tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-06-21 03:36:32 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:dev
Branches Tags
tux:main tux:dev tux:old
tux:25.11.2025
..
compare: tux:8d3e740614543b0bdeede13cd279561f303612e8
Branches Tags
tux:dev tux:main tux:old
tux:25.11.2025

1 Commits
dev ... 8d3e740614

Author SHA1 Message Date
tux
8d3e740614 feat(mangowm): update montor config 2026-05-08 00:58:08 +05:30
60 changed files with 406 additions and 2462 deletions
Expand all files Collapse all files

20
.sops.yaml
View File

@@ -3,10 +3,7 @@ keys:
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts - &hosts
- &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc - &sirius age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz
- &canopus age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
- &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
- &alpha age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
creation_rules: creation_rules:
- path_regex: hosts/sirius/secrets.yaml$ - path_regex: hosts/sirius/secrets.yaml$
@@ -14,18 +11,3 @@ creation_rules:
- age: - age:
- *tux - *tux
- *sirius - *sirius
- path_regex: hosts/canopus/secrets.yaml$
key_groups:
- age:
- *tux
- *canopus
- path_regex: hosts/arcturus/secrets.yaml$
key_groups:
- age:
- *tux
- *arcturus
- path_regex: hosts/alpha/secrets.yaml$
key_groups:
- age:
- *tux
- *alpha

