diff --git a/.gitignore b/.gitignore index de901db..87a3018 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -# gitignore -.pre-commit-config.* \ No newline at end of file +result +*.qcow2 diff --git a/.sops.yaml b/.sops.yaml index 835dd06..d65f997 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &rafiq age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + - &admin age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 creation_rules: - - path_regex: \.(yaml)$ + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - - *rafiq + - *admin diff --git a/README.md b/README.md new file mode 100644 index 0000000..d18bf6c --- /dev/null +++ b/README.md @@ -0,0 +1,55 @@ +# Planning + +## To-do + +- [ ] Implement an status bar for the desktop configuration +- [ ] Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation + +## Versions + +- 1.0.0 + - Replicate old zagreus wholly + - Automated backups for home and state directories + - Ability to build VMs of all systems and implement integration tests + - Staging VMs for ad-hoc testing + - All servers set up with following services: + - Git server + - Chat app + - Network shares + - Federation with ActivityPub + - Wakapi +- 0.2.0 + - Provision Apollo + - Fix all NVF errors + +# Modules + +The nixosModules and homeModules exposed by this flake are slightly out of the +norm. + +Option declarations for user specific configuration are kept to: + +- homeModules for CLI +- nixosModules for desktop + +System configurations, to this end, should include the window manager, +lockscreen, terminal etc. for that system. + +These desktop programs will be **configured** in home-manager for each user, but +those configurations consult the osConfig variable passed in by home-manager. + +# System Setup + +The following files are **required** for system activation: + +- /persist/home/${mainUser}/.ssh/id_ed25519 + +This private key will be used by sops-nix to decrypt the secrets in +[[secrets/secrets.yaml]]. The secrets inside the yaml file should also be set, +or otherwise removed alongside their declarations (in +[[modules/nixos/system/secrets.nix]]) and references. + +# Impermanence + +System and user state is stored under /persist. Anything not declared under +`{environment,home}.persistence` is deleted on system boot. diff --git a/docs/README.md b/docs/README.md deleted file mode 100644 index ff57ce6..0000000 --- a/docs/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Pantheon -This flake serves as a monorepo for my systems (using IaC), dotfiles, and scripts. -It's hosted at https://git.rrv.sh/rrvsh/pantheon, and mirrored to https://github.com/rrvsh/pantheon. - -## Structure -The system configurations are defined in [`flake.manifest`](nix/manifest.nix). -`flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey. -`flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. -`flake.modules.nixos.*` provide NixOS options and configurations. -The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. -You can use it as seen [here](nix/modules/flake/home-manager.nix): - -```nix -flake.modules.nixos.default.imports = [ inputs.home-manager.nixosModules.default ]; -``` - -The other attributes under `flake.modules.nixos` should be opt-in, i.e. provide options that will be set in the profiles. -`flake.profiles.nixos` provides profiles which use the options defined in `flake.modules.nixos` to define different roles for each system, such as graphical, laptop, headless, etc. -Options should not be defined here. -`flake.contracts.nixos.*` will provide contracts, such as reverse proxies or databases, which will configure options on the provider and receiver host. - -## Acknowledgements -Thanks to the following for inspiring this configuration. I highly recommend you look through their writings and configurations. -- [ornicar](https://github.com/ornicar/dotfiles) which is where I first heard of NixOS -- [No Boilerplate](https://www.youtube.com/watch?v=CwfKlX3rA6E&pp=0gcJCfwAo7VqN5tD) for making me finally try the OS -- [ryan4yin](https://nixos-and-flakes.thiscute.world/) for being an amazing introduction to NixOS, home-manager, and flakes -- [NotAShelf](https://github.com/NotAShelf/) for their blog and for the wonderful [NVF](https://github.com/notashelf/nvf) -- [mightyiam](https://github.com/mightyiam/infra) for their infrastructure repo using flake-parts -- [drupol](https://not-a-number.io/2025/refactoring-my-infrastructure-as-code-configurations/) for this blog post which convinced me to rebase my infra to use flake-parts diff --git a/docs/cheatsheet.md b/docs/cheatsheet.md deleted file mode 100644 index 4f76757..0000000 --- a/docs/cheatsheet.md +++ /dev/null @@ -1,2 +0,0 @@ -# cheatsheet -`__curPos.file` will give the full evaluated path of the nix file it is called in. See [this issue](https://github.com/NixOS/nix/issues/5897#issuecomment-1012165198) for more information. \ No newline at end of file diff --git a/flake.lock b/flake.lock index 9d72b1b..973f7f6 100644 --- a/flake.lock +++ b/flake.lock @@ -67,73 +67,18 @@ "type": "github" } }, - "dedupe_flake-compat": { + "crane": { "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "lastModified": 1748047550, + "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=", + "owner": "ipetkov", + "repo": "crane", + "rev": "b718a78696060df6280196a6f992d04c87a16aef", "type": "github" }, "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "dedupe_flake-utils": { - "inputs": { - "systems": [ - "systems" - ] - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "dedupe_gitignore": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "dedupe_mnw": { - "locked": { - "lastModified": 1748710831, - "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", - "owner": "gerg-l", - "repo": "mnw", - "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", - "type": "github" - }, - "original": { - "owner": "gerg-l", - "repo": "mnw", + "owner": "ipetkov", + "repo": "crane", "type": "github" } }, @@ -144,11 +89,11 @@ ] }, "locked": { - "lastModified": 1751854533, - "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", + "lastModified": 1748832438, + "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", "owner": "nix-community", "repo": "disko", - "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", + "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", "type": "github" }, "original": { @@ -157,21 +102,6 @@ "type": "github" } }, - "files": { - "locked": { - "lastModified": 1750263550, - "narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=", - "owner": "mightyiam", - "repo": "files", - "rev": "5f4ef1fd1f9012354a9748be093e277675d10f07", - "type": "github" - }, - "original": { - "owner": "mightyiam", - "repo": "files", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -188,18 +118,31 @@ "type": "github" } }, + "flake-compat": { + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", "type": "github" }, "original": { @@ -208,6 +151,46 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": [ + "flake-utils" + ] + }, + "locked": { + "lastModified": 1738591040, + "narHash": "sha256-4WNeriUToshQ/L5J+dTSWC5OJIwT39SEP7V7oylndi8=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "afcb15b845e74ac5e998358709b2b5fe42a948d1", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -227,21 +210,21 @@ "git-hooks": { "inputs": { "flake-compat": [ - "dedupe_flake-compat" - ], - "gitignore": [ - "dedupe_gitignore" + "stylix", + "flake-compat" ], + "gitignore": "gitignore", "nixpkgs": [ + "stylix", "nixpkgs" ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -250,19 +233,41 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "stylix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "lastModified": 1744584021, + "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", "type": "github" }, "original": { "owner": "GNOME", - "ref": "48.2", + "ref": "48.1", "repo": "gnome-shell", "type": "github" } @@ -274,11 +279,11 @@ ] }, "locked": { - "lastModified": 1751990210, - "narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=", + "lastModified": 1748830238, + "narHash": "sha256-EB+LzYHK0D5aqxZiYoPeoZoOzSAs8eqBDxm3R+6wMKU=", "owner": "nix-community", "repo": "home-manager", - "rev": "218da00bfa73f2a61682417efe74549416c16ba6", + "rev": "c7fdb7e90bff1a51b79c1eed458fb39e6649a82a", "type": "github" }, "original": { @@ -302,74 +307,44 @@ "type": "github" } }, - "import-tree": { + "mnw": { "locked": { - "lastModified": 1751399845, - "narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=", - "owner": "vic", - "repo": "import-tree", - "rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea", + "lastModified": 1748710831, + "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", + "owner": "Gerg-L", + "repo": "mnw", + "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", "type": "github" }, "original": { - "owner": "vic", - "repo": "import-tree", + "owner": "Gerg-L", + "repo": "mnw", "type": "github" } }, - "make-shell": { - "inputs": { - "flake-compat": [ - "dedupe_flake-compat" - ] - }, - "locked": { - "lastModified": 1733933815, - "narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=", - "owner": "nicknovitski", - "repo": "make-shell", - "rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c", - "type": "github" - }, - "original": { - "owner": "nicknovitski", - "repo": "make-shell", - "type": "github" - } - }, - "manifest": { - "locked": { - "lastModified": 1752588656, - "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=", - "owner": "rrvsh", - "repo": "manifest", - "rev": "365902fba994f30469298dee0c98a5fc0f41ec38", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "repo": "manifest", - "type": "github" - } - }, - "nix-darwin": { + "nil": { "inputs": { + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" ] }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", - "owner": "nix-darwin", - "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", + "owner": "oxalica", + "repo": "nil", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", "type": "github" }, "original": { - "owner": "nix-darwin", - "ref": "master", - "repo": "nix-darwin", + "owner": "oxalica", + "repo": "nil", "type": "github" } }, @@ -380,11 +355,11 @@ ] }, "locked": { - "lastModified": 1751774635, - "narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", + "lastModified": 1748751003, + "narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "85686025ba6d18df31cc651a91d5adef63378978", + "rev": "2860bee699248d828c2ed9097a1cd82c2f991b43", "type": "github" }, "original": { @@ -395,11 +370,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -409,6 +384,41 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixspect": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747725629, + "narHash": "sha256-jEdIW5+SMfX6jVvx/MkMbpXLX9S2b+zsayIC1YJNAaY=", + "owner": "rrvsh", + "repo": "nixspect", + "rev": "28deacc6adeaef69f45af5c8139961a774e1600b", + "type": "github" + }, + "original": { + "owner": "rrvsh", + "repo": "nixspect", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -416,14 +426,15 @@ ], "nixpkgs": [ "nixpkgs" - ] + ], + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752005241, - "narHash": "sha256-+7DH6wh2BYnLRJzYXEbVlA1ZuAR4MxZI/paknbAuzk4=", + "lastModified": 1748864791, + "narHash": "sha256-YRRRbOEc8aXpzSvN3qdIkqtVQ9xjx9rgichtaSQ0qwY=", "owner": "nix-community", "repo": "NUR", - "rev": "a2570fb4d0699fd34ebbbd52e2a763722601f6c6", + "rev": "4ee0c2599266fb26e6ac3cb71836e96f25df446e", "type": "github" }, "original": { @@ -438,10 +449,13 @@ "flake-parts" ], "flake-utils": [ - "dedupe_flake-utils" + "flake-utils" ], "mnw": [ - "dedupe_mnw" + "mnw" + ], + "nil": [ + "nil" ], "nixpkgs": [ "nixpkgs" @@ -451,11 +465,11 @@ ] }, "locked": { - "lastModified": 1752001027, - "narHash": "sha256-JgP8lW4QBr9v/U4ETaIOMvGCd/DAA1AjZ1lqjIwfWno=", + "lastModified": 1748651104, + "narHash": "sha256-GZLiCQlNV8QfAWwGinXeSdiKZS346ZGPv6EKzeY0tAA=", "owner": "notashelf", "repo": "nvf", - "rev": "c4d80273aaefeadaad96db97d077c647942b0e96", + "rev": "c4cf91d4b531245a02f5b6c196f6279bc87a546f", "type": "github" }, "original": { @@ -467,20 +481,18 @@ "python-flexseal": { "inputs": { "flake-utils": [ - "stable-diffusion-webui-nix", "flake-utils" ], "nixpkgs": [ - "stable-diffusion-webui-nix", "nixpkgs" ] }, "locked": { - "lastModified": 1751898758, - "narHash": "sha256-8EmTPdfOymvvHhmHYWiyO3cwZ4gtLo5uBFm3CU5vySo=", + "lastModified": 1734836319, + "narHash": "sha256-h/Jiq852WJyyAL037sIxjPDScjeH8sUoZVZBWlciXaw=", "owner": "Janrupf", "repo": "python-flexseal", - "rev": "af318e1fd047abbefcc68d0292a4d902179c95fe", + "rev": "fdd313f7b9a5c9545c015acaf0729b01f708118a", "type": "github" }, "original": { @@ -491,60 +503,39 @@ }, "root": { "inputs": { - "dedupe_flake-compat": "dedupe_flake-compat", - "dedupe_flake-utils": "dedupe_flake-utils", - "dedupe_gitignore": "dedupe_gitignore", - "dedupe_mnw": "dedupe_mnw", + "crane": "crane", "disko": "disko", - "files": "files", + "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", + "flake-utils": "flake-utils", + "flake-utils-plus": "flake-utils-plus", "home-manager": "home-manager", "impermanence": "impermanence", - "import-tree": "import-tree", - "make-shell": "make-shell", - "manifest": "manifest", - "nix-darwin": "nix-darwin", + "mnw": "mnw", + "nil": "nil", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", + "nixspect": "nixspect", "nur": "nur", "nvf": "nvf", - "rrv-sh": "rrv-sh", + "python-flexseal": "python-flexseal", "rrvsh-nixpkgs": "rrvsh-nixpkgs", + "rust-overlay": "rust-overlay", + "snowfall-lib": "snowfall-lib", "sops-nix": "sops-nix", "stable-diffusion-webui-nix": "stable-diffusion-webui-nix", "stylix": "stylix", "systems": "systems", - "text": "text" - } - }, - "rrv-sh": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751721838, - "narHash": "sha256-702c0fbgpUuEuQsduGJ9I5bSrCLYEG88SPuZXcSQqTs=", - "owner": "rrvsh", - "repo": "rrv.sh", - "rev": "e00c1c2607b55f43ef74b5f555f62838f4fe5963", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "repo": "rrv.sh", - "type": "github" + "zjstatus": "zjstatus" } }, "rrvsh-nixpkgs": { "locked": { - "lastModified": 1750146550, - "narHash": "sha256-vFNbONVWIdYBqlKZoJScDRjnQ/euDmVqgCL2ebnsu7U=", + "lastModified": 1748869769, + "narHash": "sha256-2L9Bcj3kIt3n9NkCms6u66j8GsN7j22YnjaX+er3AtY=", "owner": "rrvsh", "repo": "nixpkgs", - "rev": "d7fa95990fd890bbd17ca8361f5d4e4935512c75", + "rev": "32aae0a2767f3b18b115a0f1f2edfe524305b864", "type": "github" }, "original": { @@ -554,6 +545,52 @@ "type": "github" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748832016, + "narHash": "sha256-TQSaFa1wWJr6GOs+K8lecK4AKKr8k6mwxHIPCOmVkgs=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "7ec2ea005b600dac9436a7c5c6b66d960cbfcea2", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "snowfall-lib": { + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "flake-utils-plus": [ + "flake-utils-plus" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736130495, + "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -561,11 +598,11 @@ ] }, "locked": { - "lastModified": 1751606940, - "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -577,23 +614,26 @@ "stable-diffusion-webui-nix": { "inputs": { "flake-utils": [ - "dedupe_flake-utils" + "flake-utils" ], "nixpkgs": [ "nixpkgs" ], - "python-flexseal": "python-flexseal" + "python-flexseal": [ + "python-flexseal" + ] }, "locked": { - "lastModified": 1751899247, - "narHash": "sha256-bh6xwc24Rv0YE4grKXvj+kmXmydns+OrlWn4WLnJSY4=", - "owner": "janrupf", + "lastModified": 1748219198, + "narHash": "sha256-RRDI12SLfm9lP7tq4vUr/c/TRj0+mgRjAThdnwTJgIE=", + "owner": "Janrupf", "repo": "stable-diffusion-webui-nix", - "rev": "d5ba5dccd190b0ded17f9c4a23dc7665c6dc2eae", + "rev": "381e5de206d4962d94a8ebc97d6dc04395928e0c", "type": "github" }, "original": { - "owner": "janrupf", + "owner": "Janrupf", + "ref": "main", "repo": "stable-diffusion-webui-nix", "type": "github" } @@ -605,10 +645,17 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", + "flake-compat": [ + "flake-compat" + ], "flake-parts": [ "flake-parts" ], + "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", + "home-manager": [ + "home-manager" + ], "nixpkgs": [ "nixpkgs" ], @@ -625,11 +672,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1751995939, - "narHash": "sha256-C5CSTv+b8XSbqJwqTP8SGkZEK3YCCJnmvRbg209ql5w=", + "lastModified": 1748803004, + "narHash": "sha256-dLGywKYxge3rzD6AqtVP0UmMHONdQNCWXj6i0lfm/UM=", "owner": "nix-community", "repo": "stylix", - "rev": "8f3259dbc57c8ee871492fde80f77468826bbd63", + "rev": "5f841056ca60bea7312aeade957da084cd95b26e", "type": "github" }, "original": { @@ -653,21 +700,6 @@ "type": "github" } }, - "text": { - "locked": { - "lastModified": 