rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(tree-wide): rm everything for rebase

Browse source
This commit is contained in:
Mohammad Rafiq 2025-07-02 21:51:34 +08:00
parent abfbb5aa09
commit c81d8dfc9f
No known key found for this signature in database
83 changed files with 0 additions and 4485 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
result
*.qcow2

7
.sops.yaml
View file

@ -1,7 +0,0 @@
keys:
- &admin age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
creation_rules:
- path_regex: \.(yaml|json|env|ini)$
key_groups:
- age:
- *admin

99
README.md
View file

@ -1,99 +0,0 @@
# Pantheon
This repository serves as a flake for storing nixos and nix-darwin configurations.
## Planning
### To-do
- [ ] Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation
- [ ] Migrate immich to apollo, point to helios
- [x] Migrate LibreChat to apollo, maintain db
- [ ] Figure out wakapi
- [x] Add forgejo
- [ ] Add simple blog
### Versions
- 1.0.0
- Setup desktop as hypervisor with nixos and win11
- Spare drive as steam library
- GPU passthrough to either system
- Always running, VMs spun down except when in use
- Apollo as hypervisor
- VMs for docker host, home-assistant, bare metal or containerised services
- Automated backups for home and state directories
- Ability to build VMs of all systems and implement integration tests
- Staging VMs for ad-hoc testing
- All servers set up with following services:
- Git server
- Chat app
- Network shares
- Federation with ActivityPub
- Wakapi
- Add a way to define services per host and refer to them by hostname
- helios as file and db server, apollo as services and reverse proxy
- 0.3.0
- Integration tests for all services
- Migrate services from helios
## Structure
- Each system configuration should be defined by a list of profiles, e.g. desktop, docker, server, etc.
- Each service should work with contracts e.g. reverse proxy provider and subscriber, databases, etc.
- Each system configuration should have an ephemeral root directory built from the nixosConfiguration at boot.
- Servers should be as minimal as possible (to reduce attack surface)
- All systems should be able to build as VMs
- CI should be set up for updating packages and testing in VMs
- Home configurations should work across darwin and nixos
- Home configurations should be dotfiles only, and packages should be configured from the system config (tentative)
- Packages should only be installed to the path if they are actively used. One use programs should be used via comma or scripts calling their packages.
## Modules
The nixosModules and homeModules exposed by this flake are slightly out of the norm.
Option declarations for user specific configuration are kept to:
- homeModules for CLI
- nixosModules for desktop
System configurations, to this end, should include the window manager, lockscreen, terminal etc. for that system.
These desktop programs will be **configured** in home-manager for each user, but those configurations consult the osConfig variable passed in by home-manager.
## System Setup
The following files are **required** for system activation:
- /persist/home/${mainUser}/.ssh/id_ed25519
This private key will be used by sops-nix to decrypt the secrets in [this encrypted file](secrets/secrets.yaml). The secrets inside the yaml file should also be set, or otherwise removed alongside their declarations , found [here](modules/nixos/system/secrets.nix) and references.
```bash
# On the target machine
# Boot into the NixOS installer
sudo passwd
# On the host machine
deploy --user "rafiq" --ip "10.10.0.102" --hostname "apollo"
```
### From a Local NixOS Installer
The installation may run out of space when installing from an install ISO. In that case, use Disko to format the drives first, then create a `/mnt/tmp` directory and set it as TMPDIR for nixos-install.
```bash
sudo su
nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/master -- --mode destroy,format,mount --flake github:rrvsh/pantheon#<HOSTNAME>
# Copy SSH key to /persist/home/rafiq/.ssh
mkdir /mnt/tmp
TMPDIR=/mnt/tmp nixos-install --flake github:rrvsh/pantheon#<HOSTNAME> --no-root-password
reboot
```
## Impermanence
System and user state is stored under /persist. Anything not declared under
`{environment,home}.persistence` is deleted on system boot.

1249
flake.lock generated
View file

File diff suppressed because it is too large Load diff

67
flake.nix
View file

@ -1,67 +0,0 @@
{
# TODO: use flake-parts and remove snowfall-lib
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } (
top@{
config,
withSystem,
moduleWithSystem,
...
}:
{
imports = [
# Optional: use external flake logic, e.g.
# inputs.foo.flakeModules.default
];
flake = inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
snowfall.namespace = "pantheon";
};
systems = [
# systems for which you want to build the `perSystem` attributes
"x86_64-linux"
# ...
];
perSystem =
{ config, pkgs, lib, ... }:
{
packages.default = pkgs.callPackage ./packages/rebuild {inherit pkgs lib;};
};
}
);
inputs = {
# We use nixos-unstable as everything is cached.
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# My fork for random shit
rrvsh-nixpkgs.url = "github:rrvsh/nixpkgs/librechat-module";
# import-tree lets us use less imports = []
import-tree.url = "github:vic/import-tree";
# The following are used for less boilerplate.
flake-parts.url = "github:hercules-ci/flake-parts";
#TODO: remove snowfall
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
};
# Various nix things
nur.url = "github:nix-community/NUR";
sops-nix.url = "github:Mic92/sops-nix";
disko.url = "github:nix-community/disko";
home-manager.url = "github:nix-community/home-manager";
impermanence.url = "github:nix-community/impermanence";
nix-index-database.url = "github:nix-community/nix-index-database";
stylix.url = "github:nix-community/stylix";
systems.url = "github:nix-systems/default";
# Packages and services that we don't use nixpkgs for.
rrv-sh.url = "github:rrvsh/rrv.sh";
nvf.url = "github:rrvsh/nvf/uv-nvim";
stable-diffusion-webui-nix.url = "github:rrvsh/stable-diffusion-webui-nix/fix/comfy-ui-data-directory";
zjstatus.url = "github:dj95/zjstatus";
};
}

38
homes/x86_64-linux/rafiq/cli/default.nix
View file

@ -1,38 +0,0 @@
{ pkgs, inputs, ... }:
{
imports = [ inputs.nix-index-database.hmModules.nix-index ];
programs = {
tealdeer.enable = true;
tealdeer.enableAutoUpdates = true;
direnv = {
enable = true;
nix-direnv.enable = true;
};
zoxide.enable = true;
nix-index.enable = true;
nix-index-database.comma.enable = true;
};
persistDirs = [ ".local/share/zoxide" ];
home = {
shellAliases = {
windows = "sudo systemctl reboot --boot-loader-entry=auto-windows";
v = "$EDITOR";
e = "edit";
cd = "z"; # zoxide
ai = "aichat -r %shell% -e";
};
packages = with pkgs; [
ripgrep
aichat
pantheon.rebuild
pantheon.deploy
pantheon.edit
pantheon.commit
];
};
xdg.configFile."aichat/config.yaml".text = ''
model: gemini:gemini-2.0-flash
clients:
- type: gemini
'';
}

25
homes/x86_64-linux/rafiq/cli/editor/_nvf/autocomplete.nix
View file

@ -1,25 +0,0 @@
{ lib }:
{
blink-cmp = {
enable = true;
friendly-snippets.enable = true;
sourcePlugins.ripgrep.enable = true;
setupOpts = {
# Disable completion in markdown files
# TODO: Disable completion when in comments
enabled =
lib.generators.mkLuaInline
# lua
''
function()
return not vim.tbl_contains({"markdown"}, vim.bo.filetype)
and vim.bo.buftype ~= "prompt"
and vim.b.completion ~= false
end
'';
completion.documentation.auto_show_delay_ms = 0;
# Show e.g. function parameters
signature.enabled = true;
};
};
}

3
homes/x86_64-linux/rafiq/cli/editor/_nvf/binds.nix
View file

@ -1,3 +0,0 @@
{
whichKey.enable = true;
}

36
homes/x86_64-linux/rafiq/cli/editor/_nvf/languages.nix
View file

@ -1,36 +0,0 @@
{
enableExtraDiagnostics = true;
enableFormat = true;
enableTreesitter = true;
bash.enable = true;
clang.enable = true;
csharp.enable = true;
css.enable = true;
go.enable = true;
html.enable = true;
lua.enable = true;
markdown = {
enable = true;
extensions.markview-nvim.enable = true;
format.type = "prettierd";
};
nix = {
enable = true;
format.type = "nixfmt";
lsp.server = "nil";
};
python = {
enable = true;
format.type = "ruff";
lsp.server = "pyright";
uv.enable = true;
uv.setupOpts.picker_integration = true;
};
rust.enable = true;
rust.crates.enable = true;
ts.enable = true;
ts.extensions.ts-error-translator.enable = true;
typst.enable = true;
typst.extensions.typst-preview-nvim.enable = true;
yaml.enable = true;
}

17
homes/x86_64-linux/rafiq/cli/editor/_nvf/lsp.nix
View file

@ -1,17 +0,0 @@
{
enable = true;
# Show virtual text hints
inlayHints.enable = true;
lightbulb.enable = true;
# Show icons for lsp actions
lspkind.enable = true;
null-ls.enable = true;
otter-nvim = {
enable = true;
setupOpts = {
buffers.set_filetype = true;
buffers.write_to_disk = true;
handle_leading_whitespace = true;
};
};
}

9
homes/x86_64-linux/rafiq/cli/editor/_nvf/navigation.nix
View file

@ -1,9 +0,0 @@
{
harpoon = {
enable = true;
mappings.listMarks = "<leader>ml";
mappings.markFile = "<leader>mm";
setupOpts.defaults.save_on_toggle = true;
setupOpts.defaults.sync_on_ui_close = true;
};
}

53
homes/x86_64-linux/rafiq/cli/editor/_nvf/snippets.nix
View file

@ -1,53 +0,0 @@
{ pkgs }:
{
luasnip = {
enable = true;
setupOpts.enable_autosnippets = true;
providers = with pkgs.vimPlugins; [ vim-snippets ];
loaders = "require('luasnip.loaders.from_vscode').lazy_load()";
customSnippets.snipmate = {
nix = [
{
trigger = "mod";
description = "empty module";
body = # nix
''
{config, lib, ...}:
let
cfg = config.$1;
in
{
options.$1 = { $2 };
config = $3;
}
'';
}
{
trigger = "flake";
body = # nix
''
{ config, ... }:
let
cfg = config.flake;
in
{
flake.modules.nixos.default =
{ config, ...}:
{
imports = [
$1
];
options = {
$2
};
config = {
$3
};
};
}
'';
}
];
};
};
}

10
homes/x86_64-linux/rafiq/cli/editor/_nvf/statusline.nix
View file

@ -1,10 +0,0 @@
{
lualine = {
enable = true;
refresh = {
statusline = 10;
winbar = 10;
};
#TODO: rice lualine
};
}

16
homes/x86_64-linux/rafiq/cli/editor/_nvf/ui.nix
View file

@ -1,16 +0,0 @@
{
borders = {
enable = true;
globalStyle = "rounded";
};
breadcrumbs.enable = true;
# Show color values e.g. #ffffff
colorizer.enable = true;
# Highlight matching symbols
illuminate.enable = true;
noice.enable = true;
noice.setupOpts.notify.enabled = false;
# Make folds look nicer
nvim-ufo.enable = true;
smartcolumn.enable = true;
}

