xqtc/nixos-config-mirror
1
0
Fork 0
mirror of https://git.gay/xqtc/nixos-config synced 2025-07-09 12:06:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
xqtc 2025-06-01 14:07:33 +02:00
parent 6d5e70da08
commit ecdc71c262
Signed by: xqtc
GPG key ID: 2C064D095926D9D1
98 changed files with 2437 additions and 1345 deletions
Download patch file Download diff file Expand all files Collapse all files

21
common/comin.nix
View file

@ -1,12 +1,21 @@
{ inputs, pkgs, lib, config, ... }: {
{
inputs,
pkgs,
lib,
config,
...
}:
{
imports = [ inputs.comin.nixosModules.comin ];
services.comin = {
enable = true;
remotes = [{
name = "origin";
url = "https://git.gay/xqtc/nixos-config.git";
branches.main.name = "main";
}];
remotes = [
{
name = "origin";
url = "https://git.gay/xqtc/nixos-config.git";
branches.main.name = "main";
}
];
};
}

34
common/default.nix
View file

@ -1,16 +1,32 @@
{ config, lib, inputs, pkgs, ... }: {
imports = [ ./syncthing.nix ./sops.nix ];
{
config,
lib,
inputs,
pkgs,
...
}:
{
imports = [
./syncthing.nix
./sops.nix
];
#nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0" "electron-24.8.6"];
services.udev.packages = [ pkgs.yubikey-personalization ];
networking.hosts = {
"192.168.178.35" = [ "jellyfin.fritz.box" "grafana.fritz.box" ];
"192.168.178.35" = [
"jellyfin.fritz.box"
"grafana.fritz.box"
];
};
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
users.users.xqtc.extraGroups = [ "dialout" "networkmanager" ];
users.users.xqtc.extraGroups = [
"dialout"
"networkmanager"
];
users.users.xqtc.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@heroin.trade"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM7DHEfQB5RV4jYX6phufk7nzOI0+p6mn4AWjNdefvAfAAAABHNzaDo= xqtc@yubicat"
@ -29,8 +45,14 @@
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/xqtc/nixos-config";
};
networking.firewall.allowedTCPPorts = [ 8384 22000 ];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
networking.firewall.allowedTCPPorts = [
8384
22000
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
nix.package = pkgs.lix;

8
common/sops.nix
View file

@ -1,4 +1,10 @@
{ inputs, config, lib, ... }: {
{
inputs,
config,
lib,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {

14
common/syncthing.nix
View file

@ -1,4 +1,10 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
services.syncthing = {
enable = false;
user = "xqtc";
@ -6,6 +12,10 @@
overrideDevices = false;
overrideFolders = false;
configDir = "${config.services.syncthing.dataDir}/.config/syncthing";
settings = { gui = { user = "xqtc"; }; };
settings = {
gui = {
user = "xqtc";
};
};
};
}

21
flake-mods/allowUnfree.nix
View file

@ -1,11 +1,14 @@
{ inputs, ... }: {
perSystem = { system, ... }: {
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
# The allowUnfreePredicate is due to home-manager#2942 (I haven't actually checked that it is necessary)
# https://github.com/nix-community/home-manager/issues/2942
config.allowUnfreePredicate = _: true;
{ inputs, ... }:
{
perSystem =
{ system, ... }:
{
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
# The allowUnfreePredicate is due to home-manager#2942 (I haven't actually checked that it is necessary)
# https://github.com/nix-community/home-manager/issues/2942
config.allowUnfreePredicate = _: true;
};
};
};
}

3
flake-mods/hm-flake-part.nix
View file

@ -2,7 +2,8 @@
let
inherit (lib) mkOption types;
inherit (flake-parts-lib) mkTransposedPerSystemModule;
in mkTransposedPerSystemModule {
in
mkTransposedPerSystemModule {
name = "homeConfigurations";
option = mkOption {
type = types.raw;

55
flake-mods/hm.nix
View file

@ -1,33 +1,42 @@
{ inputs, lib, ... }: {
{ inputs, lib, ... }:
{
imports = [ ./hm-flake-part.nix ];
perSystem = { config, self, inputs, pkgs, system, ... }:
perSystem =
{
config,
self,
inputs,
pkgs,
system,
...
}:
let
# split system (e.g. x86_64-linux) into os and arch
splitSystem = lib.splitString "-" system;
os = builtins.elemAt splitSystem 0;
arch = builtins.elemAt splitSystem 1;
in {
legacyPackages.homeConfigurations.xqtc =
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
inherit system;
# overlays = [
# inputs.hyprpanel.overlay
# ];
};
nixpkgs.overlays = [ inputs.hyprpanel.overlay ];
modules = [
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops
inputs.hyprpanel.homeManagerModules.hyprpanel
{ inherit os arch; }
];
extraSpecialArgs = {
inherit inputs;
inherit system;
};
in
{
legacyPackages.homeConfigurations.xqtc = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
inherit system;
# overlays = [
# inputs.hyprpanel.overlay
# ];
};
nixpkgs.overlays = [ inputs.hyprpanel.overlay ];
modules = [
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops
inputs.hyprpanel.homeManagerModules.hyprpanel
{ inherit os arch; }
];
extraSpecialArgs = {
inherit inputs;
inherit system;
};
};
# # this sounds stupid, but it's the only way to make home-manager consume a
# # flake output with the system in it, which *should* be the case because it

17
flake-mods/nixosHosts.nix
View file

@ -1,10 +1,13 @@
{ inputs, lib, ... }: {
{ inputs, lib, ... }:
{
flake.nixosConfigurations =
lib.genAttrs [ "asmodeus" "seraphim" "lilith" "lambda" "beleth" "yosai" ]
(name:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ../hosts/x86_64-linux/${name} ];
specialArgs = { inherit inputs; };
});
(
name:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ../hosts/x86_64-linux/${name} ];
specialArgs = { inherit inputs; };
}
);
}

25
home/default.nix
View file

@ -1,8 +1,18 @@
{ config, pkgs, lib, inputs, ... }: {
imports = [ ./modules ./system.nix ./host.nix ];
{
config,
pkgs,
lib,
inputs,
...
}:
{
imports = [
./modules
./system.nix
./host.nix
];
home.username = "xqtc";
home.homeDirectory =
if config.os == "linux" then "/home/xqtc" else "/Users/xqtc";
home.homeDirectory = if config.os == "linux" then "/home/xqtc" else "/Users/xqtc";
programs.wezterm = {
enable = true;
@ -20,12 +30,13 @@
};
};
programs.joshuto = { enable = true; };
programs.joshuto = {
enable = true;
};
dconf.enable = config.os == "linux";
services.easyeffects =
lib.mkIf (pkgs.system == "x86_64-linux") { enable = true; };
services.easyeffects = lib.mkIf (pkgs.system == "x86_64-linux") { enable = true; };
home.stateVersion = "23.11";

3
home/host.nix
View file

@ -1,4 +1,5 @@
{ lib, ... }: {
{ lib, ... }:
{
options.host = lib.mkOption {
type = lib.types.str;
default = "generic";

9
home/modules/default.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, lib, inputs, ... }: {
{
config,
pkgs,
lib,
inputs,
...
}:
{
imports = [
# ./nixvim.nix
./helix.nix

12
home/modules/dwl.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}:
{
imports = [ ../programs/dwl.nix ];
programs.dwl = {
@ -7,6 +13,8 @@
../config-files/dwl/patches/attachbottom.patch
../config-files/dwl/patches/ipc.patch
];
cmd = { terminal = "${pkgs.wezterm}/bin/wezterm"; };
cmd = {
terminal = "${pkgs.wezterm}/bin/wezterm";
};
};
}

340
home/modules/firefox.nix
View file

@ -1,12 +1,23 @@
{ inputs, outputs, config, pkgs, lib, ... }:
with inputs; {
{
inputs,
outputs,
config,
pkgs,
lib,
...
}:
with inputs;
{
home.sessionVariables.DEFAULT_BROWSER =
if (config.os == "linux") then "${pkgs.firefox}/bin/firefox" else "firefox";
programs.firefox = lib.mkIf (config.os == "linux") {
enable = true;
package =
pkgs.firefox.override { cfg = { enableGnomeExtensions = true; }; };
package = pkgs.firefox.override {
cfg = {
enableGnomeExtensions = true;
};
};
profiles.xqtc = {
isDefault = true;
extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
@ -28,229 +39,253 @@ with inputs; {
vimium-c
noscript
];
bookmarks = [{
toolbar = true;
bookmarks = [
{
name = "heroin.trade";
bookmarks = [
{
name = "Forgejo";
url = "https://git.heroin.trade";
}
{
name = "Grafana";
url = "https://grafana.heroin.trade";
}
{
name = "Jellyfin";
url = "https://jellyfin.heroin.trade";
}
{
name = "Uptime";
url = "https://uptime.heroin.trade";
}
{
name = "Lanraragi";
url = "https://calibre.heroin.trade";
}
{
name = "Paperless";
url = "https://paperless.heroin.trade";
}
{
name = "Nextcloud";
url = "https://cloud.heroin.trade";
}
];
}
{
name = "piracy";
bookmarks = [
{
name = "slskd";
url = "http://seraphim.fritz.box:5030";
}
{
name = "Sonarr";
url = "http://seraphim.fritz.box:8989";
}
{
name = "Radarr";
url = "http://seraphim.fritz.box:7878";
}
{
name = "Prowlarr";
url = "http://seraphim.fritz.box:9696";
}
{
name = "qBittorrent";
url = "http://seraphim.fritz.box:8085";
}
];
}
];
}];
bookmarks = [
{
toolbar = true;
bookmarks = [
{
name = "heroin.trade";
bookmarks = [
{
name = "Forgejo";
url = "https://git.heroin.trade";
}
{
name = "Grafana";
url = "https://grafana.heroin.trade";
}
{
name = "Jellyfin";
url = "https://jellyfin.heroin.trade";
}
{
name = "Uptime";
url = "https://uptime.heroin.trade";
}
{
name = "Lanraragi";
url = "https://calibre.heroin.trade";
}
{
name = "Paperless";
url = "https://paperless.heroin.trade";
}
{
name = "Nextcloud";
url = "https://cloud.heroin.trade";
}
];
}
{
name = "piracy";
bookmarks = [
{
name = "slskd";
url = "http://seraphim.fritz.box:5030";
}
{
name = "Sonarr";
url = "http://seraphim.fritz.box:8989";
}
{
name = "Radarr";
url = "http://seraphim.fritz.box:7878";
}
{
name = "Prowlarr";
url = "http://seraphim.fritz.box:9696";
}
{
name = "qBittorrent";
url = "http://seraphim.fritz.box:8085";
}
];
}
];
}
];
search = {
default = "DuckDuckGo";
force = true;
engines = {
"SearX" = {
urls = [{
template = "https://searx.org/search";
params = [{
name = "q";
value = "{searchTerms}";
}];
}];
urls = [
{
template = "https://searx.org/search";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
iconUpdateURL = "https://searx.org/favicon.ico";
definedAliases = [ "@sx" ];
};
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}];
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon =
"${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"Nix Options" = {
urls = [{
# template = "https://search.nixos.org/options";
template = "https://searchix.alanpearce.eu/all/search";
params = [
# {
# name = "type";
# value = "options";
# }
{
name = "query";
value = "{searchTerms}";
}
];
}];
urls = [
{
# template = "https://search.nixos.org/options";
template = "https://searchix.alanpearce.eu/all/search";
params = [
# {
# name = "type";
# value = "options";
# }
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon =
"${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ];
};
"Nix Dev" = {
urls = [{
template = "https://nix.dev/search.html";
params = [{
name = "q";
value = "{searchTerms}";
}];
}];
icon =
"${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
urls = [
{
template = "https://nix.dev/search.html";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@nd" ];
};
"NixOS Wiki" = {
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}];
urls = [
{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}
];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ];
};
"nixpkgs PR Tracker" = {
urls = [{
template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}";
}];
urls = [
{
template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}";
}
];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@npr" ];
};
"Reddit" = {
urls = [{ template = "https://reddit.com/r/{searchTerms}"; }];
urls = [ { template = "https://reddit.com/r/{searchTerms}"; } ];
iconUpdateURL = "https://reddit.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@r" ];
};
"Github Repos" = {
urls = [{
template =
"https://github.com/search?q={searchTerms}&type=repositories";
}];
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=repositories";
}
];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@ghr" ];
};
"Github Code" = {
urls = [{
template = "https://github.com/search?q={searchTerms}&type=code";
}];
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=code";
}
];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@ghc" ];
};
"Github PRs" = {
urls = [{
template =
"https://github.com/search?q={searchTerms}&type=pullrequests";
}];
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=pullrequests";
}
];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@ghpr" ];
};
"Github Users" = {
urls = [{
template = "https://github.com/search?q={searchTerms}&type=users";
}];
urls = [
{
template = "https://github.com/search?q={searchTerms}&type=users";
}
];
iconUpdateURL = "https://github.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@ghu" ];
};
"Hackage" = {
urls = [{
template =
"https://hackage.haskell.org/packages/browse?terms={searchTerms}";
}];
urls = [
{
template = "https://hackage.haskell.org/packages/browse?terms={searchTerms}";
}
];
iconUpdateURL = "https://hackage.haskell.org/static/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@hak" ];
};
"crates.io" = {
urls = [{ template = "https://crates.io/search?q={searchTerms}"; }];
urls = [ { template = "https://crates.io/search?q={searchTerms}"; } ];
iconUpdateURL = "https://crates.io/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@cio" ];
};
"OSDev Wiki" = {
urls = [{
template =
"https://wiki.osdev.org/index.php?search={searchTerms}";
}];
urls = [
{
template = "https://wiki.osdev.org/index.php?search={searchTerms}";
}
];
iconUpdateURL = "https://wiki.osdev.org/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@osdev" ];
};
"YouTube" = {
urls = [{
template =
"https://youtube.com/results?search_query={searchTerms}";
}];
urls = [
{
template = "https://youtube.com/results?search_query={searchTerms}";
}
];
iconUpdateURL = "https://youtube.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@yt" ];
@ -273,16 +308,13 @@ with inputs; {
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"media.eme.enabled" = true;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" =
false;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" =
false;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" = false;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.toolbars.bookmarks.visibility" = "always";
"general.useragent.locale" = "de-DE";
"distribution.searchplugins.defaultLocale" = "de-DE";
"signon.rememberSignons" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" =
true; # Needed to allow userChrome.css
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Needed to allow userChrome.css
};
# userChrome = ''
# #TabsToolbar {

