tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-06-21 03:36:32 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:8d3e740614543b0bdeede13cd279561f303612e8
Branches Tags
tux:main tux:dev tux:old
tux:25.11.2025
...
compare: tux:dev
Branches Tags
tux:dev tux:main tux:old
tux:25.11.2025

54 Commits
8d3e740614 ... dev

Author SHA1 Message Date
tux
5a4483b615 feat(desktop): add tumbler support for thunar thumbnails 2026-05-17 12:22:10 +05:30
tux
c3adf234f7 feat: add distrobox to persist dir 2026-05-15 10:13:08 +05:30
tux
7f74855511 feat(desktop): enable thunar file manager and plugins 2026-05-15 10:12:07 +05:30
tux
383bc98052 feat(gaming): add proton-ge-bin to steam 2026-05-15 09:02:03 +05:30
tux
828ca02935 feat(sirius): enable power-profiles-daemon service 2026-05-13 05:43:47 +05:30
tux
6438a98d18 feat(canopus): enable upower service 2026-05-13 05:42:29 +05:30
tux
6b09bf0e7e feat(desktop): add new package brightnessctl 2026-05-13 05:33:31 +05:30
tux
cd4e81178d feat(canopus): enable power-profiles-daemon and asusd services 2026-05-13 05:13:51 +05:30
tux
b649b974fa refactor(hosts): simplify configuration imports across hosts 2026-05-13 04:33:14 +05:30
tux
71aaf2d392 feat(desktop): add mpv configuration module 2026-05-12 22:54:25 +05:30
tux
8ec23b15af fix(desktop): use lua config for hyprland 2026-05-12 22:00:01 +05:30
tux
fdc63b9307 refactor(desktop): standardize mangowm settings across hosts 2026-05-12 21:02:02 +05:30
tux
626dd68af6 refactor(vicinae): remove tailscale 2026-05-12 20:59:49 +05:30
tux
8bca900c98 feat(canopus): add canopus host 2026-05-12 12:20:11 +05:30
tux
a1c8b6c56e feat(desktop): configure system themes and cursors 2026-05-11 09:11:36 +05:30
tux
8ce1d22066 feat(desktop): add hyprland screenshot and screenrecord tools 2026-05-11 07:12:53 +05:30
tux
5f895aeee0 feat(ghostty): add ghostty module 2026-05-11 06:52:50 +05:30
tux
c75ff5eee2 chore: update flake inputs 2026-05-11 06:52:22 +05:30
tux
03f7aeb49b feat(desktop): enable easyeffects service 2026-05-11 05:57:32 +05:30
tux
bc553b6248 feat(mango): add toggle global keybinding 2026-05-11 05:04:20 +05:30
tux
20cfab3d6b feat(mango): add keybinding for default mfact 2026-05-11 04:40:56 +05:30
tux
61791f311e feat(mango): add centerwin keybinding 2026-05-11 04:24:57 +05:30
tux
6ebc3ed144 feat(tpanel): add tpanel module 2026-05-11 03:39:11 +05:30
tux
b2a103235c feat(mango): update tag animation direction 2026-05-11 03:38:50 +05:30
tux
813bf73ecb feat(netbird): setup netbird client 2026-05-10 06:57:04 +05:30
tux
824e6f3d96 feat(alpha): add alpha host 2026-05-10 05:05:55 +05:30
tux
c5cc4b4f11 feat(vps): add vps host 2026-05-10 04:57:09 +05:30
tux
cb3389bce6 feat(boot): configure systemd-boot and GRUB based on options 2026-05-10 04:54:59 +05:30
tux
bd6055cae5 feat(users): configure user password based on sops secret 2026-05-10 04:54:19 +05:30
tux
226b4cd974 feat(vim): enable vim 2026-05-10 04:39:11 +05:30
tux
ee82aa373e refactor(opencode): simplify configuration for provider API keys 2026-05-10 04:29:59 +05:30
tux
d15933bf05 feat(gaming): add steam 2026-05-10 02:26:20 +05:30
tux
c0182fbdf8 feat(mangowc): adjust window opacity and blur settings 2026-05-10 02:04:13 +05:30
tux
36f3adbe30 feat: add telegram 2026-05-10 01:48:28 +05:30
tux
92050093ae feat: setup impermanence 2026-05-09 21:46:40 +05:30
tux
dce2cd1322 refactor(boot): consolidate impermanence configuration options 2026-05-09 21:46:25 +05:30
tux
9231c5878f feat(boot): enable key auto-generation and enrollment 2026-05-09 18:57:32 +05:30
tux
35dcf89400 feat(sirius): enable impermanence 2026-05-09 05:36:27 +05:30
tux
d8adc25455 chore(ly): set session log to null 2026-05-09 05:11:32 +05:30
tux
0de17e6b4b refactor(boot): consolidate boot loader and kernel settings 2026-05-09 05:04:40 +05:30
tux
f7d688b6c6 refactor(disko): simplify impermanence check 2026-05-09 04:58:29 +05:30
tux
a9d91df8ce feat: add cyber-tux module 2026-05-09 04:54:32 +05:30
tux
96841dbfa8 chore(ssh): update module reference for persistence check 2026-05-09 04:22:54 +05:30
tux
0f1faa7008 feat: setup bluetooth 2026-05-09 04:22:08 +05:30
tux
d5e3a6d387 feat(arcturus): add arcturus host 2026-05-09 04:15:22 +05:30
tux
a216a6be0e feat: setup impermanence module 2026-05-09 04:13:48 +05:30
tux
40bb53a844 refactor(hardware): reorganize module structure 2026-05-09 02:40:45 +05:30
tux
920cc2d4d6 feat: add davinci-resolve 2026-05-08 19:27:16 +05:30
tux
4f5e1a0a56 refactor: update ssh module to use networking namespace 2026-05-08 07:22:18 +05:30
tux
7eb7ea75c0 feat(config): set lanzaboote configurationLimit to 10 2026-05-08 05:31:54 +05:30
tux
5bfa9f1e09 refactor(config): standardize secret names for API keys 2026-05-08 05:31:18 +05:30
tux
e28d1acb5e refactor: seperate loader module 2026-05-08 05:14:03 +05:30
tux
3efd212f04 feat: setup secure-boot 2026-05-08 05:09:38 +05:30
tux
718ee760cd feat(mangowm): update montor config 2026-05-08 04:31:05 +05:30
60 changed files with 2459 additions and 399 deletions
Expand all files Collapse all files

20
.sops.yaml
View File

@@ -3,7 +3,10 @@ keys:
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts - &hosts
- &sirius age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz - &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
- &canopus age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
- &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
- &alpha age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
creation_rules: creation_rules:
- path_regex: hosts/sirius/secrets.yaml$ - path_regex: hosts/sirius/secrets.yaml$
@@ -11,3 +14,18 @@ creation_rules:
- age: - age:
- *tux - *tux
- *sirius - *sirius
- path_regex: hosts/canopus/secrets.yaml$
key_groups:
- age:
- *tux
- *canopus
- path_regex: hosts/arcturus/secrets.yaml$
key_groups:
- age:
- *tux
- *arcturus
- path_regex: hosts/alpha/secrets.yaml$
key_groups:
- age:
- *tux
- *alpha

