nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

Compare commits

base: nydragon:hjemify
Branches Tags
nydragon:main
nydragon:hjemify
..
compare: nydragon:main
Branches Tags
nydragon:main
nydragon:hjemify

56 commits
hjemify ... main

Author SHA1 Message Date
nydragon
2492aa98de
chore(pre-commit): run formatting last
Some checks are pending
/ test (push) Waiting to run
Details
2025-04-04 22:53:59 +02:00
nydragon
6d6a97e758
chore(pre-commit): add statix 2025-04-04 22:53:23 +02:00
nydragon
c8ac1786bd
chore(pre-commit): add deadnix
Some checks are pending
/ test (push) Waiting to run
Details
2025-04-04 22:44:29 +02:00
nydragon
1d9dd09138
chore: random stuff 2025-04-04 22:38:05 +02:00
nydragon
502f89ae29
chore: disable printing and change git email
Some checks failed
/ test (push) Has been cancelled
Details
2025-03-26 09:46:33 +01:00
nydragon
a0515c0486
chore: bump lock 2025-03-26 09:46:33 +01:00
nydragon
b841ad7488
chore: autostart keepassxc
Some checks failed
/ test (push) Has been cancelled
Details
2025-03-23 16:18:55 +01:00
nydragon
851304dcb5
chore: enable beets with network mounted library + remove signal-desktop
Some checks are pending
/ test (push) Waiting to run
Details
2025-03-23 16:17:28 +01:00
nydragon
c6e9553f89
chore: move git to hjem-rum
Some checks failed
/ test (push) Has been cancelled
Details
2025-03-21 20:38:53 +01:00
nydragon
f756c287a9
feat: add hyprland grouping keybinds
Some checks are pending
/ test (push) Waiting to run
Details
2025-03-20 20:46:10 +01:00
nydragon
e02d7db426
feat: use greetd again, window swallowing and ff search results
Some checks are pending
/ test (push) Waiting to run
Details
2025-03-20 19:08:34 +01:00
nydragon
e157bc90cd
feat: package and declaratively set calibre plugins
Some checks are pending
/ test (push) Waiting to run
Details
2025-03-19 17:11:42 +01:00
nydragon
c7312e0ad8
fix: mime type related stuff 2025-03-18 17:14:08 +01:00
nydragon
90d41328c1
feat: add gtk bookmarks
Some checks failed
/ test (push) Has been cancelled
Details
2025-03-17 18:12:55 +01:00
nydragon
b6b1b3a1fe
chore: allow lazygit to use some gpg features
Some checks failed
/ test (push) Has been cancelled
Details
2025-03-17 10:50:29 +01:00
nydragon
596c9871c7
chore: firefox add simplelogin 2025-03-17 10:50:29 +01:00
nydragon
4791b023d6
chore: disable runners 2025-03-17 10:50:29 +01:00
nydragon
f1146512ba
chore: bump lock 2025-03-17 10:50:29 +01:00
nydragon
cbd045ac82
feat: add portable role 2025-03-17 10:50:29 +01:00
nydragon
76977ba900
feat: add jq to terminal 2025-03-17 10:50:29 +01:00
nydragon
0172f5410b
feat: enable polkit on all devices and use nihilus config in acl 2025-03-17 10:50:29 +01:00
nydragon
e7b83ccec1
chore: bump lock 2025-03-17 10:50:29 +01:00
nydragon
147fc9967a
fix: rsyncd having port issues 2025-03-17 10:50:29 +01:00
nydragon
cf62ffd52c
chore: new tailscale system tray, fix warnings 2025-03-17 10:50:29 +01:00
nydragon
546b3bb1d8
chore: bump nysh 2025-03-17 10:50:29 +01:00
nydragon
b0f82c166f
chore: bump grayjay 2025-03-17 10:50:29 +01:00
nydragon
c46c1c580d
feat: general backup module for rsyncd 2025-03-17 10:50:29 +01:00
nydragon
864ee129b0
fix: certificate renewal 2025-03-17 10:50:29 +01:00
nydragon
3aed052567
feat: socket activated rsyncd, rsyncb sends message on failure 2025-03-17 10:50:29 +01:00
nydragon
8f1c4fbad1
chore: move ssl creds to agenix 2025-03-17 10:50:29 +01:00
nydragon
97bc861c9e
fix: require mount for calibre and navidrome 2025-03-17 10:50:29 +01:00
nydragon
a7f8b8187c
feat: agenix for ssl certificates 2025-03-17 10:50:29 +01:00
nydragon
fba057a78f
fix: hyprland hotkey magic workspace 2025-03-17 10:50:29 +01:00
nydragon
c3c7f161b3
fix: increase nginx max client size 2025-03-17 10:50:29 +01:00
nydragon
760931a5c5
chore: bump flake 2025-03-17 10:50:29 +01:00
nydragon
c86806c340
chore: set default theme for keepassxc 2025-03-17 10:50:29 +01:00
nydragon
ea7c04e4ba
feat: add nginx redirect 2025-03-17 10:50:29 +01:00
nydragon
e7f3350fe2
feat: allow docker to use the secret service 2025-03-17 10:50:29 +01:00
nydragon
4ba88622ff
fix: cliphist on hyprland 2025-03-17 10:50:29 +01:00
nydragon
9e6a4f3559
fix: start keyring on start and use gdm 2025-03-17 10:50:29 +01:00
nydragon
302375470f
fix: keyring hopefully 2025-03-17 10:50:29 +01:00
nydragon
e3e6bb967c
chore: clean themes file 2025-03-17 10:50:29 +01:00
nydragon
e85b6af95b
chore: bump flake
Some checks failed
/ test (push) Failing after 5m16s
Details
2025-03-03 16:44:33 +01:00
nydragon
9be6eef517
chore: update hyprland keybinds to match sway's 2025-03-03 16:44:33 +01:00
nydragon
df9a38e03d
chore: move common packages into users/ 2025-03-03 16:44:33 +01:00
nydragon
9bdda6bfba
chore: add nix runner
Some checks failed
/ test (push) Failing after 13m55s
Details
2025-03-01 18:16:26 +01:00
nydragon
15b51a5692
fix: set env var for rootless docker
Some checks failed
/ test (push) Failing after 2s
Details
2025-03-01 15:10:04 +01:00
nydragon
984a11e798
fix: have home on ssd and games on hdd
Some checks failed
/ test (push) Failing after 2s
Details
2025-03-01 13:28:01 +01:00
nydragon
9b850a4997
feat: declarative wallpapers anyone ?? 2025-03-01 13:28:01 +01:00
nydragon
7d0482226c
fix: enable hyprlock and swayidle
Some checks failed
/ test (push) Failing after 2s
Details
2025-03-01 13:17:28 +01:00
nydragon
ae437ea4df
feat: add grafana + prometheus 2025-03-01 13:17:14 +01:00
nydragon
2739488139
fix: shan build
Some checks failed
/ test (push) Failing after 2s
Details
2025-02-25 21:59:59 +01:00
nydragon
2d25489457
fix: make freshrss accessible outside of home network
Some checks failed
/ test (push) Failing after 2s
Details
2025-02-25 19:50:51 +01:00
nydragon
12166e3ee2
feat: use vertical tabs in ff 2025-02-25 19:50:38 +01:00
nydragon
eb591d4b9c
chore: switch marr over to hjem
Some checks failed
/ test (push) Failing after 2s
Details
2025-02-24 20:10:44 +01:00
nydragon
83a672b3a9
feat: declarative wallpapers1 2025-02-24 19:47:02 +01:00
81 changed files with 800 additions and 643 deletions
Show stats Expand all files Collapse all files

8
.forgejo/workflows/ci.yaml
View file

@ -2,8 +2,8 @@ on: [push]
jobs:
test:
runs-on: debian-latest
container:
image: ghcr.io/nydragon/runner:latest
runs-on: nix-latest
steps:
- run: nix flake check --verbose
- run: nix --experimental-features 'nix-command flakes' profile install nixpkgs#nodejs-slim
- uses: actions/checkout@v4
- run: nix --experimental-features 'nix-command flakes' flake check --verbose

34
.pre-commit-config.yaml
View file

@ -11,20 +11,12 @@ repos:
- repo: local
hooks:
- id: nixpkgs-fmt
name: Check nix formatting
entry: nixfmt
language: system
files: .*\.nix$
args: [-c]
stages: [pre-commit]
- id: prettier
name: Check css, scss, js, ts and yaml formatting
entry: prettier
language: system
files: .*\.(css|scss|js|ts|yaml)$
args: [-c]
args: [--write]
stages: [pre-commit]
- id: typos
@ -34,3 +26,27 @@ repos:
files: .*
exclude: .*\.(png|jpg|jpeg|age)
stages: [pre-commit]
- id: deadnix
name: Check for dead nix code
entry: deadnix
language: system
files: .+\.nix$
args: ["-e", "-l"]
stages: [pre-commit]
- id: statix
name: Lint nix code
entry: statix
language: system
files: .+\.nix$
pass_filenames: false
args: [fix]
stages: [pre-commit]
- id: nix-fmt
name: Check nix formatting
entry: nix fmt
language: system
files: .*\.nix$
stages: [pre-commit]

