servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: servius:7eead37864bd96d9d487ef88e4b26d1dfd6300d4
Branches Tags
servius:master
...
compare: servius:master
Branches Tags
servius:master

95 Commits
7eead37864 ... master

Author SHA1 Message Date
uttarayan21
24fab1402b feat(ssh): update hostnames and comment out mirai block from ssh config
Some checks are pending
Flake checker / Build Nix targets (push) Waiting to run
Details
2025-12-06 05:53:30 +05:30
uttarayan21
5e7bb9c986 fix(configuration): set uid for remotebuilder user
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-06 03:44:52 +05:30
uttarayan21
0dda14266d feat(configuration): enable Nix and upgrade system state version
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-06 03:42:04 +05:30
uttarayan21
0b1924359e feat(gtk): force dark color scheme for ryu device 2025-12-06 03:36:58 +05:30
uttarayan21
7dcb0df9b8 fix(darwin): uncomment user and host configurations
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-05 15:31:41 +05:30
uttarayan21
ec543d6c5d feat(configuration): add system user flag and description for remotebuilder
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-05 15:09:06 +05:30
uttarayan21
224edeb402 refactor(aichat): update model to openai:gpt-4o from selfhosted
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details 
fix(configuration): add Wake on LAN to allowed UDP ports
 2025-12-05 14:21:20 +05:30
uttarayan21
85a130d868 chore(build): replace mirai builder with tako in build machine configurations
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-05 02:06:28 +05:30
uttarayan21
2347c002d8 feat: Remove the game servers
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-05 01:44:05 +05:30
uttarayan21
7e9a64023f feat(vicinae): update nixpkgs and adjust keybinding patch for Ctrl+N/P support
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-05 00:01:34 +05:30
uttarayan21
630c087308 fix: Nix modify root and /nix partition uuids
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-04 13:53:26 +05:30
uttarayan21
452e287fb0 feat: remove mirai
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-03 17:38:20 +05:30
uttarayan21
97434671a9 feat: Added zed and zen
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-03 15:06:45 +05:30
uttarayan21
dcfe921975 feat: Added nvim to shiro
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-03 01:29:53 +05:30
uttarayan21
0e8d262b4a fix: Don't enable gimp in macos
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-02 12:43:33 +05:30
uttarayan21
25db631be3 feat(vicinae): enable service based on device type
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-01 20:14:53 +05:30
uttarayan21
19ee636814 feat(ryu): added vicinae 2025-12-01 20:13:39 +05:30
uttarayan21
1c8f908375 feat: update flake inputs to 25.05 and add deploy command for ryu
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-01 19:19:41 +05:30
uttarayan21
cebf1c9052 fix(aichat): correct commit message generation instruction in prompt 2025-12-01 16:43:09 +05:30
uttarayan21
ddb42b131a fix(ryu): remove openrazer group and add gamemode group for user 2025-12-01 16:40:48 +05:30
uttarayan21
0f6ee21a35 fix: update deploy-rs usage and nix version for mirai and related systems
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-11-28 16:30:48 +05:30
uttarayan21
1e3e314411 feat(nixos): enable ssh service with security enhancements 
The commit enables the SSH service on the ryu NixOS configuration with enhanced security settings including disabling password authentication and prohibiting root login. It also adds several font packages to the home configuration.

Changes:
- Enabled SSH service in ryu configuration with security settings
- Added font packages to home programs
- Moved SSH service definition to its own module file
- Removed SSH enablement from main configuration
- Updated service imports to include openssh module
 2025-11-28 15:18:23 +05:30
uttarayan21
96c927c0db feat(nixos): rename configuration from tako to mirai and update service imports 
This commit renames the NixOS configuration from "tako" to "mirai" across all relevant files, updates secret paths, hostnames, and service imports accordingly. The changes reflect a complete renaming of the system configuration while maintaining all functionality.
 2025-11-28 00:55:19 +05:30
uttarayan21
e53c1d2f25 fix(caddy): switch dns provider from hetzner to cloudflare across all services 2025-11-27 22:17:31 +05:30
uttarayan21
9542689024 feat(tako): enable autoLaunch and disable password login for immich 
chore(tako): uncomment excalidraw, flaresolverr, and prowlarr service imports
 2025-11-27 20:53:52 +05:30
uttarayan21
a9616c8564 feat(neovim): enable on tako device 
feat(authelia): configure port and reverse proxy
feat(lldap): force password reset and update settings
fix(nixos): remove root from trusted users on ryu and tako
fix(immich): disable auto launch and enable password login
refactor(tako): enable authelia, immich, and lldap services
chore(secrets): update lldap seed and metadata timestamps
 2025-11-27 20:51:34 +05:30
uttarayan21
f9970ce3af fix: use device.user for trusted users and primary user across configurations 
The changes update the configuration to use a `device.user` variable instead of hardcoded usernames like "fs0c131y" and "servius". This makes the configurations more flexible and reusable across different devices. The changes affect nixos configurations for mirai, ryu, and tako, as well as the darwin configuration for kuro, and the deploy.nix file.

The key changes include:
- Replacing hardcoded usernames with `device.user` in trusted-users lists
- Updating system.primaryUser to use `device.user`
- Modifying user definitions to use the device.user variable
- Adjusting deploy configuration to use "servius" as sshUser for tako
- Commenting out some service modules in tako's services/default.nix
 2025-11-27 17:37:02 +05:30
uttarayan21
bd889f3a5e docs: simplify README to focus on machine list and update flake references 2025-11-27 16:51:22 +05:30
uttarayan21
a8ece6cf19 feat: update flake dependencies and add openssh service config 2025-11-26 21:07:30 +05:30
uttarayan21
6a04621728 feat(builders): add tako builder configuration 
chore(flake): update flake.lock for tako builder and dependency updates

chore(flake): switch hyprmonitors to https url

chore(home): remove unused linux-file-converter-addon

fix(home): remove commented out program enable line
 2025-11-26 20:29:04 +05:30
uttarayan21
18d18ff693 fix: change hyprmonitors fetch method to https 2025-11-26 20:25:49 +05:30
uttarayan21
b555cbe0af chore(nix): remove lfca dependency and add sd_mod kernel module 2025-11-26 20:20:59 +05:30
uttarayan21
d414e862f5 fix(tako): remove nvme from initrd modules and switch cpu microcode update to intel 2025-11-26 19:17:29 +05:30
uttarayan21
eadb0c45ce fix: update handoff dependency to github source 
The commit updates the handoff flake dependency from a local path to a GitHub repository. This changes the source URL from a local path "/home/servius/Projects/handoff" to "github:xatuke/handoff" and updates the corresponding lock file entries with new revision and hash information.

The change affects:
- flake.nix: Updated handoff url from path to github
- flake.lock: Updated handoff locked and original fields to reflect github source

This ensures the project uses the upstream handoff repository instead of a local development path.
 2025-11-26 18:55:04 +05:30
uttarayan21
f1d8ea6069 feat(deploy): update mirai hostname and add tako deployment config 
The commit updates the hostname for the mirai node to include the full domain name and adds a new deployment configuration for a tako node. It also includes changes to the tako configuration file such as updating secret paths, user configuration, timezone, and disk layout settings. Additionally, several services are commented out in the tako configuration.
 2025-11-26 18:43:30 +05:30
uttarayan21
b5399c5cc8 feat: Added tako 2025-11-26 18:15:12 +05:30
uttarayan21
58594d582b feat(chat): implement qwen3-coder-30b model with custom chat template and tool support 
The commit message reflects the main changes:
1. Updated model name from "gpt-oss-20b" to "qwen3-coder-30b" in aichat.nix
2. Changed the default model to ryu:qwen3-coder-30b in aichat.nix
3. Added a new chat template file (chat.hbs) with tool/function calling support
4. Configured llama.cpp to use the new chat template file
5. Enabled HDR display settings in hyprland
6. Modified gamemode to unload lmstudio on start and added custom script for gamemode startup

All changes are focused on implementing Qwen3-Coder-30B model with enhanced tool calling capabilities and system configuration improvements.
 2025-11-26 15:34:10 +05:30
uttarayan21
3a8e182170 feat: enable tinymist and add dualsense service configuration 2025-11-25 23:09:03 +05:30
uttarayan21
106eccf350 chore: remove immich and wivrn dependencies from flake config 2025-11-23 23:42:00 +05:30
uttarayan21
2f870f4f2e feat(nixos): integrate headplane and enhance configs with new services 2025-11-23 05:16:49 +05:30
uttarayan21
a99cc07124 refactor(tailscale): update to use masterPkgs for tailscale 2025-11-22 19:24:29 +05:30
uttarayan21
819c444daf feat(vms): configure libvirt and QEMU settings in default.nix 2025-11-22 16:18:39 +05:30
uttarayan21
d8f045d69e feat(flakes): update crates.io-index 2025-11-22 15:47:02 +05:30
uttarayan21
2721c696d0 feat(programs): add opencode configuration 
Enable 'opencode.nix' and update associated configurations.
 2025-11-22 03:17:53 +05:30
uttarayan21
682531cff4 chore: update flake.lock and refactor GUI service config 2025-11-21 12:05:54 +05:30
uttarayan21
2ff867e6b6 feat(eww): add "Activate Linux" widget and assets 
Add ".gitattributes" for LFS, update flake.nix, and include new eww widget, README, image, SCSS, and Yuck configuration.
 2025-11-20 16:19:21 +05:30
uttarayan21
2ce14b1c70 feat(nixos): add AirPods handoff service configuration 2025-11-17 21:04:56 +05:30
uttarayan21
f653079816 chore: update gnome-shell and stylix sources in flake.lock 2025-11-16 23:59:44 +05:30
uttarayan21
f952623634 docs: remove DEVICE_ARCHITECTURE.md file 2025-11-16 21:30:05 +05:30
uttarayan21
63720605a0 chore: update dependencies and modify OBS plugins configuration 2025-11-16 02:07:17 +05:30
uttarayan21
86a6dc481d chore(nix): update flake.lock and refactor ryu services configuration 2025-11-14 20:00:46 +05:30
uttarayan21
49ef43cf25 feat(home): add vesktop package and configure xdg portal for hyprland 2025-11-13 04:14:07 +05:30
uttarayan21
1a42c54678 feat(neovim): add shortcut for sidekick CLI toggle 
fix(ryu): update filesystem type to ntfs3
 2025-11-12 16:47:27 +05:30
uttarayan21
4edb4e5535 chore: remove deoxys VM server from configuration files 2025-11-12 15:20:58 +05:30
uttarayan21
1f5664502c feat: re-enable and update ddcbacklight integration 2025-11-11 20:17:57 +05:30
uttarayan21
971d5ebb76 fix(hyprland): update path for swaync-client in hyprland config 2025-11-11 19:08:27 +05:30
uttarayan21
bbe44afe28 feat: add wivrn and nixpkgs-xr inputs and update related configs 2025-11-11 18:28:14 +05:30
uttarayan21
ca194088ae feat(nixos): add wlx-overlays and wivrn services, update gamemode settings 2025-11-11 16:55:53 +05:30
uttarayan21
d301d3fd98 chore(nixvim): disable stylix integration in neovim configuration 2025-11-11 16:55:34 +05:30
uttarayan21
ba648817a3 refactor: update dependencies and flake configurations 2025-11-11 13:46:26 +05:30
uttarayan21
43fb59184c feat: Update flake.nix
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-11-03 12:04:25 +02:00
uttarayan21
c32e7a81f8 chore: disable llama.nix service and comment in default.nix 2025-11-03 09:56:03 +02:00
uttarayan21
d93952b272 chore(services): comment out unused llama.nix import 2025-11-03 13:25:22 +05:30
uttarayan21
21e2463822 feat: update flake configurations and add WoL for tsuba device 2025-11-03 13:20:00 +05:30
uttarayan21
fb3af7f9fa feat(neovim): add tree-sitter-pest support and refactor configurations 2025-11-03 00:56:43 +05:30
uttarayan21
0f77e228b0 feat(nixos): add terraria and gamemode services and update configurations 2025-11-02 22:14:34 +05:30
uttarayan21
bf5077a437 feat(programs): add fastfetch configuration file 2025-10-31 00:44:16 +05:30
uttarayan21
64380acf01 feat(nix): add nix-auth and update flake-utils dependencies 2025-10-30 22:37:43 +05:30
uttarayan21
e68b9ca00a feat(configuration): add trusted interface and UDP port for Warframe 2025-10-30 11:33:50 +05:30
uttarayan21
6b53bd8dc3 feat(nixos): allow UDP ports 4950 and 4955 for Warframe 2025-10-29 23:38:29 +05:30
uttarayan21
57317446da feat(hyprpaper): update wallpaper configurations and preload logic 
fix(nixos): enable nftables in ryu configuration
 2025-10-29 18:55:40 +05:30
uttarayan21
209cbf4cbb chore: remove wallpaperengine configuration and package files 2025-10-28 22:23:59 +05:30
uttarayan21
c0c6de8a45 chore(fmt): Run alejandra fmt 2025-10-28 20:07:33 +05:30
uttarayan21
4c54d131af feat: Use upstream anyrun with a patch applied 2025-10-28 18:02:53 +05:30
uttarayan21
782b040ee6 chore: update flake.lock and adjust program definitions 2025-10-27 18:10:07 +05:30
uttarayan21
cf8314dbd0 chore: update flake.lock and improve hyprland bindings and neovim config 2025-10-27 17:44:50 +05:30
uttarayan21
e521076313 feat(neovim): add JSON formatter and set formatexpr for buffers 2025-10-27 14:33:54 +05:30
uttarayan21
b8036c00ec feat: add lfca input and update flake-utils in flake.lock 2025-10-26 04:52:10 +05:30
uttarayan21
d1959bdd8f feat(immich): re-enable immich 2025-10-26 02:03:01 +05:30
uttarayan21
88df4eef88 feat(dashboards): add Grafana monitoring dashboards for various nodes
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-10-24 15:27:33 +05:30
uttarayan21
937f4c8590 fix(git): move signingkey to correct config block 2025-10-24 14:52:59 +05:30
uttarayan21
5539c45489 feat(monitoring): update OIDC config for improved authentication handling 2025-10-24 14:36:15 +05:30
uttarayan21
705c6c0b3b feat(monitoring): update OAuth config for improved security settings 2025-10-24 14:13:59 +05:30
uttarayan21
bda071e9f8 feat(monitoring): add Grafana and Prometheus service configurations 2025-10-24 13:49:43 +05:30
uttarayan21
41d2200b2e refactor(git): update configuration to use centralized email setting 
refactor(starship): enhance config with palette and external TOML file
 2025-10-24 09:57:05 +05:30
uttarayan21
b2982efef0 refactor(home): use mkForce for config values and disable stylix targets 2025-10-24 09:34:29 +05:30
uttarayan21
322e4e4230 refactor(darwin,nixos): simplify module imports and theme configs 2025-10-24 08:54:36 +05:30
uttarayan21
7e98fc2e52 feat(darwin): add stylix module for enhanced styling options 2025-10-24 08:18:46 +05:30
uttarayan21
32ee60eae4 feat(home): add RetroArch for device "ryu" and update MPV config 
Add RetroArch as a home package for devices named "ryu" and enhance MPV configuration with GPU settings. Adjust wallpaper engine service to improve performance. Add a script for enabling HDR with Steam commands.
 2025-10-23 00:43:16 +05:30
uttarayan21
d1980ac0ae chore: update flake.lock with latest revisions and narHashes 
feat(hyprland): enable direct_scanout and set bitdepth to 10

fix(hyprpaper): conditionally enable based on 'ryu' device

fix(wallpaperengine): add shorthand flag for scaling option

feat(ryu): switch to open NVIDIA driver and use latest package
 2025-10-22 03:03:51 +05:30
uttarayan21
5a04c53801 feat(steam): add protonup-qt to system packages 2025-10-21 17:26:16 +05:30
uttarayan21
8ac3e4a723 feat(services): add wallpaperengine service and update configs 2025-10-21 15:41:59 +05:30
uttarayan21
5fe2e20829 feat(apps): add wallpaper engine support in Nix configuration 2025-10-21 12:29:19 +05:30
uttarayan21
907bb67f28 chore: remove commented-out sections for unused services 2025-10-18 14:33:41 +05:30
uttarayan21
6ff9fb3a0a refactor(services): comment out jellyseerr and lidarr, delete sonarr and radarr 2025-10-18 13:40:12 +05:30
158 changed files with 4852 additions and 6695 deletions
Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
*.png filter=lfs diff=lfs merge=lfs -text

9
.rules Normal file
View File

@@ -0,0 +1,9 @@
# Identity
You are a sysadmin that manages server configurations and deployments in nixos/nix-darwin and the nix language.
# Instructions
1. DO NOT under any circumstance create any new markdown files in this repository.
2. DO NOT add any helper scripts or shell scripts.
3. DO NOT add any example / snippets or sample code.
4. All configurations must be done using nix expressions if possible.
5. When adding any new file ensure it follows the existing naming conventions and directory structure.