277
flake.lock generated
View File

@@ -97,6 +97,41 @@
"url": "https://codeberg.org/LGFae/awww" "url": "https://codeberg.org/LGFae/awww"
} }
}, },
"crane": {
"locked": {
"lastModified": 1765145449,
"narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
"owner": "ipetkov",
"repo": "crane",
"rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"cyber-tux": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739652548,
"narHash": "sha256-J4mL4DyRFTsEKlratZsbC9tm2i6Mzr6dEhetKk4jABM=",
"ref": "refs/heads/main",
"rev": "4ada9e2f0d3b6639627601d3f06128c953c2b446",
"revCount": 11,
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
},
"original": {
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
@@ -186,6 +221,22 @@
} }
}, },
"flake-compat_4": { "flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@@ -199,7 +250,7 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
} }
}, },
"flake-compat_5": { "flake-compat_6": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767039857, "lastModified": 1767039857,
@@ -222,11 +273,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777678872, "lastModified": 1777988971,
"narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=", "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "5250617bffd85403b14dbf43c3870e7f255d2c16", "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -349,6 +400,28 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"harfbuzz": { "harfbuzz": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -373,11 +446,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777846259, "lastModified": 1778444552,
"narHash": "sha256-jzln9xcpVcmEB1zfhJ+FIHd7/kaVHgGF+gQQHxj2fGI=", "narHash": "sha256-f18pIiR9q/p1vHY93gmAum7aHhQOG49oGvAB9+lptRo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4625f26228f4f7ea3cf65eee3023359a8221fcff", "rev": "dcebe66f958673729896eec2de4abfd86ef22d21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -482,11 +555,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1778072172, "lastModified": 1778442165,
"narHash": "sha256-onx/6cN1tHDnMH0oCQCnpQPKv9VijeLtfOh7PStp2f0=", "narHash": "sha256-SEwIBVG4RPEVBqRbEZadGteMlndFqIJD/9HOkPRIBm0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "1681bea42dd2f11ba3fe6df05560d0b231de3c76", "rev": "3e21a68bd0a81c2fc45f2c843c9d02c47350ef44",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -659,11 +732,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777492286, "lastModified": 1778234770,
"narHash": "sha256-PwuoEJQcjSKJNP5T55qhfDwIP0tw5zxEhfu8GDfKfeg=", "narHash": "sha256-jAcsogZwWMfXT9MfXxZzkwliAqIuZUV0p71h6Ba9ReE=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "ec5c0c709706bad5b82f667fd8758eae442577ce", "rev": "a2dbd8a4cc51f7cbe4224732668392bb1aa79df2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -779,6 +852,28 @@
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_6",
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1765382359,
"narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.0.0",
"repo": "lanzaboote",
"type": "github"
}
},
"libpng": { "libpng": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -805,11 +900,11 @@
"scenefx": "scenefx" "scenefx": "scenefx"
}, },
"locked": { "locked": {
"lastModified": 1778073611, "lastModified": 1778376841,
"narHash": "sha256-6rNTdQZq4x/F2bHQsk7qo4OhXs5Y0xsQrTR1hgKZOqw=", "narHash": "sha256-mUSCkFQGrcdVitwx0fDajWxxgvAV5BmppP4ShV3JOyY=",
"owner": "DreamMaoMao", "owner": "DreamMaoMao",
"repo": "mango", "repo": "mango",
"rev": "42c02e3dc20eb09c0191b027e387c0268f8e0fb5", "rev": "cabafb2393ff71615af4959a51885c8d1eefc9a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -820,17 +915,17 @@
}, },
"nixcord": { "nixcord": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"nixpkgs-nixcord": "nixpkgs-nixcord" "nixpkgs-nixcord": "nixpkgs-nixcord"
}, },
"locked": { "locked": {
"lastModified": 1778145028, "lastModified": 1778346777,
"narHash": "sha256-tJHyzazrh9cnL72lPiDCnLDOOP95vDb37PprmgiqHtw=", "narHash": "sha256-7gpzB8MDCMcRE0wDr7jjxK7/obfeiyAulsfQEsK9pi4=",
"owner": "kaylorben", "owner": "kaylorben",
"repo": "nixcord", "repo": "nixcord",
"rev": "b53c871a9c3d4d450ffbcac71d54f3e0ca1bbafc", "rev": "43930a83206bcdcf3ba4fc10aa4fb9c5f7a677e6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -841,11 +936,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1777796046, "lastModified": 1778143761,
"narHash": "sha256-bEJp/zaQApzynGRaAO62BZSz9tFikKtIHCn2yIA/s7Q=", "narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "eeb02f6e29fc8139c0b15af5ff0fdfdc6d0d3d90", "rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -919,11 +1014,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1777805331, "lastModified": 1778353088,
"narHash": "sha256-jINoZUP2tJEBLuVoMEhJn9qWQgpriGorwlgnBc1QAPg=", "narHash": "sha256-5yu6kIgn+hO0V7pomciXixWAnMcuwQvqFD5Dgb2K9L4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8cbe20ad0f64f9f9619b871dfdf57022beccef65", "rev": "071465abe725f841e610a52b194c3b86b288316a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -934,6 +1029,22 @@
} }
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1770107345, "lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
@@ -1014,6 +1125,22 @@
} }
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": {
"lastModified": 1764950072,
"narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f61125a668a320878494449750330ca58b78c557",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1777428379, "lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=", "narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
@@ -1029,13 +1156,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1777578337, "lastModified": 1777954456,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1045,7 +1172,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1777954456, "lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
@@ -1061,33 +1188,17 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1777918403,
"narHash": "sha256-7QiZv0LcW1yIOLo2LNuCQjWon1Z1r99FwK24hbtBOF4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "afc5551119aae6eab73a95c1960891cfe63204f6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1778156530, "lastModified": 1778454210,
"narHash": "sha256-4VhPk2NQKyYptNw1x/HG23sFmR4iYTOTZhGhzzYDQOs=", "narHash": "sha256-U6wleXwWGNDX588cqrz+Kg+7GrlB003JHQ0CVHj+3yA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "1b24f43e7f25d9c297a2ed45c654a72fc68d3d29", "rev": "c7c431a1bd1360cb568d309c2c18aa4785c254c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1096,6 +1207,29 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat_4",
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765016596,
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
@@ -1122,6 +1256,7 @@
"root": { "root": {
"inputs": { "inputs": {
"awww": "awww", "awww": "awww",
"cyber-tux": "cyber-tux",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@@ -1130,10 +1265,11 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"import-tree": "import-tree", "import-tree": "import-tree",
"lan-mouse": "lan-mouse", "lan-mouse": "lan-mouse",
"lanzaboote": "lanzaboote",
"mango": "mango", "mango": "mango",
"nixcord": "nixcord", "nixcord": "nixcord",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
@@ -1187,6 +1323,27 @@
} }
}, },
"rust-overlay_3": { "rust-overlay_3": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765075567,
"narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"wezterm-flake", "wezterm-flake",
@@ -1230,7 +1387,7 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1777944972, "lastModified": 1777944972,
@@ -1349,7 +1506,7 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_11"
}, },
"locked": { "locked": {
"lastModified": 1775636079, "lastModified": 1775636079,
@@ -1410,7 +1567,7 @@
}, },
"vicinae-extensions": { "vicinae-extensions": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -1418,11 +1575,11 @@
"vicinae": "vicinae" "vicinae": "vicinae"
}, },
"locked": { "locked": {
"lastModified": 1777930825, "lastModified": 1778369365,
"narHash": "sha256-0hVf9yH+v+0YaCqmr0aX0nR4pfmXjW1XhJcJyblJqE0=", "narHash": "sha256-Qxu3wUKqOJGJzj1RFvXw2StqHBDs+tVWvhKg9OZY87I=",
"owner": "vicinaehq", "owner": "vicinaehq",
"repo": "extensions", "repo": "extensions",
"rev": "20d6a13d2a389e61619b8540b8af746705409322", "rev": "de5313f14242dda1f88f6e8443eb349ed2b2cdb1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1440,7 +1597,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_3", "rust-overlay": "rust-overlay_4",
"zlib": "zlib" "zlib": "zlib"
}, },
"locked": { "locked": {

6
flake.nix
View File

@@ -29,6 +29,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = { wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix"; url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -57,5 +62,6 @@
awww.url = "git+https://codeberg.org/LGFae/awww"; awww.url = "git+https://codeberg.org/LGFae/awww";
nixcord.url = "github:kaylorben/nixcord"; nixcord.url = "github:kaylorben/nixcord";
nur.url = "github:nix-community/nur"; nur.url = "github:nix-community/nur";
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
}; };
} }

1
modules/flake/overlays.nix
View File

@@ -7,6 +7,7 @@
modifications = final: prev: { modifications = final: prev: {
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default; tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default; tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default; ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default; wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system}; hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};

11
modules/hm/desktop/cursor.nix
View File

@@ -1,11 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
};
}

5
modules/hm/desktop/easyeffects.nix Normal file
View File

@@ -0,0 +1,5 @@
{
flake.modules.homeManager.desktop = {
services.easyeffects.enable = true;
};
}

47
modules/hm/desktop/ghostty.nix Normal file
View File

@@ -0,0 +1,47 @@
{
flake.modules.homeManager.desktop = {
programs.ghostty = {
enable = true;
enableZshIntegration = true;
systemd.enable = true;
settings = {
confirm-close-surface = false;
gtk-titlebar = false;
window-padding-x = 10;
window-padding-y = 10;
font-size = 12;
font-family = "JetBrainsMono Nerd Font";
theme = "poimandres";
};
themes = {
poimandres = {
background = "#0f0f0f";
foreground = "#a6accd";
cursor-color = "#f2eacf";
selection-background = "#1a1a1a";
selection-foreground = "#f1f1f1";
palette = [
"0=#252b37"
"1=#d0679d"
"2=#5de4c7"
"3=#fffac2"
"4=#89ddff"
"5=#fae4fc"
"6=#add7ff"
"7=#ffffff"
"8=#a6accd"
"9=#d0679d"
"10=#5de4c7"
"11=#fffac2"
"12=#add7ff"
"13=#89ddff"
"14=#fcc5e9"
"15=#ffffff"
];
};
};
};
};
}