283
flake.lock generated
View File

@@ -97,41 +97,6 @@
"url": "https://codeberg.org/LGFae/awww" "url": "https://codeberg.org/LGFae/awww"
} }
}, },
"crane": {
"locked": {
"lastModified": 1765145449,
"narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
"owner": "ipetkov",
"repo": "crane",
"rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"cyber-tux": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739652548,
"narHash": "sha256-J4mL4DyRFTsEKlratZsbC9tm2i6Mzr6dEhetKk4jABM=",
"ref": "refs/heads/main",
"rev": "4ada9e2f0d3b6639627601d3f06128c953c2b446",
"revCount": 11,
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
},
"original": {
"type": "git",
"url": "ssh://git@github.com/tuxdotrs/cyber-tux.git"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
@@ -221,22 +186,6 @@
} }
}, },
"flake-compat_4": { "flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@@ -250,7 +199,7 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
} }
}, },
"flake-compat_6": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767039857, "lastModified": 1767039857,
@@ -273,11 +222,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777988971, "lastModified": 1777678872,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "rev": "5250617bffd85403b14dbf43c3870e7f255d2c16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -400,28 +349,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"harfbuzz": { "harfbuzz": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -446,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1778444552, "lastModified": 1777846259,
"narHash": "sha256-f18pIiR9q/p1vHY93gmAum7aHhQOG49oGvAB9+lptRo=", "narHash": "sha256-jzln9xcpVcmEB1zfhJ+FIHd7/kaVHgGF+gQQHxj2fGI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "dcebe66f958673729896eec2de4abfd86ef22d21", "rev": "4625f26228f4f7ea3cf65eee3023359a8221fcff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -555,11 +482,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1778442165, "lastModified": 1778072172,
"narHash": "sha256-SEwIBVG4RPEVBqRbEZadGteMlndFqIJD/9HOkPRIBm0=", "narHash": "sha256-onx/6cN1tHDnMH0oCQCnpQPKv9VijeLtfOh7PStp2f0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "3e21a68bd0a81c2fc45f2c843c9d02c47350ef44", "rev": "1681bea42dd2f11ba3fe6df05560d0b231de3c76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -732,11 +659,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1778234770, "lastModified": 1777492286,
"narHash": "sha256-jAcsogZwWMfXT9MfXxZzkwliAqIuZUV0p71h6Ba9ReE=", "narHash": "sha256-PwuoEJQcjSKJNP5T55qhfDwIP0tw5zxEhfu8GDfKfeg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "a2dbd8a4cc51f7cbe4224732668392bb1aa79df2", "rev": "ec5c0c709706bad5b82f667fd8758eae442577ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -852,28 +779,6 @@
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_6",
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1765382359,
"narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.0.0",
"repo": "lanzaboote",
"type": "github"
}
},
"libpng": { "libpng": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -900,11 +805,11 @@
"scenefx": "scenefx" "scenefx": "scenefx"
}, },
"locked": { "locked": {
"lastModified": 1778376841, "lastModified": 1778073611,
"narHash": "sha256-mUSCkFQGrcdVitwx0fDajWxxgvAV5BmppP4ShV3JOyY=", "narHash": "sha256-6rNTdQZq4x/F2bHQsk7qo4OhXs5Y0xsQrTR1hgKZOqw=",
"owner": "DreamMaoMao", "owner": "DreamMaoMao",
"repo": "mango", "repo": "mango",
"rev": "cabafb2393ff71615af4959a51885c8d1eefc9a0", "rev": "42c02e3dc20eb09c0191b027e387c0268f8e0fb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -915,17 +820,17 @@
}, },
"nixcord": { "nixcord": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_6",
"nixpkgs-nixcord": "nixpkgs-nixcord" "nixpkgs-nixcord": "nixpkgs-nixcord"
}, },
"locked": { "locked": {
"lastModified": 1778346777, "lastModified": 1778145028,
"narHash": "sha256-7gpzB8MDCMcRE0wDr7jjxK7/obfeiyAulsfQEsK9pi4=", "narHash": "sha256-tJHyzazrh9cnL72lPiDCnLDOOP95vDb37PprmgiqHtw=",
"owner": "kaylorben", "owner": "kaylorben",
"repo": "nixcord", "repo": "nixcord",
"rev": "43930a83206bcdcf3ba4fc10aa4fb9c5f7a677e6", "rev": "b53c871a9c3d4d450ffbcac71d54f3e0ca1bbafc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -936,11 +841,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1778143761, "lastModified": 1777796046,
"narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=", "narHash": "sha256-bEJp/zaQApzynGRaAO62BZSz9tFikKtIHCn2yIA/s7Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871", "rev": "eeb02f6e29fc8139c0b15af5ff0fdfdc6d0d3d90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1014,11 +919,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1778353088, "lastModified": 1777805331,
"narHash": "sha256-5yu6kIgn+hO0V7pomciXixWAnMcuwQvqFD5Dgb2K9L4=", "narHash": "sha256-jINoZUP2tJEBLuVoMEhJn9qWQgpriGorwlgnBc1QAPg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "071465abe725f841e610a52b194c3b86b288316a", "rev": "8cbe20ad0f64f9f9619b871dfdf57022beccef65",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1029,22 +934,6 @@
} }
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1770107345, "lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
@@ -1125,22 +1014,6 @@
} }
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": {
"lastModified": 1764950072,
"narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f61125a668a320878494449750330ca58b78c557",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1777428379, "lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=", "narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
@@ -1156,17 +1029,33 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": {
"locked": {
"lastModified": 1777578337,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1777954456, "lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@@ -1174,16 +1063,16 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1777954456, "lastModified": 1777918403,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "narHash": "sha256-7QiZv0LcW1yIOLo2LNuCQjWon1Z1r99FwK24hbtBOF4=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "rev": "afc5551119aae6eab73a95c1960891cfe63204f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -1191,14 +1080,14 @@
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1778454210, "lastModified": 1778156530,
"narHash": "sha256-U6wleXwWGNDX588cqrz+Kg+7GrlB003JHQ0CVHj+3yA=", "narHash": "sha256-4VhPk2NQKyYptNw1x/HG23sFmR4iYTOTZhGhzzYDQOs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "c7c431a1bd1360cb568d309c2c18aa4785c254c8", "rev": "1b24f43e7f25d9c297a2ed45c654a72fc68d3d29",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1207,29 +1096,6 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat_4",
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765016596,
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
@@ -1256,7 +1122,6 @@
"root": { "root": {
"inputs": { "inputs": {
"awww": "awww", "awww": "awww",
"cyber-tux": "cyber-tux",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@@ -1265,11 +1130,10 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"import-tree": "import-tree", "import-tree": "import-tree",
"lan-mouse": "lan-mouse", "lan-mouse": "lan-mouse",
"lanzaboote": "lanzaboote",
"mango": "mango", "mango": "mango",
"nixcord": "nixcord", "nixcord": "nixcord",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_7",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
@@ -1323,27 +1187,6 @@
} }
}, },
"rust-overlay_3": { "rust-overlay_3": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765075567,
"narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"wezterm-flake", "wezterm-flake",
@@ -1387,7 +1230,7 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1777944972, "lastModified": 1777944972,
@@ -1506,7 +1349,7 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1775636079, "lastModified": 1775636079,
@@ -1567,7 +1410,7 @@
}, },
"vicinae-extensions": { "vicinae-extensions": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -1575,11 +1418,11 @@
"vicinae": "vicinae" "vicinae": "vicinae"
}, },
"locked": { "locked": {
"lastModified": 1778369365, "lastModified": 1777930825,
"narHash": "sha256-Qxu3wUKqOJGJzj1RFvXw2StqHBDs+tVWvhKg9OZY87I=", "narHash": "sha256-0hVf9yH+v+0YaCqmr0aX0nR4pfmXjW1XhJcJyblJqE0=",
"owner": "vicinaehq", "owner": "vicinaehq",
"repo": "extensions", "repo": "extensions",
"rev": "de5313f14242dda1f88f6e8443eb349ed2b2cdb1", "rev": "20d6a13d2a389e61619b8540b8af746705409322",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1597,7 +1440,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_4", "rust-overlay": "rust-overlay_3",
"zlib": "zlib" "zlib": "zlib"
}, },
"locked": { "locked": {