11
home/modules/foot.nix
View file

@ -1,4 +1,5 @@
{ config, lib, ... }: {
{ config, lib, ... }:
{
programs.foot = {
enable = config.os == "linux";
settings = {
@ -7,9 +8,13 @@
dpi-aware = "yes";
};
cursor = { blink = "yes"; };
cursor = {
blink = "yes";
};
mouse = { hide-when-typing = "yes"; };
mouse = {
hide-when-typing = "yes";
};
colors = {
alpha = 0.8;

11
home/modules/ghostty.nix
View file

@ -1,5 +1,10 @@
{ inputs, pkgs, lib, ... }: {
{
inputs,
pkgs,
lib,
...
}:
{
xdg.configFile."ghostty/config".source = ../config-files/ghostty-config;
xdg.configFile."ghostty/shader.glsl".source =
../config-files/ghostty-shader.glsl;
xdg.configFile."ghostty/shader.glsl".source = ../config-files/ghostty-shader.glsl;
}

14
home/modules/git.nix
View file

@ -1,4 +1,10 @@
{ inputs, config, pkgs, ... }: {
{
inputs,
config,
pkgs,
...
}:
{
programs.git = {
enable = true;
userName = "xqtc";
@ -7,7 +13,11 @@
key = "655F2C328563DC87FB2077CC2C064D095926D9D1";
signByDefault = true;
};
extraConfig = { init = { defaultBranch = "main"; }; };
extraConfig = {
init = {
defaultBranch = "main";
};
};
diff-so-fancy.enable = true;
};
}

36
home/modules/gtk.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, inputs, lib, ... }: {
{
config,
pkgs,
inputs,
lib,
...
}:
{
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
@ -47,18 +54,21 @@
'';
};
};
home.packages = lib.optionals (config.os == "linux") (with pkgs; [
gnomeExtensions.user-themes
gnomeExtensions.blur-my-shell
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.vitals
# gnomeExtensions.dash-to-panel
gnomeExtensions.sound-output-device-chooser
gnomeExtensions.space-bar
gnomeExtensions.burn-my-windows
gnomeExtensions.desktop-cube
# catppuccin-cursors.mochaPink
]);
home.packages = lib.optionals (config.os == "linux") (
with pkgs;
[
gnomeExtensions.user-themes
gnomeExtensions.blur-my-shell
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.vitals
# gnomeExtensions.dash-to-panel
gnomeExtensions.sound-output-device-chooser
gnomeExtensions.space-bar
gnomeExtensions.burn-my-windows
gnomeExtensions.desktop-cube
# catppuccin-cursors.mochaPink
]
);
# home.pointerCursor = {
# gtk.enable = true;
# x11.enable = true;

147
home/modules/home-pkgs.nix
View file

@ -1,66 +1,81 @@
{ config, inputs, pkgs, lib, ... }:
{
config,
inputs,
pkgs,
lib,
...
}:
let
flameshot = pkgs.flameshot.overrideDerivation
(old: { NIX_CFLAGS_COMPILE = "-DUSE_WAYLAND_GRIM"; });
maxfetch = pkgs.writeScriptBin "maxfetch"
(builtins.readFile ../config-files/maxfetch.sh);
zellij-ls = pkgs.writeScriptBin "zls"
(builtins.readFile ../config-files/zellij-session-select.bash);
startdwl = pkgs.writeScriptBin "startdwl"
(builtins.readFile ../config-files/startdwl.sh);
in {
home.packages = (lib.optionals (config.os == "linux") (with pkgs; [
cargo
remmina
# heroic # BUILD FAILURE
mpv
via
telegram-desktop
#jetbrains.rust-rover
tor-browser
tutanota-desktop
# bottles # DEPENDENCY BUILD FAILURE
#flameshot
grim
waypaper
satty
networkmanagerapplet
nextcloud-client
trayscale
swaylock-effects
wdisplays
brightnessctl
pavucontrol
swayfx
niri
xwayland-satellite
sway-contrib.grimshot
libnotify
swww
strace
ltrace
imhex
qmk-udev-rules
signal-desktop
kdePackages.kleopatra
# ida-free
spotify
youtube-music
cosmic-icons
# seafile-client
steam
protonup-qt
yubioath-flutter
vault-bin
])) ++ (lib.optionals (config.os == "linux" && config.host != "yosai")
(with pkgs; [
jellyfin-media-player
ghidra
hyprland-qtutils
element-desktop
tuba
droidcam
])) ++ (with pkgs; [
flameshot = pkgs.flameshot.overrideDerivation (old: {
NIX_CFLAGS_COMPILE = "-DUSE_WAYLAND_GRIM";
});
maxfetch = pkgs.writeScriptBin "maxfetch" (builtins.readFile ../config-files/maxfetch.sh);
zellij-ls = pkgs.writeScriptBin "zls" (
builtins.readFile ../config-files/zellij-session-select.bash
);
startdwl = pkgs.writeScriptBin "startdwl" (builtins.readFile ../config-files/startdwl.sh);
in
{
home.packages =
(lib.optionals (config.os == "linux") (
with pkgs;
[
cargo
remmina
# heroic # BUILD FAILURE
mpv
via
telegram-desktop
#jetbrains.rust-rover
tor-browser
tutanota-desktop
# bottles # DEPENDENCY BUILD FAILURE
#flameshot
grim
waypaper
satty
networkmanagerapplet
nextcloud-client
trayscale
swaylock-effects
wdisplays
brightnessctl
pavucontrol
swayfx
niri
xwayland-satellite
sway-contrib.grimshot
libnotify
swww
strace
ltrace
imhex
qmk-udev-rules
signal-desktop
kdePackages.kleopatra
# ida-free
spotify
youtube-music
cosmic-icons
# seafile-client
steam
protonup-qt
yubioath-flutter
vault-bin
]
))
++ (lib.optionals (config.os == "linux" && config.host != "yosai") (
with pkgs;
[
jellyfin-media-player
ghidra
hyprland-qtutils
element-desktop
tuba
droidcam
]
))
++ (with pkgs; [
inputs.ghostty.packages.x86_64-linux.default
inputs.meowlog.packages.x86_64-linux.default
inputs.swaystatus.packages.x86_64-linux.default
@ -126,7 +141,13 @@ in {
# marked as broken
rizin
(cutter.withPlugins (ps: with ps; [ jsdec rz-ghidra sigdb ]))
(cutter.withPlugins (
ps: with ps; [
jsdec
rz-ghidra
sigdb
]
))
nerd-fonts.hasklug
ipafont

200
home/modules/nixvim.nix
View file

@ -1,4 +1,12 @@
{ pkgs, lib, config, inputs, outputs, ... }: {
{
pkgs,
lib,
config,
inputs,
outputs,
...
}:
{
programs.nixvim = {
enable = true;
globals.mapleader = " ";
@ -33,11 +41,13 @@
vimwiki = {
enable = true;
settings = {
list = [{
ext = ".md";
path = "~/Nextcloud/Notes/";
syntax = "markdown";
}];
list = [
{
ext = ".md";
path = "~/Nextcloud/Notes/";
syntax = "markdown";
}
];
};
};
# image = {
@ -61,39 +71,61 @@
enable = true;
settings = {
load = {
"core.defaults" = { __empty = null; };
"core.dirman" = {
config = { workspaces = { home = "~/notes/"; }; };
"core.defaults" = {
__empty = null;
};
"core.dirman" = {
config = {
workspaces = {
home = "~/notes/";
};
};
};
"core.dirman.utils" = {
__empty = null;
};
"core.dirman.utils" = { __empty = null; };
"core.completion" = {
config = {
engine = "nvim-cmp";
name = "neorg";
};
};
"core.concealer" = { __empty = null; };
"core.export" = { __empty = null; };
"core.export.markdown" = { __empty = null; };
"core.concealer" = {
__empty = null;
};
"core.export" = {
__empty = null;
};
"core.export.markdown" = {
__empty = null;
};
};
};
};
gitblame.enable = true;
lspkind.enable = true;
persistence = { enable = true; };
persistence = {
enable = true;
};
navic = {
enable = true;
settings = {
highlight = true;
lsp = { auto_attach = true; };
lsp = {
auto_attach = true;
};
};
};
trouble = { enable = true; };
trouble = {
enable = true;
};
wakatime.enable = true;
#headlines.enable = true;
twilight.enable = true;
comment = { enable = true; };
comment = {
enable = true;
};
indent-blankline.enable = true;
lualine = {
enable = true;
@ -110,48 +142,56 @@
};
};
sections = {
lualine_y = [{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
lualine_y = [
{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
return true
end
'';
};
dense = false;
dense_sep = ".";
depth = { __raw = "nil"; };
sep = " ";
}];
return true
end
'';
};
dense = false;
dense_sep = ".";
depth = {
__raw = "nil";
};
sep = " ";
}
];
};
winbar = {
lualine_c = [{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
lualine_c = [
{
__unkeyed-1 = "aerial";
colored = true;
cond = {
__raw = ''
function()
local buf_size_limit = 1024 * 1024
if vim.api.nvim_buf_get_offset(0, vim.api.nvim_buf_line_count(0)) > buf_size_limit then
return false
end
return true
end
'';
};
dense = false;
dense_sep = ".";
depth = { __raw = "nil"; };
sep = " ";
}];
return true
end
'';
};
dense = false;
dense_sep = ".";
depth = {
__raw = "nil";
};
sep = " ";
}
];
# lualine_x = [
# {
# __unkeyed-1 = "filename";
@ -163,7 +203,9 @@
};
};
};
lsp-format = { enable = true; };
lsp-format = {
enable = true;
};
# copilot-lua = {
# enable = true;
# suggestion = {
@ -196,7 +238,9 @@
# host = "127.0.0.1";
# };
server.settings = {
inlayHints = { closureStyle = "rust_analyzer"; };
inlayHints = {
closureStyle = "rust_analyzer";
};
typing.autoClosingAngleBrackets.enable = true;
};
};
@ -224,7 +268,13 @@
nushell.enable = true;
clangd = {
enable = true;
filetypes = [ "c" "cpp" "objc" "objcpp" "cpp" ];
filetypes = [
"c"
"cpp"
"objc"
"objcpp"
"cpp"
];
};
svelte.enable = true;
ts_ls.enable = true;
@ -237,7 +287,9 @@
installCargo = false;
installRustc = false;
settings = {
inlayHints = { closureStyle = "rust_analyzer"; };
inlayHints = {
closureStyle = "rust_analyzer";
};
typing.autoClosingAngleBrackets.enable = true;
};
};
@ -277,8 +329,7 @@
settings = {
snippet = {
expand =
"function(args) require('luasnip').lsp_expand(args.body) end";
expand = "function(args) require('luasnip').lsp_expand(args.body) end";
};
sources = [
{ name = "nvim_lsp"; }
@ -320,7 +371,9 @@
};
telescope.enable = true;
web-devicons.enable = true; # required by telescope
telescope.extensions = { file-browser.enable = true; };
telescope.extensions = {
file-browser.enable = true;
};
which-key.enable = true;
cmp-nvim-lsp.enable = true;
cmp-nvim-lua.enable = true;
@ -471,12 +524,18 @@
}
{
type = "group";
val = [{
type = "text";
val = " To browse files press '<leader>ff'";
opts = { position = "center"; };
}];
opts = { position = "center"; };
val = [
{
type = "text";
val = " To browse files press '<leader>ff'";
opts = {
position = "center";
};
}
];
opts = {
position = "center";
};
}
{
type = "padding";
@ -603,7 +662,10 @@
action = ''"+P'';
}
{
mode = [ "n" "v" ];
mode = [
"n"
"v"
];
key = "<leader>y";
action = ''"+y'';
}

9
home/modules/qt.nix
View file

@ -1,4 +1,11 @@
{ config, lib, inputs, pkgs, ... }: {
{
config,
lib,
inputs,
pkgs,
...
}:
{
qt.style.package = pkgs.catppuccin-kde.override {
accents = [ "pink" ];
size = "compact";

