cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: cilly:master
Branches Tags
cilly:master
cilly:feat/immich
cilly:feat/restic
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2
..
compare: cilly:dev/workflow
Branches Tags
cilly:feat/immich
cilly:feat/restic
cilly:master
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2

No commits in common. "master" and "dev/workflow" have entirely different histories.
master ... dev/workfl

159 changed files with 1911 additions and 3234 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.git-crypt/.gitattributes vendored
View file

@ -1,4 +0,0 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

BIN
.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg
View file

Binary file not shown.

1
.gitattributes vendored
View file

@ -1 +0,0 @@
secrets.gcrypt/** filter=git-crypt diff=git-crypt

4
.github/workflows/autoupdate.yml vendored
View file

@ -12,8 +12,6 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_TOKEN }}
- name: Check for updates - name: Check for updates
id: check id: check
@ -46,5 +44,5 @@ jobs:
if: steps.check.outputs.skip == 0 if: steps.check.outputs.skip == 0
uses: ad-m/github-push-action@master uses: ad-m/github-push-action@master
with: with:
github_token: ${{ secrets.PAT_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.check.outputs.branch_name }} branch: ${{ steps.check.outputs.branch_name }}

28
.github/workflows/cachix.yml vendored
View file

@ -5,23 +5,29 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
build: check:
name: Build linux-lava for x86_64-linux name: Check flake
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
# credits to https://github.com/easimon/maximize-build-space/issues/45
- name: Remove unneeded packages to maximise build space
shell: bash
run: |
df -h
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
df -h
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v31
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v14
with:
name: lava
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix flake check --keep-going --verbose
build:
name: Build linux-lava for x86_64-linux
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: cachix/install-nix-action@v31
- uses: cachix/cachix-action@v14
with: with:
name: lava name: lava
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

47
containers/amethyst/configuration.nix
View file

@ -1,47 +0,0 @@
{ lib, pkgs, ... }: {
system.stateVersion = "23.11";
systemd.tmpfiles.rules = [
"d /persist/transmission 755 transmission transmission"
"d /persist/transmission/.config/transmission-daemon 750 transmission transmission"
"d /persist/transmission/.incomplete 750 transmission transmission"
"d /persist/transmission/Downloads 755 transmission transmission"
"d /persist/transmission/watchdir 755 transmission transmission"
];
networking.wg-quick.interfaces.wg0 = {
configFile = "/persist/vpn.conf";
preUp = ''
# Try to access the DNS for up to 300s
for i in {1..60}; do
${pkgs.iputils}/bin/ping -c1 'google.com' && break
echo "Attempt $i: DNS still not available"
sleep 5s
done
'';
};
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.transmission = {
enable = true;
package = pkgs.transmission_4;
downloadDirPermissions = "775";
openFirewall = true;
home = "/persist/transmission";
settings = {
ratio-limit-enabled = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-port = 9091;
rpc-host-whitelist-enabled = false;
rpc-whitelist-enabled = false;
};
};
}

27
containers/amethyst/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

51
containers/amethyst/flake.nix
View file

@ -1,51 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }:
let
name = "amethyst";
fqdn = "amethyst.lava.moe";
subnet = "1";
in {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
#locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.${subnet}.1";
localAddress = "10.30.${subnet}.2";
hostAddress6 = "fd0d:1::${subnet}:1";
localAddress6 = "fd0d:1::${subnet}:2";
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

23
containers/beryllium/configuration.nix
View file

@ -1,23 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
fileSystems."/var/lib/private" = {
device = "/persist";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 6167 ];
networking.firewall.allowedUDPPorts = [ 6167 ];
# TODO: this should be generically set
networking.useHostResolvConf = false;
networking.nameservers = [ "8.8.8.8" ];
services.matrix-continuwuity = {
enable = true;
settings.global = {
# TODO: link this with outer container's address
address = [ "10.30.2.2" ];
server_name = "lava.moe";
rocksdb_recovery_mode = 2;
};
};
}

27
containers/beryllium/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

69
containers/beryllium/flake.nix
View file

@ -1,69 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }:
let
name = "beryllium";
fqdn = "beryllium.lava.moe";
subnet = "2";
in {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".extraConfig = "return 302 'https://lava.moe';";
locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
};
services.nginx.virtualHosts."lava.moe" = {
locations."= /.well-known/matrix/server".extraConfig =
let
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
# "m.identity_server" = { "base_url" = "https://vector.im"; };
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.${subnet}.1";
localAddress = "10.30.${subnet}.2";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
};
};
};
}

53
containers/citrine/configuration.nix
View file

@ -1,53 +0,0 @@
{ config, fqdn, lib, ... }: {
system.stateVersion = "25.11";
networking.firewall.allowedTCPPorts = [ 22 3000 ];
networking.firewall.allowedUDPPorts = [ 22 3000 ];
systemd.tmpfiles.rules = [
"L+ /persist/forgejo/custom/templates - - - - ${./templates}"
];
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
DEFAULT.APP_NAME = "cilly's botanical laboratory";
server = {
DOMAIN = fqdn;
ROOT_URL = "https://${fqdn}/";
HTTP_PORT = 3000;
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
SSH_DOMAIN = "git.lava.moe";
SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256";
};
ui = lib.mkForce {
DEFAULT_THEME = "catppuccin-maroon-auto";
THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [
"catppuccin-pink"
"catppuccin-maroon"
"catppuccin-flamingo"
"catppuccin-rosewater"
"forgejo"
"gitea"
];
};
api.ENABLE_SWAGGER = false;
other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
repository.ENABLE_PUSH_CREATE_USER = true;
repository.ENABLE_PUSH_CREATE_ORG = true;
service.DISABLE_REGISTRATION = true;
};
stateDir = "/persist/forgejo";
};
systemd.services.forgejo.serviceConfig = {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
PrivateUsers = lib.mkForce false;
};
catppuccin.forgejo.enable = true;
environment.systemPackages = [ config.services.forgejo.package ];
}

62
containers/citrine/flake.lock generated
View file

@ -1,62 +0,0 @@
{
"nodes": {
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773403535,
"narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
"owner": "catppuccin",
"repo": "nix",
"rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1773122722,
"narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"catppuccin": "catppuccin",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

68
containers/citrine/flake.nix
View file

@ -1,68 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
catppuccin.url = "github:catppuccin/nix";
};
outputs = { nixpkgs, catppuccin, ... }:
let
name = "citrine";
fqdn = "lab.lava.moe";
subnetId = "3";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
catppuccin.nixosModules.catppuccin
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:3000";
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

31
containers/citrine/templates/base/footer_content.tmpl
View file

@ -1,31 +0,0 @@
<footer class="page-footer" role="group" aria-label="{{ctx.Locale.Tr "aria.footer"}}">
<div class="left-links" role="contentinfo" aria-label="{{ctx.Locale.Tr "aria.footer.software"}}">
{{if ShowFooterPoweredBy}}
<a target="_blank" rel="noopener noreferrer" href="https://forgejo.org">Forgejo</a>
{{end}}
{{if (or .ShowFooterVersion .PageIsAdmin)}}
{{if .IsAdmin}}
<a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
{{else}}
{{AppVerNoMetadata}}
{{end}}
{{end}}
{{if and .TemplateLoadTimes ShowFooterTemplateLoadTime}}
{{ctx.Locale.Tr "page"}}: <strong>{{LoadTimes .PageStartTime}}</strong>
{{ctx.Locale.Tr "template"}}{{if .TemplateName}} {{.TemplateName}}{{end}}: <strong>{{call .TemplateLoadTimes}}</strong>
{{end}}
</div>
<div class="right-links" role="group" aria-label="{{ctx.Locale.Tr "aria.footer.links"}}">
<div class="ui dropdown upward language">
<span class="flex-text-inline">{{svg "octicon-globe" 14}} {{ctx.Locale.LangName}}</span>
<div class="menu language-menu">
{{range .AllLangs}}
<a lang="{{.Lang}}" data-url="{{AppSubUrl}}/?lang={{.Lang}}" class="item {{if eq ctx.Locale.Lang .Lang}}active selected{{end}}">{{.Name}}</a>
{{end}}
</div>
</div>
<a href="{{AssetUrlPrefix}}/licenses.txt">{{ctx.Locale.Tr "licenses"}}</a>
{{if .EnableSwagger}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
{{template "custom/extra_links_footer" .}}
</div>
</footer>

19
containers/citrine/templates/home.tmpl
View file

@ -1,19 +0,0 @@
{{template "base/head" .}}
{{if not .IsSigned}}
<script>window.location.href = "/explore/repos";</script>
{{end}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8">
<div class="center">
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
<div class="hero">
<h1 class="ui icon header title">
{{AppDisplayName}}
</h1>
<h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
</div>
</div>
</div>
{{template "home_forgejo" .}}
</div>
{{template "base/footer" .}}

22
containers/diamond/configuration.nix
View file

@ -1,22 +0,0 @@
{ fqdn, ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/vaultwarden 755 vaultwarden vaultwarden"
];
fileSystems."/var/lib/vaultwarden" = {
device = "/persist/vaultwarden";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 8000 ];
networking.firewall.allowedUDPPorts = [ 8000 ];
services.vaultwarden = {
enable = true;
domain = fqdn;
config = {
DOMAIN = "https://${fqdn}";
ROCKET_ADDRESS = "::";
};
};
}

27
containers/diamond/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

51
containers/diamond/flake.nix
View file

@ -1,51 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "diamond";
fqdn = "astransia.lava.moe";
subnetId = "4";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
modules = [
./configuration.nix
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { ... }: {
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:8000";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

23
containers/emerald/configuration.nix
View file

@ -1,23 +0,0 @@
{ fqdn, shareFqdn, ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/navidrome 755 navidrome navidrome"
];
networking.firewall.allowedTCPPorts = [ 4533 ];
networking.firewall.allowedUDPPorts = [ 4533 ];
services.navidrome = {
enable = true;
environmentFile = "/binds/navidrome_env";
settings = {
Port = 4533;
Address = "[::]";
BaseUrl = "https://${fqdn}/";
ShareURL = "https://${shareFqdn}";
EnableSharing = true;
DataFolder = "/persist/navidrome";
MusicFolder = "/binds/music/main";
};
};
systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"];
}

