages.rocm-smi]; 22 | 23 | # rocm-smi included in monitoring 24 | services.beszel.extraPackages = [pkgs.rocmPackages.rocm-smi]; 25 | 26 | # https://wiki.nixos.org/wiki/AMD_GPU 27 | environment.variables = { 28 | ROC_ENABLE_PRE_VEGA = "1"; 29 | }; 30 | 31 | tmpfiles.symlinks = [ 32 | { 33 | target = "/opt/rocm/hip"; 34 | source = pkgs.rocmPackages.clr; 35 | } 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /modules/nixos/default/options/home-assistant/isy.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.services.home-assistant; 7 | inherit (lib) mkIf; 8 | in { 9 | config = mkIf (cfg.enable && cfg.isy != "") { 10 | # Encoded ISY authentication header 11 | # > echo -n $ISY_USERNAME:$ISY_PASSWORD | base64 12 | # --------------------------------------------------------------------------- 13 | # ISY_BASIC_AUTH=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 14 | # --------------------------------------------------------------------------- 15 | age.secrets.isy.rekeyFile = ./isy.age; 16 | systemd.services.traefik.serviceConfig = { 17 | EnvironmentFile = [config.age.secrets.isy.path]; 18 | }; 19 | 20 | services.traefik = { 21 | enable = true; 22 | proxy.${cfg.isyName} = "http://${cfg.isy}:80"; 23 | dynamicConfigOptions.http.middlewares.${cfg.isyName}.headers = { 24 | customRequestHeaders.authorization = "Basic {{ env `ISY_BASIC_AUTH` }}"; 25 | }; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /packages/ipaddr.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | path = with pkgs; [curl gawk iproute2]; 8 | name = "ipaddr"; 9 | text = 10 | # bash 11 | '' 12 | case "''${1-}" in 13 | lan | l) 14 | lan="$(ip -4 a | awk '/state UP/{flag=1} flag && /inet /{split($2, ip, "/"); print ip[1]; exit}')" 15 | vpn="$(ip -4 a | awk '/tailscale0/{flag=1} flag && /inet /{split($2, ip, "/"); print ip[1]; exit}')" 16 | if [[ -z "$vpn" ]]; then 17 | [[ $lan == 10.0.2.* ]] && echo 127.0.0.1 || echo $lan 18 | elif [[ $lan == 10.0.2.* ]]; then 19 | echo "$vpn" 20 | else 21 | echo "$lan" 22 | fi 23 | ;; 24 | wan | w) 25 | curl -s ipv4.icanhazip.com 26 | ;; 27 | help | *) 28 | echo "Usage: ipaddr CONTEXT" 29 | echo 30 | echo " lan" 31 | echo " wan" 32 | echo " help" 33 | ;; 34 | esac 35 | ''; 36 | } 37 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/framework.nix: -------------------------------------------------------------------------------- 1 | # Framework Laptop (internal keyboard) 2 | { 3 | ids = ["0001:0001"]; 4 | settings = 5 | { 6 | main = { 7 | ## Modifiers before: 8 | # [Tab] 9 | # [Capslock] 10 | # [Control] [fn] [Meta] [Alt] [Space] [Alt] [Control] 11 | 12 | ## Modifers after: 13 | # [Nav/Tab] 14 | # [Control] 15 | # [Control] [fn] [Alt] [Super] [Space] [Super] [Alt] 16 | tab = "overloadt2(nav, tab, 200)"; 17 | capslock = "layer(control)"; 18 | leftshift = "layer(shift)"; 19 | leftcontrol = "layer(control)"; 20 | leftmeta = "layer(alt)"; 21 | leftalt = "layer(super)"; 22 | 23 | # Allow right modifers to be unique keys 24 | rightalt = "rightmeta"; 25 | rightcontrol = "rightalt"; 26 | rightshift = "rightshift"; 27 | 28 | # Both volume keys together trigger media key 29 | "volumedown+volumeup" = "media"; 30 | }; 31 | } 32 | // import ./all.nix; 33 | } 34 | -------------------------------------------------------------------------------- /modules/nixos/default/options/whoami.nix: -------------------------------------------------------------------------------- 1 | # services.whoami.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.services.whoami; 8 | inherit (lib) mkIf mkOption types mkDefault recursiveUpdate; 9 | inherit (config.services.traefik.lib) mkLabels; 10 | in { 11 | # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/whoami.nix 12 | disabledModules = ["services/web-apps/whoami.nix"]; 13 | 14 | options.services.whoami = { 15 | enable = lib.options.mkEnableOption "whoami"; 16 | name = mkOption { 17 | type = types.str; 18 | default = "whoami"; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable { 23 | # Enable reverse proxy 24 | services.traefik.enable = true; 25 | 26 | # Configure OCI container 27 | virtualisation.oci-containers.containers."whoami" = { 28 | image = "traefik/whoami"; 29 | cmd = ["--port=2001"]; 30 | extraOptions = 31 | mkLabels [cfg.name 2001] 32 | ++ ["--network=host"]; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/davinci-resolve/davinci-resolve-import.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | find . -maxdepth 1 -type f -name '*.mp4' -print0 | while IFS= read -r -d '' file; do 3 | echo "Found MP4 file: $file" 4 | done 5 | 6 | read -p "Convert to av1_nvenc with pcm audio to edit in Davinci Resolve? (y/n): " confirm 7 | if [ "$confirm" = "y" ]; then 8 | 9 | find . -maxdepth 1 -type f -name '*.mp4' -print0 | while IFS= read -r -d '' file; do 10 | codec=$(ffprobe -v error -select_streams v:0 -show_entries stream=codec_name -of default=noprint_wrappers=1:nokey=1 "$file") 11 | 12 | if [ "$codec" == "h264" ]; then 13 | output="${file%.mp4}-av1.mp4" 14 | echo "Converting $file (H.264) to AV1 format as $output" 15 | 16 | ffmpeg -i "$file" -c:v av1_nvenc -cq 30 -c:a pcm_s16le -y "$output" 17 | 18 | echo "Finished converting $file to $output" 19 | else 20 | echo "Skipping $file (already in $codec)" 21 | fi 22 | done 23 | echo "All files processed." 24 | 25 | else 26 | echo "Operation cancelled." 27 | fi 28 | -------------------------------------------------------------------------------- /packages/sv.nix: -------------------------------------------------------------------------------- 1 | {perSystem, ...}: 2 | perSystem.self.mkScript { 3 | name = "sv"; 4 | text = 5 | # bash 6 | '' 7 | # Resemble sv command from runit 8 | if [[ "''${1-}" == "log" ]]; then 9 | 10 | # Follow logs 11 | if [[ "''${2-}" == "-f" ]]; then 12 | if [[ -z "''${3-}" ]]; then 13 | [ $EUID -eq 0 ] && command journalctl -f || command journalctl --user -f; 14 | else 15 | [ $EUID -eq 0 ] && command journalctl -fu ''${@:3} || command journalctl --user -fu ''${@:3}; 16 | fi 17 | 18 | # All logs 19 | else 20 | if [[ -z "''${2-}" ]]; then 21 | [ $EUID -eq 0 ] && command journalctl || command journalctl --user; 22 | else 23 | [ $EUID -eq 0 ] && command journalctl -u ''${@:2} || command journalctl --user -u ''${@:2}; 24 | fi 25 | fi 26 | 27 | # Control units 28 | else 29 | [ $EUID -eq 0 ] && command systemctl ''${@-} || command systemctl --user ''${@-}; 30 | fi 31 | ''; 32 | } 33 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/g600.nix: -------------------------------------------------------------------------------- 1 | # Logitech Gaming Mouse G600 Keyboard 2 | # https://www.amazon.ca/gp/product/B0086UK7IQ/ 3 | { 4 | ids = ["046d:c24a"]; 5 | settings = 6 | { 7 | main = { 8 | # G4 (nudge scroll wheel): super-right 9 | f4 = "M-right"; 10 | 11 | # G5 (nudge scroll wheel): super+left 12 | f5 = "M-left"; 13 | 14 | # G6 (far-right mouse button): super 15 | f6 = "layer(super)"; 16 | 17 | # G7 (middle raised): is super-rightclick 18 | f7 = "M-rightmouse"; 19 | 20 | # G8 (middle sunken): super-leftclick 21 | f8 = "M-leftmouse"; 22 | 23 | # Modifiers on mouse 24 | f9 = "layer(super)"; 25 | f10 = "layer(alt)"; 26 | f11 = "layer(shift)"; 27 | 28 | # Media control 29 | f15 = "volumeup"; 30 | f16 = "playpause"; 31 | f18 = "volumedown"; 32 | f19 = "mute"; 33 | 34 | # Print Screen (screenshot) 35 | f17 = "sysrq"; 36 | }; 37 | } 38 | // import ./all.nix; 39 | } 40 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/t480s.nix: -------------------------------------------------------------------------------- 1 | # Thinkpad T480s Laptop (interal keyboard) 2 | { 3 | ids = ["0001:0001"]; 4 | settings = 5 | { 6 | main = { 7 | ## Modifers before: 8 | # [Tab] 9 | # [Capslock] 10 | # [fn] [Control] [Meta] [Alt] [Space] [Alt] [PrtSc] [Control] 11 | 12 | ## Modifer after: 13 | # [Nav/Tab] 14 | # [Control] 15 | # [fn] [Control] [Alt] [Super] [Space] [Super] [PrtSc] [Control] 16 | tab = "overloadt2(nav, tab, 200)"; 17 | leftshift = "layer(shift)"; 18 | capslock = "layer(control)"; 19 | leftcontrol = "layer(control)"; 20 | leftmeta = "layer(alt)"; 21 | leftalt = "layer(super)"; 22 | 23 | # Allow right modifers to be unique keys 24 | rightalt = "rightmeta"; 25 | rightcontrol = "rightalt"; 26 | rightshift = "rightshift"; 27 | 28 | # Both volume keys together trigger media key 29 | "volumedown+volumeup" = "media"; 30 | }; 31 | } 32 | // import ./all.nix; 33 | } 34 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/docker.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | flake, 5 | ... 6 | }: let 7 | cfg = config.virtualisation.docker; 8 | inherit (lib) mkDefault mkIf; 9 | in { 10 | # Enable Docker and set to backend (over podman default) 11 | virtualisation = { 12 | docker = { 13 | enable = mkDefault true; 14 | storageDriver = "overlay2"; 15 | liveRestore = false; # enabling this is incompatiable with docker swarm 16 | }; 17 | oci-containers.backend = "docker"; 18 | }; 19 | 20 | persist = mkIf cfg.enable { 21 | # Persist these directories between reboots 22 | scratch.directories = [ 23 | "/var/lib/docker/containers" 24 | "/var/lib/docker/image" 25 | "/var/lib/docker/overlay2" 26 | ]; 27 | # Persist these as well, but also make snapshots 28 | storage.directories = [ 29 | "/var/lib/docker/volumes" 30 | "/var/lib/docker/swarm" 31 | ]; 32 | }; 33 | 34 | # Add config's users to the docker group 35 | users.users = mkIf cfg.enable (flake.lib.extraGroups config ["docker"]); 36 | } 37 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/fuzzel.nix: -------------------------------------------------------------------------------- 1 | # programs.fuzzel.enable = true 2 | {lib, ...