servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: servius:d8b3d6fb096bf27160f6cd6f8d29447c9a66c0e4
Branches Tags
servius:master servius:matrix-rtc
..
compare: servius:matrix-rtc
Branches Tags
servius:master servius:matrix-rtc

34 Commits
d8b3d6fb09 ... matrix-rtc

Author SHA1 Message Date
servius
1ac96316ea feat: re-enable affine service
All checks were successful
Flake checker / Build Nix targets (pull_request) Successful in 9m32s
Details
2026-02-23 17:05:03 +05:30
servius
8d636ce194 refactor(matrix): simplify LiveKit configuration to use services.livekit and services.lk-jwt-service 2026-02-23 16:32:14 +05:30
servius
bbeed99f43 refactor(affine): use Docker network option instead of --network flag 2026-02-23 16:05:09 +05:30
servius
7e6ece1b0d feat(matrix): add LiveKit support with firewall and systemd services 2026-02-23 15:49:50 +05:30
servius
60952a0e7f feat(programs): add yq package to home programs 2026-02-23 14:43:49 +05:30
servius
738013df66 refactor: update mbsync settings for Fastmail and Neomutt 2026-02-22 15:32:38 +05:30
servius
34160d0de4 feat: Updated notifications
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m27s
Details
2026-02-22 15:16:10 +05:30
servius
02b8a16f41 feat(cargo): add pkgs metadata alias
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m33s
Details
2026-02-20 03:42:46 +05:30
servius
684f6fdea5 fix(apps): make playerctl conditional to ryu device only 2026-02-20 03:42:44 +05:30
servius
7ef1785a0f feat: Added caldav 2026-02-20 03:08:24 +05:30
servius
49c0c607d8 feat: Added stuff 2026-02-20 02:01:24 +05:30
servius
ab52b423ee feat: Move stuff into programs / apps in ryu 2026-02-19 23:03:52 +05:30
servius
f852a73d47 feat: Updated to latest nixpkgs-unstable 2026-02-19 21:16:08 +05:30
servius
998ebc1164 feat(programs): add jujutsu(jj) package
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m41s
Details
2026-02-19 13:51:12 +05:30
servius
9acb378e5f feat: disable some services and disable root login from ssh altogether 2026-02-19 13:41:40 +05:30
servius
dca434c0ba Enable Audacity and add local Ollama provider configuration 
- Remove comment from audacity.nix to enable Audacity application
- Add Ollama provider configuration for local LLM access
- Configure glm-4.7-flash model with custom base URL
 2026-02-19 00:19:08 +05:30
servius
c22ff38874 feat: Added affine 2026-02-18 18:03:06 +05:30
servius
0591868be3 feat: Added affine server 2026-02-18 17:23:05 +05:30
servius
e249f13313 feat: Vertical to horizontal secondary monitor 3
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m37s
Details
2026-02-16 03:17:34 +05:30
servius
4ecf045deb feat: Added ip target for ignore ip 2026-02-16 02:48:03 +05:30
servius
05d1890b01 feat: Added steamdeck deploy target
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m35s
Details
2026-02-16 02:21:06 +05:30
servius
2babff5576 feat: Added cloudflare cli to add / remove dns entries from cli 2026-02-12 19:04:13 +05:30
servius
aa7c26516c feat: Added gitea runner
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m33s
Details
2026-02-12 16:21:36 +05:30
servius
a1369cbb41 feat(attic): Use env variable for attic login
All checks were successful
Flake checker / Build Nix targets (push) Successful in 29m34s
Details
2026-02-11 19:53:05 +05:30
servius
54c5cf932d feat: Added attic-client 2026-02-11 17:53:27 +05:30
servius
bb68711814 fix: use tcp instead of unix sockets for attic
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 17:07:40 +05:30
servius
6b31922615 feat: Added attic ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 16:56:23 +05:30
servius
21e779c304 fix: Macos fixes
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 16:30:38 +05:30
servius
e718da413b feat: Replace deprecated options from navidrome
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 04:48:39 +05:30
servius
98989afdec feat: upgrade to excalidraw-full 2026-02-11 04:27:14 +05:30
servius
3a97de6af2 fix: Matrix server fix
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2026-02-11 03:55:29 +05:30
servius
66b7a31943 feat: Update to latest nix 2026-02-10 23:14:12 +05:30
servius
ddb53d879e feat: Added matrix 2026-02-10 22:25:37 +05:30
servius
e403e47c28 feat: Added tuwunel 2026-02-10 14:24:39 +05:30
72 changed files with 1293 additions and 1039 deletions
Expand all files Collapse all files

5
AGENTS.md
View File

@@ -162,6 +162,11 @@ sessionVariables.BROWSER = if device.isDarwin then "open" else "xdg-open";
just add program myprogram # Creates home/programs/myprogram.nix and adds import just add program myprogram # Creates home/programs/myprogram.nix and adds import
``` ```
### Adding a new dns entry
```bash
cfcli add --type A foobar.bazbar.biz 192.168.0.1
```
### Creating a Module ### Creating a Module
1. Determine location: `modules/nixos/`, `modules/darwin/`, or `modules/home/` 1. Determine location: `modules/nixos/`, `modules/darwin/`, or `modules/home/`

16
deploy.nix
View File

@@ -55,13 +55,13 @@
user = "root"; user = "root";
}; };
}; };
# deck = { deck = {
# hostname = "steamdeck"; hostname = "sdeck";
# profiles.system = { profiles.system = {
# sshUser = "deck"; sshUser = "deck";
# path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck; path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
# user = "deck"; user = "deck";
# }; };
# }; };
}; };
} }

427
flake.lock generated
View File

@@ -217,11 +217,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769428758, "lastModified": 1770895474,
"narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=", "narHash": "sha256-JBcrq1Y0uw87VZdYsByVbv+GBuT6ECaCNb9txLX9UuU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "def5e74c97370f15949a67c62e61f1459fcb0e15", "rev": "a494d50d32b5567956b558437ceaa58a380712f7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -436,11 +436,11 @@
}, },
"crane_3": { "crane_3": {
"locked": { "locked": {
"lastModified": 1769737823, "lastModified": 1771121070,
"narHash": "sha256-DrBaNpZ+sJ4stXm+0nBX7zqZT9t9P22zbk6m5YhQxS4=", "narHash": "sha256-aIlv7FRXF9q70DNJPI237dEDAznSKaXmL5lfK/Id/bI=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "b2f45c3830aa96b7456a4c4bc327d04d7a43e1ba", "rev": "a2812c19f1ed2e5ed5ce2ef7109798b575c180e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -521,10 +521,10 @@
"crates-io-index": { "crates-io-index": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1770382813, "lastModified": 1771515523,
"narHash": "sha256-u0/nmEjtbHrDlXtpbQAEDd1Ry7sGc0nDAi/7RwBkNUk=", "narHash": "sha256-5S4n9alO7MVlHawzeX0d7vpWzTIULWic3+1MPNUcqVM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "59f68c46f1c53b597a6378424d5ef06c0cf261f6", "rev": "bba640d9c272da3c4ad7e8050ee072703cf99567",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "https://github.com/rust-lang/crates.io-index" "url": "https://github.com/rust-lang/crates.io-index"
@@ -558,11 +558,11 @@
"csshacks": { "csshacks": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1768572660, "lastModified": 1770817581,
"narHash": "sha256-VlxdEeMqgRclKQqnKDhBXQ+19ce35ZFdC6SaKg2skUk=", "narHash": "sha256-rDuTVA5WvHwYsZTk4GOPQ0zvpynVU0TeuVGeg5ihndE=",
"owner": "MrOtherGuy", "owner": "MrOtherGuy",
"repo": "firefox-csshacks", "repo": "firefox-csshacks",
"rev": "bcb85f04764802557fc1d1dff6f53461065e4893", "rev": "6fc627e1cb85723fd71dd33004a3e48a13566dd2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -684,11 +684,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770369171, "lastModified": 1771421933,
"narHash": "sha256-7n0QQ0uAp6rmNLa34G2k2HCHo6rEyeepZ5ioGV4pZPQ=", "narHash": "sha256-Svu784sqcgeb8cmDaV9UZh3IqaFrReTab3TdRuRoyrI=",
"owner": "christo-auer", "owner": "christo-auer",
"repo": "eilmeldung", "repo": "eilmeldung",
"rev": "3b2ebc95618a79e3e0a601b82f09158c1bf87e2c", "rev": "2e4d5a6c29541de57062ee6194edb58e9f570825",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -972,7 +972,7 @@
"flake-parts_10": { "flake-parts_10": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix-stable",
"nixpkgs" "nixpkgs"
] ]
}, },
@@ -992,28 +992,7 @@
}, },
"flake-parts_11": { "flake-parts_11": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": "nixpkgs-lib_5"
"stylix-stable",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_12": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_6"
}, },
"locked": { "locked": {
"lastModified": 1768135262, "lastModified": 1768135262,
@@ -1108,23 +1087,6 @@
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_4" "nixpkgs-lib": "nixpkgs-lib_4"
}, },
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-parts_7": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_5"
},
"locked": { "locked": {
"lastModified": 1769996383, "lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
@@ -1139,7 +1101,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_8": { "flake-parts_7": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@@ -1160,7 +1122,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_9": { "flake-parts_8": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@@ -1181,6 +1143,27 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_9": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@@ -1544,11 +1527,11 @@
"zon2nix": "zon2nix" "zon2nix": "zon2nix"
}, },
"locked": { "locked": {
"lastModified": 1770319677, "lastModified": 1771513100,
"narHash": "sha256-K2T07Lro9TBPZmWDet72HWG4doAO9w9JlIP9HsJh6CE=", "narHash": "sha256-NbejFbBW+h5RbqKY3DUPaEk1Z+jsgVVwZNcc709RuZA=",
"owner": "ghostty-org", "owner": "ghostty-org",
"repo": "ghostty", "repo": "ghostty",
"rev": "3cc01155bf3c903d533e6896aa378e36357bd278", "rev": "c11db662e6f514350cbd8fcef06f81dc95260d00",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1701,11 +1684,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770354686, "lastModified": 1771272718,
"narHash": "sha256-5Z5IjaNFi1PYPsWnwQCQKdB62G1VknZGRSWTl2yki+I=", "narHash": "sha256-3m/58a0IuON0JRupQnyxhEgp2fHVFVNluRuG1iZVTbg=",
"owner": "tale", "owner": "tale",
"repo": "headplane", "repo": "headplane",
"rev": "fad0c99fc92ddd00b7b982493ad90a4361eb6fb1", "rev": "9183ec294244a5a2c2b0c05f4629d7aac68eb120",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1722,11 +1705,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768068402, "lastModified": 1770586272,
"narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", "narHash": "sha256-Ucci8mu8QfxwzyfER2DQDbvW9t1BnTUJhBmY7ybralo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", "rev": "b1f916ba052341edc1f80d4b2399f1092a4873ca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1763,32 +1746,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770318660, "lastModified": 1771505064,
"narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=", "narHash": "sha256-lh9rF+C/nKFyWAqbHIa6tK9L/6N0UaQg7zw15aP4jBM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "471e6a065f9efed51488d7c51a9abbd387df91b8", "rev": "a0a01d8811fd5e99e003078ed64a0e7b531545dd",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"zen-browser",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769872935,
"narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1842,11 +1804,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769284023, "lastModified": 1770511807,
"narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=", "narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "13c536659d46893596412d180449353a900a1d31", "rev": "7c75487edd43a71b61adb01cae8326d277aab683",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1903,11 +1865,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1770330959, "lastModified": 1771463568,
"narHash": "sha256-OPmJ6dBL615GGX7ENJXtJm4zeMv5uXDjmO8WB1MI5wM=", "narHash": "sha256-QblR2JnpK8x5oqabLtLTJ7HdmEI7uc57pC3/ZMfd4eA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "562171ab668e7ee98a9d2bbb62a9477ad2b1e24e", "rev": "a1e62dcb12f5547ccb786b34a46ae60ca78ec5e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2156,11 +2118,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766253372, "lastModified": 1770139857,
"narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=", "narHash": "sha256-bCqxcXjavgz5KBJ/1CBLqnagMMf9JvU1m9HmYVASKoc=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9", "rev": "9038eec033843c289b06b83557a381a2648d8fa5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2206,11 +2168,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763640274, "lastModified": 1770501770,
"narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2260,11 +2222,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769202094, "lastModified": 1770203293,
"narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=", "narHash": "sha256-PR/KER+yiHabFC/h1Wjb+9fR2Uy0lWM3Qld7jPVaWkk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwire", "repo": "hyprwire",
"rev": "a45ca05050d22629b3c7969a926d37870d7dd75c", "rev": "37bc90eed02b0c8b5a77a0b00867baf3005cfb98",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2278,11 +2240,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1770238404, "lastModified": 1771348869,
"narHash": "sha256-/ajGYszaZxjboxwNsMaw/EBn+BEp1YIe6geFthy/M6A=", "narHash": "sha256-v6joie0zC6omgEpb6QQxCrNi3psVg3K0SJSJyRGeOpQ=",
"owner": "JPyke3", "owner": "JPyke3",
"repo": "hytale-launcher-nix", "repo": "hytale-launcher-nix",
"rev": "bfb52bff72c572f71f621ea7654ea760bc848118", "rev": "0e4dfdccdbb0451ea478a19bb6d4d8e2192db9f2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2299,11 +2261,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770371304, "lastModified": 1771485349,
"narHash": "sha256-XmgVIW3YiG+ISPn8ar68gZoXcRjCQbEL9pn8p2spJuc=", "narHash": "sha256-7bLg+n/O8oOf8M9+C1EAlt6sbWAl+Nk4INAIDRt1yo8=",
"owner": "ikawrakow", "owner": "ikawrakow",
"repo": "ik_llama.cpp", "repo": "ik_llama.cpp",
"rev": "c5d74f66e2291903ace95f72b4f46ceea5102e52", "rev": "b855bf92de0e5500c0a93160e41d320ba75e8e6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2322,11 +2284,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770318091, "lastModified": 1771406976,
"narHash": "sha256-t321ttUF5dPezr7FUXDqAOiyjFq/urmYIZjNKm954Cs=", "narHash": "sha256-LEOtGcM8Z7MBGjgJZAQ95+TbFtE1fiM4H8JuiIYWMKo=",
"owner": "JakeStanger", "owner": "JakeStanger",
"repo": "ironbar", "repo": "ironbar",
"rev": "24369e38ec0bce652d123f8064f99c10ca7b289e", "rev": "d17ee2ac27a30933fc661f8b44822862566e5a6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2345,11 +2307,11 @@
"rust-overlay": "rust-overlay_5" "rust-overlay": "rust-overlay_5"
}, },
"locked": { "locked": {
"lastModified": 1770064250, "lastModified": 1771492583,
"narHash": "sha256-3HB6gfnKZnwDoH77lnJktJtQWEZ+D35Oi53pNF6YwO4=", "narHash": "sha256-nQzvnU4BGu8dA6BsPPCqmVcab/3ebVmHtX3ZWbW3Hxc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "9985b98c74dcc7b1c7ccfe8693daf37caa4ed2ea", "rev": "5e9380994665ef66c87ab8e22c913ff837174ce4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2380,27 +2342,6 @@
"type": "github" "type": "github"
} }
}, },
"mixid": {
"inputs": {
"flake-parts": "flake-parts_6",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768471435,
"narHash": "sha256-gf0oCl8LrBDaEVxtDLa9eR8wNC7ropbsYsI2ILXPjWk=",
"owner": "leguteape",
"repo": "MixiD",
"rev": "32d049213cdf4d4d25f310609749daa72f26cf65",
"type": "github"
},
"original": {
"owner": "leguteape",
"repo": "MixiD",
"type": "github"
}
},
"music-player": { "music-player": {
"inputs": { "inputs": {
"advisory-db": "advisory-db_3", "advisory-db": "advisory-db_3",
@@ -2534,18 +2475,18 @@
}, },
"nix-auth": { "nix-auth": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_7", "flake-parts": "flake-parts_6",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1770347447, "lastModified": 1770607034,
"narHash": "sha256-aUYkK2CgIIcBLX3kUsm+sYXB9h3rDVniuzmTWnvG81U=", "narHash": "sha256-kXsl3BQdgXrJwwlhxS/s58rEx4EFbNoyQThmJ6AJO9I=",
"owner": "numtide", "owner": "numtide",
"repo": "nix-auth", "repo": "nix-auth",
"rev": "765091d6e0c1fb97b1e6a1a724c1cabf980f4db2", "rev": "d867419fc5f8f1831798d7df8ffd62b13a1fd63b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2561,11 +2502,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770184146, "lastModified": 1771371916,
"narHash": "sha256-DsqnN6LvXmohTRaal7tVZO/AKBuZ02kPBiZKSU4qa/k=", "narHash": "sha256-G14VTfmzzRYxAhtEBNanQgCNA++Cv0/9iV4h/lkqX9U=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "0d7874ef7e3ba02d58bebb871e6e29da36fa1b37", "rev": "aff4c008cec17d6a6760949df641ca0ea9179cac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2663,11 +2604,11 @@
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1770315571, "lastModified": 1771130777,
"narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=", "narHash": "sha256-UIKOwG0D9XVIJfNWg6+gENAvQP+7LO46eO0Jpe+ItJ0=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb", "rev": "efec7aaad8d43f8e5194df46a007456093c40f88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2683,11 +2624,11 @@
"systems": "systems_16" "systems": "systems_16"
}, },
"locked": { "locked": {
"lastModified": 1770172907, "lastModified": 1771469368,
"narHash": "sha256-rqYl9B+4shcM5b6OYjT+qdsdQNJ7SY64/xcPIb96NzU=", "narHash": "sha256-yGRHre2BINQJBDAyUwxyzvgAce22J4pNdpLS8roo6fY=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "8958a5a4259e1aebf4916823bf463faaf2538566", "rev": "a708458be9b9421e377c54d86807d3490db53816",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2815,21 +2756,6 @@
} }
}, },
"nixpkgs-lib_4": { "nixpkgs-lib_4": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_5": {
"locked": { "locked": {
"lastModified": 1769909678, "lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
@@ -2844,7 +2770,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib_6": { "nixpkgs-lib_5": {
"locked": { "locked": {
"lastModified": 1765674936, "lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
@@ -2861,11 +2787,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1770380644, "lastModified": 1771514878,
"narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", "narHash": "sha256-LD3tS5k3v0/IaRb4zfXfDLzdvC3MfTAYhobzG65dTmA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe", "rev": "4df684f1454215cdd30d33d82eff5762ec302339",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2877,11 +2803,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1770136044, "lastModified": 1771419570,
"narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=", "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e", "rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2903,11 +2829,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1770084921, "lastModified": 1771467423,
"narHash": "sha256-BfbUL69IOa+LnnAaxt2/ylbC/KhMGr3soe8n11avJME=", "narHash": "sha256-W0QZgcU34PioiwoSy84usD7En5HIg3TnOta5wli3w38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-xr", "repo": "nixpkgs-xr",
"rev": "88eabef1f8415752a0a3ea537e4c62a62b353205", "rev": "d4e2705e55344cc2c648765eaf63f82731d984d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2918,11 +2844,11 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1770169770, "lastModified": 1770380644,
"narHash": "sha256-awR8qIwJxJJiOmcEGgP2KUqYmHG4v/z8XpL9z8FnT1A=", "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "aa290c9891fa4ebe88f8889e59633d20cc06a5f2", "rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2966,11 +2892,11 @@
}, },
"nixpkgs_13": { "nixpkgs_13": {
"locked": { "locked": {
"lastModified": 1770197578, "lastModified": 1771369470,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -2998,11 +2924,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1768032153, "lastModified": 1770537093,
"narHash": "sha256-zvxtwlM8ZlulmZKyYCQAPpkm5dngSEnnHjmjV7Teloc=", "narHash": "sha256-XV30uo8tXuxdzuV8l3sojmlPRLd/8tpMsOp4lNzLGUo=",
"rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre925418.3146c6aa9995/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre942631.fef9403a3e4d/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -3027,11 +2953,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1770115704, "lastModified": 1771008912,
"narHash": "sha256-KHFT9UWOF2yRPlAnSXQJh6uVcgNcWlFqqiAZ7OVlHNc=", "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e6eae2ee2110f3d31110d5c222cd395303343b08", "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3059,11 +2985,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1770197578, "lastModified": 1771008912,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3107,11 +3033,11 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1770197578, "lastModified": 1771369470,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3123,16 +3049,16 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_8", "flake-parts": "flake-parts_7",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_10",
"systems": "systems_18" "systems": "systems_18"
}, },
"locked": { "locked": {