27
containers/emerald/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

78
containers/emerald/flake.nix
View file

@ -1,78 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "emerald";
fqdn = "navia.lava.moe";
shareFqdn = "muse.lava.moe";
subnetId = "5";
subnet = x: "fd0d:2::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.32.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:4533";
listenAddresses = [ "100.67.2.1" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn shareFqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."music" = {
hostPath = "/flower/media/music";
mountPoint = "/binds/music";
isReadOnly = true;
};
bindMounts."navidrome_env" = {
hostPath = config.age.secrets.navidrome_env.path;
mountPoint = "/binds/navidrome_env";
isReadOnly = true;
};
# flake = "path:" + ./.;
};
};
};
}

22
containers/fluorite/configuration.nix
View file

@ -1,22 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/slskd/Downloads 755 slskd slskd"
];
fileSystems."/var/lib/slskd" = {
device = "/persist/slskd";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 5030 50300 ];
networking.firewall.allowedUDPPorts = [ 5030 50300 ];
services.slskd = {
enable = true;
domain = null;
environmentFile = "/binds/slskd_env";
settings = {
shares.directories = [ "/binds/music/" ];
};
};
}

27
containers/fluorite/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

89
containers/fluorite/flake.nix
View file

@ -1,89 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "fluorite";
fqdn = "fluorite.lava.moe";
subnetId = "6";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
networking.firewall.allowedTCPPorts = [ 50300 ];
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:5030";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
};
systemd.tmpfiles.rules = [
"d /persist/containers/${name} 755 root users"
"d /persist/media/music 075 nobody users"
];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
forwardPorts = [
{
containerPort = 50300;
hostPort = 50300;
protocol = "tcp";
}
];
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."music" = {
hostPath = "/persist/media/music";
mountPoint = "/binds/music";
isReadOnly = true;
};
bindMounts."slskd_env" = {
hostPath = config.age.secrets.slskd_env.path;
mountPoint = "/binds/slskd_env";
isReadOnly = true;
};
# flake = "path:" + ./.;
};
};
};
}

36
containers/garnet/configuration.nix
View file

@ -1,36 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
fileSystems."/var/lib/opencloud" = {
device = "/flower/data";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/etc/opencloud" = {
device = "/persist/cfg";
fsType = "none";
options = [ "bind" ];
};
# TODO: hardcoded address
networking.extraHosts = ''
100.67.2.1 cloud.lava.moe
'';
networking.firewall.allowedTCPPorts = [ 9200 ];
networking.firewall.allowedUDPPorts = [ 9200 ];
environment.etc."opencloud-admin-pass".text = ''
IDM_ADMIN_PASSWORD=supersillysecure
'';
services.opencloud = {
enable = true;
url = "https://cloud.lava.moe";
address = "10.30.7.2";
port = 9200;
environment = {
PROXY_TLS = "false";
IDP_ACCESS_TOKEN_EXPIRATION = "2592000";
IDP_ID_TOKEN_EXPIRATION = "2592000";
};
environmentFile = "/etc/opencloud-admin-pass";
};
}

27
containers/garnet/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

84
containers/garnet/flake.nix
View file

@ -1,84 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "garnet";
fqdn = "cloud.lava.moe";
subnetId = "7";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/" = {
proxyPass = "http://${client4}:9200";
proxyWebsockets = true;
};
extraConfig = ''
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
keepalive_requests 100000;
keepalive_timeout 5m;
http2_max_concurrent_streams 512;
'';
# TODO: hardcoded address
listenAddresses = [ "100.67.2.1" ];
};
systemd.tmpfiles.rules = [
"d /persist/containers/${name} 755 root users"
];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."content" = {
hostPath = "/flower/opencloud";
mountPoint = "/flower";
isReadOnly = false;
};
};
};
};
}

750
flake.lock generated
View file

File diff suppressed because it is too large Load diff

36
flake.nix
View file

@ -2,27 +2,24 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
aagl.url = "github:ezKEa/aagl-gtk-on-nix"; aagl.url = "github:ezKEa/aagl-gtk-on-nix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
catppuccin.url = "github:catppuccin/nix/8eada392fd6571a747e1c5fc358dd61c14c8704e"; catppuccin.url = "github:catppuccin/nix/8eada392fd6571a747e1c5fc358dd61c14c8704e";
catppuccin.inputs.nixpkgs.follows = "nixpkgs"; catppuccin.inputs.nixpkgs.follows = "nixpkgs";
catppuccin-palette = { url = "github:catppuccin/palette"; flake = false; }; catppuccin-palette = { url = "github:catppuccin/palette"; flake = false; };
neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.url = "github:fufexan/nix-gaming";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
spicetify-nix.url = "github:Gerg-L/spicetify-nix"; spicetify-nix.url = "github:Gerg-L/spicetify-nix";
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
# services # services
pastel.url = "github:cillynder/pastel"; # hosts-blocklists = { url = "github:notracking/hosts-blocklists"; flake = false; };
stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; }; # website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; };
website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; };
# zsh plugins # zsh plugins
zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; }; zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; };
@ -36,15 +33,6 @@
spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; }; spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; };
tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; }; tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; };
wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; };
# containers
c-amethyst.url = "path:./containers/amethyst";
c-beryllium.url = "path:./containers/beryllium";
c-citrine.url = "path:./containers/citrine";
c-diamond.url = "path:./containers/diamond";
c-emerald.url = "path:./containers/emerald";
c-fluorite.url = "path:./containers/fluorite";
c-garnet.url = "path:./containers/garnet";
}; };
outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs:
@ -63,7 +51,7 @@
mkSystem = mkSystem =
if !(self ? rev) then throw "Dirty git tree detected." else if !(self ? rev) then throw "Dirty git tree detected." else
nixpkgs: name: arch: extraModules: nixpkgs.lib.nixosSystem { nixpkgs: name: arch: enableGUI: extraModules: nixpkgs.lib.nixosSystem {
system = arch; system = arch;
modules = [ modules = [
({ ({
@ -74,17 +62,14 @@
(./hosts + "/${name}") (./hosts + "/${name}")
] ++ extraModules; ] ++ extraModules;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs enableGUI;
modules = import ./modules { lib = nixpkgs.lib; }; modules = import ./modules { lib = nixpkgs.lib; };
gcSecrets = builtins.fromJSON (builtins.readFile "${self}/secrets.gcrypt/shared.json");
}; };
}; };
in in
{ {
nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" []; nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" true [];
nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" true [];
nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" [];
nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" [];
packages."x86_64-linux" = packages."x86_64-linux" =
let let
@ -95,7 +80,6 @@
in in
{ {
inherit (pkgs.me) linux-lava spotify-adblock; inherit (pkgs.me) linux-lava spotify-adblock;
linux-lava-ccache = pkgs.me.linux-lava.override { useCcache = true; };
}; };
}; };
} }

45
hosts/alyssum/default.nix
View file

@ -1,45 +0,0 @@
{ inputs, lib, modules, modulesPath, ... }: {
networking.hostName = "alyssum";
system.stateVersion = "25.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
passwd.file = ../../secrets/passwd.age;
navidrome_env.file = ../../secrets/navidrome_env.age;
wpa_conf = {
file = ../../secrets/wpa_conf.age;
path = "/etc/wpa_supplicant/imperative.conf";
symlink = false;
};
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
home-manager
base
kernel
nix-stable
packages
security
tailscale
modules.services.nginx
modules.services.syncthing
inputs.c-emerald.nixosModule
inputs.c-garnet.nixosModule
./filesystem.nix
./kernel.nix
./networking.nix
./home.syncthing.nix
./samba.nix
../../users/hana
];
me.environment = "headless";
services.syncthing.user = lib.mkForce "hana";
}

35
hosts/alyssum/filesystem.nix
View file

@ -1,35 +0,0 @@
{ ... }:
let
bind = src: {
depends = [ "/nix" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
mkLabelMount = label: type: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
submount = mkBtrfsMount "alyssum";
in {
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
};
"/boot" = mkLabelMount "stem" "vfat";
"/flower" = mkBtrfsMount "myosotis" "/@" true;
"/nix" = submount "/@/nix" false;
"/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
"/persist/.snapshots" = submount "/snap/persist" false;
"/var/log/journal" = bind "/persist/journal";
};
}

39
hosts/alyssum/home.syncthing.nix
View file

@ -1,39 +0,0 @@
{ config, lib, ... }:
let
configOn = user: port: {
me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";
systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
users.users.${user} = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
linger = true;
};
home-manager.users.${user} = { ... }: {
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "26.05";
};
services.syncthing = {
enable = true;
guiAddress = "[::]:${toString port}";
overrideDevices = false;
overrideFolders = false;
settings = {
options.listenAddresses = [
"tcp://0.0.0.0:2${toString port}"
"quic://0.0.0.0:2${toString port}"
"dynamic+https://relays.syncthing.net/endpoint"
];
defaults.folder.path = "/flower/syncthing/${user}";
};
};
};
};
in lib.mkMerge [
(configOn "kujira" 8385)
(configOn "cilly" 8386)
]

12
hosts/alyssum/kernel.nix
View file

@ -1,12 +0,0 @@
{ config, lib, ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
};
hardware.cpu.amd.updateMicrocode = true;
}

15
hosts/alyssum/networking.nix
View file

@ -1,15 +0,0 @@
{ config, ... }: {
networking = {
useDHCP = true;
wireless.enable = true;
interfaces.wlp1s0.useDHCP = false;
interfaces.wlp1s0.ipv4.addresses = [{
address = "192.168.1.167";
prefixLength = 24;
}];
defaultGateway = "192.168.1.1";
nameservers = [ "8.8.8.8" "8.8.4.4" ];
};
}

14
hosts/alyssum/packages.nix
View file

@ -1,14 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
git
htop
jq
neovim
rsync
sshfs
wget
kitty.terminfo
];
environment.variables.EDITOR = "nvim";
}

84
hosts/alyssum/samba.nix
View file

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
let
configOn = user: let
passwd_fname = "passwd_smb${user}";
in {
age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}";
me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
users.users.${user} = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
};
system.activationScripts = {
init_smbpasswd.text = let
smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
in ''
printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
'';
};
services.samba.settings."${user}" = {
"path" = "/flower/smb/${user}";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = user;
"force group" = "users";
"valid users" = user;
};
};
in lib.mkMerge [
(configOn "cilly")
(configOn "kujira")
{
me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
networking.firewall.allowPing = true;
services.samba = {
enable = true;
package = pkgs.samba4Full;
openFirewall = true;
settings = {
global = {
"server smb encrypt" = "required";
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
"public" = {
"path" = "/flower/smb/public";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "hana";
"force group" = "users";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish.enable = true;
publish.userServices = true;
};
}
]

