rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rrvsh:prime
Branches Tags
rrvsh:prime
rrvsh:feat/darwin-parity
rrvsh:rebase/flake-parts
rrvsh:0.2.0
rrvsh:0.1.1
rrvsh:0.1.0
..
compare: rrvsh:rebase/flake-parts
Branches Tags
rrvsh:prime
rrvsh:feat/darwin-parity
rrvsh:rebase/flake-parts
rrvsh:0.2.0
rrvsh:0.1.1
rrvsh:0.1.0

No commits in common. "prime" and "rebase/flake-parts" have entirely different histories.
prime ... rebase/fla

37 changed files with 484 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

38
flake.lock generated
View file

@ -337,42 +337,6 @@
"type": "github" "type": "github"
} }
}, },
"manifest": {
"locked": {
"lastModified": 1752588656,
"narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=",
"owner": "rrvsh",
"repo": "manifest",
"rev": "365902fba994f30469298dee0c98a5fc0f41ec38",
"type": "github"
},
"original": {
"owner": "rrvsh",
"repo": "manifest",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -503,8 +467,6 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"import-tree": "import-tree", "import-tree": "import-tree",
"make-shell": "make-shell", "make-shell": "make-shell",
"manifest": "manifest",
"nix-darwin": "nix-darwin",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",

14
flake.nix
View file

@ -1,14 +1,11 @@
{ {
outputs = outputs =
{ self, ... }@inputs: inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } ( inputs.flake-parts.lib.mkFlake { inherit inputs; } (
(inputs.import-tree ./nix) (inputs.import-tree ./nix)
// { // {
systems = import inputs.systems; systems = import inputs.systems;
flake = { flake.paths.root = ./.;
inherit self;
paths.root = ./.;
};
} }
); );
inputs = { inputs = {
@ -25,11 +22,6 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# nix darwin provides declarative mac configuration
nix-darwin = {
url = "github:nix-darwin/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# the nix user repository for mainly firefox extensions # the nix user repository for mainly firefox extensions
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
@ -71,8 +63,6 @@
files.url = "github:mightyiam/files"; files.url = "github:mightyiam/files";
# text.nix lets us easily define markdown text to pass to files # text.nix lets us easily define markdown text to pass to files
text.url = "github:rrvsh/text.nix"; text.url = "github:rrvsh/text.nix";
# manifest lets us define all hosts in one file
manifest.url = "github:rrvsh/manifest";
# make-shells.<name> creates devShells and checks # make-shells.<name> creates devShells and checks
make-shell = { make-shell = {
url = "github:nicknovitski/make-shell"; url = "github:nicknovitski/make-shell";

31
nix/configurations.nix
View file

@ -6,30 +6,28 @@
}: }:
let let
inherit (lib) nixosSystem; inherit (lib) nixosSystem;
inherit (inputs.nix-darwin.lib) darwinSystem;
inherit (lib.lists) optional; inherit (lib.lists) optional;
inherit (lib.attrsets) mapAttrs; inherit (lib.attrsets) mapAttrs;
inherit (cfg.lib.modules) forAllUsers'; inherit (cfg.lib.modules) forAllUsers';
inherit (config.manifest) hosts;
cfg = config.flake; cfg = config.flake;
globalCfg = hostName: hostConfig: { globalCfg = name: hostConfig: {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { inherit hostName hostConfig; }; extraSpecialArgs = {
inherit hostConfig;
hostName = name;
};
sharedModules = [ cfg.modules.homeManager.default ]; sharedModules = [ cfg.modules.homeManager.default ];
users = forAllUsers' (name: _: cfg.modules.homeManager.${name}); users = forAllUsers' (name: _: cfg.modules.homeManager.${name});
}; };
hosts = cfg.manifest.hosts or { };
mkConfigurations = mkConfigurations =
class: hosts: class: hosts:
mapAttrs ( mapAttrs (
name: value: name: value:
if class == "nixos" then if class == "nixos" then
nixosSystem { nixosSystem {
specialArgs = { specialArgs.hostName = name;
inherit (config.flake) self;
hostName = name;
hostConfig = value;
};
modules = [ modules = [
cfg.modules.nixos.default cfg.modules.nixos.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -37,20 +35,6 @@ let
(value.extraCfg or { }) (value.extraCfg or { })
] ++ optional value.graphical cfg.modules.nixos.graphical; ] ++ optional value.graphical cfg.modules.nixos.graphical;
} }
else if class == "darwin" then
darwinSystem {
specialArgs = {
inherit (config.flake) self;
hostName = name;
hostConfig = value;
};
modules = [
cfg.modules.darwin.default
inputs.home-manager.darwinModules.home-manager
{ home-manager = globalCfg name value; }
(value.extraCfg or { })
] ++ optional value.graphical cfg.modules.darwin.graphical;
}
else else
{ } { }
) hosts; ) hosts;
@ -58,5 +42,4 @@ in
{ {
imports = [ inputs.home-manager.flakeModules.home-manager ]; imports = [ inputs.home-manager.flakeModules.home-manager ];
flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos; flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos;
flake.darwinConfigurations = mkConfigurations "darwin" hosts.darwin;
} }

