tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-06-21 03:36:32 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:7c2869f47bd8f45acfafc4da55034958ae39659c
Branches Tags
tux:main tux:dev tux:old
tux:25.11.2025
...
compare: tux:dev
Branches Tags
tux:dev tux:main tux:old
tux:25.11.2025

65 Commits
7c2869f47b ... dev

Author SHA1 Message Date
tux
5a4483b615 feat(desktop): add tumbler support for thunar thumbnails 2026-05-17 12:22:10 +05:30
tux
c3adf234f7 feat: add distrobox to persist dir 2026-05-15 10:13:08 +05:30
tux
7f74855511 feat(desktop): enable thunar file manager and plugins 2026-05-15 10:12:07 +05:30
tux
383bc98052 feat(gaming): add proton-ge-bin to steam 2026-05-15 09:02:03 +05:30
tux
828ca02935 feat(sirius): enable power-profiles-daemon service 2026-05-13 05:43:47 +05:30
tux
6438a98d18 feat(canopus): enable upower service 2026-05-13 05:42:29 +05:30
tux
6b09bf0e7e feat(desktop): add new package brightnessctl 2026-05-13 05:33:31 +05:30
tux
cd4e81178d feat(canopus): enable power-profiles-daemon and asusd services 2026-05-13 05:13:51 +05:30
tux
b649b974fa refactor(hosts): simplify configuration imports across hosts 2026-05-13 04:33:14 +05:30
tux
71aaf2d392 feat(desktop): add mpv configuration module 2026-05-12 22:54:25 +05:30
tux
8ec23b15af fix(desktop): use lua config for hyprland 2026-05-12 22:00:01 +05:30
tux
fdc63b9307 refactor(desktop): standardize mangowm settings across hosts 2026-05-12 21:02:02 +05:30
tux
626dd68af6 refactor(vicinae): remove tailscale 2026-05-12 20:59:49 +05:30
tux
8bca900c98 feat(canopus): add canopus host 2026-05-12 12:20:11 +05:30
tux
a1c8b6c56e feat(desktop): configure system themes and cursors 2026-05-11 09:11:36 +05:30
tux
8ce1d22066 feat(desktop): add hyprland screenshot and screenrecord tools 2026-05-11 07:12:53 +05:30
tux
5f895aeee0 feat(ghostty): add ghostty module 2026-05-11 06:52:50 +05:30
tux
c75ff5eee2 chore: update flake inputs 2026-05-11 06:52:22 +05:30
tux
03f7aeb49b feat(desktop): enable easyeffects service 2026-05-11 05:57:32 +05:30
tux
bc553b6248 feat(mango): add toggle global keybinding 2026-05-11 05:04:20 +05:30
tux
20cfab3d6b feat(mango): add keybinding for default mfact 2026-05-11 04:40:56 +05:30
tux
61791f311e feat(mango): add centerwin keybinding 2026-05-11 04:24:57 +05:30
tux
6ebc3ed144 feat(tpanel): add tpanel module 2026-05-11 03:39:11 +05:30
tux
b2a103235c feat(mango): update tag animation direction 2026-05-11 03:38:50 +05:30
tux
813bf73ecb feat(netbird): setup netbird client 2026-05-10 06:57:04 +05:30
tux
824e6f3d96 feat(alpha): add alpha host 2026-05-10 05:05:55 +05:30
tux
c5cc4b4f11 feat(vps): add vps host 2026-05-10 04:57:09 +05:30
tux
cb3389bce6 feat(boot): configure systemd-boot and GRUB based on options 2026-05-10 04:54:59 +05:30
tux
bd6055cae5 feat(users): configure user password based on sops secret 2026-05-10 04:54:19 +05:30
tux
226b4cd974 feat(vim): enable vim 2026-05-10 04:39:11 +05:30
tux
ee82aa373e refactor(opencode): simplify configuration for provider API keys 2026-05-10 04:29:59 +05:30
tux
d15933bf05 feat(gaming): add steam 2026-05-10 02:26:20 +05:30
tux
c0182fbdf8 feat(mangowc): adjust window opacity and blur settings 2026-05-10 02:04:13 +05:30
tux
36f3adbe30 feat: add telegram 2026-05-10 01:48:28 +05:30
tux
92050093ae feat: setup impermanence 2026-05-09 21:46:40 +05:30
tux
dce2cd1322 refactor(boot): consolidate impermanence configuration options 2026-05-09 21:46:25 +05:30
tux
9231c5878f feat(boot): enable key auto-generation and enrollment 2026-05-09 18:57:32 +05:30
tux
35dcf89400 feat(sirius): enable impermanence 2026-05-09 05:36:27 +05:30
tux
d8adc25455 chore(ly): set session log to null 2026-05-09 05:11:32 +05:30
tux
0de17e6b4b refactor(boot): consolidate boot loader and kernel settings 2026-05-09 05:04:40 +05:30
tux
f7d688b6c6 refactor(disko): simplify impermanence check 2026-05-09 04:58:29 +05:30
tux
a9d91df8ce feat: add cyber-tux module 2026-05-09 04:54:32 +05:30
tux
96841dbfa8 chore(ssh): update module reference for persistence check 2026-05-09 04:22:54 +05:30
tux
0f1faa7008 feat: setup bluetooth 2026-05-09 04:22:08 +05:30
tux
d5e3a6d387 feat(arcturus): add arcturus host 2026-05-09 04:15:22 +05:30
tux
a216a6be0e feat: setup impermanence module 2026-05-09 04:13:48 +05:30
tux
40bb53a844 refactor(hardware): reorganize module structure 2026-05-09 02:40:45 +05:30
tux
920cc2d4d6 feat: add davinci-resolve 2026-05-08 19:27:16 +05:30
tux
4f5e1a0a56 refactor: update ssh module to use networking namespace 2026-05-08 07:22:18 +05:30
tux
7eb7ea75c0 feat(config): set lanzaboote configurationLimit to 10 2026-05-08 05:31:54 +05:30
tux
5bfa9f1e09 refactor(config): standardize secret names for API keys 2026-05-08 05:31:18 +05:30
tux
e28d1acb5e refactor: seperate loader module 2026-05-08 05:14:03 +05:30
tux
3efd212f04 feat: setup secure-boot 2026-05-08 05:09:38 +05:30
tux
718ee760cd feat(mangowm): update montor config 2026-05-08 04:31:05 +05:30
tux
dfd7789987 feat: setup cuda 2026-05-07 23:57:23 +05:30
tux
376f5d053e feat: setup obs-studi module 2026-05-07 19:19:08 +05:30
tux
28d46e7dec feat: setup distrobox module 2026-05-07 19:14:27 +05:30
tux
ef74ba2494 feat: setup firefox module 2026-05-07 19:08:28 +05:30
tux
9988f0a6cc feat: setup opencode providers 2026-05-07 18:53:14 +05:30
tux
c9df2483ec refactor: seperate graphics config 2026-05-07 18:40:29 +05:30
tux
841f2ca4fb feat(virtualisation): setup modules 2026-05-07 18:25:59 +05:30
tux
351d3b44f6 feat: setup zed editor 2026-05-07 17:58:48 +05:30
tux
1824de4b0a feat: setup nixcord 2026-05-07 17:55:49 +05:30
tux
594c1d07e7 feat: setup sops-nix 2026-05-07 17:16:30 +05:30
tux
3115bd6d0e feat(mango): disable variable refresh rate 2026-05-07 06:36:22 +05:30
70 changed files with 3071 additions and 369 deletions
Expand all files Collapse all files

31
.sops.yaml Normal file
View File

@@ -0,0 +1,31 @@
keys:
- &users
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts
- &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
- &canopus age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
- &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
- &alpha age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
creation_rules:
- path_regex: hosts/sirius/secrets.yaml$
key_groups:
- age:
- *tux
- *sirius
- path_regex: hosts/canopus/secrets.yaml$
key_groups:
- age:
- *tux
- *canopus
- path_regex: hosts/arcturus/secrets.yaml$
key_groups:
- age:
- *tux
- *arcturus
- path_regex: hosts/alpha/secrets.yaml$
key_groups:
- age:
- *tux
- *alpha

