anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-05-20 05:12:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Nix fmt

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2026-05-04 20:40:09 +02:00
parent e805c868a7
commit d71c9d8169
61 changed files with 672 additions and 343 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.nix
+13 -3
View File
@@ -75,11 +75,20 @@
}; };
}; };
outputs = inputs @ {nixpkgs, nixpkgs-stable, ...}: let outputs = inputs @ {
nixpkgs,
nixpkgs-stable,
...
}: let
system = "x86_64-linux"; system = "x86_64-linux";
args = {
inherit inputs nixpkgs system;
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
args = {
inherit
inputs
nixpkgs
system
pkgs
;
pkgs-stable = nixpkgs-stable.legacyPackages.${system}; pkgs-stable = nixpkgs-stable.legacyPackages.${system};
}; };
merge = nixpkgs.lib.foldl nixpkgs.lib.recursiveUpdate {}; merge = nixpkgs.lib.foldl nixpkgs.lib.recursiveUpdate {};
@@ -89,6 +98,7 @@
(import ./home/programs/group/flake.nix args) (import ./home/programs/group/flake.nix args)
(import ./home/programs/nixy/flake.nix args) (import ./home/programs/nixy/flake.nix args)
{ {
formatter.${system} = pkgs.alejandra;
nixosConfigurations = { nixosConfigurations = {
h-laptop = import ./hosts/laptop/flake.nix args; h-laptop = import ./hosts/laptop/flake.nix args;
h-work = import ./hosts/work/flake.nix args; h-work = import ./hosts/work/flake.nix args;
home/programs/brave/default.nix
+12 -3
View File
@@ -63,8 +63,14 @@
exec = "brave --incognito"; exec = "brave --incognito";
icon = "brave-browser"; icon = "brave-browser";
terminal = false; terminal = false;
categories = ["Network" "WebBrowser"]; categories = [
mimeType = ["text/html" "text/xml"]; "Network"
"WebBrowser"
];
mimeType = [
"text/html"
"text/xml"
];
}; };
brave-tor = { brave-tor = {
name = "Brave (Private window w/Tor)"; name = "Brave (Private window w/Tor)";
@@ -72,7 +78,10 @@
exec = "brave --tor"; exec = "brave --tor";
icon = "brave-browser"; icon = "brave-browser";
terminal = false; terminal = false;
categories = ["Network" "WebBrowser"]; categories = [
"Network"
"WebBrowser"
];
}; };
}; };
} }
home/programs/git/default.nix
+2 -4
View File
@@ -44,10 +44,8 @@ in {
st = "status"; st = "status";
br = "branch"; br = "branch";
df = "!git hist | peco | awk '{print $2}' | xargs -I {} git diff {}^ {}"; df = "!git hist | peco | awk '{print $2}' | xargs -I {} git diff {}^ {}";
hist = '' hist = ''log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all'';
log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all''; llog = ''log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative'';
llog = ''
log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative'';
edit-unmerged = "!f() { git ls-files --unmerged | cut -f2 | sort -u ; }; hx `f`"; edit-unmerged = "!f() { git ls-files --unmerged | cut -f2 | sort -u ; }; hx `f`";
}; };
}; };
home/programs/git/lazygit.nix
+4 -1
View File
@@ -21,7 +21,10 @@ in {
}; };
gui = { gui = {
theme = { theme = {
activeBorderColor = [accent "bold"]; activeBorderColor = [
accent
"bold"
];
inactiveBorderColor = [muted]; inactiveBorderColor = [muted];
}; };
showListFooter = false; showListFooter = false;
home/programs/group/dev.nix
+2 -2
View File
@@ -10,12 +10,12 @@
go go
bun bun
nodejs nodejs
air
duckdb
claude-code claude-code
inputs.bun2nix.packages.${stdenv.hostPlatform.system}.default inputs.bun2nix.packages.${stdenv.hostPlatform.system}.default
]) ])
++ (with pkgs-stable; [ ++ (with pkgs-stable; [
air
duckdb
docker docker
python3 python3
jq jq
home/programs/nixy/flake.nix
+3 -1
View File
@@ -8,5 +8,7 @@
configDirectory = "$HOME/.config/nixos"; configDirectory = "$HOME/.config/nixos";
}; };
homeManagerModules.nixy = {imports = [./default.nix];}; homeManagerModules.nixy = {
imports = [./default.nix];
};
} }
home/programs/nvf/default.nix
+5 -1
View File
@@ -1,4 +1,8 @@
{inputs, pkgs, ...}: { {
inputs,
pkgs,
...
}: {
imports = [inputs.nvf.homeManagerModules.default]; imports = [inputs.nvf.homeManagerModules.default];
# Packages needed by snacks image preview # Packages needed by snacks image preview
home.packages = with pkgs; [ home.packages = with pkgs; [
home/programs/nvf/keymaps.nix
+25 -5
View File
@@ -62,19 +62,31 @@
} }
{ {
key = "<MiddleMouse>"; key = "<MiddleMouse>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
action = "<nop>"; action = "<nop>";
silent = true; silent = true;
} }
{ {
key = "<2-MiddleMouse>"; key = "<2-MiddleMouse>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
action = "<nop>"; action = "<nop>";
silent = true; silent = true;
} }
{ {
key = "<3-MiddleMouse>"; key = "<3-MiddleMouse>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
action = "<nop>"; action = "<nop>";
silent = true; silent = true;
} }
@@ -218,7 +230,11 @@
# Save # Save
{ {
key = "<C-s>"; key = "<C-s>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
silent = true; silent = true;
action = "<cmd>w<cr>"; action = "<cmd>w<cr>";
desc = "Save file"; desc = "Save file";
@@ -227,7 +243,11 @@
# Deactivate "esc" # Deactivate "esc"
{ {
key = "<Esc>"; key = "<Esc>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
silent = true; silent = true;
action = "<Nop>"; action = "<Nop>";
desc = "Disable Escape"; desc = "Disable Escape";
home/programs/nvf/picker.nix
+1 -2
View File
@@ -66,8 +66,7 @@
key = "<leader>fc"; key = "<leader>fc";
mode = "n"; mode = "n";
silent = true; silent = true;
action = '' action = ''<cmd>lua Snacks.picker.files({ cwd = vim.fn.stdpath("config") })<cr>'';
<cmd>lua Snacks.picker.files({ cwd = vim.fn.stdpath("config") })<cr>'';
desc = "Find Config File"; desc = "Find Config File";
} }
{ {
home/programs/qutebrowser/bookmarks/default.nix
+7 -11
View File
@@ -14,13 +14,9 @@
c = config.lib.stylix.colors; c = config.lib.stylix.colors;