}: { 3 | programs.fuzzel = { 4 | settings = { 5 | main = { 6 | fuzzy = "yes"; 7 | # font = "${fontName}:size=14"; 8 | icon-theme = "Papirus-Dark"; 9 | width = 40; 10 | lines = 10; 11 | line-height = 25; 12 | dpi-aware = "no"; 13 | }; 14 | 15 | # All colors must be specified as a RGBA quadruple, in hex format, without a leading '0x' 16 | # https://man.archlinux.org/man/fuzzel.1.en#COLORS 17 | colors = lib.mkDefault { 18 | background = "3f3f3fdf"; # zenburn-bg 19 | text = "dcdcccff"; # zenburn-fg 20 | match = "dca3a3ff"; # zenburn-red+1 21 | selection = "366060df"; # zenburn-blue-5 22 | selection-match = "dc8cc3ff"; # zenburn-magenta 23 | selection-text = "ace0e3ff"; # zenburn-blue+2 24 | border = "6ca0a3df"; # zenburn-blue-2 25 | }; 26 | 27 | border = { 28 | width = 2; 29 | radius = 5; 30 | }; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /modules/nixos/default/options/nfs.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | cfg = config.services.nfs.server; 7 | in { 8 | # Enable nfs 9 | services.rpcbind.enable = true; 10 | environment.systemPackages = [pkgs.nfs-utils]; 11 | 12 | # Fixed nfs ports 13 | services.nfs.server = { 14 | lockdPort = 4001; 15 | mountdPort = 4002; 16 | statdPort = 4000; 17 | }; 18 | 19 | # Open firewall if nfs server enabled 20 | networking.firewall = 21 | if cfg.enable != true 22 | then {} 23 | else { 24 | allowedTCPPorts = [111 2049 4000 4001 4002 20048]; 25 | allowedUDPPorts = [111 2049 4000 4001 4002 20048]; 26 | }; 27 | 28 | # # Ensure /media exists 29 | # systemd.services.createMediaDir = { 30 | # after = [ "local-fs.target" ]; # Ensure this runs after the root fs is mounted 31 | # before = [ "local-fs-pre.target" ]; # Ensure this runs before other filesystems are mounted 32 | # wantedBy = [ "multi-user.target" ]; # Run as part of multi-user (standard boot) 33 | # script = "mkdir -p /media"; 34 | # }; 35 | } 36 | -------------------------------------------------------------------------------- /modules/nixos/default/options/rust-motd.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | flake, 6 | ... 7 | }: let 8 | # List home-manager users users 9 | users = (config.home-manager.users or {}) |> builtins.attrNames; 10 | 11 | # Format btrbk volumes as { main = "/mnt/main"; } 12 | volumes = 13 | config.services.btrbk.volumes 14 | |> builtins.attrNames 15 | |> map (value: { 16 | name = builtins.elemAt (lib.splitString "/" value) 2; 17 | inherit value; 18 | }) 19 | |> builtins.listToAttrs; 20 | in { 21 | programs.rust-motd = { 22 | settings = { 23 | global = {}; 24 | banner = { 25 | color = "red"; 26 | command = '' 27 | ${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant 28 | ''; 29 | }; 30 | uptime.prefix = "Up"; 31 | memory.swap_pos = "beside"; 32 | filesystems = {boot = "/boot";} // volumes; 33 | last_login = flake.lib.genAttrs users (user: 2); 34 | # docker = {}; 35 | last_run = {}; 36 | memory = {}; 37 | }; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/apple.nix: -------------------------------------------------------------------------------- 1 | # Apple Wired Keyboard with Numpad 2 | # https://www.amazon.ca/gp/product/B07K7V1FWC/ 3 | { 4 | ids = ["05ac:0220" "05ac:024f"]; 5 | settings = 6 | { 7 | main = { 8 | ## Modifers before: 9 | # [Tab] 10 | # [Capslock] 11 | # [Control] [Alt] [Meta] [Space] [Meta] [Alt] 12 | 13 | ## Modifers after: 14 | # [Nav/Tab] 15 | # [Control] 16 | # [Control] [Alt] [Super] [Space] [Super] [Alt] 17 | tab = "overloadt2(nav, tab, 200)"; 18 | capslock = "layer(control)"; 19 | leftshift = "layer(shift)"; 20 | leftcontrol = "layer(control)"; 21 | leftalt = "layer(alt)"; 22 | leftmeta = "layer(super)"; 23 | 24 | # Allow right modifers to be unique keys 25 | rightmeta = "rightmeta"; 26 | rightalt = "rightalt"; 27 | rightshift = "rightshift"; 28 | 29 | # Both volume keys together trigger media key 30 | "volumedown+volumeup" = "media"; 31 | }; 32 | } 33 | // import ./all.nix; 34 | } 35 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/k811.nix: -------------------------------------------------------------------------------- 1 | # Logitech K811 Bluetooth Keyboard 2 | # https://www.amazon.ca/product/dp/B0099SMFP2/ 3 | { 4 | ids = ["046d:b317"]; 5 | settings = 6 | { 7 | main = { 8 | ## Modifiers before: 9 | # [Tab] 10 | # [Capslock] 11 | # [fn] [Control] [Alt] [Meta] [Space] [Meta] [Alt] 12 | 13 | ## Modifiers after: 14 | # [Nav/Tab] 15 | # [Control] 16 | # [fn] [Control] [Alt] [Super] [Space] [Super] [Alt] 17 | tab = "overloadt2(nav, tab, 200)"; 18 | capslock = "layer(control)"; 19 | leftshift = "layer(shift)"; 20 | leftcontrol = "layer(control)"; 21 | leftalt = "layer(alt)"; 22 | leftmeta = "layer(super)"; 23 | 24 | # Allow right modifers to be unique keys 25 | rightmeta = "rightmeta"; 26 | rightalt = "rightalt"; 27 | rightshift = "rightshift"; 28 | 29 | # Both volume keys together trigger media key 30 | "volumedown+volumeup" = "media"; 31 | }; 32 | } 33 | // import ./all.nix; 34 | } 35 | -------------------------------------------------------------------------------- /packages/enableWayland.nix: -------------------------------------------------------------------------------- 1 | # perSystem.self.enableWayland {} 2 | {pkgs, ...}: 3 | # Force package to run in Wayland 4 | # example: 5 | # owncloud-client = enableWayland { type = "qt"; pkg = pkgs.owncloud-client; name = "owncloud"; }; 6 | { 7 | package ? pkgs.hello, 8 | type ? "electron", 9 | name ? null, 10 | }: let 11 | inherit (pkgs) lib makeWrapper symlinkJoin; 12 | inherit (lib) concatStringsSep getName; 13 | 14 | args = { 15 | qt = "--set QT_QPA_PLATFORM wayland"; 16 | electron = '' 17 | --add-flags "--enable-features=UseOzonePlatform" \ 18 | --add-flags "--ozone-platform=wayland" \ 19 | --add-flags "--force-device-scale-factor=2" 20 | ''; 21 | }; 22 | 23 | binName = 24 | if name != null 25 | then name 26 | else if package.meta ? mainProgram 27 | then package.meta.mainProgram 28 | else getName package; 29 | in 30 | symlinkJoin { 31 | name = "${binName}-wrapped"; 32 | paths = [package]; 33 | buildInputs = [makeWrapper]; 34 | postBuild = '' 35 | wrapProgram $out/bin/${binName} ${args.${type}}\ 36 | ''; 37 | } 38 | -------------------------------------------------------------------------------- /packages/fetchgithub.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | ... 5 | }: 6 | perSystem.self.mkScript { 7 | # Parse output of nix flake prefetch for pkgs.fetchFromGitHub { ... } 8 | # > fetchgithub suderman/mpd-url 9 | # owner = "suderman"; 10 | # repo = "mpd-url"; 11 | # rev = "cd8dab8385f09f4b114a9d995044936e30fc1188"; 12 | # sha256 = "sha256-YI/fMxp82lJnq5wH8pv5s1NOC2logOoW37psMsvW8BU="; 13 | name = "fetchgithub"; 14 | path = with pkgs; [jq wl-clipboard]; 15 | text = 16 | # bash 17 | '' 18 | if [[ $# -lt 1 ]]; then 19 | echo "Usage: fetchgithub user/repo" 20 | exit 1 21 | fi 22 | 23 | json=$(nix flake prefetch --refresh --json "github:$1") 24 | 25 | out=""; 26 | out="''${out}owner = \"$(echo "$json" | jq -r '.original.owner')\";\n" 27 | out="''${out}repo = \"$(echo "$json" | jq -r '.original.repo')\";\n" 28 | out="''${out}rev = \"$(echo "$json" | jq -r '.locked.rev')\";\n" 29 | out="''${out}sha256 = \"$(echo "$json" | jq -r '.hash')\";\n" 30 | 31 | printf "$out" | wl-copy 32 | printf "$out" 33 | ''; 34 | } 35 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/waybar/default.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: { 2 | imports = flake.lib.ls ./.; 3 | programs.waybar = { 4 | enable = true; 5 | systemd.enable = true; 6 | settings.bar = { 7 | layer = "top"; 8 | position = "top"; # or bottom 9 | exclusive = true; 10 | height = 30; 11 | persistent_workspaces = { 12 | "1" = []; 13 | "2" = []; 14 | "3" = []; 15 | "4" = []; 16 | "5" = []; 17 | "6" = []; 18 | "7" = []; 19 | "8" = []; 20 | "9" = []; 21 | "10" = []; 22 | }; 23 | }; 24 | 25 | style = builtins.readFile ./style.css; 26 | }; 27 | 28 | stylix.targets.waybar.addCss = false; # we'll write our own CSS 29 | stylix.targets.waybar.font = "sansSerif"; # not monospace 30 | 31 | wayland.windowManager.hyprland.settings = { 32 | animations.layerrule = ["animation slide, waybar"]; # slick animations 33 | layerrule = ["blur,waybar"]; # blur the bar 34 | }; 35 | 36 | home.localStorePath = [ 37 | ".config/waybar/config" 38 | ".config/waybar/style.css" 39 | ]; 40 | } 41 | -------------------------------------------------------------------------------- /modules/nixos/hardware/linode.nix: -------------------------------------------------------------------------------- 1 | # https://www.linode.com/docs/guides/install-nixos-on-linode/ 2 | {pkgs, ...}: { 3 | # Enable LISH for Linode 4 | boot.kernelParams = ["console=ttyS0;19200n8"]; 5 | boot.loader.grub.extraConfig = '' 6 | serial --speed=19200 --unit=0 --word=8 --parity=non --stop=1; 7 | terminal_input serial; 8 | terminal_output serial 9 | ''; 10 | 11 | # Configure GRUB for Linode 12 | boot.loader.grub.enable = true; 13 | boot.loader.grub.forceInstall = true; 14 | # boot.loader.grub.device = "nodev"; 15 | boot.loader.grub.devices = ["/dev/sda"]; 16 | boot.loader.timeout = 10; 17 | 18 | # Disable predictable interface names for Linode 19 | networking.usePredictableInterfaceNames = false; 20 | networking.useDHCP = false; # Disable DHCP globally as we will not need it. 21 | networking.interfaces.eth0.useDHCP = true; 22 | 23 | # IPv6 is broken when trying to reach CloudFlare DNS 24 | networking.enableIPv6 = false; 25 | 26 | # Install Diagnostic Tools 27 | environment.systemPackages = with pkgs; [ 28 | inetutils 29 | mtr 30 | sysstat 31 | ]; 32 | } 33 | -------------------------------------------------------------------------------- /modules/nixos/default/options/tiddlywiki.nix: -------------------------------------------------------------------------------- 1 | # services.tiddlywiki.enable = true; 2 | { 3 | config, 4 | lib, 5 | flake, 6 | ... 7 | }: let 8 | cfg = config.services.tiddlywiki; 9 | inherit (lib) mkIf mkOption types; 10 | in { 11 | options.services.tiddlywiki = { 12 | name = mkOption { 13 | type = types.str; 14 | default = "tiddlywiki"; 15 | }; 16 | port = mkOption { 17 | default = 3456; 18 | type = types.port; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable { 23 | # Add admins to the tiddlywiki group 24 | users.users = flake.lib.extraGroups (flake.lib.sudoers flake.users) ["tiddlywiki"]; 25 | 26 | services.tiddlywiki = { 27 | listenOptions = { 28 | port = cfg.port; 29 | # credentials = "../credentials.csv"; 30 | # readers="(authenticated)"; 31 | }; 32 | }; 33 | 34 | # Persist data 35 | persist.storage.directories = ["/var/lib/private/tiddlywiki"]; 36 | 37 | services.traefik = { 38 | enable = true; 39 | proxy.