tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-06-21 11:46:32 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:dev
Branches Tags
tux:main tux:dev tux:old
tux:25.11.2025
..
compare: tux:3b84a32dabe782c828f42c9179d7579afb0acbc5
Branches Tags
tux:dev tux:main tux:old
tux:25.11.2025

1 Commits
dev ... 3b84a32dab

Author SHA1 Message Date
tux
3b84a32dab chore: update tpanel flake input 2025-09-28 05:14:18 +05:30
301 changed files with 7577 additions and 5038 deletions
Expand all files Collapse all files

32
.sops.yaml
View File

@@ -3,12 +3,26 @@ keys:
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts - &hosts
- &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc - &sirius age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
- &canopus age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an - &canopus age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
- &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy - &homelab age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
- &alpha age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
- &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
- &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
- &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
creation_rules: creation_rules:
- path_regex: hosts/common/secrets.yaml$
key_groups:
- age:
- *tux
- *sirius
- *canopus
- *homelab
- *arcturus
- *alpha
- *vega
- *capella
- path_regex: hosts/sirius/secrets.yaml$ - path_regex: hosts/sirius/secrets.yaml$
key_groups: key_groups:
- age: - age:
@@ -29,3 +43,13 @@ creation_rules:
- age: - age:
- *tux - *tux
- *alpha - *alpha
- path_regex: hosts/capella/secrets.yaml$
key_groups:
- age:
- *tux
- *capella
- path_regex: hosts/homelab/secrets.yaml$
key_groups:
- age:
- *tux
- *homelab

152
README.md
View File

@@ -22,132 +22,48 @@
## Hosts ## Hosts
| | Hostname | Board | CPU | RAM | GPU | Purpose | | | Hostname | Board | CPU | RAM | GPU | Purpose |
| --- | ---------- | ----------------- | ------------------ | ----- | ------------------------- | -------------------------------------------------------------------------------- | | --- | ---------- | ----------------- | ------------------ | ---- | ------------------------- | ---------------------------------------------------------------------------------- |
| 🖥️ | `sirius` | MSI X570-A Pro | Ryzen 7 5700X3D | 64GB | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux. | | 🖥️ | `sirius` | MSI X570-A Pro | Ryzen 7 5700X3D | 64GB | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux. |
| 💻 | `canopus` | Asus Zephyrus G15 | Ryzen 9 5900HS | 16GB | RTX 3060 | Optimized for productivity on the go and some gaming. | | 💻 | `canopus` | Asus Zephyrus G15 | Ryzen 9 5900HS | 16GB | RTX 3060 | Optimized for productivity on the go and some gaming. |
| ☁️ | `homelab` | Minisforum MS-A1 | Ryzen 7 8700G | 32GB | Radeon 780M | WIP | | ☁️ | `homelab` | Minisforum MS-A1 | Ryzen 7 8700G | 32GB | Radeon 780M | WIP |
| ☁️ | `arcturus` | KVM | 4 Core | 8GB | | Primary server responsible for exposing my homelab applications to the internet. | | ☁️ | `arcturus` | KVM | 4 Core | 8GB | | Primary server responsible for exposing my homelab applications to the internet. |
| ☁️ | `alpha` | KVM | 4 Core | 4GB | | Monitors uptime and health status of all services across the infrastructure. | | ☁️ | `alpha` | KVM | 4 Core | 4GB | | Monitors uptime and health status of all services across the infrastructure. |
| 🥔 | `vega` | Raspberry Pi 3B+ | Cortex A53 | 1GB | | Running AdGuard Home for network-wide ad blocking. | | 🥔 | `vega` | Raspberry Pi 3B+ | Cortex A53 | 1GB | | Running AdGuard Home for network-wide ad blocking. |
| 📱 | `capella` | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB | Adreno 830 | Primary mobile for daily usage. (Locked) | | 📱 | `capella` | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB | Adreno 830 | Primary mobile for daily usage. (Locked) |
| 📱 | `rigel` | Motorola Edge 30 | Snapdragon 778G+ | 8GB | Adreno 642L | Secondary mobile for some fun. (Rooted) | | 📱 | `rigel` | Motorola Edge 30 | Snapdragon 778G+ | 8GB | Adreno 642L | Secondary mobile for some fun. (Rooted) |
| ☁️ | `node` | ASRock B565D4 | Ryzen 9 5950X | 128GB | | Running Ethereum and BSC nodes. | | ☁️ | `node` | KVM | i9-13900 | 64GB | | Running Ethereum and BSC nodes. Currently in the process of migrating from Ubuntu. |
## Installation ## Installation
> [!NOTE] Boot into NixOS bootable USB and then enter the following commands
> This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.
### Prerequisites ```
# Clone this repositry
Boot into the NixOS bootable USB before proceeding with the installation steps.
### Installation Steps
#### 1. Clone the repository
```bash
git clone https://github.com/tuxdotrs/nix-config.git git clone https://github.com/tuxdotrs/nix-config.git
# Navigate to the repository directory
cd nix-config cd nix-config
```
#### 2. Gain root privileges # Install disko for disk partitioning
nix-shell -p disko
```bash # Partition the disk and make sure to replace DISK_PATH (eg. /dev/vda)
sudo su
```
#### 3. Set up disk partitioning
Install the required tools:
```bash
nix-shell -p disko neovim
```
Partition your disk using disko. **This will wipe your drive.** Replace `DISK_PATH` with your actual disk path (e.g., `/dev/vda` or `/dev/nvme0n1`):
```bash
disko --mode disko ./hosts/canopus/disko.nix --arg device '"DISK_PATH"' disko --mode disko ./hosts/canopus/disko.nix --arg device '"DISK_PATH"'
```
#### 4. Configure your disk # Generate the hardware.nix file for your system
Edit the configuration file:
```bash
nvim ./hosts/canopus/default.nix
```
In the imports statement, replace:
```nix
(import ./disko.nix {device = "/dev/nvme0n1";})
```
with:
```nix
(import ./disko.nix {device = "DISK_PATH";})
```
Make sure to replace `DISK_PATH` with your actual disk path.
#### 5. Generate hardware configuration
```bash
nixos-generate-config --no-filesystems --root /mnt nixos-generate-config --no-filesystems --root /mnt
```
Copy the generated hardware configuration to the repository: # Replace the hardware.nix with generated one
```bash
cp /mnt/etc/nixos/hardware-configuration.nix ./hosts/canopus/hardware.nix cp /mnt/etc/nixos/hardware-configuration.nix ./hosts/canopus/hardware.nix
```
#### 6. Install NixOS # Install
```bash
nixos-install --root /mnt --flake .#canopus nixos-install --root /mnt --flake .#canopus
```
#### 7. Enter into the new system # Reboot to your beautiful DE
```bash
nixos-enter --root /mnt
```
#### 8. Set up directories and permissions
```bash
mkdir -p /persist/home
chown -R tux:users /persist/home
```
#### 9. Set passwords
Set the root password:
```bash
passwd root
```
Set the user password:
```bash
passwd tux
```
#### 10. Reboot
```bash
reboot reboot
``` ```
Your NixOS system should now boot into a beautiful DE.
## Components ## Components
| | Wayland | Xorg | | | Wayland | Xorg |
@@ -155,30 +71,16 @@ Your NixOS system should now boot into a beautiful DE.
| DM | ly | ly | | DM | ly | ly |
| WM/DE | Hyprland | AwesomeWM | | WM/DE | Hyprland | AwesomeWM |
| Compositor | Hyprland | Picom (Jonaburg) | | Compositor | Hyprland | Picom (Jonaburg) |
| Bar | tPanel | Wibar | | Bar | AGS | Wibar |
| Hotkeys | Hyprland | Awful | | Hotkeys | Hyprland | Awful |
| Launcher | tPanel | Rofi | | Launcher | AGS | Rofi |
| Notifications | tPanel | Naughty | | Notifications | AGS | Naughty |
| Terminal | Wezterm | Wezterm | | Terminal | Wezterm | Wezterm |
| Editor | Neovim | Neovim | | Editor | Neovim | Neovim |
## Showcase ## Showcase
### Desktop Hyprland ### Desktop
![Desktop](https://raw.githubusercontent.com/tuxdotrs/nix-config/refs/heads/main/assets/hyprland/desktop.png)
### tPanel
![tPanel](https://raw.githubusercontent.com/tuxdotrs/nix-config/refs/heads/main/assets/hyprland/tPanel.png)
### Workflow
![Workflow](https://raw.githubusercontent.com/tuxdotrs/nix-config/refs/heads/main/assets/hyprland/workflow.png)
## Showcase
### Desktop AwesomeWM
![2024-08-08_18-33](https://github.com/user-attachments/assets/1cdcc387-0f68-486c-a76c-a36ad2acb78d) ![2024-08-08_18-33](https://github.com/user-attachments/assets/1cdcc387-0f68-486c-a76c-a36ad2acb78d)

0
assets/awesomeWM/desktop.png → assets/desktop.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.2 MiB

After

Width:  |  Height:  |  Size: 3.2 MiB

0
assets/awesomeWM/firefox.png → assets/firefox.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.6 MiB

After

Width:  |  Height:  |  Size: 2.6 MiB

0
assets/awesomeWM/floating-term-neovim.png → assets/floating-term-neovim.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 439 KiB

After

Width:  |  Height:  |  Size: 439 KiB

BIN
assets/hyprland/desktop.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.6 MiB

BIN
assets/hyprland/tPanel.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 MiB

BIN
assets/hyprland/workflow.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 642 KiB

0
assets/awesomeWM/lazygit.png → assets/lazygit.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 487 KiB

After

Width:  |  Height:  |  Size: 487 KiB

0
assets/awesomeWM/neovim.png → assets/neovim.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 559 KiB

After

Width:  |  Height:  |  Size: 559 KiB

0
assets/awesomeWM/telescope.png → assets/telescope.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 574 KiB

After

Width:  |  Height:  |  Size: 574 KiB

0
assets/awesomeWM/workflow.png → assets/workflow.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 645 KiB

