rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rrvsh:prime
Branches Tags
rrvsh:prime
rrvsh:feat/darwin-parity
rrvsh:rebase/flake-parts
rrvsh:0.2.0
rrvsh:0.1.1
rrvsh:0.1.0
..
compare: rrvsh:0.1.0
Branches Tags
rrvsh:prime
rrvsh:feat/darwin-parity
rrvsh:rebase/flake-parts
rrvsh:0.2.0
rrvsh:0.1.1
rrvsh:0.1.0

No commits in common. "prime" and "0.1.0" have entirely different histories.
prime ... 0.1.0

111 changed files with 924 additions and 3590 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
# gitignore
.pre-commit-config.*

6
.sops.yaml
View file

@ -1,7 +1,7 @@
keys: keys:
- &rafiq age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 - &admin age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
creation_rules: creation_rules:
- path_regex: \.(yaml)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *rafiq - *admin

29
docs/README.md
View file

@ -1,29 +0,0 @@
# Pantheon
This flake serves as a monorepo for my systems (using IaC), dotfiles, and scripts.
It's hosted at https://git.rrv.sh/rrvsh/pantheon, and mirrored to https://github.com/rrvsh/pantheon.
## Structure
The system configurations are defined in [`flake.manifest`](nix/manifest.nix).
`flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey.
`flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations.
`flake.modules.nixos.*` provide NixOS options and configurations.
The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class.
You can use it as seen [here](nix/modules/flake/home-manager.nix):
```nix
flake.modules.nixos.default.imports = [ inputs.home-manager.nixosModules.default ];
```
The other attributes under `flake.modules.nixos` should be opt-in, i.e. provide options that will be set in the profiles.
`flake.profiles.nixos` provides profiles which use the options defined in `flake.modules.nixos` to define different roles for each system, such as graphical, laptop, headless, etc.
Options should not be defined here.
`flake.contracts.nixos.*` will provide contracts, such as reverse proxies or databases, which will configure options on the provider and receiver host.
## Acknowledgements
Thanks to the following for inspiring this configuration. I highly recommend you look through their writings and configurations.
- [ornicar](https://github.com/ornicar/dotfiles) which is where I first heard of NixOS
- [No Boilerplate](https://www.youtube.com/watch?v=CwfKlX3rA6E&pp=0gcJCfwAo7VqN5tD) for making me finally try the OS
- [ryan4yin](https://nixos-and-flakes.thiscute.world/) for being an amazing introduction to NixOS, home-manager, and flakes
- [NotAShelf](https://github.com/NotAShelf/) for their blog and for the wonderful [NVF](https://github.com/notashelf/nvf)
- [mightyiam](https://github.com/mightyiam/infra) for their infrastructure repo using flake-parts
- [drupol](https://not-a-number.io/2025/refactoring-my-infrastructure-as-code-configurations/) for this blog post which convinced me to rebase my infra to use flake-parts

2
docs/cheatsheet.md
View file

@ -1,2 +0,0 @@
# cheatsheet
`__curPos.file` will give the full evaluated path of the nix file it is called in. See [this issue](https://github.com/NixOS/nix/issues/5897#issuecomment-1012165198) for more information.

713
flake.lock generated
View file

@ -1,93 +1,63 @@
{ {
"nodes": { "nodes": {
"base16": { "disko": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "nixpkgs": [
}, "nixpkgs"
"locked": {
"lastModified": 1746562888,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1748408240,
"narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
"dedupe_flake-compat": {
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"dedupe_flake-utils": {
"inputs": {
"systems": [
"systems"
] ]
}, },
"locked": {
"lastModified": 1747621015,
"narHash": "sha256-j0fo1rNxZvmFLMaE945UrbLJZAHTlQmq0/QMgOP4GTs=",
"owner": "nix-community",
"repo": "disko",
"rev": "cec44d77d9dacf0c91d3d51aff128fefabce06ee",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
@ -102,168 +72,40 @@
"type": "github" "type": "github"
} }
}, },
"dedupe_gitignore": { "flake-utils-plus": {
"inputs": { "inputs": {
"nixpkgs": [ "flake-utils": "flake-utils_2"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1709087332, "lastModified": 1715533576,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "hercules-ci", "owner": "gytis-ivaskevicius",
"repo": "gitignore.nix", "repo": "flake-utils-plus",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "gytis-ivaskevicius",
"repo": "gitignore.nix", "repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github" "type": "github"
} }
}, },
"dedupe_mnw": { "flake-utils_2": {
"locked": {
"lastModified": 1748710831,
"narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
"owner": "gerg-l",
"repo": "mnw",
"rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
"type": "github"
},
"original": {
"owner": "gerg-l",
"repo": "mnw",
"type": "github"
}
},
"disko": {
"inputs": { "inputs": {
"nixpkgs": [ "systems": "systems_3"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1751854533, "lastModified": 1694529238,
"narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "nix-community", "owner": "numtide",
"repo": "disko", "repo": "flake-utils",
"rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "numtide",
"repo": "disko", "repo": "flake-utils",
"type": "github"
}
},
"files": {
"locked": {
"lastModified": 1750263550,
"narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=",
"owner": "mightyiam",
"repo": "files",
"rev": "5f4ef1fd1f9012354a9748be093e277675d10f07",
"type": "github"
},
"original": {
"owner": "mightyiam",
"repo": "files",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1748383148,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"dedupe_flake-compat"
],
"gitignore": [
"dedupe_gitignore"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1748186689,
"narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.2",
"repo": "gnome-shell",
"type": "github" "type": "github"
} }
}, },
@ -274,11 +116,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751990210, "lastModified": 1747688838,
"narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=", "narHash": "sha256-FZq4/3OtGV/cti9Vccsy2tGSUrxTO4hkDF9oeGRTen4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "218da00bfa73f2a61682417efe74549416c16ba6", "rev": "45c2985644b60ab64de2a2d93a4d132ecb87cf66",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -302,74 +144,44 @@
"type": "github" "type": "github"
} }
}, },
"import-tree": { "mnw": {
"locked": { "locked": {
"lastModified": 1751399845, "lastModified": 1747499976,
"narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=", "narHash": "sha256-YTiSI4WLbk0CleXeBheYmKZV6iqKyBpyoh1e+vcQzu4=",
"owner": "vic", "owner": "Gerg-L",
"repo": "import-tree", "repo": "mnw",
"rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea", "rev": "72433a144c4ac16931e9148f78db4a0e4c147441",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "vic", "owner": "Gerg-L",
"repo": "import-tree", "repo": "mnw",
"type": "github" "type": "github"
} }
}, },
"make-shell": { "nil": {
"inputs": {
"flake-compat": [
"dedupe_flake-compat"
]
},
"locked": {
"lastModified": 1733933815,
"narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=",
"owner": "nicknovitski",
"repo": "make-shell",
"rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c",
"type": "github"
},
"original": {
"owner": "nicknovitski",
"repo": "make-shell",
"type": "github"
}
},
"manifest": {
"locked": {
"lastModified": 1752588656,
"narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=",
"owner": "rrvsh",
"repo": "manifest",
"rev": "365902fba994f30469298dee0c98a5fc0f41ec38",
"type": "github"
},
"original": {
"owner": "rrvsh",
"repo": "manifest",
"type": "github"
}
},
"nix-darwin": {
"inputs": { "inputs": {
"flake-utils": [
"nvf",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nvf",
"nixpkgs" "nixpkgs"
] ],
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1751313918, "lastModified": 1741118843,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=",
"owner": "nix-darwin", "owner": "oxalica",
"repo": "nix-darwin", "repo": "nil",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "rev": "577d160da311cc7f5042038456a0713e9863d09e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-darwin", "owner": "oxalica",
"ref": "master", "repo": "nil",
"repo": "nix-darwin",
"type": "github" "type": "github"
} }
}, },
@ -380,11 +192,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751774635, "lastModified": 1747540584,
"narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "85686025ba6d18df31cc651a91d5adef63378978", "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -395,11 +207,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1751792365, "lastModified": 1747542820,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -409,53 +221,38 @@
"type": "github" "type": "github"
} }
}, },
"nur": { "nixpkgs-lib": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1752005241, "lastModified": 1743296961,
"narHash": "sha256-+7DH6wh2BYnLRJzYXEbVlA1ZuAR4MxZI/paknbAuzk4=", "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "nixpkgs.lib",
"rev": "a2570fb4d0699fd34ebbbd52e2a763722601f6c6", "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "nixpkgs.lib",
"type": "github" "type": "github"
} }
}, },
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": "flake-parts",
"flake-parts" "flake-utils": "flake-utils",
], "mnw": "mnw",
"flake-utils": [ "nil": "nil",
"dedupe_flake-utils"
],
"mnw": [
"dedupe_mnw"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": [ "systems": "systems_2"
"systems"
]
}, },
"locked": { "locked": {
"lastModified": 1752001027, "lastModified": 1747525582,
"narHash": "sha256-JgP8lW4QBr9v/U4ETaIOMvGCd/DAA1AjZ1lqjIwfWno=", "narHash": "sha256-oEZ6DV4bPcNZIuwW5Kcd+/zT3PMkXse2kX/3jHoomGk=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "c4d80273aaefeadaad96db97d077c647942b0e96", "rev": "d3a0e7029ac57eef1120225973247851c5b967b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -464,93 +261,59 @@
"type": "github" "type": "github"
} }
}, },
"python-flexseal": {
"inputs": {
"flake-utils": [
"stable-diffusion-webui-nix",
"flake-utils"
],
"nixpkgs": [
"stable-diffusion-webui-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1751898758,
"narHash": "sha256-8EmTPdfOymvvHhmHYWiyO3cwZ4gtLo5uBFm3CU5vySo=",
"owner": "Janrupf",
"repo": "python-flexseal",
"rev": "af318e1fd047abbefcc68d0292a4d902179c95fe",
"type": "github"
},
"original": {
"owner": "Janrupf",
"repo": "python-flexseal",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"dedupe_flake-compat": "dedupe_flake-compat",
"dedupe_flake-utils": "dedupe_flake-utils",
"dedupe_gitignore": "dedupe_gitignore",
"dedupe_mnw": "dedupe_mnw",
"disko": "disko", "disko": "disko",
"files": "files",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"import-tree": "import-tree",
"make-shell": "make-shell",
"manifest": "manifest",
"nix-darwin": "nix-darwin",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur",
"nvf": "nvf", "nvf": "nvf",
"rrv-sh": "rrv-sh", "snowfall-lib": "snowfall-lib",
"rrvsh-nixpkgs": "rrvsh-nixpkgs", "sops-nix": "sops-nix"
"sops-nix": "sops-nix",
"stable-diffusion-webui-nix": "stable-diffusion-webui-nix",
"stylix": "stylix",
"systems": "systems",
"text": "text"
} }
}, },
"rrv-sh": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [
"nvf",
"nil",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741055476,
"narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "aefb7017d710f150970299685e8d8b549d653649",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1751721838, "lastModified": 1736130495,
"narHash": "sha256-702c0fbgpUuEuQsduGJ9I5bSrCLYEG88SPuZXcSQqTs=", "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=",
"owner": "rrvsh", "owner": "snowfallorg",
"repo": "rrv.sh", "repo": "lib",
"rev": "e00c1c2607b55f43ef74b5f555f62838f4fe5963", "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "rrvsh", "owner": "snowfallorg",
"repo": "rrv.sh", "repo": "lib",
"type": "github"
}
},
"rrvsh-nixpkgs": {
"locked": {
"lastModified": 1750146550,
"narHash": "sha256-vFNbONVWIdYBqlKZoJScDRjnQ/euDmVqgCL2ebnsu7U=",
"owner": "rrvsh",
"repo": "nixpkgs",
"rev": "d7fa95990fd890bbd17ca8361f5d4e4935512c75",
"type": "github"
},
"original": {
"owner": "rrvsh",
"ref": "librechat-module",
"repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
@ -561,11 +324,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751606940, "lastModified": 1747603214,
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -574,70 +337,6 @@
"type": "github" "type": "github"
} }
}, },
"stable-diffusion-webui-nix": {
"inputs": {
"flake-utils": [
"dedupe_flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"python-flexseal": "python-flexseal"
},
"locked": {
"lastModified": 1751899247,
"narHash": "sha256-bh6xwc24Rv0YE4grKXvj+kmXmydns+OrlWn4WLnJSY4=",
"owner": "janrupf",
"repo": "stable-diffusion-webui-nix",
"rev": "d5ba5dccd190b0ded17f9c4a23dc7665c6dc2eae",
"type": "github"
},
"original": {
"owner": "janrupf",
"repo": "stable-diffusion-webui-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": [
"flake-parts"
],
"gnome-shell": "gnome-shell",
"nixpkgs": [
"nixpkgs"
],
"nur": [
"nur"
],
"systems": [
"systems"
],
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1751995939,
"narHash": "sha256-C5CSTv+b8XSbqJwqTP8SGkZEK3YCCJnmvRbg209ql5w=",
"owner": "nix-community",
"repo": "stylix",
"rev": "8f3259dbc57c8ee871492fde80f77468826bbd63",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "stylix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -653,99 +352,33 @@
"type": "github" "type": "github"
} }
}, },
"text": { "systems_2": {
"locked": { "locked": {
"lastModified": 1751819711, "lastModified": 1681028828,
"narHash": "sha256-Emci++Hknzr2FEZRUbRDD7prI5JwwGsACO/GaU9Pmxg=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "rrvsh", "owner": "nix-systems",
"repo": "text.nix", "repo": "default",
"rev": "00ba1e616ef3b761a52d5f7ac32892715cc4bcd1", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "rrvsh", "owner": "nix-systems",
"repo": "text.nix", "repo": "default",
"type": "github" "type": "github"
} }
}, },
"tinted-foot": { "systems_3": {
"flake": false,
"locked": { "locked": {
"lastModified": 1726913040, "lastModified": 1681028828,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "tinted-theming", "owner": "nix-systems",
"repo": "tinted-foot", "repo": "default",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "nix-systems",
"repo": "tinted-foot", "repo": "default",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1748180480,
"narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1748740859,
"narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "57d5f9683ff9a3b590643beeaf0364da819aedda",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github" "type": "github"
} }
} }