stripProtocol = url: stripProtocol = url: lib.removePrefix "https://" (lib.removePrefix "http://" url);
lib.removePrefix "https://" (lib.removePrefix "http://" url);
stripDomain = url: stripDomain = url: builtins.head (lib.splitString "/" (stripProtocol url));
builtins.head (
lib.splitString "/" (stripProtocol url)
);
mkCard = item: let mkCard = item: let
domain = stripDomain item.url; domain = stripDomain item.url;
@@ -69,13 +65,15 @@
items = result.pending; items = result.pending;
}; };
in in
lib.concatMapStrings (chunk: lib.concatMapStrings (
chunk:
if chunk.isCards if chunk.isCards
then '' then ''
<div class="cards"> <div class="cards">
${lib.concatMapStrings mkCard chunk.items} ${lib.concatMapStrings mkCard chunk.items}
</div>'' </div>''
else mkFolder chunk.folder) else mkFolder chunk.folder
)
chunks; chunks;
mkFolder = folder: let mkFolder = folder: let
@@ -145,9 +143,7 @@
) )
items; items;
publicBookmarks = publicBookmarks = pkgs.writeText "qutebrowser-public-bookmarks" (collectBookmarks "" bookmarkList);
pkgs.writeText "qutebrowser-public-bookmarks"
(collectBookmarks "" bookmarkList);
in { in {
config = { config = {
xdg.dataFile."qutebrowser/bookmarks.html".text = '' xdg.dataFile."qutebrowser/bookmarks.html".text = ''
home/programs/qutebrowser/default.nix
+4 -1
View File
@@ -27,7 +27,10 @@
genericName = "Web Browser"; genericName = "Web Browser";
exec = "qutebrowser --temp-basedir %U"; exec = "qutebrowser --temp-basedir %U";
icon = "qutebrowser"; icon = "qutebrowser";
categories = ["Network" "WebBrowser"]; categories = [
"Network"
"WebBrowser"
];
}; };
programs.qutebrowser = { programs.qutebrowser = {
home/programs/qutebrowser/settings.nix
+11 -2
View File
@@ -7,7 +7,11 @@
}; };
new_instance_open_target = "window"; new_instance_open_target = "window";
"tabs.last_close" = "close"; "tabs.last_close" = "close";
"statusbar.widgets" = ["keypress" "url" "progress"]; "statusbar.widgets" = [
"keypress"
"url"
"progress"
];
# Adblock # Adblock
"content.blocking.enabled" = true; "content.blocking.enabled" = true;
@@ -26,7 +30,12 @@
"downloads.location.prompt" = false; "downloads.location.prompt" = false;
# Editor (Ctrl+e in text fields) # Editor (Ctrl+e in text fields)
"editor.command" = ["ghostty" "-e" "nvim" "{}"]; "editor.command" = [
"ghostty"
"-e"
"nvim"
"{}"
];
# Tabs # Tabs
# "tabs.show" = "switching"; # "tabs.show" = "switching";
home/programs/qutebrowser/userscripts.nix
+4 -2
View File
@@ -29,8 +29,10 @@
"qutebrowser/greasemonkey/return-youtube-dislike.user.js".source = inputs.qs-return-youtube-dislike; "qutebrowser/greasemonkey/return-youtube-dislike.user.js".source = inputs.qs-return-youtube-dislike;
"qutebrowser/greasemonkey/sponsorblock-lite.user.js".source = inputs.qs-sponsorblock-lite; "qutebrowser/greasemonkey/sponsorblock-lite.user.js".source = inputs.qs-sponsorblock-lite;
"qutebrowser/greasemonkey/dont-track-me-google.user.js".source = inputs.qs-dont-track-me-google; "qutebrowser/greasemonkey/dont-track-me-google.user.js".source = inputs.qs-dont-track-me-google;
"qutebrowser/greasemonkey/i-dont-care-about-cookies.user.js".source = inputs.qs-i-dont-care-about-cookies; "qutebrowser/greasemonkey/i-dont-care-about-cookies.user.js".source =
"qutebrowser/greasemonkey/tracking-token-stripper.user.js".source = inputs.qs-tracking-token-stripper; inputs.qs-i-dont-care-about-cookies;
"qutebrowser/greasemonkey/tracking-token-stripper.user.js".source =
inputs.qs-tracking-token-stripper;
"qutebrowser/greasemonkey/bypass-paywalls-clean.user.js".source = inputs.qs-bypass-paywalls-clean; "qutebrowser/greasemonkey/bypass-paywalls-clean.user.js".source = inputs.qs-bypass-paywalls-clean;
"qutebrowser/greasemonkey/anti-adblock-fuckoff.user.js".source = inputs.qs-anti-adblock-fuckoff; "qutebrowser/greasemonkey/anti-adblock-fuckoff.user.js".source = inputs.qs-anti-adblock-fuckoff;
}; };
home/programs/shell/default.nix
+7 -1
View File
@@ -1,4 +1,10 @@
# Import all shell configurations # Import all shell configurations
{ {
imports = [./fzf.nix ./zsh.nix ./starship.nix ./zoxide.nix ./eza.nix]; imports = [
./fzf.nix
./zsh.nix
./starship.nix
./zoxide.nix
./eza.nix
];
} }
home/programs/shell/starship.nix
+3 -1
View File
@@ -20,7 +20,9 @@ in {
"$git_status" "$git_status"
"$character" "$character"
]; ];
directory = {style = accent;}; directory = {
style = accent;
};
character = { character = {
success_symbol = "[](${accent})"; success_symbol = "[](${accent})";
home/programs/shell/zsh.nix
+15 -5
View File
@@ -7,7 +7,12 @@
}: let }: let
fetch = config.theme.fetch; # neofetch, nerdfetch, pfetch fetch = config.theme.fetch; # neofetch, nerdfetch, pfetch
in { in {
home.packages = with pkgs; [bat ripgrep tldr witr]; home.packages = with pkgs; [
bat
ripgrep
tldr
witr
];
# Add go binaries to the PATH # Add go binaries to the PATH
home.sessionPath = ["$HOME/go/bin"]; home.sessionPath = ["$HOME/go/bin"];
@@ -22,7 +27,14 @@ in {
autosuggestion.enable = true; autosuggestion.enable = true;
syntaxHighlighting = { syntaxHighlighting = {
enable = true; enable = true;
highlighters = ["main" "brackets" "pattern" "regexp" "root" "line"]; highlighters = [
"main"
"brackets"
"pattern"
"regexp"
"root"
"line"
];
}; };
historySubstringSearch.enable = true; historySubstringSearch.enable = true;
@@ -33,9 +45,7 @@ in {
}; };
profileExtra = lib.optionalString (config.home.sessionPath != []) '' profileExtra = lib.optionalString (config.home.sessionPath != []) ''
export PATH="$PATH''${PATH:+:}${ export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}"
lib.concatStringsSep ":" config.home.sessionPath
}"
''; '';
shellAliases = { shellAliases = {
home/system/caelestia-shell/launcher.nix
+64 -15
View File
@@ -1,10 +1,22 @@
{ {
programs.caelestia.settings = { programs.caelestia.settings = {
session.commands = { session.commands = {
shutdown = ["systemctl" "poweroff"]; shutdown = [
