rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: rm all files for rebase

Browse source
This commit is contained in:
Mohammad Rafiq 2025-05-18 13:13:44 +08:00
parent fc8fcbe680
commit f60dfaa95e
79 changed files with 0 additions and 3770 deletions
Download patch file Download diff file Expand all files Collapse all files

30
.github/workflows/update-flake-lock.yml vendored
View file

@ -1,30 +0,0 @@
name: update-flake-lock
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
jobs:
lockfile:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@main
with:
pr-title: "Update flake inputs" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
git-author-name: 'github-actions[bot]'
git-author-email: 'github-actions[bot]@users.noreply.github.com'
git-committer-name: 'github-actions[bot]'
git-committer-email: 'github-actions[bot]@users.noreply.github.com'
pr-assignees: ${{ github.repository_owner }}
pr-reviewers: ${{ github.repository_owner }}

90
README.md
View file

@ -1,90 +0,0 @@
> This is fucking brilliant. Nobody needs this, nobody has a real use for this
> and this definitely does not attract girls. Still, I'll try this and probably
> love it. -Tim Goeree
# As Yet Unreproducible
- [x] ~~User passwords~~ -> _Managed with sops-nix_
- [ ] Spotify login
- [ ] Firefox login
# Adding Secrets with sops-nix
Secrets are stored in configs/secrets/secrets.yaml. You can edit these secrets
with `sops secrets.yaml` given you have an age private key stored at
`~/.config/sops/age/keys.txt`.
To decrypt these secrets with sops-nix during a rebuild, you must add your host
public key to the `.sops.yaml` file. Generate it with
`cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age`, add it to the file, then
run `sops updatekeys secrets.yaml`.
# Provisioning A New Machine
On the target system, boot into the NixOS installer and run:
```bash
# Create a password for the nixos user for SSH access.
passwd
# Start wpa_supplicant and connect to a wifi network.
sudo systemctl start wpa_supplicant
wpa_cli
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "password"
> enable_network 0
> quit
# Get the IP address of the target system.
ip addr
```
On the host machine, run the following command to build the new system
configuration and copy it over SSH along with the sops age key and ssh keys.
```bash
# WARNING: You must use the IP address of the machine.
# The hostname will not suffice as it will boot into a NixOS installer through kexec.
deploy --flake .#<hostname> --target-host <username>@<ip_address>
```
Complete the setup by running the following on the target system once it is
booted into the new install.
```bash
# On the target machine:
sudo rm /etc/ssh/ssh_host_*
sudo ssh-keygen -A
cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
# On the host machine:
# Add the host age public key to .sops.yaml
sops updatekeys secrets.yaml
```
# Hardening
> [!NOTE]
> Thanks to
> https://blog.notashelf.dev/posts/2025-03-03-insecurities-remedies-i.html for
> this section!
Systemd services where appropriate are hardened using
`systemd.services.<servicename>.serviceConfig`:
- Protected from modifying the system clock
- Protected from modifying kernel parameters, modules or logs
- Whitelists syscalls
- Restricts namespaces the service is allowed to use, or changing its user or
group
- Restricts realtime access
- Restricts setting memory as writable and executable
# Acknowledgements
- https://www.youtube.com/watch?v=CwfKlX3rA6E for piquing my interest in this OS
in the first place
- https://nixos-and-flakes.thiscute.world/ for teaching me about nix, nixos,
flakes, and home-manager in an extremely easy to follow and well-documented
fashion

128
configs/filesystems/impermanence.nix
View file

@ -1,128 +0,0 @@
{
inputs,
lib,
bootDisk,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence
];
# Disk Partitioning
disko.devices.disk.main = {
device = bootDisk;
type = "disk";
content.type = "gpt";
content.partitions = {
boot = {
name = "boot";
type = "EF02";
size = "1M";
priority = 1;
};
esp = {
name = "ESP";
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
# Logical Volume Set up
disko.devices.lvm_vg.root_vg = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root".mountpoint = "/";
"/persist".mountpoint = "/persist";
"/persist".mountOptions = [
"subvol=persist"
"noatime"
];
"/nix".mountpoint = "/nix";
"/nix".mountOptions = [
"subvol=nix"
"noatime"
];
};
};
};
};
# Back up old roots and delete older ones
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%M-%D_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
# Directories to persist between boots
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
# Hide the mounts from showing up in the file manager.
hideMounts = true;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/machine-id"
];
};
home-manager.users.rafiq = {
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
home.persistence."/persist/home/rafiq" = {
files = [
".config/sops/age/keys.txt"
".ssh/id_ed25519"
];
# Allows root and other users to access the bindfs files.
allowOther = true;
};
};
}

25
configs/graphical.nix
View file

@ -1,25 +0,0 @@
{ pkgs, inputs, ... }:
with pkgs;
{
imports = [
./programs/clipse.nix
./programs/dunst.nix
./programs/firefox.nix
./programs/fuzzel.nix
./programs/getty.nix
./programs/hyprlock.nix
./programs/hyprshade.nix
./programs/kitty.nix
./programs/waybar.nix
];
environment.systemPackages = [
wl-clipboard
];
home-manager.users.rafiq.home.packages = [
hyprpicker
inputs.hyprcloser.packages.${pkgs.stdenv.hostPlatform.system}.default
vlc
];
}

21
configs/programs/aichat.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
home-manager.users.rafiq = {
home.shellAliases = {
ai = "aichat -r %shell% -e";
};
home.packages = with pkgs; [
aichat
];
xdg.configFile."aichat/config.yaml" = {
text = ''
model: gemini:gemini-2.0-flash
clients:
- type: gemini
'';
};
};
}

9
configs/programs/clipse.nix
View file

@ -1,9 +0,0 @@
{
home-manager.users.rafiq = {
services.clipse = {
enable = true;
historySize = 1000;
imageDisplay.type = "kitty";
};
};
}

11
configs/programs/comma.nix
View file

@ -1,11 +0,0 @@
{ inputs, ... }:
{
home-manager.users.rafiq = {
imports = [
inputs.nix-index-database.hmModules.nix-index
];
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
};
}

12
configs/programs/direnv.nix
View file

@ -1,12 +0,0 @@
{
# direnv lets us declare a .envrc in each project directory
# and updates the shell with the packages specified.
home-manager.users.rafiq = {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
};
}

5
configs/programs/dunst.nix
View file

@ -1,5 +0,0 @@
{
home-manager.users.rafiq = {
services.dunst.enable = true;
};
}

23
configs/programs/editorconfig.nix
View file

@ -1,23 +0,0 @@
{
home-manager.users.rafiq = {
editorconfig = {
enable = true;
settings = {
"*" = {
end_of_line = "lf";
insert_final_newline = true;
trim_trailing_whitespace = true;
charset = "utf-8";
indent_style = "space";
indent_size = 2;
};
"package.json" = {
indent_style = "unset";
};
"*.lock" = {
indent_size = "unset";
};
};
};
};
}

7
configs/programs/firefox.nix
View file

@ -1,7 +0,0 @@
{
home-manager.users.rafiq = {
programs.firefox = {
enable = true;
};
};
}

15
configs/programs/fuzzel.nix
View file

@ -1,15 +0,0 @@
{
home-manager.users.rafiq = {
programs.fuzzel = {
enable = true;
settings = {
main = {
terminal = "kitty -1 -e";
layer = "top";
keyboard-focus = "on-demand";
list-executables-in-path = true;
};
};
};
};
}

5
configs/programs/getty.nix
View file

@ -1,5 +0,0 @@
{
services.getty = {
autologinUser = "rafiq";
};
}

29
configs/programs/git.nix
View file

@ -1,29 +0,0 @@
{
home-manager.users.rafiq = {
home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
home.shellAliases = {
g = "git";
gs = "git status";
gc = "git commit";
gcam = "git commit -am";
gu = "git push";
gy = "git pull";
};
programs.git = {
enable = true;
userName = "Mohammad Rafiq";
userEmail = "rafiq@rrv.sh";
# Thanks to https://blog.notashelf.dev/posts/2025-02-24-ssh-signing-commits.html!
signing.key = "~/.ssh/id_ed25519.pub";
signing.signByDefault = true;
extraConfig = {
init.defaultBranch = "prime";
push.autoSetupRemote = true;
pull.rebase = false;
core.editor = "nvim";
gpg.format = "ssh";
};
};
};
}

22
configs/programs/hyfetch.nix
View file

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
home-manager.users.rafiq = {
home.packages = [ pkgs.fastfetch ];
home.shellAliases.fetch = "hyfetch";
programs.hyfetch = {
enable = true;
settings = {
preset = "bisexual";
mode = "rgb";
light_dark = "dark";
lightness = 0.5;
color_align = {
mode = "horizontal";
custom_colors = [ ];
fore_back = null;
};
backend = "fastfetch";
};
};
};
}

62
configs/programs/hyprlock.nix
View file

@ -1,62 +0,0 @@
{
inputs,
hostname,
pkgs,
...
}:
let
cfg =
if hostname == "nemesis" then
{
mainMonitor = "HDMI-A-1";
}
else
{
mainMonitor = "";
};
in
{
security.pam.services.hyprlock = { };
home-manager.users.rafiq = {
programs.hyprlock = {
enable = true;
settings = {
general = {
hide_cursor = true;
ignore_empty_input = true;
};
background = {
blur_passes = 5;
blur_size = 5;
};
label = {
monitor = cfg.mainMonitor;
text = ''hi, $USER.'';
font_size = 32;
halign = "center";
valign = "center";
position = "0, 0";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
input-field = {
monitor = cfg.mainMonitor;
fade_on_empty = true;
size = "200, 45";
halign = "center";
valign = "center";
position = "0, -5%";
placeholder_text = "";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
};
};
};
}