${cfg.name} = "http://127.0.0.1:${toString cfg.port}"; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/chromium/registry.nix: -------------------------------------------------------------------------------- 1 | { 2 | alby = "iokeahhehimjnekafflcihljlcjccdbe"; 3 | auto-tab-discard-suspend = "jhnleheckmknfcgijgkadoemagpecfol"; 4 | built-with = "dapjbgnjinbpoindlpdmhochffioedbn"; 5 | chromium-web-store = "https://github.com/NeverDecaf/chromium-web-store/releases/download/v1.5.4.3/Chromium.Web.Store.crx"; 6 | contextsearch = "ddippghibegbgpjcaaijbacfhjjeafjh"; 7 | dark-reader = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; 8 | fake-data = "gchcfdihakkhjgfmokemfeembfokkajj"; 9 | floccus-bookmarks-sync = "fnaicdffflnofjppbagibeoednhnbjhg"; 10 | global-speed = "jpbjcnkcffbooppibceonlgknpkniiff"; 11 | i-still-dont-care-about-cookies = "edibdbjcniadpccecjdfdjjppcpchdlm"; 12 | one-password = "aeblfdkhhhdcdjpifhhbdiojplfjncoa"; 13 | return-youtube-dislike = "gebbhagfogifgggkldgodflihgfeippi"; 14 | sponsorblock = "mnjggcdmjocbbbhaepdhchncahnbgone"; 15 | stylus = "clngdbkpkpeebahjckkjfobafhncgmne"; 16 | tampermonkey = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; 17 | ublock-origin = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; 18 | ublock-origin-lite = "ddkjiahejlhfcafbddmgiahcphecmpfh"; 19 | } 20 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypridle.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.services.hypridle; 7 | in { 8 | options.services.hypridle.lock = lib.mkOption { 9 | type = lib.types.str; 10 | default = "hyprlock"; 11 | example = "swaylock"; 12 | }; 13 | # Timeout settings 14 | config.services.hypridle = { 15 | enable = true; 16 | settings = { 17 | general = { 18 | ignore_dbus_inhibit = false; 19 | lock_cmd = "pidof ${cfg.lock} || ${cfg.lock}"; # avoid multiple instances 20 | }; 21 | 22 | # Screenlock 23 | listener = [ 24 | { 25 | timeout = 600; 26 | on-timeout = cfg.lock; 27 | } 28 | { 29 | timeout = 1200; 30 | on-timeout = "hyprctl dispatch dpms off"; 31 | on-resume = "hyprctl dispatch dpms on"; 32 | } 33 | ]; 34 | }; 35 | }; 36 | 37 | # Keyboard shortcut to turn off screen immediately with numlock 38 | config.wayland.windowManager.hyprland.settings = { 39 | bind = [", num_lock, exec, sleep 1 && hyprctl dispatch dpms off"]; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/monitor.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | while read -r line; do 3 | 4 | this=/run/keyd/this 5 | last=/run/keyd/last 6 | touch $this $last 7 | 8 | button() { 9 | echo $1 >/run/keyd/button 10 | # ( sleep 1 && echo "" > /run/keyd/button ) & 11 | } 12 | 13 | key() { 14 | [[ "$1" == "$(cat $this)" ]] || cp -f $this $last 15 | echo "$1" >$this 16 | } 17 | 18 | if [[ "$line" == *"kpminus down"* ]]; then 19 | key kpminus 20 | elif [[ "$line" == *"kpplus down"* ]]; then 21 | key kpplus 22 | elif [[ "$line" == *"kp6 down"* ]]; then 23 | key kp6 24 | elif [[ "$line" == *"leftmouse down"* ]]; then 25 | key leftmouse 26 | elif [[ "$line" == *"middlemouse down"* ]]; then 27 | key middlemouse 28 | elif [[ "$line" == *"rightmouse down"* ]]; then 29 | key rightmouse 30 | fi 31 | 32 | case "$(cat $last) $(cat $this)" in 33 | *"middlemouse") button middle ;; 34 | "kp6 kpminus") button left ;; 35 | *"kp6"*) button right ;; 36 | *"rightmouse") button right ;; 37 | *"kpminus") button left ;; 38 | *"leftmouse") button left ;; 39 | esac 40 | 41 | done < <(exec keyd -m) 42 | -------------------------------------------------------------------------------- /modules/home/default/options/bluetuith.nix: -------------------------------------------------------------------------------- 1 | # programs.bluetuith.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.bluetuith; 9 | inherit (lib) mkIf options; 10 | in { 11 | disabledModules = ["programs/bluetuith.nix"]; 12 | options.programs.bluetuith.enable = options.mkEnableOption "bluetuith"; 13 | config = mkIf cfg.enable { 14 | home.packages = [pkgs.bluetuith]; 15 | 16 | # https://darkhz.github.io/bluetuith/Configuration.html 17 | xdg.configFile = { 18 | "bluetuith/bluetuith.conf".text = builtins.toJSON { 19 | theme = {}; 20 | receive-dir = ""; 21 | keybindings = { 22 | NavigateDown = "j"; 23 | NavigateUp = "k"; 24 | Menu = "l"; 25 | Close = "h"; 26 | Quit = "q"; 27 | }; 28 | }; 29 | }; 30 | 31 | wayland.windowManager.hyprland.settings.bind = [ 32 | # shift+media to manage bluetooth connections 33 | "shift, XF86AudioMedia, exec, export addr=$(bluetoothctl devices | rofi-toggle -dmenu | cut -d' ' -f2); bluetoothctl unblock $addr; bluetoothctl connect $addr" 34 | ]; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /modules/nixos/default/options/beszel/default.nix: -------------------------------------------------------------------------------- 1 | # https://github.com/daviaaze/nixfiles/blob/main/modules/services/beszel.nix 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | flake, 7 | ... 8 | }: let 9 | cfg = config.services.beszel; 10 | inherit (lib) mkIf mkOption types; 11 | in { 12 | imports = flake.lib.ls ./.; # agent and hub 13 | 14 | options.services.beszel = { 15 | package = mkOption { 16 | type = types.package; 17 | default = pkgs.beszel; 18 | }; 19 | dataDir = mkOption { 20 | type = types.path; 21 | default = "/var/lib/beszel"; 22 | }; 23 | }; 24 | 25 | config = mkIf (cfg.enable || cfg.enableAgent) { 26 | environment.systemPackages = [cfg.package]; 27 | 28 | users.users.beszel = { 29 | isSystemUser = true; 30 | description = "Beszel monitoring system"; 31 | group = "beszel"; 32 | extraGroups = ["docker"]; 33 | }; 34 | 35 | users.groups.beszel = {}; 36 | 37 | tmpfiles.directories = [ 38 | { 39 | target = "${cfg.dataDir}/beszel_data"; 40 | user = "beszel"; 41 | } 42 | ]; 43 | 44 | persist.storage.directories = [cfg.dataDir]; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /hosts/hub/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; 16 | boot.initrd.kernelModules = []; 17 | boot.kernelModules = ["kvm-intel"]; 18 | boot.extraModulePackages = []; 19 | 20 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 21 | # (the default) this is the recommended approach. When using systemd-networkd it's 22 | # still possible to use this option, but it's recommended to use it in conjunction 23 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 24 | networking.useDHCP = lib.mkDefault true; 25 | # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 26 | 27 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 28 | } 29 | -------------------------------------------------------------------------------- /lib/users.nix: -------------------------------------------------------------------------------- 1 | {flake, ...}: 2 | flake.lib.genAttrs ../users ( 3 | dir: let 4 | user = import ../users/${dir}; 5 | in 6 | user 7 | // ( 8 | # Special case for root user 9 | if dir == "root" 10 | then rec { 11 | name = "root"; 12 | uid = 0; 13 | description = "System administrator"; 14 | isSystemUser = true; 15 | isNormalUser = false; 16 | linger = false; 17 | openssh = { 18 | authorizedKeys = user.openssh.authorizedKeys or {}; 19 | authorizedPrincipals = user.openssh.authorizedPrincipals or []; 20 | }; 21 | 22 | # Normal users with custom defaults 23 | } 24 | else rec { 25 | name = user.name or dir; 26 | uid = user.uid or null; 27 | description = user.description or name; 28 | isSystemUser = user.isSystemUser or false; 29 | isNormalUser = ! isSystemUser; 30 | useDefaultShell = user.useDefaultShell or true; 31 | linger = user.linger or true; 32 | openssh = { 33 | authorizedKeys = user.openssh.authorizedKeys or {}; 34 | authorizedPrincipals = user.openssh.authorizedPrincipals or []; 35 | }; 36 | } 37 | ) 38 | ) 39 | -------------------------------------------------------------------------------- /modules/nixos/default/options/syncthing.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | hostName, 5 | flake, 6 | ... 7 | }: let 8 | inherit (lib) listToAttrs map; 9 | syncPort = 22000; # tcp/udp 10 | webguiPort = 8384; # tcp 11 | discoveryPort = 21027; # udp 12 | 13 | # find all home-manager users with syncthing enabled 14 | users = flake.lib.filterUsers config (user: user.services.syncthing.enable); 15 | in { 16 | networking.firewall = let 17 | # [ 0 1 2 ... ] 18 | portOffsets = map (user: user.home.portOffset) users; 19 | 20 | # [ 22000 22001 22002 ... ] 21 | syncPorts = map (portOffset: syncPort + portOffset) portOffsets; 22 | 23 | # [ 8384 8385 8386 ... ] 24 | webguiPorts = map (portOffset: webguiPort + portOffset) portOffsets; 25 | # Open firewall for user syncthing service 26 | in { 27 | allowedTCPPorts = syncPorts ++ webguiPorts; 28 | allowedUDPPorts = syncPorts ++ [discoveryPort]; 29 | }; 30 | 31 | # Enable reverse proxy { "syncthing-jon" = "http://cog:8384"; } 32 | services.traefik.proxy = listToAttrs (map (user: 33 | with user.home; { 34 | name = "syncthing-${username}"; 35 | value = "http://${hostName}:${toString (webguiPort + portOffset)}"; 36 | }) 37 | users); 38 | } 39 | -------------------------------------------------------------------------------- /hosts/sim/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # ssh root@localhost -p2222 nixos-generate-config --no-filesystems --show-hardware-config \ 2 | # > hosts/sim/hardware-configuration.nix 3 | # 4 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 5 | # and may be overwritten by future invocations. Please make changes 6 | # to /etc/nixos/configuration.nix instead. 