6
flake.nix
View File

@@ -29,11 +29,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = { wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix"; url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -62,6 +57,5 @@
awww.url = "git+https://codeberg.org/LGFae/awww"; awww.url = "git+https://codeberg.org/LGFae/awww";
nixcord.url = "github:kaylorben/nixcord"; nixcord.url = "github:kaylorben/nixcord";
nur.url = "github:nix-community/nur"; nur.url = "github:nix-community/nur";
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
}; };
} }

1
modules/flake/overlays.nix
View File

@@ -7,7 +7,6 @@
modifications = final: prev: { modifications = final: prev: {
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default; tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default; tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default; ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default; wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system}; hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};

11
modules/hm/desktop/cursor.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
};
}

5
modules/hm/desktop/easyeffects.nix
View File

@@ -1,5 +0,0 @@
{
flake.modules.homeManager.desktop = {
services.easyeffects.enable = true;
};
}

47
modules/hm/desktop/ghostty.nix
View File

@@ -1,47 +0,0 @@
{
flake.modules.homeManager.desktop = {
programs.ghostty = {
enable = true;
enableZshIntegration = true;
systemd.enable = true;
settings = {
confirm-close-surface = false;
gtk-titlebar = false;
window-padding-x = 10;
window-padding-y = 10;
font-size = 12;
font-family = "JetBrainsMono Nerd Font";
theme = "poimandres";
};
themes = {
poimandres = {
background = "#0f0f0f";
foreground = "#a6accd";
cursor-color = "#f2eacf";
selection-background = "#1a1a1a";
selection-foreground = "#f1f1f1";
palette = [
"0=#252b37"
"1=#d0679d"
"2=#5de4c7"
"3=#fffac2"
"4=#89ddff"
"5=#fae4fc"
"6=#add7ff"
"7=#ffffff"
"8=#a6accd"
"9=#d0679d"
"10=#5de4c7"
"11=#fffac2"
"12=#add7ff"
"13=#89ddff"
"14=#fcc5e9"
"15=#ffffff"
];
};
};
};
};
}

34
modules/hm/desktop/hyprland.nix
View File

@@ -1,7 +1,13 @@
{ {
flake.modules.homeManager.desktop = flake.modules.homeManager.desktop =
{ config, pkgs, ... }: { pkgs, ... }:
{ {
home.packages = with pkgs; [
ags
awww
];
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
package = null; package = null;
@@ -9,31 +15,5 @@
xwayland.enable = true; xwayland.enable = true;
systemd.variables = [ "--all" ]; systemd.variables = [ "--all" ];
}; };
# TODO: Hyprland 0.55 switched to Lua-based configuration.
# Until the Home Manager module is updated, we symlink our config instead.
home.file = {
".config/hypr/config".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/config";
".config/hypr/hyprland.lua".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/Projects/hypr/hyprland.lua";
};
home.packages = with pkgs; [
ags
awww
grim
slurp
hyprshot
wl-clipboard
wl-screenrec
(writeShellScriptBin "hypr-screenshot" ''
hyprshot -m region -r ppm - | satty --filename -
'')
(writeShellScriptBin "hypr-screenrecord" ''
wl-screenrec -g "$(slurp)"
'')
];
}; };
} }

68
modules/hm/desktop/mango.nix
View File

@@ -1,45 +1,24 @@
{ inputs, ... }: { inputs, ... }:
{ {
flake.modules.homeManager.desktop = flake.modules.homeManager.desktop =
{ { pkgs, ... }:
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.tnix.desktop.mangowm;
in
{ {
imports = [ imports = [
inputs.mango.hmModules.mango inputs.mango.hmModules.mango
]; ];
options.tnix.desktop.mangowm = {
enable = mkEnableOption "Enable MangoWM";
monitorRule = mkOption {
type = with types; listOf str;
default = [ ];
};
tagRule = mkOption {
type = with types; listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
wayland.windowManager.mango = { wayland.windowManager.mango = {
enable = true; enable = true;
settings = { settings = {
# Monitors # Monitors
monitorrule = cfg.monitorRule; monitorrule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
focus_cross_monitor = 1; focus_cross_monitor = 1;
exchange_cross_monitor = 1; exchange_cross_monitor = 1;
drag_tile_to_tile = 1;
# Keyboard # Keyboard
repeat_rate = 25; repeat_rate = 25;
@@ -65,8 +44,8 @@
# Theme # Theme
border_radius = 8; border_radius = 8;
no_radius_when_single = 0; no_radius_when_single = 0;
focused_opacity = 0.9; focused_opacity = 1.0;
unfocused_opacity = 0.9; unfocused_opacity = 1.0;
# Scroller Layout Setting # Scroller Layout Setting
scroller_structs = 0; scroller_structs = 0;
@@ -88,7 +67,25 @@
overviewgappo = 15; overviewgappo = 15;
# layouts # layouts
tagrule = cfg.tagRule; tagrule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
# Keybindings # Keybindings
mousebind = [ mousebind = [
@@ -107,7 +104,6 @@
"SUPER, Return, spawn, wezterm" "SUPER, Return, spawn, wezterm"
"SUPER, Space, spawn, vicinae toggle" "SUPER, Space, spawn, vicinae toggle"
"SUPER, D, spawn, vesktop" "SUPER, D, spawn, vesktop"
"SUPER, T, spawn, Telegram"
"SUPER, B, spawn, brave" "SUPER, B, spawn, brave"
"SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history" "SUPER, V, spawn, vicinae vicinae://extensions/vicinae/clipboard/history"
"SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid" "SUPER+SHIFT, W, spawn, vicinae vicinae://extensions/sovereign/awww-switcher/wpgrid"
@@ -117,13 +113,11 @@
"SUPER+SHIFT, R, reload_config" "SUPER+SHIFT, R, reload_config"
"SUPER+SHIFT, F, togglefullscreen" "SUPER+SHIFT, F, togglefullscreen"
"SUPER+SHIFT, Space, togglefloating" "SUPER+SHIFT, Space, togglefloating"
"SUPER+SHIFT, Space, centerwin"
"ALT, Tab, toggleoverview" "ALT, Tab, toggleoverview"
"ALT+SHIFT, minus, incgaps, -1" "ALT+SHIFT, minus, incgaps, -1"
"ALT+SHIFT, equal, incgaps, 1" "ALT+SHIFT, equal, incgaps, 1"
"ALT+SHIFT, R, togglegaps" "ALT+SHIFT, R, togglegaps"
"SUPER+SHIFT, P, toggleglobal"
# switch layout # switch layout
"SUPER+SHIFT, H, setlayout, tile" "SUPER+SHIFT, H, setlayout, tile"
@@ -135,7 +129,6 @@
"SUPER+CTRL, Down, resizewin, +0, +50" "SUPER+CTRL, Down, resizewin, +0, +50"
"SUPER+CTRL, Left, resizewin, -50, +0" "SUPER+CTRL, Left, resizewin, -50, +0"
"SUPER+CTRL, Right, resizewin, +50, +0" "SUPER+CTRL, Right, resizewin, +50, +0"
"SUPER+CTRL, Equal, setoption, default_mfact, 0.5"
# swap client # swap client
"SUPER+SHIFT, Up, exchange_client, up" "SUPER+SHIFT, Up, exchange_client, up"
@@ -173,7 +166,7 @@
]; ];
# Window effect # Window effect
blur = 1; blur = 0;
blur_layer = 0; blur_layer = 0;
blur_optimized = 1; blur_optimized = 1;
blur_params_num_passes = 2; blur_params_num_passes = 2;
@@ -183,7 +176,7 @@
blur_params_contrast = 0.9; blur_params_contrast = 0.9;
blur_params_saturation = 1.2; blur_params_saturation = 1.2;
shadows = 1; shadows = 0;
layer_shadows = 0; layer_shadows = 0;
shadow_only_floating = 1; shadow_only_floating = 1;
shadows_size = 10; shadows_size = 10;
@@ -199,7 +192,7 @@
animation_type_close = "fade"; animation_type_close = "fade";
animation_fade_in = 1; animation_fade_in = 1;
animation_fade_out = 1; animation_fade_out = 1;
tag_animation_direction = 0; tag_animation_direction = 1;
zoom_initial_ratio = 0.3; zoom_initial_ratio = 0.3;
zoom_end_ratio = 0.8; zoom_end_ratio = 0.8;
fadein_begin_opacity = 0.5; fadein_begin_opacity = 0.5;
@@ -252,5 +245,4 @@
dgop dgop
]; ];
}; };
};
} }

24
modules/hm/desktop/mpv.nix
View File

@@ -1,24 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
scripts = (
with pkgs.mpvScripts;
[
modernz
thumbfast
mpris
mpv-image-viewer.image-positioning
]
);
config = {
osc = "no";
border = "no";
};
};
};
}

19
modules/hm/desktop/satty.nix
View File

@@ -1,19 +0,0 @@
{
flake.modules.homeManager.desktop = {
programs.satty = {
enable = true;
settings = {
general = {
corner-roundness = 12;
initial-tool = "arrow";
early-exit = true;
copy-command = "wl-copy";
};
font = {
family = "JetBrainsMono NerdFont";
};
};
};
};
}

31
modules/hm/desktop/theme.nix
View File

@@ -1,31 +0,0 @@
{
flake.modules.homeManager.desktop =
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
enable = true;
style = {
name = "Breeze";
package = pkgs.kdePackages.breeze;
};
};
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
};
}

5
modules/hm/desktop/vicinae.nix
View File

@@ -54,6 +54,11 @@
imports = [ "/run/secrets/vicinae.json" ]; imports = [ "/run/secrets/vicinae.json" ];
providers = { providers = {
"@samlinville/store.raycast.tailscale" = {
"preferences" = {
"tailscalePath" = "${pkgs.tailscale}/bin/tailscale";
};
};
"@sovereign/vicinae-extension-awww-switcher-0" = { "@sovereign/vicinae-extension-awww-switcher-0" = {
"preferences" = { "preferences" = {
"transitionDuration" = "1"; "transitionDuration" = "1";

3
modules/hm/shell/neovim.nix
View File

@@ -13,9 +13,8 @@
neovim = { neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
vimAlias = true;
}; };
vim.enable = true;
}; };
home = { home = {

9
modules/hm/shell/opencode.nix
View File

@@ -7,19 +7,14 @@
}; };
settings = { settings = {
provider = { provider = {
google = {
options = {
apiKey = "{file:/run/secrets/gemini-api-key}";
};
};
openrouter = { openrouter = {
options = { options = {
apiKey = "{file:/run/secrets/openrouter-api-key}"; apiKey = "{file:/run/secrets/open_router_api_key}";
}; };
}; };
opencode-go = { opencode-go = {
options = { options = {
apiKey = "{file:/run/secrets/opencode-go-api-key}"; apiKey = "{file:/run/secrets/open_code_go_api_key}";
}; };
}; };
}; };

82
modules/hosts/alpha/config.nix
View File

@@ -1,82 +0,0 @@
{ config, ... }:
{
flake.modules.nixos.alpha =
{
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/opencode"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/alpha/default.nix
View File

@@ -1,30 +0,0 @@
{
inputs,
config,
...
}:
let
hostName = "alpha";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/alpha/disko.nix
View File

@@ -1,82 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.alpha =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/alpha/hardware.nix
View File

@@ -1,17 +0,0 @@
{
flake.modules.nixos.alpha =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/alpha/home.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
flake.modules.homeManager.alpha = {
home.stateVersion = "26.05";
};
}