1751819711, - "narHash": "sha256-Emci++Hknzr2FEZRUbRDD7prI5JwwGsACO/GaU9Pmxg=", - "owner": "rrvsh", - "repo": "text.nix", - "rev": "00ba1e616ef3b761a52d5f7ac32892715cc4bcd1", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "repo": "text.nix", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { @@ -748,6 +780,56 @@ "repo": "base16-zed", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "zjstatus": { + "inputs": { + "crane": [ + "crane" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1745230073, + "narHash": "sha256-OER99U7MiqQ47myvbsiljsax7OsK19NMds4NBM9XXLs=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "a819e3bfe6bfef0438d811cdbb1bcfdc29912c62", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index dcb6882..b21d1b5 100644 --- a/flake.nix +++ b/flake.nix @@ -1,134 +1,95 @@ { - outputs = - { self, ... }@inputs: - inputs.flake-parts.lib.mkFlake { inherit inputs; } ( - (inputs.import-tree ./nix) - // { - systems = import inputs.systems; - flake = { - inherit self; - paths.root = ./.; - }; - } - ); + inputs = { - ### SYSTEM ### - - # systems provides a list of supported nix systems. - systems.url = "github:nix-systems/default"; - # nixos-unstable provides a binary cache for all packages. - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # My fork for random shit rrvsh-nixpkgs.url = "github:rrvsh/nixpkgs/librechat-module"; - # home-manager manages our user packages and dotfiles - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # nix darwin provides declarative mac configuration - nix-darwin = { - url = "github:nix-darwin/nix-darwin/master"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # the nix user repository for mainly firefox extensions - nur = { - url = "github:nix-community/NUR"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; - # impermanence provides a nice abstraction over linking files from /persist + crane.url = "github:ipetkov/crane"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + flake-compat.url = "github:edolstra/flake-compat"; + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-utils-plus.inputs.flake-utils.follows = "flake-utils"; + flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; + flake-utils.inputs.systems.follows = "systems"; + flake-utils.url = "github:numtide/flake-utils"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager"; impermanence.url = "github:nix-community/impermanence"; - # flake-parts lets us define flake modules. - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - # disko provides declarative drive partitioning - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # sops-nix lets us version control secrets like passwords and api keys - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - stylix = { - url = "github:nix-community/stylix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - systems.follows = "systems"; - nur.follows = "nur"; - }; - }; - - ### FLAKE PARTS MODULES ### - - # import-tree imports all nix files in a given directory. - import-tree.url = "github:vic/import-tree"; - # files lets us write text files and automatically add checks for them - files.url = "github:mightyiam/files"; - # text.nix lets us easily define markdown text to pass to files - text.url = "github:rrvsh/text.nix"; - # manifest lets us define all hosts in one file - manifest.url = "github:rrvsh/manifest"; - # make-shells. creates devShells and checks - make-shell = { - url = "github:nicknovitski/make-shell"; - inputs.flake-compat.follows = "dedupe_flake-compat"; - }; - # git-hooks ensures nix flake check is ran before commits - git-hooks = { - url = "github:cachix/git-hooks.nix"; - inputs = { - flake-compat.follows = "dedupe_flake-compat"; - nixpkgs.follows = "nixpkgs"; - gitignore.follows = "dedupe_gitignore"; - }; - }; - - ### FLAKES ### - - # nix-index-database indexes the nixpkgs binaries for use with comma - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # nvf provides modules to wrap neovim - nvf = { - url = "github:notashelf/nvf"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - systems.follows = "systems"; - flake-utils.follows = "dedupe_flake-utils"; - mnw.follows = "dedupe_mnw"; - }; - }; - # provides comfy ui and sdwebui services - stable-diffusion-webui-nix = { - url = "github:janrupf/stable-diffusion-webui-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "dedupe_flake-utils"; - }; - # my website :) - rrv-sh = { - url = "github:rrvsh/rrv.sh"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - ### DEDUPE ### - - dedupe_flake-compat.url = "github:edolstra/flake-compat"; - dedupe_flake-utils = { - url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; - }; - dedupe_mnw.url = "github:gerg-l/mnw"; - dedupe_gitignore = { - url = "github:hercules-ci/gitignore.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + mnw.url = "github:Gerg-L/mnw"; + nil.inputs.flake-utils.follows = "flake-utils"; + nil.inputs.nixpkgs.follows = "nixpkgs"; + nil.inputs.rust-overlay.follows = "rust-overlay"; + nil.url = "github:oxalica/nil"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixspect.inputs.nixpkgs.follows = "nixpkgs"; + nixspect.url = "github:rrvsh/nixspect"; + nur.inputs.flake-parts.follows = "flake-parts"; + nur.inputs.nixpkgs.follows = "nixpkgs"; + nur.url = "github:nix-community/NUR"; + nvf.inputs.flake-parts.follows = "flake-parts"; + nvf.inputs.flake-utils.follows = "flake-utils"; + nvf.inputs.mnw.follows = "mnw"; + nvf.inputs.nil.follows = "nil"; + nvf.inputs.nixpkgs.follows = "nixpkgs"; + nvf.inputs.systems.follows = "systems"; + nvf.url = "github:notashelf/nvf"; + python-flexseal.inputs.flake-utils.follows = "flake-utils"; + python-flexseal.inputs.nixpkgs.follows = "nixpkgs"; + python-flexseal.url = "github:Janrupf/python-flexseal"; + rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; + rust-overlay.url = "github:oxalica/rust-overlay"; + snowfall-lib.inputs.flake-compat.follows = "flake-compat"; + snowfall-lib.inputs.flake-utils-plus.follows = "flake-utils-plus"; + snowfall-lib.inputs.nixpkgs.follows = "nixpkgs"; + snowfall-lib.url = "github:snowfallorg/lib"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix.url = "github:Mic92/sops-nix"; + stable-diffusion-webui-nix.inputs.flake-utils.follows = "flake-utils"; + stable-diffusion-webui-nix.inputs.nixpkgs.follows = "nixpkgs"; + stable-diffusion-webui-nix.inputs.python-flexseal.follows = "python-flexseal"; + stable-diffusion-webui-nix.url = "github:Janrupf/stable-diffusion-webui-nix/main"; + stylix.inputs.flake-compat.follows = "flake-compat"; + stylix.inputs.flake-parts.follows = "flake-parts"; + stylix.inputs.nur.follows = "nur"; + stylix.inputs.home-manager.follows = "home-manager"; + stylix.inputs.nixpkgs.follows = "nixpkgs"; + stylix.inputs.systems.follows = "systems"; + stylix.url = "github:nix-community/stylix"; + systems.url = "github:nix-systems/default"; + zjstatus.inputs.crane.follows = "crane"; + zjstatus.inputs.flake-utils.follows = "flake-utils"; + zjstatus.inputs.nixpkgs.follows = "nixpkgs"; + zjstatus.inputs.rust-overlay.follows = "rust-overlay"; + zjstatus.url = "github:dj95/zjstatus"; }; + + outputs = + inputs: + inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; + snowfall.namespace = "pantheon"; + overlays = with inputs; [ + stable-diffusion-webui-nix.overlays.default + (_final: prev: { + zjstatus = zjstatus.packages.${prev.system}.default; + }) + ]; + systems.modules.nixos = with inputs; [ + disko.nixosModules.disko + impermanence.nixosModules.impermanence + sops-nix.nixosModules.sops + stylix.nixosModules.stylix + ]; + homes.modules = with inputs; [ + impermanence.homeManagerModules.impermanence + nix-index-database.hmModules.nix-index + nvf.homeManagerModules.default + ]; + outputs-builder = channels: { + formatter = channels.nixpkgs.nixfmt-rfc-style; + }; + }; + } diff --git a/homes/x86_64-linux/rafiq/default.nix b/homes/x86_64-linux/rafiq/default.nix new file mode 100644 index 0000000..1547e1d --- /dev/null +++ b/homes/x86_64-linux/rafiq/default.nix @@ -0,0 +1,47 @@ +{ pkgs, inputs, ... }: +{ + cli = { + shell = "zsh"; + finder = "fzf"; + screensaver.enable = true; + screensaver.timeout = "100"; + screensaver.command = "cbonsai -S -w 0.1 -L 40 -M 2 -b 2"; + editor = "nvf"; + file-browser = "yazi"; + multiplexer = "zellij"; + fetch = "hyfetch"; + git.name = "Mohammad Rafiq"; + git.email = "rafiq@rrv.sh"; + git.defaultBranch = "prime"; + }; + home = { + shellAliases = { + v = "nvim"; + e = "edit"; + }; + + packages = with pkgs; [ + cbonsai + ripgrep + devenv + stremio + pantheon.rebuild + pantheon.edit + inputs.nixspect.packages."x86_64-linux".nixspect + ]; + + persistence."/persist/home/rafiq".directories = [ "repos" ]; + }; + programs = { + nh.enable = true; + tealdeer.enable = true; + pay-respects = { + enable = true; + }; + tealdeer.settings.updates.auto_update = true; + direnv = { + enable = true; + nix-direnv.enable = true; + }; + }; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..37567ce --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,19 @@ +{ lib, ... }: +{ + mkStrOption = lib.mkOption { + type = lib.types.str; + default = ""; + }; + mkPortOption = + port: + lib.mkOption { + type = lib.types.port; + default = port; + }; + mkPathOption = + path: + lib.mkOption { + type = lib.types.path; + default = path; + }; +} diff --git a/modules/home/cli/default.nix b/modules/home/cli/default.nix new file mode 100644 index 0000000..80caca5 --- /dev/null +++ b/modules/home/cli/default.nix @@ -0,0 +1,79 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + options.cli = { + shell = lib.pantheon.mkStrOption; + finder = lib.pantheon.mkStrOption; + screensaver.enable = lib.mkEnableOption ""; + screensaver.timeout = lib.pantheon.mkStrOption; + screensaver.command = lib.pantheon.mkStrOption; + editor = lib.pantheon.mkStrOption; + nvf.snippets = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + default = { }; + }; + file-browser = lib.pantheon.mkStrOption; + multiplexer = lib.pantheon.mkStrOption; + fetch = lib.pantheon.mkStrOption; + git = { + name = lib.pantheon.mkStrOption; + email = lib.pantheon.mkStrOption; + defaultBranch = lib.pantheon.mkStrOption; + }; + }; + + config = lib.mkMerge [ + { + home.shell.enableShellIntegration = true; + programs.ssh = { + enable = true; + extraConfig = '' + Host * + SetEnv TERM=xterm-256color + ''; + }; + programs.zoxide.enable = true; + home.shellAliases.cd = "z"; + home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ + ".local/share/zoxide" + ]; + } + { + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; + } + { + home.shellAliases.ai = "aichat -r %shell% -e"; + + home.packages = with pkgs; [ aichat ]; + + xdg.configFile."aichat/config.yaml".text = '' + model: gemini:gemini-2.0-flash + clients: + - type: gemini + ''; + } + { + programs.starship = { + enable = true; + settings = { + add_newline = false; + format = '' + $directory$character + ''; + right_format = '' + $all + ''; + git_branch.format = "[$symbol$branch(:$remote_branch)]($style) "; + shlvl.disabled = false; + hostname.disabled = true; + username.disabled = true; + }; + }; + } + ]; +} diff --git a/nix/homes/rafiq/_nvf/autocomplete.nix b/modules/home/cli/editor/nvf/autocomplete.nix similarity index 66% rename from nix/homes/rafiq/_nvf/autocomplete.nix rename to modules/home/cli/editor/nvf/autocomplete.nix index ca12dea..6b8fd11 100644 --- a/nix/homes/rafiq/_nvf/autocomplete.nix +++ b/modules/home/cli/editor/nvf/autocomplete.nix @@ -3,23 +3,29 @@ blink-cmp = { enable = true; friendly-snippets.enable = true; - sourcePlugins.ripgrep.enable = true; + sourcePlugins = { + ripgrep.enable = true; + spell.enable = true; + }; setupOpts = { - # Disable completion in markdown files - # TODO: Disable completion when in comments + completion.documentation.auto_show_delay_ms = 0; + signature.enabled = true; enabled = lib.generators.mkLuaInline # lua '' + --- Disable completion for markdown function() return not vim.tbl_contains({"markdown"}, vim.bo.filetype) and vim.bo.buftype ~= "prompt" and vim.b.completion ~= false end ''; - completion.documentation.auto_show_delay_ms = 0; - # Show e.g. function parameters - signature.enabled = true; + cmdline = { + enabled = true; + sources = null; + completion.menu.auto_show = false; + }; }; }; } diff --git a/modules/home/cli/editor/nvf/binds.nix b/modules/home/cli/editor/nvf/binds.nix new file mode 100644 index 0000000..821c181 --- /dev/null +++ b/modules/home/cli/editor/nvf/binds.nix @@ -0,0 +1,15 @@ +{ + hardtime-nvim = { + enable = true; + setupOpts = { + max_count = 1; + disabled_keys = { + "" = [ ]; + "" = [ ]; + "" = [ ]; + "" = [ ]; + }; + }; + }; + whichKey.enable = true; +} diff --git a/modules/home/cli/editor/nvf/clipboard.nix b/modules/home/cli/editor/nvf/clipboard.nix new file mode 100644 index 0000000..2c63c08 --- /dev/null +++ b/modules/home/cli/editor/nvf/clipboard.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/modules/home/cli/editor/nvf/default.nix b/modules/home/cli/editor/nvf/default.nix new file mode 100644 index 0000000..66949bc --- /dev/null +++ b/modules/home/cli/editor/nvf/default.nix @@ -0,0 +1,40 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.cli.editor == "nvf") { + home.sessionVariables.EDITOR = "nvim"; + home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ + ".local/share/nvf" + ]; + programs.nvf = { + enable = true; + settings.vim = { + hideSearchHighlight = true; + syntaxHighlighting = true; + telescope.enable = true; + searchCase = "ignore"; + undoFile.enable = true; + fzf-lua.enable = true; + git.enable = true; + git.gitsigns.enable = false; + autocomplete = import ./autocomplete.nix { inherit lib; }; + autopairs.nvim-autopairs.enable = true; + binds = import ./binds.nix; + clipboard = import ./clipboard.nix; + diagnostics = import ./diagnostics.nix; + keymaps = import ./keymaps.nix; + languages = import ./languages.nix; + lsp = import ./lsp.nix; + navigation = import ./navigation.nix; + notes = import ./notes.nix; + options = import ./options.nix; + notify = import ./notify.nix; + snippets = import ./snippets.nix; + statusline = import ./statusline.nix; + treesitter = import ./treesitter.nix; + ui = import ./ui.nix; + utility = import ./utility.nix; + visuals = import ./visuals.nix; + }; + }; + }; +} diff --git a/modules/home/cli/editor/nvf/diagnostics.nix b/modules/home/cli/editor/nvf/diagnostics.nix new file mode 100644 index 0000000..2c63c08 --- /dev/null +++ b/modules/home/cli/editor/nvf/diagnostics.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/modules/home/cli/editor/nvf/keymaps.nix b/modules/home/cli/editor/nvf/keymaps.nix new file mode 100644 index 0000000..cde0be4 --- /dev/null +++ b/modules/home/cli/editor/nvf/keymaps.nix @@ -0,0 +1,23 @@ +[ + { + desc = "Open the file path under the cursor, making the file if it doesn't exist."; + key = "gf"; + mode = "n"; + action = ":cd %:p:h:e "; + silent = true; + } + { + desc = ""; + key = ""; + mode = "n"; + action = "zz"; + silent = true; + } + { + desc = ""; + key = ""; + mode = "n"; + action = "zz"; + silent = true; + } +] diff --git a/nix/homes/rafiq/_nvf/languages.nix b/modules/home/cli/editor/nvf/languages.nix similarity index 65% rename from nix/homes/rafiq/_nvf/languages.nix rename to modules/home/cli/editor/nvf/languages.nix index fbeaf85..45d0beb 100644 --- a/nix/homes/rafiq/_nvf/languages.nix +++ b/modules/home/cli/editor/nvf/languages.nix @@ -4,30 +4,22 @@ enableTreesitter = true; bash.enable = true; clang.enable = true; - # broken on macos - # csharp.enable = true; + csharp.enable = true; css.enable = true; go.enable = true; html.enable = true; lua.enable = true; - markdown = { - enable = true; - extensions.markview-nvim.enable = true; - format.type = "prettierd"; - }; + markdown.enable = true; + markdown.extensions.markview-nvim.enable = true; nix = { enable = true; format.type = "nixfmt"; lsp.server = "nil"; }; - python = { - enable = true; - format.type = "ruff"; - lsp.server = "pyright"; - }; + python.enable = true; + python.lsp.server = "python-lsp-server"; rust.enable = true; rust.crates.enable = true; - tailwind.enable = true; ts.enable = true; ts.extensions.ts-error-translator.enable = true; typst.enable = true; diff --git a/modules/home/cli/editor/nvf/lsp.nix b/modules/home/cli/editor/nvf/lsp.nix new file mode 100644 index 0000000..f6810b7 --- /dev/null +++ b/modules/home/cli/editor/nvf/lsp.nix @@ -0,0 +1,9 @@ +{ + enable = true; + formatOnSave = true; + inlayHints.enable = true; + lightbulb.enable = true; + lspkind.enable = true; + null-ls.enable = true; + otter-nvim.enable = true; +} diff --git a/modules/home/cli/editor/nvf/navigation.nix b/modules/home/cli/editor/nvf/navigation.nix new file mode 100644 index 0000000..a664c27 --- /dev/null +++ b/modules/home/cli/editor/nvf/navigation.nix @@ -0,0 +1,5 @@ +{ + harpoon = { + enable = true; + }; +} diff --git a/modules/home/cli/editor/nvf/notes.nix b/modules/home/cli/editor/nvf/notes.nix new file mode 100644 index 0000000..3f80024 --- /dev/null +++ b/modules/home/cli/editor/nvf/notes.nix @@ -0,0 +1,3 @@ +{ + todo-comments.enable = true; +} diff --git a/modules/home/cli/editor/nvf/notify.nix b/modules/home/cli/editor/nvf/notify.nix new file mode 100644 index 0000000..2c63c08 --- /dev/null +++ b/modules/home/cli/editor/nvf/notify.