1
README.md
View file

@ -4,7 +4,6 @@
| ------- | ------- | ---------------------------------------- |
| marr | x86_64 | Laptop Workstation |
| brontes | x86_64 | Desktop Workstation |
| styrax | x86_64 | |
| raptus | x86_64 | |
| nihilus | aarch64 | Small Pi used to make "off-site" backups |

BIN
assets/landscape-pink-pastel.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 774 KiB

BIN
assets/wallpapers/nix-flake-pastel.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 308 KiB

164
flake.lock generated
View file

@ -23,6 +23,24 @@
"type": "github"
}
},
"calibre-plugins": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1742395204,
"narHash": "sha256-RhI3wa1OCIjpkgwI8FEt1n3DlDP6w9W4jA+E3h6KdZU=",
"ref": "refs/heads/main",
"rev": "a131835a6016b8538d4e66e79eeb6393f436ee8c",
"revCount": 6,
"type": "git",
"url": "https://git.ccnlc.eu/nydragon/calibre-plugins.git"
},
"original": {
"type": "git",
"url": "https://git.ccnlc.eu/nydragon/calibre-plugins.git"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -52,11 +70,11 @@
]
},
"locked": {
"lastModified": 1737038063,
"narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
"lastModified": 1741786315,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"owner": "nix-community",
"repo": "disko",
"rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"type": "github"
},
"original": {
@ -88,11 +106,11 @@
]
},
"locked": {
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
@ -106,11 +124,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"lastModified": 1740872218,
"narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"rev": "3876f6b87db82f33775b1ef5ea343986105db764",
"type": "github"
},
"original": {
@ -163,11 +181,11 @@
]
},
"locked": {
"lastModified": 1737619027,
"narHash": "sha256-jEzZs9dHdmVP5X9HCC/7jrv08aWFfqZV5cZ+cZWYGA4=",
"lastModified": 1742070442,
"narHash": "sha256-xPDSLswRazXLlceqc2+VdbKKG2m/OXCjTzU9O/Bs4ZQ=",
"owner": "feel-co",
"repo": "hjem",
"rev": "48cfa21987672a31a358b7e4d582fc174556e633",
"rev": "ae49a5a2e013c710d2b2cf046ae365d08eae75b3",
"type": "github"
},
"original": {
@ -186,11 +204,11 @@
]
},
"locked": {
"lastModified": 1740334274,
"narHash": "sha256-7WePvSVCZFoq10tf0LF6MsYbS/JPl/eQjE6zsfz5RpE=",
"lastModified": 1743618206,
"narHash": "sha256-2m+NSilel93Kmafb1ghS+7T6kxmesKynWEqsVXIxj/k=",
"owner": "nydragon",
"repo": "hjem-rum",
"rev": "20b1173bc9fee5ef26a11578934f01992b84e5a2",
"rev": "c365017ca78d21ffcf0e785332b04bdbbd96c284",
"type": "github"
},
"original": {
@ -206,11 +224,11 @@
]
},
"locked": {
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"lastModified": 1742926508,
"narHash": "sha256-wgfY302ZaOsBCXb8aZDTG3Zt2kg3jDDaRrmtUw8nz00=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"rev": "8bef8b7a0a95d347018f09b291e2fa0a77abd23f",
"type": "github"
},
"original": {
@ -221,11 +239,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1737751639,
"narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
"lastModified": 1742806253,
"narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
"rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726",
"type": "github"
},
"original": {
@ -253,23 +271,38 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"lastModified": 1740872140,
"narHash": "sha256-3wHafybyRfpUCLoE8M+uPVZinImg3xX+Nm6gEfN3G8I=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"lastModified": 1742335908,
"narHash": "sha256-unmSiGsXmUAZ4fAcSgf1iwssLmt/FLrczhLAsosyLh8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"rev": "fb9a9ddebc6c9685d2b6b98b35f134573e1872c8",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1742669843,
"narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1e5b653dff12029333a6546c11e108ede13052eb",
"type": "github"
},
"original": {
@ -279,13 +312,13 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1738297584,
"narHash": "sha256-AYvaFBzt8dU0fcSK2jKD0Vg23K2eIRxfsVXIPCW9a0E=",
"lastModified": 1741462378,
"narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9189ac18287c599860e878e905da550aa6dec1cd",
"rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9",
"type": "github"
},
"original": {
@ -295,6 +328,21 @@
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1741851582,
"narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
@ -304,11 +352,11 @@
"quasigod": "quasigod"
},
"locked": {
"lastModified": 1738585852,
"narHash": "sha256-Z+cDls2k+57lAFU+/EwRcjutgCI2iRMRpGlXHMkVcz8=",
"lastModified": 1741801623,
"narHash": "sha256-U3pD4UFNMFwm1hDQeKa4H+lgVy+RoX/XbbphUROXHEo=",
"ref": "refs/heads/master",
"rev": "60d71b8a446906db16b33bc3081507d077d39b6c",
"revCount": 5,
"rev": "e25a92424c4b0d095d7cdf63eb9ae2b276c84a51",
"revCount": 6,
"type": "git",
"url": "https://git.ccnlc.eu/nydragon/nur.git"
},
@ -325,11 +373,11 @@
"quickshell": "quickshell"
},
"locked": {
"lastModified": 1739209080,
"narHash": "sha256-s1SVaFQ7GSJalxIhVN7aDS7rMcMJ1AUQfjRMYho5yuM=",
"lastModified": 1742061478,
"narHash": "sha256-zfqsTAU4l17jjtTFibe2MmLlqMcMuhk5iaHN55vb9RU=",
"ref": "refs/heads/main",
"rev": "2ca83819872d82fa0ee8dbfccfbfcf3480c279f1",
"revCount": 107,
"rev": "693a785140b5202d51cee0c883c73dba8b2561b3",
"revCount": 108,
"type": "git",
"url": "https://git.ccnlc.eu/nydragon/nysh.git"
},
@ -340,15 +388,15 @@
},
"quasigod": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"snowfall-lib": "snowfall-lib"
},
"locked": {
"lastModified": 1738444760,
"narHash": "sha256-MbAyUUHtiByivJLDKLO5fu3goxeHxQHQxqCzhAZ3F14=",
"lastModified": 1741620435,
"narHash": "sha256-DUbAVfzso8WoqNQPkuIykv8be0z5d6OMY+kbtCn9A6Q=",
"ref": "refs/heads/main",
"rev": "a1db39ff40250211485a98853c6d71ac42d79026",
"revCount": 16,
"rev": "148b55beaeacb7ffef5ae6ccaf1543aed02cc843",
"revCount": 20,
"type": "git",
"url": "https://codeberg.org/quasigod/nur.git"
},
@ -359,10 +407,7 @@
},
"quickshell": {
"inputs": {
"nixpkgs": [
"nysh",
"nixpkgs"
]
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1738200090,
@ -381,15 +426,17 @@
"root": {
"inputs": {
"agenix": "agenix",
"calibre-plugins": "calibre-plugins",
"disko": "disko",
"flake-parts": "flake-parts",
"hjem": "hjem",
"hjem-rum": "hjem-rum",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nur": "nur",
"nysh": "nysh"
"nysh": "nysh",
"wallpapers": "wallpapers"
}
},
"snowfall-lib": {
@ -445,6 +492,21 @@
"repo": "default",
"type": "github"
}
},
"wallpapers": {
"locked": {
"lastModified": 1740607812,
"narHash": "sha256-QtyujHP3K0bUhW8Yj232/Cpioz86G+gR/zB4ruLSmW0=",
"ref": "refs/heads/main",
"rev": "ec895329334e800a4d015321ece15aafa021a9ff",
"revCount": 5,
"type": "git",
"url": "https://git.ccnlc.eu/nydragon/wallpapers.git"
},
"original": {
"type": "git",
"url": "https://git.ccnlc.eu/nydragon/wallpapers.git"
}
}
},
"root": "root",

7
flake.nix
View file

@ -45,6 +45,10 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.hjem.follows = "hjem";
};
wallpapers.url = "git+https://git.ccnlc.eu/nydragon/wallpapers.git";
calibre-plugins.url = "git+https://git.ccnlc.eu/nydragon/calibre-plugins.git";
};
outputs =
@ -68,9 +72,10 @@
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
pre-commit
nixfmt-rfc-style
nodePackages.prettier
typos
deadnix
statix
inputs'.agenix.packages.default
];
shellHook = ''

3
home/default.nix
View file

@ -1,16 +1,15 @@
# This file contains default settings used across different systems
{
imports = [
./themes/vanilla.nix
./graphical
./terminal
./desktop
./hyprland
./hyprlock
./services
./rofi
./sway
./waybar
./hyprpaper
./swaync
];
}

5
home/desktop/default.nix
View file

@ -2,7 +2,6 @@
self,
pkgs,
lib,
osConfig,
...
}:
let
@ -25,9 +24,5 @@ in
(mkURLEntry "KitchenOwl" "https://kitchenowl.ccnlc.eu" "${self}/assets/favicon-kitchenowl.png")
(mkURLEntry "Discord" "https://discord.com/app" "${self}/assets/favicon-discord.png")
];
mimeApps = {
enable = true;
defaultApplications = osConfig.xdg.mime.defaultApplications;
};
};
}