397
flake.lock generated
View File

@@ -97,6 +97,41 @@
"url": "https://codeberg.org/LGFae/awww"
}
},
"crane": {
"locked": {
"lastModified": 1765145449,
"narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
"owner": "ipetkov",
"repo": "crane",
"rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"cyber-tux": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739652548,
"narHash": "sha256-J4mL4DyRFTsEKlratZsbC9tm2i6Mzr6dEhetKk4jABM=",
"ref": "refs/heads/main",
"rev": "4ada9e2f0d3b6639627601d3f06128c953c2b446",
"revCount": 11,
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
},
"original": {
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -186,6 +221,36 @@
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1767039857,
@@ -208,11 +273,11 @@
]
},
"locked": {
"lastModified": 1777678872,
"narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=",
"lastModified": 1777988971,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "5250617bffd85403b14dbf43c3870e7f255d2c16",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github"
},
"original": {
@@ -239,6 +304,45 @@
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1777678872,
"narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "5250617bffd85403b14dbf43c3870e7f255d2c16",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_4"
@@ -296,6 +400,28 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
@@ -320,11 +446,11 @@
]
},
"locked": {
"lastModified": 1777846259,
"narHash": "sha256-jzln9xcpVcmEB1zfhJ+FIHd7/kaVHgGF+gQQHxj2fGI=",
"lastModified": 1778444552,
"narHash": "sha256-f18pIiR9q/p1vHY93gmAum7aHhQOG49oGvAB9+lptRo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4625f26228f4f7ea3cf65eee3023359a8221fcff",
"rev": "dcebe66f958673729896eec2de4abfd86ef22d21",
"type": "github"
},
"original": {
@@ -429,11 +555,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1778072172,
"narHash": "sha256-onx/6cN1tHDnMH0oCQCnpQPKv9VijeLtfOh7PStp2f0=",
"lastModified": 1778442165,
"narHash": "sha256-SEwIBVG4RPEVBqRbEZadGteMlndFqIJD/9HOkPRIBm0=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "1681bea42dd2f11ba3fe6df05560d0b231de3c76",
"rev": "3e21a68bd0a81c2fc45f2c843c9d02c47350ef44",
"type": "github"
},
"original": {
@@ -606,11 +732,11 @@
]
},
"locked": {
"lastModified": 1777492286,
"narHash": "sha256-PwuoEJQcjSKJNP5T55qhfDwIP0tw5zxEhfu8GDfKfeg=",
"lastModified": 1778234770,
"narHash": "sha256-jAcsogZwWMfXT9MfXxZzkwliAqIuZUV0p71h6Ba9ReE=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "ec5c0c709706bad5b82f667fd8758eae442577ce",
"rev": "a2dbd8a4cc51f7cbe4224732668392bb1aa79df2",
"type": "github"
},
"original": {
@@ -726,6 +852,28 @@
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_6",
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1765382359,
"narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.0.0",
"repo": "lanzaboote",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
@@ -752,11 +900,11 @@
"scenefx": "scenefx"
},
"locked": {
"lastModified": 1778073611,
"narHash": "sha256-6rNTdQZq4x/F2bHQsk7qo4OhXs5Y0xsQrTR1hgKZOqw=",
"lastModified": 1778376841,
"narHash": "sha256-mUSCkFQGrcdVitwx0fDajWxxgvAV5BmppP4ShV3JOyY=",
"owner": "DreamMaoMao",
"repo": "mango",
"rev": "42c02e3dc20eb09c0191b027e387c0268f8e0fb5",
"rev": "cabafb2393ff71615af4959a51885c8d1eefc9a0",
"type": "github"
},
"original": {
@@ -765,13 +913,34 @@
"type": "github"
}
},
"nixcord": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_7",
"nixpkgs-nixcord": "nixpkgs-nixcord"
},
"locked": {
"lastModified": 1778346777,
"narHash": "sha256-7gpzB8MDCMcRE0wDr7jjxK7/obfeiyAulsfQEsK9pi4=",
"owner": "kaylorben",
"repo": "nixcord",
"rev": "43930a83206bcdcf3ba4fc10aa4fb9c5f7a677e6",
"type": "github"
},
"original": {
"owner": "kaylorben",
"repo": "nixcord",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1777796046,
"narHash": "sha256-bEJp/zaQApzynGRaAO62BZSz9tFikKtIHCn2yIA/s7Q=",
"lastModified": 1778143761,
"narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "eeb02f6e29fc8139c0b15af5ff0fdfdc6d0d3d90",
"rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871",
"type": "github"
},
"original": {
@@ -812,13 +981,44 @@
"type": "github"
}
},
"nixpkgs-stable": {
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1777805331,
"narHash": "sha256-jINoZUP2tJEBLuVoMEhJn9qWQgpriGorwlgnBc1QAPg=",
"lastModified": 1777168982,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-nixcord": {
"locked": {
"lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8cbe20ad0f64f9f9619b871dfdf57022beccef65",
"rev": "755f5aa91337890c432639c60b6064bb7fe67769",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1778353088,
"narHash": "sha256-5yu6kIgn+hO0V7pomciXixWAnMcuwQvqFD5Dgb2K9L4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "071465abe725f841e610a52b194c3b86b288316a",
"type": "github"
},
"original": {
@@ -828,6 +1028,38 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743014863,
@@ -894,11 +1126,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1777578337,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
"lastModified": 1764950072,
"narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
"rev": "f61125a668a320878494449750330ca58b78c557",
"type": "github"
},
"original": {
@@ -910,36 +1142,94 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1777918403,
"narHash": "sha256-7QiZv0LcW1yIOLo2LNuCQjWon1Z1r99FwK24hbtBOF4=",
"lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "afc5551119aae6eab73a95c1960891cfe63204f6",
"rev": "755f5aa91337890c432639c60b6064bb7fe67769",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1778454210,
"narHash": "sha256-U6wleXwWGNDX588cqrz+Kg+7GrlB003JHQ0CVHj+3yA=",
"owner": "nix-community",
"repo": "nur",
"rev": "c7c431a1bd1360cb568d309c2c18aa4785c254c8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nur",
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat_4",
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765016596,
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
@@ -966,6 +1256,7 @@
"root": {
"inputs": {
"awww": "awww",
"cyber-tux": "cyber-tux",
"deploy-rs": "deploy-rs",
"disko": "disko",
"flake-parts": "flake-parts",
@@ -974,10 +1265,13 @@
"impermanence": "impermanence",
"import-tree": "import-tree",
"lan-mouse": "lan-mouse",
"lanzaboote": "lanzaboote",
"mango": "mango",
"nixcord": "nixcord",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur",
"sops-nix": "sops-nix",
"tnvim": "tnvim",
"tpanel": "tpanel",
@@ -1029,6 +1323,27 @@
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765075567,
"narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": {
"nixpkgs": [
"wezterm-flake",
@@ -1072,7 +1387,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1777944972,
@@ -1191,7 +1506,7 @@
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1775636079,
@@ -1252,7 +1567,7 @@
},
"vicinae-extensions": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_6",
"nixpkgs": [
"nixpkgs"
],
@@ -1260,11 +1575,11 @@
"vicinae": "vicinae"
},
"locked": {
"lastModified": 1777930825,
"narHash": "sha256-0hVf9yH+v+0YaCqmr0aX0nR4pfmXjW1XhJcJyblJqE0=",
"lastModified": 1778369365,
"narHash": "sha256-Qxu3wUKqOJGJzj1RFvXw2StqHBDs+tVWvhKg9OZY87I=",
"owner": "vicinaehq",
"repo": "extensions",
"rev": "20d6a13d2a389e61619b8540b8af746705409322",
"rev": "de5313f14242dda1f88f6e8443eb349ed2b2cdb1",
"type": "github"
},
"original": {
@@ -1282,7 +1597,7 @@
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_3",
"rust-overlay": "rust-overlay_4",
"zlib": "zlib"
},
"locked": {

