diff --git a/.gitignore b/.gitignore deleted file mode 100644 index de901db..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# gitignore -.pre-commit-config.* \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml index 835dd06..d65f997 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &rafiq age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + - &admin age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 creation_rules: - - path_regex: \.(yaml)$ + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - - *rafiq + - *admin diff --git a/docs/README.md b/docs/README.md deleted file mode 100644 index ff57ce6..0000000 --- a/docs/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Pantheon -This flake serves as a monorepo for my systems (using IaC), dotfiles, and scripts. -It's hosted at https://git.rrv.sh/rrvsh/pantheon, and mirrored to https://github.com/rrvsh/pantheon. - -## Structure -The system configurations are defined in [`flake.manifest`](nix/manifest.nix). -`flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey. -`flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. -`flake.modules.nixos.*` provide NixOS options and configurations. -The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. -You can use it as seen [here](nix/modules/flake/home-manager.nix): - -```nix -flake.modules.nixos.default.imports = [ inputs.home-manager.nixosModules.default ]; -``` - -The other attributes under `flake.modules.nixos` should be opt-in, i.e. provide options that will be set in the profiles. -`flake.profiles.nixos` provides profiles which use the options defined in `flake.modules.nixos` to define different roles for each system, such as graphical, laptop, headless, etc. -Options should not be defined here. -`flake.contracts.nixos.*` will provide contracts, such as reverse proxies or databases, which will configure options on the provider and receiver host. - -## Acknowledgements -Thanks to the following for inspiring this configuration. I highly recommend you look through their writings and configurations. -- [ornicar](https://github.com/ornicar/dotfiles) which is where I first heard of NixOS -- [No Boilerplate](https://www.youtube.com/watch?v=CwfKlX3rA6E&pp=0gcJCfwAo7VqN5tD) for making me finally try the OS -- [ryan4yin](https://nixos-and-flakes.thiscute.world/) for being an amazing introduction to NixOS, home-manager, and flakes -- [NotAShelf](https://github.com/NotAShelf/) for their blog and for the wonderful [NVF](https://github.com/notashelf/nvf) -- [mightyiam](https://github.com/mightyiam/infra) for their infrastructure repo using flake-parts -- [drupol](https://not-a-number.io/2025/refactoring-my-infrastructure-as-code-configurations/) for this blog post which convinced me to rebase my infra to use flake-parts diff --git a/docs/cheatsheet.md b/docs/cheatsheet.md deleted file mode 100644 index 4f76757..0000000 --- a/docs/cheatsheet.md +++ /dev/null @@ -1,2 +0,0 @@ -# cheatsheet -`__curPos.file` will give the full evaluated path of the nix file it is called in. See [this issue](https://github.com/NixOS/nix/issues/5897#issuecomment-1012165198) for more information. \ No newline at end of file diff --git a/flake.lock b/flake.lock index 9d72b1b..bcd3c67 100644 --- a/flake.lock +++ b/flake.lock @@ -1,93 +1,63 @@ { "nodes": { - "base16": { + "disko": { "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1748408240, - "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, - "dedupe_flake-compat": { - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "dedupe_flake-utils": { - "inputs": { - "systems": [ - "systems" + "nixpkgs": [ + "nixpkgs" ] }, + "locked": { + "lastModified": 1747621015, + "narHash": "sha256-j0fo1rNxZvmFLMaE945UrbLJZAHTlQmq0/QMgOP4GTs=", + "owner": "nix-community", + "repo": "disko", + "rev": "cec44d77d9dacf0c91d3d51aff128fefabce06ee", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -102,168 +72,40 @@ "type": "github" } }, - "dedupe_gitignore": { + "flake-utils-plus": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "flake-utils": "flake-utils_2" }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "lastModified": 1715533576, + "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", "type": "github" } }, - "dedupe_mnw": { - "locked": { - "lastModified": 1748710831, - "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", - "owner": "gerg-l", - "repo": "mnw", - "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", - "type": "github" - }, - "original": { - "owner": "gerg-l", - "repo": "mnw", - "type": "github" - } - }, - "disko": { + "flake-utils_2": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "systems": "systems_3" }, "locked": { - "lastModified": 1751854533, - "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", - "owner": "nix-community", - "repo": "disko", - "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "files": { - "locked": { - "lastModified": 1750263550, - "narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=", - "owner": "mightyiam", - "repo": "files", - "rev": "5f4ef1fd1f9012354a9748be093e277675d10f07", - "type": "github" - }, - "original": { - "owner": "mightyiam", - "repo": "files", - "type": "github" - } - }, - "firefox-gnome-theme": { - "flake": false, - "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "dedupe_flake-compat" - ], - "gitignore": [ - "dedupe_gitignore" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.2", - "repo": "gnome-shell", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, @@ -274,11 +116,11 @@ ] }, "locked": { - "lastModified": 1751990210, - "narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=", + "lastModified": 1747688838, + "narHash": "sha256-FZq4/3OtGV/cti9Vccsy2tGSUrxTO4hkDF9oeGRTen4=", "owner": "nix-community", "repo": "home-manager", - "rev": "218da00bfa73f2a61682417efe74549416c16ba6", + "rev": "45c2985644b60ab64de2a2d93a4d132ecb87cf66", "type": "github" }, "original": { @@ -302,74 +144,44 @@ "type": "github" } }, - "import-tree": { + "mnw": { "locked": { - "lastModified": 1751399845, - "narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=", - "owner": "vic", - "repo": "import-tree", - "rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea", + "lastModified": 1747499976, + "narHash": "sha256-YTiSI4WLbk0CleXeBheYmKZV6iqKyBpyoh1e+vcQzu4=", + "owner": "Gerg-L", + "repo": "mnw", + "rev": "72433a144c4ac16931e9148f78db4a0e4c147441", "type": "github" }, "original": { - "owner": "vic", - "repo": "import-tree", + "owner": "Gerg-L", + "repo": "mnw", "type": "github" } }, - "make-shell": { - "inputs": { - "flake-compat": [ - "dedupe_flake-compat" - ] - }, - "locked": { - "lastModified": 1733933815, - "narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=", - "owner": "nicknovitski", - "repo": "make-shell", - "rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c", - "type": "github" - }, - "original": { - "owner": "nicknovitski", - "repo": "make-shell", - "type": "github" - } - }, - "manifest": { - "locked": { - "lastModified": 1752588656, - "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=", - "owner": "rrvsh", - "repo": "manifest", - "rev": "365902fba994f30469298dee0c98a5fc0f41ec38", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "repo": "manifest", - "type": "github" - } - }, - "nix-darwin": { + "nil": { "inputs": { + "flake-utils": [ + "nvf", + "flake-utils" + ], "nixpkgs": [ + "nvf", "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", - "owner": "nix-darwin", - "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", + "owner": "oxalica", + "repo": "nil", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", "type": "github" }, "original": { - "owner": "nix-darwin", - "ref": "master", - "repo": "nix-darwin", + "owner": "oxalica", + "repo": "nil", "type": "github" } }, @@ -380,11 +192,11 @@ ] }, "locked": { - "lastModified": 1751774635, - "narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", + "lastModified": 1747540584, + "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "85686025ba6d18df31cc651a91d5adef63378978", + "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", "type": "github" }, "original": { @@ -395,11 +207,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1747542820, + "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" }, "original": { @@ -409,53 +221,38 @@ "type": "github" } }, - "nur": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, + "nixpkgs-lib": { "locked": { - "lastModified": 1752005241, - "narHash": "sha256-+7DH6wh2BYnLRJzYXEbVlA1ZuAR4MxZI/paknbAuzk4=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "owner": "nix-community", - "repo": "NUR", - "rev": "a2570fb4d0699fd34ebbbd52e2a763722601f6c6", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { "owner": "nix-community", - "repo": "NUR", + "repo": "nixpkgs.lib", "type": "github" } }, "nvf": { "inputs": { - "flake-parts": [ - "flake-parts" - ], - "flake-utils": [ - "dedupe_flake-utils" - ], - "mnw": [ - "dedupe_mnw" - ], + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "mnw": "mnw", + "nil": "nil", "nixpkgs": [ "nixpkgs" ], - "systems": [ - "systems" - ] + "systems": "systems_2" }, "locked": { - "lastModified": 1752001027, - "narHash": "sha256-JgP8lW4QBr9v/U4ETaIOMvGCd/DAA1AjZ1lqjIwfWno=", + "lastModified": 1747525582, + "narHash": "sha256-oEZ6DV4bPcNZIuwW5Kcd+/zT3PMkXse2kX/3jHoomGk=", "owner": "notashelf", "repo": "nvf", - "rev": "c4d80273aaefeadaad96db97d077c647942b0e96", + "rev": "d3a0e7029ac57eef1120225973247851c5b967b5", "type": "github" }, "original": { @@ -464,93 +261,59 @@ "type": "github" } }, - "python-flexseal": { - "inputs": { - "flake-utils": [ - "stable-diffusion-webui-nix", - "flake-utils" - ], - "nixpkgs": [ - "stable-diffusion-webui-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751898758, - "narHash": "sha256-8EmTPdfOymvvHhmHYWiyO3cwZ4gtLo5uBFm3CU5vySo=", - "owner": "Janrupf", - "repo": "python-flexseal", - "rev": "af318e1fd047abbefcc68d0292a4d902179c95fe", - "type": "github" - }, - "original": { - "owner": "Janrupf", - "repo": "python-flexseal", - "type": "github" - } - }, "root": { "inputs": { - "dedupe_flake-compat": "dedupe_flake-compat", - "dedupe_flake-utils": "dedupe_flake-utils", - "dedupe_gitignore": "dedupe_gitignore", - "dedupe_mnw": "dedupe_mnw", "disko": "disko", - "files": "files", - "flake-parts": "flake-parts", - "git-hooks": "git-hooks", "home-manager": "home-manager", "impermanence": "impermanence", - "import-tree": "import-tree", - "make-shell": "make-shell", - "manifest": "manifest", - "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", - "nur": "nur", "nvf": "nvf", - "rrv-sh": "rrv-sh", - "rrvsh-nixpkgs": "rrvsh-nixpkgs", - "sops-nix": "sops-nix", - "stable-diffusion-webui-nix": "stable-diffusion-webui-nix", - "stylix": "stylix", - "systems": "systems", - "text": "text" + "snowfall-lib": "snowfall-lib", + "sops-nix": "sops-nix" } }, - "rrv-sh": { + "rust-overlay": { "inputs": { + "nixpkgs": [ + "nvf", + "nil", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "aefb7017d710f150970299685e8d8b549d653649", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "snowfall-lib": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils-plus": "flake-utils-plus", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1751721838, - "narHash": "sha256-702c0fbgpUuEuQsduGJ9I5bSrCLYEG88SPuZXcSQqTs=", - "owner": "rrvsh", - "repo": "rrv.sh", - "rev": "e00c1c2607b55f43ef74b5f555f62838f4fe5963", + "lastModified": 1736130495, + "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", "type": "github" }, "original": { - "owner": "rrvsh", - "repo": "rrv.sh", - "type": "github" - } - }, - "rrvsh-nixpkgs": { - "locked": { - "lastModified": 1750146550, - "narHash": "sha256-vFNbONVWIdYBqlKZoJScDRjnQ/euDmVqgCL2ebnsu7U=", - "owner": "rrvsh", - "repo": "nixpkgs", - "rev": "d7fa95990fd890bbd17ca8361f5d4e4935512c75", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "ref": "librechat-module", - "repo": "nixpkgs", + "owner": "snowfallorg", + "repo": "lib", "type": "github" } }, @@ -561,11 +324,11 @@ ] }, "locked": { - "lastModified": 1751606940, - "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -574,70 +337,6 @@ "type": "github" } }, - "stable-diffusion-webui-nix": { - "inputs": { - "flake-utils": [ - "dedupe_flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "python-flexseal": "python-flexseal" - }, - "locked": { - "lastModified": 1751899247, - "narHash": "sha256-bh6xwc24Rv0YE4grKXvj+kmXmydns+OrlWn4WLnJSY4=", - "owner": "janrupf", - "repo": "stable-diffusion-webui-nix", - "rev": "d5ba5dccd190b0ded17f9c4a23dc7665c6dc2eae", - "type": "github" - }, - "original": { - "owner": "janrupf", - "repo": "stable-diffusion-webui-nix", - "type": "github" - } - }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": [ - "flake-parts" - ], - "gnome-shell": "gnome-shell", - "nixpkgs": [ - "nixpkgs" - ], - "nur": [ - "nur" - ], - "systems": [ - "systems" - ], - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1751995939, - "narHash": "sha256-C5CSTv+b8XSbqJwqTP8SGkZEK3YCCJnmvRbg209ql5w=", - "owner": "nix-community", - "repo": "stylix", - "rev": "8f3259dbc57c8ee871492fde80f77468826bbd63", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "stylix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -653,99 +352,33 @@ "type": "github" } }, - "text": { + "systems_2": { "locked": { - "lastModified": 1751819711, - "narHash": "sha256-Emci++Hknzr2FEZRUbRDD7prI5JwwGsACO/GaU9Pmxg=", - "owner": "rrvsh", - "repo": "text.nix", - "rev": "00ba1e616ef3b761a52d5f7ac32892715cc4bcd1", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "rrvsh", - "repo": "text.nix", + "owner": "nix-systems", + "repo": "default", "type": "github" } }, - "tinted-foot": { - "flake": false, + "systems_3": { "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1748180480, - "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1748740859, - "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1725758778, - "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", + "owner": "nix-systems", + "repo": "default", "type": "github" } } diff --git a/flake.nix b/flake.nix index dcb6882..3b96a38 100644 --- a/flake.nix +++ b/flake.nix @@ -1,134 +1,39 @@ { - outputs = - { self, ... }@inputs: - inputs.flake-parts.lib.mkFlake { inherit inputs; } ( - (inputs.import-tree ./nix) - // { - systems = import inputs.systems; - flake = { - inherit self; - paths.root = ./.; - }; - } - ); inputs = { - ### SYSTEM ### - - # systems provides a list of supported nix systems. - systems.url = "github:nix-systems/default"; - # nixos-unstable provides a binary cache for all packages. nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # My fork for random shit - rrvsh-nixpkgs.url = "github:rrvsh/nixpkgs/librechat-module"; - # home-manager manages our user packages and dotfiles - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # nix darwin provides declarative mac configuration - nix-darwin = { - url = "github:nix-darwin/nix-darwin/master"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # the nix user repository for mainly firefox extensions - nur = { - url = "github:nix-community/NUR"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; - # impermanence provides a nice abstraction over linking files from /persist + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + snowfall-lib.url = "github:snowfallorg/lib"; + snowfall-lib.inputs.nixpkgs.follows = "nixpkgs"; impermanence.url = "github:nix-community/impermanence"; - # flake-parts lets us define flake modules. - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - # disko provides declarative drive partitioning - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # sops-nix lets us version control secrets like passwords and api keys - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - stylix = { - url = "github:nix-community/stylix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - systems.follows = "systems"; - nur.follows = "nur"; - }; - }; - - ### FLAKE PARTS MODULES ### - - # import-tree imports all nix files in a given directory. - import-tree.url = "github:vic/import-tree"; - # files lets us write text files and automatically add checks for them - files.url = "github:mightyiam/files"; - # text.nix lets us easily define markdown text to pass to files - text.url = "github:rrvsh/text.nix"; - # manifest lets us define all hosts in one file - manifest.url = "github:rrvsh/manifest"; - # make-shells. creates devShells and checks - make-shell = { - url = "github:nicknovitski/make-shell"; - inputs.flake-compat.follows = "dedupe_flake-compat"; - }; - # git-hooks ensures nix flake check is ran before commits - git-hooks = { - url = "github:cachix/git-hooks.nix"; - inputs = { - flake-compat.follows = "dedupe_flake-compat"; - nixpkgs.follows = "nixpkgs"; - gitignore.follows = "dedupe_gitignore"; - }; - }; - - ### FLAKES ### - - # nix-index-database indexes the nixpkgs binaries for use with comma - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # nvf provides modules to wrap neovim - nvf = { - url = "github:notashelf/nvf"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - systems.follows = "systems"; - flake-utils.follows = "dedupe_flake-utils"; - mnw.follows = "dedupe_mnw"; - }; - }; - # provides comfy ui and sdwebui services - stable-diffusion-webui-nix = { - url = "github:janrupf/stable-diffusion-webui-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "dedupe_flake-utils"; - }; - # my website :) - rrv-sh = { - url = "github:rrvsh/rrv.sh"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - ### DEDUPE ### - - dedupe_flake-compat.url = "github:edolstra/flake-compat"; - dedupe_flake-utils = { - url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; - }; - dedupe_mnw.url = "github:gerg-l/mnw"; - dedupe_gitignore = { - url = "github:hercules-ci/gitignore.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + nvf.url = "github:notashelf/nvf"; + nvf.inputs.nixpkgs.follows = "nixpkgs"; }; + + outputs = + inputs: + inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; + snowfall.namespace = "pantheon"; + systems.modules.nixos = with inputs; [ + disko.nixosModules.disko + impermanence.nixosModules.impermanence + sops-nix.nixosModules.sops + ]; + homes.modules = with inputs; [ + impermanence.homeManagerModules.impermanence + nix-index-database.hmModules.nix-index + nvf.homeManagerModules.default + ]; + outputs-builder = channels: { + formatter = channels.nixpkgs.nixfmt-rfc-style; + }; + }; } diff --git a/homes/x86_64-linux/rafiq/default.nix b/homes/x86_64-linux/rafiq/default.nix new file mode 100644 index 0000000..bc40fc5 --- /dev/null +++ b/homes/x86_64-linux/rafiq/default.nix @@ -0,0 +1,37 @@ +{ + pkgs, + ... +}: +{ + cli.shell = "zsh"; + cli.editor = "nvf"; + cli.file-browser = "yazi"; + cli.git.name = "Mohammad Rafiq"; + cli.git.email = "rafiq@rrv.sh"; + cli.git.defaultBranch = "prime"; + desktop.windowManager = "hyprland"; + desktop.browser = "firefox"; + desktop.terminal = "kitty"; + + home.shellAliases = { + v = "nvim"; + edit = "nvim $(fzf)"; + }; + + home.packages = with pkgs; [ + ripgrep + fzf + devenv + pantheon.rebuild + ]; + + home.persistence."/persist/home/rafiq".directories = [ + "repos" + ]; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..c5011e9 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,7 @@ +{ lib, ... }: +{ + mkStrOption = lib.mkOption { + type = lib.types.str; + default = ""; + }; +} diff --git a/modules/home/cli/default.nix b/modules/home/cli/default.nix new file mode 100644 index 0000000..45a58f4 --- /dev/null +++ b/modules/home/cli/default.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + ... +}: +{ + options.cli = { + shell = lib.pantheon.mkStrOption; + editor = lib.pantheon.mkStrOption; + file-browser = lib.pantheon.mkStrOption; + git = { + name = lib.pantheon.mkStrOption; + email = lib.pantheon.mkStrOption; + defaultBranch = lib.pantheon.mkStrOption; + }; + }; + + config = lib.mkMerge [ + { + programs.zoxide.enable = true; + home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ + "./local/share/zoxide" + ]; + } + { + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; + } + ]; +} diff --git a/modules/home/cli/editor/nvf/autocomplete.nix b/modules/home/cli/editor/nvf/autocomplete.nix new file mode 100644 index 0000000..0adaead --- /dev/null +++ b/modules/home/cli/editor/nvf/autocomplete.nix @@ -0,0 +1,6 @@ +{ + blink-cmp = { + enable = true; + setupOpts.signature.enabled = true; + }; +} diff --git a/modules/home/cli/editor/nvf/default.nix b/modules/home/cli/editor/nvf/default.nix new file mode 100644 index 0000000..7e72a7d --- /dev/null +++ b/modules/home/cli/editor/nvf/default.nix @@ -0,0 +1,23 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.cli.editor == "nvf") { + home.sessionVariables.EDITOR = "nvim"; + programs.nvf = { + enable = true; + settings.vim = { + keymaps = import ./keymaps.nix; + lsp = import ./lsp.nix; + languages = import ./languages.nix; + autocomplete = import ./autocomplete.nix; + utility.yazi-nvim = { + enable = true; + mappings = { + openYazi = "t"; + openYaziDir = "T"; + }; + setupOpts.open_for_directories = true; + }; + }; + }; + }; +} diff --git a/modules/home/cli/editor/nvf/keymaps.nix b/modules/home/cli/editor/nvf/keymaps.nix new file mode 100644 index 0000000..6b53f99 --- /dev/null +++ b/modules/home/cli/editor/nvf/keymaps.nix @@ -0,0 +1,9 @@ +[ + { + desc = "Open the file path under the cursor, making the file if it doesn't exist."; + key = "gf"; + mode = "n"; + action = ":cd %:p:h:e "; + silent = true; + } +] diff --git a/modules/home/cli/editor/nvf/languages.nix b/modules/home/cli/editor/nvf/languages.nix new file mode 100644 index 0000000..9fe5d1f --- /dev/null +++ b/modules/home/cli/editor/nvf/languages.nix @@ -0,0 +1,8 @@ +{ + enableExtraDiagnostics = true; + enableFormat = true; + enableTreesitter = true; + nix.enable = true; + nix.format.type = "nixfmt"; + nix.lsp.server = "nixd"; +} diff --git a/modules/home/cli/editor/nvf/lsp.nix b/modules/home/cli/editor/nvf/lsp.nix new file mode 100644 index 0000000..f6810b7 --- /dev/null +++ b/modules/home/cli/editor/nvf/lsp.nix @@ -0,0 +1,9 @@ +{ + enable = true; + formatOnSave = true; + inlayHints.enable = true; + lightbulb.enable = true; + lspkind.enable = true; + null-ls.enable = true; + otter-nvim.enable = true; +} diff --git a/modules/home/cli/file-browser/default.nix b/modules/home/cli/file-browser/default.nix new file mode 100644 index 0000000..77b567e --- /dev/null +++ b/modules/home/cli/file-browser/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./yazi.nix + ]; +} diff --git a/modules/home/cli/file-browser/yazi.nix b/modules/home/cli/file-browser/yazi.nix new file mode 100644 index 0000000..f206bfe --- /dev/null +++ b/modules/home/cli/file-browser/yazi.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.cli.file-browser == "yazi") { + home.sessionVariables.FILE_BROWSER = "yazi"; + programs.yazi = { + enable = true; + shellWrapperName = "t"; + }; + }; +} diff --git a/modules/home/cli/shell/default.nix b/modules/home/cli/shell/default.nix new file mode 100644 index 0000000..a132607 --- /dev/null +++ b/modules/home/cli/shell/default.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.cli.shell == "zsh") { + home.sessionVariables.SHELL = "zsh"; + programs.zsh = { + enable = true; + enableVteIntegration = true; + syntaxHighlighting.enable = true; + history.share = true; + history.size = 10000; + history.ignoreDups = true; + history.ignoreSpace = true; + }; + }; +} diff --git a/modules/home/cli/utilities/default.nix b/modules/home/cli/utilities/default.nix new file mode 100644 index 0000000..3199378 --- /dev/null +++ b/modules/home/cli/utilities/default.nix @@ -0,0 +1,3 @@ +{ + imports = [ ./git.nix ]; +} diff --git a/nix/homes/rafiq/git.nix b/modules/home/cli/utilities/git.nix similarity index 59% rename from nix/homes/rafiq/git.nix rename to modules/home/cli/utilities/git.nix index fd6d21d..9de797a 100644 --- a/nix/homes/rafiq/git.nix +++ b/modules/home/cli/utilities/git.nix @@ -1,18 +1,22 @@ +{ config, ... }: { - flake.modules.homeManager.rafiq = { + config = { + home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; home.shellAliases = { gs = "git status"; gc = "git commit"; gcam = "git commit -am"; gu = "git push"; gy = "git pull"; - gdh = "git diff HEAD"; }; programs.git = { enable = true; + userName = config.cli.git.name; + userEmail = config.cli.git.email; + signing.key = "~/.ssh/id_ed25519.pub"; signing.signByDefault = true; extraConfig = { - init.defaultBranch = "prime"; + init.defaultBranch = config.cli.git.defaultBranch; push.autoSetupRemote = true; pull.rebase = false; core.editor = "$EDITOR"; diff --git a/modules/home/desktop/browser/firefox/default.nix b/modules/home/desktop/browser/firefox/default.nix new file mode 100644 index 0000000..f485f5b --- /dev/null +++ b/modules/home/desktop/browser/firefox/default.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.desktop.browser == "firefox") { + home.persistence."/persist/home/rafiq".directories = [ ".mozilla/firefox" ]; + home.sessionVariables.BROWSER = "firefox"; + programs.firefox = { + enable = true; + profiles.rafiq.id = 0; + profiles.test.id = 1; + }; + }; +} diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix new file mode 100644 index 0000000..35dc813 --- /dev/null +++ b/modules/home/desktop/default.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + osConfig, + ... +}: +{ + options.desktop = { + windowManager = lib.pantheon.mkStrOption; + browser = lib.pantheon.mkStrOption; + terminal = lib.pantheon.mkStrOption; + }; + + config = { + assertions = [ + { + assertion = (osConfig.desktop.windowManager == config.desktop.windowManager); + message = "You have set your home window manager to one that is not installed on this system."; + } + ]; + }; +} diff --git a/modules/home/desktop/terminal/default.nix b/modules/home/desktop/terminal/default.nix new file mode 100644 index 0000000..ad5d5fc --- /dev/null +++ b/modules/home/desktop/terminal/default.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (config.desktop.terminal == "kitty") { + home.packages = with pkgs; [ kitty ]; + home.sessionVariables.TERMINAL = "kitty"; + }) + ]; +} diff --git a/modules/home/desktop/windowManager/hyprland/default.nix b/modules/home/desktop/windowManager/hyprland/default.nix new file mode 100644 index 0000000..26177ba --- /dev/null +++ b/modules/home/desktop/windowManager/hyprland/default.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + osConfig, + ... +}: +let + mainMonitor = osConfig.desktop.mainMonitor; +in +{ + imports = [ + + ]; + + config = lib.mkIf (config.desktop.windowManager == "hyprland") ( + lib.mkMerge [ + { + xdg.configFile."uwsm/env".text = # sh + '' + + ''; + wayland.windowManager.hyprland = { + enable = true; + systemd.enable = false; + settings = { + ecosystem.no_update_news = true; + "$hypr" = "CTRL_SUPER_ALT_SHIFT"; + + monitor = [ + "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" + ", preferred, auto, 1" + ]; + + bind = [ + "$hypr, Q, exec, uwsm stop" + "SUPER, W, killactive" + + "SUPER, return, exec, uwsm app -- $TERMINAL" + "SUPER, O, exec, uwsm app -- $BROWSER" + + "SUPER, H, cyclenext, visible" + "SUPER, L, cyclenext, visible prev" + "SUPER_ALT, H, movewindow, l" + "SUPER_ALT, J, movewindow, d" + "SUPER_ALT, K, movewindow, u" + "SUPER_ALT, L, movewindow, r" + "ALT_SHIFT, H, resizeactive, -10% 0" + "ALT_SHIFT, J, resizeactive, 0 -10%" + "ALT_SHIFT, K, resizeactive, 0 10%" + "ALT_SHIFT, L, resizeactive, 10% 0" + "SUPER_CTRL, H, workspace, r-1" + "SUPER_CTRL, L, workspace, r+1" + "$hypr, H, movetoworkspace, r-1" + "$hypr, L, movetoworkspace, r+1" + ]; + }; + }; + } + ] + ); +} diff --git a/modules/home/system/default.nix b/modules/home/system/default.nix new file mode 100644 index 0000000..3996e00 --- /dev/null +++ b/modules/home/system/default.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + home.persistence."/persist/home/${config.snowfallorg.user.name}" = { + directories = [ + ".ssh" + ".config/sops/age" + ]; + allowOther = true; + }; + + home.stateVersion = "24.11"; +} diff --git a/modules/nixos/cli/default.nix b/modules/nixos/cli/default.nix new file mode 100644 index 0000000..ebbf824 --- /dev/null +++ b/modules/nixos/cli/default.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ ]; + + options.cli = { }; + + config = lib.mkMerge [ + { + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.pathsToLink = [ "/share/zsh" ]; # enables completion + } + ]; +} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix new file mode 100644 index 0000000..ef2cb76 --- /dev/null +++ b/modules/nixos/desktop/default.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + imports = [ + ./windowManager.nix + ]; + + options.desktop = { + mainMonitor = { + id = lib.pantheon.mkStrOption; + scale = lib.pantheon.mkStrOption; + resolution = lib.pantheon.mkStrOption; + refresh-rate = lib.pantheon.mkStrOption; + }; + windowManager = lib.pantheon.mkStrOption; + }; +} diff --git a/modules/nixos/desktop/windowManager.nix b/modules/nixos/desktop/windowManager.nix new file mode 100644 index 0000000..251690a --- /dev/null +++ b/modules/nixos/desktop/windowManager.nix @@ -0,0 +1,23 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (config.desktop.windowManager == "hyprland") { + environment.loginShellInit = # sh + '' + if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then + if uwsm check may-start; then + exec uwsm start hyprland-uwsm.desktop + fi + fi + ''; + environment.variables = { + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + NIXOS_OZONE_WL = "1"; + }; + programs.hyprland = { + enable = true; + withUWSM = true; + }; + }) + ]; +} diff --git a/modules/nixos/hardware/audio.nix b/modules/nixos/hardware/audio.nix new file mode 100644 index 0000000..7c6402a --- /dev/null +++ b/modules/nixos/hardware/audio.