diff --git a/.gitignore b/.gitignore index 87a3018..de901db 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -result -*.qcow2 +# gitignore +.pre-commit-config.* \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml index d65f997..835dd06 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &admin age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + - &rafiq age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + - path_regex: \.(yaml)$ key_groups: - age: - - *admin + - *rafiq diff --git a/README.md b/README.md deleted file mode 100644 index d18bf6c..0000000 --- a/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# Planning - -## To-do - -- [ ] Implement an status bar for the desktop configuration -- [ ] Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation - -## Versions - -- 1.0.0 - - Replicate old zagreus wholly - - Automated backups for home and state directories - - Ability to build VMs of all systems and implement integration tests - - Staging VMs for ad-hoc testing - - All servers set up with following services: - - Git server - - Chat app - - Network shares - - Federation with ActivityPub - - Wakapi -- 0.2.0 - - Provision Apollo - - Fix all NVF errors - -# Modules - -The nixosModules and homeModules exposed by this flake are slightly out of the -norm. - -Option declarations for user specific configuration are kept to: - -- homeModules for CLI -- nixosModules for desktop - -System configurations, to this end, should include the window manager, -lockscreen, terminal etc. for that system. - -These desktop programs will be **configured** in home-manager for each user, but -those configurations consult the osConfig variable passed in by home-manager. - -# System Setup - -The following files are **required** for system activation: - -- /persist/home/${mainUser}/.ssh/id_ed25519 - -This private key will be used by sops-nix to decrypt the secrets in -[[secrets/secrets.yaml]]. The secrets inside the yaml file should also be set, -or otherwise removed alongside their declarations (in -[[modules/nixos/system/secrets.nix]]) and references. - -# Impermanence - -System and user state is stored under /persist. Anything not declared under -`{environment,home}.persistence` is deleted on system boot. diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 0000000..ff57ce6 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,29 @@ +# Pantheon +This flake serves as a monorepo for my systems (using IaC), dotfiles, and scripts. +It's hosted at https://git.rrv.sh/rrvsh/pantheon, and mirrored to https://github.com/rrvsh/pantheon. + +## Structure +The system configurations are defined in [`flake.manifest`](nix/manifest.nix). +`flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey. +`flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. +`flake.modules.nixos.*` provide NixOS options and configurations. +The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. +You can use it as seen [here](nix/modules/flake/home-manager.nix): + +```nix +flake.modules.nixos.default.imports = [ inputs.home-manager.nixosModules.default ]; +``` + +The other attributes under `flake.modules.nixos` should be opt-in, i.e. provide options that will be set in the profiles. +`flake.profiles.nixos` provides profiles which use the options defined in `flake.modules.nixos` to define different roles for each system, such as graphical, laptop, headless, etc. +Options should not be defined here. +`flake.contracts.nixos.*` will provide contracts, such as reverse proxies or databases, which will configure options on the provider and receiver host. + +## Acknowledgements +Thanks to the following for inspiring this configuration. I highly recommend you look through their writings and configurations. +- [ornicar](https://github.com/ornicar/dotfiles) which is where I first heard of NixOS +- [No Boilerplate](https://www.youtube.com/watch?v=CwfKlX3rA6E&pp=0gcJCfwAo7VqN5tD) for making me finally try the OS +- [ryan4yin](https://nixos-and-flakes.thiscute.world/) for being an amazing introduction to NixOS, home-manager, and flakes +- [NotAShelf](https://github.com/NotAShelf/) for their blog and for the wonderful [NVF](https://github.com/notashelf/nvf) +- [mightyiam](https://github.com/mightyiam/infra) for their infrastructure repo using flake-parts +- [drupol](https://not-a-number.io/2025/refactoring-my-infrastructure-as-code-configurations/) for this blog post which convinced me to rebase my infra to use flake-parts diff --git a/docs/cheatsheet.md b/docs/cheatsheet.md new file mode 100644 index 0000000..4f76757 --- /dev/null +++ b/docs/cheatsheet.md @@ -0,0 +1,2 @@ +# cheatsheet +`__curPos.file` will give the full evaluated path of the nix file it is called in. See [this issue](https://github.com/NixOS/nix/issues/5897#issuecomment-1012165198) for more information. \ No newline at end of file diff --git a/flake.lock b/flake.lock index 973f7f6..9d72b1b 100644 --- a/flake.lock +++ b/flake.lock @@ -67,58 +67,7 @@ "type": "github" } }, - "crane": { - "locked": { - "lastModified": 1748047550, - "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "b718a78696060df6280196a6f992d04c87a16aef", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", - "owner": "nix-community", - "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "firefox-gnome-theme": { - "flake": false, - "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, - "flake-compat": { + "dedupe_flake-compat": { "locked": { "lastModified": 1747046372, "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", @@ -133,25 +82,7 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { + "dedupe_flake-utils": { "inputs": { "systems": [ "systems" @@ -171,23 +102,109 @@ "type": "github" } }, - "flake-utils-plus": { + "dedupe_gitignore": { "inputs": { - "flake-utils": [ - "flake-utils" + "nixpkgs": [ + "nixpkgs" ] }, "locked": { - "lastModified": 1738591040, - "narHash": "sha256-4WNeriUToshQ/L5J+dTSWC5OJIwT39SEP7V7oylndi8=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "afcb15b845e74ac5e998358709b2b5fe42a948d1", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "dedupe_mnw": { + "locked": { + "lastModified": 1748710831, + "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", + "owner": "gerg-l", + "repo": "mnw", + "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", + "type": "github" + }, + "original": { + "owner": "gerg-l", + "repo": "mnw", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", + "owner": "nix-community", + "repo": "disko", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "files": { + "locked": { + "lastModified": 1750263550, + "narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=", + "owner": "mightyiam", + "repo": "files", + "rev": "5f4ef1fd1f9012354a9748be093e277675d10f07", + "type": "github" + }, + "original": { + "owner": "mightyiam", + "repo": "files", + "type": "github" + } + }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, @@ -210,21 +227,21 @@ "git-hooks": { "inputs": { "flake-compat": [ - "stylix", - "flake-compat" + "dedupe_flake-compat" + ], + "gitignore": [ + "dedupe_gitignore" ], - "gitignore": "gitignore", "nixpkgs": [ - "stylix", "nixpkgs" ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -233,41 +250,19 @@ "type": "github" } }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "stylix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gnome-shell": { "flake": false, "locked": { - "lastModified": 1744584021, - "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", "type": "github" }, "original": { "owner": "GNOME", - "ref": "48.1", + "ref": "48.2", "repo": "gnome-shell", "type": "github" } @@ -279,11 +274,11 @@ ] }, "locked": { - "lastModified": 1748830238, - "narHash": "sha256-EB+LzYHK0D5aqxZiYoPeoZoOzSAs8eqBDxm3R+6wMKU=", + "lastModified": 1751990210, + "narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=", "owner": "nix-community", "repo": "home-manager", - "rev": "c7fdb7e90bff1a51b79c1eed458fb39e6649a82a", + "rev": "218da00bfa73f2a61682417efe74549416c16ba6", "type": "github" }, "original": { @@ -307,44 +302,74 @@ "type": "github" } }, - "mnw": { + "import-tree": { "locked": { - "lastModified": 1748710831, - "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", - "owner": "Gerg-L", - "repo": "mnw", - "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", + "lastModified": 1751399845, + "narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=", + "owner": "vic", + "repo": "import-tree", + "rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea", "type": "github" }, "original": { - "owner": "Gerg-L", - "repo": "mnw", + "owner": "vic", + "repo": "import-tree", "type": "github" } }, - "nil": { + "make-shell": { "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" + "flake-compat": [ + "dedupe_flake-compat" ] }, "locked": { - "lastModified": 1741118843, - "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", - "owner": "oxalica", - "repo": "nil", - "rev": "577d160da311cc7f5042038456a0713e9863d09e", + "lastModified": 1733933815, + "narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=", + "owner": "nicknovitski", + "repo": "make-shell", + "rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "nil", + "owner": "nicknovitski", + "repo": "make-shell", + "type": "github" + } + }, + "manifest": { + "locked": { + "lastModified": 1752588656, + "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=", + "owner": "rrvsh", + "repo": "manifest", + "rev": "365902fba994f30469298dee0c98a5fc0f41ec38", + "type": "github" + }, + "original": { + "owner": "rrvsh", + "repo": "manifest", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "ref": "master", + "repo": "nix-darwin", "type": "github" } }, @@ -355,11 +380,11 @@ ] }, "locked": { - "lastModified": 1748751003, - "narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=", + "lastModified": 1751774635, + "narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2860bee699248d828c2ed9097a1cd82c2f991b43", + "rev": "85686025ba6d18df31cc651a91d5adef63378978", "type": "github" }, "original": { @@ -370,11 +395,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { @@ -384,41 +409,6 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixspect": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747725629, - "narHash": "sha256-jEdIW5+SMfX6jVvx/MkMbpXLX9S2b+zsayIC1YJNAaY=", - "owner": "rrvsh", - "repo": "nixspect", - "rev": "28deacc6adeaef69f45af5c8139961a774e1600b", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "repo": "nixspect", - "type": "github" - } - }, "nur": { "inputs": { "flake-parts": [ @@ -426,15 +416,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1748864791, - "narHash": "sha256-YRRRbOEc8aXpzSvN3qdIkqtVQ9xjx9rgichtaSQ0qwY=", + "lastModified": 1752005241, + "narHash": "sha256-+7DH6wh2BYnLRJzYXEbVlA1ZuAR4MxZI/paknbAuzk4=", "owner": "nix-community", "repo": "NUR", - "rev": "4ee0c2599266fb26e6ac3cb71836e96f25df446e", + "rev": "a2570fb4d0699fd34ebbbd52e2a763722601f6c6", "type": "github" }, "original": { @@ -449,13 +438,10 @@ "flake-parts" ], "flake-utils": [ - "flake-utils" + "dedupe_flake-utils" ], "mnw": [ - "mnw" - ], - "nil": [ - "nil" + "dedupe_mnw" ], "nixpkgs": [ "nixpkgs" @@ -465,11 +451,11 @@ ] }, "locked": { - "lastModified": 1748651104, - "narHash": "sha256-GZLiCQlNV8QfAWwGinXeSdiKZS346ZGPv6EKzeY0tAA=", + "lastModified": 1752001027, + "narHash": "sha256-JgP8lW4QBr9v/U4ETaIOMvGCd/DAA1AjZ1lqjIwfWno=", "owner": "notashelf", "repo": "nvf", - "rev": "c4cf91d4b531245a02f5b6c196f6279bc87a546f", + "rev": "c4d80273aaefeadaad96db97d077c647942b0e96", "type": "github" }, "original": { @@ -481,18 +467,20 @@ "python-flexseal": { "inputs": { "flake-utils": [ + "stable-diffusion-webui-nix", "flake-utils" ], "nixpkgs": [ + "stable-diffusion-webui-nix", "nixpkgs" ] }, "locked": { - "lastModified": 1734836319, - "narHash": "sha256-h/Jiq852WJyyAL037sIxjPDScjeH8sUoZVZBWlciXaw=", + "lastModified": 1751898758, + "narHash": "sha256-8EmTPdfOymvvHhmHYWiyO3cwZ4gtLo5uBFm3CU5vySo=", "owner": "Janrupf", "repo": "python-flexseal", - "rev": "fdd313f7b9a5c9545c015acaf0729b01f708118a", + "rev": "af318e1fd047abbefcc68d0292a4d902179c95fe", "type": "github" }, "original": { @@ -503,39 +491,60 @@ }, "root": { "inputs": { - "crane": "crane", + "dedupe_flake-compat": "dedupe_flake-compat", + "dedupe_flake-utils": "dedupe_flake-utils", + "dedupe_gitignore": "dedupe_gitignore", + "dedupe_mnw": "dedupe_mnw", "disko": "disko", - "flake-compat": "flake-compat", + "files": "files", "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "flake-utils-plus": "flake-utils-plus", + "git-hooks": "git-hooks", "home-manager": "home-manager", "impermanence": "impermanence", - "mnw": "mnw", - "nil": "nil", + "import-tree": "import-tree", + "make-shell": "make-shell", + "manifest": "manifest", + "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", - "nixspect": "nixspect", "nur": "nur", "nvf": "nvf", - "python-flexseal": "python-flexseal", + "rrv-sh": "rrv-sh", "rrvsh-nixpkgs": "rrvsh-nixpkgs", - "rust-overlay": "rust-overlay", - "snowfall-lib": "snowfall-lib", "sops-nix": "sops-nix", "stable-diffusion-webui-nix": "stable-diffusion-webui-nix", "stylix": "stylix", "systems": "systems", - "zjstatus": "zjstatus" + "text": "text" + } + }, + "rrv-sh": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751721838, + "narHash": "sha256-702c0fbgpUuEuQsduGJ9I5bSrCLYEG88SPuZXcSQqTs=", + "owner": "rrvsh", + "repo": "rrv.sh", + "rev": "e00c1c2607b55f43ef74b5f555f62838f4fe5963", + "type": "github" + }, + "original": { + "owner": "rrvsh", + "repo": "rrv.sh", + "type": "github" } }, "rrvsh-nixpkgs": { "locked": { - "lastModified": 1748869769, - "narHash": "sha256-2L9Bcj3kIt3n9NkCms6u66j8GsN7j22YnjaX+er3AtY=", + "lastModified": 1750146550, + "narHash": "sha256-vFNbONVWIdYBqlKZoJScDRjnQ/euDmVqgCL2ebnsu7U=", "owner": "rrvsh", "repo": "nixpkgs", - "rev": "32aae0a2767f3b18b115a0f1f2edfe524305b864", + "rev": "d7fa95990fd890bbd17ca8361f5d4e4935512c75", "type": "github" }, "original": { @@ -545,52 +554,6 @@ "type": "github" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748832016, - "narHash": "sha256-TQSaFa1wWJr6GOs+K8lecK4AKKr8k6mwxHIPCOmVkgs=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "7ec2ea005b600dac9436a7c5c6b66d960cbfcea2", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "snowfall-lib": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "flake-utils-plus": [ - "flake-utils-plus" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736130495, - "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", - "owner": "snowfallorg", - "repo": "lib", - "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", - "type": "github" - }, - "original": { - "owner": "snowfallorg", - "repo": "lib", - "type": "github" - } - }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -598,11 +561,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { @@ -614,26 +577,23 @@ "stable-diffusion-webui-nix": { "inputs": { "flake-utils": [ - "flake-utils" + "dedupe_flake-utils" ], "nixpkgs": [ "nixpkgs" ], - "python-flexseal": [ - "python-flexseal" - ] + "python-flexseal": "python-flexseal" }, "locked": { - "lastModified": 1748219198, - "narHash": "sha256-RRDI12SLfm9lP7tq4vUr/c/TRj0+mgRjAThdnwTJgIE=", - "owner": "Janrupf", + "lastModified": 1751899247, + "narHash": "sha256-bh6xwc24Rv0YE4grKXvj+kmXmydns+OrlWn4WLnJSY4=", + "owner": "janrupf", "repo": "stable-diffusion-webui-nix", - "rev": "381e5de206d4962d94a8ebc97d6dc04395928e0c", + "rev": "d5ba5dccd190b0ded17f9c4a23dc7665c6dc2eae", "type": "github" }, "original": { - "owner": "Janrupf", - "ref": "main", + "owner": "janrupf", "repo": "stable-diffusion-webui-nix", "type": "github" } @@ -645,17 +605,10 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": [ - "flake-compat" - ], "flake-parts": [ "flake-parts" ], - "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "home-manager": [ - "home-manager" - ], "nixpkgs": [ "nixpkgs" ], @@ -672,11 +625,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1748803004, - "narHash": "sha256-dLGywKYxge3rzD6AqtVP0UmMHONdQNCWXj6i0lfm/UM=", + "lastModified": 1751995939, + "narHash": "sha256-C5CSTv+b8XSbqJwqTP8SGkZEK3YCCJnmvRbg209ql5w=", "owner": "nix-community", "repo": "stylix", - "rev": "5f841056ca60bea7312aeade957da084cd95b26e", + "rev": "8f3259dbc57c8ee871492fde80f77468826bbd63", "type": "github" }, "original": { @@ -700,6 +653,21 @@ "type": "github" } }, + "text": { + "locked": { + "lastModified": 1751819711, + "narHash": "sha256-Emci++Hknzr2FEZRUbRDD7prI5JwwGsACO/GaU9Pmxg=", + "owner": "rrvsh", + "repo": "text.nix", + "rev": "00ba1e616ef3b761a52d5f7ac32892715cc4bcd1", + "type": "github" + }, + "original": { + "owner": "rrvsh", + "repo": "text.nix", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -780,56 +748,6 @@ "repo": "base16-zed", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "zjstatus": { - "inputs": { - "crane": [ - "crane" - ], - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1745230073, - "narHash": "sha256-OER99U7MiqQ47myvbsiljsax7OsK19NMds4NBM9XXLs=", - "owner": "dj95", - "repo": "zjstatus", - "rev": "a819e3bfe6bfef0438d811cdbb1bcfdc29912c62", - "type": "github" - }, - "original": { - "owner": "dj95", - "repo": "zjstatus", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b21d1b5..dcb6882 100644 --- a/flake.nix +++ b/flake.nix @@ -1,95 +1,134 @@ { - - inputs = { - rrvsh-nixpkgs.url = "github:rrvsh/nixpkgs/librechat-module"; - crane.url = "github:ipetkov/crane"; - disko.inputs.nixpkgs.follows = "nixpkgs"; - disko.url = "github:nix-community/disko"; - flake-compat.url = "github:edolstra/flake-compat"; - flake-parts.url = "github:hercules-ci/flake-parts"; - flake-utils-plus.inputs.flake-utils.follows = "flake-utils"; - flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; - flake-utils.inputs.systems.follows = "systems"; - flake-utils.url = "github:numtide/flake-utils"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager"; - impermanence.url = "github:nix-community/impermanence"; - mnw.url = "github:Gerg-L/mnw"; - nil.inputs.flake-utils.follows = "flake-utils"; - nil.inputs.nixpkgs.follows = "nixpkgs"; - nil.inputs.rust-overlay.follows = "rust-overlay"; - nil.url = "github:oxalica/nil"; - nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; - nix-index-database.url = "github:nix-community/nix-index-database"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixspect.inputs.nixpkgs.follows = "nixpkgs"; - nixspect.url = "github:rrvsh/nixspect"; - nur.inputs.flake-parts.follows = "flake-parts"; - nur.inputs.nixpkgs.follows = "nixpkgs"; - nur.url = "github:nix-community/NUR"; - nvf.inputs.flake-parts.follows = "flake-parts"; - nvf.inputs.flake-utils.follows = "flake-utils"; - nvf.inputs.mnw.follows = "mnw"; - nvf.inputs.nil.follows = "nil"; - nvf.inputs.nixpkgs.follows = "nixpkgs"; - nvf.inputs.systems.follows = "systems"; - nvf.url = "github:notashelf/nvf"; - python-flexseal.inputs.flake-utils.follows = "flake-utils"; - python-flexseal.inputs.nixpkgs.follows = "nixpkgs"; - python-flexseal.url = "github:Janrupf/python-flexseal"; - rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - rust-overlay.url = "github:oxalica/rust-overlay"; - snowfall-lib.inputs.flake-compat.follows = "flake-compat"; - snowfall-lib.inputs.flake-utils-plus.follows = "flake-utils-plus"; - snowfall-lib.inputs.nixpkgs.follows = "nixpkgs"; - snowfall-lib.url = "github:snowfallorg/lib"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - sops-nix.url = "github:Mic92/sops-nix"; - stable-diffusion-webui-nix.inputs.flake-utils.follows = "flake-utils"; - stable-diffusion-webui-nix.inputs.nixpkgs.follows = "nixpkgs"; - stable-diffusion-webui-nix.inputs.python-flexseal.follows = "python-flexseal"; - stable-diffusion-webui-nix.url = "github:Janrupf/stable-diffusion-webui-nix/main"; - stylix.inputs.flake-compat.follows = "flake-compat"; - stylix.inputs.flake-parts.follows = "flake-parts"; - stylix.inputs.nur.follows = "nur"; - stylix.inputs.home-manager.follows = "home-manager"; - stylix.inputs.nixpkgs.follows = "nixpkgs"; - stylix.inputs.systems.follows = "systems"; - stylix.url = "github:nix-community/stylix"; - systems.url = "github:nix-systems/default"; - zjstatus.inputs.crane.follows = "crane"; - zjstatus.inputs.flake-utils.follows = "flake-utils"; - zjstatus.inputs.nixpkgs.follows = "nixpkgs"; - zjstatus.inputs.rust-overlay.follows = "rust-overlay"; - zjstatus.url = "github:dj95/zjstatus"; - }; - outputs = - inputs: - inputs.snowfall-lib.mkFlake { - inherit inputs; - src = ./.; - snowfall.namespace = "pantheon"; - overlays = with inputs; [ - stable-diffusion-webui-nix.overlays.default - (_final: prev: { - zjstatus = zjstatus.packages.${prev.system}.default; - }) - ]; - systems.modules.nixos = with inputs; [ - disko.nixosModules.disko - impermanence.nixosModules.impermanence - sops-nix.nixosModules.sops - stylix.nixosModules.stylix - ]; - homes.modules = with inputs; [ - impermanence.homeManagerModules.impermanence - nix-index-database.hmModules.nix-index - nvf.homeManagerModules.default - ]; - outputs-builder = channels: { - formatter = channels.nixpkgs.nixfmt-rfc-style; + { self, ... }@inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs; } ( + (inputs.import-tree ./nix) + // { + systems = import inputs.systems; + flake = { + inherit self; + paths.root = ./.; + }; + } + ); + inputs = { + ### SYSTEM ### + + # systems provides a list of supported nix systems. + systems.url = "github:nix-systems/default"; + # nixos-unstable provides a binary cache for all packages. + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # My fork for random shit + rrvsh-nixpkgs.url = "github:rrvsh/nixpkgs/librechat-module"; + # home-manager manages our user packages and dotfiles + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # nix darwin provides declarative mac configuration + nix-darwin = { + url = "github:nix-darwin/nix-darwin/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # the nix user repository for mainly firefox extensions + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + # impermanence provides a nice abstraction over linking files from /persist + impermanence.url = "github:nix-community/impermanence"; + # flake-parts lets us define flake modules. + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + # disko provides declarative drive partitioning + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # sops-nix lets us version control secrets like passwords and api keys + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + stylix = { + url = "github:nix-community/stylix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-parts.follows = "flake-parts"; + systems.follows = "systems"; + nur.follows = "nur"; }; }; + ### FLAKE PARTS MODULES ### + + # import-tree imports all nix files in a given directory. + import-tree.url = "github:vic/import-tree"; + # files lets us write text files and automatically add checks for them + files.url = "github:mightyiam/files"; + # text.nix lets us easily define markdown text to pass to files + text.url = "github:rrvsh/text.nix"; + # manifest lets us define all hosts in one file + manifest.url = "github:rrvsh/manifest"; + # make-shells. creates devShells and checks + make-shell = { + url = "github:nicknovitski/make-shell"; + inputs.flake-compat.follows = "dedupe_flake-compat"; + }; + # git-hooks ensures nix flake check is ran before commits + git-hooks = { + url = "github:cachix/git-hooks.nix"; + inputs = { + flake-compat.follows = "dedupe_flake-compat"; + nixpkgs.follows = "nixpkgs"; + gitignore.follows = "dedupe_gitignore"; + }; + }; + + ### FLAKES ### + + # nix-index-database indexes the nixpkgs binaries for use with comma + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # nvf provides modules to wrap neovim + nvf = { + url = "github:notashelf/nvf"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-parts.follows = "flake-parts"; + systems.follows = "systems"; + flake-utils.follows = "dedupe_flake-utils"; + mnw.follows = "dedupe_mnw"; + }; + }; + # provides comfy ui and sdwebui services + stable-diffusion-webui-nix = { + url = "github:janrupf/stable-diffusion-webui-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "dedupe_flake-utils"; + }; + # my website :) + rrv-sh = { + url = "github:rrvsh/rrv.sh"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + ### DEDUPE ### + + dedupe_flake-compat.url = "github:edolstra/flake-compat"; + dedupe_flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + dedupe_mnw.url = "github:gerg-l/mnw"; + dedupe_gitignore = { + url = "github:hercules-ci/gitignore.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; } diff --git a/homes/x86_64-linux/rafiq/default.nix b/homes/x86_64-linux/rafiq/default.nix deleted file mode 100644 index 1547e1d..0000000 --- a/homes/x86_64-linux/rafiq/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ pkgs, inputs, ... }: -{ - cli = { - shell = "zsh"; - finder = "fzf"; - screensaver.enable = true; - screensaver.timeout = "100"; - screensaver.command = "cbonsai -S -w 0.1 -L 40 -M 2 -b 2"; - editor = "nvf"; - file-browser = "yazi"; - multiplexer = "zellij"; - fetch = "hyfetch"; - git.name = "Mohammad Rafiq"; - git.email = "rafiq@rrv.sh"; - git.defaultBranch = "prime"; - }; - home = { - shellAliases = { - v = "nvim"; - e = "edit"; - }; - - packages = with pkgs; [ - cbonsai - ripgrep - devenv - stremio - pantheon.rebuild - pantheon.edit - inputs.nixspect.packages."x86_64-linux".nixspect - ]; - - persistence."/persist/home/rafiq".directories = [ "repos" ]; - }; - programs = { - nh.enable = true; - tealdeer.enable = true; - pay-respects = { - enable = true; - }; - tealdeer.settings.updates.auto_update = true; - direnv = { - enable = true; - nix-direnv.enable = true; - }; - }; -} diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 37567ce..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, ... }: -{ - mkStrOption = lib.mkOption { - type = lib.types.str; - default = ""; - }; - mkPortOption = - port: - lib.mkOption { - type = lib.types.port; - default = port; - }; - mkPathOption = - path: - lib.mkOption { - type = lib.types.path; - default = path; - }; -} diff --git a/modules/home/cli/default.nix b/modules/home/cli/default.nix deleted file mode 100644 index 80caca5..0000000 --- a/modules/home/cli/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - options.cli = { - shell = lib.pantheon.mkStrOption; - finder = lib.pantheon.mkStrOption; - screensaver.enable = lib.mkEnableOption ""; - screensaver.timeout = lib.pantheon.mkStrOption; - screensaver.command = lib.pantheon.mkStrOption; - editor = lib.pantheon.mkStrOption; - nvf.snippets = lib.mkOption { - type = lib.types.listOf lib.types.attrs; - default = { }; - }; - file-browser = lib.pantheon.mkStrOption; - multiplexer = lib.pantheon.mkStrOption; - fetch = lib.pantheon.mkStrOption; - git = { - name = lib.pantheon.mkStrOption; - email = lib.pantheon.mkStrOption; - defaultBranch = lib.pantheon.mkStrOption; - }; - }; - - config = lib.mkMerge [ - { - home.shell.enableShellIntegration = true; - programs.ssh = { - enable = true; - extraConfig = '' - Host * - SetEnv TERM=xterm-256color - ''; - }; - programs.zoxide.enable = true; - home.shellAliases.cd = "z"; - home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ - ".local/share/zoxide" - ]; - } - { - programs.nix-index.enable = true; - programs.nix-index-database.comma.enable = true; - } - { - home.shellAliases.ai = "aichat -r %shell% -e"; - - home.packages = with pkgs; [ aichat ]; - - xdg.configFile."aichat/config.yaml".text = '' - model: gemini:gemini-2.0-flash - clients: - - type: gemini - ''; - } - { - programs.starship = { - enable = true; - settings = { - add_newline = false; - format = '' - $directory$character - ''; - right_format = '' - $all - ''; - git_branch.format = "[$symbol$branch(:$remote_branch)]($style) "; - shlvl.disabled = false; - hostname.disabled = true; - username.disabled = true; - }; - }; - } - ]; -} diff --git a/modules/home/cli/editor/nvf/binds.nix b/modules/home/cli/editor/nvf/binds.nix deleted file mode 100644 index 821c181..0000000 --- a/modules/home/cli/editor/nvf/binds.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - hardtime-nvim = { - enable = true; - setupOpts = { - max_count = 1; - disabled_keys = { - "" = [ ]; - "" = [ ]; - "" = [ ]; - "" = [ ]; - }; - }; - }; - whichKey.enable = true; -} diff --git a/modules/home/cli/editor/nvf/clipboard.nix b/modules/home/cli/editor/nvf/clipboard.nix deleted file mode 100644 index 2c63c08..0000000 --- a/modules/home/cli/editor/nvf/clipboard.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/modules/home/cli/editor/nvf/default.nix b/modules/home/cli/editor/nvf/default.nix deleted file mode 100644 index 66949bc..0000000 --- a/modules/home/cli/editor/nvf/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkIf (config.cli.editor == "nvf") { - home.sessionVariables.EDITOR = "nvim"; - home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ - ".local/share/nvf" - ]; - programs.nvf = { - enable = true; - settings.vim = { - hideSearchHighlight = true; - syntaxHighlighting = true; - telescope.enable = true; - searchCase = "ignore"; - undoFile.enable = true; - fzf-lua.enable = true; - git.enable = true; - git.gitsigns.enable = false; - autocomplete = import ./autocomplete.nix { inherit lib; }; - autopairs.nvim-autopairs.enable = true; - binds = import ./binds.nix; - clipboard = import ./clipboard.nix; - diagnostics = import ./diagnostics.nix; - keymaps = import ./keymaps.nix; - languages = import ./languages.nix; - lsp = import ./lsp.nix; - navigation = import ./navigation.nix; - notes = import ./notes.nix; - options = import ./options.nix; - notify = import ./notify.nix; - snippets = import ./snippets.nix; - statusline = import ./statusline.nix; - treesitter = import ./treesitter.nix; - ui = import ./ui.nix; - utility = import ./utility.nix; - visuals = import ./visuals.nix; - }; - }; - }; -} diff --git a/modules/home/cli/editor/nvf/diagnostics.nix b/modules/home/cli/editor/nvf/diagnostics.nix deleted file mode 100644 index 2c63c08..0000000 --- a/modules/home/cli/editor/nvf/diagnostics.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/modules/home/cli/editor/nvf/keymaps.nix b/modules/home/cli/editor/nvf/keymaps.nix deleted file mode 100644 index cde0be4..0000000 --- a/modules/home/cli/editor/nvf/keymaps.nix +++ /dev/null @@ -1,23 +0,0 @@ -[ - { - desc = "Open the file path under the cursor, making the file if it doesn't exist."; - key = "gf"; - mode = "n"; - action = ":cd %:p:h:e "; - silent = true; - } - { - desc = ""; - key = ""; - mode = "n"; - action = "zz"; - silent = true; - } - { - desc = ""; - key = ""; - mode = "n"; - action = "zz"; - silent = true; - } -] diff --git a/modules/home/cli/editor/nvf/lsp.nix b/modules/home/cli/editor/nvf/lsp.nix deleted file mode 100644 index f6810b7..0000000 --- a/modules/home/cli/editor/nvf/lsp.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - enable = true; - formatOnSave = true; - inlayHints.enable = true; - lightbulb.enable = true; - lspkind.enable = true; - null-ls.enable = true; - otter-nvim.enable = true; -} diff --git a/modules/home/cli/editor/nvf/navigation.nix b/modules/home/cli/editor/nvf/navigation.nix deleted file mode 100644 index a664c27..0000000 --- a/modules/home/cli/editor/nvf/navigation.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - harpoon = { - enable = true; - }; -} diff --git a/modules/home/cli/editor/nvf/notes.nix b/modules/home/cli/editor/nvf/notes.nix deleted file mode 100644 index 3f80024..0000000 --- a/modules/home/cli/editor/nvf/notes.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - todo-comments.enable = true; -} diff --git a/modules/home/cli/editor/nvf/notify.nix b/modules/home/cli/editor/nvf/notify.nix deleted file mode 100644 index 2c63c08..0000000 --- a/modules/home/cli/editor/nvf/notify.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/modules/home/cli/editor/nvf/options.nix b/modules/home/cli/editor/nvf/options.nix deleted file mode 100644 index 810172a..0000000 --- a/modules/home/cli/editor/nvf/options.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - scroll = 1; - autoindent = true; - backspace = "indent,eol,start"; - cursorline = true; - expandtab = true; - shiftwidth = 2; - smartindent = true; - tabstop = 2; - updatetime = 0; -} diff --git a/modules/home/cli/editor/nvf/snippets.nix b/modules/home/cli/editor/nvf/snippets.nix deleted file mode 100644 index d23871f..0000000 --- a/modules/home/cli/editor/nvf/snippets.