After

Width:  |  Height:  |  Size: 645 KiB

1588
flake.lock generated Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

189
flake.nix Normal file → Executable file
View File

@@ -1,67 +1,170 @@
{ {
description = "tux's nix configurations"; description = "tux's Nix Flake";
outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules); outputs = {
self,
nixpkgs,
deploy-rs,
...
} @ inputs: let
inherit (self) outputs;
inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (inputs.nix-on-droid.lib) nixOnDroidConfiguration;
forAllSystems = nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
];
username = "tux";
email = "t@tux.rs";
inputs = { mkNixOSConfig = host: {
flake-parts = { specialArgs = {inherit inputs outputs username email;};
url = "github:hercules-ci/flake-parts"; modules = [./hosts/${host}];
inputs.nixpkgs-lib.follows = "nixpkgs";
}; };
mkDroidConfig = host: {
pkgs = import nixpkgs {system = "aarch64-linux";};
extraSpecialArgs = {inherit inputs outputs username email;};
modules = [./hosts/${host}];
};
mkNixOSNode = hostname: {
inherit hostname;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname};
};
};
activateNixOnDroid = configuration:
deploy-rs.lib.aarch64-linux.activate.custom
configuration.activationPackage
"${configuration.activationPackage}/activate";
mkDroidNode = hostname: {
inherit hostname;
profiles.system = {
sshUser = "nix-on-droid";
user = "nix-on-droid";
magicRollback = true;
sshOpts = ["-p" "8033"];
path = activateNixOnDroid self.nixOnDroidConfigurations.${hostname};
};
};
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
# Custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;};
# NixOS configuration entrypoint
# 'nixos-rebuild switch --flake .#your-hostname'
nixosConfigurations = {
arcturus = nixosSystem (mkNixOSConfig "arcturus");
canopus = nixosSystem (mkNixOSConfig "canopus");
alpha = nixosSystem (mkNixOSConfig "alpha");
sirius = nixosSystem (mkNixOSConfig "sirius");
vega = nixosSystem (mkNixOSConfig "vega");
vps = nixosSystem (mkNixOSConfig "vps");
isoImage = nixosSystem (mkNixOSConfig "isoImage");
homelab = nixosSystem (mkNixOSConfig "homelab");
};
# NixOnDroid configuration entrypoint
# 'nix-on-droid switch --flake .#your-hostname'
nixOnDroidConfigurations = {
capella = nixOnDroidConfiguration (mkDroidConfig "capella");
rigel = nixOnDroidConfiguration (mkDroidConfig "rigel");
};
deploy = {
nodes = {
arcturus = mkNixOSNode "arcturus";
canopus = mkNixOSNode "canopus";
alpha = mkNixOSNode "alpha";
sirius = mkNixOSNode "sirius";
vega = mkNixOSNode "vega";
homelab = mkNixOSNode "homelab";
capella = mkDroidNode "capella";
rigel = mkDroidNode "rigel";
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/release-24.11";
nixos-wsl = {
url = "github:nix-community/nixos-wsl";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-vscode-extensions = {
disko = { url = "github:nix-community/nix-vscode-extensions";
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
tnvim = {
url = "github:tuxdotrs/tnvim";
inputs.nixpkgs.follows = "nixpkgs";
};
tpanel = {
url = "github:tuxdotrs/tpanel";
inputs.nixpkgs.follows = "nixpkgs";
};
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = { wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix"; url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = {
vicinae-extensions = { url = "github:nix-community/disko";
url = "github:vicinaehq/extensions";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-secrets = {
mango = { url = "git+ssh://git@github.com/tuxdotrs/nix-secrets.git?shallow=1";
url = "github:DreamMaoMao/mango";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-on-droid = {
import-tree.url = "github:vic/import-tree"; url = "github:nix-community/nix-on-droid/release-24.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.follows = "nixpkgs";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11-small"; inputs.home-manager.follows = "home-manager";
};
tawm = {
url = "github:tuxdotrs/tawm";
inputs.nixpkgs.follows = "nixpkgs";
};
tnvim = {
url = "github:tuxdotrs/tnvim";
inputs.nixpkgs.follows = "nixpkgs";
};
trok = {
url = "github:tuxdotrs/trok";
inputs.nixpkgs.follows = "nixpkgs";
};
tpanel = {
url = "github:tuxdotrs/tpanel";
inputs.nixpkgs.follows = "nixpkgs";
};
tfolio = {
url = "git+ssh://git@github.com/tuxdotrs/tfolio.git";
inputs.nixpkgs.follows = "nixpkgs";
};
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland.url = "github:hyprwm/Hyprland";
hyprland-plugins = {
url = "github:hyprwm/hyprland-plugins";
inputs.hyprland.follows = "hyprland";
};
ghostty.url = "github:ghostty-org/ghostty";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs-f2k.url = "github:moni-dz/nixpkgs-f2k";
nur.url = "github:nix-community/nur";
sops-nix.url = "github:Mic92/sops-nix";
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix.url = "github:Mic92/sops-nix";
treefmt-nix.url = "github:numtide/treefmt-nix";
lan-mouse.url = "github:feschber/lan-mouse";
hyprland.url = "github:hyprwm/Hyprland";
awww.url = "git+https://codeberg.org/LGFae/awww";
nixcord.url = "github:kaylorben/nixcord"; nixcord.url = "github:kaylorben/nixcord";
nur.url = "github:nix-community/nur";
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
}; };
} }

163
hosts/alpha/default.nix Normal file
View File

@@ -0,0 +1,163 @@
{
modulesPath,
inputs,
username,
lib,
email,
config,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/vda";})
../common
../../modules/nixos/selfhosted/uptime-kuma.nix
];
tux.services.openssh.enable = true;
tux.services.openssh.ports = [23];
tux.services.tfolio.enable = true;
tux.services.nginxStreamProxy = {
enable = true;
upstreamServers = inputs.nix-secrets.proxy-servers;
};
sops.secrets = {
borg_encryption_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
};
nixpkgs = {
hostPlatform = "x86_64-linux";
};
boot = {
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
};
};
networking = {
hostName = "alpha";
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 23];
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = "${email}";
certs = {
"tux.rs" = {
group = "nginx";
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
services = {
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
programs = {
zsh.enable = true;
dconf.enable = true;
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/acme"
"/var/lib/nixos"
"/var/lib/private"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

53
hosts/alpha/disko.nix Normal file
View File

@@ -0,0 +1,53 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

12
hosts/alpha/home.nix Normal file
View File

@@ -0,0 +1,12 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
".ssh"
".local/share/zsh"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

28
hosts/alpha/secrets.yaml Normal file
View File

@@ -0,0 +1,28 @@
borg_encryption_key: ENC[AES256_GCM,data:EK1f7J4ea80K7LO16pPmkh246xmXoJEiCKzPbiRCmjQ=,iv:3vae+IAAgDx+0NPgml07kbT9kc4RpzDd1oj2Qb6ZqdM=,tag:aXj3IwzfeQ8+tGjSpq76bw==,type:str]
cloudflare_credentials:
email: ENC[AES256_GCM,data:w9ghChGxgV7OVeM=,iv:Qtl/pMmXGjhZ9dMRkxeyEDncGfY/YPy51eJrZ6mOgGg=,tag:oi7OoTf4TnUknblZ3lPDzQ==,type:str]
dns_api_token: ENC[AES256_GCM,data:lMoqQs9MZ646ESJUxN2dtIopNS8P55JARk6wyfaJ8ad9ABvk268oWQ==,iv:Ez4y/kKPsRuIH9mEcpS3IU4j3kK8F6iBBFOnIf9Ck60=,tag:7I0eE8PoohH9KtiHziagrg==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NjIrVVlPVW9qTU9vMlMw
K3BtRHZaS0h0WmlmMjF3YjhHSFZtNmFzdjNZCjRKQ0UwWTc2L3NOY1AyZnR2K2hF
QkQ4blQvd0paRHd6c3dWaU5XbmV4S28KLS0tIExtWnR0djB5WU9lajVJeU5udlBQ
eDlMemQ1c1FkazlRaDhPUzNBcVh2bWsK544MNSGooJPKL7hxQ+yvPRROw3RER7p8
jbUVxMp4ZD/0ut/qFrKdyvfSPDcDkUR5eBoeaeUBkMAAPL+YeIxKhQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWlN0bWNMZTlMM3Mvdmdn
M2M1RzBaNUl3Qkc4Sm5QbmE3cFpuODBNakZzCk9SbjBvM25pK2pGdmRqMXd4eTJu
ZU8vTmtSN1RYK2RmQ01QempKUG43eHMKLS0tIHVINVgvNTluS1grSm1YSHkzalMx
SGM4ditJZFducVNEaDlJSkhuUnpxQzAKvvHbDuTQUpW+O/qtgjAFZlYc4iRRj4G1
BP/QyzuTnpP6PuAG9pJYHx164+uS2Ftog/QnCFD0YAJdJtxaoUHzOw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-09T19:44:56Z"
mac: ENC[AES256_GCM,data:1sXY3aEfbsit5hGBdE7x0pbdSLnW67NRNNDTEjS1fI85TaPpMmcgrxxvEDsg1A6psRMdBwFMUIVHH/rf4rkZ9tXSmHZBFTZrTQGn09bPF9yNC0MnJXKkcNcQiQJveg986LMWFwT/WE8PWbeDh7o+ASJF+IgT+5ikq8DMBgoyK/E=,iv:Ssy66et65Oq2WwbF12ubLGk87bSv/KSruf49T7v04NY=,tag:Y89PxwRFlJUBZniS2clybw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

217
hosts/arcturus/default.nix Normal file
View File

@@ -0,0 +1,217 @@
{
modulesPath,
inputs,
username,
lib,
email,
config,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/vda";})
../common
../../modules/nixos/virtualisation/docker.nix
../../modules/nixos/selfhosted/postgresql.nix
../../modules/nixos/selfhosted/headscale.nix
../../modules/nixos/selfhosted/vaultwarden.nix
../../modules/nixos/selfhosted/gitea.nix
../../modules/nixos/selfhosted/plausible.nix
../../modules/nixos/selfhosted/monitoring/grafana.nix
../../modules/nixos/selfhosted/monitoring/loki.nix
../../modules/nixos/selfhosted/monitoring/promtail.nix
../../modules/nixos/selfhosted/ntfy-sh.nix
../../modules/nixos/selfhosted/searx.nix
../../modules/nixos/selfhosted/wakapi.nix
../../modules/nixos/selfhosted/nextcloud.nix
../../modules/nixos/selfhosted/silver-bullet.nix
../../modules/nixos/selfhosted/rustdesk-server.nix
../../modules/nixos/selfhosted/kasmweb.nix
../../modules/nixos/selfhosted/open-webui.nix
../../modules/nixos/selfhosted/glance
];
tux.services.openssh.enable = true;
sops.secrets = {
borg_encryption_key = {
sopsFile = ./secrets.yaml;
};
searx_secret_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
plausible_key = {
sopsFile = ./secrets.yaml;
};
wakapi_salt = {
sopsFile = ./secrets.yaml;
};
nextcloud_password = {
sopsFile = ./secrets.yaml;
owner = "nextcloud";
};
silver_bullet = {
sopsFile = ./secrets.yaml;
};
"cs2_secrets/SRCDS_TOKEN" = {
sopsFile = ./secrets.yaml;
};
"cs2_secrets/CS2_RCONPW" = {
sopsFile = ./secrets.yaml;
};
"cs2_secrets/CS2_PW" = {
sopsFile = ./secrets.yaml;
};
};
nixpkgs = {
hostPlatform = "x86_64-linux";
};
boot = {
kernel.sysctl = {
"vm.swappiness" = 10;
};
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
configurationLimit = 10;
};
timeout = 1;
};
};
networking = {
hostName = "arcturus";
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 3333 8081];
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = "${email}";
certs = {
"tux.rs" = {
group = "nginx";
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
services = {
nginx = {
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/acme"
"/var/lib/postgresql"
"/var/lib/headscale"
"/var/lib/vaultwarden"
"/var/lib/gitea"
"/var/lib/clickhouse"
"/var/lib/grafana"
"/var/lib/promtail"
"/var/lib/private"
"/var/lib/nextcloud"
"/var/lib/silverbullet"
"/var/lib/kasmweb"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

53
hosts/arcturus/disko.nix Normal file
View File

@@ -0,0 +1,53 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

13
hosts/arcturus/home.nix Normal file
View File

@@ -0,0 +1,13 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
"Stuff"
".ssh"
".local/share/zsh"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

42
hosts/arcturus/secrets.yaml Normal file
View File

@@ -0,0 +1,42 @@
borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str]
searx_secret_key: ENC[AES256_GCM,data:Z49PJ2gNI5CI0IfzOta+r67VNUvjoPpMVv5lajGhUMPzSy1KWZC5wIM3d02jWwCOsNjXdU5hE3j9W0rkoy5ZhFPXBJRUEv5b6IcaLA==,iv:364zGZkD2LO189nkvizl8yjedi1IgYEEQMA67SexSSI=,tag:qPqefG6jUaBOpUy6d7E++w==,type:str]
plausible_key: ENC[AES256_GCM,data:Ynf2aJ6RLRdAkT9ltLpCXTl8zg/VESDchlf67PmKjc93rSfDgq9tFqv1q55Km2lDo7y9iLu5WyLLg24CSSwy8Q==,iv:yW5hgP4dhfkvunv3iYmXGEH9w29OOmrG4ourPagslVg=,tag:C5PVfEseP5gJdoQQL4gERQ==,type:str]
wakapi_salt: ENC[AES256_GCM,data:Vk5Lezv0f/0ehHqXXBCsQxWFYE2KFujTfII0r7Gd1BXFrwiPEdX62aZ+9LQx7s1RTHh0n+LP/5t0cmHO/fJhGw==,iv:ZUlRwNXUCQ53Lymi9fO4qoBWjLpHVWfTnYM0Z1I6F5o=,tag:dadkEKV7paH4+qAz7Bxxqg==,type:str]
cloudflare_credentials:
email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str]
dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str]
nextcloud_password: ENC[AES256_GCM,data:o37mq4YHQT5pbi+cXrk=,iv:8HiDwdHTozNM2lHpgqVhdsspuifppsL2I6Z31xEnYFI=,tag:xTnfn8HcubfiQwLYIkpxjw==,type:str]
silver_bullet: ENC[AES256_GCM,data:waEPGskjkkdX98PKzgZG1bzS+NwL6GR8kok=,iv:8a8IeXla8XSHFzjKcVY3QYUK5aFk2kPHVIRvs1y7So0=,tag:p++o6wvLtG5DbDmUusRQLg==,type:str]
cs2_secrets:
SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TGpVMzNDZjNQSkNDQmM3
eXpvZDRPZW9Kbm81Z2VVUVZIckFNUC9zTEZzCmliUkNWS01YMHVRaUoxTS84VmxQ
UDZtbkhmZmdZVWVsaHN3djkwSERGQ1kKLS0tIEh0ckhDTkQvcEM0UFI2MUVXVHI5
WnhEdnRqazdZWmczYXYxNy9BMHdwdEUKYgB34OOezF3iF706pIfDmQ0FJEHXBbGF
EJRNmA4Zl1AwyzkN3NSlctzvxx201T1GWL4qZeyVafRv5jQ9oSfK7g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHeXNrT3c1bENOK0lNZWNT
eFBqYm1BRHBhakFQMVVIKzR0SDRDOW9jUXdBCmFIQWZRSnBlOFBralVFakQ2clNY
Q1Nma0pRVHh4L3IwQm1GbTdqb1BUcWsKLS0tIFRQOVIxb1FRc29WSVVERWsxSDhq
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T12:59:25Z"
mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