11
homes/x86_64-linux/rafiq/cli/editor/_nvf/utility.nix
View file

@ -1,11 +0,0 @@
{
motion.hop.enable = true;
yazi-nvim = {
enable = true;
mappings = {
openYazi = "<leader>tt";
openYaziDir = "<leader>TT";
};
setupOpts.open_for_directories = true;
};
}

7
homes/x86_64-linux/rafiq/cli/editor/_nvf/visuals.nix
View file

@ -1,7 +0,0 @@
{
indent-blankline.enable = true;
fidget-nvim.enable = true;
fidget-nvim.setupOpts.notification.override_vim_notify = true;
nvim-web-devicons.enable = true;
rainbow-delimiters.enable = true;
}

47
homes/x86_64-linux/rafiq/cli/editor/default.nix
View file

@ -1,47 +0,0 @@
{
pkgs,
lib,
inputs,
...
}:
{
imports = [ inputs.nvf.homeManagerModules.default ];
home.sessionVariables.EDITOR = "nvim";
programs.nvf.enable = true;
programs.nvf.settings.vim = {
syntaxHighlighting = true;
hideSearchHighlight = true;
searchCase = "ignore";
undoFile.enable = true;
telescope.enable = true;
fzf-lua.enable = true;
git.enable = true;
autopairs.nvim-autopairs.enable = true;
autocomplete = import ./_nvf/autocomplete.nix { inherit lib; };
binds = import ./_nvf/binds.nix;
languages = import ./_nvf/languages.nix;
lsp = import ./_nvf/lsp.nix;
navigation = import ./_nvf/navigation.nix;
notes.todo-comments.enable = true;
options = {
autoindent = true;
backspace = "indent,eol,start";
cursorline = true;
expandtab = true;
shiftwidth = 2;
smartindent = true;
tabstop = 2;
};
snippets = import ./_nvf/snippets.nix { inherit pkgs; };
statusline = import ./_nvf/statusline.nix;
treesitter = {
autotagHtml = true;
fold = true;
indent.disable = [ "markdown" ];
textobjects.enable = true;
};
ui = import ./_nvf/ui.nix;
utility = import ./_nvf/utility.nix;
visuals = import ./_nvf/visuals.nix;
};
}

23
homes/x86_64-linux/rafiq/cli/fetch.nix
View file

@ -1,23 +0,0 @@
{ pkgs, ... }:
{
home = {
packages = [ pkgs.fastfetch ];
sessionVariables.FETCH = "hyfetch";
shellAliases.fetch = "hyfetch";
};
programs.hyfetch = {
enable = true;
settings = {
preset = "bisexual";
mode = "rgb";
light_dark = "dark";
lightness = 0.5;
color_align = {
# Flag color alignment
mode = "horizontal";
fore_back = null;
};
backend = "fastfetch";
};
};
}

8
homes/x86_64-linux/rafiq/cli/file-browser.nix
View file

@ -1,8 +0,0 @@
{
home.sessionVariables.FILE_BROWSER = "yazi";
programs.yazi = {
enable = true;
shellWrapperName = "t";
settings.mgr.sort_by = "natural";
};
}

5
homes/x86_64-linux/rafiq/cli/finder.nix
View file

@ -1,5 +0,0 @@
{
programs.fzf.enable = true;
#TODO: fish
programs.fzf.enableZshIntegration = true;
}

61
homes/x86_64-linux/rafiq/cli/multiplexer.nix
View file

@ -1,61 +0,0 @@
{
osConfig,
inputs,
pkgs,
...
}:
let
zjstatus = inputs.zjstatus.packages.${pkgs.stdenv.hostPlatform.system}.default;
in
{
home.sessionVariables.MULTIPLEXER = "zellij";
# Persists sessions
persistDirs = [ "/.cache/zellij" ];
programs.zellij = {
enable = true;
#TODO: fish
enableZshIntegration = true;
settings = {
pane_frames = false;
show_startup_tips = false;
show_release_notes = false;
};
};
xdg.configFile."zellij/layouts/default.kdl".text = # kdl
''
layout {
default_tab_template {
pane size=1 borderless=true {
plugin location="file:${zjstatus}/bin/zjstatus.wasm" {
format_left "{mode} ${osConfig.hostname}"
format_center "{tabs}"
format_right "{datetime}"
format_space ""
format_hide_on_overlength "true"
format_precedence "lrc"
border_enabled "false"
hide_frame_for_single_pane "false"
mode_default_to_mode "normal"
mode_normal "#[bg=#89B4FA] {name} "
mode_locked "#[bg=#f55e18] {name} "
mode_session "#[bg=#00ff00] {name} "
tab_normal "#[fg=#6C7086] {index} "
tab_active "#[fg=#9399B2,bold,italic] {index} "
tab_display_count "3" // limit to showing 3 tabs
tab_truncate_start_format "..."
tab_truncate_end_format "..."
//TODO: disable if we are not on ssh
datetime "#[fg=#6C7086,bold] {format}"
datetime_format "%H:%M:%S"
datetime_timezone "Asia/Singapore"
}
}
children
}
}
'';
}

51
homes/x86_64-linux/rafiq/cli/shell.nix
View file

@ -1,51 +0,0 @@
{ lib, pkgs, ... }:
let
inherit (builtins) toString;
inherit (lib) getExe mkOrder;
inherit (lib.strings) concatStrings;
screensaverTimeout = toString 100;
screensaverCommand = "${getExe pkgs.cbonsai} -S -w 0.1 -L 40 -M 2 -b 2";
in
{
home.shell.enableShellIntegration = true;
home.sessionVariables.SHELL = "fish";
programs.fish.enable = true;
programs.starship = {
enable = true;
settings = {
add_newline = false;
format = concatStrings [
# First Line
## Left Prompt
"$hostname$directory"
"$fill"
## Right Prompt
"$all"
# Second Line
## Left Prompt
"$character"
];
git_branch.format = "[$symbol$branch(:$remote_branch)]($style) ";
shlvl.disabled = false;
username.disabled = true;
fill.symbol = " ";
};
};
# figure out for fish
programs.zsh.initContent =
mkOrder 1200
# zsh
''
precmd() {
TMOUT=${screensaverTimeout}
}
TRAPALRM() {
TMOUT=1
${screensaverCommand}
# If we exit, assume the previous command was exited out of
TMOUT=${screensaverTimeout}
zle reset-prompt
}
'';
}

25
homes/x86_64-linux/rafiq/cli/utilities/git.nix
View file

@ -1,25 +0,0 @@
{
home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
home.shellAliases = {
gs = "git status";
gc = "git commit";
gcam = "git commit -am";
gu = "git push";
gy = "git pull";
gdh = "git diff HEAD";
};
programs.git = {
enable = true;
userName = "Mohammad Rafiq";
userEmail = "rafiq@rrv.sh";
signing.key = "~/.ssh/id_ed25519.pub";
signing.signByDefault = true;
extraConfig = {
init.defaultBranch = "prime";
push.autoSetupRemote = true;
pull.rebase = false;
core.editor = "$EDITOR";
gpg.format = "ssh";
};
};
}

19
homes/x86_64-linux/rafiq/cli/utilities/zk.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
persistDirs = [ "notebook" ];
programs.zk = {
enable = true;
settings.notebook.dir = "~/notebook";
};
home.packages = [
(pkgs.writeShellScriptBin "note" # bash
''
zk edit -i
pushd ~/notebook > /dev/null
git add .
commit -u
popd > /dev/null
''
)
];
}

15
homes/x86_64-linux/rafiq/default.nix
View file

@ -1,15 +0,0 @@
{
inputs,
osConfig,
lib,
...
}:
let
inherit (lib) singleton optional;
inherit (inputs) import-tree;
in
{
imports =
(optional osConfig.desktop.enable (import-tree ./desktop))
++ singleton (import-tree ./cli);
}

46
homes/x86_64-linux/rafiq/desktop/browser.nix
View file

@ -1,46 +0,0 @@
{
lib,
inputs,
pkgs,
...
}:
let
inherit (builtins) map listToAttrs;
inherit (lib.lists) findFirstIndex;
inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons;
profiles = listToAttrs (
map (name: {
inherit name;
# If there are duplicate profile names, findFirstIndex will cause issues.
value = profileCfg (findFirstIndex (x: x == name) null syncedProfiles);
}) syncedProfiles
);
syncedProfiles = [
"rafiq"
"test"
];
profileCfg = id: {
inherit id;
settings."extensions.autoDisableScopes" = 0; # Auto enable extensions
#TODO: add default seach unduck and add rest of extensions
extensions = {
force = true;
packages = with firefox-addons; [
darkreader
gesturefy
sponsorblock
ublock-origin
];
};
};
in
{
home.sessionVariables.BROWSER = "firefox";
persistDirs = [ ".mozilla/firefox" ];
programs.firefox = {
enable = true;
inherit profiles;
};
stylix.targets.firefox.colorTheme.enable = true;
stylix.targets.firefox.profileNames = syncedProfiles;
}

19
homes/x86_64-linux/rafiq/desktop/default.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
persistDirs = [
"docs"
"repos"
"vids"
"tmp"
".cache/Smart Code ltd/Stremio"
".local/share/Smart Code ltd/Stremio"
];
programs = {
obs-studio.enable = true;
vesktop.enable = true;
thunderbird.enable = true;
thunderbird.profiles.rafiq.isDefault = true;
};
home.packages = with pkgs; [ stremio ];
stylix.image = ./wallpaper.png;
}

3
homes/x86_64-linux/rafiq/desktop/launcher.nix
View file

@ -1,3 +0,0 @@
{
home.sessionVariables.LAUNCHER = "fuzzel";
}

29
homes/x86_64-linux/rafiq/desktop/lockscreen.nix
View file

@ -1,29 +0,0 @@
let
styling = {
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
in
{
home.sessionVariables.LOCKSCREEN = "hyprlock";
programs.hyprlock.settings = {
general.hide_cursor = true;
general.ignore_empty_input = true;
background.blur_passes = 5;
background.blur_size = 5;
label = {
text = ''hi, $USER.'';
font_size = 32;
position = "0, 0";
}// styling;
input-field = {
placeholder_text = "";
fade_on_empty = true;
size = "200, 45";
position = "0, -5%";
} // styling;
};
}