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - luasnip = { - enable = true; - setupOpts.enable_autosnippets = true; - }; -} diff --git a/modules/home/cli/editor/nvf/treesitter.nix b/modules/home/cli/editor/nvf/treesitter.nix deleted file mode 100644 index eca9ae9..0000000 --- a/modules/home/cli/editor/nvf/treesitter.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - autotagHtml = true; - fold = true; - indent.disable = [ "markdown" ]; - textobjects.enable = true; -} diff --git a/modules/home/cli/fetch/default.nix b/modules/home/cli/fetch/default.nix deleted file mode 100644 index 1aa53ef..0000000 --- a/modules/home/cli/fetch/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (config.cli.fetch == "hyfetch") { - home.packages = [ pkgs.fastfetch ]; - home.sessionVariables.FETCH = "hyfetch"; - home.shellAliases.fetch = "hyfetch"; - programs.hyfetch = { - enable = true; - settings = { - preset = "bisexual"; - mode = "rgb"; - light_dark = "dark"; - lightness = 0.5; - color_align = { - mode = "horizontal"; - custom_colors = [ ]; - fore_back = null; - }; - backend = "fastfetch"; - }; - }; - - }) - ]; -} diff --git a/modules/home/cli/file-browser/default.nix b/modules/home/cli/file-browser/default.nix deleted file mode 100644 index 847d7e9..0000000 --- a/modules/home/cli/file-browser/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkIf (config.cli.file-browser == "yazi") { - home.sessionVariables.FILE_BROWSER = "yazi"; - programs.yazi = { - enable = true; - shellWrapperName = "t"; - settings = { - mgr = { - sort_by = "natural"; - prepend_keymap = [ - { - on = "l"; - run = "plugin smart-enter"; - desc = ""; - } - ]; - }; - }; - }; - }; -} diff --git a/modules/home/cli/finder/default.nix b/modules/home/cli/finder/default.nix deleted file mode 100644 index 894cbc1..0000000 --- a/modules/home/cli/finder/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkMerge [ - (lib.mkIf (config.cli.finder == "fzf") { - programs.fzf = { - enable = true; - enableZshIntegration = lib.mkIf (config.cli.shell == "zsh") true; - }; - }) - ]; -} diff --git a/modules/home/cli/multiplexer/default.nix b/modules/home/cli/multiplexer/default.nix deleted file mode 100644 index bf420eb..0000000 --- a/modules/home/cli/multiplexer/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - osConfig, - config, - lib, - pkgs, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (config.cli.multiplexer == "zellij") ( - import ./zellij.nix { inherit config pkgs osConfig; } - )) - ]; -} diff --git a/modules/home/cli/multiplexer/zellij.nix b/modules/home/cli/multiplexer/zellij.nix deleted file mode 100644 index 0e3f078..0000000 --- a/modules/home/cli/multiplexer/zellij.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - osConfig, -}: -{ - home.sessionVariables.MULTIPLEXER = "zellij"; - home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ "/.cache/zellij" ]; - programs.zellij = { - enable = true; - enableZshIntegration = true; - attachExistingSession = true; - exitShellOnExit = true; - settings = { - pane_frames = false; - show_startup_tips = false; - show_release_notes = false; - }; - }; - xdg.configFile."zellij/layouts/default.kdl".text = # kdl - '' - layout { - default_tab_template { - pane size=1 borderless=true { - plugin location="file:${pkgs.zjstatus}/bin/zjstatus.wasm" { - format_left "{mode} ${osConfig.system.hostname}" - format_center "{tabs}" - format_right "{datetime}" - format_space "" - format_hide_on_overlength "true" - format_precedence "lrc" - - border_enabled "false" - border_char "─" - border_format "#[fg=#6C7086]{char}" - border_position "top" - - hide_frame_for_single_pane "false" - - mode_default_to_mode "normal" - mode_normal "#[bg=#89B4FA] {name} " - mode_locked "#[bg=#f55e18] {name} " - mode_session "#[bg=#00ff00] {name} " - - tab_normal "#[fg=#6C7086] {index} " - tab_active "#[fg=#9399B2,bold,italic] {index} " - tab_display_count "3" // limit to showing 3 tabs - tab_truncate_start_format "..." - tab_truncate_end_format "..." - - datetime "#[fg=#6C7086,bold] {format}" - datetime_format "%H:%M:%S" - datetime_timezone "Asia/Singapore" - } - } - children - } - } - ''; -} diff --git a/modules/home/cli/shell/default.nix b/modules/home/cli/shell/default.nix deleted file mode 100644 index 966a01d..0000000 --- a/modules/home/cli/shell/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkIf (config.cli.shell == "zsh") { - home.sessionVariables.SHELL = "zsh"; - programs.zsh = { - enable = true; - enableVteIntegration = true; - syntaxHighlighting.enable = true; - historySubstringSearch.enable = true; - history = { - append = true; - extended = true; - ignoreDups = true; - ignoreSpace = true; - save = 10000; - share = true; - size = 10000; - }; - }; - programs.zsh.initContent = lib.mkIf config.cli.screensaver.enable ( - lib.mkOrder 1200 - # zsh - '' - precmd() { - TMOUT=${config.cli.screensaver.timeout} - } - - TRAPALRM() { - TMOUT=1 - ${config.cli.screensaver.command} - # If we exit, assume the previous command was exited out of - TMOUT=${config.cli.screensaver.timeout} - zle reset-prompt - } - '' - ); - }; -} diff --git a/modules/home/cli/utilities/default.nix b/modules/home/cli/utilities/default.nix deleted file mode 100644 index 3199378..0000000 --- a/modules/home/cli/utilities/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - imports = [ ./git.nix ]; -} diff --git a/modules/home/desktop/browser/firefox/default.nix b/modules/home/desktop/browser/firefox/default.nix deleted file mode 100644 index ab4f2e0..0000000 --- a/modules/home/desktop/browser/firefox/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ osConfig, lib, ... }: -{ - config = lib.mkIf (osConfig.desktop.browser == "firefox") { - home.persistence."/persist/home/rafiq".directories = [ ".mozilla/firefox" ]; - home.sessionVariables.BROWSER = "firefox"; - programs.firefox = { - enable = true; - profiles.rafiq.id = 0; - profiles.test.id = 1; - }; - }; -} diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix deleted file mode 100644 index 2a77588..0000000 --- a/modules/home/desktop/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - osConfig, - pkgs, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (osConfig.hardware.gpu == "nvidia") { - home.packages = [ pkgs.stable-diffusion-webui.forge.cuda ]; - home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ - ".local/share/stable-diffusion-webui" - ]; - }) - (lib.mkIf osConfig.desktop.enableSpotifyd { - services.spotifyd.enable = true; - services.spotifyd.settings.global = { - device_name = "${osConfig.system.hostname}"; - device_type = "computer"; - zeroconf_port = 5353; - }; - }) - (lib.mkIf osConfig.desktop.enableSteam { - home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ - ".local/share/Steam" - ]; - }) - ]; -} diff --git a/modules/home/desktop/launcher/default.nix b/modules/home/desktop/launcher/default.nix deleted file mode 100644 index 05bb845..0000000 --- a/modules/home/desktop/launcher/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - osConfig, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (osConfig.desktop.launcher == "fuzzel") { - home.sessionVariables.LAUNCHER = "fuzzel"; - programs.fuzzel = { - enable = true; - }; - }) - (lib.mkIf (osConfig.desktop.launcher == "wofi") { - home.sessionVariables.LAUNCHER = "wofi"; - programs.wofi = { - enable = true; - style = null; - settings = { }; - }; - }) - ]; -} diff --git a/modules/home/desktop/lockscreen/default.nix b/modules/home/desktop/lockscreen/default.nix deleted file mode 100644 index 8003c52..0000000 --- a/modules/home/desktop/lockscreen/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - osConfig, - lib, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (osConfig.desktop.lockscreen == "hyprlock") { - home.sessionVariables.LOCKSCREEN = "hyprlock"; - programs.hyprlock = { - enable = true; - settings = { - general.hide_cursor = true; - general.ignore_empty_input = true; - - background = { - blur_passes = 5; - blur_size = 5; - }; - - label = { - text = ''hi, $USER.''; - font_size = 32; - halign = "center"; - valign = "center"; - position = "0, 0"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - - input-field = { - fade_on_empty = true; - size = "200, 45"; - halign = "center"; - valign = "center"; - position = "0, -5%"; - placeholder_text = ""; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - }; - }; - }) - ]; -} diff --git a/modules/home/desktop/notification-daemon/default.nix b/modules/home/desktop/notification-daemon/default.nix deleted file mode 100644 index c6bb63f..0000000 --- a/modules/home/desktop/notification-daemon/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ osConfig, lib, ... }: -{ - config = lib.mkMerge [ - (lib.mkIf (osConfig.desktop.notification-daemon == "mako") { - home.sessionVariables.NOTIFICATION_DAEMON = "mako"; - services.mako = { - enable = true; - settings = { }; - }; - }) - ]; -} diff --git a/modules/home/desktop/status-bar/default.nix b/modules/home/desktop/status-bar/default.nix deleted file mode 100644 index 6e954cb..0000000 --- a/modules/home/desktop/status-bar/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - pkgs, - config, - lib, - osConfig, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (osConfig.desktop.status-bar == "waybar") { - home.sessionVariables.STATUS_BAR = "waybar"; - programs.waybar = { - enable = true; - settings = [ - { - layer = "top"; - modules-left = [ - "pulseaudio" - ]; - modules-right = [ - "battery" - "clock" - ]; - "pulseaudio" = { - format = "{icon} {volume}%"; - format-muted = ""; - format-icons.default = [ - "" - "" - ]; - on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; - }; - "clock" = { - interval = 1; - format = "{:%F %T}"; - }; - "battery" = { - interval = 1; - bat-compatibility = true; - }; - } - ]; - style = # css - '' - window#waybar { - background-color: rgba(0, 0, 0, 0); - } - - #pulseaudio, - #battery, - #clock { - padding-top: 5px; - padding-bottom: 5px; - padding-right: 5px; - color: #ffffff; - } - ''; - }; - }) - ]; -} diff --git a/modules/home/desktop/terminal/default.nix b/modules/home/desktop/terminal/default.nix deleted file mode 100644 index f3af070..0000000 --- a/modules/home/desktop/terminal/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - osConfig, - lib, - pkgs, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (osConfig.desktop.terminal == "kitty") { - home.packages = with pkgs; [ kitty ]; - home.sessionVariables.TERMINAL = "kitty"; - }) - (lib.mkIf (osConfig.desktop.terminal == "ghostty") { - home.sessionVariables.TERMINAL = "ghostty -e"; - programs.ghostty = { - enable = true; - settings = { - confirm-close-surface = false; - }; - }; - }) - ]; -} diff --git a/modules/home/desktop/windowManager/hyprland/default.nix b/modules/home/desktop/windowManager/hyprland/default.nix deleted file mode 100644 index de770c7..0000000 --- a/modules/home/desktop/windowManager/hyprland/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - pkgs, - lib, - osConfig, - ... -}: -let - inherit (osConfig.desktop) mainMonitor; -in -{ - config = lib.mkIf (osConfig.desktop.windowManager == "hyprland") { - wayland.windowManager.hyprland = { - enable = true; - systemd.enable = false; - settings = lib.mkMerge [ - { - ecosystem.no_update_news = true; - - monitor = [ - "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" - ", preferred, auto, 1" - ]; - - exec-once = [ - "uwsm app -- $LOCKSCREEN" - "uwsm app -- $NOTIFICATION_DAEMON" - "uwsm app -- $STATUS_BAR" - ]; - - xwayland.force_zero_scaling = true; - } - (import ./decoration.nix) - (import ./keybinds.nix { inherit pkgs; }) - ]; - }; - xdg.configFile."uwsm/env".text = # sh - '' - export GDK_SCALE=${mainMonitor.scale} - export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - ''; - xdg.configFile."uwsm/env-hyprland".text = # sh - '' - export GDK_SCALE=${mainMonitor.scale} - export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - ''; - }; -} diff --git a/modules/home/system/default.nix b/modules/home/system/default.nix deleted file mode 100644 index 3996e00..0000000 --- a/modules/home/system/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - home.persistence."/persist/home/${config.snowfallorg.user.name}" = { - directories = [ - ".ssh" - ".config/sops/age" - ]; - allowOther = true; - }; - - home.stateVersion = "24.11"; -} diff --git a/modules/nixos/cli/default.nix b/modules/nixos/cli/default.nix deleted file mode 100644 index ebbf824..0000000 --- a/modules/nixos/cli/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - imports = [ ]; - - options.cli = { }; - - config = lib.mkMerge [ - { - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; # enables completion - } - ]; -} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix deleted file mode 100644 index 47ccd71..0000000 --- a/modules/nixos/desktop/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - imports = [ - ./windowManager.nix - ]; - - options.desktop = { - mainMonitor = { - id = lib.pantheon.mkStrOption; - scale = lib.pantheon.mkStrOption; - resolution = lib.pantheon.mkStrOption; - refresh-rate = lib.pantheon.mkStrOption; - }; - windowManager = lib.pantheon.mkStrOption; - lockscreen = lib.pantheon.mkStrOption; - browser = lib.pantheon.mkStrOption; - terminal = lib.pantheon.mkStrOption; - notification-daemon = lib.pantheon.mkStrOption; - launcher = lib.pantheon.mkStrOption; - status-bar = lib.pantheon.mkStrOption; - enableSpotifyd = lib.mkEnableOption ""; - enableSteam = lib.mkEnableOption ""; - enableVR = lib.mkEnableOption ""; - enableSunshine = lib.mkEnableOption ""; - }; - - config = lib.mkMerge [ - { - fonts.packages = with pkgs; [ - font-awesome - ]; - } - (lib.mkIf config.desktop.enableSteam { - programs.steam = { - enable = true; - gamescopeSession.enable = true; - }; - }) - (lib.mkIf config.desktop.enableVR { - programs.alvr = { - enable = true; - openFirewall = true; - }; - environment.systemPackages = [ pkgs.android-tools ]; - }) - (lib.mkIf config.desktop.enableSunshine { - networking.firewall.allowedTCPPortRanges = [ - { - from = 47984; - to = 47990; - } - ]; - networking.firewall.allowedUDPPortRanges = [ - { - from = 47998; - to = 48000; - } - ]; - networking.firewall.allowedTCPPorts = [ 48010 ]; - services.sunshine = { - enable = true; - capSysAdmin = true; - openFirewall = true; - settings = { - sunshine_name = config.system.hostname; - port = 48989; # default - origin_web_ui_allowed = "wan"; - }; - applications = { }; - }; - }) - ]; -} diff --git a/modules/nixos/desktop/lockscreen/default.nix b/modules/nixos/desktop/lockscreen/default.nix deleted file mode 100644 index ce40153..0000000 --- a/modules/nixos/desktop/lockscreen/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkMerge [ - (lib.mkIf (config.desktop.lockscreen == "hyprlock") { - security.pam.services.hyprlock = { }; - }) - ]; -} diff --git a/modules/nixos/desktop/windowManager.nix b/modules/nixos/desktop/windowManager.nix deleted file mode 100644 index 251690a..0000000 --- a/modules/nixos/desktop/windowManager.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkMerge [ - (lib.mkIf (config.desktop.windowManager == "hyprland") { - environment.loginShellInit = # sh - '' - if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then - if uwsm check may-start; then - exec uwsm start hyprland-uwsm.desktop - fi - fi - ''; - environment.variables = { - ELECTRON_OZONE_PLATFORM_HINT = "auto"; - NIXOS_OZONE_WL = "1"; - }; - programs.hyprland = { - enable = true; - withUWSM = true; - }; - }) - ]; -} diff --git a/modules/nixos/hardware/audio.nix b/modules/nixos/hardware/audio.nix deleted file mode 100644 index 7c6402a..0000000 --- a/modules/nixos/hardware/audio.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, ... }: -{ - config = { - services.pipewire = { - enable = true; - pulse.enable = true; - }; - }; -} diff --git a/modules/nixos/hardware/btrfs.nix b/modules/nixos/hardware/btrfs.nix deleted file mode 100644 index 5b43f07..0000000 --- a/modules/nixos/hardware/btrfs.