20
configs/programs/hyprshade.nix
View file

@ -1,20 +0,0 @@
{ inputs, pkgs, ... }:
{
home-manager.users.rafiq = {
home.packages = [ pkgs.hyprshade ];
xdg.configFile."hypr/hyprshade.toml" = {
enable = true;
text = # toml
''
[[shades]]
name = "vibrance"
default = true # will be activated when no other shader is scheduled
'';
};
xdg.configFile."hypr/shaders" = {
enable = true;
recursive = true;
source = "${inputs.hyprshaders}/shaders";
};
};
}

16
configs/programs/kitty.nix
View file

@ -1,16 +0,0 @@
{
home-manager.users.rafiq = {
home.sessionVariables.TERMINAL = "kitty";
programs.kitty = {
enable = true;
keybindings = {
"ctrl+equal" = "change_font_size current +2.0";
"ctrl+minus" = "change_font_size current -2.0";
};
settings = {
window_padding_width = 10;
confirm_os_window_close = 0;
};
};
};
}

BIN
configs/programs/media/wallpaper.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.9 MiB

7
configs/programs/nh.nix
View file

@ -1,7 +0,0 @@
{
home-manager.users.rafiq = {
programs.nh = {
enable = true;
};
};
}

10
configs/programs/nvf.nix
View file

@ -1,10 +0,0 @@
{
home-manager.users.rafiq = {
imports = [
./nvf/input.nix
./nvf/languages.nix
./nvf/ui.nix
./nvf/utilities.nix
];
};
}

76
configs/programs/nvf/input.nix
View file

@ -1,76 +0,0 @@
{ lib, ... }:
{
programs.nvf.settings.vim = {
autopairs.nvim-autopairs.enable = true;
snippets.luasnip = {
enable = true;
loaders = # lua
''
require('luasnip.loaders.from_vscode').lazy_load()
require("luasnip.loaders.from_snipmate").lazy_load()
'';
setupOpts.enable_autosnippets = true;
};
additionalRuntimePaths = [ ./nvim ];
autocomplete = {
blink-cmp = {
enable = true;
friendly-snippets.enable = true;
setupOpts = {
enabled =
lib.generators.mkLuaInline
# lua
''
--- Disable completion for markdown
function()
return not vim.tbl_contains({"markdown"}, vim.bo.filetype)
and vim.bo.buftype ~= "prompt"
and vim.b.completion ~= false
end
'';
cmdline = {
enabled = true;
sources = null;
completion.menu.auto_show = false;
};
#completion.menu.auto_show =
# lib.generators.mkLuaInline
# # lua
# ''
# function(ctx)
# --- Get the cursor position from the current window
# local row, column = unpack(vim.api.nvim_win_get_cursor(0))
# --- Get the current row (1 is Neovim API giving us 1-based indexing)
# --- Get the current column but don't return negative numbers
# --- ignore_injections are to ignore embedded code
# --- success is the result, node is the syntax node object
# local success, node = pcall(vim.treesitter.get_node, {
# pos = {row - 1, math.max(0, column - 1)},
# ignore_injections = false
# })
# --- Types of nodes to ignore
# local reject = {"comment", "line_comment", "block_comment", "string_start", "string_content", "string_end" }
# --- If the node type is in the reject table, don't show the completion
# if success and node and vim.tbl_contains(reject, node:type()) then
# return false;
# end
# -- whatever other logic you want beyond this
# return true
# end
# '';
# menu.auto_show = false;
completion.documentation.auto_show_delay_ms = 0;
signature.enabled = true;
};
};
};
utility = {
motion = {
hop.enable = true; # <leader>h
precognition.enable = false;
};
yanky-nvim.enable = true;
};
};
}

36
configs/programs/nvf/languages.nix
View file

@ -1,36 +0,0 @@
{
programs.nvf.settings.vim = {
lsp.enable = true;
languages = {
# The below settings enable defaults for all languages
enableDAP = true;
enableExtraDiagnostics = true;
enableFormat = true;
enableTreesitter = true;
# Enable specific languages
clang.enable = true;
css.enable = true;
lua.enable = true;
markdown.enable = true;
markdown.extensions.render-markdown-nvim.enable = true;
nix.enable = true;
nix.format.type = "nixfmt";
python.enable = true;
python.lsp.server = "python-lsp-server";
rust.enable = true;
rust.crates.enable = true;
ts.enable = true;
# Did not really check these
bash.enable = true;
csharp.enable = true;
go.enable = true;
haskell.enable = true;
html.enable = true;
java.enable = true;
sql.enable = true;
yaml.enable = true;
};
};
}

34
configs/programs/nvf/nvim/snippets/nix.snippets
View file

@ -1,34 +0,0 @@
# comment
snippet option
lib.mkOption {
type = lib.types.$1;
default = $2;
example = "$3";
description = "$4";
};
snippet fn An empty function that takes an attribute set as a parameter.
{ $1 }:
{
$2
}
snippet module An empty module.
{ config, lib, ... }:
let
moduleName = "$2";
cfg = config.${${moduleName}};
in
{
imports = [];
options.${${moduleName}} = {
enable = lib.mkEnableOption "Enable ${${moduleName}}";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
$3
}
]);
}

52
configs/programs/nvf/ui.nix
View file

@ -1,52 +0,0 @@
{
programs.nvf.settings.vim = {
lsp = {
formatOnSave = true;
lightbulb.enable = true;
lspkind.enable = true;
otter-nvim.enable = true;
trouble.enable = true;
};
binds = {
cheatsheet.enable = true;
whichKey.enable = true;
};
debugger.nvim-dap = {
enable = true;
ui.enable = true;
};
notes.todo-comments.enable = true;
telescope.enable = true;
statusline.lualine.enable = true;
treesitter = {
enable = true;
autotagHtml = true;
fold = true;
};
notify.nvim-notify.enable = true;
visuals = {
fidget-nvim.enable = true;
indent-blankline.enable = true;
rainbow-delimiters.enable = true;
nvim-web-devicons.enable = true;
tiny-devicons-auto-colors.enable = true;
};
ui = {
borders.enable = true;
breadcrumbs.enable = true;
breadcrumbs.navbuddy.enable = true;
colorizer.enable = true;
noice.enable = true;
nvim-ufo.enable = true;
};
utility = {
ccc.enable = true;
images.image-nvim = {
enable = true;
setupOpts.backend = "kitty";
};
yazi-nvim.enable = true;
yazi-nvim.setupOpts.open_for_directories = true; # FIXME: does this work with neotree?
};
};
}

22
configs/programs/nvf/utilities.nix
View file

@ -1,22 +0,0 @@
{
programs.nvf.settings.vim = {
utility = {
direnv.enable = true;
nix-develop.enable = true;
leetcode-nvim = {
enable = true;
setupOpts = {
image_support = true; # requires image.nvim
lang = "rust";
};
};
mkdir.enable = true;
new-file-template = {
enable = true;
# add a directory containing lua/tempaltes/*.lua to vim.additionalRuntimePaths
# TODO: add for nix
};
};
session.nvim-session-manager.enable = true;
};
}

40
configs/programs/scripts/byebye.sh
View file

@ -1,40 +0,0 @@
# Set up the terminal to read input immediately, without waiting for Enter.
# This is done using the `stty` command.
# `stty` controls terminal settings.
# `-icanon` disables canonical mode. In canonical mode, the terminal buffers input until a newline is received. Disabling it makes input available immediately.
# `min 1` specifies that at least 1 character should be read.
# `time 0` specifies that the read should return immediately if a character is available.
stty -icanon min 1 time 0
# Prompt the user to enter 'y' or 'n' to confirm or cancel the poweroff.
# `echo -n` prints the prompt without a trailing newline, so the input will appear on the same line.
echo -n "Poweroff system? (y/n) [n]: "
# Read a single character from the input and store it in the 'answer' variable.
# `read -n 1 answer` reads only 1 character.
read -n 1 answer
# Print a newline character after the input has been read.
# This makes the output more readable, as the subsequent messages will appear on a new line.
echo
# Restore the terminal settings to their default values.
# This is important, as leaving the terminal in non-canonical mode can cause unexpected behavior.
# `stty icanon` re-enables canonical mode.
stty icanon
# Check the value of the 'answer' variable.
# `[[ ... ]]` is a more robust and feature-rich way to perform conditional tests than `[ ... ]`.
# `"y"` matches only the lowercase "y". If you want case-insensitive matching, consider using `[[ ${answer,,} == "y" ]]` (converts answer to lowercase).
if [[ "$answer" == "y" ]]; then
# If the user entered 'y', proceed with the poweroff.
echo "Powering off..."
# Execute the systemctl poweroff command with root privileges using sudo.
# `sudo` allows you to run commands as the superuser (root).
# `systemctl poweroff` sends the command to the systemd init system to shut down the machine.
sudo systemctl poweroff
else
# If the user entered anything other than 'y', cancel the poweroff.
echo "Poweroff cancelled."
fi