34
modules/hm/desktop/hyprland.nix
View File

@@ -1,13 +1,7 @@
{ {
flake.modules.homeManager.desktop = flake.modules.homeManager.desktop =
{ pkgs, ... }: { config, pkgs, ... }:
{ {
home.packages = with pkgs; [
ags
awww
];
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
package = null; package = null;
@@ -15,5 +9,31 @@
xwayland.enable = true; xwayland.enable = true;
systemd.variables = [ "--all" ]; systemd.variables = [ "--all" ];
}; };
# TODO: Hyprland 0.55 switched to Lua-based configuration.
# Until the Home Manager module is updated, we symlink our config instead.
home.file = {
".config/hypr/config".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/config";
".config/hypr/hyprland.lua".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/hyprland.lua";
};
home.packages = with pkgs; [
ags
awww
grim
slurp
hyprshot
wl-clipboard
wl-screenrec
(writeShellScriptBin "hypr-screenshot" ''
hyprshot -m region -r ppm - | satty --filename -
'')
(writeShellScriptBin "hypr-screenrecord" ''
wl-screenrec -g "$(slurp)"
'')
];
}; };
} }

470
modules/hm/desktop/mango.nix
View File

@@ -1,244 +1,256 @@
{ inputs, ... }: { inputs, ... }:
{ {
flake.modules.homeManager.desktop = flake.modules.homeManager.desktop =
{ pkgs, ... }: {
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.desktop.mangowm;
in
{ {
imports = [ imports = [
inputs.mango.hmModules.mango inputs.mango.hmModules.mango
]; ];
wayland.windowManager.mango = { options.tnix.desktop.mangowm = {
enable = true; enable = mkEnableOption "Enable MangoWM";
settings = {
# Monitors
monitorrule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
# Keyboard monitorRule = mkOption {
repeat_rate = 25; type = with types; listOf str;
repeat_delay = 600; default = [ ];
numlockon = 0; };
xkb_rules_layout = "us";
# Trackpad tagRule = mkOption {
disable_trackpad = 0; type = with types; listOf str;
tap_to_click = 1; default = [ ];
tap_and_drag = 1;
drag_lock = 1;
trackpad_natural_scrolling = 1;
disable_while_typing = 1;
left_handed = 0;
middle_button_emulation = 0;
swipe_min_threshold = 1;
# Mouse
mouse_natural_scrolling = 0;
mouse_accel_profile = 0;
# Theme
border_radius = 8;
no_radius_when_single = 0;
focused_opacity = 1.0;
unfocused_opacity = 1.0;
# Scroller Layout Setting
scroller_structs = 0;
scroller_default_proportion = 0.5;
scroller_ignore_proportion_single = 0;
scroller_default_proportion_single = 1.0;
# Master-Stack Layout Setting
new_is_master = 0;
default_mfact = 0.5;
default_nmaster = 1;
smartgaps = 0;
# Overview Setting
hotarea_size = 10;
enable_hotarea = 1;
ov_tab_mode = 0;
overviewgappi = 15;
overviewgappo = 15;
# layouts
tagrule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
# Keybindings
mousebind = [
"SUPER, btn_left, moveresize, curmove"
"SUPER, btn_right, moveresize, curresize"
];
gesturebind = [
"none, right, 3, viewtoleft_have_client"
"none, up, 3, toggleoverview"
"none, down, 3, toggleoverview"
];
bind = [
# apps
"SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle"
"SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
# WM
"SUPER, Q, killclient"
"SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating"
"ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps"
# switch layout
"SUPER+SHIFT, H, setlayout, tile"
"SUPER+SHIFT, V, setlayout, vertical_tile"
"SUPER+SHIFT, S, setlayout, scroller"
# resize client
"SUPER+CTRL, Up, resizewin, +0, -50"
"SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0"
# swap client
"SUPER+SHIFT, Up, exchange_client, up"
"SUPER+SHIFT, Down, exchange_client, down"
"SUPER+SHIFT, Left, exchange_client, left"
"SUPER+SHIFT, Right, exchange_client, right"
# switch client focus
"SUPER, Tab, focusstack, next"
"SUPER, Left, focusdir, left"
"SUPER, Right, focusdir, right"
"SUPER, Up, focusdir, up"
"SUPER, Down, focusdir, down"
# switch view
"SUPER, 1, view, 1, 0"
"SUPER, 2, view, 2, 0"
"SUPER, 3, view, 3, 0"
"SUPER, 4, view, 4, 0"
"SUPER, 5, view, 5, 0"
# move client to the tag with focus
"SUPER+SHIFT, 1, tagsilent, 1, 0"
"SUPER+SHIFT, 2, tagsilent, 2, 0"
"SUPER+SHIFT, 3, tagsilent, 3, 0"
"SUPER+SHIFT, 4, tagsilent, 4, 0"
"SUPER+SHIFT, 5, tagsilent, 5, 0"
# move client to the tag without focus
"SUPER+ALT, 1, tag, 1, 0"
"SUPER+ALT, 2, tag, 2, 0"
"SUPER+ALT, 3, tag, 3, 0"
"SUPER+ALT, 4, tag, 4, 0"
"SUPER+ALT, 5, tag, 5, 0"
];
# Window effect
blur = 0;
blur_layer = 0;
blur_optimized = 1;
blur_params_num_passes = 2;
blur_params_radius = 5;
blur_params_noise = 0.02;
blur_params_brightness = 0.9;
blur_params_contrast = 0.9;
blur_params_saturation = 1.2;
shadows = 0;
layer_shadows = 0;
shadow_only_floating = 1;
shadows_size = 10;
shadows_blur = 15;
shadows_position_x = 0;
shadows_position_y = 0;
shadowscolor = "0x000000ff";
# Animation
animations = 1;
layer_animations = 1;
animation_type_open = "slide";
animation_type_close = "fade";
animation_fade_in = 1;
animation_fade_out = 1;
tag_animation_direction = 1;
zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5;
fadeout_begin_opacity = 0.8;
animation_duration_move = 100;
animation_duration_open = 100;
animation_duration_close = 100;
animation_duration_tag = 200;
animation_duration_focus = 0;
animation_curve_open = "0.46, 1.0, 0.29, 1";
animation_curve_move = "0.46, 1.0, 0.29, 1";
animation_curve_tag = "0.46, 1.0, 0.29, 1";
animation_curve_close = "0.08, 0.92, 0, 1";
animation_curve_focus = "0.46, 1.0, 0.29, 1";
animation_curve_opafadeout = "0.5, 0.5, 0.5, 0.5";
animation_curve_opafadein = "0.46, 1.0, 0.29, 1";
# Appearance
borderpx = 0;
gappih = 10;
gappiv = 10;
gappoh = 10;
gappov = 10;
rootcolor = "0x201b14ff";
bordercolor = "0x444444ff";
focuscolor = "0xc9b890ff";
maximizescreencolor = "0x89aa61ff";
urgentcolor = "0xad401fff";
scratchpadcolor = "0x516c93ff";
globalcolor = "0xb153a7ff";
overlaycolor = "0x14a57cff";
# Misc
syncobj_enable = 1;
exec-once = [
"dbus-update-activation-environment --systemd --all; systemctl --user reset-failed && systemctl --user start mango-session.target"
"awww-daemon"
"dms run"
];
}; };
}; };
home.packages = with pkgs; [ config = mkIf cfg.enable {
quickshell wayland.windowManager.mango = {
dms-shell enable = true;
dgop settings = {
]; # Monitors
monitorrule = cfg.monitorRule;
focus_cross_monitor = 1;
exchange_cross_monitor = 1;
drag_tile_to_tile = 1;
# Keyboard
repeat_rate = 25;
repeat_delay = 600;
numlockon = 0;
xkb_rules_layout = "us";
# Trackpad
disable_trackpad = 0;
tap_to_click = 1;
tap_and_drag = 1;
drag_lock = 1;
trackpad_natural_scrolling = 1;
disable_while_typing = 1;
left_handed = 0;
middle_button_emulation = 0;
swipe_min_threshold = 1;
# Mouse
mouse_natural_scrolling = 0;
mouse_accel_profile = 0;
# Theme
border_radius = 8;
no_radius_when_single = 0;
focused_opacity = 0.9;
unfocused_opacity = 0.9;
# Scroller Layout Setting
scroller_structs = 0;
scroller_default_proportion = 0.5;
scroller_ignore_proportion_single = 0;
scroller_default_proportion_single = 1.0;
# Master-Stack Layout Setting
new_is_master = 0;
default_mfact = 0.5;
default_nmaster = 1;
smartgaps = 0;
# Overview Setting
hotarea_size = 10;
enable_hotarea = 1;
ov_tab_mode = 0;
overviewgappi = 15;
overviewgappo = 15;
# layouts
tagrule = cfg.tagRule;
# Keybindings
mousebind = [
"SUPER, btn_left, moveresize, curmove"
"SUPER, btn_right, moveresize, curresize"
];
gesturebind = [
"none, right, 3, viewtoleft_have_client"
"none, up, 3, toggleoverview"
"none, down, 3, toggleoverview"
];
bind = [
# apps
"SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle"
"SUPER, D, spawn, vesktop"
"SUPER, T, spawn, Telegram"
"SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
# WM
"SUPER, Q, killclient"
"SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating"
"SUPER+SHIFT, Space, centerwin"
"ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps"
"SUPER+SHIFT, P, toggleglobal"
# switch layout
"SUPER+SHIFT, H, setlayout, tile"
"SUPER+SHIFT, V, setlayout, vertical_tile"
"SUPER+SHIFT, S, setlayout, scroller"
# resize client
"SUPER+CTRL, Up, resizewin, +0, -50"
"SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0"
"SUPER+CTRL, Equal, setoption, default_mfact, 0.5"
# swap client
"SUPER+SHIFT, Up, exchange_client, up"
"SUPER+SHIFT, Down, exchange_client, down"
"SUPER+SHIFT, Left, exchange_client, left"
"SUPER+SHIFT, Right, exchange_client, right"
# switch client focus
"SUPER, Tab, focusstack, next"
"SUPER, Left, focusdir, left"
"SUPER, Right, focusdir, right"
"SUPER, Up, focusdir, up"
"SUPER, Down, focusdir, down"
# switch view
"SUPER, 1, view, 1, 1"
"SUPER, 2, view, 2, 1"
"SUPER, 3, view, 3, 1"
"SUPER, 4, view, 4, 1"
"SUPER, 5, view, 5, 1"
# move client to the tag with focus
"SUPER+SHIFT, 1, tagsilent, 1, 1"
"SUPER+SHIFT, 2, tagsilent, 2, 1"
"SUPER+SHIFT, 3, tagsilent, 3, 1"
"SUPER+SHIFT, 4, tagsilent, 4, 1"
"SUPER+SHIFT, 5, tagsilent, 5, 1"
# move client to the tag without focus
"SUPER+ALT, 1, tag, 1, 1"
"SUPER+ALT, 2, tag, 2, 1"
"SUPER+ALT, 3, tag, 3, 1"
"SUPER+ALT, 4, tag, 4, 1"
"SUPER+ALT, 5, tag, 5, 1"
];
# Window effect
blur = 1;
blur_layer = 0;
blur_optimized = 1;
blur_params_num_passes = 2;
blur_params_radius = 5;
blur_params_noise = 0.02;
blur_params_brightness = 0.9;
blur_params_contrast = 0.9;
blur_params_saturation = 1.2;
shadows = 1;
layer_shadows = 0;
shadow_only_floating = 1;
shadows_size = 10;
shadows_blur = 15;
shadows_position_x = 0;
shadows_position_y = 0;
shadowscolor = "0x000000ff";
# Animation
animations = 1;
layer_animations = 1;
animation_type_open = "slide";
animation_type_close = "fade";
animation_fade_in = 1;
animation_fade_out = 1;
tag_animation_direction = 0;
zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5;
fadeout_begin_opacity = 0.8;
animation_duration_move = 100;
animation_duration_open = 100;
animation_duration_close = 100;
animation_duration_tag = 200;
animation_duration_focus = 0;
animation_curve_open = "0.46, 1.0, 0.29, 1";
animation_curve_move = "0.46, 1.0, 0.29, 1";
animation_curve_tag = "0.46, 1.0, 0.29, 1";
animation_curve_close = "0.08, 0.92, 0, 1";
animation_curve_focus = "0.46, 1.0, 0.29, 1";
animation_curve_opafadeout = "0.5, 0.5, 0.5, 0.5";
animation_curve_opafadein = "0.46, 1.0, 0.29, 1";
# Appearance
borderpx = 0;
gappih = 10;
gappiv = 10;
gappoh = 10;
gappov = 10;
rootcolor = "0x201b14ff";
bordercolor = "0x444444ff";
focuscolor = "0xc9b890ff";
maximizescreencolor = "0x89aa61ff";
urgentcolor = "0xad401fff";
scratchpadcolor = "0x516c93ff";
globalcolor = "0xb153a7ff";
overlaycolor = "0x14a57cff";
# Misc
syncobj_enable = 1;
exec-once = [
"dbus-update-activation-environment --systemd --all; systemctl --user reset-failed && systemctl --user start mango-session.target"
"awww-daemon"
"dms run"
];
};
};
home.packages = with pkgs; [
quickshell
dms-shell
dgop
];
};
}; };
} }