8
flake.nix
View File

@@ -29,6 +29,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
@@ -55,5 +60,8 @@
lan-mouse.url = "github:feschber/lan-mouse";
hyprland.url = "github:hyprwm/Hyprland";
awww.url = "git+https://codeberg.org/LGFae/awww";
nixcord.url = "github:kaylorben/nixcord";
nur.url = "github:nix-community/nur";
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
};
}

3
modules/flake/overlays.nix
View File

@@ -7,6 +7,7 @@
modifications = final: prev: {
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
@@ -20,6 +21,8 @@
config.allowUnfree = true;
};
};
nur = inputs.nur.overlays.default;
};
perSystem =

11
modules/hm/desktop/cursor.nix
View File

@@ -1,11 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
};
}

45
modules/hm/desktop/discord.nix Normal file
View File

@@ -0,0 +1,45 @@
{
flake.modules.homeManager.desktop =
{ inputs, userName, ... }:
{
imports = [
inputs.nixcord.homeModules.nixcord
];
programs.nixcord = {
enable = true;
user = userName;
discord.enable = false;
vesktop.enable = true;
config = {
themeLinks = [
"https://raw.githubusercontent.com/refact0r/system24/refs/heads/main/archive/flavors/spotify-text.theme.css"
];
frameless = true;
plugins = {
hideMedia.enable = true;
ignoreActivities = {
enable = true;
ignorePlaying = true;
ignoreWatching = true;
};
};
};
dorion = {
theme = "dark";
zoom = "1.1";
blur = "acrylic";
sysTray = true;
openOnStartup = true;
autoClearCache = true;
disableHardwareAccel = false;
rpcServer = true;
rpcProcessScanner = true;
pushToTalk = true;
pushToTalkKeys = [ "RControl" ];
desktopNotifications = true;
unreadBadge = true;
};
};
};
}

5
modules/hm/desktop/easyeffects.nix Normal file
View File

@@ -0,0 +1,5 @@
{
flake.modules.homeManager.desktop = {
services.easyeffects.enable = true;
};
}

75
modules/hm/desktop/firefox.nix Normal file
View File

@@ -0,0 +1,75 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
userName,
...
}:
{
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
extraPolicies = {
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxAccounts = false;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = true;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
profiles = {
${userName} = {
id = 0;
name = "tux";
search = {
force = true;
default = "google";
};
settings = {
"general.smoothScroll" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"layout.css.prefers-color-scheme.content-override" = 0;
"browser.compactmode.show" = true;
"browser.tabs.firefox-view" = false;
"browser.bookmarks.addedImportButton" = false;
"extensions.pocket.enabled" = false;
"browser.fullscreen.autohide" = false;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
facebook-container
metamask
darkreader
bitwarden
wappalyzer
clearurls
];
};
};
};
};
}

47
modules/hm/desktop/ghostty.nix Normal file
View File

@@ -0,0 +1,47 @@
{
flake.modules.homeManager.desktop = {
programs.ghostty = {
enable = true;
enableZshIntegration = true;
systemd.enable = true;
settings = {
confirm-close-surface = false;
gtk-titlebar = false;
window-padding-x = 10;
window-padding-y = 10;
font-size = 12;
font-family = "JetBrainsMono Nerd Font";
theme = "poimandres";
};
themes = {
poimandres = {
background = "#0f0f0f";
foreground = "#a6accd";
cursor-color = "#f2eacf";
selection-background = "#1a1a1a";
selection-foreground = "#f1f1f1";
palette = [
"0=#252b37"
"1=#d0679d"
"2=#5de4c7"
"3=#fffac2"
"4=#89ddff"
"5=#fae4fc"
"6=#add7ff"
"7=#ffffff"
"8=#a6accd"
"9=#d0679d"
"10=#5de4c7"
"11=#fffac2"
"12=#add7ff"
"13=#89ddff"
"14=#fcc5e9"
"15=#ffffff"
];
};
};
};
};
}

34
modules/hm/desktop/hyprland.nix
View File

@@ -1,13 +1,7 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
ags
awww
];
wayland.windowManager.hyprland = {
enable = true;
package = null;
@@ -15,5 +9,31 @@
xwayland.enable = true;
systemd.variables = [ "--all" ];
};
# TODO: Hyprland 0.55 switched to Lua-based configuration.
# Until the Home Manager module is updated, we symlink our config instead.
home.file = {
".config/hypr/config".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/config";
".config/hypr/hyprland.lua".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/hyprland.lua";
};
home.packages = with pkgs; [
ags
awww
grim
slurp
hyprshot
wl-clipboard
wl-screenrec
(writeShellScriptBin "hypr-screenshot" ''
hyprshot -m region -r ppm - | satty --filename -
'')
(writeShellScriptBin "hypr-screenrecord" ''
wl-screenrec -g "$(slurp)"
'')
];
};
}

102
modules/hm/desktop/mango.nix
View File

@@ -1,21 +1,45 @@
{ inputs, ... }:
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.desktop.mangowm;
in
{
imports = [
inputs.mango.hmModules.mango
];
options.tnix.desktop.mangowm = {
enable = mkEnableOption "Enable MangoWM";
monitorRule = mkOption {
type = with types; listOf str;
default = [ ];
};
tagRule = mkOption {
type = with types; listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
wayland.windowManager.mango = {
enable = true;
settings = {
# Monitors
monitorrule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:1, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:1"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:1, rr:3"
];
monitorrule = cfg.monitorRule;
focus_cross_monitor = 1;
exchange_cross_monitor = 1;
drag_tile_to_tile = 1;
# Keyboard
repeat_rate = 25;
@@ -41,8 +65,8 @@
# Theme
border_radius = 8;
no_radius_when_single = 0;
focused_opacity = 1.0;
unfocused_opacity = 1.0;
focused_opacity = 0.9;
unfocused_opacity = 0.9;
# Scroller Layout Setting
scroller_structs = 0;
@@ -64,25 +88,7 @@
overviewgappo = 15;
# layouts
tagrule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
tagrule = cfg.tagRule;
# Keybindings
mousebind = [
@@ -100,6 +106,8 @@
# apps
"SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle"
"SUPER, D, spawn, vesktop"
"SUPER, T, spawn, Telegram"
"SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
@@ -109,11 +117,13 @@
"SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating"
"SUPER+SHIFT, Space, centerwin"
"ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps"
"SUPER+SHIFT, P, toggleglobal"
# switch layout
"SUPER+SHIFT, H, setlayout, tile"
@@ -125,6 +135,7 @@
"SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0"
"SUPER+CTRL, Equal, setoption, default_mfact, 0.5"
# swap client
"SUPER+SHIFT, Up, exchange_client, up"
@@ -140,29 +151,29 @@
"SUPER, Down, focusdir, down"
# switch view
"SUPER, 1, view, 1, 0"
"SUPER, 2, view, 2, 0"
"SUPER, 3, view, 3, 0"
"SUPER, 4, view, 4, 0"
"SUPER, 5, view, 5, 0"
"SUPER, 1, view, 1, 1"
"SUPER, 2, view, 2, 1"
"SUPER, 3, view, 3, 1"
"SUPER, 4, view, 4, 1"
"SUPER, 5, view, 5, 1"
# move client to the tag with focus
"SUPER+SHIFT, 1, tagsilent, 1, 0"
"SUPER+SHIFT, 2, tagsilent, 2, 0"
"SUPER+SHIFT, 3, tagsilent, 3, 0"
"SUPER+SHIFT, 4, tagsilent, 4, 0"
"SUPER+SHIFT, 5, tagsilent, 5, 0"
"SUPER+SHIFT, 1, tagsilent, 1, 1"
"SUPER+SHIFT, 2, tagsilent, 2, 1"
"SUPER+SHIFT, 3, tagsilent, 3, 1"
"SUPER+SHIFT, 4, tagsilent, 4, 1"
"SUPER+SHIFT, 5, tagsilent, 5, 1"
# move client to the tag without focus
"SUPER+ALT, 1, tag, 1, 0"
"SUPER+ALT, 2, tag, 2, 0"
"SUPER+ALT, 3, tag, 3, 0"
"SUPER+ALT, 4, tag, 4, 0"
"SUPER+ALT, 5, tag, 5, 0"
"SUPER+ALT, 1, tag, 1, 1"
"SUPER+ALT, 2, tag, 2, 1"
"SUPER+ALT, 3, tag, 3, 1"
"SUPER+ALT, 4, tag, 4, 1"
"SUPER+ALT, 5, tag, 5, 1"
];
# Window effect
blur = 0;
blur = 1;
blur_layer = 0;
blur_optimized = 1;
blur_params_num_passes = 2;
@@ -172,7 +183,7 @@
blur_params_contrast = 0.9;
blur_params_saturation = 1.2;
shadows = 0;
shadows = 1;
layer_shadows = 0;
shadow_only_floating = 1;
shadows_size = 10;
@@ -188,7 +199,7 @@
animation_type_close = "fade";
animation_fade_in = 1;
animation_fade_out = 1;
tag_animation_direction = 1;
tag_animation_direction = 0;
zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5;
@@ -241,4 +252,5 @@
dgop
];
};
};
}