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.hardware.drives.btrfs; -in -{ - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - { - boot.initrd.kernelModules = [ "dm-snapshot" ]; - disko.devices.disk.main = { - device = cfg.drive; - type = "disk"; - content.type = "gpt"; - content.partitions = { - boot.name = "boot"; - boot.size = "1M"; - boot.type = "EF02"; - esp.name = "ESP"; - esp.size = "500M"; - esp.type = "EF00"; - esp.content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - swap.size = "4G"; - swap.content = { - type = "swap"; - resumeDevice = true; - }; - root.name = "root"; - root.size = "100%"; - root.content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - - disko.devices.lvm_vg.root_vg = { - type = "lvm_vg"; - lvs.root.size = "100%FREE"; - lvs.root.content.type = "btrfs"; - lvs.root.content.extraArgs = [ "-f" ]; - lvs.root.content.subvolumes = { - "/root".mountpoint = "/"; - "/persist".mountpoint = "/persist"; - "/persist".mountOptions = [ - "subvol=persist" - "noatime" - ]; - "/nix".mountpoint = "/nix"; - "/nix".mountOptions = [ - "subvol=nix" - "noatime" - ]; - }; - }; - } - (lib.mkIf cfg.ephemeralRoot { - boot.initrd.postDeviceCommands = lib.mkAfter '' - mkdir /btrfs_tmp - mount /dev/root_vg/root /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - ''; - programs.fuse.userAllowOther = true; - fileSystems."/persist".neededForBoot = true; - environment.persistence."/persist" = { - hideMounts = true; - directories = [ - "/var/lib/systemd" - "/var/lib/nixos" - ]; - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - "/etc/machine-id" - ]; - }; - }) - ] - ); -} diff --git a/modules/nixos/hardware/cpu.nix b/modules/nixos/hardware/cpu.nix deleted file mode 100644 index 7f95f6a..0000000 --- a/modules/nixos/hardware/cpu.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkMerge [ - (lib.mkIf (config.hardware.platform == "amd") { - hardware.cpu.amd.updateMicrocode = true; - boot.kernelModules = [ "kvm-amd" ]; - }) - (lib.mkIf (config.hardware.platform == "intel") { - hardware.cpu.intel.updateMicrocode = true; - boot.kernelModules = [ "kvm-intel" ]; - }) - ]; -} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix deleted file mode 100644 index c1370bc..0000000 --- a/modules/nixos/hardware/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./btrfs.nix - ./nvidia.nix - ./audio.nix - ./cpu.nix - ./networking.nix - ]; - - options.hardware = { - drives.btrfs = { - enable = lib.mkEnableOption ""; - drive = lib.pantheon.mkStrOption; - ephemeralRoot = lib.mkEnableOption ""; - }; - gpu = lib.pantheon.mkStrOption; - platform = lib.pantheon.mkStrOption; - }; - - config = { - services.fwupd.enable = true; - hardware.bluetooth = { - enable = true; - settings.General.Experimental = true; - }; - hardware.xone.enable = true; - }; -} diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix deleted file mode 100644 index cc00ccd..0000000 --- a/modules/nixos/hardware/networking.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkMerge [ - { - networking.useDHCP = lib.mkDefault true; - networking.hostName = config.system.hostname; - networking.networkmanager.enable = true; - - services.openssh = { - enable = true; - settings = { - PrintMotd = true; - }; - }; - - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."keys/tailscale".path; - }; - environment.persistence."/persist".directories = [ "/var/lib/tailscale" ]; - } - (lib.mkIf config.desktop.enableSpotifyd { - networking.firewall.allowedTCPPorts = [ 5353 ]; - networking.firewall.allowedUDPPorts = [ 5353 ]; - }) - ]; -} diff --git a/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix deleted file mode 100644 index 23644c2..0000000 --- a/modules/nixos/hardware/nvidia.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - config = lib.mkIf (config.hardware.gpu == "nvidia") { - hardware = { - graphics.enable = true; - graphics.extraPackages = with pkgs; [ - nvidia-vaapi-driver - ]; - nvidia.open = true; - nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; - }; - services.xserver.videoDrivers = [ "nvidia" ]; - nixpkgs.config.allowUnfree = true; - environment.variables = { - LIBVA_DRIVER_NAME = "nvidia"; - __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - NVD_BACKEND = "direct"; - }; - - nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; - nix.settings.trusted-public-keys = [ - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; - }; -} diff --git a/modules/nixos/server/databases/default.nix b/modules/nixos/server/databases/default.nix deleted file mode 100644 index 640d587..0000000 --- a/modules/nixos/server/databases/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -let - cfg = config.server.databases; -in -{ - options.server.databases = { - mongodb = { - enable = lib.mkEnableOption "the MongoDB server"; - port = lib.pantheon.mkPortOption 27017; - }; - mysql = { - enable = lib.mkEnableOption "the MySQL server"; - port = lib.pantheon.mkPortOption 3306; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.mongodb.enable { - networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ]; - environment.persistence."/persist".directories = [ - { - directory = builtins.toString config.services.mongodb.dbpath; - user = "mongodb"; - group = "mongodb"; - } - ]; - services.mongodb = { - enable = true; - bind_ip = "0.0.0.0"; - extraConfig = '' - net.port: ${builtins.toString cfg.mongodb.port} - ''; - }; - }) - (lib.mkIf cfg.mysql.enable { - networking.firewall.allowedTCPPorts = [ cfg.mysql.port ]; - environment.persistence."/persist".directories = [ - { - directory = builtins.toString config.services.mysql.dataDir; - user = "mysql"; - group = "mysql"; - } - ]; - services.mysql = { - enable = true; - package = pkgs.mariadb; - settings.mysqld = { - inherit (cfg.mysql) port; - }; - }; - }) - ]; -} diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix deleted file mode 100644 index f1b6a89..0000000 --- a/modules/nixos/server/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options.server = { - mountHelios = lib.mkEnableOption ""; - enableDDNS = lib.mkEnableOption ""; - }; - - config = lib.mkMerge [ - (lib.mkIf config.server.enableDDNS { - services.godns = { - enable = true; - loadCredential = [ - "cf_token:${config.sops.secrets."keys/cloudflare".path}" - "telegram_bot_token:${config.sops.secrets."keys/telegram_bot".path}" - ]; - settings = { - provider = "Cloudflare"; - login_token_file = "$CREDENTIALS_DIRECTORY/cf_token"; - domains = [ - { - domain_name = "rrv.sh"; - sub_domains = [ "@" ]; - } - { - domain_name = "aenyrathia.wiki"; - sub_domains = [ "@" ]; - } - { - domain_name = "bwfiq.com"; - sub_domains = [ "*" ]; - } - { - domain_name = "slayment.com"; - sub_domains = [ "*" ]; - } - ]; - resolver = "1.1.1.1"; - ip_urls = [ - "https://wtfismyip.com/text" - "https://api.ipify.org" - "https://myip.biturl.top" - "https://api-ipv4.ip.sb/ip" - ]; - ip_type = "IPv4"; - interval = 300; - notify = { - telegram = { - enabled = true; - bot_api_key_file = "$CREDENTIALS_DIRECTORY/telegram_bot_token"; - chat_id = "384288005"; - message_template = "Domain *{{ .Domain }} has been updated to %0A{{ .CurrentIP }}"; - }; - }; - }; - }; - }) - (lib.mkIf config.server.mountHelios { - fileSystems."/media/helios/data" = { - device = "//helios/data"; - fsType = "cifs"; - options = [ - "x-systemd.automount" - "x-systemd.requires=tailscaled.service" - "x-systemd.mount-timeout=0" - ]; - }; - }) - ]; -} diff --git a/modules/nixos/server/web-apps/default.nix b/modules/nixos/server/web-apps/default.nix deleted file mode 100644 index 6c8453d..0000000 --- a/modules/nixos/server/web-apps/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - inputs, - config, - lib, - ... -}: -let - cfg = config.server.web-apps; -in -{ - - imports = [ - "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix" - ]; - - options.server.web-apps = { - librechat.enable = lib.mkEnableOption ""; - }; - - config = lib.mkIf cfg.librechat.enable { - services.librechat = { - enable = true; - openFirewall = true; - port = 3080; - env = { - HOST = "0.0.0.0"; - ALLOW_REGISTRATION = "true"; - MONGO_URI = "mongodb://apollo:27017"; - }; - credentials = { - CREDS_KEY = config.sops.secrets."librechat/creds_key".path; - CREDS_IV = config.sops.secrets."librechat/creds_iv".path; - JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path; - JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path; - }; - settings = { - version = "1.0.8"; - cache = true; - interface = { - privacyPolicy = { - externalUrl = "https://librechat.ai/privacy-policy"; - openNewTab = true; - }; - }; - endpoints = { - custom = [ - { - name = "OpenRouter"; - apiKey = "\${OPENROUTER_KEY}"; - baseURL = "https://openrouter.ai/api/v1"; - models = { - default = [ "meta-llama/llama-3-70b-instruct" ]; - fetch = true; - }; - titleConvo = true; - titleModule = "meta-llama/llama-3-70b-instruct"; - dropParams = [ "stop" ]; - modelDisplayLabel = "OpenRouter"; - } - ]; - }; - }; - }; - }; -} diff --git a/modules/nixos/server/web-servers/default.nix b/modules/nixos/server/web-servers/default.nix deleted file mode 100644 index cfe2e49..0000000 --- a/modules/nixos/server/web-servers/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.server.web-servers; -in -{ - options.server.web-servers = { - nginx = { - enable = lib.mkEnableOption "the Nginx server"; - }; - }; - config = lib.mkMerge [ - { - security.acme = { - acceptTerms = true; - defaults.email = "rafiq@rrv.sh"; - }; - } - (lib.mkIf cfg.nginx.enable { - networking.firewall.allowedTCPPorts = [ - 443 - 80 - ]; - services.nginx = { - enable = true; - virtualHosts = { - "chat.bwfiq.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://helios:3080"; - }; - }; - "il.bwfiq.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://helios:2283"; - }; - }; - ${config.system.hostname} = { - locations."/" = { - return = "200 'It works! /tmp/commit_msg.txt + "$EDITOR" /tmp/commit_msg.txt + RESPONSE=$(cat /tmp/commit_msg.txt) + rm /tmp/commit_msg.txt + ;; + q | quit | "") + echo "Aborted." + exit 1 + ;; + *) + echo "Invalid choice. Please choose again." + ;; + esac + done + '' diff --git a/packages/edit/default.nix b/nix/homes/rafiq/_scripts/edit.nix similarity index 100% rename from packages/edit/default.nix rename to nix/homes/rafiq/_scripts/edit.nix diff --git a/nix/homes/rafiq/_scripts/note.nix b/nix/homes/rafiq/_scripts/note.nix new file mode 100644 index 0000000..0470fc2 --- /dev/null +++ b/nix/homes/rafiq/_scripts/note.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +pkgs.writeShellScriptBin "note" # bash + '' + zk edit -i + pushd ~/notebook > /dev/null + git add . + commit -u + popd > /dev/null + '' diff --git a/nix/homes/rafiq/_scripts/rebuild.nix b/nix/homes/rafiq/_scripts/rebuild.nix new file mode 100644 index 0000000..223a4db --- /dev/null +++ b/nix/homes/rafiq/_scripts/rebuild.nix @@ -0,0 +1,148 @@ +{ pkgs }: +let + inherit (pkgs.lib) getExe; +in +pkgs.writeShellScriptBin "rebuild" # sh + '' + QUICK=false + NO_GENERATION_CHECK=false + TEST_SHELL=false + REMOTE_HOSTS=() + REBUILDING_ALL=false + # ANSI color codes + GREEN='\033[0;32m' + ORANGE='\033[0;33m' + RED='\033[0;31m' + NC='\033[0m' + + info() { + timestamp=$(date "+%Y-%m-%d %H:%M:%S") + echo -e "''${GREEN}''${timestamp} INFO: $1''${NC}" + } + + warn() { + timestamp=$(date "+%Y-%m-%d %H:%M:%S") + echo -e "''${ORANGE}''${timestamp} WARN: $1''${NC}" + } + + err() { + timestamp=$(date "+%Y-%m-%d %H:%M:%S") + echo -e "''${RED}''${timestamp} ERROR: $1''${NC}" + } + + prompt() { + local PROMPT="$1" + shift + read -p "$PROMPT? (y/n) [n]: " -n 1 -r REPLY + echo + if [[ "$REPLY" =~ ^[Yy]$ ]]; then + "$*" + else + info "$PROMPT aborted." + fi + } + + spawn_test_shell() { + info "Spawning test shell on $1..." + (export PS1="Test shell> " + exec ${pkgs.bash}/bin/bash ssh "$1") || { + ${pkgs.cowsay}/bin/cowsay "You aborted." + exit 1 + } + } + + rebuild_remote() { + local args=(".#nixosConfigurations.$1" "--target-host" "$1") + local CURRENT_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2) + + if "$TEST_SHELL"; then + info "Testing $1..." + ${getExe pkgs.nh} os test "''${args[@]}" || exit 1 + git diff HEAD --color=always --stat --patch + spawn_test_shell "$1" + info "Rebuilding $1..." + ${getExe pkgs.nh} os boot "''${args[@]}" || exit 1 + else + info "Rebuilding $1 on $HOSTNAME..." + ${getExe pkgs.nh} os switch "''${args[@]}" || exit 1 + fi + + if ! "$NO_GENERATION_CHECK"; then + local NEW_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2) + info "$1 - New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION." + if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then + warn "New config was not added to bootloader." + fi + fi + } + + info "Starting rebuild script." + + if [ ! -f "flake.nix" ]; then + err "flake.nix not found in the current directory. Exiting." + exit 1 # Indicate an error + fi + + while [[ $# -gt 0 ]]; do + case "$1" in + --quick | -q) + QUICK=true + shift + ;; + --no-generation-check | -n) + NO_GENERATION_CHECK=true + shift + ;; + --test-shell | -t) + TEST_SHELL=true + shift + ;; + --all | -a) + reachable_hosts=() + hostnames=$(nix flake show --all-systems --json | , jq -r '.nixosConfigurations | keys | .[]') + for host in ''${hostnames[@]}; do + info "Checking if $host is reachable..." + if ping -c 1 -W 1 "$host" > /dev/null 2>&1 ; then + info "$host is reachable." + reachable_hosts+=("$host") + else + warn "$host is unreachable." + fi + done + REMOTE_HOSTS=(''${reachable_hosts[@]}) + REBUILDING_ALL=true + shift + ;; + *) + if [ !REBUILDING_ALL ]; then + if ping -c 1 -W 1 "$1" > /dev/null 2>&1 ; then + REMOTE_HOSTS+=("$1") + else + err "$1 is unreachable. Exiting." + exit 1 + fi + fi + shift + ;; + esac + done + + if [ ''${#REMOTE_HOSTS[@]} == 0 ]; then + info "No hostnames provided." + REMOTE_HOSTS=("$HOSTNAME") + fi + + git add . + + for host in "''${REMOTE_HOSTS[@]}"; do + rebuild_remote $host + done + + if ! "$QUICK"; then + prompt "Commit changes" commit + prompt "Reboot system" sudo systemctl reboot + fi + + info "Rebuild script completed successfully." + exit 0 + '' diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix new file mode 100644 index 0000000..873dbcd --- /dev/null +++ b/nix/homes/rafiq/darwin.nix @@ -0,0 +1,21 @@ +{ lib, ... }: +let + inherit (lib.modules) mkIf; +in +{ + flake.modules.homeManager.rafiq = + { + pkgs, + config, + hostName, + hostConfig, + ... + }: + mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") { + home.file."Library/Application Support/aichat/config.yaml".text = '' + model: gemini:gemini-2.0-flash + clients: + - type: gemini + ''; + }; +} diff --git a/nix/homes/rafiq/default.nix b/nix/homes/rafiq/default.nix new file mode 100644 index 0000000..86b4733 --- /dev/null +++ b/nix/homes/rafiq/default.nix @@ -0,0 +1,146 @@ +{ lib, inputs, ... }: +let + inherit (lib.strings) concatStrings; +in +{ + flake.modules.homeManager.rafiq = + { pkgs, ... }: + { + imports = [ + inputs.nvf.homeManagerModules.default + inputs.nix-index-database.hmModules.nix-index + ]; + persistDirs = [ + ".local/share/zoxide" + "notebook" + ]; + xdg.configFile."aichat/config.yaml".text = '' + model: gemini:gemini-2.0-flash + clients: + - type: gemini + ''; + home = { + sessionVariables = { + EDITOR = "nvim"; + FETCH = "hyfetch"; + FILE_BROWSER = "yazi"; + SHELL = "fish"; + }; + shellAliases = { + fetch = "hyfetch"; + windows = "sudo systemctl reboot --boot-loader-entry=auto-windows"; + v = "$EDITOR"; + e = "edit"; + cd = "z"; # zoxide + ai = "aichat -r %shell% -e"; + }; + packages = with pkgs; [ + fastfetch + ripgrep + aichat + (import ./_scripts/edit.nix { inherit pkgs; }) + (import ./_scripts/commit.nix { inherit pkgs; }) + (import ./_scripts/note.nix { inherit pkgs; }) + (import ./_scripts/rebuild.nix { inherit pkgs; }) + ]; + }; + programs = { + mise.enable = true; + nvf.enable = true; + nvf.settings.vim = { + syntaxHighlighting = true; + hideSearchHighlight = true; + searchCase = "ignore"; + undoFile.enable = true; + telescope.enable = true; + fzf-lua.enable = true; + git.enable = true; + autopairs.nvim-autopairs.enable = true; + autocomplete = import ./_nvf/autocomplete.nix { inherit lib; }; + binds = import ./_nvf/binds.nix; + languages = import ./_nvf/languages.nix; + lsp = import ./_nvf/lsp.nix; + navigation = import ./_nvf/navigation.nix; + notes.todo-comments.enable = true; + options = { + autoindent = true; + backspace = "indent,eol,start"; + cursorline = true; + expandtab = true; + shiftwidth = 2; + smartindent = true; + tabstop = 2; + }; + snippets = import ./_nvf/snippets.nix { inherit pkgs; }; + statusline = import ./_nvf/statusline.nix; + treesitter = { + autotagHtml = true; + fold = true; + indent.disable = [ "markdown" ]; + textobjects.enable = true; + }; + ui = import ./_nvf/ui.nix; + utility = import ./_nvf/utility.nix; + visuals = import ./_nvf/visuals.nix; + }; + zk = { + enable = true; + settings.notebook.dir = "~/notebook"; + }; + hyfetch = { + enable = true; + settings = { + preset = "bisexual"; + mode = "rgb"; + light_dark = "dark"; + lightness = 0.5; + color_align = { + # Flag color alignment + mode = "horizontal"; + fore_back = null; + }; + backend = "fastfetch"; + }; + }; + + tealdeer.enable = true; + tealdeer.enableAutoUpdates = true; + direnv = { + enable = true; + nix-direnv.enable = true; + }; + zoxide.enable = true; + nix-index.enable = true; + nix-index-database.comma.enable = true; + fzf.enable = true; + fzf.enableZshIntegration = true; + yazi = { + enable = true; + shellWrapperName = "t"; + settings.mgr.sort_by = "natural"; + }; + fish.enable = true; + starship = { + enable = true; + settings = { + add_newline = false; + format = concatStrings [ + # First Line + ## Left Prompt + "$hostname$directory" + "$fill" + ## Right Prompt + "$all" + # Second Line + ## Left Prompt + "$character" + ]; + git_branch.format = "[$symbol$branch(:$remote_branch)]($style) "; + shlvl.disabled = false; + username.disabled = true; + fill.symbol = " "; + }; + }; + }; + }; +} diff --git a/modules/home/desktop/windowManager/hyprland/decoration.nix b/nix/homes/rafiq/desktop/_hyprland/decoration.nix similarity index 81% rename from modules/home/desktop/windowManager/hyprland/decoration.nix rename to nix/homes/rafiq/desktop/_hyprland/decoration.nix index 8748050..ee3d444 100644 --- a/modules/home/desktop/windowManager/hyprland/decoration.nix +++ b/nix/homes/rafiq/desktop/_hyprland/decoration.nix @@ -1,5 +1,5 @@ { - animation = [ "workspaces, 0" ]; + animation = [ "workspaces, 1, 1, default" ]; general = { border_size = 2; gaps_in = 0; diff --git a/modules/home/desktop/windowManager/hyprland/keybinds.nix b/nix/homes/rafiq/desktop/_hyprland/keybinds.nix similarity index 53% rename from modules/home/desktop/windowManager/hyprland/keybinds.nix rename to nix/homes/rafiq/desktop/_hyprland/keybinds.nix index c12fc63..9e75db1 100644 --- a/modules/home/desktop/windowManager/hyprland/keybinds.nix +++ b/nix/homes/rafiq/desktop/_hyprland/keybinds.nix @@ -6,11 +6,12 @@ "$hypr, Q, exec, uwsm stop" "SUPER, W, killactive" - "SUPER, return, exec, uwsm app -- $TERMINAL $MULTIPLEXER" + "SUPER, return, exec, uwsm app -- $TERMINAL" "SUPER, O, exec, uwsm app -- $BROWSER" "SUPER, Escape, exec, uwsm app -- $LOCKSCREEN" - "SUPER, space, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")" + #TODO:add file browser + #TODO: make it directional "SUPER, H, cyclenext, visible" "SUPER, L, cyclenext, visible prev" "SUPER_ALT, H, movewindow, l" @@ -25,15 +26,31 @@ "SUPER_CTRL, L, workspace, r+1" "$hypr, H, movetoworkspace, r-1" "$hypr, L, movetoworkspace, r+1" + + "$hypr, V, togglefloating" + ]; + + bindr = [ + # Activates on SUPER without any other modifier + "SUPER, Super_L, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")" ]; bindle = [ - "SUPER, 6, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" + "SUPER, 6, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" "SUPER, 7, exec, ${pkgs.playerctl}/bin/playerctl previous" - "SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl play-pause" + "SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl -a play-pause" "SUPER, 9, exec, ${pkgs.playerctl}/bin/playerctl next" - "SUPER, 0, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" - "$meh, mouse_up, resizeactive, 10% 10%" - "$meh, mouse_down, resizeactive, -10% -10%" + "SUPER, 0, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" + + "ALT, mouse_up, resizeactive, 10% 10%" + "ALT, mouse_down, resizeactive, -10% -10%" + ]; + + bindm = [ + "ALT, mouse:272, movewindow" + "ALT, mouse:273, resizeactive" + ]; + bindc = [ + "ALT, mouse:272, togglefloating" ]; } diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix new file mode 100644 index 0000000..e1f598c --- /dev/null +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -0,0 +1,37 @@ +{ config, ... }: +let + inherit (config.manifest) admin; +in +{ + flake.modules.darwin.graphical.homebrew = { + enable = true; + user = admin.username; + onActivation.cleanup = "uninstall"; + brews = [ + "mise" + "docker" + ]; + casks = [ + "ghostty" + "slack" + "gitify" + "telegram" + "vial" + "linear-linear" + "chatgpt" + ]; + }; + flake.modules.homeManager.rafiq = { + # make sure brew is on the path for M1 + programs.zsh.initContent = '' + if [[ $(uname -m) == 'arm64' ]]; then + eval "$(/opt/homebrew/bin/brew shellenv)" + fi + ''; + programs.fish.shellInit = '' + if test (uname -m) = "arm64" + eval (/opt/homebrew/bin/brew shellenv) + end + ''; + }; +} diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix new file mode 100644 index 0000000..277d445 --- /dev/null +++ b/nix/homes/rafiq/desktop/default.nix @@ -0,0 +1,61 @@ +{ lib, inputs, ... }: +{ + flake.modules.homeManager.rafiq = + { pkgs, config, ... }: + let + inherit (lib.modules) mkIf; + inherit (builtins) map listToAttrs; + inherit (lib.lists) findFirstIndex; + inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons; + profiles = listToAttrs ( + map (name: { + inherit name; + # If there are duplicate profile names, findFirstIndex will cause issues. + value = profileCfg (findFirstIndex (x: x == name) null syncedProfiles); + }) syncedProfiles + ); + syncedProfiles = [ + "rafiq" + "test" + ]; + profileCfg = id: { + inherit id; + settings."extensions.autoDisableScopes" = 0; # Auto enable extensions + extensions = { + force = true; + packages = with firefox-addons; [ + darkreader + gesturefy + sponsorblock + ublock-origin + ]; + }; + }; + in + mkIf config.graphical { + stylix = { + image = ./wallpaper.png; + targets = { + firefox.colorTheme.enable = true; + firefox.profileNames = syncedProfiles; + }; + }; + home = { + sessionVariables = { + BROWSER = "firefox"; + TERMINAL = "ghostty"; + }; + }; + programs = { + vesktop.enable = true; + thunderbird.enable = true; + thunderbird.profiles.rafiq.isDefault = true; + # ghostty is broken on nix-darwin + ghostty.settings.confirm-close-surface = false; + firefox = { + enable = true; + inherit profiles; + }; + }; + }; +} diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix new file mode 100644 index 0000000..e7d66b4 --- /dev/null +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -0,0 +1,232 @@ +{ lib, config, ... }: +let + inherit (config.manifest) admin; +in +{ + allowedUnfreePackages = [ + "stremio-shell" + "stremio-server" + "steam" + "steam-unwrapped" + ]; + flake.modules.nixos.graphical = + { config, pkgs, ... }: + { + fonts.packages = [ pkgs.font-awesome ]; + services.getty.autologinUser = admin.username; + # Start Hyprland at boot only if not connecting through SSH + environment.loginShellInit = # sh + '' + if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then + if uwsm check may-start; then + exec uwsm start hyprland-uwsm.desktop + fi + fi + ''; + environment.variables = { + # Get Electron apps to use Wayland + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + NIXOS_OZONE_WL = "1"; + }; + programs = { + hyprland = { + enable = true; + # Use UWSM to have each process controlled by systemd init + withUWSM = true; + }; + steam = { + enable = true; + gamescopeSession.enable = true; + }; + }; + security.pam.services.hyprlock = { }; + services.sunshine = { + enable = true; + capSysAdmin = true; + openFirewall = true; + settings = { + sunshine_name = config.networking.hostName; + origin_pin_allowed = "wan"; + origin_web_ui_allowed = "wan"; + }; + applications = { }; + }; + # spotifyd + networking.firewall.allowedTCPPorts = [ 5353 ]; + networking.firewall.allowedUDPPorts = [ 5353 ]; + }; + flake.modules.homeManager.rafiq = + { + pkgs, + config, + hostName, + hostConfig, + ... + }: + let + inherit (lib.modules) mkMerge mkIf; + in + mkIf (config.graphical && pkgs.system == "x86_64-linux") { + stylix.targets.waybar.addCss = false; + persistDirs = [ + "docs" + "repos" + "vids" + "tmp" + ".cache/Smart Code ltd/Stremio" + ".local/share/Smart Code ltd/Stremio" + ".mozilla/firefox" + ".tor project" + ".local/share/Steam" + ".local/share/PrismLauncher" + ".config/sunshine" + ]; + home = { + packages = with pkgs; [ + wl-clipboard-rs + stremio + tor-browser + vlc + prismlauncher + ]; + sessionVariables = { + LAUNCHER = "fuzzel"; + LOCKSCREEN = "hyprlock"; + NOTIFICATION_DAEMON = "mako"; + STATUS_BAR = "waybar"; + }; + }; + # xdg.configFile."uwsm/env".text = # sh + # '' + # # Force apps to scale right with Wayland + # export GDK_SCALE=${mainMonitor.scale} + # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} + # ''; + # xdg.configFile."uwsm/env-hyprland".text = # sh + # '' + # export GDK_SCALE=${mainMonitor.scale} + # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} + # ''; + wayland.windowManager.hyprland = { + enable = true; + # This is needed for UWSM + systemd.enable = false; + # Null the packages since we use them system wide + package = null; + portalPackage = null; + settings = mkMerge [ + (import ./_hyprland/decoration.nix) + (import ./_hyprland/keybinds.nix { inherit pkgs; }) + { + ecosystem.no_update_news = true; + xwayland.force_zero_scaling = true; + monitor = + let + mainMonitor = hostConfig.machine.monitors.main; + in + [ + "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" + ", preferred, auto, 1" + ]; + exec-once = [ + "uwsm app -- $LOCKSCREEN" + "uwsm app -- $NOTIFICATION_DAEMON" + "uwsm app -- $STATUS_BAR" + ]; + } + ]; + }; + services = { + spotifyd.enable = true; + spotifyd.settings.global = { + device_name = "${hostName}"; + device_type = "computer"; + zeroconf_port = 5353; + }; + mako.enable = true; + mako.settings.default-timeout = 10000; + }; + programs = { + obs-studio.enable = true; + fuzzel.enable = true; + ghostty.enable = true; + waybar = { + enable = true; + settings = [ + { + layer = "top"; + modules-left = [ + "pulseaudio" + ]; + modules-right = [ + "battery" + "clock" + ]; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = ""; + format-icons.default = [ + "" + "" + ]; + on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; + }; + "clock" = { + interval = 1; + format = "{:%F %T}"; + }; + "battery" = { + interval = 1; + bat-compatibility = true; + }; + } + ]; + style = # css + '' + window#waybar { + background-color: rgba(0, 0, 0, 0); + } + + #pulseaudio, + #battery, + #clock { + padding-top: 5px; + padding-bottom: 5px; + padding-right: 5px; + color: #ffffff; + } + ''; + }; + hyprlock = { + enable = true; + settings = { + general.hide_cursor = true; + general.ignore_empty_input = true; + background.blur_passes = 5; + background.blur_size = 5; + label = { + text = ''hi, $USER.''; + font_size = 32; + position = "0, 0"; + halign = "center"; + valign = "center"; + zindex = 1; + shadow_passes = 5; + shadow_size = 5; + }; + input-field = { + placeholder_text = ""; + fade_on_empty = true; + size = "200, 45"; + position = "0, -5%"; + halign = "center"; + valign = "center"; + zindex = 1; + shadow_passes = 5; + shadow_size = 5; + }; + }; + }; + }; + }; +} diff --git a/nix/homes/rafiq/desktop/wallpaper.png b/nix/homes/rafiq/desktop/wallpaper.png new file mode 100644 index 0000000..cabd21f Binary files /dev/null and b/nix/homes/rafiq/desktop/wallpaper.png differ diff --git a/modules/home/cli/utilities/git.nix b/nix/homes/rafiq/git.nix similarity index 59% rename from modules/home/cli/utilities/git.nix rename to nix/homes/rafiq/git.nix index 9de797a..fd6d21d 100644 --- a/modules/home/cli/utilities/git.nix +++ b/nix/homes/rafiq/git.nix @@ -1,22 +1,18 @@ -{ config, ... }: { - config = { - home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; + flake.modules.homeManager.rafiq = { home.shellAliases = { gs = "git status"; gc = "git commit"; gcam = "git commit -am"; gu = "git push"; gy = "git pull"; + gdh = "git diff HEAD"; }; programs.git = { enable = true; - userName = config.cli.git.name; - userEmail = config.cli.git.email; - signing.key = "~/.ssh/id_ed25519.pub"; signing.signByDefault = true; extraConfig = { - init.defaultBranch = config.cli.git.defaultBranch; + init.defaultBranch = "prime"; push.autoSetupRemote = true; pull.rebase = false; core.editor = "$EDITOR"; diff --git a/nix/lib/attrsets.nix b/nix/lib/attrsets.nix new file mode 100644 index 0000000..1361c2a --- /dev/null +++ b/nix/lib/attrsets.nix @@ -0,0 +1,54 @@ +{ lib, ... }: +let + inherit (builtins) attrNames head; + inherit (lib.trivial) pipe; + inherit (lib.attrsets) filterAttrs; +in +{ + flake.lib.attrsets = { + /** + `firstAttrNameMatching pred set` filters an attribute set `set` based on a predicate `pred` + and returns the *first* attribute name that satisfies the predicate. + + # Example + + ```nix + let + mySet = { + a = { value = 1; }; + b = { value = 2; }; + c = { value = 3; }; + }; + + isGreaterThanOne = name: value: value.value > 1; + + result = firstAttrNameMatching isGreaterThanOne mySet; + + in + result + # Output: "b" + ``` + + # Type + + ``` + firstAttrNameMatching :: (String -> Any -> Bool) -> AttrSet -> String + ``` + + # Arguments + + pred + : A function that takes an attribute name and its value and returns a boolean. + + set + : The attribute set to filter. + */ + firstAttrNameMatching = + pred: set: + pipe set [ + (filterAttrs pred) + attrNames + head + ]; + }; +} diff --git a/nix/lib/lists.nix b/nix/lib/lists.nix new file mode 100644 index 0000000..370362f --- /dev/null +++ b/nix/lib/lists.nix @@ -0,0 +1,13 @@ +let + inherit (builtins) length tail; +in +{ + flake.lib.lists = rec { + shortenList = + count: list: + let + len = length list; + in + if len <= count then list else (shortenList count (tail list)); + }; +} diff --git a/nix/lib/modules.nix b/nix/lib/modules.nix new file mode 100644 index 0000000..ba27bfd --- /dev/null +++ b/nix/lib/modules.nix @@ -0,0 +1,100 @@ +{ lib, config, ... }: +let + inherit (builtins) foldl' attrNames; + inherit (lib.attrsets) mapAttrs; +in +{ + flake.lib.modules = { + /** + Fold over the users list and create an attribute set. + + # Inputs + + `f` + + : A function that takes the name of a user and returns an attribute set. + + # Type + + ``` + userListToAttrs :: (String -> AttrSet) -> AttrSet + ``` + + # Examples + :::{.example} + ## `userListToAttrs` usage example + + ```nix + flake.manifest.users.rafiq = { ... }; + flake.modules.homeManager.users = userListToAttrs (name: { + ${name}.home.username = name; + }); + => flake.modules.homeManager.default.users.rafiq.home.username = "rafiq"; + ``` + + ::: + */ + userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); + /** + Return an attribute set for use with a option that needs to be used for all users. + + # Inputs + + `attrset` + + : An attribute set to apply to all the users. + + # Type + + ``` + forAllUsers :: AttrSet -> AttrSet + ``` + + # Examples + :::{.example} + ## `forAllUsers` usage example + + ```nix + flake.manifest.users.rafiq = { ... }; + flake.modules.nixos.default.users = forAllUsers { + isNormalUser = true; + }; + => flake.modules.nixos.default.users.rafiq.isNormalUser = true; + ``` + + ::: + */ + forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; + + /** + Like forAllUsers, but passes in the name and value from the manifest. + + # Inputs + + `f` + + : A function that takes an attribute name and its value, and returns the new value for the attribute. + + # Type + + ``` + forAllUsers' :: (String -> Any -> Any) -> AttrSet + ``` + + # Examples + :::{.example} + ## `forAllUsers'` usage example + + ```nix + flake.manifest.users.rafiq = { ... }; + flake.modules.homeManager.users = forAllUsers' (name: value: { + home.username = name; + }); + => flake.modules.homeManager.default.users.rafiq.home.username = "rafiq"; + ``` + + ::: + */ + forAllUsers' = f: mapAttrs f config.manifest.users; + }; +} diff --git a/nix/lib/options.nix b/nix/lib/options.nix new file mode 100644 index 0000000..4d0c329 --- /dev/null +++ b/nix/lib/options.nix @@ -0,0 +1,45 @@ +{ lib, ... }: +let + inherit (lib.options) mkOption; + inherit (lib.types) + str + path + int + port + attrs + ; +in +{ + flake.lib.options = { + mkStrOption = + default: + mkOption { + inherit default; + type = str; + }; + mkAttrOption = + default: + mkOption { + inherit default; + type = attrs; + }; + mkIntOption = + default: + mkOption { + inherit default; + type = int; + }; + mkPortOption = + default: + mkOption { + type = port; + inherit default; + }; + mkPathOption = + default: + mkOption { + type = path; + inherit default; + }; + }; +} diff --git a/nix/lib/services.nix b/nix/lib/services.nix new file mode 100644 index 0000000..7ec6025 --- /dev/null +++ b/nix/lib/services.nix @@ -0,0 +1,69 @@ +{ config, lib, ... }: +let + inherit (builtins) length concatStringsSep; + inherit (lib.options) mkEnableOption; + inherit (lib.strings) splitString; + inherit (lib.lists) singleton; + inherit (lib.modules) mkMerge mkIf; + inherit (cfg.lib.options) mkStrOption mkPortOption mkAttrOption; + inherit (cfg.lib.lists) shortenList; + cfg = config.flake; +in +{ + flake.lib.services = rec { + splitDomain = domain: splitString "." domain; + isRootDomain = domain: length (splitDomain domain) <= 2; + mkRootDomain = domain: concatStringsSep "." (shortenList 2 (splitDomain domain)); + mkWildcardDomain = rootDomain: concatStringsSep "." ((singleton "*") ++ (splitDomain rootDomain)); + mkHost = domain: if isRootDomain domain then domain else mkWildcardDomain (mkRootDomain domain); + mkWebApp = + { + config, + name, + defaultPort, + persistDirs ? [ ], + extraOptions ? { }, + extraConfig ? { }, + }: + let + cfg = config.server.web-apps.