7 | { config, lib, pkgs, modulesPath, ... }: 8 | 9 | { 10 | imports = 11 | [ (modulesPath + "/profiles/qemu-guest.nix") 12 | ]; 13 | 14 | boot.initrd.availableKernelModules = [ "ata_piix" "floppy" "sd_mod" "sr_mod" ]; 15 | boot.initrd.kernelModules = [ ]; 16 | boot.kernelModules = [ "kvm-intel" ]; 17 | boot.extraModulePackages = [ ]; 18 | 19 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 20 | # (the default) this is the recommended approach. When using systemd-networkd it's 21 | # still possible to use this option, but it's recommended to use it in conjunction 22 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 23 | networking.useDHCP = lib.mkDefault true; 24 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; 25 | 26 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 27 | } 28 | -------------------------------------------------------------------------------- /modules/home/default/options/neomutt/search.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.programs.neomutt; 7 | search = bool: ".config/neomutt/search-${toString bool}"; 8 | source = bool: ":source ~/${search bool}\\n"; 9 | in { 10 | home = lib.mkIf cfg.enable { 11 | file."${search 0}".text = 12 | # sh 13 | '' 14 | # vim: set ft=neomuttrc: 15 | # search-0 16 | 17 | # Default behaviour is navigate entries with n/p 18 | bind index,pager,attach,browser n next-entry 19 | bind index,pager,attach,browser p previous-entry 20 | 21 | # Search with / 22 | macro index,pager,attach,browser / "${source 1}" "Search" 23 | ''; 24 | 25 | file."${search 1}".text = 26 | # sh 27 | '' 28 | # vim: set ft=neomuttrc: 29 | # search-1 30 | 31 | # Navigate search results with n/p 32 | bind index,pager,attach,browser n search-next 33 | bind index,pager,attach,browser p search-opposite 34 | 35 | # Cancel search mode with 36 | macro index,pager,attach,browser / "${source 0}" "Cancel search" 37 | ''; 38 | 39 | localStorePath = [ 40 | (search 0) 41 | (search 1) 42 | ]; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /hosts/cog/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; 16 | boot.initrd.kernelModules = []; 17 | boot.kernelModules = ["kvm-intel"]; 18 | boot.extraModulePackages = []; 19 | 20 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 21 | # (the default) this is the recommended approach. When using systemd-networkd it's 22 | # still possible to use this option, but it's recommended to use it in conjunction 23 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 24 | networking.useDHCP = lib.mkDefault true; 25 | # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; 26 | 27 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 28 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 29 | } 30 | -------------------------------------------------------------------------------- /lib/networking.nix: -------------------------------------------------------------------------------- 1 | # Attribute set describing my domains and IP addresses 2 | { lib, flake, ... }: let 3 | 4 | inherit (flake.lib) genAttrs; 5 | inherit (lib) foldl filterAttrs mapAttrsToList mapAttrs' nameValuePair; 6 | 7 | # Centralized hierarchy of IP addresses 8 | zones = genAttrs ../zones (zone: import ../zones/${zone}); 9 | 10 | # Determine primary IP address for each host from configuration domain 11 | addresses = filterAttrs (n: v: v != "") ( genAttrs flake.nixosConfigurations ( hostName: let 12 | inherit (flake.nixosConfigurations."${hostName}".config.networking) domain; 13 | ip = if isNull domain then "" else (zones.${domain}.${hostName} or ""); 14 | in ip ) ); 15 | 16 | # Flatten the tree into a "hostName.domain = address" set 17 | flatten = tree: foldl (a: b: a // b) {} ( 18 | mapAttrsToList (domain: hostNames: 19 | (mapAttrs' (hostName: ip: nameValuePair ("${hostName}.${domain}") ip) hostNames)) tree 20 | ); 21 | 22 | in { 23 | 24 | # Self-signed CA certificate, domain name used for public services 25 | inherit (import ../zones) ca domainName; 26 | 27 | # Centralized hierarchy of IP addresses 28 | inherit zones; 29 | 30 | # Internal DNS records 31 | records = (flatten zones) // addresses; 32 | 33 | } 34 | 35 | -------------------------------------------------------------------------------- /modules/nixos/default/options/traefik/ca.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | flake, 5 | ... 6 | }: let 7 | cfg = config.services.traefik; 8 | inherit (builtins) dirOf toString; 9 | inherit (lib) mkIf mkOption types; 10 | in { 11 | options.services.traefik = { 12 | caPort = mkOption { 13 | type = types.port; 14 | default = 0; 15 | }; 16 | }; 17 | 18 | config = mkIf (cfg.caPort > 0) { 19 | # Use nginx to serve the certificate 20 | services.nginx.enable = true; 21 | 22 | # Configure virtual host on specified port 23 | services.nginx.virtualHosts.ca = { 24 | listen = [ 25 | { 26 | addr = "0.0.0.0"; 27 | port = cfg.caPort; 28 | } 29 | ]; 30 | locations."/" = let 31 | index = "ca.crt"; 32 | in { 33 | inherit index; 34 | root = dirOf flake.networking.ca; 35 | extraConfig = '' 36 | add_header Content-disposition "attachment; filename=${index}"; 37 | ''; 38 | }; 39 | }; 40 | 41 | # Open up the firewall for this port 42 | networking.firewall.allowedTCPPorts = [cfg.caPort]; 43 | 44 | # Also serve the ca.crt via traefik 45 | services.traefik.proxy.ca = "http://127.0.0.1:${toString cfg.caPort}"; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/hyprexpo.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.wayland.windowManager.hyprland; 7 | inherit (lib) mkIf; 8 | in { 9 | wayland.windowManager.hyprland = { 10 | # plugins = mkIf cfg.enablePlugins [pkgs.hyprlandPlugins.hyprexpo]; 11 | # plugins = mkIf cfg.enablePlugins [pkgs.unstable.hyprlandPlugins.hyprexpo]; 12 | 13 | # settings = { 14 | # "plugin:hyprexpo" = { 15 | # columns = 3; 16 | # gap_size = 5; 17 | # bg_col = "rgb(111111)"; 18 | # workspace_method = "first 1"; 19 | # 20 | # enable_gesture = true; # laptop touchpad 21 | # gesture_fingers = 3; # 3 or 4 22 | # gesture_distance = 300; # how far is the "max" 23 | # gesture_positive = true; # positive = swipe down. Negative = swipe up. 24 | # }; 25 | # 26 | # bind = mkIf cfg.enablePlugins [ 27 | # "super, 0, hyprexpo:expo, toggle" 28 | # ]; 29 | # 30 | # bindsn = mkIf cfg.enablePlugins [ 31 | # # Toggle expo with super+semicolon+apostrophe ([;'] same-time) 32 | # "super_l, semicolon&apostrophe, hyprexpo:expo, toggle" 33 | # "super_r, semicolon&apostrophe, hyprexpo:expo, toggle" 34 | # ]; 35 | # }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/davinci-resolve/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.programs.davinci-resolve; 8 | inherit (lib) mkIf; 9 | 10 | # Convert all h264 mp4 files in directory to av1_nvenc pcm audio to edit in Davinci Resolve 11 | davinci-resolve-import = pkgs.self.mkScript { 12 | inputs = [pkgs.ffmpeg]; 13 | name = "davinci-resolve-import"; 14 | text = ./davinci-resolve-import.sh; 15 | }; 16 | 17 | # Convert output video from Davinci Resolve to x264 mp4 with aac audio 18 | davinci-resolve-export = pkgs.self.mkScript { 19 | inputs = [pkgs.ffmpeg]; 20 | name = "davinci-resolve-export"; 21 | text = ./davinci-resolve-export.sh; 22 | }; 23 | in { 24 | options.programs.davinci-resolve = { 25 | enable = lib.options.mkEnableOption "Davinci Resolve"; 26 | }; 27 | 28 | config = mkIf cfg.enable { 29 | home.packages = with pkgs; [ 30 | # Video exiting software 31 | davinci-resolve 32 | 33 | # Import/export video conversion scripts 34 | davinci-resolve-import 35 | davinci-resolve-export 36 | 37 | # Convert video from format to another 38 | ffmpeg 39 | ]; 40 | persist.storage.directories = [".local/share/DaVinciResolve"]; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/waybar/modules-center.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | programs.waybar.settings.bar = { 7 | modules-center = [ 8 | "clock" 9 | "custom/screencast" 10 | ]; 11 | 12 | clock = { 13 | format = "{:%b %e %I:%M %p}"; 14 | # format-alt = "{:%A %d %B W%V %Y}"; 15 | tooltip = false; 16 | on-click = "${lib.getExe pkgs.gsimplecal}"; 17 | on-click-right = "kitty --class=khal khal interactive"; 18 | interval = 60; 19 | align = 0; 20 | rotate = 0; 21 | }; 22 | 23 | "custom/screencast" = { 24 | on-click = "printscreen video"; 25 | signal = 8; 26 | return-type = "json"; 27 | exec = pkgs.self.mkScript { 28 | text = 29 | # bash 30 | '' 31 | if [[ "$(printscreen status)" == "video" ]]; then 32 | echo '{"text": " 󰻂 ", "tooltip": "Stop recording", "class": "active"}' 33 | else 34 | echo '{"text": ""}' 35 | fi 36 | ''; 37 | }; 38 | }; 39 | }; 40 | 41 | # mini-calendar and top center of screen 42 | wayland.windowManager.hyprland.settings.windowrule = [ 43 | "move 45.8% 30,class:gsimplecal" 44 | "opacity 0.8,class:gsimplecal" 45 | ]; 46 | } 47 | -------------------------------------------------------------------------------- /modules/nixos/default/options/jellyfin.nix: -------------------------------------------------------------------------------- 1 | # -- modified module -- 2 | # services.jellyfin.enable = true; 3 | { 4 | config, 5 | lib, 6 | ... 7 | }: let 8 | cfg = config.services.jellyfin; 9 | inherit (lib) mkIf mkOption types; 10 | inherit (config.services.traefik.lib) mkHostName; 11 | in { 12 | options.services.jellyfin = { 13 | name = mkOption { 14 | type = types.str; 15 | default = "jellyfin"; 16 | }; 17 | port = mkOption { 18 | type = types.port; 19 | default = 8096; 20 | }; 21 | }; 22 | 23 | config = mkIf cfg.enable { 24 | services.jellyfin = { 25 | user = "jellyfin"; 26 | group = "media"; 27 | openFirewall = true; 28 | }; 29 | 30 | users.groups.media.members = [config.services.jellyfin.user]; 31 | 32 | services.traefik = { 33 | enable = true; 34 | proxy = let 35 | route = { 36 | hostName = mkHostName cfg.name; 37 | url = "http://127.0.0.1:${toString cfg.port}"; 38 | public = false; 39 | }; 40 | in { 41 | jellyfin-websecure = route; 42 | jellyfin-web = route // {tls = false;}; 43 | }; 44 | }; 45 | 46 | # Persist data between reboots 47 | persist.storage.directories = ["/var/lib/jellyfin"]; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /modules/nixos/default/options/prometheus.nix: -------------------------------------------------------------------------------- 1 | # services.prometheus.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.services.prometheus; 8 | inherit (config.services.prometheus) exporters; 9 | inherit (lib) mkIf mkOption types; 10 | in { 11 | options.services.prometheus = { 12 | name = mkOption { 13 | type = types.str; 14 | default = "prometheus"; 15 | }; 16 | }; 17 | 18 | config = mkIf cfg.enable { 19 | services.prometheus = { 20 | retentionTime = "30d"; 21 | webExternalUrl = "https://${cfg.name}.