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/modules/home/cli/editor/nvf/options.nix b/modules/home/cli/editor/nvf/options.nix new file mode 100644 index 0000000..810172a --- /dev/null +++ b/modules/home/cli/editor/nvf/options.nix @@ -0,0 +1,11 @@ +{ + scroll = 1; + autoindent = true; + backspace = "indent,eol,start"; + cursorline = true; + expandtab = true; + shiftwidth = 2; + smartindent = true; + tabstop = 2; + updatetime = 0; +} diff --git a/modules/home/cli/editor/nvf/snippets.nix b/modules/home/cli/editor/nvf/snippets.nix new file mode 100644 index 0000000..d23871f --- /dev/null +++ b/modules/home/cli/editor/nvf/snippets.nix @@ -0,0 +1,6 @@ +{ + luasnip = { + enable = true; + setupOpts.enable_autosnippets = true; + }; +} diff --git a/nix/homes/rafiq/_nvf/statusline.nix b/modules/home/cli/editor/nvf/statusline.nix similarity index 78% rename from nix/homes/rafiq/_nvf/statusline.nix rename to modules/home/cli/editor/nvf/statusline.nix index b21b714..b5ecb42 100644 --- a/nix/homes/rafiq/_nvf/statusline.nix +++ b/modules/home/cli/editor/nvf/statusline.nix @@ -5,6 +5,8 @@ statusline = 10; winbar = 10; }; - #TODO: rice lualine + activeSection = { + + }; }; } diff --git a/modules/home/cli/editor/nvf/treesitter.nix b/modules/home/cli/editor/nvf/treesitter.nix new file mode 100644 index 0000000..eca9ae9 --- /dev/null +++ b/modules/home/cli/editor/nvf/treesitter.nix @@ -0,0 +1,6 @@ +{ + autotagHtml = true; + fold = true; + indent.disable = [ "markdown" ]; + textobjects.enable = true; +} diff --git a/nix/homes/rafiq/_nvf/ui.nix b/modules/home/cli/editor/nvf/ui.nix similarity index 74% rename from nix/homes/rafiq/_nvf/ui.nix rename to modules/home/cli/editor/nvf/ui.nix index e0dc2d7..d0385de 100644 --- a/nix/homes/rafiq/_nvf/ui.nix +++ b/modules/home/cli/editor/nvf/ui.nix @@ -4,13 +4,10 @@ globalStyle = "rounded"; }; breadcrumbs.enable = true; - # Show color values e.g. #ffffff colorizer.enable = true; - # Highlight matching symbols illuminate.enable = true; noice.enable = true; noice.setupOpts.notify.enabled = false; - # Make folds look nicer nvim-ufo.enable = true; smartcolumn.enable = true; } diff --git a/nix/homes/rafiq/_nvf/utility.nix b/modules/home/cli/editor/nvf/utility.nix similarity index 73% rename from nix/homes/rafiq/_nvf/utility.nix rename to modules/home/cli/editor/nvf/utility.nix index e69efcb..129824d 100644 --- a/nix/homes/rafiq/_nvf/utility.nix +++ b/modules/home/cli/editor/nvf/utility.nix @@ -1,4 +1,7 @@ { + ccc.enable = true; + leetcode-nvim.enable = true; + mkdir.enable = true; motion.hop.enable = true; yazi-nvim = { enable = true; diff --git a/nix/homes/rafiq/_nvf/visuals.nix b/modules/home/cli/editor/nvf/visuals.nix similarity index 86% rename from nix/homes/rafiq/_nvf/visuals.nix rename to modules/home/cli/editor/nvf/visuals.nix index f2993ee..65a8d5c 100644 --- a/nix/homes/rafiq/_nvf/visuals.nix +++ b/modules/home/cli/editor/nvf/visuals.nix @@ -2,6 +2,7 @@ indent-blankline.enable = true; fidget-nvim.enable = true; fidget-nvim.setupOpts.notification.override_vim_notify = true; + nvim-cursorline.enable = true; nvim-web-devicons.enable = true; rainbow-delimiters.enable = true; } diff --git a/modules/home/cli/fetch/default.nix b/modules/home/cli/fetch/default.nix new file mode 100644 index 0000000..1aa53ef --- /dev/null +++ b/modules/home/cli/fetch/default.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (config.cli.fetch == "hyfetch") { + home.packages = [ pkgs.fastfetch ]; + home.sessionVariables.FETCH = "hyfetch"; + home.shellAliases.fetch = "hyfetch"; + programs.hyfetch = { + enable = true; + settings = { + preset = "bisexual"; + mode = "rgb"; + light_dark = "dark"; + lightness = 0.5; + color_align = { + mode = "horizontal"; + custom_colors = [ ]; + fore_back = null; + }; + backend = "fastfetch"; + }; + }; + + }) + ]; +} diff --git a/modules/home/cli/file-browser/default.nix b/modules/home/cli/file-browser/default.nix new file mode 100644 index 0000000..847d7e9 --- /dev/null +++ b/modules/home/cli/file-browser/default.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.cli.file-browser == "yazi") { + home.sessionVariables.FILE_BROWSER = "yazi"; + programs.yazi = { + enable = true; + shellWrapperName = "t"; + settings = { + mgr = { + sort_by = "natural"; + prepend_keymap = [ + { + on = "l"; + run = "plugin smart-enter"; + desc = ""; + } + ]; + }; + }; + }; + }; +} diff --git a/modules/home/cli/finder/default.nix b/modules/home/cli/finder/default.nix new file mode 100644 index 0000000..894cbc1 --- /dev/null +++ b/modules/home/cli/finder/default.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (config.cli.finder == "fzf") { + programs.fzf = { + enable = true; + enableZshIntegration = lib.mkIf (config.cli.shell == "zsh") true; + }; + }) + ]; +} diff --git a/modules/home/cli/multiplexer/default.nix b/modules/home/cli/multiplexer/default.nix new file mode 100644 index 0000000..bf420eb --- /dev/null +++ b/modules/home/cli/multiplexer/default.nix @@ -0,0 +1,14 @@ +{ + osConfig, + config, + lib, + pkgs, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (config.cli.multiplexer == "zellij") ( + import ./zellij.nix { inherit config pkgs osConfig; } + )) + ]; +} diff --git a/modules/home/cli/multiplexer/zellij.nix b/modules/home/cli/multiplexer/zellij.nix new file mode 100644 index 0000000..0e3f078 --- /dev/null +++ b/modules/home/cli/multiplexer/zellij.nix @@ -0,0 +1,60 @@ +{ + config, + pkgs, + osConfig, +}: +{ + home.sessionVariables.MULTIPLEXER = "zellij"; + home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ "/.cache/zellij" ]; + programs.zellij = { + enable = true; + enableZshIntegration = true; + attachExistingSession = true; + exitShellOnExit = true; + settings = { + pane_frames = false; + show_startup_tips = false; + show_release_notes = false; + }; + }; + xdg.configFile."zellij/layouts/default.kdl".text = # kdl + '' + layout { + default_tab_template { + pane size=1 borderless=true { + plugin location="file:${pkgs.zjstatus}/bin/zjstatus.wasm" { + format_left "{mode} ${osConfig.system.hostname}" + format_center "{tabs}" + format_right "{datetime}" + format_space "" + format_hide_on_overlength "true" + format_precedence "lrc" + + border_enabled "false" + border_char "─" + border_format "#[fg=#6C7086]{char}" + border_position "top" + + hide_frame_for_single_pane "false" + + mode_default_to_mode "normal" + mode_normal "#[bg=#89B4FA] {name} " + mode_locked "#[bg=#f55e18] {name} " + mode_session "#[bg=#00ff00] {name} " + + tab_normal "#[fg=#6C7086] {index} " + tab_active "#[fg=#9399B2,bold,italic] {index} " + tab_display_count "3" // limit to showing 3 tabs + tab_truncate_start_format "..." + tab_truncate_end_format "..." + + datetime "#[fg=#6C7086,bold] {format}" + datetime_format "%H:%M:%S" + datetime_timezone "Asia/Singapore" + } + } + children + } + } + ''; +} diff --git a/modules/home/cli/shell/default.nix b/modules/home/cli/shell/default.nix new file mode 100644 index 0000000..966a01d --- /dev/null +++ b/modules/home/cli/shell/default.nix @@ -0,0 +1,38 @@ +{ config, lib, ... }: +{ + config = lib.mkIf (config.cli.shell == "zsh") { + home.sessionVariables.SHELL = "zsh"; + programs.zsh = { + enable = true; + enableVteIntegration = true; + syntaxHighlighting.enable = true; + historySubstringSearch.enable = true; + history = { + append = true; + extended = true; + ignoreDups = true; + ignoreSpace = true; + save = 10000; + share = true; + size = 10000; + }; + }; + programs.zsh.initContent = lib.mkIf config.cli.screensaver.enable ( + lib.mkOrder 1200 + # zsh + '' + precmd() { + TMOUT=${config.cli.screensaver.timeout} + } + + TRAPALRM() { + TMOUT=1 + ${config.cli.screensaver.command} + # If we exit, assume the previous command was exited out of + TMOUT=${config.cli.screensaver.timeout} + zle reset-prompt + } + '' + ); + }; +} diff --git a/modules/home/cli/utilities/default.nix b/modules/home/cli/utilities/default.nix new file mode 100644 index 0000000..3199378 --- /dev/null +++ b/modules/home/cli/utilities/default.nix @@ -0,0 +1,3 @@ +{ + imports = [ ./git.nix ]; +} diff --git a/nix/homes/rafiq/git.nix b/modules/home/cli/utilities/git.nix similarity index 59% rename from nix/homes/rafiq/git.nix rename to modules/home/cli/utilities/git.nix index fd6d21d..9de797a 100644 --- a/nix/homes/rafiq/git.nix +++ b/modules/home/cli/utilities/git.nix @@ -1,18 +1,22 @@ +{ config, ... }: { - flake.modules.homeManager.rafiq = { + config = { + home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; home.shellAliases = { gs = "git status"; gc = "git commit"; gcam = "git commit -am"; gu = "git push"; gy = "git pull"; - gdh = "git diff HEAD"; }; programs.git = { enable = true; + userName = config.cli.git.name; + userEmail = config.cli.git.email; + signing.key = "~/.ssh/id_ed25519.pub"; signing.signByDefault = true; extraConfig = { - init.defaultBranch = "prime"; + init.defaultBranch = config.cli.git.defaultBranch; push.autoSetupRemote = true; pull.rebase = false; core.editor = "$EDITOR"; diff --git a/modules/home/desktop/browser/firefox/default.nix b/modules/home/desktop/browser/firefox/default.nix new file mode 100644 index 0000000..ab4f2e0 --- /dev/null +++ b/modules/home/desktop/browser/firefox/default.nix @@ -0,0 +1,12 @@ +{ osConfig, lib, ... }: +{ + config = lib.mkIf (osConfig.desktop.browser == "firefox") { + home.persistence."/persist/home/rafiq".directories = [ ".mozilla/firefox" ]; + home.sessionVariables.BROWSER = "firefox"; + programs.firefox = { + enable = true; + profiles.rafiq.id = 0; + profiles.test.id = 1; + }; + }; +} diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix new file mode 100644 index 0000000..2a77588 --- /dev/null +++ b/modules/home/desktop/default.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + osConfig, + pkgs, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (osConfig.hardware.gpu == "nvidia") { + home.packages = [ pkgs.stable-diffusion-webui.forge.cuda ]; + home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ + ".local/share/stable-diffusion-webui" + ]; + }) + (lib.mkIf osConfig.desktop.enableSpotifyd { + services.spotifyd.enable = true; + services.spotifyd.settings.global = { + device_name = "${osConfig.system.hostname}"; + device_type = "computer"; + zeroconf_port = 5353; + }; + }) + (lib.mkIf osConfig.desktop.enableSteam { + home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [ + ".local/share/Steam" + ]; + }) + ]; +} diff --git a/modules/home/desktop/launcher/default.nix b/modules/home/desktop/launcher/default.nix new file mode 100644 index 0000000..05bb845 --- /dev/null +++ b/modules/home/desktop/launcher/default.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + osConfig, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (osConfig.desktop.launcher == "fuzzel") { + home.sessionVariables.LAUNCHER = "fuzzel"; + programs.fuzzel = { + enable = true; + }; + }) + (lib.mkIf (osConfig.desktop.launcher == "wofi") { + home.sessionVariables.LAUNCHER = "wofi"; + programs.wofi = { + enable = true; + style = null; + settings = { }; + }; + }) + ]; +} diff --git a/modules/home/desktop/lockscreen/default.nix b/modules/home/desktop/lockscreen/default.nix new file mode 100644 index 0000000..8003c52 --- /dev/null +++ b/modules/home/desktop/lockscreen/default.nix @@ -0,0 +1,47 @@ +{ + osConfig, + lib, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (osConfig.desktop.lockscreen == "hyprlock") { + home.sessionVariables.LOCKSCREEN = "hyprlock"; + programs.hyprlock = { + enable = true; + settings = { + general.hide_cursor = true; + general.ignore_empty_input = true; + + background = { + blur_passes = 5; + blur_size = 5; + }; + + label = { + text = ''hi, $USER.''; + font_size = 32; + halign = "center"; + valign = "center"; + position = "0, 0"; + zindex = 1; + shadow_passes = 5; + shadow_size = 5; + }; + + input-field = { + fade_on_empty = true; + size = "200, 45"; + halign = "center"; + valign = "center"; + position = "0, -5%"; + placeholder_text = ""; + zindex = 1; + shadow_passes = 5; + shadow_size = 5; + }; + }; + }; + }) + ]; +} diff --git a/modules/home/desktop/notification-daemon/default.nix b/modules/home/desktop/notification-daemon/default.nix new file mode 100644 index 0000000..c6bb63f --- /dev/null +++ b/modules/home/desktop/notification-daemon/default.nix @@ -0,0 +1,12 @@ +{ osConfig, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (osConfig.desktop.notification-daemon == "mako") { + home.sessionVariables.NOTIFICATION_DAEMON = "mako"; + services.mako = { + enable = true; + settings = { }; + }; + }) + ]; +} diff --git a/modules/home/desktop/status-bar/default.nix b/modules/home/desktop/status-bar/default.nix new file mode 100644 index 0000000..6e954cb --- /dev/null +++ b/modules/home/desktop/status-bar/default.nix @@ -0,0 +1,61 @@ +{ + pkgs, + config, + lib, + osConfig, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (osConfig.desktop.status-bar == "waybar") { + home.sessionVariables.STATUS_BAR = "waybar"; + programs.waybar = { + enable = true; + settings = [ + { + layer = "top"; + modules-left = [ + "pulseaudio" + ]; + modules-right = [ + "battery" + "clock" + ]; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = ""; + format-icons.default = [ + "" + "" + ]; + on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; + }; + "clock" = { + interval = 1; + format = "{:%F %T}"; + }; + "battery" = { + interval = 1; + bat-compatibility = true; + }; + } + ]; + style = # css + '' + window#waybar { + background-color: rgba(0, 0, 0, 0); + } + + #pulseaudio, + #battery, + #clock { + padding-top: 5px; + padding-bottom: 5px; + padding-right: 5px; + color: #ffffff; + } + ''; + }; + }) + ]; +} diff --git a/modules/home/desktop/terminal/default.nix b/modules/home/desktop/terminal/default.nix new file mode 100644 index 0000000..f3af070 --- /dev/null +++ b/modules/home/desktop/terminal/default.nix @@ -0,0 +1,23 @@ +{ + osConfig, + lib, + pkgs, + ... +}: +{ + config = lib.mkMerge [ + (lib.mkIf (osConfig.desktop.terminal == "kitty") { + home.packages = with pkgs; [ kitty ]; + home.sessionVariables.TERMINAL = "kitty"; + }) + (lib.mkIf (osConfig.desktop.terminal == "ghostty") { + home.sessionVariables.TERMINAL = "ghostty -e"; + programs.ghostty = { + enable = true; + settings = { + confirm-close-surface = false; + }; + }; + }) + ]; +} diff --git a/nix/homes/rafiq/desktop/_hyprland/decoration.nix b/modules/home/desktop/windowManager/hyprland/decoration.nix similarity index 81% rename from nix/homes/rafiq/desktop/_hyprland/decoration.nix rename to modules/home/desktop/windowManager/hyprland/decoration.nix index ee3d444..8748050 100644 --- a/nix/homes/rafiq/desktop/_hyprland/decoration.nix +++ b/modules/home/desktop/windowManager/hyprland/decoration.nix @@ -1,5 +1,5 @@ { - animation = [ "workspaces, 1, 1, default" ]; + animation = [ "workspaces, 0" ]; general = { border_size = 2; gaps_in = 0; diff --git a/modules/home/desktop/windowManager/hyprland/default.nix b/modules/home/desktop/windowManager/hyprland/default.nix new file mode 100644 index 0000000..de770c7 --- /dev/null +++ b/modules/home/desktop/windowManager/hyprland/default.nix @@ -0,0 +1,47 @@ +{ + pkgs, + lib, + osConfig, + ... +}: +let + inherit (osConfig.desktop) mainMonitor; +in +{ + config = lib.mkIf (osConfig.desktop.windowManager == "hyprland") { + wayland.windowManager.hyprland = { + enable = true; + systemd.enable = false; + settings = lib.mkMerge [ + { + ecosystem.no_update_news = true; + + monitor = [ + "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" + ", preferred, auto, 1" + ]; + + exec-once = [ + "uwsm app -- $LOCKSCREEN" + "uwsm app -- $NOTIFICATION_DAEMON" + "uwsm app -- $STATUS_BAR" + ]; + + xwayland.force_zero_scaling = true; + } + (import ./decoration.nix) + (import ./keybinds.nix { inherit pkgs; }) + ]; + }; + xdg.configFile."uwsm/env".text = # sh + '' + export GDK_SCALE=${mainMonitor.scale} + export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} + ''; + xdg.configFile."uwsm/env-hyprland".text = # sh + '' + export GDK_SCALE=${mainMonitor.scale} + export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} + ''; + }; +} diff --git a/nix/homes/rafiq/desktop/_hyprland/keybinds.nix b/modules/home/desktop/windowManager/hyprland/keybinds.nix similarity index 53% rename from nix/homes/rafiq/desktop/_hyprland/keybinds.nix rename to modules/home/desktop/windowManager/hyprland/keybinds.nix index 9e75db1..c12fc63 100644 --- a/nix/homes/rafiq/desktop/_hyprland/keybinds.nix +++ b/modules/home/desktop/windowManager/hyprland/keybinds.nix @@ -6,12 +6,11 @@ "$hypr, Q, exec, uwsm stop" "SUPER, W, killactive" - "SUPER, return, exec, uwsm app -- $TERMINAL" + "SUPER, return, exec, uwsm app -- $TERMINAL $MULTIPLEXER" "SUPER, O, exec, uwsm app -- $BROWSER" "SUPER, Escape, exec, uwsm app -- $LOCKSCREEN" - #TODO:add file browser + "SUPER, space, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")" - #TODO: make it directional "SUPER, H, cyclenext, visible" "SUPER, L, cyclenext, visible prev" "SUPER_ALT, H, movewindow, l" @@ -26,31 +25,15 @@ "SUPER_CTRL, L, workspace, r+1" "$hypr, H, movetoworkspace, r-1" "$hypr, L, movetoworkspace, r+1" - - "$hypr, V, togglefloating" - ]; - - bindr = [ - # Activates on SUPER without any other modifier - "SUPER, Super_L, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")" ]; bindle = [ - "SUPER, 6, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" + "SUPER, 6, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" "SUPER, 7, exec, ${pkgs.playerctl}/bin/playerctl previous" - "SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl -a play-pause" + "SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl play-pause" "SUPER, 9, exec, ${pkgs.playerctl}/bin/playerctl next" - "SUPER, 0, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" - - "ALT, mouse_up, resizeactive, 10% 10%" - "ALT, mouse_down, resizeactive, -10% -10%" - ]; - - bindm = [ - "ALT, mouse:272, movewindow" - "ALT, mouse:273, resizeactive" - ]; - bindc = [ - "ALT, mouse:272, togglefloating" + "SUPER, 0, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" + "$meh, mouse_up, resizeactive, 10% 10%" + "$meh, mouse_down, resizeactive, -10% -10%" ]; } diff --git a/modules/home/system/default.nix b/modules/home/system/default.nix new file mode 100644 index 0000000..3996e00 --- /dev/null +++ b/modules/home/system/default.