200
homes/x86_64-linux/rafiq/desktop/media-player.nix
View file

@ -1,200 +0,0 @@
{
xdg.configFile."vlc/vlcrc".text = ''
[visual] # Visualizer filter
[glspectrum] # 3D OpenGL spectrum visualization
[wall] # Wall video filter
[panoramix] # Panoramix: wall with overlap video filter
[clone] # Clone video filter
[yuv] # YUV video output
[xdg_shell] # XDG shell surface
[xcb_xv] # XVideo output (XCB)
[xcb_x11] # X11 video output (XCB)
[xcb_window] # X11 video window (XCB)
[wl_shell] # Wayland shell surface
[vmem] # Video memory output
[vdummy] # Dummy video output
[gl] # OpenGL video output
[flaschen] # Flaschen-Taschen video output
[fb] # GNU/Linux framebuffer video output
[transform] # Video transformation filter
[sharpen] # Sharpen video filter
[sepia] # Sepia video filter
[scene] # Scene video filter
[rotate] # Rotate video filter
[puzzle] # Puzzle interactive game video filter
[postproc] # Video post processing filter
[posterize] # Posterize video filter
[motionblur] # Motion blur filter
[mirror] # Mirror video filter
[hqdn3d] # High Quality 3D Denoiser filter
[grain] # Grain video filter
[gradient] # Gradient video filter
[gradfun] # Gradfun video filter
[gaussianblur] # Gaussian blur video filter
[fps] # FPS conversion video filter
[extract] # Extract RGB component video filter
[erase] # Erase video filter
[deinterlace] # Deinterlacing video filter
[croppadd] # Video cropping filter
[colorthres] # Color threshold filter
[canvas] # Canvas video filter
[bluescreen] # Bluescreen video filter
[blendbench] # Blending benchmark filter
[ball] # Ball video filter
[antiflicker] # antiflicker video filter
[anaglyph] # Convert 3D picture to anaglyph image video filter
[alphamask] # Alpha mask video filter
[adjust] # Image properties filter
[swscale] # Video scaling filter
[vaapi_filters] # Video Accelerated API filters
[svg] # svg
[freetype] # Freetype2 font renderer
[stream_out_transcode] # Transcode stream output
[stats] # Writes statistic info about stream
[stream_out_standard] # Standard stream output
[smem] # Stream output to memory buffer
[setid] # Change the id of an elementary stream
[stream_out_rtp] # RTP stream output
[record] # Record stream output
[mosaic_bridge] # Mosaic bridge stream output
[es] # Elementary stream output
[display] # Display stream output
[delay] # Delay a stream
[stream_out_chromecast] # Chromecast stream output
[bridge] # Bridge stream output
[prefetch] # Stream prefetch filter
[subsdelay] # Subtitle delay
[rss] # RSS and Atom feed display
[remoteosd] # Remote-OSD over VNC
[mosaic] # Mosaic video sub source
[marq] # Marquee display
[logo] # Logo sub source
[dynamicoverlay] # Dynamic video overlay
[audiobargraph_v] # Audio Bar Graph Video sub source
[upnp] # Universal Plug'n'Play
[sap] # Network streams (SAP)
[podcast] # Podcasts
[mpegvideo] # MPEG-I/II video packetizer
[mux_ts] # TS muxer (libdvbpsi)
[ps] # PS muxer
[mux_ogg] # Ogg/OGM muxer
[mp4] # MP4/MOV muxer
[avi] # AVI muxer
[asf] # ASF muxer
[rtsp] # Legacy RTSP VoD server
[logger] # File logging
[gnutls] # GNU TLS transport layer security
[audioscrobbler] # Submission of played songs to last.fm
[folder] # Folder meta data
[lua] # Lua interpreter
[syslog] # System logger (syslog)
[file] # File logger
[console] # Console logger
[file] # Secrets are stored on a file without any encryption
[skins2] # Skinnable Interface
[qt] # Qt interface
qt-privacy-ask=0
[ncurses] # Ncurses interface
[vc1] # VC1 video demuxer
[ts] # MPEG Transport Stream demuxer
[subtitle] # Text subtitle parser
[rawvid] # Raw video demuxer
[rawdv] # DV (Digital Video) demuxer
[rawaud] # Raw audio demuxer
[ps] # MPEG-PS demuxer
[playlist] # Playlist
[mp4] # MP4 stream demuxer
[mod] # MOD demuxer (libmodplug)
[mkv] # Matroska stream demuxer
[mjpeg] # M-JPEG camera demuxer
[image] # Image demuxer
[h26x] # H264 video demuxer
[es] # MPEG-I/II/4 / A52 / DTS / MLP audio
[diracsys] # Dirac video demuxer
[demuxdump] # File dumper
[avi] # AVI demuxer
[avformat] # Avformat demuxer
[adaptive] # Unified adaptive streaming for DASH/HLS
[oldrc] # Remote control interface
[netsync] # Network synchronization
[motion] # motion control interface
[gestures] # Mouse gestures control interface
[vorbis] # Vorbis audio decoder
[ttml] # TTML subtitles decoder
[theora] # Theora video decoder
[telx] # Teletext subtitles decoder
[svgdec] # SVG video decoder
[svcdsub] # Philips OGT (SVCD subtitle) decoder
[subsusf] # USF subtitles decoder
[subsdec] # Text subtitle decoder
[spudec] # DVD subtitles decoder
[speex] # Speex audio decoder
[schroedinger] # Dirac video decoder using libschroedinger
[libass] # Subtitle renderers using libass
[kate] # Kate overlay decoder
[jpeg] # JPEG image decoder
[fluidsynth] # FluidSynth MIDI synthesizer
[dvbsub] # DVB subtitles decoder
[ddummy] # Dummy decoder
[cc] # Closed Captions decoder
[avcodec] # FFmpeg audio/video decoder
[a52] # ATSC A/52 (AC-3) audio decoder
[amem] # Audio memory output
[alsa] # ALSA audio output
[afile] # File audio output
[stereo_widen] # Simple stereo widening effect
[speex_resampler] # Speex resampler
[spatializer] # Audio Spatializer
[spatialaudio] # Ambisonics renderer and binauralizer
[scaletempo] # Audio tempo scaler synched with rate
[scaletempo_pitch] # Pitch Shifter
[samplerate] # Secret Rabbit Code (libsamplerate) resampler
[remap] # Audio channel remapper
[param_eq] # Parametric Equalizer
[normvol] # Volume normalizer
[mono] # Stereo to mono downmixer
[headphone] # Headphone virtual spatialization effect
[gain] # Gain control filter
[equalizer] # Equalizer with 10 bands
[compressor] # Dynamic range compressor
[chorus_flanger] # Sound Delay
[audiobargraph_a] # Audio part of the BarGraph function
[udp] # UDP stream output
[access_output_srt] # SRT stream output
[access_output_rist] # RIST stream output
[access_output_livehttp] # HTTP Live streaming output
[http] # HTTP stream output
[file] # File stream output
[xcb_screen] # Screen capture (with X11/XCB)
[vdr] # VDR recordings
[v4l2] # Video4Linux input
[udp] # UDP input
[timecode] # Time code subpicture elementary stream generator
[smb] # SMB input
[shm] # Shared memory framebuffer
[sftp] # SFTP input
[satip] # SAT>IP Receiver Plugin
[rtp] # Real-Time Protocol (RTP) input
[rist] # RIST input
[live555] # RTP/RTSP/SDP demuxer (using Live555)
[linsys_hdsdi] # HD-SDI Input
[libbluray] # Blu-ray Disc support (libbluray)
[access] # HTTPS input
[http] # HTTP input
[ftp] # FTP input
[filesystem] # File input
[dvdread] # DVDRead Input (no menu support)
[dvdnav] # DVDnav Input
[dvb] # DVB input with v4l2 support
[dtv] # Digital Television and Radio
[cdda] # Audio CD input
[avio] # libavformat AVIO access
[access_srt] # SRT input
[access_mms] # Microsoft Media Server (MMS) input
[imem] # Memory input
[concat] # Concatenated inputs
[access_alsa] # ALSA audio capture
[core] # core program
metadata-network-access=1
'';
}

5
homes/x86_64-linux/rafiq/desktop/notification-daemon.nix
View file

@ -1,5 +0,0 @@
{
home.sessionVariables.NOTIFICATION_DAEMON = "mako";
services.mako.enable = true;
services.mako.settings.default-timeout = 10000;
}

53
homes/x86_64-linux/rafiq/desktop/status-bar.nix
View file

@ -1,53 +0,0 @@
{ pkgs, ... }:
{
home.sessionVariables.STATUS_BAR = "waybar";
stylix.targets.waybar.addCss = false;
programs.waybar = {
enable = true;
settings = [
{
#TODO: review the rest of the modules to see what else can be added
layer = "top";
modules-left = [
"pulseaudio"
];
modules-right = [
"battery"
"clock"
];
"pulseaudio" = {
format = "{icon} {volume}%";
format-muted = "";
format-icons.default = [
""
""
];
on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
};
"clock" = {
interval = 1;
format = "{:%F %T}";
};
"battery" = {
interval = 1;
bat-compatibility = true;
};
}
];
style = # css
''
window#waybar {
background-color: rgba(0, 0, 0, 0);
}
#pulseaudio,
#battery,
#clock {
padding-top: 5px;
padding-bottom: 5px;
padding-right: 5px;
color: #ffffff;
}
'';
};
}

9
homes/x86_64-linux/rafiq/desktop/terminal.nix
View file

@ -1,9 +0,0 @@
{
home.sessionVariables.TERMINAL = "ghostty";
programs.ghostty = {
enable = true;
settings = {
confirm-close-surface = false;
};
};
}

BIN
homes/x86_64-linux/rafiq/desktop/wallpaper.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.5 MiB

14
homes/x86_64-linux/rafiq/desktop/window-manager/_hyprland/decoration.nix
View file

@ -1,14 +0,0 @@
{
animation = [ "workspaces, 1, 1, default" ];
general = {
border_size = 2;
gaps_in = 0;
gaps_out = 0;
resize_on_border = true;
};
decoration = {
rounding = 10;
rounding_power = 2;
inactive_opacity = 0.9;
};
}

56
homes/x86_64-linux/rafiq/desktop/window-manager/_hyprland/keybinds.nix
View file

@ -1,56 +0,0 @@
{ pkgs, ... }:
{
"$hypr" = "CTRL_SUPER_ALT_SHIFT";
"$meh" = "CONTROL_SHIFT_ALT";
bind = [
"$hypr, Q, exec, uwsm stop"
"SUPER, W, killactive"
"SUPER, return, exec, uwsm app -- $TERMINAL"
"SUPER, O, exec, uwsm app -- $BROWSER"
"SUPER, Escape, exec, uwsm app -- $LOCKSCREEN"
#TODO:add file browser
#TODO: make it directional
"SUPER, H, cyclenext, visible"
"SUPER, L, cyclenext, visible prev"
"SUPER_ALT, H, movewindow, l"
"SUPER_ALT, J, movewindow, d"
"SUPER_ALT, K, movewindow, u"
"SUPER_ALT, L, movewindow, r"
"ALT_SHIFT, H, resizeactive, -10% 0"
"ALT_SHIFT, J, resizeactive, 0 -10%"
"ALT_SHIFT, K, resizeactive, 0 10%"
"ALT_SHIFT, L, resizeactive, 10% 0"
"SUPER_CTRL, H, workspace, r-1"
"SUPER_CTRL, L, workspace, r+1"
"$hypr, H, movetoworkspace, r-1"
"$hypr, L, movetoworkspace, r+1"
"$hypr, V, togglefloating"
];
bindr = [
# Activates on SUPER without any other modifier
"SUPER, Super_L, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")"
];
bindle = [
"SUPER, 6, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-"
"SUPER, 7, exec, ${pkgs.playerctl}/bin/playerctl previous"
"SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl -a play-pause"
"SUPER, 9, exec, ${pkgs.playerctl}/bin/playerctl next"
"SUPER, 0, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+"
"ALT, mouse_up, resizeactive, 10% 10%"
"ALT, mouse_down, resizeactive, -10% -10%"
];
bindm = [
"ALT, mouse:272, movewindow"
"ALT, mouse:273, resizeactive"
];
bindc = [
"ALT, mouse:272, togglefloating"
];
}