logout = ["loginctl" "lock-session"]; "systemctl"
hibernate = ["systemctl" "hibernate"]; "poweroff"
reboot = ["systemctl" "reboot"]; ];
logout = [
"loginctl"
"lock-session"
];
hibernate = [
"systemctl"
"hibernate"
];
reboot = [
"systemctl"
"reboot"
];
}; };
launcher = { launcher = {
actionPrefix = "/"; actionPrefix = "/";
@@ -13,7 +25,10 @@
name = "Calculator"; name = "Calculator";
icon = "calculate"; icon = "calculate";
description = "Do simple math equations (powered by Qalc)"; description = "Do simple math equations (powered by Qalc)";
command = ["autocomplete" "calc"]; command = [
"autocomplete"
"calc"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -21,7 +36,10 @@
name = "Shutdown"; name = "Shutdown";
icon = "power_settings_new"; icon = "power_settings_new";
description = "Shutdown the system"; description = "Shutdown the system";
command = ["systemctl" "poweroff"]; command = [
"systemctl"
"poweroff"
];
enabled = true; enabled = true;
dangerous = true; dangerous = true;
} }
@@ -29,7 +47,10 @@
name = "Reboot"; name = "Reboot";
icon = "cached"; icon = "cached";
description = "Reboot the system"; description = "Reboot the system";
command = ["systemctl" "reboot"]; command = [
"systemctl"
"reboot"
];
enabled = true; enabled = true;
dangerous = true; dangerous = true;
} }
@@ -37,7 +58,11 @@
name = "Logout"; name = "Logout";
icon = "exit_to_app"; icon = "exit_to_app";
description = "Log out of the current session"; description = "Log out of the current session";
command = ["loginctl" "terminate-user" ""]; command = [
"loginctl"
"terminate-user"
""
];
enabled = true; enabled = true;
dangerous = true; dangerous = true;
} }
@@ -45,7 +70,10 @@
name = "Lock"; name = "Lock";
icon = "lock"; icon = "lock";
description = "Lock the current session"; description = "Lock the current session";
command = ["loginctl" "lock-session"]; command = [
"loginctl"
"lock-session"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -53,7 +81,10 @@
name = "Sleep"; name = "Sleep";
icon = "bedtime"; icon = "bedtime";
description = "Suspend then hibernate"; description = "Suspend then hibernate";
command = ["systemctl" "suspend-then-hibernate"]; command = [
"systemctl"
"suspend-then-hibernate"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -61,7 +92,12 @@
name = "Restart caelestia"; name = "Restart caelestia";
icon = "cached"; icon = "cached";
description = "Restart caelestia"; description = "Restart caelestia";
command = ["hyprctl" "dispatch" "exec" "caelestia-shell kill | sleep 1 | caelestia-shell"]; command = [
"hyprctl"
"dispatch"
"exec"
"caelestia-shell kill | sleep 1 | caelestia-shell"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -69,7 +105,11 @@
name = "Emoji Picker"; name = "Emoji Picker";
icon = "mood"; icon = "mood";
description = "Toggle the emoji picker"; description = "Toggle the emoji picker";
command = ["caelestia" "emoji" "-p"]; command = [
"caelestia"
"emoji"
"-p"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -77,7 +117,10 @@
name = "Clipboard History"; name = "Clipboard History";
icon = "content_paste"; icon = "content_paste";
description = "Toggle the clipboard history"; description = "Toggle the clipboard history";
command = ["caelestia" "clipboard"]; command = [
"caelestia"
"clipboard"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -85,7 +128,10 @@
name = "Delete from Clipboard History"; name = "Delete from Clipboard History";
icon = "content_paste_off"; icon = "content_paste_off";
description = "Delete a line from the clipboard history"; description = "Delete a line from the clipboard history";
command = ["caelestia" "clipboard"]; command = [
"caelestia"
"clipboard"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -101,7 +147,10 @@
name = "Hyprpicker"; name = "Hyprpicker";
icon = "colorize"; icon = "colorize";
description = "Pick an hex color"; description = "Pick an hex color";
command = ["hyprpicker" "-a"]; command = [
"hyprpicker"
"-a"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
home/system/caelestia-shell/scheme.nix
+3 -1
View File
@@ -122,7 +122,9 @@
colorsHash = builtins.hashString "sha256" (builtins.toJSON colors); colorsHash = builtins.hashString "sha256" (builtins.toJSON colors);
customCli = inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs (oldAttrs: { customCli =
inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs
(oldAttrs: {
name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}"; name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}";
postUnpack = '' postUnpack = ''
mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main
home/system/hyprland/bindings.nix
+19 -11
View File
@@ -7,9 +7,8 @@
colors = config.lib.stylix.colors; colors = config.lib.stylix.colors;
mkMenu = menu: let mkMenu = menu: let
configFile = configFile = pkgs.writeText "config.yaml" (
pkgs.writeText "config.yaml" lib.generators.toYAML {} {
(lib.generators.toYAML {} {
anchor = "bottom-right"; anchor = "bottom-right";
border = "#${colors.base0D}80"; border = "#${colors.base0D}80";
background = "#${colors.base01}EE"; background = "#${colors.base01}EE";
@@ -19,7 +18,8 @@
rows_per_column = 5; rows_per_column = 5;
inherit menu; inherit menu;
}); }
);
in in
pkgs.writeShellScriptBin "menu" '' pkgs.writeShellScriptBin "menu" ''
exec ${lib.getExe pkgs.wlr-which-key} ${configFile} exec ${lib.getExe pkgs.wlr-which-key} ${configFile}
@@ -32,7 +32,8 @@ in {
bind = bind =
[ [
# Applications # Applications
("$shiftMod, A, exec, " (
"$shiftMod, A, exec, "
+ lib.getExe (mkMenu [ + lib.getExe (mkMenu [
{ {
key = "a"; key = "a";
@@ -84,14 +85,16 @@ in {
desc = "Qutebrowser (Temp session)"; desc = "Qutebrowser (Temp session)";
cmd = "${pkgs.qutebrowser}/bin/qutebrowser --temp-basedir"; cmd = "${pkgs.qutebrowser}/bin/qutebrowser --temp-basedir";
} }
])) ])
)