${name}; + networkingConfig = + { + config, + cfg, + name, + }: + mkIf (cfg.domain != "") { + assertions = singleton { + assertion = config.server.web-servers.nginx.enable; + message = "You must enable a web server if you want to set server.web-apps.${name}.domain."; + }; + server.ddns.domains = singleton (mkRootDomain cfg.domain); + server.web-servers.nginx.proxies = singleton { + source = cfg.domain; + target = "http://${config.networking.hostName}:${toString cfg.port}"; + }; + }; + + in + { + options.server.web-apps.${name} = { + enable = mkEnableOption ""; + port = mkPortOption defaultPort; + domain = mkStrOption ""; + openFirewall = mkEnableOption ""; + extraCfg = mkAttrOption { }; + } // extraOptions; + + config = mkIf cfg.enable (mkMerge [ + { + inherit persistDirs; + networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; }; + } + (networkingConfig { inherit config cfg name; }) + extraConfig + ]); + }; + + }; +} diff --git a/nix/manifest.nix b/nix/manifest.nix new file mode 100644 index 0000000..4f4f42f --- /dev/null +++ b/nix/manifest.nix @@ -0,0 +1,104 @@ +{ + manifest = { + users.rafiq = { + primary = true; + name = "Mohammad Rafiq"; + email = "rafiq@rrv.sh"; + shell = "fish"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; + }; + hosts = { + darwin = { + venus = { + graphical = true; + machine.platform = "intel"; + }; + hephaestus = { + graphical = true; + machine.platform = "apple-silicon"; + }; + }; + nixos = { + nemesis = { + graphical = true; + machine = { + platform = "amd"; + gpu = "nvidia"; + root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; + monitors.main = { + id = "desc:OOO AN-270W04K"; + resolution = "3840x2160"; + refresh-rate = "60"; + scale = "2"; + }; + }; + extraCfg = { + machine = { + bluetooth.enable = true; + usb.automount = true; + usb.qmk.enable = true; + virtualisation = { + podman.enable = true; + podman.distrobox.enable = true; + }; + }; + server.web-apps = { + comfy-ui.enable = true; + sd-webui-forge.enable = true; + }; + }; + }; + apollo = { + graphical = false; + machine = { + platform = "intel"; + root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; + }; + extraCfg.server = { + ddns = { + enable = true; + domains = [ + "aenyrathia.wiki" + "slayment.com" + ]; + }; + web-servers = { + enableSSL = true; + nginx = { + enable = true; + proxies = [ + { + source = "aenyrathia.wiki"; + target = "http://helios:5896"; + } + { + source = "il.bwfiq.com"; + target = "http://helios:2283"; + } + ]; + }; + }; + databases = { + mongodb.enable = true; + mysql.enable = true; + postgresql.enable = true; + }; + web-apps = { + librechat = { + enable = true; + domain = "chat.bwfiq.com"; + }; + forgejo = { + enable = true; + domain = "git.rrv.sh"; + openFirewall = true; + }; + rrv-sh.enable = true; + rrv-sh.domain = "rrv.sh"; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/meta.nix b/nix/meta.nix new file mode 100644 index 0000000..9b93c47 --- /dev/null +++ b/nix/meta.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + inputs, + ... +}: +let + inherit (lib.options) mkOption; + inherit (lib.types) path lazyAttrsOf raw; + inherit (inputs.flake-parts.lib) mkSubmoduleOptions; + cfg = config.flake; +in +{ + options.flake = mkSubmoduleOptions { + self = mkOption { type = raw; }; + lib = mkOption { + type = lazyAttrsOf raw; + default = { }; + }; + paths = { + root = mkOption { type = path; }; + secrets = mkOption { + type = path; + readOnly = true; + }; + }; + }; + config.flake = { + paths.secrets = cfg.paths.root + "/secrets"; + }; +} diff --git a/nix/modules/cli/git.nix b/nix/modules/cli/git.nix new file mode 100644 index 0000000..0571ca3 --- /dev/null +++ b/nix/modules/cli/git.nix @@ -0,0 +1,17 @@ +{ config, ... }: +let + inherit (config.manifest) users; +in +{ + flake.modules.homeManager.default = + { config, ... }: + { + home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; + programs.git = { + enable = true; + userName = users.${config.home.username}.name; + userEmail = users.${config.home.username}.email; + signing.key = "~/.ssh/id_ed25519.pub"; + }; + }; +} diff --git a/nix/modules/cli/nix.nix b/nix/modules/cli/nix.nix new file mode 100644 index 0000000..a69b1d6 --- /dev/null +++ b/nix/modules/cli/nix.nix @@ -0,0 +1,13 @@ +{ + flake.modules.nixos.default.nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + flake.modules.darwin.default = { + nix.enable = false; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + }; +} diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix new file mode 100644 index 0000000..ac1617d --- /dev/null +++ b/nix/modules/cli/shell.nix @@ -0,0 +1,36 @@ +{ config, lib, ... }: +let + cfg = config.flake; + inherit (config.manifest) users; + inherit (cfg.lib.modules) forAllUsers'; + inherit (lib.attrsets) mapAttrs'; +in +{ + flake.modules = { + nixos.default = + { pkgs, ... }: + { + programs = mapAttrs' (name: value: { + name = value.shell; + value.enable = true; + }) users; + users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); + }; + darwin.default = + { pkgs, ... }: + { + programs = mapAttrs' (name: value: { + name = value.shell; + value.enable = true; + }) users; + users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); + environment.shells = [ pkgs.fish ]; + }; + homeManager.default = + { config, ... }: + { + programs.${users.${config.home.username}.shell}.enable = true; + home.shell.enableShellIntegration = true; + }; + }; +} diff --git a/nix/modules/graphical/default.nix b/nix/modules/graphical/default.nix new file mode 100644 index 0000000..0ba55ca --- /dev/null +++ b/nix/modules/graphical/default.nix @@ -0,0 +1,17 @@ +{ lib, ... }: +let + inherit (lib.options) mkEnableOption; +in +{ + flake.modules = { + nixos.graphical = { + home-manager.sharedModules = [ { graphical = true; } ]; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + }; + homeManager.default.options.graphical = mkEnableOption ""; + darwin.graphical.home-manager.sharedModules = [ { graphical = true; } ]; + }; +} diff --git a/nix/modules/graphical/stylix.nix b/nix/modules/graphical/stylix.nix new file mode 100644 index 0000000..c347b6a --- /dev/null +++ b/nix/modules/graphical/stylix.nix @@ -0,0 +1,20 @@ +{ inputs, ... }: +{ + # needs to be default because the options get + # evaluated even if graphical is set to false + flake.modules.nixos.default = + { pkgs, ... }: + { + imports = [ inputs.stylix.nixosModules.stylix ]; + stylix.enable = true; + stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; + }; + flake.modules.darwin.default = + { pkgs, ... }: + { + imports = [ inputs.stylix.darwinModules.stylix ]; + stylix.enable = true; + #TODO: move into manifest + stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; + }; +} diff --git a/nix/modules/machine/bootloader.nix b/nix/modules/machine/bootloader.nix new file mode 100644 index 0000000..2fefe52 --- /dev/null +++ b/nix/modules/machine/bootloader.nix @@ -0,0 +1,18 @@ +{ + flake.modules.nixos.default.boot = { + initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + loader.efi.canTouchEfiVariables = true; + #TODO: disable for mbp? + loader.systemd-boot = { + enable = true; + configurationLimit = 5; + }; + }; +} diff --git a/nix/modules/machine/default.nix b/nix/modules/machine/default.nix new file mode 100644 index 0000000..ce8c615 --- /dev/null +++ b/nix/modules/machine/default.nix @@ -0,0 +1,58 @@ +{ lib, ... }: +let + inherit (lib.options) mkEnableOption; + inherit (lib.modules) mkIf mkMerge; +in +{ + flake.modules.nixos.default = + { + config, + modulesPath, + pkgs, + ... + }: + let + cfg = config.machine; + in + { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + options.machine = { + bluetooth.enable = mkEnableOption ""; + usb.automount = mkEnableOption ""; + usb.qmk.enable = mkEnableOption ""; + }; + config = mkMerge [ + (mkIf cfg.usb.automount { + services.udisks2.enable = true; + home-manager.sharedModules = [ + { + services.udiskie = { + enable = true; + automount = true; + notify = true; + }; + } + ]; + }) + (mkIf cfg.usb.qmk.enable { + hardware.keyboard.qmk.enable = true; + services.udev = { + packages = with pkgs; [ + vial + qmk + qmk-udev-rules + qmk_hid + ]; + }; + + }) + (mkIf cfg.bluetooth.enable { + persistDirs = [ "/var/lib/bluetooth" ]; + hardware.bluetooth = { + enable = true; + settings.General.Experimental = true; + }; + }) + ]; + }; +} diff --git a/nix/modules/machine/gpu.nix b/nix/modules/machine/gpu.nix new file mode 100644 index 0000000..8517036 --- /dev/null +++ b/nix/modules/machine/gpu.nix @@ -0,0 +1,37 @@ +{ + allowedUnfreePackages = [ + "nvidia-x11" + "nvidia-settings" + ]; + flake.modules.nixos.default = + { + config, + pkgs, + hostConfig, + ... + }: + let + inherit (hostConfig.machine) gpu; + in + if gpu == "nvidia" then + { + hardware = { + graphics.enable = true; + graphics.extraPackages = [ pkgs.nvidia-vaapi-driver ]; + nvidia.open = true; + nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; + }; + services.xserver.videoDrivers = [ "nvidia" ]; + environment.variables = { + LIBVA_DRIVER_NAME = "nvidia"; + __GLX_VENDOR_LIBRARY_NAME = "nvidia"; + NVD_BACKEND = "direct"; + }; + nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; + nix.settings.trusted-public-keys = [ + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + ]; + } + else + { }; +} diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix new file mode 100644 index 0000000..62943b4 --- /dev/null +++ b/nix/modules/machine/platform.nix @@ -0,0 +1,23 @@ +{ + flake.modules.nixos.default = + { hostConfig, ... }: + let + inherit (hostConfig.machine) platform; + arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; + in + { + hardware.cpu.${platform}.updateMicrocode = true; + boot.kernelModules = [ "kvm-${platform}" ]; + nixpkgs.hostPlatform = "${arch}-linux"; + }; + + flake.modules.darwin.default = + { hostConfig, ... }: + let + inherit (hostConfig.machine) platform; + arch = if platform == "intel" then "x86_64" else "aarch64"; + in + { + nixpkgs.hostPlatform = "${arch}-darwin"; + }; +} diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix new file mode 100644 index 0000000..9c7d4ea --- /dev/null +++ b/nix/modules/machine/root.nix @@ -0,0 +1,95 @@ +{ lib, inputs, ... }: +let + inherit (lib.modules) mkMerge mkIf mkAfter; +in +{ + flake.modules.nixos.default = + { hostConfig, ... }: + let + inherit (hostConfig.machine) root; + in + { + imports = [ inputs.disko.nixosModules.disko ]; + config = mkMerge [ + { + # BTRFS - may add more later on + boot.initrd.kernelModules = [ "dm-snapshot" ]; + disko.devices.disk.main = { + device = root.drive; + content.type = "gpt"; + content.partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + swap = { + size = "4G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + + disko.devices.lvm_vg.root_vg = { + type = "lvm_vg"; + lvs.root = { + size = "100%FREE"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root".mountpoint = "/"; + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "noatime" + ]; + }; + }; + }; + }; + }; + } + # Ephemeral by default - assumes btrfs + (mkIf root.ephemeral { + boot.initrd.postDeviceCommands = mkAfter '' + mkdir /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + + if [[ -e /btrfs_tmp/root ]]; then + btrfs subvolume delete "/btrfs_tmp/root" + fi + ''; + }) + ]; + }; +} diff --git a/nix/modules/machine/virtualisation.nix b/nix/modules/machine/virtualisation.nix new file mode 100644 index 0000000..81b586e --- /dev/null +++ b/nix/modules/machine/virtualisation.nix @@ -0,0 +1,36 @@ +{ lib, config, ... }: +let + inherit (lib.modules) mkIf; + inherit (lib.options) mkEnableOption; + inherit (lib.lists) optional; + inherit (config.flake.lib.modules) forAllUsers; +in +{ + flake.modules.nixos.default = + { pkgs, config, ... }: + let + cfg = config.machine.virtualisation; + in + { + options.machine.virtualisation = { + podman.enable = mkEnableOption ""; + podman.distrobox.enable = mkEnableOption ""; + }; + config = mkIf cfg.podman.enable { + virtualisation.containers.enable = true; + virtualisation.podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + users.users = forAllUsers { + extraGroups = [ "podman" ]; + autoSubUidGidRange = cfg.podman.distrobox.enable; + }; + home-manager.sharedModules = optional cfg.podman.distrobox.enable { + home.packages = [ pkgs.distrobox ]; + persistDirs = [ ".local/share/containers" ]; + }; + }; + }; +} diff --git a/nix/modules/networking/default.nix b/nix/modules/networking/default.nix new file mode 100644 index 0000000..435e501 --- /dev/null +++ b/nix/modules/networking/default.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +let + inherit (lib.modules) mkDefault; +in +{ + flake.modules.nixos.default = + { hostName, ... }: + { + networking = { + inherit hostName; + enableIPv6 = false; + useDHCP = mkDefault true; + networkmanager.enable = true; + }; + }; +} diff --git a/nix/modules/networking/ssh.nix b/nix/modules/networking/ssh.nix new file mode 100644 index 0000000..2238b7e --- /dev/null +++ b/nix/modules/networking/ssh.