417
hosts/canopus/default.nix Executable file
View File

@@ -0,0 +1,417 @@
{
inputs,
username,
pkgs,
lib,
config,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/nvme0n1";})
./hardware.nix
../common
../../modules/nixos/desktop
../../modules/nixos/desktop/awesome
../../modules/nixos/desktop/hyprland
../../modules/nixos/virtualisation
../../modules/nixos/steam.nix
];
tux.services.openssh.enable = true;
nixpkgs.config.cudaSupport = true;
sops.secrets = {
hyperbolic_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
gemini_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
open_router_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
};
networking = {
hostName = "canopus";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [
80
443
22
3000
6666
8081
];
# Facilitate firewall punching
allowedUDPPorts = [41641];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
};
};
boot = {
binfmt.emulatedSystems = ["aarch64-linux"];
plymouth = {
enable = true;
theme = "spinner-monochrome";
themePackages = [
(pkgs.plymouth-spinner-monochrome.override {inherit (config.boot.plymouth) logo;})
];
};
kernelParams = [
"quiet"
"loglevel=3"
"systemd.show_status=auto"
"udev.log_level=3"
"rd.udev.log_level=3"
"vt.global_cursor_default=0"
];
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
supportedFilesystems = ["ntfs"];
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
timeout = 1;
};
};
hardware = {
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
graphics.enable32Bit = true;
};
security = {
polkit.enable = true;
rtkit.enable = true;
};
systemd = {
enableEmergencyMode = false;
user = {
services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = ["graphical-session.target"];
wants = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
};
programs = {
ssh.startAgent = true;
xfconf.enable = true;
file-roller.enable = true;
thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
};
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
};
nm-applet.enable = true;
noisetorch.enable = true;
};
services = {
fwupd.enable = true;
fstrim.enable = true;
resolved.enable = true;
flatpak.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
logind = {
settings.Login = {
HandlePowerKey = "suspend";
HanldeLidSwitch = "suspend";
HandleLidSwitchExternalPower = "suspend";
};
};
xrdp = {
enable = true;
openFirewall = true;
defaultWindowManager = "awesome";
audio.enable = true;
};
syncthing = {
enable = true;
user = "tux";
dataDir = "/home/tux/";
openDefaultPorts = true;
};
xserver = {
enable = true;
xkb = {
layout = "in";
variant = "eng";
};
};
libinput.touchpad.naturalScrolling = true;
# To use Auto-cpufreq we need to
# disable TLP because it's enabled by nixos-hardware
tlp.enable = false;
auto-cpufreq = {
enable = true;
settings = {
battery = {
platform_profile = "balanced";
governor = "powersave";
energy_performance_preference = "performance";
turbo = "never";
scaling_min_freq = 400000;
scaling_max_freq = 3800000;
};
charger = {
platform_profile = "performance";
governor = "performance";
energy_performance_preference = "performance";
turbo = "auto";
scaling_min_freq = 400000;
scaling_max_freq = 3800000;
};
};
};
blueman.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
enableUserService = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 100,
panel_od: false,
mini_led_mode: false,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_policy_on_battery: Quiet,
platform_policy_on_ac: Quiet,
ppt_pl1_spl: None,
ppt_pl2_sppt: None,
ppt_fppt: None,
ppt_apu_sppt: None,
ppt_platform_sppt: None,
nv_dynamic_boost: None,
nv_temp_target: None,
)
'';
profileConfig.text = ''
(
active_profile: Balanced,
)
'';
fanCurvesConfig.text = ''
(
profiles: (
balanced: [
(
fan: CPU,
pwm: (2, 22, 45, 68, 91, 153, 153, 153),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: true,
),
(
fan: GPU,
pwm: (2, 25, 48, 71, 94, 165, 165, 165)
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: true,
),
],
performance: [
(
fan: CPU,
pwm: (35, 68, 79, 91, 114, 175, 175, 175),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: true,
),
(
fan: GPU,
pwm: (35, 71, 84, 94, 119, 188, 188, 188),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: true,
),
],
quiet: [
(
fan: CPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 90),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
(
fan: GPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 84),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
],
custom: [],
),
)
'';
};
gvfs.enable = true;
tumbler.enable = true;
# @FIX gnome gcr agent conflicts with programs.ssh.startAgent;
# gnome.gnome-keyring.enable = true;
tailscale = {
enable = true;
extraUpFlags = ["--login-server https://hs.tux.rs"];
};
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
};
fonts.packages = with pkgs.nerd-fonts; [
fira-code
jetbrains-mono
bigblue-terminal
];
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/tailscale"
"/var/lib/nixos"
"/var/lib/docker"
"/var/lib/waydroid"
"/var/lib/iwd"
"/etc/NetworkManager/system-connections"
];
files = [
# "/etc/machine-id"
"/etc/ly/save.ini"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

48
hosts/canopus/disko.nix Normal file
View File

@@ -0,0 +1,48 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

26
hosts/canopus/hardware.nix Executable file
View File

@@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

126
hosts/canopus/home.nix Normal file
View File

@@ -0,0 +1,126 @@
{
pkgs,
username,
...
}: {
imports = [
../../modules/home/desktop/awesome
../../modules/home/desktop/hyprland
../../modules/home/picom
../../modules/home/alacritty
../../modules/home/wezterm
../../modules/home/ghostty
../../modules/home/desktop/rofi
../../modules/home/barrier
../../modules/home/firefox
../../modules/home/brave
../../modules/home/vs-code
../../modules/home/zed
../../modules/home/mopidy
../../modules/home/thunderbird
../../modules/home/easyeffects
../../modules/home/discord
../../modules/home/kdeconnect
../../modules/home/obs-studio
../../modules/home/spotify
];
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
};
qt = {
enable = true;
platformTheme.name = "gtk";
style = {
name = "adwaita-dark";
package = pkgs.adwaita-qt;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
services.flameshot = {
enable = true;
package = pkgs.flameshot.override {enableWlrSupport = true;};
settings = {
General = {
useGrimAdapter = true;
};
};
};
home.packages = with pkgs; [
telegram-desktop
anydesk
stable.rustdesk-flutter
rawtherapee
stable.beekeeper-studio
libreoffice-qt
spotify
# @TODO Enable when qt5 webengine patched
# https://github.com/NixOS/nixpkgs/blob/b599843bad24621dcaa5ab60dac98f9b0eb1cabe/pkgs/development/libraries/qt-5/modules/qtwebengine.nix#L466
# stremio
galaxy-buds-client
copyq
vlc
tor-browser
distrobox
bluetui
impala
];
home.persistence."/persist/home/${username}" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
"go"
".mozilla"
".ssh"
".wakatime"
".rustup"
".cargo"
".cache/spotify-player"
".config/BraveSoftware"
".config/copyq"
".config/discord"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/rustdesk"
".config/kdeconnect"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/share/Smart\ Code\ ltd"
".local/share/GalaxyBudsClient"
".local/share/TelegramDesktop"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
".config/aichat/.env"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

27
hosts/canopus/secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
hyperbolic_api_key: ENC[AES256_GCM,data:FjDSbdutLa9hnVGRR+k2MznVfDGAx1/rNfjY/vaBuvKoBRj7aHqGpQ1cvhfxjyLMqPLqLnmimEtZeykvgkIIjKGzw5PewE23+lrN3oQyoYJvK+b8PRStjSaxOfzOnuLXi+YVnsU939nStLwnmSYKDabNWgFcWYsHwtHDafuWyovM9sVwasTn,iv:bxseG6GLKBL/CJOS8SrhgiLEyvMGSNQIMJSYLk2MqEo=,tag:4wxmkUwlcu23d7pMHbvIoQ==,type:str]
gemini_api_key: ENC[AES256_GCM,data:HiseQDB9nJBynCvdqLx0NcJZHB71uEvBlA3l/Lw2EMHFUXSHqPoS,iv:4C5EGUdfwxhT6ExDYNcbc+MFE+rGvLRsZjbo9L/o/Eo=,tag:hvaODOzhFoywgsXZSQKeKA==,type:str]
open_router_api_key: ENC[AES256_GCM,data:DMQojeQymXckIHj7O+CIucvMzhyLXEYt4VJNkpbJj8OnBlXlm46m75i2IL+SduzzOfH3GdGI8/5JcnXbt76M/2DFemYi6CcgrQ==,iv:OBTREDwI+aOXg5TNdU6rVilQnAngn0vuW2nIrGGozm4=,tag:P+2C+0IfjZqKBD/B+FR09Q==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUnhkNzR0TnNzL29xV3cv
R3lqYUtVWWlNOVFTZHhTMWJZL1ZJUDIxaG0wCnIvQnkxSWJxWTZYVEkvS1ZWSEhk
YmhuK2JtS3lmUjV6MW50SGZrTnpkeDAKLS0tIDkvbk5abnhkNlA0dmgwV0Z0L1BS
UUduZUV3OGcvaFdBOFFsc0xzVCtQcUUKrmZvR2onMD0snqPw8okxaK6Tz5sA/cmR
1ZczgwLslJA7kwGKYOslUGA7aGB4jyP+M74wBAVa71BqWatypp0RfA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEOE0xbDN0UmdVdE1DR1lo
dmNudDk2TjNQdHFGc0lJTSt0dVVRU3BPRlg0ClV1ZUdxRVNpSmhYQm80QjdhdFc5
SVI4bi93WDBDWHQvejJIV21Bc2NsMjgKLS0tIEduZ2hHSnI3UXlGU2ZFZkpTRDJo
K0tiZ0swMmpuVW02OHMrRThlOXBWUjQKYHyJZuvQABh+gJ+THQ5SakVEqsKkyBMb
k6KnjRATpdZlmm0GjbD4aasF/j/V2fuH327Z72jPWQuI1y5ZfbDhSg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-18T10:09:49Z"
mac: ENC[AES256_GCM,data:EWSA3CNDLUiY9ClcvadRNREanBnZ7DMDcPG0cXFaoHQ+YwK0o0lTX6g03CqEoanApWMWHljV7Yc44n1+KIMCHok+3KmjesmpmhvVVJqEO5fiqqtKR2OAaqIWZ2u7yvHdIvajoI5xaE7CTOHStf5dZHuIoWQYGx9Qxu0PycL7E/0=,iv:c8wQtWbUM7mLmh8OwZYsm8ZnubSEYMrXhf9IQDhgIkk=,tag:nOY16LFcbVB1CpTyMpU8AQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

63
hosts/capella/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
pkgs,
username,
outputs,
inputs,
email,
...
}: {
imports = [
../../modules/droid/sshd.nix
];
android-integration.am.enable = true;
android-integration.termux-open-url.enable = true;
android-integration.xdg-open.enable = true;
android-integration.termux-setup-storage.enable = true;
android-integration.termux-reload-settings.enable = true;
terminal.font = let
firacode = pkgs.nerd-fonts.fira-code;
fontPath = "share/fonts/truetype/NerdFonts/FiraCode/FiraCodeNerdFont-Regular.ttf";
in "${firacode}/${fontPath}";
time.timeZone = "Asia/Kolkata";
tux.services.openssh = {
enable = true;
ports = [8033];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D ${email}"
];
};
user = {
uid = 10479;
gid = 10479;
shell = "${pkgs.zsh}/bin/zsh";
};
environment.etcBackupExtension = ".backup";
environment.motd = '''';
environment.packages = with pkgs; [
nano
git
neovim
openssh
inputs.trok.packages."aarch64-linux".default
];
home-manager = {
config = ./home.nix;
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs outputs username email;};
useGlobalPkgs = true;
};
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
system.stateVersion = "24.05";
}