77
home/graphical/firefox/default.nix
View file

@ -9,77 +9,10 @@ lib.mkIf osConfig.programs.firefox.enable {
programs.firefox = {
enable = true;
# Installed by nixpkgs module
package = osConfig.programs.firefox.package;
package = null;
profiles.${config.home.username} = {
name = config.home.username;
isDefault = true;
userContent = # css
''
/* Sidebery */
@-moz-document url("moz-extension://d1d9847c-2bad-429f-9366-56db49b8c3d6/sidebar/sidebar.html")
{
#root {
--tabs-indent: 0px !important;
}
#root:hover {
--tabs-indent: 30px !important;
}
}
'';
userChrome = # css
''
/* Hides the native tabs, sidebar header and splitter */
#TabsToolbar,
#sidebar-splitter,
#sidebar-header {
display: none;
}
#sidebar-box {
--sidebar-normal-width: 35px;
--sidebar-hovered-width: 300px;
--sidebar-transition-speed: 200ms;
--sidebar-collapse-delay: 300ms;
--sidebar-transition-type: linear;
--browser-area-z-index-sidebar: 3;
position: relative;
min-width: var(--sidebar-normal-width) !important;
width: var(--sidebar-normal-width) !important;
max-width: var(--sidebar-normal-width) !important;
z-index: var(--browser-area-z-index-sidebar);
}
#sidebar-box[positionend] {
direction: rtl;
}
#sidebar-box[positionend] > * {
direction: ltr;
}
#sidebar-box[positionend]:-moz-locale-dir(rtl) {
direction: ltr;
}
#sidebar-box[positionend]:-moz-locale-dir(rtl) > * {
direction: rtl;
}
#main-window[sizemode="fullscreen"] #sidebar-box {
--sidebar-normal-width: 1px;
}
#sidebar {
transition: min-width var(--sidebar-transition-speed)
var(--sidebar-transition-type) var(--sidebar-collapse-delay) !important;
min-width: var(--sidebar-normal-width) !important;
will-change: min-width;
}
#sidebar-box:hover > #sidebar {
min-width: var(--sidebar-hovered-width) !important;
transition-delay: 100ms !important;
}
'';
search = {
default = "DuckDuckGo";
force = true;
@ -111,13 +44,13 @@ lib.mkIf osConfig.programs.firefox.enable {
urls = [
{ template = "https://wiki.archlinux.org/index.php?title=Special:Search&search={searchTerms}"; }
];
iconUpdateURL = "https://wiki.archlinux.org/favicon.ico";
icon = "https://wiki.archlinux.org/favicon.ico";
updateInterval = iconUpdateInterval;
definedAliases = [ "@archwiki" ];
};
"DuckDuckGo" = {
urls = [ { template = "https://duckduckgo.com/?q={searchTerms}"; } ];
iconUpdateURL = "https://duckduckgo.com/favicon.ico";
icon = "https://duckduckgo.com/favicon.ico";
updateInterval = iconUpdateInterval;
definedAliases = [
"@duckduckgo"
@ -126,7 +59,7 @@ lib.mkIf osConfig.programs.firefox.enable {
};
"MyNixOS" = {
urls = [ { template = "https://mynixos.com/search?q={searchTerms}"; } ];
iconUpdateURL = "https://mynixos.com/favicon.ico";
icon = "https://mynixos.com/favicon.ico";
updateInterval = iconUpdateInterval;
definedAliases = [
"@hm"
@ -135,7 +68,7 @@ lib.mkIf osConfig.programs.firefox.enable {
};
"stackoverflow" = {
urls = [ { template = "https://stackoverflow.com/search?q={searchTerms}"; } ];
iconUpdateURL = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico";
icon = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico";
updateInterval = iconUpdateInterval;
definedAliases = [ "@stackoverflow" ];
};

20
home/graphical/swww.nix
View file

@ -1,26 +1,24 @@
{
self,
lib,
pkgs,
config,
inputs,
...
}:
let
inherit (lib.my) getExe getExe';
wp = inputs.wallpapers.wallpapers.pastel.nix-flake.path;
in
{
systemd.user.services.swww = {
Install.WantedBy = [ "graphical-session.target" ];
Unit.After = [ "graphical-session.target" ];
Unit = {
After = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.swww}/bin/swww-daemon";
ExecStartPost = "${pkgs.swww}/bin/swww img ${
self + "/assets/landscape-pink-pastel.jpg"
} -t wipe --transition-fps 144";
ExecStart = "${getExe' pkgs.swww "swww-daemon"} --no-cache";
ExecStartPost = "${getExe pkgs.swww} img ${wp} -t none";
Restart = "on-failure";
BindPaths = "/run/user /home/${config.home.username}/.cache/swww";
BindPaths = "/run/user ${wp}";
TemporaryFileSystem = "/home /run/user /root";
ProtectProc = "noaccess";
RestrictNamespaces = true;

3
home/graphical/thunderbird/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
_: {
programs.thunderbird = {
enable = true;
settings = {

29
home/graphical/vscode/default.nix
View file

@ -12,23 +12,18 @@ in
config = mkIf cfg.enable {
programs.vscode = {
package = pkgs.vscode;
enableUpdateCheck = false;
extensions = with pkgs.vscode-extensions; [
rust-lang.rust-analyzer
ms-vscode-remote.remote-ssh
ms-vscode-remote.remote-ssh-edit
tamasfe.even-better-toml
];
userSettings = {
editor.formatOnSave = true;
terminal.integrated.inheritEnv = false;
git.autofetch = true;
remote.SSH = {
connectTimeout = 60;
useLocalServer = true;
remotePlatform = {
"192.168.122.152" = "linux";
};
profiles.default = {
enableUpdateCheck = false;
extensions = with pkgs.vscode-extensions; [
rust-lang.rust-analyzer
ms-vscode-remote.remote-ssh
ms-vscode-remote.remote-ssh-edit
tamasfe.even-better-toml
];
userSettings = {
editor.formatOnSave = true;
terminal.integrated.inheritEnv = false;
git.autofetch = true;
};
};
};