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + home.persistence."/persist/home/${config.snowfallorg.user.name}" = { + directories = [ + ".ssh" + ".config/sops/age" + ]; + allowOther = true; + }; + + home.stateVersion = "24.11"; +} diff --git a/modules/nixos/cli/default.nix b/modules/nixos/cli/default.nix new file mode 100644 index 0000000..ebbf824 --- /dev/null +++ b/modules/nixos/cli/default.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ ]; + + options.cli = { }; + + config = lib.mkMerge [ + { + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.pathsToLink = [ "/share/zsh" ]; # enables completion + } + ]; +} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix new file mode 100644 index 0000000..47ccd71 --- /dev/null +++ b/modules/nixos/desktop/default.nix @@ -0,0 +1,78 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + imports = [ + ./windowManager.nix + ]; + + options.desktop = { + mainMonitor = { + id = lib.pantheon.mkStrOption; + scale = lib.pantheon.mkStrOption; + resolution = lib.pantheon.mkStrOption; + refresh-rate = lib.pantheon.mkStrOption; + }; + windowManager = lib.pantheon.mkStrOption; + lockscreen = lib.pantheon.mkStrOption; + browser = lib.pantheon.mkStrOption; + terminal = lib.pantheon.mkStrOption; + notification-daemon = lib.pantheon.mkStrOption; + launcher = lib.pantheon.mkStrOption; + status-bar = lib.pantheon.mkStrOption; + enableSpotifyd = lib.mkEnableOption ""; + enableSteam = lib.mkEnableOption ""; + enableVR = lib.mkEnableOption ""; + enableSunshine = lib.mkEnableOption ""; + }; + + config = lib.mkMerge [ + { + fonts.packages = with pkgs; [ + font-awesome + ]; + } + (lib.mkIf config.desktop.enableSteam { + programs.steam = { + enable = true; + gamescopeSession.enable = true; + }; + }) + (lib.mkIf config.desktop.enableVR { + programs.alvr = { + enable = true; + openFirewall = true; + }; + environment.systemPackages = [ pkgs.android-tools ]; + }) + (lib.mkIf config.desktop.enableSunshine { + networking.firewall.allowedTCPPortRanges = [ + { + from = 47984; + to = 47990; + } + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 47998; + to = 48000; + } + ]; + networking.firewall.allowedTCPPorts = [ 48010 ]; + services.sunshine = { + enable = true; + capSysAdmin = true; + openFirewall = true; + settings = { + sunshine_name = config.system.hostname; + port = 48989; # default + origin_web_ui_allowed = "wan"; + }; + applications = { }; + }; + }) + ]; +} diff --git a/modules/nixos/desktop/lockscreen/default.nix b/modules/nixos/desktop/lockscreen/default.nix new file mode 100644 index 0000000..ce40153 --- /dev/null +++ b/modules/nixos/desktop/lockscreen/default.nix @@ -0,0 +1,8 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (config.desktop.lockscreen == "hyprlock") { + security.pam.services.hyprlock = { }; + }) + ]; +} diff --git a/modules/nixos/desktop/windowManager.nix b/modules/nixos/desktop/windowManager.nix new file mode 100644 index 0000000..251690a --- /dev/null +++ b/modules/nixos/desktop/windowManager.nix @@ -0,0 +1,23 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (config.desktop.windowManager == "hyprland") { + environment.loginShellInit = # sh + '' + if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then + if uwsm check may-start; then + exec uwsm start hyprland-uwsm.desktop + fi + fi + ''; + environment.variables = { + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + NIXOS_OZONE_WL = "1"; + }; + programs.hyprland = { + enable = true; + withUWSM = true; + }; + }) + ]; +} diff --git a/modules/nixos/hardware/audio.nix b/modules/nixos/hardware/audio.nix new file mode 100644 index 0000000..7c6402a --- /dev/null +++ b/modules/nixos/hardware/audio.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + config = { + services.pipewire = { + enable = true; + pulse.enable = true; + }; + }; +} diff --git a/modules/nixos/hardware/btrfs.nix b/modules/nixos/hardware/btrfs.nix new file mode 100644 index 0000000..5b43f07 --- /dev/null +++ b/modules/nixos/hardware/btrfs.nix @@ -0,0 +1,104 @@ +{ lib, config, ... }: +let + cfg = config.hardware.drives.btrfs; +in +{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + boot.initrd.kernelModules = [ "dm-snapshot" ]; + disko.devices.disk.main = { + device = cfg.drive; + type = "disk"; + content.type = "gpt"; + content.partitions = { + boot.name = "boot"; + boot.size = "1M"; + boot.type = "EF02"; + esp.name = "ESP"; + esp.size = "500M"; + esp.type = "EF00"; + esp.content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + swap.size = "4G"; + swap.content = { + type = "swap"; + resumeDevice = true; + }; + root.name = "root"; + root.size = "100%"; + root.content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + + disko.devices.lvm_vg.root_vg = { + type = "lvm_vg"; + lvs.root.size = "100%FREE"; + lvs.root.content.type = "btrfs"; + lvs.root.content.extraArgs = [ "-f" ]; + lvs.root.content.subvolumes = { + "/root".mountpoint = "/"; + "/persist".mountpoint = "/persist"; + "/persist".mountOptions = [ + "subvol=persist" + "noatime" + ]; + "/nix".mountpoint = "/nix"; + "/nix".mountOptions = [ + "subvol=nix" + "noatime" + ]; + }; + }; + } + (lib.mkIf cfg.ephemeralRoot { + boot.initrd.postDeviceCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + programs.fuse.userAllowOther = true; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/var/lib/systemd" + "/var/lib/nixos" + ]; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/machine-id" + ]; + }; + }) + ] + ); +} diff --git a/modules/nixos/hardware/cpu.nix b/modules/nixos/hardware/cpu.nix new file mode 100644 index 0000000..7f95f6a --- /dev/null +++ b/modules/nixos/hardware/cpu.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + (lib.mkIf (config.hardware.platform == "amd") { + hardware.cpu.amd.updateMicrocode = true; + boot.kernelModules = [ "kvm-amd" ]; + }) + (lib.mkIf (config.hardware.platform == "intel") { + hardware.cpu.intel.updateMicrocode = true; + boot.kernelModules = [ "kvm-intel" ]; + }) + ]; +} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix new file mode 100644 index 0000000..c1370bc --- /dev/null +++ b/modules/nixos/hardware/default.nix @@ -0,0 +1,29 @@ +{ lib, ... }: +{ + imports = [ + ./btrfs.nix + ./nvidia.nix + ./audio.nix + ./cpu.nix + ./networking.nix + ]; + + options.hardware = { + drives.btrfs = { + enable = lib.mkEnableOption ""; + drive = lib.pantheon.mkStrOption; + ephemeralRoot = lib.mkEnableOption ""; + }; + gpu = lib.pantheon.mkStrOption; + platform = lib.pantheon.mkStrOption; + }; + + config = { + services.fwupd.enable = true; + hardware.bluetooth = { + enable = true; + settings.General.Experimental = true; + }; + hardware.xone.enable = true; + }; +} diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix new file mode 100644 index 0000000..cc00ccd --- /dev/null +++ b/modules/nixos/hardware/networking.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: +{ + config = lib.mkMerge [ + { + networking.useDHCP = lib.mkDefault true; + networking.hostName = config.system.hostname; + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PrintMotd = true; + }; + }; + + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."keys/tailscale".path; + }; + environment.persistence."/persist".directories = [ "/var/lib/tailscale" ]; + } + (lib.mkIf config.desktop.enableSpotifyd { + networking.firewall.allowedTCPPorts = [ 5353 ]; + networking.firewall.allowedUDPPorts = [ 5353 ]; + }) + ]; +} diff --git a/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix new file mode 100644 index 0000000..23644c2 --- /dev/null +++ b/modules/nixos/hardware/nvidia.nix @@ -0,0 +1,30 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + config = lib.mkIf (config.hardware.gpu == "nvidia") { + hardware = { + graphics.enable = true; + graphics.extraPackages = with pkgs; [ + nvidia-vaapi-driver + ]; + nvidia.open = true; + nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; + }; + services.xserver.videoDrivers = [ "nvidia" ]; + nixpkgs.config.allowUnfree = true; + environment.variables = { + LIBVA_DRIVER_NAME = "nvidia"; + __GLX_VENDOR_LIBRARY_NAME = "nvidia"; + NVD_BACKEND = "direct"; + }; + + nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; + nix.settings.trusted-public-keys = [ + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + ]; + }; +} diff --git a/modules/nixos/server/databases/default.nix b/modules/nixos/server/databases/default.nix new file mode 100644 index 0000000..640d587 --- /dev/null +++ b/modules/nixos/server/databases/default.nix @@ -0,0 +1,58 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.server.databases; +in +{ + options.server.databases = { + mongodb = { + enable = lib.mkEnableOption "the MongoDB server"; + port = lib.pantheon.mkPortOption 27017; + }; + mysql = { + enable = lib.mkEnableOption "the MySQL server"; + port = lib.pantheon.mkPortOption 3306; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.mongodb.enable { + networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ]; + environment.persistence."/persist".directories = [ + { + directory = builtins.toString config.services.mongodb.dbpath; + user = "mongodb"; + group = "mongodb"; + } + ]; + services.mongodb = { + enable = true; + bind_ip = "0.0.0.0"; + extraConfig = '' + net.port: ${builtins.toString cfg.mongodb.port} + ''; + }; + }) + (lib.mkIf cfg.mysql.enable { + networking.firewall.allowedTCPPorts = [ cfg.mysql.port ]; + environment.persistence."/persist".directories = [ + { + directory = builtins.toString config.services.mysql.dataDir; + user = "mysql"; + group = "mysql"; + } + ]; + services.mysql = { + enable = true; + package = pkgs.mariadb; + settings.mysqld = { + inherit (cfg.mysql) port; + }; + }; + }) + ]; +} diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix new file mode 100644 index 0000000..f1b6a89 --- /dev/null +++ b/modules/nixos/server/default.nix @@ -0,0 +1,73 @@ +{ + lib, + config, + ... +}: +{ + options.server = { + mountHelios = lib.mkEnableOption ""; + enableDDNS = lib.mkEnableOption ""; + }; + + config = lib.mkMerge [ + (lib.mkIf config.server.enableDDNS { + services.godns = { + enable = true; + loadCredential = [ + "cf_token:${config.sops.secrets."keys/cloudflare".path}" + "telegram_bot_token:${config.sops.secrets."keys/telegram_bot".path}" + ]; + settings = { + provider = "Cloudflare"; + login_token_file = "$CREDENTIALS_DIRECTORY/cf_token"; + domains = [ + { + domain_name = "rrv.sh"; + sub_domains = [ "@" ]; + } + { + domain_name = "aenyrathia.wiki"; + sub_domains = [ "@" ]; + } + { + domain_name = "bwfiq.com"; + sub_domains = [ "*" ]; + } + { + domain_name = "slayment.com"; + sub_domains = [ "*" ]; + } + ]; + resolver = "1.1.1.1"; + ip_urls = [ + "https://wtfismyip.com/text" + "https://api.ipify.org" + "https://myip.biturl.top" + "https://api-ipv4.ip.sb/ip" + ]; + ip_type = "IPv4"; + interval = 300; + notify = { + telegram = { + enabled = true; + bot_api_key_file = "$CREDENTIALS_DIRECTORY/telegram_bot_token"; + chat_id = "384288005"; + message_template = "Domain *{{ .Domain }} has been updated to %0A{{ .CurrentIP }}"; + }; + }; + }; + }; + }) + (lib.mkIf config.server.mountHelios { + fileSystems."/media/helios/data" = { + device = "//helios/data"; + fsType = "cifs"; + options = [ + "x-systemd.automount" + "x-systemd.requires=tailscaled.service" + "x-systemd.mount-timeout=0" + ]; + }; + }) + ]; +} diff --git a/modules/nixos/server/web-apps/default.nix b/modules/nixos/server/web-apps/default.nix new file mode 100644 index 0000000..6c8453d --- /dev/null +++ b/modules/nixos/server/web-apps/default.nix @@ -0,0 +1,65 @@ +{ + inputs, + config, + lib, + ... +}: +let + cfg = config.server.web-apps; +in +{ + + imports = [ + "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix" + ]; + + options.server.web-apps = { + librechat.enable = lib.mkEnableOption ""; + }; + + config = lib.mkIf cfg.librechat.enable { + services.librechat = { + enable = true; + openFirewall = true; + port = 3080; + env = { + HOST = "0.0.0.0"; + ALLOW_REGISTRATION = "true"; + MONGO_URI = "mongodb://apollo:27017"; + }; + credentials = { + CREDS_KEY = config.sops.secrets."librechat/creds_key".path; + CREDS_IV = config.sops.secrets."librechat/creds_iv".path; + JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path; + JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path; + }; + settings = { + version = "1.0.8"; + cache = true; + interface = { + privacyPolicy = { + externalUrl = "https://librechat.ai/privacy-policy"; + openNewTab = true; + }; + }; + endpoints = { + custom = [ + { + name = "OpenRouter"; + apiKey = "\${OPENROUTER_KEY}"; + baseURL = "https://openrouter.ai/api/v1"; + models = { + default = [ "meta-llama/llama-3-70b-instruct" ]; + fetch = true; + }; + titleConvo = true; + titleModule = "meta-llama/llama-3-70b-instruct"; + dropParams = [ "stop" ]; + modelDisplayLabel = "OpenRouter"; + } + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/server/web-servers/default.nix b/modules/nixos/server/web-servers/default.nix new file mode 100644 index 0000000..cfe2e49 --- /dev/null +++ b/modules/nixos/server/web-servers/default.nix @@ -0,0 +1,52 @@ +{ config, lib, ... }: +let + cfg = config.server.web-servers; +in +{ + options.server.web-servers = { + nginx = { + enable = lib.mkEnableOption "the Nginx server"; + }; + }; + config = lib.mkMerge [ + { + security.acme = { + acceptTerms = true; + defaults.email = "rafiq@rrv.sh"; + }; + } + (lib.mkIf cfg.nginx.enable { + networking.firewall.allowedTCPPorts = [ + 443 + 80 + ]; + services.nginx = { + enable = true; + virtualHosts = { + "chat.bwfiq.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://helios:3080"; + }; + }; + "il.bwfiq.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://helios:2283"; + }; + }; + ${config.system.hostname} = { + locations."/" = { + return = "200 'It works! /tmp/commit_msg.txt - "$EDITOR" /tmp/commit_msg.txt - RESPONSE=$(cat /tmp/commit_msg.txt) - rm /tmp/commit_msg.txt - ;; - q | quit | "") - echo "Aborted." - exit 1 - ;; - *) - echo "Invalid choice. Please choose again." - ;; - esac - done - '' diff --git a/nix/homes/rafiq/_scripts/note.nix b/nix/homes/rafiq/_scripts/note.nix deleted file mode 100644 index 0470fc2..0000000 --- a/nix/homes/rafiq/_scripts/note.