26
hosts/anemone/default.nix
View file

@ -5,7 +5,6 @@
nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ];
age.secrets = { age.secrets = {
wg_anemone.file = ../../secrets/wg_anemone.age;
passwd.file = ../../secrets/passwd.age; passwd.file = ../../secrets/passwd.age;
}; };
@ -17,9 +16,8 @@
bluetooth bluetooth
ccache ccache
corectrl corectrl
docker
flatpak flatpak
greetd greetd_wayland
gui gui
input input
kernel kernel
@ -28,25 +26,21 @@
printing printing
security security
snapper snapper
tailscale
wireguard
./filesystem.nix ./filesystem.nix
./kernel.nix ./kernel.nix
./networking.nix ./networking.nix
../../users/rin ../../users/rin/wayland.nix
modules.services.syncthing
]; ];
me = { programs.hyprland.enable = true;
environment = "laptop"; security.pam.services.hyprlock = {};
batteryDevice = "BATT";
kbBacklightDevice = "asus::kbd_backlight"; # For steam fhs-env
hasFingerprint = true; nixpkgs.config.permittedInsecurePackages = [
hidpi = true; "openssl-1.1.1w"
}; ];
programs.wireshark = { programs.wireshark = {
enable = true; enable = true;
@ -55,6 +49,4 @@
services.fprintd.enable = true; services.fprintd.enable = true;
services.tlp.enable = true; services.tlp.enable = true;
programs.kdeconnect.enable = true;
} }

17
hosts/anemone/kernel.nix
View file

@ -23,22 +23,17 @@
]; ];
}; };
# swapDevices = [{ swapDevices = [{
# device = "/persist/swapfile"; device = "/persist/swapfile";
# size = 16 * 1024; size = 16 * 1024;
# }]; }];
#
# systemd.sleep.extraConfig = ''
# HibernateMode=shutdown
# '';
/*
services.logind.lidSwitch = "suspend-then-hibernate"; services.logind.lidSwitch = "suspend-then-hibernate";
systemd.sleep.extraConfig = '' systemd.sleep.extraConfig = ''
HibernateDelaySec=14400 HibernateDelaySec=14400
SuspendEstimationSec=3600 SuspendEstimationSec=3600
HibernateOnACPower=true HibernateOnACPower=false
''; '';
*/
powerManagement.cpufreq.min = 400000; powerManagement.cpufreq.min = 400000;

16
hosts/anemone/networking.nix
View file

@ -1,4 +1,18 @@
{ config, ... }: { { config, ... }: {
networking.wireless.iwd.enable = true; networking = {
#nameservers = [ "8.8.8.8" "8.8.4.4" ];
#wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf";
networkmanager = {
enable = true;
#dns = "none";
};
extraHosts = ''
192.168.100.16 hyacinth
'';
};
environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections"; environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections";
} }

44
hosts/dandelion/default.nix
View file

@ -1,44 +0,0 @@
{ inputs, modules, modulesPath, ... }: {
networking.hostName = "dandelion";
system.stateVersion = "23.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
slskd_env.file = ../../secrets/slskd_env.age;
wg_dandelion.file = ../../secrets/wg_dandelion.age;
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
home-manager
base
kernel
nix-stable
packages
security
tailscale
wireguard
modules.services.banksia
modules.services.nginx
modules.services.unbound
modules.services.website
inputs.c-amethyst.nixosModule
inputs.c-beryllium.nixosModule
inputs.c-citrine.nixosModule
inputs.c-diamond.nixosModule
inputs.c-fluorite.nixosModule
./filesystem.nix
./kernel.nix
./networking.nix
./nginx.nix
../../users/hana
];
me.environment = "headless";
}

34
hosts/dandelion/filesystem.nix
View file

@ -1,34 +0,0 @@
{ ... }:
let
bind = src: {
depends = [ "/nix" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
mkLabelMount = label: type: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
submount = mkBtrfsMount "DANDELION";
in {
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=6G" "mode=755" ];
};
"/boot" = mkLabelMount "UEFI" "vfat";
"/nix" = submount "/@/nix" false;
"/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
"/persist/.snapshots" = submount "/snap/persist" false;
"/var/log/journal" = bind "/persist/journal";
};
}

10
hosts/dandelion/kernel.nix
View file

@ -1,10 +0,0 @@
{ ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
initrd.kernelModules = [ "nvme" ];
};
}

4
hosts/dandelion/networking.nix
View file

@ -1,4 +0,0 @@
{ ... }: {
networking.useDHCP = true;
networking.interfaces.enp2s0.useDHCP = false;
}

8
hosts/dandelion/nginx.nix
View file

@ -1,8 +0,0 @@
{ ... }: {
services.nginx.virtualHosts."muse.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "404";
locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
};
}

14
hosts/dandelion/packages.nix
View file

@ -1,14 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
git
htop
jq
neovim
rsync
sshfs
wget
kitty.terminfo
];
environment.variables.EDITOR = "nvim";
}

22
hosts/hyacinth/default.nix
View file

@ -3,10 +3,11 @@
system.stateVersion = "21.11"; system.stateVersion = "21.11";
time.timeZone = "Australia/Melbourne"; time.timeZone = "Australia/Melbourne";
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ];
age.secrets = { age.secrets = {
passwd.file = ../../secrets/passwd.age; passwd.file = ../../secrets/passwd.age;
wg_hyacinth.file = ../../secrets/wg_hyacinth.age; wg_hyacinth.file = ../../secrets/wg_blossom.age;
wpa_conf.file = ../../secrets/wpa_conf.age; wpa_conf.file = ../../secrets/wpa_conf.age;
}; };
imports = with modules.system; [ imports = with modules.system; [
@ -18,9 +19,9 @@
bluetooth bluetooth
ccache ccache
corectrl corectrl
docker
flatpak flatpak
greetd #greetd_xorg
greetd_wayland
gui gui
input input
kernel kernel
@ -29,19 +30,24 @@
printing printing
security security
snapper snapper
tailscale virtualisation
wireguard
modules.services.syncthing modules.services.postgres
./filesystem.nix ./filesystem.nix
./kernel.nix ./kernel.nix
./networking.nix ./networking.nix
./packages.nix ./packages.nix
../../users/rin #../../users/rin/xorg.nix
../../users/rin/wayland.nix
]; ];
services.postgresql.ensureDatabases = [ "barista" "barista-dev" ];
programs.hyprland.enable = true;
systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp";
me.hasBluetooth = true; # For steam fhs-env
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
];
} }

2
hosts/hyacinth/filesystem.nix
View file

@ -15,7 +15,7 @@ in
"/" = { "/" = {
device = "rootfs"; device = "rootfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=24G" "mode=755" ]; options = [ "defaults" "size=8G" "mode=755" ];
}; };
"/boot" = mkLabelMount "CUP" "vfat"; "/boot" = mkLabelMount "CUP" "vfat";

12
hosts/hyacinth/kernel.nix
View file

@ -13,8 +13,12 @@
]; ];
kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava); kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava);
}; };
hardware.amdgpu.overdrive = { services.xserver.xrandrHeads = [{
enable = true; output = "DP-1";
ppfeaturemask = "0xffffffff"; primary = true;
}; monitorConfig = ''
Modeline "2560x1440_144.00" 808.75 2560 2792 3072 3584 1440 1443 1448 1568 -hsync +vsync
Option "PreferredMode" "2560x1440_144.00"
'';
}];
} }

5
hosts/hyacinth/networking.nix
View file

@ -3,13 +3,12 @@
networking = { networking = {
useDHCP = true; useDHCP = true;
interfaces.enp5s0.useDHCP = false; interfaces.enp5s0.useDHCP = false;
interfaces.enp5s0.wakeOnLan.enable = true;
interfaces.enp5s0.ipv4.addresses = [{ interfaces.enp5s0.ipv4.addresses = [{
address = "192.168.1.201"; address = "192.168.0.151";
prefixLength = 24; prefixLength = 24;
}]; }];
defaultGateway = "192.168.1.1"; defaultGateway = "192.168.0.1";
nameservers = [ "8.8.8.8" "8.8.4.4" ]; nameservers = [ "8.8.8.8" "8.8.4.4" ];
extraHosts = '' extraHosts = ''

4
hosts/hyacinth/packages.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, ... }: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
discord android-studio
jetbrains.idea jetbrains.idea-community-bin
texliveFull texliveFull
]; ];
} }

13
modules/binds.nix
View file

@ -1,13 +0,0 @@
{ config, lib, ...}: {
imports = [ ./options.nix ];
fileSystems = lib.mapAttrs (dest: key: let
target = if (lib.strings.hasPrefix "/" key)
then key
else "/persist/binds/${key}";
in {
depends = [ "/persist" ];
device = target;
fsType = "none";
options = [ "bind" ];
}) config.me.binds;
}

22
modules/default.nix
View file

@ -14,21 +14,15 @@ let
}) paths }) paths
); );
in { in {
binds = ./binds.nix;
options = ./options.nix;
services = mkAttrsFromPaths [ services = mkAttrsFromPaths [
./services/banksia.nix
./services/jellyfin.nix ./services/jellyfin.nix
./services/nginx.nix ./services/nginx.nix
./services/postgres.nix ./services/postgres.nix
./services/sonarr.nix ./services/sonarr.nix
./services/synapse.nix ./services/synapse.nix
./services/syncthing.nix
./services/tmptsync.nix ./services/tmptsync.nix
./services/transmission.nix
./services/unbound.nix ./services/unbound.nix
./services/vaultwarden.nix ./services/vaultwarden.nix
./services/website.nix
]; ];
system = mkAttrsFromPaths [ system = mkAttrsFromPaths [
./system/aagl.nix ./system/aagl.nix
@ -37,9 +31,9 @@ in {
./system/bluetooth.nix ./system/bluetooth.nix
./system/ccache.nix ./system/ccache.nix
./system/corectrl.nix ./system/corectrl.nix
./system/docker.nix
./system/flatpak.nix ./system/flatpak.nix
./system/greetd.nix ./system/greetd_wayland.nix
./system/greetd_xorg.nix
./system/gui.nix ./system/gui.nix
./system/home-manager.nix ./system/home-manager.nix
./system/input.nix ./system/input.nix
@ -50,16 +44,17 @@ in {
./system/printing.nix ./system/printing.nix
./system/security.nix ./system/security.nix
./system/snapper.nix ./system/snapper.nix
./system/tailscale.nix ./system/transmission.nix
./system/virtualisation.nix ./system/virtualisation.nix
./system/wireguard.nix ./system/wireguard.nix
]; ];
user = mkAttrsFromPaths [ user = mkAttrsFromPaths [
./user/bspwm.nix
./user/catppuccin.nix ./user/catppuccin.nix
./user/comma.nix
./user/direnv.nix ./user/direnv.nix
./user/dunst.nix ./user/dunst.nix
./user/eww.nix ./user/eww.nix
./user/eww-wayland.nix
./user/git.nix ./user/git.nix
./user/gpg.nix ./user/gpg.nix
./user/hypridle.nix ./user/hypridle.nix
@ -70,11 +65,18 @@ in {
./user/neovim-minimal.nix ./user/neovim-minimal.nix
./user/npm.nix ./user/npm.nix
./user/obs.nix ./user/obs.nix
./user/packages-rin.nix
./user/pass.nix
./user/picom.nix
./user/polybar.nix
./user/rofi.nix ./user/rofi.nix
./user/rofi-wayland.nix
./user/sessionVariables.nix ./user/sessionVariables.nix
./user/spicetify.nix ./user/spicetify.nix
./user/sxhkd.nix
./user/theming.nix ./user/theming.nix
./user/xdg.nix ./user/xdg.nix
./user/xorg.nix
./user/zsh.nix ./user/zsh.nix
]; ];
} }