4
nix/files/readme.nix
View file

@ -24,8 +24,8 @@
parts."Structure" = # markdown parts."Structure" = # markdown
'' ''
The system configurations are defined in [`flake.manifest`](nix/manifest.nix). The system configurations are defined in [`flake.manifest`](nix/manifest.nix).
`manifest.owner` provides the attributes for the administrator user, including username and pubkey. `flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey.
`manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. `flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations.
`flake.modules.nixos.*` provide NixOS options and configurations. `flake.modules.nixos.*` provide NixOS options and configurations.
The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class.
You can use it as seen [here](nix/modules/flake/home-manager.nix): You can use it as seen [here](nix/modules/flake/home-manager.nix):

3
nix/flake-parts/debug.nix Normal file
View file

@ -0,0 +1,3 @@
{
debug = true;
}

10
nix/flake-parts/flake-parts.nix
View file

@ -1,10 +0,0 @@
{ inputs, ... }:
{
debug = true;
imports = [
inputs.make-shell.flakeModules.default
inputs.manifest.flakeModules.default
inputs.flake-parts.flakeModules.modules
inputs.text.flakeModules.default
];
}

5
nix/flake-parts/make-shell.nix Normal file
View file

@ -0,0 +1,5 @@
{ inputs, ... }:
{
#TODO: add to readme
imports = [ inputs.make-shell.flakeModules.default ];
}

4
nix/flake-parts/modules.nix Normal file
View file

@ -0,0 +1,4 @@
{ inputs, ... }:
{
imports = [ inputs.flake-parts.flakeModules.modules ];
}

4
nix/flake-parts/text.nix Normal file
View file

@ -0,0 +1,4 @@
{ inputs, ... }:
{
imports = [ inputs.text.flakeModules.default ];
}

4
nix/homes/rafiq/_nvf/languages.nix
View file

@ -4,8 +4,7 @@
enableTreesitter = true; enableTreesitter = true;
bash.enable = true; bash.enable = true;
clang.enable = true; clang.enable = true;
# broken on macos csharp.enable = true;
# csharp.enable = true;
css.enable = true; css.enable = true;
go.enable = true; go.enable = true;
html.enable = true; html.enable = true;
@ -27,7 +26,6 @@
}; };
rust.enable = true; rust.enable = true;
rust.crates.enable = true; rust.crates.enable = true;
tailwind.enable = true;
ts.enable = true; ts.enable = true;
ts.extensions.ts-error-translator.enable = true; ts.extensions.ts-error-translator.enable = true;
typst.enable = true; typst.enable = true;

21
nix/homes/rafiq/darwin.nix
View file

@ -1,21 +0,0 @@
{ lib, ... }:
let
inherit (lib.modules) mkIf;
in
{
flake.modules.homeManager.rafiq =
{
pkgs,
config,
hostName,
hostConfig,
...
}:
mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") {
home.file."Library/Application Support/aichat/config.yaml".text = ''
model: gemini:gemini-2.0-flash
clients:
- type: gemini
'';
};
}

1
nix/homes/rafiq/default.nix
View file

@ -45,7 +45,6 @@ in
]; ];
}; };
programs = { programs = {
mise.enable = true;
nvf.enable = true; nvf.enable = true;
nvf.settings.vim = { nvf.settings.vim = {
syntaxHighlighting = true; syntaxHighlighting = true;

31
nix/homes/rafiq/desktop/darwin.nix
View file

@ -1,31 +0,0 @@
{
flake.modules.darwin.graphical.homebrew = {
brews = [
"mise"
"docker"
];
casks = [
"ghostty"
"slack"
"gitify"
"telegram"
"vial"
"linear-linear"
"chatgpt"
"spotify"
];
};
flake.modules.homeManager.rafiq = {
# make sure brew is on the path for M1
programs.zsh.initContent = ''
if [[ $(uname -m) == 'arm64' ]]; then
eval "$(/opt/homebrew/bin/brew shellenv)"
fi
'';
programs.fish.shellInit = ''
if test (uname -m) = "arm64"
eval (/opt/homebrew/bin/brew shellenv)
end
'';
};
}

