tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-06-21 03:36:32 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:920cc2d4d6f1e061aa90cc138d678157e8ad64fb
Branches Tags
tux:main tux:dev tux:old
tux:25.11.2025
...
compare: tux:dev
Branches Tags
tux:dev tux:main tux:old
tux:25.11.2025

47 Commits
920cc2d4d6 ... dev

Author SHA1 Message Date
tux
5a4483b615 feat(desktop): add tumbler support for thunar thumbnails 2026-05-17 12:22:10 +05:30
tux
c3adf234f7 feat: add distrobox to persist dir 2026-05-15 10:13:08 +05:30
tux
7f74855511 feat(desktop): enable thunar file manager and plugins 2026-05-15 10:12:07 +05:30
tux
383bc98052 feat(gaming): add proton-ge-bin to steam 2026-05-15 09:02:03 +05:30
tux
828ca02935 feat(sirius): enable power-profiles-daemon service 2026-05-13 05:43:47 +05:30
tux
6438a98d18 feat(canopus): enable upower service 2026-05-13 05:42:29 +05:30
tux
6b09bf0e7e feat(desktop): add new package brightnessctl 2026-05-13 05:33:31 +05:30
tux
cd4e81178d feat(canopus): enable power-profiles-daemon and asusd services 2026-05-13 05:13:51 +05:30
tux
b649b974fa refactor(hosts): simplify configuration imports across hosts 2026-05-13 04:33:14 +05:30
tux
71aaf2d392 feat(desktop): add mpv configuration module 2026-05-12 22:54:25 +05:30
tux
8ec23b15af fix(desktop): use lua config for hyprland 2026-05-12 22:00:01 +05:30
tux
fdc63b9307 refactor(desktop): standardize mangowm settings across hosts 2026-05-12 21:02:02 +05:30
tux
626dd68af6 refactor(vicinae): remove tailscale 2026-05-12 20:59:49 +05:30
tux
8bca900c98 feat(canopus): add canopus host 2026-05-12 12:20:11 +05:30
tux
a1c8b6c56e feat(desktop): configure system themes and cursors 2026-05-11 09:11:36 +05:30
tux
8ce1d22066 feat(desktop): add hyprland screenshot and screenrecord tools 2026-05-11 07:12:53 +05:30
tux
5f895aeee0 feat(ghostty): add ghostty module 2026-05-11 06:52:50 +05:30
tux
c75ff5eee2 chore: update flake inputs 2026-05-11 06:52:22 +05:30
tux
03f7aeb49b feat(desktop): enable easyeffects service 2026-05-11 05:57:32 +05:30
tux
bc553b6248 feat(mango): add toggle global keybinding 2026-05-11 05:04:20 +05:30
tux
20cfab3d6b feat(mango): add keybinding for default mfact 2026-05-11 04:40:56 +05:30
tux
61791f311e feat(mango): add centerwin keybinding 2026-05-11 04:24:57 +05:30
tux
6ebc3ed144 feat(tpanel): add tpanel module 2026-05-11 03:39:11 +05:30
tux
b2a103235c feat(mango): update tag animation direction 2026-05-11 03:38:50 +05:30
tux
813bf73ecb feat(netbird): setup netbird client 2026-05-10 06:57:04 +05:30
tux
824e6f3d96 feat(alpha): add alpha host 2026-05-10 05:05:55 +05:30
tux
c5cc4b4f11 feat(vps): add vps host 2026-05-10 04:57:09 +05:30
tux
cb3389bce6 feat(boot): configure systemd-boot and GRUB based on options 2026-05-10 04:54:59 +05:30
tux
bd6055cae5 feat(users): configure user password based on sops secret 2026-05-10 04:54:19 +05:30
tux
226b4cd974 feat(vim): enable vim 2026-05-10 04:39:11 +05:30
tux
ee82aa373e refactor(opencode): simplify configuration for provider API keys 2026-05-10 04:29:59 +05:30
tux
d15933bf05 feat(gaming): add steam 2026-05-10 02:26:20 +05:30
tux
c0182fbdf8 feat(mangowc): adjust window opacity and blur settings 2026-05-10 02:04:13 +05:30
tux
36f3adbe30 feat: add telegram 2026-05-10 01:48:28 +05:30
tux
92050093ae feat: setup impermanence 2026-05-09 21:46:40 +05:30
tux
dce2cd1322 refactor(boot): consolidate impermanence configuration options 2026-05-09 21:46:25 +05:30
tux
9231c5878f feat(boot): enable key auto-generation and enrollment 2026-05-09 18:57:32 +05:30
tux
35dcf89400 feat(sirius): enable impermanence 2026-05-09 05:36:27 +05:30
tux
d8adc25455 chore(ly): set session log to null 2026-05-09 05:11:32 +05:30
tux
0de17e6b4b refactor(boot): consolidate boot loader and kernel settings 2026-05-09 05:04:40 +05:30
tux
f7d688b6c6 refactor(disko): simplify impermanence check 2026-05-09 04:58:29 +05:30
tux
a9d91df8ce feat: add cyber-tux module 2026-05-09 04:54:32 +05:30
tux
96841dbfa8 chore(ssh): update module reference for persistence check 2026-05-09 04:22:54 +05:30
tux
0f1faa7008 feat: setup bluetooth 2026-05-09 04:22:08 +05:30
tux
d5e3a6d387 feat(arcturus): add arcturus host 2026-05-09 04:15:22 +05:30
tux
a216a6be0e feat: setup impermanence module 2026-05-09 04:13:48 +05:30
tux
40bb53a844 refactor(hardware): reorganize module structure 2026-05-09 02:40:45 +05:30
60 changed files with 2265 additions and 402 deletions
Expand all files Collapse all files

20
.sops.yaml
View File

@@ -3,7 +3,10 @@ keys:
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts
- &sirius age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz
- &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
- &canopus age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
- &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
- &alpha age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
creation_rules:
- path_regex: hosts/sirius/secrets.yaml$
@@ -11,3 +14,18 @@ creation_rules:
- age:
- *tux
- *sirius
- path_regex: hosts/canopus/secrets.yaml$
key_groups:
- age:
- *tux
- *canopus
- path_regex: hosts/arcturus/secrets.yaml$
key_groups:
- age:
- *tux
- *arcturus
- path_regex: hosts/alpha/secrets.yaml$
key_groups:
- age:
- *tux
- *alpha