53
modules/options.nix
View file

@ -1,53 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkOption
types;
in {
options.me = {
environment = mkOption {
type = types.enum [ "desktop" "laptop" "headless" ];
default = "desktop";
};
hasFingerprint = mkOption {
type = types.bool;
default = false;
};
gui = mkOption {
type = types.bool;
default = config.me.environment != "headless";
};
batteryDevice = mkOption {
type = with types; nullOr (uniq str);
default = null;
};
kbBacklightDevice = mkOption {
type = with types; nullOr (uniq str);
default = null;
};
hasBluetooth = mkOption {
type = types.bool;
default = config.me.environment == "laptop";
};
hasWifi = mkOption {
type = types.bool;
default = config.me.environment == "laptop";
};
hidpi = mkOption {
type = types.bool;
default = false;
};
binds = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
};
}

11
modules/services/banksia.nix
View file

@ -1,11 +0,0 @@
# TODO ^^
{ ... }: {
services.nginx.virtualHosts = {
"banksia.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "302 https://lab.lava.moe/cilly/Banksia";
locations."/api".proxyPass = "http://localhost:8080/";
};
};
}

36
modules/services/nginx.nix
View file

@ -1,21 +1,18 @@
{ config, ... }: { { config, inputs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = {
email = "me@lava.moe"; email = "me@lava.moe";
group = "nginx";
dnsProvider = "cloudflare";
environmentFile = config.age.secrets."acme_dns".path;
};
certs."lava.moe" = { certs."lava.moe" = {
group = "nginx";
domain = "lava.moe";
extraDomainNames = [ extraDomainNames = [
"*.lava.moe" "*.lava.moe"
"*.local.lava.moe" "*.local.lava.moe"
]; ];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."acme_dns".path;
}; };
certs."cilly.moe" = {};
certs."cilly.dev" = {};
}; };
services.nginx = { services.nginx = {
@ -24,5 +21,28 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = {
"lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = inputs.website.outPath;
};
"cdn.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = "/persist/cdn";
};
"_" = {
default = true;
addSSL = true;
# TODO generate this somewhere
sslCertificate = "/persist/fakeCerts/fake.crt";
sslCertificateKey = "/persist/fakeCerts/fake.key";
extraConfig = ''
return 444;
'';
};
};
}; };
} }

1
modules/services/postgres.nix
View file

@ -8,7 +8,6 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
dataDir = dir; dataDir = dir;
# TODO: broken :3
package = pkgs.postgresql_13; package = pkgs.postgresql_13;
authentication = lib.mkOverride 10 '' authentication = lib.mkOverride 10 ''
#type database DBuser origin-address auth-method #type database DBuser origin-address auth-method

23
modules/services/syncthing.nix
View file

@ -1,23 +0,0 @@
{ config, ... }:
let
dir = "/persist/shared/.syncthing";
user = if config.me.gui then "rin" else "hana";
uid = toString config.users.users."${user}".uid;
gid = toString config.users.groups.users.gid;
in
{
systemd.tmpfiles.rules = [
"d ${dir}/config 700 ${uid} ${gid}"
"d ${dir}/data 700 ${uid} ${gid}"
];
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
services.syncthing = {
enable = true;
openDefaultPorts = true;
user = user;
group = "users";
dataDir = "/persist/shared/.syncthing/data";
configDir = "/persist/shared/.syncthing/config";
guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384";
};
}

27
modules/services/unbound.nix
View file

@ -1,17 +1,8 @@
{ inputs, pkgs, gcSecrets, ... }: { inputs, ... }:
let let
dir = "/persist/unbound"; dir = "/persist/unbound";
converted = pkgs.runCommand "stevenblack-hosts-unbound" {} ''
echo "server:" > "$out"
grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out"
'';
in { in {
networking.firewall.interfaces."ve-+" = { networking.firewall.interfaces.wlan0 = {
allowedUDPPorts = [ 53 853 ];
allowedTCPPorts = [ 53 853 ];
};
networking.firewall.interfaces.wg0 = {
allowedUDPPorts = [ 53 853 ]; allowedUDPPorts = [ 53 853 ];
allowedTCPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ];
}; };
@ -25,27 +16,17 @@ in {
name = "."; name = ".";
forward-tls-upstream = true; forward-tls-upstream = true;
forward-addr = [ forward-addr = [
"2606:4700:4700::1111@853#cloudflare-dns.com"
"2606:4700:4700::1001@853#cloudflare-dns.com"
"2001:4860:4860::8888@853#dns.google"
"2001:4860:4860::8844@853#dns.google"
"1.1.1.1@853#cloudflare-dns.com" "1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
]; ];
}]; }];
server = { server = {
interface = [ "0.0.0.0" "::0" ]; interface = [ "0.0.0.0" ];
access-control = [ access-control = [
"127.0.0.1/8 allow" "127.0.0.1/8 allow"
"10.0.0.0/8 allow" "10.0.0.0/8 allow"
"100.64.0.0/10 allow"
"192.168.100.0/24 allow" "192.168.100.0/24 allow"
"fd0d::/16 allow"
"fd7a:115c:a1e0::/48 allow"
"${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
]; ];
domain-insecure = [ "\"local.lava.moe\"" ]; domain-insecure = [ "\"local.lava.moe\"" ];
local-zone = [ "\"warden.local.lava.moe.\" redirect" ]; local-zone = [ "\"warden.local.lava.moe.\" redirect" ];
@ -54,7 +35,7 @@ in {
]; ];
}; };
include = "${converted}"; include = "${inputs.hosts-blocklists}/unbound/unbound.blacklist.conf";
}; };
}; };

43
modules/services/website.nix
View file

@ -1,43 +0,0 @@
{ inputs, pkgs, ... }: let
pastel = inputs.pastel.packages.${pkgs.system}.default;
in {
services.nginx.virtualHosts = {
"cilly.moe" = {
useACMEHost = "cilly.moe";
forceSSL = true;
root = pastel.outPath;
};
"cilly.dev" = {
useACMEHost = "cilly.dev";
forceSSL = true;
root = pastel.outPath;
};
"lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = inputs.website.outPath;
};
"cdn.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
extraConfig = ''
return 301 https://sh.lava.moe$request_uri;
'';
};
"sh.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = "/persist/cdn";
};
"_" = {
default = true;
addSSL = true;
# TODO generate this somewhere
sslCertificate = "/persist/fakeCerts/fake.crt";
sslCertificateKey = "/persist/fakeCerts/fake.key";
extraConfig = ''
return 444;
'';
};
};
}

7
modules/system/base.nix
View file

@ -1,6 +1,4 @@
{ config, inputs, modules, ... }: { { config, enableGUI, inputs, modules, overlays, ... }: {
imports = [ modules.binds modules.options ];
environment.etc = { environment.etc = {
"machine-id".source = "/persist/machine-id"; "machine-id".source = "/persist/machine-id";
"ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key"; "ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key";
@ -11,8 +9,6 @@
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
i18n.defaultLocale = "en_AU.UTF-8"; i18n.defaultLocale = "en_AU.UTF-8";
i18n.extraLocales = [ "en_GB.UTF-8/UTF-8" ];
users.mutableUsers = false; users.mutableUsers = false;
system = { system = {
@ -23,5 +19,6 @@
}; };
}; };
nix.registry.config.flake = inputs.self; nix.registry.config.flake = inputs.self;
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.registry.shells.flake = inputs.self; nix.registry.shells.flake = inputs.self;
} }

4
modules/system/corectrl.nix
View file

@ -1,5 +1,9 @@
{ ... }: { { ... }: {
programs.corectrl = { programs.corectrl = {
enable = true; enable = true;
gpuOverclock = {
enable = true;
ppfeaturemask = "0xffffffff";
};
}; };
} }

13
modules/system/docker.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }: {
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
};
environment.systemPackages = [
pkgs.docker-compose
];
}

18
modules/system/greetd.nix
View file

@ -1,18 +0,0 @@
{ pkgs, ... }: {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'";
user = "greeter";
};
initial_session = {
command = "${pkgs.writeShellScript "launch.sh" ''
zsh -c "source $HOME/.config/zsh/.zshrc && Hyprland > \"$XDG_RUNTIME_DIR/Hyprland.out\""
''}";
user = "rin";
};
};
};
}

21
modules/system/greetd_wayland.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, lib, ... }: {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'";
user = "greeter";
};
initial_session = {
command = "Hyprland > \"$XDG_RUNTIME_DIR/Hyprland.out\"";
user = "rin";
};
};
};
services.xserver = {
autorun = false;
displayManager.startx.enable = true;
};
}

16
modules/system/greetd_xorg.nix Normal file
View file

@ -0,0 +1,16 @@
{ pkgs, lib, ... }: {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && startx\"'";
user = "greeter";
};
};
};
services.xserver = {
autorun = false;
displayManager.startx.enable = true;
};
}