237
nix/homes/rafiq/desktop/default.nix
View file

@ -1,9 +1,75 @@
{ lib, inputs, ... }:
{ {
lib,
inputs,
config,
...
}:
let
cfg = config.flake;
in
{
allowedUnfreePackages = [
"stremio-shell"
"stremio-server"
"steam"
"steam-unwrapped"
];
flake.modules.nixos.graphical =
{ config, pkgs, ... }:
{
fonts.packages = [ pkgs.font-awesome ];
services.getty.autologinUser = cfg.admin.username;
# Start Hyprland at boot only if not connecting through SSH
environment.loginShellInit = # sh
''
if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then
if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop
fi
fi
'';
environment.variables = {
# Get Electron apps to use Wayland
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NIXOS_OZONE_WL = "1";
};
programs = {
hyprland = {
enable = true;
# Use UWSM to have each process controlled by systemd init
withUWSM = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
};
};
security.pam.services.hyprlock = { };
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
settings = {
sunshine_name = config.networking.hostName;
origin_pin_allowed = "wan";
origin_web_ui_allowed = "wan";
};
applications = { };
};
# spotifyd
networking.firewall.allowedTCPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [ 5353 ];
};
flake.modules.homeManager.rafiq = flake.modules.homeManager.rafiq =
{ pkgs, config, ... }: {
pkgs,
config,
hostName,
hostConfig,
...
}:
let let
inherit (lib.modules) mkIf; inherit (lib.modules) mkMerge mkIf;
inherit (builtins) map listToAttrs; inherit (builtins) map listToAttrs;
inherit (lib.lists) findFirstIndex; inherit (lib.lists) findFirstIndex;
inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons; inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons;
@ -38,24 +104,185 @@
targets = { targets = {
firefox.colorTheme.enable = true; firefox.colorTheme.enable = true;
firefox.profileNames = syncedProfiles; firefox.profileNames = syncedProfiles;
waybar.addCss = false;
}; };
}; };
persistDirs = [
"docs"
"repos"
"vids"
"tmp"
".cache/Smart Code ltd/Stremio"
".local/share/Smart Code ltd/Stremio"
".mozilla/firefox"
".tor project"
".local/share/Steam"
".local/share/PrismLauncher"
".config/sunshine"
];
home = { home = {
packages = with pkgs; [
prismlauncher
stremio
tor-browser
vlc
wl-clipboard-rs
];
sessionVariables = { sessionVariables = {
BROWSER = "firefox"; BROWSER = "firefox";
LAUNCHER = "fuzzel";
LOCKSCREEN = "hyprlock";
NOTIFICATION_DAEMON = "mako";
TERMINAL = "ghostty"; TERMINAL = "ghostty";
STATUS_BAR = "waybar";
}; };
}; };
programs = { programs = {
fuzzel.enable = true;
obs-studio.enable = true;
vesktop.enable = true; vesktop.enable = true;
thunderbird.enable = true; thunderbird.enable = true;
thunderbird.profiles.rafiq.isDefault = true; thunderbird.profiles.rafiq.isDefault = true;
# ghostty is broken on nix-darwin
ghostty.settings.confirm-close-surface = false;
firefox = { firefox = {
enable = true; enable = true;
inherit profiles; inherit profiles;
}; };
hyprlock = {
enable = true;
settings = {
general.hide_cursor = true;
general.ignore_empty_input = true;
background.blur_passes = 5;
background.blur_size = 5;
label = {
text = ''hi, $USER.'';
font_size = 32;
position = "0, 0";
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
input-field = {
placeholder_text = "";
fade_on_empty = true;
size = "200, 45";
position = "0, -5%";
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
};
};
ghostty = {
enable = true;
settings = {
confirm-close-surface = false;
};
};
waybar = {
enable = true;
settings = [
{
layer = "top";
modules-left = [
"pulseaudio"
];
modules-right = [
"battery"
"clock"
];
"pulseaudio" = {
format = "{icon} {volume}%";
format-muted = "";
format-icons.default = [
""
""
];
on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
};
"clock" = {
interval = 1;
format = "{:%F %T}";
};
"battery" = {
interval = 1;
bat-compatibility = true;
};
}
];
style = # css
''
window#waybar {
background-color: rgba(0, 0, 0, 0);
}
#pulseaudio,
#battery,
#clock {
padding-top: 5px;
padding-bottom: 5px;
padding-right: 5px;
color: #ffffff;
}
'';
};
}; };
services = {
spotifyd.enable = true;
spotifyd.settings.global = {
device_name = "${hostName}";
device_type = "computer";
zeroconf_port = 5353;
};
mako.enable = true;
mako.settings.default-timeout = 10000;
};
wayland.windowManager.hyprland = {
enable = true;
# This is needed for UWSM
systemd.enable = false;
# Null the packages since we use them system wide
package = null;
portalPackage = null;
settings = mkMerge [
(import ./_hyprland/decoration.nix)
(import ./_hyprland/keybinds.nix { inherit pkgs; })
{
ecosystem.no_update_news = true;
xwayland.force_zero_scaling = true;
monitor =
let
mainMonitor = hostConfig.machine.monitors.main;
in
[
"${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}"
", preferred, auto, 1"
];
exec-once = [
"uwsm app -- $LOCKSCREEN"
"uwsm app -- $NOTIFICATION_DAEMON"
"uwsm app -- $STATUS_BAR"
];
}
];
};
# xdg.configFile."uwsm/env".text = # sh
# ''
# # Force apps to scale right with Wayland
# export GDK_SCALE=${mainMonitor.scale}
# export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
# '';
# xdg.configFile."uwsm/env-hyprland".text = # sh
# ''
# export GDK_SCALE=${mainMonitor.scale}
# export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
# '';
}; };
} }