35
hosts/capella/home.nix Normal file
View File

@@ -0,0 +1,35 @@
{pkgs, ...}: {
imports = [
../../modules/home/git
../../modules/home/starship
../../modules/home/fastfetch
];
programs = {
bat.enable = true;
zoxide = {
enable = true;
options = ["--cmd cd"];
};
zsh = {
enable = true;
shellAliases = {
ls = "lsd";
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
initContent = ''
fastfetch
'';
};
};
home.packages = with pkgs; [
neovim
busybox
lsd
fastfetch
];
home.stateVersion = "24.05";
}

58
hosts/common/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{
username,
outputs,
inputs,
email,
...
}: {
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.home-manager
inputs.nix-index-database.nixosModules.nix-index
../../modules/base
../../modules/nixos/fail2ban.nix
../../modules/nixos/selfhosted/upstream-proxy.nix
../../modules/nixos/selfhosted/tfolio.nix
../../modules/nixos/selfhosted/cyber-tux.nix
../../modules/nixos/networking/ssh.nix
];
sops.secrets.tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
time.timeZone = "Asia/Kolkata";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_IN";
LC_IDENTIFICATION = "en_IN";
LC_MEASUREMENT = "en_IN";
LC_MONETARY = "en_IN";
LC_NAME = "en_IN";
LC_NUMERIC = "en_IN";
LC_PAPER = "en_IN";
LC_TELEPHONE = "en_IN";
LC_TIME = "en_IN";
};
};
security.sudo.wheelNeedsPassword = false;
programs = {
zsh.enable = true;
};
home-manager = {
backupFileExtension = "hm-backup";
useUserPackages = true;
extraSpecialArgs = {inherit inputs outputs username email;};
users.${username} = {
imports = [
./home.nix
];
};
};
}

45
hosts/common/home.nix Normal file
View File

@@ -0,0 +1,45 @@
{
outputs,
username,
inputs,
...
}: {
imports = [
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.nix-index-database.homeModules.nix-index
../../modules/home/shell
../../modules/home/git
../../modules/home/starship
../../modules/home/fastfetch
../../modules/home/nvim
../../modules/home/tmux
../../modules/home/helix
../../modules/home/aria2
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.nur
outputs.overlays.nix-vscode-extensions
];
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
joypixels.acceptLicense = true;
};
};
home = {
username = "${username}";
homeDirectory = "/home/${username}";
};
programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch";
}

79
hosts/common/secrets.yaml Normal file
View File

@@ -0,0 +1,79 @@
tux-password: ENC[AES256_GCM,data:ysw9mJef/l7WdXP9cCSM88GX019UMr8od80rSwZBftN8tWDGPe0/mdRmePXxaEY9yEXhvRON/4IaFIPVQ3VnbExcGrnbV5+u9A==,iv:P+BnLLJs7ePJvsBHgsaISvjy33KtLFQENS+YB2eroGI=,tag:D4dTQXzmBkeCkdFu2Ozlcg==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVkUyUU8wbXNqY0JVb2RD
N3NiNXJ3Tzc0bjU2QnJrbDcxTDVQeUJUYVhFCnNud3lXWmh5azByaEk0dkIyT1dP
V0NKMzlpdTZaM2JpTyt4L1V1M2l1MGsKLS0tIDlzbjVHNUw4ci9mZ0tBaVhSNjJS
MFdDa3hHMTlmU05TN2UxY3dhdGVFdU0KQ+hjPwBpv8g3x/N+Yd4kwUtiIxXDcZRx
EFjLnDiOA5gkZqXCo05E1lXJN17wU59pYs1+1pfBYbGKc2oV+3oquw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqM1Z4MlNwY1VxdXF6RG1P
cWQ0S0hMOWh0aUUrdVF5VDVWZVNDYi82NERjCmZFSEdyNXNLMXBHeUp4NUNpZnp4
UEVWZEJhZC9YSzgzb1VVMDNsdUk2K00KLS0tIGpqaS92NmJzVXRRb09SSGhJYTlE
ZmpXd09Eam5EN1ExZFdYVXUxUEp5S0UKWZG87YOWIZR/eIFRjyZt4Jf8St+NEk/L
obwyOlDnRJ9wI30g9VXMoYTUdZcebY6t6tmRvIKL4pbadua2JXwamg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelFwUGIzc1RuVFpGYzd6
cjZOM3FGUDlPVTVuRkxqalEwamhlVjNFdVVBCjBiWFN0RVArYWNoL2ZuYXhSN0Y0
eTFEWFdYUFJVWU53cmNURS9jNEJTSDgKLS0tIHd3SFlISGdVSTBJSmd3UUp0VVBE
MCt6ZnMzRDNEK3I3ZXFucjRXRDJ3Wm8KltIXRrGVkr3AOvQ44/nlsqmGW6s/hlHF
84elOBidwgb95RIhetUppD6jUJz2p0GHIsIvEc9AuZRbPkntmVjHkA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQXR2QVJCSk92WGF1dGxK
K0o3V3dPTS9ZZHBDUEcrVWxKMzZpem5uL0VFCnB2c2hIcmxQTWdmTHhnVFhLQXhT
b3V4Y01JSUdYMThqNy8zVEI4QXc3SmcKLS0tIDBuekhnaWRGUVF4a0tseUQxZW55
L1VsWHljZ3VaMjNkbHhhYlVTU0dTL1UKXe4osbjCyMzBuJoD8bnhnAJSmaeOmtpr
Gee9MSubfgxXKN+GNOjMF0DBB3SDlJTXjF7LpqqkiSbg0Jy4W6b+mA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmT3hudFJ5QTVLbHh1Zjg3
elA1VEw4TzdhNTJqSVk3MWdwUnhUZ0V3ZmgwCkdOKzJ4RlVuR1VJL0NhbTc0SnZY
MlFrbnhuN1UwYmE2ZlhpWnZVTWc4RncKLS0tIFdLT2k3dWdwQXJlSHQxWWJUd3Yx
UHJ1aDhWVXprMUcyVHQxTlJEV21MMjQKveI0EjbGWwsBlIzHUIvjrTM5G7ZtulM/
AuhqsH3qkDU4L3FdkVR5oG8yaCDbBxLDFhCDnXAGKrGCwOr1KB5hmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZlhyVVh6K2tvd2ZGODhY
ODRLbFFiYmlPM3F5L3VwNS9EVGtuSWQ1VHlvCk1GTWlRUk9WVURWOEdBVlVHb1Rw
c09EYlhFWFZHQmV3MUU5eU1ZYVE2MlEKLS0tIEFMV1FDTnBNMTEvTWREY3VFZjJ6
QVV5U3dvTDFBT2s4bTQ1SXQ4U2RaYnMKs8q7OeaK188bTvVmAia0oF5SnpMOPKTd
V31tngEgvmI7MxH9BrgjWneJye91Q/hCED0/aK0AuXIRapWgi1hGlA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESVVPNGpGYnB0aFAzYnF3
aUhkZkI1a2dWd2txSm9aWnpOKzBPdzg0VGdzCkJkeDJlZDdSZUVGTHVwQ2M2UjBj
MjRnM2lNMWNVNFF1bTA0NGI3SGNPdFUKLS0tIGV6UkRQUWFYWjBrMzhhTmd4QlBV
RTkvRVBSeUFUVXpyVHhHTFpZNzR3NlkKOksXAReInUnFJPuFsfu08MRQoA5J0j/H
3cUt2jBIheWXBtg1Plz9UcXdjPaUEROadFcRveiGBaBEVz0LyBs8WA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UVY1a1JFRTBZalRDeFll
aHVNTnQ0MEtpN0pObnhaMlYwaXp2b2tKM2gwCmIrL2dzb0xGR0NCZzFIL0o2SS8w
YnE2OE9rZFFWakgrYkNVcFpjUXJpbXMKLS0tIE9rZEoxNjdJbG9adVAydk1DVnhK
WGhPaC96dk9qUzNxT1hadTZZSGZKQ28KiNhLhLaUSTVltWzyYHWLk6M8M3lxgvHj
rPgFNVEcpVKN9f2v4N+XJipDaVgnP1YwwIlT0XSRQNrGWcO2JL6nmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-09T22:50:12Z"
mac: ENC[AES256_GCM,data:xf2fW1ajcrAx/oPwYvZmNKNJ6yHF/v3aVt3bIyENyfmB90yPDhHiw9twj7MYy1hVJyKE1Iy+1bmEgERBwaum2sROvzpCzuKbB8avJfBfeqpwBPob2yRdoAKFN29xgiJVJjtw2zKFf8NzMnv9Y5sLxgnhq5VB7aCavZ9+o0603kI=,iv:8aS9jVOm4rZpU/JTi9uUKoEfvo44Zhy43e6/GsIM7CE=,tag:D9I31EQwI6bCAN3tU4jGJg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

153
hosts/homelab/default.nix Executable file
View File

@@ -0,0 +1,153 @@
{
inputs,
username,
pkgs,
lib,
config,
...
}: {
imports = [
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/nvme0n1";})
./hardware.nix
../common
../../modules/nixos/desktop
../../modules/nixos/virtualisation/docker.nix
];
tux.services.openssh.enable = true;
sops.secrets = {
discord_token = {
sopsFile = ./secrets.yaml;
};
};
tux.services.cyber-tux = {
enable = true;
environmentFile = config.sops.secrets.discord_token.path;
};
networking = {
hostName = "homelab";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [22];
# Facilitate firewall punching
allowedUDPPorts = [41641];
};
};
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
timeout = 1;
};
};
hardware = {
graphics.enable32Bit = true;
};
security = {
rtkit.enable = true;
};
programs = {
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
};
};
services = {
fwupd.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = ["--login-server https://hs.tux.rs"];
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/tailscale"
"/var/lib/nixos"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
environment.systemPackages = with pkgs; [go-wol];
system.stateVersion = "24.11";
}

48
hosts/homelab/disko.nix Normal file
View File

@@ -0,0 +1,48 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

26
hosts/homelab/hardware.nix Executable file
View File

@@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
hosts/homelab/home.nix Normal file
View File

@@ -0,0 +1,22 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
"Stuff"
".ssh"
".wakatime"
".config/sops"
".config/go-wol"
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

30
hosts/homelab/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
discord_token: ENC[AES256_GCM,data:fZqz6LD3+Svtton5gNCXO5ddWAqW1IyxP3M2DAIXZEIYRHUfAq8h9LES2IHWepjl5qKimxB35zacE/TYK2fitngWtRGVoMDBzzU6VTKNulNV3yFWrPA=,iv:YOplYld+c9vHVC0Srfm89qrh4yUygDiW67X2TdwHKMc=,tag:Ioc2wNLX818fRQ/2PSO7Sw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YktFRE9KS0h0T0hDTlpF
ZEk0VzNTcVE0ampsWVRtSzJ3UHBXL2NlUUh3Cjk5ZnFKVENmTTJHQjgrVWlyOUE1
THUrTUFzdWhKejNUNXpsNVpvZVdJWm8KLS0tIDZ5bmYzSVBUVlVORHAzSGtCQmVo
a2JuSWVtMi9FMkova3BCd2F0U2VCRzQKonG/AkEn2X2l3vyr0UlJprGW2ZSwrczq
xHafyGiU/I1AO/HoB3BXyP8t/Sgn/dy42lspqZ3MoLLlmx7dQeTd+g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWUowUlB2cWVOclpRMENn
TU5za0Y2UHZ5eFNZMEdQWm9xdTZFYkVwS2hNCnRBUU1ndFdiQ09sQjBDb1greC93
ejl2OVZTTEtIcWpxUk5RRngrbjRWREEKLS0tIDVrSHhxbmJFdWwyQS9xeWlFZitJ
Y1RHaFdXaE9DODJtSTFCSVZWb0xVeUEK4qeBKg3u+vhBIM1dQ7BaOWi/C7Q8hk60
vu9Zr075n0+kb5Ab+RH24ZmEoP5PJXjwEfbAnmRTjn0reYn1nfcNYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T12:45:59Z"
mac: ENC[AES256_GCM,data:NLGe7L/oiG62x4PmQ6FobnuisFmMxYoGhxfqQ4qZdy9emYL/+FnrtFsKTKqZ9IHjrNnCmbk7y+Cds/azC1xGVcaj50jEox87vtqIZ3z0XsD1mJjCAdHkBVzzpQGwHas/5y0Inyj+oKsvQrqVacqYHVA/ES+zMvou8nD+EWIH2LE=,iv:fBVOnwih+QFkYZ8IfMBpQiT1XwSZtzo3VYaBOL3I5o4=,tag:p+ePQsrmcLcnLr2fgWQXQg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