93
flake.lock generated
View File

@@ -112,6 +112,26 @@
"type": "github"
}
},
"cyber-tux": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739652548,
"narHash": "sha256-J4mL4DyRFTsEKlratZsbC9tm2i6Mzr6dEhetKk4jABM=",
"ref": "refs/heads/main",
"rev": "4ada9e2f0d3b6639627601d3f06128c953c2b446",
"revCount": 11,
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
},
"original": {
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -253,11 +273,11 @@
]
},
"locked": {
"lastModified": 1777678872,
"narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=",
"lastModified": 1777988971,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "5250617bffd85403b14dbf43c3870e7f255d2c16",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github"
},
"original": {
@@ -426,11 +446,11 @@
]
},
"locked": {
"lastModified": 1777846259,
"narHash": "sha256-jzln9xcpVcmEB1zfhJ+FIHd7/kaVHgGF+gQQHxj2fGI=",
"lastModified": 1778444552,
"narHash": "sha256-f18pIiR9q/p1vHY93gmAum7aHhQOG49oGvAB9+lptRo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4625f26228f4f7ea3cf65eee3023359a8221fcff",
"rev": "dcebe66f958673729896eec2de4abfd86ef22d21",
"type": "github"
},
"original": {
@@ -535,11 +555,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1778072172,
"narHash": "sha256-onx/6cN1tHDnMH0oCQCnpQPKv9VijeLtfOh7PStp2f0=",
"lastModified": 1778442165,
"narHash": "sha256-SEwIBVG4RPEVBqRbEZadGteMlndFqIJD/9HOkPRIBm0=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "1681bea42dd2f11ba3fe6df05560d0b231de3c76",
"rev": "3e21a68bd0a81c2fc45f2c843c9d02c47350ef44",
"type": "github"
},
"original": {
@@ -712,11 +732,11 @@
]
},
"locked": {
"lastModified": 1777492286,
"narHash": "sha256-PwuoEJQcjSKJNP5T55qhfDwIP0tw5zxEhfu8GDfKfeg=",
"lastModified": 1778234770,
"narHash": "sha256-jAcsogZwWMfXT9MfXxZzkwliAqIuZUV0p71h6Ba9ReE=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "ec5c0c709706bad5b82f667fd8758eae442577ce",
"rev": "a2dbd8a4cc51f7cbe4224732668392bb1aa79df2",
"type": "github"
},
"original": {
@@ -880,11 +900,11 @@
"scenefx": "scenefx"
},
"locked": {
"lastModified": 1778073611,
"narHash": "sha256-6rNTdQZq4x/F2bHQsk7qo4OhXs5Y0xsQrTR1hgKZOqw=",
"lastModified": 1778376841,
"narHash": "sha256-mUSCkFQGrcdVitwx0fDajWxxgvAV5BmppP4ShV3JOyY=",
"owner": "DreamMaoMao",
"repo": "mango",
"rev": "42c02e3dc20eb09c0191b027e387c0268f8e0fb5",
"rev": "cabafb2393ff71615af4959a51885c8d1eefc9a0",
"type": "github"
},
"original": {
@@ -901,11 +921,11 @@
"nixpkgs-nixcord": "nixpkgs-nixcord"
},
"locked": {
"lastModified": 1778145028,
"narHash": "sha256-tJHyzazrh9cnL72lPiDCnLDOOP95vDb37PprmgiqHtw=",
"lastModified": 1778346777,
"narHash": "sha256-7gpzB8MDCMcRE0wDr7jjxK7/obfeiyAulsfQEsK9pi4=",
"owner": "kaylorben",
"repo": "nixcord",
"rev": "b53c871a9c3d4d450ffbcac71d54f3e0ca1bbafc",
"rev": "43930a83206bcdcf3ba4fc10aa4fb9c5f7a677e6",
"type": "github"
},
"original": {
@@ -916,11 +936,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1777796046,
"narHash": "sha256-bEJp/zaQApzynGRaAO62BZSz9tFikKtIHCn2yIA/s7Q=",
"lastModified": 1778143761,
"narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "eeb02f6e29fc8139c0b15af5ff0fdfdc6d0d3d90",
"rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871",
"type": "github"
},
"original": {
@@ -994,11 +1014,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1777805331,
"narHash": "sha256-jINoZUP2tJEBLuVoMEhJn9qWQgpriGorwlgnBc1QAPg=",
"lastModified": 1778353088,
"narHash": "sha256-5yu6kIgn+hO0V7pomciXixWAnMcuwQvqFD5Dgb2K9L4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8cbe20ad0f64f9f9619b871dfdf57022beccef65",
"rev": "071465abe725f841e610a52b194c3b86b288316a",
"type": "github"
},
"original": {
@@ -1010,11 +1030,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1777918403,
"narHash": "sha256-7QiZv0LcW1yIOLo2LNuCQjWon1Z1r99FwK24hbtBOF4=",
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "afc5551119aae6eab73a95c1960891cfe63204f6",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
@@ -1138,11 +1158,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1777578337,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
@@ -1174,11 +1194,11 @@
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1778156530,
"narHash": "sha256-4VhPk2NQKyYptNw1x/HG23sFmR4iYTOTZhGhzzYDQOs=",
"lastModified": 1778454210,
"narHash": "sha256-U6wleXwWGNDX588cqrz+Kg+7GrlB003JHQ0CVHj+3yA=",
"owner": "nix-community",
"repo": "nur",
"rev": "1b24f43e7f25d9c297a2ed45c654a72fc68d3d29",
"rev": "c7c431a1bd1360cb568d309c2c18aa4785c254c8",
"type": "github"
},
"original": {
@@ -1236,6 +1256,7 @@
"root": {
"inputs": {
"awww": "awww",
"cyber-tux": "cyber-tux",
"deploy-rs": "deploy-rs",
"disko": "disko",
"flake-parts": "flake-parts",
@@ -1554,11 +1575,11 @@
"vicinae": "vicinae"
},
"locked": {
"lastModified": 1777930825,
"narHash": "sha256-0hVf9yH+v+0YaCqmr0aX0nR4pfmXjW1XhJcJyblJqE0=",
"lastModified": 1778369365,
"narHash": "sha256-Qxu3wUKqOJGJzj1RFvXw2StqHBDs+tVWvhKg9OZY87I=",
"owner": "vicinaehq",
"repo": "extensions",
"rev": "20d6a13d2a389e61619b8540b8af746705409322",
"rev": "de5313f14242dda1f88f6e8443eb349ed2b2cdb1",
"type": "github"
},
"original": {

5
flake.nix
View File

@@ -29,6 +29,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";

1
modules/flake/overlays.nix
View File

@@ -7,6 +7,7 @@
modifications = final: prev: {
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};

11
modules/hm/desktop/cursor.nix
View File

@@ -1,11 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
};
}

5
modules/hm/desktop/easyeffects.nix Normal file
View File

@@ -0,0 +1,5 @@
{
flake.modules.homeManager.desktop = {
services.easyeffects.enable = true;
};
}

47
modules/hm/desktop/ghostty.nix Normal file
View File

@@ -0,0 +1,47 @@
{
flake.modules.homeManager.desktop = {
programs.ghostty = {
enable = true;
enableZshIntegration = true;
systemd.enable = true;
settings = {
confirm-close-surface = false;
gtk-titlebar = false;
window-padding-x = 10;
window-padding-y = 10;
font-size = 12;
font-family = "JetBrainsMono Nerd Font";
theme = "poimandres";
};
themes = {
poimandres = {
background = "#0f0f0f";
foreground = "#a6accd";
cursor-color = "#f2eacf";
selection-background = "#1a1a1a";
selection-foreground = "#f1f1f1";
palette = [
"0=#252b37"
"1=#d0679d"
"2=#5de4c7"
"3=#fffac2"
"4=#89ddff"
"5=#fae4fc"
"6=#add7ff"
"7=#ffffff"
"8=#a6accd"
"9=#d0679d"
"10=#5de4c7"
"11=#fffac2"
"12=#add7ff"
"13=#89ddff"
"14=#fcc5e9"
"15=#ffffff"
];
};
};
};
};
}