155
flake.nix
View file

@ -1,134 +1,39 @@
{ {
outputs =
{ self, ... }@inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } (
(inputs.import-tree ./nix)
// {
systems = import inputs.systems;
flake = {
inherit self;
paths.root = ./.;
};
}
);
inputs = { inputs = {
### SYSTEM ###
# systems provides a list of supported nix systems.
systems.url = "github:nix-systems/default";
# nixos-unstable provides a binary cache for all packages.
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# My fork for random shit disko.url = "github:nix-community/disko";
rrvsh-nixpkgs.url = "github:rrvsh/nixpkgs/librechat-module"; disko.inputs.nixpkgs.follows = "nixpkgs";
# home-manager manages our user packages and dotfiles snowfall-lib.url = "github:snowfallorg/lib";
home-manager = { snowfall-lib.inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# nix darwin provides declarative mac configuration
nix-darwin = {
url = "github:nix-darwin/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# the nix user repository for mainly firefox extensions
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
};
# impermanence provides a nice abstraction over linking files from /persist
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
# flake-parts lets us define flake modules. home-manager.url = "github:nix-community/home-manager";
flake-parts = { home-manager.inputs.nixpkgs.follows = "nixpkgs";
url = "github:hercules-ci/flake-parts"; nix-index-database.url = "github:nix-community/nix-index-database";
inputs.nixpkgs-lib.follows = "nixpkgs"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
}; sops-nix.url = "github:Mic92/sops-nix";
# disko provides declarative drive partitioning sops-nix.inputs.nixpkgs.follows = "nixpkgs";
disko = { nvf.url = "github:notashelf/nvf";
url = "github:nix-community/disko"; nvf.inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
# sops-nix lets us version control secrets like passwords and api keys
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:nix-community/stylix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
systems.follows = "systems";
nur.follows = "nur";
};
}; };
### FLAKE PARTS MODULES ### outputs =
inputs:
# import-tree imports all nix files in a given directory. inputs.snowfall-lib.mkFlake {
import-tree.url = "github:vic/import-tree"; inherit inputs;
# files lets us write text files and automatically add checks for them src = ./.;
files.url = "github:mightyiam/files"; snowfall.namespace = "pantheon";
# text.nix lets us easily define markdown text to pass to files systems.modules.nixos = with inputs; [
text.url = "github:rrvsh/text.nix"; disko.nixosModules.disko
# manifest lets us define all hosts in one file impermanence.nixosModules.impermanence
manifest.url = "github:rrvsh/manifest"; sops-nix.nixosModules.sops
# make-shells.<name> creates devShells and checks ];
make-shell = { homes.modules = with inputs; [
url = "github:nicknovitski/make-shell"; impermanence.homeManagerModules.impermanence
inputs.flake-compat.follows = "dedupe_flake-compat"; nix-index-database.hmModules.nix-index
}; nvf.homeManagerModules.default
# git-hooks ensures nix flake check is ran before commits ];
git-hooks = { outputs-builder = channels: {
url = "github:cachix/git-hooks.nix"; formatter = channels.nixpkgs.nixfmt-rfc-style;
inputs = {
flake-compat.follows = "dedupe_flake-compat";
nixpkgs.follows = "nixpkgs";
gitignore.follows = "dedupe_gitignore";
};
};
### FLAKES ###
# nix-index-database indexes the nixpkgs binaries for use with comma
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
# nvf provides modules to wrap neovim
nvf = {
url = "github:notashelf/nvf";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
systems.follows = "systems";
flake-utils.follows = "dedupe_flake-utils";
mnw.follows = "dedupe_mnw";
};
};
# provides comfy ui and sdwebui services
stable-diffusion-webui-nix = {
url = "github:janrupf/stable-diffusion-webui-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "dedupe_flake-utils";
};
# my website :)
rrv-sh = {
url = "github:rrvsh/rrv.sh";
inputs.nixpkgs.follows = "nixpkgs";
};
### DEDUPE ###
dedupe_flake-compat.url = "github:edolstra/flake-compat";
dedupe_flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
dedupe_mnw.url = "github:gerg-l/mnw";
dedupe_gitignore = {
url = "github:hercules-ci/gitignore.nix";
inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
} }

37
homes/x86_64-linux/rafiq/default.nix Normal file
View file

@ -0,0 +1,37 @@
{
pkgs,
...
}:
{
cli.shell = "zsh";
cli.editor = "nvf";
cli.file-browser = "yazi";
cli.git.name = "Mohammad Rafiq";
cli.git.email = "rafiq@rrv.sh";
cli.git.defaultBranch = "prime";
desktop.windowManager = "hyprland";
desktop.browser = "firefox";
desktop.terminal = "kitty";
home.shellAliases = {
v = "nvim";
edit = "nvim $(fzf)";
};
home.packages = with pkgs; [
ripgrep
fzf
devenv
pantheon.rebuild
];
home.persistence."/persist/home/rafiq".directories = [
"repos"
];
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

7
lib/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }:
{
mkStrOption = lib.mkOption {
type = lib.types.str;
default = "";
};
}

30
modules/home/cli/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
...
}:
{
options.cli = {
shell = lib.pantheon.mkStrOption;
editor = lib.pantheon.mkStrOption;
file-browser = lib.pantheon.mkStrOption;
git = {
name = lib.pantheon.mkStrOption;
email = lib.pantheon.mkStrOption;
defaultBranch = lib.pantheon.mkStrOption;
};
};
config = lib.mkMerge [
{
programs.zoxide.enable = true;
home.persistence."/persist/home/${config.snowfallorg.user.name}".directories = [
"./local/share/zoxide"
];
}
{
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
}
];
}

6
modules/home/cli/editor/nvf/autocomplete.nix Normal file
View file

@ -0,0 +1,6 @@
{
blink-cmp = {
enable = true;
setupOpts.signature.enabled = true;
};
}

23
modules/home/cli/editor/nvf/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.cli.editor == "nvf") {
home.sessionVariables.EDITOR = "nvim";
programs.nvf = {
enable = true;
settings.vim = {
keymaps = import ./keymaps.nix;
lsp = import ./lsp.nix;
languages = import ./languages.nix;
autocomplete = import ./autocomplete.nix;
utility.yazi-nvim = {
enable = true;
mappings = {
openYazi = "t";
openYaziDir = "T";
};
setupOpts.open_for_directories = true;
};
};
};
};
}

9
modules/home/cli/editor/nvf/keymaps.nix Normal file
View file

@ -0,0 +1,9 @@
[
{
desc = "Open the file path under the cursor, making the file if it doesn't exist.";
key = "gf";
mode = "n";
action = ":cd %:p:h<CR>:e <cfile><CR>";
silent = true;
}
]

8
modules/home/cli/editor/nvf/languages.nix Normal file
View file

@ -0,0 +1,8 @@
{
enableExtraDiagnostics = true;
enableFormat = true;
enableTreesitter = true;
nix.enable = true;
nix.format.type = "nixfmt";
nix.lsp.server = "nixd";
}

9
modules/home/cli/editor/nvf/lsp.nix Normal file
View file

@ -0,0 +1,9 @@
{
enable = true;
formatOnSave = true;
inlayHints.enable = true;
lightbulb.enable = true;
lspkind.enable = true;
null-ls.enable = true;
otter-nvim.enable = true;
}

5
modules/home/cli/file-browser/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./yazi.nix
];
}

10
modules/home/cli/file-browser/yazi.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.cli.file-browser == "yazi") {
home.sessionVariables.FILE_BROWSER = "yazi";
programs.yazi = {
enable = true;
shellWrapperName = "t";
};
};
}

15
modules/home/cli/shell/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.cli.shell == "zsh") {
home.sessionVariables.SHELL = "zsh";
programs.zsh = {
enable = true;
enableVteIntegration = true;
syntaxHighlighting.enable = true;
history.share = true;
history.size = 10000;
history.ignoreDups = true;
history.ignoreSpace = true;
};
};
}

3
modules/home/cli/utilities/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
imports = [ ./git.nix ];
}

10
nix/homes/rafiq/git.nix → modules/home/cli/utilities/git.nix
View file

@ -1,18 +1,22 @@
{ config, ... }:
{ {
flake.modules.homeManager.rafiq = { config = {
home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
home.shellAliases = { home.shellAliases = {
gs = "git status"; gs = "git status";
gc = "git commit"; gc = "git commit";
gcam = "git commit -am"; gcam = "git commit -am";
gu = "git push"; gu = "git push";
gy = "git pull"; gy = "git pull";
gdh = "git diff HEAD";
}; };
programs.git = { programs.git = {
enable = true; enable = true;
userName = config.cli.git.name;
userEmail = config.cli.git.email;
signing.key = "~/.ssh/id_ed25519.pub";
signing.signByDefault = true; signing.signByDefault = true;
extraConfig = { extraConfig = {
init.defaultBranch = "prime"; init.defaultBranch = config.cli.git.defaultBranch;
push.autoSetupRemote = true; push.autoSetupRemote = true;
pull.rebase = false; pull.rebase = false;
core.editor = "$EDITOR"; core.editor = "$EDITOR";

12
modules/home/desktop/browser/firefox/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.desktop.browser == "firefox") {
home.persistence."/persist/home/rafiq".directories = [ ".mozilla/firefox" ];
home.sessionVariables.BROWSER = "firefox";
programs.firefox = {
enable = true;
profiles.rafiq.id = 0;
profiles.test.id = 1;
};
};
}

22
modules/home/desktop/default.nix Normal file
View file

@ -0,0 +1,22 @@
{
config,
lib,
osConfig,
...
}:
{
options.desktop = {
windowManager = lib.pantheon.mkStrOption;
browser = lib.pantheon.mkStrOption;
terminal = lib.pantheon.mkStrOption;
};
config = {
assertions = [
{
assertion = (osConfig.desktop.windowManager == config.desktop.windowManager);
message = "You have set your home window manager to one that is not installed on this system.";
}
];
};
}