${config.networking.hostName}"; 22 | 23 | exporters.node = { 24 | enable = true; 25 | port = 9100; # default 9100 overlaps with OCIS (not in use anymore) 26 | enabledCollectors = ["systemd"]; 27 | }; 28 | 29 | # https://github.com/prometheus/prometheus/wiki/Default-port-allocations 30 | scrapeConfigs = [ 31 | { 32 | job_name = "node"; 33 | static_configs = [ 34 | {targets = ["127.0.0.1:${toString exporters.node.port}"];} 35 | ]; 36 | } 37 | ]; 38 | }; 39 | 40 | services.traefik = { 41 | enable = true; 42 | proxy.${cfg.name} = "http://127.0.0.1:${toString cfg.port}"; # 9090 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /hosts/kit/README.md: -------------------------------------------------------------------------------- 1 | # kit 🎮 2 | 3 | Hyprland custom build sitting on my home office desk: 4 | 5 | - [FormD T1 v2.1 ITX case](https://formdt1.com/) 6 | - [ASRock Z790 PG-ITX/TB4 motherboard](https://pg.asrock.com/mb/Intel/Z790%20PG-ITXTB4/index.asp) 7 | - [Corsair SF750 PSU](https://www.corsair.com/us/en/p/psu/CP-9020186-NA/sf-series-sf750-750-watt-80-plus-platinum-certified-high-performance-sfx-psu-cp-9020186-na) 8 | - [Intel Core i7-14700K CPU](https://www.amazon.ca/dp/B0CGJ41C9W) 9 | - [MasterLiquid 240 Atmos liquid cooler](https://www.coolermaster.com/en-global/products/masterliquid-240-atmos/) 10 | - [Asus ProArt RTX 4070 Ti SUPER 16GB GPU](https://www.asus.com/ca-en/motherboards-components/graphics-cards/proart/proart-rtx4070tis-o16g/) 11 | - [64GB G.Skill DDR5 Ripjaws S5 6400MHz CL32 memory](https://www.amazon.ca/dp/B0C1TL9CT9) 12 | - [2TB WD_Black SN850X NVMe storage (x2)](https://www.amazon.ca/dp/B0B7CMZ3QH) 13 | - [2TB Crucial T500 NVMe storage](https://www.amazon.ca/dp/B0CK2TC9XQ) 14 | - [Acer XB273K V3bmiiprx 27" UHD 4K display](https://www.amazon.ca/gp/product/B0CQPHJ32Y/) 15 | - [Happy Hacking Keyboard Professional 2, black](https://hhkeyboard.us/hhkb/pro-classic/sku/cg01000-296401) 16 | - [Logitech G600 mouse](https://www.logitechg.com/en-ca/products/gaming-mice/g600-mmo-gaming-mouse.910-002864.html) 17 | -------------------------------------------------------------------------------- /hosts/wit/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: { 10 | imports = [ 11 | (modulesPath + "/installer/scan/not-detected.nix") 12 | ]; 13 | 14 | boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; 15 | boot.initrd.kernelModules = []; 16 | boot.kernelModules = []; 17 | boot.extraModulePackages = []; 18 | 19 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 20 | # (the default) this is the recommended approach. When using systemd-networkd it's 21 | # still possible to use this option, but it's recommended to use it in conjunction 22 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 23 | networking.useDHCP = lib.mkDefault true; 24 | # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; 25 | # networking.interfaces.wlp61s0.useDHCP = lib.mkDefault true; 26 | 27 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 28 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/cog/users/jon/home-configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | flake, 4 | ... 5 | }: { 6 | imports = [ 7 | flake.homeModules.default 8 | flake.homeModules.desktop.hyprland 9 | flake.homeModules.users.jon 10 | ]; 11 | 12 | # Hyprland embedded display (laptop) 13 | wayland.windowManager.hyprland = { 14 | settings.monitor = ["eDP-1, 2256x1504@59.9990001, 500x1440, 1.333333"]; 15 | enablePlugins = true; # set false if plugins barf errors 16 | }; 17 | 18 | # Override homm-assistant client with local instance 19 | programs.home-assistant.url = "https://hass.cog"; 20 | 21 | # Override jellyfin client with local instance 22 | programs.jellyfin.url = "https://jellyfin.cog"; 23 | 24 | # Program 25 | programs.sparrow.enable = true; 26 | 27 | # Gaming 28 | programs.steam.enable = true; 29 | programs.dolphin-emu.enable = true; 30 | programs.zwift.enable = true; # fitness 31 | 32 | # User services 33 | services.mpd.enable = true; 34 | services.syncthing.enable = true; 35 | 36 | # Record screen with CPU-based AV1 encoder 37 | programs.printscreen = { 38 | framerate = 20; 39 | codec = "libsvtav1"; 40 | params = { 41 | preset = 5; 42 | crf = 45; 43 | }; 44 | }; 45 | 46 | # Email, calendars, contacts 47 | accounts.enable = true; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/fit/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # sudo nixos-generate-config --no-filesystems --show-hardware-config 2>/dev/null | alejandra -q 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | modulesPath, 7 | ... 8 | }: { 9 | imports = [ 10 | (modulesPath + "/installer/scan/not-detected.nix") 11 | ]; 12 | 13 | boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "firewire_ohci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; 14 | boot.initrd.kernelModules = []; 15 | boot.kernelModules = ["kvm-intel" "wl"]; 16 | boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta]; 17 | 18 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 19 | # (the default) this is the recommended approach. When using systemd-networkd it's 20 | # still possible to use this option, but it's recommended to use it in conjunction 21 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 22 | networking.useDHCP = lib.mkDefault true; 23 | # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true; 24 | # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true; 25 | 26 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 27 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 28 | } 29 | -------------------------------------------------------------------------------- /packages/qr.nix: -------------------------------------------------------------------------------- 1 | # Wrapper script for zbarcam to convert QR codes into 32-byte hex 2 | { 3 | pkgs, 4 | perSystem, 5 | ... 6 | }: 7 | perSystem.self.mkScript { 8 | path = [ 9 | pkgs.v4l-utils 10 | pkgs.zbar 11 | perSystem.self.derive 12 | ]; 13 | 14 | name = "qr"; 15 | 16 | text = 17 | # bash 18 | '' 19 | # Disable webcam autofocus 20 | autofocus="$(v4l2-ctl --get-ctrl=focus_automatic_continuous 2>/dev/null | cut -d' ' -f2 || echo "")" 21 | [[ -z "$autofocus" ]] || v4l2-ctl --set-ctrl=focus_automatic_continuous=0 22 | 23 | # Set webcam focus level to 200 (0 = furthest back, 250 = closest possible) 24 | focus="$(v4l2-ctl --get-ctrl=focus_absolute 2>/dev/null | cut -d' ' -f2 || echo "")" 25 | [[ -z "$focus" ]] || v4l2-ctl --set-ctrl=focus_absolute=200 26 | 27 | # Scan QR code from webcam (wait 20 seconds) 28 | qr="$(timeout 20s zbarcam --oneshot --raw --set "*.enable=0" --set "qrcode.enable=1" && echo "")" 29 | 30 | # Reset webcam settings to what they were before 31 | [[ -z "$focus" ]] || v4l2-ctl --set-ctrl=focus_absolute=$focus 32 | [[ -z "$autofocus" ]] || v4l2-ctl --set-ctrl=focus_automatic_continuous=$autofocus 33 | 34 | # Output QR code as 32-byte hex 35 | [[ -z "$qr" ]] || derive hex <<<"$qr" 36 | ''; 37 | } 38 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/onepassword.nix: -------------------------------------------------------------------------------- 1 | # programs.onepassword.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.onepassword; 9 | inherit (lib) mkIf; 10 | inherit (config.lib.keyd) mkClass; 11 | 12 | # Window class name 13 | class = "1Password"; 14 | in { 15 | options.programs.onepassword = { 16 | enable = lib.options.mkEnableOption "onepassword"; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | home.packages = [pkgs._1password-gui pkgs._1password-cli]; 21 | 22 | # Float and resize 23 | wayland.windowManager.hyprland.settings = { 24 | windowrule = [ 25 | # Main window 26 | "tag +pwd, class:(1Password), title:^(1Password)$" 27 | "float, tag:pwd" 28 | "size 1024 768, tag:pwd" 29 | 30 | # Dialog window 31 | "tag +pwd_dialog, class:(1Password), title:^(.*)Password — 1Password$" 32 | "float, tag:pwd_dialog" 33 | "size 1280 240, tag:pwd_dialog" 34 | "center, tag:pwd_dialog" 35 | "pin, tag:pwd_dialog" 36 | ]; 37 | }; 38 | 39 | # keyboard shortcuts 40 | services.keyd.windows."${mkClass class}" = { 41 | "esc" = "C-w"; 42 | }; 43 | 44 | # Persist reboots, skip backups 45 | persist.scratch.directories = [".config/1Password"]; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/launchers.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | wayland.windowManager.hyprland.settings = { 3 | bind = [ 4 | # Terminal 5 | "super, return, exec, kitty" 6 | 7 | # File manager 8 | "super, y, exec, kitty --class Yazi yazi" 9 | 10 | # Alt file manager 11 | "super+alt, y, exec, nautilus --new-window" 12 | 13 | # Text editor 14 | "super, e, exec, kitty --class Neovim nvim" 15 | 16 | # Alt text editor 17 | "super+alt, e, exec, neovide --neovim-bin nvim" 18 | 19 | # Browser 20 | "super, b, exec, chromium-browser" 21 | "super+shift, b, exec, chromium-browser --incognito" 22 | 23 | # Alt browser 24 | "super+alt, b, exec, firefox" 25 | "super+alt+shift, b, exec, firefox --private-window" 26 | 27 | # Password manager 28 | "super+control, period, exec, 1password" 29 | ]; 30 | 31 | # Toggle floating on these launcher keybinds if held down 32 | bindo = [ 33 | "super, return, exec, hypr-float" 34 | "super, y, exec, hypr-float" 35 | "super, e, exec, hypr-float" 36 | "super, b, exec, hypr-float" 37 | "super+alt, return, exec, hypr-float" 38 | "super+alt, y, exec, hypr-float" 39 | "super+alt, e, exec, hypr-float" 40 | "super+alt, b, exec, hypr-float" 41 | ]; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/swww.nix: -------------------------------------------------------------------------------- 1 | # wallpaper 2 | { 3 | config, 4 | pkgs, 5 | ... 