servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: servius:a444694054a164158823e2f724ba6f2e7c26e7dd
Branches Tags
servius:master servius:matrix-rtc
..
compare: servius:master
Branches Tags
servius:master servius:matrix-rtc

116 Commits
a444694054 ... master

Author SHA1 Message Date
servius
cbd4e7b4bb feat: disable prometheus for homeassistant
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-03-14 17:23:53 +05:30
servius
a1057c5954 feat: added aria2
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m26s
Details
2026-03-14 00:20:00 +05:30
servius
2409574330 feat: Update flakes 2026-03-13 16:40:31 +05:30
servius
6b09de5afc feat: Remove discord 2026-03-12 23:13:46 +05:30
servius
e5ca18d368 feat: Update cinny to 4.11.1 2026-03-12 17:39:27 +05:30
servius
68ac29b68b feat: Make /var a partition
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m25s
Details
2026-03-12 16:35:16 +05:30
servius
e89003a063 feat: added ironclaw 2026-03-12 13:40:10 +05:30
servius
62072e71ea feat: Update cinny
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-03-11 13:32:24 +05:30
servius
6bfb3286e3 feat: Remove openclaw
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-03-11 13:10:56 +05:30
servius
325705f4cb feat: Disable ollama for shiro (mlx not working)
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-03-11 13:08:17 +05:30
servius
96a92bd67f feat: Update openclaw stuff
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m22s
Details
2026-03-11 12:45:24 +05:30
servius
b17b2ab977 feat: Add openclaw for shiro
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m25s
Details
2026-03-11 12:20:20 +05:30
servius
2d2a7e6765 fix: Fixed the syntax for adding sunshine-beta and remove some packages
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details
2026-03-10 13:32:28 +05:30
servius
a9dfdccf63 feat: Added sunshine in macos
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m30s
Details
2026-03-09 20:12:17 +05:30
servius
8a1ed7b0ab feat: Update cinny
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details
2026-03-09 17:20:22 +05:30
servius
04a9d2ce76 chore: Remove iamb doesn't build on darwin
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m29s
Details
2026-03-09 17:11:07 +05:30
servius
d4d9e715ff chore: disable zed, yt-dlp and autossh scripts
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m26s
Details
2026-03-09 16:56:19 +05:30
servius
3b23c25509 feat: Update stuff
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-03-09 16:54:14 +05:30
servius
0874bb6698 feat: Added stuff 2026-03-07 22:43:13 +05:30
servius
316bffb9f5 feat: Remove deprecated togglesplit layout 2026-03-07 04:45:28 +05:30
servius
b19be561bf feat: Update hyprland and add iamb 2026-03-07 04:31:44 +05:30
servius
452426f363 feat: Added element
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m24s
Details
2026-03-07 02:14:01 +05:30
servius
a50801f5bb feat: Move to git lfs 2026-03-06 18:09:56 +05:30
servius
dee3da3b12 feat: Update to nextcloud and tangled 2026-03-06 18:05:48 +05:30
servius
8cdb41674c feat: Update wallpapers
All checks were successful
Flake checker / Build Nix targets (push) Successful in 22m43s
Details
2026-03-05 18:04:01 +05:30
servius
eaf994c5b5 feat: Remove lfs
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m29s
Details
2026-03-05 02:48:26 +05:30
servius
ccc7116c3f fix: possible fix for unreachable tangled
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-03-05 02:44:38 +05:30
servius
7be66a5d2f feat: Added tangled 2026-03-05 02:00:19 +05:30
servius
686501d464 feat: Added more zen search options and khal views
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m24s
Details
2026-03-04 20:07:00 +05:30
servius
09686e1ee6 feat: Disable stylix for global fish config
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-03-04 17:51:21 +05:30
servius
7caf921746 feat: Generate completions for fish and sync khal properly 2026-03-04 17:43:52 +05:30
servius
7b86a1cb21 feat: Added stuff to zen
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details
2026-03-04 15:30:05 +05:30
servius
4f18892d1b feat: Added commented out ciny 2026-03-02 15:49:49 +05:30
servius
580fcac817 feat: re-generated spaces
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m25s
Details
2026-03-02 01:52:21 +05:30
servius
8364bbb3cb fix: Cleanup Warnings
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-03-02 01:44:28 +05:30
servius
e0e7f514ec feat(nixify): add home package and update lock entries
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-03-02 01:43:50 +05:30
servius
82f69166c5 feat: Update caddy hash
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m34s
Details
2026-03-02 01:16:54 +08:00
servius
dce2e160da feat: Enable all substituters in all machines
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m31s
Details
2026-03-01 21:35:46 +05:30
servius
b10e5253f8 feat: Update all flakes
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-03-01 20:31:34 +05:30
servius
d4a0ab60cf feat(programs): add codex
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m22s
Details
2026-02-27 16:12:44 +05:30
servius
5269b2ee10 feat(nix): add download buffer size config to NixOS and Darwin configuration files
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m26s
Details
2026-02-27 12:36:33 +05:30
servius
d9c9b55d49 feat: Automatically run fish if bash is in interactive mode
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-27 12:35:12 +05:30
servius
fd5e28b368 feat: Added personal website
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-02-25 16:53:49 +05:30
servius
da793b82e7 fix: Add cinny in matrix imports 2026-02-25 15:24:26 +05:30
servius
c2e4fbb59f chore: move cinny to a different file
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m24s
Details
2026-02-24 20:22:14 +05:30
servius
25a7f185bc feat: Remove unused inputs
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details
2026-02-24 18:33:47 +05:30
servius
044a0156df feat: Remove unused overlays
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-02-24 17:32:55 +05:30
servius
4e0cb41780 feat: Update to cinny 4.10.5
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m25s
Details
2026-02-24 17:03:46 +05:30
servius
34737a5aef chore(kuro): remove unused macOS casks from Homebrew configuration
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-02-24 14:31:56 +05:30
servius
81ea7f695e feat: Update cinny to use hashRouter and update caddy reverse proxy
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m22s
Details
2026-02-24 13:50:59 +05:30
servius
ea7707d050 feat: Use Grafana secretKey 2026-02-24 13:24:30 +05:30
servius
30a54caa03 refactor(matrix): update matrix config to Cinny
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m32s
Details
2026-02-24 13:06:04 +05:30
servius
3ed6781ae1 chore: enable zen-browser flake on all devices
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m29s
Details
2026-02-24 11:11:11 +05:30
servius
3418e577c5 docs(AGENTS.md): update build & deploy commands and example IP 2026-02-24 10:29:37 +05:30
servius
2741e25585 feat: enable stuff
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m23s
Details
2026-02-23 18:42:31 +05:30
Servius
e9aed100af Merge pull request 'feat: add matrix-rtc' (#1) from matrix-rtc into master
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details 
Reviewed-on: #1
 2026-02-23 19:42:06 +08:00
servius
1ac96316ea feat: re-enable affine service
All checks were successful
Flake checker / Build Nix targets (pull_request) Successful in 9m32s
Details
2026-02-23 17:05:03 +05:30
servius
8d636ce194 refactor(matrix): simplify LiveKit configuration to use services.livekit and services.lk-jwt-service 2026-02-23 16:32:14 +05:30
servius
bbeed99f43 refactor(affine): use Docker network option instead of --network flag 2026-02-23 16:05:09 +05:30
servius
7e6ece1b0d feat(matrix): add LiveKit support with firewall and systemd services 2026-02-23 15:49:50 +05:30
servius
60952a0e7f feat(programs): add yq package to home programs 2026-02-23 14:43:49 +05:30
servius
738013df66 refactor: update mbsync settings for Fastmail and Neomutt 2026-02-22 15:32:38 +05:30
servius
34160d0de4 feat: Updated notifications
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-02-22 15:16:10 +05:30
servius
02b8a16f41 feat(cargo): add pkgs metadata alias
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m33s
Details
2026-02-20 03:42:46 +05:30
servius
684f6fdea5 fix(apps): make playerctl conditional to ryu device only 2026-02-20 03:42:44 +05:30
servius
7ef1785a0f feat: Added caldav 2026-02-20 03:08:24 +05:30
servius
49c0c607d8 feat: Added stuff 2026-02-20 02:01:24 +05:30
servius
ab52b423ee feat: Move stuff into programs / apps in ryu 2026-02-19 23:03:52 +05:30
servius
f852a73d47 feat: Updated to latest nixpkgs-unstable 2026-02-19 21:16:08 +05:30
servius
998ebc1164 feat(programs): add jujutsu(jj) package
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m41s
Details
2026-02-19 13:51:12 +05:30
servius
9acb378e5f feat: disable some services and disable root login from ssh altogether 2026-02-19 13:41:40 +05:30
servius
dca434c0ba Enable Audacity and add local Ollama provider configuration 
- Remove comment from audacity.nix to enable Audacity application
- Add Ollama provider configuration for local LLM access
- Configure glm-4.7-flash model with custom base URL
 2026-02-19 00:19:08 +05:30
servius
c22ff38874 feat: Added affine 2026-02-18 18:03:06 +05:30
servius
0591868be3 feat: Added affine server 2026-02-18 17:23:05 +05:30
servius
e249f13313 feat: Vertical to horizontal secondary monitor 3
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m37s
Details
2026-02-16 03:17:34 +05:30
servius
4ecf045deb feat: Added ip target for ignore ip 2026-02-16 02:48:03 +05:30
servius
05d1890b01 feat: Added steamdeck deploy target
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m35s
Details
2026-02-16 02:21:06 +05:30
servius
2babff5576 feat: Added cloudflare cli to add / remove dns entries from cli 2026-02-12 19:04:13 +05:30
servius
aa7c26516c feat: Added gitea runner
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m33s
Details
2026-02-12 16:21:36 +05:30
servius
a1369cbb41 feat(attic): Use env variable for attic login
All checks were successful
Flake checker / Build Nix targets (push) Successful in 29m34s
Details
2026-02-11 19:53:05 +05:30
servius
54c5cf932d feat: Added attic-client 2026-02-11 17:53:27 +05:30
servius
bb68711814 fix: use tcp instead of unix sockets for attic
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 17:07:40 +05:30
servius
6b31922615 feat: Added attic ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 16:56:23 +05:30
servius
21e779c304 fix: Macos fixes
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 16:30:38 +05:30
servius
e718da413b feat: Replace deprecated options from navidrome
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 04:48:39 +05:30
servius
98989afdec feat: upgrade to excalidraw-full 2026-02-11 04:27:14 +05:30
servius
3a97de6af2 fix: Matrix server fix
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 03:55:29 +05:30
servius
66b7a31943 feat: Update to latest nix 2026-02-10 23:14:12 +05:30
servius
ddb53d879e feat: Added matrix 2026-02-10 22:25:37 +05:30
servius
e403e47c28 feat: Added tuwunel 2026-02-10 14:24:39 +05:30
servius
d8b3d6fb09 chore: Update flake.nix
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-07 02:42:39 +05:30
servius
91d6863d60 feat: Change wallpapers
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-06 12:46:33 +05:30
servius
618e5593e7 feat: Update hyprland.conf 2026-02-06 10:46:10 +05:30
servius
e1c9a27ca3 feat: added libnotify
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-05 13:56:34 +05:30
servius
7a58571c03 feat: disable default.clock.rate use allowed-rates 2026-02-05 12:48:21 +05:30
servius
768caf9882 feat: Unify all of the nixos substituters
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-04 23:33:40 +05:30
servius
e07d6a44a3 feat: Update to latest nixos 2026-02-04 23:21:42 +05:30
servius
97d8c17436 feat: auto generate remmina desktop entries 2026-02-04 22:37:11 +05:30
servius
89fd861c20 feat: Re-enable retroarch
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-04 02:51:32 +05:30
servius
cf30dc9f6c feat: Remove pipewire from configuration 2026-02-03 23:40:24 +05:30
servius
b88704bf1f feat: Update AGENTS.md
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-03 22:15:52 +05:30
servius
eb63ef2585 feat: Use lower latency for pipewire 64 48000
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-03 22:05:20 +05:30
servius
d688fc0eef feat: Added audio stuff
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-03 21:10:47 +05:30
servius
63a4fba675 feat: added stuff 2026-02-03 21:10:47 +05:30
servius
8fedc57570 feat(opencode): add support for kuro device
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-03 13:24:11 +05:30
servius
dd322cb71c docs: add example of how to add secrets
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-02 04:42:32 +05:30
servius
23b5917620 refactor: update monitoring target labels and jellyfin caddy config 2026-02-02 02:34:28 +05:30
servius
5cecce74e8 chore(config): reduce ironbar favorites, disable cadvisor, update pihole hostname for the extractor
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-02 01:07:00 +05:30
servius
15853f918a chore(services): delete command-runner.nix and its entry in default.nix
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-01 22:01:37 +05:30
servius
22d619b3ce refactor(monitoring): dashboard provisioning, sops secret, exportarr off 2026-02-01 21:09:52 +05:30
servius
d5396917c3 chore: fmt 2026-02-01 19:52:48 +05:30
servius
a7d4a88741 feat: Update ironbar 2026-02-01 19:52:06 +05:30
servius
2f901052f1 feat: Added grafana 2026-02-01 19:51:51 +05:30
servius
56f1ba896c feat: Added opencode.nvim 2026-02-01 18:59:00 +05:30
servius
9607e8f3a4 feat: Added agents.md
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-01 18:30:57 +05:30
servius
41f5da953a feat: Disable terraria 2026-02-01 18:07:19 +05:30
125 changed files with 3632 additions and 6382 deletions
Expand all files Collapse all files