"lastModified": 1770382346, "lastModified": 1771135771,
"narHash": "sha256-p7IPuVdkOPMx4gjnitE24lRcvn+ABFTeBc3DPiz08gg=", "narHash": "sha256-wyvBIhDuyCRyjB3yPg77qoyxrlgQtBR1rVW3c9knV3E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "84eb6452937804c4ee8ee6ffc7c481e234560aab", "rev": "ed0424f0b08d303a7348f52f7850ad1b2704f9ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3153,11 +3079,11 @@
"norg-meta": "norg-meta" "norg-meta": "norg-meta"
}, },
"locked": { "locked": {
"lastModified": 1770256801, "lastModified": 1771478418,
"narHash": "sha256-f+ZIddTw5bA5ALUiCSPdOFibZJ0Q6G49THpf5u6WeiQ=", "narHash": "sha256-95q1h+3dTOwLIZpLgvdq+OWQVCMgjkLeU1g1UB/3+lY=",
"owner": "nvim-neorg", "owner": "nvim-neorg",
"repo": "nixpkgs-neorg-overlay", "repo": "nixpkgs-neorg-overlay",
"rev": "cf06a40ed073f4f21f3d317aa0e4f2a7d2ca244e", "rev": "7570f673c169701a42cab9fe952ed36188329c58",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3209,15 +3135,15 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_9", "flake-parts": "flake-parts_8",
"nixpkgs": "nixpkgs_13" "nixpkgs": "nixpkgs_13"
}, },
"locked": { "locked": {
"lastModified": 1770376919, "lastModified": 1771512979,
"narHash": "sha256-HIl5WjXWG5BByt3p72/pPgawlxZnTQ3ipWb2/SJpjlE=", "narHash": "sha256-JFfNy+Lu2xpDF0nXmGcTFoKafamxxFu4hs4yf6aijK0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "34df4251f8540cc17fe55e635a937b6b34b58aaf", "rev": "b24dba9151bb8d0681c41a7c48041753eb793d9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3369,11 +3295,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769939035, "lastModified": 1770726378,
"narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "a8ca480175326551d6c4121498316261cbb5b260", "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3392,11 +3318,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769069492, "lastModified": 1770726378,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3451,7 +3377,6 @@
"ironbar": "ironbar", "ironbar": "ironbar",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"llama-cpp": "llama-cpp", "llama-cpp": "llama-cpp",
"mixid": "mixid",
"music-player": "music-player", "music-player": "music-player",
"musnix": "musnix", "musnix": "musnix",
"navigator": "navigator", "navigator": "navigator",
@@ -3617,11 +3542,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770001842, "lastModified": 1771125043,
"narHash": "sha256-ZAyTeILfdWwDp1nuF0RK3McBduMi49qnJvrS+3Ezpac=", "narHash": "sha256-ldf/s49n6rOAxl7pYLJGGS1N/assoHkCOWdEdLyNZkc=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "5018343419ea808f8a413241381976b7e60951f2", "rev": "4912f951a26dc8142b176be2c2ad834319dc06e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3664,11 +3589,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770347142, "lastModified": 1771470520,
"narHash": "sha256-uz+ZSqXpXEPtdRPYwvgsum/CfNq7AUQ/0gZHqTigiPM=", "narHash": "sha256-PvytHcaYN5cPUll7FB70mXv1rRsIBRmu47fFfq3haxA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "2859683cd9ef7858d324c5399b0d8d6652bf4044", "rev": "a1d4cc1f264c45d3745af0d2ca5e59d460e58777",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3726,11 +3651,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770145881, "lastModified": 1771166946,
"narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=", "narHash": "sha256-UFc4lfGBr+wJmwgDGJDn1cVD6DTr0/8TdronNUiyXlU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c", "rev": "2d0cf89b4404529778bc82de7e42b5754e0fe4fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3746,7 +3671,7 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_10", "flake-parts": "flake-parts_9",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@@ -3760,11 +3685,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1770382623, "lastModified": 1771428844,
"narHash": "sha256-NB9j2JsIcSPcY7FzzoIqJA04p4xSdJpgyLAwzzzncpc=", "narHash": "sha256-rTzo6bZEsdT7yHUZ0B4BYe32XQZzm8SiWKvWLJnxerE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "05c798e0074296df9bfc6ef3df0e936b878b835a", "rev": "801843d10e9e22d7a00f660d069e2de70aa2980a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -3780,7 +3705,7 @@
"base16-helix": "base16-helix_2", "base16-helix": "base16-helix_2",
"base16-vim": "base16-vim_2", "base16-vim": "base16-vim_2",
"firefox-gnome-theme": "firefox-gnome-theme_2", "firefox-gnome-theme": "firefox-gnome-theme_2",
"flake-parts": "flake-parts_11", "flake-parts": "flake-parts_10",
"gnome-shell": "gnome-shell_2", "gnome-shell": "gnome-shell_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-stable" "nixpkgs-stable"
@@ -3794,11 +3719,11 @@
"tinted-zed": "tinted-zed_2" "tinted-zed": "tinted-zed_2"
}, },
"locked": { "locked": {
"lastModified": 1770308890, "lastModified": 1771429540,
"narHash": "sha256-7bx8Bn9B2g/loBaz+uLwdKI2rUW+RhDPyP/MqAgvrxU=", "narHash": "sha256-YKytDx8LOPOvE+dip1ja+1nbIpDVdqTaFbP4MaXwveM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "7e7fa955abac04a8e118b1cedf930a8fd41c34a6", "rev": "1a5c9d8be82127aeccc929f60b952e8a3df6b63c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -4404,11 +4329,11 @@
"tree-sitter-just": { "tree-sitter-just": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1770056803, "lastModified": 1770661194,
"narHash": "sha256-H8aAmI8/D2/3eeR4Nn/q8JNPbJjKEyV6/QX608Ikbm4=", "narHash": "sha256-cul4U1V42l/nYcCvs2eVA09qSrPi34t0eJ/Pr/Ewfhc=",
"owner": "IndianBoy42", "owner": "IndianBoy42",
"repo": "tree-sitter-just", "repo": "tree-sitter-just",
"rev": "fe94f5230d97ff9fc7bee8c57e650dff615ed7cc", "rev": "60df3d5b3fda2a22fdb3621226cafab50b763663",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -4452,11 +4377,11 @@
"tree-sitter-slint": { "tree-sitter-slint": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1770217631, "lastModified": 1770882723,
"narHash": "sha256-FS1a0N2yiRyBqhxxzUgR4mTnQ81Q8CfNZTb2AQrkBPw=", "narHash": "sha256-A4m3jG7VjGws7pVzd7ulbhINe783shv4pc3tH8EDji0=",
"owner": "slint-ui", "owner": "slint-ui",
"repo": "tree-sitter-slint", "repo": "tree-sitter-slint",
"rev": "5dafe6745dd3bb24342acebe478015b642dc7135", "rev": "a6e4e1c656429e5df52dcfcd92da87b642f6678b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -4491,11 +4416,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769691507, "lastModified": 1770228511,
"narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -4544,11 +4469,11 @@
"systems": "systems_24" "systems": "systems_24"
}, },
"locked": { "locked": {
"lastModified": 1770341176, "lastModified": 1771502217,
"narHash": "sha256-ZS3WnNMOuH/h7aKno2aDGvfs96nItfVJB/HHDwJfODQ=", "narHash": "sha256-Bx9QKfFsC0bVN6O9P8DFpyzC9SJ6nbarMfWzIH/fzIg=",
"owner": "vicinaehq", "owner": "vicinaehq",
"repo": "vicinae", "repo": "vicinae",
"rev": "49c452bf0cd6083de91ca22113397b4e31c9dccf", "rev": "54833492742d58428eaad093451fcd3469f0f3e5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -4575,7 +4500,7 @@
}, },
"wivrn": { "wivrn": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_12", "flake-parts": "flake-parts_11",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@@ -4653,17 +4578,19 @@
}, },
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"home-manager": "home-manager_3", "home-manager": [
"home-manager"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1770382887, "lastModified": 1771503632,
"narHash": "sha256-on4vg7ctpMPzKWcvXPtV095aal6KUPDSKV9+I8HhQtY=", "narHash": "sha256-qvI2afshgl062MRRpal5s76PWFev0Vm1xv4hl2+wT/8=",
"owner": "0xc000022070", "owner": "0xc000022070",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "58aa8fb418e2853382d52453a6a7739125f2b8e0", "rev": "48e35b2df995cf65603f447d5d2e30c34e63cd3f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -4736,11 +4663,11 @@
"rust-overlay": "rust-overlay_10" "rust-overlay": "rust-overlay_10"
}, },
"locked": { "locked": {
"lastModified": 1766016463, "lastModified": 1771148613,
"narHash": "sha256-aWp608krMtk5I+c3GXyuHkb6ugah40cBI0R52fNqMiI=", "narHash": "sha256-nLzdw8jskekSRrunxBDCA0NCHr/2aJjcXqZ1Fcqm5eY=",
"owner": "dj95", "owner": "dj95",
"repo": "zjstatus", "repo": "zjstatus",
"rev": "9a4b88fdceee8eb2b8c28111c53e94254d61c994", "rev": "7a039f56da80681408454d6e175fde3f54b9e592",
"type": "github" "type": "github"
}, },
"original": { "original": {

8
flake.nix
View File

@@ -155,9 +155,9 @@
}; };
zen-browser = { zen-browser = {
url = "github:0xc000022070/zen-browser-flake"; url = "github:0xc000022070/zen-browser-flake";
# IMPORTANT: we're using "libgbm" and is only available in unstable so ensure # IMPORTANT: To ensure compatibility with the latest Firefox version, use nixpkgs-unstable.
# to have it up-to-date or simply don't specify the nixpkgs input
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
}; };
anyrun = { anyrun = {
@@ -252,10 +252,6 @@
hytale-launcher = { hytale-launcher = {
url = "github:JPyke3/hytale-launcher-nix"; url = "github:JPyke3/hytale-launcher-nix";
}; };
mixid = {
url = "github:leguteape/MixiD";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {

30
home/accounts/fastmail.nix
View File

@@ -5,8 +5,10 @@
}: { }: {
sops = { sops = {
secrets."accounts/mail/fastmail" = {}; secrets."accounts/mail/fastmail" = {};
secrets."accounts/calendar/fastmail" = {};
}; };
accounts.email = { accounts = {
email = {
maildirBasePath = "Mail"; maildirBasePath = "Mail";
accounts = { accounts = {
fastmail = rec { fastmail = rec {
@@ -29,9 +31,6 @@
port = 465; port = 465;
tls.enable = true; tls.enable = true;
}; };
imapnotify = {
enable = true;
};
passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"]; passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"];
mbsync = { mbsync = {
enable = true; enable = true;
@@ -40,8 +39,27 @@
}; };
}; };
}; };
programs.mbsync.enable = true; calendar = {
services.mbsync.enable = pkgs.stdenv.isLinux; basePath = "Calendar";
accounts = {
fastmail = {
remote = {
url = "https://caldav.fastmail.com/dav/calendars/user/email@uttarayan.me";
userName = "email@uttarayan.me";
passwordCommand = ["cat" "${config.sops.secrets."accounts/calendar/fastmail".path}"];
type = "caldav";
};
khal = {
enable = true;
addresses = ["email@uttarayan.me"];
};
vdirsyncer = {
enable = true;
};
};
};
};
};
# accounts.email.accounts.<name>.mbsync.create # accounts.email.accounts.<name>.mbsync.create
# services.mbsync.enable = true; # services.mbsync.enable = true;
} }

9
home/apps/affine.nix Normal file
View File

@@ -0,0 +1,9 @@
{
pkgs,
lib,
...