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -pkgs.writeShellScriptBin "note" # bash - '' - zk edit -i - pushd ~/notebook > /dev/null - git add . - commit -u - popd > /dev/null - '' diff --git a/nix/homes/rafiq/_scripts/rebuild.nix b/nix/homes/rafiq/_scripts/rebuild.nix deleted file mode 100644 index 223a4db..0000000 --- a/nix/homes/rafiq/_scripts/rebuild.nix +++ /dev/null @@ -1,148 +0,0 @@ -{ pkgs }: -let - inherit (pkgs.lib) getExe; -in -pkgs.writeShellScriptBin "rebuild" # sh - '' - QUICK=false - NO_GENERATION_CHECK=false - TEST_SHELL=false - REMOTE_HOSTS=() - REBUILDING_ALL=false - # ANSI color codes - GREEN='\033[0;32m' - ORANGE='\033[0;33m' - RED='\033[0;31m' - NC='\033[0m' - - info() { - timestamp=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "''${GREEN}''${timestamp} INFO: $1''${NC}" - } - - warn() { - timestamp=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "''${ORANGE}''${timestamp} WARN: $1''${NC}" - } - - err() { - timestamp=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "''${RED}''${timestamp} ERROR: $1''${NC}" - } - - prompt() { - local PROMPT="$1" - shift - read -p "$PROMPT? (y/n) [n]: " -n 1 -r REPLY - echo - if [[ "$REPLY" =~ ^[Yy]$ ]]; then - "$*" - else - info "$PROMPT aborted." - fi - } - - spawn_test_shell() { - info "Spawning test shell on $1..." - (export PS1="Test shell> " - exec ${pkgs.bash}/bin/bash ssh "$1") || { - ${pkgs.cowsay}/bin/cowsay "You aborted." - exit 1 - } - } - - rebuild_remote() { - local args=(".#nixosConfigurations.$1" "--target-host" "$1") - local CURRENT_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2) - - if "$TEST_SHELL"; then - info "Testing $1..." - ${getExe pkgs.nh} os test "''${args[@]}" || exit 1 - git diff HEAD --color=always --stat --patch - spawn_test_shell "$1" - info "Rebuilding $1..." - ${getExe pkgs.nh} os boot "''${args[@]}" || exit 1 - else - info "Rebuilding $1 on $HOSTNAME..." - ${getExe pkgs.nh} os switch "''${args[@]}" || exit 1 - fi - - if ! "$NO_GENERATION_CHECK"; then - local NEW_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2) - info "$1 - New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION." - if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then - warn "New config was not added to bootloader." - fi - fi - } - - info "Starting rebuild script." - - if [ ! -f "flake.nix" ]; then - err "flake.nix not found in the current directory. Exiting." - exit 1 # Indicate an error - fi - - while [[ $# -gt 0 ]]; do - case "$1" in - --quick | -q) - QUICK=true - shift - ;; - --no-generation-check | -n) - NO_GENERATION_CHECK=true - shift - ;; - --test-shell | -t) - TEST_SHELL=true - shift - ;; - --all | -a) - reachable_hosts=() - hostnames=$(nix flake show --all-systems --json | , jq -r '.nixosConfigurations | keys | .[]') - for host in ''${hostnames[@]}; do - info "Checking if $host is reachable..." - if ping -c 1 -W 1 "$host" > /dev/null 2>&1 ; then - info "$host is reachable." - reachable_hosts+=("$host") - else - warn "$host is unreachable." - fi - done - REMOTE_HOSTS=(''${reachable_hosts[@]}) - REBUILDING_ALL=true - shift - ;; - *) - if [ !REBUILDING_ALL ]; then - if ping -c 1 -W 1 "$1" > /dev/null 2>&1 ; then - REMOTE_HOSTS+=("$1") - else - err "$1 is unreachable. Exiting." - exit 1 - fi - fi - shift - ;; - esac - done - - if [ ''${#REMOTE_HOSTS[@]} == 0 ]; then - info "No hostnames provided." - REMOTE_HOSTS=("$HOSTNAME") - fi - - git add . - - for host in "''${REMOTE_HOSTS[@]}"; do - rebuild_remote $host - done - - if ! "$QUICK"; then - prompt "Commit changes" commit - prompt "Reboot system" sudo systemctl reboot - fi - - info "Rebuild script completed successfully." - exit 0 - '' diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix deleted file mode 100644 index 873dbcd..0000000 --- a/nix/homes/rafiq/darwin.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -let - inherit (lib.modules) mkIf; -in -{ - flake.modules.homeManager.rafiq = - { - pkgs, - config, - hostName, - hostConfig, - ... - }: - mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") { - home.file."Library/Application Support/aichat/config.yaml".text = '' - model: gemini:gemini-2.0-flash - clients: - - type: gemini - ''; - }; -} diff --git a/nix/homes/rafiq/default.nix b/nix/homes/rafiq/default.nix deleted file mode 100644 index 86b4733..0000000 --- a/nix/homes/rafiq/default.nix +++ /dev/null @@ -1,146 +0,0 @@ -{ lib, inputs, ... }: -let - inherit (lib.strings) concatStrings; -in -{ - flake.modules.homeManager.rafiq = - { pkgs, ... }: - { - imports = [ - inputs.nvf.homeManagerModules.default - inputs.nix-index-database.hmModules.nix-index - ]; - persistDirs = [ - ".local/share/zoxide" - "notebook" - ]; - xdg.configFile."aichat/config.yaml".text = '' - model: gemini:gemini-2.0-flash - clients: - - type: gemini - ''; - home = { - sessionVariables = { - EDITOR = "nvim"; - FETCH = "hyfetch"; - FILE_BROWSER = "yazi"; - SHELL = "fish"; - }; - shellAliases = { - fetch = "hyfetch"; - windows = "sudo systemctl reboot --boot-loader-entry=auto-windows"; - v = "$EDITOR"; - e = "edit"; - cd = "z"; # zoxide - ai = "aichat -r %shell% -e"; - }; - packages = with pkgs; [ - fastfetch - ripgrep - aichat - (import ./_scripts/edit.nix { inherit pkgs; }) - (import ./_scripts/commit.nix { inherit pkgs; }) - (import ./_scripts/note.nix { inherit pkgs; }) - (import ./_scripts/rebuild.nix { inherit pkgs; }) - ]; - }; - programs = { - mise.enable = true; - nvf.enable = true; - nvf.settings.vim = { - syntaxHighlighting = true; - hideSearchHighlight = true; - searchCase = "ignore"; - undoFile.enable = true; - telescope.enable = true; - fzf-lua.enable = true; - git.enable = true; - autopairs.nvim-autopairs.enable = true; - autocomplete = import ./_nvf/autocomplete.nix { inherit lib; }; - binds = import ./_nvf/binds.nix; - languages = import ./_nvf/languages.nix; - lsp = import ./_nvf/lsp.nix; - navigation = import ./_nvf/navigation.nix; - notes.todo-comments.enable = true; - options = { - autoindent = true; - backspace = "indent,eol,start"; - cursorline = true; - expandtab = true; - shiftwidth = 2; - smartindent = true; - tabstop = 2; - }; - snippets = import ./_nvf/snippets.nix { inherit pkgs; }; - statusline = import ./_nvf/statusline.nix; - treesitter = { - autotagHtml = true; - fold = true; - indent.disable = [ "markdown" ]; - textobjects.enable = true; - }; - ui = import ./_nvf/ui.nix; - utility = import ./_nvf/utility.nix; - visuals = import ./_nvf/visuals.nix; - }; - zk = { - enable = true; - settings.notebook.dir = "~/notebook"; - }; - hyfetch = { - enable = true; - settings = { - preset = "bisexual"; - mode = "rgb"; - light_dark = "dark"; - lightness = 0.5; - color_align = { - # Flag color alignment - mode = "horizontal"; - fore_back = null; - }; - backend = "fastfetch"; - }; - }; - - tealdeer.enable = true; - tealdeer.enableAutoUpdates = true; - direnv = { - enable = true; - nix-direnv.enable = true; - }; - zoxide.enable = true; - nix-index.enable = true; - nix-index-database.comma.enable = true; - fzf.enable = true; - fzf.enableZshIntegration = true; - yazi = { - enable = true; - shellWrapperName = "t"; - settings.mgr.sort_by = "natural"; - }; - fish.enable = true; - starship = { - enable = true; - settings = { - add_newline = false; - format = concatStrings [ - # First Line - ## Left Prompt - "$hostname$directory" - "$fill" - ## Right Prompt - "$all" - # Second Line - ## Left Prompt - "$character" - ]; - git_branch.format = "[$symbol$branch(:$remote_branch)]($style) "; - shlvl.disabled = false; - username.disabled = true; - fill.symbol = " "; - }; - }; - }; - }; -} diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix deleted file mode 100644 index e1f598c..0000000 --- a/nix/homes/rafiq/desktop/darwin.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: -let - inherit (config.manifest) admin; -in -{ - flake.modules.darwin.graphical.homebrew = { - enable = true; - user = admin.username; - onActivation.cleanup = "uninstall"; - brews = [ - "mise" - "docker" - ]; - casks = [ - "ghostty" - "slack" - "gitify" - "telegram" - "vial" - "linear-linear" - "chatgpt" - ]; - }; - flake.modules.homeManager.rafiq = { - # make sure brew is on the path for M1 - programs.zsh.initContent = '' - if [[ $(uname -m) == 'arm64' ]]; then - eval "$(/opt/homebrew/bin/brew shellenv)" - fi - ''; - programs.fish.shellInit = '' - if test (uname -m) = "arm64" - eval (/opt/homebrew/bin/brew shellenv) - end - ''; - }; -} diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix deleted file mode 100644 index 277d445..0000000 --- a/nix/homes/rafiq/desktop/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib, inputs, ... }: -{ - flake.modules.homeManager.rafiq = - { pkgs, config, ... }: - let - inherit (lib.modules) mkIf; - inherit (builtins) map listToAttrs; - inherit (lib.lists) findFirstIndex; - inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons; - profiles = listToAttrs ( - map (name: { - inherit name; - # If there are duplicate profile names, findFirstIndex will cause issues. - value = profileCfg (findFirstIndex (x: x == name) null syncedProfiles); - }) syncedProfiles - ); - syncedProfiles = [ - "rafiq" - "test" - ]; - profileCfg = id: { - inherit id; - settings."extensions.autoDisableScopes" = 0; # Auto enable extensions - extensions = { - force = true; - packages = with firefox-addons; [ - darkreader - gesturefy - sponsorblock - ublock-origin - ]; - }; - }; - in - mkIf config.graphical { - stylix = { - image = ./wallpaper.png; - targets = { - firefox.colorTheme.enable = true; - firefox.profileNames = syncedProfiles; - }; - }; - home = { - sessionVariables = { - BROWSER = "firefox"; - TERMINAL = "ghostty"; - }; - }; - programs = { - vesktop.enable = true; - thunderbird.enable = true; - thunderbird.profiles.rafiq.isDefault = true; - # ghostty is broken on nix-darwin - ghostty.settings.confirm-close-surface = false; - firefox = { - enable = true; - inherit profiles; - }; - }; - }; -} diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix deleted file mode 100644 index e7d66b4..0000000 --- a/nix/homes/rafiq/desktop/nixos.nix +++ /dev/null @@ -1,232 +0,0 @@ -{ lib, config, ... }: -let - inherit (config.manifest) admin; -in -{ - allowedUnfreePackages = [ - "stremio-shell" - "stremio-server" - "steam" - "steam-unwrapped" - ]; - flake.modules.nixos.graphical = - { config, pkgs, ... }: - { - fonts.packages = [ pkgs.font-awesome ]; - services.getty.autologinUser = admin.username; - # Start Hyprland at boot only if not connecting through SSH - environment.loginShellInit = # sh - '' - if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then - if uwsm check may-start; then - exec uwsm start hyprland-uwsm.desktop - fi - fi - ''; - environment.variables = { - # Get Electron apps to use Wayland - ELECTRON_OZONE_PLATFORM_HINT = "auto"; - NIXOS_OZONE_WL = "1"; - }; - programs = { - hyprland = { - enable = true; - # Use UWSM to have each process controlled by systemd init - withUWSM = true; - }; - steam = { - enable = true; - gamescopeSession.enable = true; - }; - }; - security.pam.services.hyprlock = { }; - services.sunshine = { - enable = true; - capSysAdmin = true; - openFirewall = true; - settings = { - sunshine_name = config.networking.hostName; - origin_pin_allowed = "wan"; - origin_web_ui_allowed = "wan"; - }; - applications = { }; - }; - # spotifyd - networking.firewall.allowedTCPPorts = [ 5353 ]; - networking.firewall.allowedUDPPorts = [ 5353 ]; - }; - flake.modules.homeManager.rafiq = - { - pkgs, - config, - hostName, - hostConfig, - ... - }: - let - inherit (lib.modules) mkMerge mkIf; - in - mkIf (config.graphical && pkgs.system == "x86_64-linux") { - stylix.targets.waybar.addCss = false; - persistDirs = [ - "docs" - "repos" - "vids" - "tmp" - ".cache/Smart Code ltd/Stremio" - ".local/share/Smart Code ltd/Stremio" - ".mozilla/firefox" - ".tor project" - ".local/share/Steam" - ".local/share/PrismLauncher" - ".config/sunshine" - ]; - home = { - packages = with pkgs; [ - wl-clipboard-rs - stremio - tor-browser - vlc - prismlauncher - ]; - sessionVariables = { - LAUNCHER = "fuzzel"; - LOCKSCREEN = "hyprlock"; - NOTIFICATION_DAEMON = "mako"; - STATUS_BAR = "waybar"; - }; - }; - # xdg.configFile."uwsm/env".text = # sh - # '' - # # Force apps to scale right with Wayland - # export GDK_SCALE=${mainMonitor.scale} - # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - # ''; - # xdg.configFile."uwsm/env-hyprland".text = # sh - # '' - # export GDK_SCALE=${mainMonitor.scale} - # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - # ''; - wayland.windowManager.hyprland = { - enable = true; - # This is needed for UWSM - systemd.enable = false; - # Null the packages since we use them system wide - package = null; - portalPackage = null; - settings = mkMerge [ - (import ./_hyprland/decoration.nix) - (import ./_hyprland/keybinds.nix { inherit pkgs; }) - { - ecosystem.no_update_news = true; - xwayland.force_zero_scaling = true; - monitor = - let - mainMonitor = hostConfig.machine.monitors.main; - in - [ - "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" - ", preferred, auto, 1" - ]; - exec-once = [ - "uwsm app -- $LOCKSCREEN" - "uwsm app -- $NOTIFICATION_DAEMON" - "uwsm app -- $STATUS_BAR" - ]; - } - ]; - }; - services = { - spotifyd.enable = true; - spotifyd.settings.global = { - device_name = "${hostName}"; - device_type = "computer"; - zeroconf_port = 5353; - }; - mako.enable = true; - mako.settings.default-timeout = 10000; - }; - programs = { - obs-studio.enable = true; - fuzzel.enable = true; - ghostty.enable = true; - waybar = { - enable = true; - settings = [ - { - layer = "top"; - modules-left = [ - "pulseaudio" - ]; - modules-right = [ - "battery" - "clock" - ]; - "pulseaudio" = { - format = "{icon} {volume}%"; - format-muted = ""; - format-icons.default = [ - "" - "" - ]; - on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; - }; - "clock" = { - interval = 1; - format = "{:%F %T}"; - }; - "battery" = { - interval = 1; - bat-compatibility = true; - }; - } - ]; - style = # css - '' - window#waybar { - background-color: rgba(0, 0, 0, 0); - } - - #pulseaudio, - #battery, - #clock { - padding-top: 5px; - padding-bottom: 5px; - padding-right: 5px; - color: #ffffff; - } - ''; - }; - hyprlock = { - enable = true; - settings = { - general.hide_cursor = true; - general.ignore_empty_input = true; - background.blur_passes = 5; - background.blur_size = 5; - label = { - text = ''hi, $USER.''; - font_size = 32; - position = "0, 0"; - halign = "center"; - valign = "center"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - input-field = { - placeholder_text = ""; - fade_on_empty = true; - size = "200, 45"; - position = "0, -5%"; - halign = "center"; - valign = "center"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - }; - }; - }; - }; -} diff --git a/nix/homes/rafiq/desktop/wallpaper.png b/nix/homes/rafiq/desktop/wallpaper.png deleted file mode 100644 index cabd21f..0000000 Binary files a/nix/homes/rafiq/desktop/wallpaper.png and /dev/null differ diff --git a/nix/lib/attrsets.nix b/nix/lib/attrsets.nix deleted file mode 100644 index 1361c2a..0000000 --- a/nix/lib/attrsets.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ lib, ... }: -let - inherit (builtins) attrNames head; - inherit (lib.trivial) pipe; - inherit (lib.attrsets) filterAttrs; -in -{ - flake.lib.attrsets = { - /** - `firstAttrNameMatching pred set` filters an attribute set `set` based on a predicate `pred` - and returns the *first* attribute name that satisfies the predicate. - - # Example - - ```nix - let - mySet = { - a = { value = 1; }; - b = { value = 2; }; - c = { value = 3; }; - }; - - isGreaterThanOne = name: value: value.value > 1; - - result = firstAttrNameMatching isGreaterThanOne mySet; - - in - result - # Output: "b" - ``` - - # Type - - ``` - firstAttrNameMatching :: (String -> Any -> Bool) -> AttrSet -> String - ``` - - # Arguments - - pred - : A function that takes an attribute name and its value and returns a boolean. - - set - : The attribute set to filter. - */ - firstAttrNameMatching = - pred: set: - pipe set [ - (filterAttrs pred) - attrNames - head - ]; - }; -} diff --git a/nix/lib/lists.nix b/nix/lib/lists.nix deleted file mode 100644 index 370362f..0000000 --- a/nix/lib/lists.nix +++ /dev/null @@ -1,13 +0,0 @@ -let - inherit (builtins) length tail; -in -{ - flake.lib.lists = rec { - shortenList = - count: list: - let - len = length list; - in - if len <= count then list else (shortenList count (tail list)); - }; -} diff --git a/nix/lib/modules.nix b/nix/lib/modules.nix deleted file mode 100644 index ba27bfd..0000000 --- a/nix/lib/modules.