4
modules/system/gui.nix
View file

@ -15,6 +15,7 @@
hanazono hanazono
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-extra
open-sans open-sans
twemoji-color-font twemoji-color-font
unifont unifont
@ -25,7 +26,4 @@
displayManager.lightdm.enable = lib.mkForce false; displayManager.lightdm.enable = lib.mkForce false;
desktopManager.xterm.enable = false; desktopManager.xterm.enable = false;
}; };
programs.hyprland.enable = true;
security.pam.services.hyprlock = {};
} }

10
modules/system/home-manager.nix
View file

@ -1,4 +1,4 @@
{ config, inputs, modules, ... }: { { config, enableGUI, inputs, modules, ... }: {
imports = [ imports = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
]; ];
@ -6,14 +6,8 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs modules; inherit enableGUI inputs modules;
sysConfig = config; sysConfig = config;
}; };
sharedModules = [
{
imports = [ modules.options ];
config.me = config.me;
}
];
}; };
} }

17
modules/system/input.nix
View file

@ -6,19 +6,14 @@
"-arinterval 15" "-arinterval 15"
]; ];
}; };
xkb.options = "caps:escape";
}; };
services.keyd = { services.libinput = {
enable = true; enable = true;
keyboards = { mouse = {
default = { accelSpeed = "0";
ids = [ "*" ]; accelProfile = "flat";
settings = {
main = {
capslock = "esc";
esc = "capslock";
};
};
};
}; };
}; };
console.useXkbConfig = true;
} }

3
modules/system/nix-stable.nix
View file

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
nix = { nix = {
package = pkgs.nixVersions.latest;
settings = rec { settings = rec {
substituters = [ substituters = [
"https://cache.nixos.org?priority=10" "https://cache.nixos.org?priority=10"
@ -19,5 +17,4 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
programs.nh.enable = true;
} }

6
modules/system/nix.nix
View file

@ -1,7 +1,6 @@
{ config, inputs, pkgs, ... }: { { config, lib, pkgs, ... }: {
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixVersions.git;
package = pkgs.nixVersions.latest;
settings = rec { settings = rec {
extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
@ -24,5 +23,4 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
programs.nh.enable = true;
} }

26
modules/system/packages-gui.nix
View file

@ -1,26 +0,0 @@
{ config, lib, pkgs, ... }: {
config = lib.mkIf config.me.gui {
environment.systemPackages = with pkgs; [
android-tools
gparted
nautilus
];
hardware.graphics.extraPackages = with pkgs; [
intel-vaapi-driver
libva-vdpau-driver
libvdpau-va-gl
];
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
programs.steam = {
enable = true;
package = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
gsettings-desktop-schemas
];
};
};
services.dbus.packages = [ pkgs.dconf pkgs.gcr ];
services.gnome.sushi.enable = true;
};
}

36
modules/system/packages.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }: { { config, enableGUI, lib, pkgs, ... }: {
imports = [ ./packages-gui.nix ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# ecryptfs comma
ecryptfs
efibootmgr efibootmgr
fd
git git
git-crypt
htop htop
jq jq
kitty.terminfo
libarchive libarchive
lf lf
msr-tools msr-tools
@ -16,10 +13,33 @@
neovim neovim
nfs-utils nfs-utils
ntfs3g ntfs3g
ripgrep
rsync
sshfs sshfs
rsync
wget wget
] ++ lib.optionals enableGUI [
gparted
nautilus
]; ];
environment.variables.EDITOR = "nvim"; environment.variables.EDITOR = "nvim";
} }
// (if !enableGUI then {} else {
programs.adb.enable = true;
hardware.graphics.extraPackages = with pkgs; [
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
programs.light.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
programs.steam = {
enable = true;
package = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
gsettings-desktop-schemas
];
};
};
services.dbus.packages = [ pkgs.dconf pkgs.gcr ];
services.gnome.sushi.enable = true;
})

30
modules/system/security.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { { config, pkgs, ... }: {
networking.firewall = networking.firewall =
let let
iptables = "${pkgs.iptables}/bin/iptables"; iptables = "${pkgs.iptables}/bin/iptables";
@ -53,33 +53,5 @@
} }
]; ];
}; };
pam = lib.mkIf (config.me.environment != "headless") {
u2f = {
enable = true;
settings = {
cue = true;
pinverification = 1;
};
};
services.doas.rules.auth = {
u2f.settings.pinverification = lib.mkForce 0;
u2f_int = lib.mkMerge [
{
enable = true;
order = config.security.pam.services.doas.rules.auth.u2f.order + 1;
control = "sufficient";
modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so";
inherit (config.security.pam.u2f) settings;
}
{
settings = lib.mkForce {
interactive = true;
pinverification = 0;
userpresence = 0;
};
}
];
};
};
}; };
} }

13
modules/system/tailscale.nix
View file

@ -1,13 +0,0 @@
{ config, lib, ... }: {
age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
me.binds."/var/lib/tailscale" = "tailscale";
networking.firewall.trustedInterfaces = [ "tailscale0" ];
networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale_auth.path;
openFirewall = true;
useRoutingFeatures = if config.me.environment == "headless" then "both" else "client";
};
}

7
modules/services/transmission.nix → modules/system/transmission.nix
View file

@ -5,6 +5,13 @@
downloadDirPermissions = "775"; downloadDirPermissions = "775";
openFirewall = true; openFirewall = true;
settings = { settings = {
alt-speed-down = 512;
alt-speed-enabled = true;
alt-speed-time-begin = 360;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 1380;
alt-speed-up = 256;
download-dir = "/persist/transmission/Downloads"; download-dir = "/persist/transmission/Downloads";
incomplete-dir = "/persist/transmission/.incomplete"; incomplete-dir = "/persist/transmission/.incomplete";
ratio-limit-enabled = true; ratio-limit-enabled = true;

124
modules/system/wireguard.nix
View file

@ -1,11 +1,13 @@
{ config, lib, pkgs, gcSecrets, ... }: { config, lib, pkgs, ... }:
let let
port = 51801; port = 51820;
serverName = "dandelion"; serverName = "sugarcane";
serverInterface = "enp0s6"; serverInterface = "ens3";
serverIp = gcSecrets.wireguard.gateway; serverIp = "51.79.240.130";
forwarding = { forwarding = {
"80" = [ "10.100.0.2" "80" ];
"443" = [ "10.100.0.2" "443" ];
"22727" = [ "10.100.0.3" "7777" ]; "22727" = [ "10.100.0.3" "7777" ];
}; };
@ -18,61 +20,52 @@ let
in '' in ''
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
'') forwarding '') forwarding
); );
clients = { routeBypass = {
caramel = {
gateway = "192.168.100.1";
interface = "wlan0";
routes = [
serverIp
];
};
hyacinth = { hyacinth = {
publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; gateway = "192.168.100.1";
allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ]; interface = "enp5s0";
interfaces = { routes = [
wg0 = { peers = [ server6OnlyPeer ]; }; serverIp
wg1 = { peers = [ serverPeer ]; autostart = false; }; ];
wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
};
};
anemone = {
publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY=";
allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ];
interfaces = {
wg0 = { peers = [ server6OnlyPeer ]; };
wg1 = { peers = [ serverPeer ]; autostart = false; };
wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
};
};
hibiscus = {
publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw=";
allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ];
interfaces = {
wg0 = { peers = [ server6OnlyPeer ]; };
wg1 = { peers = [ serverPeer ]; autostart = false; };
wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
};
};
hazel = {
publicKey = "0zruTndObzHo+b1rbOuTsxCU97epygZycxXS/lgUHUc=";
allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ];
interfaces = {
wg0 = {
dns = [ "::1" "127.0.0.1" ];
peers = [ serverLocalOnlyPeer ];
};
};
}; };
}; };
clientPeers = builtins.map (client: builtins.removeAttrs client [ "interfaces" ]) (builtins.attrValues clients); clients = {
serverPeerWith = ips: { caramel = {
publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA=";
allowedIPs = [ "10.100.0.2/32" ];
};
hyacinth = {
publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo=";
allowedIPs = [ "10.100.0.3/32" ];
};
strawberry = {
publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg=";
allowedIPs = [ "10.100.0.4/32" ];
};
maple = {
publicKey = "kPw8hpANygfz83Oi/l+iCVYalV2zfs7fhkccjoGG2Do=";
allowedIPs = [ "10.100.0.5/32" ];
};
};
clientPeers = builtins.attrValues clients;
serverPeer = {
publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0=";
allowedIPs = ips; allowedIPs = [ "0.0.0.0/0" ];
endpoint = "${serverIp}:${toString port}"; endpoint = "${serverIp}:${toString port}";
persistentKeepalive = 25; persistentKeepalive = 25;
}; };
serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ];
server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ];
serverLocalOnlyPeer = serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ];
serverConfig = { serverConfig = {
nat = { nat = {
@ -86,7 +79,7 @@ let
}; };
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" "fd0d::1" ]; ips = [ "10.100.0.1/24" ];
listenPort = port; listenPort = port;
postSetup = '' postSetup = ''
@ -104,24 +97,33 @@ let
}; };
clientConfig = { clientConfig = {
wg-quick.interfaces = wireguard.interfaces.wg0 =
let let
client = clients."${config.networking.hostName}"; client = clients."${config.networking.hostName}";
in routes = routeBypass."${config.networking.hostName}";
builtins.mapAttrs (interface: conf: { mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} via ${routes.gateway} dev ${routes.interface}") routes.routes;
address = client.allowedIPs; in {
dns = [ "fd0d::1" "10.100.0.1" ]; ips = client.allowedIPs;
listenPort = port;
postSetup = ''
${mapRoutes "add"}
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
'';
postShutdown = ''
${mapRoutes "del"}
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
} // conf) client.interfaces; peers = [ serverPeer ];
};
}; };
in { in {
boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({
"net.ipv6.conf.all.forwarding" = true;
"net.ipv6.conf.default.forwarding" = true;
});
networking = networking =
lib.mkMerge [ lib.mkMerge [
(lib.mkIf (config.networking.hostName == serverName) serverConfig) (lib.mkIf (config.networking.hostName == serverName) serverConfig)
(lib.mkIf (config.networking.hostName != serverName) clientConfig) (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig)
]; ];
} }

19
modules/user/bspwm.nix Normal file
View file

@ -0,0 +1,19 @@
# Depends on eww
{ config, pkgs, ... }: {
xsession.windowManager.bspwm = {
enable = true;
monitors = { "DP-1" = [ "1" "2" "3" "4" "5" "6" "7" "8" "9" "0"]; };
settings = {
window_gap = 10;
border_width = 0;
split_ratio = 0.5;
top_padding = 0;
};
extraConfig = ''
${pkgs.feh}/bin/feh --no-fehbg --bg-fill ~/Pictures/Wallpapers/current
${pkgs.procps}/bin/pkill -SIGINT eww
${pkgs.eww}/bin/eww open linebar
'';
};
}