163
home/hyprland/default.nix
View file

@ -7,10 +7,16 @@
}:
let
inherit (lib) mapAttrsToList mkIf hasAttr;
inherit (lib.my) getExe getExe';
inherit (osConfig.modules.system) roles;
inherit (osConfig.modules.system.roles) desktop;
in
mkIf osConfig.programs.hyprland.enable {
home.sessionVariables.ELECTRON_OZONE_PLATFORM_HINT = "auto";
services.swayidle.enable = true;
wayland.windowManager.hyprland = {
enable = true;
systemd.variables = [ "--all" ];
@ -29,8 +35,8 @@ mkIf osConfig.programs.hyprland.enable {
exec-once = [
"${config.services.kdeconnect.package}/bin/kdeconnect-indicator"
"${pkgs.keepassxc}/bin/keepassxc"
(lib.mkIf config.services.hypridle.enable "${pkgs.hypridle}/bin/hypridle")
"${getExe' pkgs.gnome-keyring "gnome-keyring-daemon"}"
(getExe pkgs.keepassxc)
];
general = {
@ -43,13 +49,14 @@ mkIf osConfig.programs.hyprland.enable {
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = false;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false;
hover_icon_on_border = true;
resize_on_border = true;
layout = "dwindle";
snap = {
enabled = true;
};
};
input = {
@ -69,7 +76,7 @@ mkIf osConfig.programs.hyprland.enable {
inactive_opacity = 1.0;
shadow = {
enabled = true;
enabled = roles.portable.enable;
range = 4;
render_power = 3;
color = "rgba(1a1a1aee)";
@ -77,7 +84,7 @@ mkIf osConfig.programs.hyprland.enable {
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
enabled = roles.portable.enable;
size = 3;
passes = 1;
@ -95,11 +102,12 @@ mkIf osConfig.programs.hyprland.enable {
in
[
"float,initialClass:${floatReg}"
"float,initialTitle:^(KeePassXC - Passkey credentials)$"
"bordercolor rgb(e50000) rgb(ff8d00) rgb(ffee00) rgb(028121) rgb(004cff) rgb(770088), fullscreen:1"
"focusonactivate, title:${mkRegexList [ "Firefox" ]}"
"workspace 2,initialClass:${mkRegexList [ "firefox" ]}"
"workspace 3,initialClass:${mkRegexList [ "obsidian" ]}"
"workspace 4,initialClass:${mkRegexList [ "steam" ]}"
"workspace silent 4,initialClass:${mkRegexList [ "steam" ]}"
"workspace 5,initialClass:${mkRegexList [ "lollypop" ]}"
"fullscreen, class:gamescope"
@ -137,77 +145,98 @@ mkIf osConfig.programs.hyprland.enable {
gestures = {
workspace_swipe = true;
};
group = {
"col.border_active" = "0xff601393";
groupbar = {
"col.active" = "0x66601393";
"col.inactive" = "0xff340851";
};
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = 0;
disable_hyprland_logo = false;
focus_on_activate = false; # Open windows without focusing them
new_window_takes_over_fullscreen = 2; # When a new window opens, the current fullscreen window returns to its tiled state
key_press_enables_dpms = true;
mouse_move_enables_dpms = true;
disable_autoreload = true;
vfr = true;
enable_swallow = true;
swallow_regex = "^foot$";
};
bindm = [ "$mod,mouse:272,movewindow" ];
bind = [
"$mod, D, exec, ${pkgs.fuzzel}/bin/fuzzel"
"$mod, E, exec, ${lib.my.getExe osConfig.modules.system.roles.desktop.filemanager}"
"$mod, Return, exec, ${lib.my.getExe osConfig.modules.system.roles.desktop.terminal}"
"$mod SHIFT, Q, killactive,"
"$mod, V, togglefloating"
"$mod SHIFT, P, exec, ${config.programs.rofi.package}/bin/rofi -show p -modi p:${pkgs.rofi-power-menu}/bin/rofi-power-menu"
"$mod, P, exec, ${pkgs.cliphist}/bin/cliphist wipe & ${pkgs.hyprlock}/bin/hyprlock"
"$mod SHIFT, C, exec, hyprctl reload"
"$mod SHIFT, space, togglefloating"
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
bind =
let
copy = getExe' pkgs.wl-clipboard "wl-copy";
cliphist = getExe pkgs.cliphist;
in
[
"$mod, D, exec, ${getExe osConfig.modules.system.roles.desktop.runner.package}"
"$mod, E, exec, ${getExe osConfig.modules.system.roles.desktop.filemanager}"
"$mod, Return, exec, ${getExe osConfig.modules.system.roles.desktop.terminal}"
"$mod SHIFT, Q, killactive,"
"$mod, V, togglefloating"
"$mod SHIFT, P, exec, ${getExe pkgs.scripts.powerMenu}"
"$mod, P, exec, ${cliphist} wipe & ${getExe pkgs.hyprlock}"
"$mod SHIFT, C, exec, hyprctl reload"
"$mod SHIFT, space, togglefloating"
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
"CTRL, G, togglegroup"
"ALT, Tab, changegroupactive"
# Example special workspace (scratchpad)
"$mod, W, togglespecialworkspace, magic"
"$mod SHIFT, W, movetoworkspace, special:magic"
"$mod, X, fullscreen, 1"
"$mod, F, fullscreen, 0"
"$mod, U, exec, ${pkgs.hyprshot}/bin/hyprshot -o ${config.xdg.userDirs.pictures}/screenshots -m region"
"$mod SHIFT, U, exec, ${pkgs.hyprshot}/bin/hyprshot --raw -m region | ${getExe pkgs.satty} -f - --fullscreen --copy-command ${copy}"
"$mod, S, exec, ${cliphist} list | ${desktop.runner.dmenu} | ${cliphist} decode | ${copy}"
# Example special workspace (scratchpad)
"$mod, S, togglespecialworkspace, magic"
"$mod SHIFT, S, movetoworkspace, special:magic"
"$mod, X, fullscreen, 1"
"$mod, F, fullscreen, 0"
"$mod, N, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
"$mod, U, exec, ${pkgs.hyprshot}/bin/hyprshot -z -o $XDG_PICTURES_DIR/screenshots -m region"
"$mod SHIFT, U, exec, ${pkgs.hyprshot}/bin/hyprshot -z --raw -m region | ${pkgs.satty}/bin/satty -f - --fullscreen"
#: Brightness and Media {{{
",XF86MonBrightnessUp, exec, ${getExe pkgs.brightnessctl} s +10%"
",XF86MonBrightnessDown, exec, ${getExe pkgs.brightnessctl} s 10%-"
",XF86AudioRaiseVolume, exec, ${getExe pkgs.pamixer} -u && ${getExe pkgs.pamixer} -i 5"
",XF86AudioLowerVolume, exec, ${getExe pkgs.pamixer} -u && ${getExe pkgs.pamixer} -d 5"
",XF86AudioMicMute, exec, ${getExe pkgs.pamixer} --default-source -m"
",XF86AudioMute, exec, ${getExe pkgs.pamixer} -t"
",XF86AudioPlay, exec, ${getExe pkgs.playerctl} play-pause"
",XF86AudioPause, exec, ${getExe pkgs.playerctl} play-pause"
",XF86AudioNext, exec, ${getExe pkgs.playerctl} next"
",XF86AudioPrev, exec, ${getExe pkgs.playerctl} previous"
#: }}}
#: Brightness and Media {{{
",XF86MonBrightnessUp, exec, ${pkgs.brightnessctl}/bin/brightnessctl s +10%"
",XF86MonBrightnessDown, exec, ${pkgs.brightnessctl}/bin/brightnessctl s 10%-"
",XF86AudioRaiseVolume, exec, ${pkgs.pamixer}/bin/pamixer -i 5"
",XF86AudioLowerVolume, exec, ${pkgs.pamixer}/bin/pamixer -d 5"
",XF86AudioMicMute, exec, ${pkgs.pamixer}/bin/pamixer --default-source -m"
",XF86AudioMute, exec, ${pkgs.pamixer}/bin/pamixer -t"
",XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl play-pause"
",XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl play-pause"
",XF86AudioNext, exec, ${pkgs.playerctl}/bin/playerctl next"
",XF86AudioPrev, exec, ${pkgs.playerctl}/bin/playerctl previous"
#: }}}
# Workspaces
"$mod, code:10, workspace, 1"
"$mod, code:11, workspace, 2"
"$mod, code:12, workspace, 3"
"$mod, code:13, workspace, 4"
"$mod, code:14, workspace, 5"
"$mod, code:15, workspace, 6"
"$mod, code:16, workspace, 7"
"$mod, code:17, workspace, 8"
"$mod, code:18, workspace, 9"
"$mod, code:19, workspace, 10"
# Workspaces
"$mod, code:10, workspace, 1"
"$mod, code:11, workspace, 2"
"$mod, code:12, workspace, 3"
"$mod, code:13, workspace, 4"
"$mod, code:14, workspace, 5"
"$mod, code:15, workspace, 6"
"$mod, code:16, workspace, 7"
"$mod, code:17, workspace, 8"
"$mod, code:18, workspace, 9"
"$mod, code:19, workspace, 10"
# Send to Workspaces
"$mod SHIFT, code:10, movetoworkspace, 1"
"$mod SHIFT, code:11, movetoworkspace, 2"
"$mod SHIFT, code:12, movetoworkspace, 3"
"$mod SHIFT, code:13, movetoworkspace, 4"
"$mod SHIFT, code:14, movetoworkspace, 5"
"$mod SHIFT, code:15, movetoworkspace, 6"
"$mod SHIFT, code:16, movetoworkspace, 7"
"$mod SHIFT, code:17, movetoworkspace, 8"
"$mod SHIFT, code:18, movetoworkspace, 9"
"$mod SHIFT, code:19, movetoworkspace, 10"
];
# Send to Workspaces
"$mod SHIFT, code:10, movetoworkspace, 1"
"$mod SHIFT, code:11, movetoworkspace, 2"
"$mod SHIFT, code:12, movetoworkspace, 3"
"$mod SHIFT, code:13, movetoworkspace, 4"
"$mod SHIFT, code:14, movetoworkspace, 5"
"$mod SHIFT, code:15, movetoworkspace, 6"
"$mod SHIFT, code:16, movetoworkspace, 7"
"$mod SHIFT, code:17, movetoworkspace, 8"
"$mod SHIFT, code:18, movetoworkspace, 9"
"$mod SHIFT, code:19, movetoworkspace, 10"
];
};
};
}

15
home/hyprpaper/default.nix
View file

@ -1,15 +0,0 @@
{ self, ... }:
{
services.hyprpaper = {
enable = false;
settings =
let
wp = "${self}/assets/wallpapers/nix-flake-pastel.jpg";
in
{
ipc = "on";
preload = [ "${wp}" ];
wallpaper = [ ",${wp}" ];
};
};
}

1
home/services/default.nix
View file

@ -1,6 +1,5 @@
{
imports = [
./kdeconnect.nix
./syncthing.nix
];
}

19
home/services/syncthing.nix
View file

@ -1,19 +0,0 @@
{
pkgs,
config,
lib,
...
}:
let
inherit (lib) mkIf;
in
{
config = mkIf config.services.syncthing.enable {
xdg.desktopEntries."Syncthing" = {
name = "Syncthing";
icon = "";
terminal = false;
exec = "${pkgs.syncthing}/bin/syncthing --browser-only";
};
};
}

2
home/sway/default.nix
View file

@ -10,7 +10,7 @@ let
inherit (lib) mapAttrs mkIf;
inherit (lib.my) getExe getExe';
desktop = osConfig.modules.system.roles.desktop;
inherit (osConfig.modules.system.roles) desktop;
term = getExe desktop.terminal;
filemanager = getExe desktop.filemanager;
cliphistEnabled = osConfig.modules.services.cliphist.enable;

2
home/terminal/beets.nix
View file

@ -72,6 +72,8 @@ in
};
settings = {
plugins = concatStringsSep " " plugins;
directory = "/mnt/music";
library = "/mnt/music/library.db";
per_disc_numbering = "yes";
asciify_paths = true;
convert = {

1
home/terminal/default.nix
View file

@ -2,7 +2,6 @@
imports = [
./neovim
./ssh
./git
./fish
./btop.nix
./beets.nix

34
home/terminal/git/default.nix
View file

@ -1,34 +0,0 @@
{ pkgs, ... }:
{
programs.git = {
enable = true;
userName = "nydragon";
userEmail = "contact@ccnlc.eu";
extraConfig = {
gpg.format = "ssh";
push = {
autoSetupRemote = true;
};
pull = {
rebase = true;
};
core = {
editor = "${pkgs.neovim}/bin/nvim";
};
init = {
defaultBranch = "master";
};
merge = {
conflictstyle = "diff3";
};
diff = {
colorMoved = "default";
};
};
signing = {
signByDefault = true;
key = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw";
};
delta.enable = true;
};
}

