anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-05-20 13:22:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: anotherhadi/nixy:6ed60d7a13c753a93f486b019f11e5bf4aec4db2
Branches Tags
anotherhadi/nixy:main
anotherhadi/nixy:v5.0.0 anotherhadi/nixy:v4.0.0 anotherhadi/nixy:v3.2.0 anotherhadi/nixy:v3.1.1 anotherhadi/nixy:v3.1.0 anotherhadi/nixy:v3.0.0 anotherhadi/nixy:v2.4.0 anotherhadi/nixy:v2.3.0 anotherhadi/nixy:v2.2.0 anotherhadi/nixy:v2.1.0 anotherhadi/nixy:v2.0.1 anotherhadi/nixy:v2.0.0 anotherhadi/nixy:v1.0.0
..
compare: anotherhadi/nixy:main
Branches Tags
anotherhadi/nixy:main
anotherhadi/nixy:v5.0.0 anotherhadi/nixy:v4.0.0 anotherhadi/nixy:v3.2.0 anotherhadi/nixy:v3.1.1 anotherhadi/nixy:v3.1.0 anotherhadi/nixy:v3.0.0 anotherhadi/nixy:v2.4.0 anotherhadi/nixy:v2.3.0 anotherhadi/nixy:v2.2.0 anotherhadi/nixy:v2.1.0 anotherhadi/nixy:v2.0.1 anotherhadi/nixy:v2.0.0 anotherhadi/nixy:v1.0.0

22 Commits
6ed60d7a13 .. main

Author SHA1 Message Date
Hadi edf013bb08 update flake 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-05-12 11:35:30 +02:00
Hadi cb323223f8 USBGuard rules for work 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-07 09:47:53 +02:00
Hadi d1462de38c Update LICENSE 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-06 14:23:30 +02:00
Hadi 8419542ea2 fix accent 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-05-05 21:46:16 +02:00
Hadi 2740475af1 edit usbguard rules 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-05-05 20:40:22 +02:00
Hadi 5e9b5ad633 Moove greasemonkey's script to home.activation 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-05 10:00:41 +02:00
Hadi 0452f40b25 Add usbguard-tui 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-05 09:54:52 +02:00
Hadi d71c9d8169 Nix fmt 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-05-04 20:40:09 +02:00
Hadi e805c868a7 Add usbguard service 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-05-04 19:51:01 +02:00
Hadi 0fd0a73e92 Move monitor to host's home.nix file 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-05-04 19:50:35 +02:00
Hadi cd2896eb5d add home manager module 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 10:31:56 +02:00
Hadi 35b79af191 Merge branch 'main' of github.com:anotherhadi/nixy 2026-05-04 09:49:27 +02:00
Hadi 325cacc86f update blog 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-04-29 22:44:05 +02:00
Hadi 7862c970fd Add Security Headers 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-04-29 22:18:16 +02:00
Hadi 498ed902a2 Add error pages 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-04-29 19:43:59 +02:00
Hadi 3478a9a0a5 change nvf flake.nix 
Signed-off-by: Hadi <hadi@example.com>
 2026-04-28 14:34:00 +02:00
Hadi f6d056deb3 Add inputs via module.args 
Signed-off-by: Hadi <hadi@example.com>
 2026-04-28 09:49:13 +02:00
Hadi 795621ada6 nixy to home manager module 
Signed-off-by: Hadi <hadi@example.com>
 2026-04-28 09:45:47 +02:00
Hadi 31964cca35 Export nixy as a flake 
Signed-off-by: Hadi <hadi@example.com>
 2026-04-28 09:41:17 +02:00
github-actions abcadd4eaf Update README.md (auto) 2026-04-27 19:14:25 +00:00
Hadi 5945a72b01 Refactor flakes 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-04-27 21:13:58 +02:00
Hadi df6381db85 Qutebrowser greasemonkey as flake now 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
 2026-04-27 20:31:47 +02:00
83 changed files with 1393 additions and 734 deletions
Expand all files Collapse all files
.github/assets/README_template.md
+2
View File
@@ -119,6 +119,8 @@ sudo nixos-rebuild switch --flake ~/.config/nixos#yourhostname
- [THEMES](docs/THEMES.md): How themes work and how to create your own - [THEMES](docs/THEMES.md): How themes work and how to create your own
- [WALLPAPERS](https://github.com/anotherhadi/awesome-wallpapers): An awesome - [WALLPAPERS](https://github.com/anotherhadi/awesome-wallpapers): An awesome
collection of wallpapers collection of wallpapers
- [NEOVIM](docs/NEOVIM.md): How to use the Neovim config in your own flake
- [GROUPS](docs/GROUPS.md): Reusable package groups (dev, cybersecurity)
- [CONTRIBUTING](docs/CONTRIBUTING.md): How to contribute - [CONTRIBUTING](docs/CONTRIBUTING.md): How to contribute
- [LICENSE](LICENSE): MIT License - [LICENSE](LICENSE): MIT License
LICENSE
+1 -1
View File
@@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2024 Hadi Copyright (c) 2026 Hadi
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal
README.md
+2
View File
@@ -129,6 +129,8 @@ sudo nixos-rebuild switch --flake ~/.config/nixos#yourhostname
- [THEMES](docs/THEMES.md): How themes work and how to create your own - [THEMES](docs/THEMES.md): How themes work and how to create your own
- [WALLPAPERS](https://github.com/anotherhadi/awesome-wallpapers): An awesome - [WALLPAPERS](https://github.com/anotherhadi/awesome-wallpapers): An awesome
collection of wallpapers collection of wallpapers
- [NEOVIM](docs/NEOVIM.md): How to use the Neovim config in your own flake
- [GROUPS](docs/GROUPS.md): Reusable package groups (dev, cybersecurity)
- [CONTRIBUTING](docs/CONTRIBUTING.md): How to contribute - [CONTRIBUTING](docs/CONTRIBUTING.md): How to contribute
- [LICENSE](LICENSE): MIT License - [LICENSE](LICENSE): MIT License
docs/GROUPS.md
+44
View File
@@ -0,0 +1,44 @@
# Groups
Groups are curated sets of packages exposed as flake outputs. Each group has two forms:
- **`homeManagerModules.<group>`** — full home-manager module (packages + files + systemd units)
- **`packages.<group>`** — standalone environment for `nix shell` (packages only)
## Available groups
- dev (go, bun, air, ...)
- cybersecurity (nmap, john, dirb, ffuf, ...)
For the Cybersecurity group, the home-manager module also sets up:
- `~/Cyber/wordlists/` with SecLists, fuzz4bounty, and hashcat rules
- `~/Cyber/tmp/` as a temporary workspace
## Use in another flake
Add this repo as an input:
```nix
inputs.nixy.url = "github:anotherhadi/nixy";
```
Import the home-manager module in your home configuration:
```nix
{ inputs, ... }: {
imports = [
inputs.nixy.homeManagerModules.cybersecurity
# inputs.nixy.homeManagerModules.dev
];
}
```
## Quick shell without installing
```sh
nix shell github:anotherhadi/nixy#cybersecurity
nix shell github:anotherhadi/nixy#dev
```
This drops you into a shell with all tools in `PATH`. No home-manager required, no wordlists or systemd units.
docs/NEOVIM.md
+40
View File
@@ -0,0 +1,40 @@
# Neovim
The Neovim configuration is built with [nvf](https://github.com/notashelf/nvf) and exposed as a standalone flake output.
It can be used in three ways: run it directly, import it into another flake's home-manager setup, or use it as part of this config.
## Run directly
No installation needed:
```sh
nix run github:anotherhadi/nixy#nvim
```
## Use in another flake
Add this repo as an input:
```nix
inputs.nixy.url = "github:anotherhadi/nixy";
```
Then import the home-manager module in your home configuration:
```nix
{ inputs, ... }: {
imports = [ inputs.nixy.homeManagerModules.nvim ];
}
```
## What's included
| File | Description |
| --------------- | ---------------------------------------------------------------------- |
| `options.nix` | Core settings: theme (catppuccin mocha), clipboard, indentation, folds |
| `languages.nix` | LSP, treesitter, formatters, diagnostics, and per-language config |
| `keymaps.nix` | All key mappings (leader: `space`) |
| `picker.nix` | Snacks picker + oil.nvim |
| `snacks.nix` | Snacks extras: image preview, zen mode, git signs, statuscolumn |
| `utils.nix` | Bufferline, lualine, copilot, lazygit, toggleterm, autocomplete |
| `mini.nix` | Mini.nvim suite: pairs, comment, icons, indentscope, diff, git |
flake.lock
Generated
+189 -160
View File
@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776702787, "lastModified": 1777499565,
"narHash": "sha256-qc5uwEWbuubzYthmZcfCapooZGXhoYZWfTQ24TozbCQ=", "narHash": "sha256-nU55VWk99Pn1QzQDDjFISocC4SgDZ3Xp+zb6ji3JclM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "9a1ca6b8cb4d86a599787a55b78f2ddf809bf945", "rev": "813c1e8981893c11e118b19c125d6bc282f51765",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -89,11 +89,11 @@
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1760703920, "lastModified": 1776754714,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "narHash": "sha256-E3OAK27smtATTmX45uoTSRsVD+Y+ZiVVfgM/tjpbtYg=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-helix", "repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185", "rev": "4d508123037e7851ad36ebf7d9c48b0e9e1eb581",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -125,11 +125,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1777068438, "lastModified": 1778180620,
"narHash": "sha256-87KZIkdVRICi7BkPs50gM949qRrRBsznchVvmAAWxsY=", "narHash": "sha256-FVJbHr6NgVP2I89cbI6hOU3TEiR6U+dCNfr+eYvFGFg=",
"owner": "anotherhadi", "owner": "anotherhadi",
"repo": "blog", "repo": "blog",
"rev": "e3f0fc5735b272ee518cdc579cf4fd638ee2adb5", "rev": "25fb5a4bf09400b032917c8847d44e597fe7c2c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -166,17 +166,16 @@
"bun2nix_2": { "bun2nix_2": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"import-tree": "import-tree_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"systems": "systems_2", "systems": "systems_2",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1770895533, "lastModified": 1778446047,
"narHash": "sha256-v3QaK9ugy9bN9RXDnjw0i2OifKmz2NnKM82agtqm/UY=", "narHash": "sha256-oQvcadh2BCkrog+SGrG6YffKJrveYpjj3TdQJWaKhaM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "bun2nix", "repo": "bun2nix",
"rev": "c843f477b15f51151f8c6bcc886954699440a6e1", "rev": "f2bc12af1a6369648aac41041ceeaa0b866599c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -188,7 +187,7 @@
"bun2nix_3": { "bun2nix_3": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"import-tree": "import-tree_3", "import-tree": "import-tree_2",
"nixpkgs": [ "nixpkgs": [
"default-creds", "default-creds",
"nixpkgs" "nixpkgs"
@@ -213,7 +212,7 @@
"bun2nix_4": { "bun2nix_4": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"import-tree": "import-tree_4", "import-tree": "import-tree_3",
"nixpkgs": [ "nixpkgs": [
"iknowyou", "iknowyou",
"nixpkgs" "nixpkgs"
@@ -243,11 +242,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777086360, "lastModified": 1778482091,
"narHash": "sha256-p9MtXOdKHXMZ3CCmvqMF6RcJ+0Uj05YsokylBVaucsI=", "narHash": "sha256-FOzC6uYB36/q2AFgROCLKUds7p6RN51dHzewHbmZhdk=",
"owner": "caelestia-dots", "owner": "caelestia-dots",
"repo": "cli", "repo": "cli",
"rev": "eddee4deca7cab1a72e07e02d7d2eb84feaaa94d", "rev": "4b3ffcd644b0e9d3f7180b610f35c4f86024c905",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -267,11 +266,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772764582, "lastModified": 1778125502,
"narHash": "sha256-hSwjmpXHFqzSXrndVekA0IheKrbC7wi0IbfZTYwlmXw=", "narHash": "sha256-QAAO9RCR6byVJi50l8RMVJWzrsNYbXonfR6tqU93vIQ=",
"owner": "caelestia-dots", "owner": "caelestia-dots",
"repo": "cli", "repo": "cli",
"rev": "4bcd42f482d038b98145b0b03388244b68b7d35d", "rev": "7b8a4281aa8b2b12745de531cce0c65d87aea2e5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -292,11 +291,11 @@
"quickshell": "quickshell" "quickshell": "quickshell"
}, },
"locked": { "locked": {
"lastModified": 1776670101, "lastModified": 1778381004,
"narHash": "sha256-VmPWtG6H+k2tgGnpYwNO5YueHOBdOXXTiBTrjXqcHag=", "narHash": "sha256-JwIlrajiY74obxyTMu/Ym6wOEQaCjpHwfziPK+E5u3Q=",
"owner": "caelestia-dots", "owner": "caelestia-dots",
"repo": "shell", "repo": "shell",
"rev": "b94ee8d41bad1ea59395d6184425036fa7121bc5", "rev": "2ca4ad4a434e91e73504debd5225e66dc5ebb2b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -314,11 +313,11 @@
"quickshell": "quickshell_2" "quickshell": "quickshell_2"
}, },
"locked": { "locked": {
"lastModified": 1776670101, "lastModified": 1778381004,
"narHash": "sha256-VmPWtG6H+k2tgGnpYwNO5YueHOBdOXXTiBTrjXqcHag=", "narHash": "sha256-JwIlrajiY74obxyTMu/Ym6wOEQaCjpHwfziPK+E5u3Q=",
"owner": "caelestia-dots", "owner": "caelestia-dots",
"repo": "shell", "repo": "shell",
"rev": "b94ee8d41bad1ea59395d6184425036fa7121bc5", "rev": "2ca4ad4a434e91e73504debd5225e66dc5ebb2b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -349,11 +348,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1775176642, "lastModified": 1776136500,
"narHash": "sha256-2veEED0Fg7Fsh81tvVDNYR6SzjqQxa7hbi18Jv4LWpM=", "narHash": "sha256-r0gN2brVWA351zwMV0Flmlcd6SGMvYqFbvC3DfKFM8Y=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "179704030c5286c729b5b0522037d1d51341022c", "rev": "0f8ba203d475587f477e7ae12661bd8459e225b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -414,14 +413,17 @@
}, },
"flake-parts_2": { "flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": [
"bun2nix",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1769996383, "lastModified": 1777988971,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -432,7 +434,7 @@
}, },
"flake-parts_3": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_3" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1769996383, "lastModified": 1769996383,
@@ -450,7 +452,7 @@
}, },
"flake-parts_4": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_4" "nixpkgs-lib": "nixpkgs-lib_3"
}, },
"locked": { "locked": {
"lastModified": 1769996383, "lastModified": 1769996383,
@@ -570,11 +572,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777086106, "lastModified": 1778444552,
"narHash": "sha256-hlNpIN18pw3xo34Lsrp6vAMUPn0aB/zFBqL0QXI1Pmk=", "narHash": "sha256-f18pIiR9q/p1vHY93gmAum7aHhQOG49oGvAB9+lptRo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5826802354a74af18540aef0b01bc1320f82cc17", "rev": "dcebe66f958673729896eec2de4abfd86ef22d21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -658,11 +660,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1777040476, "lastModified": 1778442165,
"narHash": "sha256-bdlbn9MZcfKcK9qTyQzismEwaZHqLlG/6JLYOGdVBh4=", "narHash": "sha256-hVT4PKKzLXBxAq/uCFYqSBHs/3mdCXr9gntIZpUgdBg=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e3c9b64812042ade8bec47499f461f2c7d36c184", "rev": "3e21a68bd0a81c2fc45f2c843c9d02c47350ef44",
"revCount": 7172, "revCount": 7298,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@@ -760,11 +762,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776426736, "lastModified": 1777320127,
"narHash": "sha256-rl7i4aY+9p8LysJp7o8uRWahCkpFznCgGHXszlTw7b0=", "narHash": "sha256-Qu+Wf2Bp5qUjyn2YpZNq8a7JyzTGowhT1knrwE38a9U=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "7833ff33b2e82d3406337b5dcf0d1cec595d83e9", "rev": "090117506ddc3d7f26e650ff344d378c2ec329cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -837,11 +839,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776428866, "lastModified": 1778234770,
"narHash": "sha256-XfRlBolGtjvalTHJp3XvvpYLBjkMhaZLLU0WqZ91Fcg=", "narHash": "sha256-jAcsogZwWMfXT9MfXxZzkwliAqIuZUV0p71h6Ba9ReE=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "eedd60805cd96d4442586f2ba5fe51d549b12674", "rev": "a2dbd8a4cc51f7cbe4224732668392bb1aa79df2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -862,11 +864,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776430932, "lastModified": 1777159683,
"narHash": "sha256-Yv3RPiUvl7CAsJgwIVsqcj7akn1gLyJP1F/mocof5hA=", "narHash": "sha256-Jxixw6wZphUp+nHYxOKUYSckL17QMBx2d5Zp0rJHr1g=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "4c2fcc06dc9722c97dbb54ba649c69b18ce83d2e", "rev": "b8632713a6beaf28b56f2a7b0ab2fb7088dbb404",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -891,11 +893,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776728575, "lastModified": 1777388329,
"narHash": "sha256-z9eGphrArEBpl1O/GCH0wlY6z4K9vA6yWh2gAS6qytU=", "narHash": "sha256-40YxVGF2rA9iH3D7am5fy4EOSBbMgpJtJ9yhl0Cx+qI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwire", "repo": "hyprwire",
"rev": "f3a80888783702a39691b684d099e16b83ed4702", "rev": "04be2897e05f9b271d532b5ae56ca088d2eeac02",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -969,28 +971,13 @@
"type": "github" "type": "github"
} }
}, },
"import-tree_4": {
"locked": {
"lastModified": 1763762820,
"narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
"owner": "vic",
"repo": "import-tree",
"rev": "3c23749d8013ec6daa1d7255057590e9ca726646",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"mnw": { "mnw": {
"locked": { "locked": {
"lastModified": 1770419553, "lastModified": 1777828893,
"narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=", "narHash": "sha256-gVWVnmyNr74BVKfhMMZDWkhx2699dhmZ2g0W8TTHtkk=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "mnw", "repo": "mnw",
"rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957", "rev": "c1c0b544bfabe6669b5a6a0383ccb475fe60258b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1028,11 +1015,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776829403, "lastModified": 1778393439,
"narHash": "sha256-oHVcvP2Ahhj1KUsEzp+2BQF55/r5VSa3QxdPdwE1p00=", "narHash": "sha256-mOtQxUjtKaPHLeoLOY/YEDctmud1X9KwJr4kE1MJ3Wc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "c43246d4e9e506178b69baed075d797ec2d873e2", "rev": "01466c414c7357ae2ce32be4a272a7c69e94ab5f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1044,15 +1031,16 @@
"nixarr": { "nixarr": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"treefmt-nix": "treefmt-nix_5",
"vpnconfinement": "vpnconfinement", "vpnconfinement": "vpnconfinement",
"website-builder": "website-builder" "website-builder": "website-builder"
}, },
"locked": { "locked": {
"lastModified": 1770542066, "lastModified": 1778346734,
"narHash": "sha256-RTyyeuvK84WqFah0qUoyq28o2oM7yBfkFIHjFu5h0hc=", "narHash": "sha256-G5ZyrISExI0L6CqHX/0CrdTVEu9lpIdevhpkYwhGf/E=",
"owner": "rasmus-kirk", "owner": "rasmus-kirk",
"repo": "nixarr", "repo": "nixarr",
"rev": "7cc521933dc6800ae81ecfc91fe36237476e4ffb", "rev": "476ffae2a09911008847dd5a86c18b8cb484d198",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1063,11 +1051,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1776983936, "lastModified": 1778143761,
"narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=", "narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61", "rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1138,28 +1126,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib_4": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1776734388, "lastModified": 1778003029,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", "narHash": "sha256-q/nkKLDtHIyLjZpKhWk3cSK5IYsFqtMd6UtXF3ddjgA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", "rev": "0c88e1f2bdb93d5999019e99cb0e61e1fe2af4c5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1187,11 +1160,27 @@
}, },
"nixpkgs_11": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1775036866, "lastModified": 1777268161,
"narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1219,11 +1208,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1770562336, "lastModified": 1777954456,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1251,11 +1240,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1776548001, "lastModified": 1777954456,
"narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc", "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1283,11 +1272,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1765608474, "lastModified": 1775595990,
"narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1299,11 +1288,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1776877367, "lastModified": 1777954456,
"narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0726a0ecb6d4e08f6adced58726b95db924cef57", "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1341,11 +1330,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1775228139, "lastModified": 1777598946,
"narHash": "sha256-ebbeHmg+V7w8050bwQOuhmQHoLOEOfqKzM1KgCTexK4=", "narHash": "sha256-X239dAGaU1+gfDj8jKH8GzlqKMcxaVfXOio+uzBOkeE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "601971b9c89e0304561977f2c28fa25e73aa7132", "rev": "5d55af01c0f86be583931fe99207fc56c14134b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1385,11 +1374,11 @@
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1777062815, "lastModified": 1778408907,
"narHash": "sha256-RWwgP/R2nIcyOTPYJdApqvj/dVc4+n/4kOCNlRnfb7U=", "narHash": "sha256-QXjdRz5fssxAWDrtfBYxvjMtTqJzQAbnAmX3u22xCck=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "41394699260ffc533a688d0ca5b8888bd5e64233", "rev": "e86a92e4b29b499e5f1285b737b7612115103da9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1430,11 +1419,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772925576, "lastModified": 1778222427,
"narHash": "sha256-mMoiXABDtkSJxCYDrkhJ/TrrJf5M46oUfIlJvv2gkZ0=", "narHash": "sha256-6GFiP611nEJvtm+m03sMyfaVIJ9QOCi//hS+PPKyyPA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "15a84097653593dd15fad59a56befc2b7bdc270d", "rev": "d1760ed1f31c02a95b37a9bf4084129c829ebe7f",
"revCount": 750, "revCount": 817,
"type": "git", "type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell" "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
}, },
@@ -1451,11 +1440,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772925576, "lastModified": 1778222427,
"narHash": "sha256-mMoiXABDtkSJxCYDrkhJ/TrrJf5M46oUfIlJvv2gkZ0=", "narHash": "sha256-6GFiP611nEJvtm+m03sMyfaVIJ9QOCi//hS+PPKyyPA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "15a84097653593dd15fad59a56befc2b7bdc270d", "rev": "d1760ed1f31c02a95b37a9bf4084129c829ebe7f",
"revCount": 750, "revCount": 817,
"type": "git", "type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell" "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
}, },
@@ -1483,7 +1472,8 @@
"nvf": "nvf", "nvf": "nvf",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"stylix": "stylix" "stylix": "stylix",
"usbguard-tui": "usbguard-tui"
} }
}, },
"sops-nix": { "sops-nix": {
@@ -1491,11 +1481,11 @@
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1776771786, "lastModified": 1777944972,
"narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1512,11 +1502,11 @@
"systems": "systems_7" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1777043003, "lastModified": 1778395012,
"narHash": "sha256-lEKiNXDssCjM5bM6v1rltaYRsBRrXrozD4ryctlnZo0=", "narHash": "sha256-A/VRiNFQIwGp8cOC/8yNCRexFHjtFCzBwhajrkyGojo=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "spicetify-nix", "repo": "spicetify-nix",
"rev": "8486e82fd1b2bab54868139ac2263de54c9c85c7", "rev": "3b4991bfc064c3361957f23141351ae2d9833234",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1543,11 +1533,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1776893932, "lastModified": 1778104276,
"narHash": "sha256-AFD5cf9eNqXq1brHS63xeZy2xKZMgG9J86XJ9I2eLn8=", "narHash": "sha256-/DSSnU0LLmOTG/OCgGwYpxP6+5YvxRx2g/GhI4x6aCU=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "84971726c7ef0bb3669a5443e151cc226e65c518", "rev": "18ed8d270231e067fe2739998479ed5d7c659c2c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1695,11 +1685,11 @@
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772661346, "lastModified": 1777041405,
"narHash": "sha256-4eu3LqB9tPqe0Vaqxd4wkZiBbthLbpb7llcoE/p5HT0=", "narHash": "sha256-BAGZ7ObFV/9Z61OJZun7ifPyhkuHqNuW1QIhQ8LuzCo=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "13b5b0c299982bb361039601e2d72587d6846294", "rev": "5f868b3a338b6904c47f3833b9c411be641983a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1711,11 +1701,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772934010, "lastModified": 1777169200,
"narHash": "sha256-x+6+4UvaG+RBRQ6UaX+o6DjEg28u4eqhVRM9kpgJGjQ=", "narHash": "sha256-h7dDbIzP5hDr9v97w9PL6jdAgXawmj6krcH+959rqpU=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "c3529673a5ab6e1b6830f618c45d9ce1bcdd829d", "rev": "f798c2dce44ef815bb6b8f05a82135c7942d35ac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1727,11 +1717,11 @@
"tinted-zed": { "tinted-zed": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772909925, "lastModified": 1777463218,
"narHash": "sha256-jx/5+pgYR0noHa3hk2esin18VMbnPSvWPL5bBjfTIAU=", "narHash": "sha256-Bhkozqtq3BKLqWTlmKm8uAptfX4aRGI8QX3eEL54Vpc=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-zed", "repo": "base16-zed",
"rev": "b4d3a1b3bcbd090937ef609a0a3b37237af974df", "rev": "5768d08ed2e7944a26a958868cdb073cb8856dae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1770,11 +1760,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770228511, "lastModified": 1775636079,
"narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1827,13 +1817,52 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix_5": {
"inputs": {
"nixpkgs": [
"nixarr",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775125835,
"narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "75925962939880974e3ab417879daffcba36c4a3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"usbguard-tui": {
"inputs": {
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1778071322,
"narHash": "sha256-9JXonFNWEutwhX/19eeg/RvIxqi5pnT1KS9Kby05j+o=",
"owner": "anotherhadi",
"repo": "usbguard-tui",
"rev": "6db3a32758d46a40fc8f86c06d4d7d9c4d981c1b",
"type": "github"
},
"original": {
"owner": "anotherhadi",
"repo": "usbguard-tui",
"type": "github"
}
},
"vpnconfinement": { "vpnconfinement": {
"locked": { "locked": {
"lastModified": 1765634578, "lastModified": 1767604552,
"narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=", "narHash": "sha256-FddhMxnc99KYOZ/S3YNqtDSoxisIhVtJ7L4s8XD2u0A=",
"owner": "Maroka-chan", "owner": "Maroka-chan",
"repo": "VPN-Confinement", "repo": "VPN-Confinement",
"rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a", "rev": "a6b2da727853886876fd1081d6bb2880752937f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1850,11 +1879,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753958235, "lastModified": 1771957511,
"narHash": "sha256-Rd27XQJKv8Z4BCr3gdbaHFd0TmumiGxdjGRzsEf/mOg=", "narHash": "sha256-MxpsyVQguwmeN40gblvcYLtL4xiriGYB6UyP+JergpQ=",
"owner": "rasmus-kirk", "owner": "rasmus-kirk",
"repo": "website-builder", "repo": "website-builder",
"rev": "00a14b7ae7baef2197978ba7c3fe72dfca7bc475", "rev": "896af41c1a01f934799356f1f51cfddff2abda82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1891,11 +1920,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776608502, "lastModified": 1777585783,
"narHash": "sha256-UH8YoQxx4hFOm6qjMdjRQNRvSejFIR/wBZ8fW1p9sME=", "narHash": "sha256-JTeWRy42VElroJ0rVdZuVXSoTLsx+NzQfGPKMbtn3SU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "4a293523d36dfa367e67ec304cc718ea66a8fec2", "rev": "fa50d6fbaff8f42c61071b87b034a90d82a33558",
"type": "github" "type": "github"
}, },
"original": { "original": {
flake.nix
+32 -63
View File
@@ -14,6 +14,7 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
nvf.url = "github:notashelf/nvf"; nvf.url = "github:notashelf/nvf";
bun2nix.url = "github:nix-community/bun2nix"; bun2nix.url = "github:nix-community/bun2nix";
usbguard-tui.url = "github:anotherhadi/usbguard-tui";
nix-index-database = { nix-index-database = {
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
@@ -43,70 +44,38 @@
blog.url = "github:anotherhadi/blog"; blog.url = "github:anotherhadi/blog";
awesome-wallpapers.url = "github:anotherhadi/awesome-wallpapers"; awesome-wallpapers.url = "github:anotherhadi/awesome-wallpapers";
iknowyou.url = "github:anotherhadi/iknowyou"; iknowyou.url = "github:anotherhadi/iknowyou";
}; };
outputs = inputs @ {nixpkgs, ...}: { outputs = inputs @ {
nixosConfigurations = { nixpkgs,
h-laptop = nixpkgs-stable,
# CHANGEME: This should match the 'hostname' in your variables.nix file ...
nixpkgs.lib.nixosSystem { }: let
modules = [ system = "x86_64-linux";
{ pkgs = nixpkgs.legacyPackages.${system};
nixpkgs.overlays = [ args = {
(final: prev: { inherit
# FIXME: Workaround: Mesa crash with AMD GPU + Wayland + Qt 6.11.0 inputs
qutebrowser = prev.symlinkJoin { nixpkgs
name = "qutebrowser"; system
paths = [prev.qutebrowser]; pkgs
buildInputs = [prev.makeWrapper]; ;
postBuild = '' pkgs-stable = nixpkgs-stable.legacyPackages.${system};
wrapProgram $out/bin/qutebrowser \
--set LIBGL_ALWAYS_SOFTWARE 1
'';
};
})
];
_module.args = {
inherit inputs;
};
}
inputs.nixos-hardware.nixosModules.omen-16-n0005ne # CHANGEME: check https://github.com/NixOS/nixos-hardware
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
inputs.nix-index-database.nixosModules.default
./hosts/laptop/configuration.nix # CHANGEME: change the path to match your host folder
];
};
h-work = nixpkgs.lib.nixosSystem {
modules = [
{
nixpkgs.overlays = [];
_module.args = {
inherit inputs;
};
}
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
inputs.nix-index-database.nixosModules.default
./hosts/work/configuration.nix
];
};
# Jack is my server
jack = nixpkgs.lib.nixosSystem {
modules = [
{_module.args = {inherit inputs;};}
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
inputs.sops-nix.nixosModules.sops
inputs.nixarr.nixosModules.default
# inputs.eleakxir.nixosModules.eleakxir
inputs.nix-index-database.nixosModules.default
inputs.default-creds.nixosModules.default
./hosts/server/configuration.nix
];
};
}; };
}; merge = nixpkgs.lib.foldl nixpkgs.lib.recursiveUpdate {};
in
merge [
(import ./home/programs/nvf/flake.nix args)
(import ./home/programs/group/flake.nix args)
(import ./home/programs/nixy/flake.nix args)
{
formatter.${system} = pkgs.alejandra;
nixosConfigurations = {
h-laptop = import ./hosts/laptop/flake.nix args;
h-work = import ./hosts/work/flake.nix args;
jack = import ./hosts/server/flake.nix args;
};
}
];
} }
home/programs/brave/default.nix
+12 -3
View File
@@ -63,8 +63,14 @@
exec = "brave --incognito"; exec = "brave --incognito";
icon = "brave-browser"; icon = "brave-browser";
terminal = false; terminal = false;
categories = ["Network" "WebBrowser"]; categories = [
mimeType = ["text/html" "text/xml"]; "Network"
"WebBrowser"
];
mimeType = [
"text/html"
"text/xml"
];
}; };
brave-tor = { brave-tor = {
name = "Brave (Private window w/Tor)"; name = "Brave (Private window w/Tor)";
@@ -72,7 +78,10 @@
exec = "brave --tor"; exec = "brave --tor";
icon = "brave-browser"; icon = "brave-browser";
terminal = false; terminal = false;
categories = ["Network" "WebBrowser"]; categories = [
"Network"
"WebBrowser"
];
}; };
}; };
} }
home/programs/ghostty/default.nix
+2
View File
@@ -2,6 +2,8 @@
home.sessionVariables = { home.sessionVariables = {
TERMINAL = "ghostty"; TERMINAL = "ghostty";
TERM = "ghostty"; TERM = "ghostty";
XMODIFIERS = "@im=none";
GTK_IM_MODULE = "simple";
}; };
programs.ghostty = { programs.ghostty = {
home/programs/git/default.nix
+2 -4
View File
@@ -44,10 +44,8 @@ in {
st = "status"; st = "status";
br = "branch"; br = "branch";
df = "!git hist | peco | awk '{print $2}' | xargs -I {} git diff {}^ {}"; df = "!git hist | peco | awk '{print $2}' | xargs -I {} git diff {}^ {}";
hist = '' hist = ''log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all'';
log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all''; llog = ''log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative'';
llog = ''
log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative'';
edit-unmerged = "!f() { git ls-files --unmerged | cut -f2 | sort -u ; }; hx `f`"; edit-unmerged = "!f() { git ls-files --unmerged | cut -f2 | sort -u ; }; hx `f`";
}; };
}; };
home/programs/git/lazygit.nix
+4 -1
View File
@@ -21,7 +21,10 @@ in {
}; };
gui = { gui = {
theme = { theme = {
activeBorderColor = [accent "bold"]; activeBorderColor = [
accent
"bold"
];
inactiveBorderColor = [muted]; inactiveBorderColor = [muted];
}; };
showListFooter = false; showListFooter = false;
home/programs/group/dev.nix
+2 -2
View File
@@ -10,12 +10,12 @@
go go
bun bun
nodejs nodejs
air
duckdb
claude-code claude-code
inputs.bun2nix.packages.${stdenv.hostPlatform.system}.default inputs.bun2nix.packages.${stdenv.hostPlatform.system}.default
]) ])
++ (with pkgs-stable; [ ++ (with pkgs-stable; [
air
duckdb
docker docker
python3 python3
jq jq
home/programs/group/flake.nix
+69
View File
@@ -0,0 +1,69 @@
{
inputs,
pkgs,
pkgs-stable,
system,
...
}: {
packages.${system} = {
dev = pkgs.buildEnv {
name = "dev-tools";
paths =
(with pkgs; [
go
bun
nodejs
air
duckdb
claude-code
inputs.bun2nix.packages.${system}.default
])
++ (with pkgs-stable; [
docker
python3
jq
just
]);
};
cybersecurity = pkgs.buildEnv {
name = "cybersecurity-tools";
paths = with pkgs-stable; [
wireshark
nmap
john
hashcat
metasploit
haiti
hydra
dnsrecon
whois
dig
nosqli
jwt-cli
nuclei
caido
gobuster
dirb
ffuf
sqlmap
inetutils
samba
openvpn
mariadb
redis
];
};
};
homeManagerModules = {
dev = {
_module.args.pkgs-stable = pkgs-stable;
imports = [./dev.nix];
};
cybersecurity = {
_module.args.pkgs-stable = pkgs-stable;
imports = [./cybersecurity.nix];
};
};
}
home/programs/group/misc.nix
+6 -1
View File
@@ -1,9 +1,14 @@
{pkgs-stable, ...}: { {
pkgs-stable,
inputs,
...
}: {
home.packages = with pkgs-stable; [ home.packages = with pkgs-stable; [
peaclock peaclock
cbonsai cbonsai
pipes pipes
cmatrix cmatrix
fastfetch fastfetch
inputs.usbguard-tui.packages.${system}.default
]; ];
} }
home/programs/nixy/default.nix
+20 -70
View File
@@ -6,76 +6,26 @@
#- - `nixy rebuild` - Rebuild the system. #- - `nixy rebuild` - Rebuild the system.
#- - `nixy ...` - ... see the script for more commands. #- - `nixy ...` - ... see the script for more commands.
{ {
pkgs,
config, config,
lib,
pkgs,
... ...
}: let }: {
inherit (config.var) configDirectory; options.programs.nixy = {
enable = lib.mkEnableOption "nixy";
configDirectory = lib.mkOption {
type = lib.types.str;
default = "$HOME/.config/nixos";
description = "Path to the NixOS configuration directory";
};
};
nixy = config = lib.mkIf config.programs.nixy.enable {
pkgs.writeShellScriptBin "nixy" home.packages = [
# bash (import ./package.nix {
'' inherit pkgs;
EXTRA_ARGS="''${@:2}" inherit (config.programs.nixy) configDirectory;
})
function exec() { ];
$@ };
} }
function ui(){
DEFAULT_ICON="󰘳"
# "icon;name;command"[]
apps=(
"󰑓;Rebuild;nixy rebuild"
"󰐊;Test;nixy test"
"󰚰;Update;nixy update"
";Collect Garbage;nixy gc"
"󰍜;Clean Boot Menu;nixy cb"
";List generation;nixy listgen"
)
# Apply default icons if empty:
for i in "''${!apps[@]}"; do
apps[i]=$(echo "''${apps[i]}" | sed 's/^;/'$DEFAULT_ICON';/')
done
fzf_result=$(printf "%s\n" "''${apps[@]}" | awk -F ';' '{print $1" "$2}' | fzf)
[[ -z $fzf_result ]] && exit 0
fzf_result=''${fzf_result/ /;}
line=$(printf "%s\n" "''${apps[@]}" | grep "$fzf_result")
command=$(echo "$line" | sed 's/^[^;]*;//;s/^[^;]*;//')
exec "$command"
exit $?
}
[[ $1 == "" ]] && ui
if [[ $1 == "rebuild" ]];then
cd ${configDirectory} && git add . && sudo nixos-rebuild switch --flake . $EXTRA_ARGS
elif [[ $1 == "test" ]];then
cd ${configDirectory} && git add . && sudo nixos-rebuild test --flake . $EXTRA_ARGS
elif [[ $1 == "update" ]];then
cd ${configDirectory} && nix flake update $EXTRA_ARGS
elif [[ $1 == "gc" ]];then
echo "Starting Nix garbage collection..."
cd ${configDirectory} && \
echo "Cleaning up system garbage..." && \
sudo nix-collect-garbage -d && \
echo "Cleaning up user garbage..." && \
nix-collect-garbage -d && \
echo "Collecting garbage from Nix store..." && \
nix-store --gc && \
echo "Optimizing Nix store..." && \
nix-store --optimise
echo "Nix garbage collection complete."
elif [[ $1 == "cb" ]];then
sudo /run/current-system/bin/switch-to-configuration boot
elif [[ $1 == "listgen" ]];then
sudo nix-env -p /nix/var/nix/profiles/system --list-generations
else
echo "Unknown argument"
fi
'';
in {home.packages = [nixy];}
home/programs/nixy/flake.nix
+14
View File
@@ -0,0 +1,14 @@
{
pkgs,
system,
...
}: {
packages.${system}.nixy = import ./package.nix {
inherit pkgs;
configDirectory = "$HOME/.config/nixos";
};
homeManagerModules.nixy = {
imports = [./default.nix];
};
}
home/programs/nixy/package.nix
+69
View File
@@ -0,0 +1,69 @@
{
pkgs,
configDirectory,
}:
pkgs.writeShellScriptBin "nixy"
# bash
''
EXTRA_ARGS="''${@:2}"
function exec() {
$@
}
function ui(){
DEFAULT_ICON="󰘳"
# "icon;name;command"[]
apps=(
"󰑓;Rebuild;nixy rebuild"
"󰐊;Test;nixy test"
"󰚰;Update;nixy update"
";Collect Garbage;nixy gc"
"󰍜;Clean Boot Menu;nixy cb"
";List generation;nixy listgen"
)
# Apply default icons if empty:
for i in "''${!apps[@]}"; do
apps[i]=$(echo "''${apps[i]}" | sed 's/^;/'$DEFAULT_ICON';/')
done
fzf_result=$(printf "%s\n" "''${apps[@]}" | awk -F ';' '{print $1" "$2}' | fzf)
[[ -z $fzf_result ]] && exit 0
fzf_result=''${fzf_result/ /;}
line=$(printf "%s\n" "''${apps[@]}" | grep "$fzf_result")
command=$(echo "$line" | sed 's/^[^;]*;//;s/^[^;]*;//')
exec "$command"
exit $?
}
[[ $1 == "" ]] && ui
if [[ $1 == "rebuild" ]];then
cd ${configDirectory} && git add . && sudo nixos-rebuild switch --flake . $EXTRA_ARGS
elif [[ $1 == "test" ]];then
cd ${configDirectory} && git add . && sudo nixos-rebuild test --flake . $EXTRA_ARGS
elif [[ $1 == "update" ]];then
cd ${configDirectory} && nix flake update $EXTRA_ARGS
elif [[ $1 == "gc" ]];then
echo "Starting Nix garbage collection..."
cd ${configDirectory} && \
echo "Cleaning up system garbage..." && \
sudo nix-collect-garbage -d && \
echo "Cleaning up user garbage..." && \
nix-collect-garbage -d && \
echo "Collecting garbage from Nix store..." && \
nix-store --gc && \
echo "Optimizing Nix store..." && \
nix-store --optimise
echo "Nix garbage collection complete."
elif [[ $1 == "cb" ]];then
sudo /run/current-system/bin/switch-to-configuration boot
elif [[ $1 == "listgen" ]];then
sudo nix-env -p /nix/var/nix/profiles/system --list-generations
else
echo "Unknown argument"
fi
''
home/programs/nvf/default.nix
+19 -10
View File
@@ -1,21 +1,30 @@
# NVF is a Neovim configuration that provides a minimal setup with essential plugins and configurations.
{ {
inputs, inputs,
pkgs, pkgs,
... ...
}: { }: {
imports = [ imports = [inputs.nvf.homeManagerModules.default];
inputs.nvf.homeManagerModules.default # Packages needed by snacks image preview
./options.nix home.packages = with pkgs; [
./languages.nix imagemagick
./picker.nix tree-sitter
./snacks.nix ghostscript
./keymaps.nix tectonic
./utils.nix mermaid-cli
./mini.nix
]; ];
programs.nvf = { programs.nvf = {
enable = true; enable = true;
settings = {
imports = [
./options.nix
./languages.nix
./picker.nix
./snacks.nix
./keymaps.nix
./utils.nix
./mini.nix
];
};
}; };
} }
home/programs/nvf/flake.nix
+37
View File
@@ -0,0 +1,37 @@
{
inputs,
pkgs,
system,
...
}: let
nvimConfig = inputs.nvf.lib.neovimConfiguration {
inherit pkgs;
modules = [
./options.nix
./languages.nix
./picker.nix
./snacks.nix
./keymaps.nix
./utils.nix
./mini.nix
];
};
in {
packages.${system}.nvim = nvimConfig.neovim;
apps.${system}.nvim = {
type = "app";
program = "${nvimConfig.neovim}/bin/nvim";
};
defaultApp.${system} = {
type = "app";
program = "${nvimConfig.neovim}/bin/nvim";
};
homeManagerModules.nvim = {
imports = [
inputs.nvf.homeManagerModules.default
./default.nix
];
};
}
home/programs/nvf/keymaps.nix
+32 -13
View File
@@ -1,10 +1,9 @@
{ {
programs.nvf.settings.vim = { vim = {
globals.mapleader = " "; globals.mapleader = " ";
binds = { binds = {
whichKey = { whichKey = {
enable = true; enable = true;
# TODO: registers
register = {}; register = {};
}; };
}; };
@@ -63,19 +62,31 @@
} }
{ {
key = "<MiddleMouse>"; key = "<MiddleMouse>";
mode = ["n" "i" "v"]; # Normal, Insert, Visual mode = [
action = "<nop>"; # No Operation "n"
silent = true; "i"
} "v"
{ ];
key = "<2-MiddleMouse>"; # Désactive aussi le double clic molette
mode = ["n" "i" "v"];
action = "<nop>"; action = "<nop>";
silent = true; silent = true;
} }
{ {
key = "<3-MiddleMouse>"; # Désactive aussi le double clic molette key = "<2-MiddleMouse>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
action = "<nop>";
silent = true;
}
{
key = "<3-MiddleMouse>";
mode = [
"n"
"i"
"v"
];
action = "<nop>"; action = "<nop>";
silent = true; silent = true;
} }
@@ -219,7 +230,11 @@
# Save # Save
{ {
key = "<C-s>"; key = "<C-s>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
silent = true; silent = true;
action = "<cmd>w<cr>"; action = "<cmd>w<cr>";
desc = "Save file"; desc = "Save file";
@@ -228,7 +243,11 @@
# Deactivate "esc" # Deactivate "esc"
{ {
key = "<Esc>"; key = "<Esc>";
mode = ["n" "i" "v"]; mode = [
"n"
"i"
"v"
];
silent = true; silent = true;
action = "<Nop>"; action = "<Nop>";
desc = "Disable Escape"; desc = "Disable Escape";
home/programs/nvf/languages.nix
+2 -3
View File
@@ -3,7 +3,7 @@
pkgs, pkgs,
... ...
}: { }: {
programs.nvf.settings.vim = { vim = {
diagnostics = { diagnostics = {
enable = true; enable = true;
config = { config = {
@@ -26,7 +26,6 @@
'' ''
function(diagnostic) function(diagnostic)
return string.format("%s", diagnostic.message) return string.format("%s", diagnostic.message)
--return string.format("%s (%s)", diagnostic.message, diagnostic.source)
end end
''; '';
}; };
@@ -41,7 +40,7 @@
context.enable = true; context.enable = true;
highlight.enable = true; highlight.enable = true;
grammars = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [ grammars = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [
typescript # in language settings only tsx gets enabled, not typescript typescript
]; ];
}; };
lsp = { lsp = {
home/programs/nvf/mini.nix
+1 -2
View File
@@ -1,8 +1,7 @@
{ {
programs.nvf.settings.vim.mini = { vim.mini = {
starter.enable = true; starter.enable = true;
comment.enable = true; comment.enable = true;
# cursorword.enable = true;
icons.enable = true; icons.enable = true;
indentscope.enable = true; indentscope.enable = true;
notify.enable = true; notify.enable = true;
home/programs/nvf/options.nix
+3 -4
View File
@@ -1,9 +1,8 @@
{lib, ...}: { {lib, ...}: {
programs.nvf.settings.vim = { vim = {
viAlias = false; viAlias = false;
vimAlias = true; vimAlias = true;
withNodeJs = true; withNodeJs = true;
# syntaxHighlighting = true;
options = { options = {
autoindent = true; autoindent = true;
smartindent = true; smartindent = true;
@@ -19,8 +18,8 @@
wrap = false; wrap = false;
}; };
globals = { globals = {
navic_silence = true; # navic tries to attach multiple LSPs and fails navic_silence = true;
suda_smart_edit = 1; # use super user write automatically suda_smart_edit = 1;
neovide_scale_factor = 0.7; neovide_scale_factor = 0.7;
neovide_cursor_animation_length = 0.1; neovide_cursor_animation_length = 0.1;
neovide_cursor_short_animation_length = 0; neovide_cursor_short_animation_length = 0;
home/programs/nvf/picker.nix
+2 -3
View File
@@ -1,5 +1,5 @@
{ {
programs.nvf.settings.vim = { vim = {
utility = { utility = {
oil-nvim.enable = true; oil-nvim.enable = true;
snacks-nvim = { snacks-nvim = {
@@ -66,8 +66,7 @@
key = "<leader>fc"; key = "<leader>fc";
mode = "n"; mode = "n";
silent = true; silent = true;
action = '' action = ''<cmd>lua Snacks.picker.files({ cwd = vim.fn.stdpath("config") })<cr>'';
<cmd>lua Snacks.picker.files({ cwd = vim.fn.stdpath("config") })<cr>'';
desc = "Find Config File"; desc = "Find Config File";
} }
{ {
home/programs/nvf/snacks.nix
+2 -9
View File
@@ -1,12 +1,5 @@
{pkgs, ...}: { {
home.packages = with pkgs; [ vim.utility.snacks-nvim = {
imagemagick
tree-sitter
ghostscript
tectonic
mermaid-cli
];
programs.nvf.settings.vim.utility.snacks-nvim = {
enable = true; enable = true;
setupOpts = { setupOpts = {
image = { image = {
home/programs/nvf/utils.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{pkgs, ...}: { {pkgs, ...}: {
programs.nvf.settings.vim = { vim = {
undoFile.enable = true; undoFile.enable = true;
utility = { utility = {
motion.flash-nvim.enable = true; motion.flash-nvim.enable = true;
home/programs/qutebrowser/bookmarks/default.nix
+12 -16
View File
@@ -14,13 +14,9 @@
c = config.lib.stylix.colors; c = config.lib.stylix.colors;
stripProtocol = url: stripProtocol = url: lib.removePrefix "https://" (lib.removePrefix "http://" url);
lib.removePrefix "https://" (lib.removePrefix "http://" url);
stripDomain = url: stripDomain = url: builtins.head (lib.splitString "/" (stripProtocol url));
builtins.head (
lib.splitString "/" (stripProtocol url)
);
mkCard = item: let mkCard = item: let
domain = stripDomain item.url; domain = stripDomain item.url;
@@ -69,13 +65,15 @@
items = result.pending; items = result.pending;
}; };
in in
lib.concatMapStrings (chunk: lib.concatMapStrings (
if chunk.isCards chunk:
then '' if chunk.isCards
<div class="cards"> then ''
${lib.concatMapStrings mkCard chunk.items} <div class="cards">
</div>'' ${lib.concatMapStrings mkCard chunk.items}
else mkFolder chunk.folder) </div>''
else mkFolder chunk.folder
)
chunks; chunks;
mkFolder = folder: let mkFolder = folder: let
@@ -145,9 +143,7 @@
) )
items; items;
publicBookmarks = publicBookmarks = pkgs.writeText "qutebrowser-public-bookmarks" (collectBookmarks "" bookmarkList);
pkgs.writeText "qutebrowser-public-bookmarks"
(collectBookmarks "" bookmarkList);
in { in {
config = { config = {
xdg.dataFile."qutebrowser/bookmarks.html".text = '' xdg.dataFile."qutebrowser/bookmarks.html".text = ''
home/programs/qutebrowser/default.nix
+4 -1
View File
@@ -27,7 +27,10 @@
genericName = "Web Browser"; genericName = "Web Browser";
exec = "qutebrowser --temp-basedir %U"; exec = "qutebrowser --temp-basedir %U";
icon = "qutebrowser"; icon = "qutebrowser";
categories = ["Network" "WebBrowser"]; categories = [
"Network"
"WebBrowser"
];
}; };
programs.qutebrowser = { programs.qutebrowser = {
home/programs/qutebrowser/settings.nix
+11 -2
View File
@@ -7,7 +7,11 @@
}; };
new_instance_open_target = "window"; new_instance_open_target = "window";
"tabs.last_close" = "close"; "tabs.last_close" = "close";
"statusbar.widgets" = ["keypress" "url" "progress"]; "statusbar.widgets" = [
"keypress"
"url"
"progress"
];
# Adblock # Adblock
"content.blocking.enabled" = true; "content.blocking.enabled" = true;
@@ -26,7 +30,12 @@
"downloads.location.prompt" = false; "downloads.location.prompt" = false;
# Editor (Ctrl+e in text fields) # Editor (Ctrl+e in text fields)
"editor.command" = ["ghostty" "-e" "nvim" "{}"]; "editor.command" = [
"ghostty"
"-e"
"nvim"
"{}"
];
# Tabs # Tabs
# "tabs.show" = "switching"; # "tabs.show" = "switching";
home/programs/qutebrowser/userscripts.nix
+42 -62
View File
@@ -1,67 +1,47 @@
{pkgs, ...}: { {
xdg.dataFile = { config,
# Startpage: hide sponsored results (custom script, no upstream) lib,
"qutebrowser/greasemonkey/startpage-no-ads.user.js".text = '' pkgs,
// ==UserScript== ...
// @name Startpage - Hide Ads }: {
// @match https://www.startpage.com/* xdg.dataFile."qutebrowser/greasemonkey/startpage-no-ads.user.js".text = ''
// @run-at document-start // ==UserScript==
// ==/UserScript== // @name Startpage - Hide Ads
// @match https://www.startpage.com/*
// @run-at document-start
// ==/UserScript==
new MutationObserver(function(mutations) { new MutationObserver(function(mutations) {
mutations.forEach((mutation) => { mutations.forEach((mutation) => {
if (mutation.type === 'childList') { if (mutation.type === 'childList') {
mutation.addedNodes.forEach((node) => { mutation.addedNodes.forEach((node) => {
if (node.nodeType === 1 && node.nodeName === 'DIV' && node.id === 'gcsa-top') { if (node.nodeType === 1 && node.nodeName === 'DIV' && node.id === 'gcsa-top') {
node.remove(); node.remove();
this.disconnect(); this.disconnect();
} }
}); });
} }
}); });
}).observe(document, { childList: true, subtree: true }); }).observe(document, { childList: true, subtree: true });
''; '';
# Return YouTube Dislike: restore dislike counts on YouTube home.activation.downloadUserscripts = lib.hm.dag.entryAfter ["writeBoundary"] ''
"qutebrowser/greasemonkey/return-youtube-dislike.user.js".source = pkgs.fetchurl { scripts_dir="${config.home.homeDirectory}/.local/share/qutebrowser/greasemonkey"
url = "https://update.greasyfork.org/scripts/436115/Return%20YouTube%20Dislike.user.js"; $DRY_RUN_CMD mkdir -p "$scripts_dir"
hash = "sha256-P7dK3v1WbSQaJUo73iHrezkXE+6BOdIuDk/D6GJwwbM=";
};
# SponsorBlock Lite: auto-skip sponsors on YouTube download() {
"qutebrowser/greasemonkey/sponsorblock-lite.user.js".source = pkgs.fetchurl { local name="$1" url="$2"
url = "https://update.greasyfork.org/scripts/560869/SponsorBlock%20Lite.user.js"; if [[ ! -f "$scripts_dir/$name" ]]; then
hash = "sha256-8DTIRMn+cy/gZeeHa6xJDomQ5QN3lnaK0DG5ZcS5d00="; $DRY_RUN_CMD ${pkgs.curl}/bin/curl -sSL -o "$scripts_dir/$name" "$url" || true
}; fi
}
# Don't Track Me Google: remove Google tracking redirects download "return-youtube-dislike.user.js" "https://update.greasyfork.org/scripts/436115/Return%20YouTube%20Dislike.user.js"
"qutebrowser/greasemonkey/dont-track-me-google.user.js".source = pkgs.fetchurl { download "sponsorblock-lite.user.js" "https://update.greasyfork.org/scripts/560869/SponsorBlock%20Lite.user.js"
url = "https://update.greasyfork.org/scripts/428243/Don%27t%20track%20me%20Google.user.js"; download "dont-track-me-google.user.js" "https://update.greasyfork.org/scripts/428243/Don%27t%20track%20me%20Google.user.js"
hash = "sha256-yEjBZprSjHyDRpd+TJ1vUsSYHrwLspQOztpKunBLPig="; download "i-dont-care-about-cookies.user.js" "https://update.greasyfork.org/scripts/522645/I%20don%27t%20care%20about%20cookies.user.js"
}; download "tracking-token-stripper.user.js" "https://github.com/doggy8088/TrackingTokenStripper/raw/refs/heads/master/TrackingTokenStripper.user.js"
download "bypass-paywalls-clean.user.js" "https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=userscript/bpc.en.user.js"
# I don't care about cookies: auto-dismiss cookie banners download "anti-adblock-fuckoff.user.js" "https://update.greasyfork.org/scripts/397070/Anti-AdBlocker%20Fuckoff.user.js"
"qutebrowser/greasemonkey/i-dont-care-about-cookies.user.js".source = pkgs.fetchurl { '';
url = "https://update.greasyfork.org/scripts/522645/I%20don%27t%20care%20about%20cookies.user.js";
hash = "sha256-Ij7HyBfWemAO0EAGKYxWPPv7OX5twNtGKKPGhOAxM9w=";
};
# TrackingTokenStripper: remove tracking params from URLs (utm_*, fbclid, etc.)
"qutebrowser/greasemonkey/tracking-token-stripper.user.js".source = pkgs.fetchurl {
url = "https://github.com/doggy8088/TrackingTokenStripper/raw/refs/heads/master/TrackingTokenStripper.user.js";
hash = "sha256-EX8xN2Vd8SE/RvMcF/YSGN4Epa5cm355IeD9agTP2h4=";
};
# Bypass Paywalls Clean: bypass news site paywalls (Le Monde, NY Times, etc.)
"qutebrowser/greasemonkey/bypass-paywalls-clean.user.js".source = pkgs.fetchurl {
url = "https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=userscript/bpc.en.user.js";
hash = "sha256-dUgwBkJi5Jrtpw5HJydRjY9xBpZXyD0ZtA/+hDzF97s=";
};
# Anti-Adblock Fuckoff: remove anti-adblock modals and restore scroll
"qutebrowser/greasemonkey/anti-adblock-fuckoff.user.js".source = pkgs.fetchurl {
url = "https://update.greasyfork.org/scripts/397070/Anti-AdBlocker%20Fuckoff.user.js";
hash = "sha256-vFeWxqMg0gPHP7mGNZO9e9Me/2Z81biR5JEXC/Ct4fA=";
};
};
} }
home/programs/shell/default.nix
+7 -1
View File
@@ -1,4 +1,10 @@
# Import all shell configurations # Import all shell configurations
{ {
imports = [./fzf.nix ./zsh.nix ./starship.nix ./zoxide.nix ./eza.nix]; imports = [
./fzf.nix
./zsh.nix
./starship.nix
./zoxide.nix
./eza.nix
];
} }
home/programs/shell/starship.nix
+3 -1
View File
@@ -20,7 +20,9 @@ in {
"$git_status" "$git_status"
"$character" "$character"
]; ];
directory = {style = accent;}; directory = {
style = accent;
};
character = { character = {
success_symbol = "[](${accent})"; success_symbol = "[](${accent})";
home/programs/shell/zsh.nix
+15 -5
View File
@@ -7,7 +7,12 @@
}: let }: let
fetch = config.theme.fetch; # neofetch, nerdfetch, pfetch fetch = config.theme.fetch; # neofetch, nerdfetch, pfetch
in { in {
home.packages = with pkgs; [bat ripgrep tldr witr]; home.packages = with pkgs; [
bat
ripgrep
tldr
witr
];
# Add go binaries to the PATH # Add go binaries to the PATH
home.sessionPath = ["$HOME/go/bin"]; home.sessionPath = ["$HOME/go/bin"];
@@ -22,7 +27,14 @@ in {
autosuggestion.enable = true; autosuggestion.enable = true;
syntaxHighlighting = { syntaxHighlighting = {
enable = true; enable = true;
highlighters = ["main" "brackets" "pattern" "regexp" "root" "line"]; highlighters = [
"main"
"brackets"
"pattern"
"regexp"
"root"
"line"
];
}; };
historySubstringSearch.enable = true; historySubstringSearch.enable = true;
@@ -33,9 +45,7 @@ in {
}; };
profileExtra = lib.optionalString (config.home.sessionPath != []) '' profileExtra = lib.optionalString (config.home.sessionPath != []) ''
export PATH="$PATH''${PATH:+:}${ export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}"
lib.concatStringsSep ":" config.home.sessionPath
}"
''; '';
shellAliases = { shellAliases = {
home/system/caelestia-shell/launcher.nix
+64 -15
View File
@@ -1,10 +1,22 @@
{ {
programs.caelestia.settings = { programs.caelestia.settings = {
session.commands = { session.commands = {
shutdown = ["systemctl" "poweroff"]; shutdown = [
logout = ["loginctl" "lock-session"]; "systemctl"
hibernate = ["systemctl" "hibernate"]; "poweroff"
reboot = ["systemctl" "reboot"]; ];
logout = [
"loginctl"
"lock-session"
];
hibernate = [
"systemctl"
"hibernate"
];
reboot = [
"systemctl"
"reboot"
];
}; };
launcher = { launcher = {
actionPrefix = "/"; actionPrefix = "/";
@@ -13,7 +25,10 @@
name = "Calculator"; name = "Calculator";
icon = "calculate"; icon = "calculate";
description = "Do simple math equations (powered by Qalc)"; description = "Do simple math equations (powered by Qalc)";
command = ["autocomplete" "calc"]; command = [
"autocomplete"
"calc"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -21,7 +36,10 @@
name = "Shutdown"; name = "Shutdown";
icon = "power_settings_new"; icon = "power_settings_new";
description = "Shutdown the system"; description = "Shutdown the system";
command = ["systemctl" "poweroff"]; command = [
"systemctl"
"poweroff"
];
enabled = true; enabled = true;
dangerous = true; dangerous = true;
} }
@@ -29,7 +47,10 @@
name = "Reboot"; name = "Reboot";
icon = "cached"; icon = "cached";
description = "Reboot the system"; description = "Reboot the system";
command = ["systemctl" "reboot"]; command = [
"systemctl"
"reboot"
];
enabled = true; enabled = true;
dangerous = true; dangerous = true;
} }
@@ -37,7 +58,11 @@
name = "Logout"; name = "Logout";
icon = "exit_to_app"; icon = "exit_to_app";
description = "Log out of the current session"; description = "Log out of the current session";
command = ["loginctl" "terminate-user" ""]; command = [
"loginctl"
"terminate-user"
""
];
enabled = true; enabled = true;
dangerous = true; dangerous = true;
} }
@@ -45,7 +70,10 @@
name = "Lock"; name = "Lock";
icon = "lock"; icon = "lock";
description = "Lock the current session"; description = "Lock the current session";
command = ["loginctl" "lock-session"]; command = [
"loginctl"
"lock-session"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -53,7 +81,10 @@
name = "Sleep"; name = "Sleep";
icon = "bedtime"; icon = "bedtime";
description = "Suspend then hibernate"; description = "Suspend then hibernate";
command = ["systemctl" "suspend-then-hibernate"]; command = [
"systemctl"
"suspend-then-hibernate"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -61,7 +92,12 @@
name = "Restart caelestia"; name = "Restart caelestia";
icon = "cached"; icon = "cached";
description = "Restart caelestia"; description = "Restart caelestia";
command = ["hyprctl" "dispatch" "exec" "caelestia-shell kill | sleep 1 | caelestia-shell"]; command = [
"hyprctl"
"dispatch"
"exec"
"caelestia-shell kill | sleep 1 | caelestia-shell"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -69,7 +105,11 @@
name = "Emoji Picker"; name = "Emoji Picker";
icon = "mood"; icon = "mood";
description = "Toggle the emoji picker"; description = "Toggle the emoji picker";
command = ["caelestia" "emoji" "-p"]; command = [
"caelestia"
"emoji"
"-p"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -77,7 +117,10 @@
name = "Clipboard History"; name = "Clipboard History";
icon = "content_paste"; icon = "content_paste";
description = "Toggle the clipboard history"; description = "Toggle the clipboard history";
command = ["caelestia" "clipboard"]; command = [
"caelestia"
"clipboard"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -85,7 +128,10 @@
name = "Delete from Clipboard History"; name = "Delete from Clipboard History";
icon = "content_paste_off"; icon = "content_paste_off";
description = "Delete a line from the clipboard history"; description = "Delete a line from the clipboard history";
command = ["caelestia" "clipboard"]; command = [
"caelestia"
"clipboard"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
@@ -101,7 +147,10 @@
name = "Hyprpicker"; name = "Hyprpicker";
icon = "colorize"; icon = "colorize";
description = "Pick an hex color"; description = "Pick an hex color";
command = ["hyprpicker" "-a"]; command = [
"hyprpicker"
"-a"
];
enabled = true; enabled = true;
dangerous = false; dangerous = false;
} }
home/system/caelestia-shell/scheme.nix
+10 -8
View File
@@ -122,14 +122,16 @@
colorsHash = builtins.hashString "sha256" (builtins.toJSON colors); colorsHash = builtins.hashString "sha256" (builtins.toJSON colors);
customCli = inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs (oldAttrs: { customCli =
name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}"; inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs
postUnpack = '' (oldAttrs: {
mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}";
cp ${customSchemeFile} $sourceRoot/src/caelestia/data/schemes/custom/main/dark.txt postUnpack = ''
echo "Custom scheme added to source" mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main
''; cp ${customSchemeFile} $sourceRoot/src/caelestia/data/schemes/custom/main/dark.txt
}); echo "Custom scheme added to source"
'';
});
in { in {
programs.caelestia.cli.package = customCli; programs.caelestia.cli.package = customCli;
} }
home/system/hyprland/bindings.nix
+23 -15
View File
@@ -7,9 +7,8 @@
colors = config.lib.stylix.colors; colors = config.lib.stylix.colors;
mkMenu = menu: let mkMenu = menu: let
configFile = configFile = pkgs.writeText "config.yaml" (
pkgs.writeText "config.yaml" lib.generators.toYAML {} {
(lib.generators.toYAML {} {
anchor = "bottom-right"; anchor = "bottom-right";
border = "#${colors.base0D}80"; border = "#${colors.base0D}80";
background = "#${colors.base01}EE"; background = "#${colors.base01}EE";
@@ -19,7 +18,8 @@
rows_per_column = 5; rows_per_column = 5;
inherit menu; inherit menu;
}); }
);
in in
pkgs.writeShellScriptBin "menu" '' pkgs.writeShellScriptBin "menu" ''
exec ${lib.getExe pkgs.wlr-which-key} ${configFile} exec ${lib.getExe pkgs.wlr-which-key} ${configFile}
@@ -32,7 +32,8 @@ in {
bind = bind =
[ [
# Applications # Applications
("$shiftMod, A, exec, " (
"$shiftMod, A, exec, "
+ lib.getExe (mkMenu [ + lib.getExe (mkMenu [
{ {
key = "a"; key = "a";
@@ -84,14 +85,16 @@ in {
desc = "Qutebrowser (Temp session)"; desc = "Qutebrowser (Temp session)";
cmd = "${pkgs.qutebrowser}/bin/qutebrowser --temp-basedir"; cmd = "${pkgs.qutebrowser}/bin/qutebrowser --temp-basedir";
} }
])) ])
)
# Web links # Web links
"$mod,B, exec, uwsm app -- ${pkgs.qutebrowser}/bin/qutebrowser" # Browser (Qutebrowser) "$mod,B, exec, uwsm app -- ${pkgs.qutebrowser}/bin/qutebrowser" # Browser (Qutebrowser)
# Power # Power
"$mod, X, global, caelestia:session" # Powermenu "$mod, X, global, caelestia:session" # Powermenu
("$shiftMod, X, exec, " (
"$shiftMod, X, exec, "
+ lib.getExe (mkMenu [ + lib.getExe (mkMenu [
{ {
key = "l"; key = "l";
@@ -123,7 +126,8 @@ in {
desc = "Restart caelestia"; desc = "Restart caelestia";
cmd = "hyprctl dispatch exec 'caelestia-shell kill | sleep 1 | caelestia-shell'"; cmd = "hyprctl dispatch exec 'caelestia-shell kill | sleep 1 | caelestia-shell'";
} }
])) ])
)
# Quick launch # Quick launch
"$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal) "$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal)
@@ -154,13 +158,17 @@ in {
", Print, global, caelestia:screenshotFreeze" # Capture region (freeze) ", Print, global, caelestia:screenshotFreeze" # Capture region (freeze)
"$shiftMod+Alt, S, global, caelestia:screenshot" # Capture region "$shiftMod+Alt, S, global, caelestia:screenshot" # Capture region
] ]
++ (builtins.concatLists (builtins.genList (i: let ++ (builtins.concatLists (
ws = i + 1; builtins.genList (
in [ i: let
"$mod,code:1${toString i}, workspace, ${toString ws}" ws = i + 1;
"$mod SHIFT,code:1${toString i}, movetoworkspace, ${toString ws}" in [
]) "$mod,code:1${toString i}, workspace, ${toString ws}"
9)); "$mod SHIFT,code:1${toString i}, movetoworkspace, ${toString ws}"
]
)
9
));
bindm = [ bindm = [
"$mod,mouse:272, movewindow" # Move Window (mouse) "$mod,mouse:272, movewindow" # Move Window (mouse)
home/system/hyprland/default.nix
-3
View File
@@ -62,9 +62,6 @@ in {
]; ];
monitor = [ monitor = [
"eDP-2,highres,0x0,1" # My internal laptop screen
"desc:AOC U34G2G1 0x00000E06,3440x1440@99.98,auto,1" # My external monitor
"desc:Philips Consumer Electronics Company PHL 221B8L ZV02144013987,highres,0x0,1"
",prefered,auto,1" # default ",prefered,auto,1" # default
]; ];
home/system/hyprland/keyboard-backlight.nix
+3 -1
View File
@@ -39,4 +39,6 @@
''; '';
command = "bash ${keyboard-backlight}/bin/keyboard-backlight &"; command = "bash ${keyboard-backlight}/bin/keyboard-backlight &";
in {wayland.windowManager.hyprland.settings.exec-once = [command];} in {
wayland.windowManager.hyprland.settings.exec-once = [command];
}
home/system/hyprpaper/default.nix
+1 -2
View File
@@ -8,8 +8,7 @@
splash = false; splash = false;
}; };
}; };
systemd.user.services.hyprpaper.Unit.After = systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target";
lib.mkForce "graphical-session.target";
wayland.windowManager.hyprland.settings.exec-once = [ wayland.windowManager.hyprland.settings.exec-once = [
"systemctl --user enable --now hyprpaper.service" "systemctl --user enable --now hyprpaper.service"
home/system/mime/default.nix
+7 -4
View File
@@ -117,14 +117,17 @@ with lib; let
desktopName = "Neovim (Ghostty)"; desktopName = "Neovim (Ghostty)";
exec = ''ghostty --title="Neovim Editor" -e nvim %F''; exec = ''ghostty --title="Neovim Editor" -e nvim %F'';
terminal = false; terminal = false;
categories = ["Development" "TextEditor"]; categories = [
"Development"
"TextEditor"
];
mimeTypes = mimeMap.code ++ mimeMap.text; mimeTypes = mimeMap.code ++ mimeMap.text;
}; };
associations = with lists; associations = with lists;
listToAttrs (flatten (mapAttrsToList listToAttrs (
(key: map (type: attrsets.nameValuePair type defaultApps."${key}")) flatten (mapAttrsToList (key: map (type: attrsets.nameValuePair type defaultApps."${key}")) mimeMap)
mimeMap)); );
in { in {
home.packages = [nvim-ghostty]; home.packages = [nvim-ghostty];
hosts/laptop/configuration.nix
+30
View File
@@ -12,6 +12,7 @@
../../nixos/users.nix ../../nixos/users.nix
../../nixos/utils.nix ../../nixos/utils.nix
../../nixos/hyprland.nix ../../nixos/hyprland.nix
../../nixos/usbguard.nix
../../nixos/omen.nix # CHANGEME: For my laptop only, remove this (OMEN 16) ../../nixos/omen.nix # CHANGEME: For my laptop only, remove this (OMEN 16)
@@ -20,6 +21,35 @@
./variables.nix ./variables.nix
]; ];
# USBGuard:
# Allow all USB devices until a proper policy is configured.
# Run `sudo usbguard generate-policy` with your devices plugged in,
# then set rules = "<output>" and switch implicitPolicyTarget to "block".
# services.usbguard.implicitPolicyTarget = lib.mkForce "allow";
services.usbguard.rules = ''
allow id 1d6b:0002 serial "0000:05:00.3" name "xHCI Host Controller" hash "4a4NgfdUaJO43rkCzmWRSeHHR/uUh5+SNsXnhosm9qs=" parent-hash "ldMchY4Tt4GPUYo30eNGvai+Fs/EdnVY3vMyxJUq4Nk=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:05:00.3" name "xHCI Host Controller" hash "d+DNGWARDtv9nEK2ZvnNOCtFernuMu5/e/oZ7kCppqQ=" parent-hash "ldMchY4Tt4GPUYo30eNGvai+Fs/EdnVY3vMyxJUq4Nk=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:05:00.4" name "xHCI Host Controller" hash "icotY3rI59mWiKsGxc59BGZZeBjfbuH0b4NUByj3cbQ=" parent-hash "tHvBfznK5rpQn+oa0PEEjHa29EAEvGyCcZixsfwA6W0=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:05:00.4" name "xHCI Host Controller" hash "UbEoCZW8HT2ldc3qDeiK+IiQlGeaBC7F63681OwmKhI=" parent-hash "tHvBfznK5rpQn+oa0PEEjHa29EAEvGyCcZixsfwA6W0=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:07:00.3" name "xHCI Host Controller" hash "pz29Oo0RhQ+5+7LgOZR4v3OlcsVv3m9kCgGsGUnoUjI=" parent-hash "DRyV2/31MYHdzkIEfbPQeb/1w4/PjOW6GqWrXkftf2I=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:07:00.3" name "xHCI Host Controller" hash "O6iOpcl9StImWT62SrbeXacqbG6N/mTIipTRc0ipCGM=" parent-hash "DRyV2/31MYHdzkIEfbPQeb/1w4/PjOW6GqWrXkftf2I=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:07:00.4" name "xHCI Host Controller" hash "Hp8B0Enf+ACRT2tyy0EqXj7eNsFDAnTRZadzuh/Iqd4=" parent-hash "l2vhvC+VGVKlkBUUK/usFu8jHJ/5bWOnJG6WzRexpt4=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:07:00.4" name "xHCI Host Controller" hash "rJ3LKdvkCK3SUrCU3lV8qVbmPjA+r9Fe5106x2HlgK4=" parent-hash "l2vhvC+VGVKlkBUUK/usFu8jHJ/5bWOnJG6WzRexpt4=" with-interface 09:00:00 with-connect-type ""
allow id 0bda:c85c serial "00e04c000001" name "Bluetooth Radio" hash "Q/wlToV8WQgEYHBW/UIhnSwCCusCGqAR2D5gspSCImQ=" parent-hash "4a4NgfdUaJO43rkCzmWRSeHHR/uUh5+SNsXnhosm9qs=" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "hardwired"
allow id 30c9:009f serial "01.00.00" name "HP True Vision FHD Camera" hash "eYW5fqReJd29tfHXkEktKC63dGfDpmlRMo5uMGUWwME=" parent-hash "icotY3rI59mWiKsGxc59BGZZeBjfbuH0b4NUByj3cbQ=" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 fe:01:01 } with-connect-type "hardwired"
allow id 03f0:036b serial "" name "HP USB-C Dock G5" hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" parent-hash "Hp8B0Enf+ACRT2tyy0EqXj7eNsFDAnTRZadzuh/Iqd4=" via-port "7-1" with-interface { 09:00:01 09:00:02 } with-connect-type "hotplug"
allow id 03f0:066b serial "" name "HP USB-C Dock G5" hash "JHDjLFApQNqijjmuKdJSWH5+1oLL7S6LQ9QHTAk5fTk=" parent-hash "rJ3LKdvkCK3SUrCU3lV8qVbmPjA+r9Fe5106x2HlgK4=" via-port "8-1" with-interface 09:00:00 with-connect-type "hotplug"
allow id 03f0:056b serial "201604140001" name "USB Audio" hash "OxQ8HQenW3/4HSGEBOSYFS15rXDTOaNDnjMbICweHgw=" parent-hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 } with-connect-type "unknown"
allow id 03f0:086b serial "" name "USB2734" hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" parent-hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" via-port "7-1.3" with-interface { 09:00:01 09:00:02 } with-connect-type "unknown"
allow id 03f0:046b serial "11AD1D0A89EA2D08310E0B00" name "HP USB-C Dock G5" hash "DEGeuj1u4lwqrzp0UksFX7mSEY9JnGLxg7yxGbglAKE=" parent-hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" with-interface { 11:00:00 ff:03:00 03:00:00 } with-connect-type "unknown"
allow id 03f0:076b serial "" name "USB5734" hash "BshoqybYo0IKgoDORYPRtbhhlmQrYAxPQb2EAm1JsWA=" parent-hash "JHDjLFApQNqijjmuKdJSWH5+1oLL7S6LQ9QHTAk5fTk=" via-port "8-1.3" with-interface 09:00:00 with-connect-type "unknown"
allow id 0bda:8153 serial "000001000000" name "USB 10/100/1000 LAN" hash "utEnXKJ57kRUbPcGUaNWhEyoOEbLOYAFxvlsyC0PZkk=" parent-hash "JHDjLFApQNqijjmuKdJSWH5+1oLL7S6LQ9QHTAk5fTk=" with-interface { ff:ff:00 02:06:00 0a:00:00 0a:00:00 } with-connect-type "unknown"
allow id 046d:0ab7 serial "2046BAB04T68" name "Blue Microphones" hash "cC6AQ2e1Q/BeFeostpbf1mH2WpoUmt6bhau4NlA3niU=" parent-hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 } with-connect-type "unknown"
allow id 1532:02a1 serial "" name "Razer Ornata V3" hash "wfuIjBhhGuge8gflyA526SKqKoy8rHJZQZ+2o6usMiE=" parent-hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" via-port "7-1.3.3" with-interface { 03:01:01 03:00:01 03:00:02 } with-connect-type "unknown"
allow id 13fd:5900 serial "50026B76861EE752 " name "External" hash "l/QvVV5hzZj1z6OUwB/kWl+WnH/7awrdMBoiNVx660M=" parent-hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" with-interface { 08:06:50 08:06:62 } with-connect-type "unknown"
'';
home-manager.users."${config.var.username}" = import ./home.nix; home-manager.users."${config.var.username}" = import ./home.nix;
# Don't touch this # Don't touch this
hosts/laptop/flake.nix
+31
View File
@@ -0,0 +1,31 @@
{
inputs,
nixpkgs,
...
}:
nixpkgs.lib.nixosSystem {
modules = [
{
nixpkgs.overlays = [
(final: prev: {
# FIXME: Workaround: Mesa crash with AMD GPU + Wayland + Qt 6.11.0
qutebrowser = prev.symlinkJoin {
name = "qutebrowser";
paths = [prev.qutebrowser];
buildInputs = [prev.makeWrapper];
postBuild = ''
wrapProgram $out/bin/qutebrowser \
--set LIBGL_ALWAYS_SOFTWARE 1
'';
};
})
];
_module.args = {inherit inputs;};
}
inputs.nixos-hardware.nixosModules.omen-16-n0005ne
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
inputs.nix-index-database.nixosModules.default
./configuration.nix
];
}
hosts/laptop/hardware-configuration.nix
+11 -2
View File
@@ -11,7 +11,13 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "uas" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"uas"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
@@ -24,7 +30,10 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5251-9B85"; device = "/dev/disk/by-uuid/5251-9B85";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077"]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = []; swapDevices = [];
hosts/laptop/home.nix
+15 -2
View File
@@ -36,7 +36,9 @@
home = { home = {
inherit (config.var) username; inherit (config.var) username;
homeDirectory = "/home/" + config.var.username; homeDirectory = "/home/" + config.var.username;
file.".face" = {source = ./profile_picture.png;}; file.".face" = {
source = ./profile_picture.png;
};
sessionVariables = { sessionVariables = {
AQ_DRM_DEVICES = "/dev/dri/card2:/dev/dri/card1"; # CHANGEME: Related to the GPU AQ_DRM_DEVICES = "/dev/dri/card2:/dev/dri/card1"; # CHANGEME: Related to the GPU
@@ -46,5 +48,16 @@
stateVersion = "24.05"; stateVersion = "24.05";
}; };
programs.home-manager.enable = true; wayland.windowManager.hyprland.settings.monitor = [
"eDP-2,highres,0x0,1" # My internal laptop screen
"desc:AOC U34G2G1 0x00000E06,3440x1440@99.98,auto,1" # My external monitor
];
programs = {
home-manager.enable = true;
nixy = {
enable = true;
configDirectory = config.var.configDirectory;
};
};
} }
hosts/laptop/secrets/default.nix
+19 -6
View File
@@ -14,11 +14,21 @@ in {
age.keyFile = "${home}/.config/sops/age/keys.txt"; age.keyFile = "${home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
ssh-config = {path = "${home}/.ssh/config";}; ssh-config = {
github-key = {path = "${home}/.ssh/github";}; path = "${home}/.ssh/config";
jack-key = {path = "${home}/.ssh/jack";}; };
signing-key = {path = "${home}/.ssh/key";}; github-key = {
signing-pub-key = {path = "${home}/.ssh/key.pub";}; path = "${home}/.ssh/github";
};
jack-key = {
path = "${home}/.ssh/jack";
};
signing-key = {
path = "${home}/.ssh/key";
};
signing-pub-key = {
path = "${home}/.ssh/key.pub";
};
}; };
}; };
@@ -42,7 +52,10 @@ in {
''; '';
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
home.packages = with pkgs; [sops age]; home.packages = with pkgs; [
sops
age
];
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
} }
hosts/laptop/variables.nix
+1 -4
View File
@@ -11,10 +11,7 @@
config.var = { config.var = {
hostname = "h-laptop"; hostname = "h-laptop";
username = "hadi"; username = "hadi";
configDirectory = configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr"; keyboardLayout = "fr";
hosts/server/flake.nix
+18
View File
@@ -0,0 +1,18 @@
{
inputs,
nixpkgs,
...
}:
nixpkgs.lib.nixosSystem {
modules = [
{_module.args = {inherit inputs;};}
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
inputs.sops-nix.nixosModules.sops
inputs.nixarr.nixosModules.default
# inputs.eleakxir.nixosModules.eleakxir
inputs.nix-index-database.nixosModules.default
inputs.default-creds.nixosModules.default
./configuration.nix
];
}
hosts/server/hardware-configuration.nix
+17 -5
View File
@@ -9,7 +9,14 @@
... ...
}: { }: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = ["dm-snapshot"]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
@@ -20,12 +27,18 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DD15-1125"; device = "/dev/disk/by-uuid/DD15-1125";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077"]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
fileSystems."/mnt/data" = { fileSystems."/mnt/data" = {
device = "/dev/disk/by-uuid/0b055155-0134-448c-b1ca-e81030ff064e"; device = "/dev/disk/by-uuid/0b055155-0134-448c-b1ca-e81030ff064e";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=/" "compress=zstd"]; # adapte selon si t'as des subvolumes options = [
"subvol=/"
"compress=zstd"
]; # adapte selon si t'as des subvolumes
}; };
swapDevices = []; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -35,6 +48,5 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }
hosts/server/home.nix
+5
View File
@@ -23,4 +23,9 @@
}; };
programs.home-manager.enable = true; programs.home-manager.enable = true;
programs.nixy = {
enable = true;
configDirectory = config.var.configDirectory;
};
} }
hosts/server/secrets/default.nix
+4 -1
View File
@@ -26,5 +26,8 @@
}; };
}; };
environment.systemPackages = with pkgs; [sops age]; environment.systemPackages = with pkgs; [
sops
age
];
} }
hosts/server/variables.nix
+1 -4
View File
@@ -11,10 +11,7 @@
config.var = { config.var = {
hostname = "jack"; hostname = "jack";
username = "hadi"; username = "hadi";
configDirectory = configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr"; keyboardLayout = "fr";
hosts/work/configuration.nix
+18 -1
View File
@@ -1,4 +1,8 @@
{config, ...}: { {
config,
lib,
...
}: {
imports = [ imports = [
# Mostly system related configuration # Mostly system related configuration
../../nixos/audio.nix ../../nixos/audio.nix
@@ -8,6 +12,7 @@
../../nixos/nix.nix ../../nixos/nix.nix
../../nixos/systemd-boot.nix ../../nixos/systemd-boot.nix
../../nixos/sddm.nix ../../nixos/sddm.nix
../../nixos/usbguard.nix
../../nixos/users.nix ../../nixos/users.nix
../../nixos/utils.nix ../../nixos/utils.nix
../../nixos/hyprland.nix ../../nixos/hyprland.nix
@@ -19,6 +24,18 @@
home-manager.users."${config.var.username}" = import ./home.nix; home-manager.users."${config.var.username}" = import ./home.nix;
# USBGuard:
# Allow all USB devices until a proper policy is configured.
# Run `sudo usbguard generate-policy` with your devices plugged in,
# then set rules = "<output>" and switch implicitPolicyTarget to "block".
# services.usbguard.implicitPolicyTarget = lib.mkForce "allow";
services.usbguard.rules = ''
allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 17ef:608d serial "" name "Lenovo USB Optical Mouse" hash "klpDZuv1jhWGNqZLOl+KXF+75Ir3PfBm6D6ncjoLRBU=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-7" with-interface 03:01:02 with-connect-type "hotplug"
allow id 17ef:6190 serial "" name "Lenovo Calliope USB Keyboard G2" hash "CfZ9R/aoXGm7BN/ojVEzKQwVoxCUtRWMuACrE7BL/5Y=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-10" with-interface { 03:01:01 03:00:00 } with-connect-type "hotplug"
'';
networking.firewall.allowedTCPPorts = [9001]; networking.firewall.allowedTCPPorts = [9001];
# Don't touch this # Don't touch this
hosts/work/flake.nix
+17
View File
@@ -0,0 +1,17 @@
{
inputs,
nixpkgs,
...
}:
nixpkgs.lib.nixosSystem {
modules = [
{
nixpkgs.overlays = [];
_module.args = {inherit inputs;};
}
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
inputs.nix-index-database.nixosModules.default
./configuration.nix
];
}
hosts/work/hardware-configuration.nix
+12 -2
View File
@@ -12,7 +12,14 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
@@ -25,7 +32,10 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/043E-1755"; device = "/dev/disk/by-uuid/043E-1755";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077"]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = []; swapDevices = [];
hosts/work/home.nix
+11 -1
View File
@@ -39,5 +39,15 @@
stateVersion = "24.05"; stateVersion = "24.05";
}; };
programs.home-manager.enable = true; wayland.windowManager.hyprland.settings.monitor = [
"desc:Philips Consumer Electronics Company PHL 221B8L ZV02144013987,highres,0x0,1"
];
programs = {
home-manager.enable = true;
nixy = {
enable = true;
configDirectory = config.var.configDirectory;
};
};
} }
hosts/work/secrets/default.nix
+16 -5
View File
@@ -14,10 +14,18 @@ in {
age.keyFile = "${home}/.config/sops/age/keys.txt"; age.keyFile = "${home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
ssh-config = {path = "${home}/.ssh/config";}; ssh-config = {
netrc = {path = "${home}/.netrc";}; path = "${home}/.ssh/config";
github-key = {path = "${home}/.ssh/github";}; };
gitlab-key = {path = "${home}/.ssh/gitlab";}; netrc = {
path = "${home}/.netrc";
};
github-key = {
path = "${home}/.ssh/github";
};
gitlab-key = {
path = "${home}/.ssh/gitlab";
};
}; };
}; };
@@ -41,7 +49,10 @@ in {
''; '';
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
home.packages = with pkgs; [sops age]; home.packages = with pkgs; [
sops
age
];
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
} }
hosts/work/variables.nix
+1 -4
View File
@@ -11,10 +11,7 @@
config.var = { config.var = {
hostname = "h-work"; hostname = "h-work";
username = "hadrien"; username = "hadrien";
configDirectory = configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr"; keyboardLayout = "fr";
nixos/audio.nix
+3 -1
View File
@@ -13,7 +13,9 @@
enable = true; enable = true;
extraConfig = { extraConfig = {
"10-disable-camera" = { "10-disable-camera" = {
"wireplumber.profiles" = {main."monitor.libcamera" = "disabled";}; "wireplumber.profiles" = {
main."monitor.libcamera" = "disabled";
};
}; };
}; };
}; };
nixos/home-manager.nix
+5 -1
View File
@@ -1,5 +1,9 @@
# Home-manager configuration for NixOS # Home-manager configuration for NixOS
{inputs, pkgs, ...}: { {
inputs,
pkgs,
...
}: {
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
nixos/nix.nix
+4 -1
View File
@@ -35,7 +35,10 @@ in {
settings = { settings = {
download-buffer-size = 262144000; # 250 MB (250 * 1024 * 1024) download-buffer-size = 262144000; # 250 MB (250 * 1024 * 1024)
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"]; experimental-features = [
"nix-command"
"flakes"
];
substituters = [ substituters = [
# high priority since it's almost always used # high priority since it's almost always used
"https://cache.nixos.org?priority=10" "https://cache.nixos.org?priority=10"
nixos/nvidia.nix
+1 -2
View File
@@ -55,8 +55,7 @@ in {
# Optimized configuration for switchable graphics laptops # Optimized configuration for switchable graphics laptops
offload = { offload = {
enable = true; # Mode optimized for power saving enable = true; # Mode optimized for power saving
enableOffloadCmd = enableOffloadCmd = true; # Allows running applications with dedicated GPU
true; # Allows running applications with dedicated GPU
}; };
# sync.enable disabled as offload is generally better for laptops # sync.enable disabled as offload is generally better for laptops
sync.enable = false; sync.enable = false;
nixos/omen.nix
+4 -4
View File
@@ -5,9 +5,8 @@
pkgs, pkgs,
... ...
}: let }: let
hp-omen-linux-module = hp-omen-linux-module = pkgs.callPackage (
pkgs.callPackage {
({
kernel ? config.boot.kernelPackages.kernel, kernel ? config.boot.kernelPackages.kernel,
stdenv, stdenv,
fetchFromGitHub, fetchFromGitHub,
@@ -33,7 +32,8 @@
install hp-wmi.ko -Dm444 -t $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/platform/x86/hp/ install hp-wmi.ko -Dm444 -t $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/platform/x86/hp/
runHook postInstall runHook postInstall
''; '';
})) {kernel = config.boot.kernelPackages.kernel;}; })
) {kernel = config.boot.kernelPackages.kernel;};
in { in {
boot.extraModulePackages = [hp-omen-linux-module]; boot.extraModulePackages = [hp-omen-linux-module];
boot.kernelModules = ["hp-wmi"]; boot.kernelModules = ["hp-wmi"];
nixos/systemd-boot.nix
+4 -3
View File
@@ -11,8 +11,7 @@
}; };
}; };
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernelPackages = kernelPackages = pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
# Silent boot # Silent boot
kernelParams = [ kernelParams = [
@@ -38,5 +37,7 @@
}; };
# To avoid systemd services hanging on shutdown # To avoid systemd services hanging on shutdown
systemd.settings.Manager = { DefaultTimeoutStopSec = "10s"; }; systemd.settings.Manager = {
DefaultTimeoutStopSec = "10s";
};
} }
nixos/usbguard.nix
+10
View File
@@ -0,0 +1,10 @@
{config, ...}: {
services.usbguard = {
enable = true;
implicitPolicyTarget = "block";
IPCAllowedUsers = [
"root"
config.var.username
];
};
}
nixos/users.nix
+4 -1
View File
@@ -13,7 +13,10 @@ in {
users.${username} = { users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "${username} account"; description = "${username} account";
extraGroups = ["networkmanager" "wheel"]; extraGroups = [
"networkmanager"
"wheel"
];
}; };
}; };
} }
nixos/utils.nix
+16 -4
View File
@@ -21,11 +21,17 @@ in {
enable = autoUpgrade; enable = autoUpgrade;
dates = "04:00"; dates = "04:00";
flake = "${configDir}"; flake = "${configDir}";
flags = ["--update-input" "nixpkgs" "--commit-lock-file"]; flags = [
"--update-input"
"nixpkgs"
"--commit-lock-file"
];
allowReboot = false; allowReboot = false;
}; };
time = {timeZone = timeZone;}; time = {
timeZone = timeZone;
};
i18n.defaultLocale = defaultLocale; i18n.defaultLocale = defaultLocale;
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = extraLocale; LC_ADDRESS = extraLocale;
@@ -65,7 +71,10 @@ in {
dbus = { dbus = {
enable = true; enable = true;
implementation = "broker"; implementation = "broker";
packages = with pkgs; [gcr gnome-settings-daemon]; packages = with pkgs; [
gcr
gnome-settings-daemon
];
}; };
gvfs.enable = true; gvfs.enable = true;
upower.enable = true; upower.enable = true;
@@ -115,7 +124,10 @@ in {
xdgOpenUsePortal = true; xdgOpenUsePortal = true;
config = { config = {
common.default = ["gtk"]; common.default = ["gtk"];
hyprland.default = ["gtk" "hyprland"]; hyprland.default = [
"gtk"
"hyprland"
];
}; };
extraPortals = [pkgs.xdg-desktop-portal-gtk]; extraPortals = [pkgs.xdg-desktop-portal-gtk];
server-modules/arr.nix
+4 -1
View File
@@ -49,7 +49,10 @@ in {
}; };
}; };
users.users.jellyfin.extraGroups = ["video" "render"]; users.users.jellyfin.extraGroups = [
"video"
"render"
];
services.cloudflared.tunnels."${config.var.tunnelId}".ingress = { services.cloudflared.tunnels."${config.var.tunnelId}".ingress = {
"media.${config.var.domain}" = "http://localhost:8096"; "media.${config.var.domain}" = "http://localhost:8096";
server-modules/awesome-wallpapers.nix
+15 -7
View File
@@ -1,19 +1,27 @@
{ config, inputs, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
inputs,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "wallpapers"; name = "wallpapers";
hostIp = "10.233.4.1"; hostIp = "10.233.4.1";
containerIp = "10.233.4.2"; containerIp = "10.233.4.2";
nixosConfig = { pkgs, ... }: { nixosConfig = {pkgs, ...}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."wallpapers" = { virtualHosts."wallpapers" = {
root = "${inputs.awesome-wallpapers.packages.${pkgs.system}.default}/share/awesome-wallpapers"; root = "${inputs.awesome-wallpapers.packages.${pkgs.system}.default}/share/awesome-wallpapers";
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
locations."/" = { locations."/" = {
tryFiles = "$uri $uri/ /index.html"; tryFiles = "$uri $uri/ /index.html";
}; };
@@ -23,7 +31,7 @@ in
''; '';
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/blog.nix
+12 -2
View File
@@ -25,12 +25,19 @@ in {
} }
]; ];
locations."/" = { locations."/" = {
tryFiles = "$uri $uri/ /index.html"; tryFiles = "$uri $uri/ =404";
}; };
extraConfig = '' extraConfig = ''
port_in_redirect off; port_in_redirect off;
absolute_redirect off; absolute_redirect off;
error_page 403 /403.html;
error_page 404 /404.html;
error_page 500 /500.html;
error_page 503 /503.html;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
''; '';
}; };
"www-redirect" = { "www-redirect" = {
@@ -44,7 +51,10 @@ in {
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [8080 8081]; networking.firewall.allowedTCPPorts = [
8080
8081
];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/cyberchef.nix
+14 -7
View File
@@ -1,22 +1,29 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "cyberchef"; name = "cyberchef";
hostIp = "10.233.5.1"; hostIp = "10.233.5.1";
containerIp = "10.233.5.2"; containerIp = "10.233.5.2";
nixosConfig = { pkgs, ... }: { nixosConfig = {pkgs, ...}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."cyberchef" = { virtualHosts."cyberchef" = {
root = "${pkgs.cyberchef}/share/cyberchef"; root = "${pkgs.cyberchef}/share/cyberchef";
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/default-creds.nix
+11 -8
View File
@@ -1,21 +1,24 @@
{ config, inputs, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
domain = config.var.domain;
in
{ {
config,
inputs,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
domain = config.var.domain;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "def-creds"; name = "def-creds";
hostIp = "10.233.6.1"; hostIp = "10.233.6.1";
containerIp = "10.233.6.2"; containerIp = "10.233.6.2";
nixosConfig = { ... }: { nixosConfig = {...}: {
imports = [ inputs.default-creds.nixosModules.default ]; imports = [inputs.default-creds.nixosModules.default];
services.default-creds = { services.default-creds = {
enable = true; enable = true;
port = 8087; port = 8087;
}; };
networking.firewall.allowedTCPPorts = [ 8087 ]; networking.firewall.allowedTCPPorts = [8087];
systemd.services.default-creds.environment = { systemd.services.default-creds.environment = {
HOST = lib.mkForce "0.0.0.0"; HOST = lib.mkForce "0.0.0.0";
PUBLIC_UMAMI_URL = "https://umami.${domain}"; PUBLIC_UMAMI_URL = "https://umami.${domain}";
server-modules/gitea.nix
+17 -12
View File
@@ -1,14 +1,17 @@
{ config, pkgs, lib, ... }: {
let config,
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; pkgs,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
domain = config.var.domain; domain = config.var.domain;
catppuccin-gitea = pkgs.fetchzip { catppuccin-gitea = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz"; url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz";
sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs="; sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs=";
stripRoot = false; stripRoot = false;
}; };
in in {
{
imports = [ imports = [
(mkContainer { (mkContainer {
name = "gitea"; name = "gitea";
@@ -19,17 +22,19 @@ in
hostPath = "/var/lib/gitea"; hostPath = "/var/lib/gitea";
isReadOnly = false; isReadOnly = false;
}; };
nixosConfig = { lib, ... }: { nixosConfig = {lib, ...}: {
users.users.gitea.uid = lib.mkForce 978; users.users.gitea.uid = lib.mkForce 978;
users.groups.gitea.gid = lib.mkForce 968; users.groups.gitea.gid = lib.mkForce 968;
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "gitea" ]; ensureDatabases = ["gitea"];
ensureUsers = [{ ensureUsers = [
name = "gitea"; {
ensureDBOwnership = true; name = "gitea";
}]; ensureDBOwnership = true;
}
];
}; };
services.gitea = { services.gitea = {
@@ -69,7 +74,7 @@ in
ln -sfn ${catppuccin-gitea} /var/lib/gitea/custom/public/assets/css ln -sfn ${catppuccin-gitea} /var/lib/gitea/custom/public/assets/css
''; '';
networking.firewall.allowedTCPPorts = [ 3002 ]; networking.firewall.allowedTCPPorts = [3002];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/glance/default.nix
+93 -39
View File
@@ -1,41 +1,87 @@
{ config, lib, ... }: {
let config,
inherit (import ../mk-container.nix { inherit lib config; }) mkContainer; lib,
...
}: let
inherit (import ../mk-container.nix {inherit lib config;}) mkContainer;
domain = config.var.domain; domain = config.var.domain;
hostIp = "10.233.12.1"; hostIp = "10.233.12.1";
# Convert 6-char hex color to "H S L" string for glance (integers, no % sign) # Convert 6-char hex color to "H S L" string for glance (integers, no % sign)
hexToGlanceHsl = hex: hexToGlanceHsl = hex: let
let h = lib.toLower hex;
h = lib.toLower hex; d = c:
d = c: if c == "a"
if c == "a" then 10 else if c == "b" then 11 else if c == "c" then 12 then 10
else if c == "d" then 13 else if c == "e" then 14 else if c == "f" then 15 else if c == "b"
else lib.toInt c; then 11
byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h); else if c == "c"
ri = byte 0; gi = byte 2; bi = byte 4; then 12
r = ri * 1.0 / 255.0; else if c == "d"
g = gi * 1.0 / 255.0; then 13
b = bi * 1.0 / 255.0; else if c == "e"
mx = if r >= g && r >= b then "r" else if g >= b then "g" else "b"; then 14
mn = if r <= g && r <= b then "r" else if g <= b then "g" else "b"; else if c == "f"
cmax = if mx == "r" then r else if mx == "g" then g else b; then 15
cmin = if mn == "r" then r else if mn == "g" then g else b; else lib.toInt c;
delta = cmax - cmin; byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h);
l = (cmax + cmin) / 2.0; ri = byte 0;
s = if delta < 0.0001 then 0.0 gi = byte 2;
else if l <= 0.5 then delta / (cmax + cmin) bi = byte 4;
else delta / (2.0 - cmax - cmin); r = ri * 1.0 / 255.0;
hue = g = gi * 1.0 / 255.0;
if delta < 0.0001 then 0.0 b = bi * 1.0 / 255.0;
else if mx == "r" then let raw = 60.0 * (g - b) / delta; in if raw < 0.0 then raw + 360.0 else raw mx =
else if mx == "g" then 60.0 * ((b - r) / delta + 2.0) if r >= g && r >= b
else 60.0 * ((r - g) / delta + 4.0); then "r"
in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${toString (builtins.floor (l * 100.0 + 0.5))}"; else if g >= b
then "g"
else "b";
mn =
if r <= g && r <= b
then "r"
else if g <= b
then "g"
else "b";
cmax =
if mx == "r"
then r
else if mx == "g"
then g
else b;
cmin =
if mn == "r"
then r
else if mn == "g"
then g
else b;
delta = cmax - cmin;
l = (cmax + cmin) / 2.0;
s =
if delta < 0.0001
then 0.0
else if l <= 0.5
then delta / (cmax + cmin)
else delta / (2.0 - cmax - cmin);
hue =
if delta < 0.0001
then 0.0
else if mx == "r"
then let
raw = 60.0 * (g - b) / delta;
in
if raw < 0.0
then raw + 360.0
else raw
else if mx == "g"
then 60.0 * ((b - r) / delta + 2.0)
else 60.0 * ((r - g) / delta + 4.0);
in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${
toString (builtins.floor (l * 100.0 + 0.5))
}";
c = config.stylix.base16Scheme; c = config.stylix.base16Scheme;
in in {
{
# 0444 so the glance user inside the container can read the bind-mounted file # 0444 so the glance user inside the container can read the bind-mounted file
sops.secrets.adguard-pwd.mode = "0444"; sops.secrets.adguard-pwd.mode = "0444";
@@ -49,10 +95,13 @@ in
hostPath = config.sops.secrets.adguard-pwd.path; hostPath = config.sops.secrets.adguard-pwd.path;
isReadOnly = true; isReadOnly = true;
}; };
nixosConfig = { lib, ... }: { nixosConfig = {lib, ...}: {
_module.args.domain = domain; _module.args.domain = domain;
_module.args.adguardUrl = "http://${hostIp}:3000"; _module.args.adguardUrl = "http://${hostIp}:3000";
imports = [ ./home.nix ./server.nix ]; imports = [
./home.nix
./server.nix
];
services.glance = { services.glance = {
enable = true; enable = true;
@@ -64,9 +113,9 @@ in
theme = { theme = {
light = false; light = false;
background-color = hexToGlanceHsl c.base00; # background background-color = hexToGlanceHsl c.base00; # background
primary-color = hexToGlanceHsl c.base0D; # accent (iris/purple) primary-color = hexToGlanceHsl c.base0D; # accent (iris/purple)
positive-color = hexToGlanceHsl c.base0B; # positive (pine/teal) positive-color = hexToGlanceHsl c.base0B; # positive (pine/teal)
negative-color = hexToGlanceHsl c.base08; # negative (love/rose) negative-color = hexToGlanceHsl c.base08; # negative (love/rose)
}; };
}; };
}; };
@@ -77,7 +126,12 @@ in
proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m; proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m;
''; '';
virtualHosts."glance" = { virtualHosts."glance" = {
listen = [{ addr = "0.0.0.0"; port = 8080; }]; listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:5678"; proxyPass = "http://127.0.0.1:5678";
extraConfig = '' extraConfig = ''
@@ -90,7 +144,7 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/glance/home.nix
+1 -1
View File
@@ -1,4 +1,4 @@
{ domain, ... }: { {domain, ...}: {
services.glance.settings.pages = [ services.glance.settings.pages = [
{ {
name = "Home"; name = "Home";
server-modules/mazanoke.nix
+39 -32
View File
@@ -1,43 +1,50 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "mazanoke"; name = "mazanoke";
hostIp = "10.233.7.1"; hostIp = "10.233.7.1";
containerIp = "10.233.7.2"; containerIp = "10.233.7.2";
nixosConfig = { pkgs, ... }: nixosConfig = {pkgs, ...}: let
let version = "1.1.5";
version = "1.1.5"; mazanoke-pkg = pkgs.stdenv.mkDerivation {
mazanoke-pkg = pkgs.stdenv.mkDerivation { inherit version;
inherit version; pname = "mazanoke";
pname = "mazanoke"; src = pkgs.fetchFromGitHub {
src = pkgs.fetchFromGitHub { owner = "civilblur";
owner = "civilblur"; repo = "mazanoke";
repo = "mazanoke"; rev = "v${version}";
rev = "v${version}"; hash = "sha256-B/AF4diMNxN94BzpZP/C+K8kNj9q+4SDKWa/qd4LrVU=";
hash = "sha256-B/AF4diMNxN94BzpZP/C+K8kNj9q+4SDKWa/qd4LrVU=";
};
installPhase = ''
mkdir -p $out/share/mazanoke
cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/
'';
}; };
in installPhase = ''
{ mkdir -p $out/share/mazanoke
services.nginx = { cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/
enable = true; '';
virtualHosts."mazanoke" = {
root = "${mazanoke-pkg}/share/mazanoke";
listen = [{ addr = "0.0.0.0"; port = 8080; }];
locations."/" = { index = "index.html"; };
};
};
networking.firewall.allowedTCPPorts = [ 8080 ];
system.stateVersion = "24.05";
}; };
in {
services.nginx = {
enable = true;
virtualHosts."mazanoke" = {
root = "${mazanoke-pkg}/share/mazanoke";
listen = [
{
addr = "0.0.0.0";
port = 8080;
}
];
locations."/" = {
index = "index.html";
};
};
};
networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05";
};
}) })
]; ];
server-modules/mealie.nix
+8 -6
View File
@@ -1,20 +1,22 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "mealie"; name = "mealie";
hostIp = "10.233.8.1"; hostIp = "10.233.8.1";
containerIp = "10.233.8.2"; containerIp = "10.233.8.2";
internet = true; internet = true;
nixosConfig = { ... }: { nixosConfig = {...}: {
services.mealie = { services.mealie = {
enable = true; enable = true;
port = 8080; port = 8080;
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/mk-container.nix
+62 -58
View File
@@ -1,5 +1,7 @@
{ lib, config }: {
lib,
config,
}:
# Returns a NixOS module (attrset), to be used in `imports`. # Returns a NixOS module (attrset), to be used in `imports`.
# #
# Options: # Options:
@@ -7,62 +9,64 @@
# externalInterface - WAN interface for NAT, required when internet = true # externalInterface - WAN interface for NAT, required when internet = true
# bindMounts - host paths to mount into the container (see containers.<name>.bindMounts) # bindMounts - host paths to mount into the container (see containers.<name>.bindMounts)
# config - NixOS module for the container # config - NixOS module for the container
let let
nginxHardening = { config, ... }: lib.mkIf config.services.nginx.enable { nginxHardening = {config, ...}:
services.nginx.serverTokens = false; lib.mkIf config.services.nginx.enable {
}; services.nginx.serverTokens = false;
in };
in {
{ mkContainer = {
mkContainer = name,
{ hostIp,
name, containerIp,
hostIp, internet ? false,
containerIp, externalInterface ? config.var.networkInterface,
internet ? false, bindMounts ? {},
externalInterface ? config.var.networkInterface, nixosConfig,
bindMounts ? {}, }:
nixosConfig, assert lib.assertMsg (lib.stringLength "ve-${name}" <= 15)
}: "mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15";
assert lib.assertMsg {
(lib.stringLength "ve-${name}" <= 15) containers.${name} = {
"mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15"; autoStart = true;
{ privateNetwork = true;
containers.${name} = { hostAddress = hostIp;
autoStart = true; localAddress = containerIp;
privateNetwork = true; inherit bindMounts;
hostAddress = hostIp; config = {...}: {
localAddress = containerIp; imports = [
inherit bindMounts; nixosConfig
config = { ... }: { nginxHardening
imports = [ nixosConfig nginxHardening ]; ];
networking.nameservers = lib.mkIf internet [ "1.1.1.1" "1.0.0.1" ]; networking.nameservers = lib.mkIf internet [
"1.1.1.1"
"1.0.0.1"
];
};
}; };
}; }
} // (lib.optionalAttrs internet {
// (lib.optionalAttrs internet { boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault true;
boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault true; networking.nat = {
networking.nat = { enable = true;
enable = true; externalInterface = externalInterface;
externalInterface = externalInterface; internalInterfaces = ["ve-${name}"];
internalInterfaces = [ "ve-${name}" ]; };
}; # CONTAINER-FWD (defined by another module) blocks all forwarding by default.
# CONTAINER-FWD (defined by another module) blocks all forwarding by default. # Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet.
# Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet. networking.firewall.extraCommands = ''
networking.firewall.extraCommands = '' iptables -I FORWARD 1 -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD 1 -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT iptables -I FORWARD 1 -s ${containerIp} -d 192.168.0.0/16 -j DROP
iptables -I FORWARD 1 -s ${containerIp} -d 192.168.0.0/16 -j DROP iptables -I FORWARD 1 -s ${containerIp} -d 172.16.0.0/12 -j DROP
iptables -I FORWARD 1 -s ${containerIp} -d 172.16.0.0/12 -j DROP iptables -I FORWARD 1 -s ${containerIp} -d 10.0.0.0/8 -j DROP
iptables -I FORWARD 1 -s ${containerIp} -d 10.0.0.0/8 -j DROP iptables -I FORWARD 1 -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD 1 -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT '';
''; networking.firewall.extraStopCommands = ''
networking.firewall.extraStopCommands = '' iptables -D FORWARD -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT 2>/dev/null || true iptables -D FORWARD -s ${containerIp} -d 192.168.0.0/16 -j DROP 2>/dev/null || true
iptables -D FORWARD -s ${containerIp} -d 192.168.0.0/16 -j DROP 2>/dev/null || true iptables -D FORWARD -s ${containerIp} -d 172.16.0.0/12 -j DROP 2>/dev/null || true
iptables -D FORWARD -s ${containerIp} -d 172.16.0.0/12 -j DROP 2>/dev/null || true iptables -D FORWARD -s ${containerIp} -d 10.0.0.0/8 -j DROP 2>/dev/null || true
iptables -D FORWARD -s ${containerIp} -d 10.0.0.0/8 -j DROP 2>/dev/null || true iptables -D FORWARD -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true '';
''; });
});
} }
server-modules/ssh.nix
+8 -2
View File
@@ -17,8 +17,14 @@ in {
AllowTcpForwarding = false; AllowTcpForwarding = false;
ClientAliveInterval = 300; ClientAliveInterval = 300;
ClientAliveCountMax = 2; ClientAliveCountMax = 2;
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; KexAlgorithms = [
Ciphers = ["chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com"]; "curve25519-sha256"
"curve25519-sha256@libssh.org"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
];
}; };
}; };
server-modules/stirling-pdf.nix
+8 -6
View File
@@ -1,19 +1,21 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
imports = [ imports = [
(mkContainer { (mkContainer {
name = "stirling-pdf"; name = "stirling-pdf";
hostIp = "10.233.9.1"; hostIp = "10.233.9.1";
containerIp = "10.233.9.2"; containerIp = "10.233.9.2";
nixosConfig = { ... }: { nixosConfig = {...}: {
services.stirling-pdf = { services.stirling-pdf = {
enable = true; enable = true;
environment."SERVER_PORT" = "8080"; environment."SERVER_PORT" = "8080";
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
server-modules/umami.nix
+8 -6
View File
@@ -1,8 +1,10 @@
{ config, lib, ... }:
let
inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
in
{ {
config,
lib,
...
}: let
inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
sops.secrets.umami-secret.mode = "0400"; sops.secrets.umami-secret.mode = "0400";
imports = [ imports = [
@@ -14,7 +16,7 @@ in
hostPath = config.sops.secrets.umami-secret.path; hostPath = config.sops.secrets.umami-secret.path;
isReadOnly = true; isReadOnly = true;
}; };
nixosConfig = { ... }: { nixosConfig = {...}: {
services.umami = { services.umami = {
enable = true; enable = true;
settings = { settings = {
@@ -27,7 +29,7 @@ in
}; };
# PrivateUsers breaks systemd-creds inside nspawn containers (nested user namespaces) # PrivateUsers breaks systemd-creds inside nspawn containers (nested user namespaces)
systemd.services.umami.serviceConfig.PrivateUsers = lib.mkForce false; systemd.services.umami.serviceConfig.PrivateUsers = lib.mkForce false;
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [8080];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };
}) })
themes/darkviolet.nix
+1 -2
View File
@@ -16,8 +16,7 @@
border-size = 2; border-size = 2;
animation-speed = "medium"; # "fast" | "medium" | "slow" animation-speed = "medium"; # "fast" | "medium" | "slow"
fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
textColorOnWallpaper = textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
}; };
description = "Theme configuration options"; description = "Theme configuration options";
}; };
themes/rose-pine.nix
+1 -2
View File
@@ -16,8 +16,7 @@
border-size = 4; border-size = 4;
animation-speed = "fast"; # "fast" | "medium" | "slow" animation-speed = "fast"; # "fast" | "medium" | "slow"
fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
textColorOnWallpaper = textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
}; };
description = "Theme configuration options"; description = "Theme configuration options";
}; };
themes/zen.nix
+1 -2
View File
@@ -16,8 +16,7 @@
border-size = 4; border-size = 4;
animation-speed = "medium"; # "fast" | "medium" | "slow" animation-speed = "medium"; # "fast" | "medium" | "slow"
fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
textColorOnWallpaper = textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
}; };
description = "Theme configuration options"; description = "Theme configuration options";
}; };