169
home/modules/rofi.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, inputs, lib, ... }: {
{
config,
pkgs,
inputs,
lib,
...
}:
{
programs.rbw = {
enable = config.os == "linux";
settings = {
@ -10,7 +17,10 @@
programs.rofi = {
enable = config.os == "linux";
package = pkgs.rofi-wayland;
plugins = [ pkgs.rofi-rbw-wayland pkgs.rofi-power-menu ];
plugins = [
pkgs.rofi-rbw-wayland
pkgs.rofi-power-menu
];
extraConfig = {
terminal = "foot";
disable-history = false;
@ -19,93 +29,102 @@
sort = true;
drun-display-format = "{icon} {name}";
display-drun = " Run ";
modi = lib.strings.concatStringsSep "," [ "run" "drun" "filebrowser" ];
modi = lib.strings.concatStringsSep "," [
"run"
"drun"
"filebrowser"
];
font = "Hasklug Nerd Font Mono 13";
};
theme = let mkLiteral = config.lib.formats.rasi.mkLiteral;
in {
"*" = {
# bg = mkLiteral "#303446FF";
# fg = mkLiteral "#D9E0EEFF";
# ac = mkLiteral "#8CAAEEFF";
accent = mkLiteral "#E6B450";
bg = mkLiteral "#0e1419";
bg-semilight = mkLiteral "#0D1017";
bg-light = mkLiteral "#131721";
fg = mkLiteral "#e5e1cf";
red = mkLiteral "#ff6565";
blue = mkLiteral "#36a3d9";
green = mkLiteral "#b8cc52";
# bg-hover= @accent";
# fg-hover= mkLiteral "#15191f";
# fg-unhover= @accent;
# header-image: url("assets/dark/header.svg", height);
};
theme =
let
mkLiteral = config.lib.formats.rasi.mkLiteral;
in
{
"*" = {
# bg = mkLiteral "#303446FF";
# fg = mkLiteral "#D9E0EEFF";
# ac = mkLiteral "#8CAAEEFF";
accent = mkLiteral "#E6B450";
bg = mkLiteral "#0e1419";
bg-semilight = mkLiteral "#0D1017";
bg-light = mkLiteral "#131721";
fg = mkLiteral "#e5e1cf";
red = mkLiteral "#ff6565";
blue = mkLiteral "#36a3d9";
green = mkLiteral "#b8cc52";
# bg-hover= @accent";
# fg-hover= mkLiteral "#15191f";
# fg-unhover= @accent;
# header-image: url("assets/dark/header.svg", height);
};
"#window" = {
location = mkLiteral "center";
width = mkLiteral "50%";
};
"#window" = {
location = mkLiteral "center";
width = mkLiteral "50%";
};
"#prompt" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
};
"#prompt" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
};
"#textbox-prompt-colon" = { text-color = mkLiteral "@fg"; };
"#textbox-prompt-colon" = {
text-color = mkLiteral "@fg";
};
"#entry" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
blink = mkLiteral "true";
};
"#entry" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
blink = mkLiteral "true";
};
"#inputbar" = {
children = mkLiteral "[ prompt, entry ]";
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
padding = mkLiteral "5px";
};
"#inputbar" = {
children = mkLiteral "[ prompt, entry ]";
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
padding = mkLiteral "5px";
};
"#listview" = {
background-color = mkLiteral "@bg";
columns = mkLiteral "1";
lines = mkLiteral "5";
cycle = mkLiteral "false";
dynamic = mkLiteral "true";
};
"#listview" = {
background-color = mkLiteral "@bg";
columns = mkLiteral "1";
lines = mkLiteral "5";
cycle = mkLiteral "false";
dynamic = mkLiteral "true";
};
"#mainbox" = {
background-color = mkLiteral "@bg";
border = mkLiteral "3px";
border-color = mkLiteral "@ac";
children = mkLiteral "[ inputbar, listview ]";
padding = mkLiteral "10px";
};
"#mainbox" = {
background-color = mkLiteral "@bg";
border = mkLiteral "3px";
border-color = mkLiteral "@ac";
children = mkLiteral "[ inputbar, listview ]";
padding = mkLiteral "10px";
};
"#element" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
padding = mkLiteral "5px";
};
"#element" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
padding = mkLiteral "5px";
};
"#element-icon" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
size = mkLiteral "32px";
};
"#element-icon" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
size = mkLiteral "32px";
};
"#element-text" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
padding = mkLiteral "5px";
};
"#element-text" = {
background-color = mkLiteral "@bg";
text-color = mkLiteral "@fg";
padding = mkLiteral "5px";
};
"#element selected" = {
border = mkLiteral "3px";
border-color = mkLiteral "@ac";
"#element selected" = {
border = mkLiteral "3px";
border-color = mkLiteral "@ac";
};
};
};
};
#home.file.".config/rofi/config.rasi".text = builtins.readFile ../config-files/rofi/config.rasi;
#home.file.".local/share/rofi/themes/catppuccin-mocha.rasi".text = builtins.readFile ../config-files/rofi/catppuccin-mocha.rasi;

17
home/modules/sops.nix
View file

@ -1,14 +1,21 @@
{ inputs, config, lib, ... }: {
{
inputs,
config,
lib,
...
}:
{
sops = {
defaultSopsFile = ../../secrets.yaml;
validateSopsFiles = false;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = if (config.os == "linux") then
"/home/xqtc/.config/sops/age/keys.txt"
else
"/Users/xqtc/.config/sops/age/keys.txt";
keyFile =
if (config.os == "linux") then
"/home/xqtc/.config/sops/age/keys.txt"
else
"/Users/xqtc/.config/sops/age/keys.txt";
generateKey = true;
};
};

13
home/modules/spicetify.nix
View file

@ -1,6 +1,13 @@
{ pkgs, lib, inputs, ... }:
let spicePkgs = inputs.spicetify-nix.packages.${pkgs.system}.default;
in {
{
pkgs,
lib,
inputs,
...
}:
let
spicePkgs = inputs.spicetify-nix.packages.${pkgs.system}.default;
in
{
imports = [ inputs.spicetify-nix.homeManagerModule ];
programs.spicetify = lib.mkIf (pkgs.system == "x86_64-linux") {

9
home/modules/spotify-cli.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, lib, inputs, ... }: {
{
config,
pkgs,
lib,
inputs,
...
}:
{
services.spotifyd.enable = config.os == "linux";
#services.spotifyd.settings.global = {
# bitrate = 320;

15
home/modules/ssh.nix
View file

@ -1,4 +1,11 @@
{ inputs, lib, config, pkgs, ... }: {
{
inputs,
lib,
config,
pkgs,
...
}:
{
sops = {
# defaultSopsFile = ../secrets.yaml;
# validateSopsFiles = false;
@ -32,6 +39,10 @@
programs.ssh = {
enable = true;
forwardAgent = true;
matchBlocks = { "*ryuko.suizid.jetzt" = { user = "root"; }; };
matchBlocks = {
"*ryuko.suizid.jetzt" = {
user = "root";
};
};
};
}

11
home/modules/tmux.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
programs.tmux = {
enable = true;
extraConfig = ''
@ -37,8 +43,7 @@
}
{
plugin = tmuxPlugins.yank;
extraConfig =
" # keybindings\n bind-key -T copy-mode-vi v send-keys -X begin-selection\n bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle\n bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel\n";
extraConfig = " # keybindings\n bind-key -T copy-mode-vi v send-keys -X begin-selection\n bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle\n bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel\n";
}
];
};

122
home/modules/wm.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, lib, inputs, ... }: {
{
config,
pkgs,
lib,
inputs,
...
}:
{
wayland.windowManager.hyprland = {
enable = config.os == "linux";
package = pkgs.hyprland;
@ -44,7 +51,14 @@
layout = {
"bar.layouts" = {
"*" = {
left = [ "dashboard" "windowtitle" "systray" "cpu" "ram" "netstat" ];
left = [
"dashboard"
"windowtitle"
"systray"
"cpu"
"ram"
"netstat"
];
middle = [ "workspaces" ];
right = [
"media"
@ -82,8 +96,7 @@
bar.autoHide = "fullscreen";
notifications.position = "top right";
#bar.windowtitle.leftClick = "'pkill rofi||/nix/store/rsb5ihbh4m3q4x046vc0y1r301i8j3is-ags-1.8.2/bin/ags -t overview'";
menus.dashboard.powermenu.avatar.image =
"${../config-files/hyprlock-pfp.jpg}";
menus.dashboard.powermenu.avatar.image = "${../config-files/hyprlock-pfp.jpg}";
theme.bar.buttons.workspaces.spacing = "0.5";
theme.bar.buttons.background_hover_opacity = 80;
theme.bar.buttons.innerRadiusMultiplier = "0.4";
@ -197,11 +210,9 @@
};
home.file.".config/hypr/pfp.jpg".source = ../config-files/hyprlock-pfp2.jpg;
home.file.".config/hypr/nixos-logo.png".source =
../config-files/nix-snowflake-trans-colours.png;
home.file.".config/hypr/nixos-logo.png".source = ../config-files/nix-snowflake-trans-colours.png;
home.file.".config/hypr/bg.png".source = ../../walls/walls/98223673_p0.png;
home.file.".config/hypr/chaos_star_white.png".source =
../config-files/chaos_star_white.png;
home.file.".config/hypr/chaos_star_white.png".source = ../config-files/chaos_star_white.png;
programs.hyprlock = {
enable = true;
@ -213,27 +224,31 @@
no_fade_in = false;
};
background = [{
# path = "~/.config/hypr/bg.png";
path = "screenshot";
blur_passes = 3;
blur_size = 8;
# color = "rgb(0e1419)";
}];
background = [
{
# path = "~/.config/hypr/bg.png";
path = "screenshot";
blur_passes = 3;
blur_size = 8;
# color = "rgb(0e1419)";
}
];
input-field = [{
size = "200, 50";
position = "0, -80";
monitor = "";
dots_center = true;
fade_on_empty = false;
font_color = "rgb(f5a9b8)";
inner_color = "rgb(14, 20, 25)";
outer_color = "rgb(25, 19, 14)";
outline_thickness = 5;
placeholder_text = ''<span foreground="##f5a9b8">Password...</span>'';
shadow_passes = 2;
}];
input-field = [
{
size = "200, 50";
position = "0, -80";
monitor = "";
dots_center = true;
fade_on_empty = false;
font_color = "rgb(f5a9b8)";
inner_color = "rgb(14, 20, 25)";
outer_color = "rgb(25, 19, 14)";
outline_thickness = 5;
placeholder_text = ''<span foreground="##f5a9b8">Password...</span>'';
shadow_passes = 2;
}
];
image = [
{
size = "120";
@ -318,11 +333,11 @@
# text = "TRANS RIGHTS OR RIOT NIGHTS!";
# color = "gradient(rgb(5bcefa) rgb(f5a9bb) rgb(ffffff) rgb(f5a9bb) rgb(5bcefa))";
# text = "cmd[update:30000] echo \"<span foreground='##f5a9b8'> $(cat /sys/class/power_supply/BAT0/capacity)</span>\"";
text = if config.host != "asmodeus" then
''
cmd[update:1000] echo "<span foreground='##f5a9b8'>$(for bat in /sys/class/power_supply/BAT*/capacity; do echo -n " $(basename $(dirname "$bat")): $(cat "$bat")% "; done)</span>"''
else
"<span foreground='##f5a9b8'><i>asmodeus</i></span>";
text =
if config.host != "asmodeus" then
''cmd[update:1000] echo "<span foreground='##f5a9b8'>$(for bat in /sys/class/power_supply/BAT*/capacity; do echo -n " $(basename $(dirname "$bat")): $(cat "$bat")% "; done)</span>"''
else
"<span foreground='##f5a9b8'><i>asmodeus</i></span>";
font_size = 15;
halign = "center";
@ -330,11 +345,11 @@
position = "0, -350";
}
{
text = if config.host != "asmodeus" then
''
cmd[update:1000] echo "<span foreground='##f5a9b8'><i>$(echo -n $(hostname))</i></span>"''
else
"";
text =
if config.host != "asmodeus" then
''cmd[update:1000] echo "<span foreground='##f5a9b8'><i>$(echo -n $(hostname))</i></span>"''
else
"";
font_size = 15;
halign = "center";
@ -356,18 +371,33 @@
height = 30;
margin-top = 10;
margin-bottom = 10;
modules-left = [ "hyprland/workspaces" "keyboard-state" ];
modules-center =
[ "cpu" "memory" "disk" "disk#HDD1" "disk#HDD2" "network" ];
modules-right =
[ "tray" "battery" "battery#bat2" "battery#bat3" "clock" ];
"tray" = { "icon-size" = 21; };
modules-left = [
"hyprland/workspaces"
"keyboard-state"
];
modules-center = [
"cpu"
"memory"
"disk"
"disk#HDD1"
"disk#HDD2"
"network"
];
modules-right = [
"tray"
"battery"
"battery#bat2"
"battery#bat3"
"clock"
];
"tray" = {
"icon-size" = 21;
};
"network" = {
"interval" = 3;
"format-wifi" =
"NET: {essid} {ipaddr}/{cidr} ({signalStrength}%) {bandwidthUpBits} {bandwidthDownBits} ";
"format-ethernet" =
"NET: {ipaddr}/{cidr} {bandwidthUpBits} {bandwidthDownBits} ";
"format-ethernet" = "NET: {ipaddr}/{cidr} {bandwidthUpBits} {bandwidthDownBits} ";
"format-disconnected" = "";
"max-length" = 100;
};

11
home/modules/yazi.nix
View file

@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
programs.yazi = {
enable = false;
enableNushellIntegration = true;
theme = builtins.fromTOML
(builtins.readFile ../config-files/yazi-catppuccin-mocha.toml);
theme = builtins.fromTOML (builtins.readFile ../config-files/yazi-catppuccin-mocha.toml);
};
}