195
AGENTS.md Normal file
View File

@@ -0,0 +1,195 @@
# Agent Guidelines for NixOS/nix-darwin Dotfiles
This repository contains NixOS, nix-darwin, and Home Manager configurations in Nix. You are a sysadmin managing server configurations and deployments.
## Build, Test, and Deployment Commands
### Build and Apply Configurations & Deploy to Remote Machines
Can use deploy for both local and remote hosts
```bash
deploy -s .#ryu # Desktop (x86_64-linux)
deploy -s .#tako # Server (x86_64-linux)
deploy -s .#tsuba # Raspberry Pi (aarch64-linux)
deploy -s .#kuro # MacBook M4 Pro (aarch64-darwin)
deploy -s .#shiro # Mac Mini M4 (aarch64-darwin)
```
**Linux (NixOS):**
```bash
deploy -s .#ryu
deploy -s .#tako
deploy -s .#tako --builders '' --cores 32 # with no other builders and 32 cores
deploy -s .#ryu --max-jobs 4 --cores 32 # use 32 cores and 4 parallel derivations
sudo nixos-rebuild test --fast --flake . # Test without activation
sudo nixos-rebuild switch --rollback --flake . # Rollback
```
**macOS (nix-darwin):**
```bash
deploy -s .#kuro
deploy -s .#shiro
sudo nix-darwin test --fast --flake .
```
### Validation and Formatting
```bash
nix flake check --show-trace # Check flake for errors
alejandra fmt . # Format all files
alejandra fmt <file>.nix # Format single file
```
## Directory Structure
- `flake.nix` - Main entry point, device definitions
- `nixos/` - NixOS machine configs (ryu, tako, tsuba)
- `darwin/` - macOS machine configs (kuro, shiro)
- `home/` - Home Manager modules (programs/, services/, apps/)
- `modules/` - Custom modules (nixos/, darwin/, home/)
- `secrets/` - SOPS encrypted secrets
- `overlays.nix`, `deploy.nix`, `sops.nix`, `stylix.nix` - Config files
## Code Style Guidelines
### Nix Language Conventions
**File Structure:**
```nix
{inputs, config, pkgs, lib, device, ...}: {
# Configuration here
}
```
**Imports:**
- Order: `inputs`, `config`, `pkgs`, `lib`, `device`, custom params, `...`
- Use set destructuring for clarity
**Formatting:**
- Use `alejandra` formatter (run before committing)
- 2-space indentation
- Trailing commas in lists and attribute sets
**Naming Conventions:**
- Files: lowercase-with-hyphens (e.g., `my-module.nix`)
- Attributes: camelCase (e.g., `enableMyFeature`)
- Functions: camelCase (e.g., `mkDevice`)
- Constants: UPPER_SNAKE_CASE (e.g., `API_KEY`)
- Device names: lowercase (e.g., `ryu`, `tako`)
**Let Expressions:**
```nix
with lib; let
cfg = config.programs.myProgram;
in {
options = { ... };
config = mkIf cfg.enable { ... };
}
```
**Conditionals:**
- Use `mkIf` for config options
- Use `lib.optionalAttrs` for attribute sets
- Use `lib.optionals` for lists
### Module Patterns
**Simple Package Module:**
```nix
{pkgs, ...}: {
home.packages = [pkgs.myPackage];
}
```
**Program Configuration Module:**
```nix
{config, pkgs, lib, ...}:
with lib; let
cfg = config.programs.myProgram;
in {
options.programs.myProgram = {
enable = mkEnableOption "myProgram";
};
config = mkIf cfg.enable {
home.packages = [pkgs.myProgram];
};
}
```
**Device-Specific Logic:**
```nix
home.packages = lib.optionals device.isLinux [pkgs.linuxPackage]
++ lib.optionals device.isDarwin [pkgs.macPackage];
sessionVariables.BROWSER = if device.isDarwin then "open" else "xdg-open";
```
## Important Rules
1. **NEVER create markdown files** unless explicitly requested
2. **DO NOT add shell scripts** - use Nix expressions
3. **All configurations must use Nix expressions** when possible
4. **Follow existing naming conventions** and directory structure
5. Create custom application entries in `~/.local/share/applications/{appname}.desktop`
## Secrets Management
- Secrets are managed with SOPS in `secrets/` directory
- Encrypted secrets in `secrets/` directory
- Configuration in `.sops.yaml`
- Access via `config.sops.secrets."secret/value".path`
```yaml
foo:
bar: somesecret
```
The path is the file that contains `somesecret`
- Add new secrets using `sops set`
Example
```bash
openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml '["foo"]["bar"]'
```
This will add a randomly generated secret to the sops file
## Common Patterns
### Adding a New Program
```bash
just add program myprogram # Creates home/programs/myprogram.nix and adds import
```
### Adding a new dns entry
```bash
cfcli add --type A foobar.bazbar.biz 100.102.64.19
```
### Creating a Module
1. Determine location: `modules/nixos/`, `modules/darwin/`, or `modules/home/`
2. Create file with proper structure
3. Add to `modules/default.nix` imports
### Device Configuration
Devices are defined in `flake.nix` using `mkDevice`. Properties available:
- `device.isLinux`, `device.isDarwin`, `device.isArm`
- `device.isServer`, `device.hasGui`, `device.isDesktopLinux`
- `device.name`, `device.user`, `device.home`
## Error Handling
- Use `mkIf` to conditionally enable configurations
- Handle both Linux and macOS cases when adding cross-platform features
## Testing Changes
1. Build first: `just build` or `nixos-rebuild build --flake .`
2. Check for errors with `--show-trace` flag
## Version Information
- Nix Version: 2.32+
- Flakes: Enabled (required)
- Formatter: alejandra
- State Version: (varies by machine & never change this)

7
builders/mirai.nix
View File

@@ -1,7 +0,0 @@
# {
# hostName = "mirai.darksailor.dev";
# sshUser = "remotebuilder";
# systems = ["x86_64-linux" "aarch64-linux"];
# protocol = "ssh-ng";
# supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
# }

1
darwin/kuro/configuration.nix
View File

@@ -22,6 +22,7 @@
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
# "mirai:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM=" # "mirai:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
]; ];
download-buffer-size = 524288000;
}; };
extraOptions = '' extraOptions = ''
build-users-group = nixbld build-users-group = nixbld

3
darwin/kuro/homebrew.nix
View File

@@ -6,10 +6,7 @@
casks = [ casks = [
"1password" "1password"
"lunar" "lunar"
"orcaslicer"
"raycast" "raycast"
"zed"
"zen"
]; ];
}; };
} }

3
darwin/shiro/homebrew.nix
View File

@@ -2,15 +2,12 @@
homebrew = { homebrew = {
enable = true; enable = true;
brews = [ brews = [
"docker-compose"
]; ];
casks = [ casks = [
"1password" "1password"
"docker"
"raycast" "raycast"
"lunar" "lunar"
"orcaslicer" "orcaslicer"
"zed"
"zen" "zen"
]; ];
}; };

21
darwin/shiro/services/default.nix
View File

@@ -1,15 +1,18 @@
{...}: { {...}: {
imports = [ imports = [
# ../../../modules/darwin/caddy # ../../../modules/darwin/caddy
./yabai.nix
./skhd.nix
./tailscale.nix
./autossh.nix
# ./caddy.nix
./sops.nix
# ./lmstudio.nix
# ./colima.nix
# ./zerotier.nix
# ./aerospace.nix # ./aerospace.nix
# ./caddy.nix
# ./colima.nix
# ./lmstudio.nix
# ./zerotier.nix
./autossh.nix
./skhd.nix
./sops.nix
./sunshine.nix
./tailscale.nix
./yabai.nix
]; ];
} }

10
darwin/shiro/services/sunshine.nix Normal file
View File

@@ -0,0 +1,10 @@
{...}: {
homebrew = {
taps = [
"lizardbyte/homebrew"
];
brews = [
"lizardbyte/homebrew/sunshine-beta"
];
};
}

24
deploy.nix
View File

@@ -5,14 +5,6 @@
... ...
}: { }: {
nodes = { nodes = {
mirai = {
hostname = "mirai.darksailor.dev";
profiles.system = {
sshUser = "fs0c131y";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
user = "root";
};
};
tsuba = { tsuba = {
hostname = "tsuba.darksailor.dev"; hostname = "tsuba.darksailor.dev";
profiles.system = { profiles.system = {
@@ -55,13 +47,13 @@
user = "root"; user = "root";
}; };
}; };
# deck = { deck = {
# hostname = "steamdeck"; hostname = "sdeck";
# profiles.system = { profiles.system = {
# sshUser = "deck"; sshUser = "deck";
# path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck; path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
# user = "deck"; user = "deck";
# }; };
# }; };
}; };
} }

2287
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

126
flake.nix
View File

@@ -17,10 +17,6 @@
url = "github:nix-community/stylix"; url = "github:nix-community/stylix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix-stable = {
url = "github:nix-community/stylix/release-25.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
home-manager-stable = { home-manager-stable = {
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs.follows = "nixpkgs-stable";
@@ -51,26 +47,10 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur.url = "github:nix-community/nur"; nur.url = "github:nix-community/nur";
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprlock = {
url = "github:hyprwm/hyprlock";
inputs.nixpkgs.follows = "nixpkgs";
};
zjstatus = { zjstatus = {
url = "github:dj95/zjstatus"; url = "github:dj95/zjstatus";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
openapi-tui = {
url = "github:zaghaghi/openapi-tui";
flake = false;
};
musnix = { musnix = {
url = "github:musnix/musnix"; url = "github:musnix/musnix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -83,26 +63,10 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
csshacks = {
url = "github:MrOtherGuy/firefox-csshacks";
flake = false;
};
nno = { nno = {
url = "github:nvim-neorg/nixpkgs-neorg-overlay"; url = "github:nvim-neorg/nixpkgs-neorg-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
pets = {
url = "github:giusgad/pets.nvim";
flake = false;
};
rest-nvim = {
url = "github:rest-nvim/rest.nvim";
flake = false;
};
neogit = {
url = "github:NeogitOrg/neogit/nightly";
flake = false;
};
d2 = { d2 = {
url = "github:terrastruct/d2-vim"; url = "github:terrastruct/d2-vim";
flake = false; flake = false;
@@ -127,25 +91,6 @@
url = "github:pest-parser/tree-sitter-pest"; url = "github:pest-parser/tree-sitter-pest";
flake = false; flake = false;
}; };
navigator = {
url = "github:ray-x/navigator.lua";
flake = false;
};
guihua = {
url = "github:ray-x/guihua.lua";
flake = false;
};
ghostty = {
url = "github:ghostty-org/ghostty";
};
typr = {
url = "github:nvzone/typr";
flake = false;
};
volt = {
url = "github:nvzone/volt";
flake = false;
};
arion = { arion = {
url = "github:hercules-ci/arion"; url = "github:hercules-ci/arion";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -155,9 +100,9 @@
}; };
zen-browser = { zen-browser = {
url = "github:0xc000022070/zen-browser-flake"; url = "github:0xc000022070/zen-browser-flake";
# IMPORTANT: we're using "libgbm" and is only available in unstable so ensure # IMPORTANT: To ensure compatibility with the latest Firefox version, use nixpkgs-unstable.
# to have it up-to-date or simply don't specify the nixpkgs input
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
}; };
anyrun = { anyrun = {
@@ -169,18 +114,10 @@
url = "github:uttarayan21/anyrun-hyprwin"; url = "github:uttarayan21/anyrun-hyprwin";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
anyrun-rink = {
url = "github:uttarayan21/anyrun-rink";
inputs.nixpkgs.follows = "nixpkgs";
};
onepassword-shell-plugins = { onepassword-shell-plugins = {
url = "github:1Password/shell-plugins"; url = "github:1Password/shell-plugins";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zeronsd = {
url = "github:uttarayan21/zeronsd";
inputs.nixpkgs.follows = "nixpkgs";
};
tmux-float = { tmux-float = {
url = "github:uttarayan21/tmux-float"; url = "github:uttarayan21/tmux-float";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -199,24 +136,6 @@
# url = "path:/home/servius/Projects/ALVR"; # url = "path:/home/servius/Projects/ALVR";
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
# }; # };
ik_llama = {
url = "github:ikawrakow/ik_llama.cpp?submodules=1";
# submodules = true;
inputs.nixpkgs.follows = "nixpkgs";
};
llama-cpp = {
# url = "https://github.com/ggml-org/llama.cpp";
url = "github:ggml-org/llama.cpp/b6178?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
yabai = {
url = "github:koekeishiya/yabai";
flake = false;
};
nix-auth = {
url = "github:numtide/nix-auth";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-xr = { nixpkgs-xr = {
url = "github:nix-community/nixpkgs-xr"; url = "github:nix-community/nixpkgs-xr";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -241,16 +160,33 @@
url = "github:vicinaehq/vicinae"; url = "github:vicinaehq/vicinae";
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; };
wivrn = {
url = "github:uttarayan21/wivrn?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
eilmeldung = { eilmeldung = {
url = "github:christo-auer/eilmeldung"; url = "github:christo-auer/eilmeldung";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hytale-launcher = { servius-website = {
url = "github:JPyke3/hytale-launcher-nix"; url = "git+https://git.darksailor.dev/servius/servius.neocities.org";
inputs.nixpkgs.follows = "nixpkgs";
};
nixify = {
url = "github:uttarayan21/nixify";
inputs.nixpkgs.follows = "nixpkgs";
};
tangled-core = {
url = "git+https://tangled.org/tangled.org/core";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
iamb = {
url = "github:ulyssa/iamb/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
cinny = {
url = "github:cinnyapp/cinny/dev";
flake = false;
}; };
}; };
@@ -429,16 +365,20 @@
}; };
config.allowUnfree = true; config.allowUnfree = true;
}; };
cratesNix = inputs.crates-nix.mkLib {inherit pkgs;};
in { in {
# packages = rec {
# default = neovim;
# neovim = pkgs.nixvim.makeNixvim (pkgs.callPackage ./neovim);
# };
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
packages = with pkgs; [sops just openssl ast-grep]; packages = with pkgs; [sops just openssl ast-grep];
}; };
}; };
packages = {
default = cratesNix.buildCrate "ironclaw" {
nativeBuildInputs = [pkgs.pkg-config];
buildInputs = [pkgs.openssl];
doCheck = false;
};
};
} }
); );
} }