24
modules/hm/desktop/mpv.nix Normal file
View File

@@ -0,0 +1,24 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
scripts = (
with pkgs.mpvScripts;
[
modernz
thumbfast
mpris
mpv-image-viewer.image-positioning
]
);
config = {
osc = "no";
border = "no";
};
};
};
}

19
modules/hm/desktop/satty.nix Normal file
View File

@@ -0,0 +1,19 @@
{
flake.modules.homeManager.desktop = {
programs.satty = {
enable = true;
settings = {
general = {
corner-roundness = 12;
initial-tool = "arrow";
early-exit = true;
copy-command = "wl-copy";
};
font = {
family = "JetBrainsMono NerdFont";
};
};
};
};
}

31
modules/hm/desktop/theme.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
enable = true;
style = {
name = "Breeze";
package = pkgs.kdePackages.breeze;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
};
}

5
modules/hm/desktop/vicinae.nix
View File

@@ -54,11 +54,6 @@
imports = [ "/run/secrets/vicinae.json" ];
providers = {
"@samlinville/store.raycast.tailscale" = {
"preferences" = {
"tailscalePath" = "${pkgs.tailscale}/bin/tailscale";
};
};
"@sovereign/vicinae-extension-awww-switcher-0" = {
"preferences" = {
"transitionDuration" = "1";

35
modules/hm/desktop/zed.nix Normal file
View File

@@ -0,0 +1,35 @@
{
flake.modules.homeManager.desktop = {
programs.zed-editor = {
enable = true;
extensions = [
"lua"
"nix"
"C#"
"solidity"
];
userKeymaps = [
{
context = "Workspace";
bindings = {
F7 = "workspace::NewTerminal";
};
}
];
userSettings = {
ui_font_size = 18;
buffer_font_size = 18;
theme = {
mode = "dark";
light = "Ayu Light";
dark = "Ayu Dark";
};
vim_mode = true;
telemetry = {
diagnostics = false;
metrics = false;
};
};
};
};
}

3
modules/hm/shell/neovim.nix
View File

@@ -13,8 +13,9 @@
neovim = {
enable = true;
defaultEditor = true;
vimAlias = true;
};
vim.enable = true;
};
home = {

9
modules/hm/shell/opencode.nix
View File

@@ -9,12 +9,17 @@
provider = {
google = {
options = {
apiKey = "{file:/run/secrets/gemini_api_key}";
apiKey = "{file:/run/secrets/gemini-api-key}";
};
};
openrouter = {
options = {
apiKey = "{file:/run/secrets/open_router_api_key}";
apiKey = "{file:/run/secrets/openrouter-api-key}";
};
};
opencode-go = {
options = {
apiKey = "{file:/run/secrets/opencode-go-api-key}";
};
};
};

82
modules/hosts/alpha/config.nix Normal file
View File

@@ -0,0 +1,82 @@
{ config, ... }:
{
flake.modules.nixos.alpha =
{
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/opencode"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/alpha/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "alpha";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/alpha/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.alpha =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/alpha/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.alpha =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/alpha/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.alpha = {
home.stateVersion = "26.05";
};
}

29
modules/hosts/alpha/secrets.yaml Normal file
View File

@@ -0,0 +1,29 @@
tux-password: ENC[AES256_GCM,data:tvx3nMoIuQSotxHDWLs7UesnyWY3u3EwkqAIzCw3Z2AJseaiqnt/xeSKAeUXPVSs85rVdIJ6Ys5+6r+NONEG7ujuNevpjJRNkQ==,iv:CB0BIrMfdiWiMCvmRdtsafh3dCAD5Qb3mOuE7eq4nA4=,tag:p/3AESwNCEL4EoU9rJjUPw==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Bo3Z5Jhce0UOBn77I2AcrXYbBgPLDx0eOjPC8J63E/VWNhMPbbxb,iv:iWOsTACOMcK3oqq848WnJ5Ku3tYy1aadmLB4IMgoyqg=,tag:BPzlXoP8/iJaj8c/YFCWyg==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:D+/ImUTg7UvBTh0fMlWMZ0O/GsQS/R4Hz+CO4l42R6mn+zk+udvw79BctXdWWyrFf2ZNOTJ/99QTtWOUOvHISWaEJogXyb+93g==,iv:c7OtgBu1Zaf7lA4InIsKOAPbAvTl3gaO7QGCFNx21Bo=,tag:KXiASj/qC1YzK6DUox57ug==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:ipKkNcRqBERIQ6f6yFzVm999s+UwJys4elHWhzpL441RfOaG9MmRWMcD+wRLJ7DSWFjYu6uUPF7TKez8J6abWeKDgg==,iv:FDSYE3R8zKVxWiP2S/sCVcwEu3fEXg/hCeqCRSF+c6g=,tag:5RDuMFGMoN6xwAYj0HiyjQ==,type:str]
netbird-key: ENC[AES256_GCM,data:NilfyafnGhFVYD6q4+jJQxlhXNdNC8BQ1CZfu8a5wc693Y1h,iv:Rpl0OpkQdBMPpIJ08t9Z0AjDAW6c97pFZKO1KPu8ipY=,tag:du3d0SQWuqJtJSwhSgJE4g==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR0kzRXBGRjJaVldDRk90
KzYwSzJBeXBnNVZ0T2VaU2oyLzdRWmo5ZzNVCk9HTDVtMk8xL1cwL2FSRUR5UGdS
bXJnOXhTbWozWm5rd2pnaFNoWk0rWncKLS0tIGFWWmY2WU9YanJ5UElab3lqaXNo
QUhYUWs4bitJaGpXL200b0s0SmVIeVUKevQ1IVqmqGIYf014iL47C02+peSYJyeE
PNluZUA6VzrL2WpdJzDqxAwSWtcgXG0/JADIg+DssnhftiHMHzn3NQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1VPODRnNEs2bXlUVjB5
Z0pBUzBnRDQ0WWcvL2IvUHdmQXUxNjRpTVN3Ck9VLzd2QWpMMlFJck1EQXBVanl0
SC91bDFqNFlJZ2E0UXVZa3BKRjh3TlkKLS0tIENuc1dUZ1dDUTg2VXBueU1ETG9S
c095blJheHhVT0E4bjdGUWlYN0N4MVUKK42sChX4V37HK1SRKQxldLpft2jVfeiG
4TkObqH8ddGpbd7cX5a/wboTjYuEdAviWxjK2oBPgtcFc1f03X3tmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T01:11:29Z"
mac: ENC[AES256_GCM,data:E+ZcNRFEPtJK02gWooRs7f20BHIYf8Ot4GjB1ab1KZwhI+3pUI6r654iO8+tiimQSeLWLgD43Szq4/7CpS+8NVjSI5uvXSxQQubXQfI0LmulT5XAVueOuSMgvetSFg8yN6+njBmr/MauixSSs2jjpQxtfsSSBgZ9RO7B7qLpMe4=,iv:kdCcTLb3bDmCfcjQQ8fH5ipkTQ5YlVDlhEVw5MzsH6s=,tag:ojub2y6b+jMbW/5i39xH5w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