60
modules/user/catppuccin.nix
View file

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { { config, inputs, lib, ... }: {
imports = [ imports = [
inputs.catppuccin.homeManagerModules.catppuccin inputs.catppuccin.homeManagerModules.catppuccin
]; ];
@ -14,62 +14,18 @@
config = { config = {
catppuccin = { catppuccin = {
accent = lib.mkDefault "pink"; accent = "maroon";
flavor = lib.mkDefault "mocha"; flavor = "mocha";
kitty.enable = true; kitty.enable = true;
gtk.enable = true; gtk.enable = true;
hyprlock.enable = true; hyprlock.enable = true;
kvantum.enable = true;
nvim.enable = true; nvim.enable = true;
}; };
qt = {
specialisation = { enable = true;
light.configuration.catppuccin.flavor = "latte"; style.name = "kvantum";
dark.configuration.catppuccin.flavor = "mocha"; platformTheme.name = "kvantum";
}; };
home.packages = [(pkgs.writeShellScriptBin "theme" ''
last_path="$HOME/.local/state/last-theme"
target="$1"
if [ "$target" == "get_last" ]; then
if [ ! -e "$last_path" ]; then
echo "no last theme found; assuming dark" >&2
target="dark"
else
target=$(cat "$last_path" | tr -d "\n")
fi
echo "$target"
exit 0
fi
if [ "$target" == "restore" ]; then
echo "restoring theme"
if [ ! -e "$last_path" ]; then
echo "no last theme found; assuming dark" >&2
target="dark"
else
target=$(cat "$last_path" | tr -d "\n")
fi
fi
if [ "$target" != "dark" ] && [ "$target" != "light" ]; then
echo "invalid theme, valid values: [dark, light, restore]"
exit 1
fi
current="$HOME/.local/state/home-manager/gcroots/current-home/"
cached="$HOME/.local/state/last-parent-specialisation"
if [ -d "$current/specialisation" ]; then
if [ -d "$cached" ]; then
rm -f "$cached"
fi
ln -sf "$(readlink -f $current)" "$cached"
fi
if [ ! -d "$cached/specialisation" ]; then
echo "no specialisations found"
exit 1
fi
"$cached/specialisation/$target/activate"
echo "$target" > "$last_path"
'')];
}; };
} }

7
modules/user/comma.nix
View file

@ -1,7 +0,0 @@
{ inputs, ... }: {
imports = [
inputs.nix-index-database.homeModules.default
];
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
}

2
modules/user/direnv.nix
View file

@ -5,7 +5,7 @@
enable = true; enable = true;
}; };
}; };
programs.git.settings.core.excludesFile = ".envrc"; programs.git.extraConfig.core.excludesFile = ".envrc";
# We can't use .source since hm manages this file too # We can't use .source since hm manages this file too
xdg.configFile."direnv/direnvrc".text = builtins.readFile ../../res/direnvrc; xdg.configFile."direnv/direnvrc".text = builtins.readFile ../../res/direnvrc;
home.activation = { home.activation = {

21
modules/user/eww-wayland.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
let
res = pkgs.stdenvNoCC.mkDerivation {
pname = "eww-wayland-config";
version = "1.0.0";
dontUnpack = true;
installPhase = ''
cp -r ${../../res/eww-wayland} $out
substituteInPlace $out/eww.scss \
--replace-warn "EWW_BACKGROUND" "${config.catppuccin.hexcolors.crust}" \
--replace-warn "EWW_TEXT" "${config.catppuccin.hexcolors.text}" \
--replace-warn "EWW_ACCENT" "${config.catppuccin.hexcolors.${config.catppuccin.accent}}"
'';
};
in {
home.packages = with pkgs; [ socat ];
programs.eww = {
enable = true;
configDir = res;
};
}

29
modules/user/eww.nix
View file

@ -1,29 +1,8 @@
{ config, lib, pkgs, ... }: # Depends on bspwm
let { pkgs, ... }: {
inherit (lib) boolToString defaultTo; home.packages = with pkgs; [ xtitle ];
res = pkgs.stdenvNoCC.mkDerivation {
pname = "eww-wayland-config";
version = "1.0.0";
dontUnpack = true;
installPhase = ''
cp -r ${../../res/eww} $out
substituteInPlace $out/eww.yuck \
--replace-fail "_BAT_ENABLED_" "${boolToString (config.me.batteryDevice != null)}" \
--replace-fail "_BAT_PATH_" "${defaultTo "" config.me.batteryDevice}" \
--replace-fail "_BT_ENABLED_" "${boolToString config.me.hasBluetooth}" \
--replace-fail "_WIFI_ENABLED_" "${boolToString config.me.hasWifi}"
substituteInPlace $out/eww.scss \
--replace-fail "EWW_BACKGROUND" "${config.catppuccin.hexcolors.crust}" \
--replace-fail "EWW_TEXT" "${config.catppuccin.hexcolors.text}" \
--replace-fail "EWW_ACCENT" "${config.catppuccin.hexcolors.${config.catppuccin.accent}}"
'';
};
in {
home.packages = with pkgs; [ iw socat ];
programs.eww = { programs.eww = {
enable = true; enable = true;
configDir = ../../res/eww;
}; };
xdg.configFile."eww".source = res;
} }

7
modules/user/git.nix
View file

@ -1,16 +1,15 @@
{ ... }: { { ... }: {
programs.git = { programs.git = {
enable = true; enable = true;
userName = "LavaDesu";
userEmail = "me@lava.moe";
signing = { signing = {
key = "059F098EBF0E9A13E10A46BF6500251E087653C9"; key = "059F098EBF0E9A13E10A46BF6500251E087653C9";
signByDefault = true; signByDefault = true;
}; };
settings = { extraConfig = {
user.name = "Cilly Leang";
user.email = "mini@cilly.moe";
core.abbrev = 11; core.abbrev = 11;
safe.directory = "/home/rin/Projects/flakes"; safe.directory = "/home/rin/Projects/flakes";
init.defaultBranch = "master";
}; };
}; };
} }

2
modules/user/gpg.nix
View file

@ -5,6 +5,6 @@
}; };
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
pinentry.package = pkgs.pinentry-gnome3; pinentryPackage = pkgs.pinentry-gnome3;
}; };
} }

16
modules/user/hypridle.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
kblight = "brightnessctl -d ${config.me.kbBacklightDevice}"; kblight = "light -s sysfs/leds/asus::kbd_backlight";
in in
{ {
home.packages = [ config.services.hypridle.package ]; home.packages = [ config.services.hypridle.package ];
@ -13,28 +13,26 @@ in
after_sleep_cmd = "hyprctl dispatch dpms on"; after_sleep_cmd = "hyprctl dispatch dpms on";
}; };
listener = lib.optionals (config.me.kbBacklightDevice != null) [ listener = [
{ {
timeout = 120; timeout = 120;
on-timeout = "${kblight} -s && ${kblight} 0"; on-timeout = "${kblight} -O && ${kblight} -S 0";
on-resume = "${kblight} -r"; on-resume = "${kblight} -I";
} }
] ++ [
{ {
timeout = 150; timeout = 150;
on-timeout = "brightnessctl -s && brightnessctl 50%-"; on-timeout = "light -O && light -T 0.5";
on-resume = "brightnessctl -r"; on-resume = "light -I";
} }
{ {
timeout = 180; timeout = 180;
on-timeout = "brightnessctl -r && loginctl lock-session"; on-timeout = "light -I && loginctl lock-session";
} }
{ {
timeout = 195; timeout = 195;
on-timeout = "hyprctl dispatch dpms off"; on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on"; on-resume = "hyprctl dispatch dpms on";
} }
] ++ lib.optionals (config.me.environment == "laptop") [
{ {
timeout = 600; timeout = 600;
on-timeout = "systemctl suspend"; on-timeout = "systemctl suspend";