}: {
home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.affine
];
}

12
home/apps/default.nix
View File

@@ -13,15 +13,21 @@ lib.optionalAttrs device.hasGui {
# ./ida.nix # ./ida.nix
# ./jellyflix.nix # ./jellyflix.nix
# ./kicad.nix # ./kicad.nix
# ./lmstudio.nix
# ./neovide.nix # ./neovide.nix
# ./openscad.nix # ./openscad.nix
# ./orcaslicer.nix
# ./pcsx2.nix # ./pcsx2.nix
# ./prismlauncher.nix
# ./rpcs3.nix # ./rpcs3.nix
# ./shadps4.nix
# ./thunderbird.nix # ./thunderbird.nix
# ./tsukimi.nix # ./tsukimi.nix
# ./vial.nix # ./vial.nix
# ./vlc.nix
# ./vscode.nix # ./vscode.nix
./affine.nix
./blueman.nix ./blueman.nix
./chromium.nix ./chromium.nix
./discord.nix ./discord.nix
@@ -29,16 +35,12 @@ lib.optionalAttrs device.hasGui {
./ghostty.nix ./ghostty.nix
./hyprpicker.nix ./hyprpicker.nix
./kitty.nix ./kitty.nix
./lmstudio.nix ./matrix.nix
./mpv.nix ./mpv.nix
./nextcloud.nix ./nextcloud.nix
./obs-studio.nix ./obs-studio.nix
./orcaslicer.nix
./prismlauncher.nix
./shadps4.nix
./slack.nix ./slack.nix
./vicinae.nix ./vicinae.nix
./vlc.nix
./wezterm.nix ./wezterm.nix
./zathura.nix ./zathura.nix
./zed.nix ./zed.nix

12
home/apps/matrix.nix Normal file
View File

@@ -0,0 +1,12 @@
{
pkgs,
lib,
device,
...
}: {
home.packages = lib.optionals (device.is "ryu") [
pkgs.fluffychat
pkgs.fractal
# pkgs.quaternion
];
}

28
home/apps/mpv.nix
View File

@@ -8,20 +8,20 @@
loop-playlist = "inf"; loop-playlist = "inf";
}; };
profiles = { profiles = {
hdr = { # hdr = {
vo = "gpu-next"; # vo = "gpu-next";
gpu-api = "vulkan"; # gpu-api = "vulkan";
hdr-compute-peak = "yes"; # hdr-compute-peak = "yes";
hdr-peak-detect = "yes"; # hdr-peak-detect = "yes";
target-peak = 400; # target-peak = 400;
target-prim = "bt.2020"; # target-prim = "bt.2020";
target-trc = "pq"; # target-trc = "pq";
inverse-tone-mapping = "yes"; # inverse-tone-mapping = "yes";
tone-mapping = "spline"; # tone-mapping = "spline";
tone-mapping-mode = "auto"; # tone-mapping-mode = "auto";
target-colorspace-hint = "auto"; # target-colorspace-hint = "auto";
gamut-mapping = "desaturate"; # gamut-mapping = "desaturate";
}; # };
}; };
}; };
} }

6
home/apps/vicinae.nix
View File

@@ -12,7 +12,9 @@
autoStart = true; autoStart = true;
}; };
}; };
home.packages = with pkgs; [ home.packages = with pkgs;
pulseaudio lib.optionals (device.is "ryu") [
# pulseaudio
playerctl
]; ];
} }

43
home/apps/zen.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
inputs, inputs,
device, device,
config,
... ...
}: { }: {
imports = [ imports = [
@@ -10,6 +11,47 @@
programs.zen-browser = { programs.zen-browser = {
enable = device.isLinux; enable = device.isLinux;
profiles.default = { profiles.default = {
containersForce = true;
containers = {
Personal = {
color = "purple";
icon = "fingerprint";
id = 1;
};
Work = {
color = "blue";
icon = "briefcase";
id = 2;
};
Shopping = {
color = "yellow";
icon = "dollar";
id = 3;
};
};
spacesForce = true;
spaces = let
containers = config.programs.zen-browser.profiles."default".containers;
in {
"Personal" = {
id = "";
icon = "👤";
container = containers."Personal".id;
position = 1000;
};
"Work" = {
id = "00bdd434-e31b-4e2b-b8f5-fa7055631a64";
icon = "💼";
container = containers."Work".id;
position = 2000;
};
"Shopping" = {
id = "77452260-56e6-4c9e-8d5f-417958bc4fa4";
icon = "💸";
container = containers."Shopping".id;
position = 3000;
};
};
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
privacy-badger privacy-badger
violentmonkey violentmonkey
@@ -42,5 +84,6 @@
Fingerprinting = true; Fingerprinting = true;
}; };
}; };
suppressXdgMigrationWarning = true;
}; };
} }

1
home/default.nix
View File

@@ -27,6 +27,7 @@
home-manager = { home-manager = {
enable = true; enable = true;
}; };
man.generateCaches = true;
}; };
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

35
home/programs/attic.nix Normal file
View File

@@ -0,0 +1,35 @@
{
pkgs,
lib,
config,
...
}: let
attic-unwrapped = pkgs.attic-client.overrideAttrs (oldAttrs: {
patches =
(oldAttrs.patches or [])
++ [
# PR #309: Add environment variable support for login
# https://github.com/zhaofengli/attic/pull/309
(pkgs.fetchpatch {
url = "https://github.com/zhaofengli/attic/pull/309.patch";
hash = "sha256-mDoxA+e2bBZDvERp03SyYvkEdtH/bfWtZqKZv0uCS0M=";
})
];
});
in {
sops.secrets."attic/token" = {};
home.packages = [
(pkgs.stdenv.mkDerivation {
pname = "attic-client";
version = "0.1.0";
src = attic-unwrapped;
buildInputs = [];
nativeBuildInputs = [pkgs.makeWrapper];
installPhase = ''
install -Dm755 $src/bin/attic $out/bin/attic
wrapProgram $out/bin/attic \
--run "export ATTIC_LOGIN_TOKEN=\`cat -v ${config.sops.secrets."attic/token".path}\`"
'';
})
];
}

2
home/programs/blobdrop.nix
View File

@@ -4,5 +4,5 @@
lib, lib,
... ...
}: { }: {
home.packages = lib.optionals (device.name != "shiro") [pkgs.blobdrop]; home.packages = lib.optionals (device.name == "ryu") [pkgs.blobdrop];
} }

6
home/programs/calendar.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
programs.khal.enable = true;
programs.qcal.enable = true;
programs.vdirsyncer.enable = true;
accounts.calendar.accounts.fastmail.qcal.enable = true;
}

9
home/programs/carapace.nix
View File

@@ -1,13 +1,8 @@
{ {...}: {
pkgs,
lib,
device,
...
}: {
programs. programs.
carapace = { carapace = {
enable = false; enable = false;
enableFishIntegration = true; enableFishIntegration = false;
enableNushellIntegration = true; enableNushellIntegration = true;
}; };
} }

1
home/programs/cargo.nix
View File

@@ -13,6 +13,7 @@ in
[alias] [alias]
lldb = ["with", "rust-lldb", "--"] lldb = ["with", "rust-lldb", "--"]
t = ["nextest", "run"] t = ["nextest", "run"]
pkgs = ["metadata", "--no-deps", "--format-version", "1"]
[net] [net]
git-fetch-with-cli = true git-fetch-with-cli = true

27
home/programs/cfcli.nix Normal file
View File

@@ -0,0 +1,27 @@
{
pkgs,
lib,
config,
...
}: {
sops.secrets."cloudflare/darksailor_dev_api_key" = {};
home.packages = [
# (pkgs.stdenv.mkDerivation {
# pname = "cfcli";
# version = "0.1.0";
# buildInputs = [pkgs.cloudflare-cli];
# nativeBuildInputs = [pkgs.makeWrapper];
# installPhase = ''
# $out/bin/cfcli \
# --run "export CF_API_KEY=\`cat -v ${config.sops.secrets."cloudflare/darksailor_dev_api_key".path}\`"
# '';
# })
(pkgs.writeShellScriptBin
"cfcli"
''
#!/bin/sh
export CF_API_KEY="$(cat -v ${config.sops.secrets."cloudflare/darksailor_dev_api_key".path})"
exec ${pkgs.cloudflare-cli}/bin/cfcli "$@"
'')
];
}

39
home/programs/default.nix
View File

@@ -4,12 +4,31 @@
... ...
}: { }: {
imports = [ imports = [
# ./bluetui.nix
# ./goread.nix
# ./helix.nix
# ./magika.nix
# ./mpd.nix
# ./mpris-scrobbler.nix
# ./ncmpcpp.nix
# ./newsboat.nix
# ./nh.nix
# ./ryujinx.nix
# ./sxiv.nix
# ./tea.nix
# ./template.nix
# ./tuifeed.nix
# ./xh.nix
# ./zellij.nix
../../modules ../../modules
./1password-cli.nix ./1password-cli.nix
./aichat.nix ./aichat.nix
./alejandra.nix ./alejandra.nix
./aria2.nix ./aria2.nix
./ast-grep.nix ./ast-grep.nix
./attic.nix
./atuin.nix ./atuin.nix
./bat.nix ./bat.nix
./binwalk.nix ./binwalk.nix
@@ -17,8 +36,10 @@
./bottom.nix ./bottom.nix
./btop.nix ./btop.nix
./cachix.nix ./cachix.nix
./calendar.nix
./carapace.nix ./carapace.nix
./cargo.nix ./cargo.nix
./cfcli.nix
./ddcbacklight.nix ./ddcbacklight.nix
./deploy-rs.nix ./deploy-rs.nix
./direnv.nix ./direnv.nix
@@ -37,6 +58,7 @@
./himalaya.nix ./himalaya.nix
./hyprshade.nix ./hyprshade.nix
./jq.nix ./jq.nix
./jujutsu.nix
./just.nix ./just.nix
./ncpamixer.nix ./ncpamixer.nix
./neomutt.nix ./neomutt.nix
@@ -60,21 +82,6 @@
./yazi.nix ./yazi.nix
./yt-dlp.nix ./yt-dlp.nix
./zoxide.nix ./zoxide.nix
# ./bluetui.nix ./yq.nix
# ./goread.nix
# ./helix.nix
# ./magika.nix
# ./mpd.nix
# ./mpris-scrobbler.nix
# ./ncmpcpp.nix
# ./newsboat.nix
# ./nh.nix
# ./ryujinx.nix
# ./sxiv.nix
# ./tea.nix
# ./template.nix
# ./tuifeed.nix
# ./xh.nix
# ./zellij.nix
]; ];
} }

1
home/programs/fish.nix
View File

@@ -43,6 +43,7 @@
''} ''}
''; '';
}; };
home.shell.enableFishIntegration = true;
} }
// lib.optionalAttrs (!(device.is "tsuba")) { // lib.optionalAttrs (!(device.is "tsuba")) {
stylix.targets.fish.enable = false; stylix.targets.fish.enable = false;

1
home/programs/jujutsu.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.jujutsu];}

44
home/programs/neomutt.nix
View File

@@ -1,4 +1,9 @@
{pkgs, ...}: { {pkgs, ...}: let
theme = builtins.fetchurl {
url = "https://raw.githubusercontent.com/catppuccin/neomutt/refs/heads/main/neomuttrc";
sha256 = "sha256:1q086p5maqwxa4gh6z8g7h3nfavdmkbql025ibdhglpz46hsq0hs";
};
in {
programs.neomutt = { programs.neomutt = {
enable = true; enable = true;
vimKeys = true; vimKeys = true;
@@ -6,6 +11,9 @@
sidebar = { sidebar = {
enable = true; enable = true;
}; };
extraConfig = ''
source ${theme}
'';
}; };
programs.notmuch = { programs.notmuch = {
enable = true; enable = true;
@@ -17,4 +25,38 @@
enable = true; enable = true;
neomutt.enable = true; neomutt.enable = true;
}; };
services.imapnotify = {
enable = true;
path = [pkgs.coreutils pkgs.isync pkgs.libnotify];
};
accounts.email.accounts.fastmail.imapnotify = {
enable = true;
boxes = ["Inbox"];
onNotify = "${pkgs.writeShellScript "mbsync-notify" ''
${pkgs.isync}/bin/mbsync $1
${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1"
''} %s";
};
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# launchd.agents.mbsync = {
# enable = true;
# config = {
# # A label for the service
# Label = "dev.darksailor.atuin-daemon";
# # The command to run
# ProgramArguments = [
# "${pkgs.atuin}/bin/atuin"
# "daemon"
# ];
# # Run the service when you log in
# RunAtLoad = true;
# # Keep the process alive, or restart if it dies
# KeepAlive = true;
# # Log files
# StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
# StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
# };
# };
} }

1
home/programs/nushell.nix
View File