112
modules/hosts/arcturus/config.nix Normal file
View File

@@ -0,0 +1,112 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
hostName,
userName,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".config/sops"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
services = {
cyber-tux = {
enable = true;
environmentFile = innerArgs.config.sops.secrets.discord-token.path;
};
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
discord-token = {
sopsFile = ./secrets.yaml;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "arcturus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

74
modules/hosts/arcturus/disko.nix Normal file
View File

@@ -0,0 +1,74 @@
{ inputs, ... }:
{
flake.modules.nixos.arcturus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

36
modules/hosts/arcturus/hardware.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
lib,
pkgs,
system,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
};
}

6
modules/hosts/arcturus/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.arcturus = {
home.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:eXg28pYQjIi5iPh4oHBOvIYQReM92T79uty/O461mEoLB8awr8ikq3RM7Mux3jZKM+Fk/Ow3NNG0F/154dZentodr1uvy9gD1g==,iv:nQevOumENveBMuiYMJF0OokORyjZCpR8ahTfOuj2Dzo=,tag:64zz8eVuw1OwTltfAUwWSg==,type:str]
discord-token: ENC[AES256_GCM,data:uzxkrNRRplL/1MfvPZ/EL+I8UACuZQBHZ95BSHuxW0nBjxhr2F89D2BXTcKOBI9qO6uMjK5WBtWzSOw3y9EsngTTm/youIdkrIDLP3r/tkpOkLa/VjM=,iv:OxzFa0nEInV5uxgQFww11ZE1NorH5q130Tgp/6l9uOE=,tag:g4U9wLhPAkz72ktbQ8KrSg==,type:str]
gemini-api-key: ENC[AES256_GCM,data:gLZSoYTdKY+rwIpYiXvN9n9PGkUD6q8Oe7dHnYkjEjwDf5qpjubg,iv:ySoNgQWTu9DjvbashF4ulyYP8fJUl4yrCTeBQ0jrGmw=,tag:FctubsQv50AP78JvTb9bpQ==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:6xONCl9lqOoO7b4CEyCz9607tICDUAkpglRjGS5nYq2ppg2UKqYTrWD1BGCA5Xfs/CWskniVhoNG3vscjKiYCCh9gbM6aqdmTQ==,iv:7Iwc9t00HOOBjA7URXcUO41badqYyJCkFHM/uPkLFxY=,tag:Cl39kitr2e0//HVwAdsdUQ==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:dmeRKn7TWHnqvpyPQpcEG6yHTb2bRby/rh10ytL0jHj5R+lRmNVdmqUF92GTznY9vEaB6ZYCJecWhpm8g4upNfOWBg==,iv:9UMJpAlD8gpcNiN+liu3nawoAZQKapEg7sCp561N9E8=,tag:OZlASpOa5BQaQwFWjoLCRw==,type:str]
netbird-key: ENC[AES256_GCM,data:q6eKisca04qn/CvALrvXF79MsToDhvLRLv2JTiUBAZglCC9m,iv:jj0/ZD7IDgopprTVUgSfJmdAJmUP3iqewU3dqssGYbk=,tag:6IPRdCm2FGdlTEIX7jt3qA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Qkh0cmdHNGJTYmFNUFZW
c244RjlyNjlrSWh1bG1IRFFFeFZZVzhaYVdBCmd1N3JNS0IzWDlUMUJSM0pYdi9L
MzlHRk1pZ1hqaVdIYUQwczh2VDVtZE0KLS0tIEtRYWF6V0I3eDBZSnVmZ2R5S0Z5
Z3hhRitmdEwxbzcrS0cwNTZVK1lXYlUKSFfKk7JGzxRq9weL4NKJqfmAige2O+1T
59PvEFKvvkGb6ajkzwTw0lB3UFzly6FuTnbSLY9r+oT9AMbxLoKdcQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYlZiak1CSW1NSGt5QTRi
RjlUeG5EODVkTVJDY1RrZXJ6OU5NQ0RIOG5jCnJxZ1R6MmlGWXY2SmtaY1pQSWdZ
UWp3L2h6c0k0MVpubE9BRSswUEk3ZkkKLS0tIGN4Zm1tcHBiKzAyYWNHVktVZmpU
V3h4dUZLcktrTUZvUm44eVZOWEl4VmMKMTvajoWcktb4jVIP4HyzQiR41Wg8Gdqi
TLKEYsPQgOJ7s8P9gw2uPUY6HRz86CtiC6EbO27u0+8BbI85x1QScg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:36:06Z"
mac: ENC[AES256_GCM,data:nD0exblrbheP1C5lK8V17V/gkHJO6s6yVjXtQWcUOLVGrzkPSxkymYBHUFMTLVyYQNLCVMc8AHkuHVuJ1tBfXNll1f6/SGtfaBQcOLct70U7nFxd/XybTUlscNp2KafJWy/n4ZUfNDbfrWN1R463CN/M50jGqJPDWYuP9ah2JcI=,iv:izQUT/+HQqJZ48X5bXobFSaWcdcXQ/7eh+SCd9i4YYo=,tag:FJlR2wI4rWQ/SDfQGtQ7AQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

132
modules/hosts/canopus/config.nix Normal file
View File

@@ -0,0 +1,132 @@
{ config, ... }:
{
flake.modules.nixos.canopus =
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = false;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install.
system.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "canopus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/canopus/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.canopus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "32G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

134
modules/hosts/canopus/hardware.nix Normal file
View File

@@ -0,0 +1,134 @@
{ inputs, config, ... }:
{
flake.modules.nixos.canopus =
{
lib,
system,
...
}@innerArgs:
{
imports =
with config.flake.modules.nixos;
[
hardware
]
++ [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
services = {
power-profiles-daemon.enable = true;
upower.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 80,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_profile_linked_epp: true,
platform_profile_on_battery: Quiet,
platform_profile_on_ac: Performance,
change_platform_profile_on_battery: true,
change_platform_profile_on_ac: true,
profile_quiet_epp: Power,
profile_balanced_epp: BalancePower,
profile_custom_epp: Performance,
profile_performance_epp: Performance,
ac_profile_tunings: {},
dc_profile_tunings: {},
armoury_settings: {},
)
'';
profileConfig.text = ''
(
active_profile: Quiet,
)
'';
fanCurvesConfig.text = ''
(
profiles: (
balanced: [
(
fan: CPU,
pwm: (2, 22, 45, 68, 91, 153, 153, 153),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (2, 25, 48, 71, 94, 165, 165, 165),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
performance: [
(
fan: CPU,
pwm: (35, 68, 79, 91, 114, 175, 175, 175),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (35, 71, 84, 94, 119, 188, 188, 188),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
quiet: [
(
fan: CPU,
pwm: (2, 12, 22, 35, 45, 58, 79, 79),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
(
fan: GPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 84),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
],
custom: [],
),
)
'';
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