84
home/accounts/fastmail.nix
View File

@@ -5,43 +5,65 @@
}: { }: {
sops = { sops = {
secrets."accounts/mail/fastmail" = {}; secrets."accounts/mail/fastmail" = {};
secrets."accounts/calendar/fastmail" = {};
}; };
accounts.email = { accounts = {
maildirBasePath = "Mail"; email = {
accounts = { maildirBasePath = "Mail";
fastmail = rec { accounts = {
maildir = { fastmail = rec {
path = "fastmail"; maildir = {
path = "fastmail";
};
primary = true;
address = "email@uttarayan.me";
aliases = ["servius@darksailor.dev"];
userName = address;
realName = "Uttarayan Mondal";
imap = {
host = "imap.fastmail.com";
port = 993;
tls.enable = true;
# authentication = "login";
};
smtp = {
host = "smtp.fastmail.com";
port = 465;
tls.enable = true;
};
passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"];
mbsync = {
enable = true;
create = "both";
};
}; };
primary = true; };
address = "email@uttarayan.me"; };
aliases = ["servius@darksailor.dev"]; calendar = {
userName = address; basePath = "Calendar";
realName = "Uttarayan Mondal"; accounts = {
imap = { fastmail = {
host = "imap.fastmail.com"; remote = {
port = 993; url = "https://caldav.fastmail.com/dav/calendars/user/email@uttarayan.me";
tls.enable = true; userName = "email@uttarayan.me";
# authentication = "login"; passwordCommand = ["cat" "${config.sops.secrets."accounts/calendar/fastmail".path}"];
}; type = "caldav";
smtp = { };
host = "smtp.fastmail.com"; khal = {
port = 465; enable = true;
tls.enable = true; addresses = ["email@uttarayan.me"];
}; type = "discover";
imapnotify = { };
enable = true; vdirsyncer = {
}; enable = true;
passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"]; conflictResolution = "remote wins";
mbsync = { collections = ["from a"];
enable = true; metadata = ["color" "displayname"];
create = "both"; };
}; };
}; };
}; };
}; };
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# accounts.email.accounts.<name>.mbsync.create # accounts.email.accounts.<name>.mbsync.create
# services.mbsync.enable = true; # services.mbsync.enable = true;
} }

9
home/apps/affine.nix Normal file
View File

@@ -0,0 +1,9 @@
{
pkgs,
lib,
...
}: {
home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.affine
];
}

1
home/apps/cinny.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.cinny-desktop];}

43
home/apps/default.nix
View File

@@ -6,41 +6,48 @@
lib.optionalAttrs device.hasGui { lib.optionalAttrs device.hasGui {
imports = [ imports = [
# ./audacity.nix # ./audacity.nix
# ./blueman.nix
# ./bottles.nix # ./bottles.nix
./chromium.nix # ./cinny.nix
# ./cursor.nix # ./cursor.nix
./discord.nix
./firefox.nix
./ghostty.nix
# ./gimp.nix # ./gimp.nix
# ./guitarix.nix # ./guitarix.nix
./hyprpicker.nix
# ./ida.nix # ./ida.nix
# ./jellyflix.nix # ./jellyflix.nix
# ./kicad.nix # ./kicad.nix
./kitty.nix # ./lmstudio.nix
./lmstudio.nix
./mpv.nix
# ./neovide.nix # ./neovide.nix
./nextcloud.nix
./obs-studio.nix
# ./openscad.nix # ./openscad.nix
./orcaslicer.nix # ./orcaslicer.nix
# ./pcsx2.nix # ./pcsx2.nix
./prismlauncher.nix # ./prismlauncher.nix
# ./rpcs3.nix # ./rpcs3.nix
./shadps4.nix # ./shadps4.nix
./slack.nix
# ./thunderbird.nix # ./thunderbird.nix
# ./tsukimi.nix # ./tsukimi.nix
# ./vial.nix # ./vial.nix
./vicinae.nix # ./vlc.nix
./vlc.nix
# ./vscode.nix # ./vscode.nix
# ./zen.nix
./moonlight.nix
# ./zed.nix
./affine.nix
./blueman.nix
./chromium.nix
# ./discord.nix
./firefox.nix
./ghostty.nix
./hyprpicker.nix
./kitty.nix
./matrix.nix
./mpv.nix
./nextcloud.nix
./obs-studio.nix
./slack.nix
./vicinae.nix
./wezterm.nix ./wezterm.nix
./zathura.nix ./zathura.nix
./zed.nix
./zen.nix ./zen.nix
]; ];
} }

18
home/apps/discord.nix
View File

@@ -3,13 +3,13 @@
lib, lib,
... ...
}: { }: {
home.packages = lib.optionals pkgs.stdenv.isLinux [ # home.packages = lib.optionals pkgs.stdenv.isLinux [
(pkgs.discord.override { # (pkgs.discord.override {
withOpenASAR = true; # withOpenASAR = true;
withVencord = true; # withVencord = true;
}) # })
# pkgs.vesktop # # pkgs.vesktop
# pkgs.discord-canary # # pkgs.discord-canary
# pkgs.discord-ptb # # pkgs.discord-ptb
]; # ];
} }

3
home/apps/kitty.nix
View File

@@ -8,11 +8,8 @@
stylix.targets.kitty.enable = false; stylix.targets.kitty.enable = false;
programs.kitty = { programs.kitty = {
enable = true; enable = true;
# enable = false;
font = { font = {
# name = "FiraCode Nerd Font Mono";
name = "Hasklug Nerd Font Mono"; name = "Hasklug Nerd Font Mono";
# name = "Monaspace Krypton Var Light";
size = lib.mkForce 13; size = lib.mkForce 13;
}; };
settings = { settings = {

12
home/apps/matrix.nix Normal file
View File

@@ -0,0 +1,12 @@
{
pkgs,
lib,
device,
...
}: {
home.packages = lib.optionals (device.is "ryu") [
pkgs.fluffychat
pkgs.element-desktop
# pkgs.quaternion
];
}

8
home/apps/moonlight.nix Normal file
View File

@@ -0,0 +1,8 @@
{
lib,
pkgs,
device,
...
}: {
home.packages = lib.optionals (device.name == "ryu") [pkgs.moonlight-qt];
}

28
home/apps/mpv.nix
View File

@@ -8,20 +8,20 @@
loop-playlist = "inf"; loop-playlist = "inf";
}; };
profiles = { profiles = {
hdr = { # hdr = {
vo = "gpu-next"; # vo = "gpu-next";
gpu-api = "vulkan"; # gpu-api = "vulkan";
hdr-compute-peak = "yes"; # hdr-compute-peak = "yes";
hdr-peak-detect = "yes"; # hdr-peak-detect = "yes";
target-peak = 400; # target-peak = 400;
target-prim = "bt.2020"; # target-prim = "bt.2020";
target-trc = "pq"; # target-trc = "pq";
inverse-tone-mapping = "yes"; # inverse-tone-mapping = "yes";
tone-mapping = "spline"; # tone-mapping = "spline";
tone-mapping-mode = "auto"; # tone-mapping-mode = "auto";
target-colorspace-hint = "auto"; # target-colorspace-hint = "auto";
gamut-mapping = "desaturate"; # gamut-mapping = "desaturate";
}; # };
}; };
}; };
} }

8
home/apps/vicinae.nix
View File

@@ -12,7 +12,9 @@
autoStart = true; autoStart = true;
}; };
}; };
home.packages = with pkgs; [ home.packages = with pkgs;
pulseaudio lib.optionals (device.is "ryu") [
]; # pulseaudio
playerctl
];
} }

141
home/apps/zen.nix
View File

@@ -2,26 +2,151 @@
pkgs, pkgs,
inputs, inputs,
device, device,
config,
... ...
}: { }: {
imports = [ imports = [
inputs.zen-browser.homeModules.beta inputs.zen-browser.homeModules.beta
]; ];
programs.zen-browser.darwinDefaultsId = "org.mozilla.firefox.plist";
programs.zen-browser = { programs.zen-browser = {
enable = device.isLinux; enable = true;
profiles.default = { profiles.default = rec {
containersForce = true;
containers = {
Personal = {
color = "purple";
icon = "fingerprint";
id = 1;
};
Work = {
color = "blue";
icon = "briefcase";
id = 2;
};
Shopping = {
color = "yellow";
icon = "dollar";
id = 3;
};
};
spacesForce = true;
spaces = let
containers = config.programs.zen-browser.profiles."default".containers;
in {
"Personal" = {
id = "0b4dab19-9b39-4f2c-8ad1-0268d9fa2e49";
icon = "👤";
container = containers."Personal".id;
position = 1000;
};
"Work" = {
id = "8f687163-6b15-4c3c-885f-8ffe465b386f";
icon = "💼";
container = containers."Work".id;
position = 2000;
};
"Shopping" = {
id = "74f46a1b-cdd7-408c-98d7-382a2b11bd51";
icon = "💸";
container = containers."Shopping".id;
position = 3000;
};
};
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
privacy-badger
violentmonkey
tridactyl
clearurls clearurls
onepassword-password-manager floccus
ublock-origin
i-dont-care-about-cookies i-dont-care-about-cookies
keepa keepa
onepassword-password-manager
privacy-badger
sponsorblock sponsorblock
floccus tridactyl
ublock-origin
violentmonkey
]; ];
search = {
force = true;
default = "ddg";
engines = {
mynixos = {
name = "My NixOS";
urls = [
{
template = "https://mynixos.com/search?q={searchTerms}";
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@nx"]; # Keep in mind that aliases defined here only work if they start with "@"
};
hm = {
name = "Home Manager Options";
urls = [
{
template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=master";
}
];
definedAliases = ["@hm"];
};
nv = {
name = "NixVim";
urls = [
{
template = "https://nix-community.github.io/nixvim/search";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
}
];
definedAliases = ["@nv"];
};
lib = {
name = "Lib.rs";
urls = [
{
template = "https://lib.rs/search";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
definedAliases = ["@lib"];
};
searchix = {
name = "Searchix";
urls = [
{
template = "https://searchix.ovh/?query={searchTerms}";
}
];
definedAliases = ["sx"];
};
};
};
pins = {
dashboard = {
id = "d163f090-67b7-47d2-8f76-7d638b9f742b";
workspace = spaces.Personal.id;
url = "https://dashboard.darksailor.dev";
isEssential = true;
position = 101;
};
github = {
id = "db2f3e36-9279-4b8d-8b5d-52a90f34ea0d";
workspace = spaces.Personal.id;
url = "https://github.com";
isEssential = true;
position = 102;
};
};
pinsForce = true;
}; };
nativeMessagingHosts = [pkgs.tridactyl-native]; nativeMessagingHosts = [pkgs.tridactyl-native];
policies = { policies = {

1
home/default.nix
View File

@@ -27,6 +27,7 @@
home-manager = { home-manager = {
enable = true; enable = true;
}; };
man.generateCaches = true;
}; };
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

10
home/programs/aichat.nix
View File

@@ -33,6 +33,16 @@
name = "gpt-oss:20b"; name = "gpt-oss:20b";
type = "chat"; type = "chat";
} }
# {
# name = "gpt-oss:20b-instruct";
# type = "chat";
# real_name = "gpt-oss:20b";
# patch = {
# body = {
# think = "low";
# };
# };
# }
{ {
name = "qwen3:30b-a3b"; name = "qwen3:30b-a3b";
type = "chat"; type = "chat";

35
home/programs/attic.nix Normal file
View File

@@ -0,0 +1,35 @@
{
pkgs,
lib,
config,
...
}: let
attic-unwrapped = pkgs.attic-client.overrideAttrs (oldAttrs: {
patches =
(oldAttrs.patches or [])
++ [
# PR #309: Add environment variable support for login
# https://github.com/zhaofengli/attic/pull/309
(pkgs.fetchpatch {
url = "https://github.com/zhaofengli/attic/pull/309.patch";
hash = "sha256-mDoxA+e2bBZDvERp03SyYvkEdtH/bfWtZqKZv0uCS0M=";
})
];
});
in {
sops.secrets."attic/token" = {};
home.packages = [
(pkgs.stdenv.mkDerivation {
pname = "attic-client";
version = "0.1.0";
src = attic-unwrapped;
buildInputs = [];
nativeBuildInputs = [pkgs.makeWrapper];
installPhase = ''
install -Dm755 $src/bin/attic $out/bin/attic
wrapProgram $out/bin/attic \
--run "export ATTIC_LOGIN_TOKEN=\`cat -v ${config.sops.secrets."attic/token".path}\`"
'';
})
];
}

9
home/programs/blobdrop.nix
View File

@@ -1 +1,8 @@
{pkgs, ...}: {home.packages = [pkgs.blobdrop];} {
pkgs,
device,
lib,
...
}: {
home.packages = lib.optionals (device.name == "ryu") [pkgs.blobdrop];
}

17
home/programs/calendar.nix Normal file
View File

@@ -0,0 +1,17 @@
{pkgs, ...}: {
programs.khal = {
enable = true;
settings = {
default = {
# default_calendar = "fastmail";
};
view = {
agenda_event_format = "{calendar-color}{cancelled}{start-end-time-style} {title}{repeat-symbol}{reset}";
};
};
};
programs.qcal.enable = true;
programs.vdirsyncer.enable = true;
services.vdirsyncer.enable = true;
accounts.calendar.accounts.fastmail.qcal.enable = true;
}