14
modules/home/desktop/terminal/default.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
(lib.mkIf (config.desktop.terminal == "kitty") {
home.packages = with pkgs; [ kitty ];
home.sessionVariables.TERMINAL = "kitty";
})
];
}

61
modules/home/desktop/windowManager/hyprland/default.nix Normal file
View file

@ -0,0 +1,61 @@
{
config,
lib,
osConfig,
...
}:
let
mainMonitor = osConfig.desktop.mainMonitor;
in
{
imports = [
];
config = lib.mkIf (config.desktop.windowManager == "hyprland") (
lib.mkMerge [
{
xdg.configFile."uwsm/env".text = # sh
''
'';
wayland.windowManager.hyprland = {
enable = true;
systemd.enable = false;
settings = {
ecosystem.no_update_news = true;
"$hypr" = "CTRL_SUPER_ALT_SHIFT";
monitor = [
"${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}"
", preferred, auto, 1"
];
bind = [
"$hypr, Q, exec, uwsm stop"
"SUPER, W, killactive"
"SUPER, return, exec, uwsm app -- $TERMINAL"
"SUPER, O, exec, uwsm app -- $BROWSER"
"SUPER, H, cyclenext, visible"
"SUPER, L, cyclenext, visible prev"
"SUPER_ALT, H, movewindow, l"
"SUPER_ALT, J, movewindow, d"
"SUPER_ALT, K, movewindow, u"
"SUPER_ALT, L, movewindow, r"
"ALT_SHIFT, H, resizeactive, -10% 0"
"ALT_SHIFT, J, resizeactive, 0 -10%"
"ALT_SHIFT, K, resizeactive, 0 10%"
"ALT_SHIFT, L, resizeactive, 10% 0"
"SUPER_CTRL, H, workspace, r-1"
"SUPER_CTRL, L, workspace, r+1"
"$hypr, H, movetoworkspace, r-1"
"$hypr, L, movetoworkspace, r+1"
];
};
};
}
]
);
}

12
modules/home/system/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, ... }:
{
home.persistence."/persist/home/${config.snowfallorg.user.name}" = {
directories = [
".ssh"
".config/sops/age"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

19
modules/nixos/cli/default.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.cli = { };
config = lib.mkMerge [
{
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ]; # enables completion
}
];
}

16
modules/nixos/desktop/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, ... }:
{
imports = [
./windowManager.nix
];
options.desktop = {
mainMonitor = {
id = lib.pantheon.mkStrOption;
scale = lib.pantheon.mkStrOption;
resolution = lib.pantheon.mkStrOption;
refresh-rate = lib.pantheon.mkStrOption;
};
windowManager = lib.pantheon.mkStrOption;
};
}

23
modules/nixos/desktop/windowManager.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, lib, ... }:
{
config = lib.mkMerge [
(lib.mkIf (config.desktop.windowManager == "hyprland") {
environment.loginShellInit = # sh
''
if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then
if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop
fi
fi
'';
environment.variables = {
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NIXOS_OZONE_WL = "1";
};
programs.hyprland = {
enable = true;
withUWSM = true;
};
})
];
}

9
modules/nixos/hardware/audio.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }:
{
config = {
services.pipewire = {
enable = true;
pulse.enable = true;
};
};
}

89
modules/nixos/hardware/btrfs.nix Normal file
View file

@ -0,0 +1,89 @@
{ lib, config, ... }:
let
cfg = config.hardware.drives.btrfs;
in
{
config = lib.mkIf (cfg.enable) (
lib.mkMerge [
{
boot.initrd.kernelModules = [ "dm-snapshot" ];
disko.devices.disk.main = {
device = cfg.drive;
type = "disk";
content.type = "gpt";
content.partitions = {
boot.name = "boot";
boot.size = "1M";
boot.type = "EF02";
esp.name = "ESP";
esp.size = "500M";
esp.type = "EF00";
esp.content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
swap.size = "4G";
swap.content = {
type = "swap";
resumeDevice = true;
};
root.name = "root";
root.size = "100%";
root.content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
disko.devices.lvm_vg.root_vg = {
type = "lvm_vg";
lvs.root.size = "100%FREE";
lvs.root.content.type = "btrfs";
lvs.root.content.extraArgs = [ "-f" ];
lvs.root.content.subvolumes = {
"/root".mountpoint = "/";
"/persist".mountpoint = "/persist";
"/persist".mountOptions = [
"subvol=persist"
"noatime"
];
"/nix".mountpoint = "/nix";
"/nix".mountOptions = [
"subvol=nix"
"noatime"
];
};
};
}
(lib.mkIf (cfg.ephemeralRoot) {
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
programs.fuse.userAllowOther = true;
})
]
);
}

9
modules/nixos/hardware/cpu.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, ... }:
{
config = lib.mkMerge [
(lib.mkIf (config.hardware.platform == "amd") {
hardware.cpu.amd.updateMicrocode = true;
boot.kernelModules = [ "kvm-amd" ];
})
];
}

28
modules/nixos/hardware/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ lib, ... }:
{
imports = [
./btrfs.nix
./nvidia.nix
./audio.nix
./cpu.nix
./networking.nix
];
options.hardware = {
drives.btrfs = {
enable = lib.mkEnableOption "";
drive = lib.pantheon.mkStrOption;
ephemeralRoot = lib.mkEnableOption "";
};
gpu = lib.pantheon.mkStrOption;
platform = lib.pantheon.mkStrOption;
};
config = {
services.fwupd.enable = true;
hardware.bluetooth = {
enable = true;
settings.General.Experimental = true;
};
};
}

24
modules/nixos/hardware/networking.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
{
config = lib.mkMerge [
{
networking.useDHCP = lib.mkDefault true;
networking.hostName = config.system.hostname;
networking.networkmanager.enable = true;
services.openssh = {
enable = true;
settings = {
PrintMotd = true;
};
};
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."keys/tailscale".path;
};
environment.persistence."/persist".files = [ "/var/lib/tailscale/tailscaled.state" ];
}
];
}

28
modules/nixos/hardware/nvidia.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
config,
pkgs,
...
}:
{
config = lib.mkIf (config.hardware.gpu == "nvidia") (
lib.mkMerge [
{
#TODO: Setup CUDA
hardware.graphics.enable = true;
hardware.graphics.extraPackages = with pkgs; [
nvidia-vaapi-driver
];
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.open = true;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
nixpkgs.config.allowUnfree = true;
environment.variables = {
LIBVA_DRIVER_NAME = "nvidia";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
NVD_BACKEND = "direct";
};
}
]
);
}

19
modules/nixos/system/boot.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
{
config = lib.mkMerge [
{
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.loader.efi.canTouchEfiVariables = true;
}
(lib.mkIf (config.system.bootloader == "systemd-boot") {
boot.loader.systemd-boot.enable = true;
})
];
}

21
modules/nixos/system/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
{
imports = [
./boot.nix
./users.nix
./localisation.nix
./nix-config.nix
./secrets.nix
];
options.system = {
hostname = lib.pantheon.mkStrOption;
mainUser.name = lib.pantheon.mkStrOption;
mainUser.publicKey = lib.pantheon.mkStrOption;
bootloader = lib.pantheon.mkStrOption;
};
config = {
system.stateVersion = "25.05"; # Did you read the comment?
};
}

9
modules/nixos/system/localisation.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, ... }:
{
config = lib.mkMerge [
{
time.timeZone = "Asia/Singapore";
i18n.defaultLocale = "en_US.UTF-8";
}
];
}

16
modules/nixos/system/nix-config.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, ... }:
{
config = {
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
trusted-users = [ "@wheel" ];
};
};
}

11
modules/nixos/system/secrets.nix Normal file
View file

@ -0,0 +1,11 @@
{ lib, ... }:
{
sops = {
defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
age.sshKeyPaths = [ "/persist/home/rafiq/.ssh/id_ed25519" ];
secrets = {
"keys/tailscale" = { };
"rafiq/hashedPassword".neededForUsers = true;
};
};
}

26
modules/nixos/system/users.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
lib,
...
}:
{
config = lib.mkMerge [
{
users.mutableUsers = false;
users.groups.users = {
gid = 100;
members = [ "${config.system.mainUser.name}" ];
};
users.users."${config.system.mainUser.name}" = {
linger = true;
uid = 1000;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets."${config.system.mainUser.name}/hashedPassword".path;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.system.mainUser.publicKey ];
};
services.getty.autologinUser = config.system.mainUser.name;
security.sudo.wheelNeedsPassword = false;
}
];
}

62
nix/configurations.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) nixosSystem;
inherit (inputs.nix-darwin.lib) darwinSystem;
inherit (lib.lists) optional;
inherit (lib.attrsets) mapAttrs;
inherit (cfg.lib.modules) forAllUsers';
inherit (config.manifest) hosts;
cfg = config.flake;
globalCfg = hostName: hostConfig: {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit hostName hostConfig; };
sharedModules = [ cfg.modules.homeManager.default ];
users = forAllUsers' (name: _: cfg.modules.homeManager.${name});
};
mkConfigurations =
class: hosts:
mapAttrs (
name: value:
if class == "nixos" then
nixosSystem {
specialArgs = {
inherit (config.flake) self;
hostName = name;
hostConfig = value;
};
modules = [
cfg.modules.nixos.default
inputs.home-manager.nixosModules.home-manager
{ home-manager = globalCfg name value; }
(value.extraCfg or { })
] ++ optional value.graphical cfg.modules.nixos.graphical;
}
else if class == "darwin" then
darwinSystem {
specialArgs = {
inherit (config.flake) self;
hostName = name;
hostConfig = value;
};
modules = [
cfg.modules.darwin.default
inputs.home-manager.darwinModules.home-manager
{ home-manager = globalCfg name value; }
(value.extraCfg or { })
] ++ optional value.graphical cfg.modules.darwin.graphical;
}
else
{ }
) hosts;
in
{
imports = [ inputs.home-manager.flakeModules.home-manager ];
flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos;
flake.darwinConfigurations = mkConfigurations "darwin" hosts.darwin;
}

18
nix/files/cheatsheet.nix
View file

@ -1,18 +0,0 @@
{ lib, config, ... }:
let
inherit (builtins) concatStringsSep;
inherit (lib.lists) singleton;
in
{
text.cheatsheet = concatStringsSep "\n" [
"`__curPos.file` will give the full evaluated path of the nix file it is called in. See [this issue](https://github.com/NixOS/nix/issues/5897#issuecomment-1012165198) for more information."
];
perSystem =
{ pkgs, ... }:
{
files.files = singleton {
path_ = "docs/cheatsheet.md";
drv = pkgs.writeText "cheatsheet.md" config.text.cheatsheet;
};
};
}

13
nix/files/gitignore.nix
View file

@ -1,13 +0,0 @@
{ config, ... }:
{
perSystem =
{ pkgs, ... }:
{
files.files = [
{
path_ = ".gitignore";
drv = pkgs.writeText ".gitignore" config.text.gitignore;
}
];
};
}