24
modules/hm/desktop/mpv.nix Normal file
View File

@@ -0,0 +1,24 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
scripts = (
with pkgs.mpvScripts;
[
modernz
thumbfast
mpris
mpv-image-viewer.image-positioning
]
);
config = {
osc = "no";
border = "no";
};
};
};
}

19
modules/hm/desktop/satty.nix Normal file
View File

@@ -0,0 +1,19 @@
{
flake.modules.homeManager.desktop = {
programs.satty = {
enable = true;
settings = {
general = {
corner-roundness = 12;
initial-tool = "arrow";
early-exit = true;
copy-command = "wl-copy";
};
font = {
family = "JetBrainsMono NerdFont";
};
};
};
};
}

31
modules/hm/desktop/theme.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
enable = true;
style = {
name = "Breeze";
package = pkgs.kdePackages.breeze;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
};
}

5
modules/hm/desktop/vicinae.nix
View File

@@ -54,11 +54,6 @@
imports = [ "/run/secrets/vicinae.json" ]; imports = [ "/run/secrets/vicinae.json" ];
providers = { providers = {
"@samlinville/store.raycast.tailscale" = {
"preferences" = {
"tailscalePath" = "${pkgs.tailscale}/bin/tailscale";
};
};
"@sovereign/vicinae-extension-awww-switcher-0" = { "@sovereign/vicinae-extension-awww-switcher-0" = {
"preferences" = { "preferences" = {
"transitionDuration" = "1"; "transitionDuration" = "1";

3
modules/hm/shell/neovim.nix
View File

@@ -13,8 +13,9 @@
neovim = { neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
vimAlias = true;
}; };
vim.enable = true;
}; };
home = { home = {

9
modules/hm/shell/opencode.nix
View File

@@ -7,14 +7,19 @@
}; };
settings = { settings = {
provider = { provider = {
google = {
options = {
apiKey = "{file:/run/secrets/gemini-api-key}";
};
};
openrouter = { openrouter = {
options = { options = {
apiKey = "{file:/run/secrets/open_router_api_key}"; apiKey = "{file:/run/secrets/openrouter-api-key}";
}; };
}; };
opencode-go = { opencode-go = {
options = { options = {
apiKey = "{file:/run/secrets/open_code_go_api_key}"; apiKey = "{file:/run/secrets/opencode-go-api-key}";
}; };
}; };
}; };

82
modules/hosts/alpha/config.nix Normal file
View File

@@ -0,0 +1,82 @@
{ config, ... }:
{
flake.modules.nixos.alpha =
{
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/opencode"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/alpha/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "alpha";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/alpha/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.alpha =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/alpha/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.alpha =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/alpha/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.alpha = {
home.stateVersion = "26.05";
};
}

29
modules/hosts/alpha/secrets.yaml Normal file
View File

@@ -0,0 +1,29 @@
tux-password: ENC[AES256_GCM,data:tvx3nMoIuQSotxHDWLs7UesnyWY3u3EwkqAIzCw3Z2AJseaiqnt/xeSKAeUXPVSs85rVdIJ6Ys5+6r+NONEG7ujuNevpjJRNkQ==,iv:CB0BIrMfdiWiMCvmRdtsafh3dCAD5Qb3mOuE7eq4nA4=,tag:p/3AESwNCEL4EoU9rJjUPw==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Bo3Z5Jhce0UOBn77I2AcrXYbBgPLDx0eOjPC8J63E/VWNhMPbbxb,iv:iWOsTACOMcK3oqq848WnJ5Ku3tYy1aadmLB4IMgoyqg=,tag:BPzlXoP8/iJaj8c/YFCWyg==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:D+/ImUTg7UvBTh0fMlWMZ0O/GsQS/R4Hz+CO4l42R6mn+zk+udvw79BctXdWWyrFf2ZNOTJ/99QTtWOUOvHISWaEJogXyb+93g==,iv:c7OtgBu1Zaf7lA4InIsKOAPbAvTl3gaO7QGCFNx21Bo=,tag:KXiASj/qC1YzK6DUox57ug==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:ipKkNcRqBERIQ6f6yFzVm999s+UwJys4elHWhzpL441RfOaG9MmRWMcD+wRLJ7DSWFjYu6uUPF7TKez8J6abWeKDgg==,iv:FDSYE3R8zKVxWiP2S/sCVcwEu3fEXg/hCeqCRSF+c6g=,tag:5RDuMFGMoN6xwAYj0HiyjQ==,type:str]
netbird-key: ENC[AES256_GCM,data:NilfyafnGhFVYD6q4+jJQxlhXNdNC8BQ1CZfu8a5wc693Y1h,iv:Rpl0OpkQdBMPpIJ08t9Z0AjDAW6c97pFZKO1KPu8ipY=,tag:du3d0SQWuqJtJSwhSgJE4g==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR0kzRXBGRjJaVldDRk90
KzYwSzJBeXBnNVZ0T2VaU2oyLzdRWmo5ZzNVCk9HTDVtMk8xL1cwL2FSRUR5UGdS
bXJnOXhTbWozWm5rd2pnaFNoWk0rWncKLS0tIGFWWmY2WU9YanJ5UElab3lqaXNo
QUhYUWs4bitJaGpXL200b0s0SmVIeVUKevQ1IVqmqGIYf014iL47C02+peSYJyeE
PNluZUA6VzrL2WpdJzDqxAwSWtcgXG0/JADIg+DssnhftiHMHzn3NQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1VPODRnNEs2bXlUVjB5
Z0pBUzBnRDQ0WWcvL2IvUHdmQXUxNjRpTVN3Ck9VLzd2QWpMMlFJck1EQXBVanl0
SC91bDFqNFlJZ2E0UXVZa3BKRjh3TlkKLS0tIENuc1dUZ1dDUTg2VXBueU1ETG9S
c095blJheHhVT0E4bjdGUWlYN0N4MVUKK42sChX4V37HK1SRKQxldLpft2jVfeiG
4TkObqH8ddGpbd7cX5a/wboTjYuEdAviWxjK2oBPgtcFc1f03X3tmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T01:11:29Z"
mac: ENC[AES256_GCM,data:E+ZcNRFEPtJK02gWooRs7f20BHIYf8Ot4GjB1ab1KZwhI+3pUI6r654iO8+tiimQSeLWLgD43Szq4/7CpS+8NVjSI5uvXSxQQubXQfI0LmulT5XAVueOuSMgvetSFg8yN6+njBmr/MauixSSs2jjpQxtfsSSBgZ9RO7B7qLpMe4=,iv:kdCcTLb3bDmCfcjQQ8fH5ipkTQ5YlVDlhEVw5MzsH6s=,tag:ojub2y6b+jMbW/5i39xH5w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