21
homes/x86_64-linux/rafiq/desktop/window-manager/default.nix
View file

@ -1,21 +0,0 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkMerge;
in
{
wayland.windowManager.hyprland.settings = mkMerge [
(import ./_hyprland/decoration.nix)
(import ./_hyprland/keybinds.nix { inherit pkgs; })
{
ecosystem.no_update_news = true;
xwayland.force_zero_scaling = true;
monitor = [ ", preferred, auto, 1" ];
exec-once = [
"uwsm app -- $LOCKSCREEN"
"uwsm app -- $NOTIFICATION_DAEMON"
"uwsm app -- $STATUS_BAR"
];
}
];
# TODO: add gamescope here or in nixos desktop module
}

108
hostSpec.nix
View file

@ -1,108 +0,0 @@
{
users.rafiq = {
primary = true;
email = "rafiq@rrv.sh";
alternate-emails = [
"mohammadrafiq@rrv.sh" # Work
"googaabumtum@gmail.com" # Old Personal
"mohammadrafiq567@gmail.com" # Old Work
];
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n";
};
# Services will use this to find where their configuration
# should point to and the providers will set up the needed
# configuration for each service.
providers = {
reverse-proxy = {
type = "nginx";
host = "apollo";
};
mongodb.host = "helios";
};
# This will define all the hosts exposed by the flake and designate the
# modules and services, along with defining the hardware configuration
# for each host.
# <name> of each attr set will resolve to the host's hostname.
# Hosts can reach each other through their hostname (using Tailscale)
hosts.nemesis = {
machine = {
localIP = "10.10.0.11"; # Set up a static IP
platform = "amd"; # Set up CPU microcode etc
gpu = "nvidia"; # Set up nvidia drivers etc
# Partitioning and formatting config using disko
boot-drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
};
# Profiles will define configuration, such as graphical
# setting up window managers and web browsers
profiles = [
"graphical"
"desktop" # might be a no-op?
];
services = [
{
type = "stable-diffusion";
public = false; # false by default
port = 7860;
}
];
# extraCfg will be added directly to the system's config
extraCfg = {
programs.steam.enable = true;
};
};
hosts.apollo = {
machine = {
localIP = "10.10.0.102";
platform = "intel";
boot-drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
};
profiles = [
"server" # no-op as servers shouldnt have extra config but might change
];
services = [
{
type = "librechat"; # Picks up the mongodb and nginx automatically
public = true;
port = 1234;
domain = "chat.bwfiq.com";
}
];
};
hosts.helios = {
machine = {
localIP = "10.10.0.101";
platform = "intel";
boot-drive = "nvme-eui.6479a784aad00284";
};
profiles = [ "server" ];
# Sets up network shares of the configured type under a folder
# e.g. /shares/{rafiqmedia, tv-shows}
# These are then consumed on other hosts under /mnt/{hostname}/{rafiqmedia,tv-shows}
shares = [
{
folder = "rafiqmedia";
type = [
"nfs"
"smb"
];
}
];
};
hosts.iris = {
machine = {
localIP = "10.10.0.12";
platform = "apple-silicon";
boot-drive = "";
};
profiles = [
"graphical"
"macbook" # asahi linux config etc - may not be needed
"laptop" # primarily power management
];
};
}

57
lib/default.nix
View file

@ -1,57 +0,0 @@
{ lib, ... }:
let
inherit (lib) mkOption singleton;
inherit (lib.types)
int
str
port
path
attrs
;
inherit (lib.strings) splitString;
inherit (builtins) length concatStringsSep tail;
in
rec {
# Helpers
splitDomain = domain: splitString "." domain;
shortenList =
count: list:
let
len = length list;
in
if len <= count then list else (shortenList count (tail list));
# Modules
mkAttrOption = mkOption {
type = attrs;
default = { };
};
mkIntOption =
default:
mkOption {
type = int;
inherit default;
};
mkStrOption = mkOption {
type = str;
default = "";
};
mkPortOption =
default:
mkOption {
type = port;
inherit default;
};
mkPathOption =
default:
mkOption {
type = path;
inherit default;
};
# Domains
isRootDomain = domain: length (splitDomain domain) <= 2;
mkRootDomain = domain: concatStringsSep "." (shortenList 2 (splitDomain domain));
mkWildcardDomain = rootDomain: concatStringsSep "." ((singleton "*") ++ (splitDomain rootDomain));
mkHost = domain: if isRootDomain domain then domain else mkWildcardDomain (mkRootDomain domain);
}

66
lib/modules/default.nix
View file

@ -1,66 +0,0 @@
{ lib, ... }:
let
inherit (builtins) toString;
inherit (lib)
mkMerge
mkEnableOption
singleton
mkIf
;
inherit (lib.pantheon)
mkAttrOption
mkRootDomain
mkPortOption
mkStrOption
;
networkingConfig =
{
config,
cfg,
name,
}:
mkIf (cfg.domain != "") {
assertions = singleton {
assertion = config.server.web-servers.nginx.enable;
message = "You must enable a web server if you want to set server.web-apps.${name}.domain.";
};
server.networking.ddns.domains = singleton (mkRootDomain cfg.domain);
server.web-servers.nginx.proxies = singleton {
source = cfg.domain;
target = "http://${config.hostname}:${toString cfg.port}";
};
};
in
{
modules.mkWebApp =
{
config,
name,
defaultPort,
persistDirs ? [ ],
#TODO: specify required secrets
extraOptions ? { },
extraConfig ? { },
}:
let
cfg = config.server.web-apps.${name};
in
{
options.server.web-apps.${name} = {
enable = mkEnableOption "";
port = mkPortOption defaultPort;
domain = mkStrOption;
openFirewall = mkEnableOption "";
extraCfg = mkAttrOption;
} // extraOptions;
config = mkIf cfg.enable (mkMerge [
{
inherit persistDirs;
networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; };
}
(networkingConfig { inherit config cfg name; })
extraConfig
]);
};
}

38
modules/home/default.nix
View file

@ -1,38 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) mkOption;
inherit (lib.types) listOf str;
in
{
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
options.persistDirs = mkOption {
type = listOf str;
default = [ ];
};
config = {
# Helper options
home.persistence."/persist/home/${config.home.username}" = {
directories = config.persistDirs;
allowOther = true;
};
# Global options
persistDirs = [
# For system activation
".ssh"
".config/sops/age"
];
programs.ssh.enable = true;
# To set colors properly when on ssh
programs.ssh.extraConfig = ''
Host *
SetEnv TERM=xterm-256color
'';
home.stateVersion = "24.11";
};
}

112
modules/nixos/default.nix
View file

@ -1,112 +0,0 @@
{
inputs,
lib,
config,
...
}:
let
inherit (lib) mkOption singleton;
inherit (lib.types)
listOf
str
coercedTo
submodule
shellPackage
;
inherit (lib.pantheon) mkStrOption;
inherit (lib.snowfall.fs) get-file;
rootDir = submodule {
options = {
directory = mkOption { type = str; };
user = mkOption {
type = str;
default = "root";
};
group = mkOption {
type = str;
default = "root";
};
mode = mkOption {
type = str;
default = "0755";
};
};
};
in
{
imports = [
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
];
options = {
hostname = mkStrOption;
mainUser = {
name = mkStrOption;
publicKey = mkStrOption;
email = mkStrOption;
shell = mkOption {
type = shellPackage;
};
};
persistDirs = mkOption {
type = listOf (coercedTo str (d: { directory = d; }) rootDir);
default = [ ];
};
};
config = {
# Helper options
environment.persistence."/persist".directories = config.persistDirs;
# Global options
persistDirs = [
"/var/lib/systemd"
"/var/lib/nixos"
];
stylix.enable = true;
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
nix.settings.trusted-users = [ "@wheel" ];
system.stateVersion = "25.05";
time.timeZone = "Asia/Singapore";
i18n.defaultLocale = "en_US.UTF-8";
users = {
# Don't allow imperative configuration
mutableUsers = false;
users.root.openssh.authorizedKeys.keys = [ config.mainUser.publicKey ];
groups.users = {
gid = 100;
members = [ "${config.mainUser.name}" ];
};
users."${config.mainUser.name}" = {
inherit (config.mainUser) shell;
uid = 1000;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets."${config.mainUser.name}/hashedPassword".path;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.mainUser.publicKey ];
};
};
security.sudo.wheelNeedsPassword = false;
sops = {
defaultSopsFile = get-file "secrets/secrets.yaml";
age.sshKeyPaths = [ "/persist/home/${config.mainUser.name}/.ssh/id_ed25519" ];
secrets = {
"keys/openrouter" = { };
"keys/gemini" = { };
"keys/cloudflare" = { };
"keys/telegram_bot" = { };
"rafiq/hashedPassword".neededForUsers = true;
"rafiq/personalEmailPassword" = { };
"rafiq/workEmailPassword" = { };
};
};
environment.shellInit = # sh
''
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
'';
};
}

6
modules/nixos/desktop/audio/default.nix
View file

@ -1,6 +0,0 @@
{
services.pipewire = {
enable = true;
pulse.enable = true;
};
}

20
modules/nixos/desktop/browser/tor-browser/default.nix
View file

@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf singleton;
cfg = config.desktop.browser.tor-browser;
in
{
options.desktop.browser.tor-browser.enable = mkEnableOption "";
config = mkIf cfg.enable {
home-manager.sharedModules = singleton {
persistDirs = singleton ".tor project";
home.packages = singleton pkgs.tor-browser;
};
};
}

37
modules/nixos/desktop/default.nix
View file

@ -1,37 +0,0 @@
{
lib,
config,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
singleton
optional
;
inherit (lib.pantheon) mkStrOption;
inherit (pkgs) font-awesome wl-clipboard-rs;
cfg = config.desktop;
in
{
options.desktop = {
enable = mkEnableOption "";
enableWaylandUtilities = mkEnableOption "";
mainMonitor = {
id = mkStrOption;
scale = mkStrOption;
resolution = mkStrOption;
refresh-rate = mkStrOption;
};
};
config = mkIf cfg.enable {
fonts.packages = singleton font-awesome;
services.getty.autologinUser = config.mainUser.name;
home-manager.sharedModules = optional cfg.enableWaylandUtilities {
home.packages = [ wl-clipboard-rs ];
};
};
}