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: +let + cfg = config.flake; + inherit (config.manifest) admin; + inherit (lib.modules) mkMerge; + inherit (cfg.lib.modules) forAllUsers'; +in +{ + flake.modules.nixos.default = mkMerge [ + { + services.openssh.enable = true; + users.users = forAllUsers' (_: value: { openssh.authorizedKeys.keys = [ value.pubkey ]; }); + persistFiles = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + } + { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } + ]; + flake.modules.homeManager.default = { + persistDirs = [ ".ssh" ]; + programs.ssh.enable = true; + programs.ssh.extraConfig = '' + Host * + SetEnv TERM=xterm-256color + ''; + }; +} diff --git a/nix/modules/networking/tailscale.nix b/nix/modules/networking/tailscale.nix new file mode 100644 index 0000000..e1ad04c --- /dev/null +++ b/nix/modules/networking/tailscale.nix @@ -0,0 +1,25 @@ +{ config, ... }: +let + inherit (config.flake.paths) secrets; +in +{ + flake.modules.nixos.default = + { config, ... }: + { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/client-secret".path; + authKeyParameters.preauthorized = true; + }; + persistDirs = [ "/var/lib/tailscale" ]; + sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml"; + }; + flake.modules.darwin.default = + { pkgs, ... }: + { + services.tailscale = { + enable = true; + package = pkgs.tailscale.overrideAttrs { doCheck = false; }; + }; + }; +} diff --git a/nix/modules/server/databases.nix b/nix/modules/server/databases.nix new file mode 100644 index 0000000..2827b9d --- /dev/null +++ b/nix/modules/server/databases.nix @@ -0,0 +1,90 @@ +{ lib, config, ... }: +let + inherit (builtins) toString; + inherit (lib.modules) mkIf mkMerge mkOverride; + inherit (lib.lists) singleton; + inherit (lib.options) mkEnableOption; + inherit (config.flake.lib.options) mkPortOption; +in +{ + allowedUnfreePackages = [ "mongodb" ]; + flake.modules.nixos.default = + { config, pkgs, ... }: + let + cfg = config.server.databases; + in + { + options.server.databases = { + mongodb = { + enable = mkEnableOption "the MongoDB server"; + port = mkPortOption 27017; + }; + mysql = { + enable = mkEnableOption "the MySQL server"; + port = mkPortOption 3306; + }; + postgresql = { + enable = mkEnableOption "the postgresql server"; + port = mkPortOption 5432; + }; + }; + + config = mkMerge [ + (mkIf cfg.postgresql.enable { + networking.firewall.allowedTCPPorts = singleton cfg.postgresql.port; + persistDirs = singleton { + directory = toString config.services.postgresql.dataDir; + user = "postgres"; + group = "postgres"; + }; + services.postgresql = { + enable = true; + enableTCPIP = true; + settings = { inherit (cfg.postgresql) port; }; + authentication = mkOverride 10 '' + #type database DBuser auth-method + local all all trust + + # ipv4 + host all all 0.0.0.0/0 trust + ''; + ensureDatabases = singleton "alphastory"; + ensureUsers = singleton { + name = "alphastory"; + ensureDBOwnership = true; + }; + }; + }) + (mkIf cfg.mongodb.enable { + networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ]; + persistDirs = singleton { + directory = toString config.services.mongodb.dbpath; + user = "mongodb"; + group = "mongodb"; + }; + services.mongodb = { + enable = true; + bind_ip = "0.0.0.0"; + extraConfig = '' + net.port: ${toString cfg.mongodb.port} + ''; + }; + }) + (mkIf cfg.mysql.enable { + networking.firewall.allowedTCPPorts = [ cfg.mysql.port ]; + persistDirs = singleton { + directory = toString config.services.mysql.dataDir; + user = "mysql"; + group = "mysql"; + }; + services.mysql = { + enable = true; + package = pkgs.mariadb; + settings.mysqld = { + inherit (cfg.mysql) port; + }; + }; + }) + ]; + }; +} diff --git a/nix/modules/server/ddns.nix b/nix/modules/server/ddns.nix new file mode 100644 index 0000000..40a03ea --- /dev/null +++ b/nix/modules/server/ddns.nix @@ -0,0 +1,59 @@ +{ lib, config, ... }: +let + inherit (lib.modules) mkIf; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.types) enum str listOf; + inherit (lib.lists) unique; + inherit (builtins) map; + inherit (config.flake.paths) secrets; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + cfg = config.server.ddns; + mkDomain = domain_name: { + inherit domain_name; + sub_domains = [ + "@" + "*" + ]; + }; + in + { + options.server.ddns = { + enable = mkEnableOption ""; + type = mkOption { + type = enum [ "godns" ]; + default = "godns"; + }; + domains = mkOption { + type = listOf str; + default = [ ]; + }; + }; + + config = mkIf cfg.enable { + sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml"; + services.godns = { + enable = if (cfg.type == "godns") then true else false; + loadCredential = [ "cf_token:${config.sops.secrets."keys/cloudflare".path}" ]; + settings = { + provider = "Cloudflare"; + login_token_file = "$CREDENTIALS_DIRECTORY/cf_token"; + # Sanitize the list of domains with unique so we can add to it with every service. + domains = map mkDomain (unique cfg.domains); + resolver = "1.1.1.1"; + ip_urls = [ + "https://wtfismyip.com/text" + "https://api.ipify.org" + "https://myip.biturl.top" + "https://api-ipv4.ip.sb/ip" + ]; + ip_type = "IPv4"; + interval = 300; + }; + }; + }; + }; +} diff --git a/nix/modules/server/web-apps/comfy-ui.nix b/nix/modules/server/web-apps/comfy-ui.nix new file mode 100644 index 0000000..738e2e5 --- /dev/null +++ b/nix/modules/server/web-apps/comfy-ui.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + inputs, + ... +}: +let + inherit (lib.lists) singleton; + inherit (config.flake.lib.services) mkWebApp; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + upstreamCfg = config.services.comfyUi; + in + mkWebApp { + inherit config; + name = "comfy-ui"; + defaultPort = 8188; + persistDirs = singleton { + directory = upstreamCfg.dataDir; + inherit (upstreamCfg) user group; + mode = "777"; + }; + extraConfig.services.comfyUi = { + enable = true; + listenHost = "0.0.0.0"; + }; + } + // { + imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ]; + }; +} diff --git a/nix/modules/server/web-apps/forgejo.nix b/nix/modules/server/web-apps/forgejo.nix new file mode 100644 index 0000000..5beb028 --- /dev/null +++ b/nix/modules/server/web-apps/forgejo.nix @@ -0,0 +1,47 @@ +{ lib, config, ... }: +let + inherit (lib.lists) singleton optional; + inherit (config.flake.lib.options) mkPortOption; + inherit (config.flake.lib.services) mkWebApp; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + cfg = config.server.web-apps.forgejo; + upstreamCfg = config.services.forgejo; + in + mkWebApp { + inherit config; + name = "forgejo"; + defaultPort = 3000; + persistDirs = singleton { + directory = upstreamCfg.stateDir; + inherit (upstreamCfg) user group; + }; + extraOptions = { + sshPort = mkPortOption 2222; + }; + extraConfig = { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort; + services.forgejo = { + enable = true; + settings = { + server = { + DOMAIN = cfg.domain; + ROOT_URL = "https://${cfg.domain}/"; + HTTP_PORT = cfg.port; + START_SSH_SERVER = true; + SSH_PORT = cfg.sshPort; + }; + repository = { + USE_COMPAT_SSH_URI = false; + ENABLE_PUSH_CREATE_USER = true; + ENABLE_PUSH_CREATE_ORG = true; + }; + "repository.signing".FORMAT = "ssh"; + }; + }; + }; + }; +} diff --git a/nix/modules/server/web-apps/librechat.nix b/nix/modules/server/web-apps/librechat.nix new file mode 100644 index 0000000..63d2efa --- /dev/null +++ b/nix/modules/server/web-apps/librechat.nix @@ -0,0 +1,87 @@ +{ + lib, + inputs, + config, + ... +}: +let + inherit (lib.lists) singleton; + inherit (config.flake.lib.options) mkStrOption; + inherit (config.flake.lib.services) mkWebApp; + inherit (config.flake.paths) secrets; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + cfg = config.server.web-apps.librechat; + upstreamCfg = config.services.librechat; + in + mkWebApp { + inherit config; + name = "librechat"; + defaultPort = 3080; + persistDirs = singleton { + directory = upstreamCfg.dataDir; + inherit (upstreamCfg) user group; + }; + extraOptions.mongodbURI = mkStrOption "mongodb://${config.networking.hostName}:27017/LibreChat"; + extraConfig = { + sops.secrets = { + "librechat/creds_key".sopsFile = secrets + "/librechat.yaml"; + "librechat/creds_iv".sopsFile = secrets + "/librechat.yaml"; + "librechat/jwt_secret".sopsFile = secrets + "/librechat.yaml"; + "librechat/jwt_refresh_secret".sopsFile = secrets + "/librechat.yaml"; + "keys/gemini".sopsFile = secrets + "/keys.yaml"; + "keys/openrouter".sopsFile = secrets + "/keys.yaml"; + }; + services.librechat = { + enable = true; + openFirewall = true; + inherit (cfg) port; + env = { + HOST = "0.0.0.0"; + ALLOW_REGISTRATION = "true"; + NO_INDEX = "true"; + MONGO_URI = cfg.mongodbURI; + DOMAIN_CLIENT = cfg.domain; + DOMAIN_SERVER = cfg.domain; + ENDPOINTS = "anthropic,agents,google"; + }; + credentials = { + CREDS_KEY = config.sops.secrets."librechat/creds_key".path; + CREDS_IV = config.sops.secrets."librechat/creds_iv".path; + JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path; + JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path; + OPENROUTER_KEY = config.sops.secrets."keys/openrouter".path; + GOOGLE_KEY = config.sops.secrets."keys/gemini".path; + }; + settings = { + version = "1.1.4"; + cache = true; + endpoints.custom = [ + { + name = "OpenRouter"; + apiKey = "\${OPENROUTER_KEY}"; + baseURL = "https://openrouter.ai/api/v1"; + models.default = [ "meta-llama/llama-3-70b-instruct" ]; + models.fetch = true; + titleConvo = true; + titleModel = "current_model"; + modelDisplayLabel = "OpenRouter"; + } + ]; + interface = { + privacyPolicy = { + externalUrl = "https://librechat.ai/privacy-policy"; + openNewTab = true; + }; + }; + }; + }; + }; + } + // { + imports = singleton "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix"; + }; +} diff --git a/nix/modules/server/web-apps/rrv-sh.nix b/nix/modules/server/web-apps/rrv-sh.nix new file mode 100644 index 0000000..d4c801d --- /dev/null +++ b/nix/modules/server/web-apps/rrv-sh.nix @@ -0,0 +1,23 @@ +{ config, inputs, ... }: +let + inherit (config.flake.lib.services) mkWebApp; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + cfg = config.server.web-apps.rrv-sh; + in + mkWebApp { + inherit config; + name = "rrv-sh"; + defaultPort = 2309; + extraConfig.services.rrv-sh = { + enable = true; + inherit (cfg) port; + }; + } + // { + imports = [ inputs.rrv-sh.nixosModules.default ]; + }; +} diff --git a/nix/modules/server/web-apps/sd-webui-forge.nix b/nix/modules/server/web-apps/sd-webui-forge.nix new file mode 100644 index 0000000..cf88d86 --- /dev/null +++ b/nix/modules/server/web-apps/sd-webui-forge.nix @@ -0,0 +1,34 @@ +{ + lib, + inputs, + config, + ... +}: +let + inherit (lib.lists) singleton; + inherit (config.flake.lib.services) mkWebApp; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + upstreamCfg = config.services.sd-webui-forge; + in + mkWebApp { + inherit config; + name = "sd-webui-forge"; + defaultPort = 7860; + persistDirs = singleton { + directory = upstreamCfg.dataDir; + inherit (upstreamCfg) user group; + }; + extraConfig.services.sd-webui-forge = { + enable = true; + listen = true; + extraArgs = "--cuda-malloc"; + }; + } + // { + imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ]; + }; +} diff --git a/nix/modules/server/web-servers.nix b/nix/modules/server/web-servers.nix new file mode 100644 index 0000000..9b0cf75 --- /dev/null +++ b/nix/modules/server/web-servers.nix @@ -0,0 +1,142 @@ +{ lib, config, ... }: +let + inherit (builtins) listToAttrs map; + inherit (config.flake.lib.options) mkStrOption mkPathOption; + inherit (config.flake.lib.services) mkRootDomain; + inherit (config.flake.paths) secrets; + inherit (config.manifest.admin) email; + inherit (lib.types) listOf submodule attrs; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.modules) mkMerge mkIf; + inherit (lib.lists) singleton; +in +{ + flake.modules.nixos.default = + { config, ... }: + let + cfg = config.server.web-servers; + sslCheck = good: bad: if cfg.enableSSL then good else bad; + in + { + options.server.web-servers = { + enableSSL = mkEnableOption ""; + nginx = { + enable = mkEnableOption "the Nginx server"; + openFirewall = mkEnableOption "" // { + default = true; + }; + enableDefaultSink = mkEnableOption "" // { + default = true; + }; + pages = mkOption { + default = [ ]; + type = listOf (submodule { + options = { + domain = mkStrOption ""; + root = mkPathOption ""; + extraConfig = mkOption { + type = attrs; + default = { }; + }; + locations = mkOption { + type = attrs; + default = { }; + }; + }; + }); + }; + proxies = mkOption { + default = [ ]; + type = listOf (submodule { + options = { + source = mkStrOption ""; + target = mkStrOption ""; + extraConfig = mkOption { + type = attrs; + default = { }; + }; + locations = mkOption { + type = attrs; + default = { }; + }; + }; + }); + }; + }; + }; + config = mkMerge [ + (mkIf cfg.enableSSL { + sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml"; + security.acme = { + acceptTerms = true; + defaults = { + inherit email; + dnsProvider = "cloudflare"; + credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path; + }; + certs = { + "rrv.sh".extraDomainNames = singleton "*.rrv.sh"; + "bwfiq.com".extraDomainNames = singleton "*.bwfiq.com"; + "slayment.com".extraDomainNames = singleton "*.slayment.com"; + "aenyrathia.wiki".extraDomainNames = singleton "*.aenyrathia.wiki"; + }; + }; + }) + (mkIf cfg.nginx.enable { + networking.firewall.allowedTCPPorts = mkIf cfg.nginx.openFirewall [ + 443 + 80 + ]; + users.users.nginx.extraGroups = singleton "acme"; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = mkMerge [ + (mkIf cfg.nginx.enableDefaultSink { + "_" = { + default = true; + rejectSSL = sslCheck true false; + locations."/" = { + return = "444"; + }; + }; + }) + (listToAttrs ( + map (page: { + name = page.domain; + value = { + addSSL = sslCheck true false; + useACMEHost = sslCheck (mkRootDomain page.domain) null; + acmeRoot = null; # needed for DNS validation + locations = { + "/" = { + inherit (page) root; + } // page.extraConfig; + } // page.locations; + }; + }) cfg.nginx.pages + )) + (listToAttrs ( + map (proxy: { + name = proxy.source; + value = { + addSSL = sslCheck true false; + useACMEHost = sslCheck (mkRootDomain proxy.source) null; + acmeRoot = null; # needed for DNS validation + locations = { + "/" = { + proxyPass = proxy.target; + } // proxy.extraConfig; + } // proxy.locations; + }; + }) cfg.nginx.proxies + )) + ]; + }; + }) + ]; + }; +} diff --git a/nix/modules/system/persist.nix b/nix/modules/system/persist.nix new file mode 100644 index 0000000..917440b --- /dev/null +++ b/nix/modules/system/persist.nix @@ -0,0 +1,66 @@ +{ + lib, + inputs, + config, + ... +}: +let + inherit (lib.modules) mkIf; + inherit (lib.options) mkOption; + inherit (config.flake.lib.options) mkStrOption; + inherit (lib.types) + listOf + str + coercedTo + submodule + ; + permOpts = { + user = mkStrOption "root"; + group = mkStrOption "root"; + mode = mkStrOption "0755"; + }; + mkOpts = + type: opts: + mkOption { + default = [ ]; + type = listOf ( + coercedTo str (d: { ${type} = d; }) (submodule { + options = { + ${type} = mkStrOption ""; + } // opts; + }) + ); + }; +in +{ + flake.modules.nixos.default = + { config, ... }: + { + imports = [ inputs.impermanence.nixosModules.impermanence ]; + options.persistDirs = mkOpts "directory" permOpts; + options.persistFiles = mkOpts "file" { parentDirectory = permOpts; }; + config = { + programs.fuse.userAllowOther = true; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { + hideMounts = true; + directories = config.persistDirs; + files = config.persistFiles; + }; + }; + }; + flake.modules.homeManager.default = + { config, pkgs, ... }: + { + imports = [ inputs.impermanence.homeManagerModules.impermanence ]; + options.persistDirs = mkOpts "directory" { }; + options.persistFiles = mkOpts "file" { }; + config = mkIf (pkgs.system == "x86_64-linux") { + home.persistence."/persist${config.home.homeDirectory}" = { + allowOther = true; + directories = config.persistDirs; + files = config.persistFiles; + }; + }; + }; +} diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix new file mode 100644 index 0000000..e71989d --- /dev/null +++ b/nix/modules/system/secrets.nix @@ -0,0 +1,77 @@ +{ + config, + inputs, + lib, + ... +}: +let + cfg = config.flake; + inherit (cfg.paths) secrets; + inherit (builtins) readFile; + inherit (lib.meta) getExe; + inherit (lib.strings) trim; + inherit (config.manifest.admin) username pubkey; +in +{ + flake.modules = { + nixos.default = + { config, ... }: + { + imports = [ inputs.sops-nix.nixosModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ + "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" + ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; + }; + }; + darwin.default = + { config, ... }: + { + imports = [ inputs.sops-nix.darwinModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; + }; + }; + homeManager.default.persistDirs = [ ".config/sops/age" ]; + }; + perSystem = + { pkgs, ... }: + { + files.files = [ + { + path_ = ".sops.yaml"; + drv = + pkgs.writeText ".sops.yaml" # yaml + '' + keys: + - &${username} ${trim ( + readFile "${ + pkgs.runCommand "" { } '' + mkdir $out; echo ${pubkey} | ${getExe pkgs.ssh-to-age} > $out/agepubkey + '' + }/agepubkey" + )} + creation_rules: + - path_regex: \.(yaml)$ + key_groups: + - age: + - *${username} + ''; + } + ]; + }; +} diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix new file mode 100644 index 0000000..fa7724c --- /dev/null +++ b/nix/modules/system/sudo.nix @@ -0,0 +1,19 @@ +{ config, ... }: +let + inherit (config.manifest) admin; +in +{ + flake.modules.nixos.default = { + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + users.users.