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) foldl' attrNames; - inherit (lib.attrsets) mapAttrs; -in -{ - flake.lib.modules = { - /** - Fold over the users list and create an attribute set. - - # Inputs - - `f` - - : A function that takes the name of a user and returns an attribute set. - - # Type - - ``` - userListToAttrs :: (String -> AttrSet) -> AttrSet - ``` - - # Examples - :::{.example} - ## `userListToAttrs` usage example - - ```nix - flake.manifest.users.rafiq = { ... }; - flake.modules.homeManager.users = userListToAttrs (name: { - ${name}.home.username = name; - }); - => flake.modules.homeManager.default.users.rafiq.home.username = "rafiq"; - ``` - - ::: - */ - userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); - /** - Return an attribute set for use with a option that needs to be used for all users. - - # Inputs - - `attrset` - - : An attribute set to apply to all the users. - - # Type - - ``` - forAllUsers :: AttrSet -> AttrSet - ``` - - # Examples - :::{.example} - ## `forAllUsers` usage example - - ```nix - flake.manifest.users.rafiq = { ... }; - flake.modules.nixos.default.users = forAllUsers { - isNormalUser = true; - }; - => flake.modules.nixos.default.users.rafiq.isNormalUser = true; - ``` - - ::: - */ - forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; - - /** - Like forAllUsers, but passes in the name and value from the manifest. - - # Inputs - - `f` - - : A function that takes an attribute name and its value, and returns the new value for the attribute. - - # Type - - ``` - forAllUsers' :: (String -> Any -> Any) -> AttrSet - ``` - - # Examples - :::{.example} - ## `forAllUsers'` usage example - - ```nix - flake.manifest.users.rafiq = { ... }; - flake.modules.homeManager.users = forAllUsers' (name: value: { - home.username = name; - }); - => flake.modules.homeManager.default.users.rafiq.home.username = "rafiq"; - ``` - - ::: - */ - forAllUsers' = f: mapAttrs f config.manifest.users; - }; -} diff --git a/nix/lib/options.nix b/nix/lib/options.nix deleted file mode 100644 index 4d0c329..0000000 --- a/nix/lib/options.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ lib, ... }: -let - inherit (lib.options) mkOption; - inherit (lib.types) - str - path - int - port - attrs - ; -in -{ - flake.lib.options = { - mkStrOption = - default: - mkOption { - inherit default; - type = str; - }; - mkAttrOption = - default: - mkOption { - inherit default; - type = attrs; - }; - mkIntOption = - default: - mkOption { - inherit default; - type = int; - }; - mkPortOption = - default: - mkOption { - type = port; - inherit default; - }; - mkPathOption = - default: - mkOption { - type = path; - inherit default; - }; - }; -} diff --git a/nix/lib/services.nix b/nix/lib/services.nix deleted file mode 100644 index 7ec6025..0000000 --- a/nix/lib/services.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, ... }: -let - inherit (builtins) length concatStringsSep; - inherit (lib.options) mkEnableOption; - inherit (lib.strings) splitString; - inherit (lib.lists) singleton; - inherit (lib.modules) mkMerge mkIf; - inherit (cfg.lib.options) mkStrOption mkPortOption mkAttrOption; - inherit (cfg.lib.lists) shortenList; - cfg = config.flake; -in -{ - flake.lib.services = rec { - splitDomain = domain: splitString "." domain; - isRootDomain = domain: length (splitDomain domain) <= 2; - mkRootDomain = domain: concatStringsSep "." (shortenList 2 (splitDomain domain)); - mkWildcardDomain = rootDomain: concatStringsSep "." ((singleton "*") ++ (splitDomain rootDomain)); - mkHost = domain: if isRootDomain domain then domain else mkWildcardDomain (mkRootDomain domain); - mkWebApp = - { - config, - name, - defaultPort, - persistDirs ? [ ], - extraOptions ? { }, - extraConfig ? { }, - }: - let - cfg = config.server.web-apps.${name}; - networkingConfig = - { - config, - cfg, - name, - }: - mkIf (cfg.domain != "") { - assertions = singleton { - assertion = config.server.web-servers.nginx.enable; - message = "You must enable a web server if you want to set server.web-apps.${name}.domain."; - }; - server.ddns.domains = singleton (mkRootDomain cfg.domain); - server.web-servers.nginx.proxies = singleton { - source = cfg.domain; - target = "http://${config.networking.hostName}:${toString cfg.port}"; - }; - }; - - in - { - options.server.web-apps.${name} = { - enable = mkEnableOption ""; - port = mkPortOption defaultPort; - domain = mkStrOption ""; - openFirewall = mkEnableOption ""; - extraCfg = mkAttrOption { }; - } // extraOptions; - - config = mkIf cfg.enable (mkMerge [ - { - inherit persistDirs; - networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; }; - } - (networkingConfig { inherit config cfg name; }) - extraConfig - ]); - }; - - }; -} diff --git a/nix/manifest.nix b/nix/manifest.nix deleted file mode 100644 index 4f4f42f..0000000 --- a/nix/manifest.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ - manifest = { - users.rafiq = { - primary = true; - name = "Mohammad Rafiq"; - email = "rafiq@rrv.sh"; - shell = "fish"; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; - }; - hosts = { - darwin = { - venus = { - graphical = true; - machine.platform = "intel"; - }; - hephaestus = { - graphical = true; - machine.platform = "apple-silicon"; - }; - }; - nixos = { - nemesis = { - graphical = true; - machine = { - platform = "amd"; - gpu = "nvidia"; - root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; - monitors.main = { - id = "desc:OOO AN-270W04K"; - resolution = "3840x2160"; - refresh-rate = "60"; - scale = "2"; - }; - }; - extraCfg = { - machine = { - bluetooth.enable = true; - usb.automount = true; - usb.qmk.enable = true; - virtualisation = { - podman.enable = true; - podman.distrobox.enable = true; - }; - }; - server.web-apps = { - comfy-ui.enable = true; - sd-webui-forge.enable = true; - }; - }; - }; - apollo = { - graphical = false; - machine = { - platform = "intel"; - root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; - }; - extraCfg.server = { - ddns = { - enable = true; - domains = [ - "aenyrathia.wiki" - "slayment.com" - ]; - }; - web-servers = { - enableSSL = true; - nginx = { - enable = true; - proxies = [ - { - source = "aenyrathia.wiki"; - target = "http://helios:5896"; - } - { - source = "il.bwfiq.com"; - target = "http://helios:2283"; - } - ]; - }; - }; - databases = { - mongodb.enable = true; - mysql.enable = true; - postgresql.enable = true; - }; - web-apps = { - librechat = { - enable = true; - domain = "chat.bwfiq.com"; - }; - forgejo = { - enable = true; - domain = "git.rrv.sh"; - openFirewall = true; - }; - rrv-sh.enable = true; - rrv-sh.domain = "rrv.sh"; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/meta.nix b/nix/meta.nix deleted file mode 100644 index 9b93c47..0000000 --- a/nix/meta.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: -let - inherit (lib.options) mkOption; - inherit (lib.types) path lazyAttrsOf raw; - inherit (inputs.flake-parts.lib) mkSubmoduleOptions; - cfg = config.flake; -in -{ - options.flake = mkSubmoduleOptions { - self = mkOption { type = raw; }; - lib = mkOption { - type = lazyAttrsOf raw; - default = { }; - }; - paths = { - root = mkOption { type = path; }; - secrets = mkOption { - type = path; - readOnly = true; - }; - }; - }; - config.flake = { - paths.secrets = cfg.paths.root + "/secrets"; - }; -} diff --git a/nix/modules/cli/git.nix b/nix/modules/cli/git.nix deleted file mode 100644 index 0571ca3..0000000 --- a/nix/modules/cli/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, ... }: -let - inherit (config.manifest) users; -in -{ - flake.modules.homeManager.default = - { config, ... }: - { - home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; - programs.git = { - enable = true; - userName = users.${config.home.username}.name; - userEmail = users.${config.home.username}.email; - signing.key = "~/.ssh/id_ed25519.pub"; - }; - }; -} diff --git a/nix/modules/cli/nix.nix b/nix/modules/cli/nix.nix deleted file mode 100644 index a69b1d6..0000000 --- a/nix/modules/cli/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - flake.modules.nixos.default.nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - flake.modules.darwin.default = { - nix.enable = false; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - }; -} diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix deleted file mode 100644 index ac1617d..0000000 --- a/nix/modules/cli/shell.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.flake; - inherit (config.manifest) users; - inherit (cfg.lib.modules) forAllUsers'; - inherit (lib.attrsets) mapAttrs'; -in -{ - flake.modules = { - nixos.default = - { pkgs, ... }: - { - programs = mapAttrs' (name: value: { - name = value.shell; - value.enable = true; - }) users; - users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); - }; - darwin.default = - { pkgs, ... }: - { - programs = mapAttrs' (name: value: { - name = value.shell; - value.enable = true; - }) users; - users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); - environment.shells = [ pkgs.fish ]; - }; - homeManager.default = - { config, ... }: - { - programs.${users.${config.home.username}.shell}.enable = true; - home.shell.enableShellIntegration = true; - }; - }; -} diff --git a/nix/modules/graphical/default.nix b/nix/modules/graphical/default.nix deleted file mode 100644 index 0ba55ca..0000000 --- a/nix/modules/graphical/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, ... }: -let - inherit (lib.options) mkEnableOption; -in -{ - flake.modules = { - nixos.graphical = { - home-manager.sharedModules = [ { graphical = true; } ]; - services.pipewire = { - enable = true; - pulse.enable = true; - }; - }; - homeManager.default.options.graphical = mkEnableOption ""; - darwin.graphical.home-manager.sharedModules = [ { graphical = true; } ]; - }; -} diff --git a/nix/modules/graphical/stylix.nix b/nix/modules/graphical/stylix.nix deleted file mode 100644 index c347b6a..0000000 --- a/nix/modules/graphical/stylix.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ inputs, ... }: -{ - # needs to be default because the options get - # evaluated even if graphical is set to false - flake.modules.nixos.default = - { pkgs, ... }: - { - imports = [ inputs.stylix.nixosModules.stylix ]; - stylix.enable = true; - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; - }; - flake.modules.darwin.default = - { pkgs, ... }: - { - imports = [ inputs.stylix.darwinModules.stylix ]; - stylix.enable = true; - #TODO: move into manifest - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; - }; -} diff --git a/nix/modules/machine/bootloader.nix b/nix/modules/machine/bootloader.nix deleted file mode 100644 index 2fefe52..0000000 --- a/nix/modules/machine/bootloader.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - flake.modules.nixos.default.boot = { - initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - loader.efi.canTouchEfiVariables = true; - #TODO: disable for mbp? - loader.systemd-boot = { - enable = true; - configurationLimit = 5; - }; - }; -} diff --git a/nix/modules/machine/default.nix b/nix/modules/machine/default.nix deleted file mode 100644 index ce8c615..0000000 --- a/nix/modules/machine/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, ... }: -let - inherit (lib.options) mkEnableOption; - inherit (lib.modules) mkIf mkMerge; -in -{ - flake.modules.nixos.default = - { - config, - modulesPath, - pkgs, - ... - }: - let - cfg = config.machine; - in - { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - options.machine = { - bluetooth.enable = mkEnableOption ""; - usb.automount = mkEnableOption ""; - usb.qmk.enable = mkEnableOption ""; - }; - config = mkMerge [ - (mkIf cfg.usb.automount { - services.udisks2.enable = true; - home-manager.sharedModules = [ - { - services.udiskie = { - enable = true; - automount = true; - notify = true; - }; - } - ]; - }) - (mkIf cfg.usb.qmk.enable { - hardware.keyboard.qmk.enable = true; - services.udev = { - packages = with pkgs; [ - vial - qmk - qmk-udev-rules - qmk_hid - ]; - }; - - }) - (mkIf cfg.bluetooth.enable { - persistDirs = [ "/var/lib/bluetooth" ]; - hardware.bluetooth = { - enable = true; - settings.General.Experimental = true; - }; - }) - ]; - }; -} diff --git a/nix/modules/machine/gpu.nix b/nix/modules/machine/gpu.nix deleted file mode 100644 index 8517036..0000000 --- a/nix/modules/machine/gpu.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - allowedUnfreePackages = [ - "nvidia-x11" - "nvidia-settings" - ]; - flake.modules.nixos.default = - { - config, - pkgs, - hostConfig, - ... - }: - let - inherit (hostConfig.machine) gpu; - in - if gpu == "nvidia" then - { - hardware = { - graphics.enable = true; - graphics.extraPackages = [ pkgs.nvidia-vaapi-driver ]; - nvidia.open = true; - nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; - }; - services.xserver.videoDrivers = [ "nvidia" ]; - environment.variables = { - LIBVA_DRIVER_NAME = "nvidia"; - __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - NVD_BACKEND = "direct"; - }; - nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; - nix.settings.trusted-public-keys = [ - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; - } - else - { }; -} diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix deleted file mode 100644 index 62943b4..0000000 --- a/nix/modules/machine/platform.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - flake.modules.nixos.default = - { hostConfig, ... }: - let - inherit (hostConfig.machine) platform; - arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; - in - { - hardware.cpu.${platform}.updateMicrocode = true; - boot.kernelModules = [ "kvm-${platform}" ]; - nixpkgs.hostPlatform = "${arch}-linux"; - }; - - flake.modules.darwin.default = - { hostConfig, ... }: - let - inherit (hostConfig.machine) platform; - arch = if platform == "intel" then "x86_64" else "aarch64"; - in - { - nixpkgs.hostPlatform = "${arch}-darwin"; - }; -} diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix deleted file mode 100644 index 9c7d4ea..0000000 --- a/nix/modules/machine/root.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ lib, inputs, ... }: -let - inherit (lib.modules) mkMerge mkIf mkAfter; -in -{ - flake.modules.nixos.default = - { hostConfig, ... }: - let - inherit (hostConfig.machine) root; - in - { - imports = [ inputs.disko.nixosModules.disko ]; - config = mkMerge [ - { - # BTRFS - may add more later on - boot.initrd.kernelModules = [ "dm-snapshot" ]; - disko.devices.disk.main = { - device = root.drive; - content.type = "gpt"; - content.partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - swap = { - size = "4G"; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - - disko.devices.lvm_vg.root_vg = { - type = "lvm_vg"; - lvs.root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root".mountpoint = "/"; - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "noatime" - ]; - }; - }; - }; - }; - }; - } - # Ephemeral by default - assumes btrfs - (mkIf root.ephemeral { - boot.initrd.postDeviceCommands = mkAfter '' - mkdir /btrfs_tmp - mount /dev/root_vg/root /btrfs_tmp - - if [[ -e /btrfs_tmp/root ]]; then - btrfs subvolume delete "/btrfs_tmp/root" - fi - ''; - }) - ]; - }; -} diff --git a/nix/modules/machine/virtualisation.nix b/nix/modules/machine/virtualisation.nix deleted file mode 100644 index 81b586e..0000000 --- a/nix/modules/machine/virtualisation.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... }: -let - inherit (lib.modules) mkIf; - inherit (lib.options) mkEnableOption; - inherit (lib.lists) optional; - inherit (config.flake.lib.modules) forAllUsers; -in -{ - flake.modules.nixos.default = - { pkgs, config, ... }: - let - cfg = config.machine.virtualisation; - in - { - options.machine.virtualisation = { - podman.enable = mkEnableOption ""; - podman.distrobox.enable = mkEnableOption ""; - }; - config = mkIf cfg.podman.enable { - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - users.users = forAllUsers { - extraGroups = [ "podman" ]; - autoSubUidGidRange = cfg.podman.distrobox.enable; - }; - home-manager.sharedModules = optional cfg.podman.distrobox.enable { - home.packages = [ pkgs.distrobox ]; - persistDirs = [ ".local/share/containers" ]; - }; - }; - }; -} diff --git a/nix/modules/networking/default.nix b/nix/modules/networking/default.nix deleted file mode 100644 index 435e501..0000000 --- a/nix/modules/networking/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ... }: -let - inherit (lib.modules) mkDefault; -in -{ - flake.modules.nixos.default = - { hostName, ... }: - { - networking = { - inherit hostName; - enableIPv6 = false; - useDHCP = mkDefault true; - networkmanager.enable = true; - }; - }; -} diff --git a/nix/modules/networking/ssh.nix b/nix/modules/networking/ssh.nix deleted file mode 100644 index 2238b7e..0000000 --- a/nix/modules/networking/ssh.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.flake; - inherit (config.manifest) admin; - inherit (lib.modules) mkMerge; - inherit (cfg.lib.modules) forAllUsers'; -in -{ - flake.modules.nixos.default = mkMerge [ - { - services.openssh.enable = true; - users.users = forAllUsers' (_: value: { openssh.authorizedKeys.keys = [ value.pubkey ]; }); - persistFiles = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - } - { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } - ]; - flake.modules.homeManager.default = { - persistDirs = [ ".ssh" ]; - programs.ssh.enable = true; - programs.ssh.extraConfig = '' - Host * - SetEnv TERM=xterm-256color - ''; - }; -} diff --git a/nix/modules/networking/tailscale.nix b/nix/modules/networking/tailscale.nix deleted file mode 100644 index e1ad04c..0000000 --- a/nix/modules/networking/tailscale.