@@ -26,4 +26,5 @@
} }
''; '';
}; };
home.shell.enableNushellIntegration = true;
} }

15
home/programs/opencode.nix
View File

@@ -6,5 +6,20 @@
lib.optionalAttrs (device.is "ryu" || device.is "kuro") { lib.optionalAttrs (device.is "ryu" || device.is "kuro") {
programs.opencode = { programs.opencode = {
enable = true; enable = true;
settings.provider = {
ollama = {
models = {
"glm-4.7-flash" = {
# "_launch" = true;
name = "glm-4.7-flash";
};
};
name = "Ollama (local)";
npm = "@ai-sdk/openai-compatible";
options = {
baseURL = "https://ollama.darksailor.dev/v1";
};
};
};
}; };
} }

1
home/programs/yazi.nix
View File

@@ -17,5 +17,6 @@
cache_dir = config.home.homeDirectory + "/.cache/yazi/previews"; cache_dir = config.home.homeDirectory + "/.cache/yazi/previews";
}; };
}; };
shellWrapperName = "yy";
}; };
} }

1
home/programs/yq.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.yq];}

4
home/services/hyprland.nix
View File

@@ -61,9 +61,9 @@
{ {
output = device.monitors.secondary; output = device.monitors.secondary;
mode = "2560x1440@170"; mode = "2560x1440@170";
position = "-1440x-1120"; position = "-2560x0";
scale = 1; scale = 1;
transform = 1; transform = 0;
} }
{ {
output = device.monitors.tertiary; output = device.monitors.tertiary;

3
home/services/hyprpaper.nix
View File

@@ -9,6 +9,7 @@
nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name; nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
# silksongFleas = nextcloudWallpapers "silksong-fleas.jpg"; # silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
bocchiVertical = nextcloudWallpapers "bocchi-vertical.jpg"; bocchiVertical = nextcloudWallpapers "bocchi-vertical.jpg";
silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
in { in {
enable = device.is "ryu"; enable = device.is "ryu";
settings = { settings = {
@@ -16,7 +17,7 @@
wallpaper = [ wallpaper = [
{ {
monitor = device.monitors.primary; monitor = device.monitors.primary;
path = wallpapers.skull; path = silksongShadeLord;
fit_mode = "cover"; fit_mode = "cover";
} }
{ {

2
justfile
View File

@@ -41,3 +41,5 @@ add program:
alejandra fmt home/programs/{{program}}.nix home/programs/default.nix alejandra fmt home/programs/{{program}}.nix home/programs/default.nix
git add home/programs/{{program}}.nix git add home/programs/{{program}}.nix
# add-secret secret:
# openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml {{secret}}

162
modules/nixos/affine.nix Normal file
View File

@@ -0,0 +1,162 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.services.affine;
dbName = "affine";
dbUser = "affine";
in {
options.services.affine = {
enable = mkEnableOption "AFFiNE self-hosted workspace";
port = mkOption {
type = types.port;
default = 3010;
description = "Port for the AFFiNE server to listen on";
};
domain = mkOption {
type = types.str;
description = "Public domain for AFFiNE (e.g. notes.darksailor.dev)";
};
imageTag = mkOption {
type = types.str;
default = "stable";
description = "Docker image tag for AFFiNE (stable, beta, canary)";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/affine";
description = "Base data directory for AFFiNE storage";
};
environmentFiles = mkOption {
type = types.listOf types.path;
default = [];
description = "Environment files containing secrets (DB password, etc.)";
};
};
config = mkIf cfg.enable {
# Create data directories
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0755 root root -"
"d ${cfg.dataDir}/storage 0755 root root -"
"d ${cfg.dataDir}/config 0755 root root -"
"d ${cfg.dataDir}/postgres 0700 root root -"
"d ${cfg.dataDir}/redis 0755 root root -"
];
virtualisation.oci-containers = {
backend = "docker";
containers = {
affine-postgres = {
image = "pgvector/pgvector:pg16";
volumes = [
"${cfg.dataDir}/postgres:/var/lib/postgresql/data"
];
environment = {
POSTGRES_USER = dbUser;
POSTGRES_DB = dbName;
POSTGRES_INITDB_ARGS = "--data-checksums";
POSTGRES_HOST_AUTH_METHOD = "trust";
};
environmentFiles = cfg.environmentFiles;
extraOptions = [
"--health-cmd=pg_isready -U ${dbUser} -d ${dbName}"
"--health-interval=10s"
"--health-timeout=5s"
"--health-retries=5"
];
networks = ["affine-net"];
};
affine-redis = {
image = "redis:7";
volumes = [
"${cfg.dataDir}/redis:/data"
];
networks = ["affine-net"];
extraOptions = [
"--health-cmd=redis-cli --raw incr ping"
"--health-interval=10s"
"--health-timeout=5s"
"--health-retries=5"
];
};
affine = {
image = "ghcr.io/toeverything/affine:${cfg.imageTag}";
ports = ["127.0.0.1:${toString cfg.port}:3010"];
dependsOn = [
"affine-postgres"
"affine-redis"
"affine-migration"
];
volumes = [
"${cfg.dataDir}/storage:/root/.affine/storage"
"${cfg.dataDir}/config:/root/.affine/config"
];
environment = {
AFFINE_SERVER_PORT = "3010";
AFFINE_SERVER_HOST = cfg.domain;
AFFINE_SERVER_HTTPS = "true";
AFFINE_SERVER_EXTERNAL_URL = "https://${cfg.domain}";
REDIS_SERVER_HOST = "affine-redis";
DATABASE_URL = "postgresql://${dbUser}:$${AFFINE_DB_PASSWORD:-affine}@affine-postgres:5432/${dbName}";
AFFINE_INDEXER_ENABLED = "false";
};
environmentFiles = cfg.environmentFiles;
networks = ["affine-net"];
};
affine-migration = {
image = "ghcr.io/toeverything/affine:${cfg.imageTag}";
dependsOn = [
"affine-postgres"
"affine-redis"
];
volumes = [
"${cfg.dataDir}/storage:/root/.affine/storage"
"${cfg.dataDir}/config:/root/.affine/config"
];
cmd = ["sh" "-c" "node ./scripts/self-host-predeploy.js"];
environment = {
REDIS_SERVER_HOST = "affine-redis";
DATABASE_URL = "postgresql://${dbUser}:$${AFFINE_DB_PASSWORD:-affine}@affine-postgres:5432/${dbName}";
AFFINE_INDEXER_ENABLED = "false";
};
environmentFiles = cfg.environmentFiles;
networks = ["affine-net"];
};
};
};
# Create the Docker network
# systemd.services.affine-network = {
# description = "Create AFFiNE Docker network";
# after = ["docker.service"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# # ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net";
# # ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net";
# };
# };
#
# Ensure containers start after the network is created
# systemd.services.docker-affine.after = ["affine-network.service"];
# systemd.services.docker-affine.requires = ["affine-network.service"];
# systemd.services.docker-affine-postgres.after = ["affine-network.service"];
# systemd.services.docker-affine-postgres.requires = ["affine-network.service"];
# systemd.services.docker-affine-redis.after = ["affine-network.service"];
# systemd.services.docker-affine-redis.requires = ["affine-network.service"];
# systemd.services.docker-affine-migration.after = ["affine-network.service"];
# systemd.services.docker-affine-migration.requires = ["affine-network.service"];
};
}

480
modules/nixos/caddy/default.nix
View File

@@ -1,480 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.caddy;
certs = config.security.acme.certs;
virtualHosts = attrValues cfg.virtualHosts;
acmeEnabledVhosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
vhostCertNames = unique (map (hostOpts: hostOpts.useACMEHost) acmeEnabledVhosts);
dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
mkVHostConf = hostOpts: let
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
in ''
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
${optionalString (
hostOpts.listenAddresses != []
) "bind ${concatStringsSep " " hostOpts.listenAddresses}"}
${optionalString (
hostOpts.useACMEHost != null
) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
log {
${hostOpts.logFormat}
}
${hostOpts.extraConfig}
}
'';
settingsFormat = pkgs.formats.json {};
configFile =
if cfg.settings != {}
then settingsFormat.generate "caddy.json" cfg.settings
else let
Caddyfile = pkgs.writeTextDir "Caddyfile" ''
{
${cfg.globalConfig}
}
${cfg.extraConfig}
${concatMapStringsSep "\n" mkVHostConf virtualHosts}
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {} ''
mkdir -p $out
cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
'';
in "${
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
then Caddyfile-formatted
else Caddyfile
}/Caddyfile";
etcConfigFile = "caddy/caddy_config";
configPath = "/etc/${etcConfigFile}";
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
in {
imports = [
(mkRemovedOptionModule [
"services"
"caddy"
"agree"
] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
(mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
];
# interface
options.services.caddy = {
enable = mkEnableOption "Caddy web server";
user = mkOption {
default = "caddy";
type = types.str;
description = ''
User account under which caddy runs.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the Caddy service starts.
:::
'';
};
group = mkOption {
default = "caddy";
type = types.str;
description = ''
Group under which caddy runs.
::: {.note}
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the Caddy service starts.
:::
'';
};
package = mkPackageOption pkgs "caddy" {};
dataDir = mkOption {
type = types.path;
default = "/var/lib/caddy";
description = ''
The data directory for caddy.
::: {.note}
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise you are responsible for ensuring
the directory exists with appropriate ownership and permissions.
Caddy v2 replaced `CADDYPATH` with XDG directories.
See <https://caddyserver.com/docs/conventions#file-locations>.
:::
'';
};
logDir = mkOption {
type = types.path;
default = "/var/log/caddy";
description = ''
Directory for storing Caddy access logs.
::: {.note}
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise the sysadmin is responsible for
ensuring the directory exists with appropriate ownership and permissions.
:::
'';
};
logFormat = mkOption {
type = types.lines;
default = ''
level ERROR
'';
example = literalExpression ''
mkForce "level INFO";
'';
description = ''
Configuration for the default logger. See
<https://caddyserver.com/docs/caddyfile/options#log>
for details.