118
modules/user/hyprlock.nix
View file

@ -1,17 +1,4 @@
{ config, lib, ... }: { ... }: {
let
scaling = if config.me.hidpi then 1 else 0.5;
s = value: if builtins.isInt value || builtins.isFloat value
then
builtins.floor (value * scaling)
else if builtins.isList value
then
lib.strings.concatMapStringsSep "," (v: builtins.toString (scaling * v)) value
else
builtins.throw "invalid scaled value type ${builtins.typeOf value} for ${value}";
sn = value: s (builtins.map (v: (-v)) value);
in
{
programs.hyprlock = { programs.hyprlock = {
enable = true; enable = true;
settings = { settings = {
@ -21,7 +8,7 @@ in
}; };
auth = { auth = {
fingerprint = { fingerprint = {
enabled = config.me.hasFingerprint; enabled = true;
ready_message = "Scan fingerprint to unlock"; ready_message = "Scan fingerprint to unlock";
}; };
}; };
@ -29,39 +16,16 @@ in
monitor = ""; monitor = "";
color = "$base"; color = "$base";
}; };
shape = lib.optionals (config.me.batteryDevice != null) [ label = [
# Battery pill
{
monitor = "";
size = s [165 65];
color = "$crust";
rounding = -1;
halign = "right";
valign = "top";
position = sn [595 10];
}
] ++ [
# Time pill
{
monitor = "";
size = s [545 65];
color = "$crust";
rounding = -1;
halign = "right";
valign = "top";
position = sn [40 10];
}
];
label = lib.optionals config.me.hasFingerprint [
# Fingerprint icon # Fingerprint icon
{ {
monitor = ""; monitor = "";
color = "$text"; color = "$text";
font_family = "Material Symbols Outlined"; font_family = "Material Symbols Outlined";
font_size = s 64; font_size = 64;
halign = "center"; halign = "center";
valign = "top"; valign = "top";
position = sn [0 100]; position = "0, -100";
text = ""; text = "";
} }
# Fingerprint text # Fingerprint text
@ -69,64 +33,50 @@ in
monitor = ""; monitor = "";
color = "$text"; color = "$text";
text = "$FPRINTPROMPT"; text = "$FPRINTPROMPT";
font_size = s 25; font_size = 25;
font_family = "Open Sans"; font_family = "Open Sans";
position = sn [0 235]; position = "0, -235";
halign = "center"; halign = "center";
valign = "top"; valign = "top";
} }
] ++ lib.optionals (config.me.batteryDevice != null) [
# Battery icon
{
monitor = "";
text = "";
color = "$accent";
font_family = "Material Symbols Outlined";
font_size = s 27;
position = sn [695 20];
halign = "right";
valign = "top";
}
# Battery percentage
{
monitor = "";
text = ''cmd[update:60000] echo "<span weight='700'>$(cat /sys/class/power_supply/${config.me.batteryDevice}/capacity)%</span>"'';
color = "$text";
font_size = s 23;
font_family = "Open Sans";
position = sn [625 20];
halign = "right";
valign = "top";
}
] ++ [
# Time and Date
{
monitor = "";
color = "$text";
font_family = "Open Sans";
font_size = s 23;
halign = "right";
valign = "top";
position = sn [70 20];
text = ''cmd[update:1000] echo "<span alpha='70%' weight='550'>$(date '+%A, %d %B %Y')</span> <span weight='700'>$(date +%H:%M)</span><span alpha='70%' weight='550'>$(date +:%S)</span>"'';
}
# Fail text under input # Fail text under input
{ {
monitor = ""; monitor = "";
color = "$red"; color = "$red";
font_family = "Open Sans"; font_family = "Open Sans";
font_size = s 25; font_size = 25;
text = "$FAIL $ATTEMPTS[]"; text = "$FAIL $ATTEMPTS[]";
position = sn [0 200]; position = "0, -200";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
} }
# Time
{
monitor = "";
text = "$TIME";
color = "$text";
font_size = 90;
font_family = "Open Sans";
position = "-50, 0";
halign = "right";
valign = "top";
}
# Date
{
monitor = "";
text = "cmd[update:43200000] date +'%A, %d %B %Y'";
color = "$text";
font_size = 25;
font_family = "Open Sans";
position = "-50, -150";
halign = "right";
valign = "top";
}
]; ];
input-field = { input-field = {
monitor = ""; monitor = "";
size = s [600 120]; size = "600, 120";
outline_thickness = s 4; outline_thickness = 4;
check_color = "$peach"; check_color = "$peach";
dots_size = 0.2; dots_size = 0.2;
dots_spacing = 0.2; dots_spacing = 0.2;
@ -139,7 +89,7 @@ in
fade_on_empty = false; fade_on_empty = false;
hide_input = false; hide_input = false;
capslock_color = "$yellow"; capslock_color = "$yellow";
position = sn [0 47]; position = "0, -47";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
}; };

3
modules/user/kitty.nix
View file

@ -11,9 +11,6 @@
enable_audio_bell = false; enable_audio_bell = false;
color5 = config.catppuccin.hexcolors.mauve; color5 = config.catppuccin.hexcolors.mauve;
color13 = config.catppuccin.hexcolors.mauve; color13 = config.catppuccin.hexcolors.mauve;
window_margin_width = 5;
scrollback_pager = ''nvim --noplugin -c "set signcolumn=no showtabline=0" -c "silent write! /tmp/kitty_scrollback_buffer | te cat /tmp/kitty_scrollback_buffer - " -c "autocmd VimEnter * normal G"'';
scrollback_pager_history_size = 2;
}; };
}; };
} }

5
modules/user/mpv.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { { config, pkgs, ... }: {
programs.mpv = { programs.mpv = {
enable = true; enable = true;
package = pkgs.mpv.override { package = pkgs.mpv-unwrapped.wrapper {
mpv = pkgs.mpv-unwrapped;
youtubeSupport = true; youtubeSupport = true;
scripts = [ pkgs.mpvScripts.mpris ]; scripts = [ pkgs.mpvScripts.mpris ];
}; };

12
modules/user/neovim-minimal.nix
View file

@ -9,12 +9,11 @@
vimAlias = true; vimAlias = true;
vimdiffAlias = true; vimdiffAlias = true;
withNodeJs = false; withNodeJs = false;
withPython3 = false;
withRuby = false;
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
fzf-vim ctrlp-vim
lualine-nvim lualine-nvim
nerdtree
tokyonight-nvim tokyonight-nvim
vim-fugitive vim-fugitive
vim-nix vim-nix
@ -22,7 +21,14 @@
vim-signify vim-signify
vim-surround vim-surround
nvim-cmp
nvim-lspconfig
cmp-nvim-lsp
cmp_luasnip
luasnip
(nvim-treesitter.withPlugins (p: with p; [ (nvim-treesitter.withPlugins (p: with p; [
tree-sitter-comment
tree-sitter-json tree-sitter-json
tree-sitter-lua tree-sitter-lua
tree-sitter-nix tree-sitter-nix

37
modules/user/neovim.nix
View file

@ -1,9 +1,9 @@
{ config, lib, pkgs, sysConfig, ... }: { config, lib, pkgs, ... }:
let let
luaconf = pkgs.writeText "config.lua" luaconf = pkgs.writeText "config.lua"
(lib.replaceStrings (lib.replaceStrings
["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"] ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"]
["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName] ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor]
(builtins.readFile ../../res/config.lua)); (builtins.readFile ../../res/config.lua));
in { in {
systemd.user.tmpfiles.rules = [ systemd.user.tmpfiles.rules = [
@ -17,35 +17,25 @@ in {
vimdiffAlias = true; vimdiffAlias = true;
#package = pkgs.neovim-nightly; #package = pkgs.neovim-nightly;
withNodeJs = true; withNodeJs = true;
withPython3 = true;
withRuby = false;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
nixd
rust-analyzer rust-analyzer
texlab nodePackages."@prisma/language-server"
astro-language-server nodePackages.diagnostic-languageserver
tailwindcss-language-server nodePackages.eslint_d
diagnostic-languageserver nodePackages.typescript-language-server
eslint_d nodePackages.vscode-langservers-extracted
typescript-language-server nodePackages.yaml-language-server
vscode-langservers-extracted
yaml-language-server
]; ];
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
autoclose-nvim
auto-save-nvim
flutter-tools-nvim flutter-tools-nvim
fzf-vim fzf-vim
fzf-lsp-nvim fzf-lsp-nvim
lualine-nvim lualine-nvim
nvim-ts-autotag
nvim-web-devicons
plenary-nvim plenary-nvim
tokyonight-nvim tokyonight-nvim
vim-fugitive vim-fugitive
vim-latex-live-preview
vim-nix vim-nix
vim-repeat vim-repeat
vim-signify vim-signify
@ -55,7 +45,6 @@ in {
nvim-cmp nvim-cmp
nvim-dap nvim-dap
nvim-highlight-colors
nvim-lspconfig nvim-lspconfig
cmp-nvim-lsp cmp-nvim-lsp
cmp_luasnip cmp_luasnip
@ -63,33 +52,27 @@ in {
#(pkgs.me.nvim-treesitter-nightly.withPlugins (p: with p; [ #(pkgs.me.nvim-treesitter-nightly.withPlugins (p: with p; [
(nvim-treesitter.withPlugins (p: with p; [ (nvim-treesitter.withPlugins (p: with p; [
tree-sitter-astro
tree-sitter-bash tree-sitter-bash
tree-sitter-c tree-sitter-c
tree-sitter-c-sharp tree-sitter-c-sharp
tree-sitter-cpp tree-sitter-cpp
tree-sitter-groovy
tree-sitter-html tree-sitter-html
tree-sitter-java
tree-sitter-javascript tree-sitter-javascript
tree-sitter-json tree-sitter-json
tree-sitter-kotlin
tree-sitter-latex
tree-sitter-lua tree-sitter-lua
tree-sitter-markdown tree-sitter-markdown
tree-sitter-nix tree-sitter-nix
tree-sitter-php tree-sitter-php
tree-sitter-prisma
tree-sitter-python tree-sitter-python
tree-sitter-query tree-sitter-query
tree-sitter-regex tree-sitter-regex
tree-sitter-rust tree-sitter-rust
tree-sitter-swift
tree-sitter-toml tree-sitter-toml
tree-sitter-tsx tree-sitter-tsx
tree-sitter-typescript tree-sitter-typescript
tree-sitter-vim tree-sitter-vim
tree-sitter-vimdoc tree-sitter-vimdoc
tree-sitter-xml
tree-sitter-yaml tree-sitter-yaml
])) ]))
]; ];

6
modules/user/pass.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, ... }: {
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: with exts; [ pass-import pass-otp ]);
};
}

41
modules/user/picom.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, ... }: {
services.picom = {
enable = true;
# blur = true;
# blurExclude = [
# (builtins.concatStringsSep " && " [
# "class_g != 'Alacritty'"
# "class_g != 'kitty'"
# #"class_g != 'Polybar'"
# "class_g != 'URxvt'"
# ])
# ];
fade = true;
fadeDelta = 5;
fadeSteps = [ 0.05 0.05 ];
opacityRules = [
"80:class_g = 'Alacritty' && !focused"
"95:class_g = 'kitty' && !focused"
];
vSync = true;
settings = {
glx-no-stencil = true;
glx-copy-from-front = false;
glx-no-rebind-pixmap = true;
# https://github.com/yshui/picom/issues/578
glx-use-copysubbuffer-mesa = false;
use-damage = true;
detect-transient = true;
detect-client-leader = true;
detect-client-opacity = true;
detect-rounded-corners = true;
use-ewmh-active-win = true;
mark-wmwin-focused = true;
mark-ovredir-focused = true;
};
};
}