2
home/terminal/ssh/default.nix
View file

@ -10,7 +10,7 @@ let
in
mkIf config.programs.ssh.enable {
programs.ssh = {
addKeysToAgent = "confirm";
addKeysToAgent = "yes";
matchBlocks = {
deck = {
hostname = "steamdeck";

2
home/themes/vanilla.nix
View file

@ -11,7 +11,7 @@ in
gtk = {
enable = true;
theme = {
name = "Adwaita";
name = "Adwaita-dark";
package = pkgs.gnome-themes-extra;
};
iconTheme = rec {

43
hosts/brontes/default.nix
View file

@ -2,7 +2,6 @@
{
pkgs,
config,
inputs',
...
}:
let
@ -20,6 +19,8 @@ in
efi.canTouchEfiVariables = true;
};
zramSwap.enable = true;
age.secrets.rustypaste = {
file = ../../secrets/rustypaste.age;
mode = "440";
@ -40,10 +41,10 @@ in
xdg = {
portal.enable = true;
mime.enable = true;
};
modules = {
fs.nfsEnable = true;
system = {
roles = {
desktop.enable = true;
@ -92,9 +93,18 @@ in
};
media.enableAll = true;
};
security.pam.services.greetd.enableGnomeKeyring = true;
services = {
displayManager.sddm.enable = true;
greetd = {
enable = true;
package = pkgs.greetd.tuigreet;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --cmd Hyprland";
user = "ny";
};
};
};
dbus.enable = true;
pipewire.enable = true;
# Necessary for Nautilus to display trash, DVDs and for gnome-disk-utility to show file systems
@ -103,11 +113,14 @@ in
};
programs = {
direnv = {
nix-direnv.enable = true;
enable = true;
};
dconf.enable = true;
fish.enable = true;
firefox.enable = true;
thunderbird.enable = true;
sway.enable = true;
hyprland.enable = true;
};
@ -116,17 +129,15 @@ in
users = {
defaultUserShell = pkgs.fish;
users.${username} = {
packages = [
inputs'.nur.packages.grayjay-desktop
];
isNormalUser = true;
createHome = true;
packages = with pkgs; [
orca-slicer
];
extraGroups = [
"networkmanager"
"wheel"
"audio"
"libvirtd" # VM OPs
"dialout" # Necessary for serial port interactions
];
};
};
@ -140,18 +151,6 @@ in
enableSSHSupport = true;
};
environment.systemPackages = with pkgs; [
fish
wireguard-tools
git
htop
eza
bat
nfs-utils
];
services.rpcbind.enable = true; # necessary for nfs
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;

2
hosts/brontes/hardware-configuration.nix
View file

@ -38,7 +38,7 @@
];
};
fileSystems."/home" = {
fileSystems."/home/ny/Games" = {
device = "/dev/disk/by-uuid/efe4d345-e248-4101-b74d-4a215b42e059";
fsType = "btrfs";
};

59
hosts/brontes/home.nix
View file

@ -1,5 +1,4 @@
{
pkgs,
config,
inputs,
...
@ -15,19 +14,12 @@ in
home-manager.users.${username} = {
imports = [
../../home/themes/catppuccin.nix
../../home
];
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
};
waybar.enable = true;
beets.enable = true;
ssh.enable = true;
rofi.enable = true;
};
services = {
@ -36,55 +28,8 @@ in
};
home = {
stateVersion = config.system.stateVersion;
inherit (config.system) stateVersion;
inherit username;
packages = with pkgs; [
keepassxc
digikam
fragments
element-desktop
libreoffice
loupe
seahorse
gimp
pwvucontrol
thunderbird
keepassxc
protonmail-bridge-gui
varia
signal-desktop
tagger
prismlauncher
orca-slicer
kid3
soundconverter
# proprietary
obsidian
# CLI tools
jhead
fdupes
exiftool
sshfs
lazygit
wl-clipboard
# custom
nysh
scripts.nixedit
scripts.set-background
scripts.fishl
scripts.nrun
scripts.rpaste
scripts.genswitch
scripts.gentest
scripts.editsym
scripts.deployswitch
scripts.deploytest
];
};
};
}

12
hosts/default.nix
View file

@ -18,6 +18,8 @@ in
extraModules = [
inputs.disko.nixosModules.disko
inputs.agenix.nixosModules.default
inputs.hjem.nixosModules.default
inputs.hjem-rum.nixosModules.default
];
})
@ -60,5 +62,15 @@ in
inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
})
(mkSystem' {
inherit username;
hostname = "ashla";
system = "x86_64-linux";
extraModules = [
inputs.disko.nixosModules.disko
inputs.agenix.nixosModules.default
];
})
];
}

57
hosts/marr/default.nix
View file

@ -2,13 +2,17 @@
{
pkgs,
inputs,
config,
...
}:
let
inherit (config.modules.meta) username;
in
{
imports = [
./hardware-configuration.nix
./home.nix
./ny.nix
../../users/ny
];
time.timeZone = "Europe/Paris";
@ -20,6 +24,7 @@
system = {
roles = {
desktop.enable = true;
portable.enable = true;
};
outputs = {
@ -60,11 +65,8 @@
};
};
hardware.graphics.enable = true;
xdg = {
portal.enable = true;
mime.enable = true;
};
specialisation = {
@ -83,30 +85,34 @@
};
programs = {
direnv = {
nix-direnv.enable = true;
enable = true;
};
dconf.enable = true;
fish.enable = true;
firefox.enable = true;
thunderbird.enable = true;
sway.enable = true;
hyprland.enable = true;
pulseview.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
seahorse.enable = true;
};
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplipWithPlugin ];
};
#hardware.sane = {
#enable = true;
#extraBackends = [ pkgs.hplipWithPlugin ];
#};
services = {
displayManager.sddm.enable = true;
dbus.enable = true;
fwupd.enable = true;
gvfs.enable = true;
printing.enable = true;
#printing.enable = true;
xserver.xkb = {
layout = "fr";
@ -122,9 +128,9 @@
powerKey = "hibernate";
};
thermald.enable = true;
#thermald.enable = true;
auto-cpufreq.enable = true;
#auto-cpufreq.enable = true;
upower = {
enable = true;
@ -137,6 +143,19 @@
users = {
defaultUserShell = pkgs.fish;
users.${username} = {
isNormalUser = true;
createHome = true;
packages = with pkgs; [
simple-scan
beekeeper-studio
];
extraGroups = [
"networkmanager"
"audio"
"libvirtd" # VM OPs
];
};
};
environment.variables = {
@ -150,19 +169,17 @@
libvirtd.enable = true;
docker = {
enable = true;
rootless.enable = true;
extraPackages = [ pkgs.docker-credential-helpers ];
rootless = {
enable = true;
setSocketVariable = true;
};
};
};
programs.virt-manager.enable = true;
programs.nix-ld.enable = true;
environment.systemPackages = with pkgs; [
shared-mime-info
glib
dconf
xdg-utils
brightnessctl
];

5
hosts/marr/home.nix
View file

@ -14,7 +14,6 @@ in
home-manager.users.${username} = {
imports = [
../../home/themes/vanilla.nix
../../home
];
@ -27,10 +26,6 @@ in
};
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
};
beets.enable = true;
vscode.enable = true;
ssh.enable = true;

71
hosts/marr/ny.nix
View file

@ -1,71 +0,0 @@
{
pkgs,
config,
inputs',
...
}:
let
inherit (config.modules.meta) username;
in
{
config = {
users.users.${username} = {
packages =
[
inputs'.nur.packages.grayjay-desktop
]
++ (with pkgs; [
digikam
fragments
element-desktop
loupe
seahorse
gimp
thunderbird
keepassxc
protonmail-bridge-gui
varia
signal-desktop
onlyoffice-desktopeditors
picard
simple-scan
insomnia
beekeeper-studio
# Proprietary
postman
mongodb-compass
obsidian
# CLI tools
jhead
fdupes
exiftool
sshfs
lazygit
wl-clipboard
# custom
nysh
scripts.screenshot
scripts.nixedit
scripts.set-background
scripts.rpaste
scripts.nrun
scripts.nruni
scripts.genswitch
scripts.gentest
scripts.editsym
scripts.deployswitch
scripts.deploytest
]);
isNormalUser = true;
createHome = true;
extraGroups = [
"networkmanager"
"audio"
"libvirtd"
];
};
};
}

31
hosts/nihilus/default.nix
View file

@ -4,6 +4,10 @@
];
modules = {
meta = {
tailscale.ip = "100.64.0.6";
};
services.tailscale = {
enable = true;
tags = [
@ -15,7 +19,6 @@
server = {
rsync-daemon = {
enable = true;
port = 9523;
openFirewall = true;
location = "/mnt/backups";
address = "100.64.0.6";
@ -31,8 +34,8 @@
mode = "write";
}
{
name = "brontes-backup";
comment = "brontes's backup space";
name = "shan";
comment = "backups for shan";
mode = "write";
}
{
@ -60,11 +63,33 @@
comment = "backup location for games";
mode = "write";
}
{
name = "brontes-backup";
comment = "brontes's backup space";
mode = "write";
}
];
};
};
};
security.polkit.enable = true;
services.prometheus.exporters.node = {
enable = true;
port = 9000;
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
enabledCollectors = [ "systemd" ];
# /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help
extraFlags = [
"--collector.ethtool"
"--collector.softirqs"
"--collector.tcpstat"
"--collector.wifi"
];
};
networking.firewall.allowedTCPPorts = [ 9000 ];
boot.initrd.systemd.tpm2.enable = false;
system.stateVersion = "24.11";