29
modules/hosts/alpha/secrets.yaml
View File

@@ -1,29 +0,0 @@
tux-password: ENC[AES256_GCM,data:tvx3nMoIuQSotxHDWLs7UesnyWY3u3EwkqAIzCw3Z2AJseaiqnt/xeSKAeUXPVSs85rVdIJ6Ys5+6r+NONEG7ujuNevpjJRNkQ==,iv:CB0BIrMfdiWiMCvmRdtsafh3dCAD5Qb3mOuE7eq4nA4=,tag:p/3AESwNCEL4EoU9rJjUPw==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Bo3Z5Jhce0UOBn77I2AcrXYbBgPLDx0eOjPC8J63E/VWNhMPbbxb,iv:iWOsTACOMcK3oqq848WnJ5Ku3tYy1aadmLB4IMgoyqg=,tag:BPzlXoP8/iJaj8c/YFCWyg==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:D+/ImUTg7UvBTh0fMlWMZ0O/GsQS/R4Hz+CO4l42R6mn+zk+udvw79BctXdWWyrFf2ZNOTJ/99QTtWOUOvHISWaEJogXyb+93g==,iv:c7OtgBu1Zaf7lA4InIsKOAPbAvTl3gaO7QGCFNx21Bo=,tag:KXiASj/qC1YzK6DUox57ug==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:ipKkNcRqBERIQ6f6yFzVm999s+UwJys4elHWhzpL441RfOaG9MmRWMcD+wRLJ7DSWFjYu6uUPF7TKez8J6abWeKDgg==,iv:FDSYE3R8zKVxWiP2S/sCVcwEu3fEXg/hCeqCRSF+c6g=,tag:5RDuMFGMoN6xwAYj0HiyjQ==,type:str]
netbird-key: ENC[AES256_GCM,data:NilfyafnGhFVYD6q4+jJQxlhXNdNC8BQ1CZfu8a5wc693Y1h,iv:Rpl0OpkQdBMPpIJ08t9Z0AjDAW6c97pFZKO1KPu8ipY=,tag:du3d0SQWuqJtJSwhSgJE4g==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR0kzRXBGRjJaVldDRk90
KzYwSzJBeXBnNVZ0T2VaU2oyLzdRWmo5ZzNVCk9HTDVtMk8xL1cwL2FSRUR5UGdS
bXJnOXhTbWozWm5rd2pnaFNoWk0rWncKLS0tIGFWWmY2WU9YanJ5UElab3lqaXNo
QUhYUWs4bitJaGpXL200b0s0SmVIeVUKevQ1IVqmqGIYf014iL47C02+peSYJyeE
PNluZUA6VzrL2WpdJzDqxAwSWtcgXG0/JADIg+DssnhftiHMHzn3NQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mzxxxzhy3us3rd960ufqv7vlxj5cnug86md6x69llg9ujzw2pqws057llf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1VPODRnNEs2bXlUVjB5
Z0pBUzBnRDQ0WWcvL2IvUHdmQXUxNjRpTVN3Ck9VLzd2QWpMMlFJck1EQXBVanl0
SC91bDFqNFlJZ2E0UXVZa3BKRjh3TlkKLS0tIENuc1dUZ1dDUTg2VXBueU1ETG9S
c095blJheHhVT0E4bjdGUWlYN0N4MVUKK42sChX4V37HK1SRKQxldLpft2jVfeiG
4TkObqH8ddGpbd7cX5a/wboTjYuEdAviWxjK2oBPgtcFc1f03X3tmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T01:11:29Z"
mac: ENC[AES256_GCM,data:E+ZcNRFEPtJK02gWooRs7f20BHIYf8Ot4GjB1ab1KZwhI+3pUI6r654iO8+tiimQSeLWLgD43Szq4/7CpS+8NVjSI5uvXSxQQubXQfI0LmulT5XAVueOuSMgvetSFg8yN6+njBmr/MauixSSs2jjpQxtfsSSBgZ9RO7B7qLpMe4=,iv:kdCcTLb3bDmCfcjQQ8fH5ipkTQ5YlVDlhEVw5MzsH6s=,tag:ojub2y6b+jMbW/5i39xH5w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

112
modules/hosts/arcturus/config.nix
View File

@@ -1,112 +0,0 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
hostName,
userName,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".config/sops"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
services = {
cyber-tux = {
enable = true;
environmentFile = innerArgs.config.sops.secrets.discord-token.path;
};
};
virtualisation = {
docker.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
discord-token = {
sopsFile = ./secrets.yaml;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/default.nix
View File

@@ -1,30 +0,0 @@
{
inputs,
config,
...
}:
let
hostName = "arcturus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

74
modules/hosts/arcturus/disko.nix
View File

@@ -1,74 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.arcturus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

36
modules/hosts/arcturus/hardware.nix
View File

@@ -1,36 +0,0 @@
{ config, ... }:
{
flake.modules.nixos.arcturus =
{
lib,
pkgs,
system,
...
}@innerArgs:
{
imports = with config.flake.modules.nixos; [
hardware
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
};
}

6
modules/hosts/arcturus/home.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
flake.modules.homeManager.arcturus = {
home.stateVersion = "26.05";
};
}