71
configs/programs/scripts/default.nix
View file

@ -1,71 +0,0 @@
{ pkgs, ... }:
{
home-manager.users.rafiq = {
home.packages = [
(pkgs.writers.writePython3Bin "git-extract" {
libraries = with pkgs.python3Packages; [
magic
chardet
];
} (builtins.readFile ./git-extract.py))
(pkgs.writeShellScriptBin "rebuild" # sh
''
rebuild_remote() {
git add .
hostname=$1
builder="nemesis"
if [[ "''${hostname}" == "''${builder}" ]]; then
nh os switch .
else
nixos-rebuild switch \
--flake .#"''${hostname}" \
--target-host "$(whoami)"@"''${hostname}" \
--build-host "''${builder}" \
--use-remote-sudo
fi
}
main() {
if [[ $# -gt 1 ]]; then
echo "Only one argument is allowed. Pass in a hostname or all."
exit 1
elif [[ $# -lt 1 ]]; then
rebuild_remote "$HOSTNAME"
exit 0
fi
case "$1" in
all)
# Create a list of hostnames to rebuild
hosts=("nemesis" "apollo")
# Use parallel to rebuild each host
, parallel rebuild ::: "''${hosts[@]}"
# Check the exit code of parallel
if [[ $? -ne 0 ]]; then
echo "One or more rebuilds failed."
exit 1
else
exit 0
fi
;;
*)
echo "=========================="
echo "=== Rebuilding $1 ==="
echo "=========================="
rebuild_remote "$1"
exit 0
;;
esac
}
main "$@"
''
)
(pkgs.writeShellScriptBin "byebye" (builtins.readFile ./byebye.sh))
(pkgs.writeShellScriptBin "deploy" (builtins.readFile ./deploy.sh))
];
};
}

81
configs/programs/scripts/deploy.sh
View file

@ -1,81 +0,0 @@
# Set default values
flake="" # Default flake attribute if none is provided
target_host="" # Default target host
# Process command-line arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--flake)
flake="$2"
shift # past argument
shift # past value
;;
--target-host)
target_host="$2"
shift # past argument
shift # past value
;;
*)
echo "Unknown option: $1" >&2
exit 1
;;
esac
done
# Prepare temporary directory and copy necessary files
root=$(mktemp -d)
# Files should be copied to the persist directory
# because that's where impermanence looks for them in.
mkdir -p "${root}"/persist
root_persist=${root}/persist
sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* "${root_persist}"
sudo cp --verbose --archive --parents /home/rafiq/.ssh/id_ed25519 "${root_persist}"
sudo cp --verbose --archive --parents /home/rafiq/.config/sops/age/keys.txt "${root_persist}"
# Run nixos-anywhere
# Copy over the necesary files to the persist directory.
sudo nix run github:nix-community/nixos-anywhere -- \
--flake "${flake}" \
--target-host "${target_host}" \
--copy-host-keys \
--extra-files "${root}" \
--chown /persist/home/rafiq 1000:100 \
--chown /home/rafiq 1000:100
# Clean up the temporary directory
sudo rm -rf "$root"
# Wait for SSH to be back up
MAX_TRIES=60 # Maximum attempts
SLEEP_SECONDS=5 # Time to wait between attempts
tries=0
while true; do
tries=$((tries + 1))
# Check network reachability with ping
ping -c 1 "$(echo "${target_host}" | awk -F'@' '{print $NF}')" >/dev/null 2>&1 #Extract IP/hostname from username@host
if [ $? -eq 0 ]; then
# Network is reachable, try SSH
ssh -q -o "ConnectTimeout=5" "${target_host}" 'exit 0'
if [ $? -eq 0 ]; then
echo "SSH is up. Connecting..."
ssh "${target_host}" &&
nixos-rebuild switch --flake "${flake}" --use-remote-sudo --target-host "${target_host}"
exit 0
else
echo "SSH not yet available (attempt $tries/$MAX_TRIES). Waiting..."
fi
else
echo "Host is not reachable via ping (attempt $tries/$MAX_TRIES). Waiting..."
fi
if [ $tries -ge $MAX_TRIES ]; then
echo "Maximum attempts reached. SSH still not available."
exit 1
fi
sleep "$SLEEP_SECONDS"
done
echo "---DEPLOYMENT DONE!---"

317
configs/programs/scripts/git-extract.py
View file

@ -1,317 +0,0 @@
# flake8: noqa: E501
import subprocess
import os
import tempfile
import shutil
import argparse
import magic
import chardet
import math
def is_ascii(file_path):
"""
Checks if a file contains only ASCII characters.
Args:
file_path (str): The path to the file.
Returns:
bool: True if the file contains only ASCII characters, False otherwise.
None: If the file does not exist.
"""
if not os.path.exists(file_path):
return None # Indicate file not found.
try:
with open(file_path, "r", encoding="ascii") as f:
f.read() # Attempt to read the entire file as ASCII
return True
except UnicodeDecodeError:
return False
def has_high_entropy(file_path, threshold=0.7):
"""
Checks if a file has high entropy, which might indicate it's not text.
Args:
file_path (str): The path to the file.
threshold (float): Entropy threshold above which it's considered high entropy.
Returns:
bool: True if entropy is above the threshold, False otherwise.
None: If the file does not exist.
"""
if not os.path.exists(file_path):
return None
try:
with open(file_path, "rb") as f: # Important: Read as binary
data = f.read()
except IOError:
return True # Treat as non-text if there is an I/O error
if not data:
return False # empty files considered text
entropy = calculate_entropy(data)
return entropy > threshold
def calculate_entropy(data):
"""
Calculates the entropy of a byte string.
Args:
data (bytes): The byte string.
Returns:
float: The entropy.
"""
if not data:
return 0.0 # Avoid log(0)
entropy = 0
data_length = len(data)
seen_bytes = bytearray(range(256)) # All possible byte values
counts = [0] * 256
for byte in data:
counts[byte] += 1
for byte in seen_bytes:
probability = float(counts[byte]) / data_length
if probability > 0:
entropy -= probability * math.log(probability, 2)
return entropy
def check_chardet_encoding(file_path, confidence_threshold=0.8):
"""
Checks the file encoding using chardet library.
Args:
file_path (str): The path to the file.
confidence_threshold (float): The minimum confidence level for encoding detection.
Returns:
bool: True if the encoding is detected with high confidence and is a text encoding, False otherwise.
None: If the file does not exist.
"""
if not os.path.exists(file_path):
return None
try:
with open(file_path, "rb") as f: # Important: Read as binary
data = f.read()
except IOError:
return False # If file can't be opened, assume it's not a simple text file.
if not data:
return True # Empty files are usually considered text
result = chardet.detect(data)
encoding = result["encoding"]
confidence = result["confidence"]
if encoding and confidence > confidence_threshold:
# Check if it's a recognized text encoding (not binary or None)
if encoding != "binary" and encoding is not None:
return True
return False
def is_text_file(file_path, aggressive=False):
"""
Wrapper function to check if a file is a text file using multiple methods.
Args:
file_path (str): The path to the file.
aggressive (bool, optional): If True, combines all checks for stricter verification.
If False, returns True if any check passes. Defaults to False.
Returns:
bool: True if the file is a text file, False otherwise.
None: If the file does not exist.
"""
if not os.path.exists(file_path):
return None
# Basic checks
ascii_check = is_ascii(file_path)
if ascii_check is None:
return None # File not found
if aggressive:
# Run all checks and require them all to pass
high_entropy_check = not has_high_entropy(
file_path
) # Invert because we want to know if it DOESN'T have high entropy
chardet_check = check_chardet_encoding(file_path)
return ascii_check and high_entropy_check and chardet_check
else:
# Run checks and return True if any of them pass
high_entropy_check = not has_high_entropy(file_path)
chardet_check = check_chardet_encoding(file_path)
return ascii_check or high_entropy_check or chardet_check
def get_latest_text_files_to_stdout(remote_repo_url=None, ignored_files=None):
"""
Checks out the latest commit from a remote Git repository or the current
working directory (if no URL is provided) to a temporary folder,
and then prints the contents of all files identified as text files to stdout,
prepended by their relative paths from the repository root, excluding specified
ignored files. Supports "!" to specify includes only.
Args:
remote_repo_url: The URL of the remote Git repository (optional). If None,
the current working directory is assumed to be a Git repo.
ignored_files: A list of files or directories to ignore (relative to the repo root).
If a list contains a value starting with "!", it means "include only".
"""
temp_dir = None
if ignored_files is None:
ignored_files = []
# Ensure .git and .gitignore are always ignored (unless include only is specified)
include_only = any(item.startswith("!") for item in ignored_files)
if not include_only:
ignored_files.extend([".git", ".gitignore"])
ignored_files = list(set(ignored_files)) # remove duplicates
# Determine if "include only" is active and extract the include paths
include_only = any(item.startswith("!") for item in ignored_files)
include_paths = [item[1:] for item in ignored_files if item.startswith("!")]
ignore_paths = [item for item in ignored_files if not item.startswith("!")]
try:
# Create a temporary directory
temp_dir = tempfile.mkdtemp()
# Clone the repository, but only the latest commit (shallow clone)
clone_command = ["git", "clone", "--depth", "1"]
if remote_repo_url:
clone_command.extend([remote_repo_url, temp_dir])
else:
# Check if the current directory is a Git repository.
try:
subprocess.run(
["git", "rev-parse", "--is-inside-work-tree"],
check=True,
capture_output=True,
text=True,
cwd=os.getcwd(),
) # run in current directory
except subprocess.CalledProcessError:
raise ValueError(
"No Git repository URL provided and current directory is not a Git repository."
)
clone_command.extend([os.getcwd(), temp_dir]) # clone current dir to temp
subprocess.run(clone_command, check=True, capture_output=True, text=True)
# Find all files and filter for text files
text_files = []
for root, _, files in os.walk(temp_dir):
for file in files:
file_path = os.path.join(root, file)
relative_path = os.path.relpath(file_path, temp_dir)
if include_only:
# Include only logic
include = False
for include_path in include_paths:
if relative_path.startswith(include_path):
include = True
break
if not include:
continue # Skip if not in include paths
else:
# Ignore logic (standard ignore)
ignore = False
path_components = relative_path.split(
os.sep
) # split based on OS-specific path separator
current_path = ""
for component in path_components:
current_path = (
os.path.join(current_path, component)
if current_path
else component
) # prevent empty first join
if current_path in ignore_paths:
ignore = True
break
if ignore:
continue
if is_text_file(file_path): # Use the is_text_file function
text_files.append(file_path)
# Print the contents of each text file, prepended by its relative path
for file_path in text_files:
relative_path = os.path.relpath(file_path, temp_dir)
print(f"--- {relative_path} ---")
try:
with open(file_path, "r", encoding="utf-8") as f: # Use UTF-8 encoding
print(f.read())
except UnicodeDecodeError:
print(
f"Error: Could not decode file {relative_path} using UTF-8. Skipping file contents."
) # handle binary or other non-UTF-8 encodings
print() # Add a blank line between files
except subprocess.CalledProcessError as e:
print(f"Error executing Git command: {e.stderr}")
except ValueError as e:
print(e)
except Exception as e:
print(f"An error occurred: {e}")
finally:
# Clean up the temporary directory
if temp_dir:
shutil.rmtree(temp_dir)
if __name__ == "__main__":
parser = argparse.ArgumentParser(
description="Checkout and print text files from a remote Git repository."
)
parser.add_argument(
"-r",
"--repo",
required=False,
help="The URL of the remote Git repository. If not provided, the current directory is used if it's a Git repository.",
)
parser.add_argument(
"-i",
"--ignored-files",
nargs="+",
default=[],
help="Files or directories to ignore (space-separated). Use !<path> to specify include only.",
)
args = parser.parse_args()
remote_repository_url = args.repo
ignored_files = args.ignored_files
# Verify the URL only if it's provided
if remote_repository_url:
if (
"github.com" not in remote_repository_url
and "gitlab.com" not in remote_repository_url
and "bitbucket.org" not in remote_repository_url
):
print(
"Warning: This script is designed for common public repository hosting providers. Ensure the Git URL is correct."
)
get_latest_text_files_to_stdout(remote_repository_url, ignored_files)