54
nix/files/readme.nix
View file

@ -1,54 +0,0 @@
{ config, ... }:
{
text.readme = {
heading = "Pantheon";
description = # markdown
''
This flake serves as a monorepo for my systems (using IaC), dotfiles, and scripts.
It's hosted at https://git.rrv.sh/rrvsh/pantheon, and mirrored to https://github.com/rrvsh/pantheon.
'';
order = [
"Structure"
"Acknowledgements"
];
parts."Acknowledgements" = # markdown
''
Thanks to the following for inspiring this configuration. I highly recommend you look through their writings and configurations.
- [ornicar](https://github.com/ornicar/dotfiles) which is where I first heard of NixOS
- [No Boilerplate](https://www.youtube.com/watch?v=CwfKlX3rA6E&pp=0gcJCfwAo7VqN5tD) for making me finally try the OS
- [ryan4yin](https://nixos-and-flakes.thiscute.world/) for being an amazing introduction to NixOS, home-manager, and flakes
- [NotAShelf](https://github.com/NotAShelf/) for their blog and for the wonderful [NVF](https://github.com/notashelf/nvf)
- [mightyiam](https://github.com/mightyiam/infra) for their infrastructure repo using flake-parts
- [drupol](https://not-a-number.io/2025/refactoring-my-infrastructure-as-code-configurations/) for this blog post which convinced me to rebase my infra to use flake-parts
'';
parts."Structure" = # markdown
''
The system configurations are defined in [`flake.manifest`](nix/manifest.nix).
`manifest.owner` provides the attributes for the administrator user, including username and pubkey.
`manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations.
`flake.modules.nixos.*` provide NixOS options and configurations.
The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class.
You can use it as seen [here](nix/modules/flake/home-manager.nix):
```nix
flake.modules.nixos.default.imports = [ inputs.home-manager.nixosModules.default ];
```
The other attributes under `flake.modules.nixos` should be opt-in, i.e. provide options that will be set in the profiles.
`flake.profiles.nixos` provides profiles which use the options defined in `flake.modules.nixos` to define different roles for each system, such as graphical, laptop, headless, etc.
Options should not be defined here.
`flake.contracts.nixos.*` will provide contracts, such as reverse proxies or databases, which will configure options on the provider and receiver host.
'';
};
perSystem =
{ pkgs, ... }:
{
files.files = [
{
path_ = "docs/README.md";
drv = pkgs.writeText "README.md" config.text.readme;
}
];
};
}

28
nix/flake-parts/files.nix
View file

@ -1,28 +0,0 @@
{
inputs,
withSystem,
lib,
config,
...
}:
let
inherit (builtins) map head;
inherit (lib.lists) concatStringsSep;
mkListEntry = x: "- [" + x.path_ + "](" + x.path_ + ")";
listOfGeneratedFiles = withSystem (head config.systems) (psArgs: psArgs.config.files.files);
in
{
imports = [ inputs.files.flakeModules.default ];
perSystem = psArgs: {
make-shells.default.packages = [ psArgs.config.files.writer.drv ];
};
text.readme.parts."Generated Files" = concatStringsSep "\n" (
[
"This flake uses the [files flake-parts module](https://flake.parts/options/files.html) to generate documentation."
"The list of generated files are:"
]
++ (map mkListEntry listOfGeneratedFiles)
);
}

10
nix/flake-parts/flake-parts.nix
View file

@ -1,10 +0,0 @@
{ inputs, ... }:
{
debug = true;
imports = [
inputs.make-shell.flakeModules.default
inputs.manifest.flakeModules.default
inputs.flake-parts.flakeModules.modules
inputs.text.flakeModules.default
];
}

24
nix/flake-parts/git-hooks.nix
View file

@ -1,24 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.git-hooks.flakeModule ];
text.gitignore = ".pre-commit-config.*";
perSystem = psArgs: {
pre-commit.settings.hooks = {
# Nix Linters
deadnix.enable = true;
statix.enable = true;
nil.enable = true;
nixfmt-rfc-style.enable = true;
# Flake Health Checks
flake-checker.enable = true;
# Misc
mixed-line-endings.enable = true;
trim-trailing-whitespace.enable = true;
#TODO: figure out vale
#TODO: make nix develop work
#TODO: add nix flake check
#TODO: add write-files
};
make-shells.default.shellHook = psArgs.config.pre-commit.installationScript;
};
}

25
nix/homes/rafiq/_nvf/autocomplete.nix
View file

@ -1,25 +0,0 @@
{ lib }:
{
blink-cmp = {
enable = true;
friendly-snippets.enable = true;
sourcePlugins.ripgrep.enable = true;
setupOpts = {
# Disable completion in markdown files
# TODO: Disable completion when in comments
enabled =
lib.generators.mkLuaInline
# lua
''
function()
return not vim.tbl_contains({"markdown"}, vim.bo.filetype)
and vim.bo.buftype ~= "prompt"
and vim.b.completion ~= false
end
'';
completion.documentation.auto_show_delay_ms = 0;
# Show e.g. function parameters
signature.enabled = true;
};
};
}

3
nix/homes/rafiq/_nvf/binds.nix
View file

@ -1,3 +0,0 @@
{
whichKey.enable = true;
}

36
nix/homes/rafiq/_nvf/languages.nix
View file

@ -1,36 +0,0 @@
{
enableExtraDiagnostics = true;
enableFormat = true;
enableTreesitter = true;
bash.enable = true;
clang.enable = true;
# broken on macos
# csharp.enable = true;
css.enable = true;
go.enable = true;
html.enable = true;
lua.enable = true;
markdown = {
enable = true;
extensions.markview-nvim.enable = true;
format.type = "prettierd";
};
nix = {
enable = true;
format.type = "nixfmt";
lsp.server = "nil";
};
python = {
enable = true;
format.type = "ruff";
lsp.server = "pyright";
};
rust.enable = true;
rust.crates.enable = true;
tailwind.enable = true;
ts.enable = true;
ts.extensions.ts-error-translator.enable = true;
typst.enable = true;
typst.extensions.typst-preview-nvim.enable = true;
yaml.enable = true;
}

17
nix/homes/rafiq/_nvf/lsp.nix
View file

@ -1,17 +0,0 @@
{
enable = true;
# Show virtual text hints
inlayHints.enable = true;
lightbulb.enable = true;
# Show icons for lsp actions
lspkind.enable = true;
null-ls.enable = true;
otter-nvim = {
enable = true;
setupOpts = {
buffers.set_filetype = true;
buffers.write_to_disk = true;
handle_leading_whitespace = true;
};
};
}

9
nix/homes/rafiq/_nvf/navigation.nix
View file

@ -1,9 +0,0 @@
{
harpoon = {
enable = true;
mappings.listMarks = "<leader>ml";
mappings.markFile = "<leader>mm";
setupOpts.defaults.save_on_toggle = true;
setupOpts.defaults.sync_on_ui_close = true;
};
}

28
nix/homes/rafiq/_nvf/snippets.nix
View file

@ -1,28 +0,0 @@
{ pkgs }:
{
luasnip = {
enable = true;
setupOpts.enable_autosnippets = true;
providers = with pkgs.vimPlugins; [ vim-snippets ];
loaders = "require('luasnip.loaders.from_vscode').lazy_load()";
customSnippets.snipmate = {
nix = [
{
trigger = "mod";
description = "empty module";
body = # nix
''
{config, lib, ...}:
let
cfg = config.$1;
in
{
options.$1 = { $2 };
config = $3;
}
'';
}
];
};
};
}

10
nix/homes/rafiq/_nvf/statusline.nix
View file

@ -1,10 +0,0 @@
{
lualine = {
enable = true;
refresh = {
statusline = 10;
winbar = 10;
};
#TODO: rice lualine
};
}

16
nix/homes/rafiq/_nvf/ui.nix
View file

@ -1,16 +0,0 @@
{
borders = {
enable = true;
globalStyle = "rounded";
};
breadcrumbs.enable = true;
# Show color values e.g. #ffffff
colorizer.enable = true;
# Highlight matching symbols
illuminate.enable = true;
noice.enable = true;
noice.setupOpts.notify.enabled = false;
# Make folds look nicer
nvim-ufo.enable = true;
smartcolumn.enable = true;
}

11
nix/homes/rafiq/_nvf/utility.nix
View file

@ -1,11 +0,0 @@
{
motion.hop.enable = true;
yazi-nvim = {
enable = true;
mappings = {
openYazi = "<leader>tt";
openYaziDir = "<leader>TT";
};
setupOpts.open_for_directories = true;
};
}

7
nix/homes/rafiq/_nvf/visuals.nix
View file

@ -1,7 +0,0 @@
{
indent-blankline.enable = true;
fidget-nvim.enable = true;
fidget-nvim.setupOpts.notification.override_vim_notify = true;
nvim-web-devicons.enable = true;
rainbow-delimiters.enable = true;
}

71
nix/homes/rafiq/_scripts/commit.nix
View file

@ -1,71 +0,0 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "commit" # bash
''
if git diff-index --quiet HEAD --; then exit 0; fi
PROMPT="Please generate a commit message for this diff."
GUIDELINES="1. Use conventional commit syntax, following the context. 2. Cap the commit message at 80 characters, preferably less. You must not go beyond this limit. 3. Do not include backticks. Only generate the raw text. 4. Be as succint as possible. Each commit should be atomic. You may throw a warning if it is not."
NUM_ANCESTORS=0
PUSH=false
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--num-ancestors | -n)
NUM_ANCESTORS="$2"
shift 2
;;
--push | -u)
PUSH=true
shift
;;
*)
echo "Unrecognised argument: $1. Exiting..."
exit 1
;;
esac
done
# Get context and diff
CONTEXT=$(git --no-pager log -n 10)
DIFF=$(git --no-pager diff HEAD~$NUM_ANCESTORS)
# Generate initial response
RESPONSE=$(aichat "$PROMPT\nGuidelines: $GUIDELINES\nContext from git log:\n$CONTEXT\nDiff from git diff HEAD:\n$DIFF")
while true; do
echo "$RESPONSE"
echo
echo "Choose an action:"
read -p "Options: [y]es, [r]eroll, [e]dit, [q]uit? " -n 1 -r choice
echo
case "$choice" in
y | yes)
git commit -am "$RESPONSE"
echo "Committed successfully."
if $PUSH; then
git push
echo "Pushed successfully."
fi
exit 0
;;
r | reroll)
RESPONSE=$(aichat "$PROMPT\nGuidelines: $GUIDELINES\nContext from git log:\n$CONTEXT\nDiff from git diff HEAD:\n$DIFF")
;;
e | edit)
echo "$RESPONSE" > /tmp/commit_msg.txt
"$EDITOR" /tmp/commit_msg.txt
RESPONSE=$(cat /tmp/commit_msg.txt)
rm /tmp/commit_msg.txt
;;
q | quit | "")
echo "Aborted."
exit 1
;;
*)
echo "Invalid choice. Please choose again."
;;
esac
done
''

12
nix/homes/rafiq/_scripts/edit.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
let
finder = "${pkgs.fzf}/bin/fzf --preview 'cat {}'";
in
pkgs.writeShellScriptBin "edit" # sh
''
if [ $# -gt 0 ]; then
$EDITOR $(${finder} -q $*)
else
$EDITOR $(${finder})
fi
''

9
nix/homes/rafiq/_scripts/note.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "note" # bash
''
zk edit -i
pushd ~/notebook > /dev/null
git add .
commit -u
popd > /dev/null
''