215
DEVICE_ARCHITECTURE.md
View File

@@ -1,215 +0,0 @@
# Device Architecture Overview
This document provides a comprehensive overview of all devices managed by this NixOS/nix-darwin dotfiles repository.
> **Visual Diagram**: See [assets/devices-diagram.svg](assets/devices-diagram.svg) for a visual representation of this architecture.
## Device Categories
### 🖥️ Server Infrastructure (Headless)
#### mirai (Main Server)
- **Architecture**: x86_64-linux
- **User**: fs0c131y
- **Role**: Primary server hosting various services
- **Configuration**: NixOS + Home Manager
- **Hardware**: AMD CPU with NVME storage
- **Location**: Local network
- **Services**:
- Nextcloud (file storage and sync)
- Gitea (Git hosting)
- Minecraft server
- Immich (photo management)
- Paperless (document management)
- Tailscale VPN node
- ZeroTier network node
- Atuin (shell history sync)
- LLDAP (LDAP server)
- Navidrome (music streaming)
- Searxng (search engine)
- Syncthing
- And many more services
#### deoxys (VM Server)
- **Architecture**: x86_64-linux
- **User**: servius
- **Role**: Virtual machine server for testing and isolation
- **Configuration**: NixOS + Home Manager
- **Location**: Local network
#### tsuba (Raspberry Pi)
- **Architecture**: aarch64-linux
- **User**: servius
- **Role**: ARM-based server for lightweight services
- **Configuration**: NixOS + Home Manager (using stable channel)
- **Hardware**: Raspberry Pi
- **Access**: External via tsuba.darksailor.dev
- **Special**: Uses nixos-raspberrypi input for hardware support
### 💻 Development Workstations
#### ryu (Main Desktop)
- **Architecture**: x86_64-linux
- **User**: servius
- **Role**: Primary development workstation
- **Configuration**: NixOS + Home Manager
- **Desktop Environment**: Hyprland (primary) + GNOME (fallback)
- **Features**:
- Multi-monitor setup:
- Primary: HDMI-A-1 (Gigabyte FO27Q3)
- Secondary: DP-3 (Acer XV272U)
- Tertiary: DP-1 (Gigabyte M27Q)
- Audio production setup (musnix)
- Gaming support (Wine, Steam)
- Virtualization (virt-manager)
- Hardware acceleration (CUDA support)
- Secure boot with Lanzaboote
- TPM2 support
#### shiro (Mac Mini)
- **Architecture**: aarch64-darwin (Apple Silicon)
- **User**: servius
- **Role**: macOS desktop and build server
- **Configuration**: nix-darwin + Home Manager
- **Features**:
- ARM64 build server for distributed builds
- Samba file sharing
- Colima container runtime
- Aerospace window management
### 📱 Portable/Mobile Devices
#### kuro (MacBook)
- **Architecture**: aarch64-darwin (Apple Silicon)
- **User**: fs0c131y
- **Role**: macOS development machine
- **Configuration**: nix-darwin + Home Manager
- **Features**:
- Touch ID for sudo authentication
- Custom keyboard mappings
- Homebrew integration
#### SteamDeck (Gaming Handheld)
- **Architecture**: x86_64-linux
- **User**: deck
- **Role**: Portable gaming device
- **Configuration**: Home Manager only (no NixOS)
- **Special**: Uses SteamOS with Home Manager overlay
## Network Architecture
### VPN Networks
- **Tailscale**: Primary VPN connecting most devices
- Devices: mirai, deoxys, tsuba, deck
- **ZeroTier**: Secondary network layer
- Devices: mirai, ryu
### Local Network
- **Primary connection**: ryu (main desktop)
- **Wake-on-LAN**: Enabled for ryu (eno1 interface)
## Configuration Management
### NixOS Flake
- **Manages**: mirai, deoxys, tsuba, ryu
- **Features**: Unified configuration across Linux devices
- **Inputs**: Multiple flake inputs for extended functionality
### nix-darwin
- **Manages**: kuro, shiro
- **Features**: macOS system configuration
### Home Manager
- **Standalone**: deck (SteamDeck)
- **Integrated**: All other devices
- **Stable channel**: Used for tsuba
## Build Infrastructure
### Distributed Building
- **Build machines**:
- mirai (primary build server)
- shiro (macOS builds)
- tsuba (ARM builds, commented out)
- **Consumers**:
- ryu (uses remote builders)
- kuro (uses remote builders)
### Cache Strategy
- **Substituters**:
- nix-community.cachix.org
- nixos-raspberrypi.cachix.org (for ARM builds)
- **Build optimization**: Auto-optimise-store enabled
## Deployment Strategy
### SSH-based Deployment
Using deploy-rs for automated deployments:
```
ryu → mirai, deoxys, tsuba, deck
kuro → mirai, shiro
```
### Special Access
- **tsuba**: Accessed via external domain (tsuba.darksailor.dev)
- **All servers**: SSH key authentication with authorized_keys
## Hardware-Specific Features
### ryu (Desktop)
- **Graphics**: NVIDIA with CUDA support
- **Audio**: Professional audio setup with musnix
- **Input devices**: QMK keyboard support
- **Monitors**: DDC/CI control with ddcutil
- **Security**: TPM2, secure boot (Lanzaboote)
### mirai (Server)
- **CPU**: AMD with virtualization support
- **Storage**: Custom disk layout with disko
- **Containers**: Docker with custom mount points
- **Emulation**: aarch64-linux binfmt support
### macOS Devices (kuro - MacBook, shiro - Mac Mini)
- **Authentication**: Touch ID integration (kuro)
- **Keyboard**: Custom modifier key mappings
- **Package management**: Homebrew + Nix hybrid approach
- **Build server**: shiro provides ARM64 builds for the network
## Security Features
- **SOPS**: Secrets management across all devices
- **SSH keys**: Centralized key management
- **Fail2ban**: Enabled on mirai
- **Secure boot**: Implemented on ryu
- **TPM**: Hardware security on ryu
## Development Environment
### Shared Tools
- **Editor**: Nixvim (custom Neovim configuration)
- **Shell**: Fish + Nushell support
- **Terminal**: Various per-device preferences
- **Version control**: Git with shared configuration
### Language Support
- **Rust**: Custom overlay with latest toolchain
- **Python**: Python 3 with development tools
- **Nix**: Latest Nix with flakes enabled
- **Web**: Node.js and web development tools
## Monitoring and Observability
- **System metrics**: Collected across all NixOS devices
- **Shell history**: Synchronized via Atuin
- **File synchronization**: Syncthing for selective sync
## Backup and Data Management
- **Nextcloud**: Primary cloud storage on mirai
- **Syncthing**: Decentralized file sync
- **Git repositories**: Self-hosted on Gitea (mirai)
- **Photos**: Immich for photo management
- **Documents**: Paperless for document archival
This architecture provides a robust, scalable, and maintainable infrastructure for development, gaming, media consumption, and server hosting across multiple platforms and architectures.

264
README.md
View File

@@ -1,259 +1,11 @@
# Personal Dotfiles & NixOS Configuration # Machines
A comprehensive, multi-platform dotfiles repository managing Linux, macOS, and specialized devices through Nix flakes, NixOS, nix-darwin, and Home Manager. 1. Ryu Dektop (Intel i9-14900KS / Nvidia 5090 / 64GB CL36@6000MTs)
## 📊 Architecture Overview
This repository manages **7 devices** across multiple platforms and architectures:
- **3 Servers**: mirai (main), deoxys (VM), tsuba (Raspberry Pi)
- **1 Workstation**: ryu (primary desktop)
- **3 Portable devices**: kuro (MacBook), SteamDeck, and 1 desktop Mac Mini (shiro)
> 📈 **Visual Architecture**: See [Device Architecture Diagram](assets/devices-diagram.svg) for a complete visual overview.
## 🖥️ Device Portfolio
### Server Infrastructure
| Device | Architecture | Role | Services |
|--------|-------------|------|----------|
| **mirai** | x86_64-linux | Main Server | Nextcloud, Gitea, Minecraft, Immich, Paperless, +20 more |
| **deoxys** | x86_64-linux | VM Server | Testing & isolation environment |
| **tsuba** | aarch64-linux | Raspberry Pi | ARM-based lightweight services |
### Development Environment
| Device | Architecture | Setup | Features |
|--------|-------------|-------|----------|
| **ryu** | x86_64-linux | Main Desktop | Hyprland+GNOME, 3-monitor setup, gaming, audio production |
| **shiro** | aarch64-darwin | Mac Mini Desktop | nix-darwin + Home Manager, build server |
### Portable Devices
| Device | Architecture | Platform | Configuration |
|--------|-------------|----------|---------------|
| **kuro** | aarch64-darwin | MacBook | nix-darwin + Home Manager |
| **SteamDeck** | x86_64-linux | SteamOS | Home Manager only |
## 🚀 Quick Start
### Prerequisites
```bash
# Install Nix with flakes support
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
``` ```
deploy -s .#ryu
### Installation
#### NixOS (Linux)
```bash
sudo nixos-rebuild switch --flake .#<device-name>
``` ```
2. Mirai Server (AMD Ryzen 7 7700 / 64GB@5200MHz)
#### macOS (nix-darwin) 3. Tako Server (Intel Xeon E-2236 / 64GB)
```bash 4. Tsuba Server (Raspberry Pi 5 / 8GB)
nix run nix-darwin -- switch --flake .#<device-name> 5. Kuro Laptop (Apple M4 Pro macbook / 24GB)
``` 6. Shiro Desktop (Apple M4 macmini / 16GB)
#### Home Manager only (SteamDeck)
```bash
nix run home-manager/master -- switch --flake .#deck
```
### Available Devices
- `mirai` - Main server
- `ryu` - Primary desktop
- `deoxys` - VM server
- `tsuba` - Raspberry Pi
- `kuro` - MacBook (fs0c131y)
- `shiro` - MacBook (servius)
- `deck` - SteamDeck
## 🛠️ Development Tools
### Using Just (Recommended)
```bash
# Install on current system
just install
# Build without switching
just build
# Try Neovim configuration
just nvim
# Home Manager for non-NixOS
just home
```
### Core Technologies
- **OS**: NixOS, macOS, SteamOS
- **Shells**: Fish (primary), Nushell
- **Editor**: Neovim with custom nixvim configuration
- **Desktop**: Hyprland (Linux), Yabai + Aerospace (macOS)
- **Terminals**: Foot, Wezterm, Kitty
- **Package Management**: Nix Flakes with distributed building
## 🎯 Key Features
### 🔧 Multi-Platform Configuration Management
- **NixOS**: Complete system configuration for servers and workstations
- **nix-darwin**: macOS system management with Homebrew integration
- **Home Manager**: User environment configuration across all platforms
### 🌐 Network Infrastructure
- **Tailscale VPN**: Secure mesh networking across all devices
- **ZeroTier**: Secondary network layer for specific services
- **SSH Deployment**: Automated deployment via deploy-rs
### ⚡ Development Environment
- **Nixvim**: Custom Neovim configuration with LSP, tree-sitter, and plugins
- **Multi-monitor support**: Professional 3-monitor setup on ryu
- **Cross-compilation**: ARM64 and x86_64 support with distributed builds
### 🔒 Security & Secrets Management
- **SOPS**: Encrypted secrets management across all devices
- **SSH Keys**: Centralized key distribution
- **Secure Boot**: Lanzaboote implementation on ryu
- **TPM Support**: Hardware security module integration
### 🏗️ Build Infrastructure
- **Distributed Building**: mirai, shiro as build servers
- **Binary Caches**: nix-community and custom caches
- **Cross-platform**: ARM64 and x86_64 builds
## 📦 Self-Hosted Services (mirai)
### Core Services
- **Nextcloud**: File storage and synchronization
- **Gitea**: Self-hosted Git server
- **Immich**: Photo management and AI-powered search
- **Paperless**: Document management and OCR
### Development Tools
- **Atuin**: Shell history synchronization
- **LLDAP**: Lightweight LDAP server
- **VS Code Server**: Remote development environment
### Entertainment & Media
- **Minecraft Server**: Gaming server
- **Navidrome**: Music streaming server
- **Polaris**: Alternative music server
### Networking & Security
- **Tailscale**: VPN coordination node
- **ZeroTier**: Network management
- **Fail2ban**: Intrusion prevention
- **Caddy**: Reverse proxy and SSL termination
## 🎮 Gaming & Entertainment
### Gaming Setup (ryu)
- **Steam**: Native Linux gaming
- **Wine/Proton**: Windows game compatibility
- **Controller support**: Multiple gamepad configurations
- **Performance**: NVIDIA GPU with CUDA support
### Audio Production
- **Musnix**: Real-time audio kernel optimization
- **Professional audio**: Low-latency audio pipeline
- **Hardware support**: Audio interfaces and MIDI controllers
## 📱 Portable Configuration
### macOS Features (kuro - MacBook, shiro - Mac Mini)
- **Touch ID**: Sudo authentication integration (kuro)
- **Keyboard remapping**: Custom modifier key layouts
- **Aerospace/Yabai**: Tiling window management
- **Homebrew**: Package management for macOS-specific applications
- **Build server**: shiro serves as ARM64 build machine
### SteamDeck Integration
- **Home Manager**: User environment without system changes
- **Tailscale**: VPN connectivity for remote access
- **Development tools**: Portable development environment
## 🔄 Deployment & Management
### Automated Deployment
```bash
# Deploy to all servers from ryu
deploy .
# Deploy specific device
deploy .#mirai
```
### Build Management
- **Local builds**: Fast builds on powerful workstations
- **Remote builds**: Offload to build servers for efficiency
- **Binary caches**: Minimize rebuild times across devices
### Configuration Updates
- **Git-based**: All configurations version controlled
- **Atomic updates**: Rollback capability for all changes
- **Testing**: Safe deployment with easy rollback
## 📚 Try My Configurations
### Neovim Configuration
```bash
# Try my Neovim setup without installation
nix run github:uttarayan21/dotfiles#neovim
```
### Standalone Packages
The flake provides packages for:
- Custom Neovim configuration
- Development shells with tools
- Custom applications and scripts
## 🛡️ Security Practices
- **Encrypted secrets**: All sensitive data managed via SOPS
- **SSH hardening**: Key-based authentication only
- **Network segmentation**: VPN-based access control
- **Regular updates**: Automated security updates via Nix channels
- **Hardware security**: TPM and secure boot where available
## 📖 Documentation
- **[Device Architecture](DEVICE_ARCHITECTURE.md)**: Detailed device specifications and relationships
- **[Visual Diagram](assets/devices-diagram.svg)**: Complete infrastructure overview
- **Module documentation**: Inline documentation for custom Nix modules
## 🧰 Included Tools
### Command Line Utilities
| Tool | Purpose | Repository |
|------|---------|------------|
| `bat` | Enhanced cat with syntax highlighting | [sharkdp/bat](https://github.com/sharkdp/bat) |
| `dust` | Intuitive du replacement | [bootandy/dust](https://github.com/bootandy/dust) |
| `eza` | Modern ls replacement | [eza-community/eza](https://github.com/eza-community/eza) |
| `fd` | Simple, fast find alternative | [sharkdp/fd](https://github.com/sharkdp/fd) |
| `fzf` | Command-line fuzzy finder | [junegunn/fzf](https://github.com/junegunn/fzf) |
| `just` | Command runner | [casey/just](https://github.com/casey/just) |
| `ripgrep` | Fast text search | [BurntSushi/ripgrep](https://github.com/BurntSushi/ripgrep) |
| `starship` | Cross-shell prompt | [starship/starship](https://github.com/starship/starship) |
| `zoxide` | Smarter cd command | [ajeetdsouza/zoxide](https://github.com/ajeetdsouza/zoxide) |
### GUI Applications
- **Anyrun**: Application launcher for Hyprland
- **Hyprland**: Modern Wayland compositor
- **Ghostty**: GPU-accelerated terminal
- **Firefox**: Web browser with custom CSS
- **And many more...**
## 🤝 Contributing
This is a personal dotfiles repository, but feel free to:
- Use configurations as inspiration
- Report issues or suggest improvements
- Fork for your own use (please respect licenses)
## 📄 License
This repository contains configurations and scripts for personal use. Individual tools and applications maintain their respective licenses.
---
**Infrastructure Status**: 7 devices managed • 20+ services hosted • Multi-platform deployment ready

