xqtc/nixos-config-mirror
1
0
Fork 0
mirror of https://git.gay/xqtc/nixos-config synced 2025-05-07 10:57:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
xqtc 2025-04-16 09:14:51 +02:00
parent e37c2e6752
commit d7044ea068
Signed by: xqtc
GPG key ID: 2C064D095926D9D1
97 changed files with 1496 additions and 2359 deletions
common
comin.nixdefault.nixsops.nixsyncthing.nix
flake-mods
allowUnfree.nixhm-flake-part.nixhm.nixnixosHosts.nix
home
default.nixhost.nix
modules
default.nixdwl.nixfirefox.nixfoot.nixghostty.nixgit.nixgtk.nixhome-pkgs.nixnixvim.nixqt.nixrofi.nixshell.nixsops.nixspicetify.nixspotify-cli.nixssh.nixtmux.nixwm.nixyazi.nixzellij.nixzoxide.nix
packages
dwl.nix
programs
dwl.nix
system.nix
hosts
aarch64-linux/alastor
apple-silicon-support
default.nix
modules
boot-m1n1
default.nix
default.nix
kernel
default.nix
mesa
default.nix
peripheral-firmware
default.nix
sound
default.nix
packages
alsa-ucm-conf-asahi
default.nix
asahi-audio
default.nix
asahi-fwextract
default.nix
bankstown-lv2
default.nix
linux-asahi
default.nix
m1n1
default.nix
mesa-asahi-edge
default.nix
overlay.nix
speakersafetyd
default.nix
uboot-asahi
default.nix
default.nixhardware-configuration.nix
antivirus.nixdocker.nixgc.nix
x86_64-linux
asmodeus
hardware-configuration.nix
beleth
borg.nixcaddy.nixcalibre-web.nixconduit.nixdefault.nixdocker-compose-crime.nixexternal-users.nixfactorio.nixfail2ban.nixhardware-configuration.nixhydra.niximmich.nixjellyfin.nixlanrarari.nixmonitoring.nixnetworking.nixnextcloud.nixnfs.nixpaperless.nixrenovate.nixseafile.nix
services
gitea-runner.nix
transmission.nixuptime.nixwireguard.nix
lab
default.nixhardware-configuration.nix
lambda
default.nixhardware-configuration.nix
lilith
default.nixhardware-configuration.nix
seraphim
caddy.nixdefault.nixhardware-configuration.nixjellyfin.nixmonitoring.nixsync.nix
yosai
default.nixhardware-configuration.nix
modules
home-manager.nix

24
common/comin.nix
View file

@ -1,22 +1,12 @@
{
inputs,
pkgs,
lib,
config,
...
}: {
imports = [
inputs.comin.nixosModules.comin
];
{ inputs, pkgs, lib, config, ... }: {
imports = [ inputs.comin.nixosModules.comin ];
services.comin = {
enable = true;
remotes = [
{
name = "origin";
url = "https://git.gay/xqtc/nixos-config.git";
branches.main.name = "main";
}
];
remotes = [{
name = "origin";
url = "https://git.gay/xqtc/nixos-config.git";
branches.main.name = "main";
}];
};
}

29
common/default.nix
View file

@ -1,25 +1,16 @@
{
config,
lib,
inputs,
pkgs,
...
}: {
imports = [
./syncthing.nix
./sops.nix
];
{ config, lib, inputs, pkgs, ... }: {
imports = [ ./syncthing.nix ./sops.nix ];
#nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0" "electron-24.8.6"];
services.udev.packages = [pkgs.yubikey-personalization];
services.udev.packages = [ pkgs.yubikey-personalization ];
networking.hosts = {
"192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
"192.168.178.35" = [ "jellyfin.fritz.box" "grafana.fritz.box" ];
};
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
users.users.xqtc.extraGroups = ["dialout" "networkmanager"];
users.users.xqtc.extraGroups = [ "dialout" "networkmanager" ];
users.users.xqtc.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@heroin.trade"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM7DHEfQB5RV4jYX6phufk7nzOI0+p6mn4AWjNdefvAfAAAABHNzaDo= xqtc@yubicat"
@ -38,8 +29,8 @@
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/xqtc/nixos-config";
};
networking.firewall.allowedTCPPorts = [8384 22000];
networking.firewall.allowedUDPPorts = [22000 21027];
networking.firewall.allowedTCPPorts = [ 8384 22000 ];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
nix.package = pkgs.lix;
@ -68,10 +59,8 @@
services.tailscale.enable = true;
nix.settings = {
trusted-users = ["xqtc"];
substituters = [
"https://nix-community.cachix.org"
];
trusted-users = [ "xqtc" ];
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];

13
common/sops.nix
View file

@ -1,19 +1,12 @@
{
inputs,
config,
lib,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
];
{ inputs, config, lib, ... }: {
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = ../secrets.yaml;
validateSopsFiles = false;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops/age/keys.txt";
generateKey = true;
};

13
common/syncthing.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
services.syncthing = {
enable = false;
user = "xqtc";
@ -11,10 +6,6 @@
overrideDevices = false;
overrideFolders = false;
configDir = "${config.services.syncthing.dataDir}/.config/syncthing";
settings = {
gui = {
user = "xqtc";
};
};
settings = { gui = { user = "xqtc"; }; };
};
}

4
flake-mods/allowUnfree.nix
View file

@ -1,5 +1,5 @@
{inputs, ...}: {
perSystem = {system, ...}: {
{ inputs, ... }: {
perSystem = { system, ... }: {
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;

41
flake-mods/hm-flake-part.nix
View file

@ -1,26 +1,15 @@
{
lib,
flake-parts-lib,
...
}: let
inherit
(lib)
mkOption
types
;
inherit
(flake-parts-lib)
mkTransposedPerSystemModule
;
in
mkTransposedPerSystemModule {
name = "homeConfigurations";
option = mkOption {
type = types.raw;
default = {};
description = ''
home-manager configs
'';
};
file = ./hm-flake-part.nix;
}
{ lib, flake-parts-lib, ... }:
let
inherit (lib) mkOption types;
inherit (flake-parts-lib) mkTransposedPerSystemModule;
in mkTransposedPerSystemModule {
name = "homeConfigurations";
option = mkOption {
type = types.raw;
default = { };
description = ''
home-manager configs
'';
};
file = ./hm-flake-part.nix;
}

83
flake-mods/hm.nix
View file

@ -1,49 +1,38 @@
{
inputs,
lib,
...
}: {
imports = [
./hm-flake-part.nix
];
perSystem = {
config,
self,
inputs,
pkgs,
system,
...
}: let
# split system (e.g. x86_64-linux) into os and arch
splitSystem = lib.splitString "-" system;
os = builtins.elemAt splitSystem 0;
arch = builtins.elemAt splitSystem 1;
in {
legacyPackages.homeConfigurations.xqtc = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
inherit system;
# overlays = [
# inputs.hyprpanel.overlay
# ];
};
nixpkgs.overlays = [inputs.hyprpanel.overlay];
modules = [
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops
inputs.hyprpanel.homeManagerModules.hyprpanel
{inherit os arch;}
];
extraSpecialArgs = {
inherit inputs;
inherit system;
};
};
{ inputs, lib, ... }: {
imports = [ ./hm-flake-part.nix ];
perSystem = { config, self, inputs, pkgs, system, ... }:
let
# split system (e.g. x86_64-linux) into os and arch
splitSystem = lib.splitString "-" system;
os = builtins.elemAt splitSystem 0;
arch = builtins.elemAt splitSystem 1;
in {
legacyPackages.homeConfigurations.xqtc =
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
inherit system;
# overlays = [
# inputs.hyprpanel.overlay
# ];
};
nixpkgs.overlays = [ inputs.hyprpanel.overlay ];
modules = [
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops
inputs.hyprpanel.homeManagerModules.hyprpanel
{ inherit os arch; }
];
extraSpecialArgs = {
inherit inputs;
inherit system;
};
};
# # this sounds stupid, but it's the only way to make home-manager consume a
# # flake output with the system in it, which *should* be the case because it
# # wants system-specific pkgs, but flake-parts (rightfully so!) complains
# # that this isn't a package, so we do this to make both happy.
# packages.homeConfigurations.type = "derivation";
};
# # this sounds stupid, but it's the only way to make home-manager consume a
# # flake output with the system in it, which *should* be the case because it
# # wants system-specific pkgs, but flake-parts (rightfully so!) complains
# # that this isn't a package, so we do this to make both happy.
# packages.homeConfigurations.type = "derivation";
};
}

22
flake-mods/nixosHosts.nix
View file

@ -1,22 +1,10 @@
{
inputs,
lib,
...
}: {
{ inputs, lib, ... }: {
flake.nixosConfigurations =
lib.genAttrs [
"asmodeus"
"seraphim"
"lilith"
"lambda"
"beleth"
"yosai"
] (name:
lib.genAttrs [ "asmodeus" "seraphim" "lilith" "lambda" "beleth" "yosai" ]
(name:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
../hosts/x86_64-linux/${name}
];
specialArgs = {inherit inputs;};
modules = [ ../hosts/x86_64-linux/${name} ];
specialArgs = { inherit inputs; };
});
}

23
home/default.nix
View file

@ -1,20 +1,8 @@
{
config,
pkgs,
lib,
inputs,
...
}: {
imports = [
./modules
./system.nix
./host.nix
];
{ config, pkgs, lib, inputs, ... }: {
imports = [ ./modules ./system.nix ./host.nix ];
home.username = "xqtc";
home.homeDirectory =
if config.os == "linux"
then "/home/xqtc"
else "/Users/xqtc";
if config.os == "linux" then "/home/xqtc" else "/Users/xqtc";
programs.wezterm = {
enable = true;
@ -32,11 +20,12 @@
};
};
programs.joshuto = {enable = true;};
programs.joshuto = { enable = true; };
dconf.enable = config.os == "linux";
services.easyeffects = lib.mkIf (pkgs.system == "x86_64-linux") {enable = true;};
services.easyeffects =
lib.mkIf (pkgs.system == "x86_64-linux") { enable = true; };
home.stateVersion = "23.11";

2
home/host.nix
View file

@ -1,4 +1,4 @@
{lib, ...}: {
{ lib, ... }: {
options.host = lib.mkOption {
type = lib.types.str;
default = "generic";

8
home/modules/default.nix
View file

@ -1,10 +1,4 @@
{
config,
pkgs,
lib,
inputs,
...
}: {
{ config, pkgs, lib, inputs, ... }: {
imports = [
./nixvim.nix
./shell.nix

13
home/modules/dwl.nix
View file

@ -1,10 +1,5 @@
{
pkgs,
config,
lib,
...
}: {
imports = [../programs/dwl.nix];
{ pkgs, config, lib, ... }: {
imports = [ ../programs/dwl.nix ];
programs.dwl = {
enable = true;
@ -12,8 +7,6 @@
../config-files/dwl/patches/attachbottom.patch
../config-files/dwl/patches/ipc.patch
];
cmd = {
terminal = "${pkgs.wezterm}/bin/wezterm";
};
cmd = { terminal = "${pkgs.wezterm}/bin/wezterm"; };
};
}

365
home/modules/firefox.nix
View file

@ -1,21 +1,12 @@
{
inputs,
outputs,
config,
pkgs,
lib,
...
}:
{ inputs, outputs, config, pkgs, lib, ... }:
with inputs; {
home.sessionVariables.DEFAULT_BROWSER =
if (config.os == "linux")
then "${pkgs.firefox}/bin/firefox"
else "firefox";
if (config.os == "linux") then "${pkgs.firefox}/bin/firefox" else "firefox";
programs.firefox = lib.mkIf (config.os == "linux") {
enable = true;
package =
pkgs.firefox.override {cfg = {enableGnomeExtensions = true;};};
pkgs.firefox.override { cfg = { enableGnomeExtensions = true; }; };
profiles.xqtc = {
isDefault = true;
extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
@ -37,264 +28,232 @@ with inputs; {
vimium-c
noscript
];
bookmarks = [
{
toolbar = true;
bookmarks = [
{
name = "heroin.trade";
bookmarks = [
{
name = "Forgejo";
url = "https://git.heroin.trade";
}
{
name = "Grafana";
url = "https://grafana.heroin.trade";
}
{
name = "Jellyfin";
url = "https://jellyfin.heroin.trade";
}
{
name = "Uptime";
url = "https://uptime.heroin.trade";
}
{
name = "Lanraragi";
url = "https://calibre.heroin.trade";
}
{
name = "Paperless";
url = "https://paperless.heroin.trade";
}
{
name = "Nextcloud";
url = "https://cloud.heroin.trade";
}
];
}
{
name = "piracy";
bookmarks = [
{
name = "slskd";
url = "http://seraphim.fritz.box:5030";
}
{
name = "Sonarr";
url = "http://seraphim.fritz.box:8989";
}
{
name = "Radarr";
url = "http://seraphim.fritz.box:7878";
}
{
name = "Prowlarr";
url = "http://seraphim.fritz.box:9696";
}
{
name = "qBittorrent";
url = "http://seraphim.fritz.box:8085";
}
];
}
];
}
];
bookmarks = [{
toolbar = true;
bookmarks = [
{
name = "heroin.trade";
bookmarks = [
{
name = "Forgejo";
url = "https://git.heroin.trade";
}
{
name = "Grafana";
url = "https://grafana.heroin.trade";
}
{
name = "Jellyfin";
url = "https://jellyfin.heroin.trade";
}
{
name = "Uptime";
url = "https://uptime.heroin.trade";
}
{
name = "Lanraragi";
url = "https://calibre.heroin.trade";
}
{
name = "Paperless";
url = "https://paperless.heroin.trade";
}
{
name = "Nextcloud";
url = "https://cloud.heroin.trade";
}
];
}
{
name = "piracy";
bookmarks = [
{
name = "slskd";
url = "http://seraphim.fritz.box:5030";
}
{
name = "Sonarr";
url = "http://seraphim.fritz.box:8989";
}
{
name = "Radarr";
url = "http://seraphim.fritz.box:7878";
}
{
name = "Prowlarr";
url = "http://seraphim.fritz.box:9696";
}
{
name = "qBittorrent";
url = "http://seraphim.fritz.box:8085";
}
];
}
];
}];
search = {
default = "DuckDuckGo";
force = true;
engines = {
"SearX" = {
urls = [
{
template = "https://searx.org/search";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://searx.org/search";
params = [{
name = "q";
value = "{searchTerms}";
}];
}];
iconUpdateURL = "https://searx.org/favicon.ico";
definedAliases = ["@sx"];
definedAliases = [ "@sx" ];
};
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
icon =
"${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"Nix Options" = {
urls = [
{
# template = "https://search.nixos.org/options";
template = "https://searchix.alanpearce.eu/all/search";
params = [
# {
# name = "type";
# value = "options";
# }
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
# template = "https://search.nixos.org/options";
template = "https://searchix.alanpearce.eu/all/search";
params = [
# {
# name = "type";
# value = "options";
# }
{
name = "query";
value = "{searchTerms}";
}
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@no"];
icon =
"${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ];
};
"Nix Dev" = {
urls = [
{
template = "https://nix.dev/search.html";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@nd"];
urls = [{
template = "https://nix.dev/search.html";
params = [{
name = "q";
value = "{searchTerms}";
}];
}];
icon =
"${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@nd" ];
};
"NixOS Wiki" = {
urls = [
{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}
];
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"];
definedAliases = [ "@nw" ];
};
"nixpkgs PR Tracker" = {
urls = [
{
template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}";
}
];
urls = [{
template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@npr"];
definedAliases = [ "@npr" ];
};
"Reddit" = {
urls = [
{
template = "https://reddit.com/r/{searchTerms}";
}
];
urls = [{ template = "https://reddit.com/r/{searchTerms}"; }];
iconUpdateURL = "https://reddit.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@r"];
definedAliases = [ "@r" ];
};
"Github Repos" = {
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=repositories";
}
];
urls = [{
template =
"https://github.com/search?q={searchTerms}&type=repositories";
}];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@ghr"];
definedAliases = [ "@ghr" ];
};
"Github Code" = {
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=code";
}
];
urls = [{
template = "https://github.com/search?q={searchTerms}&type=code";
}];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@ghc"];
definedAliases = [ "@ghc" ];
};
"Github PRs" = {
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=pullrequests";
}
];
urls = [{
template =
"https://github.com/search?q={searchTerms}&type=pullrequests";
}];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@ghpr"];
definedAliases = [ "@ghpr" ];
};
"Github Users" = {
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=users";
}
];
urls = [{
template = "https://github.com/search?q={searchTerms}&type=users";
}];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@ghu"];
definedAliases = [ "@ghu" ];
};
"Hackage" = {
urls = [
{
template = "https://hackage.haskell.org/packages/browse?terms={searchTerms}";
}
];
urls = [{
template =
"https://hackage.haskell.org/packages/browse?terms={searchTerms}";
}];
iconUpdateURL = "https://hackage.haskell.org/static/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@hak"];
definedAliases = [ "@hak" ];
};
"crates.io" = {
urls = [
{
template = "https://crates.io/search?q={searchTerms}";
}
];
urls = [{ template = "https://crates.io/search?q={searchTerms}"; }];
iconUpdateURL = "https://crates.io/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@cio"];
definedAliases = [ "@cio" ];
};
"OSDev Wiki" = {
urls = [
{
template = "https://wiki.osdev.org/index.php?search={searchTerms}";
}
];
urls = [{
template =
"https://wiki.osdev.org/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://wiki.osdev.org/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@osdev"];
definedAliases = [ "@osdev" ];
};
"YouTube" = {
urls = [
{
template = "https://youtube.com/results?search_query={searchTerms}";
}
];
urls = [{
template =
"https://youtube.com/results?search_query={searchTerms}";
}];
iconUpdateURL = "https://youtube.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@yt"];
definedAliases = [ "@yt" ];
};
"Bing".metaData.hidden = true;