148
nix/homes/rafiq/_scripts/rebuild.nix
View file

@ -1,148 +0,0 @@
{ pkgs }:
let
inherit (pkgs.lib) getExe;
in
pkgs.writeShellScriptBin "rebuild" # sh
''
QUICK=false
NO_GENERATION_CHECK=false
TEST_SHELL=false
REMOTE_HOSTS=()
REBUILDING_ALL=false
# ANSI color codes
GREEN='\033[0;32m'
ORANGE='\033[0;33m'
RED='\033[0;31m'
NC='\033[0m'
info() {
timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo -e "''${GREEN}''${timestamp} INFO: $1''${NC}"
}
warn() {
timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo -e "''${ORANGE}''${timestamp} WARN: $1''${NC}"
}
err() {
timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo -e "''${RED}''${timestamp} ERROR: $1''${NC}"
}
prompt() {
local PROMPT="$1"
shift
read -p "$PROMPT? (y/n) [n]: " -n 1 -r REPLY
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]; then
"$*"
else
info "$PROMPT aborted."
fi
}
spawn_test_shell() {
info "Spawning test shell on $1..."
(export PS1="Test shell> "
exec ${pkgs.bash}/bin/bash ssh "$1") || {
${pkgs.cowsay}/bin/cowsay "You aborted."
exit 1
}
}
rebuild_remote() {
local args=(".#nixosConfigurations.$1" "--target-host" "$1")
local CURRENT_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2)
if "$TEST_SHELL"; then
info "Testing $1..."
${getExe pkgs.nh} os test "''${args[@]}" || exit 1
git diff HEAD --color=always --stat --patch
spawn_test_shell "$1"
info "Rebuilding $1..."
${getExe pkgs.nh} os boot "''${args[@]}" || exit 1
else
info "Rebuilding $1 on $HOSTNAME..."
${getExe pkgs.nh} os switch "''${args[@]}" || exit 1
fi
if ! "$NO_GENERATION_CHECK"; then
local NEW_GENERATION=$(ssh "$1" readlink /nix/var/nix/profiles/system | cut -d- -f2)
info "$1 - New generation is $NEW_GENERATION. Current is $CURRENT_GENERATION."
if [ ! $NEW_GENERATION -gt $CURRENT_GENERATION ]; then
warn "New config was not added to bootloader."
fi
fi
}
info "Starting rebuild script."
if [ ! -f "flake.nix" ]; then
err "flake.nix not found in the current directory. Exiting."
exit 1 # Indicate an error
fi
while [[ $# -gt 0 ]]; do
case "$1" in
--quick | -q)
QUICK=true
shift
;;
--no-generation-check | -n)
NO_GENERATION_CHECK=true
shift
;;
--test-shell | -t)
TEST_SHELL=true
shift
;;
--all | -a)
reachable_hosts=()
hostnames=$(nix flake show --all-systems --json | , jq -r '.nixosConfigurations | keys | .[]')
for host in ''${hostnames[@]}; do
info "Checking if $host is reachable..."
if ping -c 1 -W 1 "$host" > /dev/null 2>&1 ; then
info "$host is reachable."
reachable_hosts+=("$host")
else
warn "$host is unreachable."
fi
done
REMOTE_HOSTS=(''${reachable_hosts[@]})
REBUILDING_ALL=true
shift
;;
*)
if [ !REBUILDING_ALL ]; then
if ping -c 1 -W 1 "$1" > /dev/null 2>&1 ; then
REMOTE_HOSTS+=("$1")
else
err "$1 is unreachable. Exiting."
exit 1
fi
fi
shift
;;
esac
done
if [ ''${#REMOTE_HOSTS[@]} == 0 ]; then
info "No hostnames provided."
REMOTE_HOSTS=("$HOSTNAME")
fi
git add .
for host in "''${REMOTE_HOSTS[@]}"; do
rebuild_remote $host
done
if ! "$QUICK"; then
prompt "Commit changes" commit
prompt "Reboot system" sudo systemctl reboot
fi
info "Rebuild script completed successfully."
exit 0
''

21
nix/homes/rafiq/darwin.nix
View file

@ -1,21 +0,0 @@
{ lib, ... }:
let
inherit (lib.modules) mkIf;
in
{
flake.modules.homeManager.rafiq =
{
pkgs,
config,
hostName,
hostConfig,
...
}:
mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") {
home.file."Library/Application Support/aichat/config.yaml".text = ''
model: gemini:gemini-2.0-flash
clients:
- type: gemini
'';
};
}

146
nix/homes/rafiq/default.nix
View file

@ -1,146 +0,0 @@
{ lib, inputs, ... }:
let
inherit (lib.strings) concatStrings;
in
{
flake.modules.homeManager.rafiq =
{ pkgs, ... }:
{
imports = [
inputs.nvf.homeManagerModules.default
inputs.nix-index-database.hmModules.nix-index
];
persistDirs = [
".local/share/zoxide"
"notebook"
];
xdg.configFile."aichat/config.yaml".text = ''
model: gemini:gemini-2.0-flash
clients:
- type: gemini
'';
home = {
sessionVariables = {
EDITOR = "nvim";
FETCH = "hyfetch";
FILE_BROWSER = "yazi";
SHELL = "fish";
};
shellAliases = {
fetch = "hyfetch";
windows = "sudo systemctl reboot --boot-loader-entry=auto-windows";
v = "$EDITOR";
e = "edit";
cd = "z"; # zoxide
ai = "aichat -r %shell% -e";
};
packages = with pkgs; [
fastfetch
ripgrep
aichat
(import ./_scripts/edit.nix { inherit pkgs; })
(import ./_scripts/commit.nix { inherit pkgs; })
(import ./_scripts/note.nix { inherit pkgs; })
(import ./_scripts/rebuild.nix { inherit pkgs; })
];
};
programs = {
mise.enable = true;
nvf.enable = true;
nvf.settings.vim = {
syntaxHighlighting = true;
hideSearchHighlight = true;
searchCase = "ignore";
undoFile.enable = true;
telescope.enable = true;
fzf-lua.enable = true;
git.enable = true;
autopairs.nvim-autopairs.enable = true;
autocomplete = import ./_nvf/autocomplete.nix { inherit lib; };
binds = import ./_nvf/binds.nix;
languages = import ./_nvf/languages.nix;
lsp = import ./_nvf/lsp.nix;
navigation = import ./_nvf/navigation.nix;
notes.todo-comments.enable = true;
options = {
autoindent = true;
backspace = "indent,eol,start";
cursorline = true;
expandtab = true;
shiftwidth = 2;
smartindent = true;
tabstop = 2;
};
snippets = import ./_nvf/snippets.nix { inherit pkgs; };
statusline = import ./_nvf/statusline.nix;
treesitter = {
autotagHtml = true;
fold = true;
indent.disable = [ "markdown" ];
textobjects.enable = true;
};
ui = import ./_nvf/ui.nix;
utility = import ./_nvf/utility.nix;
visuals = import ./_nvf/visuals.nix;
};
zk = {
enable = true;
settings.notebook.dir = "~/notebook";
};
hyfetch = {
enable = true;
settings = {
preset = "bisexual";
mode = "rgb";
light_dark = "dark";
lightness = 0.5;
color_align = {
# Flag color alignment
mode = "horizontal";
fore_back = null;
};
backend = "fastfetch";
};
};
tealdeer.enable = true;
tealdeer.enableAutoUpdates = true;
direnv = {
enable = true;
nix-direnv.enable = true;
};
zoxide.enable = true;
nix-index.enable = true;
nix-index-database.comma.enable = true;
fzf.enable = true;
fzf.enableZshIntegration = true;
yazi = {
enable = true;
shellWrapperName = "t";
settings.mgr.sort_by = "natural";
};
fish.enable = true;
starship = {
enable = true;
settings = {
add_newline = false;
format = concatStrings [
# First Line
## Left Prompt
"$hostname$directory"
"$fill"
## Right Prompt
"$all"
# Second Line
## Left Prompt
"$character"
];
git_branch.format = "[$symbol$branch(:$remote_branch)]($style) ";
shlvl.disabled = false;
username.disabled = true;
fill.symbol = " ";
};
};
};
};
}

14
nix/homes/rafiq/desktop/_hyprland/decoration.nix
View file

@ -1,14 +0,0 @@
{
animation = [ "workspaces, 1, 1, default" ];
general = {
border_size = 2;
gaps_in = 0;
gaps_out = 0;
resize_on_border = true;
};
decoration = {
rounding = 10;
rounding_power = 2;
inactive_opacity = 0.9;
};
}

56
nix/homes/rafiq/desktop/_hyprland/keybinds.nix
View file

@ -1,56 +0,0 @@
{ pkgs, ... }:
{
"$hypr" = "CTRL_SUPER_ALT_SHIFT";
"$meh" = "CONTROL_SHIFT_ALT";
bind = [
"$hypr, Q, exec, uwsm stop"
"SUPER, W, killactive"
"SUPER, return, exec, uwsm app -- $TERMINAL"
"SUPER, O, exec, uwsm app -- $BROWSER"
"SUPER, Escape, exec, uwsm app -- $LOCKSCREEN"
#TODO:add file browser
#TODO: make it directional
"SUPER, H, cyclenext, visible"
"SUPER, L, cyclenext, visible prev"
"SUPER_ALT, H, movewindow, l"
"SUPER_ALT, J, movewindow, d"
"SUPER_ALT, K, movewindow, u"
"SUPER_ALT, L, movewindow, r"
"ALT_SHIFT, H, resizeactive, -10% 0"
"ALT_SHIFT, J, resizeactive, 0 -10%"
"ALT_SHIFT, K, resizeactive, 0 10%"
"ALT_SHIFT, L, resizeactive, 10% 0"
"SUPER_CTRL, H, workspace, r-1"
"SUPER_CTRL, L, workspace, r+1"
"$hypr, H, movetoworkspace, r-1"
"$hypr, L, movetoworkspace, r+1"
"$hypr, V, togglefloating"
];
bindr = [
# Activates on SUPER without any other modifier
"SUPER, Super_L, exec, uwsm app -- $($LAUNCHER --launch-prefix=\"uwsm app -- \")"
];
bindle = [
"SUPER, 6, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-"
"SUPER, 7, exec, ${pkgs.playerctl}/bin/playerctl previous"
"SUPER, 8, exec, ${pkgs.playerctl}/bin/playerctl -a play-pause"
"SUPER, 9, exec, ${pkgs.playerctl}/bin/playerctl next"
"SUPER, 0, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+"
"ALT, mouse_up, resizeactive, 10% 10%"
"ALT, mouse_down, resizeactive, -10% -10%"
];
bindm = [
"ALT, mouse:272, movewindow"
"ALT, mouse:273, resizeactive"
];
bindc = [
"ALT, mouse:272, togglefloating"
];
}

31
nix/homes/rafiq/desktop/darwin.nix
View file

@ -1,31 +0,0 @@
{
flake.modules.darwin.graphical.homebrew = {
brews = [
"mise"
"docker"
];
casks = [
"ghostty"
"slack"
"gitify"
"telegram"
"vial"
"linear-linear"
"chatgpt"
"spotify"
];
};
flake.modules.homeManager.rafiq = {
# make sure brew is on the path for M1
programs.zsh.initContent = ''
if [[ $(uname -m) == 'arm64' ]]; then
eval "$(/opt/homebrew/bin/brew shellenv)"
fi
'';
programs.fish.shellInit = ''
if test (uname -m) = "arm64"
eval (/opt/homebrew/bin/brew shellenv)
end
'';
};
}

61
nix/homes/rafiq/desktop/default.nix
View file

@ -1,61 +0,0 @@
{ lib, inputs, ... }:
{
flake.modules.homeManager.rafiq =
{ pkgs, config, ... }:
let
inherit (lib.modules) mkIf;
inherit (builtins) map listToAttrs;
inherit (lib.lists) findFirstIndex;
inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons;
profiles = listToAttrs (
map (name: {
inherit name;
# If there are duplicate profile names, findFirstIndex will cause issues.
value = profileCfg (findFirstIndex (x: x == name) null syncedProfiles);
}) syncedProfiles
);
syncedProfiles = [
"rafiq"
"test"
];
profileCfg = id: {
inherit id;
settings."extensions.autoDisableScopes" = 0; # Auto enable extensions
extensions = {
force = true;
packages = with firefox-addons; [
darkreader
gesturefy
sponsorblock
ublock-origin
];
};
};
in
mkIf config.graphical {
stylix = {
image = ./wallpaper.png;
targets = {
firefox.colorTheme.enable = true;
firefox.profileNames = syncedProfiles;
};
};
home = {
sessionVariables = {
BROWSER = "firefox";
TERMINAL = "ghostty";
};
};
programs = {
vesktop.enable = true;
thunderbird.enable = true;
thunderbird.profiles.rafiq.isDefault = true;
# ghostty is broken on nix-darwin
ghostty.settings.confirm-close-surface = false;
firefox = {
enable = true;
inherit profiles;
};
};
};
}