14
builders/mirai.nix
View File

@@ -1,7 +1,7 @@
{ # {
hostName = "sh.darksailor.dev"; # hostName = "mirai.darksailor.dev";
sshUser = "remotebuilder"; # sshUser = "remotebuilder";
systems = ["x86_64-linux" "aarch64-linux"]; # systems = ["x86_64-linux" "aarch64-linux"];
protocol = "ssh-ng"; # protocol = "ssh-ng";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; # supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
} # }

7
builders/tako.nix Normal file
View File

@@ -0,0 +1,7 @@
{
hostName = "tako.darksailor.dev";
sshUser = "remotebuilder";
systems = ["x86_64-linux" "aarch64-linux"];
protocol = "ssh-ng";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}

30
darwin/default.nix
View File

@@ -1,35 +1,27 @@
{ {
devices, devices,
inputs, inputs,
overlays,
home-manager,
nix-darwin, nix-darwin,
overlays,
... ...
}: (builtins.mapAttrs ( }: (builtins.mapAttrs (
name: device: name: device:
nix-darwin.lib.darwinSystem { nix-darwin.lib.darwinSystem {
system = device.system; system = device.system;
specialArgs = { specialArgs = {
inherit device; inherit device inputs;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
}; };
modules = [ modules = [
{nixpkgs.overlays = overlays;} inputs.home-manager.darwinModules.home-manager
./${device.name}/configuration.nix
inputs.sops-nix.darwinModules.sops inputs.sops-nix.darwinModules.sops
home-manager.darwinModules.home-manager inputs.stylix.darwinModules.stylix
{
nixpkgs.config.allowUnfree = true; ./${device.name}/configuration.nix
home-manager = { ../home/module.nix
backupFileExtension = "bak"; {nixpkgs.overlays = overlays;}
useGlobalPkgs = true; ../sops.nix
useUserPackages = true; ../stylix.nix
extraSpecialArgs = {
inherit inputs;
inherit device;
};
users.${device.user}.imports = [../home];
};
}
]; ];
} }
) )

7
darwin/kuro/configuration.nix
View File

@@ -1,6 +1,7 @@
{ {
config, config,
pkgs, pkgs,
device,
... ...
}: { }: {
imports = [./services ./homebrew.nix ./programs]; imports = [./services ./homebrew.nix ./programs];
@@ -12,7 +13,7 @@
# ids.gids.nixbld = 30000; # ids.gids.nixbld = 30000;
experimental-features = "nix-command flakes auto-allocate-uids"; experimental-features = "nix-command flakes auto-allocate-uids";
max-jobs = 8; max-jobs = 8;
trusted-users = ["root" "fs0c131y"]; trusted-users = ["root" device.user];
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
# "https://sh.darksailor.dev" # "https://sh.darksailor.dev"
@@ -29,7 +30,7 @@
''; '';
package = pkgs.nixVersions.latest; package = pkgs.nixVersions.latest;
buildMachines = [ buildMachines = [
../../builders/mirai.nix ../../builders/tako.nix
../../builders/shiro.nix ../../builders/shiro.nix
]; ];
distributedBuilds = true; distributedBuilds = true;
@@ -58,7 +59,7 @@
# services.nix-daemon.enable = true; # services.nix-daemon.enable = true;
system.stateVersion = 5; system.stateVersion = 5;
system.primaryUser = "fs0c131y"; system.primaryUser = device.user;
system.keyboard.enableKeyMapping = true; system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToControl = true; system.keyboard.remapCapsLockToControl = true;

12
darwin/shiro/configuration.nix
View File

@@ -8,7 +8,7 @@
# environment.systemPackages = with pkgs; [nix neovim]; # environment.systemPackages = with pkgs; [nix neovim];
nix = { nix = {
enable = false; enable = true;
settings = { settings = {
experimental-features = "nix-command flakes auto-allocate-uids"; experimental-features = "nix-command flakes auto-allocate-uids";
max-jobs = 8; max-jobs = 8;
@@ -29,8 +29,8 @@
''; '';
package = pkgs.nixVersions.latest; package = pkgs.nixVersions.latest;
buildMachines = [ buildMachines = [
../../builders/mirai.nix ../../builders/tako.nix
# ../../builders/shiro.nix ../../builders/shiro.nix
]; ];
distributedBuilds = true; distributedBuilds = true;
}; };
@@ -43,9 +43,9 @@
]; ];
}; };
users.users.remotebuilder = { users.users.remotebuilder = {
name = "remotebuilder"; description = "User for Nix remote builds";
uid = 700; uid = 700;
home = "/var/lib/remotebuilder"; # home = "/var/remotebuilder";
createHome = true; createHome = true;
shell = "/bin/bash"; shell = "/bin/bash";
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
@@ -76,7 +76,7 @@
# services.nix-daemon.enable = true; # services.nix-daemon.enable = true;
system.primaryUser = "servius"; system.primaryUser = "servius";
system.stateVersion = 4; system.stateVersion = 5;
system.keyboard.enableKeyMapping = true; system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToControl = true; system.keyboard.remapCapsLockToControl = true;

4
darwin/shiro/homebrew.nix
View File

@@ -6,14 +6,14 @@
]; ];
casks = [ casks = [
"docker" "docker"
"librewolf"
"raycast" "raycast"
"kunkun" # Soon
"lunar" "lunar"
"virtual-desktop-streamer" "virtual-desktop-streamer"
"kicad" "kicad"
"shapr3d" "shapr3d"
"orcaslicer" "orcaslicer"
"zed"
"zen"
]; ];
}; };
} }

14
darwin/shiro/services/caddy.nix
View File

@@ -4,31 +4,31 @@
... ...
}: { }: {
sops = { sops = {
secrets."hetzner/api_key".owner = config.services.caddy.user; secrets."cloudflare/api_key".owner = config.services.caddy.user;
templates = { templates = {
"HETZNER_API_KEY.env".content = '' "CLOUDFLARE_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"} CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
''; '';
}; };
}; };
services = { services = {
caddy = { caddy = {
enable = true; enable = true;
environmentFile = config.sops.templates."HETZNER_API_KEY.env".path; environmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
globalConfig = '' globalConfig = ''
debug debug
''; '';
extraConfig = '' extraConfig = ''
(hetzner) { (cloudflare) {
tls { tls {
propagation_timeout -1 propagation_timeout -1
propagation_delay 120s propagation_delay 120s
dns hetzner {env.HETZNER_API_KEY} dns cloudflare {env.CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 resolvers 1.1.1.1
} }
} }
''; '';
package = pkgs.caddyWithHetzner; package = pkgs.caddyWithCloudflare;
}; };
}; };
} }

4
darwin/shiro/services/default.nix
View File

@@ -1,11 +1,11 @@
{...}: { {...}: {
imports = [ imports = [
../../../modules/darwin/caddy # ../../../modules/darwin/caddy
./yabai.nix ./yabai.nix
./skhd.nix ./skhd.nix
./tailscale.nix ./tailscale.nix
./autossh.nix ./autossh.nix
./caddy.nix # ./caddy.nix
./sops.nix ./sops.nix
# ./lmstudio.nix # ./lmstudio.nix
# ./colima.nix # ./colima.nix

2
darwin/shiro/services/lmstudio.nix
View File

@@ -1,7 +1,7 @@
{...}: { {...}: {
services = { services = {
caddy.virtualHosts."lmstudio.shiro.darksailor.dev" = '' caddy.virtualHosts."lmstudio.shiro.darksailor.dev" = ''
import hetzner import cloudflare
reverse_proxy localhost:1234 reverse_proxy localhost:1234
''; '';
}; };

45
deploy.nix
View File

@@ -1,14 +1,15 @@
{ {
inputs, inputs,
self, self,
deploy-rs,
... ...
}: { }: {
nodes = { nodes = {
mirai = { mirai = {
hostname = "mirai"; hostname = "mirai.darksailor.dev";
profiles.system = { profiles.system = {
sshUser = "fs0c131y"; sshUser = "fs0c131y";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai; path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
user = "root"; user = "root";
}; };
}; };
@@ -16,7 +17,7 @@
hostname = "tsuba.darksailor.dev"; hostname = "tsuba.darksailor.dev";
profiles.system = { profiles.system = {
sshUser = "servius"; sshUser = "servius";
path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba; path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
user = "root"; user = "root";
}; };
}; };
@@ -24,7 +25,15 @@
hostname = "ryu"; hostname = "ryu";
profiles.system = { profiles.system = {
sshUser = "servius"; sshUser = "servius";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu; path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
user = "root";
};
};
tako = {
hostname = "tako.darksailor.dev";
profiles.system = {
sshUser = "servius";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako;
user = "root"; user = "root";
}; };
}; };
@@ -33,7 +42,7 @@
interactiveSudo = true; interactiveSudo = true;
profiles.system = { profiles.system = {
sshUser = "fs0c131y"; sshUser = "fs0c131y";
path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro; path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
user = "root"; user = "root";
}; };
}; };
@@ -42,25 +51,17 @@
interactiveSudo = true; interactiveSudo = true;
profiles.system = { profiles.system = {
sshUser = "servius"; sshUser = "servius";
path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro; path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
user = "root"; user = "root";
}; };
}; };
deoxys = { # deck = {
hostname = "deoxys"; # hostname = "steamdeck";
profiles.system = { # profiles.system = {
sshUser = "servius"; # sshUser = "deck";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.deoxys; # path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
user = "root"; # user = "deck";
}; # };
}; # };
deck = {
hostname = "steamdeck";
profiles.system = {
sshUser = "deck";
path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
user = "deck";
};
};
}; };
} }

2018
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

94
flake.nix
View File

@@ -3,19 +3,27 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-master.url = "github:nixos/nixpkgs/master";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
disko = { disko = {
url = "github:nix-community/disko/latest"; url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix = {
url = "github:nix-community/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix-stable = {
url = "github:nix-community/stylix/release-25.05";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
home-manager-stable = { home-manager-stable = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };
nix-darwin = { nix-darwin = {
url = "github:LnL7/nix-darwin"; url = "github:LnL7/nix-darwin";
@@ -26,7 +34,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
ironbar = { ironbar = {
url = "github:da-x/ironbar/correct-gdk-monitor"; url = "github:JakeStanger/ironbar";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
lanzaboote = { lanzaboote = {
@@ -35,7 +43,7 @@
}; };
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-index-database.url = "github:Mic92/nix-index-database"; nix-index-database.url = "github:Mic92/nix-index-database";
music-player = { music-player = {
@@ -115,6 +123,10 @@
url = "github:nushell/tree-sitter-nu"; url = "github:nushell/tree-sitter-nu";
flake = false; flake = false;
}; };
tree-sitter-pest = {
url = "github:pest-parser/tree-sitter-pest";
flake = false;
};
navigator = { navigator = {
url = "github:ray-x/navigator.lua"; url = "github:ray-x/navigator.lua";
flake = false; flake = false;
@@ -150,7 +162,7 @@
anyrun = { anyrun = {
# My fork of anyrun that allows up / down with <C-n> / <C-p> # My fork of anyrun that allows up / down with <C-n> / <C-p>
url = "github:uttarayan21/anyrun"; url = "github:anyrun-org/anyrun";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
anyrun-hyprwin = { anyrun-hyprwin = {
@@ -162,7 +174,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
onepassword-shell-plugins = { onepassword-shell-plugins = {
url = "github:uttarayan21/shell-plugins"; url = "github:1Password/shell-plugins";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zeronsd = { zeronsd = {
@@ -183,7 +195,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hyprmonitors = { hyprmonitors = {
url = "git+ssh://gitea@git.darksailor.dev/servius/hyprmonitors"; url = "git+https://git.darksailor.dev/servius/hyprmonitors";
# url = "path:/home/servius/Projects/hyprmonitors"; # url = "path:/home/servius/Projects/hyprmonitors";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -195,21 +207,38 @@
ik_llama = { ik_llama = {
url = "github:ikawrakow/ik_llama.cpp?submodules=1"; url = "github:ikawrakow/ik_llama.cpp?submodules=1";
# submodules = true; # submodules = true;
flake = false; inputs.nixpkgs.follows = "nixpkgs";
}; };
llama-cpp = { llama-cpp = {
# url = "https://github.com/ggml-org/llama.cpp"; # url = "https://github.com/ggml-org/llama.cpp";
url = "github:ggml-org/llama.cpp/b6178?submodules=1"; url = "github:ggml-org/llama.cpp/b6178?submodules=1";
flake = false; inputs.nixpkgs.follows = "nixpkgs";
};
immich = {
url = "github:immich-app/immich/v1.142.0";
flake = false;
}; };
yabai = { yabai = {
url = "github:koekeishiya/yabai"; url = "github:koekeishiya/yabai";
flake = false; flake = false;
}; };
nix-auth = {
url = "github:numtide/nix-auth";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-xr = {
url = "github:nix-community/nixpkgs-xr";
inputs.nixpkgs.follows = "nixpkgs";
};
handoff = {
url = "github:xatuke/handoff";
inputs.nixpkgs.follows = "nixpkgs";
};
crates-nix.url = "github:uttarayan21/crates.nix";
headplane = {
url = "github:tale/headplane";
inputs.nixpkgs.follows = "nixpkgs";
};
vicinae = {
url = "github:vicinaehq/vicinae";
# inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@@ -226,11 +255,19 @@
... ...
} @ inputs: let } @ inputs: let
devices = { devices = {
mirai = mkDevice { # mirai = mkDevice {
name = "mirai"; # name = "mirai";
# system = "x86_64-linux";
# user = "fs0c131y";
# hasGui = false; # Don't wan't to run GUI apps on a headless server
# isNix = true;
# isServer = true;
# };
tako = mkDevice {
name = "tako";
system = "x86_64-linux"; system = "x86_64-linux";
user = "fs0c131y"; user = "servius";
hasGui = false; # Don't wan't to run GUI apps on a headless server hasGui = false;
isNix = true; isNix = true;
isServer = true; isServer = true;
}; };
@@ -248,14 +285,6 @@
tertiary = "DP-1"; tertiary = "DP-1";
}; };
}; };
deoxys = mkDevice {
name = "deoxys";
system = "x86_64-linux";
user = "servius";
hasGui = false; # It's a vm so no GUI apps are used
isNix = true;
isServer = true;
};
tsuba = mkDevice { tsuba = mkDevice {
name = "tsuba"; name = "tsuba";
system = "aarch64-linux"; system = "aarch64-linux";
@@ -313,10 +342,14 @@
if isDarwin if isDarwin
then "/Users/${device.user}" then "/Users/${device.user}"
else "/home/${device.user}"; else "/home/${device.user}";
# output =
# if isDarwin
# then self.darwinConfigurations."${device.name}"
# else self.nixosConfigurations."${device.name}";
}; };
nixos_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isNix) devices; nixos_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isNix) devices;
linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices; # linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
darwin_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isDarwin) devices; darwin_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isDarwin) devices;
rpi_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isArm && x.isLinux) devices; rpi_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isArm && x.isLinux) devices;
@@ -324,7 +357,7 @@
inherit inputs; inherit inputs;
}; };
in in
rec { {
nixosConfigurations = nixosConfigurations =
(import ./nixos { (import ./nixos {
inherit inputs nixpkgs home-manager overlays nur; inherit inputs nixpkgs home-manager overlays nur;
@@ -370,7 +403,8 @@
in { in {
tsuba = mkImage nixos.tsuba; tsuba = mkImage nixos.tsuba;
}; };
deploy = import ./deploy.nix {inherit inputs self;}; deploy = import ./deploy.nix {inherit inputs self deploy-rs;};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
inherit devices; inherit devices;
} }
// flake-utils.lib.eachDefaultSystem ( // flake-utils.lib.eachDefaultSystem (
@@ -385,7 +419,7 @@
in { in {
packages = rec { packages = rec {
default = neovim; default = neovim;
neovim = pkgs.nixvim.makeNixvim (import ./neovim); neovim = pkgs.nixvim.makeNixvim (pkgs.callPackage ./neovim);
}; };
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {

1
home/apps/blueman.nix
View File

@@ -5,7 +5,6 @@
}: { }: {
home.packages = lib.optionals pkgs.stdenv.isLinux [ home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.blueman pkgs.blueman
pkgs.webcord
]; ];
services.blueman-applet.enable = pkgs.stdenv.isLinux; services.blueman-applet.enable = pkgs.stdenv.isLinux;
} }

24
home/apps/default.nix
View File

@@ -7,36 +7,38 @@ lib.optionalAttrs device.hasGui {
imports = [ imports = [
# ./audacity.nix # ./audacity.nix
./blueman.nix ./blueman.nix
./bottles.nix # ./bottles.nix
./chromium.nix ./chromium.nix
./cursor.nix # ./cursor.nix
./discord.nix ./discord.nix
./firefox.nix ./firefox.nix
./ghostty.nix ./ghostty.nix
# ./gimp.nix ./gimp.nix
./guitarix.nix # ./guitarix.nix
./hyprpicker.nix ./hyprpicker.nix
./jellyflix.nix # ./jellyflix.nix
./kicad.nix # ./kicad.nix
./kitty.nix ./kitty.nix
./lmstudio.nix ./lmstudio.nix
./mpv.nix ./mpv.nix
./neovide.nix # ./neovide.nix
./nextcloud.nix ./nextcloud.nix
./obs-studio.nix ./obs-studio.nix
./openscad.nix # ./openscad.nix
./orcaslicer.nix ./orcaslicer.nix
./pcsx2.nix # ./pcsx2.nix
# ./rpcs3.nix # ./rpcs3.nix
# ./shadps4.nix # ./shadps4.nix
./slack.nix ./slack.nix
./thunderbird.nix # ./thunderbird.nix
# ./tsukimi.nix
# ./vial.nix
./vlc.nix ./vlc.nix
./vscode.nix ./vscode.nix
./wezterm.nix ./wezterm.nix
./zathura.nix ./zathura.nix
./zed.nix ./zed.nix
./zen.nix ./zen.nix
./vial.nix ./vicinae.nix
]; ];
} }

4
home/apps/discord.nix
View File

@@ -5,6 +5,8 @@
}: { }: {
home.packages = lib.optionals pkgs.stdenv.isLinux [ home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.discord pkgs.discord
pkgs.webcord pkgs.vesktop
pkgs.discord-canary
pkgs.discord-ptb
]; ];
} }

4
home/apps/firefox.nix
View File

@@ -53,6 +53,8 @@
}; };
}; };
in { in {
programs.librewolf = config // {package = stablePkgs.librewolf;}; stylix.targets.librewolf.profileNames = ["default"];
stylix.targets.zen-browser.profileNames = ["default"];
# programs.librewolf = config // {package = stablePkgs.librewolf;};
# programs.firefox = config; # programs.firefox = config;
} }

1
home/apps/ghostty.nix
View File

@@ -7,7 +7,6 @@
enable = device.is "ryu"; enable = device.is "ryu";
installBatSyntax = false; installBatSyntax = false;
settings = { settings = {
theme = "catppuccin-mocha";
font-family = [ font-family = [
"Hasklug Nerd Font Mono" "Hasklug Nerd Font Mono"
]; ];

9
home/apps/gimp.nix
View File

@@ -1,3 +1,8 @@
{pkgs, ...}: { {
home.packages = with pkgs; [gimp]; pkgs,
device,
lib,
...
}: {
home.packages = with pkgs; lib.optionals (device.is "ryu") [gimp];
} }

14
home/apps/kitty.nix
View File

@@ -1,9 +1,11 @@
{ {
lib,
pkgs, pkgs,
device, # device,
inputs, # inputs,
... ...
}: { }: {
stylix.targets.kitty.enable = false;
programs.kitty = { programs.kitty = {
enable = true; enable = true;
# enable = false; # enable = false;
@@ -11,11 +13,11 @@
# name = "FiraCode Nerd Font Mono"; # name = "FiraCode Nerd Font Mono";
name = "Hasklug Nerd Font Mono"; name = "Hasklug Nerd Font Mono";
# name = "Monaspace Krypton Var Light"; # name = "Monaspace Krypton Var Light";
size = 13; size = lib.mkForce 13;
}; };
settings = { settings = {
background_opacity = "0.8"; background_opacity = lib.mkForce "0.8";
background = "#000000"; background = lib.mkForce "#000000";
shell = "${pkgs.fish}/bin/fish"; shell = "${pkgs.fish}/bin/fish";
hide_window_decorations = "yes"; hide_window_decorations = "yes";
cursor_trail = 1; cursor_trail = 1;
@@ -25,7 +27,7 @@
darwinLaunchOptions = [ darwinLaunchOptions = [
"--single-instance" "--single-instance"
]; ];
themeFile = "Catppuccin-Mocha"; themeFile = lib.mkForce "Catppuccin-Mocha";
# package = inputs.nixpkgs-stable.legacyPackages.${device.system}.kitty; # package = inputs.nixpkgs-stable.legacyPackages.${device.system}.kitty;
}; };
} }

5
home/apps/lmstudio.nix
View File

@@ -6,6 +6,9 @@
}: }:
lib.mkIf (device.is "ryu") { lib.mkIf (device.is "ryu") {
home.packages = with pkgs; [ home.packages = with pkgs; [
lmstudio (lmstudio.overrideAttrs
(old: {
extraPkgs = old.extraPkgs or [] ++ [pkgs.cudaPackages.cudatoolkit];
}))
]; ];
} }

23
home/apps/mpv.nix
View File

@@ -1,6 +1,29 @@
{pkgs, ...}: { {pkgs, ...}: {
programs.mpv = { programs.mpv = {
enable = true; enable = true;
config = {
vo = "gpu-next";
gpu-api = "vulkan";
loop-file = "inf";
loop-playlist = "inf";
};
profiles = {
hdr = {
vo = "gpu-next";
gpu-api = "vulkan";
hdr-compute-peak = "yes";
hdr-peak-detect = "yes";
target-peak = 400;
target-prim = "bt.2020";
target-trc = "pq";
inverse-tone-mapping = "yes";
tone-mapping = "spline";
tone-mapping-mode = "auto";
target-colorspace-hint = "auto";
gamut-mapping = "desaturate";
};
};
package = package =
if pkgs.stdenv.isLinux if pkgs.stdenv.isLinux
then pkgs.mpv-unwrapped.wrapper {mpv = pkgs.mpv-unwrapped.override {sixelSupport = true;};} then pkgs.mpv-unwrapped.wrapper {mpv = pkgs.mpv-unwrapped.override {sixelSupport = true;};}

5
home/apps/tsukimi.nix Normal file
View File

@@ -0,0 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [
tsukimi
];
}

16
home/apps/vicinae.nix Normal file
View File

@@ -0,0 +1,16 @@
{
pkgs,
inputs,
device,
...
}: {
imports = [inputs.vicinae.homeManagerModules.default];
services.vicinae = {
enable = device.is "ryu";
autoStart = true;
extensions = [];
# package = pkgs.vicinae.overrideAttrs (old: {
# patches = [../../patches/vicinae-ctrl-np.patch];
# });
};
}

21
home/apps/zed.nix
View File

@@ -101,22 +101,9 @@
telemetry = { telemetry = {
metrics = false; metrics = false;
}; };
buffer_font_size = 15; buffer_font_size = lib.mkDefault 15;
# language_models = { language_models = {
# ollama = { };
# api_url = "https://ollama.ryu.darksailor.dev";
# available_models = [
# {
# name = "qwen3:30b-a3b";
# display_name = "Qwen3 MoE (30b-a3b)";
# max_tokens = 32768;
# supports_tools = true;
# supports_thinking = false;
# supports_images = false;
# }
# ];
# };
# };
terminal = { terminal = {
shell = { shell = {
program = "${pkgs.fish}/bin/fish"; program = "${pkgs.fish}/bin/fish";
@@ -143,7 +130,7 @@
}; };
}; };
}; };
theme = "Catppuccin Mocha"; theme = lib.mkForce "Catppuccin Mocha";
}; };
userTasks = let userTasks = let
zed = zed =

21
home/module.nix Normal file
View File

@@ -0,0 +1,21 @@
{
device,
inputs,
...
}: {
nixpkgs.config.allowUnfree = true;
home-manager = {
backupFileExtension = "bak";
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit inputs;
inherit device;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
};
users.${device.user}.imports = [
inputs.nixvim.homeModules.nixvim
./.
];
};
}

5
home/programs/aichat.nix
View File

@@ -17,6 +17,7 @@
settings = { settings = {
save_session = true; save_session = true;
model = "openai:gpt-4o"; model = "openai:gpt-4o";
# model = "ryu:qwen3-coder-30b";
rag_embedding_model = "ollama:RobinBially/nomic-embed-text-8k"; rag_embedding_model = "ollama:RobinBially/nomic-embed-text-8k";
clients = [ clients = [
{ {
@@ -50,7 +51,7 @@
api_base = "https://llama.ryu.darksailor.dev/v1"; api_base = "https://llama.ryu.darksailor.dev/v1";
models = [ models = [
{ {
name = "gpt-oss-20b"; name = "qwen3-coder-30b";
type = "chat"; type = "chat";
} }
# { # {
@@ -175,7 +176,7 @@
--- ---
model: openai:gpt-4o model: openai:gpt-4o
--- ---
Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Don't include any additional text or explanations, just the commit message. Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Do not under any circumstance include any additional text or explanations, just add the commit message.
''; '';
}; };
}; };

7
home/programs/bat.nix
View File

@@ -7,13 +7,6 @@
programs. programs.
bat = { bat = {
enable = true; enable = true;
config = {theme = "catppuccin";};
themes = {
catppuccin = {
src = "${pkgs.catppuccinThemes.bat}/themes";
file = "Catppuccin Mocha.tmTheme";
};
};
# extraPackages = with pkgs.bat-extras; [batman batgrep batwatch]; # extraPackages = with pkgs.bat-extras; [batman batgrep batwatch];
}; };
} }

15
home/programs/default.nix
View File

@@ -13,6 +13,7 @@
./ddcbacklight.nix ./ddcbacklight.nix
./direnv.nix ./direnv.nix
./eza.nix ./eza.nix
./fastfetch.nix
./fish.nix ./fish.nix
./fzf.nix ./fzf.nix
./gh.nix ./gh.nix
@@ -24,6 +25,7 @@
./nix-index.nix ./nix-index.nix
./nushell.nix ./nushell.nix
./omnix.nix ./omnix.nix
./retroarch.nix
./rustup.nix ./rustup.nix
./ryujinx.nix ./ryujinx.nix
./sops.nix ./sops.nix
@@ -34,10 +36,13 @@
./television.nix ./television.nix
./tmux.nix ./tmux.nix
./tuifeed.nix ./tuifeed.nix
./uv.nix
./xh.nix ./xh.nix
./yazi.nix ./yazi.nix
./yt-dlp.nix ./yt-dlp.nix
./zoxide.nix ./zoxide.nix
./neovim.nix
./opencode.nix
# ./goread.nix # ./goread.nix
# ./helix.nix # ./helix.nix
@@ -60,7 +65,7 @@
bottom bottom
btop btop
cachix cachix
deploy-rs deploy-rs.deploy-rs
dust dust
fd fd
file file
@@ -71,7 +76,6 @@
just just
macchina macchina
nb nb
(nixvim.makeNixvim (import ../../neovim))
p7zip p7zip
pandoc pandoc
pfetch-rs pfetch-rs
@@ -86,6 +90,13 @@
nerd-fonts.fira-code nerd-fonts.fira-code
nerd-fonts.hasklug nerd-fonts.hasklug
nerd-fonts.symbols-only nerd-fonts.symbols-only
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
] ]
++ lib.optionals device.isLinux [] ++ lib.optionals device.isLinux []
++ lib.optionals device.isDarwin []; ++ lib.optionals device.isDarwin [];

51
home/programs/fastfetch.nix Normal file
View File

@@ -0,0 +1,51 @@
{
pkgs,
lib,
device,
config,
...
}: let
nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
in {
programs = {
fastfetch = {
enable = true;
settings = {
logo = lib.mkIf (device.is "ryu") {
source = nextcloudWallpapers "hornet.png";
width = 70;
};
modules = [
"title"
"separator"
"os"
"host"
"kernel"
"uptime"
"packages"
"shell"
"display"
"de"
"wm"
"wmtheme"
"theme"
"icons"
"cursor"
"terminal"
"terminalfont"
"cpu"
"gpu"
"memory"
"swap"
"disk"
"battery"
"poweradapter"
"locale"
"break"
"colors"
];
};
};
fish.shellAbbrs.ff = "fastfetch";
};
}

1
home/programs/fish.nix
View File

@@ -5,6 +5,7 @@
config, config,
... ...
}: { }: {
stylix.targets.fish.enable = false;
programs.fish = { programs.fish = {
enable = true; enable = true;
shellAbbrs = { shellAbbrs = {

12
home/programs/git.nix
View File

@@ -1,15 +1,18 @@
{ {
pkgs, pkgs,
config,
lib, lib,
device, device,
... ...
}: { }:
lib.optionalAttrs (!(device.is "tsuba")) {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
userName = "uttarayan21"; settings = {
userEmail = "email@uttarayan.me"; user.name = "uttarayan21";
extraConfig = { user.email = config.accounts.email.accounts.fastmail.address;
user.signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfKKrX8yeIHUUury0aPwMY6Ha+BJyUR7P0Gqid90ik/";
color.ui = true; color.ui = true;
core.editor = "nvim"; core.editor = "nvim";
core.pager = "${pkgs.delta}/bin/delta"; core.pager = "${pkgs.delta}/bin/delta";
@@ -18,7 +21,6 @@
merge.conflictStyle = "diff3"; merge.conflictStyle = "diff3";
diff.colorMoved = "default"; diff.colorMoved = "default";
push.autoSetupRemote = true; push.autoSetupRemote = true;
user.signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfKKrX8yeIHUUury0aPwMY6Ha+BJyUR7P0Gqid90ik/";
gpg.format = "ssh"; gpg.format = "ssh";
commit.gpgsign = true; commit.gpgsign = true;
pull = { pull = {