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: -let - inherit (config.flake.paths) secrets; -in -{ - flake.modules.nixos.default = - { config, ... }: - { - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/client-secret".path; - authKeyParameters.preauthorized = true; - }; - persistDirs = [ "/var/lib/tailscale" ]; - sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml"; - }; - flake.modules.darwin.default = - { pkgs, ... }: - { - services.tailscale = { - enable = true; - package = pkgs.tailscale.overrideAttrs { doCheck = false; }; - }; - }; -} diff --git a/nix/modules/server/databases.nix b/nix/modules/server/databases.nix deleted file mode 100644 index 2827b9d..0000000 --- a/nix/modules/server/databases.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) toString; - inherit (lib.modules) mkIf mkMerge mkOverride; - inherit (lib.lists) singleton; - inherit (lib.options) mkEnableOption; - inherit (config.flake.lib.options) mkPortOption; -in -{ - allowedUnfreePackages = [ "mongodb" ]; - flake.modules.nixos.default = - { config, pkgs, ... }: - let - cfg = config.server.databases; - in - { - options.server.databases = { - mongodb = { - enable = mkEnableOption "the MongoDB server"; - port = mkPortOption 27017; - }; - mysql = { - enable = mkEnableOption "the MySQL server"; - port = mkPortOption 3306; - }; - postgresql = { - enable = mkEnableOption "the postgresql server"; - port = mkPortOption 5432; - }; - }; - - config = mkMerge [ - (mkIf cfg.postgresql.enable { - networking.firewall.allowedTCPPorts = singleton cfg.postgresql.port; - persistDirs = singleton { - directory = toString config.services.postgresql.dataDir; - user = "postgres"; - group = "postgres"; - }; - services.postgresql = { - enable = true; - enableTCPIP = true; - settings = { inherit (cfg.postgresql) port; }; - authentication = mkOverride 10 '' - #type database DBuser auth-method - local all all trust - - # ipv4 - host all all 0.0.0.0/0 trust - ''; - ensureDatabases = singleton "alphastory"; - ensureUsers = singleton { - name = "alphastory"; - ensureDBOwnership = true; - }; - }; - }) - (mkIf cfg.mongodb.enable { - networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ]; - persistDirs = singleton { - directory = toString config.services.mongodb.dbpath; - user = "mongodb"; - group = "mongodb"; - }; - services.mongodb = { - enable = true; - bind_ip = "0.0.0.0"; - extraConfig = '' - net.port: ${toString cfg.mongodb.port} - ''; - }; - }) - (mkIf cfg.mysql.enable { - networking.firewall.allowedTCPPorts = [ cfg.mysql.port ]; - persistDirs = singleton { - directory = toString config.services.mysql.dataDir; - user = "mysql"; - group = "mysql"; - }; - services.mysql = { - enable = true; - package = pkgs.mariadb; - settings.mysqld = { - inherit (cfg.mysql) port; - }; - }; - }) - ]; - }; -} diff --git a/nix/modules/server/ddns.nix b/nix/modules/server/ddns.nix deleted file mode 100644 index 40a03ea..0000000 --- a/nix/modules/server/ddns.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib, config, ... }: -let - inherit (lib.modules) mkIf; - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.types) enum str listOf; - inherit (lib.lists) unique; - inherit (builtins) map; - inherit (config.flake.paths) secrets; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.ddns; - mkDomain = domain_name: { - inherit domain_name; - sub_domains = [ - "@" - "*" - ]; - }; - in - { - options.server.ddns = { - enable = mkEnableOption ""; - type = mkOption { - type = enum [ "godns" ]; - default = "godns"; - }; - domains = mkOption { - type = listOf str; - default = [ ]; - }; - }; - - config = mkIf cfg.enable { - sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml"; - services.godns = { - enable = if (cfg.type == "godns") then true else false; - loadCredential = [ "cf_token:${config.sops.secrets."keys/cloudflare".path}" ]; - settings = { - provider = "Cloudflare"; - login_token_file = "$CREDENTIALS_DIRECTORY/cf_token"; - # Sanitize the list of domains with unique so we can add to it with every service. - domains = map mkDomain (unique cfg.domains); - resolver = "1.1.1.1"; - ip_urls = [ - "https://wtfismyip.com/text" - "https://api.ipify.org" - "https://myip.biturl.top" - "https://api-ipv4.ip.sb/ip" - ]; - ip_type = "IPv4"; - interval = 300; - }; - }; - }; - }; -} diff --git a/nix/modules/server/web-apps/comfy-ui.nix b/nix/modules/server/web-apps/comfy-ui.nix deleted file mode 100644 index 738e2e5..0000000 --- a/nix/modules/server/web-apps/comfy-ui.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: -let - inherit (lib.lists) singleton; - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - upstreamCfg = config.services.comfyUi; - in - mkWebApp { - inherit config; - name = "comfy-ui"; - defaultPort = 8188; - persistDirs = singleton { - directory = upstreamCfg.dataDir; - inherit (upstreamCfg) user group; - mode = "777"; - }; - extraConfig.services.comfyUi = { - enable = true; - listenHost = "0.0.0.0"; - }; - } - // { - imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ]; - }; -} diff --git a/nix/modules/server/web-apps/forgejo.nix b/nix/modules/server/web-apps/forgejo.nix deleted file mode 100644 index 5beb028..0000000 --- a/nix/modules/server/web-apps/forgejo.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, config, ... }: -let - inherit (lib.lists) singleton optional; - inherit (config.flake.lib.options) mkPortOption; - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-apps.forgejo; - upstreamCfg = config.services.forgejo; - in - mkWebApp { - inherit config; - name = "forgejo"; - defaultPort = 3000; - persistDirs = singleton { - directory = upstreamCfg.stateDir; - inherit (upstreamCfg) user group; - }; - extraOptions = { - sshPort = mkPortOption 2222; - }; - extraConfig = { - networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort; - services.forgejo = { - enable = true; - settings = { - server = { - DOMAIN = cfg.domain; - ROOT_URL = "https://${cfg.domain}/"; - HTTP_PORT = cfg.port; - START_SSH_SERVER = true; - SSH_PORT = cfg.sshPort; - }; - repository = { - USE_COMPAT_SSH_URI = false; - ENABLE_PUSH_CREATE_USER = true; - ENABLE_PUSH_CREATE_ORG = true; - }; - "repository.signing".FORMAT = "ssh"; - }; - }; - }; - }; -} diff --git a/nix/modules/server/web-apps/librechat.nix b/nix/modules/server/web-apps/librechat.nix deleted file mode 100644 index 63d2efa..0000000 --- a/nix/modules/server/web-apps/librechat.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -let - inherit (lib.lists) singleton; - inherit (config.flake.lib.options) mkStrOption; - inherit (config.flake.lib.services) mkWebApp; - inherit (config.flake.paths) secrets; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-apps.librechat; - upstreamCfg = config.services.librechat; - in - mkWebApp { - inherit config; - name = "librechat"; - defaultPort = 3080; - persistDirs = singleton { - directory = upstreamCfg.dataDir; - inherit (upstreamCfg) user group; - }; - extraOptions.mongodbURI = mkStrOption "mongodb://${config.networking.hostName}:27017/LibreChat"; - extraConfig = { - sops.secrets = { - "librechat/creds_key".sopsFile = secrets + "/librechat.yaml"; - "librechat/creds_iv".sopsFile = secrets + "/librechat.yaml"; - "librechat/jwt_secret".sopsFile = secrets + "/librechat.yaml"; - "librechat/jwt_refresh_secret".sopsFile = secrets + "/librechat.yaml"; - "keys/gemini".sopsFile = secrets + "/keys.yaml"; - "keys/openrouter".sopsFile = secrets + "/keys.yaml"; - }; - services.librechat = { - enable = true; - openFirewall = true; - inherit (cfg) port; - env = { - HOST = "0.0.0.0"; - ALLOW_REGISTRATION = "true"; - NO_INDEX = "true"; - MONGO_URI = cfg.mongodbURI; - DOMAIN_CLIENT = cfg.domain; - DOMAIN_SERVER = cfg.domain; - ENDPOINTS = "anthropic,agents,google"; - }; - credentials = { - CREDS_KEY = config.sops.secrets."librechat/creds_key".path; - CREDS_IV = config.sops.secrets."librechat/creds_iv".path; - JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path; - JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path; - OPENROUTER_KEY = config.sops.secrets."keys/openrouter".path; - GOOGLE_KEY = config.sops.secrets."keys/gemini".path; - }; - settings = { - version = "1.1.4"; - cache = true; - endpoints.custom = [ - { - name = "OpenRouter"; - apiKey = "\${OPENROUTER_KEY}"; - baseURL = "https://openrouter.ai/api/v1"; - models.default = [ "meta-llama/llama-3-70b-instruct" ]; - models.fetch = true; - titleConvo = true; - titleModel = "current_model"; - modelDisplayLabel = "OpenRouter"; - } - ]; - interface = { - privacyPolicy = { - externalUrl = "https://librechat.ai/privacy-policy"; - openNewTab = true; - }; - }; - }; - }; - }; - } - // { - imports = singleton "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix"; - }; -} diff --git a/nix/modules/server/web-apps/rrv-sh.nix b/nix/modules/server/web-apps/rrv-sh.nix deleted file mode 100644 index d4c801d..0000000 --- a/nix/modules/server/web-apps/rrv-sh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, inputs, ... }: -let - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-apps.rrv-sh; - in - mkWebApp { - inherit config; - name = "rrv-sh"; - defaultPort = 2309; - extraConfig.services.rrv-sh = { - enable = true; - inherit (cfg) port; - }; - } - // { - imports = [ inputs.rrv-sh.nixosModules.default ]; - }; -} diff --git a/nix/modules/server/web-apps/sd-webui-forge.nix b/nix/modules/server/web-apps/sd-webui-forge.nix deleted file mode 100644 index cf88d86..0000000 --- a/nix/modules/server/web-apps/sd-webui-forge.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -let - inherit (lib.lists) singleton; - inherit (config.flake.lib.services) mkWebApp; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - upstreamCfg = config.services.sd-webui-forge; - in - mkWebApp { - inherit config; - name = "sd-webui-forge"; - defaultPort = 7860; - persistDirs = singleton { - directory = upstreamCfg.dataDir; - inherit (upstreamCfg) user group; - }; - extraConfig.services.sd-webui-forge = { - enable = true; - listen = true; - extraArgs = "--cuda-malloc"; - }; - } - // { - imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ]; - }; -} diff --git a/nix/modules/server/web-servers.nix b/nix/modules/server/web-servers.nix deleted file mode 100644 index 9b0cf75..0000000 --- a/nix/modules/server/web-servers.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) listToAttrs map; - inherit (config.flake.lib.options) mkStrOption mkPathOption; - inherit (config.flake.lib.services) mkRootDomain; - inherit (config.flake.paths) secrets; - inherit (config.manifest.admin) email; - inherit (lib.types) listOf submodule attrs; - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.modules) mkMerge mkIf; - inherit (lib.lists) singleton; -in -{ - flake.modules.nixos.default = - { config, ... }: - let - cfg = config.server.web-servers; - sslCheck = good: bad: if cfg.enableSSL then good else bad; - in - { - options.server.web-servers = { - enableSSL = mkEnableOption ""; - nginx = { - enable = mkEnableOption "the Nginx server"; - openFirewall = mkEnableOption "" // { - default = true; - }; - enableDefaultSink = mkEnableOption "" // { - default = true; - }; - pages = mkOption { - default = [ ]; - type = listOf (submodule { - options = { - domain = mkStrOption ""; - root = mkPathOption ""; - extraConfig = mkOption { - type = attrs; - default = { }; - }; - locations = mkOption { - type = attrs; - default = { }; - }; - }; - }); - }; - proxies = mkOption { - default = [ ]; - type = listOf (submodule { - options = { - source = mkStrOption ""; - target = mkStrOption ""; - extraConfig = mkOption { - type = attrs; - default = { }; - }; - locations = mkOption { - type = attrs; - default = { }; - }; - }; - }); - }; - }; - }; - config = mkMerge [ - (mkIf cfg.enableSSL { - sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml"; - security.acme = { - acceptTerms = true; - defaults = { - inherit email; - dnsProvider = "cloudflare"; - credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path; - }; - certs = { - "rrv.sh".extraDomainNames = singleton "*.rrv.sh"; - "bwfiq.com".extraDomainNames = singleton "*.bwfiq.com"; - "slayment.com".extraDomainNames = singleton "*.slayment.com"; - "aenyrathia.wiki".extraDomainNames = singleton "*.aenyrathia.wiki"; - }; - }; - }) - (mkIf cfg.nginx.enable { - networking.firewall.allowedTCPPorts = mkIf cfg.nginx.openFirewall [ - 443 - 80 - ]; - users.users.nginx.extraGroups = singleton "acme"; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - virtualHosts = mkMerge [ - (mkIf cfg.nginx.enableDefaultSink { - "_" = { - default = true; - rejectSSL = sslCheck true false; - locations."/" = { - return = "444"; - }; - }; - }) - (listToAttrs ( - map (page: { - name = page.domain; - value = { - addSSL = sslCheck true false; - useACMEHost = sslCheck (mkRootDomain page.domain) null; - acmeRoot = null; # needed for DNS validation - locations = { - "/" = { - inherit (page) root; - } // page.extraConfig; - } // page.locations; - }; - }) cfg.nginx.pages - )) - (listToAttrs ( - map (proxy: { - name = proxy.source; - value = { - addSSL = sslCheck true false; - useACMEHost = sslCheck (mkRootDomain proxy.source) null; - acmeRoot = null; # needed for DNS validation - locations = { - "/" = { - proxyPass = proxy.target; - } // proxy.extraConfig; - } // proxy.locations; - }; - }) cfg.nginx.proxies - )) - ]; - }; - }) - ]; - }; -} diff --git a/nix/modules/system/persist.nix b/nix/modules/system/persist.nix deleted file mode 100644 index 917440b..0000000 --- a/nix/modules/system/persist.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -let - inherit (lib.modules) mkIf; - inherit (lib.options) mkOption; - inherit (config.flake.lib.options) mkStrOption; - inherit (lib.types) - listOf - str - coercedTo - submodule - ; - permOpts = { - user = mkStrOption "root"; - group = mkStrOption "root"; - mode = mkStrOption "0755"; - }; - mkOpts = - type: opts: - mkOption { - default = [ ]; - type = listOf ( - coercedTo str (d: { ${type} = d; }) (submodule { - options = { - ${type} = mkStrOption ""; - } // opts; - }) - ); - }; -in -{ - flake.modules.nixos.default = - { config, ... }: - { - imports = [ inputs.impermanence.nixosModules.impermanence ]; - options.persistDirs = mkOpts "directory" permOpts; - options.persistFiles = mkOpts "file" { parentDirectory = permOpts; }; - config = { - programs.fuse.userAllowOther = true; - fileSystems."/persist".neededForBoot = true; - environment.persistence."/persist" = { - hideMounts = true; - directories = config.persistDirs; - files = config.persistFiles; - }; - }; - }; - flake.modules.homeManager.default = - { config, pkgs, ... }: - { - imports = [ inputs.impermanence.homeManagerModules.impermanence ]; - options.persistDirs = mkOpts "directory" { }; - options.persistFiles = mkOpts "file" { }; - config = mkIf (pkgs.system == "x86_64-linux") { - home.persistence."/persist${config.home.homeDirectory}" = { - allowOther = true; - directories = config.persistDirs; - files = config.persistFiles; - }; - }; - }; -} diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix deleted file mode 100644 index e71989d..0000000 --- a/nix/modules/system/secrets.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -let - cfg = config.flake; - inherit (cfg.paths) secrets; - inherit (builtins) readFile; - inherit (lib.meta) getExe; - inherit (lib.strings) trim; - inherit (config.manifest.admin) username pubkey; -in -{ - flake.modules = { - nixos.default = - { config, ... }: - { - imports = [ inputs.sops-nix.nixosModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ - "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" - ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; - }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; - }; - }; - darwin.default = - { config, ... }: - { - imports = [ inputs.sops-nix.darwinModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; - }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; - }; - }; - homeManager.default.persistDirs = [ ".config/sops/age" ]; - }; - perSystem = - { pkgs, ... }: - { - files.files = [ - { - path_ = ".sops.yaml"; - drv = - pkgs.writeText ".sops.yaml" # yaml - '' - keys: - - &${username} ${trim ( - readFile "${ - pkgs.runCommand "" { } '' - mkdir $out; echo ${pubkey} | ${getExe pkgs.ssh-to-age} > $out/agepubkey - '' - }/agepubkey" - )} - creation_rules: - - path_regex: \.(yaml)$ - key_groups: - - age: - - *${username} - ''; - } - ]; - }; -} diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix deleted file mode 100644 index fa7724c..0000000 --- a/nix/modules/system/sudo.