104
home/modules/zellij.nix
View file

@ -1,7 +1,13 @@
{ config, lib, inputs, pkgs, ... }: {
{
config,
lib,
inputs,
pkgs,
...
}:
{
home.file.".config/zellij/plugins/zellij-forgot.wasm".source = pkgs.fetchurl {
url =
"https://github.com/karimould/zellij-forgot/releases/download/0.4.1/zellij_forgot.wasm";
url = "https://github.com/karimould/zellij-forgot/releases/download/0.4.1/zellij_forgot.wasm";
hash = "sha256-kBGZG+I9PMKhXtyAy6XRW4Sqht0/RCDcv86p0WjxvN8=";
};
xdg.configFile."zellij/layouts/default.kdl".text = ''
@ -85,57 +91,55 @@
enableZshIntegration = true;
settings = {
plugins = {
"zellij-forgot location=\"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" =
{ };
"zellij-forgot location=\"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" = { };
};
keybinds = {
"shared_except \"locked\"" = {
"bind \"Ctrl y\"" = {
"LaunchOrFocusPlugin \"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" =
{
"\"lock\"" = "ctrl + g";
"\"unlock\"" = "ctrl + g";
"\"new pane\"" = "ctrl + p + n";
"\"change focus of pane\"" = "ctrl + p + arrow key";
"\"close pane\"" = "ctrl + p + x";
"\"rename pane\"" = "ctrl + p + c";
"\"toggle fullscreen\"" = "ctrl + p + f";
"\"toggle floating pane\"" = "ctrl + p + w";
"\"toggle embed pane\"" = "ctrl + p + e";
"\"choose right pane\"" = "ctrl + p + l";
"\"choose left pane\"" = "ctrl + p + r";
"\"choose upper pane\"" = "ctrl + p + k";
"\"choose lower pane\"" = "ctrl + p + j";
"\"new tab\"" = "ctrl + t + n";
"\"close tab\"" = "ctrl + t + x";
"\"change focus of tab\"" = "ctrl + t + arrow key";
"\"rename tab\"" = "ctrl + t + r";
"\"sync tab\"" = "ctrl + t + s";
"\"brake pane to new tab\"" = "ctrl + t + b";
"\"brake pane left\"" = "ctrl + t + [";
"\"brake pane right\"" = "ctrl + t + ]";
"\"toggle tab\"" = "ctrl + t + tab";
"\"increase pane size\"" = "ctrl + n + +";
"\"decrease pane size\"" = "ctrl + n + -";
"\"increase pane top\"" = "ctrl + n + k";
"\"increase pane right\"" = "ctrl + n + l";
"\"increase pane bottom\"" = "ctrl + n + j";
"\"increase pane left\"" = "ctrl + n + h";
"\"decrease pane top\"" = "ctrl + n + K";
"\"decrease pane right\"" = "ctrl + n + L";
"\"decrease pane bottom\"" = "ctrl + n + J";
"\"decrease pane left\"" = "ctrl + n + H";
"\"move pane to top\"" = "ctrl + h + k";
"\"move pane to right\"" = "ctrl + h + l";
"\"move pane to bottom\"" = "ctrl + h + j";
"\"move pane to left\"" = "ctrl + h + h";
"\"search\"" = "ctrl + s + s";
"\"go into edit mode\"" = "ctrl + s + e";
"\"detach session\"" = "ctrl + o + w";
"\"open session manager\"" = "ctrl + o + w";
"\"quit zellij\"" = "ctrl + q";
"floating true" = "";
};
"LaunchOrFocusPlugin \"file:~/.config/zellij/plugins/zellij-forgot.wasm\"" = {
"\"lock\"" = "ctrl + g";
"\"unlock\"" = "ctrl + g";
"\"new pane\"" = "ctrl + p + n";
"\"change focus of pane\"" = "ctrl + p + arrow key";
"\"close pane\"" = "ctrl + p + x";
"\"rename pane\"" = "ctrl + p + c";
"\"toggle fullscreen\"" = "ctrl + p + f";
"\"toggle floating pane\"" = "ctrl + p + w";
"\"toggle embed pane\"" = "ctrl + p + e";
"\"choose right pane\"" = "ctrl + p + l";
"\"choose left pane\"" = "ctrl + p + r";
"\"choose upper pane\"" = "ctrl + p + k";
"\"choose lower pane\"" = "ctrl + p + j";
"\"new tab\"" = "ctrl + t + n";
"\"close tab\"" = "ctrl + t + x";
"\"change focus of tab\"" = "ctrl + t + arrow key";
"\"rename tab\"" = "ctrl + t + r";
"\"sync tab\"" = "ctrl + t + s";
"\"brake pane to new tab\"" = "ctrl + t + b";
"\"brake pane left\"" = "ctrl + t + [";
"\"brake pane right\"" = "ctrl + t + ]";
"\"toggle tab\"" = "ctrl + t + tab";
"\"increase pane size\"" = "ctrl + n + +";
"\"decrease pane size\"" = "ctrl + n + -";
"\"increase pane top\"" = "ctrl + n + k";
"\"increase pane right\"" = "ctrl + n + l";
"\"increase pane bottom\"" = "ctrl + n + j";
"\"increase pane left\"" = "ctrl + n + h";
"\"decrease pane top\"" = "ctrl + n + K";
"\"decrease pane right\"" = "ctrl + n + L";
"\"decrease pane bottom\"" = "ctrl + n + J";
"\"decrease pane left\"" = "ctrl + n + H";
"\"move pane to top\"" = "ctrl + h + k";
"\"move pane to right\"" = "ctrl + h + l";
"\"move pane to bottom\"" = "ctrl + h + j";
"\"move pane to left\"" = "ctrl + h + h";
"\"search\"" = "ctrl + s + s";
"\"go into edit mode\"" = "ctrl + s + e";
"\"detach session\"" = "ctrl + o + w";
"\"open session manager\"" = "ctrl + o + w";
"\"quit zellij\"" = "ctrl + q";
"floating true" = "";
};
};
};
};

8
home/modules/zoxide.nix
View file

@ -1,4 +1,10 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
programs.zoxide = {
enable = true;
enableNushellIntegration = true;

31
home/packages/dwl.nix
View file

@ -1,10 +1,21 @@
{ pkgs, patches, dwl-source, cmd, ... }:
pkgs.dwl.overrideAttrs (finalAttrs: previousAttrs: {
src = dwl-source;
inherit patches;
postPatch = let configFile = ../config-files/dwl/dwl-config.h;
in ''
cp ${configFile} config.def.h
substituteInPlace ./config.def.h --replace "@TERMINAL" "${cmd.terminal}"
'';
})
{
pkgs,
patches,
dwl-source,
cmd,
...
}:
pkgs.dwl.overrideAttrs (
finalAttrs: previousAttrs: {
src = dwl-source;
inherit patches;
postPatch =
let
configFile = ../config-files/dwl/dwl-config.h;
in
''
cp ${configFile} config.def.h
substituteInPlace ./config.def.h --replace "@TERMINAL" "${cmd.terminal}"
'';
}
)

15
home/programs/dwl.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, dwl-source, ... }:
{
config,
pkgs,
lib,
dwl-source,
...
}:
with lib;
let
cfg = config.programs.dwl;
@ -7,7 +13,8 @@ let
inherit (cfg) patches cmd;
inherit dwl-source;
};
in {
in
{
options.programs.dwl = {
enable = mkEnableOption "dwl";
package = mkOption {
@ -15,7 +22,9 @@ in {
default = dwlPackage;
};
patches = mkOption { default = [ ]; };
cmd = { terminal = mkOption { default = ""; }; };
cmd = {
terminal = mkOption { default = ""; };
};
};
config = mkIf cfg.enable { home.packages = [ cfg.package ]; };

3
home/system.nix
View file

@ -1,4 +1,5 @@
{ lib, ... }: {
{ lib, ... }:
{
options.os = lib.mkOption {
type = lib.types.str;
default = "linux";

5
hosts/aarch64-linux/alastor/apple-silicon-support/default.nix
View file

@ -1 +1,4 @@
{ ... }: { imports = [ ./modules/default.nix ]; }
{ ... }:
{
imports = [ ./modules/default.nix ];
}

15
hosts/aarch64-linux/alastor/apple-silicon-support/modules/boot-m1n1/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
pkgs' = config.hardware.asahi.pkgs;
@ -20,14 +25,18 @@ let
fi
'';
};
in {
in
{
config = lib.mkIf config.hardware.asahi.enable {
# install m1n1 with the boot loader
boot.loader.grub.extraFiles = bootFiles;
boot.loader.systemd-boot.extraFiles = bootFiles;
# ensure the installer has m1n1 in the image
system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
system.extraDependencies = lib.mkForce [
bootM1n1
bootUBoot
];
system.build.m1n1 = bootFiles."m1n1/boot.bin";
};

44
hosts/aarch64-linux/alastor/apple-silicon-support/modules/default.nix
View file

@ -1,19 +1,35 @@
{ config, pkgs, lib, ... }: {
imports = [ ./kernel ./mesa ./peripheral-firmware ./boot-m1n1 ./sound ];
{
config,
pkgs,
lib,
...
}:
{
imports = [
./kernel
./mesa
./peripheral-firmware
./boot-m1n1
./sound
];
config = let cfg = config.hardware.asahi;
in lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
config =
let
cfg = config.hardware.asahi;
in
lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
hardware.asahi.pkgs = if cfg.pkgsSystem != "aarch64-linux" then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ];
}
else
pkgs;
};
hardware.asahi.pkgs =
if cfg.pkgsSystem != "aarch64-linux" then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ];
}
else
pkgs;
};
options.hardware.asahi = {
enable = lib.mkOption {

28
hosts/aarch64-linux/alastor/apple-silicon-support/modules/kernel/default.nix
View file

@ -1,11 +1,20 @@
# the Asahi Linux kernel and options that must go along with it
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf config.hardware.asahi.enable {
boot.kernelPackages = let pkgs' = config.hardware.asahi.pkgs;
in pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
};
boot.kernelPackages =
let
pkgs' = config.hardware.asahi.pkgs;
in
pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
};
# we definitely want to use CONFIG_ENERGY_MODEL, and
# schedutil is a prerequisite for using it
@ -89,8 +98,11 @@
};
imports = [
(lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
"All edge kernel config options are now the default.")
(lib.mkRemovedOptionModule [
"hardware"
"asahi"
"addEdgeKernelConfig"
] "All edge kernel config options are now the default.")
];
options.hardware.asahi.withRust = lib.mkOption {

98
hosts/aarch64-linux/alastor/apple-silicon-support/modules/mesa/default.nix
View file

@ -1,43 +1,57 @@
{ config, pkgs, lib, ... }: {
config = let
isMode = mode:
(config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode);
in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the drivers
hardware.opengl.package =
config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
{
config,
pkgs,
lib,
...
}:
{
config =
let
isMode =
mode:
(
config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode
);
in
lib.mkIf config.hardware.asahi.enable (
lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the drivers
hardware.opengl.package = config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
(lib.mkIf (isMode "replace") {
# replace the Mesa linked into system packages with the Asahi version
# without rebuilding them to avoid rebuilding the world.
system.replaceRuntimeDependencies = [{
original = pkgs.mesa;
replacement = config.hardware.asahi.pkgs.mesa-asahi-edge;
}];
})
(lib.mkIf (isMode "overlay") {
# replace the Mesa used in Nixpkgs with the Asahi version using an overlay,
# which requires rebuilding the world but ensures it is done faithfully
# (and in a way compatible with pure evaluation)
nixpkgs.overlays = [ (final: prev: { mesa = final.mesa-asahi-edge; }) ];
})
]);
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
(lib.mkIf (isMode "replace") {
# replace the Mesa linked into system packages with the Asahi version
# without rebuilding them to avoid rebuilding the world.
system.replaceRuntimeDependencies = [
{
original = pkgs.mesa;
replacement = config.hardware.asahi.pkgs.mesa-asahi-edge;
}
];
})
(lib.mkIf (isMode "overlay") {
# replace the Mesa used in Nixpkgs with the Asahi version using an overlay,
# which requires rebuilding the world but ensures it is done faithfully
# (and in a way compatible with pure evaluation)
nixpkgs.overlays = [ (final: prev: { mesa = final.mesa-asahi-edge; }) ];
})
]
);
options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
type = lib.types.bool;
@ -50,7 +64,11 @@
};
options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
type = lib.types.enum [ "driver" "replace" "overlay" ];
type = lib.types.enum [
"driver"
"replace"
"overlay"
];
default = "replace";
description = ''
Mode to use to install the experimental GPU driver into the system.

77
hosts/aarch64-linux/alastor/apple-silicon-support/modules/peripheral-firmware/default.nix
View file

@ -1,31 +1,49 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf config.hardware.asahi.enable {
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [{
assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
'';
}];
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
{
assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
'';
}
];
hardware.firmware = let pkgs' = config.hardware.asahi.pkgs;
in lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware) [
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
hardware.firmware =
let
pkgs' = config.hardware.asahi.pkgs;
in
lib.mkIf
(
(config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware
)
[
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
nativeBuildInputs = [
pkgs'.asahi-fwextract
pkgs.cpio
];
buildCommand = ''
mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
buildCommand = ''
mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware
'';
})
];
mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware
'';
})
];
};
options.hardware.asahi = {
@ -41,13 +59,12 @@
peripheralFirmwareDirectory = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = lib.findFirst
(path: builtins.pathExists (path + "/all_firmware.tar.gz")) null [
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer
/mnt/boot/asahi
];
default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null [
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer
/mnt/boot/asahi
];
description = ''
Path to the directory containing the non-free non-redistributable

155
hosts/aarch64-linux/alastor/apple-silicon-support/modules/sound/default.nix
View file

@ -1,4 +1,11 @@
{ config, options, pkgs, lib, ... }: {
{
config,
options,
pkgs,
lib,
...
}:
{
imports = [
# disable pulseaudio as the Asahi sound infrastructure can't use it.
# if we disable it only if setupAsahiSound is enabled, then infinite
@ -17,78 +24,96 @@
};
};
config = let
cfg = config.hardware.asahi;
config =
let
cfg = config.hardware.asahi;
asahi-audio = pkgs.asahi-audio; # the asahi-audio we use
asahi-audio = pkgs.asahi-audio; # the asahi-audio we use
lsp-plugins = pkgs.lsp-plugins; # the lsp-plugins we use
lsp-plugins = pkgs.lsp-plugins; # the lsp-plugins we use
lsp-plugins-is-patched = (lsp-plugins.overrideAttrs (old: {
passthru = (old.passthru or { }) // {
lsp-plugins-is-patched =
builtins.elem "58c3f985f009c84347fa91236f164a9e47aafa93.patch"
(builtins.map (p: p.name) (old.patches or [ ]));
};
})).lsp-plugins-is-patched;
lsp-plugins-is-patched =
(lsp-plugins.overrideAttrs (old: {
passthru = (old.passthru or { }) // {
lsp-plugins-is-patched = builtins.elem "58c3f985f009c84347fa91236f164a9e47aafa93.patch" (
builtins.map (p: p.name) (old.patches or [ ])
);
};
})).lsp-plugins-is-patched;
lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14")
|| lsp-plugins-is-patched;
lsp-plugins-is-safe =
(pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14") || lsp-plugins-is-patched;
# https://github.com/NixOS/nixpkgs/pull/282377
# options is the set of all module option declarations, rather than their
# values, to prevent infinite recursion
newHotness = builtins.hasAttr "configPackages" options.services.pipewire;
# https://github.com/NixOS/nixpkgs/pull/282377
# options is the set of all module option declarations, rather than their
# values, to prevent infinite recursion
newHotness = builtins.hasAttr "configPackages" options.services.pipewire;
lv2Path = lib.makeSearchPath "lib/lv2" [ lsp-plugins pkgs.bankstown-lv2 ];
in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
{
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
lv2Path = lib.makeSearchPath "lib/lv2" [
lsp-plugins
pkgs.bankstown-lv2
];
in
lib.mkIf (cfg.setupAsahiSound && cfg.enable) (
lib.mkMerge [
{
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 =
"${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages = lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
}
(lib.optionalAttrs newHotness {
# use configPackages and friends to install asahi-audio and plugins
services.pipewire = {
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
wireplumber = {
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
};
};
})
(lib.optionalAttrs (!newHotness) {
# use environment.etc and environment variables to install asahi-audio and plugins
environment.etc = builtins.listToAttrs (builtins.map (f: {
name = f;
value = { source = "${asahi-audio}/share/${f}"; };
}) asahi-audio.providedConfigFiles);
# enable speakersafetyd to protect speakers
systemd.packages =
lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
}
(lib.optionalAttrs newHotness {
# use configPackages and friends to install asahi-audio and plugins
services.pipewire = {
configPackages = [ asahi-audio ];
extraLv2Packages = [
lsp-plugins
pkgs.bankstown-lv2
];
wireplumber = {
configPackages = [ asahi-audio ];
extraLv2Packages = [
lsp-plugins
pkgs.bankstown-lv2
];
};
};
})
(lib.optionalAttrs (!newHotness) {
# use environment.etc and environment variables to install asahi-audio and plugins
environment.etc = builtins.listToAttrs (
builtins.map (f: {
name = f;
value = {
source = "${asahi-audio}/share/${f}";
};
}) asahi-audio.providedConfigFiles
);
systemd.user.services.pipewire.environment.LV2_PATH = lv2Path;
systemd.user.services.wireplumber.environment.LV2_PATH = lv2Path;
})
]);
systemd.user.services.pipewire.environment.LV2_PATH = lv2Path;
systemd.user.services.wireplumber.environment.LV2_PATH = lv2Path;
})
]
);
}