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + config = { + services.pipewire = { + enable = true; + pulse.enable = true; + }; + }; +} diff --git a/modules/nixos/hardware/btrfs.nix b/modules/nixos/hardware/btrfs.nix new file mode 100644 index 0000000..a2e4f58 --- /dev/null +++ b/modules/nixos/hardware/btrfs.nix @@ -0,0 +1,89 @@ +{ lib, config, ... }: +let + cfg = config.hardware.drives.btrfs; +in +{ + config = lib.mkIf (cfg.enable) ( + lib.mkMerge [ + { + boot.initrd.kernelModules = [ "dm-snapshot" ]; + disko.devices.disk.main = { + device = cfg.drive; + type = "disk"; + content.type = "gpt"; + content.partitions = { + boot.name = "boot"; + boot.size = "1M"; + boot.type = "EF02"; + esp.name = "ESP"; + esp.size = "500M"; + esp.type = "EF00"; + esp.content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + swap.size = "4G"; + swap.content = { + type = "swap"; + resumeDevice = true; + }; + root.name = "root"; + root.size = "100%"; + root.content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + + disko.devices.lvm_vg.root_vg = { + type = "lvm_vg"; + lvs.root.size = "100%FREE"; + lvs.root.content.type = "btrfs"; + lvs.root.content.extraArgs = [ "-f" ]; + lvs.root.content.subvolumes = { + "/root".mountpoint = "/"; + "/persist".mountpoint = "/persist"; + "/persist".mountOptions = [ + "subvol=persist" + "noatime" + ]; + "/nix".mountpoint = "/nix"; + "/nix".mountOptions = [ + "subvol=nix" + "noatime" + ]; + }; + }; + } + (lib.mkIf (cfg.ephemeralRoot) { + boot.initrd.postDeviceCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + programs.fuse.userAllowOther = true; + }) + ] + ); +} diff --git a/modules/nixos/hardware/cpu.nix b/modules/nixos/hardware/cpu.nix new file mode 100644 index 0000000..99e09bf --- /dev/null +++ b/modules/nixos/hardware/cpu.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (config.hardware.platform == "amd") { + hardware.cpu.amd.updateMicrocode = true; + boot.kernelModules = [ "kvm-amd" ]; + }) + ]; +} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix new file mode 100644 index 0000000..4f83975 --- /dev/null +++ b/modules/nixos/hardware/default.nix @@ -0,0 +1,28 @@ +{ lib, ... }: +{ + imports = [ + ./btrfs.nix + ./nvidia.nix + ./audio.nix + ./cpu.nix + ./networking.nix + ]; + + options.hardware = { + drives.btrfs = { + enable = lib.mkEnableOption ""; + drive = lib.pantheon.mkStrOption; + ephemeralRoot = lib.mkEnableOption ""; + }; + gpu = lib.pantheon.mkStrOption; + platform = lib.pantheon.mkStrOption; + }; + + config = { + services.fwupd.enable = true; + hardware.bluetooth = { + enable = true; + settings.General.Experimental = true; + }; + }; +} diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix new file mode 100644 index 0000000..ffcb907 --- /dev/null +++ b/modules/nixos/hardware/networking.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + { + networking.useDHCP = lib.mkDefault true; + networking.hostName = config.system.hostname; + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PrintMotd = true; + }; + }; + + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."keys/tailscale".path; + }; + environment.persistence."/persist".files = [ "/var/lib/tailscale/tailscaled.state" ]; + } + + ]; +} diff --git a/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix new file mode 100644 index 0000000..f4a600b --- /dev/null +++ b/modules/nixos/hardware/nvidia.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + config = lib.mkIf (config.hardware.gpu == "nvidia") ( + lib.mkMerge [ + { + #TODO: Setup CUDA + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ + nvidia-vaapi-driver + ]; + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.open = true; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; + nixpkgs.config.allowUnfree = true; + environment.variables = { + LIBVA_DRIVER_NAME = "nvidia"; + __GLX_VENDOR_LIBRARY_NAME = "nvidia"; + NVD_BACKEND = "direct"; + }; + } + ] + ); +} diff --git a/modules/nixos/system/boot.nix b/modules/nixos/system/boot.nix new file mode 100644 index 0000000..270ca0f --- /dev/null +++ b/modules/nixos/system/boot.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + { + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.loader.efi.canTouchEfiVariables = true; + } + (lib.mkIf (config.system.bootloader == "systemd-boot") { + boot.loader.systemd-boot.enable = true; + }) + ]; +} diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix new file mode 100644 index 0000000..793693c --- /dev/null +++ b/modules/nixos/system/default.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +{ + imports = [ + ./boot.nix + ./users.nix + ./localisation.nix + ./nix-config.nix + ./secrets.nix + ]; + + options.system = { + hostname = lib.pantheon.mkStrOption; + mainUser.name = lib.pantheon.mkStrOption; + mainUser.publicKey = lib.pantheon.mkStrOption; + bootloader = lib.pantheon.mkStrOption; + }; + + config = { + system.stateVersion = "25.05"; # Did you read the comment? + }; +} diff --git a/modules/nixos/system/localisation.nix b/modules/nixos/system/localisation.nix new file mode 100644 index 0000000..ce5242e --- /dev/null +++ b/modules/nixos/system/localisation.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + { + time.timeZone = "Asia/Singapore"; + i18n.defaultLocale = "en_US.UTF-8"; + } + ]; +} diff --git a/modules/nixos/system/nix-config.nix b/modules/nixos/system/nix-config.nix new file mode 100644 index 0000000..9db6db6 --- /dev/null +++ b/modules/nixos/system/nix-config.nix @@ -0,0 +1,16 @@ +{ config, ... }: +{ + config = { + nixpkgs.config.allowUnfree = true; + + nix.settings = { + experimental-features = [ + "nix-command" + "flakes" + "pipe-operators" + ]; + + trusted-users = [ "@wheel" ]; + }; + }; +} diff --git a/modules/nixos/system/secrets.nix b/modules/nixos/system/secrets.nix new file mode 100644 index 0000000..19883f1 --- /dev/null +++ b/modules/nixos/system/secrets.nix @@ -0,0 +1,11 @@ +{ lib, ... }: +{ + sops = { + defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml"; + age.sshKeyPaths = [ "/persist/home/rafiq/.ssh/id_ed25519" ]; + secrets = { + "keys/tailscale" = { }; + "rafiq/hashedPassword".neededForUsers = true; + }; + }; +} diff --git a/modules/nixos/system/users.nix b/modules/nixos/system/users.nix new file mode 100644 index 0000000..4f832aa --- /dev/null +++ b/modules/nixos/system/users.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + ... +}: +{ + config = lib.mkMerge [ + { + users.mutableUsers = false; + users.groups.users = { + gid = 100; + members = [ "${config.system.mainUser.name}" ]; + }; + users.users."${config.system.mainUser.name}" = { + linger = true; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.sops.secrets."${config.system.mainUser.name}/hashedPassword".path; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ config.system.mainUser.publicKey ]; + }; + services.getty.autologinUser = config.system.mainUser.name; + security.sudo.wheelNeedsPassword = false; + } + ]; +} diff --git a/nix/configurations.nix b/nix/configurations.nix deleted file mode 100644 index 3cae4bd..0000000 --- a/nix/configurations.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - inherit (lib) nixosSystem; - inherit (inputs.nix-darwin.lib) darwinSystem; - inherit (lib.lists) optional; - inherit (lib.attrsets) mapAttrs; - inherit (cfg.lib.modules) forAllUsers'; - inherit (config.manifest) hosts; - cfg = config.flake; - globalCfg = hostName: hostConfig: { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit hostName hostConfig; }; - sharedModules = [ cfg.modules.homeManager.default ]; - users = forAllUsers' (name: _: cfg.modules.homeManager.${name}); - }; - mkConfigurations = - class: hosts: - mapAttrs ( - name: value: - if class == "nixos" then - nixosSystem { - specialArgs = { - inherit (config.flake) self; - hostName = name; - hostConfig = value; - }; - modules = [ - cfg.modules.nixos.default - inputs.home-manager.nixosModules.home-manager - { home-manager = globalCfg name value; } - (value.extraCfg or { }) - ] ++ optional value.graphical cfg.modules.nixos.graphical; - } - else if class == "darwin" then - darwinSystem { - specialArgs = { - inherit (config.flake) self; - hostName = name; - hostConfig = value; - }; - modules = [ - cfg.modules.darwin.default - inputs.home-manager.darwinModules.home-manager - { home-manager = globalCfg name value; } - (value.extraCfg or { }) - ] ++ optional value.graphical cfg.modules.darwin.graphical; - } - else - { } - ) hosts; -in -{ - imports = [ inputs.home-manager.flakeModules.home-manager ]; - flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos; - flake.darwinConfigurations = mkConfigurations "darwin" hosts.darwin; -} diff --git a/nix/files/cheatsheet.nix b/nix/files/cheatsheet.nix deleted file mode 100644 index e307bbc..0000000 --- a/nix/files/cheatsheet.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) concatStringsSep; - inherit (lib.lists) singleton; -in -{ - text.cheatsheet = concatStringsSep "\n" [ - "`__curPos.file` will give the full evaluated path of the nix file it is called in. See [this issue](https://github.com/NixOS/nix/issues/5897#issuecomment-1012165198) for more information." - ]; - perSystem = - { pkgs, ... }: - { - files.files = singleton { - path_ = "docs/cheatsheet.md"; - drv = pkgs.writeText "cheatsheet.md" config.text.cheatsheet; - }; - }; -} diff --git a/nix/files/gitignore.nix b/nix/files/gitignore.nix deleted file mode 100644 index a35e3ee..0000000 --- a/nix/files/gitignore.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: -{ - perSystem = - { pkgs, ... }: - { - files.files = [ - { - path_ = ".gitignore"; - drv = pkgs.writeText ".gitignore" config.text.gitignore; - } - ]; - }; -} diff --git a/nix/files/readme.nix b/nix/files/readme.nix deleted file mode 100644 index 6209325..0000000 --- a/nix/files/readme.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, ... }: -{ - text.readme = { - heading = "Pantheon"; - description = # markdown - '' - This flake serves as a monorepo for my systems (using IaC), dotfiles, and scripts. - It's hosted at https://git.rrv.sh/rrvsh/pantheon, and mirrored to https://github.com/rrvsh/pantheon. - ''; - order = [ - "Structure" - "Acknowledgements" - ]; - parts."Acknowledgements" = # markdown - '' - Thanks to the following for inspiring this configuration. I highly recommend you look through their writings and configurations. - - [ornicar](https://github.com/ornicar/dotfiles) which is where I first heard of NixOS - - [No Boilerplate](https://www.youtube.com/watch?v=CwfKlX3rA6E&pp=0gcJCfwAo7VqN5tD) for making me finally try the OS - - [ryan4yin](https://nixos-and-flakes.thiscute.world/) for being an amazing introduction to NixOS, home-manager, and flakes - - [NotAShelf](https://github.com/NotAShelf/) for their blog and for the wonderful [NVF](https://github.com/notashelf/nvf) - - [mightyiam](https://github.com/mightyiam/infra) for their infrastructure repo using flake-parts - - [drupol](https://not-a-number.io/2025/refactoring-my-infrastructure-as-code-configurations/) for this blog post which convinced me to rebase my infra to use flake-parts - ''; - parts."Structure" = # markdown - '' - The system configurations are defined in [`flake.manifest`](nix/manifest.nix). - `manifest.owner` provides the attributes for the administrator user, including username and pubkey. - `manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. - `flake.modules.nixos.*` provide NixOS options and configurations. - The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. - You can use it as seen [here](nix/modules/flake/home-manager.nix): - - ```nix - flake.modules.nixos.default.imports = [ inputs.home-manager.nixosModules.default ]; - ``` - - The other attributes under `flake.modules.nixos` should be opt-in, i.e. provide options that will be set in the profiles. - `flake.profiles.nixos` provides profiles which use the options defined in `flake.modules.nixos` to define different roles for each system, such as graphical, laptop, headless, etc. - Options should not be defined here. - `flake.contracts.nixos.*` will provide contracts, such as reverse proxies or databases, which will configure options on the provider and receiver host. - ''; - }; - - perSystem = - { pkgs, ... }: - { - files.files = [ - { - path_ = "docs/README.md"; - drv = pkgs.writeText "README.md" config.text.readme; - } - ]; - }; -} diff --git a/nix/flake-parts/files.nix b/nix/flake-parts/files.nix deleted file mode 100644 index e210c52..0000000 --- a/nix/flake-parts/files.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - inputs, - withSystem, - lib, - config, - ... -}: -let - inherit (builtins) map head; - inherit (lib.lists) concatStringsSep; - mkListEntry = x: "- [" + x.path_ + "](" + x.path_ + ")"; - listOfGeneratedFiles = withSystem (head config.systems) (psArgs: psArgs.config.files.files); -in -{ - imports = [ inputs.files.flakeModules.default ]; - perSystem = psArgs: { - make-shells.default.packages = [ psArgs.config.files.writer.drv ]; - }; - text.readme.parts."Generated Files" = concatStringsSep "\n" ( - [ - "This flake uses the [files flake-parts module](https://flake.parts/options/files.html) to generate documentation." - - "The list of generated files are:" - - ] - ++ (map mkListEntry listOfGeneratedFiles) - ); -} diff --git a/nix/flake-parts/flake-parts.nix b/nix/flake-parts/flake-parts.nix deleted file mode 100644 index 4f0d093..0000000 --- a/nix/flake-parts/flake-parts.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ inputs, ... }: -{ - debug = true; - imports = [ - inputs.make-shell.flakeModules.default - inputs.manifest.flakeModules.default - inputs.flake-parts.flakeModules.modules - inputs.text.flakeModules.default - ]; -} diff --git a/nix/flake-parts/git-hooks.nix b/nix/flake-parts/git-hooks.nix deleted file mode 100644 index d17bcce..0000000 --- a/nix/flake-parts/git-hooks.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.git-hooks.flakeModule ]; - text.gitignore = ".pre-commit-config.