6 | }: { 7 | # Enable wallpaper service 8 | services.swww.enable = true; 9 | 10 | # Persist last wallpaper path 11 | persist.storage.directories = [".cache/swww"]; 12 | 13 | # Set a wallpaper (random if none specified) 14 | home.packages = let 15 | inherit (config.home) homeDirectory; 16 | inherit (config.xdg.userDirs) extraConfig; 17 | dir = "${extraConfig.XDG_PICTURES_DIR or "${homeDirectory}/Pictures"}/Wallpapers"; 18 | in [ 19 | (pkgs.self.mkScript { 20 | name = "wallpaper"; 21 | text = toString [ 22 | "swww img" 23 | "--transition-type=any" 24 | "--transition-duration=1" 25 | "\${1:-\$(find ${dir} -type f | shuf -n 1)}" 26 | ]; 27 | }) 28 | ]; 29 | 30 | wayland.windowManager.hyprland.settings = { 31 | # Keybind to change it up 32 | bind = ["super+alt, p, exec, wallpaper"]; 33 | # Pretty animations in hyprland 34 | animations.layerrule = ["animation fade, swww-daemon"]; 35 | }; 36 | 37 | # Select specific wallpaper in Yazi 38 | programs.yazi.settings.opener.wallpaper = [ 39 | { 40 | run = ''wallpaper "$@"''; 41 | desc = "Set wallpaper"; 42 | block = false; 43 | orphan = true; 44 | for = "unix"; 45 | } 46 | ]; 47 | } 48 | -------------------------------------------------------------------------------- /hosts/eve/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: { 10 | imports = [ 11 | (modulesPath + "/installer/scan/not-detected.nix") 12 | ]; 13 | 14 | boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "firewire_ohci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; 15 | boot.initrd.kernelModules = []; 16 | boot.kernelModules = ["kvm-intel"]; 17 | boot.extraModulePackages = []; 18 | 19 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 20 | # (the default) this is the recommended approach. When using systemd-networkd it's 21 | # still possible to use this option, but it's recommended to use it in conjunction 22 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 23 | networking.useDHCP = lib.mkDefault true; 24 | # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true; 25 | # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true; 26 | 27 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 28 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/lux/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; 16 | boot.initrd.kernelModules = []; 17 | boot.kernelModules = ["kvm-intel"]; 18 | boot.extraModulePackages = []; 19 | 20 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 21 | # (the default) this is the recommended approach. When using systemd-networkd it's 22 | # still possible to use this option, but it's recommended to use it in conjunction 23 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 24 | networking.useDHCP = lib.mkDefault true; 25 | # networking.interfaces.enp89s0.useDHCP = lib.mkDefault true; 26 | # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; 27 | 28 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 29 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 30 | } 31 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/freetube.nix: -------------------------------------------------------------------------------- 1 | # programs.freetube.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | cfg = config.programs.freetube; 8 | inherit (lib) mkIf; 9 | in { 10 | config = mkIf cfg.enable { 11 | programs.freetube = { 12 | settings = { 13 | allowDashAv1Formats = true; 14 | checkForUpdates = false; 15 | defaultQuality = "1080"; 16 | baseTheme = "catppuccinMocha"; 17 | defaultTheatreMode = true; 18 | useSponsorBlock = true; 19 | useDeArrowTitles = true; 20 | useDeArrowThumbnails = true; 21 | hideLabelsSideBar = true; 22 | hideHeaderLogo = true; 23 | region = "CA"; 24 | }; 25 | }; 26 | 27 | # tag Freetube windows 28 | wayland.windowManager.hyprland.settings = { 29 | windowrule = [ 30 | "tag +yt, class:[Ff]reetube" 31 | ]; 32 | }; 33 | 34 | # keyboard shortcuts 35 | services.keyd.windows = { 36 | freetube = { 37 | "super.n" = "C-n"; # new window 38 | "super.r" = "C-r"; # reload 39 | "super.[" = "A-left"; # prev tab 40 | "super.]" = "A-right"; # next tab 41 | "super.w" = "C-w"; # close tab 42 | }; 43 | }; 44 | 45 | # Persist reboots but skip backups 46 | persist.scratch.directories = [".config/FreeTube"]; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /modules/nixos/default/options/home-assistant/zwave.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: let 6 | cfg = config.services.home-assistant; 7 | inherit (lib) mkIf; 8 | inherit (config.services.traefik.lib) mkLabels; 9 | in { 10 | config = mkIf (cfg.enable && cfg.zwave != "") { 11 | # Enable reverse proxy 12 | services.traefik.enable = true; 13 | 14 | # Z-Wave JS UI container 15 | virtualisation.oci-containers.containers.zwave = { 16 | image = "ghcr.io/zwave-js/zwave-js-ui:${cfg.zwaveVersion}"; 17 | autoStart = false; 18 | 19 | # Traefik labels 20 | extraOptions = 21 | mkLabels [cfg.zwaveName 8091] 22 | # Networking and devices 23 | ++ [ 24 | "--privileged" 25 | "--network=host" 26 | ] 27 | ++ [ 28 | "--device=${cfg.zwave}:/dev/zwave" 29 | "--stop-signal=SIGINT" 30 | "-t" 31 | ]; 32 | 33 | # Environment variables 34 | environment = { 35 | TZ = config.time.timeZone; 36 | }; 37 | 38 | # Bind volume 39 | volumes = [ 40 | "${cfg.dataDir}/zwave:/usr/src/app/store" 41 | ]; 42 | }; 43 | 44 | # Open firewall 45 | networking.firewall = { 46 | allowedTCPPorts = [ 47 | 3000 # zwave websockets 48 | 8091 # zwave web interface 49 | ]; 50 | }; 51 | }; 52 | } 53 | -------------------------------------------------------------------------------- /modules/nixos/default/options/whoogle.nix: -------------------------------------------------------------------------------- 1 | # services.whoogle.enable = true; 2 | { 3 | config, 4 | lib, 5 | ... 6 | }: let 7 | # https://github.com/benbusby/whoogle-search/releases 8 | version = "0.9.4"; 9 | 10 | cfg = config.services.whoogle; 11 | inherit (lib) mkIf mkOption types; 12 | inherit (config.services.traefik.lib) mkLabels; 13 | in { 14 | options.services.whoogle = { 15 | enable = lib.options.mkEnableOption "whoogle"; 16 | name = mkOption { 17 | type = types.str; 18 | default = "whoogle"; 19 | }; 20 | }; 21 | 22 | config = mkIf cfg.enable { 23 | # Enable reverse proxy 24 | services.traefik.enable = true; 25 | 26 | # Configure OCI container 27 | virtualisation.oci-containers.containers."whoogle" = { 28 | image = "benbusby/whoogle-search:${version}"; 29 | extraOptions = mkLabels cfg.name; 30 | }; 31 | 32 | # Extend systemd service 33 | systemd.services.docker-whoogle = { 34 | after = ["traefik.service"]; 35 | requires = ["traefik.service"]; 36 | preStart = with config.virtualisation.oci-containers.containers; '' 37 | docker pull ${whoogle.image}; 38 | ''; 39 | # Container will not stop gracefully, so kill it 40 | serviceConfig = { 41 | KillSignal = "SIGKILL"; 42 | SuccessExitStatus = "0 SIGKILL"; 43 | }; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/mako.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | services.mako = { 3 | enable = true; 4 | settings = { 5 | default-timeout = 6000; 6 | progress-color = lib.mkDefault "over #414559"; 7 | border-radius = 7; 8 | border-color = lib.mkDefault "#8caaee"; 9 | border-size = 2; 10 | padding = "15"; 11 | width = 600; 12 | height = 300; 13 | text-color = lib.mkDefault "#c6d0f5"; 14 | background-color = lib.mkDefault "#303446"; 15 | font = lib.mkDefault "JetBrainsMono 11"; 16 | anchor = "bottom-left"; 17 | # "[urgency=normal]" = { 18 | # border-color = "#ef9f76"; 19 | # }; 20 | # "[urgency=low]" = { 21 | # border-color = "#ef9f76"; 22 | # }; 23 | # "[urgency=high]" = { 24 | # border-color = "#ef9f76"; 25 | # default-timeout = "0"; 26 | # }; 27 | }; 28 | 29 | # extraConfig = '' 30 | # [urgency=normal] 31 | # border-color=#ef9f76 32 | # 33 | # [urgency=low] 34 | # border-color=#ef9f76 35 | # 36 | # [urgency=high] 37 | # border-color=#ef9f76 38 | # default-timeout=0 39 | # ''; 40 | # [mode=do-not-disturb] 41 | # invisible=1 42 | }; 43 | 44 | wayland.windowManager.hyprland.settings = { 45 | bindn = [", escape, exec, makoctl dismiss"]; 46 | bind = ["super+alt, u, exec, makoctl restore"]; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/kit/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | modulesPath, 8 | ... 9 | }: { 10 | imports = [ 11 | (modulesPath + "/installer/scan/not-detected.nix") 12 | ]; 13 | 14 | boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "thunderbolt" "usb_storage" "usbhid" "uas" "sd_mod"]; 15 | boot.initrd.kernelModules = []; 16 | boot.kernelModules = ["kvm-intel"]; 17 | boot.extraModulePackages = []; 18 | 19 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 20 | # (the default) this is the recommended approach. When using systemd-networkd it's 21 | # still possible to use this option, but it's recommended to use it in conjunction 22 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 23 | networking.useDHCP = lib.mkDefault true; 24 | # networking.interfaces.enp108s0.useDHCP = lib.mkDefault true; 25 | # networking.interfaces.enp56s0u2u3u3.useDHCP = lib.mkDefault true; 26 | # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; 27 | 28 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 29 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 30 | } 31 | -------------------------------------------------------------------------------- /devshell.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | perSystem, 4 | flake, 5 | ... 6 | }: 7 | perSystem.devshell.mkShell { 8 | # Set name of devshell from config 9 | devshell.name = "suderman/nixos"; 10 | 11 | # Startup script of devshell, plus extra 12 | devshell.startup.nixos.text = ""; 13 | 14 | env = [ 15 | { 16 | name = "DERIVATION_INDEX"; 17 | value = toString flake.derivationIndex; 18 | } 19 | ]; 20 | 21 | # Base list of commands for devshell, plus extra 22 | commands = [ 23 | { 24 | category = "development"; 25 | name = "nixos"; 26 | help = "Deploy hosts and generate files"; 27 | package = perSystem.self.default; 28 | } 29 | { 30 | category = "development"; 31 | name = "agenix"; 32 | help = "Manage secrets and identity"; 33 | package = perSystem.self.agenix; 34 | } 35 | { 36 | category = "development"; 37 | name = "browse"; 38 | help = "Browse flake"; 39 | command = "nix-inspect --path ."; 40 | } 41 | ]; 42 | 43 | # Base list of packages for devshell, plus extra 44 | packages = [ 45 | pkgs.age 46 | pkgs.alejandra 47 | pkgs.git 48 | pkgs.nix-inspect 49 | pkgs.openssl 50 | (pkgs.python3.withPackages (ps: [ps.cryptography])) 51 | perSystem.self.agenix 52 | perSystem.self.default 53 | perSystem.self.derive 54 | perSystem.self.ipaddr 55 | perSystem.self.sshed 56 | ]; 57 | } 58 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | flake, 5 | ... 