16
configs/programs/starship.nix
View file

@ -1,16 +0,0 @@
{
home-manager.users.rafiq = {
programs.starship = {
enable = true;
settings = {
add_newline = false;
format = "$character";
right_format = "$all";
character = {
success_symbol = "[\\$](bold green)";
error_symbol = "[\\$](bold red)";
};
};
};
};
}

36
configs/programs/stylix.nix
View file

@ -1,36 +0,0 @@
{ inputs, ... }:
let
opacity = 0.8;
toImport = [
./themes/cursors/banana-cursor.nix
./themes/colourschemes/darkviolet.nix
./themes/fonts/sauce-code-pro.nix
{
# Put options that exist in both NixOS and home-manager modules here.
stylix = {
enable = true;
image = ./media/wallpaper.jpg;
opacity = {
applications = opacity;
desktop = opacity;
popups = opacity;
terminal = opacity;
};
};
}
];
in
{
# Enable basic fonts for reasonable Unicode coverage
fonts.enableDefaultPackages = true;
imports = [ inputs.stylix.nixosModules.stylix ] ++ toImport;
home-manager.users.rafiq.imports = [ inputs.stylix.homeManagerModules.stylix ] ++ toImport;
# Put options that only exist in the NixOS module here.
stylix.homeManagerIntegration.autoImport = false;
stylix.homeManagerIntegration.followSystem = false;
# Put options that only exist in the home-manager module here.
# home-manager.users.rafiq.stylix = {};
}

8
configs/programs/tealdeer.nix
View file

@ -1,8 +0,0 @@
{
home-manager.users.rafiq = {
programs.tealdeer = {
enable = true;
enableAutoUpdates = true;
};
};
}

4
configs/programs/themes/colourschemes/3024.nix
View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/3024.yaml";
}

4
configs/programs/themes/colourschemes/black-metal.nix
View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/black-metal.yaml";
}

4
configs/programs/themes/colourschemes/bright.nix
View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/bright.yaml";
}

4
configs/programs/themes/colourschemes/catppuccin-mocha.nix
View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
}

4
configs/programs/themes/colourschemes/darkviolet.nix
View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/darkviolet.yaml";
}

8
configs/programs/themes/cursors/banana-cursor.nix
View file

@ -1,8 +0,0 @@
{ pkgs, ... }:
{
stylix.cursor = {
name = "Banana";
package = pkgs.banana-cursor;
size = 22;
};
}

29
configs/programs/themes/fonts/0xProto.nix
View file

@ -1,29 +0,0 @@
{pkgs, ...}: {
fonts.packages = with pkgs; [
nerd-fonts._0xproto
];
stylix.fonts = {
serif = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "0xProto Nerd Font";
};
sansSerif = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "0xProto Nerd Font";
};
emoji = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "0xProto Nerd Font";
};
monospace = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "0xProto Nerd Font Mono";
};
sizes = {
applications = 16;
desktop = 12;
popups = 12;
terminal = 16;
};
};
}

29
configs/programs/themes/fonts/3270.nix
View file

@ -1,29 +0,0 @@
{pkgs, ...}: {
fonts.packages = with pkgs; [
nerd-fonts._3270
];
stylix.fonts = {
serif = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "3270 Nerd Font";
};
sansSerif = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "3270 Nerd Font";
};
emoji = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "3270 Nerd Font";
};
monospace = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "3270 Nerd Font Mono";
};
sizes = {
applications = 16;
desktop = 12;
popups = 12;
terminal = 16;
};
};
}

21
configs/programs/themes/fonts/sauce-code-pro.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
stylix.fonts = {
# packages = [ pkgs.nerd-fonts.sauce-code-pro ];
emoji.name = "SauceCodePro Nerd Font";
emoji.package = pkgs.nerd-fonts.sauce-code-pro;
monospace.name = "SauceCodePro Nerd Font Mono";
monospace.package = pkgs.nerd-fonts.sauce-code-pro;
sansSerif.name = "SauceCodePro Nerd Font";
sansSerif.package = pkgs.nerd-fonts.sauce-code-pro;
serif.name = "SauceCodePro Nerd Font";
serif.package = pkgs.nerd-fonts.sauce-code-pro;
sizes = {
applications = 16;
desktop = 12;
popups = 12;
terminal = 16;
};
};
}

29
configs/programs/themes/fonts/terminess.nix
View file

@ -1,29 +0,0 @@
{pkgs, ...}: {
fonts.packages = with pkgs; [
nerd-fonts.terminess-ttf
];
stylix.fonts = {
serif = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "Terminess Nerd Font";
};
sansSerif = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "Terminess Nerd Font";
};
emoji = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "Terminess Nerd Font";
};
monospace = {
package = pkgs.nerd-fonts.terminess-ttf;
name = "Terminess Nerd Font Mono";
};
sizes = {
applications = 16;
desktop = 12;
popups = 12;
terminal = 16;
};
};
}

6
configs/programs/waybar.nix
View file

@ -1,6 +0,0 @@
{
home-manager.users.rafiq.programs.waybar = {
enable = true;
settings = [ ];
};
}

113
configs/programs/yazi.nix
View file

@ -1,113 +0,0 @@
{
pkgs,
...
}:
let
yazi-plugins = pkgs.fetchFromGitHub {
owner = "yazi-rs";
repo = "plugins";
rev = "273019910c1111a388dd20e057606016f4bd0d17";
hash = "sha256-80mR86UWgD11XuzpVNn56fmGRkvj0af2cFaZkU8M31I=";
};
in
{
home-manager.users.rafiq = {
programs.yazi = {
enable = true;
shellWrapperName = "t";
# yazi.toml
settings = {
manager = {
sort_by = "natural"; # Sort naturally, e.g. 1.md < 2.md < 10.md
sort_translit = true; # Transliterate filenames for sorting
show_hidden = true;
};
plugin = {
prepend_preloaders = [
{
mime = "{audio,video,image}/*";
run = "mediainfo";
}
{
mime = "application/subrip";
run = "mediainfo";
}
];
prepend_previewers = [
{
name = "*.md";
run = "glow";
}
{
mime = "{audio,video,image}/*";
run = "mediainfo";
}
{
mime = "application/subrip";
run = "mediainfo";
}
];
};
};
# ~/.config/yazi/keymap.toml
keymap = {
manager.prepend_keymap = [
{
on = "l";
run = "plugin smart-enter";
desc = "Enter the child directory or open the file.";
}
{
on = "M";
run = "plugin mount";
desc = "Open the mount.yazi menu.";
}
];
};
plugins = {
full-border = "${yazi-plugins}/full-border.yazi";
smart-enter = "${yazi-plugins}/smart-enter.yazi";
mount = "${yazi-plugins}/mount.yazi";
glow = pkgs.fetchFromGitHub {
owner = "Reledia";
repo = "glow.yazi";
rev = "c76bf4fb612079480d305fe6fe570bddfe4f99d3";
sha256 = "sha256-DPud1Mfagl2z490f5L69ZPnZmVCa0ROXtFeDbEegBBU=";
};
mediainfo = pkgs.fetchFromGitHub {
owner = "boydaihungst";
repo = "mediainfo.yazi";
rev = "447fe95239a488459cfdbd12f3293d91ac6ae0d7";
sha256 = "sha256-U6rr3TrFTtnibrwJdJ4rN2Xco4Bt4QbwEVUTNXlWRps=";
};
starship = pkgs.fetchFromGitHub {
owner = "Rolv-Apneseth";
repo = "starship.yazi";
rev = "6c639b474aabb17f5fecce18a4c97bf90b016512";
sha256 = "sha256-bhLUziCDnF4QDCyysRn7Az35RAy8ibZIVUzoPgyEO1A=";
};
};
initLua = ''
require("full-border"):setup()
require("starship"):setup({
config_file = "${./yazi/starship.toml}",
})
'';
};
home.packages = with pkgs; [
jq # JSON preview
poppler_utils # PDF preview
_7zz # archive extraction and preview
ffmpeg
ffmpegthumbnailer # video thumbnails
fd # file searching
ripgrep # file content searching
fzf # quick file subtree navigation
zoxide # historical directories navigation
imagemagick # SVG, font, HEIC, JPEG preview
chafa # image/gif preview
glow # markdown preview
mediainfo # media metadata
];
};
}