21
home/programs/neovim.nix Normal file
View File

@@ -0,0 +1,21 @@
{
pkgs,
device,
stablePkgs,
lib,
...
}: {
stylix.targets.nixvim.enable = false;
programs = lib.optionalAttrs (device.is "ryu" || device.is "kuro" || device.is "mirai" || device.is "tako" || device.is "shiro") {
nixvim =
{
enable = true;
nixpkgs = {
config = {
allowUnfree = true;
};
};
}
// (import ./../../neovim {inherit pkgs stablePkgs;});
};
}

10
home/programs/opencode.nix Normal file
View File

@@ -0,0 +1,10 @@
{
device,
lib,
...
}:
lib.optionalAttrs (device.is "ryu") {
programs.opencode = {
enable = true;
};
}

8
home/programs/retroarch.nix Normal file
View File

@@ -0,0 +1,8 @@
{
pkgs,
device,
lib,
...
}: {
home.packages = lib.optionals (device.name == "ryu") [pkgs.retroarch-full];
}

18
home/programs/ssh.nix
View File

@@ -9,25 +9,25 @@
matchBlocks = { matchBlocks = {
tsuba = { tsuba = {
user = "servius"; user = "servius";
hostname = "tsuba"; hostname = "tsuba.darksailor.dev";
}; };
github = { github = {
user = "git"; user = "git";
host = "github.com"; host = "github.com";
}; };
deoxys = { # mirai = {
# user = "fs0c131y";
# hostname = "mirai.darksailor.dev";
# forwardAgent = true;
# };
tako = {
user = "servius"; user = "servius";
hostname = "deoxys"; hostname = "tako.darksailor.dev";
forwardAgent = true;
};
mirai = {
user = "fs0c131y";
hostname = "sh.darksailor.dev";
forwardAgent = true; forwardAgent = true;
}; };
ryu = { ryu = {
user = "servius"; user = "servius";
hostname = "ryu"; hostname = "ryu.darksailor.dev";
forwardAgent = true; forwardAgent = true;
}; };
kuro = { kuro = {

1
home/programs/starship.nix
View File

@@ -4,6 +4,7 @@
device, device,
... ...
}: { }: {
stylix.targets.starship.enable = false;
programs.starship = { programs.starship = {
enable = true; enable = true;
enableFishIntegration = true; enableFishIntegration = true;

3
home/programs/uv.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
programs.uv.enable = true;
}

22
home/programs/yazi.nix
View File

@@ -1,14 +1,18 @@
{ {...}: {
pkgs, programs. yazi = {
lib,
device,
...
}: {
programs.
yazi = {
enable = true; enable = true;
enableFishIntegration = true; enableFishIntegration = true;
enableNushellIntegration = true; enableNushellIntegration = true;
theme = builtins.fromTOML (builtins.readFile "${pkgs.catppuccinThemes.yazi}/themes/mocha.toml"); # theme = lib.mkDefault builtins.fromTOML (builtins.readFile "${pkgs.catppuccinThemes.yazi}/themes/mocha.toml");
settings = {
plugin = {
prepend_preloaders = [
{
name = "/run/user/1000/gvfs";
run = "noop";
}
];
};
};
}; };
} }

1
home/services/anyrun.nix
View File

@@ -10,6 +10,7 @@
imports = [inputs.anyrun.homeManagerModules.default]; imports = [inputs.anyrun.homeManagerModules.default];
programs.anyrun = { programs.anyrun = {
enable = device.isDesktopLinux; enable = device.isDesktopLinux;
package = inputs.anyrun.packages.${pkgs.system}.anyrun.overrideAttrs (finalAttrs: prevAttrs: {patches = [../../patches/ctrl-np.patch];});
config = { config = {
plugins = with inputs.anyrun.packages.${pkgs.system}; [ plugins = with inputs.anyrun.packages.${pkgs.system}; [
inputs.anyrun-nixos-options.packages.${pkgs.system}.default inputs.anyrun-nixos-options.packages.${pkgs.system}.default

3
home/services/default.nix
View File

@@ -5,12 +5,13 @@
./kdeconnect.nix ./kdeconnect.nix
./gtk.nix ./gtk.nix
./anyrun.nix ./anyrun.nix
./ironbar # ./ironbar
./gui.nix ./gui.nix
./eww.nix ./eww.nix
./xdg.nix ./xdg.nix
./hyprmon.nix ./hyprmon.nix
./hyprland.nix ./hyprland.nix
./hyprpaper.nix ./hyprpaper.nix
# ./wallpaperengine.nix
]; ];
} }

18
home/services/eww.nix
View File

@@ -1,19 +1,15 @@
{ {
pkgs,
device, device,
lib, config,
... ...
}: let }: {
activate_linux = pkgs.fetchFromGitHub {
owner = "Nycta-b424b3c7";
repo = "eww_activate-linux";
rev = "master";
sha256 = "sha256-CHNkRYR4F9JGMrNubHu+XzkwwI3IHzh93nuS7/Plhe4=";
};
in {
programs.eww = { programs.eww = {
enable = device.is "ryu"; enable = device.is "ryu";
enableFishIntegration = true; enableFishIntegration = true;
configDir = activate_linux;
}; };
# xdg.configFile = {
# eww = {
# source = "${config.home.homeDirectory}/Projects/dotfiles/home/services/eww";
# };
# };
} }

5
home/services/eww/README.md Normal file
View File

@@ -0,0 +1,5 @@
# "Activate Linux"
"Activate Linux" text for [Eww](https://github.com/elkowar/eww/)
![Activate Linux](activate-linux.png)

BIN
home/services/eww/activate-linux.png LFS Normal file
View File

Binary file not shown.

7
home/services/eww/eww.scss Normal file
View File

@@ -0,0 +1,7 @@
.activate-linux {
color: rgba(250, 250, 250, 0.5);
&.background {
background: none;
}
}

41
home/services/eww/eww.yuck Normal file
View File

@@ -0,0 +1,41 @@
(defwidget activate-linux []
(box
:orientation "v"
:halign "start"
:valign "start"
(label :xalign 0 :markup "<span font_size=\"large\">Activate Linux</span>")
(label :xalign 0 :text "Go to Settings to activate Linux")))
(defwindow activate-linux
:monitor 0
:stacking "fg"
:geometry (geometry :x "96px" :y "96px" :width "250px" :anchor "bottom right")
(activate-linux))
(defwidget bar []
(centerbox :orientation "h"
(workspaces)
(music)
(tray)))
;; (defwidget tray []
;; (box :sclass "tray" :orientation "h" :space-evenly false :haligh "end"
;; (system-tray)
;; (battery)
;; (clock)))
(defwidgets workspaces []
(box :class "workspaces" :orientation "h" :space-evenly true :halign "start" :spacing 10
(workspace-indicator :index 0)
(workspace-indicator :index 1)
(workspace-indicator :index 2)
(workspace-indicator :index 3)
(workspace-indicator :index 4)
(workspace-indicator :index 5)
(workspace-indicator :index 6)
(workspace-indicator :index 7)
(workspace-indicator :index 8)
(workspace-indicator :index 9)))

7
home/services/gtk.nix
View File

@@ -3,9 +3,11 @@
lib, lib,
device, device,
... ...
}: { }:
lib.optionalAttrs (device.is "ryu") {
gtk = { gtk = {
enable = device.is "ryu"; enable = device.is "ryu";
colorScheme = lib.mkForce "dark";
theme = { theme = {
name = "catppuccin-mocha-mauve-standard+normal"; name = "catppuccin-mocha-mauve-standard+normal";
package = pkgs.catppuccinThemes.gtk; package = pkgs.catppuccinThemes.gtk;
@@ -37,4 +39,7 @@
# pkgs.catppuccinThemes.gtk # pkgs.catppuccinThemes.gtk
pkgs.catppuccinThemes.papirus-folders pkgs.catppuccinThemes.papirus-folders
]; ];
# stylix.targets.gtk.enable = false;
stylix.targets.gtk.enable = false;
stylix.targets.gnome.enable = false;
} }

21
home/services/gui.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
device, device,
lib, lib,
inputs,
... ...
}: { }: {
systemd.user.services.onepassword-gui = lib.optionalAttrs (device.is "ryu") { systemd.user.services.onepassword-gui = lib.optionalAttrs (device.is "ryu") {
@@ -24,21 +25,21 @@
nautilus nautilus
totem totem
ffmpegthumbnailer ffmpegthumbnailer
polkit_gnome # polkit_gnome
seahorse seahorse
signal-desktop signal-desktop
# sony-headphones-client # sony-headphones-client
spotify spotify
steam-run steam-run
wl-clipboard wl-clipboard
(prismlauncher.override { # (prismlauncher.override {
additionalPrograms = [ffmpeg zenity]; # additionalPrograms = [ffmpeg zenity];
jdks = [ # jdks = [
graalvm-ce # # graalvm-ce
zulu8 # zulu8
zulu17 # zulu17
zulu # zulu
]; # ];
}) # })
]; ];
} }

43
home/services/hyprland.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
device, device,
lib,
... ...
}: }:
# lib.optionalAttrs device.isNix # lib.optionalAttrs device.isNix
@@ -32,11 +33,15 @@
systemd.enable = true; systemd.enable = true;
settings = { settings = {
source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf"; # source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf";
render = { render = {
direct_scanout = true;
cm_fs_passthrough = 1; cm_fs_passthrough = 1;
cm_auto_hdr = 1; cm_auto_hdr = 1;
}; };
experimental = {
xx_color_management_v4 = true;
};
monitorv2 = [ monitorv2 = [
{ {
output = device.monitors.primary; output = device.monitors.primary;
@@ -44,10 +49,12 @@
position = "0x0"; position = "0x0";
scale = 1; scale = 1;
transform = 0; transform = 0;
# bitdepth = 10; supports_wide_color = 1;
# cm = "hdr"; supports_hdr = 1;
# sdrbrightness = 1.1; bitdepth = 10;
# sdrsaturation = 1.2; cm = "hdr";
# sdrbrightness = 0.005;
# sdrsaturation = 200;
} }
{ {
output = device.monitors.secondary; output = device.monitors.secondary;
@@ -85,8 +92,8 @@
gaps_in = 5; gaps_in = 5;
gaps_out = 20; gaps_out = 20;
border_size = 2; border_size = 2;
"col.active_border" = "$mauve $mauve 45deg"; # "col.active_border" = "$mauve $mauve 45deg";
"col.inactive_border" = "$crust"; # "col.inactive_border" = "$crust";
}; };
ecosystem = { ecosystem = {
@@ -181,28 +188,32 @@
]; ];
bind = [ bind = [
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
"$mainMod, Return, exec, ${pkgs.kitty}/bin/kitty" "$mainMod, Return, exec, ${lib.getExe pkgs.kitty}"
"$mainModShift, Return, exec, ${pkgs.wezterm}/bin/wezterm" "$mainModShift, Return, exec, ${lib.getExe pkgs.wezterm}"
# "$mainModShift, Return, exec, ${pkgs.foot}/bin/foot" # "$mainModShift, Return, exec, ${pkgs.foot}/bin/foot"
"$mainModShift, Q, killactive," "$mainModShift, Q, killactive,"
"$mainModShift, s, exec, ${pkgs.hyprshot}/bin/hyprshot -m region" "$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region -o ~/Pictures/Screenshots/"
# "$mainMod, M, exit," # "$mainMod, M, exit,"
"$mainModShift, f, togglefloating," "$mainModShift, f, togglefloating,"
"$mainModShift, f, pin" "$mainModShift, f, pin"
"$mainModShift, f, alterzorder, top" "$mainModShift, f, alterzorder, top"
"$mainMod, f, fullscreen," "$mainMod, f, fullscreen,"
"$mainMod, g, fullscreenstate,0,2" "$mainMod, g, fullscreenstate,0,2"
"$mainMod, d, exec, ${pkgs.anyrun}/bin/anyrun" "$mainMod, d, exec, ${lib.getExe pkgs.vicinae} toggle"
"$mainMod, Space, exec, ${pkgs.anyrun}/bin/anyrun" "$mainMod, Space, exec, ${lib.getExe pkgs.vicinae} toggle"
"$mainMod, p, pseudo, # dwindle" "$mainMod, p, pseudo, # dwindle"
"$mainMod, v, togglesplit," "$mainMod, v, togglesplit,"
# "$mainMod, a, exec, swaync-client -t" "$mainMod, a, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
"$mainMod, Tab, cyclenext" "$mainMod, Tab, cyclenext"
# Audio # Audio
",xf86audiomute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle" ",xf86audiomute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle"
# ",xf86audioprev, exec, /home/fs0c131y/.cargo/bin/mctl prev" # replace with later
# ",xf86audionext, exec, /home/fs0c131y/.cargo/bin/mctl next" # https://github.com/uttarayan21/mctl-rs
# ",xf86audioplay, exec, /home/fs0c131y/.cargo/bin/mctl toggle" ",xf86audioprev, exec, ${lib.getExe pkgs.playerctl} previous"
",xf86audionext, exec, ${lib.getExe pkgs.playerctl} next"
",xf86audioplay, exec, ${lib.getExe pkgs.playerctl} play-pause"
",xf86monbrightnessup, exec, ${lib.getExe pkgs.ddcbacklight} inc 10"
",xf86monbrightnessdown, exec, ${lib.getExe pkgs.ddcbacklight} dec 10"
# Screenshot # Screenshot
# "$mainMod,Print, exec, grim" # "$mainMod,Print, exec, grim"

12
home/services/hyprpaper.nix
View File

@@ -11,20 +11,18 @@
wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;}; wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;};
nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name; nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
silksongFleas = nextcloudWallpapers "silksong-fleas.jpg"; silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
in { silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
in rec {
enable = device.is "ryu"; enable = device.is "ryu";
# enable = true;
systemd.enable = true; systemd.enable = true;
systemd.target = "hyprland-session.target"; systemd.target = "hyprland-session.target";
settings.preload = settings.preload =
wallpapers.all wallpapers.all
++ [ ++ pkgs.lib.mapAttrsToList (_: value: value) settings.wallpapers;
silksongFleas
];
settings.wallpapers = { settings.wallpapers = {
"${device.monitors.primary}" = silksongFleas; "${device.monitors.primary}" = silksongShadeLord;
"${device.monitors.secondary}" = wallpapers.frieren_3; "${device.monitors.secondary}" = wallpapers.frieren_3;
"${device.monitors.tertiary}" = wallpapers.hornet; "${device.monitors.tertiary}" = silksongFleas;
}; };
}; };
} }

2
home/services/ironbar/default.nix
View File

@@ -7,7 +7,7 @@
imports = [inputs.ironbar.homeManagerModules.default]; imports = [inputs.ironbar.homeManagerModules.default];
programs.ironbar = { programs.ironbar = {
enable = device.is "ryu"; enable = device.is "ryu";
package = inputs.ironbar.packages.${pkgs.system}.default; package = inputs.ironbar.packages.${pkgs.system}.ironbar;
systemd = true; systemd = true;
config.monitors = { config.monitors = {
"${device.monitors.secondary}" = { "${device.monitors.secondary}" = {

2
home/services/syncthing.nix
View File

@@ -5,7 +5,7 @@
... ...
}: { }: {
services.syncthing = { services.syncthing = {
enable = true; enable = device.is "ryu";
openDefaultPorts = true; openDefaultPorts = true;
# user = "${device.user}"; # user = "${device.user}";
# group = "${device.user}"; # group = "${device.user}";