232
nix/homes/rafiq/desktop/nixos.nix
View file

@ -1,232 +0,0 @@
{ lib, config, ... }:
let
inherit (config.manifest) admin;
in
{
allowedUnfreePackages = [
"stremio-shell"
"stremio-server"
"steam"
"steam-unwrapped"
];
flake.modules.nixos.graphical =
{ config, pkgs, ... }:
{
fonts.packages = [ pkgs.font-awesome ];
services.getty.autologinUser = admin.username;
# Start Hyprland at boot only if not connecting through SSH
environment.loginShellInit = # sh
''
if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then
if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop
fi
fi
'';
environment.variables = {
# Get Electron apps to use Wayland
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NIXOS_OZONE_WL = "1";
};
programs = {
hyprland = {
enable = true;
# Use UWSM to have each process controlled by systemd init
withUWSM = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
};
};
security.pam.services.hyprlock = { };
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
settings = {
sunshine_name = config.networking.hostName;
origin_pin_allowed = "wan";
origin_web_ui_allowed = "wan";
};
applications = { };
};
# spotifyd
networking.firewall.allowedTCPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [ 5353 ];
};
flake.modules.homeManager.rafiq =
{
pkgs,
config,
hostName,
hostConfig,
...
}:
let
inherit (lib.modules) mkMerge mkIf;
in
mkIf (config.graphical && pkgs.system == "x86_64-linux") {
stylix.targets.waybar.addCss = false;
persistDirs = [
"docs"
"repos"
"vids"
"tmp"
".cache/Smart Code ltd/Stremio"
".local/share/Smart Code ltd/Stremio"
".mozilla/firefox"
".tor project"
".local/share/Steam"
".local/share/PrismLauncher"
".config/sunshine"
];
home = {
packages = with pkgs; [
wl-clipboard-rs
stremio
tor-browser
vlc
prismlauncher
];
sessionVariables = {
LAUNCHER = "fuzzel";
LOCKSCREEN = "hyprlock";
NOTIFICATION_DAEMON = "mako";
STATUS_BAR = "waybar";
};
};
# xdg.configFile."uwsm/env".text = # sh
# ''
# # Force apps to scale right with Wayland
# export GDK_SCALE=${mainMonitor.scale}
# export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
# '';
# xdg.configFile."uwsm/env-hyprland".text = # sh
# ''
# export GDK_SCALE=${mainMonitor.scale}
# export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
# '';
wayland.windowManager.hyprland = {
enable = true;
# This is needed for UWSM
systemd.enable = false;
# Null the packages since we use them system wide
package = null;
portalPackage = null;
settings = mkMerge [
(import ./_hyprland/decoration.nix)
(import ./_hyprland/keybinds.nix { inherit pkgs; })
{
ecosystem.no_update_news = true;
xwayland.force_zero_scaling = true;
monitor =
let
mainMonitor = hostConfig.machine.monitors.main;
in
[
"${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}"
", preferred, auto, 1"
];
exec-once = [
"uwsm app -- $LOCKSCREEN"
"uwsm app -- $NOTIFICATION_DAEMON"
"uwsm app -- $STATUS_BAR"
];
}
];
};
services = {
spotifyd.enable = true;
spotifyd.settings.global = {
device_name = "${hostName}";
device_type = "computer";
zeroconf_port = 5353;
};
mako.enable = true;
mako.settings.default-timeout = 10000;
};
programs = {
obs-studio.enable = true;
fuzzel.enable = true;
ghostty.enable = true;
waybar = {
enable = true;
settings = [
{
layer = "top";
modules-left = [
"pulseaudio"
];
modules-right = [
"battery"
"clock"
];
"pulseaudio" = {
format = "{icon} {volume}%";
format-muted = "";
format-icons.default = [
""
""
];
on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
};
"clock" = {
interval = 1;
format = "{:%F %T}";
};
"battery" = {
interval = 1;
bat-compatibility = true;
};
}
];
style = # css
''
window#waybar {
background-color: rgba(0, 0, 0, 0);
}
#pulseaudio,
#battery,
#clock {
padding-top: 5px;
padding-bottom: 5px;
padding-right: 5px;
color: #ffffff;
}
'';
};
hyprlock = {
enable = true;
settings = {
general.hide_cursor = true;
general.ignore_empty_input = true;
background.blur_passes = 5;
background.blur_size = 5;
label = {
text = ''hi, $USER.'';
font_size = 32;
position = "0, 0";
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
input-field = {
placeholder_text = "";
fade_on_empty = true;
size = "200, 45";
position = "0, -5%";
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
};
};
};
};
}

BIN
nix/homes/rafiq/desktop/wallpaper.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.5 MiB

54
nix/lib/attrsets.nix
View file

@ -1,54 +0,0 @@
{ lib, ... }:
let
inherit (builtins) attrNames head;
inherit (lib.trivial) pipe;
inherit (lib.attrsets) filterAttrs;
in
{
flake.lib.attrsets = {
/**
`firstAttrNameMatching pred set` filters an attribute set `set` based on a predicate `pred`
and returns the *first* attribute name that satisfies the predicate.
# Example
```nix
let
mySet = {
a = { value = 1; };
b = { value = 2; };
c = { value = 3; };
};
isGreaterThanOne = name: value: value.value > 1;
result = firstAttrNameMatching isGreaterThanOne mySet;
in
result
# Output: "b"
```
# Type
```
firstAttrNameMatching :: (String -> Any -> Bool) -> AttrSet -> String
```
# Arguments
pred
: A function that takes an attribute name and its value and returns a boolean.
set
: The attribute set to filter.
*/
firstAttrNameMatching =
pred: set:
pipe set [
(filterAttrs pred)
attrNames
head
];
};
}

13
nix/lib/lists.nix
View file

@ -1,13 +0,0 @@
let
inherit (builtins) length tail;
in
{
flake.lib.lists = rec {
shortenList =
count: list:
let
len = length list;
in
if len <= count then list else (shortenList count (tail list));
};
}

100
nix/lib/modules.nix
View file

@ -1,100 +0,0 @@
{ lib, config, ... }:
let
inherit (builtins) foldl' attrNames;
inherit (lib.attrsets) mapAttrs;
in
{
flake.lib.modules = {
/**
Fold over the users list and create an attribute set.
# Inputs
`f`
: A function that takes the name of a user and returns an attribute set.
# Type
```
userListToAttrs :: (String -> AttrSet) -> AttrSet
```
# Examples
:::{.example}
## `userListToAttrs` usage example
```nix
flake.manifest.users.rafiq = { ... };
flake.modules.homeManager.users = userListToAttrs (name: {
${name}.home.username = name;
});
=> flake.modules.homeManager.default.users.rafiq.home.username = "rafiq";
```
:::
*/
userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users);
/**
Return an attribute set for use with a option that needs to be used for all users.
# Inputs
`attrset`
: An attribute set to apply to all the users.
# Type
```
forAllUsers :: AttrSet -> AttrSet
```
# Examples
:::{.example}
## `forAllUsers` usage example
```nix
flake.manifest.users.rafiq = { ... };
flake.modules.nixos.default.users = forAllUsers {
isNormalUser = true;
};
=> flake.modules.nixos.default.users.rafiq.isNormalUser = true;
```
:::
*/
forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users;
/**
Like forAllUsers, but passes in the name and value from the manifest.
# Inputs
`f`
: A function that takes an attribute name and its value, and returns the new value for the attribute.
# Type
```
forAllUsers' :: (String -> Any -> Any) -> AttrSet
```
# Examples
:::{.example}
## `forAllUsers'` usage example
```nix
flake.manifest.users.rafiq = { ... };
flake.modules.homeManager.users = forAllUsers' (name: value: {
home.username = name;
});
=> flake.modules.homeManager.default.users.rafiq.home.username = "rafiq";
```
:::
*/
forAllUsers' = f: mapAttrs f config.manifest.users;
};
}

45
nix/lib/options.nix
View file

@ -1,45 +0,0 @@
{ lib, ... }:
let
inherit (lib.options) mkOption;
inherit (lib.types)
str
path
int
port
attrs
;
in
{
flake.lib.options = {
mkStrOption =
default:
mkOption {
inherit default;
type = str;
};
mkAttrOption =
default:
mkOption {
inherit default;
type = attrs;
};
mkIntOption =
default:
mkOption {
inherit default;
type = int;
};
mkPortOption =
default:
mkOption {
type = port;
inherit default;
};
mkPathOption =
default:
mkOption {
type = path;
inherit default;
};
};
}

69
nix/lib/services.nix
View file

@ -1,69 +0,0 @@
{ config, lib, ... }:
let
inherit (builtins) length concatStringsSep;
inherit (lib.options) mkEnableOption;
inherit (lib.strings) splitString;
inherit (lib.lists) singleton;
inherit (lib.modules) mkMerge mkIf;
inherit (cfg.lib.options) mkStrOption mkPortOption mkAttrOption;
inherit (cfg.lib.lists) shortenList;
cfg = config.flake;
in
{
flake.lib.services = rec {
splitDomain = domain: splitString "." domain;
isRootDomain = domain: length (splitDomain domain) <= 2;
mkRootDomain = domain: concatStringsSep "." (shortenList 2 (splitDomain domain));
mkWildcardDomain = rootDomain: concatStringsSep "." ((singleton "*") ++ (splitDomain rootDomain));
mkHost = domain: if isRootDomain domain then domain else mkWildcardDomain (mkRootDomain domain);
mkWebApp =
{
config,
name,
defaultPort,
persistDirs ? [ ],
extraOptions ? { },
extraConfig ? { },
}:
let
cfg = config.server.web-apps.${name};
networkingConfig =
{
config,
cfg,
name,
}:
mkIf (cfg.domain != "") {
assertions = singleton {
assertion = config.server.web-servers.nginx.enable;
message = "You must enable a web server if you want to set server.web-apps.${name}.domain.";
};
server.ddns.domains = singleton (mkRootDomain cfg.domain);
server.web-servers.nginx.proxies = singleton {
source = cfg.domain;
target = "http://${config.networking.hostName}:${toString cfg.port}";
};
};
in
{
options.server.web-apps.${name} = {
enable = mkEnableOption "";
port = mkPortOption defaultPort;
domain = mkStrOption "";
openFirewall = mkEnableOption "";
extraCfg = mkAttrOption { };
} // extraOptions;
config = mkIf cfg.enable (mkMerge [
{
inherit persistDirs;
networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; };
}
(networkingConfig { inherit config cfg name; })
extraConfig
]);
};
};
}

104
nix/manifest.nix
View file

@ -1,104 +0,0 @@
{
manifest = {
users.rafiq = {
primary = true;
name = "Mohammad Rafiq";
email = "rafiq@rrv.sh";
shell = "fish";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq";
};
hosts = {
darwin = {
venus = {
graphical = true;
machine.platform = "intel";
};
hephaestus = {
graphical = true;
machine.platform = "apple-silicon";
};
};
nixos = {
nemesis = {
graphical = true;
machine = {
platform = "amd";
gpu = "nvidia";
root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
monitors.main = {
id = "desc:OOO AN-270W04K";
resolution = "3840x2160";
refresh-rate = "60";
scale = "2";
};
};
extraCfg = {
machine = {
bluetooth.enable = true;
usb.automount = true;
usb.qmk.enable = true;
virtualisation = {
podman.enable = true;
podman.distrobox.enable = true;
};
};
server.web-apps = {
comfy-ui.enable = true;
sd-webui-forge.enable = true;
};
};
};
apollo = {
graphical = false;
machine = {
platform = "intel";
root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
};
extraCfg.server = {
ddns = {
enable = true;
domains = [
"aenyrathia.wiki"
"slayment.com"
];
};
web-servers = {
enableSSL = true;
nginx = {
enable = true;
proxies = [
{
source = "aenyrathia.wiki";
target = "http://helios:5896";
}
{
source = "il.bwfiq.com";
target = "http://helios:2283";
}
];
};
};
databases = {
mongodb.enable = true;
mysql.enable = true;
postgresql.enable = true;
};
web-apps = {
librechat = {
enable = true;
domain = "chat.bwfiq.com";
};
forgejo = {
enable = true;
domain = "git.rrv.sh";
openFirewall = true;
};
rrv-sh.enable = true;
rrv-sh.domain = "rrv.sh";
};
};
};
};
};
};
}

31
nix/meta.nix
View file

@ -1,31 +0,0 @@
{
lib,
config,
inputs,
...
}:
let
inherit (lib.options) mkOption;
inherit (lib.types) path lazyAttrsOf raw;
inherit (inputs.flake-parts.lib) mkSubmoduleOptions;
cfg = config.flake;
in
{
options.flake = mkSubmoduleOptions {
self = mkOption { type = raw; };
lib = mkOption {
type = lazyAttrsOf raw;
default = { };
};
paths = {
root = mkOption { type = path; };
secrets = mkOption {
type = path;
readOnly = true;
};
};
};
config.flake = {
paths.secrets = cfg.paths.root + "/secrets";
};
}