12
hosts/raptus/default.nix
View file

@ -26,6 +26,10 @@ in
group = "rustypaste";
};
forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
acme = {
owner = if config.security.acme.useRoot then "root" else "acme";
file = ../../secrets/acme.age;
};
};
boot.loader.grub = {
@ -33,6 +37,8 @@ in
efiInstallAsRemovable = true;
};
virtualisation.docker.enable = true;
modules = {
server.rustypaste = {
enable = true;
@ -93,8 +99,12 @@ in
polkit.enable = true;
acme = {
defaults.email = "admin@ccnlc.eu";
acceptTerms = true;
defaults = {
email = "contact@ccnlc.eu";
dnsProvider = "ovh";
environmentFile = config.age.secrets.acme.path;
};
};
};

6
hosts/raptus/forgejo/default.nix
View file

@ -4,10 +4,6 @@ let
sshPort = 2222;
in
{
imports = [
./runner.nix
];
systemd.tmpfiles.rules =
let
# Disallow crawlers from indexing this site.
@ -56,6 +52,8 @@ in
migrations.ALLOWED_DOMAINS = "*";
service = {
DISABLE_REGISTRATION = true;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
#REQUIRE_SIGNIN_VIEW = true;
};
packages.ENABLED = false;
log.LEVEL = "Info";

3
hosts/raptus/forgejo/runner.nix
View file

@ -12,6 +12,8 @@ let
in
{
config = mkIf cfg.enable {
virtualisation.docker.autoPrune.enable = true;
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
@ -24,6 +26,7 @@ in
labels = [
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye"
"nix-latest:docker://nixos/nix:latest"
];
settings = {

15
hosts/raptus/headscale/acls.nix
View file

@ -1,6 +1,5 @@
{
pkgs,
options,
lib,
self,
...
@ -16,6 +15,7 @@ let
};
shanMeta = self.nixosConfigurations.shan.config.modules.meta;
nihilusCfg = self.nixosConfigurations.nihilus.config;
homeAIp = "100.64.0.9";
in
{
@ -36,7 +36,16 @@ in
"tag:client"
"tag:server"
]
[ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
[
"${nihilusCfg.modules.meta.tailscale.ip}:${toString nihilusCfg.modules.server.rsync-daemon.port}"
]
)
(mkAcl
[
"${shanMeta.tailscale.ip}"
]
[ "tag:server:9000" ]
)
(mkAcl
@ -60,7 +69,6 @@ in
tags = [
"tag:client"
"tag:server"
"tag:backup"
"tag:guest"
];
@ -70,7 +78,6 @@ in
tags = map (name: "tag:${name}") [
"server"
"client"
"backup"
];
in
lib.genAttrs tags (_: users);

4
hosts/raptus/headscale/dns.nix
View file

@ -47,6 +47,10 @@
"ntfy"
"octoprint"
"assistant"
"rss"
"calibre"
"prometheus"
"grafana"
];
};
};

10
hosts/shan/calibre-web.nix
View file

@ -1,14 +1,18 @@
{ }:
{
config = {
calibre-web = {
services.calibre-web = {
enable = true;
options = {
enableBookUploading = true;
calibreLibrary = "/mnt/books";
};
};
systemd.services.calibre-web = {
after = [ "mnt-books.mount" ];
requires = [ "mnt-books.mount" ];
};
fileSystems."/mnt/books" = {
device = "192.168.178.21:/mnt/Fort/data/books";
fsType = "nfs";

54
hosts/shan/default.nix
View file

@ -10,6 +10,7 @@
./disk-config.nix
./adguard.nix
./calibre-web.nix
./prometheus.nix
];
swapDevices = [
@ -26,6 +27,10 @@
file = ../../secrets/freshrss-default-password.age;
owner = config.services.freshrss.user;
};
acme = {
owner = if config.security.acme.useRoot then "root" else "acme";
file = ../../secrets/acme.age;
};
};
boot.loader.grub = {
@ -84,6 +89,21 @@
rsync-backup = {
enable = true;
modules = [
{
sources = [
"/var/lib/paperless"
"/var/lib/radicale"
"/var/lib/navidrome"
"/var/lib/immich"
"/var/lib/freshrss"
];
target = {
location = "shan";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/var/lib/paperless" ];
target = {
@ -138,34 +158,40 @@
};
incremental.enable = true;
}
];
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "contact@ccnlc.eu";
dnsProvider = "ovh";
environmentFile = "/run/secrets/ovh";
};
security = {
polkit.enable = true;
certs."ccnlc.eu" = {
group = "nginx";
extraDomainNames = [ "*.ccnlc.eu" ];
acme = {
acceptTerms = true;
defaults = {
email = "dns@ccnlc.eu";
dnsProvider = "ovh";
dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
environmentFile = config.age.secrets.acme.path;
};
certs."ccnlc.eu" = {
group = "nginx";
extraDomainNames = [ "*.ccnlc.eu" ];
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "100M";
clientMaxBodySize = "0";
virtualHosts =
let
mkVHLocal = mkVH "http://localhost";
mkVH = domain: port: {
forceSSL = true;
useACMEHost = "ccnlc.eu";
locations."/" = {
proxyPass = "${domain}:${toString port}";
extraConfig = ''
@ -176,7 +202,6 @@
proxy_http_version 1.1;
'';
};
useACMEHost = "ccnlc.eu";
};
in
{
@ -192,6 +217,9 @@
"fritz.ccnlc.eu" = mkVH "http://192.168.178.1" 80;
"truenas.ccnlc.eu" = mkVH "https://192.168.178.21" 443;
"calibre.ccnlc.eu" = mkVHLocal config.services.calibre-web.listen.port;
"prometheus.ccnlc.eu" = mkVHLocal config.services.prometheus.port;
"adguard.ccnlc.eu" = mkVHLocal config.services.adguardhome.port;
"grafana.ccnlc.eu" = mkVHLocal config.services.grafana.settings.server.http_port;
${config.services.freshrss.virtualHost} = {
forceSSL = true;
useACMEHost = "ccnlc.eu";

59
hosts/shan/prometheus.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, ... }:
{
services.prometheus = {
enable = true;
webExternalUrl = "https://prometheus.ccnlc.eu";
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"nihilus:9000"
"shan:9000"
];
}
];
}
];
};
services.prometheus.exporters.node = {
enable = true;
port = 9000;
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
enabledCollectors = [ "systemd" ];
# /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help
extraFlags = [
"--collector.ethtool"
"--collector.softirqs"
"--collector.tcpstat"
"--collector.wifi"
];
};
services.grafana = {
enable = true;
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
}
];
};
settings = {
users = {
allow_sign_up = true;
};
server = {
protocol = "http";
http_addr = "127.0.0.1";
domain = "grafana.ccnlc.eu";
http_port = 9032;
};
};
};
}

1
modules/default.nix
View file

@ -10,7 +10,6 @@
./system/printing.nix
./system/audio.nix
./system/mime.nix
./system/polkit.nix
./users/ny.nix

4
modules/env.nix
View file

@ -1,7 +1,9 @@
{ pkgs, ... }:
{ pkgs, inputs, ... }:
{
environment.sessionVariables = {
SSH_AUTH_SOCK = "/run/user/\${UID}/keyring/ssh";
MANROFFOPT = "-c";
MANPAGER = "sh -c 'col -bx | ${pkgs.bat}/bin/bat -l man -p'";
WALLPAPERS = "${inputs.wallpapers}";
};
}

22
modules/nix/overlays.nix
View file

@ -1,5 +1,4 @@
{
inputs,
inputs',
config,
lib,
@ -8,27 +7,12 @@
{
nixpkgs.overlays = [
(final: prev: {
# Add env vars to calibre so they may get propagated to a plugin that needs them
calibre = prev.calibre.overrideAttrs (old: {
postInstall = ''
wrapProgram $out/bin/calibre \
--set QT_QPA_PLATFORM xcb \
--set-default ACSM_LIBCRYPTO ${prev.openssl.out}/lib/libcrypto.so \
--set-default ACSM_LIBSSL ${prev.openssl.out}/lib/libssl.so
'';
});
lollypop = prev.lollypop.override {
#lastFMSupport = false;
youtubeSupport = false;
};
scripts = import ../../home/scripts {
scripts = import ../scripts {
inherit lib config;
pkgs = prev.pkgs;
inherit (prev) pkgs;
};
nysh = inputs'.nysh.packages.nysh;
inherit (inputs'.nysh.packages) nysh;
})
];
}

4
modules/portals.nix
View file

@ -7,10 +7,10 @@
lib.mkIf config.xdg.portal.enable {
xdg.portal = {
config = {
sway = {
common = {
default = "*";
"org.freedesktop.impl.portal.Screenshot.PickColor" = [ "${pkgs.hyprpicker}/bin/hyprpicker" ];
};
common.default = "*";
};
# gtk portal needed to make gtk apps happy