32
home/services/wallpaperengine.nix Normal file
View File

@@ -0,0 +1,32 @@
{
pkgs,
device,
lib,
...
}:
lib.mkIf (device.is "ryu") {
# systemd.user.services.wallpaperengine = {
# Unit = {
# Description = "Linux Wallpaper Engine";
# After = ["hyprland-session.target"];
# Wants = ["hyprland-session.target"];
# PartOf = ["hyprland-session.target"];
# };
#
# Service = {
# Environment = [
# "XDG_SESSION_TYPE=wayland"
# ];
# Type = "simple";
# ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
# ExecStart = "${pkgs.linux-wallpaperengine}/bin/linux-wallpaperengine --silent --no-audio-processing -f 15 --scaling fill --screen-root HDMI-A-1 --bg 2780316434";
# Restart = "on-failure";
# RestartSec = 5;
# TimeoutStartSec = 30;
# };
#
# Install = {
# WantedBy = ["hyprland-session.target"];
# };
# };
}

18
home/services/xdg.nix
View File

@@ -1,12 +1,20 @@
{pkgs, ...}: { {
pkgs,
lib,
device,
...
}:
lib.optionalAttrs (device.is "ryu") {
xdg.portal = { xdg.portal = {
enable = pkgs.stdenv.isLinux; enable = pkgs.stdenv.isLinux;
# config = { config = {
# hyprland.default = ["kde" "hyprland"];
# }; common.default = ["*" "hyprland"];
};
extraPortals = with pkgs; [ extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
kdePackages.xdg-desktop-portal-kde kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
]; ];
}; };
} }

2
justfile
View File

@@ -6,7 +6,7 @@ install:
[linux] [linux]
install: install:
sudo nixos-rebuild switch --flake . sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1
[macos] [macos]
build: build:

61
modules/nixos/caddy/default.nix
View File

@@ -4,10 +4,7 @@
pkgs, pkgs,
... ...
}: }:
with lib; let
with lib;
let
cfg = config.services.caddy; cfg = config.services.caddy;
certs = config.security.acme.certs; certs = config.security.acme.certs;
@@ -17,12 +14,9 @@ let
dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
mkVHostConf = mkVHostConf = hostOpts: let
hostOpts:
let
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory; sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
in in ''
''
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} { ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
${optionalString ( ${optionalString (
hostOpts.listenAddresses != [] hostOpts.listenAddresses != []
@@ -41,10 +35,9 @@ let
settingsFormat = pkgs.formats.json {}; settingsFormat = pkgs.formats.json {};
configFile = configFile =
if cfg.settings != { } then if cfg.settings != {}
settingsFormat.generate "caddy.json" cfg.settings then settingsFormat.generate "caddy.json" cfg.settings
else else let
let
Caddyfile = pkgs.writeTextDir "Caddyfile" '' Caddyfile = pkgs.writeTextDir "Caddyfile" ''
{ {
${cfg.globalConfig} ${cfg.globalConfig}
@@ -58,9 +51,10 @@ let
cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile ${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
''; '';
in in "${
"${ if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile then Caddyfile-formatted
else Caddyfile
}/Caddyfile"; }/Caddyfile";
etcConfigFile = "caddy/caddy_config"; etcConfigFile = "caddy/caddy_config";
@@ -68,8 +62,7 @@ let
configPath = "/etc/${etcConfigFile}"; configPath = "/etc/${etcConfigFile}";
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib; mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
in in {
{
imports = [ imports = [
(mkRemovedOptionModule [ (mkRemovedOptionModule [
"services" "services"
@@ -183,10 +176,9 @@ in
adapter = mkOption { adapter = mkOption {
default = default =
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
"caddyfile" then "caddyfile"
else else null;
null;
defaultText = literalExpression '' defaultText = literalExpression ''
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
''; '';
@@ -380,8 +372,8 @@ in
# implementation # implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions =
assertions = [ [
{ {
assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null; assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`"; message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
@@ -394,7 +386,8 @@ in
groups = config.users.groups; groups = config.users.groups;
services = [config.systemd.services.caddy]; services = [config.systemd.services.caddy];
} }
) vhostCertNames; )
vhostCertNames;
services.caddy.globalConfig = '' services.caddy.globalConfig = ''
${optionalString (cfg.email != null) "email ${cfg.email}"} ${optionalString (cfg.email != null) "email ${cfg.email}"}
@@ -422,13 +415,11 @@ in
reloadTriggers = optional cfg.enableReload cfg.configFile; reloadTriggers = optional cfg.enableReload cfg.configFile;
restartTriggers = optional (!cfg.enableReload) cfg.configFile; restartTriggers = optional (!cfg.enableReload) cfg.configFile;
serviceConfig = serviceConfig = let
let
runOptions = ''--config ${configPath} ${ runOptions = ''--config ${configPath} ${
optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}" optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
}''; }'';
in in {
{
# Override the `ExecStart` line from upstream's systemd unit file by our own: # Override the `ExecStart` line from upstream's systemd unit file by our own:
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
@@ -437,7 +428,8 @@ in
''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}'' ''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
]; ];
# Validating the configuration before applying it ensures well get a proper error that will be reported when switching to the configuration # Validating the configuration before applying it ensures well get a proper error that will be reported when switching to the configuration
ExecReload = [ ExecReload =
[
"" ""
] ]
++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force"; ++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
@@ -470,15 +462,16 @@ in
caddy.gid = config.ids.gids.caddy; caddy.gid = config.ids.gids.caddy;
}; };
security.acme.certs = security.acme.certs = let
let certCfg =
certCfg = map ( map (
certName: certName:
nameValuePair certName { nameValuePair certName {
group = mkDefault cfg.group; group = mkDefault cfg.group;
reloadServices = ["caddy.service"]; reloadServices = ["caddy.service"];
} }
) vhostCertNames; )
vhostCertNames;
in in
listToAttrs certCfg; listToAttrs certCfg;

11
modules/nixos/caddy/vhost-options.nix
View File

@@ -1,16 +1,12 @@
{ cfg }: {cfg}: {
{
config, config,
lib, lib,
name, name,
... ...
}: }: let
let
inherit (lib) literalExpression mkOption types; inherit (lib) literalExpression mkOption types;
in in {
{
options = { options = {
hostName = mkOption { hostName = mkOption {
type = types.str; type = types.str;
default = name; default = name;
@@ -83,6 +79,5 @@ in
automatically generated `Caddyfile`. automatically generated `Caddyfile`.
''; '';
}; };
}; };
} }

30
modules/nixos/satisfactory.nix
View File

@@ -1,8 +1,11 @@
{config, pkgs, lib, ...}:
let
cfg = config.services.satisfactory;
in
{ {
config,
pkgs,
lib,
...
}: let
cfg = config.services.satisfactory;
in {
options.services.satisfactory = { options.services.satisfactory = {
enable = lib.mkEnableOption "Enable Satisfactory Dedicated Server"; enable = lib.mkEnableOption "Enable Satisfactory Dedicated Server";
@@ -56,7 +59,12 @@ in
networking = { networking = {
firewall = { firewall = {
allowedUDPPorts = [15777 15000 7777 27015]; allowedUDPPorts = [15777 15000 7777 27015];
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; allowedUDPPortRanges = [
{
from = 27031;
to = 27036;
}
];
allowedTCPPorts = [27015 27036]; allowedTCPPorts = [27015 27036];
}; };
}; };
@@ -76,8 +84,16 @@ in
ln -sfv /var/lib/satisfactory/.steam/steam/linux64 /var/lib/satisfactory/.steam/sdk64 ln -sfv /var/lib/satisfactory/.steam/steam/linux64 /var/lib/satisfactory/.steam/sdk64
mkdir -p /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer mkdir -p /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/Game.ini '/Script/Engine.GameSession' MaxPlayers ${toString cfg.maxPlayers} ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/Game.ini '/Script/Engine.GameSession' MaxPlayers ${toString cfg.maxPlayers}
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoPause ${if cfg.autoPause then "True" else "False"} ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoPause ${
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoSaveOnDisconnect ${if cfg.autoSaveOnDisconnect then "True" else "False"} if cfg.autoPause
then "True"
else "False"
}
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoSaveOnDisconnect ${
if cfg.autoSaveOnDisconnect
then "True"
else "False"
}
''; '';
script = '' script = ''
/var/lib/satisfactory/SatisfactoryDedicatedServer/Engine/Binaries/Linux/UnrealServer-Linux-Shipping FactoryGame -multihome=${cfg.address} /var/lib/satisfactory/SatisfactoryDedicatedServer/Engine/Binaries/Linux/UnrealServer-Linux-Shipping FactoryGame -multihome=${cfg.address}

62
neovim/default.nix
View File

@@ -1,6 +1,6 @@
{ {
pkgs, pkgs,
# config, stablePkgs,
... ...
}: let }: let
mkMappings = mappings: mkMappings = mappings:
@@ -107,6 +107,7 @@ in {
"<C-q>x" = "[[<cmd>tabclose<cr>]]"; "<C-q>x" = "[[<cmd>tabclose<cr>]]";
"<C-q>n" = "[[<cmd>tabnext<cr>]]"; "<C-q>n" = "[[<cmd>tabnext<cr>]]";
"<C-q>p" = "[[<cmd>tabprevious<cr>]]"; "<C-q>p" = "[[<cmd>tabprevious<cr>]]";
"<c-.>" = "require('sidekick.cli').toggle";
}; };
terminal = { terminal = {
"<C-\\>" = "require('FTerm').toggle"; "<C-\\>" = "require('FTerm').toggle";
@@ -128,6 +129,14 @@ in {
pattern = "*.norg"; pattern = "*.norg";
command = "set conceallevel=3"; command = "set conceallevel=3";
} }
{
event = [
"BufEnter"
"BufWinEnter"
];
pattern = "*.pest";
command = "setlocal commentstring=//%s";
}
# { # {
# event = ["BufEnter" "BufWinEnter"]; # event = ["BufEnter" "BufWinEnter"];
# pattern = "*.sql"; # pattern = "*.sql";
@@ -143,6 +152,20 @@ in {
pattern = "?*"; pattern = "?*";
command = "silent! loadview!"; command = "silent! loadview!";
} }
{
event = ["FileType"];
pattern = "json";
callback =
rawLua
/*
lua
*/
''
function(ev)
vim.bo[ev.buf].formatprg = "${pkgs.jq}/bin/jq"
end
'';
}
]; ];
plugins = { plugins = {
@@ -155,6 +178,16 @@ in {
trouble.enable = true; trouble.enable = true;
ts-context-commentstring.enable = true; ts-context-commentstring.enable = true;
which-key.enable = true; which-key.enable = true;
sidekick = {
enable = true;
settings = {
nes = {
enabled = false;
};
};
};
conform-nvim = { conform-nvim = {
enable = true; enable = true;
settings = { settings = {
@@ -169,6 +202,7 @@ in {
end end
''; '';
formatters_by_ft = { formatters_by_ft = {
json = ["jq"];
d2 = ["d2"]; d2 = ["d2"];
sql = ["sleek"]; sql = ["sleek"];
toml = ["taplo"]; toml = ["taplo"];
@@ -180,7 +214,7 @@ in {
enable = true; enable = true;
settings = { settings = {
panel = { panel = {
enabled = true; enabled = false;
}; };
suggestion = { suggestion = {
enabled = true; enabled = true;
@@ -221,6 +255,7 @@ in {
lualine = { lualine = {
enable = true; enable = true;
# package = stablePkgs.vimPlugins.lualine-nvim;
}; };
neotest = { neotest = {
@@ -334,9 +369,11 @@ in {
tree-sitter-norg-meta tree-sitter-norg-meta
tree-sitter-just tree-sitter-just
tree-sitter-nu tree-sitter-nu
# pkgs.tree-sitter-grammars.tree-sitter-d2 tree-sitter-pest
tree-sitter-slint
]) ])
++ pkgs.vimPlugins.nvim-treesitter.allGrammars; ++ pkgs.vimPlugins.nvim-treesitter.allGrammars;
nixGrammars = true;
}; };
telescope = { telescope = {
@@ -508,6 +545,7 @@ in {
slint_lsp.enable = true; slint_lsp.enable = true;
# sourcekit.enable = true; # sourcekit.enable = true;
openscad_lsp.enable = true; openscad_lsp.enable = true;
tinymist.enable = true;
rust_analyzer = { rust_analyzer = {
enable = false; enable = false;
installCargo = false; installCargo = false;
@@ -696,6 +734,12 @@ in {
end, end,
{}) {})
vim.api.nvim_create_user_command('DapUiToggle',
function()
require('dapui').toggle()
end,
{})
local iron = require("iron.core") local iron = require("iron.core")
iron.setup({ iron.setup({
config = { config = {
@@ -755,12 +799,20 @@ in {
}, },
}) })
vim.filetype.add({
extension = {
pest = "pest",
},
})
vim.filetype.add({ vim.filetype.add({
filename = { filename = {
['nurfile'] = "nu", ['nurfile'] = "nu",
}, },
}) })
vim.bo.formatexpr = "v:lua.require'conform'.formatexpr()"
''; '';
extraPlugins = with pkgs.vimPlugins; [ extraPlugins = with pkgs.vimPlugins; [
FTerm-nvim FTerm-nvim
@@ -796,5 +848,9 @@ in {
pkgs.sleek pkgs.sleek
pkgs.graphqurl pkgs.graphqurl
pkgs.sqls pkgs.sqls
pkgs.lua
pkgs.ripgrep
pkgs.nodejs-slim
pkgs.qwen-code
]; ];
} }

43
neovim/overlays.nix
View File

@@ -29,6 +29,16 @@
version = "1"; version = "1";
src = inputs.tree-sitter-nu; src = inputs.tree-sitter-nu;
}; };
tree-sitter-pest = final.pkgs.tree-sitter.buildGrammar {
language = "pest";
version = "1";
src = inputs.tree-sitter-pest;
};
tree-sitter-slint = final.pkgs.tree-sitter.buildGrammar {
language = "slint";
version = "1";
src = inputs.tree-sitter-slint;
};
}; };
}; };
in [ in [
@@ -37,3 +47,36 @@ in [
vimPlugins vimPlugins
tree-sitter-grammars tree-sitter-grammars
] ]
# tree-sitter-grammars = final: prev: {
# tree-sitter-grammars =
# prev.tree-sitter-grammars
# // {
# # tree-sitter-just = final.pkgs.tree-sitter.buildGrammar {
# # language = "just";
# # version = "1";
# # src = inputs.tree-sitter-just;
# # };
# # tree-sitter-nu = final.pkgs.tree-sitter.buildGrammar {
# # language = "nu";
# # version = "1";
# # src = inputs.tree-sitter-nu;
# # };
# tree-sitter-d2 = final.pkgs.tree-sitter.buildGrammar {
# language = "d2";
# version = "1";
# src = inputs.tree-sitter-d2;
# };
# };
# };
# vimPlugins = final: prev: {
# vimPlugins =
# prev.vimPlugins
# // {
# d2 = final.pkgs.vimUtils.buildVimPlugin {
# name = "d2";
# version = "1";
# src = inputs.d2;
# };
# };
# };

42
nixos/default.nix
View File

@@ -1,10 +1,8 @@
{ {
nixpkgs,
devices, devices,
inputs, inputs,
nixpkgs,
overlays, overlays,
home-manager,
nur,
... ...
}: (builtins.mapAttrs ( }: (builtins.mapAttrs (
name: device: name: device:
@@ -13,37 +11,29 @@
specialArgs = { specialArgs = {
inherit device inputs; inherit device inputs;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system}; stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
masterPkgs = inputs.nixpkgs-master.legacyPackages.${device.system};
lanzaboote = inputs.lanzaboote; lanzaboote = inputs.lanzaboote;
cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};};
}; };
modules = [ modules = [
nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.disko
{nixpkgs.overlays = overlays;}
home-manager.nixosModules.home-manager
inputs.arion.nixosModules.arion inputs.arion.nixosModules.arion
# inputs.command-runner.nixosModules.command-runner inputs.disko.nixosModules.disko
inputs.handoff.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
inputs.musnix.nixosModules.musnix inputs.musnix.nixosModules.musnix
inputs.nix-minecraft.nixosModules.minecraft-servers inputs.nix-minecraft.nixosModules.minecraft-servers
{ inputs.nixpkgs-xr.nixosModules.nixpkgs-xr
nixpkgs.config.allowUnfree = true; inputs.nur.modules.nixos.default
home-manager = { inputs.sops-nix.nixosModules.sops
backupFileExtension = "bak"; inputs.stylix.nixosModules.stylix
useGlobalPkgs = true; inputs.headplane.nixosModules.headplane
useUserPackages = true;
extraSpecialArgs = {
inherit inputs;
inherit device;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
};
users.${device.user}.imports = [
../home
];
};
}
../sops.nix
./${device.name}/configuration.nix ./${device.name}/configuration.nix
../home/module.nix
{nixpkgs.overlays = overlays;}
../sops.nix
../stylix.nix
]; ];
} }
) )