17
nix/modules/cli/git.nix
View file

@ -1,17 +0,0 @@
{ config, ... }:
let
inherit (config.manifest) users;
in
{
flake.modules.homeManager.default =
{ config, ... }:
{
home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
programs.git = {
enable = true;
userName = users.${config.home.username}.name;
userEmail = users.${config.home.username}.email;
signing.key = "~/.ssh/id_ed25519.pub";
};
};
}

13
nix/modules/cli/nix.nix
View file

@ -1,13 +0,0 @@
{
flake.modules.nixos.default.nix.settings.experimental-features = [
"nix-command"
"flakes"
];
flake.modules.darwin.default = {
nix.enable = false;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
};
}

36
nix/modules/cli/shell.nix
View file

@ -1,36 +0,0 @@
{ config, lib, ... }:
let
cfg = config.flake;
inherit (config.manifest) users;
inherit (cfg.lib.modules) forAllUsers';
inherit (lib.attrsets) mapAttrs';
in
{
flake.modules = {
nixos.default =
{ pkgs, ... }:
{
programs = mapAttrs' (name: value: {
name = value.shell;
value.enable = true;
}) users;
users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
};
darwin.default =
{ pkgs, ... }:
{
programs = mapAttrs' (name: value: {
name = value.shell;
value.enable = true;
}) users;
users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
environment.shells = [ pkgs.fish ];
};
homeManager.default =
{ config, ... }:
{
programs.${users.${config.home.username}.shell}.enable = true;
home.shell.enableShellIntegration = true;
};
};
}

17
nix/modules/graphical/default.nix
View file

@ -1,17 +0,0 @@
{ lib, ... }:
let
inherit (lib.options) mkEnableOption;
in
{
flake.modules = {
nixos.graphical = {
home-manager.sharedModules = [ { graphical = true; } ];
services.pipewire = {
enable = true;
pulse.enable = true;
};
};
homeManager.default.options.graphical = mkEnableOption "";
darwin.graphical.home-manager.sharedModules = [ { graphical = true; } ];
};
}

20
nix/modules/graphical/stylix.nix
View file

@ -1,20 +0,0 @@
{ inputs, ... }:
{
# needs to be default because the options get
# evaluated even if graphical is set to false
flake.modules.nixos.default =
{ pkgs, ... }:
{
imports = [ inputs.stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
};
flake.modules.darwin.default =
{ pkgs, ... }:
{
imports = [ inputs.stylix.darwinModules.stylix ];
stylix.enable = true;
#TODO: move into manifest
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
};
}

18
nix/modules/machine/bootloader.nix
View file

@ -1,18 +0,0 @@
{
flake.modules.nixos.default.boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
loader.efi.canTouchEfiVariables = true;
#TODO: disable for mbp?
loader.systemd-boot = {
enable = true;
configurationLimit = 5;
};
};
}

58
nix/modules/machine/default.nix
View file

@ -1,58 +0,0 @@
{ lib, ... }:
let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf mkMerge;
in
{
flake.modules.nixos.default =
{
config,
modulesPath,
pkgs,
...
}:
let
cfg = config.machine;
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
options.machine = {
bluetooth.enable = mkEnableOption "";
usb.automount = mkEnableOption "";
usb.qmk.enable = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.usb.automount {
services.udisks2.enable = true;
home-manager.sharedModules = [
{
services.udiskie = {
enable = true;
automount = true;
notify = true;
};
}
];
})
(mkIf cfg.usb.qmk.enable {
hardware.keyboard.qmk.enable = true;
services.udev = {
packages = with pkgs; [
vial
qmk
qmk-udev-rules
qmk_hid
];
};
})
(mkIf cfg.bluetooth.enable {
persistDirs = [ "/var/lib/bluetooth" ];
hardware.bluetooth = {
enable = true;
settings.General.Experimental = true;
};
})
];
};
}

37
nix/modules/machine/gpu.nix
View file

@ -1,37 +0,0 @@
{
allowedUnfreePackages = [
"nvidia-x11"
"nvidia-settings"
];
flake.modules.nixos.default =
{
config,
pkgs,
hostConfig,
...
}:
let
inherit (hostConfig.machine) gpu;
in
if gpu == "nvidia" then
{
hardware = {
graphics.enable = true;
graphics.extraPackages = [ pkgs.nvidia-vaapi-driver ];
nvidia.open = true;
nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
};
services.xserver.videoDrivers = [ "nvidia" ];
environment.variables = {
LIBVA_DRIVER_NAME = "nvidia";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
NVD_BACKEND = "direct";
};
nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ];
nix.settings.trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
}
else
{ };
}

23
nix/modules/machine/platform.nix
View file

@ -1,23 +0,0 @@
{
flake.modules.nixos.default =
{ hostConfig, ... }:
let
inherit (hostConfig.machine) platform;
arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64";
in
{
hardware.cpu.${platform}.updateMicrocode = true;
boot.kernelModules = [ "kvm-${platform}" ];
nixpkgs.hostPlatform = "${arch}-linux";
};
flake.modules.darwin.default =
{ hostConfig, ... }:
let
inherit (hostConfig.machine) platform;
arch = if platform == "intel" then "x86_64" else "aarch64";
in
{
nixpkgs.hostPlatform = "${arch}-darwin";
};
}

95
nix/modules/machine/root.nix
View file

@ -1,95 +0,0 @@
{ lib, inputs, ... }:
let
inherit (lib.modules) mkMerge mkIf mkAfter;
in
{
flake.modules.nixos.default =
{ hostConfig, ... }:
let
inherit (hostConfig.machine) root;
in
{
imports = [ inputs.disko.nixosModules.disko ];
config = mkMerge [
{
# BTRFS - may add more later on
boot.initrd.kernelModules = [ "dm-snapshot" ];
disko.devices.disk.main = {
device = root.drive;
content.type = "gpt";
content.partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
disko.devices.lvm_vg.root_vg = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root".mountpoint = "/";
"/persist" = {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"noatime"
];
};
};
};
};
};
}
# Ephemeral by default - assumes btrfs
(mkIf root.ephemeral {
boot.initrd.postDeviceCommands = mkAfter ''
mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
btrfs subvolume delete "/btrfs_tmp/root"
fi
'';
})
];
};
}

36
nix/modules/machine/virtualisation.nix
View file

@ -1,36 +0,0 @@
{ lib, config, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
inherit (lib.lists) optional;
inherit (config.flake.lib.modules) forAllUsers;
in
{
flake.modules.nixos.default =
{ pkgs, config, ... }:
let
cfg = config.machine.virtualisation;
in
{
options.machine.virtualisation = {
podman.enable = mkEnableOption "";
podman.distrobox.enable = mkEnableOption "";
};
config = mkIf cfg.podman.enable {
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
users.users = forAllUsers {
extraGroups = [ "podman" ];
autoSubUidGidRange = cfg.podman.distrobox.enable;
};
home-manager.sharedModules = optional cfg.podman.distrobox.enable {
home.packages = [ pkgs.distrobox ];
persistDirs = [ ".local/share/containers" ];
};
};
};
}

16
nix/modules/networking/default.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }:
let
inherit (lib.modules) mkDefault;
in
{
flake.modules.nixos.default =
{ hostName, ... }:
{
networking = {
inherit hostName;
enableIPv6 = false;
useDHCP = mkDefault true;
networkmanager.enable = true;
};
};
}

30
nix/modules/networking/ssh.nix
View file

@ -1,30 +0,0 @@
{ config, lib, ... }:
let
cfg = config.flake;
inherit (config.manifest) admin;
inherit (lib.modules) mkMerge;
inherit (cfg.lib.modules) forAllUsers';
in
{
flake.modules.nixos.default = mkMerge [
{
services.openssh.enable = true;
users.users = forAllUsers' (_: value: { openssh.authorizedKeys.keys = [ value.pubkey ]; });
persistFiles = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
}
{ users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; }
];
flake.modules.homeManager.default = {
persistDirs = [ ".ssh" ];
programs.ssh.enable = true;
programs.ssh.extraConfig = ''
Host *
SetEnv TERM=xterm-256color
'';
};
}

25
nix/modules/networking/tailscale.nix
View file

@ -1,25 +0,0 @@
{ config, ... }:
let
inherit (config.flake.paths) secrets;
in
{
flake.modules.nixos.default =
{ config, ... }:
{
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/client-secret".path;
authKeyParameters.preauthorized = true;
};
persistDirs = [ "/var/lib/tailscale" ];
sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml";
};
flake.modules.darwin.default =
{ pkgs, ... }:
{
services.tailscale = {
enable = true;
package = pkgs.tailscale.overrideAttrs { doCheck = false; };
};
};
}

90
nix/modules/server/databases.nix
View file

@ -1,90 +0,0 @@
{ lib, config, ... }:
let
inherit (builtins) toString;
inherit (lib.modules) mkIf mkMerge mkOverride;
inherit (lib.lists) singleton;
inherit (lib.options) mkEnableOption;
inherit (config.flake.lib.options) mkPortOption;
in
{
allowedUnfreePackages = [ "mongodb" ];
flake.modules.nixos.default =
{ config, pkgs, ... }:
let
cfg = config.server.databases;
in
{
options.server.databases = {
mongodb = {
enable = mkEnableOption "the MongoDB server";
port = mkPortOption 27017;
};
mysql = {
enable = mkEnableOption "the MySQL server";
port = mkPortOption 3306;
};
postgresql = {
enable = mkEnableOption "the postgresql server";
port = mkPortOption 5432;
};
};
config = mkMerge [
(mkIf cfg.postgresql.enable {
networking.firewall.allowedTCPPorts = singleton cfg.postgresql.port;
persistDirs = singleton {
directory = toString config.services.postgresql.dataDir;
user = "postgres";
group = "postgres";
};
services.postgresql = {
enable = true;
enableTCPIP = true;
settings = { inherit (cfg.postgresql) port; };
authentication = mkOverride 10 ''
#type database DBuser auth-method
local all all trust
# ipv4
host all all 0.0.0.0/0 trust
'';
ensureDatabases = singleton "alphastory";
ensureUsers = singleton {
name = "alphastory";
ensureDBOwnership = true;
};
};
})
(mkIf cfg.mongodb.enable {
networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ];
persistDirs = singleton {
directory = toString config.services.mongodb.dbpath;
user = "mongodb";
group = "mongodb";
};
services.mongodb = {
enable = true;
bind_ip = "0.0.0.0";
extraConfig = ''
net.port: ${toString cfg.mongodb.port}
'';
};
})
(mkIf cfg.mysql.enable {
networking.firewall.allowedTCPPorts = [ cfg.mysql.port ];
persistDirs = singleton {
directory = toString config.services.mysql.dataDir;
user = "mysql";
group = "mysql";
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings.mysqld = {
inherit (cfg.mysql) port;
};
};
})
];
};
}

59
nix/modules/server/ddns.nix
View file

@ -1,59 +0,0 @@
{ lib, config, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.types) enum str listOf;
inherit (lib.lists) unique;
inherit (builtins) map;
inherit (config.flake.paths) secrets;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
cfg = config.server.ddns;
mkDomain = domain_name: {
inherit domain_name;
sub_domains = [
"@"
"*"
];
};
in
{
options.server.ddns = {
enable = mkEnableOption "";
type = mkOption {
type = enum [ "godns" ];
default = "godns";
};
domains = mkOption {
type = listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml";
services.godns = {
enable = if (cfg.type == "godns") then true else false;
loadCredential = [ "cf_token:${config.sops.secrets."keys/cloudflare".path}" ];
settings = {
provider = "Cloudflare";
login_token_file = "$CREDENTIALS_DIRECTORY/cf_token";
# Sanitize the list of domains with unique so we can add to it with every service.
domains = map mkDomain (unique cfg.domains);
resolver = "1.1.1.1";
ip_urls = [
"https://wtfismyip.com/text"
"https://api.ipify.org"
"https://myip.biturl.top"
"https://api-ipv4.ip.sb/ip"
];
ip_type = "IPv4";
interval = 300;
};
};
};
};
}