'';
};
configFile = mkOption {
type = types.path;
default = configFile;
defaultText = "A Caddyfile automatically generated by values from services.caddy.*";
example = literalExpression ''
pkgs.writeText "Caddyfile" '''
example.com
root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server
''';
'';
description = ''
Override the configuration file used by Caddy. By default,
NixOS generates one automatically.
The configuration file is exposed at {file}`${configPath}`.
'';
};
adapter = mkOption {
default =
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
then "caddyfile"
else null;
defaultText = literalExpression ''
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
'';
example = literalExpression "nginx";
type = with types; nullOr str;
description = ''
Name of the config adapter to use.
See <https://caddyserver.com/docs/config-adapters>
for the full list.
If `null` is specified, the `--adapter` argument is omitted when
starting or restarting Caddy. Notably, this allows specification of a
configuration file in Caddy's native JSON format, as long as the
filename does not start with `Caddyfile` (in which case the `caddyfile`
adapter is implicitly enabled). See
<https://caddyserver.com/docs/command-line#caddy-run> for details.
::: {.note}
Any value other than `null` or `caddyfile` is only valid when providing
your own `configFile`.
:::
'';
};
resume = mkOption {
default = false;
type = types.bool;
description = ''
Use saved config, if any (and prefer over any specified configuration passed with `--config`).
'';
};
globalConfig = mkOption {
type = types.lines;
default = "";
example = ''
debug
servers {
protocol {
experimental_http3
}
}
'';
description = ''
Additional lines of configuration appended to the global config section
of the `Caddyfile`.
Refer to <https://caddyserver.com/docs/caddyfile/options#global-options>
for details on supported values.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
example.com {
encode gzip
log
root /srv/http
}
'';
description = ''
Additional lines of configuration appended to the automatically
generated `Caddyfile`.
'';
};
virtualHosts = mkOption {
type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
default = {};
example = literalExpression ''
{
"hydra.example.com" = {
serverAliases = [ "www.hydra.example.com" ];
extraConfig = '''
encode gzip
root * /srv/http
''';
};
};
'';
description = ''
Declarative specification of virtual hosts served by Caddy.
'';
};
acmeCA = mkOption {
default = null;
example = "https://acme-v02.api.letsencrypt.org/directory";
type = with types; nullOr str;
description = ''
::: {.note}
Sets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca)
in the global options block of the resulting Caddyfile.
:::
The URL to the ACME CA's directory. It is strongly recommended to set
this to `https://acme-staging-v02.api.letsencrypt.org/directory` for
Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)
while testing or in development.
Value `null` should be prefered for production setups,
as it omits the `acme_ca` option to enable
[automatic issuer fallback](https://caddyserver.com/docs/automatic-https#issuer-fallback).
'';
};
email = mkOption {
default = null;
type = with types; nullOr str;
description = ''
Your email address. Mainly used when creating an ACME account with your
CA, and is highly recommended in case there are problems with your
certificates.
'';
};
enableReload = mkOption {
default = true;
type = types.bool;
description = ''
Reload Caddy instead of restarting it when configuration file changes.
Note that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin)
to not be turned off.
If you enable this option, consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period)
to a non-infinite value in {option}`services.caddy.globalConfig`
to prevent Caddy waiting for active connections to finish,
which could delay the reload essentially indefinitely.
'';
};
settings = mkOption {
type = settingsFormat.type;
default = {};
description = ''
Structured configuration for Caddy to generate a Caddy JSON configuration file.
See <https://caddyserver.com/docs/json/> for available options.
::: {.warning}
Using a [Caddyfile](https://caddyserver.com/docs/caddyfile) instead of a JSON config is highly recommended by upstream.
There are only very few exception to this.
Please use a Caddyfile via {option}`services.caddy.configFile`, {option}`services.caddy.virtualHosts` or
{option}`services.caddy.extraConfig` with {option}`services.caddy.globalConfig` instead.
:::
::: {.note}
Takes presence over most `services.caddy.*` options, such as {option}`services.caddy.configFile` and {option}`services.caddy.virtualHosts`, if specified.
:::
'';
};
environmentFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/run/secrets/caddy.env";
description = ''
Environment file as defined in {manpage}`systemd.exec(5)`.
You can use environment variables to pass secrets to the service without adding
them to the world-redable nix store.
```
# in configuration.nix
services.caddy.environmentFile = "/run/secrets/caddy.env";
services.caddy.globalConfig = '''
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
''';
```
```
# in /run/secrets/caddy.env
EAB_KEY_ID=secret
EAB_MAC_KEY=secret
```
Find more examples
[here](https://caddyserver.com/docs/caddyfile/concepts#environment-variables)
'';
};
};
# implementation
config = mkIf cfg.enable {
assertions =
[
{
assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
}
]
++ map (
name:
mkCertOwnershipAssertion {
cert = config.security.acme.certs.${name};
groups = config.users.groups;
services = [config.systemd.services.caddy];
}
)
vhostCertNames;
services.caddy.globalConfig = ''
${optionalString (cfg.email != null) "email ${cfg.email}"}
${optionalString (cfg.acmeCA != null) "acme_ca ${cfg.acmeCA}"}
log {
${cfg.logFormat}
}
'';
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000;
systemd.packages = [cfg.package];
systemd.services.caddy = {
wants = map (certName: "acme-finished-${certName}.target") vhostCertNames;
after =
map (certName: "acme-selfsigned-${certName}.service") vhostCertNames
++ map (certName: "acme-${certName}.service") independentCertNames; # avoid loading self-signed key w/ real cert, or vice-versa
before = map (certName: "acme-${certName}.service") dependentCertNames;
wantedBy = ["multi-user.target"];
startLimitIntervalSec = 14400;
startLimitBurst = 10;
reloadTriggers = optional cfg.enableReload cfg.configFile;
restartTriggers = optional (!cfg.enableReload) cfg.configFile;
serviceConfig = let
runOptions = ''--config ${configPath} ${
optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
}'';
in {
# Override the `ExecStart` line from upstream's systemd unit file by our own:
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
ExecStart = [
""
''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
];
# Validating the configuration before applying it ensures well get a proper error that will be reported when switching to the configuration
ExecReload =
[
""
]
++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
User = cfg.user;
Group = cfg.group;
ReadWritePaths = [cfg.dataDir];
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
Restart = "on-failure";
RestartPreventExitStatus = 1;
RestartSec = "5s";
EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
# TODO: attempt to upstream these options
NoNewPrivileges = true;
PrivateDevices = true;
ProtectHome = true;
};
};
users.users = optionalAttrs (cfg.user == "caddy") {
caddy = {
group = cfg.group;
uid = config.ids.uids.caddy;
home = cfg.dataDir;
};
};
users.groups = optionalAttrs (cfg.group == "caddy") {
caddy.gid = config.ids.gids.caddy;
};
security.acme.certs = let
certCfg =
map (
certName:
nameValuePair certName {
group = mkDefault cfg.group;
reloadServices = ["caddy.service"];
}
)
vhostCertNames;
in
listToAttrs certCfg;
environment.etc.${etcConfigFile}.source = cfg.configFile;
};
}

83
modules/nixos/caddy/vhost-options.nix
View File

@@ -1,83 +0,0 @@
{cfg}: {
config,
lib,
name,
...
}: let
inherit (lib) literalExpression mkOption types;
in {
options = {
hostName = mkOption {
type = types.str;
default = name;
description = "Canonical hostname for the server.";
};
serverAliases = mkOption {
type = with types; listOf str;
default = [];
example = [
"www.example.org"
"example.org"
];
description = ''
Additional names of virtual hosts served by this virtual host configuration.
'';
};
listenAddresses = mkOption {
type = with types; listOf str;
description = ''
A list of host interfaces to bind to for this virtual host.
'';
default = [];
example = [
"127.0.0.1"
"::1"
];
};
useACMEHost = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
A host of an existing Let's Encrypt certificate to use.
This is mostly useful if you use DNS challenges but Caddy does not
currently support your provider.
*Note that this option does not create any certificates, nor
does it add subdomains to existing ones you will need to create them
manually using [](#opt-security.acme.certs).*
'';
};
logFormat = mkOption {
type = types.lines;
default = ''
output file ${cfg.logDir}/access-${lib.replaceStrings ["/" " "] ["_" "_"] config.hostName}.log
'';
defaultText = ''
output file ''${config.services.caddy.logDir}/access-''${hostName}.log
'';
example = literalExpression ''
mkForce '''
output discard
''';
'';
description = ''
Configuration for HTTP request logging (also known as access logs). See
<https://caddyserver.com/docs/caddyfile/directives/log#log>
for details.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines of configuration appended to this virtual host in the
automatically generated `Caddyfile`.
'';
};
};
}

30
neovim/default.nix
View File

@@ -620,6 +620,21 @@ in {
}; };
sources = { sources = {
cmdline = []; cmdline = [];
# default =
# rawLua
# /*
# lua
# */
# ''
# function(ctx)
# local success, node = pcall(vim.treesitter.get_node)
# if success and node and vim.tbl_contains({ 'comment', 'line_comment', 'block_comment' }, node:type()) then
# return { 'buffer' }
# else
# return { 'git', 'lsp', 'path', 'snippets', 'buffer', 'dictionary', 'ripgrep', 'tmux' }
# end
# end
# '';
default = [ default = [
"git" "git"
"lsp" "lsp"
@@ -628,6 +643,7 @@ in {
"path" "path"
"buffer" "buffer"
"ripgrep" "ripgrep"
# "tmux"
]; ];
providers = { providers = {
buffer = { buffer = {
@@ -639,23 +655,30 @@ in {
path = {}; path = {};
dictionary = { dictionary = {
module = "blink-cmp-dictionary"; module = "blink-cmp-dictionary";
name = "Dict"; name = "dict";
min_keyword_length = 3; min_keyword_length = 3;
opts = { opts = {
}; };
}; };
git = { git = {
module = "blink-cmp-git"; module = "blink-cmp-git";
name = "Git"; name = "git";
opts = { opts = {
# -- options for the blink-cmp-git # -- options for the blink-cmp-git
}; };
}; };
ripgrep = { ripgrep = {
module = "blink-ripgrep"; module = "blink-ripgrep";
name = "Ripgrep"; name = "ripgrep";
opts = {}; opts = {};
}; };
# tmux = {
# module = "blink-cmp-tmux";
# name = "tmux";
# opts = {
# triggered_only = false;
# };
# };
}; };
}; };
}; };
@@ -665,6 +688,7 @@ in {
blink-cmp-dictionary.enable = true; blink-cmp-dictionary.enable = true;
blink-cmp-copilot.enable = true; blink-cmp-copilot.enable = true;
blink-cmp-spell.enable = true; blink-cmp-spell.enable = true;
blink-cmp-tmux.enable = true;
blink-compat = { blink-compat = {
enable = true; enable = true;
settings.impersonate_nvim_cmp = true; settings.impersonate_nvim_cmp = true;

1
nixos/documentation.nix
View File

@@ -4,4 +4,5 @@
documentation.dev.enable = true; documentation.dev.enable = true;
documentation.doc.enable = true; documentation.doc.enable = true;
documentation.nixos.enable = true; documentation.nixos.enable = true;
documentation.man.generateCaches = true;
} }

6
nixos/ryu/apps/default.nix
View File

@@ -6,8 +6,12 @@
imports = [ imports = [
# ./alvr.nix # ./alvr.nix
./easyeffects.nix ./easyeffects.nix
./mixid.nix
./vr.nix ./vr.nix
./helvum.nix ./helvum.nix
# ./wine.nix
# ./virt.nix
./gparted.nix
./nvtop.nix
# ./qpwgraph.nix
]; ];
} }

3
nixos/ryu/apps/gparted.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [gparted];
}

4
nixos/ryu/apps/mixid.nix
View File

@@ -1,4 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [mixid];
services.udev.packages = with pkgs; [mixid];
}

3
nixos/ryu/apps/nvtop.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [nvtopPackages.nvidia];
}

3
nixos/ryu/apps/qpwgraph.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [qpwgraph];
}

6
nixos/ryu/apps/virt.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
virt-manager
quickemu
];
}

7
nixos/ryu/apps/wine.nix Normal file
View File

@@ -0,0 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
wine-wayland
winetricks
wineWowPackages.waylandFull
];
}

61
nixos/ryu/configuration.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
lib, lib,
device, device,
config,
... ...