127
nixos/deoxys/configuration.nix
View File

@@ -1,127 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
pkgs,
lib,
...
}: {
imports = [
# Include the results of the hardware scan.
./deoxys.nix
./services
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
nix = {
settings = {
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "servius" "fs0c131y"];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than +5";
};
package = pkgs.nixVersions.latest;
buildMachines = [];
distributedBuilds = true;
};
networking.hostName = "deoxys"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Asia/Kolkata";
# Select internationalisation properties.
i18n.defaultLocale = "en_US";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US";
LC_IDENTIFICATION = "en_US";
LC_MEASUREMENT = "en_US";
LC_MONETARY = "en_US";
LC_NAME = "en_US";
LC_NUMERIC = "en_US";
LC_PAPER = "en_US";
LC_TELEPHONE = "en_US";
LC_TIME = "en_US";
};
# Configure keymap in X11
services.xserver = {
xkb = {
layout = "us";
variant = "";
};
};
security.sudo.wheelNeedsPassword = false;
# Define a user account. Don't forget to set a password with passwd.
users.users.servius = {
isNormalUser = true;
description = "servius";
extraGroups = ["networkmanager" "wheel"];
packages = with pkgs; [];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

3
nixos/deoxys/services/default.nix
View File

@@ -1,3 +0,0 @@
{...}: {
imports = [];
}

6
nixos/mirai/configuration.nix
View File

@@ -42,7 +42,7 @@
cores = 8; cores = 8;
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "fs0c131y" "remotebuilder"]; trusted-users = [device.user "remotebuilder"];
trusted-substituters = [ trusted-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"
@@ -65,11 +65,11 @@
dates = "daily"; dates = "daily";
options = "--delete-older-than 5d"; options = "--delete-older-than 5d";
}; };
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32 package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true; distributedBuilds = true;
}; };
users.users.fs0c131y = { users.users.${device.user} = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "docker" "media"]; extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [

37
nixos/mirai/services/default.nix
View File

@@ -1,23 +1,26 @@
{...}: { {...}: {
imports = [ imports = [
./atuin.nix # ./atuin.nix
./authelia.nix # ./authelia.nix
./caddy.nix # ./caddy.nix
./excalidraw.nix # ./excalidraw.nix
./fail2ban.nix # ./fail2ban.nix
./flaresolverr.nix # ./flaresolverr.nix
./gitea.nix # ./games
./homepage.nix # ./gitea.nix
./immich.nix # ./homepage.nix
./llama.nix # # ./immich.nix
./lldap.nix # ./immich.nix
./nextcloud.nix # # ./llama.nix
./prowlarr.nix # ./lldap.nix
./resolved.nix # ./nextcloud.nix
./searxng.nix # # ./paperless.nix
# ./prowlarr.nix
# ./resolved.nix
# ./searxng.nix
./tailscale.nix ./tailscale.nix
./games # ./headscale.nix
# ./paperless.nix # ./shitpost.nix
]; ];
services = { services = {
nix-serve = { nix-serve = {

1
nixos/mirai/services/games/default.nix
View File

@@ -2,5 +2,6 @@
imports = [ imports = [
./minecraft.nix ./minecraft.nix
./satisfactory.nix ./satisfactory.nix
./terraria.nix
]; ];
} }

7
nixos/mirai/services/games/terraria.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.terraria = {
enable = true;
# port = 7777;
autoCreatedWorldSize = "large";
};
}

79
nixos/mirai/services/headscale.nix Normal file
View File

@@ -0,0 +1,79 @@
{config, ...}: {
sops = {
secrets.headscale-secret = {
owner = config.systemd.services.headscale.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
secrets.headscale-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
};
services = {
headscale = {
enable = true;
port = 8095;
settings = {
dns = {
magic_dns = true;
base_domain = "headscale.darksailor.dev";
nameservers.global = ["1.1.1.1"];
};
oidc = {
issuer = "https://auth.darksailor.dev";
client_id = "headscale";
client_secret_path = "${config.sops.secrets.headscale-secret.path}";
pkce = {
enabled = true;
method = "S256";
};
};
};
};
# headplane = {
# enable = true;
# settings = {
# server.port = 42562;
# };
# };
caddy = {
virtualHosts."headscale.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "HeadScale";
client_id = "headscale";
client_secret = ''{{ secret "${config.sops.secrets.headscale-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://headscale.darksailor.dev/oidc/callback"
];
scopes = ["openid" "email" "profile" "groups"];
response_types = ["code"];
grant_types = ["authorization_code"];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
}

14
nixos/mirai/services/homepage.nix
View File

@@ -26,13 +26,6 @@
href = "https://jellyfin.tsuba.darksailor.dev"; href = "https://jellyfin.tsuba.darksailor.dev";
}; };
} }
{
"Jellyseerr" = {
icon = "jellyseerr.png";
description = "Jellyseerr: Media Request Management";
href = "https://jellyseerr.tsuba.darksailor.dev";
};
}
{ {
"Sonarr" = { "Sonarr" = {
icon = "sonarr.png"; icon = "sonarr.png";
@@ -47,13 +40,6 @@
href = "https://bazarr.tsuba.darksailor.dev"; href = "https://bazarr.tsuba.darksailor.dev";
}; };
} }
{
"Lidarr" = {
icon = "lidarr.png";
description = "Lidarr: Music Management";
href = "https://lidarr.tsuba.darksailor.dev";
};
}
{ {
"Radarr" = { "Radarr" = {
icon = "radarr.png"; icon = "radarr.png";

2
nixos/mirai/services/llama.nix
View File

@@ -29,7 +29,7 @@
# package = pkgs.ik_llama; # package = pkgs.ik_llama;
}; };
ollama = { ollama = {
enable = true; enable = false;
loadModels = [ loadModels = [
"deepseek-r1:7b" "deepseek-r1:7b"
"deepseek-r1:14b" "deepseek-r1:14b"

12
nixos/mirai/services/shitpost.nix Normal file
View File

@@ -0,0 +1,12 @@
{pkgs, ...}: let
src = pkgs.fetchgit {
url = "https://git.darksailor.dev/servius/adarkdayinmylife.public";
rev = "68d972f68cab8f68916b94df05b7ab6a7da4a1da";
sha256 = "sha256-EVis06rmHq1jJK0FVsbgi7TOru7GtEUpbx0PjU2AKEo=";
};
in {
services.caddy.virtualHosts."adarkdayinmy.life".extraConfig = ''
root * ${src}/
file_server
'';
}

3
nixos/mirai/services/tailscale.nix
View File

@@ -1,8 +1,9 @@
{...}: { {masterPkgs, ...}: {
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = "server"; useRoutingFeatures = "server";
extraUpFlags = "--advertise-exit-node"; extraUpFlags = "--advertise-exit-node";
package = masterPkgs.tailscale;
}; };
networking.firewall.trustedInterfaces = [ networking.firewall.trustedInterfaces = [
"tailscale0" "tailscale0"

1
nixos/ryu/apps/default.nix
View File

@@ -6,5 +6,6 @@
imports = [ imports = [
# ./alvr.nix # ./alvr.nix
./easyeffects.nix ./easyeffects.nix
./vr.nix
]; ];
} }

9
nixos/ryu/apps/vr.nix Normal file
View File

@@ -0,0 +1,9 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
wlx-overlay-s
wayvr-dashboard
bs-manager
monado-vulkan-layers
envision
];
}

89
nixos/ryu/configuration.nix
View File

@@ -10,14 +10,9 @@
./programs ./programs
./containers ./containers
./apps ./apps
# ./vms
]; ];
# sops = {
# defaultSopsFile = ../../secrets/secrets.yaml;
# defaultSopsFormat = "yaml";
# age.keyFile = "/home/${device.user}/.config/sops/age/keys.txt";
# };
security.tpm2 = { security.tpm2 = {
enable = true; enable = true;
pkcs11.enable = true; pkcs11.enable = true;
@@ -27,7 +22,7 @@
programs = { programs = {
hyprland = { hyprland = {
enable = true; enable = true;
# withUWSM = true; withUWSM = true;
xwayland.enable = true; xwayland.enable = true;
}; };
}; };
@@ -45,15 +40,19 @@
nix = { nix = {
settings = { settings = {
max-jobs = 1; max-jobs = 1;
cores = 12; cores = 24;
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "servius"]; trusted-users = [device.user];
trusted-substituters = [ trusted-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"
"https://llama-cpp.cachix.org"
"https://cuda-maintainers.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
]; ];
@@ -68,9 +67,9 @@
dates = "daily"; dates = "daily";
options = "--delete-older-than +5"; options = "--delete-older-than +5";
}; };
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32 package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
buildMachines = [ buildMachines = [
../../builders/mirai.nix ../../builders/tako.nix
../../builders/shiro.nix ../../builders/shiro.nix
# ../../builders/tsuba.nix # ../../builders/tsuba.nix
]; ];
@@ -79,7 +78,7 @@
users.users.${device.user} = { users.users.${device.user} = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "audio" "i2c" "media" "openrazer" "video" "tss"]; extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss"];
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub ../../secrets/id_ed25519.pub
../../secrets/id_ios.pub ../../secrets/id_ios.pub
@@ -104,7 +103,7 @@
}; };
}; };
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
desktopManager.gnome.enable = true; # desktopManager.gnome.enable = true;
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
@@ -120,8 +119,6 @@
}; };
plymouth = { plymouth = {
enable = true; enable = true;
theme = "catppuccin-mocha";
themePackages = with pkgs; [(catppuccin-plymouth.override {variant = "mocha";})];
}; };
# Bootloader. # Bootloader.
@@ -171,8 +168,6 @@
}; };
}; };
services.openssh.enable = true;
networking = { networking = {
interfaces.eno1.wakeOnLan = { interfaces.eno1.wakeOnLan = {
policy = ["magic"]; policy = ["magic"];
@@ -196,20 +191,38 @@
# firewall.allowedTCPPorts = [ ... ]; # firewall.allowedTCPPorts = [ ... ];
# firewall.allowedUDPPorts = [ ... ]; # firewall.allowedUDPPorts = [ ... ];
# firewall.enable = false; # firewall.enable = false;
nftables.enable = true;
firewall = { firewall = {
enable = true; enable = false;
trustedInterfaces = [
"tailscale0"
];
allowedUDPPorts = [
9 # Wake on LAN
4950 # Warframe
4955 # Warframe
3113 # Other
];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ {
from = 1714; from = 1714;
to = 1764; to = 1764;
} # KDE Connect }
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
from = 1714; from = 1714;
to = 1764; to = 1764;
} # KDE Connect }
]; ];
# extraInputRules = ''
# table inet mullvad_tailscale {
# chain output {
# type route hook output priority 0; policy accept;
# ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
# }
# }
# '';
}; };
}; };
@@ -261,7 +274,7 @@
gparted gparted
nvtopPackages.nvidia nvtopPackages.nvidia
quickemu quickemu
(nixvim.makeNixvim (import ../../neovim)) # (nixvim.makeNixvim (import ../../neovim))
qpwgraph qpwgraph
hyprland hyprland
xorg.xhost xorg.xhost
@@ -285,23 +298,23 @@
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
}; };
# etc # etc
gnome.excludePackages = with pkgs; [ # gnome.excludePackages = with pkgs; [
atomix # puzzle game # atomix # puzzle game
cheese # webcam tool # cheese # webcam tool
epiphany # web browser # epiphany # web browser
evince # document viewer # evince # document viewer
geary # email reader # geary # email reader
gedit # text editor # gedit # text editor
gnome-characters # gnome-characters
gnome-music # gnome-music
gnome-photos # gnome-photos
gnome-terminal # gnome-terminal
gnome-tour # gnome-tour
hitori # sudoku game # hitori # sudoku game
iagno # go game # iagno # go game
tali # poker game # tali # poker game
totem # video player # totem # video player
]; # ];
}; };
musnix.enable = true; musnix.enable = true;

1
nixos/ryu/programs/default.nix
View File

@@ -8,5 +8,6 @@
./obs-studio.nix ./obs-studio.nix
./gnome-disks.nix ./gnome-disks.nix
./nix-ld.nix ./nix-ld.nix
./gamemode.nix
]; ];
} }

24
nixos/ryu/programs/gamemode.nix Normal file
View File

@@ -0,0 +1,24 @@
{
pkgs,
device,
...
}: {
programs.gamemode = {
enable = true;
settings = {
general = {
renice = 10;
};
custom = {
start = let
out = pkgs.writeScriptBin "gamemode-start" ''
${pkgs.lmstudio}/bin/lms unload
${pkgs.libnotify}/bin/notify-send 'GameMode started'
'';
in "${out}/bin/gamemode-start";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
users.users.${device.user}.extraGroups = ["gamemode"];
}

4
nixos/ryu/programs/obs-studio.nix
View File

@@ -5,7 +5,9 @@
enableVirtualCamera = true; enableVirtualCamera = true;
plugins = [ plugins = [
pkgs.obs-studio-plugins.wlrobs pkgs.obs-studio-plugins.wlrobs
pkgs.obs-studio-plugins.droidcam-obs pkgs.obs-studio-plugins.input-overlay
pkgs.obs-studio-plugins.obs-vkcapture
# pkgs.obs-studio-plugins.droidcam-obs
]; ];
}; };
}; };

10
nixos/ryu/programs/steam.nix
View File

@@ -4,8 +4,18 @@
gamescopeSession.enable = true; gamescopeSession.enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
extraCompatPackages = [ extraCompatPackages = [
pkgs.proton-ge-bin pkgs.proton-ge-bin
pkgs.gamescope
pkgs.mangohud
]; ];
}; };
programs.gamescope = {
enable = true;
capSysNice = true;
};
environment.systemPackages = [
pkgs.protonup-qt
];
} }