232
nix/homes/rafiq/desktop/nixos.nix
View file

@ -1,232 +0,0 @@
{ lib, config, ... }:
let
inherit (config.manifest) admin;
in
{
allowedUnfreePackages = [
"stremio-shell"
"stremio-server"
"steam"
"steam-unwrapped"
];
flake.modules.nixos.graphical =
{ config, pkgs, ... }:
{
fonts.packages = [ pkgs.font-awesome ];
services.getty.autologinUser = admin.username;
# Start Hyprland at boot only if not connecting through SSH
environment.loginShellInit = # sh
''
if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then
if uwsm check may-start; then
exec uwsm start hyprland-uwsm.desktop
fi
fi
'';
environment.variables = {
# Get Electron apps to use Wayland
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NIXOS_OZONE_WL = "1";
};
programs = {
hyprland = {
enable = true;
# Use UWSM to have each process controlled by systemd init
withUWSM = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
};
};
security.pam.services.hyprlock = { };
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
settings = {
sunshine_name = config.networking.hostName;
origin_pin_allowed = "wan";
origin_web_ui_allowed = "wan";
};
applications = { };
};
# spotifyd
networking.firewall.allowedTCPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = [ 5353 ];
};
flake.modules.homeManager.rafiq =
{
pkgs,
config,
hostName,
hostConfig,
...
}:
let
inherit (lib.modules) mkMerge mkIf;
in
mkIf (config.graphical && pkgs.system == "x86_64-linux") {
stylix.targets.waybar.addCss = false;
persistDirs = [
"docs"
"repos"
"vids"
"tmp"
".cache/Smart Code ltd/Stremio"
".local/share/Smart Code ltd/Stremio"
".mozilla/firefox"
".tor project"
".local/share/Steam"
".local/share/PrismLauncher"
".config/sunshine"
];
home = {
packages = with pkgs; [
wl-clipboard-rs
stremio
tor-browser
vlc
prismlauncher
];
sessionVariables = {
LAUNCHER = "fuzzel";
LOCKSCREEN = "hyprlock";
NOTIFICATION_DAEMON = "mako";
STATUS_BAR = "waybar";
};
};
# xdg.configFile."uwsm/env".text = # sh
# ''
# # Force apps to scale right with Wayland
# export GDK_SCALE=${mainMonitor.scale}
# export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
# '';
# xdg.configFile."uwsm/env-hyprland".text = # sh
# ''
# export GDK_SCALE=${mainMonitor.scale}
# export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale}
# '';
wayland.windowManager.hyprland = {
enable = true;
# This is needed for UWSM
systemd.enable = false;
# Null the packages since we use them system wide
package = null;
portalPackage = null;
settings = mkMerge [
(import ./_hyprland/decoration.nix)
(import ./_hyprland/keybinds.nix { inherit pkgs; })
{
ecosystem.no_update_news = true;
xwayland.force_zero_scaling = true;
monitor =
let
mainMonitor = hostConfig.machine.monitors.main;
in
[
"${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}"
", preferred, auto, 1"
];
exec-once = [
"uwsm app -- $LOCKSCREEN"
"uwsm app -- $NOTIFICATION_DAEMON"
"uwsm app -- $STATUS_BAR"
];
}
];
};
services = {
spotifyd.enable = true;
spotifyd.settings.global = {
device_name = "${hostName}";
device_type = "computer";
zeroconf_port = 5353;
};
mako.enable = true;
mako.settings.default-timeout = 10000;
};
programs = {
obs-studio.enable = true;
fuzzel.enable = true;
ghostty.enable = true;
waybar = {
enable = true;
settings = [
{
layer = "top";
modules-left = [
"pulseaudio"
];
modules-right = [
"battery"
"clock"
];
"pulseaudio" = {
format = "{icon} {volume}%";
format-muted = "";
format-icons.default = [
""
""
];
on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
};
"clock" = {
interval = 1;
format = "{:%F %T}";
};
"battery" = {
interval = 1;
bat-compatibility = true;
};
}
];
style = # css
''
window#waybar {
background-color: rgba(0, 0, 0, 0);
}
#pulseaudio,
#battery,
#clock {
padding-top: 5px;
padding-bottom: 5px;
padding-right: 5px;
color: #ffffff;
}
'';
};
hyprlock = {
enable = true;
settings = {
general.hide_cursor = true;
general.ignore_empty_input = true;
background.blur_passes = 5;
background.blur_size = 5;
label = {
text = ''hi, $USER.'';
font_size = 32;
position = "0, 0";
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
input-field = {
placeholder_text = "";
fade_on_empty = true;
size = "200, 45";
position = "0, -5%";
halign = "center";
valign = "center";
zindex = 1;
shadow_passes = 5;
shadow_size = 5;
};
};
};
};
};
}

7
nix/lib/modules.nix
View file

@ -1,5 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.flake;
inherit (builtins) foldl' attrNames; inherit (builtins) foldl' attrNames;
inherit (lib.attrsets) mapAttrs; inherit (lib.attrsets) mapAttrs;
in in
@ -34,7 +35,7 @@ in
::: :::
*/ */
userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames cfg.manifest.users);
/** /**
Return an attribute set for use with a option that needs to be used for all users. Return an attribute set for use with a option that needs to be used for all users.
@ -64,7 +65,7 @@ in
::: :::
*/ */
forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; forAllUsers = attrset: mapAttrs (_: _: attrset) cfg.manifest.users;
/** /**
Like forAllUsers, but passes in the name and value from the manifest. Like forAllUsers, but passes in the name and value from the manifest.
@ -95,6 +96,6 @@ in
::: :::
*/ */
forAllUsers' = f: mapAttrs f config.manifest.users; forAllUsers' = f: mapAttrs f cfg.manifest.users;
}; };
} }

148
nix/manifest.nix
View file

@ -1,5 +1,5 @@
{ {
manifest = { flake.manifest = {
users.rafiq = { users.rafiq = {
primary = true; primary = true;
name = "Mohammad Rafiq"; name = "Mohammad Rafiq";
@ -7,95 +7,83 @@
shell = "fish"; shell = "fish";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq";
}; };
hosts = { hosts.nixos = {
darwin = { nemesis = {
venus = { graphical = true;
graphical = true; machine = {
machine.platform = "intel"; platform = "amd";
gpu = "nvidia";
root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
monitors.main = {
id = "desc:OOO AN-270W04K";
resolution = "3840x2160";
refresh-rate = "60";
scale = "2";
};
}; };
hephaestus = { extraCfg = {
graphical = true; services.fwupd.enable = true; # FIXME: remove
machine.platform = "apple-silicon"; machine = {
bluetooth.enable = true;
usb.automount = true;
virtualisation = {
podman.enable = true;
podman.distrobox.enable = true;
};
};
server.web-apps = {
comfy-ui.enable = true;
sd-webui-forge.enable = true;
};
}; };
}; };
nixos = { apollo = {
nemesis = { graphical = false;
graphical = true; machine = {
machine = { platform = "intel";
platform = "amd"; root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
gpu = "nvidia";
root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
monitors.main = {
id = "desc:OOO AN-270W04K";
resolution = "3840x2160";
refresh-rate = "60";
scale = "2";
};
};
extraCfg = {
machine = {
bluetooth.enable = true;
usb.automount = true;
usb.qmk.enable = true;
virtualisation = {
podman.enable = true;
podman.distrobox.enable = true;
};
};
server.web-apps = {
comfy-ui.enable = true;
sd-webui-forge.enable = true;
};
};
}; };
apollo = { extraCfg.server = {
graphical = false; ddns = {
machine = { enable = true;
platform = "intel"; domains = [
root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; "aenyrathia.wiki"
"slayment.com"
];
}; };
extraCfg.server = { web-servers = {
ddns = { enableSSL = true;
nginx = {
enable = true; enable = true;
domains = [ proxies = [
"aenyrathia.wiki" {
"slayment.com" source = "aenyrathia.wiki";
target = "http://helios:5896";
}
{
source = "il.bwfiq.com";
target = "http://helios:2283";
}
]; ];
}; };
web-servers = { };
enableSSL = true; databases = {
nginx = { mongodb.enable = true;
enable = true; mysql.enable = true;
proxies = [ postgresql.enable = true;
{ };
source = "aenyrathia.wiki"; web-apps = {
target = "http://helios:5896"; librechat = {
} enable = true;
{ domain = "chat.bwfiq.com";
source = "il.bwfiq.com";
target = "http://helios:2283";
}
];
};
}; };
databases = { forgejo = {
mongodb.enable = true; enable = true;
mysql.enable = true; domain = "git.rrv.sh";
postgresql.enable = true; openFirewall = true;
};
web-apps = {
librechat = {
enable = true;
domain = "chat.bwfiq.com";
};
forgejo = {
enable = true;
domain = "git.rrv.sh";
openFirewall = true;
};
rrv-sh.enable = true;
rrv-sh.domain = "rrv.sh";
}; };
rrv-sh.enable = true;
rrv-sh.domain = "rrv.sh";
}; };
}; };
}; };

82
nix/meta.nix
View file

@ -5,14 +5,57 @@
... ...
}: }:
let let
inherit (lib.options) mkOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.types) path lazyAttrsOf raw; inherit (cfg.lib.options) mkStrOption;
inherit (lib.types)
path
lazyAttrsOf
raw
deferredModule
submodule
;
inherit (inputs.flake-parts.lib) mkSubmoduleOptions; inherit (inputs.flake-parts.lib) mkSubmoduleOptions;
inherit (cfg.lib.attrsets) firstAttrNameMatching;
cfg = config.flake; cfg = config.flake;
monitorOpts = submodule {
options = {
id = mkStrOption "";
resolution = mkStrOption "";
refresh-rate = mkStrOption "";
scale = mkStrOption "";
};
};
userOpts = submodule {
options = {
username = mkStrOption "";
primary = mkEnableOption "";
name = mkStrOption "";
email = mkStrOption "";
shell = mkStrOption "";
pubkey = mkStrOption "";
};
};
hostOpts = submodule {
options = {
graphical = mkEnableOption "";
machine = {
platform = mkStrOption "";
gpu = mkStrOption "";
root.drive = mkStrOption "";
monitors = mkOption {
type = lazyAttrsOf monitorOpts;
default = { };
};
};
extraCfg = mkOption {
type = deferredModule;
default = { };
};
};
};
in in
{ {
options.flake = mkSubmoduleOptions { options.flake = mkSubmoduleOptions {
self = mkOption { type = raw; };
lib = mkOption { lib = mkOption {
type = lazyAttrsOf raw; type = lazyAttrsOf raw;
default = { }; default = { };
@ -24,8 +67,35 @@ in
readOnly = true; readOnly = true;
}; };
}; };
manifest = mkOption {
type = submodule {
options = {
users = mkOption {
type = lazyAttrsOf userOpts;
default = { };
};
hosts = mkOption {
# hosts.nixos, hosts.darwin, etc.
type = lazyAttrsOf (lazyAttrsOf hostOpts);
default = { };
};
};
};
};
# Helper Option
admin = mkOption {
type = userOpts;
default = { };
};
}; };
config.flake = { config.flake =
paths.secrets = cfg.paths.root + "/secrets"; let
}; username = firstAttrNameMatching (_: v: v.primary or false) cfg.manifest.users;
in
{
paths.secrets = cfg.paths.root + "/secrets";
admin = cfg.manifest.users.${username} // {
inherit username;
};
};
} }

6
nix/modules/cli/git.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
inherit (config.manifest) users; inherit (config.flake) manifest;
in in
{ {
flake.modules.homeManager.default = flake.modules.homeManager.default =
@ -9,8 +9,8 @@ in
home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
programs.git = { programs.git = {
enable = true; enable = true;
userName = users.${config.home.username}.name; userName = manifest.users.${config.home.username}.name;
userEmail = users.${config.home.username}.email; userEmail = manifest.users.${config.home.username}.email;
signing.key = "~/.ssh/id_ed25519.pub"; signing.key = "~/.ssh/id_ed25519.pub";
}; };
}; };

7
nix/modules/cli/nix.nix
View file

@ -3,11 +3,4 @@
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
flake.modules.darwin.default = {
nix.enable = false;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
};
} }

43
nix/modules/cli/shell.nix
View file

@ -1,36 +1,23 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.flake; cfg = config.flake;
inherit (config.manifest) users;
inherit (cfg.lib.modules) forAllUsers'; inherit (cfg.lib.modules) forAllUsers';
inherit (lib.attrsets) mapAttrs'; inherit (lib.attrsets) mapAttrs';
in in
{ {
flake.modules = { flake.modules.nixos.default =
nixos.default = { pkgs, ... }:
{ pkgs, ... }: {
{ programs = mapAttrs' (name: value: {
programs = mapAttrs' (name: value: { name = value.shell;
name = value.shell; value.enable = true;
value.enable = true; }) cfg.manifest.users;
}) users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); };
}; flake.modules.homeManager.default =
darwin.default = { config, ... }:
{ pkgs, ... }: {
{ programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true;
programs = mapAttrs' (name: value: { home.shell.enableShellIntegration = true;
name = value.shell; };
value.enable = true;
}) users;
users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
environment.shells = [ pkgs.fish ];
};
homeManager.default =
{ config, ... }:
{
programs.${users.${config.home.username}.shell}.enable = true;
home.shell.enableShellIntegration = true;
};
};
} }

15
nix/modules/graphical/default.nix
View file

@ -3,15 +3,12 @@ let
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
in in
{ {
flake.modules = { flake.modules.nixos.graphical = {
nixos.graphical = { home-manager.sharedModules = [ { graphical = true; } ];
home-manager.sharedModules = [ { graphical = true; } ]; services.pipewire = {
services.pipewire = { enable = true;
enable = true; pulse.enable = true;
pulse.enable = true;
};
}; };
homeManager.default.options.graphical = mkEnableOption "";
darwin.graphical.home-manager.sharedModules = [ { graphical = true; } ];
}; };
flake.modules.homeManager.default.options.graphical = mkEnableOption "";
} }

8
nix/modules/graphical/stylix.nix
View file

@ -9,12 +9,4 @@
stylix.enable = true; stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
}; };
flake.modules.darwin.default =
{ pkgs, ... }:
{
imports = [ inputs.stylix.darwinModules.stylix ];
stylix.enable = true;
#TODO: move into manifest
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
};
} }

20
nix/modules/machine/default.nix
View file

@ -5,12 +5,7 @@ let
in in
{ {
flake.modules.nixos.default = flake.modules.nixos.default =
{ { config, modulesPath, ... }:
config,
modulesPath,
pkgs,
...
}:
let let
cfg = config.machine; cfg = config.machine;
in in
@ -19,7 +14,6 @@ in
options.machine = { options.machine = {
bluetooth.enable = mkEnableOption ""; bluetooth.enable = mkEnableOption "";
usb.automount = mkEnableOption ""; usb.automount = mkEnableOption "";
usb.qmk.enable = mkEnableOption "";
}; };
config = mkMerge [ config = mkMerge [
(mkIf cfg.usb.automount { (mkIf cfg.usb.automount {
@ -34,18 +28,6 @@ in
} }
]; ];
}) })
(mkIf cfg.usb.qmk.enable {
hardware.keyboard.qmk.enable = true;
services.udev = {
packages = with pkgs; [
vial
qmk
qmk-udev-rules
qmk_hid
];
};
})
(mkIf cfg.bluetooth.enable { (mkIf cfg.bluetooth.enable {
persistDirs = [ "/var/lib/bluetooth" ]; persistDirs = [ "/var/lib/bluetooth" ];
hardware.bluetooth = { hardware.bluetooth = {