}: { }: {
imports = [ imports = [
@@ -47,6 +48,7 @@
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user]; trusted-users = [device.user];
extra-sandbox-paths = [config.programs.ccache.cacheDir];
}; };
extraOptions = '' extraOptions = ''
build-users-group = nixbld build-users-group = nixbld
@@ -157,12 +159,31 @@
Name = "Ryu"; Name = "Ryu";
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
ControllerMode = "dual"; ControllerMode = "dual";
FactConnectable = "true"; FactConnectable = true;
Experimental = "true"; Experimental = true;
}; };
}; };
}; };
}; };
boot.extraModprobeConfig = ''
# Keep Bluetooth coexistence disabled for better BT audio stability
options iwlwifi bt_coex_active=0
# Enable software crypto (helps BT coexistence sometimes)
options iwlwifi swcrypto=1
# Disable power saving on Wi-Fi module to reduce radio state changes that might disrupt BT
options iwlwifi power_save=0
# Disable Unscheduled Automatic Power Save Delivery (U-APSD) to improve BT audio stability
options iwlwifi uapsd_disable=1
# Disable D0i3 power state to avoid problematic power transitions
options iwlwifi d0i3_disable=1
# Set power scheme for performance (iwlmvm)
options iwlmvm power_scheme=1
'';
networking = { networking = {
interfaces.eno1.wakeOnLan = { interfaces.eno1.wakeOnLan = {
@@ -272,42 +293,6 @@
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
fonts.fontDir.enable = true; fonts.fontDir.enable = true;
environment = { environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
v4l-utils
polychromatic
openrazer-daemon
cudatoolkit
# Wine
wine-wayland
winetricks
wineWowPackages.waylandFull
virt-manager
gparted
nvtopPackages.nvidia
quickemu
# (nixvim.makeNixvim (import ../../neovim))
qpwgraph
hyprland
xorg.xhost
foot
git
fish
nushell
# (pkgs.wrapFirefox
# (pkgs.firefox-unwrapped.override {pipewireSupport = true;})
# {})
gnumake
python3
nerd-fonts.fira-code
nerd-fonts.hasklug
nerd-fonts.symbols-only
monaspace
ddcutil
libnotify
];
sessionVariables = { sessionVariables = {
WLR_NO_HARDWARE_CURSORS = "1"; WLR_NO_HARDWARE_CURSORS = "1";
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";

2
nixos/ryu/games/default.nix
View File

@@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./hytale.nix # ./hytale.nix
]; ];
} }

0
nixos/ryu/hardware/default.nix Normal file
View File

6
nixos/ryu/programs/ccache.nix Normal file
View File

@@ -0,0 +1,6 @@
{...}: {
programs.ccache = {
enable = true;
packageNames = ["ollama" "orca-slicer" "opencv" "onnxruntime" "obs-studio" "llama-cpp"];
};
}

3
nixos/ryu/programs/cuda.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [cudatoolkit];
}

3
nixos/ryu/programs/ddcutil.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [ddcutil];
}

12
nixos/ryu/programs/default.nix
View File

@@ -4,7 +4,7 @@
./steam.nix ./steam.nix
./1password.nix ./1password.nix
./localsend.nix ./localsend.nix
./appimage.nix # ./appimage.nix
./obs-studio.nix ./obs-studio.nix
./gnome-disks.nix ./gnome-disks.nix
./nix-ld.nix ./nix-ld.nix
@@ -12,5 +12,15 @@
./droidcam.nix ./droidcam.nix
./wireshark.nix ./wireshark.nix
./flatpak.nix ./flatpak.nix
./v4l-utils.nix
./razer.nix
./cuda.nix
./fonts.nix
./dev.nix
./shells.nix
./hyprland.nix
./foot.nix
./ddcutil.nix
./libnotify.nix
]; ];
} }

7
nixos/ryu/programs/dev.nix Normal file
View File

@@ -0,0 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
git
gnumake
python3
];
}

8
nixos/ryu/programs/fonts.nix Normal file
View File

@@ -0,0 +1,8 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
nerd-fonts.fira-code
nerd-fonts.hasklug
nerd-fonts.symbols-only
monaspace
];
}

3
nixos/ryu/programs/foot.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [foot];
}

6
nixos/ryu/programs/hyprland.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
hyprland
xorg.xhost
];
}

3
nixos/ryu/programs/libnotify.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [libnotify];
}

6
nixos/ryu/programs/razer.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
polychromatic
openrazer-daemon
];
}

6
nixos/ryu/programs/shells.nix Normal file
View File

@@ -0,0 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
fish
nushell
];
}

3
nixos/ryu/programs/v4l-utils.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [v4l-utils];
}

89
nixos/tako/services/affine.nix Normal file
View File

@@ -0,0 +1,89 @@
{config, ...}: let
domain = "notes.darksailor.dev";
in {
imports = [
../../../modules/nixos/affine.nix
];
# SOPS secrets
sops = {
secrets = {
"affine/db_password" = {};
"authelia/oidc/affine/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
"authelia/oidc/affine/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
};
templates."affine.env".content = ''
AFFINE_DB_PASSWORD=${config.sops.placeholder."affine/db_password"}
POSTGRES_PASSWORD=${config.sops.placeholder."affine/db_password"}
AFFINE_SERVER_EXTERNAL_URL=https://${domain}
'';
};
# Enable AFFiNE service
services.affine = {
enable = true;
inherit domain;
environmentFiles = [
config.sops.templates."affine.env".path
];
};
# Caddy reverse proxy with SSO forward auth
services.caddy.virtualHosts."${domain}".extraConfig = ''
reverse_proxy localhost:${toString config.services.affine.port}
'';
# Authelia access control rules
services.authelia.instances.darksailor.settings = {
access_control.rules = [
{
inherit domain;
policy = "bypass";
resources = [
"^/api/(sync|awareness)([/?].*)?$"
"^/socket\\.io([/?].*)?$"
];
}
{
inherit domain;
policy = "one_factor";
}
];
# OIDC client for AFFiNE
identity_providers.oidc.clients = [
{
client_name = "AFFiNE: Darksailor";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/affine/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/affine/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://${domain}/oauth/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
# Ensure containers start after secrets are available
systemd.services.docker-affine.after = ["sops-install-secrets.service"];
systemd.services.docker-affine-migration.after = ["sops-install-secrets.service"];
systemd.services.docker-affine-postgres.after = ["sops-install-secrets.service"];
}

21
nixos/tako/services/attic.nix
View File

@@ -1,16 +1,21 @@
{...}: { {config, ...}: let
address = "127.0.0.1:8052";
in {
sops = {
secrets."attic/jwt_secret" = {};
templates."attic.env".content = ''
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder."attic/jwt_secret"}
'';
};
services = { services = {
atticd = { atticd = {
enable = false; enable = true;
listen = "/run/attic.sock"; settings.listen = address;
environmentFile = config.sops.templates."attic.env".path;
}; };
caddy = { caddy = {
virtualHosts."cache.darksailor.dev".extraConfig = '' virtualHosts."cache.darksailor.dev".extraConfig = ''
reverse_proxy /run/attic.sock { reverse_proxy ${address}
transport http {
protocol = "fd"
}
}
''; '';
}; };
}; };

30
nixos/tako/services/default.nix
View File

@@ -1,29 +1,33 @@
{...}: { {...}: {
imports = [ imports = [
./games
# ./headscale.nix
./llms.nix
./monitoring.nix
# ./paperless.nix
./navidrome.nix
./shitpost.nix
./atuin.nix ./atuin.nix
./authelia.nix ./authelia.nix
./caddy.nix ./caddy.nix
./excalidraw.nix
./fail2ban.nix ./fail2ban.nix
./flaresolverr.nix
./gitea.nix
./homepage.nix ./homepage.nix
./immich.nix
./lldap.nix ./lldap.nix
./navidrome.nix
./nextcloud.nix ./nextcloud.nix
./openssh.nix ./openssh.nix
./prowlarr.nix
./resolved.nix ./resolved.nix
./searxng.nix
./tailscale.nix ./tailscale.nix
./gitea.nix
./affine.nix
./attic.nix
./excalidraw.nix
./flaresolverr.nix
# ./games
# ./headscale.nix
./immich.nix
./kellnr.nix ./kellnr.nix
# ./llms.nix
./matrix
# ./monitoring.nix
# ./paperless.nix
./prowlarr.nix
# ./searxng.nix
# ./shitpost.nix
]; ];
services = { services = {
nix-serve = { nix-serve = {

91
nixos/tako/services/excalidraw.nix
View File

@@ -1,30 +1,91 @@
{...}: { {config, ...}: let
dataDir = "/var/lib/excalidraw";
base_domain = "darksailor.dev";
in {
# SOPS secrets and templates
sops = {
secrets = {
"excalidraw/jwt_secret" = {};
"authelia/oidc/excalidraw/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
"authelia/oidc/excalidraw/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
};
templates."excalidraw.env".content = ''
OIDC_ISSUER_URL=https://auth.${base_domain}
OIDC_CLIENT_ID=${config.sops.placeholder."authelia/oidc/excalidraw/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."authelia/oidc/excalidraw/client_secret"}
OIDC_REDIRECT_URL=https://draw.${base_domain}/auth/callback
JWT_SECRET=${config.sops.placeholder."excalidraw/jwt_secret"}
STORAGE_TYPE=sqlite
DATA_SOURCE_NAME=excalidraw.db
LOCAL_STORAGE_PATH=/root/data
'';
};
# Create data directory and initialize SQLite DB
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 root root -"
"d ${dataDir}/data 0755 root root -"
"f ${dataDir}/excalidraw.db 0644 root root -"
];
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {
# Excalidraw Full backend
excalidraw = { excalidraw = {
image = "excalidraw/excalidraw:latest"; image = "ghcr.io/betterandbetterii/excalidraw-full:latest";
ports = ["127.0.0.1:5959:80"]; ports = ["127.0.0.1:3002:3002"];
volumes = []; environmentFiles = [
config.sops.templates."excalidraw.env".path
];
volumes = [
"${dataDir}/data:/root/data"
"${dataDir}/excalidraw.db:/root/excalidraw.db"
];
}; };
}; };
}; };
services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
import auth # Caddy reverse proxy
reverse_proxy localhost:5959 services.caddy.virtualHosts."draw.${base_domain}".extraConfig = ''