14
home/modules/foot.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}: {
{ config, lib, ... }: {
programs.foot = {
enable = config.os == "linux";
settings = {
@ -11,13 +7,9 @@
dpi-aware = "yes";
};
cursor = {
blink = "yes";
};
cursor = { blink = "yes"; };
mouse = {
hide-when-typing = "yes";
};
mouse = { hide-when-typing = "yes"; };
colors = {
alpha = 0.8;

10
home/modules/ghostty.nix
View file

@ -1,9 +1,5 @@
{
inputs,
pkgs,
lib,
...
}: {
{ inputs, pkgs, lib, ... }: {
xdg.configFile."ghostty/config".source = ../config-files/ghostty-config;
xdg.configFile."ghostty/shader.glsl".source = ../config-files/ghostty-shader.glsl;
xdg.configFile."ghostty/shader.glsl".source =
../config-files/ghostty-shader.glsl;
}

13
home/modules/git.nix
View file

@ -1,9 +1,4 @@
{
inputs,
config,
pkgs,
...
}: {
{ inputs, config, pkgs, ... }: {
programs.git = {
enable = true;
userName = "xqtc";
@ -12,11 +7,7 @@
key = "655F2C328563DC87FB2077CC2C064D095926D9D1";
signByDefault = true;
};
extraConfig = {
init = {
defaultBranch = "main";
};
};
extraConfig = { init = { defaultBranch = "main"; }; };
diff-so-fancy.enable = true;
};
}

12
home/modules/gtk.nix
View file

@ -1,10 +1,4 @@
{
config,
pkgs,
inputs,
lib,
...
}: {
{ config, pkgs, inputs, lib, ... }: {
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
@ -36,9 +30,9 @@
theme = {
name = "Catppuccin-Mocha-Compact-Pink-Dark";
package = pkgs.catppuccin-gtk.override {
accents = ["pink"];
accents = [ "pink" ];
size = "compact";
tweaks = ["rimless"];
tweaks = [ "rimless" ];
variant = "mocha";
};
};

109
home/modules/home-pkgs.nix
View file

@ -1,65 +1,62 @@
{
config,
inputs,
pkgs,
lib,
...
}: let
flameshot = pkgs.flameshot.overrideDerivation (old: {NIX_CFLAGS_COMPILE = "-DUSE_WAYLAND_GRIM";});
maxfetch = pkgs.writeScriptBin "maxfetch" (builtins.readFile ../config-files/maxfetch.sh);
zellij-ls = pkgs.writeScriptBin "zls" (builtins.readFile ../config-files/zellij-session-select.bash);
startdwl = pkgs.writeScriptBin "startdwl" (builtins.readFile ../config-files/startdwl.sh);
{ config, inputs, pkgs, lib, ... }:
let
flameshot = pkgs.flameshot.overrideDerivation
(old: { NIX_CFLAGS_COMPILE = "-DUSE_WAYLAND_GRIM"; });
maxfetch = pkgs.writeScriptBin "maxfetch"
(builtins.readFile ../config-files/maxfetch.sh);
zellij-ls = pkgs.writeScriptBin "zls"
(builtins.readFile ../config-files/zellij-session-select.bash);
startdwl = pkgs.writeScriptBin "startdwl"
(builtins.readFile ../config-files/startdwl.sh);
in {
home.packages =
(lib.optionals (config.os == "linux") (with pkgs; [
cargo
remmina
# heroic # BUILD FAILURE
mpv
via
telegram-desktop
#jetbrains.rust-rover
tor-browser
tutanota-desktop
# bottles # DEPENDENCY BUILD FAILURE
#flameshot
grim
waypaper
satty
networkmanagerapplet
nextcloud-client
trayscale
swaylock-effects
wdisplays
brightnessctl
pavucontrol
swayfx
sway-contrib.grimshot
libnotify
swww
strace
ltrace
imhex
qmk-udev-rules
signal-desktop
kdePackages.kleopatra
# ida-free
spotify
cosmic-icons
# seafile-client
steam
protonup-qt
yubioath-flutter
]))
++ (lib.optionals (config.os == "linux" && config.host != "yosai") (with pkgs; [
home.packages = (lib.optionals (config.os == "linux") (with pkgs; [
cargo
remmina
# heroic # BUILD FAILURE
mpv
via
telegram-desktop
#jetbrains.rust-rover
tor-browser
tutanota-desktop
# bottles # DEPENDENCY BUILD FAILURE
#flameshot
grim
waypaper
satty
networkmanagerapplet
nextcloud-client
trayscale
swaylock-effects
wdisplays
brightnessctl
pavucontrol
swayfx
sway-contrib.grimshot
libnotify
swww
strace
ltrace
imhex
qmk-udev-rules
signal-desktop
kdePackages.kleopatra
# ida-free
spotify
cosmic-icons
# seafile-client
steam
protonup-qt
yubioath-flutter
])) ++ (lib.optionals (config.os == "linux" && config.host != "yosai")
(with pkgs; [
jellyfin-media-player
ghidra
hyprland-qtutils
element-desktop
tuba
droidcam
]))
++ (with pkgs; [
])) ++ (with pkgs; [
inputs.ghostty.packages.x86_64-linux.default
inputs.meowlog.packages.x86_64-linux.default
inputs.swaystatus.packages.x86_64-linux.default
@ -125,7 +122,7 @@ in {
# marked as broken
rizin
(cutter.withPlugins (ps: with ps; [jsdec rz-ghidra sigdb]))
(cutter.withPlugins (ps: with ps; [ jsdec rz-ghidra sigdb ]))
nerd-fonts.hasklug
ipafont

220
home/modules/nixvim.nix
View file

@ -1,18 +1,9 @@
{
pkgs,
lib,
config,
inputs,
outputs,
...
}: {
{ pkgs, lib, config, inputs, outputs, ... }: {
programs.nixvim = {
enable = true;
globals.mapleader = " ";
extraConfigLua = builtins.readFile ../config-files/nvim/init.lua;
extraPlugins = with pkgs.vimPlugins; [
aerial-nvim
];
extraPlugins = with pkgs.vimPlugins; [ aerial-nvim ];
clipboard.providers.wl-copy.enable = true;
@ -40,16 +31,14 @@
# };
plugins = {
vimwiki = {
enable = true;
settings = {
list = [
{
ext = ".md";
path = "~/Nextcloud/Notes/";
syntax = "markdown";
}
];
};
enable = true;
settings = {
list = [{
ext = ".md";
path = "~/Nextcloud/Notes/";
syntax = "markdown";
}];
};
};
# image = {
# enable = true;
@ -72,67 +61,45 @@
enable = true;
settings = {
load = {
"core.defaults" = {
__empty = null;
};
"core.defaults" = { __empty = null; };
"core.dirman" = {
config = {
workspaces = {
home = "~/notes/";
};
};
};
"core.dirman.utils" = {
__empty = null;
config = { workspaces = { home = "~/notes/"; }; };
};
"core.dirman.utils" = { __empty = null; };
"core.completion" = {
config = {
engine = "nvim-cmp";
name = "neorg";
};
};
"core.concealer" = {
__empty = null;
};
"core.export" = {
__empty = null;
};
"core.export.markdown" = {
__empty = null;
};
"core.concealer" = { __empty = null; };
"core.export" = { __empty = null; };
"core.export.markdown" = { __empty = null; };
};
};
};
gitblame.enable = true;
lspkind.enable = true;
persistence = {
enable = true;
};
persistence = { enable = true; };
navic = {
enable = true;
settings = {
highlight = true;
lsp = {
auto_attach = true;
};
lsp = { auto_attach = true; };
};
};
trouble = {
enable = true;
};
trouble = { enable = true; };
wakatime.enable = true;
#headlines.enable = true;
twilight.enable = true;
comment = {
enable = true;
};
comment = { enable = true; };
indent-blankline.enable = true;
lualine = {
enable = true;
settings = {
options = {
disabled_filetypes.statusline = ["neo-tree"];
disabled_filetypes.statusline = [ "neo-tree" ];
component_separators = {
left = "";
right = "";
@ -143,56 +110,48 @@
};
};
sections = {
lualine_y = [
{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
return true
lualine_y = [{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
'';
};
dense = false;
dense_sep = ".";
depth = {
__raw = "nil";
};
sep = " ";
}
];
return true
end
'';
};
dense = false;
dense_sep = ".";
depth = { __raw = "nil"; };
sep = " ";
}];
};
winbar = {
lualine_c = [
{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
return true
lualine_c = [{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
'';
};
dense = false;
dense_sep = ".";
depth = {
__raw = "nil";
};
sep = " ";
}
];
return true
end
'';
};
dense = false;
dense_sep = ".";
depth = { __raw = "nil"; };
sep = " ";
}];
# lualine_x = [
# {
# __unkeyed-1 = "filename";
@ -204,7 +163,7 @@
};
};
};
lsp-format = {enable = true;};
lsp-format = { enable = true; };
# copilot-lua = {
# enable = true;
# suggestion = {
@ -237,9 +196,7 @@
# host = "127.0.0.1";
# };
server.settings = {
inlayHints = {
closureStyle = "rust_analyzer";
};
inlayHints = { closureStyle = "rust_analyzer"; };
typing.autoClosingAngleBrackets.enable = true;
};
};
@ -267,7 +224,7 @@
nushell.enable = true;
clangd = {
enable = true;
filetypes = ["c" "cpp" "objc" "objcpp" "cpp"];
filetypes = [ "c" "cpp" "objc" "objcpp" "cpp" ];
};
svelte.enable = true;
ts_ls.enable = true;
@ -280,9 +237,7 @@
installCargo = false;
installRustc = false;
settings = {
inlayHints = {
closureStyle = "rust_analyzer";
};
inlayHints = { closureStyle = "rust_analyzer"; };
typing.autoClosingAngleBrackets.enable = true;
};
};
@ -322,14 +277,17 @@
settings = {
snippet = {
expand = "function(args) require('luasnip').lsp_expand(args.body) end";
expand =
"function(args) require('luasnip').lsp_expand(args.body) end";
};
sources = [
{name = "nvim_lsp";}
{name = "path";}
{name = "buffer";}
{name = "luasnip";}
{name = "neorg";}
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
{ name = "luasnip"; }
{
name = "neorg";
}
# {name = "copilot";}
];
#mapping = {
@ -362,7 +320,7 @@
};
telescope.enable = true;
web-devicons.enable = true; # required by telescope
telescope.extensions = {file-browser.enable = true;};
telescope.extensions = { file-browser.enable = true; };
which-key.enable = true;
cmp-nvim-lsp.enable = true;
cmp-nvim-lua.enable = true;
@ -513,18 +471,12 @@
}
{
type = "group";
val = [
{
type = "text";
val = " To browse files press '<leader>ff'";
opts = {
position = "center";
};
}
];
opts = {
position = "center";
};
val = [{
type = "text";
val = " To browse files press '<leader>ff'";
opts = { position = "center"; };
}];
opts = { position = "center"; };
}
{
type = "padding";
@ -651,17 +603,17 @@
action = ''"+P'';
}
{
mode = ["n" "v"];
mode = [ "n" "v" ];
key = "<leader>y";
action = ''"+y'';
}
{
mode = ["n"];
mode = [ "n" ];
key = "<leader>Y";
action = ''"+Y'';
}
{
mode = ["n"];
mode = [ "n" ];
key = "<leader>sr";
action = ''
function()
@ -671,7 +623,7 @@
lua = true;
}
{
mode = ["n"];
mode = [ "n" ];
key = "<leader>qs";
action = ''
function()
@ -682,7 +634,7 @@
options.desc = "Load the session for the current directory";
}
{
mode = ["n"];
mode = [ "n" ];
key = "<leader>qS";
action = ''
function()
@ -693,7 +645,7 @@
options.desc = "Select a session to load";
}
{
mode = ["n"];
mode = [ "n" ];
key = "<leader>ql";
action = ''
function()
@ -704,7 +656,7 @@
options.desc = "Load the last session";
}
{
mode = ["n"];
mode = [ "n" ];
key = "<leader>qd";
action = ''
function()

12
home/modules/qt.nix
View file

@ -1,14 +1,8 @@
{
config,
lib,
inputs,
pkgs,
...
}: {
{ config, lib, inputs, pkgs, ... }: {
qt.style.package = pkgs.catppuccin-kde.override {
accents = ["pink"];
accents = [ "pink" ];
size = "compact";
tweaks = ["rimless"];
tweaks = [ "rimless" ];
variant = "mocha";
};
}

23
home/modules/rofi.nix
View file

@ -1,10 +1,4 @@
{
config,
pkgs,
inputs,
lib,
...
}: {
{ config, pkgs, inputs, lib, ... }: {
programs.rbw = {
enable = config.os == "linux";
settings = {
@ -16,7 +10,7 @@
programs.rofi = {
enable = config.os == "linux";
package = pkgs.rofi-wayland;
plugins = [pkgs.rofi-rbw-wayland pkgs.rofi-power-menu];
plugins = [ pkgs.rofi-rbw-wayland pkgs.rofi-power-menu ];
extraConfig = {
terminal = "foot";
disable-history = false;
@ -25,15 +19,10 @@
sort = true;
drun-display-format = "{icon} {name}";
display-drun = " Run ";
modi = lib.strings.concatStringsSep "," [
"run"
"drun"
"filebrowser"
];
modi = lib.strings.concatStringsSep "," [ "run" "drun" "filebrowser" ];
font = "Hasklug Nerd Font Mono 13";
};
theme = let
mkLiteral = config.lib.formats.rasi.mkLiteral;
theme = let mkLiteral = config.lib.formats.rasi.mkLiteral;
in {
"*" = {
# bg = mkLiteral "#303446FF";
@ -63,9 +52,7 @@
text-color = mkLiteral "@fg";
};
"#textbox-prompt-colon" = {
text-color = mkLiteral "@fg";
};
"#textbox-prompt-colon" = { text-color = mkLiteral "@fg"; };
"#entry" = {
background-color = mkLiteral "@bg";