8
nix/modules/machine/gpu.nix
View file

@ -1,3 +1,7 @@
{ config, ... }:
let
cfg = config.flake;
in
{ {
allowedUnfreePackages = [ allowedUnfreePackages = [
"nvidia-x11" "nvidia-x11"
@ -7,11 +11,11 @@
{ {
config, config,
pkgs, pkgs,
hostConfig, hostName,
... ...
}: }:
let let
inherit (hostConfig.machine) gpu; gpu = cfg.manifest.hosts.nixos.${hostName}.machine.gpu or "";
in in
if gpu == "nvidia" then if gpu == "nvidia" then
{ {

15
nix/modules/machine/platform.nix
View file

@ -1,8 +1,9 @@
{ config, ... }:
{ {
flake.modules.nixos.default = flake.modules.nixos.default =
{ hostConfig, ... }: { hostName, ... }:
let let
inherit (hostConfig.machine) platform; inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) platform;
arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64";
in in
{ {
@ -10,14 +11,4 @@
boot.kernelModules = [ "kvm-${platform}" ]; boot.kernelModules = [ "kvm-${platform}" ];
nixpkgs.hostPlatform = "${arch}-linux"; nixpkgs.hostPlatform = "${arch}-linux";
}; };
flake.modules.darwin.default =
{ hostConfig, ... }:
let
inherit (hostConfig.machine) platform;
arch = if platform == "intel" then "x86_64" else "aarch64";
in
{
nixpkgs.hostPlatform = "${arch}-darwin";
};
} }

13
nix/modules/machine/root.nix
View file

@ -1,12 +1,17 @@
{ lib, inputs, ... }: {
config,
lib,
inputs,
...
}:
let let
inherit (lib.modules) mkMerge mkIf mkAfter; inherit (lib.modules) mkMerge mkIf mkAfter;
in in
{ {
flake.modules.nixos.default = flake.modules.nixos.default =
{ hostConfig, ... }: { hostName, ... }:
let let
inherit (hostConfig.machine) root; inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root;
in in
{ {
imports = [ inputs.disko.nixosModules.disko ]; imports = [ inputs.disko.nixosModules.disko ];
@ -80,7 +85,7 @@ in
}; };
} }
# Ephemeral by default - assumes btrfs # Ephemeral by default - assumes btrfs
(mkIf root.ephemeral { (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) {
boot.initrd.postDeviceCommands = mkAfter '' boot.initrd.postDeviceCommands = mkAfter ''
mkdir /btrfs_tmp mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp mount /dev/root_vg/root /btrfs_tmp

3
nix/modules/networking/ssh.nix
View file

@ -1,7 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.flake; cfg = config.flake;
inherit (config.manifest) admin;
inherit (lib.modules) mkMerge; inherit (lib.modules) mkMerge;
inherit (cfg.lib.modules) forAllUsers'; inherit (cfg.lib.modules) forAllUsers';
in in
@ -17,7 +16,7 @@ in
"/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_rsa_key.pub"
]; ];
} }
{ users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } { users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; }
]; ];
flake.modules.homeManager.default = { flake.modules.homeManager.default = {
persistDirs = [ ".ssh" ]; persistDirs = [ ".ssh" ];

8
nix/modules/networking/tailscale.nix
View file

@ -14,12 +14,4 @@ in
persistDirs = [ "/var/lib/tailscale" ]; persistDirs = [ "/var/lib/tailscale" ];
sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml"; sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml";
}; };
flake.modules.darwin.default =
{ pkgs, ... }:
{
services.tailscale = {
enable = true;
package = pkgs.tailscale.overrideAttrs { doCheck = false; };
};
};
} }

2
nix/modules/server/web-servers.nix
View file

@ -4,7 +4,7 @@ let
inherit (config.flake.lib.options) mkStrOption mkPathOption; inherit (config.flake.lib.options) mkStrOption mkPathOption;
inherit (config.flake.lib.services) mkRootDomain; inherit (config.flake.lib.services) mkRootDomain;
inherit (config.flake.paths) secrets; inherit (config.flake.paths) secrets;
inherit (config.manifest.admin) email; inherit (config.flake.admin) email;
inherit (lib.types) listOf submodule attrs; inherit (lib.types) listOf submodule attrs;
inherit (lib.options) mkOption mkEnableOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkMerge mkIf; inherit (lib.modules) mkMerge mkIf;

11
nix/modules/system/homebrew.nix
View file

@ -1,11 +0,0 @@
{ config, ... }:
let
inherit (config.manifest) admin;
in
{
flake.modules.darwin.graphical.homebrew = {
enable = true;
user = admin.username;
onActivation.cleanup = "uninstall";
};
}