1
configs/programs/yazi/starship.toml
View file

@ -1 +0,0 @@
format = "$all"

27
configs/programs/zellij.nix
View file

@ -1,27 +0,0 @@
{
home-manager.users.rafiq = {
programs.zellij = {
enable = true;
attachExistingSession = true;
settings = {
show_startup_tips = false;
pane_frames = false;
keybinds.unbind = [
"Ctrl h"
];
};
};
xdg.configFile."zellij/layouts/default.kdl".text = # kdl
''
layout {
pane
pane size=1 borderless=true {
plugin location="tab-bar"
}
pane size=1 borderless=true {
plugin location="status-bar"
}
}
'';
};
}

7
configs/programs/zoxide.nix
View file

@ -1,7 +0,0 @@
{
home-manager.users.rafiq = {
programs.zoxide = {
enable = true;
};
};
}

36
configs/programs/zsh.nix
View file

@ -1,36 +0,0 @@
{
pkgs,
config,
...
}:
{
programs.zsh = {
enable = true;
};
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ]; # enables completion
home-manager.users.rafiq = {
programs.zsh = {
enable = true;
enableCompletion = true;
enableVteIntegration = true;
dirHashes = {
repos = "$HOME/GitRepos";
dl = "$HOME/Downloads";
};
initContent = # zsh
''
# Bind CTRL+Backspace to delete whole word
bindkey '^H' backward-kill-word
'';
# TODO: Look into whether we need to add the history attribute
plugins = [
{
name = "vi-mode";
src = pkgs.zsh-vi-mode;
file = "share/zsh-vi-mode/zsh-vi-mode.plugin.zsh";
}
];
};
};
}

13
configs/secrets/.sops.yaml
View file

@ -1,13 +0,0 @@
keys:
- &admin age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
- &nemesis age1sq4n2ywk6h94a0r5rye6vzkqy5x6ae736faqregz8u2ku8ttepeqqh5crh
- &apollo age1yputfxttcyw9w6e9l3tkdyw73tr6z20r90twmrpktl44alywnu5s934fx9
- &orpheus age18jrr030n2u3wn4pvrsxv0jwgyr20pr0fqhtyk3pk4880pd3a69wqhz8rec
creation_rules:
- path_regex: .(yaml|json|env|ini)$
key_groups:
- age:
- *admin
- *nemesis
- *apollo
- *orpheus

50
configs/secrets/secrets.yaml
View file

@ -1,50 +0,0 @@
ts_auth_key: ENC[AES256_GCM,data:2/pabfBT8KAGLKDytTMrhSBX8xr/TyJbX0mAsMlzmniyK9GT0xTAq3LsRfNLyCitSVauWIXwPYFia78NCw==,iv:PBDp4+SP9yVRJtmMmvJxUQju6qTOB7cJGSQZIbRSLm8=,tag:ZYDRlMrmmwwvxs71IV3dmQ==,type:str]
cwp_jira_link: ENC[AES256_GCM,data:7YwR5ajQDcyZgUGgMonajBV7DG/wlxsbxpiagMaPCBk=,iv:loFSGCV4no/azjIRYxjZHDkrrJmH0nzGlF8t0o0yfo4=,tag:pQYLLq4fu7T8Z03GvrJ+3A==,type:str]
cwp_jira_pat: ENC[AES256_GCM,data:+4VnPikwuSPHdPj9xihuFeht1FPYdZHcHxYNjKMwU2MU7VC4cOUA9vpcEgk=,iv:8f8Z/V9LnuTFdCsqJhaa55BL0ibgSW8PUQoW7FxAOZE=,tag:XL/Xf1QaNLiLT2m/dWcrKw==,type:str]
gemini_api_key: ENC[AES256_GCM,data:Kh1Kya8O6lqN0MMK1OMn/BHw51XDOAroSrOL3h4K8r6VorAwHTZw,iv:Gxg13mHBID7Gv4du+484IF1q7LFOCvtyzWMHG+IBUVM=,tag:jcjmKveybkET4RFOV4F8PQ==,type:str]
rafiq:
password: ENC[AES256_GCM,data:jzCXis5eIJpbWjsPMDVNZvMCbqp7QCUd7Drya0Al3QO0ExsoE6CNVzrbw4AyvKEgiUd0y9a5rKiwUBwGUoYVwxK0tkrOnB37+g==,iv:SsQIUB8OxgnxvjAyrfZzgEdGbaGGrL7zVwO5Of9D/Xw=,tag:iHNY8+nI9RnuM58SmGrV6Q==,type:str]
services:
wakapi_password_salt: ENC[AES256_GCM,data:HwyQhdxFvzMgoZNGjyockh6bXnh/lvV6sZHiqAdJTas=,iv:hwgpLtntjphf0OnVO+TBElYRvZpsoQdp37nuYKRRo8c=,tag:l+7M2RqoB68IvBi3LXlw9g==,type:str]
sops:
age:
- recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeDl4RWdJS0l5UXZ0VWZH
WGRJNUR5aFk4NE5BUHNZcWpqdE05Q3hadFU0CkQ3VnZFbnl2RmRxcS96ZUJvYkVM
dXlrTFNMVmlrdEJTanFxem92bWFzVDAKLS0tIHVpRC9jOWs4STVhME1udU9Vb1Ni
eHZTcTcwaDZUTVU2STZuZlMwanZmd1UKHUsjun7v6OtEXoGM62H90e2fIX0ree6D
QWIGmAd8ZrzmfcgduPnq0h77TTBG7OGnVfeSNpG+l3s2U7RvNLBH5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sq4n2ywk6h94a0r5rye6vzkqy5x6ae736faqregz8u2ku8ttepeqqh5crh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSXRIUURHQ2MrN3RjNyta
N0xJSjRPRjBwNTdHWXByeVprTjBndE1GVG1ZCi9HZXFqOFhOSU5CcEdGdnhLcHJI
RUlKSDJzNkJiZTMydERITmM0Z3JSTVEKLS0tIDFMUFovWFFYY0xLQW9aL0Q3RVph
eHpJK2dUMzVva0hiT2NqcDlKUTJ3cVkKfg18Tyi3vZRCb/7drrfH78ymow1N0/y3
QPwadV/rddQypO4tsags7z1POP3ryhSwPonjGacR99ziKWAsfYso5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yputfxttcyw9w6e9l3tkdyw73tr6z20r90twmrpktl44alywnu5s934fx9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VEFwbXQ2T3pCMUg4ZXpL
OFlHZkJXOUpEVWFxSERqczQ5eDZpMExrQVRBCnlqYkhVY2QxSnBzRUJtTjR1dWpZ
VzZUbTVNMzFDMXpUQmNrWmIweEFSQkEKLS0tIDJOMjhNa2lYOGs2czVnNktVTk9F
eDM3eUhMRzFWMGV1aXV6dVhCd3V5SFUKKPAh+O5Sha63HNhCu73Zyy3qmkowD9Ro
Zfw6rioUMofa9TZX7D1hX4HsNTGUhyMgx9qoTGOJoED3H31D/+fRVw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18jrr030n2u3wn4pvrsxv0jwgyr20pr0fqhtyk3pk4880pd3a69wqhz8rec
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseXc4SDBtYTNEUERkUDJz
MnhjZk5hSGt6WUdXWnNhRWhSRytIeFpId2owCjdoWEFBNEIyNk5HYmVHbHNNdkpJ
cU45cytTQXpEaEIzaHg5dFZqNkxLUk0KLS0tIE43emd6b1pqOE1ndDhHYnY3TUNM
TktUSFpxTXdKMUhFQ1BOMmR1VVFWNVkKwy3T9QCsg6gXZilufMtbls0HB5of38Pr
YPzVeadsYlglg3/gBtDP4WyKBwYOQks2BbMTijqlMXBIl5JP7odVuw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T08:40:12Z"
mac: ENC[AES256_GCM,data:VW73D6gTk+baPMlrZ8xkQ56VeuNPfxgzHr4T82SWXBS/Wn99a1SxWucATjhAeh6rHW9i25+v0S+aTCDHlJmcUxSC3cDLqbp2yXLfZHqvXl+H/4xh9KPSfDgq5K42N5OfTbaFH/o4xa7pw3komYmxalIsodZBmkhkEP8t5fevIwo=,iv:xE5MNTkpaGjYaG7RkzH14VDrA/b7dYuyTfYreOm20zQ=,tag:UKu+ejycVRjhaZpLaOLP+w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

21
configs/security.nix
View file

@ -1,21 +0,0 @@
{ inputs, ... }:
{
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
defaultSopsFile = ./secrets/secrets.yaml;
age.sshKeyPaths = [ "/home/rafiq/.ssh/id_ed25519" ];
secrets = {
"rafiq/password".neededForUsers = true;
"services/wakapi_password_salt" = { };
ts_auth_key = { };
cwp_jira_link = { };
cwp_jira_pat = { };
gemini_api_key = { };
};
};
security.sudo.wheelNeedsPassword = false;
}

6
configs/services.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./services/wakapi.nix
./services/nginx.nix
];
}

21
configs/services/nginx.nix
View file

@ -1,21 +0,0 @@
{
services.nginx = {
enable = true;
defaultListen = [
{
addr = "0.0.0.0";
port = 18080;
}
];
virtualHosts = {
localhost = {
locations."/" = {
return = "200 '<html><body>It works</body></html>'";
extraConfig = ''
default_type text/html;
'';
};
};
};
};
}