34
modules/hm/desktop/hyprland.nix
View File

@@ -1,13 +1,7 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
ags
awww
];
wayland.windowManager.hyprland = {
enable = true;
package = null;
@@ -15,5 +9,31 @@
xwayland.enable = true;
systemd.variables = [ "--all" ];
};
# TODO: Hyprland 0.55 switched to Lua-based configuration.
# Until the Home Manager module is updated, we symlink our config instead.
home.file = {
".config/hypr/config".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/config";
".config/hypr/hyprland.lua".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/hyprland.lua";
};
home.packages = with pkgs; [
ags
awww
grim
slurp
hyprshot
wl-clipboard
wl-screenrec
(writeShellScriptBin "hypr-screenshot" ''
hyprshot -m region -r ppm - | satty --filename -
'')
(writeShellScriptBin "hypr-screenrecord" ''
wl-screenrec -g "$(slurp)"
'')
];
};
}

67
modules/hm/desktop/mango.nix
View File

@@ -1,21 +1,41 @@
{ inputs, ... }:
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.desktop.mangowm;
in
{
imports = [
inputs.mango.hmModules.mango
];
options.tnix.desktop.mangowm = {
enable = mkEnableOption "Enable MangoWM";
monitorRule = mkOption {
type = with types; listOf str;
default = [ ];
};
tagRule = mkOption {
type = with types; listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
wayland.windowManager.mango = {
enable = true;
settings = {
# Monitors
monitorrule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
monitorrule = cfg.monitorRule;
focus_cross_monitor = 1;
exchange_cross_monitor = 1;
@@ -45,8 +65,8 @@
# Theme
border_radius = 8;
no_radius_when_single = 0;
focused_opacity = 1.0;
unfocused_opacity = 1.0;
focused_opacity = 0.9;
unfocused_opacity = 0.9;
# Scroller Layout Setting
scroller_structs = 0;
@@ -68,25 +88,7 @@
overviewgappo = 15;
# layouts
tagrule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
tagrule = cfg.tagRule;
# Keybindings
mousebind = [
@@ -105,6 +107,7 @@
"SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle"
"SUPER, D, spawn, vesktop"
"SUPER, T, spawn, Telegram"
"SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
@@ -114,11 +117,13 @@
"SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating"
"SUPER+SHIFT, Space, centerwin"
"ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps"
"SUPER+SHIFT, P, toggleglobal"
# switch layout
"SUPER+SHIFT, H, setlayout, tile"
@@ -130,6 +135,7 @@
"SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0"
"SUPER+CTRL, Equal, setoption, default_mfact, 0.5"
# swap client
"SUPER+SHIFT, Up, exchange_client, up"
@@ -167,7 +173,7 @@
];
# Window effect
blur = 0;
blur = 1;
blur_layer = 0;
blur_optimized = 1;
blur_params_num_passes = 2;
@@ -177,7 +183,7 @@
blur_params_contrast = 0.9;
blur_params_saturation = 1.2;
shadows = 0;
shadows = 1;
layer_shadows = 0;
shadow_only_floating = 1;
shadows_size = 10;
@@ -193,7 +199,7 @@
animation_type_close = "fade";
animation_fade_in = 1;
animation_fade_out = 1;
tag_animation_direction = 1;
tag_animation_direction = 0;
zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5;
@@ -246,4 +252,5 @@
dgop
];
};
};
}

24
modules/hm/desktop/mpv.nix Normal file
View File

@@ -0,0 +1,24 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
scripts = (
with pkgs.mpvScripts;
[
modernz
thumbfast
mpris
mpv-image-viewer.image-positioning
]
);
config = {
osc = "no";
border = "no";
};
};
};
}

19
modules/hm/desktop/satty.nix Normal file
View File

@@ -0,0 +1,19 @@
{
flake.modules.homeManager.desktop = {
programs.satty = {
enable = true;
settings = {
general = {
corner-roundness = 12;
initial-tool = "arrow";
early-exit = true;
copy-command = "wl-copy";
};
font = {
family = "JetBrainsMono NerdFont";
};
};
};
};
}

31
modules/hm/desktop/theme.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
enable = true;
style = {
name = "Breeze";
package = pkgs.kdePackages.breeze;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
};
}

5
modules/hm/desktop/vicinae.nix
View File

@@ -54,11 +54,6 @@
imports = [ "/run/secrets/vicinae.json" ];
providers = {
"@samlinville/store.raycast.tailscale" = {
"preferences" = {
"tailscalePath" = "${pkgs.tailscale}/bin/tailscale";
};
};
"@sovereign/vicinae-extension-awww-switcher-0" = {
"preferences" = {
"transitionDuration" = "1";

3
modules/hm/shell/neovim.nix
View File

@@ -13,8 +13,9 @@
neovim = {
enable = true;
defaultEditor = true;
vimAlias = true;
};
vim.enable = true;
};
home = {

13
modules/hm/shell/opencode.nix
View File

@@ -1,10 +1,5 @@
{
flake.modules.homeManager.shell =
{
osConfig ? { },
...
}:
{
flake.modules.homeManager.shell = {
programs.opencode = {
enable = true;
tui = {
@@ -14,17 +9,17 @@
provider = {
google = {
options = {
apiKey = "{file:${osConfig.sops.secrets.gemini-api-key.path}}";
apiKey = "{file:/run/secrets/gemini-api-key}";
};
};
openrouter = {
options = {
apiKey = "{file:${osConfig.sops.secrets.openrouter-api-key.path}}";
apiKey = "{file:/run/secrets/openrouter-api-key}";
};
};
opencode-go = {
options = {
apiKey = "{file:${osConfig.sops.secrets.opencode-go-api-key.path}}";
apiKey = "{file:/run/secrets/opencode-go-api-key}";
};
};
};

82
modules/hosts/alpha/config.nix Normal file
View File

@@ -0,0 +1,82 @@
{ config, ... }:
{
flake.modules.nixos.alpha =
{
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/opencode"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/alpha/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "alpha";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/alpha/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.alpha =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/alpha/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.alpha =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/alpha/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.alpha = {
home.stateVersion = "26.05";
};
}