*"; - perSystem = psArgs: { - pre-commit.settings.hooks = { - # Nix Linters - deadnix.enable = true; - statix.enable = true; - nil.enable = true; - nixfmt-rfc-style.enable = true; - # Flake Health Checks - flake-checker.enable = true; - # Misc - mixed-line-endings.enable = true; - trim-trailing-whitespace.enable = true; - #TODO: figure out vale - #TODO: make nix develop work - #TODO: add nix flake check - #TODO: add write-files - }; - make-shells.default.shellHook = psArgs.config.pre-commit.installationScript; - }; -} diff --git a/nix/homes/rafiq/_nvf/autocomplete.nix b/nix/homes/rafiq/_nvf/autocomplete.nix deleted file mode 100644 index ca12dea..0000000 --- a/nix/homes/rafiq/_nvf/autocomplete.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib }: -{ - blink-cmp = { - enable = true; - friendly-snippets.enable = true; - sourcePlugins.ripgrep.enable = true; - setupOpts = { - # Disable completion in markdown files - # TODO: Disable completion when in comments - enabled = - lib.generators.mkLuaInline - # lua - '' - function() - return not vim.tbl_contains({"markdown"}, vim.bo.filetype) - and vim.bo.buftype ~= "prompt" - and vim.b.completion ~= false - end - ''; - completion.documentation.auto_show_delay_ms = 0; - # Show e.g. function parameters - signature.enabled = true; - }; - }; -} diff --git a/nix/homes/rafiq/_nvf/binds.nix b/nix/homes/rafiq/_nvf/binds.nix deleted file mode 100644 index 2859d24..0000000 --- a/nix/homes/rafiq/_nvf/binds.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - whichKey.enable = true; -} diff --git a/nix/homes/rafiq/_nvf/languages.nix b/nix/homes/rafiq/_nvf/languages.nix deleted file mode 100644 index fbeaf85..0000000 --- a/nix/homes/rafiq/_nvf/languages.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - enableExtraDiagnostics = true; - enableFormat = true; - enableTreesitter = true; - bash.enable = true; - clang.enable = true; - # broken on macos - # csharp.enable = true; - css.enable = true; - go.enable = true; - html.enable = true; - lua.enable = true; - markdown = { - enable = true; - extensions.markview-nvim.enable = true; - format.type = "prettierd"; - }; - nix = { - enable = true; - format.type = "nixfmt"; - lsp.server = "nil"; - }; - python = { - enable = true; - format.type = "ruff"; - lsp.server = "pyright"; - }; - rust.enable = true; - rust.crates.enable = true; - tailwind.enable = true; - ts.enable = true; - ts.extensions.ts-error-translator.enable = true; - typst.enable = true; - typst.extensions.typst-preview-nvim.enable = true; - yaml.enable = true; -} diff --git a/nix/homes/rafiq/_nvf/lsp.nix b/nix/homes/rafiq/_nvf/lsp.nix deleted file mode 100644 index 98b8fe3..0000000 --- a/nix/homes/rafiq/_nvf/lsp.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - enable = true; - # Show virtual text hints - inlayHints.enable = true; - lightbulb.enable = true; - # Show icons for lsp actions - lspkind.enable = true; - null-ls.enable = true; - otter-nvim = { - enable = true; - setupOpts = { - buffers.set_filetype = true; - buffers.write_to_disk = true; - handle_leading_whitespace = true; - }; - }; -} diff --git a/nix/homes/rafiq/_nvf/navigation.nix b/nix/homes/rafiq/_nvf/navigation.nix deleted file mode 100644 index 65ab456..0000000 --- a/nix/homes/rafiq/_nvf/navigation.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - harpoon = { - enable = true; - mappings.listMarks = "ml"; - mappings.markFile = "mm"; - setupOpts.defaults.save_on_toggle = true; - setupOpts.defaults.sync_on_ui_close = true; - }; -} diff --git a/nix/homes/rafiq/_nvf/snippets.nix b/nix/homes/rafiq/_nvf/snippets.nix deleted file mode 100644 index 8c7c199..0000000 --- a/nix/homes/rafiq/_nvf/snippets.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs }: -{ - luasnip = { - enable = true; - setupOpts.enable_autosnippets = true; - providers = with pkgs.vimPlugins; [ vim-snippets ]; - loaders = "require('luasnip.loaders.from_vscode').lazy_load()"; - customSnippets.snipmate = { - nix = [ - { - trigger = "mod"; - description = "empty module"; - body = # nix - '' - {config, lib, ...}: - let - cfg = config.$1; - in - { - options.$1 = { $2 }; - config = $3; - } - ''; - } - ]; - }; - }; -} diff --git a/nix/homes/rafiq/_nvf/statusline.nix b/nix/homes/rafiq/_nvf/statusline.nix deleted file mode 100644 index b21b714..0000000 --- a/nix/homes/rafiq/_nvf/statusline.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - lualine = { - enable = true; - refresh = { - statusline = 10; - winbar = 10; - }; - #TODO: rice lualine - }; -} diff --git a/nix/homes/rafiq/_nvf/ui.nix b/nix/homes/rafiq/_nvf/ui.nix deleted file mode 100644 index e0dc2d7..0000000 --- a/nix/homes/rafiq/_nvf/ui.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - borders = { - enable = true; - globalStyle = "rounded"; - }; - breadcrumbs.enable = true; - # Show color values e.g. #ffffff - colorizer.enable = true; - # Highlight matching symbols - illuminate.enable = true; - noice.enable = true; - noice.setupOpts.notify.enabled = false; - # Make folds look nicer - nvim-ufo.enable = true; - smartcolumn.enable = true; -} diff --git a/nix/homes/rafiq/_nvf/utility.nix b/nix/homes/rafiq/_nvf/utility.nix deleted file mode 100644 index e69efcb..0000000 --- a/nix/homes/rafiq/_nvf/utility.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - motion.hop.enable = true; - yazi-nvim = { - enable = true; - mappings = { - openYazi = "tt"; - openYaziDir = "TT"; - }; - setupOpts.open_for_directories = true; - }; -} diff --git a/nix/homes/rafiq/_nvf/visuals.nix b/nix/homes/rafiq/_nvf/visuals.nix deleted file mode 100644 index f2993ee..0000000 --- a/nix/homes/rafiq/_nvf/visuals.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - indent-blankline.enable = true; - fidget-nvim.enable = true; - fidget-nvim.setupOpts.notification.override_vim_notify = true; - nvim-web-devicons.enable = true; - rainbow-delimiters.enable = true; -} diff --git a/nix/homes/rafiq/_scripts/commit.nix b/nix/homes/rafiq/_scripts/commit.nix deleted file mode 100644 index f017e1d..0000000 --- a/nix/homes/rafiq/_scripts/commit.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ pkgs, ... }: -pkgs.writeShellScriptBin "commit" # bash - '' - if git diff-index --quiet HEAD --; then exit 0; fi - - PROMPT="Please generate a commit message for this diff." - GUIDELINES="1. Use conventional commit syntax, following the context. 2. Cap the commit message at 80 characters, preferably less. You must not go beyond this limit. 3. Do not include backticks. Only generate the raw text. 4. Be as succint as possible. Each commit should be atomic. You may throw a warning if it is not." - NUM_ANCESTORS=0 - PUSH=false - - # Parse arguments - while [[ $# -gt 0 ]]; do - case "$1" in - --num-ancestors | -n) - NUM_ANCESTORS="$2" - shift 2 - ;; - --push | -u) - PUSH=true - shift - ;; - *) - echo "Unrecognised argument: $1. Exiting..." - exit 1 - ;; - esac - done - - # Get context and diff - CONTEXT=$(git --no-pager log -n 10) - DIFF=$(git --no-pager diff HEAD~$NUM_ANCESTORS) - - # Generate initial response - RESPONSE=$(aichat "$PROMPT\nGuidelines: $GUIDELINES\nContext from git log:\n$CONTEXT\nDiff from git diff HEAD:\n$DIFF") - - while true; do - echo "$RESPONSE" - echo - echo "Choose an action:" - read -p "Options: [y]es, [r]eroll, [e]dit, [q]uit? " -n 1 -r choice - echo - - case "$choice" in - y | yes) - git commit -am "$RESPONSE" - echo "Committed successfully." - if $PUSH; then - git push - echo "Pushed successfully." - fi - exit 0 - ;; - r | reroll) - RESPONSE=$(aichat "$PROMPT\nGuidelines: $GUIDELINES\nContext from git log:\n$CONTEXT\nDiff from git diff HEAD:\n$DIFF") - ;; - e | edit) - echo "$RESPONSE" > /tmp/commit_msg.txt - "$EDITOR" /tmp/commit_msg.txt - RESPONSE=$(cat /tmp/commit_msg.txt) - rm /tmp/commit_msg.txt - ;; - q | quit | "") - echo "Aborted." - exit 1 - ;; - *) - echo "Invalid choice. Please choose again." - ;; - esac - done - '' diff --git a/nix/homes/rafiq/_scripts/edit.nix b/nix/homes/rafiq/_scripts/edit.nix deleted file mode 100644 index bc5e973..0000000 --- a/nix/homes/rafiq/_scripts/edit.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: -let - finder = "${pkgs.fzf}/bin/fzf --preview 'cat {}'"; -in -pkgs.writeShellScriptBin "edit" # sh - '' - if [ $# -gt 0 ]; then - $EDITOR $(${finder} -q $*) - else - $EDITOR $(${finder}) - fi - '' diff --git a/nix/homes/rafiq/_scripts/note.nix b/nix/homes/rafiq/_scripts/note.nix deleted file mode 100644 index 0470fc2..0000000 --- a/nix/homes/rafiq/_scripts/note.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -pkgs.writeShellScriptBin "note" # bash - '' - zk edit -i - pushd ~/notebook > /dev/null - git add . - commit -u - popd > /dev/null - '' diff --git a/nix/homes/rafiq/_scripts/rebuild.nix b/nix/homes/rafiq/_scripts/rebuild.nix deleted file mode 100644 index 223a4db..0000000 --- a/nix/homes/rafiq/_scripts/rebuild.nix +++ /dev/null @@ -1,148 +0,0 @@ -{ pkgs }: -let - inherit (pkgs.lib) getExe; -in -pkgs.writeShellScriptBin "rebuild" # sh - '' - QUICK=false - NO_GENERATION_CHECK=false - TEST_SHELL=false - REMOTE_HOSTS=() - REBUILDING_ALL=false - # ANSI color codes - GREEN='\033[0;32m' - ORANGE='\033[0;33m' - RED='\033[0;31m' - NC='\033[0m' - - info() { - timestamp=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "''${GREEN}''${timestamp} INFO: $1''${NC}" - } - - warn() { - timestamp=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "''${ORANGE}''${timestamp} WARN: $1''${NC}" - } - - err() { - timestamp=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "''${RED}''${timestamp} ERROR: $1''${NC}" - } - - prompt() { - local PROMPT="$1" - shift - read -p "$PROMPT? (y/n) [n]: " -n 1 -r REPLY - echo - if [[ "$REPLY" =~ ^[Yy]$ ]]; then - "$*" - else - info "$PROMPT aborted." - fi - } - - spawn_test_shell() { - info "Spawning test shell on $1..." - (export PS1="Test shell> " - exec ${pkgs.bash}/bin/bash ssh "$1") || { - ${pkgs.cowsay}/bin/cowsay "You aborted." - exit 1 - } - } - - rebuild_remote() { - local args=(".#nixosConfigurations.$1" "--target-host" "$1") - local CURRENT_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2) - - if "$TEST_SHELL"; then - info "Testing $1..." - ${getExe pkgs.nh} os test "''${args[@]}" || exit 1 - git diff HEAD --color=always --stat --patch - spawn_test_shell "$1" - info "Rebuilding $1..." - ${getExe pkgs.nh} os boot "''${args[@]}" || exit 1 - else - info "Rebuilding $1 on $HOSTNAME..." - ${getExe pkgs.nh} os switch "''${args[@]}" || exit 1 - fi - - if ! "$NO_GENERATION_CHECK"; then - local NEW_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2) - info "$1 - New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION." - if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then - warn "New config was not added to bootloader." - fi - fi - } - - info "Starting rebuild script." - - if [ ! -f "flake.nix" ]; then - err "flake.nix not found in the current directory. Exiting." - exit 1 # Indicate an error - fi - - while [[ $# -gt 0 ]]; do - case "$1" in - --quick | -q) - QUICK=true - shift - ;; - --no-generation-check | -n) - NO_GENERATION_CHECK=true - shift - ;; - --test-shell | -t) - TEST_SHELL=true - shift - ;; - --all | -a) - reachable_hosts=() - hostnames=$(nix flake show --all-systems --json | , jq -r '.nixosConfigurations | keys | .[]') - for host in ''${hostnames[@]}; do - info "Checking if $host is reachable..." - if ping -c 1 -W 1 "$host" > /dev/null 2>&1 ; then - info "$host is reachable." - reachable_hosts+=("$host") - else - warn "$host is unreachable." - fi - done - REMOTE_HOSTS=(''${reachable_hosts[@]}) - REBUILDING_ALL=true - shift - ;; - *) - if [ !REBUILDING_ALL ]; then - if ping -c 1 -W 1 "$1" > /dev/null 2>&1 ; then - REMOTE_HOSTS+=("$1") - else - err "$1 is unreachable. Exiting." - exit 1 - fi - fi - shift - ;; - esac - done - - if [ ''${#REMOTE_HOSTS[@]} == 0 ]; then - info "No hostnames provided." - REMOTE_HOSTS=("$HOSTNAME") - fi - - git add . - - for host in "''${REMOTE_HOSTS[@]}"; do - rebuild_remote $host - done - - if ! "$QUICK"; then - prompt "Commit changes" commit - prompt "Reboot system" sudo systemctl reboot - fi - - info "Rebuild script completed successfully." - exit 0 - '' diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix deleted file mode 100644 index 873dbcd..0000000 --- a/nix/homes/rafiq/darwin.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -let - inherit (lib.modules) mkIf; -in -{ - flake.modules.homeManager.rafiq = - { - pkgs, - config, - hostName, - hostConfig, - ... - }: - mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") { - home.file."Library/Application Support/aichat/config.yaml".text = '' - model: gemini:gemini-2.0-flash - clients: - - type: gemini - ''; - }; -} diff --git a/nix/homes/rafiq/default.nix b/nix/homes/rafiq/default.nix deleted file mode 100644 index 86b4733..0000000 --- a/nix/homes/rafiq/default.nix +++ /dev/null @@ -1,146 +0,0 @@ -{ lib, inputs, ... }: -let - inherit (lib.strings) concatStrings; -in -{ - flake.modules.homeManager.rafiq = - { pkgs, ... }: - { - imports = [ - inputs.nvf.homeManagerModules.default - inputs.nix-index-database.hmModules.nix-index - ]; - persistDirs = [ - ".local/share/zoxide" - "notebook" - ]; - xdg.configFile."aichat/config.yaml".text = '' - model: gemini:gemini-2.0-flash - clients: - - type: gemini - ''; - home = { - sessionVariables = { - EDITOR = "nvim"; - FETCH = "hyfetch"; - FILE_BROWSER = "yazi"; - SHELL = "fish"; - }; - shellAliases = { - fetch = "hyfetch"; - windows = "sudo systemctl reboot --boot-loader-entry=auto-windows"; - v = "$EDITOR"; - e = "edit"; - cd = "z"; # zoxide - ai = "aichat -r %shell% -e"; - }; - packages = with pkgs; [ - fastfetch - ripgrep - aichat - (import ./_scripts/edit.nix { inherit pkgs; }) - (import ./_scripts/commit.nix { inherit pkgs; }) - (import ./_scripts/note.nix { inherit pkgs; }) - (import ./_scripts/rebuild.nix { inherit pkgs; }) - ]; - }; - programs = { - mise.enable = true; - nvf.enable = true; - nvf.settings.vim = { - syntaxHighlighting = true; - hideSearchHighlight = true; - searchCase = "ignore"; - undoFile.enable = true; - telescope.enable = true; - fzf-lua.enable = true; - git.enable = true; - autopairs.nvim-autopairs.enable = true; - autocomplete = import ./_nvf/autocomplete.nix { inherit lib; }; - binds = import ./_nvf/binds.nix; - languages = import ./_nvf/languages.nix; - lsp = import ./_nvf/lsp.nix; - navigation = import ./_nvf/navigation.nix; - notes.todo-comments.enable = true; - options = { - autoindent = true; - backspace = "indent,eol,start"; - cursorline = true; - expandtab = true; - shiftwidth = 2; - smartindent = true; - tabstop = 2; - }; - snippets = import ./_nvf/snippets.nix { inherit pkgs; }; - statusline = import ./_nvf/statusline.nix; - treesitter = { - autotagHtml = true; - fold = true; - indent.disable = [ "markdown" ]; - textobjects.enable = true; - }; - ui = import ./_nvf/ui.nix; - utility = import ./_nvf/utility.nix; - visuals = import ./_nvf/visuals.nix; - }; - zk = { - enable = true; - settings.notebook.dir = "~/notebook"; - }; - hyfetch = { - enable = true; - settings = { - preset = "bisexual"; - mode = "rgb"; - light_dark = "dark"; - lightness = 0.5; - color_align = { - # Flag color alignment - mode = "horizontal"; - fore_back = null; - }; - backend = "fastfetch"; - }; - }; - - tealdeer.enable = true; - tealdeer.enableAutoUpdates = true; - direnv = { - enable = true; - nix-direnv.enable = true; - }; - zoxide.enable = true; - nix-index.enable = true; - nix-index-database.comma.enable = true; - fzf.enable = true; - fzf.enableZshIntegration = true; - yazi = { - enable = true; - shellWrapperName = "t"; - settings.mgr.sort_by = "natural"; - }; - fish.enable = true; - starship = { - enable = true; - settings = { - add_newline = false; - format = concatStrings [ - # First Line - ## Left Prompt - "$hostname$directory" - "$fill" - ## Right Prompt - "$all" - # Second Line - ## Left Prompt - "$character" - ]; - git_branch.format = "[$symbol$branch(:$remote_branch)]($style) "; - shlvl.disabled = false; - username.disabled = true; - fill.symbol = " "; - }; - }; - }; - }; -} diff --git a/nix/homes/rafiq/desktop/_hyprland/decoration.nix b/nix/homes/rafiq/desktop/_hyprland/decoration.nix deleted file mode 100644 index ee3d444..0000000 --- a/nix/homes/rafiq/desktop/_hyprland/decoration.