18
modules/programs/firefox.nix
View file

@ -10,7 +10,7 @@
}:
lib.mkIf config.programs.firefox.enable {
programs.firefox = {
package = pkgs.firefox-esr;
package = pkgs.firefox-beta;
languagePacks = [
"de"
"en-GB"
@ -27,9 +27,9 @@ lib.mkIf config.programs.firefox.enable {
"browser.urlbar.suggest.trending" = false;
"browser.urlbar.suggest.weather" = false;
"browser.urlbar.suggest.yelp" = false;
"browser.urlbar.suggest.bookmark" = false;
"browser.urlbar.suggest.bookmark" = true;
"browser.urlbar.suggest.engines" = false;
"browser.urlbar.suggest.history" = false;
"browser.urlbar.suggest.history" = true;
"browser.urlbar.suggest.topsites" = false;
"browser.urlbar.suggest.calculator" = true;
"browser.urlbar.trimHttps" = false;
@ -42,6 +42,7 @@ lib.mkIf config.programs.firefox.enable {
"browser.newtabpage.activity-stream.showSearch" = false;
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.feeds.section.highlights" = false;
"browser.tabs.groups.enabled" = true;
# Add-ons
"extensions.pocket.enabled" = false;
"extensions.postDownloadThirdPartyPrompt" = false; # Prompt for install before download
@ -50,12 +51,6 @@ lib.mkIf config.programs.firefox.enable {
"dom.security.https_only_mode" = true;
"cookiebanners.service.mode" = 1;
"cookiebanners.bannerClicking.enabled" = true;
"cookiebanners.cookieInjector.enabled" = true;
"cookiebanners.service.mode.privateBrowsing" = 2;
"cookiebanners.ui.desktop.enabled" = true;
"browser.shell.checkDefaultBrowser" = false;
#"privacy.clearOnShutdown.offlineApps" = true;
"layout.spellcheckDefault" = 1;
@ -77,6 +72,8 @@ lib.mkIf config.programs.firefox.enable {
"privacy.resistFingerprinting.block_mozAddonManager" = true;
# Allow styling through userChrome.css
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"sidebar.verticalTabs" = true;
};
policies = {
PasswordManagerEnabled = false;
@ -96,9 +93,10 @@ lib.mkIf config.programs.firefox.enable {
builtins.listToAttrs [
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "firefox-translations" "firefox-translations-addon@mozilla.org")
(extension "private-relay" "private-relay@firefox.com")
(extension "decentraleyes" "jid1-BoFifL9Vbdl2zQ@jetpack")
(extension "keepassxc-browser" "keepassxc-browser@keepassxc.org")
(extension "simplelogin" "addon@simplelogin")
];
FirefoxHome = {
Search = true;

3
modules/programs/lazygit.nix
View file

@ -3,6 +3,9 @@
enable = true;
settings = {
"notARepository" = "skip";
git = {
overrideGpg = true;
};
};
};
}

62
home/scripts/default.nix → modules/scripts/default.nix
View file

@ -7,7 +7,9 @@
let
inherit (pkgs.writers) writeFishBin writeBashBin;
inherit (lib.my) getExe;
runner = config.modules.system.roles.desktop.runner;
inherit (config.modules.system.roles.desktop) runner;
nixos-rebuild =
name: word:
writeFishBin name ''
@ -18,24 +20,47 @@ let
'';
in
{
screenshot =
with pkgs;
writeShellApplication {
name = "screenshot";
runtimeInputs = [
slurp
wl-clipboard
libnotify
];
text = ''
location="$HOME/Pictures/Screenshots/$(date +%Y-%m-%d-%H%M%S)-screenshot.png";
screenshot = pkgs.writeShellApplication {
name = "screenshot";
runtimeInputs = with pkgs; [
wl-clipboard
libnotify
hyprshot
xdg-utils
];
text = ''
set -e
location="$XDG_PICTURES_DIR/screenshots/$(date +%Y-%m-%d-%H%M%S)-screenshot.png";
if zone=$(slurp); then
grim -t png -g "$zone" - | wl-copy --type image/png && wl-paste > "$location" \
&& notify-send --app-name Screenshot -i "$location" --urgency=low "Screenshot copied to clipboard" "Screenshot created at $location";
fi
'';
};
hyprshot -r -z -m region | tee "$location" | wl-copy --type image/png;
body="<img src=\"$location\"\>"
response=$(
notify-send \
"Copied to clipboard" \
"$body" \
--app-name Screenshot \
-i "$location" \
--urgency=low \
--action=COPY=Copy \
--action=OPEN=Open \
--action=DELETE=Delete
)
case "$response" in
"DELETE")
rm "$location"
;;
"COPY")
wl-copy <"$location"
;;
"OPEN")
xdg-open "$location"
;;
esac
'';
};
set-background = writeFishBin "set-background" ''
argparse 'f/file=!test -e "$_flag_value"' -- $argv; or return
@ -122,5 +147,4 @@ in
Lock) exec loginctl lock-session "$${XDG_SESSION_ID-}" ;;
esac
'';
}

0
home/scripts/list.nix → modules/scripts/list.nix
View file

0
home/scripts/logo.fish → modules/scripts/logo.fish
View file

4
modules/sddm.nix
View file

@ -1,8 +1,8 @@
{
self,
pkgs,
lib,
config,
inputs,
...
}:
lib.mkIf config.services.displayManager.sddm.enable {
@ -18,7 +18,7 @@ lib.mkIf config.services.displayManager.sddm.enable {
flavor = "mocha";
font = "Noto Sans";
fontSize = "9";
background = "${self}/assets/wallpapers/nix-flake-pastel.jpg";
background = inputs.wallpapers.wallpapers.pastel.nix-flake.path;
loginBackground = true;
})
];

23
modules/system/mime.nix
View file

@ -1,23 +0,0 @@
{
xdg.mime = {
defaultApplications =
let
fileManager = "org.gnome.Nautilus.desktop";
browser = "firefox-esr.desktop";
in
{
"inode/directory" = fileManager;
"application/zip" = fileManager;
"application/pdf" = browser;
"x-www-browser" = browser;
"text/html" = browser;
"application/vnd.comicbook+zip" = "com.github.johnfactotum.Foliate.desktop";
"application/epub+zip" = "com.github.johnfactotum.Foliate.desktop";
"image/*" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/jpeg" = "org.gnome.Loupe.desktop";
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
};
};
}

12
modules/themes/default.nix
View file

@ -8,16 +8,14 @@
config = lib.mkIf config.modules.system.roles.desktop.enable {
qt = {
enable = true;
platformTheme = "gtk2";
#platformTheme = "qt5ct";
#style = "kvantum";
platformTheme = "gtk2"; # Follow gtk theme
};
environment.systemPackages = with pkgs; [
#vimix-icon-theme
#pop-icon-theme
catppuccin-papirus-folders
#catppuccin-kvantum
(catppuccin-papirus-folders.override {
accent = "lavender";
flavor = "frappe";
})
];
};
}

2
options/fixes/rsyncd.nix
View file

@ -20,7 +20,7 @@ in
};
settings = lib.mkOption {
type = settingsFormat.type;
inherit (settingsFormat) type;
default = { };
example = {
globalSection = {

2
options/media.nix
View file

@ -88,6 +88,8 @@ in
"audio/mpeg" = cfg.audio.default;
# Ebooks sadly don't have a singular major type.
"application/epub+zip" = cfg.ebook.default;
"application/pdf" = cfg.ebook.default;
"application/vnd.comicbook+zip" = cfg.ebook.default;
};
};
};

7
options/server/navidrome.nix
View file

@ -45,7 +45,7 @@ in
};
};
};
settings = options.services.navidrome.settings;
inherit (options.services.navidrome) settings;
restartPolicy = mkOption {
type = str;
default = "always";
@ -60,7 +60,7 @@ in
fileSystems.${cfg.library.path} = mkIf (cfg.library.type == "nfs") {
device = "${cfg.library.source.ip}:${cfg.library.source.path}";
fsType = "nfs";
options = cfg.library.source.options;
inherit (cfg.library.source) options;
};
systemd.tmpfiles.rules = mkIf (cfg.library.type == "nfs") [
@ -76,6 +76,9 @@ in
};
systemd.services.navidrome = {
after = mkIf (cfg.library.type == "nfs") [ "mnt-music.mount" ];
requires = mkIf (cfg.library.type == "nfs") [ "mnt-music.mount" ];
serviceConfig = {
Restart = cfg.restartPolicy;
EnvironmentFile = config.age.secrets.navidrome.path;

2
options/server/paperless-ngx/default.nix
View file

@ -22,7 +22,7 @@ in
description = "Whether the port should be publicly accessible.";
type = bool;
};
settings = options.services.paperless.settings;
inherit (options.services.paperless) settings;
};
config = mkIf cfg.enable {

4
options/server/rsync-daemon/default.nix
View file

@ -26,7 +26,7 @@ in
default = false;
description = "Whether to open the firewall";
};
port = mkPortOption 9523 "rsyncd";
port = mkPortOption 873 "rsyncd";
address = mkOption {
type = nonEmptyStr;
default = "0.0.0.0";
@ -80,6 +80,8 @@ in
modules.fixes.services.rsyncd = {
enable = true;
inherit (cfg) port;
socketActivated = true;
settings = {
globalSection = {
inherit (cfg) port address;