# Web links # Web links
"$mod,B, exec, uwsm app -- ${pkgs.qutebrowser}/bin/qutebrowser" # Browser (Qutebrowser) "$mod,B, exec, uwsm app -- ${pkgs.qutebrowser}/bin/qutebrowser" # Browser (Qutebrowser)
# Power # Power
"$mod, X, global, caelestia:session" # Powermenu "$mod, X, global, caelestia:session" # Powermenu
("$shiftMod, X, exec, " (
"$shiftMod, X, exec, "
+ lib.getExe (mkMenu [ + lib.getExe (mkMenu [
{ {
key = "l"; key = "l";
@@ -123,7 +126,8 @@ in {
desc = "Restart caelestia"; desc = "Restart caelestia";
cmd = "hyprctl dispatch exec 'caelestia-shell kill | sleep 1 | caelestia-shell'"; cmd = "hyprctl dispatch exec 'caelestia-shell kill | sleep 1 | caelestia-shell'";
} }
])) ])
)
# Quick launch # Quick launch
"$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal) "$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal)
@@ -154,13 +158,17 @@ in {
", Print, global, caelestia:screenshotFreeze" # Capture region (freeze) ", Print, global, caelestia:screenshotFreeze" # Capture region (freeze)
"$shiftMod+Alt, S, global, caelestia:screenshot" # Capture region "$shiftMod+Alt, S, global, caelestia:screenshot" # Capture region
] ]
++ (builtins.concatLists (builtins.genList (i: let ++ (builtins.concatLists (
builtins.genList (
i: let
ws = i + 1; ws = i + 1;
in [ in [
"$mod,code:1${toString i}, workspace, ${toString ws}" "$mod,code:1${toString i}, workspace, ${toString ws}"
"$mod SHIFT,code:1${toString i}, movetoworkspace, ${toString ws}" "$mod SHIFT,code:1${toString i}, movetoworkspace, ${toString ws}"
]) ]
9)); )
9
));
bindm = [ bindm = [
"$mod,mouse:272, movewindow" # Move Window (mouse) "$mod,mouse:272, movewindow" # Move Window (mouse)
home/system/hyprland/keyboard-backlight.nix
+3 -1
View File
@@ -39,4 +39,6 @@
''; '';
command = "bash ${keyboard-backlight}/bin/keyboard-backlight &"; command = "bash ${keyboard-backlight}/bin/keyboard-backlight &";
in {wayland.windowManager.hyprland.settings.exec-once = [command];} in {
wayland.windowManager.hyprland.settings.exec-once = [command];
}
home/system/hyprpaper/default.nix
+1 -2
View File
@@ -8,8 +8,7 @@
splash = false; splash = false;
}; };
}; };
systemd.user.services.hyprpaper.Unit.After = systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target";
lib.mkForce "graphical-session.target";
wayland.windowManager.hyprland.settings.exec-once = [ wayland.windowManager.hyprland.settings.exec-once = [
"systemctl --user enable --now hyprpaper.service" "systemctl --user enable --now hyprpaper.service"
home/system/mime/default.nix
+7 -4
View File
@@ -117,14 +117,17 @@ with lib; let
desktopName = "Neovim (Ghostty)"; desktopName = "Neovim (Ghostty)";
exec = ''ghostty --title="Neovim Editor" -e nvim %F''; exec = ''ghostty --title="Neovim Editor" -e nvim %F'';
terminal = false; terminal = false;
categories = ["Development" "TextEditor"]; categories = [
"Development"
"TextEditor"
];
mimeTypes = mimeMap.code ++ mimeMap.text; mimeTypes = mimeMap.code ++ mimeMap.text;
}; };
associations = with lists; associations = with lists;
listToAttrs (flatten (mapAttrsToList listToAttrs (
(key: map (type: attrsets.nameValuePair type defaultApps."${key}")) flatten (mapAttrsToList (key: map (type: attrsets.nameValuePair type defaultApps."${key}")) mimeMap)
mimeMap)); );
in { in {
home.packages = [nvim-ghostty]; home.packages = [nvim-ghostty];
hosts/laptop/flake.nix
+5 -1
View File
@@ -1,4 +1,8 @@
{inputs, nixpkgs, ...}: {
inputs,
nixpkgs,
...
}:
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ modules = [
{ {
hosts/laptop/hardware-configuration.nix
+11 -2
View File
@@ -11,7 +11,13 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "uas" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"uas"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
@@ -24,7 +30,10 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5251-9B85"; device = "/dev/disk/by-uuid/5251-9B85";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077"]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = []; swapDevices = [];
hosts/laptop/home.nix
+3 -1
View File
@@ -36,7 +36,9 @@
home = { home = {
inherit (config.var) username; inherit (config.var) username;
homeDirectory = "/home/" + config.var.username; homeDirectory = "/home/" + config.var.username;
file.".face" = {source = ./profile_picture.png;}; file.".face" = {
source = ./profile_picture.png;
};
sessionVariables = { sessionVariables = {
AQ_DRM_DEVICES = "/dev/dri/card2:/dev/dri/card1"; # CHANGEME: Related to the GPU AQ_DRM_DEVICES = "/dev/dri/card2:/dev/dri/card1"; # CHANGEME: Related to the GPU
hosts/laptop/secrets/default.nix
+19 -6
View File
@@ -14,11 +14,21 @@ in {
age.keyFile = "${home}/.config/sops/age/keys.txt"; age.keyFile = "${home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
ssh-config = {path = "${home}/.ssh/config";}; ssh-config = {
github-key = {path = "${home}/.ssh/github";}; path = "${home}/.ssh/config";
jack-key = {path = "${home}/.ssh/jack";}; };
signing-key = {path = "${home}/.ssh/key";}; github-key = {
signing-pub-key = {path = "${home}/.ssh/key.pub";}; path = "${home}/.ssh/github";
};
jack-key = {
path = "${home}/.ssh/jack";
};
signing-key = {
path = "${home}/.ssh/key";
};
signing-pub-key = {
path = "${home}/.ssh/key.pub";
};
}; };
}; };
@@ -42,7 +52,10 @@ in {
''; '';
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
home.packages = with pkgs; [sops age]; home.packages = with pkgs; [
sops
age
];
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
} }
hosts/laptop/variables.nix
+1 -4
View File
@@ -11,10 +11,7 @@
config.var = { config.var = {
hostname = "h-laptop"; hostname = "h-laptop";
username = "hadi"; username = "hadi";
configDirectory = configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr"; keyboardLayout = "fr";
hosts/server/flake.nix
+5 -1
View File
@@ -1,4 +1,8 @@
{inputs, nixpkgs, ...}: {
inputs,
nixpkgs,
...
}:
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ modules = [
{_module.args = {inherit inputs;};} {_module.args = {inherit inputs;};}
hosts/server/hardware-configuration.nix
+17 -5
View File
@@ -9,7 +9,14 @@
... ...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = ["dm-snapshot"]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
@@ -20,12 +27,18 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DD15-1125"; device = "/dev/disk/by-uuid/DD15-1125";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077"]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
fileSystems."/mnt/data" = { fileSystems."/mnt/data" = {
device = "/dev/disk/by-uuid/0b055155-0134-448c-b1ca-e81030ff064e"; device = "/dev/disk/by-uuid/0b055155-0134-448c-b1ca-e81030ff064e";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=/" "compress=zstd"]; # adapte selon si t'as des subvolumes options = [
"subvol=/"
"compress=zstd"
]; # adapte selon si t'as des subvolumes
}; };
swapDevices = []; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -35,6 +48,5 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }
hosts/server/secrets/default.nix
+4 -1
View File
@@ -26,5 +26,8 @@
}; };
}; };
environment.systemPackages = with pkgs; [sops age]; environment.systemPackages = with pkgs; [
sops
age
];
} }
hosts/server/variables.nix
+1 -4
View File
@@ -11,10 +11,7 @@
config.var = { config.var = {
hostname = "jack"; hostname = "jack";
username = "hadi"; username = "hadi";
configDirectory = configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr"; keyboardLayout = "fr";
hosts/work/flake.nix
+5 -1
View File
@@ -1,4 +1,8 @@
{inputs, nixpkgs, ...}: {
inputs,
nixpkgs,
...
}:
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ modules = [
{ {
hosts/work/hardware-configuration.nix
+12 -2
View File
@@ -12,7 +12,14 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
@@ -25,7 +32,10 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/043E-1755"; device = "/dev/disk/by-uuid/043E-1755";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077"]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = []; swapDevices = [];
hosts/work/secrets/default.nix
+16 -5
View File
@@ -14,10 +14,18 @@ in {
age.keyFile = "${home}/.config/sops/age/keys.txt"; age.keyFile = "${home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
ssh-config = {path = "${home}/.ssh/config";}; ssh-config = {
netrc = {path = "${home}/.netrc";}; path = "${home}/.ssh/config";
github-key = {path = "${home}/.ssh/github";}; };
gitlab-key = {path = "${home}/.ssh/gitlab";}; netrc = {
path = "${home}/.netrc";
};
github-key = {
path = "${home}/.ssh/github";
};
gitlab-key = {
path = "${home}/.ssh/gitlab";
};
}; };
}; };
@@ -41,7 +49,10 @@ in {
''; '';
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
home.packages = with pkgs; [sops age]; home.packages = with pkgs; [
sops
age
];
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
} }
hosts/work/variables.nix
+1 -4
View File
@@ -11,10 +11,7 @@
config.var = { config.var = {
hostname = "h-work"; hostname = "h-work";
username = "hadrien"; username = "hadrien";
configDirectory = configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr"; keyboardLayout = "fr";
nixos/audio.nix
+3 -1
View File
@@ -13,7 +13,9 @@
enable = true; enable = true;
extraConfig = { extraConfig = {
"10-disable-camera" = { "10-disable-camera" = {
"wireplumber.profiles" = {main."monitor.libcamera" = "disabled";}; "wireplumber.profiles" = {
main."monitor.libcamera" = "disabled";
};
}; };
}; };
}; };
nixos/home-manager.nix
+5 -1
View File
@@ -1,5 +1,9 @@
# Home-manager configuration for NixOS # Home-manager configuration for NixOS
{inputs, pkgs, ...}: { {
inputs,
pkgs,
...
}: {
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
nixos/nix.nix
+4 -1
View File
@@ -35,7 +35,10 @@ in {
settings = { settings = {
download-buffer-size = 262144000; # 250 MB (250 * 1024 * 1024) download-buffer-size = 262144000; # 250 MB (250 * 1024 * 1024)
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"]; experimental-features = [
"nix-command"
"flakes"
];
substituters = [ substituters = [
# high priority since it's almost always used # high priority since it's almost always used
"https://cache.nixos.org?priority=10" "https://cache.nixos.org?priority=10"
nixos/nvidia.nix
+1 -2
View File
@@ -55,8 +55,7 @@ in {
# Optimized configuration for switchable graphics laptops # Optimized configuration for switchable graphics laptops
offload = { offload = {
enable = true; # Mode optimized for power saving enable = true; # Mode optimized for power saving
enableOffloadCmd = enableOffloadCmd = true; # Allows running applications with dedicated GPU
true; # Allows running applications with dedicated GPU
}; };
# sync.enable disabled as offload is generally better for laptops # sync.enable disabled as offload is generally better for laptops
sync.enable = false; sync.enable = false;
nixos/omen.nix
+4 -4
View File
@@ -5,9 +5,8 @@
pkgs, pkgs,
... ...
}: let }: let
hp-omen-linux-module = hp-omen-linux-module = pkgs.callPackage (
pkgs.callPackage {
({
kernel ? config.boot.kernelPackages.kernel, kernel ? config.boot.kernelPackages.kernel,
stdenv, stdenv,
fetchFromGitHub, fetchFromGitHub,
@@ -33,7 +32,8 @@
install hp-wmi.ko -Dm444 -t $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/platform/x86/hp/ install hp-wmi.ko -Dm444 -t $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/platform/x86/hp/
runHook postInstall runHook postInstall
''; '';
})) {kernel = config.boot.kernelPackages.kernel;}; })
) {kernel = config.boot.kernelPackages.kernel;};
in { in {
boot.extraModulePackages = [hp-omen-linux-module]; boot.extraModulePackages = [hp-omen-linux-module];
boot.kernelModules = ["hp-wmi"]; boot.kernelModules = ["hp-wmi"];
nixos/systemd-boot.nix
+4 -3
View File
@@ -11,8 +11,7 @@
}; };
}; };
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernelPackages = kernelPackages = pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
# Silent boot # Silent boot
kernelParams = [ kernelParams = [
@@ -38,5 +37,7 @@
}; };
# To avoid systemd services hanging on shutdown # To avoid systemd services hanging on shutdown
systemd.settings.Manager = { DefaultTimeoutStopSec = "10s"; }; systemd.settings.Manager = {
DefaultTimeoutStopSec = "10s";
};
} }
nixos/usbguard.nix
+4 -1
View File
@@ -2,6 +2,9 @@
services.usbguard = { services.usbguard = {
enable = true; enable = true;
implicitPolicyTarget = "block"; implicitPolicyTarget = "block";
IPCAllowedUsers = ["root" config.var.username]; IPCAllowedUsers = [
"root"
config.var.username
];
}; };
} }
nixos/users.nix
+4 -1
View File
@@ -13,7 +13,10 @@ in {
users.${username} = { users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "${username} account"; description = "${username} account";
extraGroups = ["networkmanager" "wheel"]; extraGroups = [
"networkmanager"
"wheel"
];
}; };
}; };
} }
nixos/utils.nix
+16 -4
View File
@@ -21,11 +21,17 @@ in {
enable = autoUpgrade; enable = autoUpgrade;
dates = "04:00"; dates = "04:00";
flake = "${configDir}"; flake = "${configDir}";
flags = ["--update-input" "nixpkgs" "--commit-lock-file"]; flags = [
"--update-input"
"nixpkgs"
"--commit-lock-file"
];
allowReboot = false; allowReboot = false;
}; };
time = {timeZone = timeZone;}; time = {
timeZone = timeZone;
};
i18n.defaultLocale = defaultLocale; i18n.defaultLocale = defaultLocale;
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = extraLocale; LC_ADDRESS = extraLocale;
@@ -65,7 +71,10 @@ in {
dbus = { dbus = {
enable = true; enable = true;
implementation = "broker"; implementation = "broker";
packages = with pkgs; [gcr gnome-settings-daemon]; packages = with pkgs; [
gcr
gnome-settings-daemon
];
}; };
gvfs.enable = true; gvfs.enable = true;
upower.enable = true; upower.enable = true;
@@ -115,7 +124,10 @@ in {
xdgOpenUsePortal = true; xdgOpenUsePortal = true;
config = { config = {
common.default = ["gtk"]; common.default = ["gtk"];
hyprland.default = ["gtk" "hyprland"]; hyprland.default = [
"gtk"
"hyprland"
];
}; };
extraPortals = [pkgs.xdg-desktop-portal-gtk]; extraPortals = [pkgs.xdg-desktop-portal-gtk];
server-modules/arr.nix
+4 -1
View File
@@ -49,7 +49,10 @@ in {
}; };
}; };
users.users.jellyfin.extraGroups = ["video" "render"]; users.users.jellyfin.extraGroups = [
"video"
"render"
];
services.cloudflared.tunnels."${config.var.tunnelId}".ingress = { services.cloudflared.tunnels."${config.var.tunnelId}".ingress = {
"media.${config.var.domain}" = "http://localhost:8096"; "media.${config.var.domain}" = "http://localhost:8096";
server-modules/awesome-wallpapers.nix
+15 -7
View File
@@ -1,19 +1,27 @@
{ config, inputs, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
inputs,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "wallpapers"; name = "wallpapers";
hostIp = "10.233.4.1"; hostIp = "10.233.4.1";
containerIp = "10.233.4.2"; containerIp = "10.233.4.2";
nixosConfig = { pkgs, ... }: { nixosConfig = {pkgs, ...}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."wallpapers" = { virtualHosts."wallpapers" = {
root = "${inputs.awesome-wallpapers.packages.${pkgs.system}.default}/share/awesome-wallpapers"; root = "${inputs.awesome-wallpapers.packages.${pkgs.system}.default}/share/awesome-wallpapers";
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
locations."/" = { locations."/" = {
tryFiles = "$uri $uri/ /index.html"; tryFiles = "$uri $uri/ /index.html";
}; };
@@ -23,7 +31,7 @@ in
''; '';
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/blog.nix
+4 -1
View File
@@ -51,7 +51,10 @@ in {
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [8080 8081]; networking.firewall.allowedTCPPorts = [
8080
8081
];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/cyberchef.nix
+14 -7
View File
@@ -1,22 +1,29 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "cyberchef"; name = "cyberchef";
hostIp = "10.233.5.1"; hostIp = "10.233.5.1";
containerIp = "10.233.5.2"; containerIp = "10.233.5.2";
nixosConfig = { pkgs, ... }: { nixosConfig = {pkgs, ...}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."cyberchef" = { virtualHosts."cyberchef" = {
root = "${pkgs.cyberchef}/share/cyberchef"; root = "${pkgs.cyberchef}/share/cyberchef";
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/default-creds.nix
+11 -8
View File
@@ -1,21 +1,24 @@
{ config, inputs, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
domain = config.var.domain;
in
{ {
config,
inputs,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
domain = config.var.domain;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "def-creds"; name = "def-creds";
hostIp = "10.233.6.1"; hostIp = "10.233.6.1";
containerIp = "10.233.6.2"; containerIp = "10.233.6.2";
nixosConfig = { ... }: { nixosConfig = {...}: {
imports = [ inputs.default-creds.nixosModules.default ]; imports = [inputs.default-creds.nixosModules.default];
services.default-creds = { services.default-creds = {
enable = true; enable = true;
port = 8087; port = 8087;
}; };
networking.firewall.allowedTCPPorts = [ 8087 ]; networking.firewall.allowedTCPPorts = [8087];
systemd.services.default-creds.environment = { systemd.services.default-creds.environment = {
HOST = lib.mkForce "0.0.0.0"; HOST = lib.mkForce "0.0.0.0";
PUBLIC_UMAMI_URL = "https://umami.${domain}"; PUBLIC_UMAMI_URL = "https://umami.${domain}";
server-modules/gitea.nix
+15 -10
View File
@@ -1,14 +1,17 @@
{ config, pkgs, lib, ... }: {
let config,
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; pkgs,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
domain = config.var.domain; domain = config.var.domain;
catppuccin-gitea = pkgs.fetchzip { catppuccin-gitea = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz"; url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz";
sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs="; sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs=";
stripRoot = false; stripRoot = false;
}; };
in in {
{
imports = [ imports = [
(mkContainer { (mkContainer {
name = "gitea"; name = "gitea";
@@ -19,17 +22,19 @@ in
hostPath = "/var/lib/gitea"; hostPath = "/var/lib/gitea";
isReadOnly = false; isReadOnly = false;
}; };
nixosConfig = { lib, ... }: { nixosConfig = {lib, ...}: {
users.users.gitea.uid = lib.mkForce 978; users.users.gitea.uid = lib.mkForce 978;
users.groups.gitea.gid = lib.mkForce 968; users.groups.gitea.gid = lib.mkForce 968;
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "gitea" ]; ensureDatabases = ["gitea"];
ensureUsers = [{ ensureUsers = [
{
name = "gitea"; name = "gitea";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }
];
}; };
services.gitea = { services.gitea = {
@@ -69,7 +74,7 @@ in
ln -sfn ${catppuccin-gitea} /var/lib/gitea/custom/public/assets/css ln -sfn ${catppuccin-gitea} /var/lib/gitea/custom/public/assets/css
''; '';
networking.firewall.allowedTCPPorts = [ 3002 ]; networking.firewall.allowedTCPPorts = [3002];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/glance/default.nix
+78 -24
View File
@@ -1,41 +1,87 @@
{ config, lib, ... }: {
let config,
inherit (import ../mk-container.nix { inherit lib config; }) mkContainer; lib,
...
}: let
inherit (import ../mk-container.nix {inherit lib config;}) mkContainer;
domain = config.var.domain; domain = config.var.domain;
hostIp = "10.233.12.1"; hostIp = "10.233.12.1";
# Convert 6-char hex color to "H S L" string for glance (integers, no % sign) # Convert 6-char hex color to "H S L" string for glance (integers, no % sign)
hexToGlanceHsl = hex: hexToGlanceHsl = hex: let
let
h = lib.toLower hex; h = lib.toLower hex;
d = c: d = c:
if c == "a" then 10 else if c == "b" then 11 else if c == "c" then 12 if c == "a"
else if c == "d" then 13 else if c == "e" then 14 else if c == "f" then 15 then 10
else if c == "b"
then 11
else if c == "c"
then 12
else if c == "d"
then 13
else if c == "e"
then 14
else if c == "f"
then 15
else lib.toInt c; else lib.toInt c;
byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h); byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h);
ri = byte 0; gi = byte 2; bi = byte 4; ri = byte 0;
gi = byte 2;
bi = byte 4;
r = ri * 1.0 / 255.0; r = ri * 1.0 / 255.0;
g = gi * 1.0 / 255.0; g = gi * 1.0 / 255.0;
b = bi * 1.0 / 255.0; b = bi * 1.0 / 255.0;
mx = if r >= g && r >= b then "r" else if g >= b then "g" else "b"; mx =
mn = if r <= g && r <= b then "r" else if g <= b then "g" else "b"; if r >= g && r >= b
cmax = if mx == "r" then r else if mx == "g" then g else b; then "r"
cmin = if mn == "r" then r else if mn == "g" then g else b; else if g >= b
then "g"
else "b";
mn =
if r <= g && r <= b
then "r"
else if g <= b
then "g"
else "b";
cmax =
if mx == "r"
then r
else if mx == "g"
then g
else b;
cmin =
if mn == "r"
then r
else if mn == "g"
then g
else b;
delta = cmax - cmin; delta = cmax - cmin;
l = (cmax + cmin) / 2.0; l = (cmax + cmin) / 2.0;
s = if delta < 0.0001 then 0.0 s =
else if l <= 0.5 then delta / (cmax + cmin) if delta < 0.0001
then 0.0
else if l <= 0.5
then delta / (cmax + cmin)
else delta / (2.0 - cmax - cmin); else delta / (2.0 - cmax - cmin);
hue = hue =
if delta < 0.0001 then 0.0 if delta < 0.0001
else if mx == "r" then let raw = 60.0 * (g - b) / delta; in if raw < 0.0 then raw + 360.0 else raw then 0.0
else if mx == "g" then 60.0 * ((b - r) / delta + 2.0) else if mx == "r"
then let
raw = 60.0 * (g - b) / delta;
in
if raw < 0.0
then raw + 360.0
else raw
else if mx == "g"
then 60.0 * ((b - r) / delta + 2.0)
else 60.0 * ((r - g) / delta + 4.0); else 60.0 * ((r - g) / delta + 4.0);
in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${toString (builtins.floor (l * 100.0 + 0.5))}"; in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${
toString (builtins.floor (l * 100.0 + 0.5))
}";
c = config.stylix.base16Scheme; c = config.stylix.base16Scheme;
in in {
{
# 0444 so the glance user inside the container can read the bind-mounted file # 0444 so the glance user inside the container can read the bind-mounted file
sops.secrets.adguard-pwd.mode = "0444"; sops.secrets.adguard-pwd.mode = "0444";
@@ -49,10 +95,13 @@ in
hostPath = config.sops.secrets.adguard-pwd.path; hostPath = config.sops.secrets.adguard-pwd.path;
isReadOnly = true; isReadOnly = true;
}; };
nixosConfig = { lib, ... }: { nixosConfig = {lib, ...}: {
_module.args.domain = domain; _module.args.domain = domain;
_module.args.adguardUrl = "http://${hostIp}:3000"; _module.args.adguardUrl = "http://${hostIp}:3000";
imports = [ ./home.nix ./server.nix ]; imports = [
./home.nix
./server.nix
];
services.glance = { services.glance = {
enable = true; enable = true;
@@ -77,7 +126,12 @@ in
proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m; proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m;
''; '';
virtualHosts."glance" = { virtualHosts."glance" = {
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:5678"; proxyPass = "http://127.0.0.1:5678";
extraConfig = '' extraConfig = ''
@@ -90,7 +144,7 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/glance/home.nix
+1 -1
View File
@@ -1,4 +1,4 @@
{ domain, ... }: { {domain, ...}: {
services.glance.settings.pages = [ services.glance.settings.pages = [
{ {
name = "Home"; name = "Home";
server-modules/mazanoke.nix
+18 -11
View File
@@ -1,15 +1,16 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "mazanoke"; name = "mazanoke";
hostIp = "10.233.7.1"; hostIp = "10.233.7.1";
containerIp = "10.233.7.2"; containerIp = "10.233.7.2";
nixosConfig = { pkgs, ... }: nixosConfig = {pkgs, ...}: let
let
version = "1.1.5"; version = "1.1.5";
mazanoke-pkg = pkgs.stdenv.mkDerivation { mazanoke-pkg = pkgs.stdenv.mkDerivation {
inherit version; inherit version;
@@ -25,17 +26,23 @@ in
cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/ cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/
''; '';
}; };
in in {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."mazanoke" = { virtualHosts."mazanoke" = {
root = "${mazanoke-pkg}/share/mazanoke"; root = "${mazanoke-pkg}/share/mazanoke";
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
locations."/" = { index = "index.html"; }; {
addr = "0.0.0.0";
port = 8080;
}
];
locations."/" = {
index = "index.html";
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; };
networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/mealie.nix
+8 -6
View File
@@ -1,20 +1,22 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "mealie"; name = "mealie";
hostIp = "10.233.8.1"; hostIp = "10.233.8.1";
containerIp = "10.233.8.2"; containerIp = "10.233.8.2";
internet = true; internet = true;
nixosConfig = { ... }: { nixosConfig = {...}: {
services.mealie = { services.mealie = {
enable = true; enable = true;
port = 8080; port = 8080;
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/mk-container.nix
+19 -15
View File
@@ -1,5 +1,7 @@
{ lib, config }: {
lib,
config,
}:
# Returns a NixOS module (attrset), to be used in `imports`. # Returns a NixOS module (attrset), to be used in `imports`.
# #
# Options: # Options:
@@ -7,16 +9,13 @@
# externalInterface - WAN interface for NAT, required when internet = true # externalInterface - WAN interface for NAT, required when internet = true
# bindMounts - host paths to mount into the container (see containers.<name>.bindMounts) # bindMounts - host paths to mount into the container (see containers.<name>.bindMounts)
# config - NixOS module for the container # config - NixOS module for the container
let let
nginxHardening = { config, ... }: lib.mkIf config.services.nginx.enable { nginxHardening = {config, ...}:
lib.mkIf config.services.nginx.enable {
services.nginx.serverTokens = false; services.nginx.serverTokens = false;
}; };
in in {
mkContainer = {
{
mkContainer =
{
name, name,
hostIp, hostIp,
containerIp, containerIp,
@@ -25,8 +24,7 @@ in
bindMounts ? {}, bindMounts ? {},
nixosConfig, nixosConfig,
}: }:
assert lib.assertMsg assert lib.assertMsg (lib.stringLength "ve-${name}" <= 15)
(lib.stringLength "ve-${name}" <= 15)
"mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15"; "mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15";
{ {
containers.${name} = { containers.${name} = {
@@ -35,9 +33,15 @@ in
hostAddress = hostIp; hostAddress = hostIp;
localAddress = containerIp; localAddress = containerIp;
inherit bindMounts; inherit bindMounts;
config = { ... }: { config = {...}: {
imports = [ nixosConfig nginxHardening ]; imports = [
networking.nameservers = lib.mkIf internet [ "1.1.1.1" "1.0.0.1" ]; nixosConfig
nginxHardening
];
networking.nameservers = lib.mkIf internet [
"1.1.1.1"
"1.0.0.1"
];
}; };
}; };
} }
@@ -46,7 +50,7 @@ in
networking.nat = { networking.nat = {
enable = true; enable = true;
externalInterface = externalInterface; externalInterface = externalInterface;
internalInterfaces = [ "ve-${name}" ]; internalInterfaces = ["ve-${name}"];
}; };
# CONTAINER-FWD (defined by another module) blocks all forwarding by default. # CONTAINER-FWD (defined by another module) blocks all forwarding by default.
# Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet. # Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet.
server-modules/ssh.nix
+8 -2
View File
@@ -17,8 +17,14 @@ in {
AllowTcpForwarding = false; AllowTcpForwarding = false;
ClientAliveInterval = 300; ClientAliveInterval = 300;
ClientAliveCountMax = 2; ClientAliveCountMax = 2;
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; KexAlgorithms = [
Ciphers = ["chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com"]; "curve25519-sha256"
"curve25519-sha256@libssh.org"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
];
}; };
}; };
server-modules/stirling-pdf.nix
+8 -6
View File
@@ -1,19 +1,21 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "stirling-pdf"; name = "stirling-pdf";
hostIp = "10.233.9.1"; hostIp = "10.233.9.1";
containerIp = "10.233.9.2"; containerIp = "10.233.9.2";
nixosConfig = { ... }: { nixosConfig = {...}: {
services.stirling-pdf = { services.stirling-pdf = {
enable = true; enable = true;
environment."SERVER_PORT" = "8080"; environment."SERVER_PORT" = "8080";
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/umami.nix
+8 -6
View File
@@ -1,8 +1,10 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
sops.secrets.umami-secret.mode = "0400"; sops.secrets.umami-secret.mode = "0400";
imports = [ imports = [
@@ -14,7 +16,7 @@ in
hostPath = config.sops.secrets.umami-secret.path; hostPath = config.sops.secrets.umami-secret.path;
isReadOnly = true; isReadOnly = true;
}; };
nixosConfig = { ... }: { nixosConfig = {...}: {
services.umami = { services.umami = {
enable = true; enable = true;
settings = { settings = {
@@ -27,7 +29,7 @@ in
}; };
# PrivateUsers breaks systemd-creds inside nspawn containers (nested user namespaces) # PrivateUsers breaks systemd-creds inside nspawn containers (nested user namespaces)
systemd.services.umami.serviceConfig.PrivateUsers = lib.mkForce false; systemd.services.umami.serviceConfig.PrivateUsers = lib.mkForce false;
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
themes/darkviolet.nix
+1 -2
View File
@@ -16,8 +16,7 @@
border-size = 2; border-size = 2;
animation-speed = "medium"; # "fast" | "medium" | "slow" animation-speed = "medium"; # "fast" | "medium" | "slow"
fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
textColorOnWallpaper = textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
}; };
description = "Theme configuration options"; description = "Theme configuration options";
}; };
themes/rose-pine.nix
+1 -2
View File
@@ -16,8 +16,7 @@
border-size = 4; border-size = 4;
animation-speed = "fast"; # "fast" | "medium" | "slow" animation-speed = "fast"; # "fast" | "medium" | "slow"
fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
textColorOnWallpaper = textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
}; };
description = "Theme configuration options"; description = "Theme configuration options";
}; };
themes/zen.nix
+1 -2
View File
@@ -16,8 +16,7 @@
border-size = 4; border-size = 4;
animation-speed = "medium"; # "fast" | "medium" | "slow" animation-speed = "medium"; # "fast" | "medium" | "slow"
fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
textColorOnWallpaper = textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
}; };
description = "Theme configuration options"; description = "Theme configuration options";
}; };