14
configs/services/wakapi.nix
View file

@ -1,14 +0,0 @@
{ config, ... }:
{
services.wakapi = {
enable = true;
passwordSaltFile = config.sops.secrets."services/wakapi_password_salt".path;
settings = {
server = {
listen_ipv4 = "0.0.0.0";
listen_ipv6 = "-";
port = 3000;
};
};
};
}

43
configs/shell.nix
View file

@ -1,43 +0,0 @@
{ pkgs, config, ... }:
{
imports = [
./programs/scripts
./programs/aichat.nix
./programs/comma.nix
./programs/direnv.nix
./programs/editorconfig.nix
./programs/git.nix
./programs/hyfetch.nix
./programs/nh.nix
./programs/nvf.nix
./programs/starship.nix
./programs/tealdeer.nix
./programs/yazi.nix
./programs/zellij.nix
./programs/zoxide.nix
./programs/zsh.nix
];
environment.shellInit = # sh
''
export CWP_JIRA_LINK=$(sudo cat ${config.sops.secrets.cwp_jira_link.path})
export CWP_JIRA_PAT=$(sudo cat ${config.sops.secrets.cwp_jira_pat.path})
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets.gemini_api_key.path})
'';
home-manager.users.rafiq.home = {
shell.enableShellIntegration = true;
shellAliases = {
cd = "z";
v = "$EDITOR";
l = "eza -1lah --git --time-style '+%Y-%m-%d %H:%M'";
# Thanks to https://www.reddit.com/r/NixOS/comments/fsummx/comment/fm3jbcm/!
list-all-packages = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq";
};
packages = with pkgs; [
devenv
eza
];
};
}

30
configs/users.nix
View file

@ -1,30 +0,0 @@
{ config, ... }:
{
time.timeZone = "Asia/Singapore";
i18n.defaultLocale = "en_SG.UTF-8";
users = {
mutableUsers = false; # Always reset users on system activation
groups.users = {
gid = 100;
members = [ "rafiq" ];
};
users.rafiq = {
isNormalUser = true;
description = "rafiq";
hashedPasswordFile = config.sops.secrets."rafiq/password".path;
uid = 1000;
linger = true; # keep user services running
extraGroups = [
"networkmanager"
"wheel"
"audio" # Pipewire
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"
];
};
};
}

768
flake.lock generated
View file

@ -1,768 +0,0 @@
{
"nodes": {
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1746562888,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1744642301,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1732369855,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "47.2",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746912617,
"narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9ef92f1c6b77944198fd368ec805ced842352a1d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hyprcloser": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1744084093,
"narHash": "sha256-bpEwRp65rBFX/OMCrA4FOL3HFfG3iJUIbHve8lgMmtY=",
"owner": "rrvsh",
"repo": "hyprcloser",
"rev": "10ca3bef2eff033fd1d88ffbfb80855335cc0131",
"type": "github"
},
"original": {
"owner": "rrvsh",
"repo": "hyprcloser",
"type": "github"
}
},
"hyprshaders": {
"flake": false,
"locked": {
"lastModified": 1734682301,
"narHash": "sha256-vZMg5gZUfI3LDOyIKqL+qDOs+lAhmvclGH2crcTvX0M=",
"owner": "0x15BA88FF",
"repo": "hyprshaders",
"rev": "efe1f79c28692a315b7a6aaaaee0e4047e2d4a57",
"type": "github"
},
"original": {
"owner": "0x15BA88FF",
"repo": "hyprshaders",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"mnw": {
"locked": {
"lastModified": 1746338991,
"narHash": "sha256-GbyoHjf14LOxZQc+0NFblI4xf/uwGrYo3W8lwE4HcwI=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "c65407ee9387ef75985dad3e30f58c822c766ec1",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "mnw",
"type": "github"
}
},
"nil": {
"inputs": {
"flake-utils": [
"nvf",
"flake-utils"
],
"nixpkgs": [
"nvf",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1741118843,
"narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=",
"owner": "oxalica",
"repo": "nil",
"rev": "577d160da311cc7f5042038456a0713e9863d09e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "nil",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746410227,
"narHash": "sha256-F2gKEIBfqfeQUcvMg0YD3xRnJIPyEgINR+ouTedoAtg=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "3b68db5adeda4b4ac018aea0acf8ebb4941c4b15",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746330942,
"narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "137fd2bd726fff343874f85601b51769b48685cc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1746814339,
"narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1746056780,
"narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "d476cd0972dd6242d76374fcc277e6735715c167",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nvf": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"flake-utils": [
"flake-utils"
],
"mnw": "mnw",
"nil": "nil",
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1746852864,
"narHash": "sha256-4pE761eSft4GUboGMdseBC7WvfY81CMHuCuxnVy9PwI=",
"owner": "NotAShelf",
"repo": "nvf",
"rev": "fee3bbe536b5bf484aedebafa5130b485068b64f",
"type": "github"
},
"original": {
"owner": "NotAShelf",
"repo": "nvf",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"hyprcloser": "hyprcloser",
"hyprshaders": "hyprshaders",
"impermanence": "impermanence",
"nix-gaming": "nix-gaming",
"nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nvf": "nvf",
"sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix",
"stylix": "stylix",
"systems": "systems"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nvf",
"nil",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741055476,
"narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "aefb7017d710f150970299685e8d8b549d653649",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746485181,
"narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"spicetify-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1746738008,
"narHash": "sha256-bIMysaVhNyjuFgt8QpnGZv0T4YMao26Vz5R/xfYAJO0=",
"owner": "Gerg-L",
"repo": "spicetify-nix",
"rev": "a43fae27f33f8d3e793a6ca2946190cb24a00b03",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "spicetify-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat",
"flake-utils": [
"flake-utils"
],
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": [
"systems"
],
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1746920920,
"narHash": "sha256-ENbL0XE1+mcZOPfyyzOSGOm8gxr8jYRFmEqjY6bypIs=",
"owner": "danth",
"repo": "stylix",
"rev": "382ec4b31a1c5ce7bac233d31fbe018b17d974b0",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1744974599,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1745111349,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

88
flake.nix
View file

@ -1,88 +0,0 @@
{
outputs =
{
self,
...
}@inputs:
let
myLib = import ./lib {
inherit self inputs;
workingDir = ./.;
};
in
{
nixosConfigurations = builtins.listToAttrs [
(myLib.mkSystem "graphical" "nemesis"
"nvme-nvme.c0a9-323332354536453737343334-435432303030503353534438-00000001"
)
(myLib.mkSystem "headless" "apollo" "/dev/disk/by-id/nvme-eui.002538d221b47b01")
];
};
inputs = {
impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
systems.url = "github:nix-systems/default";
disko = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/disko/latest";
};
flake-utils = {
inputs.systems.follows = "systems";
url = "github:numtide/flake-utils";
};
flake-parts = {
url = "github:hercules-ci/flake-parts";
};
home-manager = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/home-manager";
};
hyprcloser = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:rrvsh/hyprcloser";
};
hyprshaders = {
flake = false;
url = "github:0x15BA88FF/hyprshaders";
};
nix-index-database = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/nix-index-database";
};
nix-gaming = {
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
url = "github:fufexan/nix-gaming";
};
nvf = {
inputs = {
flake-utils.follows = "flake-utils";
nixpkgs.follows = "nixpkgs";
systems.follows = "systems";
flake-parts.follows = "flake-parts";
};
url = "github:NotAShelf/nvf";
};
sops-nix = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:Mic92/sops-nix";
};
spicetify-nix = {
inputs = {
nixpkgs.follows = "nixpkgs";
systems.follows = "systems";
};
url = "github:Gerg-L/spicetify-nix";
};
stylix = {
inputs = {
flake-utils.follows = "flake-utils";
home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs";
systems.follows = "systems";
};
url = "github:danth/stylix";
};
};
}

9
hosts/apollo.nix
View file

@ -1,9 +0,0 @@
{
imports = [
../configs/filesystems/impermanence.nix
../configs/services.nix
];
boot-config.bootloader = "systemd-boot";
hardware-config.cpu = "intel";
service-glance.enable = true;
}

28
hosts/common.nix
View file

@ -1,28 +0,0 @@
{
lib,
hostname,
type,
...
}:
{
imports =
[
../configs/security.nix
../configs/users.nix
../configs/shell.nix
../configs/programs/stylix.nix
]
++ lib.optionals (type == "graphical") [
../configs/graphical.nix
];
nixosModules.enable = true;
nixosModules.hostname = hostname;
nixosModules.mainUser = "rafiq";
nix-config.enable = true;
boot-config.enable = true;
hardware-config.usbAutoMount = true;
nw-config.backend = "networkmanager";
hmModules.enable = true;
hmModules.mainApps.editor = "nvf";
}

21
hosts/eurus.nix
View file

@ -1,21 +0,0 @@
{
imports = [
../configs/filesystems/impermanence.nix
];
boot-config.bootloader = "systemd-boot";
hardware-config.cpu = "amd";
networking = {
interfaces.enp3s0.useDHCP = false; # Disable DHCP, we use static IP
interfaces.enp3s0.ipv4.addresses = [
{
address = "103.179.44.32";
prefixLength = 24; # Or 255.255.255.0
}
];
defaultGateway = "103.179.44.1"; # The gateway from the admin panel
nameservers = [
"1.1.1.1"
"1.0.0.1"
]; # DNS servers from the admin panel
};
}

26
hosts/nemesis.nix
View file

@ -1,26 +0,0 @@
{
boot-config.bootloader = "systemd-boot";
hardware-config.cpu = "amd";
hardware-config.gpu = "nvidia";
gaming.steam.enable = true;
fs-config.mountHeliosData = true;
nw-config.wol.enable = true;
nw-config.wol.interface = "enp12s0";
de.enable = true;
de.type = "hyprland";
de.enableSunshine = true;
fileSystems."/" = {
device = "/dev/disk/by-uuid/e5005ea6-6c5a-4ab3-9767-ce7772582024";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6BBE-0E70";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
}

28
lib/default.nix
View file

@ -1,28 +0,0 @@
{
inputs,
self,
workingDir,
...
}:
{
mkSystem = type: hostname: bootDisk: {
name = "${hostname}";
value = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit
self
inputs
type
hostname
bootDisk
;
};
modules = [
"${workingDir}/modules/nixos"
"${workingDir}/modules/hm"
"${workingDir}/hosts/common.nix"
"${workingDir}/hosts/${hostname}.nix"
];
};
};
}

64
modules/hm/default.nix
View file

@ -1,64 +0,0 @@
{
inputs,
config,
specialArgs,
lib,
...
}:
let
moduleName = "hmModules";
cfg = config."${moduleName}";
username = config.nixosModules.mainUser;
in
{
imports = [
inputs.home-manager.nixosModules.home-manager
./hardware.nix
./programs
];
options = {
"${moduleName}" = {
enable = lib.mkEnableOption "Enable ${moduleName}.";
mainApps = {
terminal = lib.mkOption {
type = lib.types.str;
default = "kitty";
example = "kitty";
description = "What terminal is the default.";
};
browser = lib.mkOption {
type = lib.types.str;
default = "firefox";
example = "firefox";
description = "What browser is the default.";
};
editor = lib.mkOption {
type = lib.types.str;
default = "nvf";
example = "nvf";
description = "What editor is the default.";
};
launcher = lib.mkOption {
type = lib.types.str;
default = "fuzzel";
example = "fuzzel";
description = "What launcher is the default.";
};
};
};
};
config = lib.mkIf cfg.enable {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = specialArgs;
users."${username}".home = {
username = username;
homeDirectory = "/home/${username}";
stateVersion = "25.05";
};
};
};
}

25
modules/hm/hardware.nix
View file

@ -1,25 +0,0 @@
{
config,
lib,
...
}:
let
username = config.nixosModules.mainUser;
in
{
config = lib.mkMerge [
(lib.mkIf config."hardware-config".usbAutoMount {
home-manager.users.${username}.services.udiskie = {
enable = true;
settings = {
# workaround for
# https://github.com/nix-community/home-manager/issues/632
program_options = {
# replace with your favorite file manager
file_manager = "yazi";
};
};
};
})
];
}

23
modules/hm/programs/default.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
username = config.nixosModules.mainUser;
in
{
imports = [
./hyprland.nix
./editor.nix
];
config = lib.mkMerge [
{
home-manager.users."${username}".home.packages = with pkgs; [
pulsemixer
];
}
];
}

28
modules/hm/programs/editor.nix
View file

@ -1,28 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
username = config.nixosModules.mainUser;
in
{
config = lib.mkIf (config.hmModules.mainApps.editor == "nvf") (
lib.mkMerge [
{
nix.settings.substituters = [ "https://nvf.cachix.org" ];
nix.settings.trusted-public-keys = [
"nvf.cachix.org-1:GMQWiUhZ6ux9D5CvFFMwnc2nFrUHTeGaXRlVBXo+naI="
];
home-manager.users.${username} = {
imports = [
inputs.nvf.homeManagerModules.default
./nvf/core.nix
];
};
}
]
);
}

158
modules/hm/programs/hyprland.nix
View file

@ -1,158 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.home-manager.users."${config.nixosModules.mainUser}" = lib.mkMerge [
(lib.mkIf (config.de.type == "hyprland") {
xdg.configFile."uwsm/env".text = # sh
''
export XCURSOR_SIZE=32
# Nvidia Settings
export LIBVA_DRIVER_NAME=nvidia
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export NVD_BACKEND=direct # needed for running vaapi-driver on later drivers"
export NIXOS_OZONE_WL=1
'';
wayland.windowManager.hyprland = {
enable = true;
package = null;
portalPackage = null;
systemd.enable = false;
settings = {
"$mainMonitor" = "desc:OOO AN-270W04K";
"$vertMonitor" = "desc:Philips Consumer Electronics Company PHL 246V5 AU11330000086";
"$mainMod" = "SUPER";
"$hyper" = "CONTROL_SHIFT_ALT_SUPER";
"$meh" = "CONTROL_SHIFT_ALT";
"$terminal" = "uwsm app -- kitty -1";
"$browser" = "uwsm app -- firefox";
"$launcher" = "uwsm app -- fuzzel";
"$lockscreen" = "uwsm app -- hyprlock";
"$clipboard" = "$terminal --class clipse -e clipse";
"$multiplexer" = "$terminal -e zellij";
exec-once = [
"uwsm app -- hyprlock"
"uwsm app -- clipse -listen"
"uwsm app -- hyprcloser"
"uwsm app -- waybar"
];
# Programs to run at startup
exec = [
"uwsm app -- hyprshade auto"
];
# Monitors
monitor = [
"$mainMonitor, 3840x2160@60, auto, 2"
"$vertMonitor, 1920x1080@60, auto-left, auto, transform, 3"
", preferred, auto, 1"
];
xwayland.force_zero_scaling = true;
env = [
"GDK_SCALE,2"
"XCURSOR_SIZE,32"
];
# Switching to the current workspace will switch to the previous
binds.workspace_back_and_forth = true;
cursor.default_monitor = "$mainMonitor";
# Windows
general = {
# Make there be no gaps in between windows or edges
border_size = 0;
no_border_on_floating = true;
gaps_in = 0;
gaps_out = 0;
resize_on_border = true;
};
decoration = {
active_opacity = 1;
inactive_opacity = 0.9;
};
windowrulev2 = [
"float, class:firefox, title:Picture-in-Picture"
"float, class:(clipse)"
"move cursor 0 0, class:(clipse)"
"size 622 652, class:(clipse)"
"noanim, class:(clipse)"
];
animation = [
"workspaces, 0, , "
];
# Keybinds
bind = [
"$mainMod, W, killactive"
"$mainMod, M, exec, uwsm stop"
"$mainMod, Up, fullscreen"
# Launch utilities
"$mainMod, return, exec, $multiplexer"
"$mainMod, O, exec, $browser"
"$mainMod, Escape, exec, $lockscreen"
"$mainMod, Space, exec, $launcher"
"$mainMod, V, exec, $clipboard"
"$mainMod_SHIFT, A, exec, hyprpicker -a"
# Window Settings
"$mainMod, H, cyclenext, visible"
"$mainMod, L, cyclenext, visible prev"
"$mainMod_ALT, H, movewindow, l"
"$mainMod_ALT, J, movewindow, d"
"$mainMod_ALT, K, movewindow, u"
"$mainMod_ALT, L, movewindow, r"
"ALT_SHIFT, H, resizeactive, -10% 0"
"ALT_SHIFT, J, resizeactive, 0 -10%"
"ALT_SHIFT, K, resizeactive, 0 10%"
"ALT_SHIFT, L, resizeactive, 10% 0"
# Workspace Settings
"$mainMod_CTRL, H, workspace, r-1"
"$mainMod_CTRL, L, workspace, r+1"
"$hyper, H, movetoworkspace, r-1"
"$hyper, L, movetoworkspace, r+1"
];
# Repeat when held
bindle = [
"SUPER, 6, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+"
"SUPER, 7, exec, ${pkgs.playerctl}/bin/playerctl previous"
"SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl play-pause"
"SUPER, 9, exec, ${pkgs.playerctl}/bin/playerctl next"
"SUPER, 0, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-"
"$meh, mouse_up, resizeactive, 10% 10%"
"$meh, mouse_down, resizeactive, -10% -10%"
];
bindm = [
"$meh, mouse:272, movewindow"
"$meh, mouse:273, resizewindow"
];
input = {
numlock_by_default = true;
follow_mouse = 2; # Click on a window to change focus
};
debug = {
damage_tracking = 0;
};
};
};
})
];
}

79
modules/hm/programs/nvf/core.nix
View file

@ -1,79 +0,0 @@
{ pkgs, ... }:
{
home.sessionVariables.EDITOR = "nvim";
programs.nvf = {
enable = true;
enableManpages = true;
settings.vim = {
viAlias = true;
vimAlias = true;
options = {
# Indentation
autoindent = true;
smartindent = true;
expandtab = true;
smarttab = true;
wrap = true;
shiftwidth = 2;
tabstop = 2;
foldlevel = 1000; # Open all folds by default
# Search
hlsearch = true;
ignorecase = true;
incsearch = true;
smartcase = true; # case-sensitive if search contains uppercase
# Visual
number = true;
cursorline = true;
visualbell = true;
termguicolors = true;
# Input
backspace = "indent,eol,start";
};
keymaps = [
{
desc = "Open the file path under the cursor, making the file if it doesn't exist.";
key = "gf";
mode = "n";
action = ":cd %:p:h<CR>:e <cfile><CR>";
silent = true;
}
{
desc = "Delete the previous word.";
key = "<C-BS>";
mode = "i";
action = "<C-W>";
silent = true;
}
{
desc = "Open the filetree.";
key = "t";
mode = "n";
action = ":Yazi<CR>";
silent = true;
}
];
luaConfigRC.turn_off_inline_diagnostics =
# lua
''
vim.diagnostic.config({
virtual_text = false -- turn off inline diagnostics
})
'';
extraPlugins = with pkgs.vimPlugins; {
yuck-vim = {
package = yuck-vim;
};
nvim-treesitter-parsers = {
package = nvim-treesitter-parsers.yuck;
};
nvim-parinfer = {
package = nvim-parinfer;
};
};
};
};
}

59
modules/nixos/boot.nix
View file

@ -1,59 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
moduleName = "boot-config";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
enable = lib.mkEnableOption "Enable ${moduleName}.";
bootloader = lib.mkOption {
type = lib.types.str;
default = "";
example = "systemd-boot";
description = "What bootloader to use.";
};
};
};
config = lib.mkIf cfg.enable {
boot = {
loader =
{
timeout = 5;
efi.canTouchEfiVariables = true;
}
// lib.mkIf (cfg.bootloader == "systemd-boot") {
systemd-boot.enable = true;
systemd-boot.configurationLimit = 5;
};
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
initrd.availableKernelModules = [
"9p"
"9pnet_virtio"
"ahci"
"nvme"
"rtsx_pci_sdmmc"
"sd_mod"
"sr_mod"
"usb_storage"
"usbhid"
"virtio_blk"
"virtio_mmio"
"virtio_net"
"virtio_pci"
"virtio_scsi"
"xhci_pci"
];
};
services.dbus = {
enable = true;
};
};
}

86
modules/nixos/de.nix
View file

@ -1,86 +0,0 @@
{
config,
lib,
...
}:
let
moduleName = "de";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
enable = lib.mkEnableOption "Enable ${moduleName}.";
type = lib.mkOption {
type = lib.types.str;
default = "hsjaia";
example = "hyprland";
description = "What desktop environment should be installed on the host.";
};
enableSunshine = lib.mkEnableOption "Enable streaming with Sunshine.";
};
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
{
# Enable audio and other common config
security.rtkit.enable = true;
services.pipewire = {
enable = true;
extraConfig = { };
jack.enable = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
}
(lib.mkIf config.hmModules.enable {
home-manager.users."${config.nixosModules.mainUser}".services.spotifyd = {
enable = true;
settings = {
global = {
device_name = "${config.nixosModules.hostname}";
device_type = "computer";
zeroconf_port = 5353;
};
};
};
networking.firewall.allowedTCPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [ 5353 ];
})
(lib.mkIf (cfg.type == "hyprland") {
environment.loginShellInit = # sh
''
if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then
if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop
fi
fi
'';
programs.hyprland = {
enable = true;
withUWSM = true;
};
})
(lib.mkIf cfg.enableSunshine {
services.sunshine = {
enable = true;
capSysAdmin = true;
autoStart = true;
openFirewall = true;
settings = { };
applications = { };
};
})
]
);
}

41
modules/nixos/default.nix
View file

@ -1,41 +0,0 @@
{
config,
lib,
...
}:
let
moduleName = "nixosModules";
cfg = config."${moduleName}";
in
{
imports = [
./boot.nix
./de.nix
./hardware.nix
./nix-config.nix
./gaming.nix
./filesystems.nix
./networking.nix
./services/glance.nix
];
options = {
"${moduleName}" = {
enable = lib.mkEnableOption "Enable ${moduleName}.";
hostname = lib.mkOption {
type = lib.types.str;
default = "";
example = "goron";
description = "The name this machine will be known by.";
};
mainUser = lib.mkOption {
type = lib.types.str;
default = "";
example = "link";
description = "The main user of pantheon.";
};
};
};
config = lib.mkIf cfg.enable { };
}

25
modules/nixos/filesystems.nix
View file

@ -1,25 +0,0 @@
{
config,
lib,
...
}:
let
moduleName = "fs-config";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
mountHeliosData = lib.mkEnableOption "Mount helios SMB share to /media/helios/data.";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.mountHeliosData {
fileSystems."/media/helios/data" = {
device = "//helios/data";
fsType = "cifs";
};
})
];
}

39
modules/nixos/gaming.nix
View file

@ -1,39 +0,0 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
moduleName = "gaming";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
steam = {
enable = lib.mkEnableOption "Enable Steam.";
};
};
};
config = lib.mkMerge [
(lib.mkIf cfg.steam.enable {
programs.steam.enable = true;
environment.systemPackages = with pkgs; [
steam-run
wineWowPackages.stable
wine64
wineWowPackages.waylandFull
protonup
lutris
heroic
bottles
];
environment.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
};
})
];
}

88
modules/nixos/hardware.nix
View file

@ -1,88 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
moduleName = "hardware-config";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
cpu = lib.mkOption {
type = lib.types.str;
default = "";
example = "amd";
description = "What CPU is being used.";
};
gpu = lib.mkOption {
type = lib.types.str;
default = "";
example = "nvidia";
description = "What GPU is being used.";
};
usbAutoMount = lib.mkEnableOption "Enable auto mounting USB drives.";
};
};
config = lib.mkMerge [
(lib.mkIf (cfg.cpu != "") {
nixpkgs.hostPlatform = lib.mkIf (cfg.cpu == "amd" || cfg.cpu == "intel") "x86_64-linux";
# CPU Settings
boot.kernelModules =
lib.optionals (cfg.cpu == "intel") [ "kvm-intel" ]
++ lib.optionals (cfg.cpu == "amd") [ "kvm-amd" ];
hardware.cpu =
lib.mkIf (cfg.cpu == "intel") { intel.updateMicrocode = true; }
// lib.mkIf (cfg.cpu == "amd") { amd.updateMicrocode = true; };
})
(lib.mkIf (cfg.gpu == "nvidia") {
# Accept the license by default; needed for some packages.
nixpkgs.config.nvidia.acceptLicense = true;
nix.settings = {
substituters = [ "https://cuda-maintainers.cachix.org" ];
trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
services.xserver.videoDrivers = [ "nvidia" ];
environment.variables = {
GBM_BACKEND = "nvidia-drm";
LIBVA_DRIVER_NAME = "nvidia";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
};
hardware = {
enableRedistributableFirmware = true;
nvidia-container-toolkit.enable = true;
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
nvidia-vaapi-driver # hardware acceleration
];
};
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
nvidiaPersistenced = true;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
};
boot.initrd.availableKernelModules = [
"nvidia"
"nvidia_modeset"
"nvidia_uvm"
"nvidia_drm"
];
})
(lib.mkIf cfg.usbAutoMount {
services.udisks2 = {
enable = true;
mountOnMedia = true;
};
})
];
}

74
modules/nixos/networking.nix
View file

@ -1,74 +0,0 @@
{
config,
lib,
...
}:
let
moduleName = "nw-config";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
wol = {
enable = lib.mkEnableOption "Enable wake on lan.";
interface = lib.mkOption {
type = lib.types.str;
default = "";
example = "enp12s0";
description = "What interface to enable wake on lan for.";
};
};
backend = lib.mkOption {
type = lib.types.str;
default = "";
example = "networkmanager";
description = "What software to use to manage your networks.";
};
};
};
config = lib.mkMerge [
{
networking = {
hostName = config.nixosModules.hostname;
useDHCP = lib.mkDefault true;
firewall.enable = true;
};
}
{
services.openssh = {
enable = true;
settings.ClientAliveInterval = 60;
settings.ClientAliveCountMax = 3;
};
networking.firewall.allowedTCPPorts = [ 22 ];
}
{
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets.ts_auth_key.path;
};
}
(lib.mkIf (cfg.backend == "networkmanager") {
networking = {
networkmanager.enable = true;
networkmanager.wifi.backend = "iwd";
};
})
(lib.mkIf cfg.wol.enable {
networking.interfaces."${cfg.wol.interface}".wakeOnLan = {
enable = true;
policy = [
"phy"
"unicast"
"multicast"
"broadcast"
"arp"
"magic"
"secureon"
];
};
})
];
}

45
modules/nixos/nix-config.nix
View file

@ -1,45 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
moduleName = "nix-config";
cfg = config."${moduleName}";
in
{
options = {
"${moduleName}" = {
enable = lib.mkEnableOption "Enable ${moduleName}.";
};
};
config = lib.mkIf cfg.enable {
system.stateVersion = "24.11";
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
trusted-users = [ "@wheel" ];
# Add binary caches to avoid having to compile them
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
programs.nix-ld.enable = true;
};
}

108
modules/nixos/services/glance.nix
View file

@ -1,108 +0,0 @@
{
config,
lib,
...
}:
let
moduleName = "service-glance";
cfg = config."${moduleName}";
glancePort = 1227;
homeColumn = {
size = "full";
widgets = [
{
title = "Services";
type = "monitor";
cache = "1m";
sites = [
# https://simpleicons.org/
{
title = "Gitea";
icon = "si:gitea";
url = "https://gitea.bwfiq.com";
}
{
title = "LibreChat";
icon = "si:googlechat";
url = "https://chat.bwfiq.com";
}
];
}
{
title = "Newsletters";
type = "rss";
style = "detailed-list";
limit = 100000;
feeds = [
{
title = "selfh.st";
url = "https://selfh.st/rss/";
}
{
title = "This Week in Rust";
url = "https://this-week-in-rust.org/rss.xml";
}
];
}
{
title = "Blogs";
type = "rss";
style = "detailed-list";
limit = 100000;
feeds = [
{
title = "Makefile.feld";
url = "https://blog.feld.me/feeds/all.atom.xml";
}
{
title = "Xe Iaso";
url = "https://xeiaso.net/blog.rss";
}
{
title = "Alex Haydock";
url = "https://blog.infected.systems/posts/index.xml";
}
{
title = "journix.dev";
url = "https://journix.dev/feed.xml";
}
{
title = "Venam's Blog";
url = "https://venam.net/blog/feed.xml";
}
];
}
];
};
in
{
options = {
"${moduleName}" = {
enable = lib.mkEnableOption "Enable ${moduleName}.";
};
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
{
networking.firewall.allowedTCPPorts = [ glancePort ];
services.glance = {
enable = true;
settings.server = {
host = "0.0.0.0";
port = glancePort;
};
settings.pages = [
{
name = "Home";
columns = [
homeColumn
];
}
];
};
}
]
);
}