92
hosts/isoImage/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
pkgs,
modulesPath,
inputs,
username,
lib,
...
}: {
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
inputs.home-manager.nixosModules.home-manager
../common
../../modules/nixos/desktop
../../modules/nixos/desktop/awesome
../../modules/nixos/desktop/hyprland
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostName = "iso";
};
hardware = {
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
security = {
rtkit.enable = true;
};
programs = {
ssh.startAgent = true;
thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
nm-applet.enable = true;
};
services = {
resolved.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
logind = {
extraConfig = "HandlePowerKey=suspend";
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
};
xserver = {
enable = true;
xkb = {
layout = "in";
variant = "eng";
};
};
libinput.touchpad.naturalScrolling = true;
blueman.enable = true;
gvfs.enable = true;
tumbler.enable = true;
};
fonts.packages = with pkgs.nerd-fonts; [
fira-code
jetbrains-mono
];
home-manager.users.${username} = {
imports = [
./home.nix
];
};
users.users.${username} = {
hashedPasswordFile = lib.mkForce null;
initialPassword = username;
};
system.stateVersion = "23.11";
}

24
hosts/isoImage/home.nix Normal file
View File

@@ -0,0 +1,24 @@
{pkgs, ...}: {
imports = [
../../modules/home/desktop/awesome
../../modules/home/desktop/hyprland
../../modules/home/picom
../../modules/home/alacritty
../../modules/home/wezterm
../../modules/home/ghostty
../../modules/home/desktop/rofi
../../modules/home/barrier
../../modules/home/firefox
../../modules/home/brave
../../modules/home/vs-code
../../modules/home/mopidy
../../modules/home/thunderbird
];
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
};
home.stateVersion = "24.11";
}

63
hosts/rigel/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
pkgs,
username,
outputs,
inputs,
email,
...
}: {
imports = [
../../modules/droid/sshd.nix
];
android-integration.am.enable = true;
android-integration.termux-open-url.enable = true;
android-integration.xdg-open.enable = true;
android-integration.termux-setup-storage.enable = true;
android-integration.termux-reload-settings.enable = true;
terminal.font = let
firacode = pkgs.nerd-fonts.fira-code;
fontPath = "share/fonts/truetype/NerdFonts/FiraCode/FiraCodeNerdFont-Regular.ttf";
in "${firacode}/${fontPath}";
time.timeZone = "Asia/Kolkata";
tux.services.openssh = {
enable = true;
ports = [8033];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D ${email}"
];
};
user = {
uid = 10225;
gid = 10225;
shell = "${pkgs.zsh}/bin/zsh";
};
environment.etcBackupExtension = ".backup";
environment.motd = '''';
environment.packages = with pkgs; [
nano
git
neovim
openssh
inputs.trok.packages."aarch64-linux".default
];
home-manager = {
config = ./home.nix;
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs outputs username email;};
useGlobalPkgs = true;
};
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
system.stateVersion = "24.05";
}

35
hosts/rigel/home.nix Normal file
View File

@@ -0,0 +1,35 @@
{pkgs, ...}: {
imports = [
../../modules/home/git
../../modules/home/starship
../../modules/home/fastfetch
];
programs = {
bat.enable = true;
zoxide = {
enable = true;
options = ["--cmd cd"];
};
zsh = {
enable = true;
shellAliases = {
ls = "lsd";
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
initContent = ''
fastfetch
'';
};
};
home.packages = with pkgs; [
neovim
busybox
lsd
fastfetch
];
home.stateVersion = "24.05";
}

56
hosts/sirius/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{
pkgs,
inputs,
username,
config,
...
}: {
imports = [
inputs.nixos-wsl.nixosModules.wsl
../common
../../modules/nixos/virtualisation/docker.nix
];
tux.services.openssh.enable = true;
boot.binfmt.emulatedSystems = ["aarch64-linux"];
nixpkgs = {
config.cudaSupport = true;
hostPlatform = "x86_64-linux";
};
wsl = {
enable = true;
defaultUser = "${username}";
useWindowsDriver = true;
};
networking.hostName = "sirius";
programs = {
ssh.startAgent = true;
zsh.enable = true;
nix-ld = {
enable = true;
libraries = config.hardware.graphics.extraPackages;
package = pkgs.nix-ld-rs;
};
dconf.enable = true;
};
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "23.11";
}

3
hosts/sirius/home.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
home.stateVersion = "23.11";
}

66
hosts/vega/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
pkgs,
username,
...
}: {
imports = [
./hardware.nix
../common
../../modules/nixos/selfhosted/adguard.nix
];
tux.services.openssh.enable = true;
boot.initrd.availableKernelModules = [
"usbhid"
"usb_storage"
"vc4"
"pcie_brcmstb" # required for the pcie bus to work
"reset-raspberrypi" # required for vl805 firmware to load
];
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
hardware.enableRedistributableFirmware = true;
powerManagement.cpuFreqGovernor = "ondemand";
networking = {
hostName = "vega";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [22];
# Facilitate firewall punching
allowedUDPPorts = [41641];
};
};
services = {
tailscale = {
enable = true;
extraUpFlags = ["--login-server https://hs.tux.rs"];
};
};
environment.systemPackages = with pkgs; [go-wol];
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

32
hosts/vega/hardware.nix Normal file
View File

@@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/vega/home.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
home.stateVersion = "24.11";
}

101
hosts/vps/default.nix Normal file
View File

@@ -0,0 +1,101 @@
{
modulesPath,
inputs,
username,
lib,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/sda";})
../common
];
tux.services.openssh.enable = true;
nixpkgs = {
hostPlatform = "x86_64-linux";
};
boot = {
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
};
};
networking.hostName = "vps";
users = {
users.${username} = {
password = "${username}";
hashedPasswordFile = lib.mkForce null;
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

53
hosts/vps/disko.nix Normal file
View File

@@ -0,0 +1,53 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

12
hosts/vps/home.nix Normal file
View File

@@ -0,0 +1,12 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
".ssh"
".local/share/zsh"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

11
modules/base/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{
imports = [
./nix.nix
./nixpkgs.nix
./nh.nix
./overlays.nix
./sops.nix
./substituters.nix
./user.nix
];
}

16
modules/base/nh.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
username,
...
}: {
programs.nh = {
enable = true;
clean = {
enable = !config.nix.gc.automatic;
dates = "weekly";
};
flake = "/home/${username}/Projects/nixos-config";
};
}

37
modules/base/nix.nix Normal file
View File

@@ -0,0 +1,37 @@
{
pkgs,
username,
...
}: {
nix = {
# @TODO enable when lix is patched
# package = pkgs.lix;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
optimise = {
automatic = true;
dates = ["weekly"];
};
channel.enable = false;
settings = {
extra-platforms = [
"aarch64-linux"
"arm-linux"
];
auto-optimise-store = true;
allowed-users = ["${username}"];
trusted-users = ["${username}"];
experimental-features = "nix-command flakes";
keep-going = true;
warn-dirty = false;
http-connections = 50;
};
};
}

8
modules/base/nixpkgs.nix Normal file
View File

@@ -0,0 +1,8 @@
{
nixpkgs = {
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
};
}

9
modules/base/overlays.nix Normal file
View File

@@ -0,0 +1,9 @@
{outputs, ...}: {
nixpkgs.overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.nur
outputs.overlays.nix-vscode-extensions
];
}

20
modules/base/sops.nix Normal file
View File

@@ -0,0 +1,20 @@
{
inputs,
config,
pkgs,
...
}: let
isEd25519 = k: k.type == "ed25519";
getKeyPath = k: k.path;
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in {
imports = [inputs.sops-nix.nixosModules.sops];
sops.age = {
sshKeyPaths = map getKeyPath keys;
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
environment.systemPackages = with pkgs; [sops];
}

27
modules/base/substituters.nix Normal file
View File

@@ -0,0 +1,27 @@
{
nix.settings = {
substituters = [
"https://cache.nixos.org?priority=10"
"https://anyrun.cachix.org"
"https://fufexan.cachix.org"
"https://helix.cachix.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://nix-gaming.cachix.org"
"https://yazi.cachix.org"
"https://nix-on-droid.cachix.org"
];
trusted-substituters = ["https://nix-on-droid.cachix.org"];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"fufexan.cachix.org-1:LwCDjCJNJQf5XD2BV+yamQIMZfcKWR9ISIFy5curUsY="
"helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k="
"nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU="
];
};
}

20
modules/base/user.nix Normal file
View File

@@ -0,0 +1,20 @@
{
config,
pkgs,
username,
email,
...
}: {
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.${username} = {
hashedPasswordFile = config.sops.secrets.tux-password.path;
isNormalUser = true;
extraGroups = ["networkmanager" "wheel" "storage"];
openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D ${email}''
];
};
};
}

106
modules/droid/sshd.nix Normal file
View File

@@ -0,0 +1,106 @@
{
config,
lib,
pkgs,
...
}: let
# utility functions
concatLines = list: builtins.concatStringsSep "\n" list;
prefixLines = mapper: list: concatLines (map mapper list);
# could be put in the config
configPath = "ssh/sshd_config";
keysFolder = "/etc/ssh";
authorizedKeysFolder = "/etc/ssh/authorized_keys.d";
supportedKeysTypes = [
"rsa"
"ed25519"
];
sshd-start-bin = "sshd-start";
# real config
cfg = config.tux.services.openssh;
pathOfKeyOf = type: "${keysFolder}/ssh_host_${type}_key";
generateKeyOf = type: ''
${lib.getExe' pkgs.openssh "ssh-keygen"} \
-t "${type}" \
-f "${pathOfKeyOf type}" \
-N ""
'';
generateKeyWhenNeededOf = type: ''
if [ ! -f ${pathOfKeyOf type} ]; then
mkdir --parents ${keysFolder}
${generateKeyOf type}
fi
'';
sshd-start = pkgs.writeScriptBin sshd-start-bin ''
#!${pkgs.runtimeShell}
${prefixLines generateKeyWhenNeededOf supportedKeysTypes}
mkdir --parents "${authorizedKeysFolder}"
echo "${lib.concatStringsSep "\n" cfg.authorizedKeys}" > ${authorizedKeysFolder}/${config.user.userName}
echo "Starting sshd in non-daemonized way on port ${lib.concatMapStrings toString cfg.ports}"
${lib.getExe' pkgs.openssh "sshd"} \
-f "/etc/${configPath}" \
-D # don't detach into a daemon process
'';
in {
options = {
tux.services.openssh = {
enable = lib.mkEnableOption ''
Whether to enable the OpenSSH secure shell daemon, which
allows secure remote logins.
'';
ports = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [22];
description = ''
Specifies on which ports the SSH daemon listens.
'';
};
authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = ''
Specify a list of public keys to be added to the authorized_keys file.
'';
};
};
};
config = lib.mkIf cfg.enable {
environment.etc = {
"${configPath}".text = ''
${prefixLines (port: "Port ${toString port}") cfg.ports}
AuthorizedKeysFile ${authorizedKeysFolder}/%u
LogLevel VERBOSE
'';
};
environment.packages = [
sshd-start
pkgs.openssh
];
build.activationAfter.sshd = ''
SERVER_PID=$(${lib.getExe' pkgs.procps "ps"} -a | ${lib.getExe' pkgs.toybox "grep"} sshd || true)
if [ -z "$SERVER_PID" ]; then
$DRY_RUN_CMD ${lib.getExe sshd-start}
fi
'';
};
}

4
modules/flake/flake-parts.nix
View File

@@ -1,4 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.flake-parts.flakeModules.modules ];
}