29
modules/hosts/alpha/secrets.yaml Normal file
View File

@@ -0,0 +1,29 @@
tux-password: ENC[AES256_GCM,data:tvx3nMoIuQSotxHDWLs7UesnyWY3u3EwkqAIzCw3Z2AJseaiqnt/xeSKAeUXPVSs85rVdIJ6Ys5+6r+NONEG7ujuNevpjJRNkQ==,iv:CB0BIrMfdiWiMCvmRdtsafh3dCAD5Qb3mOuE7eq4nA4=,tag:p/3AESwNCEL4EoU9rJjUPw==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Bo3Z5Jhce0UOBn77I2AcrXYbBgPLDx0eOjPC8J63E/VWNhMPbbxb,iv:iWOsTACOMcK3oqq848WnJ5Ku3tYy1aadmLB4IMgoyqg=,tag:BPzlXoP8/iJaj8c/YFCWyg==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:D+/ImUTg7UvBTh0fMlWMZ0O/GsQS/R4Hz+CO4l42R6mn+zk+udvw79BctXdWWyrFf2ZNOTJ/99QTtWOUOvHISWaEJogXyb+93g==,iv:c7OtgBu1Zaf7lA4InIsKOAPbAvTl3gaO7QGCFNx21Bo=,tag:KXiASj/qC1YzK6DUox57ug==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:ipKkNcRqBERIQ6f6yFzVm999s+UwJys4elHWhzpL441RfOaG9MmRWMcD+wRLJ7DSWFjYu6uUPF7TKez8J6abWeKDgg==,iv:FDSYE3R8zKVxWiP2S/sCVcwEu3fEXg/hCeqCRSF+c6g=,tag:5RDuMFGMoN6xwAYj0HiyjQ==,type:str]
netbird-key: ENC[AES256_GCM,data:NilfyafnGhFVYD6q4+jJQxlhXNdNC8BQ1CZfu8a5wc693Y1h,iv:Rpl0OpkQdBMPpIJ08t9Z0AjDAW6c97pFZKO1KPu8ipY=,tag:du3d0SQWuqJtJSwhSgJE4g==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR0kzRXBGRjJaVldDRk90
KzYwSzJBeXBnNVZ0T2VaU2oyLzdRWmo5ZzNVCk9HTDVtMk8xL1cwL2FSRUR5UGdS
bXJnOXhTbWozWm5rd2pnaFNoWk0rWncKLS0tIGFWWmY2WU9YanJ5UElab3lqaXNo
QUhYUWs4bitJaGpXL200b0s0SmVIeVUKevQ1IVqmqGIYf014iL47C02+peSYJyeE
PNluZUA6VzrL2WpdJzDqxAwSWtcgXG0/JADIg+DssnhftiHMHzn3NQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1VPODRnNEs2bXlUVjB5
Z0pBUzBnRDQ0WWcvL2IvUHdmQXUxNjRpTVN3Ck9VLzd2QWpMMlFJck1EQXBVanl0
SC91bDFqNFlJZ2E0UXVZa3BKRjh3TlkKLS0tIENuc1dUZ1dDUTg2VXBueU1ETG9S
c095blJheHhVT0E4bjdGUWlYN0N4MVUKK42sChX4V37HK1SRKQxldLpft2jVfeiG
4TkObqH8ddGpbd7cX5a/wboTjYuEdAviWxjK2oBPgtcFc1f03X3tmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T01:11:29Z"
mac: ENC[AES256_GCM,data:E+ZcNRFEPtJK02gWooRs7f20BHIYf8Ot4GjB1ab1KZwhI+3pUI6r654iO8+tiimQSeLWLgD43Szq4/7CpS+8NVjSI5uvXSxQQubXQfI0LmulT5XAVueOuSMgvetSFg8yN6+njBmr/MauixSSs2jjpQxtfsSSBgZ9RO7B7qLpMe4=,iv:kdCcTLb3bDmCfcjQQ8fH5ipkTQ5YlVDlhEVw5MzsH6s=,tag:ojub2y6b+jMbW/5i39xH5w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

112
modules/hosts/arcturus/config.nix Normal file
View File

@@ -0,0 +1,112 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
hostName,
userName,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".config/sops"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
services = {
cyber-tux = {
enable = true;
environmentFile = innerArgs.config.sops.secrets.discord-token.path;
};
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
discord-token = {
sopsFile = ./secrets.yaml;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "arcturus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

74
modules/hosts/arcturus/disko.nix Normal file
View File

@@ -0,0 +1,74 @@
{ inputs, ... }:
{
flake.modules.nixos.arcturus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

36
modules/hosts/arcturus/hardware.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
lib,
pkgs,
system,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
};
}

6
modules/hosts/arcturus/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.arcturus = {
home.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:eXg28pYQjIi5iPh4oHBOvIYQReM92T79uty/O461mEoLB8awr8ikq3RM7Mux3jZKM+Fk/Ow3NNG0F/154dZentodr1uvy9gD1g==,iv:nQevOumENveBMuiYMJF0OokORyjZCpR8ahTfOuj2Dzo=,tag:64zz8eVuw1OwTltfAUwWSg==,type:str]
discord-token: ENC[AES256_GCM,data:uzxkrNRRplL/1MfvPZ/EL+I8UACuZQBHZ95BSHuxW0nBjxhr2F89D2BXTcKOBI9qO6uMjK5WBtWzSOw3y9EsngTTm/youIdkrIDLP3r/tkpOkLa/VjM=,iv:OxzFa0nEInV5uxgQFww11ZE1NorH5q130Tgp/6l9uOE=,tag:g4U9wLhPAkz72ktbQ8KrSg==,type:str]
gemini-api-key: ENC[AES256_GCM,data:gLZSoYTdKY+rwIpYiXvN9n9PGkUD6q8Oe7dHnYkjEjwDf5qpjubg,iv:ySoNgQWTu9DjvbashF4ulyYP8fJUl4yrCTeBQ0jrGmw=,tag:FctubsQv50AP78JvTb9bpQ==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:6xONCl9lqOoO7b4CEyCz9607tICDUAkpglRjGS5nYq2ppg2UKqYTrWD1BGCA5Xfs/CWskniVhoNG3vscjKiYCCh9gbM6aqdmTQ==,iv:7Iwc9t00HOOBjA7URXcUO41badqYyJCkFHM/uPkLFxY=,tag:Cl39kitr2e0//HVwAdsdUQ==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:dmeRKn7TWHnqvpyPQpcEG6yHTb2bRby/rh10ytL0jHj5R+lRmNVdmqUF92GTznY9vEaB6ZYCJecWhpm8g4upNfOWBg==,iv:9UMJpAlD8gpcNiN+liu3nawoAZQKapEg7sCp561N9E8=,tag:OZlASpOa5BQaQwFWjoLCRw==,type:str]
netbird-key: ENC[AES256_GCM,data:q6eKisca04qn/CvALrvXF79MsToDhvLRLv2JTiUBAZglCC9m,iv:jj0/ZD7IDgopprTVUgSfJmdAJmUP3iqewU3dqssGYbk=,tag:6IPRdCm2FGdlTEIX7jt3qA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Qkh0cmdHNGJTYmFNUFZW
c244RjlyNjlrSWh1bG1IRFFFeFZZVzhaYVdBCmd1N3JNS0IzWDlUMUJSM0pYdi9L
MzlHRk1pZ1hqaVdIYUQwczh2VDVtZE0KLS0tIEtRYWF6V0I3eDBZSnVmZ2R5S0Z5
Z3hhRitmdEwxbzcrS0cwNTZVK1lXYlUKSFfKk7JGzxRq9weL4NKJqfmAige2O+1T
59PvEFKvvkGb6ajkzwTw0lB3UFzly6FuTnbSLY9r+oT9AMbxLoKdcQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYlZiak1CSW1NSGt5QTRi
RjlUeG5EODVkTVJDY1RrZXJ6OU5NQ0RIOG5jCnJxZ1R6MmlGWXY2SmtaY1pQSWdZ
UWp3L2h6c0k0MVpubE9BRSswUEk3ZkkKLS0tIGN4Zm1tcHBiKzAyYWNHVktVZmpU
V3h4dUZLcktrTUZvUm44eVZOWEl4VmMKMTvajoWcktb4jVIP4HyzQiR41Wg8Gdqi
TLKEYsPQgOJ7s8P9gw2uPUY6HRz86CtiC6EbO27u0+8BbI85x1QScg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:36:06Z"
mac: ENC[AES256_GCM,data:nD0exblrbheP1C5lK8V17V/gkHJO6s6yVjXtQWcUOLVGrzkPSxkymYBHUFMTLVyYQNLCVMc8AHkuHVuJ1tBfXNll1f6/SGtfaBQcOLct70U7nFxd/XybTUlscNp2KafJWy/n4ZUfNDbfrWN1R463CN/M50jGqJPDWYuP9ah2JcI=,iv:izQUT/+HQqJZ48X5bXobFSaWcdcXQ/7eh+SCd9i4YYo=,tag:FJlR2wI4rWQ/SDfQGtQ7AQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