9
home/programs/carapace.nix
View File

@@ -1,13 +1,8 @@
{ {...}: {
pkgs,
lib,
device,
...
}: {
programs. programs.
carapace = { carapace = {
enable = false; enable = false;
enableFishIntegration = true; enableFishIntegration = false;
enableNushellIntegration = true; enableNushellIntegration = true;
}; };
} }

43
home/programs/cargo.nix
View File

@@ -3,25 +3,30 @@
device, device,
cratesNix, cratesNix,
... ...
}: }: let
lib.mkIf (!device.isServer) { cargo-credential-1password = cratesNix.buildCrate "cargo-credential-1password" {
home.file.".cargo/config.toml".text = meta.mainProgram = "cargo-credential-1password";
# toml };
'' in
[alias] lib.mkIf (!device.isServer) {
lldb = ["with", "rust-lldb", "--"] home.file.".cargo/config.toml".text =
t = ["nextest", "run"] # toml
''
[alias]
lldb = ["with", "rust-lldb", "--"]
t = ["nextest", "run"]
pkgs = ["metadata", "--no-deps", "--format-version", "1"]
[net] [net]
git-fetch-with-cli = true git-fetch-with-cli = true
[registries.kellnr] [registries.kellnr]
index = "sparse+https://crates.darksailor.dev/api/v1/crates/" index = "sparse+https://crates.darksailor.dev/api/v1/crates/"
[registry] [registry]
global-credential-providers = ["cargo:token", "/etc/profiles/per-user/fs0c131y/bin/cargo-credential-1password --account my.1password.com"] global-credential-providers = ["cargo:token", "${lib.getExe cargo-credential-1password} --account my.1password.com"]
''; '';
home.packages = [ home.packages = [
(cratesNix.buildCrate "cargo-credential-1password" {}) cargo-credential-1password
]; ];
} }

27
home/programs/cfcli.nix Normal file
View File

@@ -0,0 +1,27 @@
{
pkgs,
lib,
config,
...
}: {
sops.secrets."cloudflare/darksailor_dev_api_key" = {};
home.packages = [
# (pkgs.stdenv.mkDerivation {
# pname = "cfcli";
# version = "0.1.0";
# buildInputs = [pkgs.cloudflare-cli];
# nativeBuildInputs = [pkgs.makeWrapper];
# installPhase = ''
# $out/bin/cfcli \
# --run "export CF_API_KEY=\`cat -v ${config.sops.secrets."cloudflare/darksailor_dev_api_key".path}\`"
# '';
# })
(pkgs.writeShellScriptBin
"cfcli"
''
#!/bin/sh
export CF_API_KEY="$(cat -v ${config.sops.secrets."cloudflare/darksailor_dev_api_key".path})"
exec ${pkgs.cloudflare-cli}/bin/cfcli "$@"
'')
];
}

1
home/programs/codex.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.codex];}

56
home/programs/default.nix
View File

@@ -4,22 +4,50 @@
... ...
}: { }: {
imports = [ imports = [
# ./bluetui.nix
# ./goread.nix
# ./helix.nix
# ./iamb.nix
# ./magika.nix
# ./mpd.nix
# ./mpris-scrobbler.nix
# ./ncmpcpp.nix
# ./newsboat.nix
# ./nh.nix
# ./ryujinx.nix
# ./sxiv.nix
# ./tea.nix
# ./template.nix
# ./tuifeed.nix
# ./xh.nix
# ./yt-dlp.nix
# ./zellij.nix
../../modules ../../modules
./1password-cli.nix ./1password-cli.nix
./aichat.nix ./aichat.nix
./alejandra.nix ./alejandra.nix
./aria2.nix ./aria2.nix
./ast-grep.nix ./ast-grep.nix
./attic.nix
./atuin.nix ./atuin.nix
./bat.nix ./bat.nix
./binwalk.nix
./blobdrop.nix
./bottom.nix ./bottom.nix
./btop.nix ./btop.nix
./cachix.nix ./cachix.nix
./calendar.nix
./carapace.nix ./carapace.nix
./cargo.nix
./cfcli.nix
./codex.nix
./ddcbacklight.nix ./ddcbacklight.nix
./deploy-rs.nix ./deploy-rs.nix
./direnv.nix ./direnv.nix
./dust.nix ./dust.nix
./dysk.nix
./eilmeldung.nix ./eilmeldung.nix
./eza.nix ./eza.nix
./fastfetch.nix ./fastfetch.nix
@@ -33,15 +61,19 @@
./himalaya.nix ./himalaya.nix
./hyprshade.nix ./hyprshade.nix
./jq.nix ./jq.nix
./jujutsu.nix
./just.nix ./just.nix
./ncpamixer.nix ./ncpamixer.nix
./neomutt.nix ./neomutt.nix
./neovim.nix ./neovim.nix
./nix-index.nix ./nix-index.nix
./nixify.nix
./nushell.nix ./nushell.nix
./omnix.nix
./opencode.nix ./opencode.nix
./p7zip.nix ./p7zip.nix
./pkg-config.nix ./pkg-config.nix
./retroarch.nix
./ripgrep.nix ./ripgrep.nix
./rustup.nix ./rustup.nix
./sd.nix ./sd.nix
@@ -52,29 +84,7 @@
./tmux.nix ./tmux.nix
./uv.nix ./uv.nix
./yazi.nix ./yazi.nix
./yt-dlp.nix ./yq.nix
./zoxide.nix ./zoxide.nix
# ./bluetui.nix
# ./goread.nix
# ./helix.nix
# ./magika.nix
# ./mpd.nix
# ./mpris-scrobbler.nix
# ./ncmpcpp.nix
# ./newsboat.nix
# ./nh.nix
# ./omnix.nix
# ./retroarch.nix
# ./ryujinx.nix
# ./sxiv.nix
# ./tea.nix
# ./template.nix
# ./tuifeed.nix
# ./xh.nix
# ./zellij.nix
./dysk.nix
./binwalk.nix
./cargo.nix
./blobdrop.nix
]; ];
} }

9
home/programs/deploy-rs.nix
View File

@@ -1 +1,8 @@
{pkgs, ...}: {home.packages = [pkgs.deploy-rs.deploy-rs];} {
pkgs,
lib,
device,
...
}: {
home.packages = lib.optionals (device.is "ryu") [pkgs.deploy-rs.deploy-rs];
}

13
home/programs/fish.nix
View File

@@ -23,6 +23,7 @@
j = "just --choose"; j = "just --choose";
# t = "zellij a -c --index 0"; # t = "zellij a -c --index 0";
t = "tmux"; t = "tmux";
neorg = "nvim -c ':Neorg index'";
}; };
shellAliases = { shellAliases = {
g = "git"; g = "git";
@@ -33,7 +34,7 @@
''; '';
# ${pkgs.spotify-player}/bin/spotify_player generate fish | source # ${pkgs.spotify-player}/bin/spotify_player generate fish | source
interactiveShellInit = '' interactiveShellInit = ''
if test -n "$TMUX"; ${lib.getExe pkgs.fastfetch} --logo-type sixel; else ${lib.getExe pkgs.fastfetch}; end if test -n "$TMUX"; ${lib.getExe pkgs.fastfetch} --logo-type kitty-icat; else ${lib.getExe pkgs.fastfetch}; end
# ${pkgs.nb}/bin/nb todo undone # ${pkgs.nb}/bin/nb todo undone
${lib.optionalString (device.isLinux && !device.isNix) "source /etc/profile.d/nix-daemon.fish"} ${lib.optionalString (device.isLinux && !device.isNix) "source /etc/profile.d/nix-daemon.fish"}
${lib.optionalString (device.is "ryu") '' ${lib.optionalString (device.is "ryu") ''
@@ -43,6 +44,16 @@
''} ''}
''; '';
}; };
home.shell.enableFishIntegration = true;
# programs.bash = {
# enable = true;
# initExtra = ''
# if [[ $- == *i* && -z "$FISH_VERSION" ]]; then
# ${lib.getExe pkgs.fish}
# fi
# '';
# };
} }
// lib.optionalAttrs (!(device.is "tsuba")) { // lib.optionalAttrs (!(device.is "tsuba")) {
stylix.targets.fish.enable = false; stylix.targets.fish.enable = false;

2
home/programs/fzf.nix
View File

@@ -1 +1 @@
{pkgs, ...}: { home.packages = [pkgs.fzf];} {pkgs, ...}: {home.packages = [pkgs.fzf];}

3
home/programs/iamb.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
home.packages = [pkgs.iamb];
}

1
home/programs/jujutsu.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.jujutsu];}

44
home/programs/neomutt.nix
View File

@@ -1,4 +1,9 @@
{pkgs, ...}: { {pkgs, ...}: let
theme = builtins.fetchurl {
url = "https://raw.githubusercontent.com/catppuccin/neomutt/refs/heads/main/neomuttrc";
sha256 = "sha256:1q086p5maqwxa4gh6z8g7h3nfavdmkbql025ibdhglpz46hsq0hs";
};
in {
programs.neomutt = { programs.neomutt = {
enable = true; enable = true;
vimKeys = true; vimKeys = true;
@@ -6,6 +11,9 @@
sidebar = { sidebar = {
enable = true; enable = true;
}; };
extraConfig = ''
source ${theme}
'';
}; };
programs.notmuch = { programs.notmuch = {
enable = true; enable = true;
@@ -17,4 +25,38 @@
enable = true; enable = true;
neomutt.enable = true; neomutt.enable = true;
}; };
services.imapnotify = {
enable = true;
path = [pkgs.coreutils pkgs.isync pkgs.libnotify];
};
accounts.email.accounts.fastmail.imapnotify = {
enable = true;
boxes = ["Inbox"];
onNotify = "${pkgs.writeShellScript "mbsync-notify" ''
${pkgs.isync}/bin/mbsync $1
${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1"
''} %s";
};
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# launchd.agents.mbsync = {
# enable = true;
# config = {
# # A label for the service
# Label = "dev.darksailor.atuin-daemon";
# # The command to run
# ProgramArguments = [
# "${pkgs.atuin}/bin/atuin"
# "daemon"
# ];
# # Run the service when you log in
# RunAtLoad = true;
# # Keep the process alive, or restart if it dies
# KeepAlive = true;
# # Log files
# StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
# StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
# };
# };
} }

9
home/programs/nixify.nix Normal file
View File

@@ -0,0 +1,9 @@
{
pkgs,
inputs,
...
}: {
home.packages = [
inputs.nixify.packages.${pkgs.system}.default
];
}

1
home/programs/nushell.nix
View File

@@ -26,4 +26,5 @@
} }
''; '';
}; };
home.shell.enableNushellIntegration = true;
} }

17
home/programs/opencode.nix
View File

@@ -3,8 +3,23 @@
lib, lib,
... ...
}: }:
lib.optionalAttrs (device.is "ryu") { lib.optionalAttrs (device.is "ryu" || device.is "kuro") {
programs.opencode = { programs.opencode = {
enable = true; enable = true;
settings.provider = {
ollama = {
models = {
"glm-4.7-flash" = {
# "_launch" = true;
name = "glm-4.7-flash";
};
};
name = "Ollama (local)";
npm = "@ai-sdk/openai-compatible";
options = {
baseURL = "https://ollama.darksailor.dev/v1";
};
};
};
}; };
} }

5
home/programs/ssh.nix
View File

@@ -16,11 +16,6 @@
user = "git"; user = "git";
host = "github.com"; host = "github.com";
}; };
# mirai = {
# user = "fs0c131y";
# hostname = "mirai.darksailor.dev";
# forwardAgent = true;
# };
tako = { tako = {
user = "servius"; user = "servius";
hostname = "tako.darksailor.dev"; hostname = "tako.darksailor.dev";

1
home/programs/yazi.nix
View File

@@ -17,5 +17,6 @@
cache_dir = config.home.homeDirectory + "/.cache/yazi/previews"; cache_dir = config.home.homeDirectory + "/.cache/yazi/previews";
}; };
}; };
shellWrapperName = "yy";
}; };
} }

1
home/programs/yq.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.yq];}

6
home/scripts.nix
View File

@@ -36,11 +36,11 @@ in {
pkgs.writeShellApplication { pkgs.writeShellApplication {
name = "git-install-prepare-commit-msg"; name = "git-install-prepare-commit-msg";
text = '' text = ''
cp ${../scripts/prepare-commit-msg} .git/hooks/prepare-commit-msg ln -sf ${../scripts/prepare-commit-msg} .git/hooks/prepare-commit-msg
''; '';
} }
) )
(mkScript ../scripts/yt-dlp.sh (with pkgs; [yt-dlp])) # (mkScript ../scripts/yt-dlp.sh (with pkgs; [yt-dlp]))
(mkScript ../scripts/autossh.sh (with pkgs; [autossh openssh])) # (mkScript ../scripts/autossh.sh (with pkgs; [autossh openssh]))
]; ];
} }

22
home/services/default.nix
View File

@@ -1,18 +1,20 @@
{...}: { {...}: {
imports = [ imports = [
./gtk.nix
./gui.nix
./hyprland.nix
./hyprmon.nix
./hyprpaper.nix
./ironbar
./kdeconnect.nix
./remmina.nix
# ./ollama.nix
./swaync.nix ./swaync.nix
./swayosd.nix ./swayosd.nix
./kdeconnect.nix
./gtk.nix
# ./anyrun.nix
./ironbar
./gui.nix
# ./eww.nix
./xdg.nix ./xdg.nix
./hyprmon.nix ./ironclaw.nix
./hyprland.nix # ./anyrun.nix
./hyprpaper.nix # ./eww.nix
./remmina.nix
# ./wallpaperengine.nix # ./wallpaperengine.nix
]; ];
} }