263
home/modules/shell.nix
View file

@ -1,43 +1,39 @@
{
config,
pkgs,
lib,
inputs,
...
}: {
{ config, pkgs, lib, inputs, ... }: {
programs = {
zsh = {
enable =
if (config.os == "linux")
then true
else false;
enable = if (config.os == "linux") then true else false;
oh-my-zsh = {
enable = true;
plugins = ["git" "tailscale"];
plugins = [ "git" "tailscale" ];
# theme = "lambda";
};
envExtra = "ZELLIJ_AUTO_ATTACH=true\n${if config.host == "yosai" then "ZSH_THEME=\"\"\nPS1=\"%F{127}[%F{135}%n%F{127}@%F{135}%m%F{127}:%F{135}%2~%F{127}]%#%f\"\n" else ""}";
initExtraFirst =
if !(config.os == "linux")
then "export PATH=$PATH:~/.cargo/bin/\n${pkgs.hyfetch}/bin/hyfetch\n"
else
"${pkgs.hyfetch}/bin/hyfetch\neval $(ssh-agent)\n"
+ (
if config.host == "asmodeus"
then "comin status\n"
else ""
);
plugins = [
{
name = "zsh-autocomplete";
src = pkgs.fetchFromGitHub {
owner = "marlonrichert";
repo = "zsh-autocomplete";
rev = "23.07.13";
sha256 = "sha256-/6V6IHwB5p0GT1u5SAiUa20LjFDSrMo731jFBq/bnpw=";
};
}
];
envExtra = ''
ZELLIJ_AUTO_ATTACH=true
${if config.host == "yosai" then ''
ZSH_THEME=""
PS1="%F{127}[%F{135}%n%F{127}@%F{135}%m%F{127}:%F{135}%2~%F{127}]%#%f"
'' else
""}'';
initExtraFirst = if !(config.os == "linux") then ''
export PATH=$PATH:~/.cargo/bin/
${pkgs.hyfetch}/bin/hyfetch
'' else
''
${pkgs.hyfetch}/bin/hyfetch
eval $(ssh-agent)
'' + (if config.host == "asmodeus" then ''
comin status
'' else
"");
plugins = [{
name = "zsh-autocomplete";
src = pkgs.fetchFromGitHub {
owner = "marlonrichert";
repo = "zsh-autocomplete";
rev = "23.07.13";
sha256 = "sha256-/6V6IHwB5p0GT1u5SAiUa20LjFDSrMo731jFBq/bnpw=";
};
}];
};
hyfetch = {
enable = true;
@ -48,7 +44,7 @@
lightness = 0.5;
color_align = {
mode = "horizontal";
custom_colors = [];
custom_colors = [ ];
fore_back = null;
};
};
@ -65,124 +61,119 @@
nushell = {
enable = true;
shellAliases = {
ls = "eza -l --icons --tree --level 2 --header --git --group-directories-first";
ls =
"eza -l --icons --tree --level 2 --header --git --group-directories-first";
# reload = "clear; source $nu.config-path";
};
extraConfig = "maxfetch";
envFile = {
text = ''
$env.ZELLIJ_AUTO_ATTACH = 'true'
$env.GPG_TTY = (tty)
'';
text = " $env.ZELLIJ_AUTO_ATTACH = 'true'\n $env.GPG_TTY = (tty)\n";
};
configFile = {
# text = builtins.readFile ../config-files/config.nu;
text = ''
def start_zellij [] {
if 'ZELLIJ' not-in ($env | columns) {
if 'ZELLIJ_AUTO_ATTACH' in ($env | columns) and $env.ZELLIJ_AUTO_ATTACH == 'true' {
zellij attach -c
} else {
zellij
}
if 'ZELLIJ_AUTO_EXIT' in ($env | columns) and $env.ZELLIJ_AUTO_EXIT == 'true' {
exit
}
}
}
text = ''
def start_zellij [] {
if 'ZELLIJ' not-in ($env | columns) {
if 'ZELLIJ_AUTO_ATTACH' in ($env | columns) and $env.ZELLIJ_AUTO_ATTACH == 'true' {
zellij attach -c
} else {
zellij
}
if 'ZELLIJ_AUTO_EXIT' in ($env | columns) and $env.ZELLIJ_AUTO_EXIT == 'true' {
exit
}
}
}
#start_zellij
$env.config = {
show_banner: false
menus: [
{
name: ide_completion_menu
only_buffer_difference: false
marker: "| "
type: {
layout: ide
min_completion_width: 0,
max_completion_width: 50,
max_completion_height: 10, # will be limited by the available lines in the terminal
padding: 0,
border: true,
cursor_offset: 0,
description_mode: "prefer_right"
min_description_width: 0
max_description_width: 50
max_description_height: 10
description_offset: 1
correct_cursor_pos: false
}
style: {
text: green
selected_text: { attr: r }
description_text: yellow
match_text: { attr: u }
selected_match_text: { attr: ur }
}
}
]
keybindings: [
{
name: ide_completion_menu
modifier: none
keycode: tab
mode: [emacs vi_normal vi_insert]
event: {
until: [
{ send: menu name: ide_completion_menu }
{ send: menunext }
{ edit: complete }
]
}
}
]
};
'';
#start_zellij
$env.config = {
show_banner: false
menus: [
{
name: ide_completion_menu
only_buffer_difference: false
marker: "| "
type: {
layout: ide
min_completion_width: 0,
max_completion_width: 50,
max_completion_height: 10, # will be limited by the available lines in the terminal
padding: 0,
border: true,
cursor_offset: 0,
description_mode: "prefer_right"
min_description_width: 0
max_description_width: 50
max_description_height: 10
description_offset: 1
correct_cursor_pos: false
}
style: {
text: green
selected_text: { attr: r }
description_text: yellow
match_text: { attr: u }
selected_match_text: { attr: ur }
}
}
]
keybindings: [
{
name: ide_completion_menu
modifier: none
keycode: tab
mode: [emacs vi_normal vi_insert]
event: {
until: [
{ send: menu name: ide_completion_menu }
{ send: menunext }
{ edit: complete }
]
}
}
]
};
'';
};
};
carapace.enable = true;
carapace.enableNushellIntegration = true;
starship = let
flavour = "mocha";
starship = let flavour = "mocha";
in {
enable = if config.host == "yosai" then false else true;
enableNushellIntegration = true;
enableBashIntegration = true;
enableZshIntegration = true;
settings =
{
# Other config here
character = {
success_symbol = "[λ::](bold green)";
error_symbol = "[λ::](bold red)";
};
username = {
style_user = "bold pink";
format = "[$user]($style)";
show_always = true;
disabled = false;
};
hostname = {
ssh_only = false;
format = "[ ](bold pink)[$hostname](bold flamingo)";
disabled = false;
};
right_format = "$all";
format = ''
$username$hostname in $directory
$character'';
palette = "catppuccin_${flavour}";
}
// builtins.fromTOML (builtins.readFile (pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "starship";
rev = "5629d2356f62a9f2f8efad3ff37476c19969bd4f"; # Replace with the latest commit hash
sha256 = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0=";
}
+ /palettes/${flavour}.toml));
settings = {
# Other config here
character = {
success_symbol = "[λ::](bold green)";
error_symbol = "[λ::](bold red)";
};
username = {
style_user = "bold pink";
format = "[$user]($style)";
show_always = true;
disabled = false;
};
hostname = {
ssh_only = false;
format = "[ ](bold pink)[$hostname](bold flamingo)";
disabled = false;
};
right_format = "$all";
format = ''
$username$hostname in $directory
$character'';
palette = "catppuccin_${flavour}";
} // builtins.fromTOML (builtins.readFile (pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "starship";
rev =
"5629d2356f62a9f2f8efad3ff37476c19969bd4f"; # Replace with the latest commit hash
sha256 = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0=";
} + /palettes/${flavour}.toml));
};
};
}

17
home/modules/sops.nix
View file

@ -1,19 +1,14 @@
{
inputs,
config,
lib,
...
}: {
{ inputs, config, lib, ... }: {
sops = {
defaultSopsFile = ../../secrets.yaml;
validateSopsFiles = false;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
keyFile =
if (config.os == "linux")
then "/home/xqtc/.config/sops/age/keys.txt"
else "/Users/xqtc/.config/sops/age/keys.txt";
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = if (config.os == "linux") then
"/home/xqtc/.config/sops/age/keys.txt"
else
"/Users/xqtc/.config/sops/age/keys.txt";
generateKey = true;
};
};

11
home/modules/spicetify.nix
View file

@ -1,12 +1,7 @@
{
pkgs,
lib,
inputs,
...
}: let
spicePkgs = inputs.spicetify-nix.packages.${pkgs.system}.default;
{ pkgs, lib, inputs, ... }:
let spicePkgs = inputs.spicetify-nix.packages.${pkgs.system}.default;
in {
imports = [inputs.spicetify-nix.homeManagerModule];
imports = [ inputs.spicetify-nix.homeManagerModule ];
programs.spicetify = lib.mkIf (pkgs.system == "x86_64-linux") {
enable = false;

8
home/modules/spotify-cli.nix
View file

@ -1,10 +1,4 @@
{
config,
pkgs,
lib,
inputs,
...
}: {
{ config, pkgs, lib, inputs, ... }: {
services.spotifyd.enable = config.os == "linux";
#services.spotifyd.settings.global = {
# bitrate = 320;

14
home/modules/ssh.nix
View file

@ -1,10 +1,4 @@
{
inputs,
lib,
config,
pkgs,
...
}: {
{ inputs, lib, config, pkgs, ... }: {
sops = {
# defaultSopsFile = ../secrets.yaml;
# validateSopsFiles = false;
@ -38,10 +32,6 @@
programs.ssh = {
enable = true;
forwardAgent = true;
matchBlocks = {
"ryuko.suizid.jetzt" = {
user = "root";
};
};
matchBlocks = { "ryuko.suizid.jetzt" = { user = "root"; }; };
};
}

25
home/modules/tmux.nix
View file

@ -1,5 +1,4 @@
{config, pkgs, lib, ...}:
{
{ config, pkgs, lib, ... }: {
programs.tmux = {
enable = true;
extraConfig = ''
@ -15,7 +14,7 @@
set -g mouse on
set-option -g allow-rename off
set -g base-index 1
set -g pane-base-index 1
set-window-option -g pane-base-index 1
@ -25,24 +24,18 @@
bind '"' split-window -v -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
'';
plugins = with pkgs;[
plugins = with pkgs; [
tmuxPlugins.cpu
tmuxPlugins.resurrect
{
plugin = tmuxPlugins.continuum;
extraConfig = ''
set -g @continuum-restore 'on'
'';
plugin = tmuxPlugins.continuum;
extraConfig = " set -g @continuum-restore 'on'\n";
}
{
plugin = tmuxPlugins.yank;
extraConfig = ''
# keybindings
bind-key -T copy-mode-vi v send-keys -X begin-selection
bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle
bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel
'';
plugin = tmuxPlugins.yank;
extraConfig =
" # keybindings\n bind-key -T copy-mode-vi v send-keys -X begin-selection\n bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle\n bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel\n";
}
];
];
};
}

121
home/modules/wm.nix
View file

@ -1,10 +1,4 @@
{
config,
pkgs,
lib,
inputs,
...
}: {
{ config, pkgs, lib, inputs, ... }: {
wayland.windowManager.hyprland = {
enable = config.os == "linux";
package = pkgs.hyprland;
@ -39,13 +33,9 @@
};
};
imports = [inputs.hyprpanel.homeManagerModules.hyprpanel];
imports = [ inputs.hyprpanel.homeManagerModules.hyprpanel ];
programs.hyprpanel = {
enable = (
if (config.host != "yosai")
then true
else false
);
enable = (if (config.host != "yosai") then true else false);
systemd.enable = false;
hyprland.enable = true;
overwrite.enable = true;
@ -54,9 +44,17 @@
layout = {
"bar.layouts" = {
"*" = {
left = ["dashboard" "windowtitle" "systray" "cpu" "ram" "netstat"];
middle = ["workspaces"];
right = ["media" "clock" "hypridle" "battery" "bluetooth" "volume" "notifications"];
left = [ "dashboard" "windowtitle" "systray" "cpu" "ram" "netstat" ];
middle = [ "workspaces" ];
right = [
"media"
"clock"
"hypridle"
"battery"
"bluetooth"
"volume"
"notifications"
];
};
# "1" = {
# left = ["dashboard" "windowtitle" "systray" "ram" "netstat"];
@ -84,7 +82,8 @@
bar.autoHide = "fullscreen";
notifications.position = "top right";
#bar.windowtitle.leftClick = "'pkill rofi||/nix/store/rsb5ihbh4m3q4x046vc0y1r301i8j3is-ags-1.8.2/bin/ags -t overview'";
menus.dashboard.powermenu.avatar.image = "${../config-files/hyprlock-pfp.jpg}";
menus.dashboard.powermenu.avatar.image =
"${../config-files/hyprlock-pfp.jpg}";
theme.bar.buttons.workspaces.spacing = "0.5";
theme.bar.buttons.background_hover_opacity = 80;
theme.bar.buttons.innerRadiusMultiplier = "0.4";
@ -198,9 +197,11 @@
};
home.file.".config/hypr/pfp.jpg".source = ../config-files/hyprlock-pfp2.jpg;
home.file.".config/hypr/nixos-logo.png".source = ../config-files/nix-snowflake-trans-colours.png;
home.file.".config/hypr/nixos-logo.png".source =
../config-files/nix-snowflake-trans-colours.png;
home.file.".config/hypr/bg.png".source = ../../walls/walls/98223673_p0.png;
home.file.".config/hypr/chaos_star_white.png".source = ../config-files/chaos_star_white.png;
home.file.".config/hypr/chaos_star_white.png".source =
../config-files/chaos_star_white.png;
programs.hyprlock = {
enable = true;
@ -212,31 +213,27 @@
no_fade_in = false;
};
background = [
{
# path = "~/.config/hypr/bg.png";
path = "screenshot";
blur_passes = 3;
blur_size = 8;
# color = "rgb(0e1419)";
}
];
background = [{
# path = "~/.config/hypr/bg.png";
path = "screenshot";
blur_passes = 3;
blur_size = 8;
# color = "rgb(0e1419)";
}];
input-field = [
{
size = "200, 50";
position = "0, -80";
monitor = "";
dots_center = true;
fade_on_empty = false;
font_color = "rgb(f5a9b8)";
inner_color = "rgb(14, 20, 25)";
outer_color = "rgb(25, 19, 14)";
outline_thickness = 5;
placeholder_text = "<span foreground=\"##f5a9b8\">Password...</span>";
shadow_passes = 2;
}
];
input-field = [{
size = "200, 50";
position = "0, -80";
monitor = "";
dots_center = true;
fade_on_empty = false;
font_color = "rgb(f5a9b8)";
inner_color = "rgb(14, 20, 25)";
outer_color = "rgb(25, 19, 14)";
outline_thickness = 5;
placeholder_text = ''<span foreground="##f5a9b8">Password...</span>'';
shadow_passes = 2;
}];
image = [
{
size = "120";
@ -321,10 +318,11 @@
# text = "TRANS RIGHTS OR RIOT NIGHTS!";
# color = "gradient(rgb(5bcefa) rgb(f5a9bb) rgb(ffffff) rgb(f5a9bb) rgb(5bcefa))";
# text = "cmd[update:30000] echo \"<span foreground='##f5a9b8'> $(cat /sys/class/power_supply/BAT0/capacity)</span>\"";
text =
if config.host != "asmodeus"
then "cmd[update:1000] echo \"<span foreground='##f5a9b8'>$(for bat in /sys/class/power_supply/BAT*/capacity; do echo -n \" $(basename $(dirname \"$bat\")): $(cat \"$bat\")% \"; done)</span>\""
else "<span foreground='##f5a9b8'><i>asmodeus</i></span>";
text = if config.host != "asmodeus" then
''
cmd[update:1000] echo "<span foreground='##f5a9b8'>$(for bat in /sys/class/power_supply/BAT*/capacity; do echo -n " $(basename $(dirname "$bat")): $(cat "$bat")% "; done)</span>"''
else
"<span foreground='##f5a9b8'><i>asmodeus</i></span>";
font_size = 15;
halign = "center";
@ -332,10 +330,11 @@
position = "0, -350";
}
{
text =
if config.host != "asmodeus"
then "cmd[update:1000] echo \"<span foreground='##f5a9b8'><i>$(echo -n $(hostname))</i></span>\""
else "";
text = if config.host != "asmodeus" then
''
cmd[update:1000] echo "<span foreground='##f5a9b8'><i>$(echo -n $(hostname))</i></span>"''
else
"";
font_size = 15;
halign = "center";
@ -347,9 +346,7 @@
};
programs.waybar =
/*
lib.mkIf (pkgs.system == "x86_64-linux")
*/
# lib.mkIf (pkgs.system == "x86_64-linux")
{
enable = config.os == "linux";
settings = {
@ -359,14 +356,18 @@
height = 30;
margin-top = 10;
margin-bottom = 10;
modules-left = ["hyprland/workspaces" "keyboard-state"];
modules-center = ["cpu" "memory" "disk" "disk#HDD1" "disk#HDD2" "network"];
modules-right = ["tray" "battery" "battery#bat2" "battery#bat3" "clock"];
"tray" = {"icon-size" = 21;};
modules-left = [ "hyprland/workspaces" "keyboard-state" ];
modules-center =
[ "cpu" "memory" "disk" "disk#HDD1" "disk#HDD2" "network" ];
modules-right =
[ "tray" "battery" "battery#bat2" "battery#bat3" "clock" ];
"tray" = { "icon-size" = 21; };
"network" = {
"interval" = 3;
"format-wifi" = "NET: {essid} {ipaddr}/{cidr} ({signalStrength}%) {bandwidthUpBits} {bandwidthDownBits} ";
"format-ethernet" = "NET: {ipaddr}/{cidr} {bandwidthUpBits} {bandwidthDownBits} ";
"format-wifi" =
"NET: {essid} {ipaddr}/{cidr} ({signalStrength}%) {bandwidthUpBits} {bandwidthDownBits} ";
"format-ethernet" =
"NET: {ipaddr}/{cidr} {bandwidthUpBits} {bandwidthDownBits} ";
"format-disconnected" = "";
"max-length" = 100;
};