6 | }: { 7 | imports = 8 | [flake.homeModules.desktop.default] 9 | ++ flake.lib.ls ./.; 10 | 11 | options.wayland.windowManager.hyprland = { 12 | enablePlugins = lib.mkEnableOption "enablePlugins"; 13 | }; 14 | 15 | config = { 16 | wayland = { 17 | windowManager.hyprland = { 18 | enable = true; 19 | package = pkgs.unstable.hyprland; 20 | systemd.enable = true; 21 | }; 22 | systemd.target = "hyprland-session.target"; 23 | }; 24 | 25 | home.shellAliases.hyprland = "Hyprland"; # I'll never remember the H 26 | 27 | # Ensure portals and other systemd user services are running 28 | # https://wiki.hypr.land/Hypr-Ecosystem/xdg-desktop-portal-hyprland/ 29 | home.packages = [ 30 | ( 31 | pkgs.self.mkScript { 32 | path = [pkgs.systemd]; 33 | name = "bounce"; 34 | text = let 35 | restart = name: "sleep 1 && systemctl --user stop ${name} && systemctl --user start ${name}"; 36 | in 37 | lib.concatStringsSep "\n" [ 38 | (restart "xdg-desktop-portal-hyprland") 39 | (restart "xdg-desktop-portal-gtk") 40 | (restart "xdg-desktop-portal") 41 | (restart "hyprland-session.target") 42 | ]; 43 | } 44 | ) 45 | ]; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /packages/mkApplication.nix: -------------------------------------------------------------------------------- 1 | # perSystem.self.mkApplication {} 2 | { 3 | pkgs, 4 | perSystem, 5 | ... 6 | }: let 7 | inherit (builtins) isPath toString removeAttrs; 8 | inherit (pkgs) lib stdenv makeDesktopItem copyDesktopItems; 9 | in 10 | args @ { 11 | name ? "application", 12 | desktopName ? name, 13 | icon ? null, 14 | pname ? name, 15 | version ? "1.0", 16 | ... 17 | }: let 18 | script = perSystem.self.mkScript (removeAttrs args ["desktopName" "icon" "pname" "version"]); 19 | desktopItem = 20 | (removeAttrs args ["text" "path" "env" "pname" "version"]) 21 | // { 22 | inherit name desktopName; 23 | exec = "${script}/bin/${pname}"; 24 | icon = 25 | if isPath icon 26 | then toString icon 27 | else icon; 28 | }; 29 | in 30 | stdenv.mkDerivation { 31 | inherit pname version; 32 | nativeBuildInputs = [copyDesktopItems]; 33 | desktopItems = [(makeDesktopItem desktopItem)]; 34 | unpackPhase = "true"; 35 | installPhase = '' 36 | runHook preInstall 37 | mkdir -p $out/bin 38 | cp ${script}/bin/${pname} $out/bin/${pname} 39 | runHook postInstall 40 | ''; 41 | meta = with lib; { 42 | mainProgram = pname; 43 | description = desktopItem.comment or ""; 44 | license = licenses.mit; 45 | platforms = platforms.all; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/nixos/default/options/keyd/keyboards/hhkb.nix: -------------------------------------------------------------------------------- 1 | # HHKB Pro 2 2 | # https://www.amazon.ca/gp/product/B07K9V58DP/ 3 | # 1 = OFF # Macintosh mode (enable media keys) 4 | # 2 = ON # 5 | # 3 = ON # Delete = BS 6 | # 4 = OFF # Left Meta = Left Meta (don't reassign to Fn) 7 | # 5 = OFF # Meta = Meta, Alt = Alt (don't swap modifiers) 8 | # 6 = ON # Wake Up Enable 9 | { 10 | ids = ["0853:0100" "04fe:0006"]; 11 | settings = 12 | { 13 | main = { 14 | # Use tab as custom modifier 15 | tab = "overloadt2(nav, tab, 200)"; 16 | 17 | # Leave the default modifiers as-is 18 | leftshift = "layer(shift)"; 19 | leftalt = "layer(alt)"; 20 | leftmeta = "layer(super)"; 21 | 22 | # Allow right modifers to be unique keys 23 | rightmeta = "rightmeta"; 24 | rightalt = "rightalt"; 25 | rightshift = "rightshift"; 26 | 27 | # Fn keypad as media keys 28 | # [+] next song 29 | # [-] previous song 30 | # [*] play-pause 31 | # [/] media program 32 | kpplus = "nextsong"; 33 | kpminus = "previoussong"; 34 | kpasterisk = "playpause"; 35 | kpslash = "media"; 36 | 37 | # Pause/Break key as media play-pause 38 | pause = "playpause"; 39 | 40 | # Both volume keys together trigger media key 41 | "volumedown+volumeup" = "media"; 42 | }; 43 | } 44 | // import ./all.nix; 45 | } 46 | -------------------------------------------------------------------------------- /hosts/README.md: -------------------------------------------------------------------------------- 1 | # NixOS host configurations 2 | 3 | Each of these directories are included via 4 | [numtide's blueprint](https://numtide.github.io/blueprint/main/getting-started/folder_structure/) 5 | and available under `flake.nixosConfigurations.*`. NixOS configuration files can 6 | be found in `configurations/hosts//configuration.nix` and 7 | host-specific Home Manager configurations can be found in 8 | `configurations/hosts//users/.nix` or 9 | `configurations/hosts//users//home-configuration.nix` 10 | 11 | New hosts are added using this flake's default package: 12 | 13 | ```sh 14 | nixos add host 15 | ``` 16 | 17 | ## My current list 18 | 19 | - `cog` [Framework laptop](https://github.com/suderman/nixos/tree/main/hosts/cog) ⚙ 20 | - `eve` 21 | [2009 Mac Pro (at work)](https://github.com/suderman/nixos/tree/main/hosts/eve) 🌒 22 | - `fit` 23 | [2009 Mac Pro (at home)](https://github.com/suderman/nixos/tree/main/hosts/fit) 👟 24 | - `hub` 25 | [Intel NUC home server](https://github.com/suderman/nixos/tree/main/hosts/hub) ️🏚️ 26 | - `kit` 27 | [2024 FormD T1 desktop](https://github.com/suderman/nixos/tree/main/hosts/kit) 🎮 28 | - `lux` 29 | [Intel NUC media server](https://github.com/suderman/nixos/tree/main/hosts/lux) 🎬 30 | - `wit` 31 | [Thinkpad T480s laptop](https://github.com/suderman/nixos/tree/main/hosts/wit) 💻 32 | - `iso` 33 | [Custom NixOS installer ISO](https://github.com/suderman/nixos/tree/main/hosts/iso) 💿 34 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/gimp.nix: -------------------------------------------------------------------------------- 1 | # -- custom module -- 2 | # programs.gimp.enable = true; 3 | { 4 | config, 5 | lib, 6 | pkgs, 7 | ... 8 | }: let 9 | cfg = config.programs.gimp; 10 | inherit (lib) mkIf; 11 | inherit (config.lib.keyd) mkClass; 12 | 13 | # Window class name 14 | class = "gimp-3.0"; 15 | in { 16 | options.programs.gimp = { 17 | enable = lib.options.mkEnableOption "gimp"; 18 | }; 19 | 20 | config = mkIf cfg.enable { 21 | home.packages = [pkgs.gimp3-with-plugins]; 22 | 23 | xdg.desktopEntries."${class}" = { 24 | name = "GIMP"; 25 | icon = "org.gimp.GIMP"; 26 | noDisplay = true; 27 | }; 28 | 29 | services.keyd.windows."${mkClass class}" = {}; 30 | 31 | # Tag export windows as floating dialogs 32 | wayland.windowManager.hyprland.settings.windowrule = [ 33 | "tag +dialog, class:(file-png|file-jpeg)" 34 | "tag +dialog, class:gimp, title:(Open.*|Export.*|Save.*|Preferences.*|Configure.*|Module.*)" 35 | ]; 36 | 37 | # Persist configuration in storage 38 | persist.storage.directories = [".config/GIMP" ".local/share/GIMP"]; 39 | 40 | xdg.mimeApps.defaultApplications = { 41 | }; 42 | 43 | # Do the same in Yazi 44 | programs.yazi.settings.opener.edit-image = [ 45 | { 46 | run = ''gimp "$@"''; 47 | desc = "Edit in GIMP"; 48 | block = false; 49 | orphan = true; 50 | for = "unix"; 51 | } 52 | ]; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /modules/nixos/default/overlays/misc.nix: -------------------------------------------------------------------------------- 1 | {perSystem, ...}: let 2 | inherit (perSystem.self) enableWayland; 3 | in { 4 | nixpkgs.overlays = [ 5 | (_final: prev: { 6 | # These packages support Wayland but sometimes need to be persuaded 7 | digikam = enableWayland { 8 | type = "qt"; 9 | package = prev.digikam; 10 | name = "digikam"; 11 | }; 12 | dolphin = enableWayland { 13 | type = "qt"; 14 | package = prev.dolphin; 15 | name = "dolphin"; 16 | }; 17 | element-desktop = enableWayland { 18 | type = "electron"; 19 | package = prev.element-desktop; 20 | name = "element-desktop"; 21 | }; 22 | figma-linux = enableWayland { 23 | type = "electron"; 24 | package = prev.figma-linux; 25 | name = "figma-linux"; 26 | }; 27 | nextcloud-client = enableWayland { 28 | type = "qt"; 29 | package = prev.nextcloud-client; 30 | name = "nextcloud"; 31 | }; 32 | # owncloud-client = enableWayland { type = "qt"; package = prev.owncloud-client; name = "owncloud"; }; 33 | plexamp = enableWayland { 34 | type = "electron"; 35 | package = prev.plexamp; 36 | name = "plexamp"; 37 | }; 38 | signal-desktop = enableWayland { 39 | type = "electron"; 40 | package = prev.signal-desktop; 41 | name = "signal-desktop"; 42 | }; 43 | # _1password-gui = enableWayland { type = "electron"; package = prev._1password-gui; name = "1password"; }; 44 | }) 45 | ]; 46 | } 47 | -------------------------------------------------------------------------------- /zones/tail/README.md: -------------------------------------------------------------------------------- 1 | # Tailscale network 2 | 3 | - `100.99.91.44` 2021 Framework Laptop - NixOS 4 | ([cog](https://github.com/suderman/nixos/tree/main/hosts/cog)) 5 | - `100.69.75.29` 2009 Mac Pro - NixOS 6 | ([eve](https://github.com/suderman/nixos/tree/main/hosts/eve)) 7 | - `100.122.127.88` 2009 Mac Pro - NixOS 8 | ([fit](https://github.com/suderman/nixos/tree/main/hosts/fit)) 9 | - `100.115.119.94` 2013 Intel NUC - NixOS 10 | ([hub](https://github.com/suderman/nixos/tree/main/hosts/hub)) 11 | - `100.67.76.42` 2024 FormD T1 Desktop - NixOS 12 | ([kit](https://github.com/suderman/nixos/tree/main/hosts/kit)) 13 | - `100.118.135.148` 2018 Thinkpad T480s - NixOS 14 | 25.05([wit](https://github.com/suderman/nixos/tree/main/hosts/wit)) 15 | - `100.93.245.77` 2020 MacBook Air - macOS 16 | - `100.115.101.44` Pixel 10 Pro - GrapheneOS 17 | 18 | ## VPN Configuration 19 | 20 |
21 | Subnet routes 22 | 23 | | | https://login.tailscale.com/admin/machines | 24 | | --- | ------------------------------------------ | 25 | | hub | `10.1.0.0/16` | 26 | | eve | `10.2.0.0/16` | 27 | 28 |