24
home/services/hyprland.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
device, device,
lib, lib,
inputs,
... ...
}: }:
# lib.optionalAttrs device.isNix # lib.optionalAttrs device.isNix
@@ -31,6 +32,8 @@
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = device.is "ryu"; enable = device.is "ryu";
systemd.enable = true; systemd.enable = true;
package = pkgs.hyprland;
portalPackage = pkgs.xdph;
settings = { settings = {
# source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf"; # source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf";
@@ -61,9 +64,9 @@
{ {
output = device.monitors.secondary; output = device.monitors.secondary;
mode = "2560x1440@170"; mode = "2560x1440@170";
position = "-1440x-1120"; position = "-2560x0";
scale = 1; scale = 1;
transform = 1; transform = 0;
} }
{ {
output = device.monitors.tertiary; output = device.monitors.tertiary;
@@ -156,24 +159,23 @@
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$ # windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more # See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
windowrulev2 = [ windowrule = [
# "float, title:^(Steam)$" # "match:title ^(Steam)$ float"
"float, title:^(Archetype.*)$" "match:title ^(Archetype.*)$ float"
"float, class:(.*nextcloud.*)" "match:class (.*nextcloud.*) float"
"float, class:org.kde.kdeconnect.app" "match:class org.kde.kdeconnect.app float"
]; ];
# "misc:vfr" = true;
env = [ env = [
"XCURSOR_SIZE,24" "XCURSOR_SIZE,24"
"XDG_SESSION_TYPE,wayland" "XDG_SESSION_TYPE,wayland"
"MOZ_ENABLE_WAYLAND,1" "MOZ_ENABLE_WAYLAND,1"
"QT_QPA_PLATFORM,wayland" "QT_QPA_PLATFORM,wayland"
]; ];
exec-once = [ exec-once = [
# "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1" # "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1"
"${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1" "${pkgs.mate-polkit}/libexec/polkit-mate-authentication-agent-1"
# "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1" # "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"
# "${pkgs.swww}/bin/swww init; swww img ~/.local/share/dotfiles/images/wallpaper.jpg" # "${pkgs.swww}/bin/swww init; swww img ~/.local/share/dotfiles/images/wallpaper.jpg"
# "${pkgs.ironbar}/bin/ironbar" # "${pkgs.ironbar}/bin/ironbar"
@@ -204,7 +206,7 @@
"$mainMod, d, exec, ${lib.getExe pkgs.vicinae} toggle" "$mainMod, d, exec, ${lib.getExe pkgs.vicinae} toggle"
"$mainMod, Space, exec, ${lib.getExe pkgs.vicinae} toggle" "$mainMod, Space, exec, ${lib.getExe pkgs.vicinae} toggle"
"$mainMod, p, pseudo, # dwindle" "$mainMod, p, pseudo, # dwindle"
"$mainMod, v, togglesplit," "$mainMod, v, layoutmsg, togglesplit"
"$mainMod, a, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t" "$mainMod, a, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
"$mainMod, Tab, cyclenext" "$mainMod, Tab, cyclenext"
# Audio # Audio

14
home/services/hyprpaper.nix
View File

@@ -7,25 +7,29 @@
services.hyprpaper = let services.hyprpaper = let
wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;}; wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;};
nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name; nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
silksongFleas = nextcloudWallpapers "silksong-fleas.jpg"; # silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
# The artist https://www.bilibili.com/video/BV1s44y1S7MM/
bocchiVertical = nextcloudWallpapers "bocchi-guitar.jpg";
frieren = nextcloudWallpapers "frieren.png";
in { in {
enable = device.is "ryu"; enable = device.is "ryu";
settings = { settings = {
splash = false;
wallpaper = [ wallpaper = [
{ {
monitor = device.monitors.primary; monitor = device.monitors.primary;
path = silksongShadeLord; path = wallpapers.moon;
fit_mode = "cover"; fit_mode = "cover";
} }
{ {
monitor = device.monitors.secondary; monitor = device.monitors.secondary;
path = wallpapers.frieren_3; path = frieren;
fit_mode = "cover"; fit_mode = "cover";
} }
{ {
monitor = device.monitors.tertiary; monitor = device.monitors.tertiary;
path = silksongFleas; path = bocchiVertical;
fit_mode = "cover"; fit_mode = "cover";
} }
]; ];

94
home/services/ironbar/default.nix
View File

@@ -13,13 +13,14 @@
"${device.monitors.secondary}" = { "${device.monitors.secondary}" = {
position = "bottom"; position = "bottom";
start = [ start = [
{ {type = "tray";}
type = "launcher"; # {
favourites = ["firefox" "discord"]; # type = "launcher";
show_names = false; # favourites = ["firefox" "discord"];
show_icons = true; # show_names = false;
} # show_icons = true;
{type = "focused";} # }
# {type = "focused";}
]; ];
end = [ end = [
{ {
@@ -35,46 +36,45 @@
{type = "clock";} {type = "clock";}
]; ];
}; };
"${device.monitors.primary}" = { # "${device.monitors.primary}" = {
position = "bottom"; # position = "bottom";
icon_theme = "Papirus-Dark"; # icon_theme = "Papirus-Dark";
end = [ # end = [
{ # {
type = "sys_info"; # type = "sys_info";
format = [ # format = [
" CPU {cpu_percent}% | {temp_c:coretemp-Package-id-0}°C" # " CPU {cpu_percent}% | {temp_c:coretemp-Package-id-0}°C"
" RAM {memory_used}GB/{memory_total}GB" # " RAM {memory_used}GB/{memory_total}GB"
]; # ];
interval = { # interval = {
cpu = 1; # cpu = 1;
temps = 5; # temps = 5;
memory = 30; # memory = 30;
# disks= 300; # # disks= 300;
# networks= 3; # # networks= 3;
}; # };
} # }
{type = "tray";} # ];
]; # start = [
start = [ # {
{ # type = "workspaces";
type = "workspaces"; # name_map = {
name_map = { # "1" = "icon:kitty";
"1" = "icon:foot"; # "2" = "icon:code";
"2" = "icon:code"; # "3" = "icon:firefox";
"3" = "icon:firefox"; # "4" = "icon:slack";
"4" = "icon:slack"; # # "5" = "icon:steam";
"5" = "icon:steam"; # # "6" = "icon:foot";
"6" = "icon:foot"; # # "7" = "icon:foot";
"7" = "icon:foot"; # # "8" = "icon:firefox";
"8" = "icon:firefox"; # # "9" = "icon:discord";
"9" = "icon:discord"; # # "10" = "icon:spotify";
"10" = "icon:spotify"; # };
}; # favorites = ["1" "2" "3" "4"];
favorites = ["1" "2" "3" "4" "5" "6" "7" "8" "9" "10"]; # all_monitors = false;
all_monitors = true; # }
} # ];
]; # };
};
"${device.monitors.tertiary}" = { "${device.monitors.tertiary}" = {
position = "bottom"; position = "bottom";
icon_theme = "Papirus-Dark"; icon_theme = "Papirus-Dark";

12
home/services/ironclaw.nix Normal file
View File

@@ -0,0 +1,12 @@
{
pkgs,
lib,
device,
...
}: {
home.packages =
lib.optionals (device.is "ryu")
[
pkgs.ironclaw
];
}

7
home/services/ollama.nix Normal file
View File

@@ -0,0 +1,7 @@
{
pkgs,
device,
...
}: {
services.ollama.enable = device.is "shiro";
}

63
home/services/remmina.nix
View File

@@ -1,7 +1,68 @@
{device, ...}: { {
device,
pkgs,
lib,
config,
...
}:
with lib; let
remminaDir = "${config.home.homeDirectory}/.local/share/remmina";
applicationsDir = "${config.home.homeDirectory}/.local/share/applications";
# Script to generate desktop entries for Remmina connections
generateRemminaDesktopEntries = pkgs.writeShellScript "generate-remmina-desktop-entries" ''
REMMINA_DIR="${remminaDir}"
APPS_DIR="${applicationsDir}"
# Create applications directory if it doesn't exist
mkdir -p "$APPS_DIR"
# Remove old remmina desktop entries
rm -f "$APPS_DIR"/remmina-*.desktop
# Exit if remmina directory doesn't exist
[[ ! -d "$REMMINA_DIR" ]] && exit 0
# Generate desktop entries for each .remmina file
find "$REMMINA_DIR" -name "*.remmina" -type f | while read -r file; do
# Extract connection details
name=$(${pkgs.gnugrep}/bin/grep "^name=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
server=$(${pkgs.gnugrep}/bin/grep "^server=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
protocol=$(${pkgs.gnugrep}/bin/grep "^protocol=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
# Use filename as fallback if name is empty
[[ -z "$name" ]] && name=$(${pkgs.coreutils}/bin/basename "$file" .remmina)
[[ -z "$protocol" ]] && protocol="Unknown"
# Generate desktop entry filename
desktop_name=$(${pkgs.coreutils}/bin/basename "$file" .remmina | ${pkgs.gnused}/bin/sed 's/[^a-zA-Z0-9_-]/-/g')
desktop_file="$APPS_DIR/remmina-$desktop_name.desktop"
# Create desktop entry
cat > "$desktop_file" <<EOF
[Desktop Entry]
Type=Application
Name=Remmina - $name
GenericName=$protocol Connection to $server
Comment=Connect to $server via $protocol
Exec=${pkgs.remmina}/bin/remmina -c "$file"
Icon=org.remmina.Remmina
Terminal=false
Categories=Network;RemoteAccess;
EOF
done
'';
in {
services.remmina = { services.remmina = {
enable = device.is "ryu"; enable = device.is "ryu";
systemdService.enable = true; systemdService.enable = true;
addRdpMimeTypeAssoc = true; addRdpMimeTypeAssoc = true;
}; };
# Activation script to generate desktop entries
home.activation.generateRemminaDesktopEntries = mkIf (device.is "ryu") (
lib.hm.dag.entryAfter ["writeBoundary"] ''
run ${generateRemminaDesktopEntries}
''
);
} }

48
home/services/wallpaperengine.nix
View File

@@ -5,28 +5,28 @@
... ...
}: }:
lib.mkIf (device.is "ryu") { lib.mkIf (device.is "ryu") {
# systemd.user.services.wallpaperengine = { systemd.user.services.wallpaperengine = {
# Unit = { Unit = {
# Description = "Linux Wallpaper Engine"; Description = "Linux Wallpaper Engine";
# After = ["hyprland-session.target"]; After = ["hyprland-session.target"];
# Wants = ["hyprland-session.target"]; Wants = ["hyprland-session.target"];
# PartOf = ["hyprland-session.target"]; PartOf = ["hyprland-session.target"];
# }; };
#
# Service = { Service = {
# Environment = [ Environment = [
# "XDG_SESSION_TYPE=wayland" "XDG_SESSION_TYPE=wayland"
# ]; ];
# Type = "simple"; Type = "simple";
# ExecStartPre = "${pkgs.coreutils}/bin/sleep 3"; ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
# ExecStart = "${pkgs.linux-wallpaperengine}/bin/linux-wallpaperengine --silent --no-audio-processing -f 15 --scaling fill --screen-root HDMI-A-1 --bg 2780316434"; ExecStart = "${pkgs.linux-wallpaperengine}/bin/linux-wallpaperengine --silent --no-audio-processing -f 15 --scaling fill --screen-root HDMI-A-1 --bg 2780316434";
# Restart = "on-failure"; Restart = "on-failure";
# RestartSec = 5; RestartSec = 5;
# TimeoutStartSec = 30; TimeoutStartSec = 30;
# }; };
#
# Install = { Install = {
# WantedBy = ["hyprland-session.target"]; WantedBy = ["hyprland-session.target"];
# }; };
# }; };
} }

10
home/services/xdg.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
lib, lib,
device, device,
inputs,
... ...
}: { }: {
xdg.portal = { xdg.portal = {
@@ -10,10 +11,9 @@
hyprland.default = ["hyprland"]; hyprland.default = ["hyprland"];
common.default = ["*" "hyprland"]; common.default = ["*" "hyprland"];
}; };
extraPortals = with pkgs; [
kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
];
}; };
} }
# // lib.optionalAttrs (device.is "ryu") {
# environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"];
# }

2
justfile
View File

@@ -41,3 +41,5 @@ add program:
alejandra fmt home/programs/{{program}}.nix home/programs/default.nix alejandra fmt home/programs/{{program}}.nix home/programs/default.nix
git add home/programs/{{program}}.nix git add home/programs/{{program}}.nix
# add-secret secret:
# openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml {{secret}}

162
modules/nixos/affine.nix Normal file
View File

@@ -0,0 +1,162 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.services.affine;
dbName = "affine";
dbUser = "affine";
in {
options.services.affine = {
enable = mkEnableOption "AFFiNE self-hosted workspace";
port = mkOption {
type = types.port;
default = 3010;
description = "Port for the AFFiNE server to listen on";
};
domain = mkOption {
type = types.str;
description = "Public domain for AFFiNE (e.g. notes.darksailor.dev)";
};
imageTag = mkOption {
type = types.str;
default = "stable";
description = "Docker image tag for AFFiNE (stable, beta, canary)";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/affine";
description = "Base data directory for AFFiNE storage";
};
environmentFiles = mkOption {
type = types.listOf types.path;
default = [];
description = "Environment files containing secrets (DB password, etc.)";
};
};
config = mkIf cfg.enable {
# Create data directories
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0755 root root -"
"d ${cfg.dataDir}/storage 0755 root root -"
"d ${cfg.dataDir}/config 0755 root root -"
"d ${cfg.dataDir}/postgres 0700 root root -"
"d ${cfg.dataDir}/redis 0755 root root -"
];
virtualisation.oci-containers = {
backend = "docker";
containers = {
affine-postgres = {
image = "pgvector/pgvector:pg16";
volumes = [
"${cfg.dataDir}/postgres:/var/lib/postgresql/data"
];
environment = {
POSTGRES_USER = dbUser;
POSTGRES_DB = dbName;
POSTGRES_INITDB_ARGS = "--data-checksums";
POSTGRES_HOST_AUTH_METHOD = "trust";
};
environmentFiles = cfg.environmentFiles;
extraOptions = [
"--health-cmd=pg_isready -U ${dbUser} -d ${dbName}"
"--health-interval=10s"
"--health-timeout=5s"
"--health-retries=5"
];
networks = ["affine-net"];
};
affine-redis = {
image = "redis:7";
volumes = [
"${cfg.dataDir}/redis:/data"
];
networks = ["affine-net"];
extraOptions = [
"--health-cmd=redis-cli --raw incr ping"
"--health-interval=10s"
"--health-timeout=5s"
"--health-retries=5"
];
};
affine = {
image = "ghcr.io/toeverything/affine:${cfg.imageTag}";
ports = ["127.0.0.1:${toString cfg.port}:3010"];
dependsOn = [
"affine-postgres"
"affine-redis"
"affine-migration"
];
volumes = [
"${cfg.dataDir}/storage:/root/.affine/storage"
"${cfg.dataDir}/config:/root/.affine/config"
];
environment = {
AFFINE_SERVER_PORT = "3010";
AFFINE_SERVER_HOST = cfg.domain;
AFFINE_SERVER_HTTPS = "true";
AFFINE_SERVER_EXTERNAL_URL = "https://${cfg.domain}";
REDIS_SERVER_HOST = "affine-redis";
DATABASE_URL = "postgresql://${dbUser}:$${AFFINE_DB_PASSWORD:-affine}@affine-postgres:5432/${dbName}";
AFFINE_INDEXER_ENABLED = "false";
};
environmentFiles = cfg.environmentFiles;
networks = ["affine-net"];
};
affine-migration = {
image = "ghcr.io/toeverything/affine:${cfg.imageTag}";
dependsOn = [
"affine-postgres"
"affine-redis"
];
volumes = [
"${cfg.dataDir}/storage:/root/.affine/storage"
"${cfg.dataDir}/config:/root/.affine/config"
];
cmd = ["sh" "-c" "node ./scripts/self-host-predeploy.js"];
environment = {
REDIS_SERVER_HOST = "affine-redis";
DATABASE_URL = "postgresql://${dbUser}:$${AFFINE_DB_PASSWORD:-affine}@affine-postgres:5432/${dbName}";
AFFINE_INDEXER_ENABLED = "false";
};
environmentFiles = cfg.environmentFiles;
networks = ["affine-net"];
};
};
};
# Create the Docker network
# systemd.services.affine-network = {
# description = "Create AFFiNE Docker network";
# after = ["docker.service"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# # ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net";
# # ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net";
# };
# };
#
# Ensure containers start after the network is created
# systemd.services.docker-affine.after = ["affine-network.service"];
# systemd.services.docker-affine.requires = ["affine-network.service"];
# systemd.services.docker-affine-postgres.after = ["affine-network.service"];
# systemd.services.docker-affine-postgres.requires = ["affine-network.service"];
# systemd.services.docker-affine-redis.after = ["affine-network.service"];
# systemd.services.docker-affine-redis.requires = ["affine-network.service"];
# systemd.services.docker-affine-migration.after = ["affine-network.service"];
# systemd.services.docker-affine-migration.requires = ["affine-network.service"];
};
}

480
modules/nixos/caddy/default.nix
View File

@@ -1,480 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.caddy;
certs = config.security.acme.certs;
virtualHosts = attrValues cfg.virtualHosts;
acmeEnabledVhosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
vhostCertNames = unique (map (hostOpts: hostOpts.useACMEHost) acmeEnabledVhosts);
dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
mkVHostConf = hostOpts: let
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
in ''
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
${optionalString (
hostOpts.listenAddresses != []
) "bind ${concatStringsSep " " hostOpts.listenAddresses}"}
${optionalString (
hostOpts.useACMEHost != null
) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
log {
${hostOpts.logFormat}
}
${hostOpts.extraConfig}
}
'';
settingsFormat = pkgs.formats.json {};
configFile =
if cfg.settings != {}
then settingsFormat.generate "caddy.json" cfg.settings
else let
Caddyfile = pkgs.writeTextDir "Caddyfile" ''
{
${cfg.globalConfig}
}
${cfg.extraConfig}
${concatMapStringsSep "\n" mkVHostConf virtualHosts}
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {} ''
mkdir -p $out
cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
'';
in "${
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
then Caddyfile-formatted
else Caddyfile
}/Caddyfile";
etcConfigFile = "caddy/caddy_config";
configPath = "/etc/${etcConfigFile}";
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
in {
imports = [
(mkRemovedOptionModule [
"services"
"caddy"
"agree"
] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
(mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
];
# interface
options.services.caddy = {
enable = mkEnableOption "Caddy web server";
user = mkOption {
default = "caddy";
type = types.str;
description = ''
User account under which caddy runs.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the Caddy service starts.
:::
'';
};
group = mkOption {
default = "caddy";
type = types.str;
description = ''
Group under which caddy runs.
::: {.note}
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the Caddy service starts.
:::
'';
};
package = mkPackageOption pkgs "caddy" {};
dataDir = mkOption {
type = types.path;
default = "/var/lib/caddy";
description = ''
The data directory for caddy.
::: {.note}
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise you are responsible for ensuring
the directory exists with appropriate ownership and permissions.
Caddy v2 replaced `CADDYPATH` with XDG directories.
See <https://caddyserver.com/docs/conventions#file-locations>.
:::
'';
};
logDir = mkOption {
type = types.path;
default = "/var/log/caddy";
description = ''
Directory for storing Caddy access logs.
::: {.note}
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise the sysadmin is responsible for
ensuring the directory exists with appropriate ownership and permissions.
:::
'';
};
logFormat = mkOption {
type = types.lines;
default = ''
level ERROR
'';
example = literalExpression ''
mkForce "level INFO";
'';
description = ''
Configuration for the default logger. See
<https://caddyserver.com/docs/caddyfile/options#log>
for details.
'';
};
configFile = mkOption {
type = types.path;
default = configFile;
defaultText = "A Caddyfile automatically generated by values from services.caddy.*";
example = literalExpression ''
pkgs.writeText "Caddyfile" '''
example.com
root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server
''';
'';
description = ''
Override the configuration file used by Caddy. By default,
NixOS generates one automatically.
The configuration file is exposed at {file}`${configPath}`.
'';
};
adapter = mkOption {
default =
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
then "caddyfile"
else null;
defaultText = literalExpression ''
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
'';
example = literalExpression "nginx";
type = with types; nullOr str;
description = ''
Name of the config adapter to use.
See <https://caddyserver.com/docs/config-adapters>
for the full list.
If `null` is specified, the `--adapter` argument is omitted when
starting or restarting Caddy. Notably, this allows specification of a
configuration file in Caddy's native JSON format, as long as the
filename does not start with `Caddyfile` (in which case the `caddyfile`
adapter is implicitly enabled). See
<https://caddyserver.com/docs/command-line#caddy-run> for details.
::: {.note}
Any value other than `null` or `caddyfile` is only valid when providing
your own `configFile`.
:::
'';
};
resume = mkOption {
default = false;
type = types.bool;
description = ''
Use saved config, if any (and prefer over any specified configuration passed with `--config`).
'';
};
globalConfig = mkOption {
type = types.lines;
default = "";
example = ''
debug
servers {
protocol {
experimental_http3
}
}
'';
description = ''
Additional lines of configuration appended to the global config section
of the `Caddyfile`.
Refer to <https://caddyserver.com/docs/caddyfile/options#global-options>
for details on supported values.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
example.com {
encode gzip
log
root /srv/http
}
'';
description = ''
Additional lines of configuration appended to the automatically
generated `Caddyfile`.
'';
};
virtualHosts = mkOption {
type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
default = {};
example = literalExpression ''
{
"hydra.example.com" = {
serverAliases = [ "www.hydra.example.com" ];
extraConfig = '''
encode gzip
root * /srv/http
''';
};
};
'';
description = ''
Declarative specification of virtual hosts served by Caddy.
'';
};
acmeCA = mkOption {
default = null;
example = "https://acme-v02.api.letsencrypt.org/directory";
type = with types; nullOr str;
description = ''
::: {.note}
Sets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca)
in the global options block of the resulting Caddyfile.
:::
The URL to the ACME CA's directory. It is strongly recommended to set
this to `https://acme-staging-v02.api.letsencrypt.org/directory` for
Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)
while testing or in development.
Value `null` should be prefered for production setups,
as it omits the `acme_ca` option to enable
[automatic issuer fallback](https://caddyserver.com/docs/automatic-https#issuer-fallback).
'';
};
email = mkOption {
default = null;
type = with types; nullOr str;
description = ''
Your email address. Mainly used when creating an ACME account with your
CA, and is highly recommended in case there are problems with your
certificates.
'';
};
enableReload = mkOption {
default = true;
type = types.bool;
description = ''
Reload Caddy instead of restarting it when configuration file changes.
Note that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin)
to not be turned off.
If you enable this option, consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period)
to a non-infinite value in {option}`services.caddy.globalConfig`
to prevent Caddy waiting for active connections to finish,
which could delay the reload essentially indefinitely.
'';
};
settings = mkOption {
type = settingsFormat.type;
default = {};
description = ''
Structured configuration for Caddy to generate a Caddy JSON configuration file.
See <https://caddyserver.com/docs/json/> for available options.
::: {.warning}
Using a [Caddyfile](https://caddyserver.com/docs/caddyfile) instead of a JSON config is highly recommended by upstream.
There are only very few exception to this.
Please use a Caddyfile via {option}`services.caddy.configFile`, {option}`services.caddy.virtualHosts` or
{option}`services.caddy.extraConfig` with {option}`services.caddy.globalConfig` instead.
:::
::: {.note}
Takes presence over most `services.caddy.*` options, such as {option}`services.caddy.configFile` and {option}`services.caddy.virtualHosts`, if specified.
:::
'';
};
environmentFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/run/secrets/caddy.env";
description = ''
Environment file as defined in {manpage}`systemd.exec(5)`.
You can use environment variables to pass secrets to the service without adding
them to the world-redable nix store.
```
# in configuration.nix
services.caddy.environmentFile = "/run/secrets/caddy.env";
services.caddy.globalConfig = '''
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
''';
```
```
# in /run/secrets/caddy.env
EAB_KEY_ID=secret
EAB_MAC_KEY=secret
```
Find more examples
[here](https://caddyserver.com/docs/caddyfile/concepts#environment-variables)
'';
};
};
# implementation
config = mkIf cfg.enable {
assertions =
[
{
assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
}
]
++ map (
name:
mkCertOwnershipAssertion {
cert = config.security.acme.certs.${name};
groups = config.users.groups;
services = [config.systemd.services.caddy];
}
)
vhostCertNames;
services.caddy.globalConfig = ''
${optionalString (cfg.email != null) "email ${cfg.email}"}
${optionalString (cfg.acmeCA != null) "acme_ca ${cfg.acmeCA}"}
log {
${cfg.logFormat}
}
'';
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000;
systemd.packages = [cfg.package];
systemd.services.caddy = {
wants = map (certName: "acme-finished-${certName}.target") vhostCertNames;
after =
map (certName: "acme-selfsigned-${certName}.service") vhostCertNames
++ map (certName: "acme-${certName}.service") independentCertNames; # avoid loading self-signed key w/ real cert, or vice-versa
before = map (certName: "acme-${certName}.service") dependentCertNames;
wantedBy = ["multi-user.target"];
startLimitIntervalSec = 14400;
startLimitBurst = 10;
reloadTriggers = optional cfg.enableReload cfg.configFile;
restartTriggers = optional (!cfg.enableReload) cfg.configFile;
serviceConfig = let
runOptions = ''--config ${configPath} ${
optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
}'';
in {
# Override the `ExecStart` line from upstream's systemd unit file by our own:
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
ExecStart = [
""
''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
];
# Validating the configuration before applying it ensures well get a proper error that will be reported when switching to the configuration
ExecReload =
[
""
]
++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
User = cfg.user;
Group = cfg.group;
ReadWritePaths = [cfg.dataDir];
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
Restart = "on-failure";
RestartPreventExitStatus = 1;
RestartSec = "5s";
EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
# TODO: attempt to upstream these options
NoNewPrivileges = true;
PrivateDevices = true;
ProtectHome = true;
};
};
users.users = optionalAttrs (cfg.user == "caddy") {
caddy = {
group = cfg.group;
uid = config.ids.uids.caddy;
home = cfg.dataDir;
};
};
users.groups = optionalAttrs (cfg.group == "caddy") {
caddy.gid = config.ids.gids.caddy;
};
security.acme.certs = let
certCfg =
map (
certName:
nameValuePair certName {
group = mkDefault cfg.group;
reloadServices = ["caddy.service"];
}
)
vhostCertNames;
in
listToAttrs certCfg;
environment.etc.${etcConfigFile}.source = cfg.configFile;
};
}

83
modules/nixos/caddy/vhost-options.nix
View File

@@ -1,83 +0,0 @@
{cfg}: {
config,
lib,
name,
...
}: let
inherit (lib) literalExpression mkOption types;
in {
options = {
hostName = mkOption {
type = types.str;
default = name;
description = "Canonical hostname for the server.";
};
serverAliases = mkOption {
type = with types; listOf str;
default = [];
example = [
"www.example.org"
"example.org"
];
description = ''
Additional names of virtual hosts served by this virtual host configuration.
'';
};
listenAddresses = mkOption {
type = with types; listOf str;
description = ''
A list of host interfaces to bind to for this virtual host.
'';
default = [];
example = [
"127.0.0.1"
"::1"
];
};
useACMEHost = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
A host of an existing Let's Encrypt certificate to use.
This is mostly useful if you use DNS challenges but Caddy does not
currently support your provider.
*Note that this option does not create any certificates, nor
does it add subdomains to existing ones you will need to create them
manually using [](#opt-security.acme.certs).*
'';
};
logFormat = mkOption {
type = types.lines;
default = ''
output file ${cfg.logDir}/access-${lib.replaceStrings ["/" " "] ["_" "_"] config.hostName}.log
'';
defaultText = ''
output file ''${config.services.caddy.logDir}/access-''${hostName}.log
'';
example = literalExpression ''
mkForce '''
output discard
''';
'';
description = ''
Configuration for HTTP request logging (also known as access logs). See
<https://caddyserver.com/docs/caddyfile/directives/log#log>
for details.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines of configuration appended to this virtual host in the
automatically generated `Caddyfile`.
'';
};
};
}

19
modules/nixos/substituters.nix Normal file
View File

@@ -0,0 +1,19 @@
{...}: {
config = {
nix.settings = {
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
"https://llama-cpp.cachix.org"
"https://cache.nixos-cuda.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
"cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
];
};
};
}

55
neovim/default.nix
View File

@@ -20,6 +20,7 @@
}; };
in { in {
opts = { opts = {
autoread = true;
completeopt = "menu,menuone,popup,noselect"; completeopt = "menu,menuone,popup,noselect";
expandtab = true; expandtab = true;
foldenable = true; foldenable = true;
@@ -106,7 +107,7 @@ in {
"<C-q>x" = "[[<cmd>tabclose<cr>]]"; "<C-q>x" = "[[<cmd>tabclose<cr>]]";
"<C-q>n" = "[[<cmd>tabnext<cr>]]"; "<C-q>n" = "[[<cmd>tabnext<cr>]]";
"<C-q>p" = "[[<cmd>tabprevious<cr>]]"; "<C-q>p" = "[[<cmd>tabprevious<cr>]]";
"<c-.>" = "require('sidekick.cli').toggle"; "<C-.>" = "require('opencode').toggle";
}; };
terminal = { terminal = {
"<C-\\>" = "require('FTerm').toggle"; "<C-\\>" = "require('FTerm').toggle";
@@ -177,16 +178,19 @@ in {
trouble.enable = true; trouble.enable = true;
ts-context-commentstring.enable = true; ts-context-commentstring.enable = true;
which-key.enable = true; which-key.enable = true;
opencode = {
sidekick = {
enable = true; enable = true;
settings = {
nes = {
enabled = false;
};
};
}; };
# sidekick = {
# enable = true;
# settings = {
# nes = {
# enabled = false;
# };
# };
# };
conform-nvim = { conform-nvim = {
enable = true; enable = true;
settings = { settings = {
@@ -285,7 +289,7 @@ in {
"core.keybinds" = { "core.keybinds" = {
config = { config = {
default_keybinds = true; default_keybinds = true;
neorg_leader = "<C-m>"; neorg_leader = "<C-i>";
}; };
}; };
"core.integrations.treesitter" = { "core.integrations.treesitter" = {
@@ -616,6 +620,21 @@ in {
}; };
sources = { sources = {
cmdline = []; cmdline = [];
# default =
# rawLua
# /*
# lua
# */
# ''
# function(ctx)
# local success, node = pcall(vim.treesitter.get_node)
# if success and node and vim.tbl_contains({ 'comment', 'line_comment', 'block_comment' }, node:type()) then
# return { 'buffer' }
# else
# return { 'git', 'lsp', 'path', 'snippets', 'buffer', 'dictionary', 'ripgrep', 'tmux' }
# end
# end
# '';
default = [ default = [
"git" "git"
"lsp" "lsp"
@@ -624,6 +643,7 @@ in {
"path" "path"
"buffer" "buffer"
"ripgrep" "ripgrep"
# "tmux"
]; ];
providers = { providers = {
buffer = { buffer = {
@@ -635,23 +655,30 @@ in {
path = {}; path = {};
dictionary = { dictionary = {
module = "blink-cmp-dictionary"; module = "blink-cmp-dictionary";
name = "Dict"; name = "dict";
min_keyword_length = 3; min_keyword_length = 3;
opts = { opts = {
}; };
}; };
git = { git = {
module = "blink-cmp-git"; module = "blink-cmp-git";
name = "Git"; name = "git";
opts = { opts = {
# -- options for the blink-cmp-git # -- options for the blink-cmp-git
}; };
}; };
ripgrep = { ripgrep = {
module = "blink-ripgrep"; module = "blink-ripgrep";
name = "Ripgrep"; name = "ripgrep";
opts = {}; opts = {};
}; };
# tmux = {
# module = "blink-cmp-tmux";
# name = "tmux";
# opts = {
# triggered_only = false;
# };
# };
}; };
}; };
}; };
@@ -659,8 +686,9 @@ in {
blink-ripgrep.enable = true; blink-ripgrep.enable = true;
blink-cmp-git.enable = true; blink-cmp-git.enable = true;
blink-cmp-dictionary.enable = true; blink-cmp-dictionary.enable = true;
blink-cmp-copilot.enable = true; # blink-cmp-copilot.enable = true;
blink-cmp-spell.enable = true; blink-cmp-spell.enable = true;
blink-cmp-tmux.enable = true;
blink-compat = { blink-compat = {
enable = true; enable = true;
settings.impersonate_nvim_cmp = true; settings.impersonate_nvim_cmp = true;
@@ -857,5 +885,6 @@ in {
pkgs.lua pkgs.lua
pkgs.ripgrep pkgs.ripgrep
pkgs.nodejs-slim pkgs.nodejs-slim
pkgs.lsof
]; ];
} }

4
neovim/overlays.nix
View File

@@ -42,8 +42,8 @@
}; };
}; };
in [ in [
inputs.nno.overlays.default
inputs.nixvim.overlays.default inputs.nixvim.overlays.default
vimPlugins inputs.nno.overlays.default
tree-sitter-grammars tree-sitter-grammars
vimPlugins
] ]

1
nixos/default.nix
View File

@@ -28,6 +28,7 @@
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.headplane.nixosModules.headplane inputs.headplane.nixosModules.headplane
inputs.tangled-core.nixosModules.knot
./${device.name}/configuration.nix ./${device.name}/configuration.nix
../home/module.nix ../home/module.nix

1
nixos/documentation.nix
View File

@@ -4,4 +4,5 @@
documentation.dev.enable = true; documentation.dev.enable = true;
documentation.doc.enable = true; documentation.doc.enable = true;
documentation.nixos.enable = true; documentation.nixos.enable = true;
documentation.man.cache.enable = true;
} }

3
nixos/ryu/apps/crosspipe.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [crosspipe];
}

6
nixos/ryu/apps/default.nix
View File

@@ -7,5 +7,11 @@
# ./alvr.nix # ./alvr.nix
./easyeffects.nix ./easyeffects.nix
./vr.nix ./vr.nix
./crosspipe.nix
# ./wine.nix
# ./virt.nix
./gparted.nix
./nvtop.nix
# ./qpwgraph.nix
]; ];
} }

3
nixos/ryu/apps/gparted.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [gparted];
}

3
nixos/ryu/apps/nvtop.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [nvtopPackages.nvidia];
}

3
nixos/ryu/apps/qpwgraph.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [qpwgraph];
}

6
nixos/ryu/apps/virt.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
virt-manager
quickemu
];
}

7
nixos/ryu/apps/wine.nix Normal file
View File

@@ -0,0 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
wine-wayland
winetricks
wineWowPackages.waylandFull
];
}

92
nixos/ryu/configuration.nix
View File

@@ -2,6 +2,8 @@
pkgs, pkgs,
lib, lib,
device, device,
config,
inputs,
... ...
}: { }: {
imports = [ imports = [
@@ -12,6 +14,7 @@
./apps ./apps
./vms ./vms
./games ./games
../../modules/nixos/substituters.nix
]; ];
security.tpm2 = { security.tpm2 = {
@@ -20,15 +23,6 @@
tctiEnvironment.enable = true; tctiEnvironment.enable = true;
}; };
programs = {
hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
};
uwsm.enable = true;
};
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false; systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
# systemd.tmpfiles.rules = [ # systemd.tmpfiles.rules = [
# "L+ /etc/gdm/.config/monitors.xml - - - - ${./monitors.xml}" # "L+ /etc/gdm/.config/monitors.xml - - - - ${./monitors.xml}"
@@ -46,18 +40,8 @@
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user]; trusted-users = [device.user];
trusted-substituters = [ extra-sandbox-paths = [config.programs.ccache.cacheDir];
"https://nix-community.cachix.org" download-buffer-size = 524288000;
"https://nixos-raspberrypi.cachix.org"
"https://llama-cpp.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
];
}; };
extraOptions = '' extraOptions = ''
build-users-group = nixbld build-users-group = nixbld
@@ -81,7 +65,7 @@
users.users.${device.user} = { users.users.${device.user} = {
uid = device.uid; uid = device.uid;
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss"]; extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss" "plugdev"];
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub ../../secrets/id_ed25519.pub
../../secrets/id_ios.pub ../../secrets/id_ios.pub
@@ -111,12 +95,6 @@
}; };
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
# desktopManager.gnome.enable = true; # desktopManager.gnome.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}; };
boot = { boot = {
@@ -169,12 +147,31 @@
Name = "Ryu"; Name = "Ryu";
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
ControllerMode = "dual"; ControllerMode = "dual";
FactConnectable = "true"; FactConnectable = true;
Experimental = "true"; Experimental = true;
}; };
}; };
}; };
}; };
boot.extraModprobeConfig = ''
# Keep Bluetooth coexistence disabled for better BT audio stability
options iwlwifi bt_coex_active=0
# Enable software crypto (helps BT coexistence sometimes)
options iwlwifi swcrypto=1
# Disable power saving on Wi-Fi module to reduce radio state changes that might disrupt BT
options iwlwifi power_save=0
# Disable Unscheduled Automatic Power Save Delivery (U-APSD) to improve BT audio stability
options iwlwifi uapsd_disable=1
# Disable D0i3 power state to avoid problematic power transitions
options iwlwifi d0i3_disable=1
# Set power scheme for performance (iwlmvm)
options iwlmvm power_scheme=1
'';
networking = { networking = {
interfaces.eno1.wakeOnLan = { interfaces.eno1.wakeOnLan = {
@@ -284,41 +281,6 @@
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
fonts.fontDir.enable = true; fonts.fontDir.enable = true;
environment = { environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
v4l-utils
polychromatic
openrazer-daemon
cudatoolkit
# Wine
wine-wayland
winetricks
wineWowPackages.waylandFull
virt-manager
gparted
nvtopPackages.nvidia
quickemu
# (nixvim.makeNixvim (import ../../neovim))
qpwgraph
hyprland
xorg.xhost
foot
git
fish
nushell
# (pkgs.wrapFirefox
# (pkgs.firefox-unwrapped.override {pipewireSupport = true;})
# {})
gnumake
python3
nerd-fonts.fira-code
nerd-fonts.hasklug
nerd-fonts.symbols-only
monaspace
ddcutil
];
sessionVariables = { sessionVariables = {
WLR_NO_HARDWARE_CURSORS = "1"; WLR_NO_HARDWARE_CURSORS = "1";
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";

2
nixos/ryu/games/default.nix
View File

@@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./hytale.nix # ./hytale.nix
]; ];
} }

0
nixos/tako/services/games/hytale.nix → nixos/ryu/hardware/default.nix
View File

6
nixos/ryu/programs/ccache.nix Normal file
View File

@@ -0,0 +1,6 @@
{...}: {
programs.ccache = {
enable = true;
packageNames = ["ollama" "orca-slicer" "opencv" "onnxruntime" "obs-studio" "llama-cpp"];
};
}

3
nixos/ryu/programs/cuda.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [cudatoolkit];
}

3
nixos/ryu/programs/ddcutil.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [ddcutil];
}

13
nixos/ryu/programs/default.nix
View File

@@ -4,7 +4,7 @@
./steam.nix ./steam.nix
./1password.nix ./1password.nix
./localsend.nix ./localsend.nix
./appimage.nix # ./appimage.nix
./obs-studio.nix ./obs-studio.nix
./gnome-disks.nix ./gnome-disks.nix
./nix-ld.nix ./nix-ld.nix
@@ -12,5 +12,16 @@
./droidcam.nix ./droidcam.nix
./wireshark.nix ./wireshark.nix
./flatpak.nix ./flatpak.nix
./v4l-utils.nix
./razer.nix
./cuda.nix
./fonts.nix
./dev.nix
./shells.nix
./hyprland.nix
./foot.nix
./ddcutil.nix
./libnotify.nix
./fish.nix
]; ];
} }

7
nixos/ryu/programs/dev.nix Normal file
View File

@@ -0,0 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
git
gnumake
python3
];
}

7
nixos/ryu/programs/fish.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
programs.fish = {
enable = true;
generateCompletions = true;
};
stylix.targets.fish.enable = false;
}

8
nixos/ryu/programs/fonts.nix Normal file
View File

@@ -0,0 +1,8 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
nerd-fonts.fira-code
nerd-fonts.hasklug
nerd-fonts.symbols-only
monaspace
];
}

3
nixos/ryu/programs/foot.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [foot];
}

3
nixos/ryu/programs/gamemode.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
device, device,
lib,
... ...
}: { }: {
programs.gamemode = { programs.gamemode = {
@@ -12,7 +13,7 @@
custom = { custom = {
start = let start = let
out = pkgs.writeScriptBin "gamemode-start" '' out = pkgs.writeScriptBin "gamemode-start" ''
${pkgs.lmstudio}/bin/lms unload ${lib.getExe pkgs.ollama} ps | tail +2 | cut -d' ' -f1 | xargs ${lib.getExe pkgs.ollama} stop
${pkgs.libnotify}/bin/notify-send 'GameMode started' ${pkgs.libnotify}/bin/notify-send 'GameMode started'
''; '';
in "${out}/bin/gamemode-start"; in "${out}/bin/gamemode-start";

19
nixos/ryu/programs/hyprland.nix Normal file
View File

@@ -0,0 +1,19 @@
{
pkgs,
inputs,
...
}: {
environment.systemPackages = with pkgs; [
xhost
];
programs = {
hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
package = pkgs.hyprland;
portalPackage = pkgs.xdph;
};
uwsm.enable = true;
};
}

3
nixos/ryu/programs/libnotify.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [libnotify];
}

6
nixos/ryu/programs/razer.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
polychromatic
openrazer-daemon
];
}

6
nixos/ryu/programs/shells.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
fish
nushell
];
}

3
nixos/ryu/programs/v4l-utils.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [v4l-utils];
}

3
nixos/ryu/programs/wireshark.nix
View File

@@ -7,8 +7,5 @@
enable = true; enable = true;
dumpcap.enable = true; dumpcap.enable = true;
}; };
environment.systemPackages = with pkgs; [
wireshark-qt
];
users.users.${device.user}.extraGroups = ["wireshark"]; users.users.${device.user}.extraGroups = ["wireshark"];
} }

9
nixos/ryu/ryu.nix
View File

@@ -130,11 +130,10 @@
options = ["nofail"]; options = ["nofail"];
}; };
# fileSystems."/volumes/windows-games" = { fileSystems."/var" = {
# device = "/dev/disk/by-partuuid/56359fb7-7d33-44d2-bebd-b0c53daeeb73"; device = "/dev/disk/by-uuid/ff874913-dc21-43f3-82f8-cdf45dd888f7";
# fsType = "ntfs3"; fsType = "ext4";
# options = ["nofail"]; };
# };
swapDevices = [ swapDevices = [
{ {

5
nixos/ryu/services/caddy.nix
View File

@@ -14,6 +14,11 @@
services = { services = {
caddy = { caddy = {
enable = true; enable = true;
globalConfig = ''
servers {
metrics
}
'';
extraConfig = '' extraConfig = ''
(cloudflare) { (cloudflare) {
tls { tls {

27
nixos/ryu/services/command-runner.nix
View File

@@ -1,27 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
# services.command-runner = {
# enable = false;
# port = 5599;
# user = "servius";
# commands = let
# hyprctl = "${pkgs.hyprland}/bin/hyprctl";
# in
# {
# "display_on" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "on"];
# "display_off" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "off"];
# "display_toggle" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "toggle"];
# "display_status" = [hyprctl "-i" "{instance}" "-j" "monitors"];
# "hyprland_instance" = [hyprctl "-j" "instances"];
# }
# // (builtins.foldl' (acc: elem: acc // elem) {} (lib.map (name: {
# "display_on_${name}" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "on" name];
# "display_off_${name}" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "off" name];
# "display_toggle_${name}" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "toggle" name];
# }) ["HDMI-A-1" "DP-3" "DP-1"]));
# };
}

2
nixos/ryu/services/default.nix
View File

@@ -4,7 +4,6 @@
# ./zerotier.nix # ./zerotier.nix
# ./dnscrypt.nix # ./dnscrypt.nix
./caddy.nix ./caddy.nix
./command-runner.nix
./dualsense.nix ./dualsense.nix
./fprintd.nix ./fprintd.nix
./fwupd.nix ./fwupd.nix
@@ -22,5 +21,6 @@
# ./sunshine.nix # ./sunshine.nix
./tailscale.nix ./tailscale.nix
./wivrn.nix ./wivrn.nix
./pipewire.nix
]; ];
} }

54
nixos/ryu/services/monitoring.nix
View File

@@ -1,11 +1,28 @@
{...}: { {pkgs, ...}: let
# Port configurations
ports = {
# System exporters
node = 9100;
systemd = 9558;
process = 9256;
nvidiagpu = 9835;
# Infrastructure exporters
cadvisor = 8080;
caddy = 2019;
};
in {
services = { services = {
prometheus = { prometheus = {
exporters = { exporters = {
systemd = { systemd = {
enable = true; enable = true;
port = ports.systemd;
};
nvidia-gpu = {
enable = true;
port = ports.nvidiagpu;
}; };
nvidia-gpu.enable = true;
node = { node = {
enable = true; enable = true;
enabledCollectors = [ enabledCollectors = [
@@ -19,7 +36,10 @@
"time" "time"
"uname" "uname"
"vmstat" "vmstat"
"diskstats"
"cpu"
]; ];
port = ports.node;
}; };
process = { process = {
enable = true; enable = true;
@@ -33,4 +53,34 @@
}; };
}; };
}; };
# Docker cAdvisor for container metrics
# virtualisation.oci-containers.containers.cadvisor = {
# image = "gcr.io/cadvisor/cadvisor:v0.49.1";
# ports = ["${toString ports.cadvisor}:8080"];
# volumes = [
# "/:/rootfs:ro"
# "/var/run:/var/run:ro"
# "/sys:/sys:ro"
# "/var/lib/docker/:/var/lib/docker:ro"
# "/dev/disk/:/dev/disk:ro"
# ];
# extraOptions = [
# "--privileged"
# "--device=/dev/kmsg"
# ];
# };
# Open firewall ports for Prometheus exporters
networking.firewall = {
# Allow from Tailscale network
interfaces."tailscale0".allowedTCPPorts = [
ports.node
ports.systemd
ports.process
ports.nvidiagpu
ports.cadvisor
ports.caddy
];
};
} }

19
nixos/ryu/services/pipewire.nix Normal file
View File

@@ -0,0 +1,19 @@
{...}: {
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
extraConfig = {
pipewire = {
"10-clock-rate" = {
"context.properties" = {
"default.clock.quantum" = 32;
"default.clock.allowed-rates" = [44100 48000 88200 96000];
};
};
};
};
};
}

12
nixos/tako/configuration.nix
View File

@@ -9,6 +9,7 @@
./services ./services
./tako.nix ./tako.nix
# ./docker.nix # ./docker.nix
../../modules/nixos/substituters.nix
]; ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@@ -35,7 +36,6 @@
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
nix = { nix = {
settings = { settings = {
max-jobs = 1; max-jobs = 1;
@@ -43,16 +43,6 @@
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user "remotebuilder"]; trusted-users = [device.user "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# "https://sh.darksailor.dev"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# "tako:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
];
}; };
extraOptions = '' extraOptions = ''
build-users-group = nixbld build-users-group = nixbld

89
nixos/tako/services/affine.nix Normal file
View File

@@ -0,0 +1,89 @@
{config, ...}: let
domain = "notes.darksailor.dev";
in {
imports = [
../../../modules/nixos/affine.nix
];
# SOPS secrets
sops = {
secrets = {
"affine/db_password" = {};
"authelia/oidc/affine/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
"authelia/oidc/affine/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
};
templates."affine.env".content = ''
AFFINE_DB_PASSWORD=${config.sops.placeholder."affine/db_password"}
POSTGRES_PASSWORD=${config.sops.placeholder."affine/db_password"}
AFFINE_SERVER_EXTERNAL_URL=https://${domain}
'';
};
# Enable AFFiNE service
services.affine = {
enable = true;
inherit domain;
environmentFiles = [
config.sops.templates."affine.env".path
];
};
# Caddy reverse proxy with SSO forward auth
services.caddy.virtualHosts."${domain}".extraConfig = ''
reverse_proxy localhost:${toString config.services.affine.port}
'';
# Authelia access control rules
services.authelia.instances.darksailor.settings = {
access_control.rules = [
{
inherit domain;
policy = "bypass";
resources = [
"^/api/(sync|awareness)([/?].*)?$"
"^/socket\\.io([/?].*)?$"
];
}
{
inherit domain;
policy = "one_factor";
}
];
# OIDC client for AFFiNE
identity_providers.oidc.clients = [
{
client_name = "AFFiNE: Darksailor";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/affine/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/affine/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://${domain}/oauth/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
# Ensure containers start after secrets are available
systemd.services.docker-affine.after = ["sops-install-secrets.service"];
systemd.services.docker-affine-migration.after = ["sops-install-secrets.service"];
systemd.services.docker-affine-postgres.after = ["sops-install-secrets.service"];
}

21
nixos/tako/services/attic.nix
View File

@@ -1,16 +1,21 @@
{...}: { {config, ...}: let
address = "127.0.0.1:8052";
in {
sops = {
secrets."attic/jwt_secret" = {};
templates."attic.env".content = ''
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder."attic/jwt_secret"}
'';
};
services = { services = {
atticd = { atticd = {
enable = false; enable = true;
listen = "/run/attic.sock"; settings.listen = address;
environmentFile = config.sops.templates."attic.env".path;
}; };
caddy = { caddy = {
virtualHosts."cache.darksailor.dev".extraConfig = '' virtualHosts."cache.darksailor.dev".extraConfig = ''
reverse_proxy /run/attic.sock { reverse_proxy ${address}
transport http {
protocol = "fd"
}
}
''; '';
}; };
}; };

5
nixos/tako/services/caddy.nix
View File

@@ -2,6 +2,11 @@
services = { services = {
caddy = { caddy = {
enable = true; enable = true;
globalConfig = ''
servers {
metrics
}
'';
extraConfig = '' extraConfig = ''
(auth) { (auth) {
forward_auth localhost:5555 { forward_auth localhost:5555 {

32
nixos/tako/services/default.nix
View File

@@ -1,29 +1,35 @@
{...}: { {...}: {
imports = [ imports = [
./games
# ./headscale.nix
./llms.nix
# ./monitoring.nix
# ./paperless.nix
./navidrome.nix
./shitpost.nix
./atuin.nix ./atuin.nix
./authelia.nix ./authelia.nix
./caddy.nix ./caddy.nix
./excalidraw.nix
./fail2ban.nix ./fail2ban.nix
./flaresolverr.nix
./gitea.nix
./homepage.nix ./homepage.nix
./immich.nix
./lldap.nix ./lldap.nix
./navidrome.nix
./nextcloud.nix ./nextcloud.nix
./openssh.nix ./openssh.nix
./prowlarr.nix
./resolved.nix ./resolved.nix
./searxng.nix
./tailscale.nix ./tailscale.nix
./gitea.nix
./knot.nix
./affine.nix
./attic.nix
./excalidraw.nix
./flaresolverr.nix
# ./games
# ./headscale.nix
./immich.nix
./kellnr.nix ./kellnr.nix
./llms.nix
./matrix
./monitoring.nix
# ./servius-website.nix
# ./paperless.nix
./prowlarr.nix
# ./searxng.nix
./shitpost.nix
]; ];
services = { services = {
nix-serve = { nix-serve = {

97
nixos/tako/services/excalidraw.nix
View File

@@ -1,29 +1,90 @@
{...}: { {config, ...}: let
dataDir = "/var/lib/excalidraw";
base_domain = "darksailor.dev";
in {
# SOPS secrets and templates
sops = {
secrets = {
"excalidraw/jwt_secret" = {};
"authelia/oidc/excalidraw/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
"authelia/oidc/excalidraw/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
};
templates."excalidraw.env".content = ''
OIDC_ISSUER_URL=https://auth.${base_domain}
OIDC_CLIENT_ID=${config.sops.placeholder."authelia/oidc/excalidraw/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."authelia/oidc/excalidraw/client_secret"}
OIDC_REDIRECT_URL=https://draw.${base_domain}/auth/callback
JWT_SECRET=${config.sops.placeholder."excalidraw/jwt_secret"}
STORAGE_TYPE=sqlite
DATA_SOURCE_NAME=excalidraw.db
LOCAL_STORAGE_PATH=/root/data
'';
};
# Create data directory and initialize SQLite DB
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 root root -"
"d ${dataDir}/data 0755 root root -"
"f ${dataDir}/excalidraw.db 0644 root root -"
];
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {
# Excalidraw Full backend
excalidraw = { excalidraw = {
image = "excalidraw/excalidraw:latest"; image = "ghcr.io/betterandbetterii/excalidraw-full:latest";
ports = ["127.0.0.1:5959:80"]; ports = ["127.0.0.1:3002:3002"];
volumes = []; environmentFiles = [
config.sops.templates."excalidraw.env".path
];
volumes = [
"${dataDir}/data:/root/data"
"${dataDir}/excalidraw.db:/root/excalidraw.db"
];
}; };
}; };
}; };
services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
import auth # Caddy reverse proxy
reverse_proxy localhost:5959 services.caddy.virtualHosts."draw.${base_domain}".extraConfig = ''
reverse_proxy localhost:3002
''; '';
services.authelia = {
instances.darksailor = { # Configure Authelia OIDC for Excalidraw
settings = { services.authelia.instances.darksailor.settings = {
access_control = { identity_providers = {
rules = [ oidc = {
{ clients = [
domain = "draw.darksailor.dev"; {
policy = "one_factor"; client_name = "Excalidraw: Darksailor";
} client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/excalidraw/client_id".path}" }}'';
]; client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/excalidraw/client_secret".path}" }}'';
}; public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://draw.${base_domain}/auth/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
}; };
}; };
}; };

1
nixos/tako/services/fail2ban.nix
View File

@@ -16,6 +16,7 @@
ignoreIP = [ ignoreIP = [
"106.219.121.52" "106.219.121.52"
"106.219.122.125" "106.219.122.125"
"106.219.122.221"
]; ];
}; };
}; };

Some files were not shown because too many files have changed in this diff Show More