49
nixos/ryu/ryu.nix
View File

@@ -17,26 +17,30 @@
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
# intel-vaapi-driver vpl-gpu-rt
intel-media-driver
nvidia-vaapi-driver nvidia-vaapi-driver
cudatoolkit
# vaapiVdpau # vaapiVdpau
# libvdpau-va-gl # libvdpau-va-gl
# nvidia-utils
]; ];
}; };
nvidia = { nvidia = {
open = false; open = true;
modesetting.enable = true; modesetting.enable = true;
powerManagement.enable = true; powerManagement.enable = true;
powerManagement.finegrained = false; powerManagement.finegrained = false;
nvidiaSettings = true; nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.mkDriver { # package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "575.64.05"; # version = "575.64.05";
sha256_64bit = "sha256-hfK1D5EiYcGRegss9+H5dDr/0Aj9wPIJ9NVWP3dNUC0="; # sha256_64bit = "sha256-hfK1D5EiYcGRegss9+H5dDr/0Aj9wPIJ9NVWP3dNUC0=";
sha256_aarch64 = "sha256-GRE9VEEosbY7TL4HPFoyo0Ac5jgBHsZg9sBKJ4BLhsA="; # sha256_aarch64 = "sha256-GRE9VEEosbY7TL4HPFoyo0Ac5jgBHsZg9sBKJ4BLhsA=";
openSha256 = "sha256-mcbMVEyRxNyRrohgwWNylu45vIqF+flKHnmt47R//KU="; # openSha256 = "sha256-mcbMVEyRxNyRrohgwWNylu45vIqF+flKHnmt47R//KU=";
settingsSha256 = "sha256-o2zUnYFUQjHOcCrB0w/4L6xI1hVUXLAWgG2Y26BowBE="; # settingsSha256 = "sha256-o2zUnYFUQjHOcCrB0w/4L6xI1hVUXLAWgG2Y26BowBE=";
persistencedSha256 = "sha256-2g5z7Pu8u2EiAh5givP5Q1Y4zk4Cbb06W37rf768NFU="; # persistencedSha256 = "sha256-2g5z7Pu8u2EiAh5givP5Q1Y4zk4Cbb06W37rf768NFU=";
}; # };
package = config.boot.kernelPackages.nvidiaPackages.latest;
}; };
cpu.intel.updateMicrocode = cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;
@@ -46,20 +50,15 @@
# nixpkgs.localSystem = {system = "x86_64-linux";}; # nixpkgs.localSystem = {system = "x86_64-linux";};
# nixpkgs.crossSystem = {system = "aarch64-linux";}; # nixpkgs.crossSystem = {system = "aarch64-linux";};
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
services.fprintd.enable = true;
services.sshd.enable = true;
boot.loader.systemd-boot.consoleMode = "max"; boot.loader.systemd-boot.consoleMode = "max";
environment.sessionVariables = { environment.sessionVariables = {
# LIBVA_DRIVER_NAME = "i965";
# __EGL_VENDOR_LIBRARY_FILENAMES = "/run/opengl-driver/share/glvnd/egl_vendor.d/50_mesa.json";
LIBVA_DRIVER_NAME = "nvidia"; LIBVA_DRIVER_NAME = "nvidia";
NVD_BACKEND = "direct"; NVD_BACKEND = "direct";
__GLX_VENDOR_LIBRARY_NAME = "nvidia"; __GLX_VENDOR_LIBRARY_NAME = "nvidia";
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
}; };
virtualisation.libvirtd.enable = true;
users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"]; users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
@@ -86,6 +85,7 @@
"nvidia_modeset" "nvidia_modeset"
"nvidia_drm" "nvidia_drm"
"dm-snapshot" "dm-snapshot"
"dm-mirror"
]; ];
boot.kernelParams = [ boot.kernelParams = [
"intel_iommu=on" "intel_iommu=on"
@@ -100,20 +100,19 @@
''; '';
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/11d8beef-2a63-4231-af35-b9b8d3a17e9b"; device = "/dev/disk/by-uuid/7b488da9-49d3-44d1-b11b-bc6dcd418b1d";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/64099f91-d4d6-44fa-92d4-9e905b3e7829"; device = "/dev/disk/by-uuid/ef734595-a856-4207-8da1-1f0bde4bad61";
fsType = "ext4"; fsType = "ext4";
neededForBoot = true;
options = ["noatime"];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4E27-DAC0"; device = "/dev/disk/by-uuid/4E27-DAC0";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0007" "dmask=0007"];
}; };
fileSystems."/home" = { fileSystems."/home" = {
@@ -122,18 +121,18 @@
neededForBoot = true; neededForBoot = true;
}; };
# fileSystems."/media" = {
# device = "/dev/storage/media";
# fsType = "ext4";
# options = ["users" "nofail"];
# };
fileSystems."/games" = { fileSystems."/games" = {
device = "/dev/storage/games"; device = "/dev/storage/games";
fsType = "ext4"; fsType = "ext4";
options = ["nofail"]; options = ["nofail"];
}; };
fileSystems."/volumes/windows-games" = {
device = "/dev/disk/by-partuuid/56359fb7-7d33-44d2-bebd-b0c53daeeb73";
fsType = "ntfs3";
options = ["nofail"];
};
swapDevices = []; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

20
nixos/ryu/services/caddy.nix
View File

@@ -4,10 +4,10 @@
... ...
}: { }: {
sops = { sops = {
secrets."hetzner/api_key".owner = config.services.caddy.user; secrets."cloudflare/api_key".owner = config.services.caddy.user;
templates = { templates = {
"HETZNER_API_KEY.env".content = '' "CLOUDFLARE_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"} CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
''; '';
}; };
}; };
@@ -15,28 +15,22 @@
caddy = { caddy = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
(hetzner) { (cloudflare) {
tls { tls {
propagation_timeout -1 propagation_timeout -1
propagation_delay 120s propagation_delay 120s
dns hetzner {env.HETZNER_API_KEY} dns cloudflare {env.CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 resolvers 1.1.1.1
} }
} }
''; '';
package = pkgs.caddyWithHetzner; package = pkgs.caddyWithCloudflare;
# package = pkgs.caddy.withPlugins {
# plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
# # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
# # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="
# hash = "sha256-YUrprDZQL+cX3P8fVLKHouXTMG4rw3sCaQdGqiq37uA=";
# };
}; };
}; };
systemd.services.caddy = { systemd.services.caddy = {
after = ["sops-install-secrets.service"]; after = ["sops-install-secrets.service"];
serviceConfig = { serviceConfig = {
EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path; EnvironmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
}; };
}; };
} }

9
nixos/ryu/services/default.nix
View File

@@ -4,7 +4,7 @@
# ./sunshine.nix # ./sunshine.nix
# ./zerotier.nix # ./zerotier.nix
# ./dnscrypt.nix # ./dnscrypt.nix
./ollama.nix # ./ollama.nix
./llama.nix ./llama.nix
./tailscale.nix ./tailscale.nix
./samba.nix ./samba.nix
@@ -16,5 +16,12 @@
./fwupd.nix ./fwupd.nix
./caddy.nix ./caddy.nix
./monitoring.nix ./monitoring.nix
./wivrn.nix
./sshd.nix
./fprintd.nix
./handoff.nix
./gstreamer.nix
./dualsense.nix
./openssh.nix
]; ];
} }

11
nixos/ryu/services/dualsense.nix Normal file
View File

@@ -0,0 +1,11 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
dualsensectl
];
services.udev.extraRules = ''
# USB
ATTRS{name}=="Sony Interactive Entertainment DualSense Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
# Bluetooth
ATTRS{name}=="DualSense Wireless Controller", ENV{LIBINPUT_IGNORE_DEVICE}="1"
'';
}

3
nixos/ryu/services/fprintd.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
services.fprintd.enable = true;
}

22
nixos/ryu/services/gstreamer.nix Normal file
View File

@@ -0,0 +1,22 @@
{pkgs, ...}: {
environment = {
systemPackages = with pkgs; [
gst_all_1.gst-libav
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-rs
gst_all_1.gst-plugins-ugly
gst_all_1.gstreamer
gst_all_1.gstreamermm
gst_all_1.gst-rtsp-server
gst_all_1.gst-vaapi
# gst_all_1.icamerasrc-ipu6
# gst_all_1.icamerasrc-ipu6ep
# gst_all_1.icamerasrc-ipu6epmtl
];
sessionVariables = {
GST_PLUGIN_PATH = "/run/current-system/sw/lib/gstreamer-1.0/";
};
};
}

7
nixos/ryu/services/handoff.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.airpods-handoff = {
enable = true;
user = "servius";
macAddress = "14:14:7D:E5:1A:AC";
};
}

27
nixos/ryu/services/llama.nix
View File

@@ -1,25 +1,38 @@
{ {
inputs,
pkgs, pkgs,
lib,
config, config,
inputs,
... ...
}: { }: {
services = { services = {
llama-cpp = { llama-cpp = {
enable = false; enable = false;
port = 11435; port = 11345;
# model = "/nix/store/ch6z9di3l0k54ad29pzv8k3zv47q30d1-Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
model = pkgs.fetchurl { model = pkgs.fetchurl {
url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf"; # url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab"; # sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
url = "https://huggingface.co/lmstudio-community/Qwen3-Coder-30B-A3B-Instruct-GGUF/resolve/main/Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
sha256 = "79ad15a5ee3caddc3f4ff0db33a14454a5a3eb503d7fa1c1e35feafc579de486";
}; };
# package = pkgs.ik_llama; extraFlags = [
"-c"
"98304"
"--jinja"
"--chat-template-file"
"${../../../assets/chat.hbs}"
# "/nix/store/4zk1p50hrzghp3jzzysz96pa64i2kmjl-promp.hbs"
];
# package = inputs.llama-cpp.packages.${pkgs.system}.cuda;
}; };
caddy = { caddy = {
virtualHosts."llama.ryu.darksailor.dev".extraConfig = '' virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
import hetzner import cloudflare
reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port} reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port}
''; '';
}; };
}; };
environment.systemPackages = with pkgs; [
llama-cpp
];
} }

13
nixos/ryu/services/monitoring.nix
View File

@@ -2,6 +2,10 @@
services = { services = {
prometheus = { prometheus = {
exporters = { exporters = {
systemd = {
enable = true;
};
nvidia-gpu.enable = true;
node = { node = {
enable = true; enable = true;
enabledCollectors = [ enabledCollectors = [
@@ -16,7 +20,6 @@
"uname" "uname"
"vmstat" "vmstat"
]; ];
port = 9100;
}; };
process = { process = {
enable = true; enable = true;
@@ -30,12 +33,4 @@
}; };
}; };
}; };
# Open firewall ports for Prometheus exporters
networking.firewall = {
allowedTCPPorts = [
9100 # node exporter
9256 # process exporter
];
};
} }

31
nixos/ryu/services/ollama.nix
View File

@@ -9,6 +9,7 @@
enable = false; enable = false;
host = "0.0.0.0"; host = "0.0.0.0";
# loadModels = ["deepseek-r1:7b" "deepseek-r1:14b" "RobinBially/nomic-embed-text-8k" "qwen3:8b" "qwen3:14b"]; # loadModels = ["deepseek-r1:7b" "deepseek-r1:14b" "RobinBially/nomic-embed-text-8k" "qwen3:8b" "qwen3:14b"];
# loadModels = ["deepseek-r1:7b" "deepseek-r1:14b" "RobinBially/nomic-embed-text-8k" "qwen3:8b" "qwen3:14b"];
port = 11434; port = 11434;
acceleration = "cuda"; acceleration = "cuda";
environmentVariables = { environmentVariables = {
@@ -17,18 +18,18 @@
LD_LIBRARY_PATH = "run/opengl-driver/lib"; LD_LIBRARY_PATH = "run/opengl-driver/lib";
HTTP_PROXY = "https://ollama.ryu.darksailor.dev"; HTTP_PROXY = "https://ollama.ryu.darksailor.dev";
}; };
package = pkgs.ollama.overrideAttrs { # package = pkgs.ollama.overrideAttrs {
version = "0.11.0"; # version = "0.11.0";
src = pkgs.fetchFromGitHub { # src = pkgs.fetchFromGitHub {
owner = "ollama"; # owner = "ollama";
repo = "ollama"; # repo = "ollama";
tag = "v0.11.0"; # tag = "v0.11.0";
hash = "sha256-po7BxJAj9eOpOaXsLDmw6/1RyjXPtXza0YUv0pVojZ0="; # hash = "sha256-po7BxJAj9eOpOaXsLDmw6/1RyjXPtXza0YUv0pVojZ0=";
fetchSubmodules = true; # fetchSubmodules = true;
}; # };
doCheck = false; # doCheck = false;
vendorHash = "sha256-SlaDsu001TUW+t9WRp7LqxUSQSGDF1Lqu9M1bgILoX4="; # vendorHash = "sha256-SlaDsu001TUW+t9WRp7LqxUSQSGDF1Lqu9M1bgILoX4=";
}; # };
}; };
# open-webui = { # open-webui = {
# enable = false; # enable = false;
@@ -40,15 +41,15 @@
# }; # };
caddy = { caddy = {
# virtualHosts."llama.ryu.darksailor.dev".extraConfig = '' # virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
# import hetzner # import cloudflare
# forward_auth mirai:5555 { # forward_auth tako:5555 {
# uri /api/authz/forward-auth # uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name # copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# } # }
# reverse_proxy localhost:${builtins.toString config.services.open-webui.port} # reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
# ''; # '';
virtualHosts."ollama.ryu.darksailor.dev".extraConfig = '' virtualHosts."ollama.ryu.darksailor.dev".extraConfig = ''
import hetzner import cloudflare
reverse_proxy localhost:${builtins.toString config.services.ollama.port} reverse_proxy localhost:${builtins.toString config.services.ollama.port}
''; '';
}; };

7
nixos/ryu/services/openssh.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
}

3
nixos/ryu/services/sshd.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
services.sshd.enable = true;
}

18
nixos/ryu/services/tailscale.nix
View File

@@ -1,22 +1,8 @@
{ {masterPkgs, ...}: {
pkgs,
lib,
...
}: {
services = { services = {
tailscale = { tailscale = {
enable = true; enable = true;
# useRoutingFeatures = "both"; package = masterPkgs.tailscale;
# extraUpFlags = ["--advertise-routes=192.168.0.0/24"];
}; };
# networkd-dispatcher = {
# enable = true;
# rules."50-tailscale" = {
# onState = ["routable"];
# script = ''
# ${lib.getExe pkgs.ethtool} -K en01 rx-udp-gro-forwarding on rg-xgro-list off
# '';
# };
# };
}; };
} }

13
nixos/ryu/services/wivrn.nix Normal file
View File

@@ -0,0 +1,13 @@
{pkgs, ...}: {
services.wivrn = {
enable = true;
openFirewall = true;
defaultRuntime = true;
autoStart = true;
steam = {
importOXRRuntimes = true;
};
highPriority = true;
# package = pkgs.wivrn;
};
}

12
nixos/ryu/vms/default.nix
View File

@@ -1,4 +1,16 @@
{ {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
swtpm.enable = true;
# ovmf = {
# enable = true;
# };
};
};
};
imports = [ imports = [
./win11.nix ./win11.nix
]; ];

4
nixos/ryu/vms/win11.nix
View File

@@ -4,10 +4,6 @@
lib, lib,
... ...
}: { }: {
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.ovmf.enable = true;
virtualisation.libvirtd.qemu.swtpm.enable = true;
# IOMMU and VFIO settings # IOMMU and VFIO settings
# boot.kernelParams = [ # boot.kernelParams = [
# "amd_iommu=on" # Use "intel_iommu=on" for Intel CPUs # "amd_iommu=on" # Use "intel_iommu=on" for Intel CPUs

186
nixos/tako/configuration.nix Normal file
View File

@@ -0,0 +1,186 @@
{
config,
pkgs,
device,
...
}: {
imports = [
# Include the results of the hardware scan.
./services
./tako.nix
# ./docker.nix
];
virtualisation.docker.enable = true;
# virtualisation.podman = {
# enable = true;
# dockerSocket.enable = true;
# defaultNetwork.dnsname.enable = true;
# };
users.extraUsers.${device.user}.extraGroups = ["docker"];
environment.systemPackages = with pkgs; [
arion
];
security.sudo.wheelNeedsPassword = false;
sops = {
secrets."builder/mirai/cache/private" = {};
secrets.users = {
sopsFile = ../../secrets/users.yaml;
format = "yaml";
key = "";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nix = {
settings = {
max-jobs = 1;
cores = 8;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# "https://sh.darksailor.dev"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# "tako:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path}
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 5d";
};
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true;
};
users.users.${device.user} = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
users.users.remotebuilder = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
];
};
users.groups.media = {};
nixpkgs.config.allowUnfree = true;
networking.hostName = "tako"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Asia/Singapore";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 80 443];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

96
nixos/tako/disk-config.nix Normal file
View File

@@ -0,0 +1,96 @@
{...}: {
disko.devices = {
disk = {
one = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
two = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "128G";
lvm_type = "mirror";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
nix = {
size = "256G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";
};
};
home = {
size = "64G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
media = {
size = "100%";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/media";
};
};
};
};
};
};
}

Some files were not shown because too many files have changed in this diff Show More