39
modules/hosts/canopus/home.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, ... }:
{
flake.modules.homeManager.canopus = {
imports = with config.flake.modules.homeManager; [
desktop
];
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:eDP-1, width:2560, height:1440, refresh:165, x:0, y:0, vrr:1"
];
tagRule = [
"id:1, layout_name:tile"
"id:2, layout_name:tile"
"id:3, layout_name:tile"
"id:4, layout_name:tile"
"id:5, layout_name:scroller"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints = {
"f4:4b:17:61:f7:01:a4:a2:e1:c7:8c:1c:7a:f3:8b:87:14:3d:05:3d:a0:8b:cc:e7:88:d8:d8:d2:a4:c2:75:8b" =
"sirius";
};
};
};
};
home.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:Xb4/JMAZCBnBheDCJdRRGXLnMJ1ej8HbN+AUqA/+2sdYESKeF1PFny4Iq2kqvzdK4D3mp+pdjd7GAGfJp4M7sOcvI3V/coyxPQ==,iv:h+S+MEwHj22uHaTzFoxGZtefNUAQNp3fbU+QRfgtKvQ=,tag:VHrIEIQivPFTfhmm7dWEyQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Q6+actg0oyUWiUJVy/9yZmea1QyGu2o8LfMsuAVFD6k7kp0dYIrl,iv:ukyouqrHxzVpBBE98KL6PW8P3j+seemm/e0Gl1urUcM=,tag:Z7MM3dJ414CmdxE72cdzNA==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:SalhWKR6artX/kOVKZGpKSmrgsQDU/heshrdkK3wotOZ3BRn/ZqZRBldvl1JPSenMAMvE2LWUdmBQmwG/id7L7JL1O/+lUHIQw==,iv:hLlHayFJgUkWOirVLfqP0pGRBZAqGKe+EE2yG1ELGNk=,tag:0qoo0tb+xWjjQXr4n1qGmw==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:zbeTcaXJZFVfYnM/7sgblJFU9WfeosX/44KsXvrzKwiLPfGLLYYo9AFaCvWzzG6jHuSZC5OYrBWfOZv4+3omfCgglQ==,iv:LscUQE+PNhXGim9PSqc9nZIZichWSgAn/zsNxQ/HM/o=,tag:MaBCobnRM42fopiibibe5Q==,type:str]
netbird-key: ENC[AES256_GCM,data:swmaa+RjxeUmEl8hS2riGrW4lP5jdks9HM3x57/FLpOuqFtR,iv:MrpVjiocrPi+dBGPk7pwgSUNlJ1eryRpMjC8+jkU+T0=,tag:j6sqpQ02apqc6FwkdDvk9g==,type:str]
vicinae-json: ENC[AES256_GCM,data:FarBf6l8pl3hF7kGKPIWztUhwiKoQXmyTufCuJ120K/bPh1Bfiyi+ETt4DLYOGI6FJXfpVz4BbZOA29bXTLhVPxH0QtyBu/F5uEqA015b/c8VevDJSyy9huR13qO9ksLbMBt8RfWbAd9j26t7A1C8/mMyiJOEXCCTV9CEIW3xWrsYmhwsT8RYM+PwrPSeN1gQXHSMyRUjf/kOdJoda8+iXpLfjo4II4r2ELpbqi8QxhrRdsJsoOfAymFM784NtlTjE+h6S4TMehmoF/9ARif6I5SGQ0WfIKt/8orTGCPllL+NupLziSnpIGRGSybdArD+o5NCw59GOAbVRADxq8rCESwEkq3cF+hm8HabfYbiQ==,iv:Y/hXLFTJT3gNF3B6tgKoAh7njVuneoUzjVTlsCZiySw=,tag:2hfrwph6IccJdRu/yGu3XA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS2RZdVJaNTlRamZPMkll
MDRVSVl1b2x2LzZpdlBrdmZtdyt3UE15RldRCldXUXE2a1BFeHg5NGNPbW5IMDht
cHN1QituOU9uWFQwNS9udzNEbVhtUjQKLS0tIEtkTXhlYS9XSUlQRTY1eXBjeXZQ
bThQTFdZU29ISm93TWcwVk5ZTkhRWm8KCcprmLGhahgDkXCBpzjctHgao+gc+rKC
xLIwheUyFJOGK+ixqcdoZ/PC0kY68hVLt1YzLAyxFi4Ur1wltPrNug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVW13WFE1Ylh3Uk1HNU1i
bU9kRzFqTmhkQlRzMlRkM0VhMlNmMDUyK25NCkZYUStxM2tScGozRXJGekxGa1RX
b1VXK0Y2Z1U0YU9XRmxRUWdWem50L1EKLS0tIFovcHRlZ1JJd2lRN0RFbHdCdm9m
V1N3eUVjZ0VZRjBZdXRPNng3Y3JoUTAKQau9CG9XfvM+5JZVRwaJr/o/sXMaJiy2
wo2YcDb+4vfT4Wr+/8J3ccQgbLRZH916X5ZPL+A+nFyVXVKOCl3ENg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-12T06:33:00Z"
mac: ENC[AES256_GCM,data:htDJdEx34Q5NG8vwbBimnFENZawbLZ4FC0DkyG6J5RYP0BFnycKcKGsYR87SvIjcJZXvfZ0e6fXdtc78dd6I0sQtrQ7aNn4Iktbu/AkPmntsBwpIjVI99X9zUyQB87go/oX15yuyt8loB6ds2RkL/pfFsgLbFc10JHsBy+WcEzI=,iv:HvY+5LYzyHpRm8XCSKrN8ra/LJT9v23TPSsZg/4QVNU=,tag:k+d45+zgBYq4vlWmmc8ZkQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

119
modules/hosts/sirius/config.nix
View File

@@ -4,25 +4,100 @@
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix.services.openssh.enable = true;
# --- Boot ---
tnix = {
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
".config/lan-mouse/lan-mouse.pem"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = true;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
kernelPackages = pkgs.linuxKernel.packages.linux_zen;
kernelParams = [ "nvidia-drm.modeset=1" ];
};
# --- Networking ---
@@ -46,31 +121,9 @@
firewall.enable = false;
};
# --- Hardware / GPU ---
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
enableAllFirmware = true;
usb-modeswitch.enable = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
# --- Programs ---
programs.firefox.enable = true;
# --- Packages ---
environment.systemPackages = with pkgs; [
discord
zed-editor
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!

9
modules/hosts/sirius/default.nix
View File

@@ -14,7 +14,14 @@ in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit hostName userName userEmail; };
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}

82
modules/hosts/sirius/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.sirius =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "70G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

53
modules/hosts/sirius/hardware.nix
View File

@@ -1,11 +1,18 @@
{ config, ... }:
{
flake.modules.nixos.sirius =
{
config,
lib,
pkgs,
system,
...
}:
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.kernelParams = [ "nvidia-drm.modeset=1" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
@@ -18,31 +25,27 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/d856ed98-6841-4cbf-89be-e08c6f48b9ea";
fsType = "ext4";
hardware = {
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7FE1-55C5";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
};
services = {
xserver.videoDrivers = [ "nvidia" ];
power-profiles-daemon.enable = true;
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.config.cudaSupport = true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.full
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/69794aa5-51a9-4816-8d45-7791505165d4"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp10s0f3u2i2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

35
modules/hosts/sirius/home.nix
View File

@@ -5,7 +5,39 @@
desktop
];
tnix.services.lan-mouse = {
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
tagRule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
clients = [
@@ -18,6 +50,7 @@
];
};
};
};
home.stateVersion = "26.05";
};