165
modules/user/polybar.nix Normal file
View file

@ -0,0 +1,165 @@
{ config, ... }: {
services.polybar =
let
colours = {
background1 = "#1a1b26";
background2 = "#9d7cd8";
accent = "#c0caf5";
foreground2 = "#1a1b26";
foreground2trans = "#cc1a1b26";
};
in {
enable = true;
script = builtins.readFile ../../scripts/polybar.sh;
settings = {
"bar/scroller" = {
monitor = "DP-1";
width = "100%";
height = 1;
background = colours.background1;
spacing = 2;
override-redirect = true;
modules.center = "workspaces-stub";
scroll = {
up = "#workspaces-stub.prev";
down = "#workspaces-stub.next";
};
};
"bar/top" = {
monitor = "DP-1";
width = "100%";
height = 29;
background = colours.background1;
foreground = "#fff";
offset-y = 3;
spacing = 2;
padding = {
left = 5;
right = 5;
bottom = 5;
};
override-redirect = true;
wm-restack = "bspwm";
font = [
"NotoSans:style=SemiBold:size=11:antialias=true;2"
"NotoSans:size=11:antialias=true;2"
"MaterialIcons:size=17:antialias=true;6"
"Iosevka:style=Medium:antialias=false:size=19;4"
"HanaMinA:size=9.8;1"
"HanaMinB:size=9.8;1"
];
modules = {
left = "left workspaces right";
center = "title";
right = "left datetime right";
};
enable-ipc = true;
scroll = {
up = "#workspaces.prev";
down = "#workspaces.next";
};
};
"module/left" = {
type = "custom/text";
content = {
text = "%{T4}";
background = colours.background1;
foreground = colours.background2;
};
};
"module/right" = {
type = "custom/text";
content = {
text = "%{T4}";
background = colours.background1;
foreground = colours.background2;
};
};
"module/workspaces" = {
type = "internal/bspwm";
pin-workspaces = true;
enable-click = true;
enable-scroll = false;
reverse-scroll = false;
label = {
monitor = "";
focused = {
text = "%{T3}"; # ef4a
background = colours.background2;
foreground = colours.accent;
};
occupied = {
text = "%{T3}"; # e837
background = colours.background2;
foreground = colours.background1;
};
empty = {
text = "%{T3}"; # ef4a
background = colours.background2;
foreground = colours.background1;
};
urgent = {
text = "%{T3}"; # e837
background = colours.background2;
foreground = colours.background1;
};
separator = {
text = " ";
background = colours.background2;
padding = "0";
};
};
};
"module/workspaces-stub" = {
type = "internal/bspwm";
pin-workspaces = true;
enable-click = false;
enable-scroll = false;
reverse-scroll = false;
label = {
monitor = "";
focused = "";
occupied = "";
empty = "";
urgent = "";
separator = "";
};
};
"module/title" = {
type = "internal/xwindow";
format = {
text = "%{T1}<label>";
padding = 4;
};
};
"module/datetime" = {
type = "internal/date";
date = {
text = "%{T1}%%{F${colours.foreground2}}%H:%M%%{F-}";
alt = "%{T2}%%{F${colours.foreground2trans}}%A, %d %B %Y %{T1}%%{F${colours.foreground2}}%H:%M%%{F${colours.foreground2trans}}:%{T2}%S%%{F-}";
};
format = {
background = colours.background2;
};
};
};
};
}

23
modules/user/rofi-wayland.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
let
theme = pkgs.stdenvNoCC.mkDerivation {
pname = "rofi-theme";
version = "1.0.0";
dontUnpack = true;
installPhase = ''
cp ${../../res/theme.rasi} $out
substituteInPlace $out \
--replace-fail "CAT_BACKGROUND" "${config.catppuccin.hexcolors.crust}" \
--replace-fail "CAT_TEXT" "${config.catppuccin.hexcolors.text}" \
--replace-fail "CAT_ACCENT" "${config.catppuccin.hexcolors.${config.catppuccin.accent}}" \
--replace-fail "CAT_PLACEHOLDER" "${config.catppuccin.hexcolors.overlay1}"
'';
};
in {
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
theme = "theme";
};
xdg.configFile."rofi/theme.rasi".source = theme;
}

19
modules/user/rofi.nix
View file

@ -1,22 +1,7 @@
{ config, pkgs, ... }: { config, inputs, ... }: {
let
theme = pkgs.stdenvNoCC.mkDerivation {
pname = "rofi-theme";
version = "1.0.0";
dontUnpack = true;
installPhase = ''
cp ${../../res/theme.rasi} $out
substituteInPlace $out \
--replace-fail "CAT_BACKGROUND" "${config.catppuccin.hexcolors.crust}" \
--replace-fail "CAT_TEXT" "${config.catppuccin.hexcolors.text}" \
--replace-fail "CAT_ACCENT" "${config.catppuccin.hexcolors.${config.catppuccin.accent}}" \
--replace-fail "CAT_PLACEHOLDER" "${config.catppuccin.hexcolors.overlay1}"
'';
};
in {
programs.rofi = { programs.rofi = {
enable = true; enable = true;
theme = "theme"; theme = "theme";
}; };
xdg.configFile."rofi/theme.rasi".source = theme; xdg.configFile."rofi/theme.rasi".source = ../../res/theme.rasi;
} }

2
modules/user/sessionVariables.nix
View file

@ -6,6 +6,7 @@
"$PATH" "$PATH"
]; ];
XAUTHORITY = "$XDG_RUNTIME_DIR/Xauthority";
EDITOR = "nvim"; EDITOR = "nvim";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${config.xdg.configHome}/java"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${config.xdg.configHome}/java";
@ -21,6 +22,7 @@
NPM_CONFIG_USERCONFIG = "${config.xdg.configHome}/npm/npmrc"; NPM_CONFIG_USERCONFIG = "${config.xdg.configHome}/npm/npmrc";
PUB_CACHE = "${config.xdg.cacheHome}/dart"; PUB_CACHE = "${config.xdg.cacheHome}/dart";
WGETRC = "${config.xdg.configHome}/wgetrc"; WGETRC = "${config.xdg.configHome}/wgetrc";
XINITRC = "${config.xdg.configHome}/xorg/xinitrc";
WINEPREFIX = "${config.xdg.dataHome}/wine64"; WINEPREFIX = "${config.xdg.dataHome}/wine64";
WINEARCH = "win64"; WINEARCH = "win64";

25
modules/user/spicetify.nix
View file

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { config, inputs, pkgs, ... }:
let let
spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.system}; spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.system};
in in
@ -8,25 +8,7 @@ in
programs.spicetify = { programs.spicetify = {
enable = true; enable = true;
alwaysEnableDevTools = true; alwaysEnableDevTools = true;
theme = spicePkgs.themes.catppuccin // { theme = spicePkgs.themes.catppuccin;
additionalCss = ''
/* Removes "About the artist" text in now playing menu */
.main-nowPlayingView-sectionHeaderText {
display: none;
}
/* Removes gradient in now playing menu */
.main-nowPlayingView-contextItemInfo:before {
background: none;
}
/* Removes gradient above artist image */
/* https://stackoverflow.com/a/77015731 < this is so smart */
.main-nowPlayingView-aboutArtistV2ImageContainer.main-nowPlayingView-aboutArtistV2Image {
background-size: 0% 0%, cover;
}
'';
};
colorScheme = config.catppuccin.flavor; colorScheme = config.catppuccin.flavor;
enabledSnippets = with spicePkgs.snippets; [ enabledSnippets = with spicePkgs.snippets; [
@ -40,11 +22,10 @@ in
shuffle shuffle
hidePodcasts hidePodcasts
skipStats
songStats songStats
history history
volumePercentage volumePercentage
]; ];
}; };
home.file.".local/bin/spotify".source = lib.getExe config.programs.spicetify.spicedSpotify;
} }

65
modules/user/sxhkd.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, pkgs, ... }:
let
super = "Mod4";
alt = "Mod1";
in {
services.sxhkd = {
enable = true;
keybindings = {
# Dunst (Notification daemon)
"super + grave" = "dunstctl history-pop";
"super + shift + period" = "dunstctl context";
"super + shift + space" = "dunstctl close-all";
# Rofi (App launcher)
"super + Return" = "rofi -lines 12 -padding 18 -width 60 -location 0 -show drun -sidebar-mode -columns 3 -font 'Noto Sans 8'";
# Printscreen
"Print" = "maim -us | tee ~/Pictures/Screenshots/$(date +%s)c.png | xclip -selection clipboard -t image/png";
"shift + Print" = "maim -u | tee ~/Pictures/Screenshots/$(date +%s).png | xclip -selection clipboard -t image/png";
# Quick-kill picom
"super + p" = "systemctl --user stop picom";
"super + shift + p" = "systemctl --user restart picom";
# Volume
"XF86Audio{RaiseVolume,LowerVolume,Mute}" = "pamixer -{i 5,d 5,t}";
# Brightness
"XF86MonBrightness{Up,Down}" = "light -{A,U} 10";
"shift + XF86MonBrightness{Up,Down}" = "light -{A,U} 1";
# Gamma
"ctrl + XF86MonBrightness{Up,Down}" = "xgamma -gamma {1.3,1}";
"Super_L" = "eww open mainbar";
"@Super_L" = "eww close mainbar";
# Kill focused window
"super + {_,shift + }c" = "bspc node -{c,k}";
# Change focus
"super + {h,j,k,l}" = "bspc node -f {west,south,north,east}";
"super + {Left,Down,Up,Right}" = "bspc node -f {west,south,north,east}";
# Switch windows
"super + shift + {h,j,k,l}" = "bspc node -s {west,south,north,east}";
"super + shift + {Left,Down,Up,Right}" = "bspc node -s {west,south,north,east}";
# Move focused window
"super + shift + {1-9,0}" = "bspc node -d ^{1-9,10}";
# Toggle tiled/fullscreen/floating
"super + {t,f,space}" = "bspc node -t '~{tiled,fullscreen,floating}'";
# Exit / Restart bspwm
"super + shift + {q,r}" = "bspc {quit,wm -r}";
# Restart sxhkd
"super + shift + s" = "pkill -USR1 -x sxhkd";
# Workspace switching
"super + {1-9,0}" = "bspc desktop -f ^{1-9,10}";
};
};
}

51
modules/user/xorg.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, ... }: {
xsession = {
enable = true;
profilePath = ".config/xorg/xprofile";
scriptPath = ".config/xorg/xsession";
};
xdg.configFile."xorg/xinitrc".source = ../../scripts/xinitrc;
xresources = {
path = "${config.xdg.configHome}/xorg/xresources";
properties = {
# special
"*.foreground" = "#c5c8c6";
"*.background" = "#1d1f21";
"*.cursorColor" = "#c5c8c6";
# black
"*.color0" = "#1d1f21";
"*.color8" = "#969896";
# red
"*.color1" = "#cc342b";
"*.color9" = "#cc342b";
# green
"*.color2" = "#198844";
"*.color10" = "#198844";
# yellow
"*.color3" = "#fba922";
"*.color11" = "#fba922";
# blue
"*.color4" = "#3971ed";
"*.color12" = "#3971ed";
# magenta
"*.color5" = "#a36ac7";
"*.color13" = "#a36ac7";
# cyan
"*.color6" = "#3971ed";
"*.color14" = "#3971ed";
# white
"*.color7" = "#c5c8c6";
"*.color15" = "#ffffff";
};
};
}

Some files were not shown because too many files have changed in this diff Show more