10
home/modules/yazi.nix
View file

@ -1,12 +1,8 @@
{
config,
lib,
pkgs,
...
}: {
{ config, lib, pkgs, ... }: {
programs.yazi = {
enable = false;
enableNushellIntegration = true;
theme = builtins.fromTOML (builtins.readFile ../config-files/yazi-catppuccin-mocha.toml);
theme = builtins.fromTOML
(builtins.readFile ../config-files/yazi-catppuccin-mocha.toml);
};
}

106
home/modules/zellij.nix
View file

@ -1,15 +1,11 @@
{
config,
lib,
inputs,
pkgs,
...
}: {
{ config, lib, inputs, pkgs, ... }: {
home.file.".config/zellij/plugins/zellij-forgot.wasm".source = pkgs.fetchurl {
url = "https://github.com/karimould/zellij-forgot/releases/download/0.4.1/zellij_forgot.wasm";
url =
"https://github.com/karimould/zellij-forgot/releases/download/0.4.1/zellij_forgot.wasm";
hash = "sha256-kBGZG+I9PMKhXtyAy6XRW4Sqht0/RCDcv86p0WjxvN8=";
};
xdg.configFile."zellij/layouts/default.kdl".text = '' layout {
xdg.configFile."zellij/layouts/default.kdl".text = ''
layout {
default_tab_template {
children
pane size=1 borderless=true {
@ -89,55 +85,57 @@
enableZshIntegration = true;
settings = {
plugins = {
"zellij-forgot location=\"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" = {};
"zellij-forgot location=\"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" =
{ };
};
keybinds = {
"shared_except \"locked\"" = {
"bind \"Ctrl y\"" = {
"LaunchOrFocusPlugin \"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" = {
"\"lock\"" = "ctrl + g";
"\"unlock\"" = "ctrl + g";
"\"new pane\"" = "ctrl + p + n";
"\"change focus of pane\"" = "ctrl + p + arrow key";
"\"close pane\"" = "ctrl + p + x";
"\"rename pane\"" = "ctrl + p + c";
"\"toggle fullscreen\"" = "ctrl + p + f";
"\"toggle floating pane\"" = "ctrl + p + w";
"\"toggle embed pane\"" = "ctrl + p + e";
"\"choose right pane\"" = "ctrl + p + l";
"\"choose left pane\"" = "ctrl + p + r";
"\"choose upper pane\"" = "ctrl + p + k";
"\"choose lower pane\"" = "ctrl + p + j";
"\"new tab\"" = "ctrl + t + n";
"\"close tab\"" = "ctrl + t + x";
"\"change focus of tab\"" = "ctrl + t + arrow key";
"\"rename tab\"" = "ctrl + t + r";
"\"sync tab\"" = "ctrl + t + s";
"\"brake pane to new tab\"" = "ctrl + t + b";
"\"brake pane left\"" = "ctrl + t + [";
"\"brake pane right\"" = "ctrl + t + ]";
"\"toggle tab\"" = "ctrl + t + tab";
"\"increase pane size\"" = "ctrl + n + +";
"\"decrease pane size\"" = "ctrl + n + -";
"\"increase pane top\"" = "ctrl + n + k";
"\"increase pane right\"" = "ctrl + n + l";
"\"increase pane bottom\"" = "ctrl + n + j";
"\"increase pane left\"" = "ctrl + n + h";
"\"decrease pane top\"" = "ctrl + n + K";
"\"decrease pane right\"" = "ctrl + n + L";
"\"decrease pane bottom\"" = "ctrl + n + J";
"\"decrease pane left\"" = "ctrl + n + H";
"\"move pane to top\"" = "ctrl + h + k";
"\"move pane to right\"" = "ctrl + h + l";
"\"move pane to bottom\"" = "ctrl + h + j";
"\"move pane to left\"" = "ctrl + h + h";
"\"search\"" = "ctrl + s + s";
"\"go into edit mode\"" = "ctrl + s + e";
"\"detach session\"" = "ctrl + o + w";
"\"open session manager\"" = "ctrl + o + w";
"\"quit zellij\"" = "ctrl + q";
"floating true" = "";
};
"LaunchOrFocusPlugin \"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" =
{
"\"lock\"" = "ctrl + g";
"\"unlock\"" = "ctrl + g";
"\"new pane\"" = "ctrl + p + n";
"\"change focus of pane\"" = "ctrl + p + arrow key";
"\"close pane\"" = "ctrl + p + x";
"\"rename pane\"" = "ctrl + p + c";
"\"toggle fullscreen\"" = "ctrl + p + f";
"\"toggle floating pane\"" = "ctrl + p + w";
"\"toggle embed pane\"" = "ctrl + p + e";
"\"choose right pane\"" = "ctrl + p + l";
"\"choose left pane\"" = "ctrl + p + r";
"\"choose upper pane\"" = "ctrl + p + k";
"\"choose lower pane\"" = "ctrl + p + j";
"\"new tab\"" = "ctrl + t + n";
"\"close tab\"" = "ctrl + t + x";
"\"change focus of tab\"" = "ctrl + t + arrow key";
"\"rename tab\"" = "ctrl + t + r";
"\"sync tab\"" = "ctrl + t + s";
"\"brake pane to new tab\"" = "ctrl + t + b";
"\"brake pane left\"" = "ctrl + t + [";
"\"brake pane right\"" = "ctrl + t + ]";
"\"toggle tab\"" = "ctrl + t + tab";
"\"increase pane size\"" = "ctrl + n + +";
"\"decrease pane size\"" = "ctrl + n + -";
"\"increase pane top\"" = "ctrl + n + k";
"\"increase pane right\"" = "ctrl + n + l";
"\"increase pane bottom\"" = "ctrl + n + j";
"\"increase pane left\"" = "ctrl + n + h";
"\"decrease pane top\"" = "ctrl + n + K";
"\"decrease pane right\"" = "ctrl + n + L";
"\"decrease pane bottom\"" = "ctrl + n + J";
"\"decrease pane left\"" = "ctrl + n + H";
"\"move pane to top\"" = "ctrl + h + k";
"\"move pane to right\"" = "ctrl + h + l";
"\"move pane to bottom\"" = "ctrl + h + j";
"\"move pane to left\"" = "ctrl + h + h";
"\"search\"" = "ctrl + s + s";
"\"go into edit mode\"" = "ctrl + s + e";
"\"detach session\"" = "ctrl + o + w";
"\"open session manager\"" = "ctrl + o + w";
"\"quit zellij\"" = "ctrl + q";
"floating true" = "";
};
};
};
};

7
home/modules/zoxide.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
programs.zoxide = {
enable = true;
enableNushellIntegration = true;

14
home/packages/dwl.nix
View file

@ -1,16 +1,8 @@
{
pkgs,
patches,
dwl-source,
cmd,
...
}:
pkgs.dwl.overrideAttrs
(finalAttrs: previousAttrs: {
{ pkgs, patches, dwl-source, cmd, ... }:
pkgs.dwl.overrideAttrs (finalAttrs: previousAttrs: {
src = dwl-source;
inherit patches;
postPatch = let
configFile = ../config-files/dwl/dwl-config.h;
postPatch = let configFile = ../config-files/dwl/dwl-config.h;
in ''
cp ${configFile} config.def.h
substituteInPlace ./config.def.h --replace "@TERMINAL" "${cmd.terminal}"

25
home/programs/dwl.nix
View file

@ -1,11 +1,6 @@
{
config,
pkgs,
lib,
dwl-source,
...
}:
with lib; let
{ config, pkgs, lib, dwl-source, ... }:
with lib;
let
cfg = config.programs.dwl;
dwlPackage = import ../packages/dwl.nix {
inherit pkgs;
@ -19,17 +14,9 @@ in {
type = types.package;
default = dwlPackage;
};
patches = mkOption {
default = [];
};
cmd = {
terminal = mkOption {
default = "";
};
};
patches = mkOption { default = [ ]; };
cmd = { terminal = mkOption { default = ""; }; };
};
config = mkIf cfg.enable {
home.packages = [cfg.package];
};
config = mkIf cfg.enable { home.packages = [ cfg.package ]; };
}

2
home/system.nix
View file

@ -1,4 +1,4 @@
{lib, ...}: {
{ lib, ... }: {
options.os = lib.mkOption {
type = lib.types.str;
default = "linux";

6
hosts/aarch64-linux/alastor/apple-silicon-support/default.nix
View file

@ -1,5 +1 @@
{...}: {
imports = [
./modules/default.nix
];
}
{ ... }: { imports = [ ./modules/default.nix ]; }

16
hosts/aarch64-linux/alastor/apple-silicon-support/modules/boot-m1n1/default.nix
View file

@ -1,9 +1,5 @@
{
config,
pkgs,
lib,
...
}: let
{ config, pkgs, lib, ... }:
let
pkgs' = config.hardware.asahi.pkgs;
bootM1n1 = pkgs'.m1n1.override {
@ -12,12 +8,10 @@
customLogo = config.boot.m1n1CustomLogo;
};
bootUBoot = pkgs'.uboot-asahi.override {
m1n1 = bootM1n1;
};
bootUBoot = pkgs'.uboot-asahi.override { m1n1 = bootM1n1; };
bootFiles = {
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" { } ''
cat ${bootM1n1}/build/m1n1.bin > $out
cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
@ -33,7 +27,7 @@ in {
boot.loader.systemd-boot.extraFiles = bootFiles;
# ensure the installer has m1n1 in the image
system.extraDependencies = lib.mkForce [bootM1n1 bootUBoot];
system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
system.build.m1n1 = bootFiles."m1n1/boot.bin";
};

42
hosts/aarch64-linux/alastor/apple-silicon-support/modules/default.nix
View file

@ -1,33 +1,19 @@
{
config,
pkgs,
lib,
...
}: {
imports = [
./kernel
./mesa
./peripheral-firmware
./boot-m1n1
./sound
];
{ config, pkgs, lib, ... }: {
imports = [ ./kernel ./mesa ./peripheral-firmware ./boot-m1n1 ./sound ];
config = let
cfg = config.hardware.asahi;
in
lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [cfg.overlay];
config = let cfg = config.hardware.asahi;
in lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
hardware.asahi.pkgs =
if cfg.pkgsSystem != "aarch64-linux"
then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [cfg.overlay];
}
else pkgs;
};
hardware.asahi.pkgs = if cfg.pkgsSystem != "aarch64-linux" then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ];
}
else
pkgs;
};
options.hardware.asahi = {
enable = lib.mkOption {

21
hosts/aarch64-linux/alastor/apple-silicon-support/modules/kernel/default.nix
View file

@ -1,18 +1,11 @@
# the Asahi Linux kernel and options that must go along with it
{
config,
pkgs,
lib,
...
}: {
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.hardware.asahi.enable {
boot.kernelPackages = let
pkgs' = config.hardware.asahi.pkgs;
in
pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
};
boot.kernelPackages = let pkgs' = config.hardware.asahi.pkgs;
in pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
};
# we definitely want to use CONFIG_ENERGY_MODEL, and
# schedutil is a prerequisite for using it
@ -96,7 +89,7 @@
};
imports = [
(lib.mkRemovedOptionModule ["hardware" "asahi" "addEdgeKernelConfig"]
(lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
"All edge kernel config options are now the default.")
];

88
hosts/aarch64-linux/alastor/apple-silicon-support/modules/mesa/default.nix
View file

@ -1,53 +1,43 @@
{
config,
pkgs,
lib,
...
}: {
{ config, pkgs, lib, ... }: {
config = let
isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode);
in
lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the drivers
hardware.opengl.package = config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
isMode = mode:
(config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode);
in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the drivers
hardware.opengl.package =
config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
(lib.mkIf (isMode "replace") {
# replace the Mesa linked into system packages with the Asahi version
# without rebuilding them to avoid rebuilding the world.
system.replaceRuntimeDependencies = [
{
original = pkgs.mesa;
replacement = config.hardware.asahi.pkgs.mesa-asahi-edge;
}
];
})
(lib.mkIf (isMode "overlay") {
# replace the Mesa used in Nixpkgs with the Asahi version using an overlay,
# which requires rebuilding the world but ensures it is done faithfully
# (and in a way compatible with pure evaluation)
nixpkgs.overlays = [
(final: prev: {
mesa = final.mesa-asahi-edge;
})
];
})
]);
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
(lib.mkIf (isMode "replace") {
# replace the Mesa linked into system packages with the Asahi version
# without rebuilding them to avoid rebuilding the world.
system.replaceRuntimeDependencies = [{
original = pkgs.mesa;
replacement = config.hardware.asahi.pkgs.mesa-asahi-edge;
}];
})
(lib.mkIf (isMode "overlay") {
# replace the Mesa used in Nixpkgs with the Asahi version using an overlay,
# which requires rebuilding the world but ensures it is done faithfully
# (and in a way compatible with pure evaluation)
nixpkgs.overlays = [ (final: prev: { mesa = final.mesa-asahi-edge; }) ];
})
]);
options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
type = lib.types.bool;
@ -60,7 +50,7 @@
};
options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
type = lib.types.enum ["driver" "replace" "overlay"];
type = lib.types.enum [ "driver" "replace" "overlay" ];
default = "replace";
description = ''
Mode to use to install the experimental GPU driver into the system.