13
nix/modules/system/persist.nix
View file

@ -5,7 +5,6 @@
... ...
}: }:
let let
inherit (lib.modules) mkIf;
inherit (lib.options) mkOption; inherit (lib.options) mkOption;
inherit (config.flake.lib.options) mkStrOption; inherit (config.flake.lib.options) mkStrOption;
inherit (lib.types) inherit (lib.types)
@ -50,17 +49,15 @@ in
}; };
}; };
flake.modules.homeManager.default = flake.modules.homeManager.default =
{ config, pkgs, ... }: { config, ... }:
{ {
imports = [ inputs.impermanence.homeManagerModules.impermanence ]; imports = [ inputs.impermanence.homeManagerModules.impermanence ];
options.persistDirs = mkOpts "directory" { }; options.persistDirs = mkOpts "directory" { };
options.persistFiles = mkOpts "file" { }; options.persistFiles = mkOpts "file" { };
config = mkIf (pkgs.system == "x86_64-linux") { config.home.persistence."/persist${config.home.homeDirectory}" = {
home.persistence."/persist${config.home.homeDirectory}" = { allowOther = true;
allowOther = true; directories = config.persistDirs;
directories = config.persistDirs; files = config.persistFiles;
files = config.persistFiles;
};
}; };
}; };
} }

47
nix/modules/system/secrets.nix
View file

@ -6,48 +6,21 @@
}: }:
let let
cfg = config.flake; cfg = config.flake;
inherit (cfg.paths) secrets;
inherit (builtins) readFile; inherit (builtins) readFile;
inherit (lib.meta) getExe; inherit (lib.meta) getExe;
inherit (lib.strings) trim; inherit (lib.strings) trim;
inherit (config.manifest.admin) username pubkey; inherit (cfg.admin) username pubkey;
in in
{ {
flake.modules = { flake.modules.nixos.default =
nixos.default = { config, ... }:
{ config, ... }: {
{ imports = [ inputs.sops-nix.nixosModules.sops ];
imports = [ inputs.sops-nix.nixosModules.sops ]; config.sops.age.sshKeyPaths = [
config = { "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519"
sops = { ];
age.sshKeyPaths = [ };
"/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ];
];
secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
};
environment.shellInit = # sh
''
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
'';
};
};
darwin.default =
{ config, ... }:
{
imports = [ inputs.sops-nix.darwinModules.sops ];
config = {
sops = {
age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ];
secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
};
environment.shellInit = # sh
''
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
'';
};
};
homeManager.default.persistDirs = [ ".config/sops/age" ];
};
perSystem = perSystem =
{ pkgs, ... }: { pkgs, ... }:
{ {

12
nix/modules/system/sudo.nix
View file

@ -1,19 +1,11 @@
{ config, ... }: { config, ... }:
let let
inherit (config.manifest) admin; cfg = config.flake;
in in
{ {
flake.modules.nixos.default = { flake.modules.nixos.default = {
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "@wheel" ]; nix.settings.trusted-users = [ "@wheel" ];
users.users.${admin.username}.extraGroups = [ "wheel" ]; users.users.${cfg.admin.username}.extraGroups = [ "wheel" ];
};
flake.modules.darwin.default.security = {
sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL";
pam.services.sudo_local = {
enable = true;
reattach = true;
touchIdAuth = true;
};
}; };
} }

26
nix/modules/system/system.nix
View file

@ -1,18 +1,14 @@
{ {
flake.modules = { flake.modules.nixos.default = {
nixos.default = { persistFiles = [ "/etc/machine-id" ];
persistFiles = [ "/etc/machine-id" ]; persistDirs = [ "/var/lib/systemd" ];
persistDirs = [ "/var/lib/systemd" ]; time.timeZone = "Asia/Singapore";
time.timeZone = "Asia/Singapore"; i18n.defaultLocale = "en_US.UTF-8";
i18n.defaultLocale = "en_US.UTF-8"; system.stateVersion = "25.11";
system.stateVersion = "25.11";
};
homeManager.default.home.stateVersion = "25.11";
darwin.default =
{ self, ... }:
{
system.configurationRevision = self.rev or self.dirtyRev or null;
system.stateVersion = 6;
};
}; };
flake.modules.homeManager.default =
{ osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion;
};
} }

23
nix/modules/system/users.nix
View file

@ -1,10 +1,7 @@
{ config, lib, ... }: { config, ... }:
let let
cfg = config.flake; cfg = config.flake;
inherit (config.manifest) users admin;
inherit (cfg.lib.modules) userListToAttrs forAllUsers'; inherit (cfg.lib.modules) userListToAttrs forAllUsers';
inherit (lib.lists) findFirstIndex;
inherit (builtins) attrNames;
in in
{ {
flake.modules.nixos.default = flake.modules.nixos.default =
@ -34,22 +31,4 @@ in
} }
); );
}; };
flake.modules.darwin.default =
{ config, ... }:
{
system.primaryUser = admin.username;
users.knownUsers = attrNames users;
users.users = forAllUsers' (
name: _: {
home = "/Users/${name}";
uid = 501 + (findFirstIndex (x: x == name) null (attrNames users));
}
);
home-manager.users = forAllUsers' (
name: _: {
home.username = name;
home.homeDirectory = config.users.users.${name}.home;
}
);
};
} }

5
nix/modules/unfree-packages.nix
View file

@ -11,8 +11,7 @@ in
type = listOf str; type = listOf str;
default = [ ]; default = [ ];
}; };
config.flake.modules = { config.flake.modules.nixos.default = {
nixos.default.nixpkgs.config.allowUnfreePredicate = predicate; nixpkgs.config.allowUnfreePredicate = predicate;
darwin.default.nixpkgs.config.allowUnfreePredicate = predicate;
}; };
} }