2
options/server/rustypaste.nix
View file

@ -134,7 +134,7 @@ in
users.users = mkIf (cfg.user == "rustypaste") {
rustypaste = {
useDefaultShell = true;
group = cfg.group;
inherit (cfg) group;
isSystemUser = true;
};
};

2
options/services/cliphist.nix
View file

@ -40,5 +40,7 @@ in
postStop = "${cfg.package}/bin/cliphist wipe";
};
environment.systemPackages = [ cfg.package ];
};
}

1
options/services/nysh.nix
View file

@ -33,7 +33,6 @@ in
Type = "simple";
ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
Restart = "on-failure";
NoNewPrivileges = true;
};
};

13
options/services/rsync-backup/default.nix
View file

@ -85,7 +85,7 @@ in
port = mkOption {
type = port;
default = options.modules.server.rsync-daemon.port.default;
inherit (options.modules.server.rsync-daemon.port) default;
};
};
@ -135,6 +135,17 @@ in
unitConfig = {
Description = "Backs up files from a source location to a specified destination.";
};
postStop = ''
if [ "$SERVICE_RESULT" != "success" ]; then
${pkgs.curl}/bin/curl \
-H "Priority: urgent" \
-H "Title: Backup error" \
-d "Backup '${cfg.unitName}-${slugify mod.target.location}' had unexpected behaviour: $SERVICE_RESULT" \
https://ntfy.ccnlc.eu/rsync-backup
fi
'';
serviceConfig = {
Type = "simple";
Restart = "on-failure";

20
options/services/tailscale.nix
View file

@ -18,6 +18,7 @@ let
enum
bool
;
inherit (lib.my) getExe;
cfg = config.modules.services.tailscale;
in
{
@ -86,14 +87,29 @@ in
description = "tailscale system tray";
wantedBy = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [ pkgs.polkit ];
path = with pkgs; [
polkit
tailscale
];
serviceConfig = {
Type = "simple";
ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
ExecStart = getExe pkgs.tail-tray;
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
IPAddressDeny = "any";
NoNewPrivileges = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
# ProtectControlGroups = true;
#RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
};
};
};

2
options/system/outputs.nix
View file

@ -13,7 +13,7 @@ in
options.modules.system.outputs = mkOption {
type = attrsOf (
submodule (
{ name, config, ... }:
{ name, ... }:
{
options = {
name = mkOption {

1
options/system/roles/default.nix
View file

@ -3,5 +3,6 @@
./terminal.nix
./desktop.nix
./gaming.nix
./portable.nix
];
}

2
options/system/roles/gaming.nix
View file

@ -12,6 +12,7 @@ in
{
options.modules.system.roles.gaming = {
enable = mkEnableOption "gaming features";
minecraft.enable = mkEnableOption "minecraft";
};
config = mkIf cfg.enable {
@ -32,6 +33,7 @@ in
environment.systemPackages = with pkgs; [
mangohud
heroic
(mkIf cfg.minecraft.enable prismlauncher)
];
};
}

9
options/system/roles/portable.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.modules.system.roles.portable = {
enable = mkEnableOption "Laptop/Portable tweaks";
};
}

1
options/system/roles/terminal.nix
View file

@ -38,6 +38,7 @@ in
fd
ripgrep
jnv
jq
];
};
};

29
options/system/users/default.nix
View file

@ -15,29 +15,26 @@ let
;
cfg = config.modules.system.users;
file = submodule (
{ name, config, ... }:
{
options = {
path = mkOption {
type = either package null;
default = null;
};
content = mkOption {
type = either str null;
default = null;
};
file = submodule (_: {
options = {
path = mkOption {
type = either package null;
default = null;
};
}
);
content = mkOption {
type = either str null;
default = null;
};
};
});
in
{
options.modules.system.users = mkOption {
default = { };
type = attrsOf (
submodule (
{ name, config, ... }:
{ name, ... }:
{
options = {
name = mkOption {

2
parts/lib/default.nix
View file

@ -5,7 +5,7 @@
my = import ./functions.nix {
inherit inputs;
lib = self;
self = args.self;
inherit (args) self;
};
}
);

2
parts/lib/functions.nix
View file

@ -112,7 +112,7 @@ in
disko = {
mkBoot = size: {
size = size;
inherit size;
type = "EF00";
content = {
type = "filesystem";

2
parts/templates/basic/flake.nix
View file

@ -21,7 +21,7 @@
devShell = pkgs.mkShell { buildInputs = with pkgs; [ ]; };
packages.${system} = {
hello = pkgs.hello;
inherit (pkgs) hello;
default = self.packages.hello;
};
}

4
parts/templates/rust/flake.nix
View file

@ -30,12 +30,12 @@
rustBuild = rustPlatform.buildRustPackage {
inherit pname;
version = manifest.version;
inherit (manifest) version;
src = ./.;
cargoLock.lockFile = ./Cargo.lock;
meta = {
description = manifest.description;
inherit (manifest) description;
#license = nixpkgs.lib.licenses.unlicense;
maintainers = [ ];
};

BIN
secrets/acme.age Normal file
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -24,4 +24,9 @@ in
shan
ny
];
"acme.age".publicKeys = [
shan
raptus
ny
];
}

69
users/ny/default.nix
View file

@ -1,9 +1,74 @@
{
lib,
inputs',
pkgs,
config,
...
}:
let
inherit (config.modules.meta) username;
calibrePlugins = inputs'.calibre-plugins.packages;
in
{
hjem = {
users.ny = {
users.${username} = {
enable = true;
imports = [ ./programs ];
imports = [
./programs
./misc
];
files = {
".config/calibre/plugins/ACSM Input.zip".source = calibrePlugins.acsm-calibre-plugin;
".config/calibre/plugins/DeDRM.zip".source = calibrePlugins.dedrm-plugin;
};
};
specialArgs = {
libmy = lib.my;
};
clobberByDefault = true;
};
users.users.${username}.packages =
[
inputs'.nur.packages.grayjay
]
++ (with pkgs; [
keepassxc
fragments
element-desktop
libreoffice
loupe
pwvucontrol
thunderbird
protonmail-bridge-gui
tagger
kid3
hoppscotch
# proprietary
obsidian
# CLI tools
jhead
fdupes
exiftool
sshfs
wl-clipboard
# custom
nysh
scripts.nixedit
scripts.set-background
scripts.fishl
scripts.nrun
scripts.nruni
scripts.rpaste
scripts.genswitch
scripts.gentest
scripts.editsym
scripts.deployswitch
scripts.deploytest
scripts.screenshot
]);
}

3
users/ny/misc/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
imports = [ ./gtk.nix ];
}

12
users/ny/misc/gtk.nix Normal file
View file

@ -0,0 +1,12 @@
{
rum.gtk = {
enable = true;
bookmarks = [
"file:///home/ny/Documents Documents"
"file:///home/ny/Music Music"
"file:///home/ny/Pictures Pictures"
"file:///home/ny/Videos Videos"
"file:///home/ny/Downloads Downloads"
];
};
}

2
users/ny/programs/default.nix
View file

@ -3,5 +3,7 @@
./foot.nix
./fuzzel.nix
./keepassxc.nix
./git.nix
./hyprlock.nix
];
}

6
users/ny/programs/fuzzel.nix
View file

@ -1,10 +1,10 @@
{ lib, osConfig, ... }:
{ libmy, osConfig, ... }:
let
inherit (osConfig.modules.system.roles) desktop;
in
{
rum.programs.fuzzel = {
enable = desktop.enable;
inherit (desktop) enable;
settings = {
main = {
icon-theme = "Papirus-Dark";
@ -12,7 +12,7 @@ in
font = "Hack:weight=bold";
line-height = 30;
fields = "name,generic,comment";
terminal = lib.my.getExe desktop.terminal;
terminal = libmy.getExe desktop.terminal;
prompt = ''" "'';
layer = "overlay";
};

42
users/ny/programs/git.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, libmy, ... }:
let
inherit (libmy) getExe;
in
{
rum.programs.git = {
enable = true;
settings = {
user = {
email = "git@ccnlc.eu";
name = "nydragon";
signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw";
};
gpg.format = "ssh";
push = {
autoSetupRemote = true;
};
pull = {
rebase = true;
};
core = {
editor = "${getExe pkgs.neovim}";
pager = "${getExe pkgs.delta}";
};
interactive = {
diffFilter = "${getExe pkgs.delta} --color-only";
};
init = {
defaultBranch = "main";
};
merge = {
conflictstyle = "diff3";
};
diff = {
colorMoved = "default";
};
tag.gpgSign = true;
commit.gpgSign = true;
};
destination = ".config/git/config";
};
}

6
home/hyprlock/default.nix → users/ny/programs/hyprlock.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }:
lib.mkIf config.programs.hyprlock.enable {
programs.hyprlock = {
{
rum.programs.hyprlock = {
enable = true;
settings = {
general = {
hide_cursor = true;

1
users/ny/programs/keepassxc.nix
View file

@ -11,6 +11,7 @@
Enabled = true;
};
GUI = {
ApplicationTheme = "dark";
ColorPasswords = true;
MinimizeOnClose = true;
MinimizeOnStartup = true;