38
hosts/aarch64-linux/alastor/apple-silicon-support/modules/peripheral-firmware/default.nix
View file

@ -1,29 +1,20 @@
{
config,
pkgs,
lib,
...
}: {
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.hardware.asahi.enable {
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
{
assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
'';
}
];
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [{
assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
'';
}];
hardware.firmware = let
pkgs' = config.hardware.asahi.pkgs;
in
lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware) [
hardware.firmware = let pkgs' = config.hardware.asahi.pkgs;
in lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware) [
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
nativeBuildInputs = [pkgs'.asahi-fwextract pkgs.cpio];
nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
buildCommand = ''
mkdir extracted
@ -50,9 +41,8 @@
peripheralFirmwareDirectory = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default =
lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
[
default = lib.findFirst
(path: builtins.pathExists (path + "/all_firmware.tar.gz")) null [
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer

128
hosts/aarch64-linux/alastor/apple-silicon-support/modules/sound/default.nix
View file

@ -1,15 +1,9 @@
{
config,
options,
pkgs,
lib,
...
}: {
{ config, options, pkgs, lib, ... }: {
imports = [
# disable pulseaudio as the Asahi sound infrastructure can't use it.
# if we disable it only if setupAsahiSound is enabled, then infinite
# recursion results as pulseaudio enables config.sound by default.
{config.hardware.pulseaudio.enable = !config.hardware.asahi.enable;}
{ config.hardware.pulseaudio.enable = !config.hardware.asahi.enable; }
];
options.hardware.asahi = {
@ -30,75 +24,71 @@
lsp-plugins = pkgs.lsp-plugins; # the lsp-plugins we use
lsp-plugins-is-patched =
(lsp-plugins.overrideAttrs (old: {
passthru =
(old.passthru or {})
// {
lsp-plugins-is-patched =
builtins.elem "58c3f985f009c84347fa91236f164a9e47aafa93.patch"
(builtins.map (p: p.name) (old.patches or []));
};
}))
.lsp-plugins-is-patched;
lsp-plugins-is-patched = (lsp-plugins.overrideAttrs (old: {
passthru = (old.passthru or { }) // {
lsp-plugins-is-patched =
builtins.elem "58c3f985f009c84347fa91236f164a9e47aafa93.patch"
(builtins.map (p: p.name) (old.patches or [ ]));
};
})).lsp-plugins-is-patched;
lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14") || lsp-plugins-is-patched;
lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14")
|| lsp-plugins-is-patched;
# https://github.com/NixOS/nixpkgs/pull/282377
# options is the set of all module option declarations, rather than their
# values, to prevent infinite recursion
newHotness = builtins.hasAttr "configPackages" options.services.pipewire;
lv2Path = lib.makeSearchPath "lib/lv2" [lsp-plugins pkgs.bankstown-lv2];
in
lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
{
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
lv2Path = lib.makeSearchPath "lib/lv2" [ lsp-plugins pkgs.bankstown-lv2 ];
in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
{
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 =
"${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages = lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
}
(lib.optionalAttrs newHotness {
# use configPackages and friends to install asahi-audio and plugins
services.pipewire = {
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
wireplumber = {
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
};
};
})
(lib.optionalAttrs (!newHotness) {
# use environment.etc and environment variables to install asahi-audio and plugins
environment.etc = builtins.listToAttrs (builtins.map (f: {
name = f;
value = { source = "${asahi-audio}/share/${f}"; };
}) asahi-audio.providedConfigFiles);
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages =
lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[pkgs.speakersafetyd];
services.udev.packages = [pkgs.speakersafetyd];
}
(lib.optionalAttrs newHotness {
# use configPackages and friends to install asahi-audio and plugins
services.pipewire = {
configPackages = [asahi-audio];
extraLv2Packages = [lsp-plugins pkgs.bankstown-lv2];
wireplumber = {
configPackages = [asahi-audio];
extraLv2Packages = [lsp-plugins pkgs.bankstown-lv2];
};
};
})
(lib.optionalAttrs (!newHotness) {
# use environment.etc and environment variables to install asahi-audio and plugins
environment.etc = builtins.listToAttrs (builtins.map
(f: {
name = f;
value = {source = "${asahi-audio}/share/${f}";};
})
asahi-audio.providedConfigFiles);
systemd.user.services.pipewire.environment.LV2_PATH = lv2Path;
systemd.user.services.wireplumber.environment.LV2_PATH = lv2Path;
})
]);
systemd.user.services.pipewire.environment.LV2_PATH = lv2Path;
systemd.user.services.wireplumber.environment.LV2_PATH = lv2Path;
})
]);
}

16
hosts/aarch64-linux/alastor/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix
View file

@ -1,8 +1,5 @@
{
lib,
fetchFromGitHub,
alsa-ucm-conf,
}: (alsa-ucm-conf.overrideAttrs (oldAttrs: rec {
{ lib, fetchFromGitHub, alsa-ucm-conf, }:
(alsa-ucm-conf.overrideAttrs (oldAttrs: rec {
version = "5";
src_asahi = fetchFromGitHub {
@ -13,10 +10,7 @@
hash = "sha256-daUNz5oUrPfSMO0Tqq/WbtiLHMOtPeQQlI+juGrhTxw=";
};
postInstall =
oldAttrs.postInstall
or ""
+ ''
cp -r ${src_asahi}/ucm2 $out/share/alsa
'';
postInstall = oldAttrs.postInstall or "" + ''
cp -r ${src_asahi}/ucm2 $out/share/alsa
'';
}))

6
hosts/aarch64-linux/alastor/apple-silicon-support/packages/asahi-audio/default.nix
View file

@ -1,8 +1,4 @@
{
stdenv,
lib,
fetchFromGitHub,
}:
{ stdenv, lib, fetchFromGitHub, }:
stdenv.mkDerivation rec {
pname = "asahi-audio";
# tracking: https://src.fedoraproject.org/rpms/asahi-audio

11
hosts/aarch64-linux/alastor/apple-silicon-support/packages/asahi-fwextract/default.nix
View file

@ -1,11 +1,4 @@
{
lib,
python3,
fetchFromGitHub,
gzip,
gnutar,
lzfse,
}:
{ lib, python3, fetchFromGitHub, gzip, gnutar, lzfse, }:
python3.pkgs.buildPythonApplication rec {
pname = "asahi-fwextract";
version = "0.6.9";
@ -26,7 +19,7 @@ python3.pkgs.buildPythonApplication rec {
--replace '"xf"' '"-x", "-I", "${gzip}/bin/gzip", "-f"'
'';
nativeBuildInputs = [python3.pkgs.setuptools];
nativeBuildInputs = [ python3.pkgs.setuptools ];
doCheck = false;
}

17
hosts/aarch64-linux/alastor/apple-silicon-support/packages/bankstown-lv2/default.nix
View file

@ -1,11 +1,4 @@
{
lib,
lv2,
pkg-config,
rustPlatform,
fetchFromGitHub,
fetchpatch,
}:
{ lib, lv2, pkg-config, rustPlatform, fetchFromGitHub, fetchpatch, }:
rustPlatform.buildRustPackage rec {
pname = "bankstown-lv2";
# tracking: https://src.fedoraproject.org/rpms/rust-bankstown-lv2
@ -28,11 +21,7 @@ rustPlatform.buildRustPackage rec {
make install
'';
nativeBuildInputs = [
pkg-config
];
nativeBuildInputs = [ pkg-config ];
buildInputs = [
lv2
];
buildInputs = [ lv2 ];
}

287
hosts/aarch64-linux/alastor/apple-silicon-support/packages/linux-asahi/default.nix
View file

@ -1,100 +1,69 @@
{
lib,
pkgs,
callPackage,
writeShellScriptBin,
writeText,
removeReferencesTo,
linuxPackagesFor,
withRust ? false,
_kernelPatches ? [],
}: let
{ lib, pkgs, callPackage, writeShellScriptBin, writeText, removeReferencesTo
, linuxPackagesFor, withRust ? false, _kernelPatches ? [ ], }:
let
i = builtins.elemAt;
# parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
# into a list of k, v tuples
parseExtraConfig = config: let
lines =
builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine = line: let
t = lib.strings.splitString " " line;
join = l:
builtins.foldl' (a: b: "${a} ${b}")
(builtins.head l) (builtins.tail l);
v =
if (builtins.length t) > 2
then join (builtins.tail t)
else (i t 1);
in ["CONFIG_${i t 0}" v];
in
map parseLine lines;
parseExtraConfig = config:
let
lines =
builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine = line:
let
t = lib.strings.splitString " " line;
join = l:
builtins.foldl' (a: b: "${a} ${b}") (builtins.head l)
(builtins.tail l);
v =
if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in [ "CONFIG_${i t 0}" v ];
in map parseLine lines;
# parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
# style configuration as found in a patch's extraStructuredConfig into
# a list of k, v tuples
parseExtraStructuredConfig = config:
lib.attrsets.mapAttrsToList
(k: v: ["CONFIG_${k}" (v.tristate or v.freeform)])
config;
(k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ]) config;
parsePatchConfig = {
extraConfig ? "",
extraStructuredConfig ? {},
...
}:
parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? { }, ... }:
(parseExtraConfig extraConfig)
++ (parseExtraStructuredConfig extraStructuredConfig);
# parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
# into a list of k, v tuples
parseConfig = config: let
parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched
t = l: let
v = i l 2;
in [
(i l 0)
(
if v != null
then v
else (i l 3)
)
];
lines = lib.strings.splitString "\n" config;
in
map t (builtins.filter (l: l != null) (map parseLine lines));
parseConfig = config:
let
parseLine =
builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched
t = l: let v = i l 2; in [ (i l 0) (if v != null then v else (i l 3)) ];
lines = lib.strings.splitString "\n" config;
in map t (builtins.filter (l: l != null) (map parseLine lines));
origConfigfile = ./config;
linux-asahi-pkg = {
stdenv,
lib,
fetchFromGitHub,
fetchpatch,
linuxKernel,
rustPlatform,
rustc,
rustfmt,
rust-bindgen,
...
} @ args: let
origConfigText = builtins.readFile origConfigfile;
linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel
, rustPlatform, rustc, rustfmt, rust-bindgen, ... }@args:
let
origConfigText = builtins.readFile origConfigfile;
# extraConfig from all patches in order
extraConfig =
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches;
# config file text for above
extraConfigText = let
text = k: v:
if (v == "y") || (v == "m") || (v == "n")
then "${k}=${v}"
else ''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig);
# extraConfig from all patches in order
extraConfig =
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [ ] _kernelPatches;
# config file text for above
extraConfigText = let
text = k: v:
if (v == "y") || (v == "m") || (v == "n") then
"${k}=${v}"
else
''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig);
# final config as a text file path
configfile =
if extraConfig == []
then origConfigfile
# final config as a text file path
configfile = if extraConfig == [ ] then
origConfigfile
else
writeText "config" ''
${origConfigText}
@ -102,104 +71,88 @@
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# final config as an attrset
configAttrs = let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in
builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# final config as an attrset
configAttrs = let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# used to (ostensibly) keep compatibility for those running stable versions of nixos
rustOlder = version: withRust && (lib.versionOlder rustc.version version);
bindgenOlder = version: withRust && (lib.versionOlder rust-bindgen.unwrapped.version version);
# used to (ostensibly) keep compatibility for those running stable versions of nixos
rustOlder = version: withRust && (lib.versionOlder rustc.version version);
bindgenOlder = version:
withRust && (lib.versionOlder rust-bindgen.unwrapped.version version);
# used to fix issues when nixpkgs gets ahead of the kernel
rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in
(linuxKernel.manualConfig rec {
inherit stdenv lib;
# used to fix issues when nixpkgs gets ahead of the kernel
rustAtLeast = version:
withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version:
withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in (linuxKernel.manualConfig rec {
inherit stdenv lib;
version = "6.6.0-asahi";
modDirVersion = version;
extraMeta.branch = "6.6";
version = "6.6.0-asahi";
modDirVersion = version;
extraMeta.branch = "6.6";
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.6-15";
hash = "sha256-Jm7wTKWuwd/6ZN0g5F4CNNETiOyGQL31hfSyTDYH85k=";
};
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.6-15";
hash = "sha256-Jm7wTKWuwd/6ZN0g5F4CNNETiOyGQL31hfSyTDYH85k=";
};
kernelPatches =
[
{
name = "coreutils-fix";
patch = ./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
}
# speaker enablement; we assert on the relevant lsp-plugins patch
# before installing speakersafetyd to let the speakers work
{
name = "speakers-1";
patch = fetchpatch {
url = "https://github.com/AsahiLinux/linux/commit/385ea7b5023486aba7919cec8b6b3f6a843a1013.patch";
hash = "sha256-u7IzhJbUgBPfhJXAcpHw1I6OPzPHc1UKYjH91Ep3QHQ=";
};
}
{
name = "speakers-2";
patch = fetchpatch {
url = "https://github.com/AsahiLinux/linux/commit/6a24102c06c95951ab992e2d41336cc6d4bfdf23.patch";
hash = "sha256-wn5x2hN42/kCp/XHBvLWeNLfwlOBB+T6UeeMt2tSg3o=";
};
}
]
++ lib.optionals (rustAtLeast "1.75.0") [
{
name = "rustc-1.75.0";
patch = ./0001-check-in-new-alloc-for-1.75.0.patch;
}
]
++ lib.optionals (rustAtLeast "1.76.0") [
{
name = "rustc-1.76.0";
patch = ./rust_1_76_0.patch;
}
]
++ _kernelPatches;
kernelPatches = [
{
name = "coreutils-fix";
patch =
./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
}
# speaker enablement; we assert on the relevant lsp-plugins patch
# before installing speakersafetyd to let the speakers work
{
name = "speakers-1";
patch = fetchpatch {
url =
"https://github.com/AsahiLinux/linux/commit/385ea7b5023486aba7919cec8b6b3f6a843a1013.patch";
hash = "sha256-u7IzhJbUgBPfhJXAcpHw1I6OPzPHc1UKYjH91Ep3QHQ=";
};
}
{
name = "speakers-2";
patch = fetchpatch {
url =
"https://github.com/AsahiLinux/linux/commit/6a24102c06c95951ab992e2d41336cc6d4bfdf23.patch";
hash = "sha256-wn5x2hN42/kCp/XHBvLWeNLfwlOBB+T6UeeMt2tSg3o=";
};
}
] ++ lib.optionals (rustAtLeast "1.75.0") [{
name = "rustc-1.75.0";
patch = ./0001-check-in-new-alloc-for-1.75.0.patch;
}] ++ lib.optionals (rustAtLeast "1.76.0") [{
name = "rustc-1.76.0";
patch = ./rust_1_76_0.patch;
}] ++ _kernelPatches;
inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // {"CONFIG_RUST" = "n";};
}
// (args.argsOverride or {}))
.overrideAttrs (old:
if withRust
then {
nativeBuildInputs =
(old.nativeBuildInputs or [])
++ [
rust-bindgen
rustfmt
rustc
removeReferencesTo
];
inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // { "CONFIG_RUST" = "n"; };
} // (args.argsOverride or { })).overrideAttrs (old:
if withRust then {
nativeBuildInputs = (old.nativeBuildInputs or [ ])
++ [ rust-bindgen rustfmt rustc removeReferencesTo ];
# HACK: references shouldn't have been there in the first place
# TODO: remove once 23.05 is obsolete
postFixup =
(old.postFixup or "")
+ ''
if [ -f $dev/lib/modules/${old.version}/build/vmlinux ]; then
remove-references-to -t $out $dev/lib/modules/${old.version}/build/vmlinux
fi
remove-references-to -t $dev $out/Image
'';
postFixup = (old.postFixup or "") + ''
if [ -f $dev/lib/modules/${old.version}/build/vmlinux ]; then
remove-references-to -t $out $dev/lib/modules/${old.version}/build/vmlinux
fi
remove-references-to -t $dev $out/Image
'';
RUST_LIB_SRC = rustPlatform.rustLibSrc;
}
else {});
} else
{ });
linux-asahi = callPackage linux-asahi-pkg {};
in
lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)
linux-asahi = callPackage linux-asahi-pkg { };
in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

163
hosts/aarch64-linux/alastor/apple-silicon-support/packages/m1n1/default.nix
View file