14
hosts/aarch64-linux/alastor/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix
View file

@ -1,4 +1,8 @@
{ lib, fetchFromGitHub, alsa-ucm-conf, }:
{
lib,
fetchFromGitHub,
alsa-ucm-conf,
}:
(alsa-ucm-conf.overrideAttrs (oldAttrs: rec {
version = "5";
@ -10,7 +14,9 @@
hash = "sha256-daUNz5oUrPfSMO0Tqq/WbtiLHMOtPeQQlI+juGrhTxw=";
};
postInstall = oldAttrs.postInstall or "" + ''
cp -r ${src_asahi}/ucm2 $out/share/alsa
'';
postInstall =
oldAttrs.postInstall or ""
+ ''
cp -r ${src_asahi}/ucm2 $out/share/alsa
'';
}))

6
hosts/aarch64-linux/alastor/apple-silicon-support/packages/asahi-audio/default.nix
View file

@ -1,4 +1,8 @@
{ stdenv, lib, fetchFromGitHub, }:
{
stdenv,
lib,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {
pname = "asahi-audio";
# tracking: https://src.fedoraproject.org/rpms/asahi-audio

9
hosts/aarch64-linux/alastor/apple-silicon-support/packages/asahi-fwextract/default.nix
View file

@ -1,4 +1,11 @@
{ lib, python3, fetchFromGitHub, gzip, gnutar, lzfse, }:
{
lib,
python3,
fetchFromGitHub,
gzip,
gnutar,
lzfse,
}:
python3.pkgs.buildPythonApplication rec {
pname = "asahi-fwextract";
version = "0.6.9";

9
hosts/aarch64-linux/alastor/apple-silicon-support/packages/bankstown-lv2/default.nix
View file

@ -1,4 +1,11 @@
{ lib, lv2, pkg-config, rustPlatform, fetchFromGitHub, fetchpatch, }:
{
lib,
lv2,
pkg-config,
rustPlatform,
fetchFromGitHub,
fetchpatch,
}:
rustPlatform.buildRustPackage rec {
pname = "bankstown-lv2";
# tracking: https://src.fedoraproject.org/rpms/rust-bankstown-lv2

291
hosts/aarch64-linux/alastor/apple-silicon-support/packages/linux-asahi/default.nix
View file

@ -1,158 +1,217 @@
{ lib, pkgs, callPackage, writeShellScriptBin, writeText, removeReferencesTo
, linuxPackagesFor, withRust ? false, _kernelPatches ? [ ], }:
{
lib,
pkgs,
callPackage,
writeShellScriptBin,
writeText,
removeReferencesTo,
linuxPackagesFor,
withRust ? false,
_kernelPatches ? [ ],
}:
let
i = builtins.elemAt;
# parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
# into a list of k, v tuples
parseExtraConfig = config:
parseExtraConfig =
config:
let
lines =
builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine = line:
lines = builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine =
line:
let
t = lib.strings.splitString " " line;
join = l:
builtins.foldl' (a: b: "${a} ${b}") (builtins.head l)
(builtins.tail l);
v =
if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in [ "CONFIG_${i t 0}" v ];
in map parseLine lines;
join = l: builtins.foldl' (a: b: "${a} ${b}") (builtins.head l) (builtins.tail l);
v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in
[
"CONFIG_${i t 0}"
v
];
in
map parseLine lines;
# parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
# style configuration as found in a patch's extraStructuredConfig into
# a list of k, v tuples
parseExtraStructuredConfig = config:
lib.attrsets.mapAttrsToList
(k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ]) config;
parseExtraStructuredConfig =
config:
lib.attrsets.mapAttrsToList (k: v: [
"CONFIG_${k}"
(v.tristate or v.freeform)
]) config;
parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? { }, ... }:
(parseExtraConfig extraConfig)
++ (parseExtraStructuredConfig extraStructuredConfig);
parsePatchConfig =
{
extraConfig ? "",
extraStructuredConfig ? { },
...
}:
(parseExtraConfig extraConfig) ++ (parseExtraStructuredConfig extraStructuredConfig);
# parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
# into a list of k, v tuples
parseConfig = config:
parseConfig =
config:
let
parseLine =
builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched
t = l: let v = i l 2; in [ (i l 0) (if v != null then v else (i l 3)) ];
t =
l:
let
v = i l 2;
in
[
(i l 0)
(if v != null then v else (i l 3))
];
lines = lib.strings.splitString "\n" config;
in map t (builtins.filter (l: l != null) (map parseLine lines));
in
map t (builtins.filter (l: l != null) (map parseLine lines));
origConfigfile = ./config;
linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel
, rustPlatform, rustc, rustfmt, rust-bindgen, ... }@args:
linux-asahi-pkg =
{
stdenv,
lib,
fetchFromGitHub,
fetchpatch,
linuxKernel,
rustPlatform,
rustc,
rustfmt,
rust-bindgen,
...
}@args:
let
origConfigText = builtins.readFile origConfigfile;
# extraConfig from all patches in order
extraConfig =
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [ ] _kernelPatches;
extraConfig = lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [ ] _kernelPatches;
# config file text for above
extraConfigText = let
text = k: v:
if (v == "y") || (v == "m") || (v == "n") then
"${k}=${v}"
else
''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig);
extraConfigText =
let
text = k: v: if (v == "y") || (v == "m") || (v == "n") then "${k}=${v}" else ''${k}="${v}"'';
in
(map (t: text (i t 0) (i t 1)) extraConfig);
# final config as a text file path
configfile = if extraConfig == [ ] then
origConfigfile
else
writeText "config" ''
${origConfigText}
configfile =
if extraConfig == [ ] then
origConfigfile
else
writeText "config" ''
${origConfigText}
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# final config as an attrset
configAttrs = let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
configAttrs =
let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in
builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# used to (ostensibly) keep compatibility for those running stable versions of nixos
rustOlder = version: withRust && (lib.versionOlder rustc.version version);
bindgenOlder = version:
withRust && (lib.versionOlder rust-bindgen.unwrapped.version version);
bindgenOlder = version: withRust && (lib.versionOlder rust-bindgen.unwrapped.version version);
# used to fix issues when nixpkgs gets ahead of the kernel
rustAtLeast = version:
withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version:
withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in (linuxKernel.manualConfig rec {
inherit stdenv lib;
rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in
(
linuxKernel.manualConfig rec {
inherit stdenv lib;
version = "6.6.0-asahi";
modDirVersion = version;
extraMeta.branch = "6.6";
version = "6.6.0-asahi";
modDirVersion = version;
extraMeta.branch = "6.6";
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.6-15";
hash = "sha256-Jm7wTKWuwd/6ZN0g5F4CNNETiOyGQL31hfSyTDYH85k=";
};
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.6-15";
hash = "sha256-Jm7wTKWuwd/6ZN0g5F4CNNETiOyGQL31hfSyTDYH85k=";
};
kernelPatches = [
{
name = "coreutils-fix";
patch =
./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
}
# speaker enablement; we assert on the relevant lsp-plugins patch
# before installing speakersafetyd to let the speakers work
{
name = "speakers-1";
patch = fetchpatch {
url =
"https://github.com/AsahiLinux/linux/commit/385ea7b5023486aba7919cec8b6b3f6a843a1013.patch";
hash = "sha256-u7IzhJbUgBPfhJXAcpHw1I6OPzPHc1UKYjH91Ep3QHQ=";
};
}
{
name = "speakers-2";
patch = fetchpatch {
url =
"https://github.com/AsahiLinux/linux/commit/6a24102c06c95951ab992e2d41336cc6d4bfdf23.patch";
hash = "sha256-wn5x2hN42/kCp/XHBvLWeNLfwlOBB+T6UeeMt2tSg3o=";
};
}
] ++ lib.optionals (rustAtLeast "1.75.0") [{
name = "rustc-1.75.0";
patch = ./0001-check-in-new-alloc-for-1.75.0.patch;
}] ++ lib.optionals (rustAtLeast "1.76.0") [{
name = "rustc-1.76.0";
patch = ./rust_1_76_0.patch;
}] ++ _kernelPatches;
kernelPatches =
[
{
name = "coreutils-fix";
patch = ./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
}
# speaker enablement; we assert on the relevant lsp-plugins patch
# before installing speakersafetyd to let the speakers work
{
name = "speakers-1";
patch = fetchpatch {
url = "https://github.com/AsahiLinux/linux/commit/385ea7b5023486aba7919cec8b6b3f6a843a1013.patch";
hash = "sha256-u7IzhJbUgBPfhJXAcpHw1I6OPzPHc1UKYjH91Ep3QHQ=";
};
}
{
name = "speakers-2";
patch = fetchpatch {
url = "https://github.com/AsahiLinux/linux/commit/6a24102c06c95951ab992e2d41336cc6d4bfdf23.patch";
hash = "sha256-wn5x2hN42/kCp/XHBvLWeNLfwlOBB+T6UeeMt2tSg3o=";
};
}
]
++ lib.optionals (rustAtLeast "1.75.0") [
{
name = "rustc-1.75.0";
patch = ./0001-check-in-new-alloc-for-1.75.0.patch;
}
]
++ lib.optionals (rustAtLeast "1.76.0") [
{
name = "rustc-1.76.0";
patch = ./rust_1_76_0.patch;
}
]
++ _kernelPatches;
inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // { "CONFIG_RUST" = "n"; };
} // (args.argsOverride or { })).overrideAttrs (old:
if withRust then {
nativeBuildInputs = (old.nativeBuildInputs or [ ])
++ [ rust-bindgen rustfmt rustc removeReferencesTo ];
# HACK: references shouldn't have been there in the first place
# TODO: remove once 23.05 is obsolete
postFixup = (old.postFixup or "") + ''
if [ -f $dev/lib/modules/${old.version}/build/vmlinux ]; then
remove-references-to -t $out $dev/lib/modules/${old.version}/build/vmlinux
fi
remove-references-to -t $dev $out/Image
'';
RUST_LIB_SRC = rustPlatform.rustLibSrc;
} else
{ });
inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // {
"CONFIG_RUST" = "n";
};
}
// (args.argsOverride or { })
).overrideAttrs
(
old:
if withRust then
{
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
rust-bindgen
rustfmt
rustc
removeReferencesTo
];
# HACK: references shouldn't have been there in the first place
# TODO: remove once 23.05 is obsolete
postFixup =
(old.postFixup or "")
+ ''
if [ -f $dev/lib/modules/${old.version}/build/vmlinux ]; then
remove-references-to -t $out $dev/lib/modules/${old.version}/build/vmlinux
fi
remove-references-to -t $dev $out/Image
'';
RUST_LIB_SRC = rustPlatform.rustLibSrc;
}
else
{ }
);
linux-asahi = callPackage linux-asahi-pkg { };
in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)
in
lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

99
hosts/aarch64-linux/alastor/apple-silicon-support/packages/m1n1/default.nix
View file

@ -1,15 +1,34 @@
{ stdenv, buildPackages, lib, fetchFromGitHub, python3, dtc, imagemagick
, isRelease ? false, withTools ? true, withChainloading ? false, rust-bin ? null
, customLogo ? null, }:
{
stdenv,
buildPackages,
lib,
fetchFromGitHub,
python3,
dtc,
imagemagick,
isRelease ? false,
withTools ? true,
withChainloading ? false,
rust-bin ? null,
customLogo ? null,
}:
assert withChainloading -> rust-bin != null;
let
pyenv = python3.withPackages (p: with p; [ construct pyserial ]);
pyenv = python3.withPackages (
p: with p; [
construct
pyserial
]
);
rustenv = rust-bin.selectLatestNightlyWith (toolchain:
rustenv = rust-bin.selectLatestNightlyWith (
toolchain:
toolchain.minimal.override {
targets = [ "aarch64-unknown-none-softfloat" ];
});
in stdenv.mkDerivation rec {
}
);
in
stdenv.mkDerivation rec {
pname = "m1n1";
version = "1.4.11";
@ -22,11 +41,16 @@ in stdenv.mkDerivation rec {
fetchSubmodules = true;
};
makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
makeFlags =
[ "ARCH=${stdenv.cc.targetPrefix}" ]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
nativeBuildInputs = [ dtc buildPackages.gcc ]
nativeBuildInputs =
[
dtc
buildPackages.gcc
]
++ lib.optional withChainloading rustenv
++ lib.optional (customLogo != null) imagemagick;
@ -51,35 +75,38 @@ in stdenv.mkDerivation rec {
popd &>/dev/null
'';
installPhase = ''
runHook preInstall
installPhase =
''
runHook preInstall
mkdir -p $out/build
cp build/m1n1.bin $out/build
'' + (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
mkdir -p $out/build
cp build/m1n1.bin $out/build
''
+ (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'') + ''
runHook postInstall
'';
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'')
+ ''
runHook postInstall
'';
}

83
hosts/aarch64-linux/alastor/apple-silicon-support/packages/mesa-asahi-edge/default.nix
View file

@ -1,42 +1,55 @@
{ lib, fetchFromGitLab, mesa, meson, llvmPackages, }:
{
lib,
fetchFromGitLab,
mesa,
meson,
llvmPackages,
}:
(mesa.override {
galliumDrivers = [ "swrast" "asahi" ];
galliumDrivers = [
"swrast"
"asahi"
];
vulkanDrivers = [ "swrast" ];
enableGalliumNine = false;
# libclc and other OpenCL components are needed for geometry shader support on Apple Silicon
enableOpenCL = true;
}).overrideAttrs (oldAttrs: {
# version must be the same length (i.e. no unstable or date)
# so that system.replaceRuntimeDependencies can work
version = "24.1.0";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20240228";
hash = "sha256-wOFJyYfoN6yxE9HaHXLP/0MhjyRvmlb+jPPUke0sbbE=";
};
}).overrideAttrs
(oldAttrs: {
# version must be the same length (i.e. no unstable or date)
# so that system.replaceRuntimeDependencies can work
version = "24.1.0";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20240228";
hash = "sha256-wOFJyYfoN6yxE9HaHXLP/0MhjyRvmlb+jPPUke0sbbE=";
};
mesonFlags =
# remove flag to configure xvmc functionality as having it
# breaks the build because that no longer exists in Mesa 23
(lib.filter (x: !(lib.hasPrefix "-Dxvmc-libs-path=" x)) oldAttrs.mesonFlags)
++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
# does not make any sense
"-Dandroid-libbacktrace=disabled"
# do not want to add the dependencies
"-Dlibunwind=disabled"
"-Dlmsensors=disabled"
] ++ ( # does not compile on nixpkgs stable, doesn't seem mandatory
lib.optional (lib.versionOlder meson.version "1.3.1")
"-Dgallium-rusticl=false");
mesonFlags =
# remove flag to configure xvmc functionality as having it
# breaks the build because that no longer exists in Mesa 23
(lib.filter (x: !(lib.hasPrefix "-Dxvmc-libs-path=" x)) oldAttrs.mesonFlags)
++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
# does not make any sense
"-Dandroid-libbacktrace=disabled"
# do not want to add the dependencies
"-Dlibunwind=disabled"
"-Dlmsensors=disabled"
]
++
# does not compile on nixpkgs stable, doesn't seem mandatory
(lib.optional (lib.versionOlder meson.version "1.3.1") "-Dgallium-rusticl=false");
# replace patches with ones tweaked slightly to apply to this version
patches =
[ ./disk_cache-include-dri-driver-path-in-cache-key.patch ./opencl.patch ];
})
# replace patches with ones tweaked slightly to apply to this version
patches = [
./disk_cache-include-dri-driver-path-in-cache-key.patch
./opencl.patch
];
})

6
hosts/aarch64-linux/alastor/apple-silicon-support/packages/overlay.nix
View file

@ -3,10 +3,8 @@ final: prev: {
m1n1 = final.callPackage ./m1n1 { };
uboot-asahi = final.callPackage ./uboot-asahi { };
asahi-fwextract = final.callPackage ./asahi-fwextract { };
mesa-asahi-edge =
final.callPackage ./mesa-asahi-edge { inherit (prev) mesa; };
alsa-ucm-conf-asahi =
final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
mesa-asahi-edge = final.callPackage ./mesa-asahi-edge { inherit (prev) mesa; };
alsa-ucm-conf-asahi = final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
speakersafetyd = final.callPackage ./speakersafetyd { };
bankstown-lv2 = final.callPackage ./bankstown-lv2 { };
asahi-audio = final.callPackage ./asahi-audio { };

13
hosts/aarch64-linux/alastor/apple-silicon-support/packages/speakersafetyd/default.nix
View file

@ -1,4 +1,11 @@
{ rustPlatform, stdenv, rust, fetchCrate, pkg-config, alsa-lib, }:
{
rustPlatform,
stdenv,
rust,
fetchCrate,
pkg-config,
alsa-lib,
}:
rustPlatform.buildRustPackage rec {
pname = "speakersafetyd";
# tracking: https://src.fedoraproject.org/rpms/rust-speakersafetyd
@ -15,9 +22,7 @@ rustPlatform.buildRustPackage rec {
postPatch = ''
substituteInPlace speakersafetyd.service --replace "/usr" "$out"
substituteInPlace Makefile --replace "target/release" "target/${
rust.lib.toRustTargetSpec stdenv.hostPlatform
}/$cargoBuildType"
substituteInPlace Makefile --replace "target/release" "target/${rust.lib.toRustTargetSpec stdenv.hostPlatform}/$cargoBuildType"
'';
installFlags = [

36
hosts/aarch64-linux/alastor/apple-silicon-support/packages/uboot-asahi/default.nix
View file

@ -1,4 +1,9 @@
{ lib, fetchFromGitHub, buildUBoot, m1n1, }:
{
lib,
fetchFromGitHub,
buildUBoot,
m1n1,
}:
(buildUBoot rec {
src = fetchFromGitHub {
# tracking: https://pagure.io/fedora-asahi/uboot-tools/commits/main
@ -11,7 +16,10 @@
defconfig = "apple_m1_defconfig";
extraMeta.platforms = [ "aarch64-linux" ];
filesToInstall = [ "u-boot-nodtb.bin.gz" "m1n1-u-boot.bin" ];
filesToInstall = [
"u-boot-nodtb.bin.gz"
"m1n1-u-boot.bin"
];
extraConfig = ''
CONFIG_IDENT_STRING=" ${version}"
CONFIG_VIDEO_FONT_4X6=n
@ -19,17 +27,17 @@
CONFIG_VIDEO_FONT_SUN12X22=n
CONFIG_VIDEO_FONT_16X32=y
'';
}).overrideAttrs (o: {
# nixos's downstream patches are not applicable
patches = [ ];
}).overrideAttrs
(o: {
# nixos's downstream patches are not applicable
patches = [ ];
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags =
builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
'';
})
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
'';
})

33
hosts/aarch64-linux/alastor/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
inputs.apple-silicon.nixosModules.apple-silicon-support
@ -31,8 +38,9 @@
services.pcscd.enable = true;
environment.sessionVariables.MOZ_GMP_PATH =
[ "${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed" ];
environment.sessionVariables.MOZ_GMP_PATH = [
"${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed"
];
networking.hostName = "alastor"; # Define your hostname.
# Pick only one of the below networking options.
@ -40,8 +48,7 @@
enable = true;
settings.General.EnableNetworkConfiguration = true;
};
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -90,7 +97,11 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" "docker" ]; # Enable sudo for the user.
extraGroups = [
"wheel"
"audio"
"docker"
]; # Enable sudo for the user.
packages = with pkgs; [ tree ];
shell = pkgs.nushell;
};
@ -146,7 +157,10 @@
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 2234 ];
networking.firewall.allowedTCPPorts = [
22
2234
];
networking.firewall.allowedUDPPorts = [ 2234 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -175,5 +189,8 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
}

19
hosts/aarch64-linux/alastor/hardware-configuration.nix
View file

@ -1,7 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "usb_storage" ];
@ -19,10 +26,12 @@
fsType = "vfat";
};
swapDevices = [{
device = "/var/lib/swapfile";
size = 12 * 1024;
}];
swapDevices = [
{
device = "/var/lib/swapfile";
size = 12 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
hosts/antivirus.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
# services.clamav = {
# updater.enable = true;

3
hosts/docker.nix
View file

@ -1,4 +1,5 @@
{ config, lib, ... }: {
{ config, lib, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
virtualisation.docker.autoPrune.dates = "daily";

114
hosts/x86_64-linux/asmodeus/default.nix
View file

@ -1,30 +1,38 @@
/*
/*
*/
{ config, inputs, lib, pkgs, ... }: {
{
config,
inputs,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -35,7 +43,9 @@
../../gc.nix
];
sops.secrets."nextcloud_password" = { path = "/etc/nx_pass"; };
sops.secrets."nextcloud_password" = {
path = "/etc/nx_pass";
};
nixpkgs.config.allowUnfree = true;
services.tailscale.extraSetFlags = [ "--webclient=true" ];
@ -56,7 +66,10 @@
hardware.enableAllFirmware = true;
services.fwupd.enable = true;
hardware.opengl.extraPackages = with pkgs; [ ocl-icd vaapiVdpau ];
hardware.opengl.extraPackages = with pkgs; [
ocl-icd
vaapiVdpau
];
hardware.nvidia = {
modesetting.enable = true;
@ -86,8 +99,7 @@
networking.hostName = "asmodeus"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -141,7 +153,9 @@
extraConfig = {
pipewire = {
"10-clock-rate" = {
"context.properties" = { "default.clock.rate" = 44100; };
"context.properties" = {
"default.clock.rate" = 44100;
};
};
};
};
@ -152,7 +166,11 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; };
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
services.blueman.enable = true;
@ -163,9 +181,17 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups =
[ "wheel" "sudo" "docker" "adbusers" ]; # Enable sudo for the user.
packages = with pkgs; [ wezterm nushell zsh ];
extraGroups = [
"wheel"
"sudo"
"docker"
"adbusers"
]; # Enable sudo for the user.
packages = with pkgs; [
wezterm
nushell
zsh
];
shell = pkgs.nushell;
};
@ -249,7 +275,10 @@
services.resolved = {
enable = false;
fallbackDns = [ "9.9.9.9" "2620:fe::fe" ];
fallbackDns = [
"9.9.9.9"
"2620:fe::fe"
];
};
services.mullvad-vpn = {
@ -261,7 +290,13 @@
# services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 2234 4747 8096 8080 8082 ];
networking.firewall.allowedTCPPorts = [
2234
4747
8096
8080
8082
];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -289,5 +324,8 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
}

23
hosts/x86_64-linux/asmodeus/hardware-configuration.nix
View file

@ -1,11 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
@ -39,6 +53,5 @@
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

26
hosts/x86_64-linux/beleth/borg.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
#
# BACKUP
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u410986-sub1@u410986-sub1.your-storagebox.de:nx-data"
@ -43,16 +49,13 @@
repo = "u410986-sub1@u410986-sub1.your-storagebox.de:nx-data";
encryption = {
mode = "repokey-blake2";
passCommand =
"cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}";
passCommand = "cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}";
};
environment = {
BORG_RSH =
"ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}";
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}";
};
compression = "auto,lzma";
startAt =
"Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
};
nextcloud_database = {
user = "nextcloud";
@ -69,16 +72,13 @@
repo = "u410986-sub2@u410986-sub2.your-storagebox.de:nx-db";
encryption = {
mode = "repokey-blake2";
passCommand =
"cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}";
passCommand = "cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}";
};
environment = {
BORG_RSH =
"ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}";
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}";
};
compression = "auto,lzma";
startAt =
"Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
};
};

12
hosts/x86_64-linux/beleth/caddy.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
services.caddy = {
enable = true;
email = "xqtc@tutanota.com";
@ -30,9 +36,7 @@
# };
"hydra.heroin.trade" = {
extraConfig = ''
reverse_proxy http://localhost:${
builtins.toString config.services.hydra.port
}
reverse_proxy http://localhost:${builtins.toString config.services.hydra.port}
'';
};
"cheats-rs.heroin.trade" = {

3
hosts/x86_64-linux/beleth/calibre-web.nix
View file

@ -1,4 +1,5 @@
{ config, lib, ... }: {
{ config, lib, ... }:
{
services.calibre-web = {
enable = true;
options = {

15
hosts/x86_64-linux/beleth/conduit.nix
View file

@ -1,4 +1,10 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
services.matrix-conduit = {
enable = true;
settings = {
@ -17,10 +23,11 @@
];
turn_secret = "openrelayprojectsecret";
};
extraEnvironment = { CONDUIT_MAX_CONCURRENT_REQUESTS = "100"; };
extraEnvironment = {
CONDUIT_MAX_CONCURRENT_REQUESTS = "100";
};
};
};
networking.firewall.allowedTCPPorts =
[ config.services.matrix-conduit.settings.global.port ];
networking.firewall.allowedTCPPorts = [ config.services.matrix-conduit.settings.global.port ];
}

38
hosts/x86_64-linux/beleth/default.nix
View file

@ -1,5 +1,11 @@
{ config, lib, pkgs, ... }:
with lib; {
{
config,
lib,
pkgs,
...
}:
with lib;
{
imports = [
./hardware-configuration.nix
../../../common/comin.nix
@ -35,7 +41,10 @@ with lib; {
services.syncthing.settings.gui.insecureSkipHostcheck = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
nix.settings = {
@ -50,8 +59,7 @@ with lib; {
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "beleth"; # Define your hostname.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.wireguard.enable = true;
# Set your time zone.
@ -59,7 +67,10 @@ with lib; {
users.users.xqtc = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
extraGroups = [
"wheel"
"docker"
];
packages = with pkgs; [ tree ];
openssh.authorizedKeys.keys = [
# TODO: Add remaining keys from https://meta.sr.ht/~xqrc.keys
@ -81,7 +92,14 @@ with lib; {
programs.bash.blesh.enable = true;
# programs.bash.shellInit = "cd /home/xqtc/nixos-config/; export GIT_REVISION_CONFIG=$(nix flake metadata --json | jq -r '.locked.rev'); echo $GIT_REVISION_CONFIG; cd;";
environment.systemPackages = with pkgs; [ neovim vim git wget jq zola ];
environment.systemPackages = with pkgs; [
neovim
vim
git
wget
jq
zola
];
programs.mtr.enable = true;
programs.gnupg.agent = {
@ -101,7 +119,11 @@ with lib; {
# Open ports in the firewall.
networking.nftables.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking.firewall.allowedTCPPorts = [
22
80
443
];
networking.firewall.allowedUDPPorts = [ 51820 ];
system.stateVersion = "24.05"; # Did you read the comment?