112
modules/hosts/arcturus/config.nix Normal file
View File

@@ -0,0 +1,112 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
hostName,
userName,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".config/sops"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
services = {
cyber-tux = {
enable = true;
environmentFile = innerArgs.config.sops.secrets.discord-token.path;
};
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
discord-token = {
sopsFile = ./secrets.yaml;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "arcturus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

74
modules/hosts/arcturus/disko.nix Normal file
View File

@@ -0,0 +1,74 @@
{ inputs, ... }:
{
flake.modules.nixos.arcturus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

36
modules/hosts/arcturus/hardware.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
lib,
pkgs,
system,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
};
}

6
modules/hosts/arcturus/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.arcturus = {
home.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:eXg28pYQjIi5iPh4oHBOvIYQReM92T79uty/O461mEoLB8awr8ikq3RM7Mux3jZKM+Fk/Ow3NNG0F/154dZentodr1uvy9gD1g==,iv:nQevOumENveBMuiYMJF0OokORyjZCpR8ahTfOuj2Dzo=,tag:64zz8eVuw1OwTltfAUwWSg==,type:str]
discord-token: ENC[AES256_GCM,data:uzxkrNRRplL/1MfvPZ/EL+I8UACuZQBHZ95BSHuxW0nBjxhr2F89D2BXTcKOBI9qO6uMjK5WBtWzSOw3y9EsngTTm/youIdkrIDLP3r/tkpOkLa/VjM=,iv:OxzFa0nEInV5uxgQFww11ZE1NorH5q130Tgp/6l9uOE=,tag:g4U9wLhPAkz72ktbQ8KrSg==,type:str]
gemini-api-key: ENC[AES256_GCM,data:gLZSoYTdKY+rwIpYiXvN9n9PGkUD6q8Oe7dHnYkjEjwDf5qpjubg,iv:ySoNgQWTu9DjvbashF4ulyYP8fJUl4yrCTeBQ0jrGmw=,tag:FctubsQv50AP78JvTb9bpQ==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:6xONCl9lqOoO7b4CEyCz9607tICDUAkpglRjGS5nYq2ppg2UKqYTrWD1BGCA5Xfs/CWskniVhoNG3vscjKiYCCh9gbM6aqdmTQ==,iv:7Iwc9t00HOOBjA7URXcUO41badqYyJCkFHM/uPkLFxY=,tag:Cl39kitr2e0//HVwAdsdUQ==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:dmeRKn7TWHnqvpyPQpcEG6yHTb2bRby/rh10ytL0jHj5R+lRmNVdmqUF92GTznY9vEaB6ZYCJecWhpm8g4upNfOWBg==,iv:9UMJpAlD8gpcNiN+liu3nawoAZQKapEg7sCp561N9E8=,tag:OZlASpOa5BQaQwFWjoLCRw==,type:str]
netbird-key: ENC[AES256_GCM,data:q6eKisca04qn/CvALrvXF79MsToDhvLRLv2JTiUBAZglCC9m,iv:jj0/ZD7IDgopprTVUgSfJmdAJmUP3iqewU3dqssGYbk=,tag:6IPRdCm2FGdlTEIX7jt3qA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Qkh0cmdHNGJTYmFNUFZW
c244RjlyNjlrSWh1bG1IRFFFeFZZVzhaYVdBCmd1N3JNS0IzWDlUMUJSM0pYdi9L
MzlHRk1pZ1hqaVdIYUQwczh2VDVtZE0KLS0tIEtRYWF6V0I3eDBZSnVmZ2R5S0Z5
Z3hhRitmdEwxbzcrS0cwNTZVK1lXYlUKSFfKk7JGzxRq9weL4NKJqfmAige2O+1T
59PvEFKvvkGb6ajkzwTw0lB3UFzly6FuTnbSLY9r+oT9AMbxLoKdcQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYlZiak1CSW1NSGt5QTRi
RjlUeG5EODVkTVJDY1RrZXJ6OU5NQ0RIOG5jCnJxZ1R6MmlGWXY2SmtaY1pQSWdZ
UWp3L2h6c0k0MVpubE9BRSswUEk3ZkkKLS0tIGN4Zm1tcHBiKzAyYWNHVktVZmpU
V3h4dUZLcktrTUZvUm44eVZOWEl4VmMKMTvajoWcktb4jVIP4HyzQiR41Wg8Gdqi
TLKEYsPQgOJ7s8P9gw2uPUY6HRz86CtiC6EbO27u0+8BbI85x1QScg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:36:06Z"
mac: ENC[AES256_GCM,data:nD0exblrbheP1C5lK8V17V/gkHJO6s6yVjXtQWcUOLVGrzkPSxkymYBHUFMTLVyYQNLCVMc8AHkuHVuJ1tBfXNll1f6/SGtfaBQcOLct70U7nFxd/XybTUlscNp2KafJWy/n4ZUfNDbfrWN1R463CN/M50jGqJPDWYuP9ah2JcI=,iv:izQUT/+HQqJZ48X5bXobFSaWcdcXQ/7eh+SCd9i4YYo=,tag:FJlR2wI4rWQ/SDfQGtQ7AQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

132
modules/hosts/canopus/config.nix Normal file
View File

@@ -0,0 +1,132 @@
{ config, ... }:
{
flake.modules.nixos.canopus =
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = false;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install.
system.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "canopus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/canopus/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.canopus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "32G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

134
modules/hosts/canopus/hardware.nix Normal file
View File

@@ -0,0 +1,134 @@
{ inputs, config, ... }:
{
flake.modules.nixos.canopus =
{
lib,
system,
...
}@innerArgs:
{
imports =
with config.flake.modules.nixos;
[
hardware
]
++ [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
services = {
power-profiles-daemon.enable = true;
upower.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 80,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_profile_linked_epp: true,
platform_profile_on_battery: Quiet,
platform_profile_on_ac: Performance,
change_platform_profile_on_battery: true,
change_platform_profile_on_ac: true,
profile_quiet_epp: Power,
profile_balanced_epp: BalancePower,
profile_custom_epp: Performance,
profile_performance_epp: Performance,
ac_profile_tunings: {},
dc_profile_tunings: {},
armoury_settings: {},
)
'';
profileConfig.text = ''
(
active_profile: Quiet,
)
'';
fanCurvesConfig.text = ''
(
profiles: (
balanced: [
(
fan: CPU,
pwm: (2, 22, 45, 68, 91, 153, 153, 153),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (2, 25, 48, 71, 94, 165, 165, 165),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
performance: [
(
fan: CPU,
pwm: (35, 68, 79, 91, 114, 175, 175, 175),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (35, 71, 84, 94, 119, 188, 188, 188),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
quiet: [
(
fan: CPU,
pwm: (2, 12, 22, 35, 45, 58, 79, 79),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
(
fan: GPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 84),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
],
custom: [],
),
)
'';
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