37
modules/nixos/desktop/gaming/default.nix
View file

@ -1,37 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
mkMerge
singleton
;
cfg = config.desktop.gaming;
in
{
options.desktop.gaming = {
steam.enable = mkEnableOption "";
prism-launcher.enable = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.steam.enable {
programs.steam = {
enable = true;
gamescopeSession.enable = true;
};
home-manager.sharedModules = singleton { persistDirs = singleton ".local/share/Steam"; };
})
(mkIf cfg.prism-launcher.enable {
home-manager.sharedModules = singleton {
home.packages = singleton pkgs.prismlauncher;
persistDirs = singleton ".local/share/PrismLauncher";
};
})
];
}

16
modules/nixos/desktop/launcher/default.nix
View file

@ -1,16 +0,0 @@
{ lib, config, ... }:
let
inherit (lib) singleton mkEnableOption;
cfg = config.desktop.launcher;
in
{
options.desktop.launcher = {
fuzzel.enable = mkEnableOption "";
wofi.enable = mkEnableOption "";
};
config.home-manager.sharedModules = singleton {
programs.fuzzel.enable = cfg.fuzzel.enable;
programs.wofi.enable = cfg.wofi.enable;
};
}

22
modules/nixos/desktop/lockscreen/default.nix
View file

@ -1,22 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkMerge
singleton
;
cfg = config.desktop.lockscreen;
in
{
options.desktop.lockscreen = {
hyprlock.enable = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.hyprlock.enable {
security.pam.services.hyprlock = { };
home-manager.sharedModules = singleton { programs.hyprlock.enable = true; };
})
];
}

18
modules/nixos/desktop/media-player/default.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption optional singleton;
inherit (pkgs) vlc;
cfg = config.desktop.media-player;
in
{
options.desktop.media-player = {
vlc.enable = mkEnableOption "";
};
config.home-manager.sharedModules = optional cfg.vlc.enable { home.packages = singleton vlc; };
}

30
modules/nixos/desktop/services/default.nix
View file

@ -1,30 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkMerge
singleton
mkEnableOption
mkIf
;
cfg = config.desktop.services;
in
{
options.desktop.services = {
spotifyd.enable = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.spotifyd.enable {
networking.firewall.allowedTCPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [ 5353 ];
home-manager.sharedModules = singleton {
services.spotifyd.enable = true;
services.spotifyd.settings.global = {
device_name = "${config.hostname}";
device_type = "computer";
zeroconf_port = 5353;
};
};
})
];
}

24
modules/nixos/desktop/services/sunshine/default.nix
View file

@ -1,24 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) singleton mkIf mkEnableOption;
cfg = config.desktop.services.sunshine;
in
{
options.desktop.services.sunshine = {
enable = mkEnableOption "";
};
config = mkIf cfg.enable {
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
settings = {
sunshine_name = config.hostname;
origin_pin_allowed = "wan";
origin_web_ui_allowed = "wan";
};
applications = { };
};
home-manager.sharedModules = singleton { persistDirs = singleton ".config/sunshine"; };
};
}

55
modules/nixos/desktop/window-manager/hyprland/default.nix
View file

@ -1,55 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf singleton;
inherit (config.desktop) mainMonitor;
cfg = config.desktop.window-manager.hyprland;
in
{
options.desktop.window-manager.hyprland.enable = mkEnableOption "";
config = mkIf cfg.enable {
# Enable custom module for wayland utilities (clipboard etc.)
desktop.enableWaylandUtilities = true;
# Start Hyprland at boot only if not connecting through SSH
environment.loginShellInit = # sh
''
if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then
if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop
fi
fi
'';
environment.variables = {
# Get Electron apps to use Wayland
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NIXOS_OZONE_WL = "1";
};
programs.hyprland = {
enable = true;
# Use UWSM to have each process controlled by systemd init
withUWSM = true;
};
home-manager.sharedModules = singleton {
wayland.windowManager.hyprland = {
enable = true;
# This is needed for UWSM
systemd.enable = false;
# Null the packages since we use them system wide
package = null;
portalPackage = null;
settings.monitor = [ "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" ];
};
xdg.configFile."uwsm/env".text = # sh
''
# Force apps to scale right with Wayland
export GDK_SCALE=${mainMonitor.scale}
export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
'';
xdg.configFile."uwsm/env-hyprland".text = # sh
''
export GDK_SCALE=${mainMonitor.scale}
export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
'';
};
};
}

30
modules/nixos/machine/bootloader/default.nix
View file

@ -1,30 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib.pantheon) mkIntOption mkStrOption;
cfg = config.machine.bootloader;
in
{
options.machine.bootloader = {
type = mkStrOption;
configurationLimit = mkIntOption 5;
};
config.boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
enable = cfg.type == "systemd-boot";
inherit (cfg) configurationLimit;
};
};
}

19
modules/nixos/machine/default.nix
View file

@ -1,19 +0,0 @@
{ lib, modulesPath, ... }:
let
inherit (lib) singleton;
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
services.fwupd.enable = true;
persistDirs = singleton "/var/lib/bluetooth";
hardware.bluetooth = {
enable = true;
settings.General.Experimental = true;
};
hardware.xone.enable = true;
};
}

116
modules/nixos/machine/drives/btrfs/default.nix
View file

@ -1,116 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
inherit (lib.pantheon) mkStrOption;
cfg = config.machine.drives.btrfs;
ephemeralRootCfg = {
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
#FIXME: below should be in module or something
environment.persistence."/persist" = {
hideMounts = true;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/machine-id"
];
};
};
in
{
imports = [
inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence
];
options.machine.drives.btrfs = {
enable = mkEnableOption "";
drive = mkStrOption;
ephemeralRoot = mkEnableOption "";
};
config = mkIf cfg.enable (
{
boot.initrd.kernelModules = [ "dm-snapshot" ];
disko.devices.disk.main = {
device = cfg.drive;
type = "disk";
content.type = "gpt";
content.partitions = {
boot.name = "boot";
boot.size = "1M";
boot.type = "EF02";
esp.name = "ESP";
esp.size = "500M";
esp.type = "EF00";
esp.content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
swap.size = "4G";
swap.content = {
type = "swap";
resumeDevice = true;
};
root.name = "root";
root.size = "100%";
root.content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
disko.devices.lvm_vg.root_vg = {
type = "lvm_vg";
lvs.root.size = "100%FREE";
lvs.root.content.type = "btrfs";
lvs.root.content.extraArgs = [ "-f" ];
lvs.root.content.subvolumes = {
"/root".mountpoint = "/";
"/persist".mountpoint = "/persist";
"/persist".mountOptions = [
"subvol=persist"
"noatime"
];
"/nix".mountpoint = "/nix";
"/nix".mountOptions = [
"subvol=nix"
"noatime"
];
};
};
}
// ephemeralRootCfg
);
}

41
modules/nixos/machine/gpu/default.nix
View file

@ -1,41 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkMerge
mkIf
mkEnableOption
singleton
;
cfg = config.machine.gpu;
in
{
options.machine.gpu = {
nvidia.enable = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.nvidia.enable {
hardware = {
graphics.enable = true;
graphics.extraPackages = singleton pkgs.nvidia-vaapi-driver;
nvidia.open = true;
nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
};
services.xserver.videoDrivers = [ "nvidia" ];
nixpkgs.config.allowUnfree = true;
environment.variables = {
LIBVA_DRIVER_NAME = "nvidia";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
NVD_BACKEND = "direct";
};
nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ];
nix.settings.trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
})
];
}

21
modules/nixos/machine/platform/default.nix
View file

@ -1,21 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) singleton mkOption;
inherit (lib.types) enum;
cfg = config.machine.platform;
in
{
options.machine.platform = {
type = mkOption {
type = enum [
"amd"
"intel"
];
};
};
config = {
hardware.cpu.${cfg.type}.updateMicrocode = true;
boot.kernelModules = singleton "kvm-${cfg.type}";
};
}

45
modules/nixos/machine/usb/default.nix
View file

@ -1,45 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
mkMerge
singleton
;
cfg = config.machine.usb;
in
{
options.machine.usb = {
automount = mkEnableOption "";
enableQmk = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.automount {
services.udisks2.enable = true;
home-manager.sharedModules = singleton {
services.udiskie = {
enable = true;
automount = true;
notify = true;
};
};
})
(mkIf cfg.enableQmk {
hardware.keyboard.qmk.enable = true;
services.udev = {
packages = with pkgs; [
vial
qmk
qmk-udev-rules
qmk_hid
];
};
})
];
}

22
modules/nixos/machine/virtualisation/distrobox/default.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption singleton;
cfg = config.machine.virtualisation.distrobox;
in
{
options.machine.virtualisation.distrobox = {
enable = mkEnableOption "";
};
config = mkIf cfg.enable {
machine.virtualisation.podman.enable = true;
home-manager.sharedModules = singleton {
home.packages = singleton pkgs.distrobox;
# persistDirs = [ ".local/share/containers" ];
};
};
}

32
modules/nixos/machine/virtualisation/podman/default.nix
View file

@ -1,32 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.machine.virtualisation.podman;
in
{
options.machine.virtualisation.podman = {
enable = mkEnableOption "";
};
config = mkIf cfg.enable {
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
users.users."${config.mainUser.name}" = {
extraGroups = [ "podman" ];
# https://wiki.nixos.org/wiki/Distrobox
# subGidRanges = singleton {
# count = 65536;
# startGid = 1000;
# };
# subUidRanges = singleton {
# count = 65536;
# startUid = 1000;
# };
};
};
}

28
modules/nixos/networking/default.nix
View file

@ -1,28 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkDefault singleton;
in
{
sops.secrets = {
"tailscale/client-id".sopsFile = ./tailscale.yaml;
"tailscale/client-secret".sopsFile = ./tailscale.yaml;
};
networking = {
enableIPv6 = false;
useDHCP = mkDefault true;
hostName = config.hostname;
networkmanager.enable = true;
};
services.openssh = {
enable = true;
settings.PrintMotd = true;
};
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/client-secret".path;
authKeyParameters.preauthorized = true;
};
persistDirs = singleton "/var/lib/tailscale";
}

18
modules/nixos/networking/tailscale.yaml
View file

@ -1,18 +0,0 @@
tailscale:
client-id: ENC[AES256_GCM,data:kQ4H9b2h8DN+5eTvwIYHZ6s=,iv:/nC3LM0qDNj3wIm9XZd7UUn5SxmAOA1dofsDGElKjVU=,tag:AIj5F7KkORujLDe+ZOxJgw==,type:str]
client-secret: ENC[AES256_GCM,data:O0cKyuK+FfK2E1mzQpkgybPrqEs0fH1y3jCOG6usT++6x3sWuJNvT56OIHpVNu8GH/6BIBsnenC1J/sVNTYIzA==,iv:FugIzSjNpoe9Bwy+x/GHl0BpCtbogQXpY7s3ICevQc0=,tag:1kQIO4ekjKuvexQ923YE3g==,type:str]
sops:
age:
- recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbTNsZE5lN2JOT1Jsd2hz
OWpDWTFzTW05Nzl5K1AyMmgxcVV2eHlBRlF3Cnc3VW5IN014ck8zM3BIWnBMNFFt
UnE4aGhGNERUOTlwZEJyNWF1Q1o0RXcKLS0tIFlZSFFoaDlOMnBMSFVyT3FMbFZj
ckl5RVZiMnkzV0RFQXN1aHZKM2doMnMKD6BjRdqsHiKDth4aBiZ1lvlcO1OgY36O
cGkZjuH45L4a0Y0kvptq3iZ/iPnmX8hw8n/gdplzUkpBzdsNPebvSg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-01T21:11:39Z"
mac: ENC[AES256_GCM,data:YWgrMqqJgrGe+40a9CSDpAAgwPOeGXRFb58c6X6PxDHve3u5vQfHh+wkC0TFxadMsYcJTczRYf8YWuAwf7kFoO7ofYs+PfEi4ydKhl8WY9nXTsq+BFT4rDl/BaCfQw6qWD5/TKTtxm2pdtBNrG7bNeZJ8cVSOO/wsjoqrrbh3fk=,iv:8BXOX5O5apYLhZOWihagQBVldmsVoV+uEcejcO3cC0I=,tag:vansSul5Ebwooay48uYNZQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

84
modules/nixos/server/databases/default.nix
View file

@ -1,84 +0,0 @@
{
lib,
config,
pkgs,
...
}:
let
inherit (lib) singleton;
cfg = config.server.databases;
in
{
options.server.databases = {
mongodb = {
enable = lib.mkEnableOption "the MongoDB server";
port = lib.pantheon.mkPortOption 27017;
};
mysql = {
enable = lib.mkEnableOption "the MySQL server";
port = lib.pantheon.mkPortOption 3306;
};
postgresql = {
enable = lib.mkEnableOption "the postgresql server";
port = lib.pantheon.mkPortOption 5432;
};
};
config = lib.mkMerge [
(lib.mkIf cfg.postgresql.enable {
networking.firewall.allowedTCPPorts = lib.singleton cfg.postgresql.port;
persistDirs = singleton {
directory = builtins.toString config.services.postgresql.dataDir;
user = "postgres";
group = "postgres";
};
services.postgresql = {
enable = true;
enableTCPIP = true;
settings = { inherit (cfg.postgresql) port; };
authentication = lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
# ipv4
host all all 0.0.0.0/0 trust
'';
ensureDatabases = singleton "alphastory";
ensureUsers = singleton {
name = "alphastory";
ensureDBOwnership = true;
};
};
})
(lib.mkIf cfg.mongodb.enable {
networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ];
persistDirs = singleton {
directory = builtins.toString config.services.mongodb.dbpath;
user = "mongodb";
group = "mongodb";
};
services.mongodb = {
enable = true;
bind_ip = "0.0.0.0";
extraConfig = ''
net.port: ${builtins.toString cfg.mongodb.port}
'';
};
})
(lib.mkIf cfg.mysql.enable {
networking.firewall.allowedTCPPorts = [ cfg.mysql.port ];
persistDirs = singleton {
directory = builtins.toString config.services.mysql.dataDir;
user = "mysql";
group = "mysql";
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings.mysqld = {
inherit (cfg.mysql) port;
};
};
})
];
}

43
modules/nixos/server/default.nix
View file

@ -1,43 +0,0 @@
{ lib, config, ... }:
{
options.server.mountHelios = lib.mkEnableOption "";
config = lib.mkIf config.server.mountHelios {
sops.secrets."rafiq/oldSMBCredentials" = { };
sops.templates."smb-credentials".content = ''
username=rafiq
password=${config.sops.placeholder."rafiq/oldSMBCredentials"}
'';
fileSystems = {
"/media/helios/data" = {
device = "//helios/data";
fsType = "cifs";
options = [
"x-systemd.automount"
"x-systemd.requires=tailscaled.service"
"x-systemd.mount-timeout=0"
];
};
"/media/helios/rafiqcloud" = {
device = "//helios/rafiqcloud";
fsType = "cifs";
options = [
"x-systemd.automount"
"x-systemd.requires=tailscaled.service"
"x-systemd.mount-timeout=0"
"credentials=${config.sops.templates."smb-credentials".path}"
];
};
"/media/helios/rafiqmedia" = {
device = "//helios/rafiqmedia";
fsType = "cifs";
options = [
"x-systemd.automount"
"x-systemd.requires=tailscaled.service"
"x-systemd.mount-timeout=0"
"credentials=${config.sops.templates."smb-credentials".path}"
];
};
};
};
}

62
modules/nixos/server/networking/ddns/default.nix
View file

@ -1,62 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption;
inherit (lib.types) enum str listOf;
inherit (lib.lists) unique;
inherit (builtins) map;
cfg = config.server.networking.ddns;
mkDomain = domain_name: {
inherit domain_name;
sub_domains = [
"@"
"*"
];
};
# Sanitize the list of domains with unique so we can add to it with every service.
mkDomains = map mkDomain (unique cfg.domains);
in
{
options.server.networking.ddns = {
enable = mkEnableOption "";
type = mkOption {
type = enum [ "godns" ];
default = "godns";
};
domains = mkOption {
type = listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
services.godns = {
enable = if (cfg.type == "godns") then true else false;
loadCredential = [
"cf_token:${config.sops.secrets."keys/cloudflare".path}"
"telegram_bot_token:${config.sops.secrets."keys/telegram_bot".path}"
];
settings = {
provider = "Cloudflare";
login_token_file = "$CREDENTIALS_DIRECTORY/cf_token";
domains = mkDomains;
resolver = "1.1.1.1";
ip_urls = [
"https://wtfismyip.com/text"
"https://api.ipify.org"
"https://myip.biturl.top"
"https://api-ipv4.ip.sb/ip"
];
ip_type = "IPv4";
interval = 300;
notify = {
telegram = {
enabled = true;
bot_api_key_file = "$CREDENTIALS_DIRECTORY/telegram_bot_token";
chat_id = "384288005";
message_template = "Domain *{{ .Domain }} has been updated to %0A{{ .CurrentIP }}";
};
};
};
};
};
}

34
modules/nixos/server/web-apps/comfy-ui/default.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) singleton;
inherit (lib.pantheon.modules) mkWebApp;
upstreamCfg = config.services.comfyUi;
in
mkWebApp {
inherit config;
name = "comfy-ui";
defaultPort = 8188;
persistDirs = singleton {
directory = upstreamCfg.dataDir;
inherit (upstreamCfg) user group;
mode = "777";
};
extraConfig = {
assertions = singleton {
assertion = config.machine.gpu.nvidia.enable;
message = "You must run the comfy-ui service only with an nvidia gpu.";
};
services.comfyUi = {
enable = true;
listenHost = "0.0.0.0";
};
};
}
// {
imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ];
}

41
modules/nixos/server/web-apps/forgejo/default.nix
View file

@ -1,41 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) singleton optional;
inherit (lib.pantheon) mkPortOption;
inherit (lib.pantheon.modules) mkWebApp;
cfg = config.server.web-apps.forgejo;
upstreamCfg = config.services.forgejo;
in
mkWebApp {
inherit config;
name = "forgejo";
defaultPort = 3000;
persistDirs = singleton {
directory = upstreamCfg.stateDir;
inherit (upstreamCfg) user group;
};
extraOptions = {
sshPort = mkPortOption 2222;
};
extraConfig = {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort;
services.forgejo = {
enable = true;
settings = {
server = {
DOMAIN = cfg.domain;
ROOT_URL = "https://${cfg.domain}/";
HTTP_PORT = cfg.port;
START_SSH_SERVER = true;
SSH_PORT = cfg.sshPort;
};
repository = {
USE_COMPAT_SSH_URI = false;
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
"repository.signing".FORMAT = "ssh";
};
};
};
}

17
modules/nixos/server/web-apps/glance/default.nix
View file

@ -1,17 +0,0 @@
{ lib, config, ... }:
let
inherit (lib.pantheon.modules) mkWebApp;
cfg = config.server.web-apps.glance;
in
mkWebApp {
inherit config;
name = "glance";
defaultPort = 8080;
extraConfig = {
services.glance = {
enable = true;
settings.server.host = "0.0.0.0";
settings.server.port = cfg.port;
};
};
}

80
modules/nixos/server/web-apps/librechat/default.nix
View file

@ -1,80 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) singleton;
inherit (lib.pantheon) mkStrOption;
inherit (lib.pantheon.modules) mkWebApp;
cfg = config.server.web-apps.librechat;
upstreamCfg = config.services.librechat;
in
mkWebApp {
inherit config;
name = "librechat";
defaultPort = 3080;
persistDirs = singleton {
directory = upstreamCfg.dataDir;
inherit (upstreamCfg) user group;
};
extraOptions.mongodbURI = mkStrOption // {
default = "mongodb://${config.hostname}:27017/LibreChat";
};
extraConfig = {
sops.secrets = {
"librechat/creds_key" = { };
"librechat/creds_iv" = { };
"librechat/jwt_secret" = { };
"librechat/jwt_refresh_secret" = { };
};
services.librechat = {
enable = true;
openFirewall = true;
inherit (cfg) port;
env = {
HOST = "0.0.0.0";
ALLOW_REGISTRATION = "true";
NO_INDEX = "true";
MONGO_URI = cfg.mongodbURI;
DOMAIN_CLIENT = cfg.domain;
DOMAIN_SERVER = cfg.domain;
ENDPOINTS = "anthropic,agents,google";
};
credentials = {
CREDS_KEY = config.sops.secrets."librechat/creds_key".path;
CREDS_IV = config.sops.secrets."librechat/creds_iv".path;
JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path;
JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path;
OPENROUTER_KEY = config.sops.secrets."keys/openrouter".path;
GOOGLE_KEY = config.sops.secrets."keys/gemini".path;
};
settings = {
version = "1.1.4";
cache = true;
endpoints.custom = [
{
name = "OpenRouter";
apiKey = "\${OPENROUTER_KEY}";
baseURL = "https://openrouter.ai/api/v1";
models.default = [ "meta-llama/llama-3-70b-instruct" ];
models.fetch = true;
titleConvo = true;
titleModel = "current_model";
modelDisplayLabel = "OpenRouter";
}
];
interface = {
privacyPolicy = {
externalUrl = "https://librechat.ai/privacy-policy";
openNewTab = true;
};
};
};
};
};
}
// {
imports = singleton "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix";
}

24
modules/nixos/server/web-apps/rrv-sh/default.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib.pantheon.modules) mkWebApp;
cfg = config.server.web-apps.rrv-sh;
in
mkWebApp {
inherit config;
name = "rrv-sh";
defaultPort = 2309;
extraConfig = {
services.rrv-sh = {
enable = true;
inherit (cfg) port;
};
};
}
// {
imports = [ inputs.rrv-sh.nixosModules.default ];
}

34
modules/nixos/server/web-apps/sd-webui-forge/default.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) singleton;
inherit (lib.pantheon.modules) mkWebApp;
upstreamCfg = config.services.sd-webui-forge;
in
mkWebApp {
inherit config;
name = "sd-webui-forge";
defaultPort = 7860;
persistDirs = singleton {
directory = upstreamCfg.dataDir;
inherit (upstreamCfg) user group;
};
extraConfig = {
assertions = singleton {
assertion = config.machine.gpu.nvidia.enable;
message = "You must run the sd-webui-forge service only with an nvidia gpu.";
};
services.sd-webui-forge = {
enable = true;
listen = true;
extraArgs = "--cuda-malloc";
};
};
}
// {
imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ];
}