33
hosts/x86_64-linux/beleth/docker-compose-crime.nix
View file

@ -1,5 +1,12 @@
# Auto-generated using compose2nix v0.2.0-pre.
{ pkgs, lib, config, inputs, ... }: {
{
pkgs,
lib,
config,
inputs,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
@ -38,7 +45,9 @@
];
};
systemd.services."podman-crime-gluetun" = {
serviceConfig = { Restart = lib.mkOverride 500 ''"no"''; };
serviceConfig = {
Restart = lib.mkOverride 500 ''"no"'';
};
after = [ "podman-network-crime_default.service" ];
requires = [ "podman-network-crime_default.service" ];
partOf = [ "podman-compose-crime-root.target" ];
@ -57,7 +66,9 @@
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-prowlarr" = {
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
@ -78,7 +89,9 @@
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-qbittorrent" = {
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
@ -99,7 +112,9 @@
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-radarr" = {
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
@ -120,7 +135,9 @@
extraOptions = [ "--network=container:crime-gluetun" ];
};
systemd.services."podman-sonarr" = {
serviceConfig = { Restart = lib.mkOverride 500 "always"; };
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [ "podman-compose-crime-root.target" ];
wantedBy = [ "podman-compose-crime-root.target" ];
};
@ -144,7 +161,9 @@
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-crime-root" = {
unitConfig = { Description = "Root target generated by compose2nix."; };
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

53
hosts/x86_64-linux/beleth/external-users.nix
View file

@ -1,7 +1,16 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
users.users.marie = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0mGd4YS4f3Wy+a4PBXbie42C5Qo4H0uWsN7joaK27h marie@titania"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFckmWImlMVsCbu5M1lsLtzxhBxrQhTQHYrKWJYDOHr5 marie@oberon"
@ -9,7 +18,10 @@
};
users.users.mo = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjRrLI5mBnoIMcjq2WGPCGuKYLwS7uhgI6F0T5ojp6n moe@martini.moe"
];
@ -17,7 +29,10 @@
users.users.ellie = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA4+3PkFptATzrWncxdj63SqZ747cDb8TqmdQFugvW7 ellie@card"
];
@ -25,7 +40,10 @@
users.users.brodo = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZqFlE49ln4iAcVNzUaTXbFW6SA8Wwxl1hiwUkegUfy julian@example.com"
];
@ -33,7 +51,10 @@
users.users.juvi = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoWyG1XphHZJd9qJwv2c4NvRQpNMN7Q7o/NLRNKsn/j danb@ha.si"
];
@ -41,7 +62,10 @@
users.users.arrbyte = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFaGk8I5reIyZSXjKorcr5gbLnaGWP44dcw9rDL6sv/F arrbyten macht frei"
];
@ -49,7 +73,10 @@
users.users.karl = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgVvtKzUxJ38TA0Xg4kUJYJY3a2MWZjbGZDYi/kiMWZ karl@Karl-Laptop"
];
@ -57,14 +84,20 @@
users.users.kenzo = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0QdrpIcknqHvn0os4+ANcwMEkLu7VBOClEL0+nvTZj Kenzo"
];
};
users.users.smeik = {
isNormalUser = true;
packages = with pkgs; [ git wget ];
packages = with pkgs; [
git
wget
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGckaDZwHQONiCAfjKiKC3ESCWu2ksGYkaHRBA+dK6rl smeik-hasi-infra"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@heroin.trade"

8
hosts/x86_64-linux/beleth/factorio.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}:
{
services.factorio = {
enable = true;
openFirewall = true;

6
hosts/x86_64-linux/beleth/fail2ban.nix
View file

@ -1,11 +1,11 @@
{ config, lib, ... }: {
{ config, lib, ... }:
{
services.fail2ban = {
enable = true;
maxretry = 13;
bantime-increment = {
enable = true;
formula =
"ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
# multipliers = "1 2 4 8 16 32 64";
maxtime = "336h";
overalljails = true;

22
hosts/x86_64-linux/beleth/git.nix
View file

@ -1,6 +1,14 @@
{ lib, config, inputs, pkgs, ... }:
let gitea-actions-runner-custom = import ./services/gitea-runner.nix;
in {
{
lib,
config,
inputs,
pkgs,
...
}:
let
gitea-actions-runner-custom = import ./services/gitea-runner.nix;
in
{
imports = [ gitea-actions-runner-custom ];
# config = { services.gitea-actions-runner = gitea-actions-runner-custom.config.services.gitea-actions-runner; };
sops.secrets.forgejo_runner_token = {
@ -20,8 +28,12 @@ in {
DISABLE_REGISTRATION = true;
# REQUIRE_SIGNIN_VIEW = true;
};
DEFAULT = { APP_NAME = "Git so good it could be heroin"; };
metrics = { ENABLED = true; };
DEFAULT = {
APP_NAME = "Git so good it could be heroin";
};
metrics = {
ENABLED = true;
};
};
};
services.gitea-actions-runner-custom = {

18
hosts/x86_64-linux/beleth/hardware-configuration.nix
View file

@ -1,10 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@ -29,6 +40,5 @@
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
hosts/x86_64-linux/beleth/hydra.nix
View file

@ -1,4 +1,5 @@
{ config, lib, ... }: {
{ config, lib, ... }:
{
services.hydra = {
enable = true;
hydraURL = "https://hydra.heroin.trade";
@ -7,10 +8,17 @@
notificationSender = "hydra@localhost";
};
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 8;
}];
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
maxJobs = 8;
}
];
}

8
hosts/x86_64-linux/beleth/immich.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
services.immich = {
enable = true;
host = "127.0.0.1";

13
hosts/x86_64-linux/beleth/jellyfin.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
proxyConfig = ''
@ -9,15 +14,15 @@ let
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
in {
in
{
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver =
pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = true;

10
hosts/x86_64-linux/beleth/lanrarari.nix
View file

@ -1 +1,9 @@
{ config, pkgs, lib, ... }: { services.lanraragi.enable = false; }
{
config,
pkgs,
lib,
...
}:
{
services.lanraragi.enable = false;
}

45
hosts/x86_64-linux/beleth/monitoring.nix
View file

@ -1,10 +1,15 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
sops.secrets.nextcloud_user_password = {
path = "/etc/nx_user_pass";
owner = "nextcloud";
group = "nextcloud";
};
networking.firewall.allowedTCPPorts = [ 80 443 9001 ];
networking.firewall.allowedTCPPorts = [
80
443
9001
];
services.grafana = {
enable = true;
port = 2342;
@ -19,9 +24,7 @@
serviceConfig = {
ExecStart = ''
${pkgs.grafana-loki}/bin/promtail --config.file ${
./config-files/promtail.yaml
}
${pkgs.grafana-loki}/bin/promtail --config.file ${./config-files/promtail.yaml}
'';
};
};
@ -48,7 +51,9 @@
];
port = 9002;
};
wireguard = { enable = true; };
wireguard = {
enable = true;
};
nextcloud = {
enable = true;
user = "nextcloud";
@ -60,28 +65,24 @@
scrapeConfigs = [
{
job_name = "beleth";
static_configs = [{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.node.port
}"
"127.0.0.1:${
toString config.services.prometheus.exporters.nextcloud.port
}"
"127.0.0.1:${
toString config.services.forgejo.settings.server.HTTP_PORT
}"
"127.0.0.1:${toString config.services.comin.exporter.port}"
];
}];
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}"
"127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}"
"127.0.0.1:${toString config.services.comin.exporter.port}"
];
}
];
}
{
job_name = "jellyfin";
static_configs = [{ targets = [ "127.0.0.1:8096" ]; }];
static_configs = [ { targets = [ "127.0.0.1:8096" ]; } ];
}
{
job_name = "caddy";
static_configs = [{ targets = [ "127.0.0.1:2019" ]; }];
static_configs = [ { targets = [ "127.0.0.1:2019" ]; } ];
}
];
};

34
hosts/x86_64-linux/beleth/networking.nix
View file

@ -1,10 +1,18 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
# imports = [./wireguard.nix];
services.openssh.settings.PasswordAuthentication = false;
services.tailscale.extraSetFlags =
[ "--advertise-exit-node" "--webclient=true" ];
services.tailscale.extraSetFlags = [
"--advertise-exit-node"
"--webclient=true"
];
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
@ -21,16 +29,20 @@
# };
enp0s31f6 = {
ipv4 = {
addresses = [{
address = "88.99.90.90";
prefixLength = 26;
}];
addresses = [
{
address = "88.99.90.90";
prefixLength = 26;
}
];
};
ipv6 = {
addresses = [{
address = "2a01:4f8:10a:1aab::2";
prefixLength = 64;
}];
addresses = [
{
address = "2a01:4f8:10a:1aab::2";
prefixLength = 64;
}
];
};
};
};

21
hosts/x86_64-linux/beleth/nextcloud.nix
View file

@ -1,9 +1,14 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
imports = [
"${
fetchTarball {
url =
"https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}
}/nextcloud-extras.nix"
@ -15,7 +20,9 @@
group = "nextcloud";
};
services.nextcloud = { webserver = "caddy"; };
services.nextcloud = {
webserver = "caddy";
};
services.postgresql = {
enable = true;
@ -50,7 +57,11 @@
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts calendar notes previewgenerator;
contacts
calendar
notes
previewgenerator
;
# recognize = pkgs.fetchNextcloudApp {
# sha256 = "sha256-7qp9UbUcMwBNdGixaR0BAigMAtlyCAN39WxqHbsFVGE=";
# url = "https://github.com/nextcloud/recognize/releases/download/v7.0.0/recognize-7.0.0.tar.gz";

8
hosts/x86_64-linux/beleth/nfs.nix
View file

@ -1,4 +1,10 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
# "2a0f:be01:0:100::/64"
# "2a0f:be01:0:200::/64"
# "2a0f:be01:fe:f00::/56"

8
hosts/x86_64-linux/beleth/paperless.nix
View file

@ -1,4 +1,10 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
sops.secrets."paperless_password" = {
path = "/etc/paperless_sc";
owner = "paperless";

7
hosts/x86_64-linux/beleth/renovate.nix
View file

@ -1 +1,6 @@
{ ... }: { services.renovate = { enable = true; }; }
{ ... }:
{
services.renovate = {
enable = true;
};
}

8
hosts/x86_64-linux/beleth/seafile.nix
View file

@ -1,4 +1,10 @@
{ config, lib, inputs, ... }: {
{
config,
lib,
inputs,
...
}:
{
services.seafile = {
enable = true;