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -let - inherit (config.manifest) admin; -in -{ - flake.modules.nixos.default = { - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; - users.users.${admin.username}.extraGroups = [ "wheel" ]; - }; - flake.modules.darwin.default.security = { - sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; - pam.services.sudo_local = { - enable = true; - reattach = true; - touchIdAuth = true; - }; - }; -} diff --git a/nix/modules/system/system.nix b/nix/modules/system/system.nix deleted file mode 100644 index cee1df3..0000000 --- a/nix/modules/system/system.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - flake.modules = { - nixos.default = { - persistFiles = [ "/etc/machine-id" ]; - persistDirs = [ "/var/lib/systemd" ]; - time.timeZone = "Asia/Singapore"; - i18n.defaultLocale = "en_US.UTF-8"; - system.stateVersion = "25.11"; - }; - homeManager.default.home.stateVersion = "25.11"; - darwin.default = - { self, ... }: - { - system.configurationRevision = self.rev or self.dirtyRev or null; - system.stateVersion = 6; - }; - }; -} diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix deleted file mode 100644 index dc80b0b..0000000 --- a/nix/modules/system/users.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.flake; - inherit (config.manifest) users admin; - inherit (cfg.lib.modules) userListToAttrs forAllUsers'; - inherit (lib.lists) findFirstIndex; - inherit (builtins) attrNames; -in -{ - flake.modules.nixos.default = - { config, ... }: - { - persistDirs = [ "/var/lib/nixos" ]; - users = { - mutableUsers = false; - groups.users.gid = 100; - users = forAllUsers' ( - name: _: { - isNormalUser = true; - hashedPasswordFile = config.sops.secrets."${name}/hashedPassword".path; - } - ); - }; - sops.secrets = userListToAttrs (name: { - "${name}/hashedPassword" = { - neededForUsers = true; - sopsFile = cfg.paths.secrets + "/users.yaml"; - }; - }); - home-manager.users = forAllUsers' ( - name: _: { - home.username = name; - home.homeDirectory = config.users.users.${name}.home; - } - ); - }; - flake.modules.darwin.default = - { config, ... }: - { - system.primaryUser = admin.username; - users.knownUsers = attrNames users; - users.users = forAllUsers' ( - name: _: { - home = "/Users/${name}"; - uid = 501 + (findFirstIndex (x: x == name) null (attrNames users)); - } - ); - home-manager.users = forAllUsers' ( - name: _: { - home.username = name; - home.homeDirectory = config.users.users.${name}.home; - } - ); - }; -} diff --git a/nix/modules/unfree-packages.nix b/nix/modules/unfree-packages.nix deleted file mode 100644 index d444024..0000000 --- a/nix/modules/unfree-packages.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, config, ... }: -let - inherit (builtins) elem; - inherit (lib.options) mkOption; - inherit (lib.strings) getName; - inherit (lib.types) listOf str; - predicate = pkg: elem (getName pkg) config.allowedUnfreePackages; -in -{ - options.allowedUnfreePackages = mkOption { - type = listOf str; - default = [ ]; - }; - config.flake.modules = { - nixos.default.nixpkgs.config.allowUnfreePredicate = predicate; - darwin.default.nixpkgs.config.allowUnfreePredicate = predicate; - }; -} diff --git a/nix/homes/rafiq/_scripts/edit.nix b/packages/edit/default.nix similarity index 100% rename from nix/homes/rafiq/_scripts/edit.nix rename to packages/edit/default.nix diff --git a/packages/rebuild/default.nix b/packages/rebuild/default.nix new file mode 100644 index 0000000..adc7bd3 --- /dev/null +++ b/packages/rebuild/default.nix @@ -0,0 +1,81 @@ +{ pkgs, ... }: +pkgs.writeShellScriptBin "rebuild" # sh + '' + TEST_SHELL=false + REMOTE_HOSTS=() + + while [[ $# -gt 0 ]]; do + case "$1" in + --test-shell | -t) + TEST_SHELL=true + shift + ;; + *) + REMOTE_HOSTS+=("$1") + echo ''${REMOTE_HOSTS[@]} + shift + ;; + esac + done + + if [ ! -f "flake.nix" ]; then + echo "Error: flake.nix not found in the current directory. Exiting." + exit 1 # Indicate an error + fi + + git add . + + if [ ''${#REMOTE_HOSTS[@]} -gt 0 ]; then + for host in "''${REMOTE_HOSTS[@]}"; do + echo "Rebuilding $host..." + nixos-rebuild switch --flake .#"$host" --target-host "$host" --use-remote-sudo || { + echo "Error: nixos-rebuild switch failed for $host. Check the output." + exit 1 + } + done + exit 0 + fi + + CURRENT_GENERATION=$(readlink /nix/var/nix/profiles/system | cut -d- -f2) + + if "$TEST_SHELL"; then + nh os test . || { + echo "Error: nixos-rebuild switch failed. Check the output for details." + exit 1 + } + git diff HEAD --color=always --stat --patch + (export PS1="Test shell> " + exec ${pkgs.bash}/bin/bash) || { + ${pkgs.cowsay}/bin/cowsay "You aborted." + exit 1 + } + nh os boot . || { + echo "Error: nixos-rebuild switch failed. Check the output for details." + exit 1 + } + else + git diff HEAD --color=always --stat --patch + nh os switch . || { + exit 1 + } + fi + + NEW_GENERATION=$(readlink /nix/var/nix/profiles/system | cut -d- -f2) + echo "New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION." + if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then + echo "ERROR: New config was not added to bootloader. Exiting..." + exit 1 + else + git commit + + read -p "Reboot the system now? (y/n) [n]: " -n 1 -r + echo # (optional) move to a new line + if [[ $REPLY =~ ^[Yy]$ ]]; then + echo "Rebooting the system..." + sudo systemctl reboot + else + echo "Not rebooting." + exit 0 + fi + fi + '' diff --git a/secrets/keys.yaml b/secrets/keys.yaml deleted file mode 100644 index 93a7ff8..0000000 --- a/secrets/keys.yaml +++ /dev/null @@ -1,19 +0,0 @@ -keys: - cloudflare: ENC[AES256_GCM,data:p2IISOuU/ShoifW5OFY/6Bi6PI0iIiQoBfnV512f2z84U9QS/KEhzA==,iv:5AkwtNAK8mD2DbvXCtTeNeIrpF/GIsSyOYxy8G4Jsqo=,tag:u2xJcRBR5WTMWdzupx4tbQ==,type:str] - gemini: ENC[AES256_GCM,data:GwXVBsQdLesgP6PUZJRrLO5u6jd6XYFv9vjNTsojOwaWlxkDeRos,iv:w6Uz6j/MfpgQdIRYqJCneWqTsA+JEsB/T3cySVY2k3c=,tag:JY+LDar1UzC6qLKLichKnQ==,type:str] - openrouter: ENC[AES256_GCM,data:kRr/f/qlso/SGyZa7J2zeQqbWDZnBoBsUvCEFbWuXpS8ah0qKDANfmX5NsJy3ehjXYOljbHl9WOxQcyriMTE8cyZodp9QySMEQ==,iv:NkWa/Q0AncaDQFo+SZEd3qKDddCxsLPgTi3bYb3SbhQ=,tag:HPTr27cxIV5mx432UMTfXQ==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcTdPWURrK2w1QUZubVZo - VUMrcFFQU0UxdDU3OG9PdEUxcGs2bzZNcmg0Cm03cUlPZkRMK0ZXOTllV3BtZWFp - QXBPRWtOd0xjZC9BdGdmWnVoVGpHR1UKLS0tIEpaVXlSNkhpMVZnTFZWTFVEWTgv - T3VyZXZnaGZaMVBnVko2Tlc2S3FpdDQKRiHCOtkHKugfquQfYkk4o9SMtZlo1CqZ - 3i9+9Z516KS1+ERTklBUzZDBRZISY0c2nluO+tn71wnKAMIxetKryQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-08T20:53:06Z" - mac: ENC[AES256_GCM,data:hcY1uSNp1E6LrQDpEgK8MABDijc0NQg89iEH1duq8rXFlOFG8BWrEDTasoUX3mH8RPBu5DF9YJHv216w1v2RdVz5w32e4GlcpuA8NUjNxBx38cx/GCp9bx0wEapVVf4Er+a8OmCmbp0MUhKvV3Xy5xs/ZlNJ7KppRXX9hZvzW84=,iv:7SirDOpe3ds23+XKQXe7CKnzb4yhQQWhvcARFnL0qRU=,tag:75tXPKJHfrMKYiM+XUI98Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/librechat.yaml b/secrets/librechat.yaml deleted file mode 100644 index d6668cd..0000000 --- a/secrets/librechat.yaml +++ /dev/null @@ -1,20 +0,0 @@ -librechat: - creds_key: ENC[AES256_GCM,data:sELKgqif9ec6VV0Q9OVk8IbUAI5noPtUB1b1WrPvxjDzJODd9YoJHWiH+N0vwORje5LiuzqZ/0Kn/UMdPfy3qw==,iv:SFFW+P0vxy4s6TkaAyCNLLXLIBrdi8oMkm7Q/Vec/yk=,tag:ZNC0vMdyh+S204Qr0itvnw==,type:str] - creds_iv: ENC[AES256_GCM,data:h8RHcW7zt8CnKrYDGxlN/H9Wim4KpLaiFl2E2AK+YJY=,iv:xRctbyBFprN6Y1Lvk08EpzZNXa0owYCph+wqcOAR/Gw=,tag:ZdA0ibjyH1Y6DAd23mfJRQ==,type:str] - jwt_secret: ENC[AES256_GCM,data:mXMi0EenuU1EIZWUyLE3wkVTouJk2QPXIKV38sfwbKfjdc28GgdsaWtunaSpD4uYBrWCv1rXq5qj18ohlAKs/g==,iv:ZWZWgYzVQh+kRN4+EEBFdWc4aWGq5IDtlEVde9mzS7I=,tag:BmWQN9yI92RHJMy/pt8rRg==,type:str] - jwt_refresh_secret: ENC[AES256_GCM,data:iw+/E0wb2Ih1iQOaCCXBN5tj98Z2CdpaJMYOiuoTanjW7bvJXGfVObXKTBTtRs1P4TzCc4qK7mes5Sa6oajBpg==,iv:3mr3PYAjJ3bncATgfSwEyrIM2YioSfSu38NUfDmk6zs=,tag:RIYJ1YBaQVpwAmlo3CKg2Q==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcko2MmowTkpKaDJTdjZE - NVdzbklXZngxaHhrbkhGTXlCNDkzNml4dnlZCjRWOFZCSWRKenZzN0dhYXplVzh0 - OVdaUnRkS2dIYklFS2dwUXVxaElxNkkKLS0tICtxZDV0a2hIaUM2NFBwOGwxcklz - YWJyU0VKRXFxT29TSjR1KzE0ZHJGQncKrX5Sujd617WgFDYA5r63K4ZwoJpP9m8M - xexbGVHAeSyWNjOG7x5A9gYC1/dG3NY2l5xoITn0NKi68ZEfGD/J3w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-08T19:37:50Z" - mac: ENC[AES256_GCM,data:LBkUPMR8D8+IVUugWzK4a51d0lkGJqnG5D9EkHC4aGXcuSpxpxkbUDXWsqK3u1FxxfCnR87ZhD+UGd3OV6Wvsl9/v968eC/3jxuZALnOgUGcTyUayo8qLq1J6HEFUDoUoH2tk/SF0Cn2r34fkcUd1NtRdQX+C0Zsc8Tk0zIRA8U=,iv:aUvg409sogxRBgYzNECW5eH7GsSAsYY9AHWmL0UD6PA=,tag:0pMoXeuF6DLCyIdDVsPmGA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..c1749e0 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,31 @@ +rafiq: + hashedPassword: ENC[AES256_GCM,data:SzzSPg5Ze4H+fVl6ZvAULO9FDfRehusmP6uldT4Ok2/9ZeOp9r4LgjKajoiw2A1DWD1zQ1GQwMCHKpeZjCC4rBUNWW5DMcBUJA==,iv:KktKuqr0JNhjeJIlIgkoAv6mP2dQlfQrXiIOASLPkbw=,tag:g9LarkT6EjDrH+dXSjMwPg==,type:str] +keys: + tailscale: ENC[AES256_GCM,data:sW64TZY/GtWD+8KOQDHYvnwzWiqOlsJ5782utaxVwUaiWa18hU+Ppd3gp/8f0R3rK6gskaPC22iuCuzvuA==,iv:TN2zWKgU6eXH3uaL7Ci2JKmo8Ql4DUSWS3Lxfnag7j4=,tag:s5of4wLdCp6b5VMGWLLxvw==,type:str] + gemini: ENC[AES256_GCM,data:t4XTzJLMbHBG7LNaWMwO0YyYHREYOp4Zn95Kwshunnpwq9ezVv+0,iv:ZHq1ytak7Qy5a/zHghwEIWRinDWAkk2Vxw4iu/Q/UPk=,tag:Wyk0FqLTOWelznWHg/anxg==,type:str] + cvt-jira: ENC[AES256_GCM,data:y9enN905hAxp9F6TPcnYdcnA7VQQjTsysltBn7k9CVtOYUDBX5UKCbO4VEE=,iv:Hy/RshBTSFqEVlHq/fi/UqNdbzBvMaBmXnSHAz0WplY=,tag:bBgB+HJdHRu4bg/f9vq9nw==,type:str] + cloudflare: ENC[AES256_GCM,data:nrtHnQR0Oon9BrSN0AeAjl8H8B7quuwSu/Qjabe9HFpWgcZq9n1JCA==,iv:ovyHqy5iKXDYXe4H7eRA51+kODhP+vAWoc98cS/6zG0=,tag:JyktO6EMRZ00CRhTb03+fg==,type:str] + telegram_bot: ENC[AES256_GCM,data:qGJx1Bph94oU2USjZL4h2NqV5ueCiYIvEbx84Xg687F5//MItLAS58MZdUPSuQ==,iv:WmldN5Je4miamLXCK6Cv17TTGmaBq/lde2czsEgNBi4=,tag:aU27eDE5PbYAniKEXk+MRA==,type:str] +misc: + cvt-jira-link: ENC[AES256_GCM,data:J3XpDV2yjO5DMd5JF2stCBWZntTxenHuj+kXGAOs8oI=,iv:1YqJ6NF24CtA+E8ZB0M/7//xihFggyMMj0k0voaVPa0=,tag:XTZqC4gAy5ld0nFyAqL/Ww==,type:str] +librechat: + creds_key: ENC[AES256_GCM,data:/fzPgZiDnyWZalJUBFpFQ2/anxvbX3XLp18n+x1xfzOMisq52ISB5VJOzi9xaNRNruQEoh/lva9gDbIgNyzduA==,iv:xGgufMc/tPOLCKEb2MnEkxmf0FPpENGW1FcCm15CW6k=,tag:9aR+DndXkCg1sboxTFuygQ==,type:str] + creds_iv: ENC[AES256_GCM,data:fbBD9RsuEHwDETwiYtAS9kBxgTy6zubrxHWpcuoEsR0=,iv:uZcwIfDPPn4XUf8IZkI29VH9CiKvEOlWuUaWgSjl1Kc=,tag:qbgiQU7bWSFjoGEwoptCpg==,type:str] + jwt_secret: ENC[AES256_GCM,data:ZhDNIXrCaRWWfrlPxpBfnmeUluW0z72KGpQv9mGyf1kCCnfx3V2lPMm6QS6biajC+4oPVfgwqcXc4Lvs8OqU9g==,iv:1Ecj8fh+M5kw8cmVD96U6QgE7fNy9cbQV9v2Q305puc=,tag:U1ZglGWdTH1TGfcIIORMHQ==,type:str] + jwt_refresh_secret: ENC[AES256_GCM,data:/4X6h51oRRaOg7UZ/zUcS1L8QyFnhsTYrz8D6R3ZP/tFAEMO/IfYJHHQQ8UtgKjAEwIVYcpIco8lUDhm06folw==,iv:02/LgoiMZ6MzBSd+JAi+iuF3dzqsVyqX6gQfWPY8sIc=,tag:5VrCh7ZKNJD3ynjcyQpVyg==,type:str] + meili_master_key: ENC[AES256_GCM,data:SFBALLqK1Gi5nvh5NyQF6Sr+BQdln4/SUSUGevK04eM=,iv:fElBxrcOCgi3ZO9Jtz2aA6q/S4liHjRpfxSg+LmSu+4=,tag:kx4k2DDm8Kt0KkQl63UMIQ==,type:str] +sops: + age: + - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUDN6TFlTVHdlWCsrWkFn + R1g5UjVLVk1NQzJRRE9NbDZlRVVJUjVvbmlnCk93NFhSRS9vbDUzNVd6Q3RuTEtZ + cFZvY0JML2tDSUZIbkcyVWVWWVFMY0UKLS0tIDlCbmxhUThUaHRGNkgySEp2QTB1 + WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY + M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-29T12:08:02Z" + mac: ENC[AES256_GCM,data:stUFIwqeYA3DV+41Su9xnvee5AzzwT7A2XEBeIEtp+E/LW5UdBd9ZIABglMswezqdT3i4zttBHgampymUQM/J9knUdAsJzEusappH+qnX/XD4LbNWNga+hK5yMWngf79hlI8EVt2IXYKIPmkL3LI6uDJf/+Wd0u/LX6MD3hOgM0=,iv:5JuzuUkoGgm1rBhOvDd4iOWb0X+aJwJwGHh8BQ63wnk=,tag:WNiLCzjOYy5h2Yss4OM5Tw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/tailscale.yaml b/secrets/tailscale.yaml deleted file mode 100644 index 0913120..0000000 --- a/secrets/tailscale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tailscale: - client-secret: ENC[AES256_GCM,data:qAJUDTHxnzhgUtpe/DaH8Vv72jy/DWU/1UKzp2Pg/GtayClZXGFz00bCNKmZJCE7NYHERgr2Ssnhpz90eRCjKg==,iv:aWp2lvIFpUH6OMTkD8V1HNMyxUPxiVA+Il4NvlVKjOA=,tag:OzkdsOKerKiSHzHSkScIQA==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZytHNnlKcWFPVVNpTkxX - cFgxRjFDdWJkMzB2NUk1N2VLSWx3cVpvY20wCkdHbjZ4ZUlHTWp1QUFJVGxaV2cx - K0NlaFdnYlEvektieDJJVkY2cEtmL1UKLS0tIDFHQlM4OEIzaGVvUThCbUJZNTU3 - ZGNJd3NvSCsrdDNFb0VuMDJOU09DVEEKrDnezqYWRuEyS6/WRWq0jMfv4DQ3TS1L - Zic6TBIA3qNEjUlqXKRfq//H3vDRz4dzZCqbbh+5+FXDGBIVLL2DaA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T11:12:16Z" - mac: ENC[AES256_GCM,data:rOuEqjHByaGaYredcMFGds+pB1rIgh0qu245Vt2gVGjjqOJtfEYcuvziVKgvV5yvBVhizcjeFIzCFdQ2KpflvwOLjiOZ594UaZChPGtO5hDc1VY/Gz86t8x6DYuHjWu4S1XOrBWgv2ebD0iBgbjuRNgBEhkWfVS2/7hn1PtqGD0=,iv:ZQ0b7pHG3NM2mwQdSVoGr4WsluIrp+/YUQi6KoMneC0=,tag:5E5bNxdRPQpTRVrQ+qoxfQ==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/secrets/users.yaml b/secrets/users.yaml deleted file mode 100644 index 76fe7e0..0000000 --- a/secrets/users.yaml +++ /dev/null @@ -1,18 +0,0 @@ -rafiq: - password: ENC[AES256_GCM,data:8KAfatz+YSaNozd5VGo=,iv:LNRxt47iBKSWzMZuBHSxv/qDZ2h6JiTIPps7OK/o7uU=,tag:oiSfLyRVswb/wxSTE69QMA==,type:str] - hashedPassword: ENC[AES256_GCM,data:NogYQ3kR1TseC79HIXARrXhIncCnvxzf9zMF2QrUyTmojTffPXRGtMdjNpfMEFj5dkKfZujBL/QTIpPFFTm1py7Dreg5/9VSKQ==,iv:IwfZsrsJbLYG1ELte6aBHUtff6hIQu9rHT5tSvILIGQ=,tag:oav3paDcUY+cl4FJlZa90A==,type:str] -sops: - age: - - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVd09tYkhKUkVjNTBRdld6 - a1RkUnZqdnRqMlFTSGgwUFVCZlRhL0tLTnpVCjNXVjZldzNUOE9DQ0ZGejhWakY2 - TmRIZnpobE0ydDhNSDdJQUp2U3pSTzgKLS0tIDkxU3Fxa2lMUkhZY0g1Wm02T2ZE - UkQwOWZtVXVPSGJiRk1qRHVHYkN2cDgKLiYiA0q5se/oHfGRqvHLn3gRRDfmefEZ - z2U2N1Tjt0QgCfYOOXVfPV9F36a7PpabFva5ElSazawHgvI+Bot6og== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T08:56:26Z" - mac: ENC[AES256_GCM,data:2uGjIMxRgk7uWToQC4MrHpHFAt4bI7sEhaHvPU6Ae3bvRVH/TdJxZtikSPe95LEwReOuBmPajbcM580/d3Jt6VbA7nZzj1JduVscrRkSAFCzZp9Ti/mbOGITPJa6xWSGwVF1wSN3BnHXYIHDcKeSGtUdP7L7nBZr1KXPkok4NCo=,iv:+ELIes7lzb8M6CvOemAcyoq7Rx7L6NkNmHwntJN/RSc=,tag:ubyxO6VllH9cQK3VbvxiGg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/systems/x86_64-linux/apollo/default.nix b/systems/x86_64-linux/apollo/default.nix new file mode 100644 index 0000000..edc391d --- /dev/null +++ b/systems/x86_64-linux/apollo/default.nix @@ -0,0 +1,32 @@ +{ + lib, + ... +}: +{ + system = { + hostname = "apollo"; + mainUser.name = "rafiq"; + mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; + bootloader = "systemd-boot"; + }; + + hardware = { + platform = "intel"; + drives.btrfs = { + enable = true; + drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; + ephemeralRoot = true; + }; + }; + + server = { + enableDDNS = true; + mountHelios = true; + databases.mongodb.enable = true; + databases.mysql.enable = true; + web-apps.librechat.enable = true; + web-servers.nginx.enable = true; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/systems/x86_64-linux/mellinoe/default.nix b/systems/x86_64-linux/mellinoe/default.nix new file mode 100644 index 0000000..6174544 --- /dev/null +++ b/systems/x86_64-linux/mellinoe/default.nix @@ -0,0 +1,41 @@ +{ lib, ... }: +{ + + system = { + hostname = "mellinoe"; + mainUser.name = "rafiq"; + mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; + bootloader = "systemd-boot"; + }; + + hardware = { + drives.btrfs = { + enable = true; + drive = "/dev/disk/by-id/nvme-KBG40ZPZ128G_TOSHIBA_MEMORY_Z0U103PCNCDL"; + ephemeralRoot = true; + }; + platform = "intel"; + }; + + desktop = { + windowManager = "hyprland"; + browser = "firefox"; + terminal = "ghostty"; + lockscreen = "hyprlock"; + notification-daemon = "mako"; + launcher = "fuzzel"; + status-bar = "waybar"; + mainMonitor = { + id = "BOE 0x088B"; + scale = "2"; + resolution = "1920x1280"; + refresh-rate = "60"; + }; + }; + + server = { + mountHelios = true; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/systems/x86_64-linux/nemesis/default.nix b/systems/x86_64-linux/nemesis/default.nix new file mode 100644 index 0000000..5d29299 --- /dev/null +++ b/systems/x86_64-linux/nemesis/default.nix @@ -0,0 +1,48 @@ +{ + lib, + ... +}: +{ + system = { + hostname = "nemesis"; + mainUser.name = "rafiq"; + mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"; + bootloader = "systemd-boot"; + }; + + hardware = { + drives.btrfs = { + enable = true; + drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; + ephemeralRoot = true; + }; + platform = "amd"; + gpu = "nvidia"; + }; + + desktop = { + windowManager = "hyprland"; + browser = "firefox"; + terminal = "ghostty"; + lockscreen = "hyprlock"; + notification-daemon = "mako"; + launcher = "fuzzel"; + status-bar = "waybar"; + mainMonitor = { + id = "desc:OOO AN-270W04K"; + scale = "2"; + resolution = "3840x2160"; + refresh-rate = "60"; + }; + enableSpotifyd = true; + enableSteam = true; + enableVR = true; + enableSunshine = true; + }; + + server = { + mountHelios = true; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}