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - animation = [ "workspaces, 1, 1, default" ]; - general = { - border_size = 2; - gaps_in = 0; - gaps_out = 0; - resize_on_border = true; - }; - decoration = { - rounding = 10; - rounding_power = 2; - inactive_opacity = 0.9; - }; -} diff --git a/nix/homes/rafiq/desktop/_hyprland/keybinds.nix b/nix/homes/rafiq/desktop/_hyprland/keybinds.nix deleted file mode 100644 index 9e75db1..0000000 --- a/nix/homes/rafiq/desktop/_hyprland/keybinds.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ pkgs, ... }: -{ - "$hypr" = "CTRL_SUPER_ALT_SHIFT"; - "$meh" = "CONTROL_SHIFT_ALT"; - bind = [ - "$hypr, Q, exec, uwsm stop" - "SUPER, W, killactive" - - "SUPER, return, exec, uwsm app -- $TERMINAL" - "SUPER, O, exec, uwsm app -- $BROWSER" - "SUPER, Escape, exec, uwsm app -- $LOCKSCREEN" - #TODO:add file browser - - #TODO: make it directional - "SUPER, H, cyclenext, visible" - "SUPER, L, cyclenext, visible prev" - "SUPER_ALT, H, movewindow, l" - "SUPER_ALT, J, movewindow, d" - "SUPER_ALT, K, movewindow, u" - "SUPER_ALT, L, movewindow, r" - "ALT_SHIFT, H, resizeactive, -10% 0" - "ALT_SHIFT, J, resizeactive, 0 -10%" - "ALT_SHIFT, K, resizeactive, 0 10%" - "ALT_SHIFT, L, resizeactive, 10% 0" - "SUPER_CTRL, H, workspace, r-1" - "SUPER_CTRL, L, workspace, r+1" - "$hypr, H, movetoworkspace, r-1" - "$hypr, L, movetoworkspace, r+1" - - "$hypr, V, togglefloating" - ]; - - bindr = [ - # Activates on SUPER without any other modifier - "SUPER, Super_L, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")" - ]; - - bindle = [ - "SUPER, 6, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" - "SUPER, 7, exec, ${pkgs.playerctl}/bin/playerctl previous" - "SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl -a play-pause" - "SUPER, 9, exec, ${pkgs.playerctl}/bin/playerctl next" - "SUPER, 0, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" - - "ALT, mouse_up, resizeactive, 10% 10%" - "ALT, mouse_down, resizeactive, -10% -10%" - ]; - - bindm = [ - "ALT, mouse:272, movewindow" - "ALT, mouse:273, resizeactive" - ]; - bindc = [ - "ALT, mouse:272, togglefloating" - ]; -} diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix deleted file mode 100644 index 892031c..0000000 --- a/nix/homes/rafiq/desktop/darwin.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - flake.modules.darwin.graphical.homebrew = { - brews = [ - "mise" - "docker" - ]; - casks = [ - "ghostty" - "slack" - "gitify" - "telegram" - "vial" - "linear-linear" - "chatgpt" - "spotify" - ]; - }; - flake.modules.homeManager.rafiq = { - # make sure brew is on the path for M1 - programs.zsh.initContent = '' - if [[ $(uname -m) == 'arm64' ]]; then - eval "$(/opt/homebrew/bin/brew shellenv)" - fi - ''; - programs.fish.shellInit = '' - if test (uname -m) = "arm64" - eval (/opt/homebrew/bin/brew shellenv) - end - ''; - }; -} diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix deleted file mode 100644 index 277d445..0000000 --- a/nix/homes/rafiq/desktop/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib, inputs, ... }: -{ - flake.modules.homeManager.rafiq = - { pkgs, config, ... }: - let - inherit (lib.modules) mkIf; - inherit (builtins) map listToAttrs; - inherit (lib.lists) findFirstIndex; - inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons; - profiles = listToAttrs ( - map (name: { - inherit name; - # If there are duplicate profile names, findFirstIndex will cause issues. - value = profileCfg (findFirstIndex (x: x == name) null syncedProfiles); - }) syncedProfiles - ); - syncedProfiles = [ - "rafiq" - "test" - ]; - profileCfg = id: { - inherit id; - settings."extensions.autoDisableScopes" = 0; # Auto enable extensions - extensions = { - force = true; - packages = with firefox-addons; [ - darkreader - gesturefy - sponsorblock - ublock-origin - ]; - }; - }; - in - mkIf config.graphical { - stylix = { - image = ./wallpaper.png; - targets = { - firefox.colorTheme.enable = true; - firefox.profileNames = syncedProfiles; - }; - }; - home = { - sessionVariables = { - BROWSER = "firefox"; - TERMINAL = "ghostty"; - }; - }; - programs = { - vesktop.enable = true; - thunderbird.enable = true; - thunderbird.profiles.rafiq.isDefault = true; - # ghostty is broken on nix-darwin - ghostty.settings.confirm-close-surface = false; - firefox = { - enable = true; - inherit profiles; - }; - }; - }; -} diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix deleted file mode 100644 index e7d66b4..0000000 --- a/nix/homes/rafiq/desktop/nixos.nix +++ /dev/null @@ -1,232 +0,0 @@ -{ lib, config, ... }: -let - inherit (config.manifest) admin; -in -{ - allowedUnfreePackages = [ - "stremio-shell" - "stremio-server" - "steam" - "steam-unwrapped" - ]; - flake.modules.nixos.graphical = - { config, pkgs, ... }: - { - fonts.packages = [ pkgs.font-awesome ]; - services.getty.autologinUser = admin.username; - # Start Hyprland at boot only if not connecting through SSH - environment.loginShellInit = # sh - '' - if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then - if uwsm check may-start; then - exec uwsm start hyprland-uwsm.desktop - fi - fi - ''; - environment.variables = { - # Get Electron apps to use Wayland - ELECTRON_OZONE_PLATFORM_HINT = "auto"; - NIXOS_OZONE_WL = "1"; - }; - programs = { - hyprland = { - enable = true; - # Use UWSM to have each process controlled by systemd init - withUWSM = true; - }; - steam = { - enable = true; - gamescopeSession.enable = true; - }; - }; - security.pam.services.hyprlock = { }; - services.sunshine = { - enable = true; - capSysAdmin = true; - openFirewall = true; - settings = { - sunshine_name = config.networking.hostName; - origin_pin_allowed = "wan"; - origin_web_ui_allowed = "wan"; - }; - applications = { }; - }; - # spotifyd - networking.firewall.allowedTCPPorts = [ 5353 ]; - networking.firewall.allowedUDPPorts = [ 5353 ]; - }; - flake.modules.homeManager.rafiq = - { - pkgs, - config, - hostName, - hostConfig, - ... - }: - let - inherit (lib.modules) mkMerge mkIf; - in - mkIf (config.graphical && pkgs.system == "x86_64-linux") { - stylix.targets.waybar.addCss = false; - persistDirs = [ - "docs" - "repos" - "vids" - "tmp" - ".cache/Smart Code ltd/Stremio" - ".local/share/Smart Code ltd/Stremio" - ".mozilla/firefox" - ".tor project" - ".local/share/Steam" - ".local/share/PrismLauncher" - ".config/sunshine" - ]; - home = { - packages = with pkgs; [ - wl-clipboard-rs - stremio - tor-browser - vlc - prismlauncher - ]; - sessionVariables = { - LAUNCHER = "fuzzel"; - LOCKSCREEN = "hyprlock"; - NOTIFICATION_DAEMON = "mako"; - STATUS_BAR = "waybar"; - }; - }; - # xdg.configFile."uwsm/env".text = # sh - # '' - # # Force apps to scale right with Wayland - # export GDK_SCALE=${mainMonitor.scale} - # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - # ''; - # xdg.configFile."uwsm/env-hyprland".text = # sh - # '' - # export GDK_SCALE=${mainMonitor.scale} - # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - # ''; - wayland.windowManager.hyprland = { - enable = true; - # This is needed for UWSM - systemd.enable = false; - # Null the packages since we use them system wide - package = null; - portalPackage = null; - settings = mkMerge [ - (import ./_hyprland/decoration.nix) - (import ./_hyprland/keybinds.nix { inherit pkgs; }) - { - ecosystem.no_update_news = true; - xwayland.force_zero_scaling = true; - monitor = - let - mainMonitor = hostConfig.machine.monitors.main; - in - [ - "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" - ", preferred, auto, 1" - ]; - exec-once = [ - "uwsm app -- $LOCKSCREEN" - "uwsm app -- $NOTIFICATION_DAEMON" - "uwsm app -- $STATUS_BAR" - ]; - } - ]; - }; - services = { - spotifyd.enable = true; - spotifyd.settings.global = { - device_name = "${hostName}"; - device_type = "computer"; - zeroconf_port = 5353; - }; - mako.enable = true; - mako.settings.default-timeout = 10000; - }; - programs = { - obs-studio.enable = true; - fuzzel.enable = true; - ghostty.enable = true; - waybar = { - enable = true; - settings = [ - { - layer = "top"; - modules-left = [ - "pulseaudio" - ]; - modules-right = [ - "battery" - "clock" - ]; - "pulseaudio" = { - format = "{icon} {volume}%"; - format-muted = ""; - format-icons.default = [ - "" - "" - ]; - on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; - }; - "clock" = { - interval = 1; - format = "{:%F %T}"; - }; - "battery" = { - interval = 1; - bat-compatibility = true; - }; - } - ]; - style = # css - '' - window#waybar { - background-color: rgba(0, 0, 0, 0); - } - - #pulseaudio, - #battery, - #clock { - padding-top: 5px; - padding-bottom: 5px; - padding-right: 5px; - color: #ffffff; - } - ''; - }; - hyprlock = { - enable = true; - settings = { - general.hide_cursor = true; - general.ignore_empty_input = true; - background.blur_passes = 5; - background.blur_size = 5; - label = { - text = ''hi, $USER.''; - font_size = 32; - position = "0, 0"; - halign = "center"; - valign = "center"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - input-field = { - placeholder_text = ""; - fade_on_empty = true; - size = "200, 45"; - position = "0, -5%"; - halign = "center"; - valign = "center"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - }; - }; - }; - }; -} diff --git a/nix/homes/rafiq/desktop/wallpaper.png b/nix/homes/rafiq/desktop/wallpaper.png deleted file mode 100644 index cabd21f..0000000 Binary files a/nix/homes/rafiq/desktop/wallpaper.png and /dev/null differ diff --git a/nix/lib/attrsets.nix b/nix/lib/attrsets.nix deleted file mode 100644 index 1361c2a..0000000 --- a/nix/lib/attrsets.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ lib, ... }: -let - inherit (builtins) attrNames head; - inherit (lib.trivial) pipe; - inherit (lib.attrsets) filterAttrs; -in -{ - flake.lib.attrsets = { - /** - `firstAttrNameMatching pred set` filters an attribute set `set` based on a predicate `pred` - and returns the *first* attribute name that satisfies the predicate. - - # Example - - ```nix - let - mySet = { - a = { value = 1; }; - b = { value = 2; }; - c = { value = 3; }; - }; - - isGreaterThanOne = name: value: value.value > 1; - - result = firstAttrNameMatching isGreaterThanOne mySet; - - in - result - # Output: "b" - ``` - - # Type - - ``` - firstAttrNameMatching :: (String -> Any -> Bool) -> AttrSet -> String - ``` - - # Arguments - - pred - : A function that takes an attribute name and its value and returns a boolean. - - set - : The attribute set to filter. - */ - firstAttrNameMatching = - pred: set: - pipe set [ - (filterAttrs pred) - attrNames - head - ]; - }; -} diff --git a/nix/lib/lists.nix b/nix/lib/lists.nix deleted file mode 100644 index 370362f..0000000 --- a/nix/lib/lists.nix +++ /dev/null @@ -1,13 +0,0 @@ -let - inherit (builtins) length tail; -in -{ - flake.lib.lists = rec { - shortenList = - count: list: - let - len = length list; - in - if len <= count then list else (shortenList count (tail list)); - }; -} diff --git a/nix/lib/modules.nix b/nix/lib/modules.nix deleted file mode 100644 index ba27bfd..0000000 --- a/nix/lib/modules.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) foldl' attrNames; - inherit (lib.attrsets) mapAttrs; -in -{ - flake.lib.modules = { - /** - Fold over the users list and create an attribute set. - - # Inputs - - `f` - - : A function that takes the name of a user and returns an attribute set. - - # Type - - ``` - userListToAttrs :: (String -> AttrSet) -> AttrSet - ``` - - # Examples - :::{.example} - ## `userListToAttrs` usage example - - ```nix - flake.manifest.users.rafiq = { ... }; - flake.modules.homeManager.users = userListToAttrs (name: { - ${name}.home.username = name; - }); - => flake.modules.homeManager.default.users.rafiq.home.username = "rafiq"; - ``` - - ::: - */ - userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); - /** - Return an attribute set for use with a option that needs to be used for all users. - - # Inputs - - `attrset` - - : An attribute set to apply to all the users. - - # Type - - ``` - forAllUsers :: AttrSet -> AttrSet - ``` - - # Examples - :::{.example} - ## `forAllUsers` usage example - - ```nix - flake.manifest.users.rafiq = { ... }; - flake.modules.nixos.default.users = forAllUsers { - isNormalUser = true; - }; - => flake.modules.nixos.default.users.rafiq.isNormalUser = true; - ``` - - ::: - */ - forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; - - /** - Like forAllUsers, but passes in the name and value from the manifest. - - # Inputs - - `f` - - : A function that takes an attribute name and its value, and returns the new value for the attribute. - - # Type - - ``` - forAllUsers' :: (String -> Any -> Any) -> AttrSet - ``` - - # Examples - :::{.example} - ## `forAllUsers'` usage example - - ```nix - flake.manifest.users.rafiq = { ... }; - flake.modules.homeManager.users = forAllUsers' (name: value: { - home.username = name; - }); - => flake.modules.homeManager.default.users.rafiq.home.username = "rafiq"; - ``` - - ::: - */ - forAllUsers' = f: mapAttrs f config.manifest.users; - }; -} diff --git a/nix/lib/options.nix b/nix/lib/options.nix deleted file mode 100644 index 4d0c329..0000000 --- a/nix/lib/options.