36
modules/flake/overlays.nix
View File

@@ -1,36 +0,0 @@
{
inputs,
...
}:
{
flake.overlays = {
modifications = final: prev: {
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
awww = inputs.awww.packages.${prev.stdenv.hostPlatform.system}.awww;
vicinae-extensions = inputs.vicinae-extensions.packages.${prev.stdenv.hostPlatform.system};
};
stable-packages = final: _prev: {
stable = import inputs.nixpkgs-stable {
system = final.stdenv.hostPlatform.system;
config.allowUnfree = true;
};
};
nur = inputs.nur.overlays.default;
};
perSystem =
{ system, ... }:
{
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
overlays = builtins.attrValues inputs.self.overlays;
};
};
}

6
modules/flake/systems.nix
View File

@@ -1,6 +0,0 @@
{
systems = [
"x86_64-linux"
"aarch64-linux"
];
}

23
modules/flake/treefmt.nix
View File

@@ -1,23 +0,0 @@
{ inputs, ... }:
{
imports = [
inputs.treefmt-nix.flakeModule
];
perSystem =
{
config,
pkgs,
system,
...
}:
{
treefmt.config = {
projectRootFile = "flake.nix";
flakeCheck = true;
programs = {
nixfmt.enable = true;
};
};
};
}

13
modules/hm/core/hm.nix
View File

@@ -1,13 +0,0 @@
{
flake.modules.homeManager.core =
{ userName, ... }:
{
programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch";
home = {
username = "${userName}";
homeDirectory = "/home/${userName}";
};
};
}

18
modules/hm/core/nixpkgs.nix
View File

@@ -1,18 +0,0 @@
{ inputs, ... }:
{
flake.modules.homeManager.core =
{
lib,
osConfig ? { },
...
}:
{
nixpkgs = lib.mkIf (!(osConfig.home-manager.useGlobalPkgs or false)) {
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
overlays = builtins.attrValues inputs.self.overlays;
};
};
}

38
modules/hm/desktop/brave.nix
View File

@@ -1,38 +0,0 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
config,
...
}:
let
configDir = "${config.xdg.configHome}/BraveSoftware/Brave-Browser";
extensionJson = ext: {
name = "${configDir}/External Extensions/${ext.id}.json";
value.text = builtins.toJSON {
external_update_url = "https://clients2.google.com/service/update2/crx";
};
};
extensions = [
{ id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # Metamask
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "bfnaelmomeimhlpmgjnjophhpkkoljpa"; } # Phantom
{ id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; } # DarkReader
];
in
{
programs.chromium = {
enable = true;
package = pkgs.brave;
commandLineArgs = [
"--disable-features=WebRtcAllowInputVolumeAdjustment"
"--force-device-scale-factor=1.0"
];
};
home.file = builtins.listToAttrs (map extensionJson extensions);
};
}

45
modules/hm/desktop/discord.nix
View File

@@ -1,45 +0,0 @@
{
flake.modules.homeManager.desktop =
{ inputs, userName, ... }:
{
imports = [
inputs.nixcord.homeModules.nixcord
];
programs.nixcord = {
enable = true;
user = userName;
discord.enable = false;
vesktop.enable = true;
config = {
themeLinks = [
"https://raw.githubusercontent.com/refact0r/system24/refs/heads/main/archive/flavors/spotify-text.theme.css"
];
frameless = true;
plugins = {
hideMedia.enable = true;
ignoreActivities = {
enable = true;
ignorePlaying = true;
ignoreWatching = true;
};
};
};
dorion = {
theme = "dark";
zoom = "1.1";
blur = "acrylic";
sysTray = true;
openOnStartup = true;
autoClearCache = true;
disableHardwareAccel = false;
rpcServer = true;
rpcProcessScanner = true;
pushToTalk = true;
pushToTalkKeys = [ "RControl" ];
desktopNotifications = true;
unreadBadge = true;
};
};
};
}

5
modules/hm/desktop/easyeffects.nix
View File

@@ -1,5 +0,0 @@
{
flake.modules.homeManager.desktop = {
services.easyeffects.enable = true;
};
}

75
modules/hm/desktop/firefox.nix
View File

@@ -1,75 +0,0 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
userName,
...
}:
{
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
extraPolicies = {
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxAccounts = false;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = true;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
profiles = {
${userName} = {
id = 0;
name = "tux";
search = {
force = true;
default = "google";
};
settings = {
"general.smoothScroll" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"layout.css.prefers-color-scheme.content-override" = 0;
"browser.compactmode.show" = true;
"browser.tabs.firefox-view" = false;
"browser.bookmarks.addedImportButton" = false;
"extensions.pocket.enabled" = false;
"browser.fullscreen.autohide" = false;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
facebook-container
metamask
darkreader
bitwarden
wappalyzer
clearurls
];
};
};
};
};
}

47
modules/hm/desktop/ghostty.nix
View File

@@ -1,47 +0,0 @@
{
flake.modules.homeManager.desktop = {
programs.ghostty = {
enable = true;
enableZshIntegration = true;
systemd.enable = true;
settings = {
confirm-close-surface = false;
gtk-titlebar = false;
window-padding-x = 10;
window-padding-y = 10;
font-size = 12;
font-family = "JetBrainsMono Nerd Font";
theme = "poimandres";
};
themes = {
poimandres = {
background = "#0f0f0f";
foreground = "#a6accd";
cursor-color = "#f2eacf";
selection-background = "#1a1a1a";
selection-foreground = "#f1f1f1";
palette = [
"0=#252b37"
"1=#d0679d"
"2=#5de4c7"
"3=#fffac2"
"4=#89ddff"
"5=#fae4fc"
"6=#add7ff"
"7=#ffffff"
"8=#a6accd"
"9=#d0679d"
"10=#5de4c7"
"11=#fffac2"
"12=#add7ff"
"13=#89ddff"
"14=#fcc5e9"
"15=#ffffff"
];
};
};
};
};
}

39
modules/hm/desktop/hyprland.nix
View File

@@ -1,39 +0,0 @@
{
flake.modules.homeManager.desktop =
{ config, pkgs, ... }:
{
wayland.windowManager.hyprland = {
enable = true;
package = null;
portalPackage = null;
xwayland.enable = true;
systemd.variables = [ "--all" ];
};
# TODO: Hyprland 0.55 switched to Lua-based configuration.
# Until the Home Manager module is updated, we symlink our config instead.
home.file = {
".config/hypr/config".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/config";
".config/hypr/hyprland.lua".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/hyprland.lua";
};
home.packages = with pkgs; [
ags
awww
grim
slurp
hyprshot
wl-clipboard
wl-screenrec
(writeShellScriptBin "hypr-screenshot" ''
hyprshot -m region -r ppm - | satty --filename -
'')
(writeShellScriptBin "hypr-screenrecord" ''
wl-screenrec -g "$(slurp)"
'')
];
};
}

39
modules/hm/desktop/lan-mouse.nix
View File

@@ -1,39 +0,0 @@
{ inputs, ... }:
{
flake.modules.homeManager.desktop =
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.services.lan-mouse;
in
{
imports = [ inputs.lan-mouse.homeManagerModules.default ];
options.tnix.services.lan-mouse = {
enable = mkEnableOption "Enable Lan-Mouse";
settings = mkOption {
type = (pkgs.formats.toml { }).type;
default = { };
description = ''
TOML configuration for lan-mouse.
See <https://github.com/feschber/lan-mouse/> for available options.
'';
};
};
config = mkIf cfg.enable {
programs.lan-mouse = {
enable = true;
systemd = true;
settings = cfg.settings;
};
};
};
}

256
modules/hm/desktop/mango.nix
View File

@@ -1,256 +0,0 @@
{ inputs, ... }:
{
flake.modules.homeManager.desktop =
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.desktop.mangowm;
in
{
imports = [
inputs.mango.hmModules.mango
];
options.tnix.desktop.mangowm = {
enable = mkEnableOption "Enable MangoWM";
monitorRule = mkOption {
type = with types; listOf str;
default = [ ];
};
tagRule = mkOption {
type = with types; listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
wayland.windowManager.mango = {
enable = true;
settings = {
# Monitors
monitorrule = cfg.monitorRule;
focus_cross_monitor = 1;
exchange_cross_monitor = 1;
drag_tile_to_tile = 1;
# Keyboard
repeat_rate = 25;
repeat_delay = 600;
numlockon = 0;
xkb_rules_layout = "us";
# Trackpad
disable_trackpad = 0;
tap_to_click = 1;
tap_and_drag = 1;
drag_lock = 1;
trackpad_natural_scrolling = 1;
disable_while_typing = 1;
left_handed = 0;
middle_button_emulation = 0;
swipe_min_threshold = 1;
# Mouse
mouse_natural_scrolling = 0;
mouse_accel_profile = 0;
# Theme
border_radius = 8;
no_radius_when_single = 0;
focused_opacity = 0.9;
unfocused_opacity = 0.9;
# Scroller Layout Setting
scroller_structs = 0;
scroller_default_proportion = 0.5;
scroller_ignore_proportion_single = 0;
scroller_default_proportion_single = 1.0;
# Master-Stack Layout Setting
new_is_master = 0;
default_mfact = 0.5;
default_nmaster = 1;
smartgaps = 0;
# Overview Setting
hotarea_size = 10;
enable_hotarea = 1;
ov_tab_mode = 0;
overviewgappi = 15;
overviewgappo = 15;
# layouts
tagrule = cfg.tagRule;
# Keybindings
mousebind = [
"SUPER, btn_left, moveresize, curmove"
"SUPER, btn_right, moveresize, curresize"
];
gesturebind = [
"none, right, 3, viewtoleft_have_client"
"none, up, 3, toggleoverview"
"none, down, 3, toggleoverview"
];
bind = [
# apps
"SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle"
"SUPER, D, spawn, vesktop"
"SUPER, T, spawn, Telegram"
"SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
# WM
"SUPER, Q, killclient"
"SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating"
"SUPER+SHIFT, Space, centerwin"
"ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps"
"SUPER+SHIFT, P, toggleglobal"
# switch layout
"SUPER+SHIFT, H, setlayout, tile"
"SUPER+SHIFT, V, setlayout, vertical_tile"
"SUPER+SHIFT, S, setlayout, scroller"
# resize client
"SUPER+CTRL, Up, resizewin, +0, -50"
"SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0"
"SUPER+CTRL, Equal, setoption, default_mfact, 0.5"
# swap client
"SUPER+SHIFT, Up, exchange_client, up"
"SUPER+SHIFT, Down, exchange_client, down"
"SUPER+SHIFT, Left, exchange_client, left"
"SUPER+SHIFT, Right, exchange_client, right"
# switch client focus
"SUPER, Tab, focusstack, next"
"SUPER, Left, focusdir, left"
"SUPER, Right, focusdir, right"
"SUPER, Up, focusdir, up"
"SUPER, Down, focusdir, down"
# switch view
"SUPER, 1, view, 1, 1"
"SUPER, 2, view, 2, 1"
"SUPER, 3, view, 3, 1"
"SUPER, 4, view, 4, 1"
"SUPER, 5, view, 5, 1"
# move client to the tag with focus
"SUPER+SHIFT, 1, tagsilent, 1, 1"
"SUPER+SHIFT, 2, tagsilent, 2, 1"
"SUPER+SHIFT, 3, tagsilent, 3, 1"
"SUPER+SHIFT, 4, tagsilent, 4, 1"
"SUPER+SHIFT, 5, tagsilent, 5, 1"
# move client to the tag without focus
"SUPER+ALT, 1, tag, 1, 1"
"SUPER+ALT, 2, tag, 2, 1"
"SUPER+ALT, 3, tag, 3, 1"
"SUPER+ALT, 4, tag, 4, 1"
"SUPER+ALT, 5, tag, 5, 1"
];
# Window effect
blur = 1;
blur_layer = 0;
blur_optimized = 1;
blur_params_num_passes = 2;
blur_params_radius = 5;
blur_params_noise = 0.02;
blur_params_brightness = 0.9;
blur_params_contrast = 0.9;
blur_params_saturation = 1.2;
shadows = 1;
layer_shadows = 0;
shadow_only_floating = 1;
shadows_size = 10;
shadows_blur = 15;
shadows_position_x = 0;
shadows_position_y = 0;
shadowscolor = "0x000000ff";
# Animation
animations = 1;
layer_animations = 1;
animation_type_open = "slide";
animation_type_close = "fade";
animation_fade_in = 1;
animation_fade_out = 1;
tag_animation_direction = 0;
zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5;
fadeout_begin_opacity = 0.8;
animation_duration_move = 100;
animation_duration_open = 100;
animation_duration_close = 100;
animation_duration_tag = 200;
animation_duration_focus = 0;
animation_curve_open = "0.46, 1.0, 0.29, 1";
animation_curve_move = "0.46, 1.0, 0.29, 1";
animation_curve_tag = "0.46, 1.0, 0.29, 1";
animation_curve_close = "0.08, 0.92, 0, 1";
animation_curve_focus = "0.46, 1.0, 0.29, 1";
animation_curve_opafadeout = "0.5, 0.5, 0.5, 0.5";
animation_curve_opafadein = "0.46, 1.0, 0.29, 1";
# Appearance
borderpx = 0;
gappih = 10;
gappiv = 10;
gappoh = 10;
gappov = 10;
rootcolor = "0x201b14ff";
bordercolor = "0x444444ff";
focuscolor = "0xc9b890ff";
maximizescreencolor = "0x89aa61ff";
urgentcolor = "0xad401fff";
scratchpadcolor = "0x516c93ff";
globalcolor = "0xb153a7ff";
overlaycolor = "0x14a57cff";
# Misc
syncobj_enable = 1;
exec-once = [
"dbus-update-activation-environment --systemd --all; systemctl --user reset-failed && systemctl --user start mango-session.target"
"awww-daemon"
"dms run"
];
};
};
home.packages = with pkgs; [
quickshell
dms-shell
dgop
];
};
};
}