34
modules/nixos/server/web-servers/default.nix
View file

@ -1,34 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkMerge
mkIf
mkEnableOption
singleton
;
cfg = config.server.web-servers;
in
{
options.server.web-servers = {
enableSSL = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.enableSSL {
security.acme = {
acceptTerms = true;
defaults = {
inherit (config.mainUser) email;
dnsProvider = "cloudflare";
credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
};
certs = {
"rrv.sh".extraDomainNames = singleton "*.rrv.sh";
"bwfiq.com".extraDomainNames = singleton "*.bwfiq.com";
"slayment.com".extraDomainNames = singleton "*.slayment.com";
"aenyrathia.wiki".extraDomainNames = singleton "*.aenyrathia.wiki";
};
};
})
];
}

119
modules/nixos/server/web-servers/nginx/default.nix
View file

@ -1,119 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkMerge
mkOption
mkEnableOption
mkIf
singleton
;
inherit (lib.types) listOf submodule attrs;
inherit (lib.pantheon) mkStrOption mkPathOption mkRootDomain;
inherit (builtins) listToAttrs map;
cfg = config.server.web-servers.nginx;
sslCheck = good: bad: if config.server.web-servers.enableSSL then good else bad;
defaultSink = mkIf cfg.enableDefaultSink {
"_" = {
default = true;
rejectSSL = sslCheck true false;
locations."/" = {
return = "444";
};
};
};
pages = listToAttrs (
map (page: {
name = page.domain;
value = {
addSSL = sslCheck true false;
useACMEHost = sslCheck (mkRootDomain page.domain) null;
acmeRoot = null; # needed for DNS validation
locations = {
"/" = {
inherit (page) root;
} // page.extraConfig;
} // page.locations;
};
}) cfg.pages
);
proxyPasses = listToAttrs (
map (proxy: {
name = proxy.source;
value = {
addSSL = sslCheck true false;
useACMEHost = sslCheck (mkRootDomain proxy.source) null;
acmeRoot = null; # needed for DNS validation
locations = {
"/" = {
proxyPass = proxy.target;
} // proxy.extraConfig;
} // proxy.locations;
};
}) cfg.proxies
);
in
{
options.server.web-servers.nginx = {
enable = mkEnableOption "the Nginx server";
openFirewall = mkEnableOption "" // {
default = true;
};
enableDefaultSink = mkEnableOption "" // {
default = true;
};
pages = mkOption {
default = [ ];
type = listOf (submodule {
options = {
domain = mkStrOption;
root = mkPathOption "";
extraConfig = lib.mkOption {
type = attrs;
default = { };
};
locations = lib.mkOption {
type = attrs;
default = { };
};
};
});
};
proxies = mkOption {
default = [ ];
type = listOf (submodule {
options = {
source = mkStrOption;
target = mkStrOption;
extraConfig = lib.mkOption {
type = attrs;
default = { };
};
locations = lib.mkOption {
type = attrs;
default = { };
};
};
});
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [
443
80
];
users.users.nginx.extraGroups = singleton "acme";
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = mkMerge [
defaultSink
proxyPasses
pages
];
};
};
}

71
packages/commit/default.nix
View file

@ -1,71 +0,0 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "commit" # bash
''
if git diff-index --quiet HEAD --; then exit 0; fi
PROMPT="Please generate a commit message for this diff."
GUIDELINES="1. Use conventional commit syntax, following the context. 2. Cap the commit message at 80 characters, preferably less. You must not go beyond this limit. 3. Do not include backticks. Only generate the raw text. 4. Be as succint as possible. Each commit should be atomic. You may throw a warning if it is not."
NUM_ANCESTORS=0
PUSH=false
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--num-ancestors | -n)
NUM_ANCESTORS="$2"
shift 2
;;
--push | -u)
PUSH=true
shift
;;
*)
echo "Unrecognised argument: $1. Exiting..."
exit 1
;;
esac
done
# Get context and diff
CONTEXT=$(git --no-pager log -n 10)
DIFF=$(git --no-pager diff HEAD~$NUM_ANCESTORS)
# Generate initial response
RESPONSE=$(aichat "$PROMPT\nGuidelines: $GUIDELINES\nContext from git log:\n$CONTEXT\nDiff from git diff HEAD:\n$DIFF")
while true; do
echo "$RESPONSE"
echo
echo "Choose an action:"
read -p "Options: [y]es, [r]eroll, [e]dit, [q]uit? " -n 1 -r choice
echo
case "$choice" in
y | yes)
git commit -am "$RESPONSE"
echo "Committed successfully."
if $PUSH; then
git push
echo "Pushed successfully."
fi
exit 0
;;
r | reroll)
RESPONSE=$(aichat "$PROMPT\nGuidelines: $GUIDELINES\nContext from git log:\n$CONTEXT\nDiff from git diff HEAD:\n$DIFF")
;;
e | edit)
echo "$RESPONSE" > /tmp/commit_msg.txt
"$EDITOR" /tmp/commit_msg.txt
RESPONSE=$(cat /tmp/commit_msg.txt)
rm /tmp/commit_msg.txt
;;
q | quit | "")
echo "Aborted."
exit 1
;;
*)
echo "Invalid choice. Please choose again."
;;
esac
done
''

123
packages/deploy/default.nix
View file

@ -1,123 +0,0 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "deploy" # sh
''
while [[ $# -gt 0 ]]; do
case "$1" in
--user)
USER="$2"
shift 2
;;
--ip)
IP="$2"
shift 2
;;
--hostname)
HOSTNAME="$2"
shift 2
;;
*)
echo "Error: Unknown parameter: $1"
exit 1
;;
esac
done
# Check if required arguments are provided
if [[ -z "$USER" || -z "$IP" || -z "$HOSTNAME" ]]; then
echo "Usage: $0 --user <user> --ip <ip_address> --hostname <hostname> [--wait-timeout <seconds>]"
exit 1
fi
# --- Helper Functions ---
wait_for_ping() {
local ip="$1"
echo "Waiting for ping to $ip..."
while true; do
if ping -c 1 -W 1 "$ip"; then
echo "Ping successful."
return 0
fi
sleep 2
done
}
wait_for_ssh() {
local ip="$1"
echo "Waiting for SSH to $ip..."
while true; do
ssh-keygen -R "$ip" || true # Suppress error if key doesn't exist
if ssh -o StrictHostKeyChecking=no root@"$ip" exit; then
echo "SSH connection successful."
return 0
fi
sleep 2
done
}
retry_rebuild() {
local ip="$1"
echo "Attempting rebuild..."
while true; do
if nixos-rebuild switch --flake . --target-host root@"$ip"; then
echo "Rebuild successful."
return 0
fi
sleep 2
done
}
test_connection() {
local ip="$1"
# Wait for the server to come back up after the reboot. Ping first.
if ! wait_for_ping $ip; then
echo "Error: Server did not respond to ping after reboot."
exit 1
fi
# Wait for SSH access after reboot
if ! wait_for_ssh $ip; then
echo "Error: SSH access not available after reboot."
exit 1
fi
}
# --- Deployment Steps ---
test_connection "$IP"
# Copy SSH key to remote server
ssh-copy-id -o StrictHostKeyChecking=no root@"$IP" || { echo "Error: Failed to copy SSH key."; exit 1; }
# Deploy NixOS configuration using nixos-anywhere
nix run github:nix-community/nixos-anywhere -- \
-i ~/.ssh/id_ed25519 --ssh-option StrictHostKeyChecking=no \
--flake .#"$HOSTNAME" --target-host root@"$IP" || { echo "Error: nixos-anywhere failed."; exit 1; }
test_connection "$IP"
# Create SSH directory on the remote server (if not already present)
ssh root@"$IP" -o StrictHostKeyChecking=no mkdir -p "/persist/home/$USER/.ssh" || { echo "Error: Failed to create SSH directory."; exit 1; }
# Set owner of the user's home directory
ssh root@"$IP" -o StrictHostKeyChecking=no chown -R "$USER:users" "/persist/home/$USER" || { echo "Error: Failed to set ownership."; exit 1; }
# Copy SSH keys to the remote server
scp -r ~/.ssh root@"$IP":/persist/home/"$USER" || { echo "Error: Failed to copy SSH keys."; exit 1; }
#TODO: remove device from tailscale
# Build and switch the configuration
retry_rebuild "$IP"
# Reboot the system
ssh root@"$IP" -o StrictHostKeyChecking=no systemctl reboot || { echo "Error: Failed to reboot."; exit 1; }
test_connection "$IP"
test_connection "$HOSTNAME"
echo "Deployment complete. System should be ready."
''

12
packages/edit/default.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
let
finder = "${pkgs.fzf}/bin/fzf --preview 'cat {}'";
in
pkgs.writeShellScriptBin "edit" # sh
''
if [ $# -gt 0 ]; then
$EDITOR $(${finder} -q $*)
else
$EDITOR $(${finder})
fi
''

148
packages/rebuild/default.nix
View file

@ -1,148 +0,0 @@
{ pkgs, lib, ... }:
let
inherit (lib) getExe;
in
pkgs.writeShellScriptBin "rebuild" # sh
''
QUICK=false
NO_GENERATION_CHECK=false
TEST_SHELL=false
REMOTE_HOSTS=()
REBUILDING_ALL=false
# ANSI color codes
GREEN='\033[0;32m'
ORANGE='\033[0;33m'
RED='\033[0;31m'
NC='\033[0m'
info() {
timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo -e "''${GREEN}''${timestamp} INFO: $1''${NC}"
}
warn() {
timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo -e "''${ORANGE}''${timestamp} WARN: $1''${NC}"
}
err() {
timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo -e "''${RED}''${timestamp} ERROR: $1''${NC}"
}
prompt() {
local PROMPT="$1"
shift
read -p "$PROMPT? (y/n) [n]: " -n 1 -r REPLY
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]; then
"$*"
else
info "$PROMPT aborted."
fi
}
spawn_test_shell() {
info "Spawning test shell on $1..."
(export PS1="Test shell> "
exec ${pkgs.bash}/bin/bash ssh "$1") || {
${pkgs.cowsay}/bin/cowsay "You aborted."
exit 1
}
}
rebuild_remote() {
local args=(".#nixosConfigurations.$1" "--target-host" "$1")
local CURRENT_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2)
if "$TEST_SHELL"; then
info "Testing $1..."
${getExe pkgs.nh} os test "''${args[@]}" || exit 1
git diff HEAD --color=always --stat --patch
spawn_test_shell "$1"
info "Rebuilding $1..."
${getExe pkgs.nh} os boot "''${args[@]}" || exit 1
else
info "Rebuilding $1 on $HOSTNAME..."
${getExe pkgs.nh} os switch "''${args[@]}" || exit 1
fi
if ! "$NO_GENERATION_CHECK"; then
local NEW_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2)
info "$1 - New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION."
if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then
warn "New config was not added to bootloader."
fi
fi
}
info "Starting rebuild script."
if [ ! -f "flake.nix" ]; then
err "flake.nix not found in the current directory. Exiting."
exit 1 # Indicate an error
fi
while [[ $# -gt 0 ]]; do
case "$1" in
--quick | -q)
QUICK=true
shift
;;
--no-generation-check | -n)
NO_GENERATION_CHECK=true
shift
;;
--test-shell | -t)
TEST_SHELL=true
shift
;;
--all | -a)
reachable_hosts=()
hostnames=$(nix flake show --all-systems --json | , jq -r '.nixosConfigurations | keys | .[]')
for host in ''${hostnames[@]}; do
info "Checking if $host is reachable..."
if ping -c 1 -W 1 "$host" > /dev/null 2>&1 ; then
info "$host is reachable."
reachable_hosts+=("$host")
else
warn "$host is unreachable."
fi
done
REMOTE_HOSTS=(''${reachable_hosts[@]})
REBUILDING_ALL=true
shift
;;
*)
if [ !REBUILDING_ALL ]; then
if ping -c 1 -W 1 "$1" > /dev/null 2>&1 ; then
REMOTE_HOSTS+=("$1")
else
err "$1 is unreachable. Exiting."
exit 1
fi
fi
shift
;;
esac
done
if [ ''${#REMOTE_HOSTS[@]} == 0 ]; then
info "No hostnames provided."
REMOTE_HOSTS=("$HOSTNAME")
fi
git add .
for host in "''${REMOTE_HOSTS[@]}"; do
rebuild_remote $host
done
if ! "$QUICK"; then
prompt "Commit changes" commit
prompt "Reboot system" sudo systemctl reboot
fi
info "Rebuild script completed successfully."
exit 0
''