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ lib, ... }: -let - inherit (lib.options) mkOption; - inherit (lib.types) - str - path - int - port - attrs - ; -in -{ - flake.lib.options = { - mkStrOption = - default: - mkOption { - inherit default; - type = str; - }; - mkAttrOption = - default: - mkOption { - inherit default; - type = attrs; - }; - mkIntOption = - default: - mkOption { - inherit default; - type = int; - }; - mkPortOption = - default: - mkOption { - type = port; - inherit default; - }; - mkPathOption = - default: - mkOption { - type = path; - inherit default; - }; - }; -} diff --git a/nix/lib/services.nix b/nix/lib/services.nix deleted file mode 100644 index 7ec6025..0000000 --- a/nix/lib/services.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, ... }: -let - inherit (builtins) length concatStringsSep; - inherit (lib.options) mkEnableOption; - inherit (lib.strings) splitString; - inherit (lib.lists) singleton; - inherit (lib.modules) mkMerge mkIf; - inherit (cfg.lib.options) mkStrOption mkPortOption mkAttrOption; - inherit (cfg.lib.lists) shortenList; - cfg = config.flake; -in -{ - flake.lib.services = rec { - splitDomain = domain: splitString "." domain; - isRootDomain = domain: length (splitDomain domain) <= 2; - mkRootDomain = domain: concatStringsSep "." (shortenList 2 (splitDomain domain)); - mkWildcardDomain = rootDomain: concatStringsSep "." ((singleton "*") ++ (splitDomain rootDomain)); - mkHost = domain: if isRootDomain domain then domain else mkWildcardDomain (mkRootDomain domain); - mkWebApp = - { - config, - name, - defaultPort, - persistDirs ? [ ], - extraOptions ? { }, - extraConfig ? { }, - }: - let - cfg = config.server.web-apps.${name}; - networkingConfig = - { - config, - cfg, - name, - }: - mkIf (cfg.domain != "") { - assertions = singleton { - assertion = config.server.web-servers.nginx.enable; - message = "You must enable a web server if you want to set server.web-apps.${name}.domain."; - }; - server.ddns.domains = singleton (mkRootDomain cfg.domain); - server.web-servers.nginx.proxies = singleton { - source = cfg.domain; - target = "http://${config.networking.hostName}:${toString cfg.port}"; - }; - }; - - in - { - options.server.web-apps.${name} = { - enable = mkEnableOption ""; - port = mkPortOption defaultPort; - domain = mkStrOption ""; - openFirewall = mkEnableOption ""; - extraCfg = mkAttrOption { }; - } // extraOptions; - - config = mkIf cfg.enable (mkMerge [ - { - inherit persistDirs; - networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; }; - } - (networkingConfig { inherit config cfg name; }) - extraConfig - ]); - }; - - }; -} diff --git a/nix/manifest.nix b/nix/manifest.nix deleted file mode 100644 index 4f4f42f..0000000 --- a/nix/manifest.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ - manifest = { - users.rafiq = { - primary = true; - name = "Mohammad Rafiq"; - email = "rafiq@rrv.sh"; - shell = "fish"; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; - }; - hosts = { - darwin = { - venus = { - graphical = true; - machine.platform = "intel"; - }; - hephaestus = { - graphical = true; - machine.platform = "apple-silicon"; - }; - }; - nixos = { - nemesis = { - graphical = true; - machine = { - platform = "amd"; - gpu = "nvidia"; - root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; - monitors.main = { - id = "desc:OOO AN-270W04K"; - resolution = "3840x2160"; - refresh-rate = "60"; - scale = "2"; - }; - }; - extraCfg = { - machine = { - bluetooth.enable = true; - usb.automount = true; - usb.qmk.enable = true; - virtualisation = { - podman.enable = true; - podman.distrobox.enable = true; - }; - }; - server.web-apps = { - comfy-ui.enable = true; - sd-webui-forge.enable = true; - }; - }; - }; - apollo = { - graphical = false; - machine = { - platform = "intel"; - root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; - }; - extraCfg.server = { - ddns = { - enable = true; - domains = [ - "aenyrathia.wiki" - "slayment.com" - ]; - }; - web-servers = { - enableSSL = true; - nginx = { - enable = true; - proxies = [ - { - source = "aenyrathia.wiki"; - target = "http://helios:5896"; - } - { - source = "il.bwfiq.com"; - target = "http://helios:2283"; - } - ]; - }; - }; - databases = { - mongodb.enable = true; - mysql.enable = true; - postgresql.enable = true; - }; - web-apps = { - librechat = { - enable = true; - domain = "chat.bwfiq.com"; - }; - forgejo = { - enable = true; - domain = "git.rrv.sh"; - openFirewall = true; - }; - rrv-sh.enable = true; - rrv-sh.domain = "rrv.sh"; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/meta.nix b/nix/meta.nix deleted file mode 100644 index 9b93c47..0000000 --- a/nix/meta.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: -let - inherit (lib.options) mkOption; - inherit (lib.types) path lazyAttrsOf raw; - inherit (inputs.flake-parts.lib) mkSubmoduleOptions; - cfg = config.flake; -in -{ - options.flake = mkSubmoduleOptions { - self = mkOption { type = raw; }; - lib = mkOption { - type = lazyAttrsOf raw; - default = { }; - }; - paths = { - root = mkOption { type = path; }; - secrets = mkOption { - type = path; - readOnly = true; - }; - }; - }; - config.flake = { - paths.secrets = cfg.paths.root + "/secrets"; - }; -} diff --git a/nix/modules/cli/git.nix b/nix/modules/cli/git.nix deleted file mode 100644 index 0571ca3..0000000 --- a/nix/modules/cli/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, ... }: -let - inherit (config.manifest) users; -in -{ - flake.modules.homeManager.default = - { config, ... }: - { - home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; - programs.git = { - enable = true; - userName = users.${config.home.username}.name; - userEmail = users.${config.home.username}.email; - signing.key = "~/.ssh/id_ed25519.pub"; - }; - }; -} diff --git a/nix/modules/cli/nix.nix b/nix/modules/cli/nix.nix deleted file mode 100644 index a69b1d6..0000000 --- a/nix/modules/cli/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - flake.modules.nixos.default.nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - flake.modules.darwin.default = { - nix.enable = false; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - }; -} diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix deleted file mode 100644 index ac1617d..0000000 --- a/nix/modules/cli/shell.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.flake; - inherit (config.manifest) users; - inherit (cfg.lib.modules) forAllUsers'; - inherit (lib.attrsets) mapAttrs'; -in -{ - flake.modules = { - nixos.default = - { pkgs, ... }: - { - programs = mapAttrs' (name: value: { - name = value.shell; - value.enable = true; - }) users; - users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); - }; - darwin.default = - { pkgs, ... }: - { - programs = mapAttrs' (name: value: { - name = value.shell; - value.enable = true; - }) users; - users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); - environment.shells = [ pkgs.fish ]; - }; - homeManager.default = - { config, ... }: - { - programs.${users.${config.home.username}.shell}.enable = true; - home.shell.enableShellIntegration = true; - }; - }; -} diff --git a/nix/modules/graphical/default.nix b/nix/modules/graphical/default.nix deleted file mode 100644 index 0ba55ca..0000000 --- a/nix/modules/graphical/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, ... }: -let - inherit (lib.options) mkEnableOption; -in -{ - flake.modules = { - nixos.graphical = { - home-manager.sharedModules = [ { graphical = true; } ]; - services.pipewire = { - enable = true; - pulse.enable = true; - }; - }; - homeManager.default.options.graphical = mkEnableOption ""; - darwin.graphical.home-manager.sharedModules = [ { graphical = true; } ]; - }; -} diff --git a/nix/modules/graphical/stylix.nix b/nix/modules/graphical/stylix.nix deleted file mode 100644 index c347b6a..0000000 --- a/nix/modules/graphical/stylix.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ inputs, ... }: -{ - # needs to be default because the options get - # evaluated even if graphical is set to false - flake.modules.nixos.default = - { pkgs, ... }: - { - imports = [ inputs.stylix.nixosModules.stylix ]; - stylix.enable = true; - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; - }; - flake.modules.darwin.default = - { pkgs, ... }: - { - imports = [ inputs.stylix.darwinModules.stylix ]; - stylix.enable = true; - #TODO: move into manifest - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; - }; -} diff --git a/nix/modules/machine/bootloader.nix b/nix/modules/machine/bootloader.nix deleted file mode 100644 index 2fefe52..0000000 --- a/nix/modules/machine/bootloader.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - flake.modules.nixos.default.boot = { - initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - loader.efi.canTouchEfiVariables = true; - #TODO: disable for mbp? - loader.systemd-boot = { - enable = true; - configurationLimit = 5; - }; - }; -} diff --git a/nix/modules/machine/default.nix b/nix/modules/machine/default.nix deleted file mode 100644 index ce8c615..0000000 --- a/nix/modules/machine/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, ... }: -let - inherit (lib.options) mkEnableOption; - inherit (lib.modules) mkIf mkMerge; -in -{ - flake.modules.nixos.default = - { - config, - modulesPath, - pkgs, - ... - }: - let - cfg = config.machine; - in - { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - options.machine = { - bluetooth.enable = mkEnableOption ""; - usb.automount = mkEnableOption ""; - usb.qmk.enable = mkEnableOption ""; - }; - config = mkMerge [ - (mkIf cfg.usb.automount { - services.udisks2.enable = true; - home-manager.sharedModules = [ - { - services.udiskie = { - enable = true; - automount = true; - notify = true; - }; - } - ]; - }) - (mkIf cfg.usb.qmk.enable { - hardware.keyboard.qmk.enable = true; - services.udev = { - packages = with pkgs; [ - vial - qmk - qmk-udev-rules - qmk_hid - ]; - }; - - }) - (mkIf cfg.bluetooth.enable { - persistDirs = [ "/var/lib/bluetooth" ]; - hardware.bluetooth = { - enable = true; - settings.General.Experimental = true; - }; - }) - ]; - }; -} diff --git a/nix/modules/machine/gpu.nix b/nix/modules/machine/gpu.nix deleted file mode 100644 index 8517036..0000000 --- a/nix/modules/machine/gpu.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - allowedUnfreePackages = [ - "nvidia-x11" - "nvidia-settings" - ]; - flake.modules.nixos.default = - { - config, - pkgs, - hostConfig, - ... - }: - let - inherit (hostConfig.machine) gpu; - in - if gpu == "nvidia" then - { - hardware = { - graphics.enable = true; - graphics.extraPackages = [ pkgs.nvidia-vaapi-driver ]; - nvidia.open = true; - nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; - }; - services.xserver.videoDrivers = [ "nvidia" ]; - environment.variables = { - LIBVA_DRIVER_NAME = "nvidia"; - __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - NVD_BACKEND = "direct"; - }; - nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; - nix.settings.trusted-public-keys = [ - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; - } - else - { }; -} diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix deleted file mode 100644 index 62943b4..0000000 --- a/nix/modules/machine/platform.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - flake.modules.nixos.default = - { hostConfig, ... }: - let - inherit (hostConfig.machine) platform; - arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; - in - { - hardware.cpu.${platform}.updateMicrocode = true; - boot.kernelModules = [ "kvm-${platform}" ]; - nixpkgs.hostPlatform = "${arch}-linux"; - }; - - flake.modules.darwin.default = - { hostConfig, ... }: - let - inherit (hostConfig.machine) platform; - arch = if platform == "intel" then "x86_64" else "aarch64"; - in - { - nixpkgs.hostPlatform = "${arch}-darwin"; - }; -} diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix deleted file mode 100644 index 9c7d4ea..0000000 --- a/nix/modules/machine/root.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ lib, inputs, ... }: -let - inherit (lib.modules) mkMerge mkIf mkAfter; -in -{ - flake.modules.nixos.default = - { hostConfig, ... }: - let - inherit (hostConfig.machine) root; - in - { - imports = [ inputs.disko.nixosModules.disko ]; - config = mkMerge [ - { - # BTRFS - may add more later on - boot.initrd.kernelModules = [ "dm-snapshot" ]; - disko.devices.disk.main = { - device = root.drive; - content.type = "gpt"; - content.partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - swap = { - size = "4G"; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - - disko.devices.lvm_vg.root_vg = { - type = "lvm_vg"; - lvs.root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root".mountpoint = "/"; - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "noatime" - ]; - }; - }; - }; - }; - }; - } - # Ephemeral by default - assumes btrfs - (mkIf root.ephemeral { - boot.initrd.postDeviceCommands = mkAfter '' - mkdir /btrfs_tmp - mount /dev/root_vg/root /btrfs_tmp - - if [[ -e /btrfs_tmp/root ]]; then - btrfs subvolume delete "/btrfs_tmp/root" - fi - ''; - }) - ]; - }; -} diff --git a/nix/modules/machine/virtualisation.nix b/nix/modules/machine/virtualisation.nix deleted file mode 100644 index 81b586e..0000000 --- a/nix/modules/machine/virtualisation.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... }: -let - inherit (lib.modules) mkIf; - inherit (lib.options) mkEnableOption; - inherit (lib.lists) optional; - inherit (config.flake.lib.modules) forAllUsers; -in -{ - flake.modules.nixos.default = - { pkgs, config, ... }: - let - cfg = config.machine.virtualisation; - in - { - options.machine.virtualisation = { - podman.enable = mkEnableOption ""; - podman.distrobox.enable = mkEnableOption ""; - }; - config = mkIf cfg.podman.enable { - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - users.users = forAllUsers { - extraGroups = [ "podman" ]; - autoSubUidGidRange = cfg.podman.distrobox.enable; - }; - home-manager.sharedModules = optional cfg.podman.distrobox.enable { - home.packages = [ pkgs.distrobox ]; - persistDirs = [ ".local/share/containers" ]; - }; - }; - }; -} diff --git a/nix/modules/networking/default.nix b/nix/modules/networking/default.nix deleted file mode 100644 index 435e501..0000000 --- a/nix/modules/networking/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ... }: -let - inherit (lib.modules) mkDefault; -in -{ - flake.modules.nixos.default = - { hostName, ... }: - { - networking = { - inherit hostName; - enableIPv6 = false; - useDHCP = mkDefault true; - networkmanager.enable = true; - }; - }; -} diff --git a/nix/modules/networking/ssh.nix b/nix/modules/networking/ssh.nix deleted file mode 100644 index 2238b7e..0000000 --- a/nix/modules/networking/ssh.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.flake; - inherit (config.manifest) admin; - inherit (lib.modules) mkMerge; - inherit (cfg.lib.modules) forAllUsers'; -in -{ - flake.modules.nixos.default = mkMerge [ - { - services.openssh.enable = true; - users.users = forAllUsers' (_: value: { openssh.authorizedKeys.keys = [ value.pubkey ]; }); - persistFiles = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - } - { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } - ]; - flake.modules.homeManager.default = { - persistDirs = [ ".ssh" ]; - programs.ssh.enable = true; - programs.ssh.extraConfig = '' - Host * - SetEnv TERM=xterm-256color - ''; - }; -} diff --git a/nix/modules/networking/tailscale.nix b/nix/modules/networking/tailscale.nix deleted file mode 100644 index e1ad04c..0000000 --- a/nix/modules/networking/tailscale.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: -let - inherit (config.flake.paths) secrets; -in -{ - flake.modules.nixos.default = - { config, ... }: - { - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/client-secret".path; - authKeyParameters.preauthorized = true; - }; - persistDirs = [ "/var/lib/tailscale" ]; - sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml"; - }; - flake.modules.darwin.default = - { pkgs, ... }: - { - services.tailscale = { - enable = true; - package = pkgs.tailscale.overrideAttrs { doCheck = false; }; - }; - }; -} diff --git a/nix/modules/server/databases.nix b/nix/modules/server/databases.nix deleted file mode 100644 index 2827b9d..0000000 --- a/nix/modules/server/databases.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) toString; - inherit (lib.modules) mkIf mkMerge mkOverride; - inherit (lib.lists) singleton; - inherit (lib.options) mkEnableOption; - inherit (config.flake.lib.options) mkPortOption; -in -{ - allowedUnfreePackages = [ "mongodb" ]; - flake.modules.nixos.default = - { config, pkgs, ... }: - let - cfg = config.server.databases; - in - { - options.server.databases = { - mongodb = { - enable = mkEnableOption "the MongoDB server"; - port = mkPortOption 27017; - }; - mysql = { - enable = mkEnableOption "the MySQL server"; - port = mkPortOption 3306; - }; - postgresql = { - enable = mkEnableOption "the postgresql server"; - port = mkPortOption 5432; - }; - }; - - config = mkMerge [ - (mkIf cfg.postgresql.enable { - networking.firewall.allowedTCPPorts = singleton cfg.postgresql.port; - persistDirs = singleton { - directory = toString config.services.postgresql.dataDir; - user = "postgres"; - group = "postgres"; - }; - services.postgresql = { - enable = true; - enableTCPIP = true; - settings = { inherit (cfg.postgresql) port; }; - authentication = mkOverride 10 '' - #type database DBuser auth-method - local all all trust - - # ipv4 - host all all 0.0.0.0/0 trust - ''; - ensureDatabases = singleton "alphastory"; - ensureUsers = singleton { - name = "alphastory"; - ensureDBOwnership = true; - }; - }; - }) - (mkIf cfg.mongodb.enable { - networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ]; - persistDirs = singleton { - directory = toString config.services.mongodb.dbpath; - user = "mongodb"; - group = "mongodb"; - }; - services.mongodb = { - enable = true; - bind_ip = "0.0.0.0"; - extraConfig = '' - net.port: ${toString cfg.mongodb.port} - ''; - }; - }) - (mkIf cfg.mysql.enable { - networking.firewall.allowedTCPPorts = [ cfg.mysql.port ]; - persistDirs = singleton { - directory = toString config.services.mysql.dataDir; - user = "mysql"; - group = "mysql"; - }; - services.mysql = { - enable = true; - package = pkgs.mariadb; - settings.mysqld = { - inherit (cfg.mysql) port; - }; - }; - }) - ]; - }; -} diff --git a/nix/modules/server/ddns.nix b/nix/modules/server/ddns.nix deleted file mode 100644 index 40a03ea..0000000 --- a/nix/modules/server/ddns.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib, config, ... }: -let - inherit (lib.modules) mkIf; - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.types) enum str listOf; - inherit (lib.lists) unique; - inherit (builtins) map; - inherit (config.flake.paths) secrets; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.ddns; - mkDomain = domain_name: { - inherit domain_name; - sub_domains = [ - "@" - "*" - ]; - }; - in - { - options.server.ddns = { - enable = mkEnableOption ""; - type = mkOption { - type = enum [ "godns" ]; - default = "godns"; - }; - domains = mkOption { - type = listOf str; - default = [ ]; - }; - }; - - config = mkIf cfg.enable { - sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml"; - services.godns = { - enable = if (cfg.type == "godns") then true else false; - loadCredential = [ "cf_token:${config.sops.secrets."keys/cloudflare".path}" ]; - settings = { - provider = "Cloudflare"; - login_token_file = "$CREDENTIALS_DIRECTORY/cf_token"; - # Sanitize the list of domains with unique so we can add to it with every service. - domains = map mkDomain (unique cfg.domains); - resolver = "1.1.1.1"; - ip_urls = [ - "https://wtfismyip.com/text" - "https://api.ipify.org" - "https://myip.biturl.top" - "https://api-ipv4.ip.sb/ip" - ]; - ip_type = "IPv4"; - interval = 300; - }; - }; - }; - }; -} diff --git a/nix/modules/server/web-apps/comfy-ui.nix b/nix/modules/server/web-apps/comfy-ui.nix deleted file mode 100644 index 738e2e5..0000000 --- a/nix/modules/server/web-apps/comfy-ui.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: -let - inherit (lib.lists) singleton; - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - upstreamCfg = config.services.comfyUi; - in - mkWebApp { - inherit config; - name = "comfy-ui"; - defaultPort = 8188; - persistDirs = singleton { - directory = upstreamCfg.dataDir; - inherit (upstreamCfg) user group; - mode = "777"; - }; - extraConfig.services.comfyUi = { - enable = true; - listenHost = "0.0.0.0"; - }; - } - // { - imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ]; - }; -} diff --git a/nix/modules/server/web-apps/forgejo.nix b/nix/modules/server/web-apps/forgejo.nix deleted file mode 100644 index 5beb028..0000000 --- a/nix/modules/server/web-apps/forgejo.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, config, ... }: -let - inherit (lib.lists) singleton optional; - inherit (config.flake.lib.options) mkPortOption; - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-apps.forgejo; - upstreamCfg = config.services.forgejo; - in - mkWebApp { - inherit config; - name = "forgejo"; - defaultPort = 3000; - persistDirs = singleton { - directory = upstreamCfg.stateDir; - inherit (upstreamCfg) user group; - }; - extraOptions = { - sshPort = mkPortOption 2222; - }; - extraConfig = { - networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort; - services.forgejo = { - enable = true; - settings = { - server = { - DOMAIN = cfg.domain; - ROOT_URL = "https://${cfg.domain}/"; - HTTP_PORT = cfg.port; - START_SSH_SERVER = true; - SSH_PORT = cfg.sshPort; - }; - repository = { - USE_COMPAT_SSH_URI = false; - ENABLE_PUSH_CREATE_USER = true; - ENABLE_PUSH_CREATE_ORG = true; - }; - "repository.signing".FORMAT = "ssh"; - }; - }; - }; - }; -} diff --git a/nix/modules/server/web-apps/librechat.nix b/nix/modules/server/web-apps/librechat.nix deleted file mode 100644 index 63d2efa..0000000 --- a/nix/modules/server/web-apps/librechat.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -let - inherit (lib.lists) singleton; - inherit (config.flake.lib.options) mkStrOption; - inherit (config.flake.lib.services) mkWebApp; - inherit (config.flake.paths) secrets; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-apps.librechat; - upstreamCfg = config.services.librechat; - in - mkWebApp { - inherit config; - name = "librechat"; - defaultPort = 3080; - persistDirs = singleton { - directory = upstreamCfg.dataDir; - inherit (upstreamCfg) user group; - }; - extraOptions.mongodbURI = mkStrOption "mongodb://${config.networking.hostName}:27017/LibreChat"; - extraConfig = { - sops.secrets = { - "librechat/creds_key".sopsFile = secrets + "/librechat.yaml"; - "librechat/creds_iv".sopsFile = secrets + "/librechat.yaml"; - "librechat/jwt_secret".sopsFile = secrets + "/librechat.yaml"; - "librechat/jwt_refresh_secret".sopsFile = secrets + "/librechat.yaml"; - "keys/gemini".sopsFile = secrets + "/keys.yaml"; - "keys/openrouter".sopsFile = secrets + "/keys.yaml"; - }; - services.librechat = { - enable = true; - openFirewall = true; - inherit (cfg) port; - env = { - HOST = "0.0.0.0"; - ALLOW_REGISTRATION = "true"; - NO_INDEX = "true"; - MONGO_URI = cfg.mongodbURI; - DOMAIN_CLIENT = cfg.domain; - DOMAIN_SERVER = cfg.domain; - ENDPOINTS = "anthropic,agents,google"; - }; - credentials = { - CREDS_KEY = config.sops.secrets."librechat/creds_key".path; - CREDS_IV = config.sops.secrets."librechat/creds_iv".path; - JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path; - JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path; - OPENROUTER_KEY = config.sops.secrets."keys/openrouter".path; - GOOGLE_KEY = config.sops.secrets."keys/gemini".path; - }; - settings = { - version = "1.1.4"; - cache = true; - endpoints.custom = [ - { - name = "OpenRouter"; - apiKey = "\${OPENROUTER_KEY}"; - baseURL = "https://openrouter.ai/api/v1"; - models.default = [ "meta-llama/llama-3-70b-instruct" ]; - models.fetch = true; - titleConvo = true; - titleModel = "current_model"; - modelDisplayLabel = "OpenRouter"; - } - ]; - interface = { - privacyPolicy = { - externalUrl = "https://librechat.ai/privacy-policy"; - openNewTab = true; - }; - }; - }; - }; - }; - } - // { - imports = singleton "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix"; - }; -} diff --git a/nix/modules/server/web-apps/rrv-sh.nix b/nix/modules/server/web-apps/rrv-sh.nix deleted file mode 100644 index d4c801d..0000000 --- a/nix/modules/server/web-apps/rrv-sh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, inputs, ... }: -let - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-apps.rrv-sh; - in - mkWebApp { - inherit config; - name = "rrv-sh"; - defaultPort = 2309; - extraConfig.services.rrv-sh = { - enable = true; - inherit (cfg) port; - }; - } - // { - imports = [ inputs.rrv-sh.nixosModules.default ]; - }; -} diff --git a/nix/modules/server/web-apps/sd-webui-forge.nix b/nix/modules/server/web-apps/sd-webui-forge.nix deleted file mode 100644 index cf88d86..0000000 --- a/nix/modules/server/web-apps/sd-webui-forge.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -let - inherit (lib.lists) singleton; - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - upstreamCfg = config.services.sd-webui-forge; - in - mkWebApp { - inherit config; - name = "sd-webui-forge"; - defaultPort = 7860; - persistDirs = singleton { - directory = upstreamCfg.dataDir; - inherit (upstreamCfg) user group; - }; - extraConfig.services.sd-webui-forge = { - enable = true; - listen = true; - extraArgs = "--cuda-malloc"; - }; - } - // { - imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ]; - }; -} diff --git a/nix/modules/server/web-servers.nix b/nix/modules/server/web-servers.nix deleted file mode 100644 index 9b0cf75..0000000 --- a/nix/modules/server/web-servers.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) listToAttrs map; - inherit (config.flake.lib.options) mkStrOption mkPathOption; - inherit (config.flake.lib.services) mkRootDomain; - inherit (config.flake.paths) secrets; - inherit (config.manifest.admin) email; - inherit (lib.types) listOf submodule attrs; - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.modules) mkMerge mkIf; - inherit (lib.lists) singleton; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-servers; - sslCheck = good: bad: if cfg.enableSSL then good else bad; - in - { - options.server.web-servers = { - enableSSL = mkEnableOption ""; - nginx = { - enable = mkEnableOption "the Nginx server"; - openFirewall = mkEnableOption "" // { - default = true; - }; - enableDefaultSink = mkEnableOption "" // { - default = true; - }; - pages = mkOption { - default = [ ]; - type = listOf (submodule { - options = { - domain = mkStrOption ""; - root = mkPathOption ""; - extraConfig = mkOption { - type = attrs; - default = { }; - }; - locations = mkOption { - type = attrs; - default = { }; - }; - }; - }); - }; - proxies = mkOption { - default = [ ]; - type = listOf (submodule { - options = { - source = mkStrOption ""; - target = mkStrOption ""; - extraConfig = mkOption { - type = attrs; - default = { }; - }; - locations = mkOption { - type = attrs; - default = { }; - }; - }; - }); - }; - }; - }; - config = mkMerge [ - (mkIf cfg.enableSSL { - sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml"; - security.acme = { - acceptTerms = true; - defaults = { - inherit email; - dnsProvider = "cloudflare"; - credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path; - }; - certs = { - "rrv.sh".extraDomainNames = singleton "*.rrv.sh"; - "bwfiq.com".extraDomainNames = singleton "*.bwfiq.com"; - "slayment.com".extraDomainNames = singleton "*.slayment.com"; - "aenyrathia.wiki".extraDomainNames = singleton "*.aenyrathia.wiki"; - }; - }; - }) - (mkIf cfg.nginx.enable { - networking.firewall.allowedTCPPorts = mkIf cfg.nginx.openFirewall [ - 443 - 80 - ]; - users.users.nginx.extraGroups = singleton "acme"; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - virtualHosts = mkMerge [ - (mkIf cfg.nginx.enableDefaultSink { - "_" = { - default = true; - rejectSSL = sslCheck true false; - locations."/" = { - return = "444"; - }; - }; - }) - (listToAttrs ( - map (page: { - name = page.domain; - value = { - addSSL = sslCheck true false; - useACMEHost = sslCheck (mkRootDomain page.domain) null; - acmeRoot = null; # needed for DNS validation - locations = { - "/" = { - inherit (page) root; - } // page.extraConfig; - } // page.locations; - }; - }) cfg.nginx.pages - )) - (listToAttrs ( - map (proxy: { - name = proxy.source; - value = { - addSSL = sslCheck true false; - useACMEHost = sslCheck (mkRootDomain proxy.source) null; - acmeRoot = null; # needed for DNS validation - locations = { - "/" = { - proxyPass = proxy.target; - } // proxy.extraConfig; - } // proxy.locations; - }; - }) cfg.nginx.proxies - )) - ]; - }; - }) - ]; - }; -} diff --git a/nix/modules/system/homebrew.nix b/nix/modules/system/homebrew.nix deleted file mode 100644 index 312a26b..0000000 --- a/nix/modules/system/homebrew.