24
modules/hm/desktop/mpv.nix
View File

@@ -1,24 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
scripts = (
with pkgs.mpvScripts;
[
modernz
thumbfast
mpris
mpv-image-viewer.image-positioning
]
);
config = {
osc = "no";
border = "no";
};
};
};
}

19
modules/hm/desktop/satty.nix
View File

@@ -1,19 +0,0 @@
{
flake.modules.homeManager.desktop = {
programs.satty = {
enable = true;
settings = {
general = {
corner-roundness = 12;
initial-tool = "arrow";
early-exit = true;
copy-command = "wl-copy";
};
font = {
family = "JetBrainsMono NerdFont";
};
};
};
};
}

31
modules/hm/desktop/theme.nix
View File

@@ -1,31 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
enable = true;
style = {
name = "Breeze";
package = pkgs.kdePackages.breeze;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
};
}

68
modules/hm/desktop/vicinae.nix
View File

@@ -1,68 +0,0 @@
{
flake.modules.homeManager.desktop =
{
pkgs,
...
}:
{
programs.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
useLayerShell = true;
extensions = with pkgs.vicinae-extensions; [
bluetooth
nix
ssh
awww-switcher
process-manager
pulseaudio
wifi-commander
port-killer
silverbullet
];
settings = {
close_on_focus_loss = false;
consider_preedit = true;
pop_to_root_on_close = true;
favicon_service = "twenty";
search_files_in_root = true;
font = {
normal = {
size = 10;
family = "JetBrainsMono Nerd Font";
};
};
theme = {
light = {
name = "vicinae-light";
icon_theme = "default";
};
dark = {
name = "vicinae-dark";
icon_theme = "default";
};
};
launcher_window = {
opacity = 0.98;
};
imports = [ "/run/secrets/vicinae.json" ];
providers = {
"@sovereign/vicinae-extension-awww-switcher-0" = {
"preferences" = {
"transitionDuration" = "1";
"transitionType" = "center";
"wallpaperPath" = "/home/tux/Wallpapers/";
};
};
};
};
};
};
}

33
modules/hm/desktop/wezterm.nix
View File

@@ -1,33 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.wezterm = {
enable = true;
package = pkgs.wezterm-git;
enableZshIntegration = false;
extraConfig = ''
local wezterm = require 'wezterm'
local config = {}
config.check_for_updates = false
config.window_close_confirmation = 'NeverPrompt'
config.color_scheme = 'Poimandres'
config.colors = {
background = "#0f0f0f"
}
config.enable_tab_bar = false
config.font = wezterm.font_with_fallback {
'JetBrainsMono Nerd Font',
}
config.font_size = 12.0
config.window_background_opacity = 1
config.audible_bell = "Disabled"
return config
'';
};
};
}

35
modules/hm/desktop/zed.nix
View File

@@ -1,35 +0,0 @@
{
flake.modules.homeManager.desktop = {
programs.zed-editor = {
enable = true;
extensions = [
"lua"
"nix"
"C#"
"solidity"
];
userKeymaps = [
{
context = "Workspace";
bindings = {
F7 = "workspace::NewTerminal";
};
}
];
userSettings = {
ui_font_size = 18;
buffer_font_size = 18;
theme = {
mode = "dark";
light = "Ayu Light";
dark = "Ayu Dark";
};
vim_mode = true;
telemetry = {
diagnostics = false;
metrics = false;
};
};
};
};
}

5
modules/hm/shell/bat.nix
View File

@@ -1,5 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.bat.enable = true;
};
}

12
modules/hm/shell/btop.nix
View File

@@ -1,12 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.btop = {
enable = true;
settings = {
theme_background = false;
update_ms = 1000;
presets = "cpu:0:default mem:0:default net:0:default";
};
};
};
}

69
modules/hm/shell/fastfetch.nix
View File

@@ -1,69 +0,0 @@
{
flake.modules.homeManager.shell = {
home.file.".config/fastfetch/config.jsonc".text = ''
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"type": "none",
},
"display": {
"separator": " ",
"key": {
"width": 18,
},
},
"modules": [
{
"key": " ",
"type": "custom",
},
{
"key": " \u001b[11D{#31} user",
"type": "title",
"format": "{1}",
},
{
"key": " \u001b[11D{#34} hname",
"type": "command",
"text": "hostname",
},
{
"key": " \u001b[11D{#34}󰻀 distro",
"type": "os",
},
{
"key": " \u001b[11D{#35}󰌢 kernel",
"type": "kernel",
},
{
"key": " \u001b[11D{#31} uptime",
"type": "uptime",
},
{
"key": " \u001b[11D{#32} shell",
"type": "shell",
},
{
"key": " \u001b[11D{#35} memory",
"type": "memory",
},
{
"key": " ",
"type": "custom",
},
{
"key": " \u001b[11D{#39} colors",
"type": "colors",
"symbol": "circle",
},
{
"key": " ",
"type": "custom",
},
],
}
'';
programs.fastfetch.enable = true;
};
}

8
modules/hm/shell/fzf.nix
View File

@@ -1,8 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
};
}

26
modules/hm/shell/git.nix
View File

@@ -1,26 +0,0 @@
{
flake.modules.homeManager.shell =
{
userName,
userEmail,
...
}:
{
programs.git = {
enable = true;
signing = {
key = "~/.ssh/id_ed25519.pub";
signByDefault = true;
};
settings = {
user = {
name = "${userName}";
email = "${userEmail}";
};
init.defaultBranch = "main";
commit.gpgSign = true;
gpg.format = "ssh";
};
};
};
}

173
modules/hm/shell/lazygit.nix
View File

@@ -1,173 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.lazygit = {
enable = true;
settings = {
gui = {
showIcons = true;
nerdFontsVersion = "3";
};
customCommands = [
{
key = "<c-a>";
description = "AI-powered conventional commit";
context = "global";
command = "git commit -m \"{{.Form.CommitMsg}}\"";
loadingText = "Generating commit messages...";
prompts = [
{
type = "menu";
key = "Type";
title = "Type of change";
options = [
{
name = "AI defined";
description = "Let AI analyze and determine the best commit type";
value = "ai-defined";
}
{
name = "build";
description = "Changes that affect the build system or external dependencies";
value = "build";
}
{
name = "feat";
description = "A new feature";
value = "feat";
}
{
name = "fix";
description = "A bug fix";
value = "fix";
}
{
name = "chore";
description = "Other changes that don't modify src or test files";
value = "chore";
}
{
name = "ci";
description = "Changes to CI configuration files and scripts";
value = "ci";
}
{
name = "docs";
description = "Documentation only changes";
value = "docs";
}
{
name = "perf";
description = "A code change that improves performance";
value = "perf";
}
{
name = "refactor";
description = "A code change that neither fixes a bug nor adds a feature";
value = "refactor";
}
{
name = "revert";
description = "Reverts a previous commit";
value = "revert";
}
{
name = "style";
description = "Changes that do not affect the meaning of the code";
value = "style";
}
{
name = "test";
description = "Adding missing tests or correcting existing tests";
value = "test";
}
];
}
{
type = "menuFromCommand";
title = "AI Generated Commit Messages";
key = "CommitMsg";
command = ''
bash -c "
# Check for staged changes
diff=\$(git diff --cached | head -n 10)
if [ -z \"\$diff\" ]; then
echo \"No changes in staging. Add changes first.\"
exit 1
fi
SELECTED_TYPE=\"{{.Form.Type}}\"
COMMITS_TO_SUGGEST=8
opencode run -m \"google/gemini-2.5-flash-lite\" \"
You are an expert at writing Git commits. Your job is to write commit messages that follow the Conventional Commits format.
The user has selected: \$SELECTED_TYPE
Your task is to:
1. Analyze the code changes
2. Determine the most appropriate commit type (if user selected 'ai-defined')
3. Determine an appropriate scope (component/area affected)
4. Decide if this is a breaking change
5. Write clear, concise commit messages
Available commit types:
- feat: A new feature
- fix: A bug fix
- docs: Documentation only changes
- style: Changes that do not affect the meaning of the code
- refactor: A code change that neither fixes a bug nor adds a feature
- perf: A code change that improves performance
- test: Adding missing tests or correcting existing tests
- build: Changes that affect the build system or external dependencies
- ci: Changes to CI configuration files and scripts
- chore: Other changes that don't modify src or test files
- revert: Reverts a previous commit
Follow these guidelines:
- Structure: <type>(<scope>): <description>
- If user selected 'ai-defined', analyze the changes and pick the most suitable type
- If user selected a specific type, use that type: \$SELECTED_TYPE
- Add scope in parentheses if applicable (e.g., auth, api, ui, config)
- Use exclamation mark (!) after type/scope for breaking changes: type(scope)!: description
- Use lowercase for description (except proper nouns)
- Use imperative mood (\\\"add\\\", not \\\"added\\\")
- Keep description under 50 characters when possible
- No period at the end of subject line
Examples:
- feat(auth): add OAuth login support
- fix(api): handle null response in user endpoint
- docs(readme): update installation instructions
- style(ui): improve button spacing consistency
- refactor(database): simplify query builder logic
- test(auth): add unit tests for login flow
- build(deps): upgrade React to version 18
- ci(github): fix deployment workflow
- chore(config): update ESLint rules
- perf(api)!: optimize database queries
IMPORTANT:
- Generate exactly \$COMMITS_TO_SUGGEST different commit message options
- If user selected 'ai-defined', you can use different types for different options
- If user selected a specific type, all messages must use that type
- Only return commit messages, no explanations
- Do not use markdown code blocks
- One message per line
Previous commits for context:
\$(git log --oneline -10)
Changes to analyze:
\$(git diff --cached --stat)
\$(git diff --cached)
\"
"
'';
}
];
}
];
};
};
};
}

8
modules/hm/shell/lsd.nix
View File

@@ -1,8 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.lsd = {
enable = true;
enableZshIntegration = true;
};
};
}

16
modules/hm/shell/misc.nix
View File

@@ -1,16 +0,0 @@
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
{
home.packages = with pkgs; [
systemctl-tui
zip
unzip
pciutils
usbutils
jq
dig
lsof
];
};
}

42
modules/hm/shell/neovim.nix
View File

@@ -1,42 +0,0 @@
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
{
home.file = {
".config/nvim" = {
recursive = true;
source = "${pkgs.tnvim}";
};
};
programs = {
neovim = {
enable = true;
defaultEditor = true;
};
vim.enable = true;
};
home = {
packages = with pkgs; [
python3
nodejs
bun
pnpm
go
rustup
typescript
neovide
nil
statix
deadnix
alejandra
luarocks
gdu
gcc
wakatime-cli
];
};
};
}

29
modules/hm/shell/opencode.nix
View File

@@ -1,29 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.opencode = {
enable = true;
tui = {
theme = "system";
};
settings = {
provider = {
google = {
options = {
apiKey = "{file:/run/secrets/gemini-api-key}";
};
};
openrouter = {
options = {
apiKey = "{file:/run/secrets/openrouter-api-key}";
};
};
opencode-go = {
options = {
apiKey = "{file:/run/secrets/opencode-go-api-key}";
};
};
};
};
};
};
}

5
modules/hm/shell/ripgrep.nix
View File

@@ -1,5 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.ripgrep.enable = true;
};
}

52
modules/hm/shell/starship.nix
View File

@@ -1,52 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.starship = {
enable = true;
settings = {
format = "$os$hostname$directory$rust$golang$solidity$nodejs(bold blue)$git_branch$git_status[](bold yellow)[](bold purple)[](bold blue) ";
scan_timeout = 60;
add_newline = false;
line_break.disabled = true;
os = {
format = "[$symbol ]($style)";
style = "bold green";
disabled = false;
symbols.NixOS = "󰊠";
symbols.Linux = "󰊠";
symbols.Arch = "󰣇";
symbols.Ubuntu = "󰕈";
};
directory = {
format = "[$path]($style)[$read_only ]($read_only_style)";
read_only = " 󰌾";
style = "bold blue";
};
git_branch.format = "[$symbol$branch]($style) ";
hostname = {
ssh_only = false;
format = "[$ssh_symbol$hostname]($style) ";
style = "bold green";
ssh_symbol = "󰇧 ";
disabled = false;
};
rust = {
format = "[$symbol]($style)";
symbol = " ";
};
golang = {
format = "[$symbol]($style)";
symbol = " ";
};
solidity = {
format = "[$symbol]($style)";
symbol = "󰡪 ";
};
nodejs = {
format = "[$symbol]($style)";
symbol = "󰎙 ";
};
};
};
};
}

43
modules/hm/shell/superfile.nix
View File

@@ -1,43 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.superfile = {
enable = true;
settings = {
theme = "poimandres";
editor = "";
dir_editor = "";
auto_check_update = false;
cd_on_quit = false;
default_open_file_preview = true;
show_image_preview = true;
show_panel_footer_info = true;
default_directory = "~";
file_size_use_si = false;
default_sort_type = 0;
sort_order_reversed = false;
case_sensitive_sort = false;
shell_close_on_success = false;
debug = false;
ignore_missing_fields = false;
nerdfont = true;
transparent_background = true;
file_preview_width = 0;
code_previewer = "bat";
sidebar_width = 20;
border_top = "";
border_bottom = "";
border_left = "";
border_right = "";
border_top_left = "";
border_top_right = "";
border_bottom_left = "";
border_bottom_right = "";
border_middle_left = "";
border_middle_right = "";
metadata = true;
zoxide_support = true;
enable_md5_checksum = false;
};
};
};
}

155
modules/hm/shell/tmux.nix
View File

@@ -1,155 +0,0 @@
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
let
bg = "default";
fg = "default";
bg2 = "brightblack";
fg2 = "white";
color = c: "#{@${c}}";
indicator =
let
accent = color "indicator_color";
content = " ";
in
"#[reverse,fg=${accent}]#{?client_prefix,${content},}";
current_window =
let
accent = color "main_accent";
index = "#[reverse,fg=${accent},bg=${fg}] #I ";
name = "#[fg=${bg2},bg=${fg2}] #W ";
# flags = "#{?window_flags,#{window_flags}, }";
in
"${index}${name}";
window_status =
let
accent = color "window_color";
index = "#[reverse,fg=${accent},bg=${fg}] #I ";
name = "#[fg=${bg2},bg=${fg2}] #W ";
# flags = "#{?window_flags,#{window_flags}, }";
in
"${index}${name}";
battery =
let
percentage = pkgs.writeShellScript "percentage" (
if pkgs.stdenv.isDarwin then
''
echo $(pmset -g batt | grep -o "[0-9]\+%" | tr '%' ' ')
''
else
''
path="/org/freedesktop/UPower/devices/DisplayDevice"
echo $(${pkgs.upower}/bin/upower -i $path | grep -o "[0-9]\+%" | tr '%' ' ')
''
);
state = pkgs.writeShellScript "state" (
if pkgs.stdenv.isDarwin then
''
echo $(pmset -g batt | awk '{print $4}')
''
else
''
path="/org/freedesktop/UPower/devices/DisplayDevice"
echo $(${pkgs.upower}/bin/upower -i $path | grep state | awk '{print $2}')
''
);
icon = pkgs.writeShellScript "icon" ''
percentage=$(${percentage})
state=$(${state})
if [ "$state" == "charging" ] || [ "$state" == "fully-charged" ]; then echo "󰂄"
elif [ $percentage -ge 75 ]; then echo "󱊣"
elif [ $percentage -ge 50 ]; then echo "󱊢"
elif [ $percentage -ge 25 ]; then echo "󱊡"
elif [ $percentage -ge 0 ]; then echo "󰂎"
fi
'';
color = pkgs.writeShellScript "color" ''
percentage=$(${percentage})
state=$(${state})
if [ "$state" == "charging" ] || [ "$state" == "fully-charged" ]; then echo "green"
elif [ $percentage -ge 75 ]; then echo "green"
elif [ $percentage -ge 50 ]; then echo "${fg2}"
elif [ $percentage -ge 30 ]; then echo "yellow"
elif [ $percentage -ge 0 ]; then echo "red"
fi
'';
in
"#[fg=#(${color})]#(${icon}) #[fg=${fg}]#(${percentage})%";
pwd =
let
accent = color "main_accent";
icon = "#[fg=${accent}] ";
format = "#[fg=${fg}]#{b:pane_current_path}";
in
"${icon}${format}";
git =
let
icon = pkgs.writeShellScript "branch" ''
git -C "$1" branch && echo " "
'';
branch = pkgs.writeShellScript "branch" ''
git -C "$1" rev-parse --abbrev-ref HEAD
'';
in
"#[fg=magenta]#(${icon} #{pane_current_path})#(${branch} #{pane_current_path})";
separator = "#[fg=${fg}]|";
in
{
programs.tmux = {
enable = true;
baseIndex = 1;
escapeTime = 0;
mouse = true;
extraConfig = ''
set-option -sa terminal-overrides ",xterm*:Tc"
set-option -g status-position top
unbind r
bind r source-file ~/.config/tmux/tmux.conf
# remap prefix from C-b to C-Space
# unbind C-b
# set -g prefix C-Space
# bind C-Space send-prefix
# split panes using | and -
unbind '"'
unbind %
bind | split-window -h
bind - split-window -v
# Start windows and panes at 1, not 0
set -g base-index 1
set -g pane-base-index 1
set-window-option -g pane-base-index 1
set-option -g renumber-windows on
# switch panes using Alt-arrow without prefix
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
set-option -g default-terminal "screen-256color"
set-option -g status-right-length 100
set-option -g @indicator_color "yellow"
set-option -g @window_color "magenta"
set-option -g @main_accent "blue"
set-option -g pane-active-border fg=black
set-option -g pane-border-style fg=black
set-option -g status-style "bg=${bg} fg=${fg}"
set-option -g status-left "${indicator}"
set-option -g status-right "${git} ${pwd} ${separator} ${battery}"
set-option -g window-status-current-format "${current_window}"
set-option -g window-status-format "${window_status}"
set-option -g window-status-separator ""
'';
};
};
}

9
modules/hm/shell/zoxide.nix
View File

@@ -1,9 +0,0 @@
{
flake.modules.homeManager.shell = {
programs.zoxide = {
enable = true;
options = [ "--cmd cd" ];
enableZshIntegration = true;
};
};
}

27
modules/hm/shell/zsh.nix
View File

@@ -1,27 +0,0 @@
{ lib, ... }:
{
flake.modules.homeManager.shell =
{ pkgs, ... }:
{
programs.zsh = {
enable = true;
history = {
append = true;
share = true;
expireDuplicatesFirst = true;
ignoreDups = true;
size = 1000000;
save = 1000000;
path = "$HOME/.local/share/zsh/.zsh_history";
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
initContent = ''
${lib.getExe pkgs.fastfetch}
bindkey "^A" vi-beginning-of-line
bindkey "^E" vi-end-of-line
bindkey '^R' fzf-history-widget
'';
};
};
}

69
modules/home/alacritty/default.nix Executable file
View File

@@ -0,0 +1,69 @@
{...}: {
programs.alacritty = {
enable = true;
settings = {
font = {
normal.family = "JetBrainsMono Nerd Font";
bold.family = "JetBrainsMono Nerd Font";
italic.family = "JetBrainsMono Nerd Font";
bold_italic.family = "JetBrainsMono Nerd Font";
size = 16;
};
window = {
padding = {
x = 15;
y = 15;
};
decorations = "none";
opacity = 1.0;
dynamic_title = true;
};
selection.save_to_clipboard = false;
general.live_config_reload = true;
colors = {
primary = {
background = "#0d0f18";
foreground = "#a5b6cf";
};
normal = {
black = "#1c1e27";
blue = "#8baff1";
cyan = "#98d3ee";
green = "#95d3af";
magenta = "#c79bf0";
red = "#e26c7c";
white = "#d0d3d8";
yellow = "#f1d8a5";
};
bright = {
black = "#151720";
blue = "#86aaec";
cyan = "#93cee9";
green = "#90ceaa";
magenta = "#c296eb";
red = "#dd6777";
white = "#cbced3";
yellow = "#ecd3a0";
};
cursor = {
cursor = "#a5b6cf";
text = "CellForeground";
};
selection = {
text = "CellForeground";
background = "0x303340";
};
vi_mode_cursor = {
text = "CellBackground";
cursor = "CellForeground";
};
};
};
};
}

44
modules/home/aria2/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{...}: {
programs.aria2 = {
enable = true;
settings = {
file-allocation = "none";
log-level = "warn";
max-connection-per-server = 16;
min-split-size = "1M";
human-readable = true;
reuse-uri = true;
rpc-save-upload-metadata = true;
max-file-not-found = 0;
remote-time = true;
async-dns = true;
stop = 0;
allow-piece-length-change = true;
optimize-concurrent-downloads = true;
deferred-input = true;
continue = true;
check-integrity = true;
realtime-chunk-checksum = true;
piece-length = "1M";
split = 16;
# Seconds:
save-session-interval = 60;
# Caches in memory
disk-cache = "32M";
save-not-found = true;
download-result = "full";
truncate-console-readout = true;
retry-wait = 30;
max-tries = 15;
enable-color = true;
enable-http-keep-alive = true;
enable-http-pipelining = true;
http-accept-gzip = true;
follow-torrent = true;
bt-save-metadata = true;
seed-time = 0;
bt-load-saved-metadata = true;
metalink-preferred-protocol = "https";
};
};
}

7
modules/home/barrier/default.nix Executable file
View File

@@ -0,0 +1,7 @@
{pkgs, ...}: {
# services.barrier.client.enable = true;
home.packages = with pkgs; [
barrier
];
}

17
modules/home/bitwarden/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{
pkgs,
email,
...
}: {
programs.rbw = {
enable = true;
settings = {
base_url = "https://bw.tux.rs";
email = "${email}";
};
};
home.packages = with pkgs; [
bitwarden
];
}

33
modules/home/brave/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
pkgs,
config,
...
}: let
configDir = "${config.xdg.configHome}/BraveSoftware/Brave-Browser";
extensionJson = ext: {
name = "${configDir}/External Extensions/${ext.id}.json";
value.text = builtins.toJSON {
external_update_url = "https://clients2.google.com/service/update2/crx";
};
};
extensions = [
{id = "nkbihfbeogaeaoehlefnkodbefgpgknn";} # Metamask
{id = "gppongmhjkpfnbhagpmjfkannfbllamg";} # Wappalyzer
{id = "nngceckbapebfimnlniiiahkandclblb";} # Bitwarden
{id = "bfnaelmomeimhlpmgjnjophhpkkoljpa";} # Phantom
{id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";} # DarkReader
];
in {
programs.chromium = {
enable = true;
package = pkgs.brave;
commandLineArgs = [
"--disable-features=WebRtcAllowInputVolumeAdjustment"
"--force-device-scale-factor=1.05"
];
};
home.file = builtins.listToAttrs (map extensionJson extensions);
}

8
modules/home/desktop/awesome/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{pkgs, ...}: {
home.file = {
".config/awesome" = {
recursive = true;
source = "${pkgs.tawm}";
};
};
}

Some files were not shown because too many files have changed in this diff Show More