reverse_proxy localhost:3002
''; '';
services.authelia = {
instances.darksailor = { # Configure Authelia OIDC for Excalidraw
settings = { services.authelia.instances.darksailor.settings = {
access_control = { identity_providers = {
rules = [ oidc = {
clients = [
{ {
domain = "draw.darksailor.dev"; client_name = "Excalidraw: Darksailor";
policy = "one_factor"; client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/excalidraw/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/excalidraw/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://draw.${base_domain}/auth/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
} }
]; ];
}; };
}; };
}; };
};
} }

1
nixos/tako/services/fail2ban.nix
View File

@@ -16,6 +16,7 @@
ignoreIP = [ ignoreIP = [
"106.219.121.52" "106.219.121.52"
"106.219.122.125" "106.219.122.125"
"106.219.122.221"
]; ];
}; };
}; };

32
nixos/tako/services/gitea.nix
View File

@@ -79,22 +79,22 @@
}; };
}; };
}; };
# gitea-actions-runner = { gitea-actions-runner = {
# instances = { instances = {
# tako = { tako = {
# enable = true; enable = true;
# name = "tako"; name = "tako";
# url = "https://git.darksailor.dev"; url = "https://git.darksailor.dev";
# labels = [ labels = [
# "ubuntu-latest:docker://catthehacker/ubuntu:full-latest" "ubuntu-latest:docker://catthehacker/ubuntu:full-latest"
# "ubuntu-22.04:docker://catthehacker/ubuntu:full-22.04" "ubuntu-22.04:docker://catthehacker/ubuntu:full-22.04"
# "ubuntu-20.04:docker://catthehacker/ubuntu:full-20.04" "ubuntu-20.04:docker://catthehacker/ubuntu:full-20.04"
# "native:host" "native:host"
# ]; ];
# tokenFile = "${config.sops.templates."GITEA_REGISTRATION_TOKEN.env".path}"; tokenFile = "${config.sops.templates."GITEA_REGISTRATION_TOKEN.env".path}";
# }; };
# }; };
# }; };
caddy = { caddy = {
virtualHosts."git.darksailor.dev".extraConfig = '' virtualHosts."git.darksailor.dev".extraConfig = ''
reverse_proxy localhost:3000 reverse_proxy localhost:3000

12
nixos/tako/services/headscale.nix
View File

@@ -34,12 +34,12 @@
}; };
}; };
}; };
# headplane = { headplane = {
# enable = true; enable = true;
# settings = { settings = {
# server.port = 42562; server.port = 42562;
# }; };
# }; };
caddy = { caddy = {
virtualHosts."headscale.darksailor.dev".extraConfig = '' virtualHosts."headscale.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString config.services.headplane.settings.server.port} reverse_proxy localhost:${toString config.services.headplane.settings.server.port}

7
nixos/tako/services/matrix/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
imports = [
./tuwunel.nix
# ./signal.nix // libolm deprecated
# ./discord.nix
];
}

19
nixos/tako/services/matrix/discord.nix Normal file
View File

@@ -0,0 +1,19 @@
{...}: {
services.mautrix-discord = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:6167";
domain = "darksailor.dev";
};
appservice.public = {
prefix = "/public";
external = "https://matrix.darksailor.dev/public";
};
bridge.permissions = {
"darksailor.dev" = "user";
"@servius:darksailor.dev" = "admin";
};
};
};
}

5
nixos/tako/services/matrix/signal.nix Normal file
View File

@@ -0,0 +1,5 @@
{...}: {
services.mautrix-signal = {
enable = true;
};
}

193
nixos/tako/services/matrix/tuwunel.nix Normal file
View File

@@ -0,0 +1,193 @@
{
config,
pkgs,
...
}: let
port = 6167;
base_domain = "darksailor.dev";
client_id = "tuwunel";
rtc_domain = "matrix-rtc.${base_domain}";
jwt_port = 8081;
elementConfig = builtins.toJSON {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.${base_domain}";
};
};
sso_redirect_options = {
immediate = false;
on_welcome_page = true;
on_login_page = true;
};
};
elementConfigFile = pkgs.writeText "element-config.json" elementConfig;
in {
sops = {
secrets."tuwunel/client_id" = {
owner = config.services.matrix-tuwunel.user;
group = config.systemd.services.authelia-darksailor.serviceConfig.Group;
mode = "0440";
};
secrets."tuwunel/client_secret" = {
owner = config.services.matrix-tuwunel.user;
group = config.systemd.services.authelia-darksailor.serviceConfig.Group;
mode = "0440";
};
secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user;
secrets."livekit/key_name" = {};
secrets."livekit/key_secret" = {};
templates."livekit-keys".content = ''
${config.sops.placeholder."livekit/key_name"}: ${config.sops.placeholder."livekit/key_secret"}
'';
};
services.matrix-tuwunel = {
enable = true;
settings.global = {
server_name = "${base_domain}";
address = ["127.0.0.1"];
port = [port];
allow_registration = true;
registration_token_file = config.sops.secrets."tuwunel/registration_token".path;
single_sso = true;
identity_provider = [
{
inherit client_id;
brand = "Authelia";
name = "Authelia";
default = true;
issuer_url = "https://auth.${base_domain}";
client_secret_file = config.sops.secrets."tuwunel/client_secret".path;
callback_url = "https://matrix.${base_domain}/_matrix/client/unstable/login/sso/callback/${client_id}";
}
];
well_known = {
client = "https://matrix.${base_domain}";
server = "matrix.${base_domain}:443";
rtc_transports = [
{
type = "livekit";
livekit_service_url = "https://${rtc_domain}";
}
];
};
};
package = pkgs.matrix-tuwunel;
};
services.caddy.virtualHosts = {
"matrix.${base_domain}".extraConfig = ''
reverse_proxy /_matrix/* localhost:${toString port}
handle_path /config.json {
file_server
root ${elementConfigFile}
}
root * ${pkgs.element-web}
file_server
'';
"${base_domain}".extraConfig = ''
reverse_proxy /.well-known/* localhost:${toString port}
'';
"${rtc_domain}".extraConfig = ''
@jwt_service {
path /sfu/get* /healthz*
}
handle @jwt_service {
reverse_proxy localhost:${toString jwt_port}
}
handle {
reverse_proxy localhost:${toString config.services.livekit.settings.port} {
header_up Connection "upgrade"
header_up Upgrade {http.request.header.Upgrade}
}
}
'';
};
networking.firewall = {
allowedTCPPorts = [8448 7881];
allowedUDPPorts = [3478];
allowedUDPPortRanges = [
{
from = 50300;
to = 65535;
}
];
};
users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];
services.livekit = {
enable = true;
keyFile = config.sops.templates."livekit-keys".path;
openFirewall = true;
settings = {
rtc = {
tcp_port = 7881;
port_range_start = 50100;
port_range_end = 50200;
use_external_ip = true;
enable_loopback_candidate = false;
};
turn = {
enabled = true;
udp_port = 3478;
relay_range_start = 50300;
relay_range_end = 65535;
domain = rtc_domain;
};
};
};
services.lk-jwt-service = {
enable = true;
port = jwt_port;
livekitUrl = "wss://${rtc_domain}";
keyFile = config.sops.templates."livekit-keys".path;
};
services = {
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
claims_policies = {
tuwunel = {
id_token = [
"email"
"name"
"groups"
"preferred_username"
];
};
};
clients = [
{
inherit client_id;
client_name = "Matrix: Darksailor";
client_secret = ''{{ secret "${config.sops.secrets."tuwunel/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
# pkce_challenge_method = "S256";
redirect_uris = [
"https://matrix.${base_domain}/_matrix/client/unstable/login/sso/callback/${client_id}"
];
scopes = [
"openid"
"groups"
"email"
"profile"
];
response_types = ["code"];
response_modes = ["form_post"];
grant_types = ["refresh_token" "authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
};
}

30
nixos/tako/services/monitoring.nix
View File

@@ -382,21 +382,21 @@ in {
}; };
# Docker cAdvisor for container metrics # Docker cAdvisor for container metrics
virtualisation.oci-containers.containers.cadvisor = { # virtualisation.oci-containers.containers.cadvisor = {
image = "gcr.io/cadvisor/cadvisor:v0.49.1"; # image = "gcr.io/cadvisor/cadvisor:v0.49.1";
ports = ["127.0.0.1:${toString ports.cadvisor}:8080"]; # ports = ["127.0.0.1:${toString ports.cadvisor}:8080"];
volumes = [ # volumes = [
"/:/rootfs:ro" # "/:/rootfs:ro"
"/var/run:/var/run:ro" # "/var/run:/var/run:ro"
"/sys:/sys:ro" # "/sys:/sys:ro"
"/var/lib/docker/:/var/lib/docker:ro" # "/var/lib/docker/:/var/lib/docker:ro"
"/dev/disk/:/dev/disk:ro" # "/dev/disk/:/dev/disk:ro"
]; # ];
extraOptions = [ # extraOptions = [
"--privileged" # "--privileged"
"--device=/dev/kmsg" # "--device=/dev/kmsg"
]; # ];
}; # };
# Link dashboard files from Nix store to Grafana's expected location # Link dashboard files from Nix store to Grafana's expected location
systemd.tmpfiles.rules = let systemd.tmpfiles.rules = let

4
nixos/tako/services/navidrome.nix
View File

@@ -18,8 +18,8 @@ in {
enable = true; enable = true;
settings = { settings = {
MusicFolder = "/media/music"; MusicFolder = "/media/music";
ReverseProxyUserHeader = "Remote-User"; "ExtAuth.TrustedSources" = "@";
ReverseProxyWhitelist = "@"; "ExtAuth.UserHeader" = "Remote-User";
Address = "unix:${socket}"; Address = "unix:${socket}";
BaseUrl = "https://music.darksailor.dev"; BaseUrl = "https://music.darksailor.dev";
}; };

2
nixos/tako/services/openssh.nix
View File

@@ -2,6 +2,6 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password"; settings.PermitRootLogin = "no";
}; };
} }

1
overlays.nix
View File

@@ -291,7 +291,6 @@ in
inputs.headplane.overlays.default inputs.headplane.overlays.default
inputs.vicinae.overlays.default inputs.vicinae.overlays.default
inputs.eilmeldung.overlays.default inputs.eilmeldung.overlays.default
inputs.mixid.overlays.default
jellyfin jellyfin
libfprint libfprint
misc-applications misc-applications

31
secrets/secrets.yaml
View File

File diff suppressed because one or more lines are too long