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: -let - inherit (config.manifest) admin; -in -{ - flake.modules.darwin.graphical.homebrew = { - enable = true; - user = admin.username; - onActivation.cleanup = "uninstall"; - }; -} diff --git a/nix/modules/system/persist.nix b/nix/modules/system/persist.nix deleted file mode 100644 index 917440b..0000000 --- a/nix/modules/system/persist.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -let - inherit (lib.modules) mkIf; - inherit (lib.options) mkOption; - inherit (config.flake.lib.options) mkStrOption; - inherit (lib.types) - listOf - str - coercedTo - submodule - ; - permOpts = { - user = mkStrOption "root"; - group = mkStrOption "root"; - mode = mkStrOption "0755"; - }; - mkOpts = - type: opts: - mkOption { - default = [ ]; - type = listOf ( - coercedTo str (d: { ${type} = d; }) (submodule { - options = { - ${type} = mkStrOption ""; - } // opts; - }) - ); - }; -in -{ - flake.modules.nixos.default = - { config, ... }: - { - imports = [ inputs.impermanence.nixosModules.impermanence ]; - options.persistDirs = mkOpts "directory" permOpts; - options.persistFiles = mkOpts "file" { parentDirectory = permOpts; }; - config = { - programs.fuse.userAllowOther = true; - fileSystems."/persist".neededForBoot = true; - environment.persistence."/persist" = { - hideMounts = true; - directories = config.persistDirs; - files = config.persistFiles; - }; - }; - }; - flake.modules.homeManager.default = - { config, pkgs, ... }: - { - imports = [ inputs.impermanence.homeManagerModules.impermanence ]; - options.persistDirs = mkOpts "directory" { }; - options.persistFiles = mkOpts "file" { }; - config = mkIf (pkgs.system == "x86_64-linux") { - home.persistence."/persist${config.home.homeDirectory}" = { - allowOther = true; - directories = config.persistDirs; - files = config.persistFiles; - }; - }; - }; -} diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix deleted file mode 100644 index e71989d..0000000 --- a/nix/modules/system/secrets.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -let - cfg = config.flake; - inherit (cfg.paths) secrets; - inherit (builtins) readFile; - inherit (lib.meta) getExe; - inherit (lib.strings) trim; - inherit (config.manifest.admin) username pubkey; -in -{ - flake.modules = { - nixos.default = - { config, ... }: - { - imports = [ inputs.sops-nix.nixosModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ - "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" - ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; - }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; - }; - }; - darwin.default = - { config, ... }: - { - imports = [ inputs.sops-nix.darwinModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; - }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; - }; - }; - homeManager.default.persistDirs = [ ".config/sops/age" ]; - }; - perSystem = - { pkgs, ... }: - { - files.files = [ - { - path_ = ".sops.yaml"; - drv = - pkgs.writeText ".sops.yaml" # yaml - '' - keys: - - &${username} ${trim ( - readFile "${ - pkgs.runCommand "" { } '' - mkdir $out; echo ${pubkey} | ${getExe pkgs.ssh-to-age} > $out/agepubkey - '' - }/agepubkey" - )} - creation_rules: - - path_regex: \.(yaml)$ - key_groups: - - age: - - *${username} - ''; - } - ]; - }; -} diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix deleted file mode 100644 index fa7724c..0000000 --- a/nix/modules/system/sudo.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -let - inherit (config.manifest) admin; -in -{ - flake.modules.nixos.default = { - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; - users.users.${admin.username}.extraGroups = [ "wheel" ]; - }; - flake.modules.darwin.default.security = { - sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; - pam.services.sudo_local = { - enable = true; - reattach = true; - touchIdAuth = true; - }; - }; -} diff --git a/nix/modules/system/system.nix b/nix/modules/system/system.nix deleted file mode 100644 index cee1df3..0000000 --- a/nix/modules/system/system.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - flake.modules = { - nixos.default = { - persistFiles = [ "/etc/machine-id" ]; - persistDirs = [ "/var/lib/systemd" ]; - time.timeZone = "Asia/Singapore"; - i18n.defaultLocale = "en_US.UTF-8"; - system.stateVersion = "25.11"; - }; - homeManager.default.home.stateVersion = "25.11"; - darwin.default = - { self, ... }: - { - system.configurationRevision = self.rev or self.dirtyRev or null; - system.stateVersion = 6; - }; - }; -} diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix deleted file mode 100644 index dc80b0b..0000000 --- a/nix/modules/system/users.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.flake; - inherit (config.manifest) users admin; - inherit (cfg.lib.modules) userListToAttrs forAllUsers'; - inherit (lib.lists) findFirstIndex; - inherit (builtins) attrNames; -in -{ - flake.modules.nixos.default = - { config, ... }: - { - persistDirs = [ "/var/lib/nixos" ]; - users = { - mutableUsers = false; - groups.users.gid = 100; - users = forAllUsers' ( - name: _: { - isNormalUser = true; - hashedPasswordFile = config.sops.secrets."${name}/hashedPassword".path; - } - ); - }; - sops.secrets = userListToAttrs (name: { - "${name}/hashedPassword" = { - neededForUsers = true; - sopsFile = cfg.paths.secrets + "/users.yaml"; - }; - }); - home-manager.users = forAllUsers' ( - name: _: { - home.username = name; - home.homeDirectory = config.users.users.${name}.home; - } - ); - }; - flake.modules.darwin.default = - { config, ... }: - { - system.primaryUser = admin.username; - users.knownUsers = attrNames users; - users.users = forAllUsers' ( - name: _: { - home = "/Users/${name}"; - uid = 501 + (findFirstIndex (x: x == name) null (attrNames users)); - } - ); - home-manager.users = forAllUsers' ( - name: _: { - home.username = name; - home.homeDirectory = config.users.users.${name}.home; - } - ); - }; -} diff --git a/nix/modules/unfree-packages.nix b/nix/modules/unfree-packages.nix deleted file mode 100644 index d444024..0000000 --- a/nix/modules/unfree-packages.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) elem; - inherit (lib.options) mkOption; - inherit (lib.strings) getName; - inherit (lib.types) listOf str; - predicate = pkg: elem (getName pkg) config.allowedUnfreePackages; -in -{ - options.allowedUnfreePackages = mkOption { - type = listOf str; - default = [ ]; - }; - config.flake.modules = { - nixos.default.nixpkgs.config.allowUnfreePredicate = predicate; - darwin.default.nixpkgs.config.allowUnfreePredicate = predicate; - }; -} diff --git a/packages/rebuild/default.nix b/packages/rebuild/default.nix new file mode 100644 index 0000000..25071fa --- /dev/null +++ b/packages/rebuild/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +pkgs.writeShellScriptBin "rebuild" # sh + '' + if [ ! -f "flake.nix" ]; then + echo "flake.nix not found in current directory. exiting..." + exit 1 + fi + + git add . && \ + nixos-rebuild switch --flake . --use-remote-sudo && \ + echo "=== opening test shell. ===" && \ + echo "=== exit = commit ===" && \ + echo "=== exit 1 = abort ===" && \ + $SHELL && \ + git commit -a + '' diff --git a/secrets/keys.yaml b/secrets/keys.yaml deleted file mode 100644 index 93a7ff8..0000000 --- a/secrets/keys.yaml +++ /dev/null @@ -1,19 +0,0 @@ -keys: - cloudflare: ENC[AES256_GCM,data:p2IISOuU/ShoifW5OFY/6Bi6PI0iIiQoBfnV512f2z84U9QS/KEhzA==,iv:5AkwtNAK8mD2DbvXCtTeNeIrpF/GIsSyOYxy8G4Jsqo=,tag:u2xJcRBR5WTMWdzupx4tbQ==,type:str] - gemini: ENC[AES256_GCM,data:GwXVBsQdLesgP6PUZJRrLO5u6jd6XYFv9vjNTsojOwaWlxkDeRos,iv:w6Uz6j/MfpgQdIRYqJCneWqTsA+JEsB/T3cySVY2k3c=,tag:JY+LDar1UzC6qLKLichKnQ==,type:str] - openrouter: ENC[AES256_GCM,data:kRr/f/qlso/SGyZa7J2zeQqbWDZnBoBsUvCEFbWuXpS8ah0qKDANfmX5NsJy3ehjXYOljbHl9WOxQcyriMTE8cyZodp9QySMEQ==,iv:NkWa/Q0AncaDQFo+SZEd3qKDddCxsLPgTi3bYb3SbhQ=,tag:HPTr27cxIV5mx432UMTfXQ==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcTdPWURrK2w1QUZubVZo - VUMrcFFQU0UxdDU3OG9PdEUxcGs2bzZNcmg0Cm03cUlPZkRMK0ZXOTllV3BtZWFp - QXBPRWtOd0xjZC9BdGdmWnVoVGpHR1UKLS0tIEpaVXlSNkhpMVZnTFZWTFVEWTgv - T3VyZXZnaGZaMVBnVko2Tlc2S3FpdDQKRiHCOtkHKugfquQfYkk4o9SMtZlo1CqZ - 3i9+9Z516KS1+ERTklBUzZDBRZISY0c2nluO+tn71wnKAMIxetKryQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-08T20:53:06Z" - mac: ENC[AES256_GCM,data:hcY1uSNp1E6LrQDpEgK8MABDijc0NQg89iEH1duq8rXFlOFG8BWrEDTasoUX3mH8RPBu5DF9YJHv216w1v2RdVz5w32e4GlcpuA8NUjNxBx38cx/GCp9bx0wEapVVf4Er+a8OmCmbp0MUhKvV3Xy5xs/ZlNJ7KppRXX9hZvzW84=,iv:7SirDOpe3ds23+XKQXe7CKnzb4yhQQWhvcARFnL0qRU=,tag:75tXPKJHfrMKYiM+XUI98Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/librechat.yaml b/secrets/librechat.yaml deleted file mode 100644 index d6668cd..0000000 --- a/secrets/librechat.yaml +++ /dev/null @@ -1,20 +0,0 @@ -librechat: - creds_key: ENC[AES256_GCM,data:sELKgqif9ec6VV0Q9OVk8IbUAI5noPtUB1b1WrPvxjDzJODd9YoJHWiH+N0vwORje5LiuzqZ/0Kn/UMdPfy3qw==,iv:SFFW+P0vxy4s6TkaAyCNLLXLIBrdi8oMkm7Q/Vec/yk=,tag:ZNC0vMdyh+S204Qr0itvnw==,type:str] - creds_iv: ENC[AES256_GCM,data:h8RHcW7zt8CnKrYDGxlN/H9Wim4KpLaiFl2E2AK+YJY=,iv:xRctbyBFprN6Y1Lvk08EpzZNXa0owYCph+wqcOAR/Gw=,tag:ZdA0ibjyH1Y6DAd23mfJRQ==,type:str] - jwt_secret: ENC[AES256_GCM,data:mXMi0EenuU1EIZWUyLE3wkVTouJk2QPXIKV38sfwbKfjdc28GgdsaWtunaSpD4uYBrWCv1rXq5qj18ohlAKs/g==,iv:ZWZWgYzVQh+kRN4+EEBFdWc4aWGq5IDtlEVde9mzS7I=,tag:BmWQN9yI92RHJMy/pt8rRg==,type:str] - jwt_refresh_secret: ENC[AES256_GCM,data:iw+/E0wb2Ih1iQOaCCXBN5tj98Z2CdpaJMYOiuoTanjW7bvJXGfVObXKTBTtRs1P4TzCc4qK7mes5Sa6oajBpg==,iv:3mr3PYAjJ3bncATgfSwEyrIM2YioSfSu38NUfDmk6zs=,tag:RIYJ1YBaQVpwAmlo3CKg2Q==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcko2MmowTkpKaDJTdjZE - NVdzbklXZngxaHhrbkhGTXlCNDkzNml4dnlZCjRWOFZCSWRKenZzN0dhYXplVzh0 - OVdaUnRkS2dIYklFS2dwUXVxaElxNkkKLS0tICtxZDV0a2hIaUM2NFBwOGwxcklz - YWJyU0VKRXFxT29TSjR1KzE0ZHJGQncKrX5Sujd617WgFDYA5r63K4ZwoJpP9m8M - xexbGVHAeSyWNjOG7x5A9gYC1/dG3NY2l5xoITn0NKi68ZEfGD/J3w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-08T19:37:50Z" - mac: ENC[AES256_GCM,data:LBkUPMR8D8+IVUugWzK4a51d0lkGJqnG5D9EkHC4aGXcuSpxpxkbUDXWsqK3u1FxxfCnR87ZhD+UGd3OV6Wvsl9/v968eC/3jxuZALnOgUGcTyUayo8qLq1J6HEFUDoUoH2tk/SF0Cn2r34fkcUd1NtRdQX+C0Zsc8Tk0zIRA8U=,iv:aUvg409sogxRBgYzNECW5eH7GsSAsYY9AHWmL0UD6PA=,tag:0pMoXeuF6DLCyIdDVsPmGA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..ea6faa0 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,19 @@ +rafiq: + hashedPassword: ENC[AES256_GCM,data:SzzSPg5Ze4H+fVl6ZvAULO9FDfRehusmP6uldT4Ok2/9ZeOp9r4LgjKajoiw2A1DWD1zQ1GQwMCHKpeZjCC4rBUNWW5DMcBUJA==,iv:KktKuqr0JNhjeJIlIgkoAv6mP2dQlfQrXiIOASLPkbw=,tag:g9LarkT6EjDrH+dXSjMwPg==,type:str] +keys: + tailscale: ENC[AES256_GCM,data:sW64TZY/GtWD+8KOQDHYvnwzWiqOlsJ5782utaxVwUaiWa18hU+Ppd3gp/8f0R3rK6gskaPC22iuCuzvuA==,iv:TN2zWKgU6eXH3uaL7Ci2JKmo8Ql4DUSWS3Lxfnag7j4=,tag:s5of4wLdCp6b5VMGWLLxvw==,type:str] +sops: + age: + - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUDN6TFlTVHdlWCsrWkFn + R1g5UjVLVk1NQzJRRE9NbDZlRVVJUjVvbmlnCk93NFhSRS9vbDUzNVd6Q3RuTEtZ + cFZvY0JML2tDSUZIbkcyVWVWWVFMY0UKLS0tIDlCbmxhUThUaHRGNkgySEp2QTB1 + WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY + M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-18T15:07:27Z" + mac: ENC[AES256_GCM,data:u7oh4aDdtD++beaPPaTVA+jlgSl5UFr8NRYUtuaASd2hxSK+dNOmtirKYZEh5Bp2kfrcGrPIMqYHr4TIOZNkkUsQtGwSrDbkc4TqaulaXveoYQXag4x5ZNYxWlazjTrtSYKA60CARlq8/2CLH/QNSBC6wqRIhR9Yj5mjAj51DW8=,iv:xX/GQpMPKIhMzA02PX6fV2WD6NO4c9FHxkXlzP9PwWM=,tag:lWJXNgxgsXDHjgnNMt/EDw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/tailscale.yaml b/secrets/tailscale.yaml deleted file mode 100644 index 0913120..0000000 --- a/secrets/tailscale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tailscale: - client-secret: ENC[AES256_GCM,data:qAJUDTHxnzhgUtpe/DaH8Vv72jy/DWU/1UKzp2Pg/GtayClZXGFz00bCNKmZJCE7NYHERgr2Ssnhpz90eRCjKg==,iv:aWp2lvIFpUH6OMTkD8V1HNMyxUPxiVA+Il4NvlVKjOA=,tag:OzkdsOKerKiSHzHSkScIQA==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZytHNnlKcWFPVVNpTkxX - cFgxRjFDdWJkMzB2NUk1N2VLSWx3cVpvY20wCkdHbjZ4ZUlHTWp1QUFJVGxaV2cx - K0NlaFdnYlEvektieDJJVkY2cEtmL1UKLS0tIDFHQlM4OEIzaGVvUThCbUJZNTU3 - ZGNJd3NvSCsrdDNFb0VuMDJOU09DVEEKrDnezqYWRuEyS6/WRWq0jMfv4DQ3TS1L - Zic6TBIA3qNEjUlqXKRfq//H3vDRz4dzZCqbbh+5+FXDGBIVLL2DaA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T11:12:16Z" - mac: ENC[AES256_GCM,data:rOuEqjHByaGaYredcMFGds+pB1rIgh0qu245Vt2gVGjjqOJtfEYcuvziVKgvV5yvBVhizcjeFIzCFdQ2KpflvwOLjiOZ594UaZChPGtO5hDc1VY/Gz86t8x6DYuHjWu4S1XOrBWgv2ebD0iBgbjuRNgBEhkWfVS2/7hn1PtqGD0=,iv:ZQ0b7pHG3NM2mwQdSVoGr4WsluIrp+/YUQi6KoMneC0=,tag:5E5bNxdRPQpTRVrQ+qoxfQ==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/users.yaml b/secrets/users.yaml deleted file mode 100644 index 76fe7e0..0000000 --- a/secrets/users.yaml +++ /dev/null @@ -1,18 +0,0 @@ -rafiq: - password: ENC[AES256_GCM,data:8KAfatz+YSaNozd5VGo=,iv:LNRxt47iBKSWzMZuBHSxv/qDZ2h6JiTIPps7OK/o7uU=,tag:oiSfLyRVswb/wxSTE69QMA==,type:str] - hashedPassword: ENC[AES256_GCM,data:NogYQ3kR1TseC79HIXARrXhIncCnvxzf9zMF2QrUyTmojTffPXRGtMdjNpfMEFj5dkKfZujBL/QTIpPFFTm1py7Dreg5/9VSKQ==,iv:IwfZsrsJbLYG1ELte6aBHUtff6hIQu9rHT5tSvILIGQ=,tag:oav3paDcUY+cl4FJlZa90A==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVd09tYkhKUkVjNTBRdld6 - a1RkUnZqdnRqMlFTSGgwUFVCZlRhL0tLTnpVCjNXVjZldzNUOE9DQ0ZGejhWakY2 - TmRIZnpobE0ydDhNSDdJQUp2U3pSTzgKLS0tIDkxU3Fxa2lMUkhZY0g1Wm02T2ZE - UkQwOWZtVXVPSGJiRk1qRHVHYkN2cDgKLiYiA0q5se/oHfGRqvHLn3gRRDfmefEZ - z2U2N1Tjt0QgCfYOOXVfPV9F36a7PpabFva5ElSazawHgvI+Bot6og== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T08:56:26Z" - mac: ENC[AES256_GCM,data:2uGjIMxRgk7uWToQC4MrHpHFAt4bI7sEhaHvPU6Ae3bvRVH/TdJxZtikSPe95LEwReOuBmPajbcM580/d3Jt6VbA7nZzj1JduVscrRkSAFCzZp9Ti/mbOGITPJa6xWSGwVF1wSN3BnHXYIHDcKeSGtUdP7L7nBZr1KXPkok4NCo=,iv:+ELIes7lzb8M6CvOemAcyoq7Rx7L6NkNmHwntJN/RSc=,tag:ubyxO6VllH9cQK3VbvxiGg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/systems/x86_64-linux/nemesis/default.nix b/systems/x86_64-linux/nemesis/default.nix new file mode 100644 index 0000000..37a6f46 --- /dev/null +++ b/systems/x86_64-linux/nemesis/default.nix @@ -0,0 +1,43 @@ +{ + lib, + ... +}: +{ + system.hostname = "nemesis"; + system.mainUser.name = "rafiq"; + system.mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; + system.bootloader = "systemd-boot"; + hardware.drives.btrfs = { + enable = true; + drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; + ephemeralRoot = true; + }; + hardware.platform = "amd"; + hardware.gpu = "nvidia"; + + desktop.windowManager = "hyprland"; + desktop.mainMonitor = { + id = "desc:OOO AN-270W04K"; + scale = "1"; + resolution = "2560x1440"; + refresh-rate = "144"; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/var/lib/systemd" + ]; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/machine-id" + ]; + }; + +}