208
hosts/x86_64-linux/beleth/services/gitea-runner.nix
View file

@ -1,9 +1,29 @@
{ config, lib, pkgs, utils, ... }:
{
config,
lib,
pkgs,
utils,
...
}:
let
inherit (lib)
any attrValues concatStringsSep escapeShellArg hasInfix hasSuffix
optionalAttrs optionals literalExpression mapAttrs' mkEnableOption mkOption
mkPackageOption mkIf nameValuePair types;
any
attrValues
concatStringsSep
escapeShellArg
hasInfix
hasSuffix
optionalAttrs
optionals
literalExpression
mapAttrs'
mkEnableOption
mkOption
mkPackageOption
mkIf
nameValuePair
types
;
inherit (utils) escapeSystemdPath;
@ -14,22 +34,22 @@ let
# Check whether any runner instance label requires a container runtime
# Empty label strings result in the upstream defined defaultLabels, which require docker
# https://gitea.com/gitea/act_runner/src/tag/v0.1.5/internal/app/cmd/register.go#L93-L98
hasDockerScheme = instance:
instance.labels == [ ]
|| any (label: hasInfix ":docker:" label) instance.labels;
hasDockerScheme =
instance: instance.labels == [ ] || any (label: hasInfix ":docker:" label) instance.labels;
wantsContainerRuntime = any hasDockerScheme (attrValues cfg.instances);
hasHostScheme = instance:
any (label: hasSuffix ":host" label) instance.labels;
hasHostScheme = instance: any (label: hasSuffix ":host" label) instance.labels;
# provide shorthands for whether container runtimes are enabled
hasDocker = config.virtualisation.docker.enable;
hasPodman = config.virtualisation.podman.enable;
tokenXorTokenFile = instance:
tokenXorTokenFile =
instance:
(instance.token == null && instance.tokenFile != null)
|| (instance.token != null && instance.tokenFile == null);
in {
in
{
meta.maintainers = with lib.maintainers; [ hexa ];
options.services.gitea-actions-runner-custom = with types; {
@ -147,96 +167,94 @@ in {
assertions = [
{
assertion = any tokenXorTokenFile (attrValues cfg.instances);
message =
"Instances of gitea-actions-runner-custom can have `token` or `tokenFile`, not both.";
message = "Instances of gitea-actions-runner-custom can have `token` or `tokenFile`, not both.";
}
{
assertion = wantsContainerRuntime -> hasDocker || hasPodman;
message =
"Label configuration on gitea-actions-runner-custom instance requires either docker or podman.";
message = "Label configuration on gitea-actions-runner-custom instance requires either docker or podman.";
}
];
systemd.services = let
mkRunnerService = name: instance:
let
wantsContainerRuntime = hasDockerScheme instance;
wantsHost = hasHostScheme instance;
wantsDocker = wantsContainerRuntime
&& config.virtualisation.docker.enable;
wantsPodman = wantsContainerRuntime
&& config.virtualisation.podman.enable;
configFile = settingsFormat.generate "config.yaml" instance.settings;
in nameValuePair "gitea-runner-${escapeSystemdPath name}" {
inherit (instance) enable;
description = "Gitea Actions Runner";
wants = [ "network-online.target" ];
after = [ "network-online.target" ]
++ optionals wantsDocker [ "docker.service" ]
++ optionals wantsPodman [ "podman.service" ];
wantedBy = [ "multi-user.target" ];
environment = optionalAttrs (instance.token != null) {
TOKEN = "${instance.token}";
} // optionalAttrs wantsPodman {
DOCKER_HOST = "unix:///run/podman/podman.sock";
} // {
HOME = "/var/lib/gitea-runner/${name}";
systemd.services =
let
mkRunnerService =
name: instance:
let
wantsContainerRuntime = hasDockerScheme instance;
wantsHost = hasHostScheme instance;
wantsDocker = wantsContainerRuntime && config.virtualisation.docker.enable;
wantsPodman = wantsContainerRuntime && config.virtualisation.podman.enable;
configFile = settingsFormat.generate "config.yaml" instance.settings;
in
nameValuePair "gitea-runner-${escapeSystemdPath name}" {
inherit (instance) enable;
description = "Gitea Actions Runner";
wants = [ "network-online.target" ];
after =
[ "network-online.target" ]
++ optionals wantsDocker [ "docker.service" ]
++ optionals wantsPodman [ "podman.service" ];
wantedBy = [ "multi-user.target" ];
environment =
optionalAttrs (instance.token != null) {
TOKEN = "${instance.token}";
}
// optionalAttrs wantsPodman {
DOCKER_HOST = "unix:///run/podman/podman.sock";
}
// {
HOME = "/var/lib/gitea-runner/${name}";
};
path = with pkgs; [ coreutils ] ++ lib.optionals wantsHost instance.hostPackages;
serviceConfig =
{
DynamicUser = true;
User = "gitea-runner";
StateDirectory = "gitea-runner";
WorkingDirectory = "-/var/lib/gitea-runner/${name}";
# gitea-runner might fail when gitea is restarted during upgrade.
Restart = "on-failure";
RestartSec = 2;
ExecStartPre = [
(pkgs.writeShellScript "gitea-register-runner-${name}" ''
export INSTANCE_DIR="$STATE_DIRECTORY/${name}"
export TOKEN=$(cat /run/secrets/forgejo_runner_token)
mkdir -vp "$INSTANCE_DIR"
cd "$INSTANCE_DIR"
# force reregistration on changed labels
export LABELS_FILE="$INSTANCE_DIR/.labels"
export LABELS_WANTED="$(echo ${escapeShellArg (concatStringsSep "\n" instance.labels)} | sort)"
export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)"
if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then
# remove existing registration file, so that changing the labels forces a re-registration
rm -v "$INSTANCE_DIR/.runner" || true
# perform the registration
${cfg.package}/bin/act_runner register --no-interactive \
--instance ${escapeShellArg instance.url} \
--token "$TOKEN" \
--name ${escapeShellArg instance.name} \
--labels ${escapeShellArg (concatStringsSep "," instance.labels)} \
--config ${configFile}
# and write back the configured labels
echo "$LABELS_WANTED" > "$LABELS_FILE"
fi
'')
];
ExecStart = "${cfg.package}/bin/act_runner daemon --config ${configFile}";
SupplementaryGroups = optionals wantsDocker [ "docker" ] ++ optionals wantsPodman [ "podman" ];
}
// optionalAttrs (instance.tokenFile != null) {
EnvironmentFile = instance.tokenFile;
};
};
path = with pkgs;
[ coreutils ] ++ lib.optionals wantsHost instance.hostPackages;
serviceConfig = {
DynamicUser = true;
User = "gitea-runner";
StateDirectory = "gitea-runner";
WorkingDirectory = "-/var/lib/gitea-runner/${name}";
# gitea-runner might fail when gitea is restarted during upgrade.
Restart = "on-failure";
RestartSec = 2;
ExecStartPre = [
(pkgs.writeShellScript "gitea-register-runner-${name}" ''
export INSTANCE_DIR="$STATE_DIRECTORY/${name}"
export TOKEN=$(cat /run/secrets/forgejo_runner_token)
mkdir -vp "$INSTANCE_DIR"
cd "$INSTANCE_DIR"
# force reregistration on changed labels
export LABELS_FILE="$INSTANCE_DIR/.labels"
export LABELS_WANTED="$(echo ${
escapeShellArg (concatStringsSep "\n" instance.labels)
} | sort)"
export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)"
if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then
# remove existing registration file, so that changing the labels forces a re-registration
rm -v "$INSTANCE_DIR/.runner" || true
# perform the registration
${cfg.package}/bin/act_runner register --no-interactive \
--instance ${escapeShellArg instance.url} \
--token "$TOKEN" \
--name ${escapeShellArg instance.name} \
--labels ${
escapeShellArg
(concatStringsSep "," instance.labels)
} \
--config ${configFile}
# and write back the configured labels
echo "$LABELS_WANTED" > "$LABELS_FILE"
fi
'')
];
ExecStart =
"${cfg.package}/bin/act_runner daemon --config ${configFile}";
SupplementaryGroups = optionals wantsDocker [ "docker" ]
++ optionals wantsPodman [ "podman" ];
} // optionalAttrs (instance.tokenFile != null) {
EnvironmentFile = instance.tokenFile;
};
};
in mapAttrs' mkRunnerService cfg.instances;
in
mapAttrs' mkRunnerService cfg.instances;
};
}

7
hosts/x86_64-linux/beleth/transmission.nix
View file

@ -1 +1,6 @@
{ config, lib, ... }: { services.transmission = { enable = true; }; }
{ config, lib, ... }:
{
services.transmission = {
enable = true;
};
}

7
hosts/x86_64-linux/beleth/uptime.nix
View file

@ -1 +1,6 @@
{ config, lib, ... }: { services.uptime-kuma = { enable = true; }; }
{ config, lib, ... }:
{
services.uptime-kuma = {
enable = true;
};
}

12
hosts/x86_64-linux/beleth/wireguard.nix
View file

@ -1,5 +1,13 @@
{ config, lib, inputs, ... }: {
networking.firewall = { allowedUDPPorts = [ 51820 ]; };
{
config,
lib,
inputs,
...
}:
{
networking.firewall = {
allowedUDPPorts = [ 51820 ];
};
networking.wireguard.interfaces = {
wg0 = {

3
hosts/x86_64-linux/lab/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, lib, ... }: {
{ pkgs, lib, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix

27
hosts/x86_64-linux/lab/hardware-configuration.nix
View file

@ -1,11 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
@ -18,7 +31,10 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C3D3-9E29";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/mnt/HDD2" = {
@ -46,6 +62,5 @@
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

62
hosts/x86_64-linux/lambda/default.nix
View file

@ -1,19 +1,27 @@
/*
/*
*/
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -51,7 +59,11 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; };
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
# Use the systemd-boot EFI boot loader.
@ -63,8 +75,7 @@
networking.hostName = "lambda"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -115,7 +126,10 @@
users.users.xqtc = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ wezterm nushell ];
packages = with pkgs; [
wezterm
nushell
];
shell = pkgs.zsh;
};
@ -170,7 +184,10 @@
# services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 8080 5173 ];
networking.firewall.allowedTCPPorts = [
8080
5173
];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -198,5 +215,8 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
}

25
hosts/x86_64-linux/lambda/hardware-configuration.nix
View file

@ -1,11 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -20,8 +33,7 @@
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/6cf4542a-9611-4a15-83df-12e3ec91b673"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/6cf4542a-9611-4a15-83df-12e3ec91b673"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -31,6 +43,5 @@
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
hosts/x86_64-linux/lilith/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, inputs, pkgs, ... }: {
{
config,
lib,
inputs,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -21,8 +28,7 @@
# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # (If the vfs0090 Driver does not work, use the following driver)
services.fprintd.tod.driver =
pkgs.libfprint-2-tod1-goodix; # (On my device it only worked with this driver)
services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # (On my device it only worked with this driver)
hardware.graphics = {
enable = true;
@ -32,7 +38,11 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; };
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
# Use the systemd-boot EFI boot loader.
@ -60,8 +70,7 @@
networking.hostName = "lilith"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -133,8 +142,12 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups =
[ "wheel" "docker" "libvirtd" "adbusers" ]; # Enable sudo for the user.
extraGroups = [
"wheel"
"docker"
"libvirtd"
"adbusers"
]; # Enable sudo for the user.
packages = with pkgs; [ nushell ];
shell = pkgs.nushell;
};
@ -210,7 +223,12 @@
# services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 2234 8080 5173 ];
networking.firewall.allowedTCPPorts = [
22
2234
8080
5173
];
networking.firewall.allowedUDPPorts = [ 2234 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -238,5 +256,8 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
}

20
hosts/x86_64-linux/lilith/hardware-configuration.nix
View file

@ -1,11 +1,22 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -32,6 +43,5 @@
# networking.interfaces.wwp0s20f0u6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

8
hosts/x86_64-linux/seraphim/caddy.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
services.tailscale.permitCertUid = "caddy";
services.caddy = {
enable = true;

41
hosts/x86_64-linux/seraphim/default.nix
View file

@ -1,4 +1,11 @@
{ config, inputs, lib, pkgs, ... }: {
{
config,
inputs,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -13,21 +20,25 @@
./caddy.nix
];
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.tailscale.extraSetFlags =
[ "--advertise-exit-node" "--webclient=true" ];
services.tailscale.extraSetFlags = [
"--advertise-exit-node"
"--webclient=true"
];
networking.hostName = "seraphim"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
#networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver =
pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = false;
@ -77,7 +88,10 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xqtc = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ]; # Enable sudo for the user.
extraGroups = [
"wheel"
"docker"
]; # Enable sudo for the user.
packages = with pkgs; [ tree ];
# shell = pkgs.nushell;
};
@ -153,8 +167,17 @@
services.openssh.settings.PasswordAuthentication = false;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts =
[ 22 8085 7878 7878 8989 9696 5030 5031 50300 ];
networking.firewall.allowedTCPPorts = [
22
8085
7878
7878
8989
9696
5030
5031
50300
];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

17
hosts/x86_64-linux/seraphim/hardware-configuration.nix
View file

@ -1,7 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
@ -15,7 +22,10 @@
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.kernelModules = [
"kvm-intel"
"wl"
];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" = {
@ -38,6 +48,5 @@
# networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

8
hosts/x86_64-linux/seraphim/jellyfin.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
services.jellyfin.enable = false;
services.jellyfin.user = "xqtc";
services.nginx.virtualHosts."jellyfin.fritz.box" = {

33
hosts/x86_64-linux/seraphim/monitoring.nix
View file

@ -1,5 +1,10 @@
{ config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 9001 ];
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [
80
443
9001
];
services.grafana = {
enable = true;
settings.server = {
@ -15,17 +20,25 @@
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" "sysctl" "powersupplyclass" ];
enabledCollectors = [
"systemd"
"sysctl"
"powersupplyclass"
];
port = 9002;
};
};
scrapeConfigs = [{
job_name = "seraphim";
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
scrapeConfigs = [
{
job_name = "seraphim";
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
];
}
];
}];
}];
}
];
};
}

9
hosts/x86_64-linux/seraphim/sync.nix
View file

@ -1,4 +1,11 @@
{ lib, inputs, pkgs, config, ... }: {
{
lib,
inputs,
pkgs,
config,
...
}:
{
systemd.timers."sync-media" = {
wantedBy = [ "timers.target" ];
timerConfig = {

48
hosts/x86_64-linux/yosai/default.nix
View file

@ -1,7 +1,14 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, inputs, pkgs, ... }: {
{
config,
lib,
inputs,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
../../../common
@ -19,10 +26,12 @@
services.btrfs.autoScrub.enable = true;
services.btrfs.autoScrub.interval = "weekly";
swapDevices = [{
device = "/var/lib/swapfile";
size = 8 * 1024;
}];
swapDevices = [
{
device = "/var/lib/swapfile";
size = 8 * 1024;
}
];
boot.kernelPackages = pkgs.linuxPackages_zen;
@ -38,14 +47,19 @@
services.blueman.enable = true;
security.pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "4096";
}];
security.pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "4096";
}
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
programs.dconf.enable = true;
@ -58,8 +72,7 @@
networking.hostName = "yosai"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
services.mullvad-vpn = {
enable = true;
@ -117,7 +130,12 @@
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.nushell;
packages = with pkgs; [ git foot tree xdg-utils ];
packages = with pkgs; [
git
foot
tree
xdg-utils
];
};
# List packages installed in system profile. To search, run:

27
hosts/x86_64-linux/yosai/hardware-configuration.nix
View file

@ -1,11 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"ehci_pci"
"ata_piix"
"usb_storage"
"sd_mod"
"sr_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -18,7 +31,10 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/29CC-9B85";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];
@ -32,6 +48,5 @@
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

31
modules/home-manager.nix
View file

@ -1,6 +1,13 @@
{ lib, inputs, config, ... }:
let dwl-source = inputs.dwl-source;
in {
{
lib,
inputs,
config,
...
}:
let
dwl-source = inputs.dwl-source;
in
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager.useGlobalPkgs = true;
@ -12,13 +19,15 @@ in {
inherit dwl-source;
};
nixpkgs.overlays = [ inputs.hyprpanel.overlay ];
home-manager.users.xqtc = { ... }: {
imports = [
{ config.host = config.networking.hostName; }
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops
];
};
home-manager.users.xqtc =
{ ... }:
{
imports = [
{ config.host = config.networking.hostName; }
../home
inputs.nixvim.homeManagerModules.nixvim
inputs.sops-nix.homeManagerModules.sops
];
};
};
}

25
overlays/util.nix
View file

@ -2,18 +2,21 @@ self: super: {
util = rec {
dirEntries = path: builtins.attrNames (builtins.readDir path);
mapHosts = f: builtins.map f (dirEntries ../hosts/x86_64-linux);
mapHostAttrs = key_f: val_f:
builtins.listToAttrs (mapHosts (host: {
name = key_f host;
value = val_f host;
}));
mapHostAttrs =
key_f: val_f:
builtins.listToAttrs (
mapHosts (host: {
name = key_f host;
value = val_f host;
})
);
mapObjKeys = obj: f: builtins.map f (builtins.attrNames obj);
mapKeys = obj: f: builtins.map f obj;
nixFilesIn = path:
builtins.map (e: import (path + /${e}))
(builtins.filter (x: (builtins.match ".*\\.nix$" x) != null)
(dirEntries path));
without = exclusions: list:
builtins.filter (x: !builtins.elem x exclusions) list;
nixFilesIn =
path:
builtins.map (e: import (path + /${e})) (
builtins.filter (x: (builtins.match ".*\\.nix$" x) != null) (dirEntries path)
);
without = exclusions: list: builtins.filter (x: !builtins.elem x exclusions) list;
};
}