132
modules/hosts/canopus/config.nix Normal file
View File

@@ -0,0 +1,132 @@
{ config, ... }:
{
flake.modules.nixos.canopus =
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = false;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install.
system.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "canopus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/canopus/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.canopus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "32G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

134
modules/hosts/canopus/hardware.nix Normal file
View File

@@ -0,0 +1,134 @@
{ inputs, config, ... }:
{
flake.modules.nixos.canopus =
{
lib,
system,
...
}@innerArgs:
{
imports =
with config.flake.modules.nixos;
[
hardware
]
++ [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
services = {
power-profiles-daemon.enable = true;
upower.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 80,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_profile_linked_epp: true,
platform_profile_on_battery: Quiet,
platform_profile_on_ac: Performance,
change_platform_profile_on_battery: true,
change_platform_profile_on_ac: true,
profile_quiet_epp: Power,
profile_balanced_epp: BalancePower,
profile_custom_epp: Performance,
profile_performance_epp: Performance,
ac_profile_tunings: {},
dc_profile_tunings: {},
armoury_settings: {},
)
'';
profileConfig.text = ''
(
active_profile: Quiet,
)
'';
fanCurvesConfig.text = ''
(
profiles: (
balanced: [
(
fan: CPU,
pwm: (2, 22, 45, 68, 91, 153, 153, 153),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (2, 25, 48, 71, 94, 165, 165, 165),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
performance: [
(
fan: CPU,
pwm: (35, 68, 79, 91, 114, 175, 175, 175),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (35, 71, 84, 94, 119, 188, 188, 188),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
quiet: [
(
fan: CPU,
pwm: (2, 12, 22, 35, 45, 58, 79, 79),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
(
fan: GPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 84),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
],
custom: [],
),
)
'';
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

39
modules/hosts/canopus/home.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, ... }:
{
flake.modules.homeManager.canopus = {
imports = with config.flake.modules.homeManager; [
desktop
];
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:eDP-1, width:2560, height:1440, refresh:165, x:0, y:0, vrr:1"
];
tagRule = [
"id:1, layout_name:tile"
"id:2, layout_name:tile"
"id:3, layout_name:tile"
"id:4, layout_name:tile"
"id:5, layout_name:scroller"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints = {
"f4:4b:17:61:f7:01:a4:a2:e1:c7:8c:1c:7a:f3:8b:87:14:3d:05:3d:a0:8b:cc:e7:88:d8:d8:d2:a4:c2:75:8b" =
"sirius";
};
};
};
};
home.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:Xb4/JMAZCBnBheDCJdRRGXLnMJ1ej8HbN+AUqA/+2sdYESKeF1PFny4Iq2kqvzdK4D3mp+pdjd7GAGfJp4M7sOcvI3V/coyxPQ==,iv:h+S+MEwHj22uHaTzFoxGZtefNUAQNp3fbU+QRfgtKvQ=,tag:VHrIEIQivPFTfhmm7dWEyQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Q6+actg0oyUWiUJVy/9yZmea1QyGu2o8LfMsuAVFD6k7kp0dYIrl,iv:ukyouqrHxzVpBBE98KL6PW8P3j+seemm/e0Gl1urUcM=,tag:Z7MM3dJ414CmdxE72cdzNA==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:SalhWKR6artX/kOVKZGpKSmrgsQDU/heshrdkK3wotOZ3BRn/ZqZRBldvl1JPSenMAMvE2LWUdmBQmwG/id7L7JL1O/+lUHIQw==,iv:hLlHayFJgUkWOirVLfqP0pGRBZAqGKe+EE2yG1ELGNk=,tag:0qoo0tb+xWjjQXr4n1qGmw==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:zbeTcaXJZFVfYnM/7sgblJFU9WfeosX/44KsXvrzKwiLPfGLLYYo9AFaCvWzzG6jHuSZC5OYrBWfOZv4+3omfCgglQ==,iv:LscUQE+PNhXGim9PSqc9nZIZichWSgAn/zsNxQ/HM/o=,tag:MaBCobnRM42fopiibibe5Q==,type:str]
netbird-key: ENC[AES256_GCM,data:swmaa+RjxeUmEl8hS2riGrW4lP5jdks9HM3x57/FLpOuqFtR,iv:MrpVjiocrPi+dBGPk7pwgSUNlJ1eryRpMjC8+jkU+T0=,tag:j6sqpQ02apqc6FwkdDvk9g==,type:str]
vicinae-json: ENC[AES256_GCM,data:FarBf6l8pl3hF7kGKPIWztUhwiKoQXmyTufCuJ120K/bPh1Bfiyi+ETt4DLYOGI6FJXfpVz4BbZOA29bXTLhVPxH0QtyBu/F5uEqA015b/c8VevDJSyy9huR13qO9ksLbMBt8RfWbAd9j26t7A1C8/mMyiJOEXCCTV9CEIW3xWrsYmhwsT8RYM+PwrPSeN1gQXHSMyRUjf/kOdJoda8+iXpLfjo4II4r2ELpbqi8QxhrRdsJsoOfAymFM784NtlTjE+h6S4TMehmoF/9ARif6I5SGQ0WfIKt/8orTGCPllL+NupLziSnpIGRGSybdArD+o5NCw59GOAbVRADxq8rCESwEkq3cF+hm8HabfYbiQ==,iv:Y/hXLFTJT3gNF3B6tgKoAh7njVuneoUzjVTlsCZiySw=,tag:2hfrwph6IccJdRu/yGu3XA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS2RZdVJaNTlRamZPMkll
MDRVSVl1b2x2LzZpdlBrdmZtdyt3UE15RldRCldXUXE2a1BFeHg5NGNPbW5IMDht
cHN1QituOU9uWFQwNS9udzNEbVhtUjQKLS0tIEtkTXhlYS9XSUlQRTY1eXBjeXZQ
bThQTFdZU29ISm93TWcwVk5ZTkhRWm8KCcprmLGhahgDkXCBpzjctHgao+gc+rKC
xLIwheUyFJOGK+ixqcdoZ/PC0kY68hVLt1YzLAyxFi4Ur1wltPrNug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVW13WFE1Ylh3Uk1HNU1i
bU9kRzFqTmhkQlRzMlRkM0VhMlNmMDUyK25NCkZYUStxM2tScGozRXJGekxGa1RX
b1VXK0Y2Z1U0YU9XRmxRUWdWem50L1EKLS0tIFovcHRlZ1JJd2lRN0RFbHdCdm9m
V1N3eUVjZ0VZRjBZdXRPNng3Y3JoUTAKQau9CG9XfvM+5JZVRwaJr/o/sXMaJiy2
wo2YcDb+4vfT4Wr+/8J3ccQgbLRZH916X5ZPL+A+nFyVXVKOCl3ENg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-12T06:33:00Z"
mac: ENC[AES256_GCM,data:htDJdEx34Q5NG8vwbBimnFENZawbLZ4FC0DkyG6J5RYP0BFnycKcKGsYR87SvIjcJZXvfZ0e6fXdtc78dd6I0sQtrQ7aNn4Iktbu/AkPmntsBwpIjVI99X9zUyQB87go/oX15yuyt8loB6ds2RkL/pfFsgLbFc10JHsBy+WcEzI=,iv:HvY+5LYzyHpRm8XCSKrN8ra/LJT9v23TPSsZg/4QVNU=,tag:k+d45+zgBYq4vlWmmc8ZkQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

67
modules/hosts/sirius/config.nix
View File

@@ -8,17 +8,56 @@
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot.secure-boot.enable = true;
networking.openssh.enable = true;
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
".config/lan-mouse/lan-mouse.pem"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
@@ -50,15 +89,17 @@
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Boot ---
boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
# --- Networking ---
networking = {
hostName = hostName;
@@ -80,21 +121,9 @@
firewall.enable = false;
};
# --- Hardware / GPU ---
hardware = {
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
};
boot.kernelParams = [ "nvidia-drm.modeset=1" ];
nixpkgs.config.cudaSupport = true;
services.xserver.videoDrivers = [ "nvidia" ];
environment.systemPackages = with pkgs; [
nvtopPackages.full
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!

9
modules/hosts/sirius/default.nix
View File

@@ -14,7 +14,14 @@ in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit hostName userName userEmail; };
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}

82
modules/hosts/sirius/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.sirius =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "70G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

53
modules/hosts/sirius/hardware.nix
View File

@@ -1,11 +1,18 @@
{ config, ... }:
{
flake.modules.nixos.sirius =
{
config,
lib,
pkgs,
system,
...
}:
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.kernelParams = [ "nvidia-drm.modeset=1" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
@@ -18,31 +25,27 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/d856ed98-6841-4cbf-89be-e08c6f48b9ea";
fsType = "ext4";
hardware = {
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7FE1-55C5";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
};
services = {
xserver.videoDrivers = [ "nvidia" ];
power-profiles-daemon.enable = true;
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.config.cudaSupport = true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.full
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/69794aa5-51a9-4816-8d45-7791505165d4"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp10s0f3u2i2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

35
modules/hosts/sirius/home.nix
View File

@@ -5,7 +5,39 @@
desktop
];
tnix.services.lan-mouse = {
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
tagRule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
clients = [
@@ -18,6 +50,7 @@
];
};
};
};
home.stateVersion = "26.05";
};