@ -1,108 +1,85 @@
{
stdenv,
buildPackages,
lib,
fetchFromGitHub,
python3,
dtc,
imagemagick,
isRelease ? false,
withTools ? true,
withChainloading ? false,
rust-bin ? null,
customLogo ? null,
}:
assert withChainloading -> rust-bin != null; let
pyenv = python3.withPackages (p:
with p; [
construct
pyserial
]);
{ stdenv, buildPackages, lib, fetchFromGitHub, python3, dtc, imagemagick
, isRelease ? false, withTools ? true, withChainloading ? false, rust-bin ? null
, customLogo ? null, }:
assert withChainloading -> rust-bin != null;
let
pyenv = python3.withPackages (p: with p; [ construct pyserial ]);
rustenv = rust-bin.selectLatestNightlyWith (toolchain:
toolchain.minimal.override {
targets = ["aarch64-unknown-none-softfloat"];
targets = [ "aarch64-unknown-none-softfloat" ];
});
in
stdenv.mkDerivation rec {
pname = "m1n1";
version = "1.4.11";
in stdenv.mkDerivation rec {
pname = "m1n1";
version = "1.4.11";
src = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/m1n1
owner = "AsahiLinux";
repo = "m1n1";
rev = "v${version}";
hash = "sha256-1lWI9tcOxgrcfaPfdSF+xRE9qofhNR3SQiA4h86VVeE=";
fetchSubmodules = true;
};
src = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/m1n1
owner = "AsahiLinux";
repo = "m1n1";
rev = "v${version}";
hash = "sha256-1lWI9tcOxgrcfaPfdSF+xRE9qofhNR3SQiA4h86VVeE=";
fetchSubmodules = true;
};
makeFlags =
["ARCH=${stdenv.cc.targetPrefix}"]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
nativeBuildInputs =
[
dtc
buildPackages.gcc
]
++ lib.optional withChainloading rustenv
++ lib.optional (customLogo != null) imagemagick;
nativeBuildInputs = [ dtc buildPackages.gcc ]
++ lib.optional withChainloading rustenv
++ lib.optional (customLogo != null) imagemagick;
postPatch = ''
substituteInPlace proxyclient/m1n1/asm.py \
--replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \
--replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"'
'';
postPatch = ''
substituteInPlace proxyclient/m1n1/asm.py \
--replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \
--replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"'
'';
preConfigure = lib.optionalString (customLogo != null) ''
pushd data &>/dev/null
ln -fs ${customLogo} bootlogo_256.png
if [[ "$(magick identify bootlogo_256.png)" != 'bootlogo_256.png PNG 256x256'* ]]; then
echo "Custom logo is not a 256x256 PNG"
exit 1
fi
preConfigure = lib.optionalString (customLogo != null) ''
pushd data &>/dev/null
ln -fs ${customLogo} bootlogo_256.png
if [[ "$(magick identify bootlogo_256.png)" != 'bootlogo_256.png PNG 256x256'* ]]; then
echo "Custom logo is not a 256x256 PNG"
exit 1
fi
rm bootlogo_128.png
convert bootlogo_256.png -resize 128x128 bootlogo_128.png
patchShebangs --build ./makelogo.sh
./makelogo.sh
popd &>/dev/null
'';
rm bootlogo_128.png
convert bootlogo_256.png -resize 128x128 bootlogo_128.png
patchShebangs --build ./makelogo.sh
./makelogo.sh
popd &>/dev/null
'';
installPhase =
''
runHook preInstall
installPhase = ''
runHook preInstall
mkdir -p $out/build
cp build/m1n1.bin $out/build
''
+ (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
mkdir -p $out/build
cp build/m1n1.bin $out/build
'' + (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'')
+ ''
runHook postInstall
'';
}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'') + ''
runHook postInstall
'';
}

27
hosts/aarch64-linux/alastor/apple-silicon-support/packages/mesa-asahi-edge/default.nix
View file

@ -1,18 +1,11 @@
{
lib,
fetchFromGitLab,
mesa,
meson,
llvmPackages,
}:
{ lib, fetchFromGitLab, mesa, meson, llvmPackages, }:
(mesa.override {
galliumDrivers = ["swrast" "asahi"];
vulkanDrivers = ["swrast"];
galliumDrivers = [ "swrast" "asahi" ];
vulkanDrivers = [ "swrast" ];
enableGalliumNine = false;
# libclc and other OpenCL components are needed for geometry shader support on Apple Silicon
enableOpenCL = true;
})
.overrideAttrs (oldAttrs: {
}).overrideAttrs (oldAttrs: {
# version must be the same length (i.e. no unstable or date)
# so that system.replaceRuntimeDependencies can work
version = "24.1.0";
@ -39,15 +32,11 @@
# do not want to add the dependencies
"-Dlibunwind=disabled"
"-Dlmsensors=disabled"
]
++ ( # does not compile on nixpkgs stable, doesn't seem mandatory
] ++ ( # does not compile on nixpkgs stable, doesn't seem mandatory
lib.optional (lib.versionOlder meson.version "1.3.1")
"-Dgallium-rusticl=false"
);
"-Dgallium-rusticl=false");
# replace patches with ones tweaked slightly to apply to this version
patches = [
./disk_cache-include-dri-driver-path-in-cache-key.patch
./opencl.patch
];
patches =
[ ./disk_cache-include-dri-driver-path-in-cache-key.patch ./opencl.patch ];
})

20
hosts/aarch64-linux/alastor/apple-silicon-support/packages/overlay.nix
View file

@ -1,11 +1,13 @@
final: prev: {
linux-asahi = final.callPackage ./linux-asahi {};
m1n1 = final.callPackage ./m1n1 {};
uboot-asahi = final.callPackage ./uboot-asahi {};
asahi-fwextract = final.callPackage ./asahi-fwextract {};
mesa-asahi-edge = final.callPackage ./mesa-asahi-edge {inherit (prev) mesa;};
alsa-ucm-conf-asahi = final.callPackage ./alsa-ucm-conf-asahi {inherit (prev) alsa-ucm-conf;};
speakersafetyd = final.callPackage ./speakersafetyd {};
bankstown-lv2 = final.callPackage ./bankstown-lv2 {};
asahi-audio = final.callPackage ./asahi-audio {};
linux-asahi = final.callPackage ./linux-asahi { };
m1n1 = final.callPackage ./m1n1 { };
uboot-asahi = final.callPackage ./uboot-asahi { };
asahi-fwextract = final.callPackage ./asahi-fwextract { };
mesa-asahi-edge =
final.callPackage ./mesa-asahi-edge { inherit (prev) mesa; };
alsa-ucm-conf-asahi =
final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
speakersafetyd = final.callPackage ./speakersafetyd { };
bankstown-lv2 = final.callPackage ./bankstown-lv2 { };
asahi-audio = final.callPackage ./asahi-audio { };
}

17
hosts/aarch64-linux/alastor/apple-silicon-support/packages/speakersafetyd/default.nix
View file

@ -1,18 +1,11 @@
{
rustPlatform,
stdenv,
rust,
fetchCrate,
pkg-config,
alsa-lib,
}:
{ rustPlatform, stdenv, rust, fetchCrate, pkg-config, alsa-lib, }:
rustPlatform.buildRustPackage rec {
pname = "speakersafetyd";
# tracking: https://src.fedoraproject.org/rpms/rust-speakersafetyd
version = "0.1.9";
nativeBuildInputs = [pkg-config];
buildInputs = [alsa-lib];
nativeBuildInputs = [ pkg-config ];
buildInputs = [ alsa-lib ];
src = fetchCrate {
inherit pname version;
@ -22,7 +15,9 @@ rustPlatform.buildRustPackage rec {
postPatch = ''
substituteInPlace speakersafetyd.service --replace "/usr" "$out"
substituteInPlace Makefile --replace "target/release" "target/${rust.lib.toRustTargetSpec stdenv.hostPlatform}/$cargoBuildType"
substituteInPlace Makefile --replace "target/release" "target/${
rust.lib.toRustTargetSpec stdenv.hostPlatform
}/$cargoBuildType"
'';
installFlags = [

23
hosts/aarch64-linux/alastor/apple-silicon-support/packages/uboot-asahi/default.nix
View file

@ -1,9 +1,4 @@
{
lib,
fetchFromGitHub,
buildUBoot,
m1n1,
}:
{ lib, fetchFromGitHub, buildUBoot, m1n1, }:
(buildUBoot rec {
src = fetchFromGitHub {
# tracking: https://pagure.io/fedora-asahi/uboot-tools/commits/main
@ -15,11 +10,8 @@
version = "2023.07.02.asahi4-1";
defconfig = "apple_m1_defconfig";
extraMeta.platforms = ["aarch64-linux"];
filesToInstall = [
"u-boot-nodtb.bin.gz"
"m1n1-u-boot.bin"
];
extraMeta.platforms = [ "aarch64-linux" ];
filesToInstall = [ "u-boot-nodtb.bin.gz" "m1n1-u-boot.bin" ];
extraConfig = ''
CONFIG_IDENT_STRING=" ${version}"
CONFIG_VIDEO_FONT_4X6=n
@ -27,14 +19,13 @@
CONFIG_VIDEO_FONT_SUN12X22=n
CONFIG_VIDEO_FONT_16X32=y
'';
})
.overrideAttrs (o: {
}).overrideAttrs (o: {
# nixos's downstream patches are not applicable
patches = [
];
patches = [ ];
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
makeFlags =
builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it

32
hosts/aarch64-linux/alastor/default.nix
View file

@ -1,10 +1,4 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
{ config, lib, pkgs, inputs, ... }: {
imports = [
./hardware-configuration.nix
inputs.apple-silicon.nixosModules.apple-silicon-support
@ -29,7 +23,7 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
boot.binfmt.emulatedSystems = ["x86_64-linux"];
boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
@ -37,7 +31,8 @@
services.pcscd.enable = true;
environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed"];
environment.sessionVariables.MOZ_GMP_PATH =
[ "${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed" ];
networking.hostName = "alastor"; # Define your hostname.
# Pick only one of the below networking options.
@ -45,7 +40,8 @@
enable = true;
settings.General.EnableNetworkConfiguration = true;
};
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -94,10 +90,8 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = ["wheel" "audio" "docker"]; # Enable sudo for the user.
packages = with pkgs; [
tree
];
extraGroups = [ "wheel" "audio" "docker" ]; # Enable sudo for the user.
packages = with pkgs; [ tree ];
shell = pkgs.nushell;
};
@ -131,8 +125,8 @@
jellyfin-web
jellyfin-ffmpeg
];
security.pam.services.swaylock = {};
services.udev.packages = with pkgs; [gnome.gnome-settings-daemon];
security.pam.services.swaylock = { };
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
@ -152,8 +146,8 @@
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 2234];
networking.firewall.allowedUDPPorts = [2234];
networking.firewall.allowedTCPPorts = [ 22 2234 ];
networking.firewall.allowedUDPPorts = [ 2234 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -181,5 +175,5 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}

30
hosts/aarch64-linux/alastor/hardware-configuration.nix
View file

@ -1,21 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["usb_storage"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0d3d62cd-ecc8-472c-9d5f-3daf3f1656f1";
@ -27,12 +19,10 @@
fsType = "vfat";
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 12 * 1024;
}
];
swapDevices = [{
device = "/var/lib/swapfile";
size = 12 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

6
hosts/antivirus.nix
View file

@ -1,9 +1,5 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
# services.clamav = {
# updater.enable = true;
# updater.settings = {LogVerbose = true;};

6
hosts/docker.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}: {
{ config, lib, ... }: {
virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
virtualisation.docker.autoPrune.dates = "daily";

3
hosts/gc.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
# nix.gc = {
# automatic = true;
# dates = "daily";

21
hosts/x86_64-linux/asmodeus/hardware-configuration.nix
View file

@ -1,19 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/5e34fc38-c199-4b85-b756-1c65ed7471fc";
@ -33,7 +28,7 @@
# device = "/dev/disk/by-uuid/a3f94664-325b-4f07-bb41-5d2c88d9ac83";
# fsType = "btrfs";
# };
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

35
hosts/x86_64-linux/beleth/borg.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}: {
{ config, lib, pkgs, ... }: {
#
# BACKUP
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u410986-sub1@u410986-sub1.your-storagebox.de:nx-data"
@ -38,7 +33,7 @@
nextcloud_data = {
user = "nextcloud";
group = "nextcloud";
paths = ["${config.services.nextcloud.datadir}"];
paths = [ "${config.services.nextcloud.datadir}" ];
preHook = ''
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --on
'';
@ -48,13 +43,16 @@
repo = "u410986-sub1@u410986-sub1.your-storagebox.de:nx-data";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}";
passCommand =
"cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}";
};
environment = {
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}";
BORG_RSH =
"ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}";
};
compression = "auto,lzma";
startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
startAt =
"Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
};
nextcloud_database = {
user = "nextcloud";
@ -71,23 +69,26 @@
repo = "u410986-sub2@u410986-sub2.your-storagebox.de:nx-db";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}";
passCommand =
"cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}";
};
environment = {
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}";
BORG_RSH =
"ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}";
};
compression = "auto,lzma";
startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
startAt =
"Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
};
};
systemd.services."borgbackup-job-nextcloud_data" = {
onFailure = ["notify-email@%i.service"];
onSuccess = ["notify-email@%i.service"];
onFailure = [ "notify-email@%i.service" ];
onSuccess = [ "notify-email@%i.service" ];
};
systemd.services."borgbackup-job-nextcloud_database" = {
onFailure = ["notify-email@%i.service"];
onSuccess = ["notify-email@%i.service"];
onFailure = [ "notify-email@%i.service" ];
onSuccess = [ "notify-email@%i.service" ];
};
}

11
hosts/x86_64-linux/beleth/caddy.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}: {
{ config, lib, pkgs, ... }: {
services.caddy = {
enable = true;
email = "xqtc@tutanota.com";
@ -35,7 +30,9 @@
# };
"hydra.heroin.trade" = {
extraConfig = ''
reverse_proxy http://localhost:${builtins.toString config.services.hydra.port}
reverse_proxy http://localhost:${
builtins.toString config.services.hydra.port
}
'';
};
"cheats-rs.heroin.trade" = {

6
hosts/x86_64-linux/beleth/calibre-web.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}: {
{ config, lib, ... }: {
services.calibre-web = {
enable = true;
options = {

14
hosts/x86_64-linux/beleth/conduit.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
services.matrix-conduit = {
enable = true;
settings = {
@ -22,11 +17,10 @@
];
turn_secret = "openrelayprojectsecret";
};
extraEnvironment = {
CONDUIT_MAX_CONCURRENT_REQUESTS = "100";
};
extraEnvironment = { CONDUIT_MAX_CONCURRENT_REQUESTS = "100"; };
};
};
networking.firewall.allowedTCPPorts = [config.services.matrix-conduit.settings.global.port];
networking.firewall.allowedTCPPorts =
[ config.services.matrix-conduit.settings.global.port ];
}

37
hosts/x86_64-linux/beleth/default.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib; {
imports = [
./hardware-configuration.nix
@ -40,14 +35,12 @@ with lib; {
services.syncthing.settings.gui.insecureSkipHostcheck = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
nix.settings = {
trusted-users = ["xqtc"];
substituters = [
"https://nix-community.cachix.org"
];
trusted-users = [ "xqtc" ];
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
@ -57,7 +50,8 @@ with lib; {
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "beleth"; # Define your hostname.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.wireguard.enable = true;
# Set your time zone.
@ -65,10 +59,8 @@ with lib; {
users.users.xqtc = {
isNormalUser = true;
extraGroups = ["wheel" "docker"];
packages = with pkgs; [
tree
];
extraGroups = [ "wheel" "docker" ];
packages = with pkgs; [ tree ];
openssh.authorizedKeys.keys = [
# TODO: Add remaining keys from https://meta.sr.ht/~xqrc.keys
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor"
@ -89,14 +81,7 @@ with lib; {
programs.bash.blesh.enable = true;
# programs.bash.shellInit = "cd /home/xqtc/nixos-config/; export GIT_REVISION_CONFIG=$(nix flake metadata --json | jq -r '.locked.rev'); echo $GIT_REVISION_CONFIG; cd;";
environment.systemPackages = with pkgs; [
neovim
vim
git
wget
jq
zola
];
environment.systemPackages = with pkgs; [ neovim vim git wget jq zola ];
programs.mtr.enable = true;
programs.gnupg.agent = {
@ -116,8 +101,8 @@ with lib; {
# Open ports in the firewall.
networking.nftables.enable = true;
networking.firewall.allowedTCPPorts = [22 80 443];
networking.firewall.allowedUDPPorts = [51820];
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
system.stateVersion = "24.05"; # Did you read the comment?
}