34
nix/modules/server/web-apps/comfy-ui.nix
View file

@ -1,34 +0,0 @@
{
lib,
config,
inputs,
...
}:
let
inherit (lib.lists) singleton;
inherit (config.flake.lib.services) mkWebApp;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
upstreamCfg = config.services.comfyUi;
in
mkWebApp {
inherit config;
name = "comfy-ui";
defaultPort = 8188;
persistDirs = singleton {
directory = upstreamCfg.dataDir;
inherit (upstreamCfg) user group;
mode = "777";
};
extraConfig.services.comfyUi = {
enable = true;
listenHost = "0.0.0.0";
};
}
// {
imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ];
};
}

47
nix/modules/server/web-apps/forgejo.nix
View file

@ -1,47 +0,0 @@
{ lib, config, ... }:
let
inherit (lib.lists) singleton optional;
inherit (config.flake.lib.options) mkPortOption;
inherit (config.flake.lib.services) mkWebApp;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
cfg = config.server.web-apps.forgejo;
upstreamCfg = config.services.forgejo;
in
mkWebApp {
inherit config;
name = "forgejo";
defaultPort = 3000;
persistDirs = singleton {
directory = upstreamCfg.stateDir;
inherit (upstreamCfg) user group;
};
extraOptions = {
sshPort = mkPortOption 2222;
};
extraConfig = {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort;
services.forgejo = {
enable = true;
settings = {
server = {
DOMAIN = cfg.domain;
ROOT_URL = "https://${cfg.domain}/";
HTTP_PORT = cfg.port;
START_SSH_SERVER = true;
SSH_PORT = cfg.sshPort;
};
repository = {
USE_COMPAT_SSH_URI = false;
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
"repository.signing".FORMAT = "ssh";
};
};
};
};
}

87
nix/modules/server/web-apps/librechat.nix
View file

@ -1,87 +0,0 @@
{
lib,
inputs,
config,
...
}:
let
inherit (lib.lists) singleton;
inherit (config.flake.lib.options) mkStrOption;
inherit (config.flake.lib.services) mkWebApp;
inherit (config.flake.paths) secrets;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
cfg = config.server.web-apps.librechat;
upstreamCfg = config.services.librechat;
in
mkWebApp {
inherit config;
name = "librechat";
defaultPort = 3080;
persistDirs = singleton {
directory = upstreamCfg.dataDir;
inherit (upstreamCfg) user group;
};
extraOptions.mongodbURI = mkStrOption "mongodb://${config.networking.hostName}:27017/LibreChat";
extraConfig = {
sops.secrets = {
"librechat/creds_key".sopsFile = secrets + "/librechat.yaml";
"librechat/creds_iv".sopsFile = secrets + "/librechat.yaml";
"librechat/jwt_secret".sopsFile = secrets + "/librechat.yaml";
"librechat/jwt_refresh_secret".sopsFile = secrets + "/librechat.yaml";
"keys/gemini".sopsFile = secrets + "/keys.yaml";
"keys/openrouter".sopsFile = secrets + "/keys.yaml";
};
services.librechat = {
enable = true;
openFirewall = true;
inherit (cfg) port;
env = {
HOST = "0.0.0.0";
ALLOW_REGISTRATION = "true";
NO_INDEX = "true";
MONGO_URI = cfg.mongodbURI;
DOMAIN_CLIENT = cfg.domain;
DOMAIN_SERVER = cfg.domain;
ENDPOINTS = "anthropic,agents,google";
};
credentials = {
CREDS_KEY = config.sops.secrets."librechat/creds_key".path;
CREDS_IV = config.sops.secrets."librechat/creds_iv".path;
JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path;
JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path;
OPENROUTER_KEY = config.sops.secrets."keys/openrouter".path;
GOOGLE_KEY = config.sops.secrets."keys/gemini".path;
};
settings = {
version = "1.1.4";
cache = true;
endpoints.custom = [
{
name = "OpenRouter";
apiKey = "\${OPENROUTER_KEY}";
baseURL = "https://openrouter.ai/api/v1";
models.default = [ "meta-llama/llama-3-70b-instruct" ];
models.fetch = true;
titleConvo = true;
titleModel = "current_model";
modelDisplayLabel = "OpenRouter";
}
];
interface = {
privacyPolicy = {
externalUrl = "https://librechat.ai/privacy-policy";
openNewTab = true;
};
};
};
};
};
}
// {
imports = singleton "${inputs.rrvsh-nixpkgs}/nixos/modules/services/web-apps/librechat.nix";
};
}

23
nix/modules/server/web-apps/rrv-sh.nix
View file

@ -1,23 +0,0 @@
{ config, inputs, ... }:
let
inherit (config.flake.lib.services) mkWebApp;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
cfg = config.server.web-apps.rrv-sh;
in
mkWebApp {
inherit config;
name = "rrv-sh";
defaultPort = 2309;
extraConfig.services.rrv-sh = {
enable = true;
inherit (cfg) port;
};
}
// {
imports = [ inputs.rrv-sh.nixosModules.default ];
};
}

34
nix/modules/server/web-apps/sd-webui-forge.nix
View file

@ -1,34 +0,0 @@
{
lib,
inputs,
config,
...
}:
let
inherit (lib.lists) singleton;
inherit (config.flake.lib.services) mkWebApp;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
upstreamCfg = config.services.sd-webui-forge;
in
mkWebApp {
inherit config;
name = "sd-webui-forge";
defaultPort = 7860;
persistDirs = singleton {
directory = upstreamCfg.dataDir;
inherit (upstreamCfg) user group;
};
extraConfig.services.sd-webui-forge = {
enable = true;
listen = true;
extraArgs = "--cuda-malloc";
};
}
// {
imports = [ inputs.stable-diffusion-webui-nix.nixosModules.default ];
};
}

142
nix/modules/server/web-servers.nix
View file

@ -1,142 +0,0 @@
{ lib, config, ... }:
let
inherit (builtins) listToAttrs map;
inherit (config.flake.lib.options) mkStrOption mkPathOption;
inherit (config.flake.lib.services) mkRootDomain;
inherit (config.flake.paths) secrets;
inherit (config.manifest.admin) email;
inherit (lib.types) listOf submodule attrs;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkMerge mkIf;
inherit (lib.lists) singleton;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
cfg = config.server.web-servers;
sslCheck = good: bad: if cfg.enableSSL then good else bad;
in
{
options.server.web-servers = {
enableSSL = mkEnableOption "";
nginx = {
enable = mkEnableOption "the Nginx server";
openFirewall = mkEnableOption "" // {
default = true;
};
enableDefaultSink = mkEnableOption "" // {
default = true;
};
pages = mkOption {
default = [ ];
type = listOf (submodule {
options = {
domain = mkStrOption "";
root = mkPathOption "";
extraConfig = mkOption {
type = attrs;
default = { };
};
locations = mkOption {
type = attrs;
default = { };
};
};
});
};
proxies = mkOption {
default = [ ];
type = listOf (submodule {
options = {
source = mkStrOption "";
target = mkStrOption "";
extraConfig = mkOption {
type = attrs;
default = { };
};
locations = mkOption {
type = attrs;
default = { };
};
};
});
};
};
};
config = mkMerge [
(mkIf cfg.enableSSL {
sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml";
security.acme = {
acceptTerms = true;
defaults = {
inherit email;
dnsProvider = "cloudflare";
credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
};
certs = {
"rrv.sh".extraDomainNames = singleton "*.rrv.sh";
"bwfiq.com".extraDomainNames = singleton "*.bwfiq.com";
"slayment.com".extraDomainNames = singleton "*.slayment.com";
"aenyrathia.wiki".extraDomainNames = singleton "*.aenyrathia.wiki";
};
};
})
(mkIf cfg.nginx.enable {
networking.firewall.allowedTCPPorts = mkIf cfg.nginx.openFirewall [
443
80
];
users.users.nginx.extraGroups = singleton "acme";
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = mkMerge [
(mkIf cfg.nginx.enableDefaultSink {
"_" = {
default = true;
rejectSSL = sslCheck true false;
locations."/" = {
return = "444";
};
};
})
(listToAttrs (
map (page: {
name = page.domain;
value = {
addSSL = sslCheck true false;
useACMEHost = sslCheck (mkRootDomain page.domain) null;
acmeRoot = null; # needed for DNS validation
locations = {
"/" = {
inherit (page) root;
} // page.extraConfig;
} // page.locations;
};
}) cfg.nginx.pages
))
(listToAttrs (
map (proxy: {
name = proxy.source;
value = {
addSSL = sslCheck true false;
useACMEHost = sslCheck (mkRootDomain proxy.source) null;
acmeRoot = null; # needed for DNS validation
locations = {
"/" = {
proxyPass = proxy.target;
} // proxy.extraConfig;
} // proxy.locations;
};
}) cfg.nginx.proxies
))
];
};
})
];
};
}

11
nix/modules/system/homebrew.nix
View file

@ -1,11 +0,0 @@
{ config, ... }:
let
inherit (config.manifest) admin;
in
{
flake.modules.darwin.graphical.homebrew = {
enable = true;
user = admin.username;
onActivation.cleanup = "uninstall";
};
}

66
nix/modules/system/persist.nix
View file

@ -1,66 +0,0 @@
{
lib,
inputs,
config,
...
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkOption;
inherit (config.flake.lib.options) mkStrOption;
inherit (lib.types)
listOf
str
coercedTo
submodule
;
permOpts = {
user = mkStrOption "root";
group = mkStrOption "root";
mode = mkStrOption "0755";
};
mkOpts =
type: opts:
mkOption {
default = [ ];
type = listOf (
coercedTo str (d: { ${type} = d; }) (submodule {
options = {
${type} = mkStrOption "";
} // opts;
})
);
};
in
{
flake.modules.nixos.default =
{ config, ... }:
{
imports = [ inputs.impermanence.nixosModules.impermanence ];
options.persistDirs = mkOpts "directory" permOpts;
options.persistFiles = mkOpts "file" { parentDirectory = permOpts; };
config = {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = config.persistDirs;
files = config.persistFiles;
};
};
};
flake.modules.homeManager.default =
{ config, pkgs, ... }:
{
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
options.persistDirs = mkOpts "directory" { };
options.persistFiles = mkOpts "file" { };
config = mkIf (pkgs.system == "x86_64-linux") {
home.persistence."/persist${config.home.homeDirectory}" = {
allowOther = true;
directories = config.persistDirs;
files = config.persistFiles;
};
};
};
}

77
nix/modules/system/secrets.nix
View file

@ -1,77 +0,0 @@
{
config,
inputs,
lib,
...
}:
let
cfg = config.flake;
inherit (cfg.paths) secrets;
inherit (builtins) readFile;
inherit (lib.meta) getExe;
inherit (lib.strings) trim;
inherit (config.manifest.admin) username pubkey;
in
{
flake.modules = {
nixos.default =
{ config, ... }:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
config = {
sops = {
age.sshKeyPaths = [
"/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519"
];
secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
};
environment.shellInit = # sh
''
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
'';
};
};
darwin.default =
{ config, ... }:
{
imports = [ inputs.sops-nix.darwinModules.sops ];
config = {
sops = {
age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ];
secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
};
environment.shellInit = # sh
''
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
'';
};
};
homeManager.default.persistDirs = [ ".config/sops/age" ];
};
perSystem =
{ pkgs, ... }:
{
files.files = [
{
path_ = ".sops.yaml";
drv =
pkgs.writeText ".sops.yaml" # yaml
''
keys:
- &${username} ${trim (
readFile "${
pkgs.runCommand "" { } ''
mkdir $out; echo ${pubkey} | ${getExe pkgs.ssh-to-age} > $out/agepubkey
''
}/agepubkey"
)}
creation_rules:
- path_regex: \.(yaml)$
key_groups:
- age:
- *${username}
'';
}
];
};
}

Some files were not shown because too many files have changed in this diff Show more