30
secrets/secrets.yaml
View file

@ -1,30 +0,0 @@
rafiq:
hashedPassword: ENC[AES256_GCM,data:SzzSPg5Ze4H+fVl6ZvAULO9FDfRehusmP6uldT4Ok2/9ZeOp9r4LgjKajoiw2A1DWD1zQ1GQwMCHKpeZjCC4rBUNWW5DMcBUJA==,iv:KktKuqr0JNhjeJIlIgkoAv6mP2dQlfQrXiIOASLPkbw=,tag:g9LarkT6EjDrH+dXSjMwPg==,type:str]
personalEmailPassword: ENC[AES256_GCM,data:TGJtDO++QcWqU1AbLe4=,iv:RjLRmq7fdbVRbv0M8ZQHyCK5l95JW3TRjN5w9Ci92zs=,tag:JibrH863smajCXESwhAR4g==,type:str]
workEmailPassword: ENC[AES256_GCM,data:++Gm9dIhmqEQz3+Ej9c=,iv:dAvyyLZvsHcjudU4gdU0iyWYDjjhe49UC2swHh++ldc=,tag:6o1DyJk5WOFO/Hfr0uMKSw==,type:str]
oldSMBCredentials: ENC[AES256_GCM,data:aY41trUJcvGa584H0A==,iv:3h9AZ33HXWT4D/vGMyy/o+TXyGg75Ixcj3+h2EskvIQ=,tag:dDo55h1ljOYLZBHn9bK7ew==,type:str]
keys:
openrouter: ENC[AES256_GCM,data:Uddc0leKVD2xxpvDpsTJV3qZ4oe89Uz6dJMuzF/TeI5iIrG+DNIAYPcnIQiA6LDScO9mag8XNiYpYH7lyMnUg1cvThChiVhO+A==,iv:RHSrL/L74dSvLKAvGwyMME53RzKr2+RDnI8xBpDJVng=,tag:d81mr26SeStmAa8UgEF/LA==,type:str]
gemini: ENC[AES256_GCM,data:t4XTzJLMbHBG7LNaWMwO0YyYHREYOp4Zn95Kwshunnpwq9ezVv+0,iv:ZHq1ytak7Qy5a/zHghwEIWRinDWAkk2Vxw4iu/Q/UPk=,tag:Wyk0FqLTOWelznWHg/anxg==,type:str]
cloudflare: ENC[AES256_GCM,data:nrtHnQR0Oon9BrSN0AeAjl8H8B7quuwSu/Qjabe9HFpWgcZq9n1JCA==,iv:ovyHqy5iKXDYXe4H7eRA51+kODhP+vAWoc98cS/6zG0=,tag:JyktO6EMRZ00CRhTb03+fg==,type:str]
telegram_bot: ENC[AES256_GCM,data:qGJx1Bph94oU2USjZL4h2NqV5ueCiYIvEbx84Xg687F5//MItLAS58MZdUPSuQ==,iv:WmldN5Je4miamLXCK6Cv17TTGmaBq/lde2czsEgNBi4=,tag:aU27eDE5PbYAniKEXk+MRA==,type:str]
librechat:
creds_key: ENC[AES256_GCM,data:/fzPgZiDnyWZalJUBFpFQ2/anxvbX3XLp18n+x1xfzOMisq52ISB5VJOzi9xaNRNruQEoh/lva9gDbIgNyzduA==,iv:xGgufMc/tPOLCKEb2MnEkxmf0FPpENGW1FcCm15CW6k=,tag:9aR+DndXkCg1sboxTFuygQ==,type:str]
creds_iv: ENC[AES256_GCM,data:fbBD9RsuEHwDETwiYtAS9kBxgTy6zubrxHWpcuoEsR0=,iv:uZcwIfDPPn4XUf8IZkI29VH9CiKvEOlWuUaWgSjl1Kc=,tag:qbgiQU7bWSFjoGEwoptCpg==,type:str]
jwt_secret: ENC[AES256_GCM,data:ZhDNIXrCaRWWfrlPxpBfnmeUluW0z72KGpQv9mGyf1kCCnfx3V2lPMm6QS6biajC+4oPVfgwqcXc4Lvs8OqU9g==,iv:1Ecj8fh+M5kw8cmVD96U6QgE7fNy9cbQV9v2Q305puc=,tag:U1ZglGWdTH1TGfcIIORMHQ==,type:str]
jwt_refresh_secret: ENC[AES256_GCM,data:/4X6h51oRRaOg7UZ/zUcS1L8QyFnhsTYrz8D6R3ZP/tFAEMO/IfYJHHQQ8UtgKjAEwIVYcpIco8lUDhm06folw==,iv:02/LgoiMZ6MzBSd+JAi+iuF3dzqsVyqX6gQfWPY8sIc=,tag:5VrCh7ZKNJD3ynjcyQpVyg==,type:str]
sops:
age:
- recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUDN6TFlTVHdlWCsrWkFn
R1g5UjVLVk1NQzJRRE9NbDZlRVVJUjVvbmlnCk93NFhSRS9vbDUzNVd6Q3RuTEtZ
cFZvY0JML2tDSUZIbkcyVWVWWVFMY0UKLS0tIDlCbmxhUThUaHRGNkgySEp2QTB1
WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY
M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-01T21:34:46Z"
mac: ENC[AES256_GCM,data:NvJ6lCb80dsVMH4T4f4ZPO0b4JI44LfMvdanVaWtXDpi6FHJsF4OY8dftIyTBjacaLzdrVoT+JFfP3BrAnuEaZrCrfE1E+IRF4x/9NG4c4Cw++Jxgs7z7d01iYEjWJoVVPCLVnV32LGIq6nQltx2GFEVAsvV5zukJ/aJjvcIpQA=,iv:FWGaIdok23jgxMUs3d5ddK2iyJoOBliwv/yJDxmKLE0=,tag:FfLYymjZEJtW4cfFNhlNFg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

62
systems/x86_64-linux/apollo/default.nix
View file

@ -1,62 +0,0 @@
{
lib,
pkgs,
inputs,
...
}:
{
imports = lib.singleton ../common.nix;
hostname = "apollo";
machine = {
platform.type = "intel";
bootloader.type = "systemd-boot";
drives.btrfs = {
enable = true;
drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
ephemeralRoot = true;
};
};
server = {
networking.ddns = {
enable = true;
domains = [
"aenyrathia.wiki"
"slayment.com"
];
};
databases = {
mongodb.enable = true;
mysql.enable = true;
postgresql.enable = true;
};
web-apps = {
librechat.enable = true;
librechat.domain = "chat.bwfiq.com";
forgejo.enable = true;
forgejo.domain = "git.rrv.sh";
forgejo.openFirewall = true;
glance.enable = true;
glance.domain = "glance.bwfiq.com";
rrv-sh.enable = true;
rrv-sh.domain = "rrv.sh";
};
web-servers = {
enableSSL = true;
nginx = {
enable = true;
proxies = [
{
source = "aenyrathia.wiki";
target = "http://helios:5896";
}
{
source = "il.bwfiq.com";
target = "http://helios:2283";
}
];
};
};
};
}

13
systems/x86_64-linux/common.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
mainUser = {
name = "rafiq";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n";
email = "rafiq@rrv.sh";
shell = pkgs.fish;
};
server.mountHelios = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/atelier-cave.yaml";
programs.fish.enable = true;
programs.nix-ld.enable = true;
}

14
systems/x86_64-linux/desktop.nix
View file

@ -1,14 +0,0 @@
{
desktop = {
enable = true;
lockscreen.hyprlock.enable = true;
launcher.fuzzel.enable = true;
media-player.vlc.enable = true;
window-manager.hyprland.enable = true;
};
machine.usb = {
automount = true;
enableQmk = true;
};
}

24
systems/x86_64-linux/mellinoe/default.nix
View file

@ -1,24 +0,0 @@
{
imports = [
../common.nix
../desktop.nix
];
hostname = "mellinoe";
machine = {
platform.type = "intel";
bootloader.type = "systemd-boot";
drives.btrfs = {
enable = true;
drive = "/dev/disk/by-id/nvme-KBG40ZPZ128G_TOSHIBA_MEMORY_Z0U103PCNCDL";
ephemeralRoot = true;
};
};
desktop.mainMonitor = {
id = "BOE 0x088B";
scale = "2";
resolution = "1920x1280";
refresh-rate = "60";
};
}

40
systems/x86_64-linux/nemesis/default.nix
View file

@ -1,40 +0,0 @@
{
imports = [
../common.nix
../desktop.nix
];
hostname = "nemesis";
machine = {
platform.type = "amd";
gpu.nvidia.enable = true;
bootloader.type = "systemd-boot";
drives.btrfs = {
enable = true;
drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
ephemeralRoot = true;
};
virtualisation.distrobox.enable = true;
};
desktop = {
browser.tor-browser.enable = true;
gaming = {
prism-launcher.enable = true;
steam.enable = true;
};
services = {
sunshine.enable = true;
spotifyd.enable = true;
};
mainMonitor = {
id = "desc:OOO AN-270W04K";
scale = "2";
resolution = "3840x2160";
refresh-rate = "60";
};
};
server.web-apps.sd-webui-forge.enable = true;
server.web-apps.comfy-ui.enable = true;
}