29 | 30 |
31 | DNS 32 | 33 | | | https://login.tailscale.com/admin/dns | 34 | | ------------------ | ------------------------------------- | 35 | | Override local DNS | `Yes` | 36 | | Global nameservers | `100.97.117.105` _(hub)_ | 37 | | Global nameservers | `100.69.75.29` _(eve)_ | 38 | 39 |
40 | -------------------------------------------------------------------------------- /modules/home/desktop/default/options/projectm.nix: -------------------------------------------------------------------------------- 1 | # programs.projectm.enable = true; 2 | { 3 | config, 4 | lib, 5 | pkgs, 6 | ... 7 | }: let 8 | cfg = config.programs.projectm; 9 | dataDir = ".config/projectM"; 10 | visualizerDir = "Documents/Resources/Visualizer"; 11 | in { 12 | options.programs.projectm.enable = lib.mkEnableOption "projectm"; 13 | config = lib.mkIf cfg.enable { 14 | home.packages = [pkgs.projectm-sdl-cpp]; 15 | persist.storage.directories = [dataDir]; 16 | 17 | xdg.desktopEntries."projectm" = { 18 | name = "ProjectM"; 19 | genericName = "Music Visualizer"; 20 | icon = "multimedia-player"; 21 | terminal = false; 22 | type = "Application"; 23 | exec = "${lib.getExe pkgs.projectm-sdl-cpp}"; 24 | }; 25 | 26 | # Default settings when none yet exist 27 | home.activation.projectm = let 28 | file = "${config.home.homeDirectory}/${dataDir}/projectMSDL.properties"; 29 | properties = pkgs.writeText "projectMSDL.properties" '' 30 | jprojectM.enableSplash: false 31 | projectM.droppedFolderOverride: true 32 | projectM.presetLocked: false 33 | projectM.presetPath: ${config.home.homeDirectory}/${visualizerDir}/presets/ 34 | projectM.texturePath: ${config.home.homeDirectory}/${visualizerDir}/textures/ 35 | window.borderless: true 36 | ''; 37 | in 38 | lib.hm.dag.entryAfter ["writeBoundary"] 39 | # bash 40 | '' 41 | $DRY_RUN_CMD mkdir -p "$(dirname ${file})" 42 | $DRY_RUN_CMD [[ -e ${file} ]] || cat ${properties} >${file} 43 | ''; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /modules/nixos/default/configs/programs.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | # List packages installed in system profile 7 | environment.systemPackages = with pkgs; [ 8 | arp-scan # arp-fingerprint arp-scan get-iab get-oui 9 | btop 10 | cachix 11 | curl # curl curl-config wcurl 12 | dig # arpaname ddns-confgen delv dig dnssec-cds dnssec-dsfromkey dnssec-importkey dnssec-keyfromlabel dnssec-keygen dnssec-ksr dnssec-revoke dnssec-settime dnssec-signzone dnssec-verify host mdig named named-checkconf named-checkzone named-compilezone named-journalprint named-rrchecker nsec3hash nslookup nsupdate rndc rndc-confgen tsig-keygen 13 | gnumake # make 14 | gnutar # tar 15 | home-manager 16 | htop 17 | inetutils # dnsdomainname ftp hostname ifconfig logger ping ping6 rcp rexec rlogin rsh talk telnet tftp traceroute whois 18 | jq 19 | libarchive # bsdcat bsdcpio bsdtar bsdunzip 20 | lsof 21 | mtr # mtr mtr-packet 22 | nmap # ncat nmap nping 23 | p7zip # 7z 7za 7zr 24 | pciutils # lspci pcilmr setpci 25 | rsync # rsync rsync-ssl 26 | sysstat # cifsiostat iostat mpstat pidstat sadf sar tapestat 27 | unzip # funzip unzip unzipsfx zipgrep zipinfo 28 | usbutils # lsusb lsusb.py usb-devices usbhid-dump usbreset 29 | zip # zip zipcloak zipnote zipsplit 30 | ]; 31 | 32 | # Default enable these common modules for all hosts 33 | programs = { 34 | git.enable = lib.mkDefault true; 35 | mosh.enable = lib.mkDefault true; 36 | rust-motd.enable = lib.mkDefault true; 37 | tmux.enable = lib.mkDefault true; 38 | zsh.enable = lib.mkDefault true; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /packages/mkScript.nix: -------------------------------------------------------------------------------- 1 | # perSystem.self.mkScript {} 2 | {pkgs, ...}: let 3 | inherit (builtins) isAttrs isPath isString readFile; 4 | inherit (pkgs) lib runtimeShell writeTextFile; 5 | inherit (lib) concatLines makeBinPath mapAttrsToList unique; 6 | 7 | fromPath = text: fromAttrs {inherit text;}; 8 | fromString = text: fromAttrs {inherit text;}; 9 | 10 | fromAttrs = { 11 | name ? "script", 12 | text ? "", 13 | path ? [], 14 | env ? {}, 15 | ... 16 | }: 17 | writeTextFile { 18 | inherit name; 19 | executable = true; 20 | destination = 21 | if name == "script" 22 | then "" 23 | else "/bin/${name}"; 24 | 25 | text = let 26 | # coreutils is always included in path 27 | path' = unique ([pkgs.coreutils] ++ path); 28 | in 29 | # bash 30 | '' 31 | #!${runtimeShell} 32 | set -euo pipefail 33 | export PATH="${makeBinPath path'}:''${PATH-}" 34 | 35 | '' 36 | + concatLines (mapAttrsToList (n: v: "export ${n}=\"${v}\"") env) 37 | + '' 38 | ${ 39 | if (isPath text) 40 | then readFile text 41 | else text 42 | } 43 | ''; 44 | 45 | meta = with lib; { 46 | mainProgram = name; 47 | description = "Personal shell script"; 48 | license = licenses.mit; 49 | platforms = platforms.all; 50 | }; 51 | }; 52 | in 53 | x: 54 | if (isString x) 55 | then (fromString x) 56 | else if (isPath x) 57 | then (fromPath x) 58 | else if (isAttrs x) 59 | then (fromAttrs x) 60 | else {} 61 | -------------------------------------------------------------------------------- /modules/home/default/configs/impermanence.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | osConfig, 4 | lib, 5 | ... 6 | }: let 7 | inherit (lib) mkOption types; 8 | in { 9 | options.persist = { 10 | storage.path = mkOption { 11 | description = "Path to storage directory"; 12 | type = types.str; 13 | default = "${osConfig.persist.storage.path}${config.home.homeDirectory}"; 14 | }; 15 | 16 | # Files relative to ~/ home 17 | storage.files = mkOption { 18 | description = "Home files to persist reboots and snapshot"; 19 | type = with types; listOf (either str attrs); 20 | default = []; 21 | example = [".bashrc"]; 22 | }; 23 | 24 | # Directories relative to ~/ home 25 | storage.directories = mkOption { 26 | description = "Home directories to persist reboots and snapshot"; 27 | type = with types; listOf (either str attrs); 28 | default = []; 29 | example = ["Documents"]; 30 | }; 31 | 32 | scratch.path = mkOption { 33 | description = "Path to scratch directory"; 34 | type = types.str; 35 | default = "${osConfig.persist.scratch.path}${config.home.homeDirectory}"; 36 | }; 37 | 38 | # Files relative to ~/ home 39 | scratch.files = mkOption { 40 | description = "Home files to persist reboots"; 41 | type = with types; listOf (either str attrs); 42 | default = []; 43 | example = [".bashrc"]; 44 | }; 45 | 46 | # Directories relative to ~/ home 47 | scratch.directories = mkOption { 48 | description = "Home directories to persist reboots"; 49 | type = with types; listOf (either str attrs); 50 | default = []; 51 | example = ["Documents"]; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /modules/nixos/default/options/bluetooth.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: { 7 | config = lib.mkIf config.hardware.bluetooth.enable { 8 | # Bluetuith client, and throw in bluetui as well 9 | environment.systemPackages = [ 10 | pkgs.bluez 11 | pkgs.unstable.bluetuith 12 | pkgs.bluetui 13 | ]; 14 | 15 | # Programs provided by bluez: 16 | # advtest avinfo avtest bcmfw bdaddr bluemoon bluetooth-player bluetoothctl bluetoothd 17 | # bluez-list-devices bluez-monitor-bluetooth bluez-simple-agent bluez-test-adapter bluez-test-device 18 | # bneptest btattach btconfig btgatt-client btgatt-server btinfo btiotest btmgmt btmon btmon-logger 19 | # btpclient btpclientctl btproxy btsnoop check-selftest ciptool cltest create-image eddystone 20 | # gatt-service gatttool hciattach hciconfig hcidump hcieventmask hcisecfilter hcitool hex2hcd hid2hci 21 | # hwdb ibeacon isotest l2ping l2test mcaptest mesh-cfgclient mesh-cfgtest meshctl mpris-proxy nokfw 22 | # obex-client-tool obex-server-tool obexctl obexd oobtest rctest rfcomm rtlfw scotest sdptool seq2bseq 23 | # test-runner 24 | 25 | # Root config for bluetuith (vim bindings) 26 | system.activationScripts.bluetuith = '' 27 | mkdir -p /root/.bluetuith 28 | printf '${builtins.toJSON { 29 | theme = {}; 30 | receive-dir = ""; 31 | keybindings = { 32 | NavigateDown = "j"; 33 | NavigateUp = "k"; 34 | Menu = "l"; 35 | Close = "h"; 36 | Quit = "q"; 37 | }; 38 | }}' >/root/.bluetuith/bluetuith.conf 39 | ''; 40 | 41 | # Persist bluetooth pairings between reboots 42 | persist.storage.directories = ["/var/lib/bluetooth"]; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /modules/home/desktop/hyprland/hypr/hyprbars.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: let 7 | cfg = config.wayland.windowManager.hyprland; 8 | inherit (lib) mkIf; 9 | in { 10 | wayland.windowManager.hyprland = mkIf cfg.enablePlugins { 11 | plugins = [pkgs.unstable.hyprlandPlugins.hyprbars]; 12 | 13 | settings = { 14 | "plugin:hyprbars" = with config.lib.stylix.colors; { 15 | bar_blur = true; 16 | bar_button_padding = 4; 17 | bar_color = "rgba(${base00-rgb-r},${base00-rgb-g},${base00-rgb-b},0.8)"; 18 | "col.text" = "rgba(${base05-rgb-r},${base05-rgb-g},${base05-rgb-b},0.8)"; 19 | bar_height = 25; 20 | bar_padding = 10; 21 | bar_part_of_window = false; 22 | bar_precedence_over_border = false; 23 | bar_text_font = "sanserif"; 24 | bar_text_size = 11; 25 | bar_title_enabled = true; 26 | icon_on_hover = true; 27 | 28 | # https://gist.github.com/lopspower/03fb1cc0ac9f32ef38f4 29 | hyprbars-button = let 30 | button = icon: size: command: "rgba(00000000), ${toString size}, ${icon}, ${command}"; 31 | in [ 32 | (button "" 20 "hyprctl dispatch exec hypr-togglegrouporkill") # kill 33 | (button "󰽤" 17 "hyprctl dispatch exec hypr-togglegrouporlock") # group 34 | # (button "󰔷" 18 "hyprctl dispatch exec hypr-togglespecial") # special 35 | (button "" 17 "hyprctl dispatch exec hypr-togglefloating") # window 36 | ]; 37 | 38 | on_double_click = "hyprctl dispatch fullscreen 1"; # fullscreen 39 | }; 40 | 41 | bindo = [ 42 | ", Escape, exec, hypr-toggletitlebars" 43 | "super, slash, exec, hypr-toggletitlebars" 44 | ]; 45 | }; 46 | }; 47 | } 48 | --------------------------------------------------------------------------------