30
modules/hosts/sirius/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:JWQVd2MYX2U4UP4II62ixG9hWI5MtgHAFhl8aCmyrYPl1H/ig9ZYqfTiggJsOoXM9CUHmhUTrSWw7xRvbzztBrC7L4ABcWPbrQ==,iv:wY/RNJs7XaCsHHNX2MLBqzAgDCSo4rht10oiKrUlTHo=,tag:DcADVtEJs2KCeNS6AhO0SQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Y9YgXp/tB3Q1Rb5YMsZLgWCq+bdeIjsXAVeO3Yh7nZ8MwDH7d5De,iv:FIXxJCn6JDYsHIoNn8f8Un3z9ZPVbxdjR48Ux88poRg=,tag:bMJ4i69HTspnhzsrsxkbrw==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:HfZgZz4NyCLLM9woTZp2I6JGOlVcFblw2OMjx8k0TG5ZU2ycBCF6bKqp3wFibUxXcHy+nIfjI82fkLeSyIaGILRLYCJCc8BHKw==,iv:umUcn8MRaj7JXo6IFrGMXOu+jsFSCEikMxsQxfaFS/Q=,tag:l2s61C4EpJoKv8cc9nYGFA==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:BGERcZg5Jpnznc4cXeYFMhPk9kKBkd9GvIuQBV9TW3JE1utgrLLYK6mKNCQqrEStRFiO2jUUnBm3opUNL4SuEHFLpw==,iv:fgFAwx6z9yruK27PvAJX/Q2CS9gU+LJ5zMUK/f/rzpo=,tag:BPu3M+jppPB8sLoLmfuY/Q==,type:str]
netbird-key: ENC[AES256_GCM,data:qXAnRnLM2TlzpOvWG4exJv0+pUvpe0FpRN5xOWx3+KNt+yhq,iv:X+yl4o1RSYMCMWdVXo1hpzy+6IdKXUpsKPtYNSiHiCY=,tag:I8HbnD5iw6EJ1TdsNrhvfw==,type:str]
vicinae-json: ENC[AES256_GCM,data:JjxolEgS6uakqR4eHOx3VyrOO5kaL4dj1jcEiLWsrktCU32UB7OmP1kJEVomA1rZjODpFHL89+FRpcNFspTFrc365WlANE81RLg/M2Ja1MiLYaDFNcBGtqMX9Yc1muor53Xl7t+rTSvDIj1oE1L7xPPcjCLfwC5QDzJjCBWj9FhCxnU5BwvoJNv9vgA6xnkzAOYSPZK/ihULMD0DxyqOUEa5ECGX62OPM9Gbr7jEviaItYzOOxaRs/yQVqizodGGl/BcK6fPqvOYSxip9ABYRVSI9ZvysY7ofAkeX91ardPwVG5VvEYfxZwBvGFjV7ZfTzVkK+BiUUNrvciAETHqwkjHftPpfJjxWsgLr8lbOA==,iv:HjDE/sqVDnxeww7r2upxH57rc1+LpuMKnhhyGXoc1Ms=,tag:d2kZeWkg17eVoNACIQ3Q9A==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGdHcDc4bTFkR0EyZlUr
eXovR1lyeTZJTDg5R281MFFuMHVwOXZXYzNvCkpIT1g3K05WUUswaEVjVVJWQkJq
V20xODdoWlJMY3ZCcGo0czU1TXZFRE0KLS0tIGNTeXV2Mld2STRmRnFaM1MzT3Nk
Z0JwWWR0STUybjVhSXdDR3NiKzV1eDQK22HmMuyqYaR/eGuALkAPB1Y5bN2KwIt3
pamM8vbnjB//hXoyrv4vsoDk9WzLGFGjgiw2qsM2HQgzQqtrwF1/1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N3ZBd1pHODFtZkZxaHNP
OXlXUzVFS0ZIam1IWVkxNldOdTEwY0s4aUNZCjVlcnF1aXJxUUlQSXhteXJ6OU1W
L0crZzJOaHF2SnVhWVZnVEdqRlR0cjgKLS0tIFlFWHhaR3U2QTNxRGZRMnk3cmll
M3JocWZJeXFxenhXOENBVWpvNkd3bm8KqhNLzCyEAI643jGWpZF/uTchHmBj8ozU
HtpOzKsshif66D0XOHeJQfQamJI4TyKsj3Sk3j9rstsLmN2lxTRGHg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:35:50Z"
mac: ENC[AES256_GCM,data:u27zQ1PPnWy5Parbh/1DkVP3ICmHnLZJKaLbN3dZEVONgqOWi32LV3t0iNhtLWwVnzFPBusRWahQiqAkUdnQtrXF0OtjPCpLuIw86xB75QPGbet0GZlLNb8/xPshChZe4v520csdJMWiy3vYeKrk8LxMSViAGhmhYK2a5NbGhzI=,iv:/9vePmvCNqoP0kx24fP3HfCjS2FkjBmI5B+SycvKKW4=,tag:gE1/DnLolwhoyfMJYejGIQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

50
modules/hosts/vps/config.nix Normal file
View File

@@ -0,0 +1,50 @@
{ config, ... }:
{
flake.modules.nixos.vps =
{
hostName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
};
};
};
networking.openssh.enable = true;
virtualisation = {
docker.enable = true;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/vps/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "vps";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/vps/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.vps =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/vps/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.vps =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/vps/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.vps = {
home.stateVersion = "26.05";
};
}

121
modules/nixos/boot/impermanence.nix Normal file
View File

@@ -0,0 +1,121 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
userName,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.tnix.boot.impermanence = {
enable = lib.mkEnableOption "Enable impermanence";
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
options.tnix.boot.impermanence.home = {
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = lib.mkIf cfg.impermanence.enable {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib"
"/etc/NetworkManager/system-connections"
]
++ cfg.impermanence.directories;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
]
++ cfg.impermanence.files;
};
home-manager.users.${userName} = {
home.persistence."/persist" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
".ssh"
]
++ cfg.impermanence.home.directories;
files = cfg.impermanence.home.files;
};
};
boot.initrd.systemd = {
enable = true;
services.wipe-my-fs = {
wantedBy = [ "initrd.target" ];
after = [ "initrd-root-device.target" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
};
};
}

29
modules/nixos/boot/loader.nix Normal file
View File

@@ -0,0 +1,29 @@
{
flake.modules.nixos.boot =
{ config, lib, ... }:
let
cfg = config.tnix.boot;
in
{
options.tnix.boot.legacy = {
enable = lib.mkEnableOption "legacy boot (GRUB) instead of systemd-boot";
};
config = lib.mkMerge [
{
boot.loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
};
}
(lib.mkIf (!cfg.legacy.enable && !cfg.secure-boot.enable) {
boot.loader.systemd-boot.enable = true;
})
(lib.mkIf cfg.legacy.enable {
boot.loader.grub.enable = true;
})
];
};
}

11
modules/nixos/boot/misc.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
};
};
}

43
modules/nixos/boot/secure-boot.nix Normal file
View File

@@ -0,0 +1,43 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
pkgs,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
options.tnix.boot.secure-boot = {
enable = lib.mkEnableOption "Enable secure-boot";
};
config = lib.mkIf cfg.secure-boot.enable {
assertions = [
{
assertion = !cfg.legacy.enable;
message = "secure-boot and legacy boot (GRUB) cannot be enabled at the same time";
}
];
environment.systemPackages = [ pkgs.sbctl ];
# Lanzaboote replaces systemd-boot, so force it off
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
autoGenerateKeys.enable = true;
autoEnrollKeys.enable = true;
configurationLimit = 10;
pkiBundle = "/var/lib/sbctl";
};
};
};
}

25
modules/nixos/core/sops.nix Normal file
View File

@@ -0,0 +1,25 @@
{ inputs, ... }:
{
flake.modules.nixos.core =
{
config,
pkgs,
...
}:
let
isEd25519 = k: k.type == "ed25519";
getKeyPath = k: k.path;
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops.age = {
sshKeyPaths = map getKeyPath keys;
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
environment.systemPackages = with pkgs; [ sops ];
};
}

2
modules/nixos/core/substituters.nix
View File

@@ -13,6 +13,7 @@
"https://nix-on-droid.cachix.org"
"https://lan-mouse.cachix.org"
"https://wezterm.cachix.org"
"https://cache.nixos-cuda.org"
];
trusted-substituters = [
"https://nix-on-droid.cachix.org"
@@ -30,6 +31,7 @@
"nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU="
"lan-mouse.cachix.org-1:KlE2AEZUgkzNKM7BIzMQo8w9yJYqUpor1CAUNRY6OyM="
"wezterm.cachix.org-1:kAbhjYUC9qvblTE+s7S+kl5XM1zVa4skO+E/1IDWdH0="
"cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
];
};
};

7
modules/nixos/core/users.nix
View File

@@ -3,10 +3,14 @@
{
pkgs,
lib,
config,
userName,
userEmail,
...
}:
let
hasPasswordSecret = lib.hasAttrByPath [ "sops" "secrets" "tux-password" ] config;
in
{
programs.zsh.enable = true;
@@ -30,7 +34,8 @@
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.${userName} = {
initialPassword = userName;
hashedPasswordFile = lib.mkIf hasPasswordSecret config.sops.secrets.tux-password.path;
initialPassword = lib.mkIf (!hasPasswordSecret) userName;
isNormalUser = true;
extraGroups = [
"networkmanager"

2
modules/nixos/desktop/ly.nix
View File

@@ -3,7 +3,7 @@
services.displayManager.ly = {
enable = true;
settings = {
# session_log = "null";
session_log = "null";
};
};
};

7
modules/nixos/desktop/misc.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ brightnessctl ];
};
}

15
modules/nixos/desktop/obs-studio.nix Normal file
View File

@@ -0,0 +1,15 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
programs.obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vaapi
wlrobs
obs-source-record
];
};
};
}

18
modules/nixos/desktop/thunar.nix Normal file
View File

@@ -0,0 +1,18 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
services = {
gvfs.enable = true;
tumbler.enable = true;
};
programs.thunar = {
enable = true;
plugins = with pkgs; [
thunar-archive-plugin
thunar-volman
];
};
};
}

7
modules/nixos/desktop/tpanel.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ tpanel ];
};
}

11
modules/nixos/gaming/steam.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.gaming =
{ pkgs, ... }:
{
programs.steam = {
enable = true;
protontricks.enable = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
};
};
}

3
modules/nixos/desktop/audio.nix → modules/nixos/hardware/audio.nix
View File

@@ -1,6 +1,5 @@
{
flake.modules.nixos.desktop = {
flake.modules.nixos.hardware = {
security.rtkit.enable = true;
services.pipewire = {

7
modules/nixos/hardware/bluetooth.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.hardware = {
hardware.bluetooth = {
enable = true;
};
};
}

13
modules/nixos/hardware/graphics.nix Normal file
View File

@@ -0,0 +1,13 @@
{
flake.modules.nixos.hardware = {
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
enableAllFirmware = true;
usb-modeswitch.enable = true;
};
};
}

31
modules/nixos/networking/netbird-client.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.nixos.networking =
{
config,
lib,
hostName,
...
}:
with lib;
let
cfg = config.tnix.networking.netbird-client;
in
{
options.tnix.networking.netbird-client = {
enable = mkEnableOption "Enable netbird client";
};
config = mkIf cfg.enable {
services.netbird.clients = {
${hostName} = {
port = 51820;
login = {
enable = true;
setupKeyFile = config.sops.secrets.netbird-key.path;
};
bin.suffix = "";
};
};
};
};
}

15
modules/nixos/networking/ssh.nix
View File

@@ -7,10 +7,14 @@
}:
with lib;
let
cfg = config.tnix.services.openssh;
cfg = config.tnix.networking.openssh;
# Sops needs acess to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
options.tnix.services.openssh = {
options.tnix.networking.openssh = {
enable = mkEnableOption "Enable OpenSSH server";
ports = mkOption {
@@ -59,6 +63,13 @@
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
};
hostKeys = [
{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
};
};

105
modules/nixos/services/cyber-tux.nix Normal file
View File

@@ -0,0 +1,105 @@
{
flake.modules.nixos.services =
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.tnix.services.cyber-tux;
in
{
options.tnix.services.cyber-tux = {
enable = mkEnableOption "CyberTux Discord bot";
user = mkOption {
type = types.str;
default = "cyber-tux";
description = "User under which the CyberTux service runs.";
};
group = mkOption {
type = types.str;
default = "cyber-tux";
description = "Group under which the CyberTux service runs.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/cyber-tux";
description = "Directory where CyberTux stores its data.";
};
environmentFile = mkOption {
type = types.path;
description = "Environment file containing the Discord bot token.";
};
};
config = mkIf cfg.enable {
systemd.services.cyber-tux = {
description = "CyberTux Discord bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = cfg.environmentFile;
ExecStart = getExe pkgs.cyber-tux;
Restart = "always";
RestartSec = 5;
WorkingDirectory = cfg.dataDir;
StateDirectory = baseNameOf cfg.dataDir;
StateDirectoryMode = "0700";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = [
"uts"
"ipc"
"pid"
"user"
"cgroup"
];
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0077";
};
};
users.users = mkIf (cfg.user == "cyber-tux") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "CyberTux service user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = mkIf (cfg.group == "cyber-tux") {
${cfg.group} = { };
};
};
};
}

118
modules/nixos/virtualisation/distrobox.nix Normal file
View File

@@ -0,0 +1,118 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
pkgs,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.distrobox = {
enable = lib.mkEnableOption "Enable DistroBox";
};
config = lib.mkIf cfg.distrobox.enable {
virtualisation.waydroid.enable = true;
environment.systemPackages = with pkgs; [
distrobox
(writeShellScriptBin "dbox-create" ''
#!/usr/bin/env bash
# 1. Initialize variables
IMAGE=""
NAME=""
# Array to hold optional arguments (like volumes)
declare -a EXTRA_ARGS
# 2. Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
-i|--image)
IMAGE="$2"
shift 2
;;
-n|--name)
NAME="$2"
shift 2
;;
-p|--profile)
echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
# Add volume flags to the array
EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
shift 1
;;
*)
echo "Unknown option $1"
exit 1
;;
esac
done
if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
echo "Usage: dbox-create -i <image> -n <name> [-p]"
exit 1
fi
# 3. Define the custom home path
CUSTOM_HOME="$HOME/Distrobox/$NAME"
echo "------------------------------------------------"
echo "Creating Distrobox: $NAME"
echo "Location: $CUSTOM_HOME"
echo "------------------------------------------------"
# 4. Run Distrobox Create
# We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
${pkgs.distrobox}/bin/distrobox create \
--image "$IMAGE" \
--name "$NAME" \
--home "$CUSTOM_HOME" \
"''${EXTRA_ARGS[@]}"
# Check exit code
if [ $? -ne 0 ]; then
echo "Error: Distrobox creation failed."
exit 1
fi
# 5. Post-Creation: Symlink Config Files
echo "--> Linking configurations to $NAME..."
# Helper function to symlink
link_config() {
SRC="$1"
DEST="$2"
DEST_DIR=$(dirname "$DEST")
# Create parent directory if it doesn't exist
mkdir -p "$DEST_DIR"
if [ -e "$SRC" ]; then
# ln -sf: symbolic link, force overwrite
ln -sf "$SRC" "$DEST"
echo " [LINK] $DEST -> $SRC"
else
echo " [SKIP] $SRC not found on host"
fi
}
# Create Symlinks
link_config "$HOME/.zshrc" "$CUSTOM_HOME/.zshrc"
link_config "$HOME/.zshenv" "$CUSTOM_HOME/.zshenv"
link_config "$HOME/.config/fastfetch" "$CUSTOM_HOME/.config/fastfetch"
link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
echo "--> Done! Enter via: distrobox enter $NAME"
'')
];
};
};
}

32
modules/nixos/virtualisation/docker.nix Normal file
View File

@@ -0,0 +1,32 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
pkgs,
userName,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.docker = {
enable = lib.mkEnableOption "Docker container runtime";
nvidia = {
enable = lib.mkEnableOption "NVIDIA Container Toolkit for Docker";
};
};
config = lib.mkIf cfg.docker.enable {
virtualisation = {
oci-containers.backend = "docker";
docker.enable = true;
};
hardware.nvidia-container-toolkit.enable = lib.mkIf cfg.docker.nvidia.enable true;
environment.systemPackages = with pkgs; [ lazydocker ];
users.users.${userName}.extraGroups = [ "docker" ];
};
};
}

38
modules/nixos/virtualisation/qemu.nix Normal file
View File

@@ -0,0 +1,38 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
pkgs,
userName,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.qemu = {
enable = lib.mkEnableOption "QEMU/KVM virtualization with libvirtd";
};
config = lib.mkIf cfg.qemu.enable {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
};
};
spiceUSBRedirection.enable = true;
};
users.users.${userName}.extraGroups = [ "libvirtd" ];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
];
};
};
}

20
modules/nixos/virtualisation/waydroid.nix Normal file
View File

@@ -0,0 +1,20 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.waydroid = {
enable = lib.mkEnableOption "Waydroid Android container";
};
config = lib.mkIf cfg.waydroid.enable {
virtualisation.waydroid.enable = true;
};
};
}