37
modules/hosts/sirius/secrets.yaml
View File

@@ -1,29 +1,30 @@
tux-password: ENC[AES256_GCM,data:EJFFMc0W1YvCLINg4kETlUbqMYSfRTsiRuoB5MybaVwl7bbBXyPFo/MspFFMXpAqSPrzRAPaM8Lxk9ndbjt7gZpSu1dPThq36Q==,iv:zn3UUMOcW09u6KTz87tDr1wfmsLMKIRBDpLfQhg0p14=,tag:AOs7NASXeo98mNKqsYP3Ww==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Ehj/rDrYKqMcA8b49K7WGjWqTqnrphfFaT2H9dxSw3KyQNEbyTHG,iv:6Av7LlS5VT+9nLMlSfTjmiMx0pp44BPQW3mNmLi+uIE=,tag:Eta0moveaDoBL52DktPF+w==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:v0wOsERSPpYnogfpbFqo1gQvOJlECKHHliIk3IXtQ3A043cK+X846qI9/MM3DSkvlFDTyc63Si8/zPuh3MGCsMrXxRmHCILDmA==,iv:C4Qk+23Vv0Q+Tl+BjwzS7aSUkQtY+mgLWfx8lprJ4CE=,tag:DhcVXKQxxBqvlr7lc5MRlg==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:34aVZvk6zHnh6iOKHZVvLT0qt3IFR9yu8fuVh7lubHL3YNdifbFoW/jJ3FIKWqU9HvTFhO6opIYI9h5Zpip+TbagLg==,iv:xQbeP8P0QutSC9iCRDeCupBYaJrDronl7RqNPJADkjw=,tag:upco9ewspSqJdV+aKqVnwA==,type:str]
vicinae-json: ENC[AES256_GCM,data:utkOJg/x89+AjQlc8WZ8Z0SmZET4yR16J6MgQ/LYt7galvHT9ybzjV3R7FoBG5GLNQYHAM13pc2290pJ3apivyodlFNBqoyuuDYP0t+HgHuOH67P6YXUHR5ROYRvW2GAZm/AcMrlHwCMUmgUtf4mXttskvqyuxQrIYhi0nfNa1mVY3df2x7RF+cJGWPLDF4K8YI5sFE4ctkLfREGI40OCGM0An0PJliwrFXgRZvYd5gohT1XAS/dEemB4uegGUJ6To/1KD2kI1tzsETflTPzrkSEcMt1MtDEjGKI+qdTSZQU2H66nqQ8TJKvR6WxnvXUR69vjgTSsPZ7Sk78gI1sbXe2cSc48lrP5Z1o7dqO0A==,iv:7REKeCdIQGXZWjuiTpZRpzG4wu3/+pO003gX62r5CRc=,tag:dWXji9Ub41dEKP4FXRodSg==,type:str]
tux-password: ENC[AES256_GCM,data:JWQVd2MYX2U4UP4II62ixG9hWI5MtgHAFhl8aCmyrYPl1H/ig9ZYqfTiggJsOoXM9CUHmhUTrSWw7xRvbzztBrC7L4ABcWPbrQ==,iv:wY/RNJs7XaCsHHNX2MLBqzAgDCSo4rht10oiKrUlTHo=,tag:DcADVtEJs2KCeNS6AhO0SQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Y9YgXp/tB3Q1Rb5YMsZLgWCq+bdeIjsXAVeO3Yh7nZ8MwDH7d5De,iv:FIXxJCn6JDYsHIoNn8f8Un3z9ZPVbxdjR48Ux88poRg=,tag:bMJ4i69HTspnhzsrsxkbrw==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:HfZgZz4NyCLLM9woTZp2I6JGOlVcFblw2OMjx8k0TG5ZU2ycBCF6bKqp3wFibUxXcHy+nIfjI82fkLeSyIaGILRLYCJCc8BHKw==,iv:umUcn8MRaj7JXo6IFrGMXOu+jsFSCEikMxsQxfaFS/Q=,tag:l2s61C4EpJoKv8cc9nYGFA==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:BGERcZg5Jpnznc4cXeYFMhPk9kKBkd9GvIuQBV9TW3JE1utgrLLYK6mKNCQqrEStRFiO2jUUnBm3opUNL4SuEHFLpw==,iv:fgFAwx6z9yruK27PvAJX/Q2CS9gU+LJ5zMUK/f/rzpo=,tag:BPu3M+jppPB8sLoLmfuY/Q==,type:str]
netbird-key: ENC[AES256_GCM,data:qXAnRnLM2TlzpOvWG4exJv0+pUvpe0FpRN5xOWx3+KNt+yhq,iv:X+yl4o1RSYMCMWdVXo1hpzy+6IdKXUpsKPtYNSiHiCY=,tag:I8HbnD5iw6EJ1TdsNrhvfw==,type:str]
vicinae-json: ENC[AES256_GCM,data:JjxolEgS6uakqR4eHOx3VyrOO5kaL4dj1jcEiLWsrktCU32UB7OmP1kJEVomA1rZjODpFHL89+FRpcNFspTFrc365WlANE81RLg/M2Ja1MiLYaDFNcBGtqMX9Yc1muor53Xl7t+rTSvDIj1oE1L7xPPcjCLfwC5QDzJjCBWj9FhCxnU5BwvoJNv9vgA6xnkzAOYSPZK/ihULMD0DxyqOUEa5ECGX62OPM9Gbr7jEviaItYzOOxaRs/yQVqizodGGl/BcK6fPqvOYSxip9ABYRVSI9ZvysY7ofAkeX91ardPwVG5VvEYfxZwBvGFjV7ZfTzVkK+BiUUNrvciAETHqwkjHftPpfJjxWsgLr8lbOA==,iv:HjDE/sqVDnxeww7r2upxH57rc1+LpuMKnhhyGXoc1Ms=,tag:d2kZeWkg17eVoNACIQ3Q9A==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyblpIWjNqeVBXWnFlSGxw
WXhPYlFDNVV2QktKQ2dKdEgxY0dnR2JuRUdRCk5ZNTc0RGpZOG5SRCtRQ0JsdkZt
ZEZQSWswa1FTRU04Ky9vWDdOTWdZRncKLS0tIFg2SkJFK1JDVk5Uc2VJTzYyWk1h
cFpmZ0h5SGJtd2JJR05CMkJISnBtbmcKLGKreXlu3YU6KsV8lTVnPYyn33BL2D0z
tMpXdTw0hVilpmpZXjwnvV/3OvN6WybXydxaPOjKODBWIKpVxRthBQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGdHcDc4bTFkR0EyZlUr
eXovR1lyeTZJTDg5R281MFFuMHVwOXZXYzNvCkpIT1g3K05WUUswaEVjVVJWQkJq
V20xODdoWlJMY3ZCcGo0czU1TXZFRE0KLS0tIGNTeXV2Mld2STRmRnFaM1MzT3Nk
Z0JwWWR0STUybjVhSXdDR3NiKzV1eDQK22HmMuyqYaR/eGuALkAPB1Y5bN2KwIt3
pamM8vbnjB//hXoyrv4vsoDk9WzLGFGjgiw2qsM2HQgzQqtrwF1/1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz
- recipient: age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTWQ0OHhnN1p3dTBLeGxp
N05yOUVicnYxU3NETlRQUVgrcWJlMEl3blhZCkl0OGhCN25KTEJaWGNpOVRJUDRX
bENKSDN3Z1Fab3lLLzVNMXlrSm5ZVTgKLS0tIHlycjZJUllsb0xvczFKMVFKaldD
UGpKTHZTT2JZU0xaTHhhRjk2bEhaU1EKutUEk+TMTATHEoM9+MOdkUnIoBMeeDfu
+GGKvInVKkAOtujBtSMj+xM8AEcfaHAFtwTgP/HEk3Hu6v7gp14oew==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N3ZBd1pHODFtZkZxaHNP
OXlXUzVFS0ZIam1IWVkxNldOdTEwY0s4aUNZCjVlcnF1aXJxUUlQSXhteXJ6OU1W
L0crZzJOaHF2SnVhWVZnVEdqRlR0cjgKLS0tIFlFWHhaR3U2QTNxRGZRMnk3cmll
M3JocWZJeXFxenhXOENBVWpvNkd3bm8KqhNLzCyEAI643jGWpZF/uTchHmBj8ozU
HtpOzKsshif66D0XOHeJQfQamJI4TyKsj3Sk3j9rstsLmN2lxTRGHg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-07T23:53:28Z"
mac: ENC[AES256_GCM,data:AGccISYxtma2i44KcG3y2pYP+toL/NC9crTR26M+BZs0lh0fbWxJyfOQITOaPo7VQb0nhgPDJm6M9oRvIQUYawOBMpPr1BtLfen3nKbs6cspQERZAEPv/vU98Vm0hGHbjjxteq5wX2eRjuCGRhthYJ0ppDE26QNEDesNpXH92mo=,iv:sDBjBFY4CFuSpU1HAfissqUB/7+K1VUWXhhGvF5xJNk=,tag:nNgYFMKs3/d5ZMOlJ08Amg==,type:str]
lastmodified: "2026-05-10T00:35:50Z"
mac: ENC[AES256_GCM,data:u27zQ1PPnWy5Parbh/1DkVP3ICmHnLZJKaLbN3dZEVONgqOWi32LV3t0iNhtLWwVnzFPBusRWahQiqAkUdnQtrXF0OtjPCpLuIw86xB75QPGbet0GZlLNb8/xPshChZe4v520csdJMWiy3vYeKrk8LxMSViAGhmhYK2a5NbGhzI=,iv:/9vePmvCNqoP0kx24fP3HfCjS2FkjBmI5B+SycvKKW4=,tag:gE1/DnLolwhoyfMJYejGIQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

50
modules/hosts/vps/config.nix Normal file
View File

@@ -0,0 +1,50 @@
{ config, ... }:
{
flake.modules.nixos.vps =
{
hostName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
};
};
};
networking.openssh.enable = true;
virtualisation = {
docker.enable = true;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/vps/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "vps";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/vps/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.vps =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/vps/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.vps =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/vps/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.vps = {
home.stateVersion = "26.05";
};
}

121
modules/nixos/boot/impermanence.nix Normal file
View File

@@ -0,0 +1,121 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
userName,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.tnix.boot.impermanence = {
enable = lib.mkEnableOption "Enable impermanence";
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
options.tnix.boot.impermanence.home = {
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = lib.mkIf cfg.impermanence.enable {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib"
"/etc/NetworkManager/system-connections"
]
++ cfg.impermanence.directories;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
]
++ cfg.impermanence.files;
};
home-manager.users.${userName} = {
home.persistence."/persist" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
".ssh"
]
++ cfg.impermanence.home.directories;
files = cfg.impermanence.home.files;
};
};
boot.initrd.systemd = {
enable = true;
services.wipe-my-fs = {
wantedBy = [ "initrd.target" ];
after = [ "initrd-root-device.target" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
};
};
}

28
modules/nixos/boot/loader.nix
View File

@@ -1,5 +1,29 @@
{
flake.modules.nixos.boot = {
boot.loader.efi.canTouchEfiVariables = true;
flake.modules.nixos.boot =
{ config, lib, ... }:
let
cfg = config.tnix.boot;
in
{
options.tnix.boot.legacy = {
enable = lib.mkEnableOption "legacy boot (GRUB) instead of systemd-boot";
};
config = lib.mkMerge [
{
boot.loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
};
}
(lib.mkIf (!cfg.legacy.enable && !cfg.secure-boot.enable) {
boot.loader.systemd-boot.enable = true;
})
(lib.mkIf cfg.legacy.enable {
boot.loader.grub.enable = true;
})
];
};
}

11
modules/nixos/boot/misc.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
};
};
}

14
modules/nixos/boot/secure-boot.nix
View File

@@ -18,15 +18,23 @@
};
config = lib.mkIf cfg.secure-boot.enable {
environment.systemPackages = [
pkgs.sbctl
assertions = [
{
assertion = !cfg.legacy.enable;
message = "secure-boot and legacy boot (GRUB) cannot be enabled at the same time";
}
];
# Lanzaboote currently replaces the systemd-boot module.
environment.systemPackages = [ pkgs.sbctl ];
# Lanzaboote replaces systemd-boot, so force it off
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
autoGenerateKeys.enable = true;
autoEnrollKeys.enable = true;
configurationLimit = 10;
pkiBundle = "/var/lib/sbctl";
};

6
modules/nixos/core/users.nix
View File

@@ -8,6 +8,9 @@
userEmail,
...
}:
let
hasPasswordSecret = lib.hasAttrByPath [ "sops" "secrets" "tux-password" ] config;
in
{
programs.zsh.enable = true;
@@ -31,7 +34,8 @@
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.${userName} = {
hashedPasswordFile = config.sops.secrets.tux-password.path;
hashedPasswordFile = lib.mkIf hasPasswordSecret config.sops.secrets.tux-password.path;
initialPassword = lib.mkIf (!hasPasswordSecret) userName;
isNormalUser = true;
extraGroups = [
"networkmanager"

2
modules/nixos/desktop/ly.nix
View File

@@ -3,7 +3,7 @@
services.displayManager.ly = {
enable = true;
settings = {
# session_log = "null";
session_log = "null";
};
};
};

7
modules/nixos/desktop/misc.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ brightnessctl ];
};
}

18
modules/nixos/desktop/thunar.nix Normal file
View File

@@ -0,0 +1,18 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
services = {
gvfs.enable = true;
tumbler.enable = true;
};
programs.thunar = {
enable = true;
plugins = with pkgs; [
thunar-archive-plugin
thunar-volman
];
};
};
}

7
modules/nixos/desktop/tpanel.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ tpanel ];
};
}

11
modules/nixos/gaming/steam.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.gaming =
{ pkgs, ... }:
{
programs.steam = {
enable = true;
protontricks.enable = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
};
};
}

3
modules/nixos/desktop/audio.nix → modules/nixos/hardware/audio.nix
View File

@@ -1,6 +1,5 @@
{
flake.modules.nixos.desktop = {
flake.modules.nixos.hardware = {
security.rtkit.enable = true;
services.pipewire = {

7
modules/nixos/hardware/bluetooth.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.hardware = {
hardware.bluetooth = {
enable = true;
};
};
}

2
modules/nixos/desktop/graphics.nix → modules/nixos/hardware/graphics.nix
View File

@@ -1,5 +1,5 @@
{
flake.modules.nixos.desktop = {
flake.modules.nixos.hardware = {
hardware = {
graphics = {
enable = true;

31
modules/nixos/networking/netbird-client.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.nixos.networking =
{
config,
lib,
hostName,
...
}:
with lib;
let
cfg = config.tnix.networking.netbird-client;
in
{
options.tnix.networking.netbird-client = {
enable = mkEnableOption "Enable netbird client";
};
config = mkIf cfg.enable {
services.netbird.clients = {
${hostName} = {
port = 51820;
login = {
enable = true;
setupKeyFile = config.sops.secrets.netbird-key.path;
};
bin.suffix = "";
};
};
};
};
}

11
modules/nixos/networking/ssh.nix
View File

@@ -8,6 +8,10 @@
with lib;
let
cfg = config.tnix.networking.openssh;
# Sops needs acess to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
options.tnix.networking.openssh = {
@@ -59,6 +63,13 @@
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
};
hostKeys = [
{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
};
};

105
modules/nixos/services/cyber-tux.nix Normal file
View File

@@ -0,0 +1,105 @@
{
flake.modules.nixos.services =
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.tnix.services.cyber-tux;
in
{
options.tnix.services.cyber-tux = {
enable = mkEnableOption "CyberTux Discord bot";
user = mkOption {
type = types.str;
default = "cyber-tux";
description = "User under which the CyberTux service runs.";
};
group = mkOption {
type = types.str;
default = "cyber-tux";
description = "Group under which the CyberTux service runs.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/cyber-tux";
description = "Directory where CyberTux stores its data.";
};
environmentFile = mkOption {
type = types.path;
description = "Environment file containing the Discord bot token.";
};
};
config = mkIf cfg.enable {
systemd.services.cyber-tux = {
description = "CyberTux Discord bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = cfg.environmentFile;
ExecStart = getExe pkgs.cyber-tux;
Restart = "always";
RestartSec = 5;
WorkingDirectory = cfg.dataDir;
StateDirectory = baseNameOf cfg.dataDir;
StateDirectoryMode = "0700";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = [
"uts"
"ipc"
"pid"
"user"
"cgroup"
];
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0077";
};
};
users.users = mkIf (cfg.user == "cyber-tux") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "CyberTux service user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = mkIf (cfg.group == "cyber-tux") {
${cfg.group} = { };
};
};
};
}