${admin.username}.extraGroups = [ "wheel" ]; + }; + flake.modules.darwin.default.security = { + sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; + pam.services.sudo_local = { + enable = true; + reattach = true; + touchIdAuth = true; + }; + }; +} diff --git a/nix/modules/system/system.nix b/nix/modules/system/system.nix new file mode 100644 index 0000000..cee1df3 --- /dev/null +++ b/nix/modules/system/system.nix @@ -0,0 +1,18 @@ +{ + flake.modules = { + nixos.default = { + persistFiles = [ "/etc/machine-id" ]; + persistDirs = [ "/var/lib/systemd" ]; + time.timeZone = "Asia/Singapore"; + i18n.defaultLocale = "en_US.UTF-8"; + system.stateVersion = "25.11"; + }; + homeManager.default.home.stateVersion = "25.11"; + darwin.default = + { self, ... }: + { + system.configurationRevision = self.rev or self.dirtyRev or null; + system.stateVersion = 6; + }; + }; +} diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix new file mode 100644 index 0000000..dc80b0b --- /dev/null +++ b/nix/modules/system/users.nix @@ -0,0 +1,55 @@ +{ config, lib, ... }: +let + cfg = config.flake; + inherit (config.manifest) users admin; + inherit (cfg.lib.modules) userListToAttrs forAllUsers'; + inherit (lib.lists) findFirstIndex; + inherit (builtins) attrNames; +in +{ + flake.modules.nixos.default = + { config, ... }: + { + persistDirs = [ "/var/lib/nixos" ]; + users = { + mutableUsers = false; + groups.users.gid = 100; + users = forAllUsers' ( + name: _: { + isNormalUser = true; + hashedPasswordFile = config.sops.secrets."${name}/hashedPassword".path; + } + ); + }; + sops.secrets = userListToAttrs (name: { + "${name}/hashedPassword" = { + neededForUsers = true; + sopsFile = cfg.paths.secrets + "/users.yaml"; + }; + }); + home-manager.users = forAllUsers' ( + name: _: { + home.username = name; + home.homeDirectory = config.users.users.${name}.home; + } + ); + }; + flake.modules.darwin.default = + { config, ... }: + { + system.primaryUser = admin.username; + users.knownUsers = attrNames users; + users.users = forAllUsers' ( + name: _: { + home = "/Users/${name}"; + uid = 501 + (findFirstIndex (x: x == name) null (attrNames users)); + } + ); + home-manager.users = forAllUsers' ( + name: _: { + home.username = name; + home.homeDirectory = config.users.users.${name}.home; + } + ); + }; +} diff --git a/nix/modules/unfree-packages.nix b/nix/modules/unfree-packages.nix new file mode 100644 index 0000000..d444024 --- /dev/null +++ b/nix/modules/unfree-packages.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: +let + inherit (builtins) elem; + inherit (lib.options) mkOption; + inherit (lib.strings) getName; + inherit (lib.types) listOf str; + predicate = pkg: elem (getName pkg) config.allowedUnfreePackages; +in +{ + options.allowedUnfreePackages = mkOption { + type = listOf str; + default = [ ]; + }; + config.flake.modules = { + nixos.default.nixpkgs.config.allowUnfreePredicate = predicate; + darwin.default.nixpkgs.config.allowUnfreePredicate = predicate; + }; +} diff --git a/packages/rebuild/default.nix b/packages/rebuild/default.nix deleted file mode 100644 index adc7bd3..0000000 --- a/packages/rebuild/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ pkgs, ... }: -pkgs.writeShellScriptBin "rebuild" # sh - '' - TEST_SHELL=false - REMOTE_HOSTS=() - - while [[ $# -gt 0 ]]; do - case "$1" in - --test-shell | -t) - TEST_SHELL=true - shift - ;; - *) - REMOTE_HOSTS+=("$1") - echo ''${REMOTE_HOSTS[@]} - shift - ;; - esac - done - - if [ ! -f "flake.nix" ]; then - echo "Error: flake.nix not found in the current directory. Exiting." - exit 1 # Indicate an error - fi - - git add . - - if [ ''${#REMOTE_HOSTS[@]} -gt 0 ]; then - for host in "''${REMOTE_HOSTS[@]}"; do - echo "Rebuilding $host..." - nixos-rebuild switch --flake .#"$host" --target-host "$host" --use-remote-sudo || { - echo "Error: nixos-rebuild switch failed for $host. Check the output." - exit 1 - } - done - exit 0 - fi - - CURRENT_GENERATION=$(readlink /nix/var/nix/profiles/system | cut -d- -f2) - - if "$TEST_SHELL"; then - nh os test . || { - echo "Error: nixos-rebuild switch failed. Check the output for details." - exit 1 - } - git diff HEAD --color=always --stat --patch - (export PS1="Test shell> " - exec ${pkgs.bash}/bin/bash) || { - ${pkgs.cowsay}/bin/cowsay "You aborted." - exit 1 - } - nh os boot . || { - echo "Error: nixos-rebuild switch failed. Check the output for details." - exit 1 - } - else - git diff HEAD --color=always --stat --patch - nh os switch . || { - exit 1 - } - fi - - NEW_GENERATION=$(readlink /nix/var/nix/profiles/system | cut -d- -f2) - echo "New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION." - if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then - echo "ERROR: New config was not added to bootloader. Exiting..." - exit 1 - else - git commit - - read -p "Reboot the system now? (y/n) [n]: " -n 1 -r - echo # (optional) move to a new line - if [[ $REPLY =~ ^[Yy]$ ]]; then - echo "Rebooting the system..." - sudo systemctl reboot - else - echo "Not rebooting." - exit 0 - fi - fi - '' diff --git a/secrets/keys.yaml b/secrets/keys.yaml new file mode 100644 index 0000000..93a7ff8 --- /dev/null +++ b/secrets/keys.yaml @@ -0,0 +1,19 @@ +keys: + cloudflare: ENC[AES256_GCM,data:p2IISOuU/ShoifW5OFY/6Bi6PI0iIiQoBfnV512f2z84U9QS/KEhzA==,iv:5AkwtNAK8mD2DbvXCtTeNeIrpF/GIsSyOYxy8G4Jsqo=,tag:u2xJcRBR5WTMWdzupx4tbQ==,type:str] + gemini: ENC[AES256_GCM,data:GwXVBsQdLesgP6PUZJRrLO5u6jd6XYFv9vjNTsojOwaWlxkDeRos,iv:w6Uz6j/MfpgQdIRYqJCneWqTsA+JEsB/T3cySVY2k3c=,tag:JY+LDar1UzC6qLKLichKnQ==,type:str] + openrouter: ENC[AES256_GCM,data:kRr/f/qlso/SGyZa7J2zeQqbWDZnBoBsUvCEFbWuXpS8ah0qKDANfmX5NsJy3ehjXYOljbHl9WOxQcyriMTE8cyZodp9QySMEQ==,iv:NkWa/Q0AncaDQFo+SZEd3qKDddCxsLPgTi3bYb3SbhQ=,tag:HPTr27cxIV5mx432UMTfXQ==,type:str] +sops: + age: + - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcTdPWURrK2w1QUZubVZo + VUMrcFFQU0UxdDU3OG9PdEUxcGs2bzZNcmg0Cm03cUlPZkRMK0ZXOTllV3BtZWFp + QXBPRWtOd0xjZC9BdGdmWnVoVGpHR1UKLS0tIEpaVXlSNkhpMVZnTFZWTFVEWTgv + T3VyZXZnaGZaMVBnVko2Tlc2S3FpdDQKRiHCOtkHKugfquQfYkk4o9SMtZlo1CqZ + 3i9+9Z516KS1+ERTklBUzZDBRZISY0c2nluO+tn71wnKAMIxetKryQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-08T20:53:06Z" + mac: ENC[AES256_GCM,data:hcY1uSNp1E6LrQDpEgK8MABDijc0NQg89iEH1duq8rXFlOFG8BWrEDTasoUX3mH8RPBu5DF9YJHv216w1v2RdVz5w32e4GlcpuA8NUjNxBx38cx/GCp9bx0wEapVVf4Er+a8OmCmbp0MUhKvV3Xy5xs/ZlNJ7KppRXX9hZvzW84=,iv:7SirDOpe3ds23+XKQXe7CKnzb4yhQQWhvcARFnL0qRU=,tag:75tXPKJHfrMKYiM+XUI98Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/librechat.yaml b/secrets/librechat.yaml new file mode 100644 index 0000000..d6668cd --- /dev/null +++ b/secrets/librechat.yaml @@ -0,0 +1,20 @@ +librechat: + creds_key: ENC[AES256_GCM,data:sELKgqif9ec6VV0Q9OVk8IbUAI5noPtUB1b1WrPvxjDzJODd9YoJHWiH+N0vwORje5LiuzqZ/0Kn/UMdPfy3qw==,iv:SFFW+P0vxy4s6TkaAyCNLLXLIBrdi8oMkm7Q/Vec/yk=,tag:ZNC0vMdyh+S204Qr0itvnw==,type:str] + creds_iv: ENC[AES256_GCM,data:h8RHcW7zt8CnKrYDGxlN/H9Wim4KpLaiFl2E2AK+YJY=,iv:xRctbyBFprN6Y1Lvk08EpzZNXa0owYCph+wqcOAR/Gw=,tag:ZdA0ibjyH1Y6DAd23mfJRQ==,type:str] + jwt_secret: ENC[AES256_GCM,data:mXMi0EenuU1EIZWUyLE3wkVTouJk2QPXIKV38sfwbKfjdc28GgdsaWtunaSpD4uYBrWCv1rXq5qj18ohlAKs/g==,iv:ZWZWgYzVQh+kRN4+EEBFdWc4aWGq5IDtlEVde9mzS7I=,tag:BmWQN9yI92RHJMy/pt8rRg==,type:str] + jwt_refresh_secret: ENC[AES256_GCM,data:iw+/E0wb2Ih1iQOaCCXBN5tj98Z2CdpaJMYOiuoTanjW7bvJXGfVObXKTBTtRs1P4TzCc4qK7mes5Sa6oajBpg==,iv:3mr3PYAjJ3bncATgfSwEyrIM2YioSfSu38NUfDmk6zs=,tag:RIYJ1YBaQVpwAmlo3CKg2Q==,type:str] +sops: + age: + - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcko2MmowTkpKaDJTdjZE + NVdzbklXZngxaHhrbkhGTXlCNDkzNml4dnlZCjRWOFZCSWRKenZzN0dhYXplVzh0 + OVdaUnRkS2dIYklFS2dwUXVxaElxNkkKLS0tICtxZDV0a2hIaUM2NFBwOGwxcklz + YWJyU0VKRXFxT29TSjR1KzE0ZHJGQncKrX5Sujd617WgFDYA5r63K4ZwoJpP9m8M + xexbGVHAeSyWNjOG7x5A9gYC1/dG3NY2l5xoITn0NKi68ZEfGD/J3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-08T19:37:50Z" + mac: ENC[AES256_GCM,data:LBkUPMR8D8+IVUugWzK4a51d0lkGJqnG5D9EkHC4aGXcuSpxpxkbUDXWsqK3u1FxxfCnR87ZhD+UGd3OV6Wvsl9/v968eC/3jxuZALnOgUGcTyUayo8qLq1J6HEFUDoUoH2tk/SF0Cn2r34fkcUd1NtRdQX+C0Zsc8Tk0zIRA8U=,iv:aUvg409sogxRBgYzNECW5eH7GsSAsYY9AHWmL0UD6PA=,tag:0pMoXeuF6DLCyIdDVsPmGA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml deleted file mode 100644 index c1749e0..0000000 --- a/secrets/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -rafiq: - hashedPassword: ENC[AES256_GCM,data:SzzSPg5Ze4H+fVl6ZvAULO9FDfRehusmP6uldT4Ok2/9ZeOp9r4LgjKajoiw2A1DWD1zQ1GQwMCHKpeZjCC4rBUNWW5DMcBUJA==,iv:KktKuqr0JNhjeJIlIgkoAv6mP2dQlfQrXiIOASLPkbw=,tag:g9LarkT6EjDrH+dXSjMwPg==,type:str] -keys: - tailscale: ENC[AES256_GCM,data:sW64TZY/GtWD+8KOQDHYvnwzWiqOlsJ5782utaxVwUaiWa18hU+Ppd3gp/8f0R3rK6gskaPC22iuCuzvuA==,iv:TN2zWKgU6eXH3uaL7Ci2JKmo8Ql4DUSWS3Lxfnag7j4=,tag:s5of4wLdCp6b5VMGWLLxvw==,type:str] - gemini: ENC[AES256_GCM,data:t4XTzJLMbHBG7LNaWMwO0YyYHREYOp4Zn95Kwshunnpwq9ezVv+0,iv:ZHq1ytak7Qy5a/zHghwEIWRinDWAkk2Vxw4iu/Q/UPk=,tag:Wyk0FqLTOWelznWHg/anxg==,type:str] - cvt-jira: ENC[AES256_GCM,data:y9enN905hAxp9F6TPcnYdcnA7VQQjTsysltBn7k9CVtOYUDBX5UKCbO4VEE=,iv:Hy/RshBTSFqEVlHq/fi/UqNdbzBvMaBmXnSHAz0WplY=,tag:bBgB+HJdHRu4bg/f9vq9nw==,type:str] - cloudflare: ENC[AES256_GCM,data:nrtHnQR0Oon9BrSN0AeAjl8H8B7quuwSu/Qjabe9HFpWgcZq9n1JCA==,iv:ovyHqy5iKXDYXe4H7eRA51+kODhP+vAWoc98cS/6zG0=,tag:JyktO6EMRZ00CRhTb03+fg==,type:str] - telegram_bot: ENC[AES256_GCM,data:qGJx1Bph94oU2USjZL4h2NqV5ueCiYIvEbx84Xg687F5//MItLAS58MZdUPSuQ==,iv:WmldN5Je4miamLXCK6Cv17TTGmaBq/lde2czsEgNBi4=,tag:aU27eDE5PbYAniKEXk+MRA==,type:str] -misc: - cvt-jira-link: ENC[AES256_GCM,data:J3XpDV2yjO5DMd5JF2stCBWZntTxenHuj+kXGAOs8oI=,iv:1YqJ6NF24CtA+E8ZB0M/7//xihFggyMMj0k0voaVPa0=,tag:XTZqC4gAy5ld0nFyAqL/Ww==,type:str] -librechat: - creds_key: ENC[AES256_GCM,data:/fzPgZiDnyWZalJUBFpFQ2/anxvbX3XLp18n+x1xfzOMisq52ISB5VJOzi9xaNRNruQEoh/lva9gDbIgNyzduA==,iv:xGgufMc/tPOLCKEb2MnEkxmf0FPpENGW1FcCm15CW6k=,tag:9aR+DndXkCg1sboxTFuygQ==,type:str] - creds_iv: ENC[AES256_GCM,data:fbBD9RsuEHwDETwiYtAS9kBxgTy6zubrxHWpcuoEsR0=,iv:uZcwIfDPPn4XUf8IZkI29VH9CiKvEOlWuUaWgSjl1Kc=,tag:qbgiQU7bWSFjoGEwoptCpg==,type:str] - jwt_secret: ENC[AES256_GCM,data:ZhDNIXrCaRWWfrlPxpBfnmeUluW0z72KGpQv9mGyf1kCCnfx3V2lPMm6QS6biajC+4oPVfgwqcXc4Lvs8OqU9g==,iv:1Ecj8fh+M5kw8cmVD96U6QgE7fNy9cbQV9v2Q305puc=,tag:U1ZglGWdTH1TGfcIIORMHQ==,type:str] - jwt_refresh_secret: ENC[AES256_GCM,data:/4X6h51oRRaOg7UZ/zUcS1L8QyFnhsTYrz8D6R3ZP/tFAEMO/IfYJHHQQ8UtgKjAEwIVYcpIco8lUDhm06folw==,iv:02/LgoiMZ6MzBSd+JAi+iuF3dzqsVyqX6gQfWPY8sIc=,tag:5VrCh7ZKNJD3ynjcyQpVyg==,type:str] - meili_master_key: ENC[AES256_GCM,data:SFBALLqK1Gi5nvh5NyQF6Sr+BQdln4/SUSUGevK04eM=,iv:fElBxrcOCgi3ZO9Jtz2aA6q/S4liHjRpfxSg+LmSu+4=,tag:kx4k2DDm8Kt0KkQl63UMIQ==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUDN6TFlTVHdlWCsrWkFn - R1g5UjVLVk1NQzJRRE9NbDZlRVVJUjVvbmlnCk93NFhSRS9vbDUzNVd6Q3RuTEtZ - cFZvY0JML2tDSUZIbkcyVWVWWVFMY0UKLS0tIDlCbmxhUThUaHRGNkgySEp2QTB1 - WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY - M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-29T12:08:02Z" - mac: ENC[AES256_GCM,data:stUFIwqeYA3DV+41Su9xnvee5AzzwT7A2XEBeIEtp+E/LW5UdBd9ZIABglMswezqdT3i4zttBHgampymUQM/J9knUdAsJzEusappH+qnX/XD4LbNWNga+hK5yMWngf79hlI8EVt2IXYKIPmkL3LI6uDJf/+Wd0u/LX6MD3hOgM0=,iv:5JuzuUkoGgm1rBhOvDd4iOWb0X+aJwJwGHh8BQ63wnk=,tag:WNiLCzjOYy5h2Yss4OM5Tw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/tailscale.yaml b/secrets/tailscale.yaml new file mode 100644 index 0000000..0913120 --- /dev/null +++ b/secrets/tailscale.yaml @@ -0,0 +1,17 @@ +tailscale: + client-secret: ENC[AES256_GCM,data:qAJUDTHxnzhgUtpe/DaH8Vv72jy/DWU/1UKzp2Pg/GtayClZXGFz00bCNKmZJCE7NYHERgr2Ssnhpz90eRCjKg==,iv:aWp2lvIFpUH6OMTkD8V1HNMyxUPxiVA+Il4NvlVKjOA=,tag:OzkdsOKerKiSHzHSkScIQA==,type:str] +sops: + age: + - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZytHNnlKcWFPVVNpTkxX + cFgxRjFDdWJkMzB2NUk1N2VLSWx3cVpvY20wCkdHbjZ4ZUlHTWp1QUFJVGxaV2cx + K0NlaFdnYlEvektieDJJVkY2cEtmL1UKLS0tIDFHQlM4OEIzaGVvUThCbUJZNTU3 + ZGNJd3NvSCsrdDNFb0VuMDJOU09DVEEKrDnezqYWRuEyS6/WRWq0jMfv4DQ3TS1L + Zic6TBIA3qNEjUlqXKRfq//H3vDRz4dzZCqbbh+5+FXDGBIVLL2DaA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-07T11:12:16Z" + mac: ENC[AES256_GCM,data:rOuEqjHByaGaYredcMFGds+pB1rIgh0qu245Vt2gVGjjqOJtfEYcuvziVKgvV5yvBVhizcjeFIzCFdQ2KpflvwOLjiOZ594UaZChPGtO5hDc1VY/Gz86t8x6DYuHjWu4S1XOrBWgv2ebD0iBgbjuRNgBEhkWfVS2/7hn1PtqGD0=,iv:ZQ0b7pHG3NM2mwQdSVoGr4WsluIrp+/YUQi6KoMneC0=,tag:5E5bNxdRPQpTRVrQ+qoxfQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/users.yaml b/secrets/users.yaml new file mode 100644 index 0000000..76fe7e0 --- /dev/null +++ b/secrets/users.yaml @@ -0,0 +1,18 @@ +rafiq: + password: ENC[AES256_GCM,data:8KAfatz+YSaNozd5VGo=,iv:LNRxt47iBKSWzMZuBHSxv/qDZ2h6JiTIPps7OK/o7uU=,tag:oiSfLyRVswb/wxSTE69QMA==,type:str] + hashedPassword: ENC[AES256_GCM,data:NogYQ3kR1TseC79HIXARrXhIncCnvxzf9zMF2QrUyTmojTffPXRGtMdjNpfMEFj5dkKfZujBL/QTIpPFFTm1py7Dreg5/9VSKQ==,iv:IwfZsrsJbLYG1ELte6aBHUtff6hIQu9rHT5tSvILIGQ=,tag:oav3paDcUY+cl4FJlZa90A==,type:str] +sops: + age: + - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVd09tYkhKUkVjNTBRdld6 + a1RkUnZqdnRqMlFTSGgwUFVCZlRhL0tLTnpVCjNXVjZldzNUOE9DQ0ZGejhWakY2 + TmRIZnpobE0ydDhNSDdJQUp2U3pSTzgKLS0tIDkxU3Fxa2lMUkhZY0g1Wm02T2ZE + UkQwOWZtVXVPSGJiRk1qRHVHYkN2cDgKLiYiA0q5se/oHfGRqvHLn3gRRDfmefEZ + z2U2N1Tjt0QgCfYOOXVfPV9F36a7PpabFva5ElSazawHgvI+Bot6og== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-07T08:56:26Z" + mac: ENC[AES256_GCM,data:2uGjIMxRgk7uWToQC4MrHpHFAt4bI7sEhaHvPU6Ae3bvRVH/TdJxZtikSPe95LEwReOuBmPajbcM580/d3Jt6VbA7nZzj1JduVscrRkSAFCzZp9Ti/mbOGITPJa6xWSGwVF1wSN3BnHXYIHDcKeSGtUdP7L7nBZr1KXPkok4NCo=,iv:+ELIes7lzb8M6CvOemAcyoq7Rx7L6NkNmHwntJN/RSc=,tag:ubyxO6VllH9cQK3VbvxiGg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/systems/x86_64-linux/apollo/default.nix b/systems/x86_64-linux/apollo/default.nix deleted file mode 100644 index edc391d..0000000 --- a/systems/x86_64-linux/apollo/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - ... -}: -{ - system = { - hostname = "apollo"; - mainUser.name = "rafiq"; - mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; - bootloader = "systemd-boot"; - }; - - hardware = { - platform = "intel"; - drives.btrfs = { - enable = true; - drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; - ephemeralRoot = true; - }; - }; - - server = { - enableDDNS = true; - mountHelios = true; - databases.mongodb.enable = true; - databases.mysql.enable = true; - web-apps.librechat.enable = true; - web-servers.nginx.enable = true; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/systems/x86_64-linux/mellinoe/default.nix b/systems/x86_64-linux/mellinoe/default.nix deleted file mode 100644 index 6174544..0000000 --- a/systems/x86_64-linux/mellinoe/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ lib, ... }: -{ - - system = { - hostname = "mellinoe"; - mainUser.name = "rafiq"; - mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; - bootloader = "systemd-boot"; - }; - - hardware = { - drives.btrfs = { - enable = true; - drive = "/dev/disk/by-id/nvme-KBG40ZPZ128G_TOSHIBA_MEMORY_Z0U103PCNCDL"; - ephemeralRoot = true; - }; - platform = "intel"; - }; - - desktop = { - windowManager = "hyprland"; - browser = "firefox"; - terminal = "ghostty"; - lockscreen = "hyprlock"; - notification-daemon = "mako"; - launcher = "fuzzel"; - status-bar = "waybar"; - mainMonitor = { - id = "BOE 0x088B"; - scale = "2"; - resolution = "1920x1280"; - refresh-rate = "60"; - }; - }; - - server = { - mountHelios = true; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/systems/x86_64-linux/nemesis/default.nix b/systems/x86_64-linux/nemesis/default.nix deleted file mode 100644 index 5d29299..0000000 --- a/systems/x86_64-linux/nemesis/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - lib, - ... -}: -{ - system = { - hostname = "nemesis"; - mainUser.name = "rafiq"; - mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; - bootloader = "systemd-boot"; - }; - - hardware = { - drives.btrfs = { - enable = true; - drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; - ephemeralRoot = true; - }; - platform = "amd"; - gpu = "nvidia"; - }; - - desktop = { - windowManager = "hyprland"; - browser = "firefox"; - terminal = "ghostty"; - lockscreen = "hyprlock"; - notification-daemon = "mako"; - launcher = "fuzzel"; - status-bar = "waybar"; - mainMonitor = { - id = "desc:OOO AN-270W04K"; - scale = "2"; - resolution = "3840x2160"; - refresh-rate = "60"; - }; - enableSpotifyd = true; - enableSteam = true; - enableVR = true; - enableSunshine = true; - }; - - server = { - mountHelios = true; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -}