tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-06-21 03:36:32 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:a62346367f85cca911aedd2b1f49492ca65e3d4f
Branches Tags
tux:main tux:dev tux:old
tux:25.11.2025
...
compare: tux:dev
Branches Tags
tux:dev tux:main tux:old
tux:25.11.2025

81 Commits
a62346367f ... dev

Author SHA1 Message Date
tux
5a4483b615 feat(desktop): add tumbler support for thunar thumbnails 2026-05-17 12:22:10 +05:30
tux
c3adf234f7 feat: add distrobox to persist dir 2026-05-15 10:13:08 +05:30
tux
7f74855511 feat(desktop): enable thunar file manager and plugins 2026-05-15 10:12:07 +05:30
tux
383bc98052 feat(gaming): add proton-ge-bin to steam 2026-05-15 09:02:03 +05:30
tux
828ca02935 feat(sirius): enable power-profiles-daemon service 2026-05-13 05:43:47 +05:30
tux
6438a98d18 feat(canopus): enable upower service 2026-05-13 05:42:29 +05:30
tux
6b09bf0e7e feat(desktop): add new package brightnessctl 2026-05-13 05:33:31 +05:30
tux
cd4e81178d feat(canopus): enable power-profiles-daemon and asusd services 2026-05-13 05:13:51 +05:30
tux
b649b974fa refactor(hosts): simplify configuration imports across hosts 2026-05-13 04:33:14 +05:30
tux
71aaf2d392 feat(desktop): add mpv configuration module 2026-05-12 22:54:25 +05:30
tux
8ec23b15af fix(desktop): use lua config for hyprland 2026-05-12 22:00:01 +05:30
tux
fdc63b9307 refactor(desktop): standardize mangowm settings across hosts 2026-05-12 21:02:02 +05:30
tux
626dd68af6 refactor(vicinae): remove tailscale 2026-05-12 20:59:49 +05:30
tux
8bca900c98 feat(canopus): add canopus host 2026-05-12 12:20:11 +05:30
tux
a1c8b6c56e feat(desktop): configure system themes and cursors 2026-05-11 09:11:36 +05:30
tux
8ce1d22066 feat(desktop): add hyprland screenshot and screenrecord tools 2026-05-11 07:12:53 +05:30
tux
5f895aeee0 feat(ghostty): add ghostty module 2026-05-11 06:52:50 +05:30
tux
c75ff5eee2 chore: update flake inputs 2026-05-11 06:52:22 +05:30
tux
03f7aeb49b feat(desktop): enable easyeffects service 2026-05-11 05:57:32 +05:30
tux
bc553b6248 feat(mango): add toggle global keybinding 2026-05-11 05:04:20 +05:30
tux
20cfab3d6b feat(mango): add keybinding for default mfact 2026-05-11 04:40:56 +05:30
tux
61791f311e feat(mango): add centerwin keybinding 2026-05-11 04:24:57 +05:30
tux
6ebc3ed144 feat(tpanel): add tpanel module 2026-05-11 03:39:11 +05:30
tux
b2a103235c feat(mango): update tag animation direction 2026-05-11 03:38:50 +05:30
tux
813bf73ecb feat(netbird): setup netbird client 2026-05-10 06:57:04 +05:30
tux
824e6f3d96 feat(alpha): add alpha host 2026-05-10 05:05:55 +05:30
tux
c5cc4b4f11 feat(vps): add vps host 2026-05-10 04:57:09 +05:30
tux
cb3389bce6 feat(boot): configure systemd-boot and GRUB based on options 2026-05-10 04:54:59 +05:30
tux
bd6055cae5 feat(users): configure user password based on sops secret 2026-05-10 04:54:19 +05:30
tux
226b4cd974 feat(vim): enable vim 2026-05-10 04:39:11 +05:30
tux
ee82aa373e refactor(opencode): simplify configuration for provider API keys 2026-05-10 04:29:59 +05:30
tux
d15933bf05 feat(gaming): add steam 2026-05-10 02:26:20 +05:30
tux
c0182fbdf8 feat(mangowc): adjust window opacity and blur settings 2026-05-10 02:04:13 +05:30
tux
36f3adbe30 feat: add telegram 2026-05-10 01:48:28 +05:30
tux
92050093ae feat: setup impermanence 2026-05-09 21:46:40 +05:30
tux
dce2cd1322 refactor(boot): consolidate impermanence configuration options 2026-05-09 21:46:25 +05:30
tux
9231c5878f feat(boot): enable key auto-generation and enrollment 2026-05-09 18:57:32 +05:30
tux
35dcf89400 feat(sirius): enable impermanence 2026-05-09 05:36:27 +05:30
tux
d8adc25455 chore(ly): set session log to null 2026-05-09 05:11:32 +05:30
tux
0de17e6b4b refactor(boot): consolidate boot loader and kernel settings 2026-05-09 05:04:40 +05:30
tux
f7d688b6c6 refactor(disko): simplify impermanence check 2026-05-09 04:58:29 +05:30
tux
a9d91df8ce feat: add cyber-tux module 2026-05-09 04:54:32 +05:30
tux
96841dbfa8 chore(ssh): update module reference for persistence check 2026-05-09 04:22:54 +05:30
tux
0f1faa7008 feat: setup bluetooth 2026-05-09 04:22:08 +05:30
tux
d5e3a6d387 feat(arcturus): add arcturus host 2026-05-09 04:15:22 +05:30
tux
a216a6be0e feat: setup impermanence module 2026-05-09 04:13:48 +05:30
tux
40bb53a844 refactor(hardware): reorganize module structure 2026-05-09 02:40:45 +05:30
tux
920cc2d4d6 feat: add davinci-resolve 2026-05-08 19:27:16 +05:30
tux
4f5e1a0a56 refactor: update ssh module to use networking namespace 2026-05-08 07:22:18 +05:30
tux
7eb7ea75c0 feat(config): set lanzaboote configurationLimit to 10 2026-05-08 05:31:54 +05:30
tux
5bfa9f1e09 refactor(config): standardize secret names for API keys 2026-05-08 05:31:18 +05:30
tux
e28d1acb5e refactor: seperate loader module 2026-05-08 05:14:03 +05:30
tux
3efd212f04 feat: setup secure-boot 2026-05-08 05:09:38 +05:30
tux
718ee760cd feat(mangowm): update montor config 2026-05-08 04:31:05 +05:30
tux
dfd7789987 feat: setup cuda 2026-05-07 23:57:23 +05:30
tux
376f5d053e feat: setup obs-studi module 2026-05-07 19:19:08 +05:30
tux
28d46e7dec feat: setup distrobox module 2026-05-07 19:14:27 +05:30
tux
ef74ba2494 feat: setup firefox module 2026-05-07 19:08:28 +05:30
tux
9988f0a6cc feat: setup opencode providers 2026-05-07 18:53:14 +05:30
tux
c9df2483ec refactor: seperate graphics config 2026-05-07 18:40:29 +05:30
tux
841f2ca4fb feat(virtualisation): setup modules 2026-05-07 18:25:59 +05:30
tux
351d3b44f6 feat: setup zed editor 2026-05-07 17:58:48 +05:30
tux
1824de4b0a feat: setup nixcord 2026-05-07 17:55:49 +05:30
tux
594c1d07e7 feat: setup sops-nix 2026-05-07 17:16:30 +05:30
tux
3115bd6d0e feat(mango): disable variable refresh rate 2026-05-07 06:36:22 +05:30
tux
7c2869f47b feat: add bibata cursor 2026-05-07 06:23:00 +05:30
tux
b7b5d52ace feat(plasma): remove plasma 6 2026-05-07 06:12:50 +05:30
tux
1218f6054f feat(mango): update workspace and monitor layouts 2026-05-07 06:09:03 +05:30
tux
e484e62a49 feat(brave): setup brave browser 2026-05-07 05:27:27 +05:30
tux
1f1ddfb427 feat(lan-mouse): set position to bottom 2026-05-07 05:12:39 +05:30
tux
ede154da66 feat: setup mangowc 2026-05-07 05:11:44 +05:30
tux
ff9bc06c61 feat: setup hyprland 2026-05-07 02:41:56 +05:30
tux
aabcad5bec feat: setup wezterm 2026-05-06 21:45:34 +05:30
tux
a193e18ad4 chore: remove unused params 2026-05-06 21:29:57 +05:30
tux
e03c72552e refactor: ssh config 2026-05-06 21:22:24 +05:30
tux
98298fb8e3 refactor: packages 2026-05-06 21:13:05 +05:30
tux
ffeb02cb84 feat: add misc 2026-05-06 21:08:18 +05:30
tux
923ac5bc95 refactor: dev packages 2026-05-06 21:07:48 +05:30
tux
9551e202fb refactor: seperate desktop modules 2026-05-06 20:37:38 +05:30
tux
1dbca689b8 feat: setup tpanel flake 2026-05-06 19:54:49 +05:30
tux
33408ed45e feat: setup base 2026-05-06 19:48:33 +05:30
100 changed files with 5932 additions and 0 deletions
Expand all files Collapse all files

31
.sops.yaml Normal file
View File

@@ -0,0 +1,31 @@
keys:
- &users
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts
- &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
- &canopus age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
- &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
- &alpha age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
creation_rules:
- path_regex: hosts/sirius/secrets.yaml$
key_groups:
- age:
- *tux
- *sirius
- path_regex: hosts/canopus/secrets.yaml$
key_groups:
- age:
- *tux
- *canopus
- path_regex: hosts/arcturus/secrets.yaml$
key_groups:
- age:
- *tux
- *arcturus
- path_regex: hosts/alpha/secrets.yaml$
key_groups:
- age:
- *tux
- *alpha

1681
flake.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

67
flake.nix Normal file
View File

@@ -0,0 +1,67 @@
{
description = "tux's nix configurations";
outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
inputs = {
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
tnvim = {
url = "github:tuxdotrs/tnvim";
inputs.nixpkgs.follows = "nixpkgs";
};
tpanel = {
url = "github:tuxdotrs/tpanel";
inputs.nixpkgs.follows = "nixpkgs";
};
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
vicinae-extensions = {
url = "github:vicinaehq/extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
mango = {
url = "github:DreamMaoMao/mango";
inputs.nixpkgs.follows = "nixpkgs";
};
import-tree.url = "github:vic/import-tree";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11-small";
impermanence.url = "github:nix-community/impermanence";
deploy-rs.url = "github:serokell/deploy-rs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix.url = "github:Mic92/sops-nix";
treefmt-nix.url = "github:numtide/treefmt-nix";
lan-mouse.url = "github:feschber/lan-mouse";
hyprland.url = "github:hyprwm/Hyprland";
awww.url = "git+https://codeberg.org/LGFae/awww";
nixcord.url = "github:kaylorben/nixcord";
nur.url = "github:nix-community/nur";
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
};
}

4
modules/flake/flake-parts.nix Normal file
View File

@@ -0,0 +1,4 @@
{ inputs, ... }:
{
imports = [ inputs.flake-parts.flakeModules.modules ];
}

36
modules/flake/overlays.nix Normal file
View File

@@ -0,0 +1,36 @@
{
inputs,
...
}:
{
flake.overlays = {
modifications = final: prev: {
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
awww = inputs.awww.packages.${prev.stdenv.hostPlatform.system}.awww;
vicinae-extensions = inputs.vicinae-extensions.packages.${prev.stdenv.hostPlatform.system};
};
stable-packages = final: _prev: {
stable = import inputs.nixpkgs-stable {
system = final.stdenv.hostPlatform.system;
config.allowUnfree = true;
};
};
nur = inputs.nur.overlays.default;
};
perSystem =
{ system, ... }:
{
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
overlays = builtins.attrValues inputs.self.overlays;
};
};
}

6
modules/flake/systems.nix Normal file
View File

@@ -0,0 +1,6 @@
{
systems = [
"x86_64-linux"
"aarch64-linux"
];
}

23
modules/flake/treefmt.nix Normal file
View File

@@ -0,0 +1,23 @@
{ inputs, ... }:
{
imports = [
inputs.treefmt-nix.flakeModule
];
perSystem =
{
config,
pkgs,
system,
...
}:
{
treefmt.config = {
projectRootFile = "flake.nix";
flakeCheck = true;
programs = {
nixfmt.enable = true;
};
};
};
}

13
modules/hm/core/hm.nix Normal file
View File

@@ -0,0 +1,13 @@
{
flake.modules.homeManager.core =
{ userName, ... }:
{
programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch";
home = {
username = "${userName}";
homeDirectory = "/home/${userName}";
};
};
}

18
modules/hm/core/nixpkgs.nix Normal file
View File

@@ -0,0 +1,18 @@
{ inputs, ... }:
{
flake.modules.homeManager.core =
{
lib,
osConfig ? { },
...
}:
{
nixpkgs = lib.mkIf (!(osConfig.home-manager.useGlobalPkgs or false)) {
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
overlays = builtins.attrValues inputs.self.overlays;
};
};
}

38
modules/hm/desktop/brave.nix Normal file
View File

@@ -0,0 +1,38 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
config,
...
}:
let
configDir = "${config.xdg.configHome}/BraveSoftware/Brave-Browser";
extensionJson = ext: {
name = "${configDir}/External Extensions/${ext.id}.json";
value.text = builtins.toJSON {
external_update_url = "https://clients2.google.com/service/update2/crx";
};
};
extensions = [
{ id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # Metamask
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "bfnaelmomeimhlpmgjnjophhpkkoljpa"; } # Phantom
{ id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; } # DarkReader
];
in
{
programs.chromium = {
enable = true;
package = pkgs.brave;
commandLineArgs = [
"--disable-features=WebRtcAllowInputVolumeAdjustment"
"--force-device-scale-factor=1.0"
];
};
home.file = builtins.listToAttrs (map extensionJson extensions);
};
}

45
modules/hm/desktop/discord.nix Normal file
View File

@@ -0,0 +1,45 @@
{
flake.modules.homeManager.desktop =
{ inputs, userName, ... }:
{
imports = [
inputs.nixcord.homeModules.nixcord
];
programs.nixcord = {
enable = true;
user = userName;
discord.enable = false;
vesktop.enable = true;
config = {
themeLinks = [
"https://raw.githubusercontent.com/refact0r/system24/refs/heads/main/archive/flavors/spotify-text.theme.css"
];
frameless = true;
plugins = {
hideMedia.enable = true;
ignoreActivities = {
enable = true;
ignorePlaying = true;
ignoreWatching = true;
};
};
};
dorion = {
theme = "dark";
zoom = "1.1";
blur = "acrylic";
sysTray = true;
openOnStartup = true;
autoClearCache = true;
disableHardwareAccel = false;
rpcServer = true;
rpcProcessScanner = true;
pushToTalk = true;
pushToTalkKeys = [ "RControl" ];
desktopNotifications = true;
unreadBadge = true;
};
};
};
}

5
modules/hm/desktop/easyeffects.nix Normal file
View File

@@ -0,0 +1,5 @@
{
flake.modules.homeManager.desktop = {
services.easyeffects.enable = true;
};
}

75
modules/hm/desktop/firefox.nix Normal file
View File

@@ -0,0 +1,75 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
userName,
...
}:
{
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
extraPolicies = {
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxAccounts = false;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = true;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
profiles = {
${userName} = {
id = 0;
name = "tux";
search = {
force = true;
default = "google";
};
settings = {
"general.smoothScroll" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"layout.css.prefers-color-scheme.content-override" = 0;
"browser.compactmode.show" = true;
"browser.tabs.firefox-view" = false;
"browser.bookmarks.addedImportButton" = false;
"extensions.pocket.enabled" = false;
"browser.fullscreen.autohide" = false;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
facebook-container
metamask
darkreader
bitwarden
wappalyzer
clearurls
];
};
};
};
};
}

47
modules/hm/desktop/ghostty.nix Normal file
View File

@@ -0,0 +1,47 @@
{
flake.modules.homeManager.desktop = {
programs.ghostty = {
enable = true;
enableZshIntegration = true;
systemd.enable = true;
settings = {
confirm-close-surface = false;
gtk-titlebar = false;
window-padding-x = 10;
window-padding-y = 10;
font-size = 12;
font-family = "JetBrainsMono Nerd Font";
theme = "poimandres";
};
themes = {
poimandres = {
background = "#0f0f0f";
foreground = "#a6accd";
cursor-color = "#f2eacf";
selection-background = "#1a1a1a";
selection-foreground = "#f1f1f1";
palette = [
"0=#252b37"
"1=#d0679d"
"2=#5de4c7"
"3=#fffac2"
"4=#89ddff"
"5=#fae4fc"
"6=#add7ff"
"7=#ffffff"
"8=#a6accd"
"9=#d0679d"
"10=#5de4c7"
"11=#fffac2"
"12=#add7ff"
"13=#89ddff"
"14=#fcc5e9"
"15=#ffffff"
];
};
};
};
};
}

39
modules/hm/desktop/hyprland.nix Normal file
View File

@@ -0,0 +1,39 @@
{
flake.modules.homeManager.desktop =
{ config, pkgs, ... }:
{
wayland.windowManager.hyprland = {
enable = true;
package = null;
portalPackage = null;
xwayland.enable = true;
systemd.variables = [ "--all" ];
};
# TODO: Hyprland 0.55 switched to Lua-based configuration.
# Until the Home Manager module is updated, we symlink our config instead.
home.file = {
".config/hypr/config".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/config";
".config/hypr/hyprland.lua".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/hyprland.lua";
};
home.packages = with pkgs; [
ags
awww
grim
slurp
hyprshot
wl-clipboard
wl-screenrec
(writeShellScriptBin "hypr-screenshot" ''
hyprshot -m region -r ppm - | satty --filename -
'')
(writeShellScriptBin "hypr-screenrecord" ''
wl-screenrec -g "$(slurp)"
'')
];
};
}

39
modules/hm/desktop/lan-mouse.nix Normal file
View File

@@ -0,0 +1,39 @@
{ inputs, ... }:
{
flake.modules.homeManager.desktop =
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.services.lan-mouse;
in
{
imports = [ inputs.lan-mouse.homeManagerModules.default ];
options.tnix.services.lan-mouse = {
enable = mkEnableOption "Enable Lan-Mouse";
settings = mkOption {
type = (pkgs.formats.toml { }).type;
default = { };
description = ''
TOML configuration for lan-mouse.
See <https://github.com/feschber/lan-mouse/> for available options.
'';
};
};
config = mkIf cfg.enable {
programs.lan-mouse = {
enable = true;
systemd = true;
settings = cfg.settings;
};
};
};
}

256
modules/hm/desktop/mango.nix Normal file
View File

@@ -0,0 +1,256 @@
{ inputs, ... }:
{
flake.modules.homeManager.desktop =
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.desktop.mangowm;
in
{
imports = [
inputs.mango.hmModules.mango
];
options.tnix.desktop.mangowm = {
enable = mkEnableOption "Enable MangoWM";
monitorRule = mkOption {
type = with types; listOf str;
default = [ ];
};
tagRule = mkOption {
type = with types; listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
wayland.windowManager.mango = {
enable = true;
settings = {
# Monitors
monitorrule = cfg.monitorRule;
focus_cross_monitor = 1;
exchange_cross_monitor = 1;
drag_tile_to_tile = 1;
# Keyboard
repeat_rate = 25;
repeat_delay = 600;
numlockon = 0;
xkb_rules_layout = "us";
# Trackpad
disable_trackpad = 0;
tap_to_click = 1;
tap_and_drag = 1;
drag_lock = 1;
trackpad_natural_scrolling = 1;
disable_while_typing = 1;
left_handed = 0;
middle_button_emulation = 0;
swipe_min_threshold = 1;
# Mouse
mouse_natural_scrolling = 0;
mouse_accel_profile = 0;
# Theme
border_radius = 8;
no_radius_when_single = 0;
focused_opacity = 0.9;
unfocused_opacity = 0.9;
# Scroller Layout Setting
scroller_structs = 0;
scroller_default_proportion = 0.5;
scroller_ignore_proportion_single = 0;
scroller_default_proportion_single = 1.0;
# Master-Stack Layout Setting
new_is_master = 0;
default_mfact = 0.5;
default_nmaster = 1;
smartgaps = 0;
# Overview Setting
hotarea_size = 10;
enable_hotarea = 1;
ov_tab_mode = 0;
overviewgappi = 15;
overviewgappo = 15;
# layouts
tagrule = cfg.tagRule;
# Keybindings
mousebind = [
"SUPER, btn_left, moveresize, curmove"
"SUPER, btn_right, moveresize, curresize"
];
gesturebind = [
"none, right, 3, viewtoleft_have_client"
"none, up, 3, toggleoverview"
"none, down, 3, toggleoverview"
];
bind = [
# apps
"SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle"
"SUPER, D, spawn, vesktop"
"SUPER, T, spawn, Telegram"
"SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
# WM
"SUPER, Q, killclient"
"SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating"
"SUPER+SHIFT, Space, centerwin"
"ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps"
"SUPER+SHIFT, P, toggleglobal"
# switch layout
"SUPER+SHIFT, H, setlayout, tile"
"SUPER+SHIFT, V, setlayout, vertical_tile"
"SUPER+SHIFT, S, setlayout, scroller"
# resize client
"SUPER+CTRL, Up, resizewin, +0, -50"
"SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0"
"SUPER+CTRL, Equal, setoption, default_mfact, 0.5"
# swap client
"SUPER+SHIFT, Up, exchange_client, up"
"SUPER+SHIFT, Down, exchange_client, down"
"SUPER+SHIFT, Left, exchange_client, left"
"SUPER+SHIFT, Right, exchange_client, right"
# switch client focus
"SUPER, Tab, focusstack, next"
"SUPER, Left, focusdir, left"
"SUPER, Right, focusdir, right"
"SUPER, Up, focusdir, up"
"SUPER, Down, focusdir, down"
# switch view
"SUPER, 1, view, 1, 1"
"SUPER, 2, view, 2, 1"
"SUPER, 3, view, 3, 1"
"SUPER, 4, view, 4, 1"
"SUPER, 5, view, 5, 1"
# move client to the tag with focus
"SUPER+SHIFT, 1, tagsilent, 1, 1"
"SUPER+SHIFT, 2, tagsilent, 2, 1"
"SUPER+SHIFT, 3, tagsilent, 3, 1"
"SUPER+SHIFT, 4, tagsilent, 4, 1"
"SUPER+SHIFT, 5, tagsilent, 5, 1"
# move client to the tag without focus
"SUPER+ALT, 1, tag, 1, 1"
"SUPER+ALT, 2, tag, 2, 1"
"SUPER+ALT, 3, tag, 3, 1"
"SUPER+ALT, 4, tag, 4, 1"
"SUPER+ALT, 5, tag, 5, 1"
];
# Window effect
blur = 1;
blur_layer = 0;
blur_optimized = 1;
blur_params_num_passes = 2;
blur_params_radius = 5;
blur_params_noise = 0.02;
blur_params_brightness = 0.9;
blur_params_contrast = 0.9;
blur_params_saturation = 1.2;
shadows = 1;
layer_shadows = 0;
shadow_only_floating = 1;
shadows_size = 10;
shadows_blur = 15;
shadows_position_x = 0;
shadows_position_y = 0;
shadowscolor = "0x000000ff";
# Animation
animations = 1;
layer_animations = 1;
animation_type_open = "slide";
animation_type_close = "fade";
animation_fade_in = 1;
animation_fade_out = 1;
tag_animation_direction = 0;
zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5;
fadeout_begin_opacity = 0.8;
animation_duration_move = 100;
animation_duration_open = 100;
animation_duration_close = 100;
animation_duration_tag = 200;
animation_duration_focus = 0;
animation_curve_open = "0.46, 1.0, 0.29, 1";
animation_curve_move = "0.46, 1.0, 0.29, 1";
animation_curve_tag = "0.46, 1.0, 0.29, 1";
animation_curve_close = "0.08, 0.92, 0, 1";
animation_curve_focus = "0.46, 1.0, 0.29, 1";
animation_curve_opafadeout = "0.5, 0.5, 0.5, 0.5";
animation_curve_opafadein = "0.46, 1.0, 0.29, 1";
# Appearance
borderpx = 0;
gappih = 10;
gappiv = 10;
gappoh = 10;
gappov = 10;
rootcolor = "0x201b14ff";
bordercolor = "0x444444ff";
focuscolor = "0xc9b890ff";
maximizescreencolor = "0x89aa61ff";
urgentcolor = "0xad401fff";
scratchpadcolor = "0x516c93ff";
globalcolor = "0xb153a7ff";
overlaycolor = "0x14a57cff";
# Misc
syncobj_enable = 1;
exec-once = [
"dbus-update-activation-environment --systemd --all; systemctl --user reset-failed && systemctl --user start mango-session.target"
"awww-daemon"
"dms run"
];
};
};
home.packages = with pkgs; [
quickshell
dms-shell
dgop
];
};
};
}

24
modules/hm/desktop/mpv.nix Normal file
View File

@@ -0,0 +1,24 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
scripts = (
with pkgs.mpvScripts;
[
modernz
thumbfast
mpris
mpv-image-viewer.image-positioning
]
);
config = {
osc = "no";
border = "no";
};
};
};
}

19
modules/hm/desktop/satty.nix Normal file
View File

@@ -0,0 +1,19 @@
{
flake.modules.homeManager.desktop = {
programs.satty = {
enable = true;
settings = {
general = {
corner-roundness = 12;
initial-tool = "arrow";
early-exit = true;
copy-command = "wl-copy";
};
font = {
family = "JetBrainsMono NerdFont";
};
};
};
};
}

31
modules/hm/desktop/theme.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
enable = true;
style = {
name = "Breeze";
package = pkgs.kdePackages.breeze;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
};
}

68
modules/hm/desktop/vicinae.nix Normal file
View File

@@ -0,0 +1,68 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
...
}:
{
programs.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
useLayerShell = true;
extensions = with pkgs.vicinae-extensions; [
bluetooth
nix
ssh
awww-switcher
process-manager
pulseaudio
wifi-commander
port-killer
silverbullet
];
settings = {
close_on_focus_loss = false;
consider_preedit = true;
pop_to_root_on_close = true;
favicon_service = "twenty";
search_files_in_root = true;
font = {
normal = {
size = 10;
family = "JetBrainsMono Nerd Font";
};
};
theme = {
light = {
name = "vicinae-light";
icon_theme = "default";
};
dark = {
name = "vicinae-dark";
icon_theme = "default";
};
};
launcher_window = {
opacity = 0.98;
};
imports = [ "/run/secrets/vicinae.json" ];
providers = {
"@sovereign/vicinae-extension-awww-switcher-0" = {
"preferences" = {
"transitionDuration" = "1";
"transitionType" = "center";
"wallpaperPath" = "/home/tux/Wallpapers/";
};
};
};
};
};
};
}

33
modules/hm/desktop/wezterm.nix Normal file
View File

@@ -0,0 +1,33 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.wezterm = {
enable = true;
package = pkgs.wezterm-git;
enableZshIntegration = false;
extraConfig = ''
local wezterm = require 'wezterm'
local config = {}
config.check_for_updates = false
config.window_close_confirmation = 'NeverPrompt'
config.color_scheme = 'Poimandres'
config.colors = {
background = "#0f0f0f"
}
config.enable_tab_bar = false
config.font = wezterm.font_with_fallback {
'JetBrainsMono Nerd Font',
}
config.font_size = 12.0
config.window_background_opacity = 1
config.audible_bell = "Disabled"
return config
'';
};
};
}

35
modules/hm/desktop/zed.nix Normal file
View File

@@ -0,0 +1,35 @@
{
flake.modules.homeManager.desktop = {
programs.zed-editor = {
enable = true;
extensions = [
"lua"
"nix"
"C#"
"solidity"
];
userKeymaps = [
{
context = "Workspace";
bindings = {
F7 = "workspace::NewTerminal";
};
}
];
userSettings = {
ui_font_size = 18;
buffer_font_size = 18;
theme = {
mode = "dark";
light = "Ayu Light";
dark = "Ayu Dark";
};
vim_mode = true;
telemetry = {
diagnostics = false;
metrics = false;
};
};
};
};
}

5
modules/hm/shell/bat.nix Normal file
View File

@@ -0,0 +1,5 @@
{
flake.modules.homeManager.shell = {
programs.bat.enable = true;
};
}

12
modules/hm/shell/btop.nix Normal file
View File

@@ -0,0 +1,12 @@
{
flake.modules.homeManager.shell = {
programs.btop = {
enable = true;
settings = {
theme_background = false;
update_ms = 1000;
presets = "cpu:0:default mem:0:default net:0:default";
};
};
};
}

69
modules/hm/shell/fastfetch.nix Normal file
View File

@@ -0,0 +1,69 @@
{
flake.modules.homeManager.shell = {
home.file.".config/fastfetch/config.jsonc".text = ''
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"type": "none",
},
"display": {
"separator": " ",
"key": {
"width": 18,
},
},
"modules": [
{
"key": " ",
"type": "custom",
},
{
"key": " \u001b[11D{#31} user",
"type": "title",
"format": "{1}",
},
{
"key": " \u001b[11D{#34} hname",
"type": "command",
"text": "hostname",
},
{
"key": " \u001b[11D{#34}󰻀 distro",
"type": "os",
},
{
"key": " \u001b[11D{#35}󰌢 kernel",
"type": "kernel",
},
{
"key": " \u001b[11D{#31} uptime",
"type": "uptime",
},
{
"key": " \u001b[11D{#32} shell",
"type": "shell",
},
{
"key": " \u001b[11D{#35} memory",
"type": "memory",
},
{
"key": " ",
"type": "custom",
},
{
"key": " \u001b[11D{#39} colors",
"type": "colors",
"symbol": "circle",
},
{
"key": " ",
"type": "custom",
},
],
}
'';
programs.fastfetch.enable = true;
};
}

8
modules/hm/shell/fzf.nix Normal file
View File

@@ -0,0 +1,8 @@
{
flake.modules.homeManager.shell = {
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
};
}

26
modules/hm/shell/git.nix Normal file
View File

@@ -0,0 +1,26 @@
{
flake.modules.homeManager.shell =
{
userName,
userEmail,
...
}:
{
programs.git = {
enable = true;
signing = {
key = "~/.ssh/id_ed25519.pub";
signByDefault = true;
};
settings = {
user = {
name = "${userName}";
email = "${userEmail}";
};
init.defaultBranch = "main";
commit.gpgSign = true;
gpg.format = "ssh";
};
};
};
}

173
modules/hm/shell/lazygit.nix Normal file
View File

@@ -0,0 +1,173 @@
{
flake.modules.homeManager.shell = {
programs.lazygit = {
enable = true;
settings = {
gui = {
showIcons = true;
nerdFontsVersion = "3";
};
customCommands = [
{
key = "<c-a>";
description = "AI-powered conventional commit";
context = "global";
command = "git commit -m \"{{.Form.CommitMsg}}\"";
loadingText = "Generating commit messages...";
prompts = [
{
type = "menu";
key = "Type";
title = "Type of change";
options = [
{
name = "AI defined";
description = "Let AI analyze and determine the best commit type";
value = "ai-defined";
}
{
name = "build";
description = "Changes that affect the build system or external dependencies";
value = "build";
}
{
name = "feat";
description = "A new feature";
value = "feat";
}
{
name = "fix";
description = "A bug fix";
value = "fix";
}
{
name = "chore";
description = "Other changes that don't modify src or test files";
value = "chore";
}
{
name = "ci";
description = "Changes to CI configuration files and scripts";
value = "ci";
}
{
name = "docs";
description = "Documentation only changes";
value = "docs";
}
{
name = "perf";
description = "A code change that improves performance";
value = "perf";
}
{
name = "refactor";
description = "A code change that neither fixes a bug nor adds a feature";
value = "refactor";
}
{
name = "revert";
description = "Reverts a previous commit";
value = "revert";
}
{
name = "style";
description = "Changes that do not affect the meaning of the code";
value = "style";
}
{
name = "test";
description = "Adding missing tests or correcting existing tests";
value = "test";
}
];
}
{
type = "menuFromCommand";
title = "AI Generated Commit Messages";
key = "CommitMsg";
command = ''
bash -c "
# Check for staged changes
diff=\$(git diff --cached | head -n 10)
if [ -z \"\$diff\" ]; then
echo \"No changes in staging. Add changes first.\"
exit 1
fi
SELECTED_TYPE=\"{{.Form.Type}}\"
COMMITS_TO_SUGGEST=8
opencode run -m \"google/gemini-2.5-flash-lite\" \"
You are an expert at writing Git commits. Your job is to write commit messages that follow the Conventional Commits format.
The user has selected: \$SELECTED_TYPE
Your task is to:
1. Analyze the code changes
2. Determine the most appropriate commit type (if user selected 'ai-defined')
3. Determine an appropriate scope (component/area affected)
4. Decide if this is a breaking change
5. Write clear, concise commit messages
Available commit types:
- feat: A new feature
- fix: A bug fix
- docs: Documentation only changes
- style: Changes that do not affect the meaning of the code
- refactor: A code change that neither fixes a bug nor adds a feature
- perf: A code change that improves performance
- test: Adding missing tests or correcting existing tests
- build: Changes that affect the build system or external dependencies
- ci: Changes to CI configuration files and scripts
- chore: Other changes that don't modify src or test files
- revert: Reverts a previous commit
Follow these guidelines:
- Structure: <type>(<scope>): <description>
- If user selected 'ai-defined', analyze the changes and pick the most suitable type
- If user selected a specific type, use that type: \$SELECTED_TYPE
- Add scope in parentheses if applicable (e.g., auth, api, ui, config)
- Use exclamation mark (!) after type/scope for breaking changes: type(scope)!: description
- Use lowercase for description (except proper nouns)
- Use imperative mood (\\\"add\\\", not \\\"added\\\")
- Keep description under 50 characters when possible
- No period at the end of subject line
Examples:
- feat(auth): add OAuth login support
- fix(api): handle null response in user endpoint
- docs(readme): update installation instructions
- style(ui): improve button spacing consistency
- refactor(database): simplify query builder logic
- test(auth): add unit tests for login flow
- build(deps): upgrade React to version 18
- ci(github): fix deployment workflow
- chore(config): update ESLint rules
- perf(api)!: optimize database queries
IMPORTANT:
- Generate exactly \$COMMITS_TO_SUGGEST different commit message options
- If user selected 'ai-defined', you can use different types for different options
- If user selected a specific type, all messages must use that type
- Only return commit messages, no explanations
- Do not use markdown code blocks
- One message per line
Previous commits for context:
\$(git log --oneline -10)
Changes to analyze:
\$(git diff --cached --stat)
\$(git diff --cached)
\"
"
'';
}
];
}
];
};
};
};
}

8
modules/hm/shell/lsd.nix Normal file
View File

@@ -0,0 +1,8 @@
{
flake.modules.homeManager.shell = {
programs.lsd = {
enable = true;
enableZshIntegration = true;
};
};
}

16
modules/hm/shell/misc.nix Normal file
View File

@@ -0,0 +1,16 @@
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
{
home.packages = with pkgs; [
systemctl-tui
zip
unzip
pciutils
usbutils
jq
dig
lsof
];
};
}

42
modules/hm/shell/neovim.nix Normal file
View File

@@ -0,0 +1,42 @@
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
{
home.file = {
".config/nvim" = {
recursive = true;
source = "${pkgs.tnvim}";
};
};
programs = {
neovim = {
enable = true;
defaultEditor = true;
};
vim.enable = true;
};
home = {
packages = with pkgs; [
python3
nodejs
bun
pnpm
go
rustup
typescript
neovide
nil
statix
deadnix
alejandra
luarocks
gdu
gcc
wakatime-cli
];
};
};
}

29
modules/hm/shell/opencode.nix Normal file
View File

@@ -0,0 +1,29 @@
{
flake.modules.homeManager.shell = {
programs.opencode = {
enable = true;
tui = {
theme = "system";
};
settings = {
provider = {
google = {
options = {
apiKey = "{file:/run/secrets/gemini-api-key}";
};
};
openrouter = {
options = {
apiKey = "{file:/run/secrets/openrouter-api-key}";
};
};
opencode-go = {
options = {
apiKey = "{file:/run/secrets/opencode-go-api-key}";
};
};
};
};
};
};
}

5
modules/hm/shell/ripgrep.nix Normal file
View File

@@ -0,0 +1,5 @@
{
flake.modules.homeManager.shell = {
programs.ripgrep.enable = true;
};
}

52
modules/hm/shell/starship.nix Normal file
View File

@@ -0,0 +1,52 @@
{
flake.modules.homeManager.shell = {
programs.starship = {
enable = true;
settings = {
format = "$os$hostname$directory$rust$golang$solidity$nodejs(bold blue)$git_branch$git_status[](bold yellow)[](bold purple)[](bold blue) ";
scan_timeout = 60;
add_newline = false;
line_break.disabled = true;
os = {
format = "[$symbol ]($style)";
style = "bold green";
disabled = false;
symbols.NixOS = "󰊠";
symbols.Linux = "󰊠";
symbols.Arch = "󰣇";
symbols.Ubuntu = "󰕈";
};
directory = {
format = "[$path]($style)[$read_only ]($read_only_style)";
read_only = " 󰌾";
style = "bold blue";
};
git_branch.format = "[$symbol$branch]($style) ";
hostname = {
ssh_only = false;
format = "[$ssh_symbol$hostname]($style) ";
style = "bold green";
ssh_symbol = "󰇧 ";
disabled = false;
};
rust = {
format = "[$symbol]($style)";
symbol = " ";
};
golang = {
format = "[$symbol]($style)";
symbol = " ";
};
solidity = {
format = "[$symbol]($style)";
symbol = "󰡪 ";
};
nodejs = {
format = "[$symbol]($style)";
symbol = "󰎙 ";
};
};
};
};
}

43
modules/hm/shell/superfile.nix Normal file
View File

@@ -0,0 +1,43 @@
{
flake.modules.homeManager.shell = {
programs.superfile = {
enable = true;
settings = {
theme = "poimandres";
editor = "";
dir_editor = "";
auto_check_update = false;
cd_on_quit = false;
default_open_file_preview = true;
show_image_preview = true;
show_panel_footer_info = true;
default_directory = "~";
file_size_use_si = false;
default_sort_type = 0;
sort_order_reversed = false;
case_sensitive_sort = false;
shell_close_on_success = false;
debug = false;
ignore_missing_fields = false;
nerdfont = true;
transparent_background = true;
file_preview_width = 0;
code_previewer = "bat";
sidebar_width = 20;
border_top = "";
border_bottom = "";
border_left = "";
border_right = "";
border_top_left = "";
border_top_right = "";
border_bottom_left = "";
border_bottom_right = "";
border_middle_left = "";
border_middle_right = "";
metadata = true;
zoxide_support = true;
enable_md5_checksum = false;
};
};
};
}

155
modules/hm/shell/tmux.nix Normal file
View File

@@ -0,0 +1,155 @@
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
let
bg = "default";
fg = "default";
bg2 = "brightblack";
fg2 = "white";
color = c: "#{@${c}}";
indicator =
let
accent = color "indicator_color";
content = " ";
in
"#[reverse,fg=${accent}]#{?client_prefix,${content},}";
current_window =
let
accent = color "main_accent";
index = "#[reverse,fg=${accent},bg=${fg}] #I ";
name = "#[fg=${bg2},bg=${fg2}] #W ";
# flags = "#{?window_flags,#{window_flags}, }";
in
"${index}${name}";
window_status =
let
accent = color "window_color";
index = "#[reverse,fg=${accent},bg=${fg}] #I ";
name = "#[fg=${bg2},bg=${fg2}] #W ";
# flags = "#{?window_flags,#{window_flags}, }";
in
"${index}${name}";
battery =
let
percentage = pkgs.writeShellScript "percentage" (
if pkgs.stdenv.isDarwin then
''
echo $(pmset -g batt | grep -o "[0-9]\+%" | tr '%' ' ')
''
else
''
path="/org/freedesktop/UPower/devices/DisplayDevice"
echo $(${pkgs.upower}/bin/upower -i $path | grep -o "[0-9]\+%" | tr '%' ' ')
''
);
state = pkgs.writeShellScript "state" (
if pkgs.stdenv.isDarwin then
''
echo $(pmset -g batt | awk '{print $4}')
''
else
''
path="/org/freedesktop/UPower/devices/DisplayDevice"
echo $(${pkgs.upower}/bin/upower -i $path | grep state | awk '{print $2}')
''
);
icon = pkgs.writeShellScript "icon" ''
percentage=$(${percentage})
state=$(${state})
if [ "$state" == "charging" ] || [ "$state" == "fully-charged" ]; then echo "󰂄"
elif [ $percentage -ge 75 ]; then echo "󱊣"
elif [ $percentage -ge 50 ]; then echo "󱊢"
elif [ $percentage -ge 25 ]; then echo "󱊡"
elif [ $percentage -ge 0 ]; then echo "󰂎"
fi
'';
color = pkgs.writeShellScript "color" ''
percentage=$(${percentage})
state=$(${state})
if [ "$state" == "charging" ] || [ "$state" == "fully-charged" ]; then echo "green"
elif [ $percentage -ge 75 ]; then echo "green"
elif [ $percentage -ge 50 ]; then echo "${fg2}"
elif [ $percentage -ge 30 ]; then echo "yellow"
elif [ $percentage -ge 0 ]; then echo "red"
fi
'';
in
"#[fg=#(${color})]#(${icon}) #[fg=${fg}]#(${percentage})%";
pwd =
let
accent = color "main_accent";
icon = "#[fg=${accent}] ";
format = "#[fg=${fg}]#{b:pane_current_path}";
in
"${icon}${format}";
git =
let
icon = pkgs.writeShellScript "branch" ''
git -C "$1" branch && echo " "
'';
branch = pkgs.writeShellScript "branch" ''
git -C "$1" rev-parse --abbrev-ref HEAD
'';
in
"#[fg=magenta]#(${icon} #{pane_current_path})#(${branch} #{pane_current_path})";
separator = "#[fg=${fg}]|";
in
{
programs.tmux = {
enable = true;
baseIndex = 1;
escapeTime = 0;
mouse = true;
extraConfig = ''
set-option -sa terminal-overrides ",xterm*:Tc"
set-option -g status-position top
unbind r
bind r source-file ~/.config/tmux/tmux.conf
# remap prefix from C-b to C-Space
# unbind C-b
# set -g prefix C-Space
# bind C-Space send-prefix
# split panes using | and -
unbind '"'
unbind %
bind | split-window -h
bind - split-window -v
# Start windows and panes at 1, not 0
set -g base-index 1
set -g pane-base-index 1
set-window-option -g pane-base-index 1
set-option -g renumber-windows on
# switch panes using Alt-arrow without prefix
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
set-option -g default-terminal "screen-256color"
set-option -g status-right-length 100
set-option -g @indicator_color "yellow"
set-option -g @window_color "magenta"
set-option -g @main_accent "blue"
set-option -g pane-active-border fg=black
set-option -g pane-border-style fg=black
set-option -g status-style "bg=${bg} fg=${fg}"
set-option -g status-left "${indicator}"
set-option -g status-right "${git} ${pwd} ${separator} ${battery}"
set-option -g window-status-current-format "${current_window}"
set-option -g window-status-format "${window_status}"
set-option -g window-status-separator ""
'';
};
};
}

9
modules/hm/shell/zoxide.nix Normal file
View File

@@ -0,0 +1,9 @@
{
flake.modules.homeManager.shell = {
programs.zoxide = {
enable = true;
options = [ "--cmd cd" ];
enableZshIntegration = true;
};
};
}

27
modules/hm/shell/zsh.nix Normal file
View File

@@ -0,0 +1,27 @@
{ lib, ... }:
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
{
programs.zsh = {
enable = true;
history = {
append = true;
share = true;
expireDuplicatesFirst = true;
ignoreDups = true;
size = 1000000;
save = 1000000;
path = "$HOME/.local/share/zsh/.zsh_history";
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
initContent = ''
${lib.getExe pkgs.fastfetch}
bindkey "^A" vi-beginning-of-line
bindkey "^E" vi-end-of-line
bindkey '^R' fzf-history-widget
'';
};
};
}

82
modules/hosts/alpha/config.nix Normal file
View File

@@ -0,0 +1,82 @@
{ config, ... }:
{
flake.modules.nixos.alpha =
{
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/opencode"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/alpha/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "alpha";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/alpha/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.alpha =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/alpha/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.alpha =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/alpha/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.alpha = {
home.stateVersion = "26.05";
};
}

29
modules/hosts/alpha/secrets.yaml Normal file
View File

@@ -0,0 +1,29 @@
tux-password: ENC[AES256_GCM,data:tvx3nMoIuQSotxHDWLs7UesnyWY3u3EwkqAIzCw3Z2AJseaiqnt/xeSKAeUXPVSs85rVdIJ6Ys5+6r+NONEG7ujuNevpjJRNkQ==,iv:CB0BIrMfdiWiMCvmRdtsafh3dCAD5Qb3mOuE7eq4nA4=,tag:p/3AESwNCEL4EoU9rJjUPw==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Bo3Z5Jhce0UOBn77I2AcrXYbBgPLDx0eOjPC8J63E/VWNhMPbbxb,iv:iWOsTACOMcK3oqq848WnJ5Ku3tYy1aadmLB4IMgoyqg=,tag:BPzlXoP8/iJaj8c/YFCWyg==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:D+/ImUTg7UvBTh0fMlWMZ0O/GsQS/R4Hz+CO4l42R6mn+zk+udvw79BctXdWWyrFf2ZNOTJ/99QTtWOUOvHISWaEJogXyb+93g==,iv:c7OtgBu1Zaf7lA4InIsKOAPbAvTl3gaO7QGCFNx21Bo=,tag:KXiASj/qC1YzK6DUox57ug==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:ipKkNcRqBERIQ6f6yFzVm999s+UwJys4elHWhzpL441RfOaG9MmRWMcD+wRLJ7DSWFjYu6uUPF7TKez8J6abWeKDgg==,iv:FDSYE3R8zKVxWiP2S/sCVcwEu3fEXg/hCeqCRSF+c6g=,tag:5RDuMFGMoN6xwAYj0HiyjQ==,type:str]
netbird-key: ENC[AES256_GCM,data:NilfyafnGhFVYD6q4+jJQxlhXNdNC8BQ1CZfu8a5wc693Y1h,iv:Rpl0OpkQdBMPpIJ08t9Z0AjDAW6c97pFZKO1KPu8ipY=,tag:du3d0SQWuqJtJSwhSgJE4g==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR0kzRXBGRjJaVldDRk90
KzYwSzJBeXBnNVZ0T2VaU2oyLzdRWmo5ZzNVCk9HTDVtMk8xL1cwL2FSRUR5UGdS
bXJnOXhTbWozWm5rd2pnaFNoWk0rWncKLS0tIGFWWmY2WU9YanJ5UElab3lqaXNo
QUhYUWs4bitJaGpXL200b0s0SmVIeVUKevQ1IVqmqGIYf014iL47C02+peSYJyeE
PNluZUA6VzrL2WpdJzDqxAwSWtcgXG0/JADIg+DssnhftiHMHzn3NQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1VPODRnNEs2bXlUVjB5
Z0pBUzBnRDQ0WWcvL2IvUHdmQXUxNjRpTVN3Ck9VLzd2QWpMMlFJck1EQXBVanl0
SC91bDFqNFlJZ2E0UXVZa3BKRjh3TlkKLS0tIENuc1dUZ1dDUTg2VXBueU1ETG9S
c095blJheHhVT0E4bjdGUWlYN0N4MVUKK42sChX4V37HK1SRKQxldLpft2jVfeiG
4TkObqH8ddGpbd7cX5a/wboTjYuEdAviWxjK2oBPgtcFc1f03X3tmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T01:11:29Z"
mac: ENC[AES256_GCM,data:E+ZcNRFEPtJK02gWooRs7f20BHIYf8Ot4GjB1ab1KZwhI+3pUI6r654iO8+tiimQSeLWLgD43Szq4/7CpS+8NVjSI5uvXSxQQubXQfI0LmulT5XAVueOuSMgvetSFg8yN6+njBmr/MauixSSs2jjpQxtfsSSBgZ9RO7B7qLpMe4=,iv:kdCcTLb3bDmCfcjQQ8fH5ipkTQ5YlVDlhEVw5MzsH6s=,tag:ojub2y6b+jMbW/5i39xH5w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

112
modules/hosts/arcturus/config.nix Normal file
View File

@@ -0,0 +1,112 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
hostName,
userName,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".config/sops"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
services = {
cyber-tux = {
enable = true;
environmentFile = innerArgs.config.sops.secrets.discord-token.path;
};
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
discord-token = {
sopsFile = ./secrets.yaml;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "arcturus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

74
modules/hosts/arcturus/disko.nix Normal file
View File

@@ -0,0 +1,74 @@
{ inputs, ... }:
{
flake.modules.nixos.arcturus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

36
modules/hosts/arcturus/hardware.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
lib,
pkgs,
system,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
};
}

6
modules/hosts/arcturus/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.arcturus = {
home.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:eXg28pYQjIi5iPh4oHBOvIYQReM92T79uty/O461mEoLB8awr8ikq3RM7Mux3jZKM+Fk/Ow3NNG0F/154dZentodr1uvy9gD1g==,iv:nQevOumENveBMuiYMJF0OokORyjZCpR8ahTfOuj2Dzo=,tag:64zz8eVuw1OwTltfAUwWSg==,type:str]
discord-token: ENC[AES256_GCM,data:uzxkrNRRplL/1MfvPZ/EL+I8UACuZQBHZ95BSHuxW0nBjxhr2F89D2BXTcKOBI9qO6uMjK5WBtWzSOw3y9EsngTTm/youIdkrIDLP3r/tkpOkLa/VjM=,iv:OxzFa0nEInV5uxgQFww11ZE1NorH5q130Tgp/6l9uOE=,tag:g4U9wLhPAkz72ktbQ8KrSg==,type:str]
gemini-api-key: ENC[AES256_GCM,data:gLZSoYTdKY+rwIpYiXvN9n9PGkUD6q8Oe7dHnYkjEjwDf5qpjubg,iv:ySoNgQWTu9DjvbashF4ulyYP8fJUl4yrCTeBQ0jrGmw=,tag:FctubsQv50AP78JvTb9bpQ==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:6xONCl9lqOoO7b4CEyCz9607tICDUAkpglRjGS5nYq2ppg2UKqYTrWD1BGCA5Xfs/CWskniVhoNG3vscjKiYCCh9gbM6aqdmTQ==,iv:7Iwc9t00HOOBjA7URXcUO41badqYyJCkFHM/uPkLFxY=,tag:Cl39kitr2e0//HVwAdsdUQ==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:dmeRKn7TWHnqvpyPQpcEG6yHTb2bRby/rh10ytL0jHj5R+lRmNVdmqUF92GTznY9vEaB6ZYCJecWhpm8g4upNfOWBg==,iv:9UMJpAlD8gpcNiN+liu3nawoAZQKapEg7sCp561N9E8=,tag:OZlASpOa5BQaQwFWjoLCRw==,type:str]
netbird-key: ENC[AES256_GCM,data:q6eKisca04qn/CvALrvXF79MsToDhvLRLv2JTiUBAZglCC9m,iv:jj0/ZD7IDgopprTVUgSfJmdAJmUP3iqewU3dqssGYbk=,tag:6IPRdCm2FGdlTEIX7jt3qA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Qkh0cmdHNGJTYmFNUFZW
c244RjlyNjlrSWh1bG1IRFFFeFZZVzhaYVdBCmd1N3JNS0IzWDlUMUJSM0pYdi9L
MzlHRk1pZ1hqaVdIYUQwczh2VDVtZE0KLS0tIEtRYWF6V0I3eDBZSnVmZ2R5S0Z5
Z3hhRitmdEwxbzcrS0cwNTZVK1lXYlUKSFfKk7JGzxRq9weL4NKJqfmAige2O+1T
59PvEFKvvkGb6ajkzwTw0lB3UFzly6FuTnbSLY9r+oT9AMbxLoKdcQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYlZiak1CSW1NSGt5QTRi
RjlUeG5EODVkTVJDY1RrZXJ6OU5NQ0RIOG5jCnJxZ1R6MmlGWXY2SmtaY1pQSWdZ
UWp3L2h6c0k0MVpubE9BRSswUEk3ZkkKLS0tIGN4Zm1tcHBiKzAyYWNHVktVZmpU
V3h4dUZLcktrTUZvUm44eVZOWEl4VmMKMTvajoWcktb4jVIP4HyzQiR41Wg8Gdqi
TLKEYsPQgOJ7s8P9gw2uPUY6HRz86CtiC6EbO27u0+8BbI85x1QScg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:36:06Z"
mac: ENC[AES256_GCM,data:nD0exblrbheP1C5lK8V17V/gkHJO6s6yVjXtQWcUOLVGrzkPSxkymYBHUFMTLVyYQNLCVMc8AHkuHVuJ1tBfXNll1f6/SGtfaBQcOLct70U7nFxd/XybTUlscNp2KafJWy/n4ZUfNDbfrWN1R463CN/M50jGqJPDWYuP9ah2JcI=,iv:izQUT/+HQqJZ48X5bXobFSaWcdcXQ/7eh+SCd9i4YYo=,tag:FJlR2wI4rWQ/SDfQGtQ7AQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

132
modules/hosts/canopus/config.nix Normal file
View File

@@ -0,0 +1,132 @@
{ config, ... }:
{
flake.modules.nixos.canopus =
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = false;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install.
system.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "canopus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/canopus/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.canopus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "32G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

134
modules/hosts/canopus/hardware.nix Normal file
View File

@@ -0,0 +1,134 @@
{ inputs, config, ... }:
{
flake.modules.nixos.canopus =
{
lib,
system,
...
}@innerArgs:
{
imports =
with config.flake.modules.nixos;
[
hardware
]
++ [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
services = {
power-profiles-daemon.enable = true;
upower.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 80,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_profile_linked_epp: true,
platform_profile_on_battery: Quiet,
platform_profile_on_ac: Performance,
change_platform_profile_on_battery: true,
change_platform_profile_on_ac: true,
profile_quiet_epp: Power,
profile_balanced_epp: BalancePower,
profile_custom_epp: Performance,
profile_performance_epp: Performance,
ac_profile_tunings: {},
dc_profile_tunings: {},
armoury_settings: {},
)
'';
profileConfig.text = ''
(
active_profile: Quiet,
)
'';
fanCurvesConfig.text = ''
(
profiles: (
balanced: [
(
fan: CPU,
pwm: (2, 22, 45, 68, 91, 153, 153, 153),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (2, 25, 48, 71, 94, 165, 165, 165),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
performance: [
(
fan: CPU,
pwm: (35, 68, 79, 91, 114, 175, 175, 175),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (35, 71, 84, 94, 119, 188, 188, 188),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
quiet: [
(
fan: CPU,
pwm: (2, 12, 22, 35, 45, 58, 79, 79),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
(
fan: GPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 84),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
],
custom: [],
),
)
'';
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

39
modules/hosts/canopus/home.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, ... }:
{
flake.modules.homeManager.canopus = {
imports = with config.flake.modules.homeManager; [
desktop
];
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:eDP-1, width:2560, height:1440, refresh:165, x:0, y:0, vrr:1"
];
tagRule = [
"id:1, layout_name:tile"
"id:2, layout_name:tile"
"id:3, layout_name:tile"
"id:4, layout_name:tile"
"id:5, layout_name:scroller"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints = {
"f4:4b:17:61:f7:01:a4:a2:e1:c7:8c:1c:7a:f3:8b:87:14:3d:05:3d:a0:8b:cc:e7:88:d8:d8:d2:a4:c2:75:8b" =
"sirius";
};
};
};
};
home.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:Xb4/JMAZCBnBheDCJdRRGXLnMJ1ej8HbN+AUqA/+2sdYESKeF1PFny4Iq2kqvzdK4D3mp+pdjd7GAGfJp4M7sOcvI3V/coyxPQ==,iv:h+S+MEwHj22uHaTzFoxGZtefNUAQNp3fbU+QRfgtKvQ=,tag:VHrIEIQivPFTfhmm7dWEyQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Q6+actg0oyUWiUJVy/9yZmea1QyGu2o8LfMsuAVFD6k7kp0dYIrl,iv:ukyouqrHxzVpBBE98KL6PW8P3j+seemm/e0Gl1urUcM=,tag:Z7MM3dJ414CmdxE72cdzNA==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:SalhWKR6artX/kOVKZGpKSmrgsQDU/heshrdkK3wotOZ3BRn/ZqZRBldvl1JPSenMAMvE2LWUdmBQmwG/id7L7JL1O/+lUHIQw==,iv:hLlHayFJgUkWOirVLfqP0pGRBZAqGKe+EE2yG1ELGNk=,tag:0qoo0tb+xWjjQXr4n1qGmw==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:zbeTcaXJZFVfYnM/7sgblJFU9WfeosX/44KsXvrzKwiLPfGLLYYo9AFaCvWzzG6jHuSZC5OYrBWfOZv4+3omfCgglQ==,iv:LscUQE+PNhXGim9PSqc9nZIZichWSgAn/zsNxQ/HM/o=,tag:MaBCobnRM42fopiibibe5Q==,type:str]
netbird-key: ENC[AES256_GCM,data:swmaa+RjxeUmEl8hS2riGrW4lP5jdks9HM3x57/FLpOuqFtR,iv:MrpVjiocrPi+dBGPk7pwgSUNlJ1eryRpMjC8+jkU+T0=,tag:j6sqpQ02apqc6FwkdDvk9g==,type:str]
vicinae-json: ENC[AES256_GCM,data:FarBf6l8pl3hF7kGKPIWztUhwiKoQXmyTufCuJ120K/bPh1Bfiyi+ETt4DLYOGI6FJXfpVz4BbZOA29bXTLhVPxH0QtyBu/F5uEqA015b/c8VevDJSyy9huR13qO9ksLbMBt8RfWbAd9j26t7A1C8/mMyiJOEXCCTV9CEIW3xWrsYmhwsT8RYM+PwrPSeN1gQXHSMyRUjf/kOdJoda8+iXpLfjo4II4r2ELpbqi8QxhrRdsJsoOfAymFM784NtlTjE+h6S4TMehmoF/9ARif6I5SGQ0WfIKt/8orTGCPllL+NupLziSnpIGRGSybdArD+o5NCw59GOAbVRADxq8rCESwEkq3cF+hm8HabfYbiQ==,iv:Y/hXLFTJT3gNF3B6tgKoAh7njVuneoUzjVTlsCZiySw=,tag:2hfrwph6IccJdRu/yGu3XA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS2RZdVJaNTlRamZPMkll
MDRVSVl1b2x2LzZpdlBrdmZtdyt3UE15RldRCldXUXE2a1BFeHg5NGNPbW5IMDht
cHN1QituOU9uWFQwNS9udzNEbVhtUjQKLS0tIEtkTXhlYS9XSUlQRTY1eXBjeXZQ
bThQTFdZU29ISm93TWcwVk5ZTkhRWm8KCcprmLGhahgDkXCBpzjctHgao+gc+rKC
xLIwheUyFJOGK+ixqcdoZ/PC0kY68hVLt1YzLAyxFi4Ur1wltPrNug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVW13WFE1Ylh3Uk1HNU1i
bU9kRzFqTmhkQlRzMlRkM0VhMlNmMDUyK25NCkZYUStxM2tScGozRXJGekxGa1RX
b1VXK0Y2Z1U0YU9XRmxRUWdWem50L1EKLS0tIFovcHRlZ1JJd2lRN0RFbHdCdm9m
V1N3eUVjZ0VZRjBZdXRPNng3Y3JoUTAKQau9CG9XfvM+5JZVRwaJr/o/sXMaJiy2
wo2YcDb+4vfT4Wr+/8J3ccQgbLRZH916X5ZPL+A+nFyVXVKOCl3ENg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-12T06:33:00Z"
mac: ENC[AES256_GCM,data:htDJdEx34Q5NG8vwbBimnFENZawbLZ4FC0DkyG6J5RYP0BFnycKcKGsYR87SvIjcJZXvfZ0e6fXdtc78dd6I0sQtrQ7aNn4Iktbu/AkPmntsBwpIjVI99X9zUyQB87go/oX15yuyt8loB6ds2RkL/pfFsgLbFc10JHsBy+WcEzI=,iv:HvY+5LYzyHpRm8XCSKrN8ra/LJT9v23TPSsZg/4QVNU=,tag:k+d45+zgBYq4vlWmmc8ZkQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

133
modules/hosts/sirius/config.nix Normal file
View File

@@ -0,0 +1,133 @@
{ config, ... }:
{
flake.modules.nixos.sirius =
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
".config/lan-mouse/lan-mouse.pem"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = true;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install.
system.stateVersion = "26.05";
};
}

30
modules/hosts/sirius/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "sirius";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/sirius/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.sirius =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "70G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

51
modules/hosts/sirius/hardware.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, ... }:
{
flake.modules.nixos.sirius =
{
lib,
pkgs,
system,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.kernelParams = [ "nvidia-drm.modeset=1" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware = {
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
};
services = {
xserver.videoDrivers = [ "nvidia" ];
power-profiles-daemon.enable = true;
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.config.cudaSupport = true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.full
];
};
}

57
modules/hosts/sirius/home.nix Normal file
View File

@@ -0,0 +1,57 @@
{ config, ... }:
{
flake.modules.homeManager.sirius = {
imports = with config.flake.modules.homeManager; [
desktop
];
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
tagRule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
clients = [
{
position = "bottom";
hostname = "canopus";
activate_on_startup = true;
ips = [ "192.168.8.2" ];
}
];
};
};
};
home.stateVersion = "26.05";
};
}

30
modules/hosts/sirius/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
tux-password: ENC[AES256_GCM,data:JWQVd2MYX2U4UP4II62ixG9hWI5MtgHAFhl8aCmyrYPl1H/ig9ZYqfTiggJsOoXM9CUHmhUTrSWw7xRvbzztBrC7L4ABcWPbrQ==,iv:wY/RNJs7XaCsHHNX2MLBqzAgDCSo4rht10oiKrUlTHo=,tag:DcADVtEJs2KCeNS6AhO0SQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Y9YgXp/tB3Q1Rb5YMsZLgWCq+bdeIjsXAVeO3Yh7nZ8MwDH7d5De,iv:FIXxJCn6JDYsHIoNn8f8Un3z9ZPVbxdjR48Ux88poRg=,tag:bMJ4i69HTspnhzsrsxkbrw==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:HfZgZz4NyCLLM9woTZp2I6JGOlVcFblw2OMjx8k0TG5ZU2ycBCF6bKqp3wFibUxXcHy+nIfjI82fkLeSyIaGILRLYCJCc8BHKw==,iv:umUcn8MRaj7JXo6IFrGMXOu+jsFSCEikMxsQxfaFS/Q=,tag:l2s61C4EpJoKv8cc9nYGFA==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:BGERcZg5Jpnznc4cXeYFMhPk9kKBkd9GvIuQBV9TW3JE1utgrLLYK6mKNCQqrEStRFiO2jUUnBm3opUNL4SuEHFLpw==,iv:fgFAwx6z9yruK27PvAJX/Q2CS9gU+LJ5zMUK/f/rzpo=,tag:BPu3M+jppPB8sLoLmfuY/Q==,type:str]
netbird-key: ENC[AES256_GCM,data:qXAnRnLM2TlzpOvWG4exJv0+pUvpe0FpRN5xOWx3+KNt+yhq,iv:X+yl4o1RSYMCMWdVXo1hpzy+6IdKXUpsKPtYNSiHiCY=,tag:I8HbnD5iw6EJ1TdsNrhvfw==,type:str]
vicinae-json: ENC[AES256_GCM,data:JjxolEgS6uakqR4eHOx3VyrOO5kaL4dj1jcEiLWsrktCU32UB7OmP1kJEVomA1rZjODpFHL89+FRpcNFspTFrc365WlANE81RLg/M2Ja1MiLYaDFNcBGtqMX9Yc1muor53Xl7t+rTSvDIj1oE1L7xPPcjCLfwC5QDzJjCBWj9FhCxnU5BwvoJNv9vgA6xnkzAOYSPZK/ihULMD0DxyqOUEa5ECGX62OPM9Gbr7jEviaItYzOOxaRs/yQVqizodGGl/BcK6fPqvOYSxip9ABYRVSI9ZvysY7ofAkeX91ardPwVG5VvEYfxZwBvGFjV7ZfTzVkK+BiUUNrvciAETHqwkjHftPpfJjxWsgLr8lbOA==,iv:HjDE/sqVDnxeww7r2upxH57rc1+LpuMKnhhyGXoc1Ms=,tag:d2kZeWkg17eVoNACIQ3Q9A==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGdHcDc4bTFkR0EyZlUr
eXovR1lyeTZJTDg5R281MFFuMHVwOXZXYzNvCkpIT1g3K05WUUswaEVjVVJWQkJq
V20xODdoWlJMY3ZCcGo0czU1TXZFRE0KLS0tIGNTeXV2Mld2STRmRnFaM1MzT3Nk
Z0JwWWR0STUybjVhSXdDR3NiKzV1eDQK22HmMuyqYaR/eGuALkAPB1Y5bN2KwIt3
pamM8vbnjB//hXoyrv4vsoDk9WzLGFGjgiw2qsM2HQgzQqtrwF1/1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N3ZBd1pHODFtZkZxaHNP
OXlXUzVFS0ZIam1IWVkxNldOdTEwY0s4aUNZCjVlcnF1aXJxUUlQSXhteXJ6OU1W
L0crZzJOaHF2SnVhWVZnVEdqRlR0cjgKLS0tIFlFWHhaR3U2QTNxRGZRMnk3cmll
M3JocWZJeXFxenhXOENBVWpvNkd3bm8KqhNLzCyEAI643jGWpZF/uTchHmBj8ozU
HtpOzKsshif66D0XOHeJQfQamJI4TyKsj3Sk3j9rstsLmN2lxTRGHg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:35:50Z"
mac: ENC[AES256_GCM,data:u27zQ1PPnWy5Parbh/1DkVP3ICmHnLZJKaLbN3dZEVONgqOWi32LV3t0iNhtLWwVnzFPBusRWahQiqAkUdnQtrXF0OtjPCpLuIw86xB75QPGbet0GZlLNb8/xPshChZe4v520csdJMWiy3vYeKrk8LxMSViAGhmhYK2a5NbGhzI=,iv:/9vePmvCNqoP0kx24fP3HfCjS2FkjBmI5B+SycvKKW4=,tag:gE1/DnLolwhoyfMJYejGIQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

50
modules/hosts/vps/config.nix Normal file
View File

@@ -0,0 +1,50 @@
{ config, ... }:
{
flake.modules.nixos.vps =
{
hostName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
};
};
};
networking.openssh.enable = true;
virtualisation = {
docker.enable = true;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/vps/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
inputs,
config,
...
}:
let
hostName = "vps";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/vps/disko.nix Normal file
View File

@@ -0,0 +1,82 @@
{ inputs, ... }:
{
flake.modules.nixos.vps =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/vps/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{
flake.modules.nixos.vps =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/vps/home.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.modules.homeManager.vps = {
home.stateVersion = "26.05";
};
}

121
modules/nixos/boot/impermanence.nix Normal file
View File

@@ -0,0 +1,121 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
userName,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.tnix.boot.impermanence = {
enable = lib.mkEnableOption "Enable impermanence";
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
options.tnix.boot.impermanence.home = {
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = lib.mkIf cfg.impermanence.enable {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib"
"/etc/NetworkManager/system-connections"
]
++ cfg.impermanence.directories;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
]
++ cfg.impermanence.files;
};
home-manager.users.${userName} = {
home.persistence."/persist" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
".ssh"
]
++ cfg.impermanence.home.directories;
files = cfg.impermanence.home.files;
};
};
boot.initrd.systemd = {
enable = true;
services.wipe-my-fs = {
wantedBy = [ "initrd.target" ];
after = [ "initrd-root-device.target" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
};
};
}

29
modules/nixos/boot/loader.nix Normal file
View File

@@ -0,0 +1,29 @@
{
flake.modules.nixos.boot =
{ config, lib, ... }:
let
cfg = config.tnix.boot;
in
{
options.tnix.boot.legacy = {
enable = lib.mkEnableOption "legacy boot (GRUB) instead of systemd-boot";
};
config = lib.mkMerge [
{
boot.loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
};
}
(lib.mkIf (!cfg.legacy.enable && !cfg.secure-boot.enable) {
boot.loader.systemd-boot.enable = true;
})
(lib.mkIf cfg.legacy.enable {
boot.loader.grub.enable = true;
})
];
};
}

11
modules/nixos/boot/misc.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
};
};
}

43
modules/nixos/boot/secure-boot.nix Normal file
View File

@@ -0,0 +1,43 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
pkgs,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
options.tnix.boot.secure-boot = {
enable = lib.mkEnableOption "Enable secure-boot";
};
config = lib.mkIf cfg.secure-boot.enable {
assertions = [
{
assertion = !cfg.legacy.enable;
message = "secure-boot and legacy boot (GRUB) cannot be enabled at the same time";
}
];
environment.systemPackages = [ pkgs.sbctl ];
# Lanzaboote replaces systemd-boot, so force it off
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
autoGenerateKeys.enable = true;
autoEnrollKeys.enable = true;
configurationLimit = 10;
pkiBundle = "/var/lib/sbctl";
};
};
};
}

37
modules/nixos/core/hm.nix Normal file
View File

@@ -0,0 +1,37 @@
{ inputs, config, ... }:
{
flake.modules.nixos.core =
{
hostName,
userName,
userEmail,
...
}:
{
imports = [
inputs.home-manager.nixosModules.home-manager
];
home-manager = {
backupFileExtension = "bak";
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit
inputs
hostName
userName
userEmail
;
};
users.${userName} = {
imports = [
config.flake.modules.homeManager.core
config.flake.modules.homeManager.shell
config.flake.modules.homeManager.${hostName}
];
};
};
};
}

20
modules/nixos/core/nh.nix Normal file
View File

@@ -0,0 +1,20 @@
{
flake.modules.nixos.core =
{
config,
userName,
...
}:
{
programs.nh = {
enable = true;
clean = {
enable = !config.nix.gc.automatic;
dates = "weekly";
};
flake = "/home/${userName}/Projects/nixos-config";
};
};
}

83
modules/nixos/core/nix.nix Normal file
View File

@@ -0,0 +1,83 @@
{
flake.modules.nixos.core =
{ userName, ... }:
{
nix = {
channel.enable = false;
gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "weekly";
persistent = true;
};
optimise.automatic = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
max-jobs = "auto";
# Make legacy nix commands use the XDG base directories instead of creating directories in $HOME.
use-xdg-base-directories = true;
# The maximum number of parallel TCP connections used to fetch files from binary caches and by other downloads.
# It defaults to 25. 0 means no limit.
http-connections = 128;
# This option defines the maximum number of substitution jobs that Nix will try to run in
# parallel. The default is 16. The minimum value one can choose is 1 and lower values will be
# interpreted as 1.
max-substitution-jobs = 128;
# The number of lines of the tail of the log to show if a build fails.
log-lines = 25;
# When free disk space in /nix/store drops below min-free during a build, Nix performs a
# garbage-collection until max-free bytes are available or there is no more garbage.
# A value of 0 (the default) disables this feature.
min-free = 128000000; # 128 MB
max-free = 1000000000; # 1 GB
# Prevent garbage collection from altering nix-shells managed by nix-direnv
# https://github.com/nix-community/nix-direnv#installation
keep-outputs = true;
keep-derivations = true;
# If set to true, Nix will keep building derivations even if some fail. The default is false.
keep-going = true;
# Automatically detect files in the store that have identical contents, and replaces
# them with hard links to a single copy. This saves disk space.
auto-optimise-store = true;
# Whether to warn about dirty Git/Mercurial trees.
warn-dirty = false;
# The timeout (in seconds) for establishing connections in the binary cache substituter.
# It corresponds to curls connect-timeout option. A value of 0 means no limit.
connect-timeout = 5;
# Allow the use of cachix
trusted-users = [
"root"
"${userName}"
];
allowed-users = [
"root"
"${userName}"
];
builders-use-substitutes = true;
# If set to true, Nix will fall back to building from source if a binary substitute
# fails. This is equivalent to the fallback flag. The default is false.
fallback = true;
};
};
};
}

12
modules/nixos/core/nixpkgs.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }:
{
flake.modules.nixos.core = {
nixpkgs = {
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
overlays = builtins.attrValues inputs.self.overlays;
};
};
}

9
modules/nixos/core/security.nix Normal file
View File

@@ -0,0 +1,9 @@
{
flake.modules.nixos.core =
{ pkgs, ... }:
{
security = {
sudo.wheelNeedsPassword = false;
};
};
}

25
modules/nixos/core/sops.nix Normal file
View File

@@ -0,0 +1,25 @@
{ inputs, ... }:
{
flake.modules.nixos.core =
{
config,
pkgs,
...
}:
let
isEd25519 = k: k.type == "ed25519";
getKeyPath = k: k.path;
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops.age = {
sshKeyPaths = map getKeyPath keys;
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
environment.systemPackages = with pkgs; [ sops ];
};
}

38
modules/nixos/core/substituters.nix Normal file
View File

@@ -0,0 +1,38 @@
{
flake.modules.nixos.core = {
nix.settings = {
substituters = [
"https://cache.nixos.org?priority=10"
"https://anyrun.cachix.org"
"https://fufexan.cachix.org"
"https://helix.cachix.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://nix-gaming.cachix.org"
"https://yazi.cachix.org"
"https://nix-on-droid.cachix.org"
"https://lan-mouse.cachix.org"
"https://wezterm.cachix.org"
"https://cache.nixos-cuda.org"
];
trusted-substituters = [
"https://nix-on-droid.cachix.org"
"https://hyprland.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"fufexan.cachix.org-1:LwCDjCJNJQf5XD2BV+yamQIMZfcKWR9ISIFy5curUsY="
"helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k="
"nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU="
"lan-mouse.cachix.org-1:KlE2AEZUgkzNKM7BIzMQo8w9yJYqUpor1CAUNRY6OyM="
"wezterm.cachix.org-1:kAbhjYUC9qvblTE+s7S+kl5XM1zVa4skO+E/1IDWdH0="
"cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
];
};
};
}

51
modules/nixos/core/users.nix Normal file
View File

@@ -0,0 +1,51 @@
{
flake.modules.nixos.core =
{
pkgs,
lib,
config,
userName,
userEmail,
...
}:
let
hasPasswordSecret = lib.hasAttrByPath [ "sops" "secrets" "tux-password" ] config;
in
{
programs.zsh.enable = true;
time.timeZone = "Asia/Kolkata";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = lib.genAttrs [
"LC_ADDRESS"
"LC_IDENTIFICATION"
"LC_MEASUREMENT"
"LC_MONETARY"
"LC_NAME"
"LC_NUMERIC"
"LC_PAPER"
"LC_TELEPHONE"
"LC_TIME"
] (_: "en_IN");
};
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.${userName} = {
hashedPasswordFile = lib.mkIf hasPasswordSecret config.sops.secrets.tux-password.path;
initialPassword = lib.mkIf (!hasPasswordSecret) userName;
isNormalUser = true;
extraGroups = [
"networkmanager"
"wheel"
"storage"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D ${userEmail}"
];
};
};
};
}

13
modules/nixos/desktop/brave.nix Normal file
View File

@@ -0,0 +1,13 @@
{
flake.modules.nixos.desktop = {
environment.etc."/brave/policies/managed/brave-policies.json".text = builtins.toJSON {
TorDisabled = true;
BraveAIChatEnabled = false;
BraveRewardsDisabled = true;
BraveWalletDisabled = true;
BraveVPNDisabled = true;
BraveNewsDisabled = true;
BraveTalkDisabled = true;
};
};
}

11
modules/nixos/desktop/font.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
fonts.packages = with pkgs.nerd-fonts; [
fira-code
jetbrains-mono
bigblue-terminal
];
};
}

11
modules/nixos/desktop/hyprland.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
programs.hyprland = {
enable = true;
package = pkgs.hyprland-git.hyprland;
portalPackage = pkgs.hyprland-git.xdg-desktop-portal-hyprland;
};
};
}

10
modules/nixos/desktop/ly.nix Normal file
View File

@@ -0,0 +1,10 @@
{
flake.modules.nixos.desktop = {
services.displayManager.ly = {
enable = true;
settings = {
session_log = "null";
};
};
};
}

36
modules/nixos/desktop/mango.nix Normal file
View File

@@ -0,0 +1,36 @@
{
inputs,
...
}:
{
flake.modules.nixos.desktop =
{
pkgs,
lib,
...
}:
{
imports = [
inputs.mango.nixosModules.mango
];
programs.mango.enable = true;
xdg.portal = {
enable = lib.mkDefault true;
extraPortals = with pkgs; [
hyprland-git.xdg-desktop-portal-hyprland
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
config.mango = {
default = lib.mkForce [
"hyprland"
"gtk"
];
"org.freedesktop.impl.portal.ScreenCast" = lib.mkForce [ "hyprland" ];
"org.freedesktop.impl.portal.ScreenShot" = lib.mkForce [ "hyprland" ];
};
};
};
}

7
modules/nixos/desktop/misc.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ brightnessctl ];
};
}

15
modules/nixos/desktop/obs-studio.nix Normal file
View File

@@ -0,0 +1,15 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
programs.obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vaapi
wlrobs
obs-source-record
];
};
};
}

18
modules/nixos/desktop/thunar.nix Normal file
View File

@@ -0,0 +1,18 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
services = {
gvfs.enable = true;
tumbler.enable = true;
};
programs.thunar = {
enable = true;
plugins = with pkgs; [
thunar-archive-plugin
thunar-volman
];
};
};
}

7
modules/nixos/desktop/tpanel.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ tpanel ];
};
}

11
modules/nixos/gaming/steam.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.nixos.gaming =
{ pkgs, ... }:
{
programs.steam = {
enable = true;
protontricks.enable = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
};
};
}

13
modules/nixos/hardware/audio.nix Normal file
View File

@@ -0,0 +1,13 @@
{
flake.modules.nixos.hardware = {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
};
}

7
modules/nixos/hardware/bluetooth.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.modules.nixos.hardware = {
hardware.bluetooth = {
enable = true;
};
};
}

13
modules/nixos/hardware/graphics.nix Normal file
View File

@@ -0,0 +1,13 @@
{
flake.modules.nixos.hardware = {
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
enableAllFirmware = true;
usb-modeswitch.enable = true;
};
};
}

31
modules/nixos/networking/netbird-client.nix Normal file
View File

@@ -0,0 +1,31 @@
{
flake.modules.nixos.networking =
{
config,
lib,
hostName,
...
}:
with lib;
let
cfg = config.tnix.networking.netbird-client;
in
{
options.tnix.networking.netbird-client = {
enable = mkEnableOption "Enable netbird client";
};
config = mkIf cfg.enable {
services.netbird.clients = {
${hostName} = {
port = 51820;
login = {
enable = true;
setupKeyFile = config.sops.secrets.netbird-key.path;
};
bin.suffix = "";
};
};
};
};
}

76
modules/nixos/networking/ssh.nix Normal file
View File

@@ -0,0 +1,76 @@
{
flake.modules.nixos.networking =
{
config,
lib,
...
}:
with lib;
let
cfg = config.tnix.networking.openssh;
# Sops needs acess to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
options.tnix.networking.openssh = {
enable = mkEnableOption "Enable OpenSSH server";
ports = mkOption {
type = types.listOf types.port;
default = [ 22 ];
description = ''
Specifies on which ports the SSH daemon listens.
'';
};
};
config = mkIf cfg.enable {
programs.ssh.startAgent = true;
services.openssh = {
enable = true;
startWhenNeeded = true;
allowSFTP = true;
ports = cfg.ports;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AuthenticationMethods = "publickey";
PubkeyAuthentication = "yes";
ChallengeResponseAuthentication = "no";
UsePAM = false;
UseDns = false;
X11Forwarding = false;
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com"
"diffie-hellman-group-exchange-sha256"
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
};
hostKeys = [
{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
};
};
}

105
modules/nixos/services/cyber-tux.nix Normal file
View File

@@ -0,0 +1,105 @@
{
flake.modules.nixos.services =
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.tnix.services.cyber-tux;
in
{
options.tnix.services.cyber-tux = {
enable = mkEnableOption "CyberTux Discord bot";
user = mkOption {
type = types.str;
default = "cyber-tux";
description = "User under which the CyberTux service runs.";
};
group = mkOption {
type = types.str;
default = "cyber-tux";
description = "Group under which the CyberTux service runs.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/cyber-tux";
description = "Directory where CyberTux stores its data.";
};
environmentFile = mkOption {
type = types.path;
description = "Environment file containing the Discord bot token.";
};
};
config = mkIf cfg.enable {
systemd.services.cyber-tux = {
description = "CyberTux Discord bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = cfg.environmentFile;
ExecStart = getExe pkgs.cyber-tux;
Restart = "always";
RestartSec = 5;
WorkingDirectory = cfg.dataDir;
StateDirectory = baseNameOf cfg.dataDir;
StateDirectoryMode = "0700";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = [
"uts"
"ipc"
"pid"
"user"
"cgroup"
];
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0077";
};
};
users.users = mkIf (cfg.user == "cyber-tux") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "CyberTux service user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = mkIf (cfg.group == "cyber-tux") {
${cfg.group} = { };
};
};
};
}

118
modules/nixos/virtualisation/distrobox.nix Normal file
View File

@@ -0,0 +1,118 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
pkgs,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.distrobox = {
enable = lib.mkEnableOption "Enable DistroBox";
};
config = lib.mkIf cfg.distrobox.enable {
virtualisation.waydroid.enable = true;
environment.systemPackages = with pkgs; [
distrobox
(writeShellScriptBin "dbox-create" ''
#!/usr/bin/env bash
# 1. Initialize variables
IMAGE=""
NAME=""
# Array to hold optional arguments (like volumes)
declare -a EXTRA_ARGS
# 2. Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
-i|--image)
IMAGE="$2"
shift 2
;;
-n|--name)
NAME="$2"
shift 2
;;
-p|--profile)
echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
# Add volume flags to the array
EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
shift 1
;;
*)
echo "Unknown option $1"
exit 1
;;
esac
done
if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
echo "Usage: dbox-create -i <image> -n <name> [-p]"
exit 1
fi
# 3. Define the custom home path
CUSTOM_HOME="$HOME/Distrobox/$NAME"
echo "------------------------------------------------"
echo "Creating Distrobox: $NAME"
echo "Location: $CUSTOM_HOME"
echo "------------------------------------------------"
# 4. Run Distrobox Create
# We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
${pkgs.distrobox}/bin/distrobox create \
--image "$IMAGE" \
--name "$NAME" \
--home "$CUSTOM_HOME" \
"''${EXTRA_ARGS[@]}"
# Check exit code
if [ $? -ne 0 ]; then
echo "Error: Distrobox creation failed."
exit 1
fi
# 5. Post-Creation: Symlink Config Files
echo "--> Linking configurations to $NAME..."
# Helper function to symlink
link_config() {
SRC="$1"
DEST="$2"
DEST_DIR=$(dirname "$DEST")
# Create parent directory if it doesn't exist
mkdir -p "$DEST_DIR"
if [ -e "$SRC" ]; then
# ln -sf: symbolic link, force overwrite
ln -sf "$SRC" "$DEST"
echo " [LINK] $DEST -> $SRC"
else
echo " [SKIP] $SRC not found on host"
fi
}
# Create Symlinks
link_config "$HOME/.zshrc" "$CUSTOM_HOME/.zshrc"
link_config "$HOME/.zshenv" "$CUSTOM_HOME/.zshenv"
link_config "$HOME/.config/fastfetch" "$CUSTOM_HOME/.config/fastfetch"
link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
echo "--> Done! Enter via: distrobox enter $NAME"
'')
];
};
};
}

32
modules/nixos/virtualisation/docker.nix Normal file
View File

@@ -0,0 +1,32 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
pkgs,
userName,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.docker = {
enable = lib.mkEnableOption "Docker container runtime";
nvidia = {
enable = lib.mkEnableOption "NVIDIA Container Toolkit for Docker";
};
};
config = lib.mkIf cfg.docker.enable {
virtualisation = {
oci-containers.backend = "docker";
docker.enable = true;
};
hardware.nvidia-container-toolkit.enable = lib.mkIf cfg.docker.nvidia.enable true;
environment.systemPackages = with pkgs; [ lazydocker ];
users.users.${userName}.extraGroups = [ "docker" ];
};
};
}

38
modules/nixos/virtualisation/qemu.nix Normal file
View File

@@ -0,0 +1,38 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
pkgs,
userName,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.qemu = {
enable = lib.mkEnableOption "QEMU/KVM virtualization with libvirtd";
};
config = lib.mkIf cfg.qemu.enable {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
};
};
spiceUSBRedirection.enable = true;
};
users.users.${userName}.extraGroups = [ "libvirtd" ];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
];
};
};
}

20
modules/nixos/virtualisation/waydroid.nix Normal file
View File

@@ -0,0 +1,20 @@
{
flake.modules.nixos.virtualisation =
{
config,
lib,
...
}:
let
cfg = config.tnix.virtualisation;
in
{
options.tnix.virtualisation.waydroid = {
enable = lib.mkEnableOption "Waydroid Android container";
};
config = lib.mkIf cfg.waydroid.enable {
virtualisation.waydroid.enable = true;
};
};
}