39
modules/hosts/canopus/home.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, ... }:
{
flake.modules.homeManager.canopus = {
imports = with config.flake.modules.homeManager; [
desktop
];
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:eDP-1, width:2560, height:1440, refresh:165, x:0, y:0, vrr:1"
];
tagRule = [
"id:1, layout_name:tile"
"id:2, layout_name:tile"
"id:3, layout_name:tile"
"id:4, layout_name:tile"
"id:5, layout_name:scroller"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints = {
"f4:4b:17:61:f7:01:a4:a2:e1:c7:8c:1c:7a:f3:8b:87:14:3d:05:3d:a0:8b:cc:e7:88:d8:d8:d2:a4:c2:75:8b" =
"sirius";
};
};
};
};
home.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:Xb4/JMAZCBnBheDCJdRRGXLnMJ1ej8HbN+AUqA/+2sdYESKeF1PFny4Iq2kqvzdK4D3mp+pdjd7GAGfJp4M7sOcvI3V/coyxPQ==,iv:h+S+MEwHj22uHaTzFoxGZtefNUAQNp3fbU+QRfgtKvQ=,tag:VHrIEIQivPFTfhmm7dWEyQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Q6+actg0oyUWiUJVy/9yZmea1QyGu2o8LfMsuAVFD6k7kp0dYIrl,iv:ukyouqrHxzVpBBE98KL6PW8P3j+seemm/e0Gl1urUcM=,tag:Z7MM3dJ414CmdxE72cdzNA==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:SalhWKR6artX/kOVKZGpKSmrgsQDU/heshrdkK3wotOZ3BRn/ZqZRBldvl1JPSenMAMvE2LWUdmBQmwG/id7L7JL1O/+lUHIQw==,iv:hLlHayFJgUkWOirVLfqP0pGRBZAqGKe+EE2yG1ELGNk=,tag:0qoo0tb+xWjjQXr4n1qGmw==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:zbeTcaXJZFVfYnM/7sgblJFU9WfeosX/44KsXvrzKwiLPfGLLYYo9AFaCvWzzG6jHuSZC5OYrBWfOZv4+3omfCgglQ==,iv:LscUQE+PNhXGim9PSqc9nZIZichWSgAn/zsNxQ/HM/o=,tag:MaBCobnRM42fopiibibe5Q==,type:str]
netbird-key: ENC[AES256_GCM,data:swmaa+RjxeUmEl8hS2riGrW4lP5jdks9HM3x57/FLpOuqFtR,iv:MrpVjiocrPi+dBGPk7pwgSUNlJ1eryRpMjC8+jkU+T0=,tag:j6sqpQ02apqc6FwkdDvk9g==,type:str]
vicinae-json: ENC[AES256_GCM,data:FarBf6l8pl3hF7kGKPIWztUhwiKoQXmyTufCuJ120K/bPh1Bfiyi+ETt4DLYOGI6FJXfpVz4BbZOA29bXTLhVPxH0QtyBu/F5uEqA015b/c8VevDJSyy9huR13qO9ksLbMBt8RfWbAd9j26t7A1C8/mMyiJOEXCCTV9CEIW3xWrsYmhwsT8RYM+PwrPSeN1gQXHSMyRUjf/kOdJoda8+iXpLfjo4II4r2ELpbqi8QxhrRdsJsoOfAymFM784NtlTjE+h6S4TMehmoF/9ARif6I5SGQ0WfIKt/8orTGCPllL+NupLziSnpIGRGSybdArD+o5NCw59GOAbVRADxq8rCESwEkq3cF+hm8HabfYbiQ==,iv:Y/hXLFTJT3gNF3B6tgKoAh7njVuneoUzjVTlsCZiySw=,tag:2hfrwph6IccJdRu/yGu3XA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS2RZdVJaNTlRamZPMkll
MDRVSVl1b2x2LzZpdlBrdmZtdyt3UE15RldRCldXUXE2a1BFeHg5NGNPbW5IMDht
cHN1QituOU9uWFQwNS9udzNEbVhtUjQKLS0tIEtkTXhlYS9XSUlQRTY1eXBjeXZQ
bThQTFdZU29ISm93TWcwVk5ZTkhRWm8KCcprmLGhahgDkXCBpzjctHgao+gc+rKC
xLIwheUyFJOGK+ixqcdoZ/PC0kY68hVLt1YzLAyxFi4Ur1wltPrNug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVW13WFE1Ylh3Uk1HNU1i
bU9kRzFqTmhkQlRzMlRkM0VhMlNmMDUyK25NCkZYUStxM2tScGozRXJGekxGa1RX
b1VXK0Y2Z1U0YU9XRmxRUWdWem50L1EKLS0tIFovcHRlZ1JJd2lRN0RFbHdCdm9m
V1N3eUVjZ0VZRjBZdXRPNng3Y3JoUTAKQau9CG9XfvM+5JZVRwaJr/o/sXMaJiy2
wo2YcDb+4vfT4Wr+/8J3ccQgbLRZH916X5ZPL+A+nFyVXVKOCl3ENg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-12T06:33:00Z"
mac: ENC[AES256_GCM,data:htDJdEx34Q5NG8vwbBimnFENZawbLZ4FC0DkyG6J5RYP0BFnycKcKGsYR87SvIjcJZXvfZ0e6fXdtc78dd6I0sQtrQ7aNn4Iktbu/AkPmntsBwpIjVI99X9zUyQB87go/oX15yuyt8loB6ds2RkL/pfFsgLbFc10JHsBy+WcEzI=,iv:HvY+5LYzyHpRm8XCSKrN8ra/LJT9v23TPSsZg/4QVNU=,tag:k+d45+zgBYq4vlWmmc8ZkQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

82
modules/hosts/sirius/config.nix
View File

@@ -8,15 +8,56 @@
... ...
}: }:
{ {
imports = with config.flake.modules.nixos; [ imports = with config.flake.modules.nixos; [
boot
networking networking
desktop desktop
gaming
virtualisation virtualisation
]; ];
tnix = { tnix = {
services.openssh.enable = true; boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
".config/lan-mouse/lan-mouse.pem"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
@@ -33,30 +74,30 @@
neededForUsers = true; neededForUsers = true;
}; };
openrouter_api_key = { gemini-api-key = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = userName; owner = userName;
}; };
opencode_go_api_key = { openrouter-api-key = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = userName; owner = userName;
}; };
"vicinae.json" = { opencode-go-api-key = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = userName; owner = userName;
}; };
};
# --- Boot --- netbird-key = {
boot = { sopsFile = ./secrets.yaml;
loader = { owner = userName;
systemd-boot.enable = true; };
efi.canTouchEfiVariables = true;
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
}; };
kernelPackages = pkgs.linuxKernel.packages.linux_zen;
kernelParams = [ "nvidia-drm.modeset=1" ];
}; };
# --- Networking --- # --- Networking ---
@@ -80,17 +121,10 @@
firewall.enable = false; firewall.enable = false;
}; };
# --- Hardware / GPU --- environment.systemPackages = with pkgs; [
hardware = { davinci-resolve
nvidia = { telegram-desktop
modesetting.enable = true; ];
open = false;
nvidiaSettings = true;
};
};
nixpkgs.config.cudaSupport = true;
services.xserver.videoDrivers = [ "nvidia" ];
environment.systemPackages = with pkgs; [ nvtopPackages.full ];
# !!! DO NOT CHANGE THIS !!! # !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install. # This should match the version used at initial install.

9
modules/hosts/sirius/default.nix
View File

@@ -14,7 +14,14 @@ in
{ {
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem { flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { inherit hostName userName userEmail; }; specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [ modules = [
config.flake.modules.nixos.core config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName} config.flake.modules.nixos.${hostName}

82
modules/hosts/sirius/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.sirius =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "70G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

47
modules/hosts/sirius/hardware.nix
View File

@@ -1,11 +1,18 @@
{ config, ... }:
{ {
flake.modules.nixos.sirius = flake.modules.nixos.sirius =
{ {
config,
lib, lib,
pkgs,
system,
... ...
}: }@innerArgs:
{ {
imports = with config.flake.modules.nixos; [
hardware
];
boot.kernelParams = [ "nvidia-drm.modeset=1" ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@@ -18,31 +25,27 @@
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { hardware = {
device = "/dev/disk/by-uuid/d856ed98-6841-4cbf-89be-e08c6f48b9ea"; nvidia = {
fsType = "ext4"; modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
}; };
fileSystems."/boot" = { services = {
device = "/dev/disk/by-uuid/7FE1-55C5"; xserver.videoDrivers = [ "nvidia" ];
fsType = "vfat"; power-profiles-daemon.enable = true;
options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/69794aa5-51a9-4816-8d45-7791505165d4"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; nixpkgs.config.cudaSupport = true;
# networking.interfaces.wlp10s0f3u2i2.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault system;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; environment.systemPackages = with pkgs; [
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; nvtopPackages.full
];
}; };
} }

55
modules/hosts/sirius/home.nix
View File

@@ -5,17 +5,50 @@
desktop desktop
]; ];
tnix.services.lan-mouse = { tnix = {
enable = true; desktop = {
settings = { mangowm = {
clients = [ enable = true;
{ monitorRule = [
position = "bottom"; "name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
hostname = "canopus"; "name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
activate_on_startup = true; "name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
ips = [ "192.168.8.2" ]; ];
}
]; tagRule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
clients = [
{
position = "bottom";
hostname = "canopus";
activate_on_startup = true;
ips = [ "192.168.8.2" ];
}
];
};
}; };
}; };

37
modules/hosts/sirius/secrets.yaml
View File

@@ -1,29 +1,30 @@
tux-password: ENC[AES256_GCM,data:EJFFMc0W1YvCLINg4kETlUbqMYSfRTsiRuoB5MybaVwl7bbBXyPFo/MspFFMXpAqSPrzRAPaM8Lxk9ndbjt7gZpSu1dPThq36Q==,iv:zn3UUMOcW09u6KTz87tDr1wfmsLMKIRBDpLfQhg0p14=,tag:AOs7NASXeo98mNKqsYP3Ww==,type:str] tux-password: ENC[AES256_GCM,data:JWQVd2MYX2U4UP4II62ixG9hWI5MtgHAFhl8aCmyrYPl1H/ig9ZYqfTiggJsOoXM9CUHmhUTrSWw7xRvbzztBrC7L4ABcWPbrQ==,iv:wY/RNJs7XaCsHHNX2MLBqzAgDCSo4rht10oiKrUlTHo=,tag:DcADVtEJs2KCeNS6AhO0SQ==,type:str]
gemini_api_key: ENC[AES256_GCM,data:agH39C8hXX1jKYq03Z70aHHfrKSbNnHJfndMB53YJgWEzban7uMA,iv:fnYOySXisW1n6Moad9xBoRQFtRa/J6zTcp0lAMEtguw=,tag:0ENL4uu+8OpNc9X+hy7SiQ==,type:str] gemini-api-key: ENC[AES256_GCM,data:Y9YgXp/tB3Q1Rb5YMsZLgWCq+bdeIjsXAVeO3Yh7nZ8MwDH7d5De,iv:FIXxJCn6JDYsHIoNn8f8Un3z9ZPVbxdjR48Ux88poRg=,tag:bMJ4i69HTspnhzsrsxkbrw==,type:str]
openrouter_api_key: ENC[AES256_GCM,data:VBhV4NcR+7O7X2/OpN2yAGnfcSS2o3Zbvr5g3LHjdUixNSq8OZupsT9SVJDGE/RJp6nunPnYo4K8qQP2+m3K3aeQYKIyT5KNTg==,iv:CVLnloUsobanpHOuP31eIGpGoJOODukGaEmQRF+RPGw=,tag:DdEtCHMPwIIbdwZis4lQgg==,type:str] openrouter-api-key: ENC[AES256_GCM,data:HfZgZz4NyCLLM9woTZp2I6JGOlVcFblw2OMjx8k0TG5ZU2ycBCF6bKqp3wFibUxXcHy+nIfjI82fkLeSyIaGILRLYCJCc8BHKw==,iv:umUcn8MRaj7JXo6IFrGMXOu+jsFSCEikMxsQxfaFS/Q=,tag:l2s61C4EpJoKv8cc9nYGFA==,type:str]
opencode_go_api_key: ENC[AES256_GCM,data:F7WXUHDX+pESqQJ4Sg5lNXqHLvsCd1bDFPZOutuacDFu3wLHs8i0kD/rLZ+m78OmRBRv2P3kf/gJsggtkvLC/PADYQ==,iv:23soYOeKC+CvLqwvP0M+uXICBKLsOs3z8g6iUhxzrpY=,tag:2EhgRFUaHsyNJ6TqYXJYzw==,type:str] opencode-go-api-key: ENC[AES256_GCM,data:BGERcZg5Jpnznc4cXeYFMhPk9kKBkd9GvIuQBV9TW3JE1utgrLLYK6mKNCQqrEStRFiO2jUUnBm3opUNL4SuEHFLpw==,iv:fgFAwx6z9yruK27PvAJX/Q2CS9gU+LJ5zMUK/f/rzpo=,tag:BPu3M+jppPB8sLoLmfuY/Q==,type:str]
vicinae.json: ENC[AES256_GCM,data:qRv0EUwtS6bK9memOG3BqLf1uE5YNlpSC/p/05sb8Fw6skESaiymo584n5N8vkvGCn2Qjv/6ioJzwP4TieGtPoR1pHXkwTTGdzsnbRoU0bMuTUhD+NUBkjo2men7Yy3ljoNoopmgz9UFfps+EWuZSMmsNgIu/4sMXsNKcpDKcd8vLpXlPogwqUtbzuKw+u4RRzox0GB0QNEGcQ/F6dVKxJ2StDI8Bfy6qovEDUnK0snoCLhvAULwYwTKef8GpkCWVQRWxXk+dA4GjtgPuiABesv82gCsmsvzmfE3LLUqw+SfYgyQIXBL0IxFiULnkYZR7wmpUeWer3VCS1D8mv/0lvmcdvMqILgkV3UqXTrPqA==,iv:v7zh1tae6TFWOYms/7ihBdoJmw3z4jhcq9aV5y46aXc=,tag:2IKxst4I1XpAHp1wkOMYNA==,type:str] netbird-key: ENC[AES256_GCM,data:qXAnRnLM2TlzpOvWG4exJv0+pUvpe0FpRN5xOWx3+KNt+yhq,iv:X+yl4o1RSYMCMWdVXo1hpzy+6IdKXUpsKPtYNSiHiCY=,tag:I8HbnD5iw6EJ1TdsNrhvfw==,type:str]
vicinae-json: ENC[AES256_GCM,data:JjxolEgS6uakqR4eHOx3VyrOO5kaL4dj1jcEiLWsrktCU32UB7OmP1kJEVomA1rZjODpFHL89+FRpcNFspTFrc365WlANE81RLg/M2Ja1MiLYaDFNcBGtqMX9Yc1muor53Xl7t+rTSvDIj1oE1L7xPPcjCLfwC5QDzJjCBWj9FhCxnU5BwvoJNv9vgA6xnkzAOYSPZK/ihULMD0DxyqOUEa5ECGX62OPM9Gbr7jEviaItYzOOxaRs/yQVqizodGGl/BcK6fPqvOYSxip9ABYRVSI9ZvysY7ofAkeX91ardPwVG5VvEYfxZwBvGFjV7ZfTzVkK+BiUUNrvciAETHqwkjHftPpfJjxWsgLr8lbOA==,iv:HjDE/sqVDnxeww7r2upxH57rc1+LpuMKnhhyGXoc1Ms=,tag:d2kZeWkg17eVoNACIQ3Q9A==,type:str]
sops: sops:
age: age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyblpIWjNqeVBXWnFlSGxw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGdHcDc4bTFkR0EyZlUr
WXhPYlFDNVV2QktKQ2dKdEgxY0dnR2JuRUdRCk5ZNTc0RGpZOG5SRCtRQ0JsdkZt eXovR1lyeTZJTDg5R281MFFuMHVwOXZXYzNvCkpIT1g3K05WUUswaEVjVVJWQkJq
ZEZQSWswa1FTRU04Ky9vWDdOTWdZRncKLS0tIFg2SkJFK1JDVk5Uc2VJTzYyWk1h V20xODdoWlJMY3ZCcGo0czU1TXZFRE0KLS0tIGNTeXV2Mld2STRmRnFaM1MzT3Nk
cFpmZ0h5SGJtd2JJR05CMkJISnBtbmcKLGKreXlu3YU6KsV8lTVnPYyn33BL2D0z Z0JwWWR0STUybjVhSXdDR3NiKzV1eDQK22HmMuyqYaR/eGuALkAPB1Y5bN2KwIt3
tMpXdTw0hVilpmpZXjwnvV/3OvN6WybXydxaPOjKODBWIKpVxRthBQ== pamM8vbnjB//hXoyrv4vsoDk9WzLGFGjgiw2qsM2HQgzQqtrwF1/1A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz - recipient: age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTWQ0OHhnN1p3dTBLeGxp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N3ZBd1pHODFtZkZxaHNP
N05yOUVicnYxU3NETlRQUVgrcWJlMEl3blhZCkl0OGhCN25KTEJaWGNpOVRJUDRX OXlXUzVFS0ZIam1IWVkxNldOdTEwY0s4aUNZCjVlcnF1aXJxUUlQSXhteXJ6OU1W
bENKSDN3Z1Fab3lLLzVNMXlrSm5ZVTgKLS0tIHlycjZJUllsb0xvczFKMVFKaldD L0crZzJOaHF2SnVhWVZnVEdqRlR0cjgKLS0tIFlFWHhaR3U2QTNxRGZRMnk3cmll
UGpKTHZTT2JZU0xaTHhhRjk2bEhaU1EKutUEk+TMTATHEoM9+MOdkUnIoBMeeDfu M3JocWZJeXFxenhXOENBVWpvNkd3bm8KqhNLzCyEAI643jGWpZF/uTchHmBj8ozU
+GGKvInVKkAOtujBtSMj+xM8AEcfaHAFtwTgP/HEk3Hu6v7gp14oew== HtpOzKsshif66D0XOHeJQfQamJI4TyKsj3Sk3j9rstsLmN2lxTRGHg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-07T13:21:48Z" lastmodified: "2026-05-10T00:35:50Z"
mac: ENC[AES256_GCM,data:VWNmixzidftm4u0lUt5yL9rlvQXOXVT1+A6b/6IyO9WsWi5aM67t9l9phwRxLYad1lLL/epDmJyIJQ0ck01CzQ/hFm2mnMk87ofrwbph3GVdvrYj+2dDkzIBCwDUe/p4rkrTSo87FVJZ8NvrndbBLX3pq7Axjeo92b3Zxfxg+L8=,iv:IqCOBV5EICtO1hRO07Df0fgobO+/biS8O/4lva7NfEg=,tag:vPltr8g61OdKK4XXFyJdgQ==,type:str] mac: ENC[AES256_GCM,data:u27zQ1PPnWy5Parbh/1DkVP3ICmHnLZJKaLbN3dZEVONgqOWi32LV3t0iNhtLWwVnzFPBusRWahQiqAkUdnQtrXF0OtjPCpLuIw86xB75QPGbet0GZlLNb8/xPshChZe4v520csdJMWiy3vYeKrk8LxMSViAGhmhYK2a5NbGhzI=,iv:/9vePmvCNqoP0kx24fP3HfCjS2FkjBmI5B+SycvKKW4=,tag:gE1/DnLolwhoyfMJYejGIQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.2 version: 3.12.2

50
modules/hosts/vps/config.nix Normal file
View File

@@ -0,0 +1,50 @@
{ config, ... }:
{
flake.modules.nixos.vps =
{
hostName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
};
};
};
networking.openssh.enable = true;
virtualisation = {
docker.enable = true;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/vps/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "vps";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/vps/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.vps =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/vps/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.vps =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/vps/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.vps = {
home.stateVersion = "26.05";
};
}

121
modules/nixos/boot/impermanence.nix Normal file
View File

@@ -0,0 +1,121 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
userName,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.tnix.boot.impermanence = {
enable = lib.mkEnableOption "Enable impermanence";
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
options.tnix.boot.impermanence.home = {
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = lib.mkIf cfg.impermanence.enable {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib"
"/etc/NetworkManager/system-connections"
]
++ cfg.impermanence.directories;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
]
++ cfg.impermanence.files;
};
home-manager.users.${userName} = {
home.persistence."/persist" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
".ssh"
]
++ cfg.impermanence.home.directories;
files = cfg.impermanence.home.files;
};
};
boot.initrd.systemd = {
enable = true;
services.wipe-my-fs = {
wantedBy = [ "initrd.target" ];
after = [ "initrd-root-device.target" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
};
};
}

29
modules/nixos/boot/loader.nix Normal file
View File

@@ -0,0 +1,29 @@
{
flake.modules.nixos.boot =
{ config, lib, ... }:
let
cfg = config.tnix.boot;
in
{
options.tnix.boot.legacy = {
enable = lib.mkEnableOption "legacy boot (GRUB) instead of systemd-boot";
};
config = lib.mkMerge [
{
boot.loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
};
}
(lib.mkIf (!cfg.legacy.enable && !cfg.secure-boot.enable) {
boot.loader.systemd-boot.enable = true;
})
(lib.mkIf cfg.legacy.enable {
boot.loader.grub.enable = true;
})
];
};
}

11
modules/nixos/boot/misc.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
};
};
}

43
modules/nixos/boot/secure-boot.nix Normal file
View File

@@ -0,0 +1,43 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
pkgs,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
options.tnix.boot.secure-boot = {
enable = lib.mkEnableOption "Enable secure-boot";
};
config = lib.mkIf cfg.secure-boot.enable {
assertions = [
{
assertion = !cfg.legacy.enable;
message = "secure-boot and legacy boot (GRUB) cannot be enabled at the same time";
}
];
environment.systemPackages = [ pkgs.sbctl ];
# Lanzaboote replaces systemd-boot, so force it off
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
autoGenerateKeys.enable = true;
autoEnrollKeys.enable = true;
configurationLimit = 10;
pkiBundle = "/var/lib/sbctl";
};
};
};
}

6
modules/nixos/core/users.nix
View File

@@ -8,6 +8,9 @@
userEmail, userEmail,
... ...
}: }:
let
hasPasswordSecret = lib.hasAttrByPath [ "sops" "secrets" "tux-password" ] config;
in
{ {
programs.zsh.enable = true; programs.zsh.enable = true;
@@ -31,7 +34,8 @@
mutableUsers = false; mutableUsers = false;
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users.${userName} = { users.${userName} = {
hashedPasswordFile = config.sops.secrets.tux-password.path; hashedPasswordFile = lib.mkIf hasPasswordSecret config.sops.secrets.tux-password.path;
initialPassword = lib.mkIf (!hasPasswordSecret) userName;
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"

2
modules/nixos/desktop/ly.nix
View File

@@ -3,7 +3,7 @@
services.displayManager.ly = { services.displayManager.ly = {
enable = true; enable = true;
settings = { settings = {
# session_log = "null"; session_log = "null";
}; };
}; };
}; };

7
modules/nixos/desktop/misc.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ brightnessctl ];
};
}

18
modules/nixos/desktop/thunar.nix Normal file
View File

@@ -0,0 +1,18 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
services = {
gvfs.enable = true;
tumbler.enable = true;
};
programs.thunar = {
enable = true;
plugins = with pkgs; [
thunar-archive-plugin
thunar-volman
];
};
};
}

7
modules/nixos/desktop/tpanel.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ tpanel ];
};
}

11
modules/nixos/gaming/steam.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.gaming =
{ pkgs, ... }:
{
programs.steam = {
enable = true;
protontricks.enable = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
};
};
}

3
modules/nixos/desktop/audio.nix → modules/nixos/hardware/audio.nix
View File

@@ -1,6 +1,5 @@
{ {
flake.modules.nixos.desktop = { flake.modules.nixos.hardware = {
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

7
modules/nixos/hardware/bluetooth.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.hardware = {
hardware.bluetooth = {
enable = true;
};
};
}

2
modules/nixos/desktop/graphics.nix → modules/nixos/hardware/graphics.nix
View File

@@ -1,5 +1,5 @@
{ {
flake.modules.nixos.desktop = { flake.modules.nixos.hardware = {
hardware = { hardware = {
graphics = { graphics = {
enable = true; enable = true;

31
modules/nixos/networking/netbird-client.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.nixos.networking =
{
config,
lib,
hostName,
...
}:
with lib;
let
cfg = config.tnix.networking.netbird-client;
in
{
options.tnix.networking.netbird-client = {
enable = mkEnableOption "Enable netbird client";
};
config = mkIf cfg.enable {
services.netbird.clients = {
${hostName} = {
port = 51820;
login = {
enable = true;
setupKeyFile = config.sops.secrets.netbird-key.path;
};
bin.suffix = "";
};
};
};
};
}

15
modules/nixos/networking/ssh.nix
View File

@@ -7,10 +7,14 @@
}: }:
with lib; with lib;
let let
cfg = config.tnix.services.openssh; cfg = config.tnix.networking.openssh;
# Sops needs acess to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in in
{ {
options.tnix.services.openssh = { options.tnix.networking.openssh = {
enable = mkEnableOption "Enable OpenSSH server"; enable = mkEnableOption "Enable OpenSSH server";
ports = mkOption { ports = mkOption {
@@ -59,6 +63,13 @@
ClientAliveCountMax = 5; ClientAliveCountMax = 5;
ClientAliveInterval = 60; ClientAliveInterval = 60;
}; };
hostKeys = [
{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
}; };
}; };
}; };

105
modules/nixos/services/cyber-tux.nix Normal file
View File

@@ -0,0 +1,105 @@
{
flake.modules.nixos.services =
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.tnix.services.cyber-tux;
in
{
options.tnix.services.cyber-tux = {
enable = mkEnableOption "CyberTux Discord bot";
user = mkOption {
type = types.str;
default = "cyber-tux";
description = "User under which the CyberTux service runs.";
};
group = mkOption {
type = types.str;
default = "cyber-tux";
description = "Group under which the CyberTux service runs.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/cyber-tux";
description = "Directory where CyberTux stores its data.";
};
environmentFile = mkOption {
type = types.path;
description = "Environment file containing the Discord bot token.";
};
};
config = mkIf cfg.enable {
systemd.services.cyber-tux = {
description = "CyberTux Discord bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = cfg.environmentFile;
ExecStart = getExe pkgs.cyber-tux;
Restart = "always";
RestartSec = 5;
WorkingDirectory = cfg.dataDir;
StateDirectory = baseNameOf cfg.dataDir;
StateDirectoryMode = "0700";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = [
"uts"
"ipc"
"pid"
"user"
"cgroup"
];
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0077";
};
};
users.users = mkIf (cfg.user == "cyber-tux") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "CyberTux service user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = mkIf (cfg.group == "cyber-tux") {
${cfg.group} = { };
};
};
};
}