124
hosts/x86_64-linux/beleth/docker-compose-crime.nix
View file

@ -1,11 +1,5 @@
# Auto-generated using compose2nix v0.2.0-pre.
{
pkgs,
lib,
config,
inputs,
...
}: {
{ pkgs, lib, config, inputs, ... }: {
# Runtime
virtualisation.podman = {
enable = true;
@ -44,21 +38,11 @@
];
};
systemd.services."podman-crime-gluetun" = {
serviceConfig = {
Restart = lib.mkOverride 500 "\"no\"";
};
after = [
"podman-network-crime_default.service"
];
requires = [
"podman-network-crime_default.service"
];
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
serviceConfig = { Restart = lib.mkOverride 500 ''"no"''; };
after = [ "podman-network-crime_default.service" ];
requires = [ "podman-network-crime_default.service" ];
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
virtualisation.oci-containers.containers."prowlarr" = {
image = "lscr.io/linuxserver/prowlarr:latest";
@ -67,27 +51,15 @@
PUID = "1000";
TZ = "Etc/UTC";
};
volumes = [
"/home/crime/prowlarr/data:/config:rw"
];
dependsOn = [
"crime-gluetun"
];
volumes = [ "/home/crime/prowlarr/data:/config:rw" ];
dependsOn = [ "crime-gluetun" ];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-prowlarr" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
virtualisation.oci-containers.containers."qbittorrent" = {
image = "lscr.io/linuxserver/qbittorrent";
@ -101,24 +73,14 @@
"/home/crime/qbittorrent:/config:rw"
"/home/crime/qbittorrent/downloads:/downloads:rw"
];
dependsOn = [
"crime-gluetun"
];
dependsOn = [ "crime-gluetun" ];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-qbittorrent" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
virtualisation.oci-containers.containers."radarr" = {
image = "lscr.io/linuxserver/radarr:latest";
@ -132,24 +94,14 @@
"/home/crime/radarr/downloadclient-downloads:/downloads:rw"
"/home/crime/radarr/movies:/movies:rw"
];
dependsOn = [
"crime-gluetun"
];
dependsOn = [ "crime-gluetun" ];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-radarr" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
virtualisation.oci-containers.containers."sonarr" = {
image = "lscr.io/linuxserver/sonarr:latest";
@ -163,29 +115,19 @@
"/home/crime/sonarr/downloadclient-downloads:/downloads:rw"
"/home/crime/sonarr/tvseries:/tv:rw"
];
dependsOn = [
"crime-gluetun"
];
dependsOn = [ "crime-gluetun" ];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-sonarr" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
# Networks
systemd.services."podman-network-crime_default" = {
path = [pkgs.podman];
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@ -194,17 +136,15 @@
script = ''
podman network inspect crime_default || podman network create crime_default
'';
partOf = ["podman-compose-crime-root.target"];
wantedBy = ["podman-compose-crime-root.target"];
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-crime-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = ["multi-user.target"];
unitConfig = { Description = "Root target generated by compose2nix."; };
wantedBy = [ "multi-user.target" ];
};
}

47
hosts/x86_64-linux/beleth/external-users.nix
View file

@ -1,15 +1,7 @@
{
config,
pkgs,
lib,
...
}: {
{ config, pkgs, lib, ... }: {
users.users.marie = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0mGd4YS4f3Wy+a4PBXbie42C5Qo4H0uWsN7joaK27h marie@titania"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFckmWImlMVsCbu5M1lsLtzxhBxrQhTQHYrKWJYDOHr5 marie@oberon"
@ -17,10 +9,7 @@
};
users.users.mo = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjRrLI5mBnoIMcjq2WGPCGuKYLwS7uhgI6F0T5ojp6n moe@martini.moe"
];
@ -28,10 +17,7 @@
users.users.ellie = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA4+3PkFptATzrWncxdj63SqZ747cDb8TqmdQFugvW7 ellie@card"
];
@ -39,10 +25,7 @@
users.users.brodo = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZqFlE49ln4iAcVNzUaTXbFW6SA8Wwxl1hiwUkegUfy julian@example.com"
];
@ -50,10 +33,7 @@
users.users.juvi = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoWyG1XphHZJd9qJwv2c4NvRQpNMN7Q7o/NLRNKsn/j danb@ha.si"
];
@ -61,10 +41,7 @@
users.users.arrbyte = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFaGk8I5reIyZSXjKorcr5gbLnaGWP44dcw9rDL6sv/F arrbyten macht frei"
];
@ -72,10 +49,7 @@
users.users.karl = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgVvtKzUxJ38TA0Xg4kUJYJY3a2MWZjbGZDYi/kiMWZ karl@Karl-Laptop"
];
@ -83,10 +57,7 @@
users.users.kenzo = {
isNormalUser = true;
packages = with pkgs; [
git
wget
];
packages = with pkgs; [ git wget ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0QdrpIcknqHvn0os4+ANcwMEkLu7VBOClEL0+nvTZj Kenzo"
];

9
hosts/x86_64-linux/beleth/factorio.nix
View file

@ -1,14 +1,9 @@
{
pkgs,
config,
lib,
...
}: {
{ pkgs, config, lib, ... }: {
services.factorio = {
enable = true;
openFirewall = true;
# extraSettingsFile = /etc/factorio_settings.json;
admins = ["frottingqueen"];
admins = [ "frottingqueen" ];
};
sops.secrets.factorio_server_settings = {

9
hosts/x86_64-linux/beleth/fail2ban.nix
View file

@ -1,14 +1,11 @@
{
config,
lib,
...
}: {
{ config, lib, ... }: {
services.fail2ban = {
enable = true;
maxretry = 13;
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
formula =
"ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
# multipliers = "1 2 4 8 16 32 64";
maxtime = "336h";
overalljails = true;

25
hosts/x86_64-linux/beleth/hardware-configuration.nix
View file

@ -1,21 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f38db2c6-40b8-451b-98e4-066e0b3d9f83";
@ -27,7 +19,7 @@
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -37,5 +29,6 @@
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

20
hosts/x86_64-linux/beleth/hydra.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}: {
{ config, lib, ... }: {
services.hydra = {
enable = true;
hydraURL = "https://hydra.heroin.trade";
@ -11,12 +7,10 @@
notificationSender = "hydra@localhost";
};
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 8;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 8;
}];
}

7
hosts/x86_64-linux/beleth/immich.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}: {
{ config, lib, pkgs, ... }: {
services.immich = {
enable = true;
host = "127.0.0.1";

10
hosts/x86_64-linux/beleth/jellyfin.nix
View file

@ -1,9 +1,5 @@
{
config,
pkgs,
lib,
...
}: let
{ config, pkgs, lib, ... }:
let
proxyConfig = ''
proxy_set_header Host $host;
@ -21,7 +17,7 @@ in {
];
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver =
pkgs.intel-vaapi-driver.override {enableHybridCodec = true;};
pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = true;

9
hosts/x86_64-linux/beleth/lanrarari.nix
View file

@ -1,8 +1 @@
{
config,
pkgs,
lib,
...
}: {
services.lanraragi.enable = false;
}
{ config, pkgs, lib, ... }: { services.lanraragi.enable = false; }

68
hosts/x86_64-linux/beleth/monitoring.nix
View file

@ -1,14 +1,10 @@
{
config,
pkgs,
...
}: {
{ config, pkgs, ... }: {
sops.secrets.nextcloud_user_password = {
path = "/etc/nx_user_pass";
owner = "nextcloud";
group = "nextcloud";
};
networking.firewall.allowedTCPPorts = [80 443 9001];
networking.firewall.allowedTCPPorts = [ 80 443 9001 ];
services.grafana = {
enable = true;
port = 2342;
@ -19,11 +15,13 @@
systemd.services.promtail = {
description = "Promtail service for Loki";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.grafana-loki}/bin/promtail --config.file ${./config-files/promtail.yaml}
${pkgs.grafana-loki}/bin/promtail --config.file ${
./config-files/promtail.yaml
}
'';
};
};
@ -39,12 +37,18 @@
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd" "sysctl" "powersupplyclass" "textfile" "netdev" "filesystem" "ethtool"];
enabledCollectors = [
"systemd"
"sysctl"
"powersupplyclass"
"textfile"
"netdev"
"filesystem"
"ethtool"
];
port = 9002;
};
wireguard = {
enable = true;
};
wireguard = { enable = true; };
nextcloud = {
enable = true;
user = "nextcloud";
@ -56,36 +60,28 @@
scrapeConfigs = [
{
job_name = "beleth";
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}"
"127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}"
"127.0.0.1:${toString config.services.comin.exporter.port}"
];
}
];
static_configs = [{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.node.port
}"
"127.0.0.1:${
toString config.services.prometheus.exporters.nextcloud.port
}"
"127.0.0.1:${
toString config.services.forgejo.settings.server.HTTP_PORT
}"
"127.0.0.1:${toString config.services.comin.exporter.port}"
];
}];
}
{
job_name = "jellyfin";
static_configs = [
{
targets = [
"127.0.0.1:8096"
];
}
];
static_configs = [{ targets = [ "127.0.0.1:8096" ]; }];
}
{
job_name = "caddy";
static_configs = [
{
targets = [
"127.0.0.1:2019"
];
}
];
static_configs = [{ targets = [ "127.0.0.1:2019" ]; }];
}
];
};

30
hosts/x86_64-linux/beleth/networking.nix
View file

@ -1,14 +1,10 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
# imports = [./wireguard.nix];
services.openssh.settings.PasswordAuthentication = false;
services.tailscale.extraSetFlags = ["--advertise-exit-node" "--webclient=true"];
services.tailscale.extraSetFlags =
[ "--advertise-exit-node" "--webclient=true" ];
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
@ -25,20 +21,16 @@
# };
enp0s31f6 = {
ipv4 = {
addresses = [
{
address = "88.99.90.90";
prefixLength = 26;
}
];
addresses = [{
address = "88.99.90.90";
prefixLength = 26;
}];
};
ipv6 = {
addresses = [
{
address = "2a01:4f8:10a:1aab::2";
prefixLength = 64;
}
];
addresses = [{
address = "2a01:4f8:10a:1aab::2";
prefixLength = 64;
}];
};
};
};

33
hosts/x86_64-linux/beleth/nextcloud.nix
View file

@ -1,14 +1,12 @@
{
config,
lib,
pkgs,
...
}: {
{ config, lib, pkgs, ... }: {
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}}/nextcloud-extras.nix"
"${
fetchTarball {
url =
"https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}
}/nextcloud-extras.nix"
];
sops.secrets."nextcloud_password" = {
@ -17,9 +15,7 @@
group = "nextcloud";
};
services.nextcloud = {
webserver = "caddy";
};
services.nextcloud = { webserver = "caddy"; };
services.postgresql = {
enable = true;
@ -53,13 +49,8 @@
phpOptions."opcache.interned_strings_buffer" = "32";
extraApps = {
inherit
(config.services.nextcloud.package.packages.apps)
contacts
calendar
notes
previewgenerator
;
inherit (config.services.nextcloud.package.packages.apps)
contacts calendar notes previewgenerator;
# recognize = pkgs.fetchNextcloudApp {
# sha256 = "sha256-7qp9UbUcMwBNdGixaR0BAigMAtlyCAN39WxqHbsFVGE=";
# url = "https://github.com/nextcloud/recognize/releases/download/v7.0.0/recognize-7.0.0.tar.gz";
@ -106,7 +97,7 @@
# Execute `nextcloud-occ preview:generate-all` before running this timer!
systemd.timers."nextcloud-previewgenerator" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "15m";
OnUnitActiveSec = "15m";

17
hosts/x86_64-linux/beleth/nfs.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
# "2a0f:be01:0:100::/64"
# "2a0f:be01:0:200::/64"
# "2a0f:be01:fe:f00::/56"
@ -18,9 +13,7 @@
networking.firewall.allowedTCPPorts = [
2049
/*
4000 4001 4002 20048
*/
# 4000 4001 4002 20048
];
networking.firewall.extraInputRules = ''
iifname wg0 ip6 saddr { 2a0f:be01:0:100::/64, 2a0f:be01:0:200::/64, 2a0f:be01:fe:f00::/56 } tcp dport { 2049 } accept
@ -29,15 +22,15 @@
fileSystems = {
"/export/shows" = {
device = "/home/xqtc/jellyfin/shows";
options = ["bind"];
options = [ "bind" ];
};
"/export/movies" = {
device = "/home/xqtc/jellyfin/movies";
options = ["bind"];
options = [ "bind" ];
};
"/export/music" = {
device = "/home/xqtc/jellyfin/music";
options = ["bind"];
options = [ "bind" ];
};
"/mnt/frotting" = {
device = "[2a0f:be01:0:200::211]:/";

7
hosts/x86_64-linux/beleth/paperless.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
sops.secrets."paperless_password" = {
path = "/etc/paperless_sc";
owner = "paperless";

1
hosts/x86_64-linux/beleth/renovate.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: { services.renovate = { enable = true; }; }

7
hosts/x86_64-linux/beleth/seafile.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
services.seafile = {
enable = true;

220
hosts/x86_64-linux/beleth/services/gitea-runner.nix
View file

@ -1,47 +1,26 @@
{
config,
lib,
pkgs,
utils,
...
}: let
inherit
(lib)
any
attrValues
concatStringsSep
escapeShellArg
hasInfix
hasSuffix
optionalAttrs
optionals
literalExpression
mapAttrs'
mkEnableOption
mkOption
mkPackageOption
mkIf
nameValuePair
types
;
{ config, lib, pkgs, utils, ... }:
let
inherit (lib)
any attrValues concatStringsSep escapeShellArg hasInfix hasSuffix
optionalAttrs optionals literalExpression mapAttrs' mkEnableOption mkOption
mkPackageOption mkIf nameValuePair types;
inherit
(utils)
escapeSystemdPath
;
inherit (utils) escapeSystemdPath;
cfg = config.services.gitea-actions-runner-custom;
settingsFormat = pkgs.formats.yaml {};
settingsFormat = pkgs.formats.yaml { };
# Check whether any runner instance label requires a container runtime
# Empty label strings result in the upstream defined defaultLabels, which require docker
# https://gitea.com/gitea/act_runner/src/tag/v0.1.5/internal/app/cmd/register.go#L93-L98
hasDockerScheme = instance:
instance.labels == [] || any (label: hasInfix ":docker:" label) instance.labels;
instance.labels == [ ]
|| any (label: hasInfix ":docker:" label) instance.labels;
wantsContainerRuntime = any hasDockerScheme (attrValues cfg.instances);
hasHostScheme = instance: any (label: hasSuffix ":host" label) instance.labels;
hasHostScheme = instance:
any (label: hasSuffix ":host" label) instance.labels;
# provide shorthands for whether container runtimes are enabled
hasDocker = config.virtualisation.docker.enable;
@ -51,15 +30,13 @@
(instance.token == null && instance.tokenFile != null)
|| (instance.token != null && instance.tokenFile == null);
in {
meta.maintainers = with lib.maintainers; [
hexa
];
meta.maintainers = with lib.maintainers; [ hexa ];
options.services.gitea-actions-runner-custom = with types; {
package = mkPackageOption pkgs "gitea-actions-runner-custom" {};
package = mkPackageOption pkgs "gitea-actions-runner-custom" { };
instances = mkOption {
default = {};
default = { };
description = ''
Gitea Actions Runner instances.
'';
@ -127,11 +104,9 @@ in {
See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration
'';
type = types.submodule {
freeformType = settingsFormat.type;
};
type = types.submodule { freeformType = settingsFormat.type; };
default = {};
default = { };
};
hostPackages = mkOption {
@ -168,113 +143,100 @@ in {
};
};
config = mkIf (cfg.instances != {}) {
config = mkIf (cfg.instances != { }) {
assertions = [
{
assertion = any tokenXorTokenFile (attrValues cfg.instances);
message = "Instances of gitea-actions-runner-custom can have `token` or `tokenFile`, not both.";
message =
"Instances of gitea-actions-runner-custom can have `token` or `tokenFile`, not both.";
}
{
assertion = wantsContainerRuntime -> hasDocker || hasPodman;
message = "Label configuration on gitea-actions-runner-custom instance requires either docker or podman.";
message =
"Label configuration on gitea-actions-runner-custom instance requires either docker or podman.";
}
];
systemd.services = let
mkRunnerService = name: instance: let
wantsContainerRuntime = hasDockerScheme instance;
wantsHost = hasHostScheme instance;
wantsDocker = wantsContainerRuntime && config.virtualisation.docker.enable;
wantsPodman = wantsContainerRuntime && config.virtualisation.podman.enable;
configFile = settingsFormat.generate "config.yaml" instance.settings;
in
nameValuePair "gitea-runner-${escapeSystemdPath name}" {
mkRunnerService = name: instance:
let
wantsContainerRuntime = hasDockerScheme instance;
wantsHost = hasHostScheme instance;
wantsDocker = wantsContainerRuntime
&& config.virtualisation.docker.enable;
wantsPodman = wantsContainerRuntime
&& config.virtualisation.podman.enable;
configFile = settingsFormat.generate "config.yaml" instance.settings;
in nameValuePair "gitea-runner-${escapeSystemdPath name}" {
inherit (instance) enable;
description = "Gitea Actions Runner";
wants = ["network-online.target"];
after =
[
"network-online.target"
]
++ optionals wantsDocker [
"docker.service"
]
++ optionals wantsPodman [
"podman.service"
];
wantedBy = [
"multi-user.target"
];
environment =
optionalAttrs (instance.token != null) {
TOKEN = "${instance.token}";
}
// optionalAttrs wantsPodman {
DOCKER_HOST = "unix:///run/podman/podman.sock";
}
// {
HOME = "/var/lib/gitea-runner/${name}";
};
wants = [ "network-online.target" ];
after = [ "network-online.target" ]
++ optionals wantsDocker [ "docker.service" ]
++ optionals wantsPodman [ "podman.service" ];
wantedBy = [ "multi-user.target" ];
environment = optionalAttrs (instance.token != null) {
TOKEN = "${instance.token}";
} // optionalAttrs wantsPodman {
DOCKER_HOST = "unix:///run/podman/podman.sock";
} // {
HOME = "/var/lib/gitea-runner/${name}";
};
path = with pkgs;
[
coreutils
]
++ lib.optionals wantsHost instance.hostPackages;
serviceConfig =
{
DynamicUser = true;
User = "gitea-runner";
StateDirectory = "gitea-runner";
WorkingDirectory = "-/var/lib/gitea-runner/${name}";
[ coreutils ] ++ lib.optionals wantsHost instance.hostPackages;
serviceConfig = {
DynamicUser = true;
User = "gitea-runner";
StateDirectory = "gitea-runner";
WorkingDirectory = "-/var/lib/gitea-runner/${name}";
# gitea-runner might fail when gitea is restarted during upgrade.
Restart = "on-failure";
RestartSec = 2;
# gitea-runner might fail when gitea is restarted during upgrade.
Restart = "on-failure";
RestartSec = 2;
ExecStartPre = [
(pkgs.writeShellScript "gitea-register-runner-${name}" ''
export INSTANCE_DIR="$STATE_DIRECTORY/${name}"
export TOKEN=$(cat /run/secrets/forgejo_runner_token)
mkdir -vp "$INSTANCE_DIR"
cd "$INSTANCE_DIR"
ExecStartPre = [
(pkgs.writeShellScript "gitea-register-runner-${name}" ''
export INSTANCE_DIR="$STATE_DIRECTORY/${name}"
export TOKEN=$(cat /run/secrets/forgejo_runner_token)
mkdir -vp "$INSTANCE_DIR"
cd "$INSTANCE_DIR"
# force reregistration on changed labels
export LABELS_FILE="$INSTANCE_DIR/.labels"
export LABELS_WANTED="$(echo ${escapeShellArg (concatStringsSep "\n" instance.labels)} | sort)"
export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)"
# force reregistration on changed labels
export LABELS_FILE="$INSTANCE_DIR/.labels"
export LABELS_WANTED="$(echo ${
escapeShellArg (concatStringsSep "\n" instance.labels)
} | sort)"
export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)"
if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then
# remove existing registration file, so that changing the labels forces a re-registration
rm -v "$INSTANCE_DIR/.runner" || true
if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then
# remove existing registration file, so that changing the labels forces a re-registration
rm -v "$INSTANCE_DIR/.runner" || true
# perform the registration
${cfg.package}/bin/act_runner register --no-interactive \
--instance ${escapeShellArg instance.url} \
--token "$TOKEN" \
--name ${escapeShellArg instance.name} \
--labels ${escapeShellArg (concatStringsSep "," instance.labels)} \
--config ${configFile}
# perform the registration
${cfg.package}/bin/act_runner register --no-interactive \
--instance ${escapeShellArg instance.url} \
--token "$TOKEN" \
--name ${escapeShellArg instance.name} \
--labels ${
escapeShellArg
(concatStringsSep "," instance.labels)
} \
--config ${configFile}
# and write back the configured labels
echo "$LABELS_WANTED" > "$LABELS_FILE"
fi
# and write back the configured labels
echo "$LABELS_WANTED" > "$LABELS_FILE"
fi
'')
];
ExecStart = "${cfg.package}/bin/act_runner daemon --config ${configFile}";
SupplementaryGroups =
optionals wantsDocker [
"docker"
]
++ optionals wantsPodman [
"podman"
];
}
// optionalAttrs (instance.tokenFile != null) {
EnvironmentFile = instance.tokenFile;
};
'')
];
ExecStart =
"${cfg.package}/bin/act_runner daemon --config ${configFile}";
SupplementaryGroups = optionals wantsDocker [ "docker" ]
++ optionals wantsPodman [ "podman" ];
} // optionalAttrs (instance.tokenFile != null) {
EnvironmentFile = instance.tokenFile;
};
};
in
mapAttrs' mkRunnerService cfg.instances;
in mapAttrs' mkRunnerService cfg.instances;
};
}

10
hosts/x86_64-linux/beleth/transmission.nix
View file

@ -1,9 +1 @@
{
config,
lib,
...
}: {
services.transmission = {
enable = true;
};
}
{ config, lib, ... }: { services.transmission = { enable = true; }; }

10
hosts/x86_64-linux/beleth/uptime.nix
View file

@ -1,9 +1 @@
{
config,
lib,
...
}: {
services.uptime-kuma = {
enable = true;
};
}
{ config, lib, ... }: { services.uptime-kuma = { enable = true; }; }

15
hosts/x86_64-linux/beleth/wireguard.nix
View file

@ -1,19 +1,10 @@
{
config,
lib,
inputs,
...
}: {
networking.firewall = {
allowedUDPPorts = [51820];
};
{ config, lib, inputs, ... }: {
networking.firewall = { allowedUDPPorts = [ 51820 ]; };
networking.wireguard.interfaces = {
wg0 = {
ips = [
/*
"2a0f:be01:fe:fa1::1/64"
*/
# "2a0f:be01:fe:fa1::1/64"
"2a01:4f8:10a:1aab:f000::1/80"
];

6
hosts/x86_64-linux/lab/default.nix
View file

@ -1,8 +1,4 @@
{
pkgs,
lib,
...
}: {
{ pkgs, lib, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix

28
hosts/x86_64-linux/lab/hardware-configuration.nix
View file

@ -1,21 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/5e34fc38-c199-4b85-b756-1c65ed7471fc";
@ -25,7 +18,7 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C3D3-9E29";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/mnt/HDD2" = {
@ -38,7 +31,7 @@
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -53,5 +46,6 @@
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

55
hosts/x86_64-linux/lambda/default.nix
View file

@ -1,26 +1,19 @@
/*
/*
*/
{
config,
lib,
pkgs,
inputs,
...
}: {
{ config, lib, pkgs, inputs, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -32,8 +25,8 @@
nixpkgs.config.allowUnfree = true;
security.pam.services.swaylock = {};
security.pam.services.hyprlock = {};
security.pam.services.swaylock = { };
security.pam.services.hyprlock = { };
programs.dconf.enable = true;
@ -58,7 +51,7 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {General = {Enable = "Source,Sink,Media,Socket";};};
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; };
};
# Use the systemd-boot EFI boot loader.
@ -94,7 +87,7 @@
#services.xserver.displayManager.ly.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
#services.xserver.displayManager.defaultSession = "plasmawayland";
services.xserver.videoDrivers = ["nvidia"];
services.xserver.videoDrivers = [ "nvidia" ];
services.blueman.enable = true;
@ -121,8 +114,8 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = ["wheel"]; # Enable sudo for the user.
packages = with pkgs; [wezterm nushell];
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ wezterm nushell ];
shell = pkgs.zsh;
};
@ -154,7 +147,7 @@
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
};
services.udev.packages = [pkgs.yubikey-personalization];
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
# List services that you want to enable:
@ -177,7 +170,7 @@
# services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [8080 5173];
networking.firewall.allowedTCPPorts = [ 8080 5173 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -205,5 +198,5 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}

22
hosts/x86_64-linux/lambda/hardware-configuration.nix
View file

@ -1,19 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0b6d9cc6-88a7-45b4-b79e-81496f480e7c";
@ -25,7 +20,8 @@
fsType = "vfat";
};
swapDevices = [{device = "/dev/disk/by-uuid/6cf4542a-9611-4a15-83df-12e3ec91b673";}];
swapDevices =
[{ device = "/dev/disk/by-uuid/6cf4542a-9611-4a15-83df-12e3ec91b673"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

30
hosts/x86_64-linux/lilith/default.nix
View file

@ -1,10 +1,4 @@
{
config,
lib,
inputs,
pkgs,
...
}: {
{ config, lib, inputs, pkgs, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -18,8 +12,8 @@
nixpkgs.config.allowUnfree = true;
security.pam.services.swaylock = {};
security.pam.services.hyprlock = {};
security.pam.services.swaylock = { };
security.pam.services.hyprlock = { };
services.fprintd.enable = true;
@ -27,7 +21,8 @@
# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # (If the vfs0090 Driver does not work, use the following driver)
services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # (On my device it only worked with this driver)
services.fprintd.tod.driver =
pkgs.libfprint-2-tod1-goodix; # (On my device it only worked with this driver)
hardware.graphics = {
enable = true;
@ -37,7 +32,7 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {General = {Enable = "Source,Sink,Media,Socket";};};
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; };
};
# Use the systemd-boot EFI boot loader.
@ -138,8 +133,9 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "libvirtd" "adbusers"]; # Enable sudo for the user.
packages = with pkgs; [nushell];
extraGroups =
[ "wheel" "docker" "libvirtd" "adbusers" ]; # Enable sudo for the user.
packages = with pkgs; [ nushell ];
shell = pkgs.zsh;
};
@ -175,7 +171,7 @@
enable = true;
enableSSHSupport = true;
};
services.udev.packages = [pkgs.yubikey-personalization];
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
programs.dconf.enable = true;
@ -214,8 +210,8 @@
# services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 2234 8080 5173];
networking.firewall.allowedUDPPorts = [2234];
networking.firewall.allowedTCPPorts = [ 22 2234 8080 5173 ];
networking.firewall.allowedUDPPorts = [ 2234 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -242,5 +238,5 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}

21
hosts/x86_64-linux/lilith/hardware-configuration.nix
View file

@ -1,19 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a73b1d2a-cdeb-40e7-9200-b6243aad03e0";
@ -25,7 +20,7 @@
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
hosts/x86_64-linux/seraphim/caddy.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}: {
{ config, lib, pkgs, ... }: {
services.tailscale.permitCertUid = "caddy";
services.caddy = {
enable = true;

22
hosts/x86_64-linux/seraphim/default.nix
View file

@ -1,10 +1,4 @@
{
config,
inputs,
lib,
pkgs,
...
}: {
{ config, inputs, lib, pkgs, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -19,12 +13,13 @@
./caddy.nix
];
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.tailscale.extraSetFlags = ["--advertise-exit-node" "--webclient=true"];
services.tailscale.extraSetFlags =
[ "--advertise-exit-node" "--webclient=true" ];
networking.hostName = "seraphim"; # Define your hostname.
# Pick only one of the below networking options.
@ -32,7 +27,7 @@
#networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver =
pkgs.intel-vaapi-driver.override {enableHybridCodec = true;};
pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = false;
@ -82,8 +77,8 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = ["wheel" "docker"]; # Enable sudo for the user.
packages = with pkgs; [tree];
extraGroups = [ "wheel" "docker" ]; # Enable sudo for the user.
packages = with pkgs; [ tree ];
# shell = pkgs.nushell;
};
@ -158,7 +153,8 @@
services.openssh.settings.PasswordAuthentication = false;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 8085 7878 7878 8989 9696 5030 5031 50300];
networking.firewall.allowedTCPPorts =
[ 22 8085 7878 7878 8989 9696 5030 5031 50300 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

18
hosts/x86_64-linux/seraphim/hardware-configuration.nix
View file

@ -1,14 +1,8 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
@ -20,9 +14,9 @@
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel" "wl"];
boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/7317806c-aa54-460c-b094-18104496d245";
@ -34,7 +28,7 @@
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
hosts/x86_64-linux/seraphim/jellyfin.nix
View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}: {
{ config, pkgs, lib, ... }: {
services.jellyfin.enable = false;
services.jellyfin.user = "xqtc";
services.nginx.virtualHosts."jellyfin.fritz.box" = {

26
hosts/x86_64-linux/seraphim/monitoring.nix
View file

@ -1,9 +1,5 @@
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [80 443 9001];
{ config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 9001 ];
services.grafana = {
enable = true;
settings.server = {
@ -19,19 +15,17 @@
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd" "sysctl" "powersupplyclass"];
enabledCollectors = [ "systemd" "sysctl" "powersupplyclass" ];
port = 9002;
};
};
scrapeConfigs = [
{
job_name = "seraphim";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
}
scrapeConfigs = [{
job_name = "seraphim";
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
];
}
];
}];
}];
};
}

14
hosts/x86_64-linux/seraphim/sync.nix
View file

@ -1,21 +1,13 @@
{
lib,
inputs,
pkgs,
config,
...
}: {
{ lib, inputs, pkgs, config, ... }: {
systemd.timers."sync-media" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persisten = true;
};
};
systemd.services."sync-media" = {
path = [
pkgs.openssh
];
path = [ pkgs.openssh ];
script = ''
${pkgs.coreutils}/bin/echo "Syncing shows"
${pkgs.rsync}/bin/rsync -a --ignore-existing --info=progress1 /home/crime/sonarr/tvseries/ xqtc@88.99.90.90:~/jellyfin/shows/

54
hosts/x86_64-linux/yosai/default.nix
View file

@ -1,13 +1,7 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
inputs,
pkgs,
...
}: {
{ config, lib, inputs, pkgs, ... }: {
imports = [
./hardware-configuration.nix
../../../common
@ -25,12 +19,10 @@
services.btrfs.autoScrub.enable = true;
services.btrfs.autoScrub.interval = "weekly";
swapDevices = [
{
device = "/var/lib/swapfile";
size = 8 * 1024;
}
];
swapDevices = [{
device = "/var/lib/swapfile";
size = 8 * 1024;
}];
boot.kernelPackages = pkgs.linuxPackages_zen;
@ -44,39 +36,36 @@
};
};
services.blueman.enable = true;
security.pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "4096";
}
];
security.pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "4096";
}];
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
programs.dconf.enable = true;
security.pam.services.swaylock = {};
security.pam.services.hyprlock = {};
security.pam.services.swaylock = { };
security.pam.services.hyprlock = { };
services.udev.packages = [pkgs.yubikey-personalization];
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
networking.hostName = "yosai"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -126,14 +115,9 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = ["wheel"]; # Enable sudo for the user.
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.nushell;
packages = with pkgs; [
git
foot
tree
xdg-utils
];
packages = with pkgs; [ git foot tree xdg-utils ];
};
# List packages installed in system profile. To search, run:

45
hosts/x86_64-linux/yosai/hardware-configuration.nix
View file

@ -1,35 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = ["ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e8fedd91-253b-4112-a8fd-5c874ea81116";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e8fedd91-253b-4112-a8fd-5c874ea81116";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/29CC-9B85";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/29CC-9B85";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -40,5 +32,6 @@
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
modules/home-manager.nix
View file

@ -1,14 +1,7 @@
{
lib,
inputs,
config,
...
}: let
dwl-source = inputs.dwl-source;
{ lib, inputs, config, ... }:
let dwl-source = inputs.dwl-source;
in {
imports = [
inputs.home-manager.nixosModules.home-manager
];
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
@ -18,10 +11,10 @@ in {
inherit inputs;
inherit dwl-source;
};
nixpkgs.overlays = [inputs.hyprpanel.overlay];
home-manager.users.xqtc = {...}: {
nixpkgs.overlays = [ inputs.hyprpanel.overlay ];
home-manager.users.xqtc = { ... }: {
imports = [
{config.host = config.networking.hostName;}
{ config.host = config.networking.hostName; }
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops