RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 10:07:44 +00:00
Code Issues Activity

Start refactor

Browse source
This commit is contained in:
RGBCube 2025-01-11 15:51:21 +03:00
parent 99b7ccfadb
commit 06cce18e72
155 changed files with 2139 additions and 3738 deletions
Download patch file Download diff file Expand all files Collapse all files

34
.gitignore vendored
View file

@ -1,41 +1,27 @@
*
!.gitignore
!docs/
!hosts/
!hosts/cube/
!hosts/cube/acme/
!hosts/cube/forgejo/
!hosts/cube/grafana/
!hosts/cube/matrix/
!hosts/cube/nextcloud/
!hosts/disk/
!hosts/disk/mail/
!hosts/nine/
!hosts/nine/github2forgejo/
!hosts/pala/
!modules/
!modules/hyprland/
!modules/nushell/
!modules/restic/
!modules/ssh/
!lib/
!options/
!modules/
!modules/common/
!modules/common/nushell/
!modules/common/ssh/
!modules/darwin/
!modules/linux/
!modules/linux/hyprland/
!modules/linux/restic/
!.gitignore
!flake.lock
!*.age
!*.gif
!*.md
!*.nix
!*.nu
!*.png
!*.txt

5
docs/README.md
View file

@ -1,12 +1,10 @@
# NCC
RGBCube's NixOS Configuration Collection.
RGBCube's Configuration Collection.
## License
```
MIT License
Copyright (c) 2023-present RGBCube
Permission is hereby granted, free of charge, to any person obtaining a copy
@ -26,5 +24,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
```

594
flake.lock generated
View file

@ -1,10 +1,12 @@
{
"nodes": {
"ageNix": {
"agenix": {
"inputs": {
"darwin": "darwin",
"darwin": [
"nix-darwin"
],
"home-manager": [
"homeManager"
"home-manager"
],
"nixpkgs": [
"nixpkgs"
@ -25,55 +27,6 @@
"type": "github"
}
},
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1736102453,
"narHash": "sha256-5qb4kb7Xbt8jJFL/oDqOor9Z2+E+A+ql3PiyDvsfWZ0=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "4846091641f3be0ad7542086d52769bb7932bde6",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"crash": {
"inputs": {
"nixpkgs": [
@ -94,28 +47,6 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"ageNix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": "nixpkgs",
@ -138,11 +69,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -151,92 +82,88 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"github2forgejo": {
"flake-parts": {
"inputs": {
"nixpkgs": [
"nixpkgs-lib": [
"nix",
"nixpkgs"
],
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1716973075,
"narHash": "sha256-sRuA57ERuh3McOBl5QbaVwYpG4g4DO0LY2pTDgGlw6A=",
"owner": "RGBCube",
"repo": "GitHub2Forgejo",
"rev": "0cb9aac71bb22f8058d1db8eb3ba62e83f5641bf",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "RGBCube",
"repo": "GitHub2Forgejo",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"git-hooks-nix": {
"inputs": {
"flake-compat": [
"nix"
],
"gitignore": [
"nix"
],
"nixpkgs": [
"hyprland",
"pre-commit-hooks",
"nix",
"nixpkgs"
],
"nixpkgs-stable": [
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"lastModified": 1734279981,
"narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1736283893,
"narHash": "sha256-BG1FfTexFwNty5VhYjaQLMR6CMPfI3QRcaZrFQYu2EM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "4f339f6be2b61662f957c2ee9eda0fa597d8a6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"homeManager": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736277415,
"narHash": "sha256-kPDXF6cIPsVqSK08XF5EC6KM7BdMnM9vtJDzsnf+lLU=",
"lastModified": 1736421950,
"narHash": "sha256-RyrX0WFXxFrYvzHNLTIyuk3NcNl3UBykuYru/P0zW5E=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5c4302313d9207f7ec0886d68f8ff4a3c71209a1",
"rev": "d4aebb947a301b8da8654a804979a738c5c5da50",
"type": "github"
},
"original": {
@ -245,225 +172,66 @@
"type": "github"
}
},
"hyprcursor": {
"nil": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1734906540,
"narHash": "sha256-vQ/L9hZFezC0LquLo4TWXkyniWtYBlFHAKIsDc7PYJE=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "69270ba8f057d55b0e6c2dca0e165d652856e613",
"lastModified": 1732053863,
"narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=",
"owner": "oxalica",
"repo": "nil",
"rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"owner": "oxalica",
"repo": "nil",
"type": "github"
}
},
"hyprgraphics": {
"nix": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs_3",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1736115290,
"narHash": "sha256-Jcn6yAzfUMcxy3tN/iZRbi/QgrYm7XLyVRl9g/nbUl4=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "52202272d89da32a9f866c0d10305a5e3d954c50",
"lastModified": 1736440804,
"narHash": "sha256-3cmTOPnZuDEGBtttZXPbads+kmIP1RHrqzjHxqYKWD0=",
"owner": "NixOS",
"repo": "nix",
"rev": "2d9b213cc2b4284f8432aa3883b15d390c665db4",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprgraphics",
"owner": "NixOS",
"repo": "nix",
"type": "github"
}
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-protocols": "hyprland-protocols",
"hyprland-qtutils": "hyprland-qtutils",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"xdph": "xdph"
},
"locked": {
"lastModified": 1736336083,
"narHash": "sha256-BheKUOkUW1chQkMf1k7Q0p3uIygJzltY7sf7uMTYaUU=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "983bc067dac2e737bc724721c79d87cd81f27501",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"nix-darwin": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1735774328,
"narHash": "sha256-vIRwLS9w+N99EU1aJ+XNOU6mJTxrUBa31i1r82l0V7s=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "e3b6af97ddcfaafbda8e2828c719a5af84f662cb",
"lastModified": 1736370755,
"narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "57733bd1dc81900e13438e5b4439239f1b29db0e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprland-qtutils": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1736257999,
"narHash": "sha256-chDO669EUPz9JAO0AhdgkmUSAhIeNfu090W//tdL200=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "6cc1cf51f2f10352ec97c2095f49dc5556e43954",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1735393019,
"narHash": "sha256-NPpqA8rtmDLsEmZOmz+qR67zsB6Y503Jnv+nSFLKJZ8=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "55608efdaa387af7bfdc0eddb404c409958efa43",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1736164519,
"narHash": "sha256-1LimBKvDpBbeX+qW7T240WEyw+DBVpDotZB4JYm8Aps=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "3c895da64b0eb19870142196fa48c07090b441c4",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1735493474,
"narHash": "sha256-fktzv4NaqKm94VAkAoVqO/nqQlw+X0/tJJNAeCSfzK4=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "de913476b59ee88685fdc018e77b8f6637a2ae0b",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
@ -483,71 +251,95 @@
"type": "github"
}
},
"nixpkgs-24_11": {
"nixpkgs-23-11": {
"locked": {
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "NixOS",
"lastModified": 1731890469,
"narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"rev": "5083ec887760adfe12af64830a66807423a859a7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"nixpkgs_3": {
"locked": {
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"lastModified": 1734359947,
"narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "48d12d5e70ee91fe8481378e540433a7303dbf6a",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"owner": "NixOS",
"ref": "release-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1736453036,
"narHash": "sha256-pg+bsDf72cTh5fkqoMdnReljXdo4CovuLktzwZfl1CA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "271ad8a6123201357e397df692314026ac87f89c",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"ageNix": "ageNix",
"agenix": "agenix",
"crash": "crash",
"fenix": "fenix",
"github2forgejo": "github2forgejo",
"hardware": "hardware",
"homeManager": "homeManager",
"hyprland": "hyprland",
"nixpkgs": "nixpkgs_2",
"simpleMail": "simpleMail",
"home-manager": "home-manager",
"nil": "nil",
"nix": "nix",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_4",
"themes": "themes"
}
},
@ -568,27 +360,25 @@
"type": "github"
}
},
"simpleMail": {
"rust-overlay": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nil",
"nixpkgs"
],
"nixpkgs-24_11": "nixpkgs-24_11"
]
},
"locked": {
"lastModified": 1735230346,
"narHash": "sha256-zgR8NTiNDPVNrfaiOlB9yHSmCqFDo7Ks2IavaJ2dZo4=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b",
"type": "gitlab"
"lastModified": 1731983527,
"narHash": "sha256-JECaBgC0pQ91Hq3W4unH6K9to8s2Zl2sPNu7bLOv4ek=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "71287228d96e9568e1e70c6bbfa3f992d145947b",
"type": "github"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
@ -621,21 +411,6 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"themes": {
"locked": {
"lastModified": 1715166503,
@ -650,47 +425,6 @@
"repo": "ThemeNix",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1734907020,
"narHash": "sha256-p6HxwpRKVl1KIiY5xrJdjcEeK3pbmc///UOyV6QER+w=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "d7f18dda5e511749fa1511185db3536208fb1a63",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",

158
flake.nix
View file

@ -1,5 +1,5 @@
{
description = "RGBCube's NixOS Configuration Collection";
description = "RGBCube's Configuration Collection";
nixConfig = {
extra-substituters = [
@ -13,46 +13,51 @@
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
experimental-features = [
"cgroups"
"flakes"
"nix-command"
"pipe-operators"
];
accept-flake-config = true;
builders-use-substitutes = true;
flake-registry = "";
http-connections = 50;
show-trace = true;
trusted-users = [ "root" "@wheel" "@admin" ];
use-cgroups = true;
warn-dirty = false;
};
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs.url = "github:NixOS/nixpkgs";
hardware.url = "github:NixOS/nixos-hardware";
nix-darwin = {
url = "github:LnL7/nix-darwin";
homeManager = {
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
ageNix = {
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "homeManager";
};
simpleMail = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
inputs.darwin.follows = "nix-darwin";
inputs.home-manager.follows = "home-manager";
};
fenix.url = "github:nix-community/fenix";
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
# hyprcursors = {
# url = "github:VirtCode/hypr-dynamic-cursors";
# inputs.hyprland.follows = "hyprland";
# inputs.nixpkgs.follows = "hyprland/nixpkgs";
# };
nix.url = "github:NixOS/nix";
nil.url = "github:oxalica/nil";
crash = {
url = "github:RGBCube/crash";
@ -60,98 +65,27 @@
inputs.nixpkgs.follows = "nixpkgs";
};
github2forgejo = {
url = "github:RGBCube/GitHub2Forgejo";
inputs.nixpkgs.follows = "nixpkgs";
};
themes.url = "github:RGBCube/ThemeNix";
};
outputs = { self, nixpkgs, ... } @ inputs: let
lib0 = nixpkgs.lib;
keys = import ./keys.nix;
outputs = inputs @ { nixpkgs, nix-darwin, ... }: let
inherit (builtins) readDir;
inherit (nixpkgs.lib) attrsToList const groupBy listToAttrs mapAttrs;
collectNixFiles = directory: with lib0; pipe (filesystem.listFilesRecursive directory) [
(filter (hasSuffix ".nix"))
(filter (name: !hasPrefix "_" (builtins.baseNameOf name)))
];
lib'' = nixpkgs.lib.extend (_: _: nix-darwin.lib);
lib' = lib''.extend (_: _: builtins);
lib = lib'.extend <| import ./lib inputs;
lib1 = with lib0; extend (const (const (pipe (collectNixFiles ./lib) [
(map (file: import file lib0))
(filter (thunk: !isFunction thunk))
(foldl' recursiveUpdate {})
])));
nixpkgsOverlayModule = with lib1; {
nixpkgs.overlays = [(final: prev: {
# hyprcursors = inputs.hyprcursors.packages.${prev.system}.default;
})] ++ pipe inputs [
attrValues
(filter (value: value ? overlays.default))
(map (value: value.overlays.default))
];
nixpkgs.config.allowUnfree = true; # IDGAF anymore.
hostsByType = readDir ./hosts
|> mapAttrs (name: const <| import ./hosts/${name} lib)
|> attrsToList
|> groupBy ({ name, value }:
if value ? class && value.class == "nixos" then
"nixosConfigurations"
else
"darwinConfigurations")
|> mapAttrs (const listToAttrs);
in hostsByType // {
inherit lib;
};
homeManagerModule = { lib, ... }: with lib; {
home-manager.users = genAttrs allNormalUsers (const {});
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = pipe inputs [
attrValues
(filter (value: value ? homeModules.default))
(map (value: value.homeModules.default))
];
};
optionModules = with lib1; [
(lib1.mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ])
] ++ collectNixFiles ./options ++ pipe inputs [
attrValues
(filter (value: value ? nixosModules.default))
(map (value: value.nixosModules.default))
];
optionUsageModules = [
nixpkgsOverlayModule
homeManagerModule
] ++ collectNixFiles ./modules;
specialArgs = inputs // { inherit inputs keys; };
hosts = lib1.pipe (builtins.readDir ./hosts) [
(lib1.filterAttrs (name: type: type == "regular" -> lib1.hasSuffix ".nix" name))
lib1.attrNames
];
lib2s = with lib1; genAttrs hosts (name: let
hostStub = nixosSystem {
inherit specialArgs;
modules = [ ./hosts/${name} ] ++ optionModules;
};
in extend (const (const (pipe (collectNixFiles ./lib) [
(map (file: import file lib1))
(filter (isFunction))
(map (func: func hostStub.config))
(foldl' recursiveUpdate {})
]))));
configurations = lib1.genAttrs hosts (name: lib2s.${name}.nixosSystem {
inherit specialArgs;
modules = [{
networking.hostName = name;
}] ++ optionModules ++ optionUsageModules ++ collectNixFiles ./hosts/${name};
});
in {
nixosConfigurations = configurations;
# This is here so we can do self.<whatever> instead of self.nixosConfigurations.<whatever>.config.
} // lib1.mapAttrs (lib1.const (value: value.config)) configurations;
}

23
hosts/cube/acme/default.nix
View file

@ -1,23 +0,0 @@
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
in systemConfiguration {
secrets.acmeEnvironment.file = ./environment.age;
security.acme = {
acceptTerms = true;
defaults = {
environmentFile = config.secrets.acmeEnvironment.path;
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1";
email = "security@${domain}";
};
certs.${domain} = {
extraDomainNames = [ "*.${domain}" ];
group = "nginx";
};
};
}

BIN
hosts/cube/acme/environment.age
View file

Binary file not shown.

55
hosts/cube/default.nix
View file

@ -1,55 +0,0 @@
{ config, lib, keys, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.05";
nixpkgs.hostPlatform = "x86_64-linux";
secrets.id.file = ./id.age;
secrets.rgbPassword.file = ./password.rgb.age;
users.users = {
root.hashedPasswordFile = config.secrets.rgbPassword.path;
rgb = sudoUser {
description = "RGB";
openssh.authorizedKeys.keys = keys.admins;
hashedPasswordFile = config.secrets.rgbPassword.path;
};
backup = normalUser {
description = "Backup";
openssh.authorizedKeys.keys = keys.all;
hashedPasswordFile = config.secrets.rgbPassword.path;
};
};
services.openssh = {
banner = ''
_______________________________________
/ If God doesn't destroy San Francisco, \
| He should apologize to Sodom and |
\ Gomorrah. /
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
'';
hostKeys = [{
type = "ed25519";
path = config.secrets.id.path;
}];
};
networking = {
ipv4 = "5.255.78.70";
domain = "rgbcu.be";
};
})
(homeConfiguration {
home.stateVersion = "23.11";
})

158
hosts/cube/forgejo/default.nix
View file

@ -1,158 +0,0 @@
{ self, config, lib, pkgs, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "git.${domain}";
port = 8001;
in systemConfiguration {
secrets.forgejoMailPassword = {
file = self + /hosts/disk/mail/password.plain.age;
owner = "forgejo";
};
secrets.forgejoRunnerPassword = {
file = ./password.runner.age;
owner = "forgejo";
};
services.postgresql = {
ensureDatabases = [ "forgejo" ];
ensureUsers = [{
name = "forgejo";
ensureDBOwnership = true;
}];
};
services.restic.backups = genAttrs config.resticHosts (const {
paths = [ "/var/lib/gitea-runner" "/var/lib/forgejo" ];
});
users.groups.gitea-runner = {};
users.users.gitea-runner = systemUser {
extraGroups = [ "docker" ];
group = "gitea-runner";
home = "/var/lib/gitea-runner";
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.runner-01 = enabled {
name = "runner-01";
url = fqdn;
labels = [
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye"
"act:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
tokenFile = config.secrets.forgejoRunnerPassword.path;
settings = {
cache.enabled = true;
capacity = 4;
container.network = "host";
};
hostPackages = with pkgs; [
bash
coreutils
curl
gitMinimal
sudo
wget
];
};
};
services.openssh.settings.AcceptEnv = mkForce "SHELLS COLOTERM GIT_PROTOCOL";
services.forgejo = enabled {
lfs = enabled;
secrets.mailer.PASSWD = config.secrets.forgejoMailPassword.path;
database = {
socket = "/run/postgresql";
type = "postgres";
};
settings = let
description = "RGBCube's Forge of Shitty Software";
in {
default.APP_NAME = description;
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://${fqdn}";
};
attachment.ALLOWED_TYPES = "*/*";
cache.ENABLED = true;
mailer = {
ENABLED = true;
PROTOCOL = "smtps";
SMTP_ADDR = self.disk.mailserver.fqdn;
USER = "git@${domain}";
};
other = {
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
SHOW_FOOTER_VERSION = false;
};
packages.ENABLED = false;
repository = {
DEFAULT_BRANCH = "master";
DEFAULT_MERGE_STYLE = "rebase-merge";
DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls, repo.actions";
DEFAULT_PUSH_CREATE_PRIVATE = false;
ENABLE_PUSH_CREATE_ORG = true;
ENABLE_PUSH_CREATE_USER = true;
DISABLE_STARS = true;
};
"repository.upload" = {
FILE_MAX_SIZE = 100;
MAX_FILES = 10;
};
server = {
DOMAIN = domain;
ROOT_URL = "https://${fqdn}/";
LANDING_PAGE = "/explore";
HTTP_ADDR = "::1";
HTTP_PORT = port;
SSH_PORT = head config.services.openssh.ports;
DISABLE_ROUTER_LOG = true;
};
service.DISABLE_REGISTRATION = true;
session = {
COOKIE_SECURE = true;
SAME_SITE = "strict";
};
"ui.meta" = {
AUTHOR = description;
DESCRIPTION = description;
};
};
};
services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
locations."/".proxyPass = "http://[::1]:${toString port}";
};
}

10
hosts/cube/forgejo/password.runner.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 7yIsoOHvJRbNV4J0HxwKHVUaScp0hNXB/DLX1UrSsys
CSFy5ta8rbBPeUw1TEZDSLNV+v5Q+PDcKYwWkFQBv5M
-> ssh-ed25519 CzqbPQ 8xO/hPZZP9D1AddhcKLaLdB2Ch1sTBMsm/xgXYW/6y0
/dACny3vjrpms1oEEj5gBFd/Cjx2P37JKk+BKui/TgA
-> ssh-ed25519 f5VzMA AQc4W4u7jTN9qzhm344xYfT7t/AQSbV8sPAOXo2c4EY
YF2pb/iv9b52RBD91cvMN9ABge+Oswr1bUbJxr0xP7k
--- 9KEPq+2YLjFJeeuapOVQ/9Lf/bKkIcZnjsaNJCK9W2s
sk™i<EFBFBD>¨94možp붷躦Wv¼vûðO„^v¦3ÊÕ\
ôCk(t¤¾l<16>®Ì$<24><0E>=š*jIJÞA:žÞ]ÚÜ

83
hosts/cube/grafana/default.nix
View file

@ -1,83 +0,0 @@
{ self, config, lib, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "metrics.${domain}";
port = 8000;
in systemConfiguration {
secrets.grafanaPassword = {
file = ./password.age;
owner = "grafana";
};
secrets.grafanaMailPassword = {
file = self + /hosts/disk/mail/password.plain.age;
owner = "grafana";
};
services.postgresql = {
ensureDatabases = [ "grafana" ];
ensureUsers = [{
name = "grafana";
ensureDBOwnership = true;
}];
};
services.restic.backups = genAttrs config.resticHosts (const {
paths = [ "/var/lib/grafana" ];
});
systemd.services.grafana = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
};
services.grafana = enabled {
provision = enabled;
settings = {
analytics.reporting_enabled = false;
database.host = "/run/postgresql";
database.type = "postgres";
database.user = "grafana";
server.domain = fqdn;
server.http_addr = "[::1]";
server.http_port = port;
users.default_theme = "system";
};
settings.security = {
admin_email = "metrics@${domain}";
admin_password = "$__file{${config.secrets.grafanaPassword.path}}";
admin_user = "admin";
cookie_secure = true;
disable_gravatar = true;
disable_initial_admin_creation = true; # Just in case.
};
settings.smtp = {
enabled = true;
password = "$__file{${config.secrets.grafanaMailPassword.path}}";
startTLS_policy = "MandatoryStartTLS";
ehlo_identity = "metrics@${domain}";
from_address = "metrics@${domain}";
from_name = "Metrics";
host = "${self.disk.mailserver.fqdn}:${toString config.services.postfix.relayPort}";
};
};
services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
locations."/" = {
proxyPass = "http://[::1]:${toString port}";
proxyWebsockets = true;
};
};
}

10
hosts/cube/grafana/password.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 8RuMWyMIVBwAX7r/A+P0nscmsW9KTpt56b+le5dOz3o
D1syuLeAeAdVmEtXE6BTFKjrCcJYB58gUfbr9gCN9gM
-> ssh-ed25519 CzqbPQ LWqVp66/EnvhmF3R3fGB9RXq8YA9/1HvhkP8b7fL5no
cQGRxNoR7EdwkuyH8L748V3iTCxmDOs1cDvC7whiOiM
-> ssh-ed25519 f5VzMA By51kxuXGN75sqnhDAJLOVKobXxxsqmZvBi43kPs8g8
xWeGyCzxGckOYCqRMxjmVN1VirTJHtqS21/uBfwaiMo
--- LgeEowlRzUo1IyGr4jdD5ysCx2KdnlhfKRUHaesilO0
˜,æ ܼ®Ãß½x†¿Dà@ÎçÁü¾QP/oÁ:
v1ß<EFBFBD>;ÆÈÍì÷· ?‰

23
hosts/cube/hardware.nix
View file

@ -1,23 +0,0 @@
{ lib, modulesPath, ... }: with lib;
systemConfiguration {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub = enabled {
device = "/dev/vda";
};
boot.initrd.availableKernelModules = [
"ata_piix"
"sr_mod"
"uhci_hcd"
"virtio_blk"
"virtio_pci"
];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
options = [ "noatime" ];
};
}

11
hosts/cube/id.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw YN0Cb+kyG3YXy5M4EXoijLRmGMjO1q2U+KxSPIc0FXE
pDeBwpWP1F/+rKGnKcmIZ7rTqGhAgO+bZoW0Fm/P4KA
-> ssh-ed25519 CzqbPQ AViDLwkL2z0htUhLNnxK+25SeDNETpRD7TxEe3KiClg
qr0QX65nb5aIu2BzdKthIdS7FEwotgGXMyLQ6goGpF0
-> ssh-ed25519 f5VzMA tSMV6ZkLc6+/SLA8IpWLmQngeQ8b1N/fQzlAP7xF0Ao
GW6YyVj8KlMjL4xzSVCHlOEajPqYi1ytu3RBLbov70k
--- r3znXRy2jH0r6yH94WnUQ8VbrGuKJRwHAMD9y/M4+Gs
V×È¢ðQª-õ\|L“è”|º2YWqÇ<71>CæÁpn0Šåê %v¯tá Úæ¯Õ53|Èï+3ó—,„ÖÏwZцL27'Ý£ÚîeÛ­ÍÌÚwUê<~̦WÒmµß¯yÚ:tçy &ËÍ©‡àpÓ/<2F>Æ–Y»ÂÕ†Åü–ÌXQÖ]¶6³àýY”Lh†ÎC-ôÞÑüxŠ{u†Äüd?¸øb¬Ì<ÆGùߤêŒi™D ”V#à{—_ï׳·±+0B;0JÆðssý†¼zO¯ÀA ð¹1˜Árj £©9ç«•‰Í_¯É<>¨å âlóÀѤÕ3v× ÜMíÀË
#(³ºU ôw¬ƒ#jI ÄôÓΣöpú‰šX™3YâûH-
˜ÉÖÌW#zÊ!¿Š@Îs <kÚ"ýx°M)>ŠW³9¬=7Z,‰ùc÷¤…߈R¸>\B§…ƒú&uµ½ŸÊë¥z«júî†ä½¬ˆ]Ô ñß<C3B1>¢%²†XzXàÔÞ­ÙÃ]hk£Ôû.åšrÇÐe.àÚã

140
hosts/cube/matrix/default.nix
View file

@ -1,140 +0,0 @@
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
sitePath = "/var/www/site";
chatDomain = "chat.${domain}";
syncDomain = "sync.${domain}";
wellKnownResponse = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${strings.toJSON data}';
'';
clientConfig."m.homeserver".base_url = "https://${chatDomain}";
clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}";
serverConfig."m.server" = "${chatDomain}:443";
wellKnownResponseConfig.locations = {
"= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig;
"= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig;
};
notFoundLocationConfig = {
locations."/".extraConfig = "return 404;";
extraConfig = "error_page 404 /404.html;";
locations."/404".extraConfig = "internal;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
};
synapsePort = 8002;
syncPort = 8003;
in serverSystemConfiguration {
secrets.matrixSecret = {
file = ./password.secret.age;
owner = "matrix-synapse";
};
secrets.matrixSyncPassword = {
file = ./password.sync.age;
owner = "matrix-synapse";
};
services.postgresql = {
ensureDatabases = [ "matrix-synapse" "matrix-sliding-sync" ];
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
{
name = "matrix-sliding-sync";
ensureDBOwnership = true;
}
];
};
services.restic.backups = genAttrs config.resticHosts (const {
paths = [ "/var/lib/matrix-synapse" "/var/lib/matrix-sliding-sync" ];
});
services.matrix-synapse = enabled {
withJemalloc = true;
configureRedisLocally = true;
settings.redis.enabled = true;
extras = [ "postgres" "url-preview" "user-search" ];
log.root.level = "WARNING"; # Shut the fuck up.
settings = {
server_name = domain;
# We are not setting web_client_location since the root is not accessible
# from the outside web at all. Only /_matrix is reverse proxied to.
database.name = "psycopg2";
report_stats = false;
enable_metrics = true;
metrics_flags.known_servers = true;
expire_access_token = true;
url_preview_enabled = true;
# Trusting Matrix.org.
suppress_key_server_warning = true;
};
# Sets registration_shared_secret.
extraConfigFiles = [ config.secrets.matrixSecret.path ];
settings.listeners = [{
port = synapsePort;
bind_addresses = [ "::1" ];
tls = false;
type = "http";
x_forwarded = true;
resources = [{
compress = false;
names = [ "client" "federation" ];
}];
}];
};
services.nginx.virtualHosts.${domain} = wellKnownResponseConfig;
services.nginx.virtualHosts.${chatDomain} = merge config.sslTemplate wellKnownResponseConfig notFoundLocationConfig {
root = "${sitePath}";
locations."/_matrix".proxyPass = "http://[::1]:${toString synapsePort}";
locations."/_synapse/client".proxyPass = "http://[::1]:${toString synapsePort}";
};
services.matrix-sliding-sync = enabled {
environmentFile = config.age.secrets.matrixSyncPassword.path;
settings = {
SYNCV3_SERVER = "https://${chatDomain}";
SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
SYNCV3_BINDADDR = "[::1]:${toString syncPort}";
};
};
services.nginx.virtualHosts.${syncDomain} = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
.proxyPass = "http://[::1]:${toString synapsePort}";
locations."~ ^(\\/_matrix|\\/_synapse\\/client)"
.proxyPass = "http://[::1]:${toString syncPort}";
};
}

9
hosts/cube/matrix/password.secret.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw StDMwwxCWcdMkWnDUt2pA1PINfLt1M+H+J3Y2P/mxnk
GL+g8U3bWjtN0wC5kgPFmDH6ptLk3qCVofqHF6d9gg4
-> ssh-ed25519 CzqbPQ 3O4JTSO7S3oZ28YCMGLzD7ILzSphLfj7wHZFnklQlQg
MP/45MWFIcGH4kDytDO2rVzXZ+ls+Y3tCSdp3S9A3EA
-> ssh-ed25519 f5VzMA 2avBGy/8FgfUfreAfO7tJ4g3zRzMBkUxN3G+IqLk6GM
vsEj8QMWRYYz844Gbf7hNpfMyRqoytaruRUOxQZj3NM
--- AugFTj/dABkP+jM/sYBSZKMjUH+BeifJ455bdt+bKZA
Ñ&·•¨µòö2Tÿp²ÉUC”F<E2809D>D7Z•F&l$~¨ýHŸì"£õ”;¨×~é­ |÷g>¾î½žiÅî_#¨Ý{•#%‰˜FwJRýî<C3BD>­.ÑËoç)z§œrn-»Žk@gÝ_kÚ¹+¿šÍWRÀmÂzƒp 

9
hosts/cube/matrix/password.sync.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw T319LGGGp0tzS0vevrIUOZKoGYQ1NX0KOWqkqTLumh8
449QEoppibas2HtJJPJMQXcZeHEU9vJyZJV2NnYiXCY
-> ssh-ed25519 CzqbPQ i3wvtVCcnGGKibtvOd7pApma03sal+krPZcXobRfk2U
GpmrpAgQqRkDbXRq/WMAulZFNKlEXo2ZzBJdAJTHePA
-> ssh-ed25519 f5VzMA SSVe9YKEjtWIg3ZIlFYBDZasfzL4HN7frgaC24S1ZTk
S5u4oWUgHiSvvF0XKtVSPkgCOQ0dzIZUqnhRbCeCPt4
--- tnWULd4aX4DFcQn1+typTWtIw+2wEoQ4OO3mvCkFgEs
…iÎr<EFBFBD>ú¹š…ò— ¡xoÃ7¡ÙâÐkä$Ö¯š‰çYFXBëIMc²Þ„?cnáo0WLè†ÅfMña ‡o»+ 'ù‰ÎÏÒ&p*<9ºPë©#}Wñ¿Ð žàì·MíBú~¢‰7

116
hosts/cube/nextcloud/default.nix
View file

@ -1,116 +0,0 @@
{ config, lib, pkgs, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "cloud.${domain}";
nextcloudPackage = pkgs.nextcloud29;
in systemConfiguration {
secrets.nextcloudPassword = {
file = ./password.age;
owner = "nextcloud";
};
secrets.nextcloudExporterPassword = {
file = ./password.age;
owner = "nextcloud-exporter";
};
services.prometheus.exporters.nextcloud = enabled {
listenAddress = "[::]";
username = "admin";
url = "https://${fqdn}";
passwordFile = config.secrets.nextcloudExporterPassword.path;
};
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
};
services.restic.backups = genAttrs config.resticHosts (const {
paths = [ "/var/lib/nextcloud" ];
});
systemd.services.nextcloud-setup = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
script = mkAfter ''
nextcloud-occ theming:config name "RGBCube's Depot"
nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data."
nextcloud-occ theming:config color "#000000"
nextcloud-occ theming:config background backgroundColor
nextcloud-occ theming:config logo ${./icon.gif}
'';
};
services.nextcloud = enabled {
package = nextcloudPackage;
hostName = fqdn;
https = true;
configureRedis = true;
config.adminuser = "admin";
config.adminpassFile = config.secrets.nextcloudPassword.path;
config.dbhost = "/run/postgresql";
config.dbtype = "pgsql";
settings = {
default_phone_region = "TR";
# Even with manual SMTP configuration, Nextcloud fails to communicate properly
# and fails to send mail. PHP moment?
# mail_smtphost = "::1"; # FIXME: Will need to use SMTP.
# mail_smtpmode = "sendmail";
# mail_from_address = "cloud";
maintenance_window_start = 1;
# No clue why it was syslog.
# What are the NixOS module authors on?
log_type = "file";
};
settings.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
phpOptions = {
"opcache.interned_strings_buffer" = "16";
output_buffering = "off";
};
extraAppsEnable = true;
extraApps = {
inherit (nextcloudPackage.packages.apps)
bookmarks calendar contacts deck
forms impersonate mail # groupfolders impersonate mail
maps notes polls previewgenerator; # tasks;
# Add: files_markdown files_texteditor memories news
};
nginx.recommendedHttpHeaders = true;
};
services.nginx.virtualHosts.${fqdn} = config.sslTemplate;
}

BIN
hosts/cube/nextcloud/icon.gif
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 767 KiB

BIN
hosts/cube/nextcloud/password.age
View file

Binary file not shown.

43
hosts/cube/nginx.nix
View file

@ -1,43 +0,0 @@
{ lib, pkgs, ... }: with lib;
systemConfiguration {
networking.firewall = {
allowedTCPPorts = [ 443 80 ];
allowedUDPPorts = [ 443 ];
};
services.prometheus.exporters.nginx = enabled {
listenAddress = "[::]";
};
services.nginx = enabled {
package = pkgs.nginxQuic;
statusPage = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
# add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header Referrer-Policy no-referrer;
# add_header X-Frame-Options DENY;
# add_header X-Content-Type-Options nosniff;
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
};
}

BIN
hosts/cube/password.rgb.age
View file

Binary file not shown.

15
hosts/cube/podman.nix
View file

@ -1,15 +0,0 @@
{ lib, ... }: with lib;
systemConfiguration {
virtualisation.podman = enabled {
dockerCompat = true;
dockerSocket = enabled;
defaultNetwork.settings.dns_enabled = true;
autoPrune = enabled {
dates = "weekly";
flags = [ "--all" ];
};
};
}

125
hosts/cube/postgresql.nix
View file

@ -1,125 +0,0 @@
{ config, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
services.prometheus.exporters.postgres = enabled {
listenAddress = "[::]";
runAsLocalSuperUser = true;
};
services.restic.backups = genAttrs config.resticHosts (const {
paths = [ "/tmp/postgresql-dump.sql.gz" ];
backupPrepareCommand = ''
${config.services.postgresql.package}/bin/pg_dumpall --clean \
| ${lib.getExe pkgs.gzip} --rsyncable \
> /tmp/postgresql-dump.sql.gz
'';
backupCleanupCommand = ''
rm /tmp/postgresql-dump.sql.gz
'';
});
services.postgresql = enabled {
package = pkgs.postgresql_14;
enableJIT = true;
initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
initialScript = pkgs.writeText "grant-root-perms" ''
GRANT pg_read_all_data TO root;
GRANT pg_write_all_data TO root;
'';
authentication = mkOverride 10 ''
# Type Database DBUser Authentication
local all all peer
'';
ensureUsers = [
{
name = "postgres";
ensureClauses = {
createdb = true;
createrole = true;
login = true;
replication = true;
superuser = true;
};
}
{
name = "root";
ensureClauses = {
createdb = true;
createrole = true;
login = true;
replication = true;
superuser = true;
};
}
];
settings = {
listen_addresses = mkForce "";
# https://pgconfigurator.cybertec.at/
max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings
shared_buffers = "1024 MB";
work_mem = "32 MB";
maintenance_work_mem = "320 MB";
huge_pages = "off";
effective_cache_size = "3 GB";
effective_io_concurrency = 1; # Concurrent IO only really activated if OS supports posix_fadvise function.
random_page_cost = 4; # Speed of random disk access relative to sequential access (1.0).
# Monitoring
shared_preload_libraries = "pg_stat_statements"; # Per statement resource usage stats.
track_io_timing = "on"; # Measure exact block IO times.
track_functions = "pl"; # Track execution times of pl-language procedures if any.
# Replication
wal_level = "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing
checkpoint_timeout = "15 min";
checkpoint_completion_target = 0.9;
max_wal_size = "1024 MB";
min_wal_size = "512 MB";
# WAL writing
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default).
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries
max_worker_processes = 2;
max_parallel_workers_per_gather = 1;
max_parallel_maintenance_workers = 1;
max_parallel_workers = 2;
parallel_leader_participation = "on";
# Advanced features
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
max_slot_wal_keep_size = "1000 MB";
track_wal_io_timing = "on";
};
};
})
(systemPackages (with pkgs; [
postgresql
]))

36
hosts/cube/prometheus.nix
View file

@ -1,36 +0,0 @@
{ self, config, lib, ... }: with lib;
systemConfiguration {
services.grafana.provision.datasources.settings = {
datasources = [{
name = "Prometheus";
type = "prometheus";
url = "http://[::1]:${toString config.services.prometheus.port}";
orgId = 1;
}];
deleteDatasources = [{
name = "Prometheus";
orgId = 1;
}];
};
services.prometheus = enabled {
listenAddress = "[::]";
retentionTime = "1w";
scrapeConfigs = with lib; let
configToScrapeConfig = name: { config, ... }: pipe config.services.prometheus.exporters [
(filterAttrs (name: value: name != "minio" && name != "unifi-poller" && value.enable or false))
(mapAttrsToList (expName: expConfig: {
job_name = "${expName}-${name}";
static_configs = [{
targets = [ "${name}:${toString expConfig.port}" ];
}];
}))
];
in flatten (mapAttrsToList configToScrapeConfig self.nixosConfigurations);
};
}

54
hosts/cube/site.nix
View file

@ -1,54 +0,0 @@
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
sitePath = "/var/www/site";
notFoundLocationConfig = {
extraConfig = "error_page 404 /404.html;";
locations."/404".extraConfig = "internal;";
};
in systemConfiguration {
services.nginx = enabled {
appendHttpConfig = ''
map $http_origin $allow_origin {
~^https://.+\.${domain}$ $http_origin;
}
map $http_origin $allow_methods {
~^https://.+\.${domain}$ "GET, HEAD, OPTIONS";
}
'';
virtualHosts.${domain} = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = ''
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
if ($request_method = OPTIONS) {
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
}
expires 24h;
'';
};
virtualHosts."www.${domain}" = merge config.sslTemplate {
locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
};
virtualHosts._ = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."/".extraConfig = "return 404;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
};
};
}

56
hosts/disk/default.nix
View file

@ -1,56 +0,0 @@
{ config, lib, keys, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.11";
nixpkgs.hostPlatform = "x86_64-linux";
secrets.id.file = ./id.age;
secrets.floppyPassword.file = ./password.floppy.age;
users.users = {
root.hashedPasswordFile = config.secrets.floppyPassword.path;
floppy = sudoUser {
description = "Floppy";
openssh.authorizedKeys.keys = keys.admins;
hashedPasswordFile = config.secrets.floppyPassword.path;
};
backup = normalUser {
description = "Backup";
openssh.authorizedKeys.keys = keys.all;
hashedPasswordFile = config.secrets.floppyPassword.path;
};
};
services.openssh.hostKeys = [{
type = "ed25519";
path = config.secrets.id.path;
}];
networking = {
ipv4 = "23.164.232.40";
ipv6 = "2602:f9f7::40";
domain = "rgbcu.be";
defaultGateway = "23.164.232.1";
defaultGateway6 = "2602:f9f7::1";
interfaces.ens32 = {
ipv4.addresses = [{
address = config.networking.ipv4;
prefixLength = 25;
}];
ipv6.addresses = [{
address = config.networking.ipv6;
prefixLength = 64;
}];
};
};
})
(homeConfiguration {
home.stateVersion = "23.11";
})

34
hosts/disk/hardware.nix
View file

@ -1,34 +0,0 @@
{ config, lib, ... }: with lib;
systemConfiguration {
boot.loader = {
systemd-boot = enabled {
editor = false;
};
efi.canTouchEfiVariables = true;
};
boot.initrd.availableKernelModules = [
"ahci"
"ata_piix"
"nvme"
"sr_mod"
];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
options = [ "noatime" ];
};
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = [ "noatime" ];
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
}

BIN
hosts/disk/id.age
View file

Binary file not shown.

55
hosts/disk/mail/default.nix
View file

@ -1,55 +0,0 @@
{ self, config, lib, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "mail1.${domain}";
in systemConfiguration {
imports = [(self + /hosts/cube/acme)];
secrets.mailPassword.file = ./password.hash.age;
services.prometheus.exporters.postfix = enabled {
listenAddress = "[::]";
};
services.restic.backups = genAttrs config.resticHosts (const {
paths = [ config.mailserver.dkimKeyDirectory config.mailserver.mailDirectory ];
});
mailserver = enabled {
fqdn = mkDefault fqdn;
domains = mkDefault [ domain ];
certificateScheme = "acme";
# We use systemd-resolved instead of Knot Resolver.
localDnsResolver = false;
hierarchySeparator = "/";
useFsLayout = true;
dkimKeyDirectory = "/var/lib/dkim";
mailDirectory = "/var/lib/mail";
sieveDirectory = "/var/lib/sieve";
vmailUserName = "mail";
vmailGroupName = "mail";
dmarcReporting = enabled {
domain = head config.mailserver.domains;
organizationName = "Doofemshmirtz Evil Inc.";
};
fullTextSearch = enabled {
indexAttachments = true;
};
loginAccounts."contact@${head config.mailserver.domains}" = {
aliases = [ "@${head config.mailserver.domains}" ];
hashedPasswordFile = config.secrets.mailPassword.path;
};
};
}

BIN
hosts/disk/mail/password.hash.age
View file

Binary file not shown.

15
hosts/disk/mail/password.plain.age
View file

@ -1,15 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw AZFDaJ2juVpQRex9baxUPiFC4xZyna2G6ysYA4aFQkU
Cg1SJWa8PTiMDB5fOQYx7WcbfPri7nFsuCZuCRquD8c
-> ssh-ed25519 spFFQA vBOffcs6nE2VcGzkQBlhfy0GIWz+/7L09CJ5cQzRhQg
b4ZWVCSDdiF+5zMNK1b+wvG2esRfU+otY5OnVCTvRBo
-> ssh-ed25519 CzqbPQ jPL7pBXMF4QIYkULJhlvinx1hnr+aJclp8jpuLIlp2g
ud5StShENlRhlO+JJyaJciLKVUGW1XQPmPk1u9KXOKo
-> ssh-ed25519 dASlBQ LIRlKcAHsI3kf0MSuR7lpbTXCYRL1g2JjLZs4msYCAw
7o3ESCqC3Jm/5NK52IDGkx0ZQkAZY8eyiBgf9y5mUCI
-> ssh-ed25519 f5VzMA FUHuEsI2aebZiTwODrXpKJnAV4EyaUGE/+gDxwsVixY
XyEpcL1XXuoQU6erVRE2Sv9x8PisaXDBZHdWdelQPTE
-> ssh-ed25519 V6IHIQ IlarCBGBKJGagqo6cL5VhhnETwDdy/nJZ0EoBtfmrH0
QE6Z9Dk5mFcLF0hb1oG53ZWwhf+v0Ena90ocXEk50a0
--- 7kXJ0xIQb1yooKiZ70qZz/5kJvnE7K6uvgFu63PXQC0
6Ö<E280BA>g<EFBFBD>¸ù¿U }õçc;Då)ºex2<78>}†v±Æ`¶kíz#ȱ(

10
hosts/disk/password.floppy.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 spFFQA GwQd6KJsc9NzOs7fVBTyeusvYtpD2KjOqsitNqmgxAg
2U1KsgcT4cKNOjFCWlDfilSfe5+EIW/94nsMITcntSM
-> ssh-ed25519 CzqbPQ G7MWCZj/l2DaviWkph1NBxiMlxjxKO+/jcpPQ5rM+yU
6Nzzd6X+SRkLcdMIm2CQdkimq6UqD/bsTYObgglq5Ns
-> ssh-ed25519 f5VzMA Yho8qwQjRfrjepTOYCvos0pEidzf4sRRkgcZFIx7Th0
K6M3CmEGuZBk5kUFsv31AB8p/KgdcpjXU5uayFQr6ws
--- vzZtwqbz/MdrNaAQ3SYEoeGrHP+yYiI+kv451wRlkdw

p˜­~T³¦úå×ÅáÒÕó»õ¤Í<C2A4>¤(±EdÙÃ\ì$U¶{å "ì l5E[JæœÕõ<C395>.<2E>jõBÀ¿@§T¿u&b«-ÁpPRF¡ç<C2A1>zg"‹ˆÂËâ<r°B3羺îÛ°»…

9
hosts/disk/site6.nix
View file

@ -1,9 +0,0 @@
{ self, lib, ... }: with lib;
systemConfiguration {
imports = [
(self + /hosts/cube/acme)
(self + /hosts/cube/nginx.nix)
(self + /hosts/cube/site.nix)
];
}

56
hosts/nine/default.nix
View file

@ -1,56 +0,0 @@
{ config, lib, keys, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.11";
nixpkgs.hostPlatform = "aarch64-linux";
secrets.id.file = ./id.age;
secrets.sevenPassword.file = ./password.seven.age;
users.users = {
root.hashedPasswordFile = config.secrets.sevenPassword.path;
seven = sudoUser {
description = "Hungry Seven";
openssh.authorizedKeys.keys = keys.admins;
hashedPasswordFile = config.secrets.sevenPassword.path;
};
backup = normalUser {
description = "Backup";
openssh.authorizedKeys.keys = keys.all;
hashedPasswordFile = config.secrets.sevenPassword.path;
};
};
services.openssh.hostKeys = [{
type = "ed25519";
path = config.secrets.id.path;
}];
networking = {
ipv4 = "152.53.2.105";
ipv6 = "2a0a:4cc0::12d9";
domain = "rgbcu.be";
defaultGateway = "152.53.0.1";
defaultGateway6 = "fe80::1";
interfaces.enp4s0 = {
ipv4.addresses = [{
address = config.networking.ipv4;
prefixLength = 22;
}];
ipv6.addresses = [{
address = config.networking.ipv6;
prefixLength = 64;
}];
};
};
})
(homeConfiguration {
home.stateVersion = "23.11";
})

BIN
hosts/nine/github2forgejo/environment.age
View file

Binary file not shown.

12
hosts/nine/github2forgejo/github2forgejo.nix
View file

@ -1,12 +0,0 @@
{ config, lib, ... }: with lib;
systemConfiguration {
secrets.github2forgejoEnvironment = {
file = ./environment.age;
owner = "github2forgejo";
};
services.github2forgejo = enabled {
environmentFile = config.secrets.github2forgejoEnvironment.path;
};
}

31
hosts/nine/hardware.nix
View file

@ -1,31 +0,0 @@
{ config, lib, modulesPath, ... }: with lib;
systemConfiguration {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub = enabled {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
};
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
zramSwap = enabled;
}

BIN
hosts/nine/id.age
View file

Binary file not shown.

16
hosts/nine/mail2.nix
View file

@ -1,16 +0,0 @@
{ config, self, lib, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "mail2.${domain}";
in systemConfiguration {
imports = [(self + /hosts/disk/mail)];
mailserver = {
inherit fqdn;
# Not [ domain ] because this is a backup mailserver. contact@mail2.rgbcu.be.
domains = [ fqdn ];
};
}

BIN
hosts/nine/password.seven.age
View file

Binary file not shown.

9
hosts/pala/blueman.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }: with lib;
systemConfiguration {
services.blueman = enabled;
hardware.bluetooth = enabled {
powerOnBoot = true;
};
}

32
hosts/pala/default.nix
View file

@ -1,24 +1,16 @@
{ config, lib, ... }: with lib; merge
lib: lib.darwinSystem {
networking.hostName = "pala";
(systemConfiguration {
system.stateVersion = "24.11";
nixpkgs.hostPlatform = "aarch64-linux";
time.timeZone = "Europe/Istanbul";
secrets.saidPassword.file = ./password.said.age;
users.users = {
root.hashedPasswordFile = config.secrets.saidPassword.path;
said = sudoUser (desktopUser {
description = "Said";
hashedPasswordFile = config.secrets.saidPassword.path;
});
users.users.pala = {
name = "pala";
home = "/Users/pala";
};
})
(homeConfiguration {
home.stateVersion = "24.11";
})
home-manager.users.pala.home = {
stateVersion = "25.05";
homeDirectory = "/Users/pala";
};
nixpkgs.hostPlatform = "aarch64-darwin";
system.stateVersion = 5;
}

35
hosts/pala/hardware.nix
View file

@ -1,35 +0,0 @@
{ config, lib, ... }: with lib;
systemConfiguration {
virtualisation.vmware.guest = enabled;
boot.loader = {
systemd-boot = enabled {
editor = false;
};
efi.canTouchEfiVariables = true;
};
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"sr_mod"
];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "btrfs";
options = [ "relatime" ];
};
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = [ "relatime" "fmask=0077" "dmask=0077" ];
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
}

9
hosts/pala/password.said.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 CzqbPQ ozAGsEreYHlTYUsRF2mk2HyHsgPFWgG5OnQVHCqjWBU
w6j8Cl7h/TVKBgZ36fJIime4GUDaA75+NAH7BYyQ9rg
-> ssh-ed25519 CzqbPQ eMmV1mSSS+yyI9GznqmBwDEUYPcsIN2uxSyrP3sW+S0
RAIaJhBIIdSfOufhKsoFs8LELJ1bzskeGreSB+qn41o
-> ssh-ed25519 CzqbPQ CDg4IuWX7dLXjOGKj61VbXsULFJjlyr9DZ5bWq3iLmI
b/EK8IoDlN6IoZ9bfG64iQprTqxH6OGK6t9/Vg5KFaw
--- rVFs9eG5vCmvV6TTx1bKIg9bksEZ7nCazlMAu2aJqBw
If$WbÓ<Òaºy/H9 @®<XŒ¡ß]X(»yô<79>)#9WMƒ Nö Y•R~<7E>Í`,iüÃРK©ú½ü4°Aª íÛÆêäåc?ôö€\2NÃʹ§­öÓåÆicý±y

4
keys.nix
View file

@ -2,10 +2,10 @@ let
keys = {
cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkWUQ6Z4OK539tore/R5wnueNPPaX532RUAld8UOCo said@pala";
pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkWUQ6Z4OK539tore/R5wnueNPPaX532RUAld8UOCo pala@pala";
nine = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJDqnItmvXZMTSwzbalr+9jzS4kSJm5PWEpI8GOpebF seven@nine";
};
in keys // {
admins = with keys; [ pala ];
admins = [ keys.pala ];
all = builtins.attrValues keys;
}

6
lib/configuration1.nix
View file

@ -1,6 +0,0 @@
lib: {
systemConfiguration = cfg: cfg;
systemPackages = pkgs: { environment.systemPackages = pkgs; };
systemFonts = pkgs: { fonts.packages = pkgs; };
homeConfiguration = cfg: { home-manager.sharedModules = [ cfg ]; };
}

32
lib/configuration2.nix
View file

@ -1,32 +0,0 @@
lib: config: let
userHomeConfiguration = users: cfg: {
home-manager.users = lib.genAttrs users (lib.const cfg);
};
allNormalUsers = [ "root" ] ++ lib.pipe config.users.users [
(lib.filterAttrs (lib.const (lib.getAttr "isNormalUser")))
lib.attrNames
];
desktopUsers = lib.pipe config.users.users [
(lib.filterAttrs (lib.const (lib.getAttr "isDesktopUser")))
lib.attrNames
];
in rec {
inherit allNormalUsers desktopUsers;
isDesktop = desktopUsers != [];
isServer = desktopUsers == [];
desktopSystemConfiguration = cfg: lib.optionalAttrs isDesktop cfg;
desktopSystemPackages = pkgs: desktopSystemConfiguration (lib.systemPackages pkgs);
desktopSystemFonts = pkgs: desktopSystemConfiguration (lib.systemFonts pkgs);
desktopUserHomeConfiguration = cfg: userHomeConfiguration desktopUsers cfg;
desktopUserHomePackages = pkgs: desktopUserHomeConfiguration { home.packages = pkgs; };
desktopHomeConfiguration = cfg: desktopSystemConfiguration (lib.homeConfiguration cfg);
desktopHomePackages = pkgs: desktopHomeConfiguration { home.packages = pkgs; };
serverSystemConfiguration = cfg: lib.optionalAttrs isServer cfg;
serverSystemPackages = pkgs: serverSystemConfiguration (lib.systemPackages pkgs);
serverHomeConfiguration = cfg: serverSystemConfiguration (lib.homeConfiguration cfg);
}

5
lib/default.nix Normal file
View file

@ -0,0 +1,5 @@
inputs: self: super: let
option = import ./option.nix inputs self super;
system = import ./system.nix inputs self super;
values = import ./values.nix inputs self super;
in option // system // values

11
lib/enabled.nix
View file

@ -1,11 +0,0 @@
lib: {
enabled = lib.mkMerge [{
enable = true;
}] // {
__functor = self: attributes: self // {
contents = self.contents ++ [ attributes ];
};
};
disabled = { enable = lib.mkForce false; };
}

7
lib/merge.nix
View file

@ -1,7 +0,0 @@
lib: {
merge = lib.mkMerge [] // {
__functor = self: next: self // {
contents = self.contents ++ [ next ];
};
};
}

10
lib/modules.nix
View file

@ -1,10 +0,0 @@
lib: {
mkConst = value: lib.mkOption {
default = value;
readOnly = true;
};
mkValue = value: lib.mkOption {
default = value;
};
}

12
lib/option.nix Normal file
View file

@ -0,0 +1,12 @@
_: _: super: let
inherit (super) mkOption;
in {
mkConst = value: mkOption {
default = value;
readOnly = true;
};
mkValue = default: mkOption {
inherit default;
};
}

53
lib/system.nix Normal file
View file

@ -0,0 +1,53 @@
inputs: self: super: let
inherit (self) attrValues filter getAttrFromPath hasAttrByPath hasSuffix;
inherit (self.filesystem) listFilesRecursive;
collect = path: listFilesRecursive path
|> filter (hasSuffix ".nix");
commonModules = collect ../modules/common;
nixosModules = collect ../modules/nixos;
darwinModules = collect ../modules/darwin;
collectInputs = let
inputs' = attrValues inputs;
in path: inputs'
|> filter (hasAttrByPath path)
|> map (getAttrFromPath path);
inputNixosModules = collectInputs [ "nixosModules" "default" ];
inputDarwinModules = collectInputs [ "darwinModules" "default" ];
inputOverlays = collectInputs [ "overlays" "default" ];
overlayModule = { nixpkgs.overlays = inputOverlays; };
in {
nixosSystem = module: super.nixosSystem {
modules = [
module
overlayModule
] ++ commonModules
++ nixosModules
++ inputNixosModules;
specialArgs = inputs // {
inherit inputs;
lib = self;
};
};
darwinSystem = module: super.darwinSystem {
modules = [
module
overlayModule
] ++ commonModules
++ darwinModules
++ inputDarwinModules;
specialArgs = inputs // {
inherit inputs;
lib = self;
};
};
}

31
lib/values.nix
View file

@ -1,19 +1,18 @@
lib: {
normalUser = attributes: attributes // {
isNormalUser = true;
_: self: _: let
inherit (self) merge mkMerge;
in {
# When the block has a `_type` attribute in the NixOS
# module system, anything not immediately relevant is
# silently ignored. We can make use of that by adding
# a `__functor` attribute, which lets us call the set.
merge = mkMerge [] // {
__functor = self: next: self // {
# Technically, `contents` is implementation defined
# but nothing ever happens, so we can rely on this.
contents = self.contents ++ [ next ];
};
};
sudoUser = attributes: attributes // {
isNormalUser = true;
extraGroups = [ "wheel" ] ++ attributes.extraGroups or [];
};
desktopUser = attributes: attributes // {
isNormalUser = true;
isDesktopUser = true; # Defined in options/desktop.nix.
};
systemUser = attributes: attributes // {
isSystemUser = true;
};
enabled = merge { enable = true; };
disabled = merge { enable = false; };
}

20
modules/_discord.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }: with lib; merge
(desktopUserHomeConfiguration {
xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss;
})
(desktopUserHomePackages (with pkgs; [
((discord.override {
withOpenASAR = true;
withVencord = true;
}).overrideAttrs (old: {
nativeBuildInputs = old.nativeBuildInputs ++ [ makeWrapper ];
postFixup = ''
wrapProgram $out/opt/Discord/Discord \
--set ELECTRON_OZONE_PLATFORM_HINT "auto" \
--add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland"
'';
}))
]))

10
modules/_steam.nix
View file

@ -1,10 +0,0 @@
{ lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
# Steam uses 32-bit drivers for some unholy fucking reason.
hardware.graphics.enable32Bit = true;
})
(desktopUserHomePackages (with pkgs; [
steam
]))

13
modules/agenix.nix
View file

@ -1,13 +0,0 @@
{ lib, pkgs, ... }: with lib; merge
(systemConfiguration {
age.identityPaths = [ "/root/.ssh/id" ];
})
(desktopSystemConfiguration {
environment.shellAliases.agenix = "agenix --identity ~/.ssh/id";
})
(desktopSystemPackages (with pkgs; [
agenix
]))

22
modules/bat.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment.variables = {
MANPAGER = "bat --plain";
PAGER = "bat --plain";
};
environment.shellAliases = {
cat = "bat";
less = "bat --plain";
};
})
(homeConfiguration {
programs.bat = enabled {
config.theme = "base16";
themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme;
config.pager = "less -FR";
};
})

11
modules/btop.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }: with lib;
homeConfiguration {
xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme;
programs.btop = enabled {
settings.color_theme = "base16";
settings.rounded_corners = config.theme.cornerRadius > 0;
};
}

17
modules/common/agenix.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }: let
inherit (lib) attrNames head mkAliasOptionModule mkIf;
in {
imports = [(mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ])];
age.identityPaths = [
(if config.isLinux then
"/root/.ssh/id"
else
"/Users/${config.users.users |> attrNames |> head}/.ssh/id")
];
environment = mkIf config.isDesktop {
shellAliases.agenix = "agenix --identity ~/.ssh/id";
systemPackages = [ pkgs.agenix ];
};
}

20
modules/common/bat.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: let
inherit (lib) enabled;
in {
environment.variables = {
MANPAGER = "bat --plain";
PAGER = "bat --plain";
};
environment.shellAliases = {
cat = "bat";
less = "bat --plain";
};
home-manager.sharedModules = [{
programs.bat = enabled {
config.theme = "base16";
themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme;
config.pager = "less -FR";
};
}];
}

13
modules/common/btop.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }: let
inherit (lib) enabled;
in {
home-manager.sharedModules = [{
xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme;
programs.btop = enabled {
settings.color_theme = "base16";
settings.rounded_corners = config.theme.cornerRadius > 0;
};
}];
}

22
modules/common/discord.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }: let
inherit (lib) merge mkIf;
in merge <| mkIf config.isDesktop {
home-manager.sharedModules = [{
xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss;
}];
environment.systemPackages = mkIf config.isLinux [
((pkgs.discord.override {
withOpenASAR = true;
withVencord = true;
}).overrideAttrs (old: {
nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.makeWrapper ];
postFixup = ''
wrapProgram $out/opt/Discord/Discord \
--set ELECTRON_OZONE_PLATFORM_HINT "auto" \
--add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland"
'';
}))
];
}

24
modules/common/dns.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, ... }: let
inherit (lib) mkConst;
in {
options.dnsServers = mkConst [
"45.90.28.0#7f2bf8.dns.nextdns.io"
"2a07:a8c0::#7f2bf8.dns.nextdns.io"
"45.90.30.0#7f2bf8.dns.nextdns.io"
"2a07:a8c1::#7f2bf8.dns.nextdns.io"
];
options.fallbackDnsServers = mkConst [
"1.1.1.1#one.one.one.one"
"2606:4700:4700::1111#one.one.one.one"
"1.0.0.1#one.one.one.one"
"2606:4700:4700::1001#one.one.one.one"
"8.8.8.8#dns.google"
"2001:4860:4860::8888#dns.google"
"8.8.4.4#dns.google"
"2001:4860:4860::8844#dns.google"
];
}

78
modules/common/ghostty.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, lib, pkgs, ... }: let
inherit (lib) enabled mapAttrsToList merge mkIf;
in merge <| mkIf config.isDesktop {
home-manager.sharedModules = [{
programs.nushell.environmentVariables = {
TERMINAL = mkIf config.isLinux "ghostty";
TERM_PROGRAM = mkIf config.isDarwin "ghostty";
};
programs.ghostty = enabled {
# Don't actually install Ghostty if we are on Darwin.
# For some reason it is marked as broken.
package = mkIf config.isDarwin <| pkgs.writeScriptBin "not-ghostty" "";
# Bat syntax points to emptyDirectory.
installBatSyntax = !config.isDarwin;
clearDefaultKeybinds = true;
settings = with config.theme; {
font-size = font.size.normal;
font-family = font.mono.name;
window-padding-x = padding;
window-padding-y = padding;
confirm-close-surface = false;
window-decoration = config.isDarwin;
config-file = toString <| pkgs.writeText "base16-config" ghosttyConfig;
keybind = mapAttrsToList (name: value: "ctrl+shift+${name}=${value}") {
c = "copy_to_clipboard";
v = "paste_from_clipboard";
z = "jump_to_prompt:-2";
x = "jump_to_prompt:2";
h = "write_scrollback_file:paste";
i = "inspector:toggle";
page_down = "scroll_page_fractional:0.33";
down = "scroll_page_lines:1";
j = "scroll_page_lines:1";
page_up = "scroll_page_fractional:-0.33";
up = "scroll_page_lines:-1";
k = "scroll_page_lines:-1";
home = "scroll_to_top";
end = "scroll_to_bottom";
enter = "reset_font_size";
plus = "increase_font_size:1";
minus = "decrease_font_size:1";
t = "new_tab";
q = "close_surface";
"physical:one" = "goto_tab:1";
"physical:two" = "goto_tab:2";
"physical:three" = "goto_tab:3";
"physical:four" = "goto_tab:4";
"physical:five" = "goto_tab:5";
"physical:six" = "goto_tab:6";
"physical:seven" = "goto_tab:7";
"physical:eight" = "goto_tab:8";
"physical:nine" = "goto_tab:9";
"physical:zero" = "goto_tab:10";
} ++ mapAttrsToList (name: value: "ctrl+${name}=${value}") {
"physical:tab" = "next_tab";
"shift+physical:tab" = "previous_tab";
};
};
};
}];
}

161
modules/common/git.nix Normal file
View file

@ -0,0 +1,161 @@
{ self, config, lib, pkgs, ... }: let
inherit (lib) head mkAfter enabled merge mkIf;
inherit (lib.strings) match;
in {
environment.shellAliases = merge {
g = "git";
ga = "git add";
gaa = "git add ./";
gab = "git absorb";
gabr = "git absorb --and-rebase";
gb = "git branch";
gbv = "git branch --verbose";
gc = "git commit";
gca = "git commit --amend --no-edit";
gcm = "git commit --message";
gcam = "git commit --amend --message";
gcl = "git clone";
gd = "git diff";
gds = "git diff --staged";
gp = "git push";
gpf = "git push --force-with-lease";
gl = "git log";
glo = "git log --oneline --graph";
glp = "git log -p --ext-diff";
gpl = "git pull";
gplr = "git pull --rebase";
gplff = "git pull --ff-only";
gr = "git recent";
grb = "git rebase";
grba = "git rebase --abort";
grbc = "git rebase --continue";
grbi = "git rebase --interactive";
grbm = "git rebase master";
grl = "git reflog";
grm = "git remote";
grma = "git remote add";
grmv = "git remote --verbose";
grmsu = "git remote set-url";
grs = "git reset";
grsh = "git reset --hard";
gs = "git stash";
gsp = "git stash pop";
gsw = "git switch";
gswm = "git switch master";
gsh = "git show --ext-diff";
gst = "git status";
} <| mkIf config.isDesktop {
"\"??\"" = "gh copilot suggest --target shell";
"\"gh?\"" = "gh copilot suggest --target gh";
"\"git?\"" = "gh copilot suggest --target git";
};
environment.systemPackages = [
pkgs.git-absorb
pkgs.tig
];
home-manager.sharedModules = [
(let
# TODO: gitUrl = self.cube.services.forgejo.settings.server.ROOT_URL;
gitUrl = "https://git.rgbcu.be/";
gitDomain = head <| match "https://(.*)/" gitUrl;
# TODO: mailDomain = head self.disk.mailserver.domains;
mailDomain = "rgbcu.be";
in {
programs.nushell.configFile.text = mkAfter ''
# Sets the remote origin to the specified user and repository on my git instance
def gsr [user_and_repo: string] {
let user_and_repo = if ($user_and_repo | str index-of "/") != -1 {
$user_and_repo
} else {
"RGBCube/" + $user_and_repo
}
git remote add origin ("${gitUrl}" + $user_and_repo)
}
'';
programs.git = enabled {
package = pkgs.gitFull;
userName = "RGBCube";
userEmail = "git@${mailDomain}";
lfs = enabled;
difftastic = enabled {
background = "dark";
};
extraConfig = merge {
init.defaultBranch = "master";
commit.verbose = true;
log.date = "iso";
column.ui = "auto";
branch.sort = "-committerdate";
tag.sort = "version:refname";
diff.algorithm = "histogram";
diff.colorMoved = "default";
pull.rebase = true;
push.autoSetupRemote = true;
merge.conflictStyle = "zdiff3";
rebase.autoSquash = true;
rebase.autoStash = true;
rebase.updateRefs = true;
rerere.enabled = true;
fetch.fsckObjects = true;
receive.fsckObjects = true;
transfer.fsckobjects = true;
# https://bernsteinbear.com/git
alias.recent = "! git branch --sort=-committerdate --format=\"%(committerdate:relative)%09%(refname:short)\" | head -10";
} <| mkIf config.isDesktop {
core.sshCommand = "ssh -i ~/.ssh/id";
url."ssh://git@github.com/".insteadOf = "https://github.com/";
# TODO: url."ssh://forgejo@${gitDomain}:${toString (head self.cube.services.openssh.ports)}/".insteadOf = gitUrl;
url."ssh://forgejo@${gitDomain}:2222/".insteadOf = gitUrl;
commit.gpgSign = true;
tag.gpgSign = true;
gpg.format = "ssh";
user.signingKey = "~/.ssh/id";
};
};
})
(mkIf config.isDesktop {
programs.gh = enabled {
settings.git_protocol = "ssh";
};
})
];
}

196
modules/common/helix.nix Normal file
View file

@ -0,0 +1,196 @@
{ config, lib, pkgs, ... }: let
inherit (lib) const enabled genAttrs mkAfter mkIf;
in {
environment = {
variables.EDITOR = "hx";
shellAliases.x = "hx";
};
home-manager.sharedModules = [{
programs.nushell.configFile.text = mkIf (config.isDesktop && config.isLinux) <| mkAfter ''
def --wrapped hx [...arguments] {
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=0
}
^hx ...$arguments
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=${toString config.theme.padding}
}
}
'';
programs.helix = enabled {
languages.language = let
denoFormatter = language: {
command = "deno";
args = [ "fmt" "-" "--ext" language ];
};
denoFormatterLanguages = map (name: {
inherit name;
auto-format = true;
formatter = denoFormatter name;
}) [ "markdown" "json" ];
prettier = language: {
command = "prettier";
args = [ "--parser" language ];
};
prettierLanguages = map (name: {
inherit name;
auto-format = true;
formatter = prettier name;
}) [ "css" "scss" "yaml" ];
in denoFormatterLanguages ++ prettierLanguages ++ [
{
name = "nix";
auto-format = false;
formatter.command = "alejandra";
}
{
name = "html";
# Added vto.
file-types = [ "asp" "aspx" "htm" "html" "jshtm" "jsp" "rhtml" "shtml" "volt" "vto" "xht" "xhtml" ];
auto-format = false;
formatter = prettier "html";
}
{
name = "javascript";
auto-format = true;
formatter = denoFormatter "js";
language-servers = [ "deno" ];
}
{
name = "jsx";
auto-format = true;
formatter = denoFormatter "jsx";
language-servers = [ "deno" ];
}
{
name = "typescript";
auto-format = true;
formatter = denoFormatter "ts";
language-servers = [ "deno" ];
}
{
name = "tsx";
auto-format = true;
formatter = denoFormatter "tsx";
language-servers = [ "deno" ];
}
];
languages.language-server = {
deno = {
command = "deno";
args = [ "lsp" ];
environment.NO_COLOR = "1";
config.deno = enabled {
lint = true;
unstable = true;
suggest.imports.hosts."https://deno.land" = true;
inlayHints = {
enumMemberValues.enabled = true;
functionLikeReturnTypes.enabled = true;
parameterNames.enabled = "all";
parameterTypes.enabled = true;
propertyDeclarationTypes.enabled = true;
variableTypes.enabled = true;
};
};
};
rust-analyzer.config.check.command = "clippy";
};
settings.theme = "gruvbox_dark_hard";
settings.editor = {
color-modes = true;
completion-replace = true;
completion-trigger-len = 0;
cursor-shape.insert = "bar";
cursorline = true;
bufferline = "multiple";
file-picker.hidden = false;
idle-timeout = 0;
line-number = "relative";
shell = [ "bash" "-c" ];
text-width = 100;
};
settings.editor.indent-guides = {
character = "";
render = true;
};
settings.editor.statusline.mode = {
insert = "INSERT";
normal = "NORMAL";
select = "SELECT";
};
settings.editor.whitespace = {
characters.tab = "";
render.tab = "all";
};
settings.keys = genAttrs [ "normal" "select" ] (const {
D = "extend_to_line_end";
});
};
}];
environment.systemPackages = mkIf config.isDesktop [
# CMAKE
pkgs.cmake-language-server
# GO
pkgs.gopls
# HTML
pkgs.vscode-langservers-extracted
pkgs.nodePackages_latest.prettier
# KOTLIN
pkgs.kotlin-language-server
# LATEX
pkgs.texlab
# LUA
pkgs.lua-language-server
# MARKDOWN
pkgs.marksman
# NIX
pkgs.alejandra
pkgs.nil
# PYTHON
pkgs.python311Packages.python-lsp-server
# RUST
pkgs.rust-analyzer-nightly
# TYPESCRIPT & OTHERS
pkgs.deno
# YAML
pkgs.yaml-language-server
# ZIG
pkgs.zls
];
}

6
modules/common/home-manager.nix Normal file
View file

@ -0,0 +1,6 @@
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
}

61
modules/common/nix.nix Normal file
View file

@ -0,0 +1,61 @@
{ self, config, inputs, lib, pkgs, ... }: let
inherit (lib) concatStringsSep const disabled filterAttrs flip isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs;
inherit (lib.strings) toJSON;
registryMap = inputs
|> filterAttrs (const <| isType "flake");
in {
# We don't want this to be garbage collected away because if
# that happens rebuilds are slow thanks to my garbage WiFi.
environment.etc.".system-inputs.json".text = toJSON registryMap;
nix.nixPath = registryMap
|> mapAttrsToList (name: value: "${name}=${value}")
|> concatStringsSep ":";
nix.registry = registryMap // { default = inputs.nixpkgs; }
|> mapAttrs (_: flake: { inherit flake; });
nix.channel = disabled;
nix.settings = (import <| self + /flake.nix).nixConfig
|> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []);
nix.gc = merge {
automatic = true;
options = "--delete-older-than 3d";
} <| optionalAttrs config.isLinux {
dates = "weekly";
persistent = true;
};
nix.optimise.automatic = true;
environment.systemPackages = [
pkgs.nh
pkgs.nix-index
pkgs.nix-output-monitor
];
home-manager.sharedModules = [{
programs.nushell.configFile.text = mkAfter ''
def --wrapped nr [program: string = "", ...arguments] {
if ($program | str contains "#") or ($program | str contains ":") {
nix run $program -- ...$arguments
} else {
nix run ("default#" + $program) -- ...$arguments
}
}
def --wrapped ns [...programs] {
nix shell ...($programs | each {
if ($in | str contains "#") or ($in | str contains ":") {
$in
} else {
"default#" + $in
}
})
}
'';
}];
}

0
modules/nushell/configuration.nu → modules/common/nushell/configuration.nu
View file

92
modules/common/nushell/default.nix Normal file
View file

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }: let
inherit (lib) enabled filter first foldl' getExe last match mkIf nameValuePair optionalAttrs readFile removeAttrs splitString;
in {
users = optionalAttrs config.isLinux { defaultUserShell = pkgs.nushell; };
environment.shells = mkIf config.isDarwin [ pkgs.nushell ];
environment.shellAliases = {
la = "ls --all";
lla = "ls --long --all";
sl = "ls";
cp = "cp --recursive --verbose --progress";
mk = "mkdir";
mv = "mv --verbose";
rm = "rm --recursive --verbose";
pstree = "pstree -g 2";
tree = "tree -CF --dirsfirst";
};
environment.systemPackages = [
pkgs.fish # For completions.
pkgs.zoxide # For completions and better cd.
];
environment.variables.STARSHIP_LOG = "error";
home-manager.sharedModules = [(homeArgs: {
xdg.configFile = {
"nushell/zoxide.nu".source = pkgs.runCommand "zoxide.nu" {} ''
${getExe pkgs.zoxide} init nushell --cmd cd > $out
'';
"nushell/ls_colors.txt".source = pkgs.runCommand "ls_colors.txt" {} ''
${getExe pkgs.vivid} generate gruvbox-dark-hard > $out
'';
"nushell/starship.nu".source = pkgs.runCommand "starship.nu" {} ''
${getExe pkgs.starship} init nu > $out
'';
};
programs.starship = enabled {
# No because we are doing it at build time instead of the way
# this retarded does it. Why the hell do you generate the config
# every time the shell is launched?
enableNushellIntegration = false;
settings = {
command_timeout = 100;
scan_timeout = 20;
cmd_duration.show_notifications = config.isDesktop;
package.disabled = config.isServer;
character.error_symbol = "";
character.success_symbol = "";
};
};
programs.nushell = enabled {
configFile.text = readFile ./configuration.nu;
envFile.text = readFile ./environment.nu;
environmentVariables = let
environmentVariables = config.environment.variables;
homeVariables = homeArgs.config.home.sessionVariables;
homeVariablesExtra = pkgs.runCommand "home-variables-extra.env" {} ''
alias export=echo
# echo foo > $out
# FIXME
eval $(cat ${homeArgs.config.home.sessionVariablesPackage}/etc/profile.d/hm-session-vars.sh) > $out
''
# |> (aaa: (_: break _) aaa)
|> readFile
|> splitString "\n"
|> filter (s: s != "")
|> map (match "([^=]+)=(.*)")
|> map (keyAndValue: nameValuePair (first keyAndValue) (last keyAndValue))
|> foldl' (x: y: x // y) {};
in environmentVariables // homeVariables // homeVariablesExtra;
shellAliases = removeAttrs config.environment.shellAliases [ "ls" "l" ] // {
cdtmp = "cd (mktemp --directory)";
ll = "ls --long";
};
};
})];
}

0
modules/nushell/environment.nu → modules/common/nushell/environment.nu
View file

58
modules/common/packages.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, lib, pkgs, ... }: let
inherit (lib) optionals;
in {
environment.systemPackages = [
pkgs.asciinema
pkgs.cowsay
pkgs.curlHTTP3
pkgs.dig
pkgs.doggo
pkgs.fastfetch
pkgs.fd
(pkgs.fortune.override { withOffensive = true; })
pkgs.hyperfine
pkgs.moreutils
pkgs.openssl
pkgs.p7zip
pkgs.pstree
pkgs.rsync
pkgs.timg
pkgs.tree
pkgs.uutils-coreutils-noprefix
pkgs.yazi
pkgs.yt-dlp
] ++ optionals config.isLinux [
pkgs.traceroute
pkgs.usbutils
pkgs.strace
] ++ optionals config.isDesktop [
pkgs.clang_16
pkgs.clang-tools_16
pkgs.deno
pkgs.gh
pkgs.go
pkgs.jdk
pkgs.lld
pkgs.maven
pkgs.zig
pkgs.element-desktop
pkgs.qbittorrent
] ++ optionals (config.isLinux && config.isDesktop) [
pkgs.thunderbird
pkgs.whatsapp-for-linux
pkgs.zulip
pkgs.fractal
pkgs.obs-studio
pkgs.krita
pkgs.libreoffice
pkgs.hunspellDicts.en_US
pkgs.hunspellDicts.en_GB-ize
];
}

10
modules/common/python.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }: {
environment.systemPackages = [
(pkgs.python311.withPackages (pkgs: [
pkgs.pip
pkgs.requests
]))
pkgs.uv
];
}

14
modules/common/ripgrep.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, ... }: let
inherit (lib) enabled;
in {
environment.shellAliases.todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold'';
home-manager.sharedModules = [{
programs.ripgrep = enabled {
arguments = [
"--line-number"
"--smart-case"
];
};
}];
}

18
modules/common/rust.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs, ... }: {
environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
environment.systemPackages = [
pkgs.cargo-expand
pkgs.cargo-fuzz
pkgs.evcxr
(pkgs.fenix.complete.withComponents [
"cargo"
"clippy"
"rust-src"
"rustc"
"rustfmt"
])
];
}

12
modules/common/ssh/config.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw nOt0AMht8Aod+1V2bTWMJnMWtYVm8AckH27mnwFAQS4
rBp+kJFoQwh8jD0q5Dv9O6O/iT7tTbPioQGUnOE4Eyc
-> ssh-ed25519 spFFQA 7s4U2WKZZwRIYRsZNBmnXI7Yawkh7ZZ0YuTDeaoHCww
NX/akV5Cj5WEyeg86kd2JVPGq8f54oixuyR020c6aqs
-> ssh-ed25519 dASlBQ fGx+vne56PxD8gaACu1f8iR+Nhscxqs292rH4uEeChc
mVq1++pve3Kk0kRbhf4LCTutiEJBEbmsy4fVS+QYrYM
-> ssh-ed25519 CzqbPQ Pj0lZnFQXqQrJk9fyi15923rqnVA2GbhR+kRxNMm3Ec
yu14hvCAV2MzexoDeiza5CfisuKC5e1p2JbDHbyPy0E
--- 8UNtL1+o7GYCfWOYk0E+mIXFt3kb7NhAVzTnBkx0YPQ
årm÷õJ)Á²4¢UCßܘ¸JÕÃ`°çvY,ÜÚ<C39C>ô˜Áâ|<7C>`¶'[œw"þ@I
.'Ã{nkEÐø@Õ §­Ô6È

61
modules/common/ssh/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ self, config, lib, pkgs, ... }: let
inherit (lib) enabled mkIf;
controlPath = "~/.ssh/control";
in {
secrets.sshConfig = {
file = ./config.age;
mode = "444";
};
home-manager.sharedModules = [{
home.activation.createControlPath = {
after = [ "writeBoundary" ];
before = [];
data = "mkdir --parents ${controlPath}";
};
programs.ssh = enabled {
controlMaster = "auto";
controlPath = "${controlPath}/%r@%n:%p";
controlPersist = "60m";
serverAliveCountMax = 2;
serverAliveInterval = 60;
includes = [ config.secrets.sshConfig.path ];
matchBlocks = {
"*" = {
setEnv.COLORTERM = "truecolor";
setEnv.TERM = "xterm-256color";
identityFile = "~/.ssh/id";
};
# TODO: Maybe autogenerate these?
# cube = {
# hostname = self.cube.networking.ipv4;
# user = "rgb";
# port = 2222;
# };
# disk = {
# hostname = self.disk.networking.ipv4;
# user = "floppy";
# port = 2222;
# };
# nine = {
# hostname = self.nine.networking.ipv4;
# user = "seven";
# port = 2222;
# };
};
};
}];
environment.systemPackages = mkIf config.isDesktop [
pkgs.mosh
];
}

13
modules/common/system.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }: let
inherit (lib) any elem last mapAttrsToList mkConst splitString;
in {
options = {
os = mkConst <| last <| splitString "-" config.nixpkgs.hostPlatform.system;
isLinux = mkConst <| config.os == "linux";
isDarwin = mkConst <| config.os == "darwin";
isDesktop = mkConst <| config.isDarwin || (any <| mapAttrsToList (_: value: elem "graphical" value.extraGroups) config.users.users);
isServer = mkConst <| !config.isDesktop;
};
}

7
modules/common/tailscale.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }: let
inherit (lib) enabled;
in {
environment.shellAliases.ts = "sudo tailscale";
services.tailscale = enabled;
}

5
modules/termbin.nix → modules/common/termbin.nix
View file

@ -1,5 +1,4 @@
{ lib, ... }: with lib;
systemConfiguration {
{
environment.shellAliases.tb = "nc termbin.com 9999";
}

13
options/theme.nix → modules/common/theme.nix
View file

@ -1,6 +1,8 @@
{ lib, pkgs, themes, ... }: {
options.theme = lib.mkValue (themes.custom (themes.raw.gruvbox-dark-hard // {
cornerRadius = 0;
{ lib, pkgs, themes, ... }: let
inherit (lib) mkValue;
in {
options.theme = mkValue <| themes.custom <| themes.raw.gruvbox-dark-hard // {
cornerRadius = 4;
borderWidth = 2;
margin = 0;
@ -13,9 +15,10 @@
font.sans.package = pkgs.lexend;
font.mono.name = "JetBrainsMono Nerd Font";
font.mono.package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono"]; };
font.mono.package = pkgs.nerd-fonts.jetbrains-mono;
icons.name = "Gruvbox-Plus-Dark";
icons.package = pkgs.gruvbox-plus-icons;
}));
};
}

10
modules/common/w3m.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }: {
environment.shellAliases = {
ddg = "w3m lite.duckduckgo.com";
web = "w3m";
};
environment.systemPackages = [
pkgs.w3m
];
}

6
modules/darwin/aerospace.nix Normal file
View file

@ -0,0 +1,6 @@
{ lib, ... }: let
inherit (lib) enabled;
in {
services.aerospace = enabled {
};
}

14
modules/darwin/dns.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }: let
inherit (lib) head map splitString;
in {
# Yeah, no DNSSEC or DoT or anything.
# That's what you get for using Darwin I guess.
networking.dns = config.dnsServers
|> map (splitString "#")
|> map head;
networking.knownNetworkServices = [
"Thunderbolt Bridge"
"Wi-Fi"
];
}

25
modules/endlessh-go.nix
View file

@ -1,25 +0,0 @@
{ lib, pkgs, ... }: with lib;
let
fakeSSHPort = 22;
in serverSystemConfiguration {
services.prometheus.exporters.endlessh-go = enabled {
listenAddress = "[::]";
};
# `services.endlessh-go.openFirewall` exposes both the Prometheus
# exporters port and the SSH port, and we don't want the metrics
# to leak, so we manually expose this like so.
networking.firewall.allowedTCPPorts = [ fakeSSHPort ];
services.endlessh-go = enabled {
listenAddress = "[::]";
port = fakeSSHPort;
extraOptions = [
"-alsologtostderr"
"-geoip_supplier max-mind-db"
"-max_mind_db ${pkgs.clash-geoip}/etc/clash/Country.mmdb"
];
};
}

25
modules/firefox.nix
View file

@ -1,25 +0,0 @@
{ config, lib, ... }: with lib;
desktopUserHomeConfiguration {
programs.firefox = enabled {
profiles.default = {
settings = with config.theme.font; {
"general.autoScroll" = true;
"privacy.donottrackheader.enabled" = true;
"browser.fixup.domainsuffixwhitelist.idk" = true;
"font.name.serif.x-western" = sans.name;
"font.size.variable.x-western" = builtins.ceil (1.3 * size.normal);
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
userChrome = ''
#TabsToolbar {
visibility: collapse;
}
'';
};
};
}

66
modules/ghostty.nix
View file

@ -1,66 +0,0 @@
{ config, lib, pkgs, ... }: with lib;
desktopUserHomeConfiguration {
programs.nushell.environmentVariables.TERMINAL = "ghostty";
programs.ghostty = enabled {
clearDefaultKeybinds = true;
settings = with config.theme; {
font-size = font.size.normal;
font-family = font.mono.name;
window-padding-x = padding;
window-padding-y = padding;
confirm-close-surface = false;
window-decoration = false;
config-file = toString (pkgs.writeText "base16-config" ghosttyConfig);
keybind = (mapAttrsToList (name: value: "ctrl+shift+${name}=${value}") {
c = "copy_to_clipboard";
v = "paste_from_clipboard";
z = "jump_to_prompt:-2";
x = "jump_to_prompt:2";
h = "write_scrollback_file";
i = "inspector:toggle";
page_down = "scroll_page_fractional:0.33";
down = "scroll_page_lines:1";
j = "scroll_page_lines:1";
page_up = "scroll_page_fractional:-0.33";
up = "scroll_page_lines:-1";
k = "scroll_page_lines:-1";
home = "scroll_to_top";
end = "scroll_to_bottom";
"physical:kp_enter" = "reset_font_size";
"physical:kp_add" = "increase_font_size:1";
"physical:kp_subtract" = "decrease_font_size:1";
t = "new_tab";
q = "close_surface";
"physical:one" = "goto_tab:1";
"physical:two" = "goto_tab:2";
"physical:three" = "goto_tab:3";
"physical:four" = "goto_tab:4";
"physical:five" = "goto_tab:5";
"physical:six" = "goto_tab:6";
"physical:seven" = "goto_tab:7";
"physical:eight" = "goto_tab:8";
"physical:nine" = "goto_tab:9";
"physical:zero" = "goto_tab:10";
}) ++ (mapAttrsToList (name: value: "ctrl+${name}=${value}") {
"physical:tab" = "next_tab";
"shift+physical:tab" = "previous_tab";
});
};
};
}

159
modules/git.nix
View file

@ -1,159 +0,0 @@
{ self, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment.shellAliases = {
g = "git";
ga = "git add";
gaa = "git add ./";
gab = "git absorb";
gabr = "git absorb --and-rebase";
gb = "git branch";
gbv = "git branch --verbose";
gc = "git commit";
gca = "git commit --amend --no-edit";
gcm = "git commit --message";
gcam = "git commit --amend --message";
gcl = "git clone";
gd = "git diff";
gds = "git diff --staged";
gp = "git push";
gpf = "git push --force-with-lease";
gl = "git log";
glo = "git log --oneline --graph";
glp = "git log -p --ext-diff";
gpl = "git pull";
gplr = "git pull --rebase";
gplff = "git pull --ff-only";
gr = "git recent";
grb = "git rebase";
grba = "git rebase --abort";
grbc = "git rebase --continue";
grbi = "git rebase --interactive";
grbm = "git rebase master";
grl = "git reflog";
grm = "git remote";
grma = "git remote add";
grmv = "git remote --verbose";
grmsu = "git remote set-url";
grs = "git reset";
grsh = "git reset --hard";
gs = "git stash";
gsp = "git stash pop";
gsw = "git switch";
gswm = "git switch master";
gsh = "git show --ext-diff";
gst = "git status";
};
})
(let
gitUrl = self.cube.services.forgejo.settings.server.ROOT_URL;
gitDomain = head (strings.match "https://(.*)/" gitUrl);
mailDomain = head self.disk.mailserver.domains;
in homeConfiguration {
programs.nushell.configFile.text = mkAfter ''
# Sets the remote origin to the specified user and repository on my git instance
def gsr [user_and_repo: string] {
let user_and_repo = if ($user_and_repo | str index-of "/") != -1 {
$user_and_repo
} else {
"RGBCube/" + $user_and_repo
}
git remote add origin ("${gitUrl}" + $user_and_repo)
}
'';
programs.git = enabled {
package = pkgs.gitFull;
userName = "RGBCube";
userEmail = "git@${mailDomain}";
lfs = enabled;
difftastic = enabled {
background = "dark";
};
extraConfig = merge {
init.defaultBranch = "master";
commit.verbose = true;
log.date = "iso";
column.ui = "auto";
branch.sort = "-committerdate";
tag.sort = "version:refname";
diff.algorithm = "histogram";
diff.colorMoved = "default";
pull.rebase = true;
push.autoSetupRemote = true;
merge.conflictStyle = "zdiff3";
rebase.autoSquash = true;
rebase.autoStash = true;
rebase.updateRefs = true;
rerere.enabled = true;
fetch.fsckObjects = true;
receive.fsckObjects = true;
transfer.fsckobjects = true;
# https://bernsteinbear.com/git
alias.recent = "! git branch --sort=-committerdate --format=\"%(committerdate:relative)%09%(refname:short)\" | head -10";
} (mkIf isDesktop {
core.sshCommand = "ssh -i ~/.ssh/id";
url."ssh://git@github.com/".insteadOf = "https://github.com/";
url."ssh://forgejo@${gitDomain}:${toString (head self.cube.services.openssh.ports)}/".insteadOf = gitUrl;
commit.gpgSign = true;
tag.gpgSign = true;
gpg.format = "ssh";
user.signingKey = "~/.ssh/id";
});
};
})
(desktopSystemConfiguration {
environment.shellAliases = {
"??" = "gh copilot suggest --target shell";
"gh?" = "gh copilot suggest --target gh";
"git?" = "gh copilot suggest --target git";
};
})
(desktopHomeConfiguration {
programs.gh = enabled {
settings.git_protocol = "ssh";
};
})
(systemPackages (with pkgs; [
git-absorb
tig
]))

27
modules/gtk.nix
View file

@ -1,27 +0,0 @@
{ config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
programs.dconf = enabled;
})
(desktopUserHomeConfiguration {
gtk = enabled {
gtk3.extraCss = config.theme.adwaitaGtkCss;
gtk4.extraCss = config.theme.adwaitaGtkCss;
font = with config.theme.font; {
inherit (sans) name package;
size = size.normal;
};
iconTheme = config.theme.icons;
theme = {
name = "Adwaita-dark";
package = pkgs.gnome-themes-extra;
};
};
})

195
modules/helix.nix
View file

@ -1,195 +0,0 @@
{ config, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment = {
variables.EDITOR = "hx";
shellAliases.x = "hx";
};
})
(homeConfiguration {
programs.nushell.configFile.text = mkAfter ''
def --wrapped hx [...arguments] {
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=0
}
^hx ...$arguments
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=${toString config.theme.padding}
}
}
'';
programs.helix = enabled {
languages.language = let
denoFormatter = language: {
command = "deno";
args = [ "fmt" "-" "--ext" language ];
};
denoFormatterLanguages = map (name: {
inherit name;
auto-format = true;
formatter = denoFormatter name;
}) [ "markdown" "json" ];
prettier = language: {
command = "prettier";
args = [ "--parser" language ];
};
prettierLanguages = map (name: {
inherit name;
auto-format = true;
formatter = prettier name;
}) [ "css" "scss" "yaml" ];
in denoFormatterLanguages ++ prettierLanguages ++ [
{
name = "nix";
auto-format = false;
formatter.command = "alejandra";
}
{
name = "html";
# Added vto.
file-types = [ "asp" "aspx" "htm" "html" "jshtm" "jsp" "rhtml" "shtml" "volt" "vto" "xht" "xhtml" ];
auto-format = false;
formatter = prettier "html";
}
{
name = "javascript";
auto-format = true;
formatter = denoFormatter "js";
language-servers = [ "deno" ];
}
{
name = "jsx";
auto-format = true;
formatter = denoFormatter "jsx";
language-servers = [ "deno" ];
}
{
name = "typescript";
auto-format = true;
formatter = denoFormatter "ts";
language-servers = [ "deno" ];
}
{
name = "tsx";
auto-format = true;
formatter = denoFormatter "tsx";
language-servers = [ "deno" ];
}
];
languages.language-server = {
deno = {
command = "deno";
args = [ "lsp" ];
environment.NO_COLOR = "1";
config.deno = enabled {
lint = true;
unstable = true;
suggest.imports.hosts."https://deno.land" = true;
inlayHints = {
enumMemberValues.enabled = true;
functionLikeReturnTypes.enabled = true;
parameterNames.enabled = "all";
parameterTypes.enabled = true;
propertyDeclarationTypes.enabled = true;
variableTypes.enabled = true;
};
};
};
rust-analyzer.config.check.command = "clippy";
};
settings.theme = "gruvbox_dark_hard";
settings.editor = {
color-modes = true;
completion-replace = true;
completion-trigger-len = 0;
cursor-shape.insert = "bar";
cursorline = true;
bufferline = "multiple";
file-picker.hidden = false;
idle-timeout = 0;
line-number = "relative";
shell = [ "bash" "-c" ];
text-width = 100;
};
settings.editor.indent-guides = {
character = "";
render = true;
};
settings.editor.statusline.mode = {
insert = "INSERT";
normal = "NORMAL";
select = "SELECT";
};
settings.editor.whitespace = {
characters.tab = "";
render.tab = "all";
};
settings.keys = genAttrs [ "normal" "select" ] (const {
D = "extend_to_line_end";
});
};
})
(desktopSystemPackages (with pkgs; [
# CMAKE
cmake-language-server
# GO
gopls
# HTML
vscode-langservers-extracted
nodePackages_latest.prettier
# KOTLIN
# kotlin-language-server
# LATEX
texlab
# LUA
lua-language-server
# MARKDOWN
marksman
# NIX
alejandra
nil
# PYTHON
python311Packages.python-lsp-server
# RUST
rust-analyzer-nightly
# TYPESCRIPT & OTHERS
deno
# YAML
yaml-language-server
# ZIG
# zls
]))

48
modules/hyprland/dunst.nix
View file

@ -1,48 +0,0 @@
{ config, lib, ... }: with lib;
desktopUserHomeConfiguration {
services.dunst = with config.theme.withHashtag; enabled {
iconTheme = icons;
settings.global = {
width = "(300, 900)";
dmenu = "fuzzel --dmenu";
corner_radius = cornerRadius;
gap_size = margin;
horizontal_padding = padding;
padding = padding;
frame_color = base0A;
frame_width = borderWidth;
separator_color = "frame";
background = base00;
foreground = base05;
alignment = "center";
font = "${font.sans.name} ${toString font.size.normal}";
min_icon_size = 64;
offset = "0x${toString margin}";
origin = "top-center";
};
settings.urgency_low = {
frame_color = base0A;
timeout = 5;
};
settings.urgency_normal = {
frame_color = base09;
timeout = 10;
};
settings.urgency_critical = {
frame_color = base08;
timeout = 15;
};
};
}

59
modules/hyprland/fuzzel.nix
View file

@ -1,59 +0,0 @@
{ config, lib, ... }: with lib;
desktopUserHomeConfiguration {
wayland.windowManager.hyprland.settings = {
bindl = [(replaceStrings [ "\n;" "\n" ] [ ";" "" ] ''
, XF86PowerOff, exec,
pkill fuzzel;
echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot"
| fuzzel --dmenu
| tr --delete " "
| tr '[:upper:]' '[:lower:]'
| ifne xargs systemctl
'')];
bind = [
"SUPER , SPACE, exec, pkill fuzzel; fuzzel"
"SUPER , E , exec, pkill fuzzel; cat ${./emojis.txt} | fuzzel --no-fuzzy --dmenu | cut -d ' ' -f 1 | tr -d '\\n' | wl-copy"
"SUPER+ALT, E , exec, pkill fuzzel; cat ${./emojis.txt} | fuzzel --no-fuzzy --dmenu | cut -d ' ' -f 1 | tr -d '\\n' | wtype -"
"SUPER , V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy"
];
};
services.cliphist = enabled {
extraOptions = [ "-max-items" "1000" ];
};
programs.fuzzel = with config.theme; enabled {
settings.main = {
dpi-aware = false;
font = "${font.sans.name}:size=${toString font.size.big}";
icon-theme = icons.name;
layer = "overlay";
prompt = ''" "'';
terminal = "ghostty -e";
tabs = 4;
horizontal-pad = padding;
vertical-pad = padding;
inner-pad = padding;
};
settings.colors = mapAttrs (const (color: color + "FF")) {
background = base00;
text = base05;
match = base0A;
selection = base05;
selection-text = base00;
border = base0A;
};
settings.border = {
radius = cornerRadius;
width = borderWidth;
};
};
}

16
modules/hyprland/gammastep.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }: with lib; merge
(desktopSystemConfiguration {
services.geoclue2 = enabled {
appConfig.gammstep = {
isAllowed = true;
isSystem = false;
};
};
})
(desktopUserHomeConfiguration {
services.gammastep = enabled {
provider = "geoclue2";
};
})

243
modules/hyprland/hyprland.nix
View file

@ -1,243 +0,0 @@
{ config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
hardware.graphics = enabled;
services.logind.powerKey = "ignore";
xdg.portal = enabled {
config.common.default = "*";
extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
];
configPackages = with pkgs; [
hyprland
];
};
programs.xwayland = enabled;
})
(desktopUserHomeConfiguration {
xdg.configFile."xkb/symbols/tr-swapped-i".text = ''
default partial
xkb_symbols "basic" {
include "tr(basic)"
name[Group1]="Turkish (i and ı swapped)";
key <AC11> { type[group1] = "FOUR_LEVEL_SEMIALPHABETIC", [ idotless, Iabovedot, paragraph , none ]};
key <AD08> { type[group1] = "FOUR_LEVEL_SEMIALPHABETIC", [ i , I , apostrophe, dead_caron ]};
};
'';
wayland.windowManager.hyprland = enabled {
systemd = enabled {
enableXdgAutostart = true;
};
# plugins = with pkgs; [ hyprcursors ];
# settings.plugin.dynamic-cursors = {
# mode = "rotate";
# shake = {
# threshold = 3;
# effects = true;
# nearest = false;
# };
# };
settings = {
monitor = [ ", preferred, auto, 1.5" ];
windowrule = [ "noinitialfocus" ];
windowrulev2 = [ "workspace special silent, initialclass:^(xwaylandvideobridge)$" ];
exec = [ "pkill swaybg; swaybg --image ${./wallpaper.png}" ];
bindle = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
", XF86MonBrightnessUp , exec, brightnessctl set 5%+"
", XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-"
"SUPER, Prior, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5"
"SUPER, Next , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
"SUPER, Home, exec, brightnessctl set 5%+"
"SUPER, End , exec, brightnessctl set --min-value=0 5%-"
];
bindl = [
", XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
"SUPER+ALT, Insert, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
"SUPER+ALT, Delete, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
];
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:274, movewindow"
"SUPER, mouse:273, resizewindow"
];
binde = [
"SUPER, left , movefocus, l"
"SUPER, down , movefocus, d"
"SUPER, up , movefocus, u"
"SUPER, right, movefocus, r"
"SUPER, h, movefocus, l"
"SUPER, j, movefocus, d"
"SUPER, k, movefocus, u"
"SUPER, l, movefocus, r"
"SUPER+CTRL, left , resizeactive, -100 0"
"SUPER+CTRL, down , resizeactive, 0 100"
"SUPER+CTRL, up , resizeactive, 0 -100"
"SUPER+CTRL, right, resizeactive, 100 0"
"SUPER+CTRL, h, resizeactive, -100 0"
"SUPER+CTRL, j, resizeactive, 0 100"
"SUPER+CTRL, k, resizeactive, 0 -100"
"SUPER+CTRL, l, resizeactive, 100 0"
];
bind = flatten [
"SUPER , TAB, workspace, e+1"
"SUPER+ALT, TAB, workspace, e-1"
"SUPER, mouse_up, workspace, e+1"
"SUPER, mouse_down, workspace, e-1"
(map (n: [
"SUPER , ${toString n}, workspace , ${toString n}"
"SUPER+ALT, ${toString n}, movetoworkspacesilent, ${toString n}"
]) (range 1 9))
"SUPER , 0, workspace , 10"
"SUPER+ALT, 0, movetoworkspacesilent, 10"
"SUPER+ALT, left , movewindow, l"
"SUPER+ALT, down , movewindow, d"
"SUPER+ALT, up , movewindow, u"
"SUPER+ALT, right, movewindow, r"
"SUPER+ALT, h, movewindow, l"
"SUPER+ALT, j, movewindow, d"
"SUPER+ALT, k, movewindow, u"
"SUPER+ALT, l, movewindow, r"
"SUPER , Q, killactive"
"SUPER , F, fullscreen"
"SUPER+ALT, F, togglefloating"
"SUPER+ALT, RETURN, exec, kitty"
"SUPER , RETURN, exec, ghostty --gtk-single-instance=true"
"SUPER , W , exec, firefox"
"SUPER , D , exec, discord"
"SUPER , Z , exec, zulip"
"SUPER , M , exec, thunderbird"
"SUPER , T , exec, thunar"
# "SUPER , C , exec, hyprpicker --autocopy"
" , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png"
"ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png"
];
general = with config.theme; {
gaps_in = margin / 2;
gaps_out = margin;
border_size = borderWidth;
"col.active_border" = "0xFF${base0A}";
"col.nogroup_border_active" = "0xFF${base0A}";
"col.inactive_border" = "0xFF${base01}";
"col.nogroup_border" = "0xFF${base01}";
resize_on_border = true;
};
decoration = {
drop_shadow = false;
rounding = config.theme.cornerRadius;
blur.enabled = false;
};
input = {
follow_mouse = 1;
kb_layout = "tr-swapped-i";
repeat_delay = 400;
repeat_rate = 100;
touchpad = {
clickfinger_behavior = true;
drag_lock = true;
natural_scroll = true;
scroll_factor = 0.7;
};
};
gestures.workspace_swipe = true;
animations = {
bezier = [ "material_decelerate, 0.05, 0.7, 0.1, 1" ];
animation = [
"border , 1, 2, material_decelerate"
"fade , 1, 2, material_decelerate"
"layers , 1, 2, material_decelerate"
"windows , 1, 2, material_decelerate, popin 80%"
"workspaces, 1, 2, material_decelerate"
];
};
misc = {
animate_manual_resizes = true;
background_color = config.theme.with0x.base00;
disable_hyprland_logo = true;
disable_splash_rendering = true;
key_press_enables_dpms = true;
mouse_move_enables_dpms = true;
};
cursor = {
hide_on_key_press = true;
inactive_timeout = 10;
no_warps = true;
};
dwindle = {
preserve_split = true;
smart_resizing = false;
};
debug.error_position = 1;
};
};
})
(desktopUserHomePackages (with pkgs; [
brightnessctl
grim
# hyprpicker
slurp
swappy
swaybg
wl-clipboard
wtype
xdg-utils
xwaylandvideobridge
]))

BIN
modules/hyprland/wallpaper.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 148 KiB

142
modules/hyprland/waybar.nix
View file

@ -1,142 +0,0 @@
{ config, lib, ... }: with lib;
desktopUserHomeConfiguration {
wayland.windowManager.hyprland.settings = {
exec = [ "pkill --signal SIGUSR2 waybar" ];
bind = [ "SUPER, B, exec, pkill --signal SIGUSR1 waybar" ];
};
programs.waybar = with config.theme.withHashtag; enabled {
systemd = enabled;
settings = [{
layer = "top";
height = 2 * cornerRadius;
margin-right = margin;
margin-left = margin;
margin-top = margin;
modules-left = [ "hyprland/workspaces" ];
"hyprland/workspaces" = {
format = "{icon}";
format-icons.default = "";
format-icons.active = "";
persistent-workspaces."*" = 10;
};
modules-center = [
"hyprland/window"
];
"hyprland/window" = {
seperate-outputs = true;
rewrite."(.*) - Discord" = "󰙯$1";
rewrite."(.*) Mozilla Firefox" = "󰖟$1";
rewrite."(.*) nu" = "$1";
};
modules-right = [ "tray" "pulseaudio" "backlight" "cpu" "memory" "network" "battery" "clock" ];
tray = {
reverse-direction = true;
spacing = 5;
};
pulseaudio = {
format = "{format_source} {icon}{volume}%";
format-muted = "{format_source} 󰸈";
format-bluetooth = "{format_source} 󰋋󰂯{volume}%";
format-bluetooth-muted = "{format_source} 󰟎󰂯";
format-source = "󰍬";
format-source-muted = "󰍭";
format-icons.default = [ "󰕿" "󰖀" "󰕾" ];
};
backlight = {
format = "{icon}{percent}%";
format-icons = [ "" "" "" "" "" "" "" "" "" ];
};
cpu.format = "{usage}%";
memory.format = "󰽘{}%";
network = {
format-disconnected = "󰤮";
format-ethernet = "󰈀{ipaddr}/{cidr}";
format-linked = "{ifname} (No IP)";
format-wifi = "{signalStrength}%";
};
battery = {
format = "{icon}{capacity}%";
format-charging = "󰂄{capacity}%";
format-plugged = "󰂄{capacity}%";
format-icons = [ "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ];
states.warning = 30;
states.critical = 15;
};
clock.tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
}];
style = ''
* {
border: none;
border-radius: ${toString cornerRadius}px;
font-family: "${font.sans.name}";
}
.modules-right {
margin-right: ${toString padding}px;
}
#waybar {
background: ${base00};
color: ${base05};
}
#workspaces button:nth-child(1) { color: ${base08}; }
#workspaces button:nth-child(2) { color: ${base09}; }
#workspaces button:nth-child(3) { color: ${base0A}; }
#workspaces button:nth-child(4) { color: ${base0B}; }
#workspaces button:nth-child(5) { color: ${base0C}; }
#workspaces button:nth-child(6) { color: ${base0D}; }
#workspaces button:nth-child(7) { color: ${base0E}; }
#workspaces button:nth-child(8) { color: ${base0F}; }
#workspaces button:nth-child(9) { color: ${base04}; }
#workspaces button:nth-child(10) { color: ${base06}; }
#workspaces button.empty {
color: ${base02};
}
#tray, #pulseaudio, #backlight, #cpu, #memory, #network, #battery, #clock {
margin-left: 20px;
}
@keyframes blink {
to {
color: ${base05};
}
}
#battery.critical:not(.charging) {
animation-direction: alternate;
animation-duration: 0.5s;
animation-iteration-count: infinite;
animation-name: blink;
animation-timing-function: linear;
color: ${base08};
}
'';
};
}

74
modules/kitty.nix
View file

@ -1,74 +0,0 @@
{ config, lib, ... }: with lib;
desktopUserHomeConfiguration {
programs.kitty = with config.theme.withHashtag; enabled {
font = with font; {
inherit (mono) name package;
size = size.normal;
};
settings = {
allow_remote_control = true;
confirm_os_window_close = 0;
focus_follows_mouse = true;
mouse_hide_wait = 0;
window_padding_width = padding;
scrollback_lines = 100000;
scrollback_pager = "bat --chop-long-lines";
cursor = base05;
cursor_text_color = base00;
cursor_shape = "beam";
url_color = base0D;
strip_trailing_spaces = "always";
enable_audio_bell = false;
active_border_color = base0A;
inactive_border_color = base01;
window_border_width = "0pt";
background = base00;
foreground = base05;
selection_background = base02;
selection_foreground = base00;
tab_bar_edge = "top";
tab_bar_style = "powerline";
active_tab_background = base00;
active_tab_foreground = base05;
inactive_tab_background = base01;
inactive_tab_foreground = base05;
color0 = base00;
color1 = base08;
color2 = base0B;
color3 = base0A;
color4 = base0D;
color5 = base0E;
color6 = base0C;
color7 = base05;
color8 = base03;
color9 = base08;
color10 = base0B;
color11 = base0A;
color12 = base0D;
color13 = base0E;
color14 = base0C;
color15 = base07;
color16 = base09;
color17 = base0F;
color18 = base01;
color19 = base02;
color20 = base04;
color21 = base06;
};
};
}

7
modules/linux/crash.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }: let
inherit (lib) getExe;
in {
environment.sessionVariables.SHELLS = getExe config.environment.sessionVariables.SHELL;
users.defaultUserShell = pkgs.crash;
}

6
modules/documentation.nix → modules/linux/documentation.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }: with lib;
systemConfiguration {
{ lib, ... }: let
inherit (lib) enabled disabled;
in {
documentation = {
doc = disabled;
info = disabled;

Some files were not shown because too many files have changed in this diff Show more