30
modules/hosts/arcturus/secrets.yaml
View File

@@ -1,30 +0,0 @@
tux-password: ENC[AES256_GCM,data:eXg28pYQjIi5iPh4oHBOvIYQReM92T79uty/O461mEoLB8awr8ikq3RM7Mux3jZKM+Fk/Ow3NNG0F/154dZentodr1uvy9gD1g==,iv:nQevOumENveBMuiYMJF0OokORyjZCpR8ahTfOuj2Dzo=,tag:64zz8eVuw1OwTltfAUwWSg==,type:str]
discord-token: ENC[AES256_GCM,data:uzxkrNRRplL/1MfvPZ/EL+I8UACuZQBHZ95BSHuxW0nBjxhr2F89D2BXTcKOBI9qO6uMjK5WBtWzSOw3y9EsngTTm/youIdkrIDLP3r/tkpOkLa/VjM=,iv:OxzFa0nEInV5uxgQFww11ZE1NorH5q130Tgp/6l9uOE=,tag:g4U9wLhPAkz72ktbQ8KrSg==,type:str]
gemini-api-key: ENC[AES256_GCM,data:gLZSoYTdKY+rwIpYiXvN9n9PGkUD6q8Oe7dHnYkjEjwDf5qpjubg,iv:ySoNgQWTu9DjvbashF4ulyYP8fJUl4yrCTeBQ0jrGmw=,tag:FctubsQv50AP78JvTb9bpQ==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:6xONCl9lqOoO7b4CEyCz9607tICDUAkpglRjGS5nYq2ppg2UKqYTrWD1BGCA5Xfs/CWskniVhoNG3vscjKiYCCh9gbM6aqdmTQ==,iv:7Iwc9t00HOOBjA7URXcUO41badqYyJCkFHM/uPkLFxY=,tag:Cl39kitr2e0//HVwAdsdUQ==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:dmeRKn7TWHnqvpyPQpcEG6yHTb2bRby/rh10ytL0jHj5R+lRmNVdmqUF92GTznY9vEaB6ZYCJecWhpm8g4upNfOWBg==,iv:9UMJpAlD8gpcNiN+liu3nawoAZQKapEg7sCp561N9E8=,tag:OZlASpOa5BQaQwFWjoLCRw==,type:str]
netbird-key: ENC[AES256_GCM,data:q6eKisca04qn/CvALrvXF79MsToDhvLRLv2JTiUBAZglCC9m,iv:jj0/ZD7IDgopprTVUgSfJmdAJmUP3iqewU3dqssGYbk=,tag:6IPRdCm2FGdlTEIX7jt3qA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Qkh0cmdHNGJTYmFNUFZW
c244RjlyNjlrSWh1bG1IRFFFeFZZVzhaYVdBCmd1N3JNS0IzWDlUMUJSM0pYdi9L
MzlHRk1pZ1hqaVdIYUQwczh2VDVtZE0KLS0tIEtRYWF6V0I3eDBZSnVmZ2R5S0Z5
Z3hhRitmdEwxbzcrS0cwNTZVK1lXYlUKSFfKk7JGzxRq9weL4NKJqfmAige2O+1T
59PvEFKvvkGb6ajkzwTw0lB3UFzly6FuTnbSLY9r+oT9AMbxLoKdcQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYlZiak1CSW1NSGt5QTRi
RjlUeG5EODVkTVJDY1RrZXJ6OU5NQ0RIOG5jCnJxZ1R6MmlGWXY2SmtaY1pQSWdZ
UWp3L2h6c0k0MVpubE9BRSswUEk3ZkkKLS0tIGN4Zm1tcHBiKzAyYWNHVktVZmpU
V3h4dUZLcktrTUZvUm44eVZOWEl4VmMKMTvajoWcktb4jVIP4HyzQiR41Wg8Gdqi
TLKEYsPQgOJ7s8P9gw2uPUY6HRz86CtiC6EbO27u0+8BbI85x1QScg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:36:06Z"
mac: ENC[AES256_GCM,data:nD0exblrbheP1C5lK8V17V/gkHJO6s6yVjXtQWcUOLVGrzkPSxkymYBHUFMTLVyYQNLCVMc8AHkuHVuJ1tBfXNll1f6/SGtfaBQcOLct70U7nFxd/XybTUlscNp2KafJWy/n4ZUfNDbfrWN1R463CN/M50jGqJPDWYuP9ah2JcI=,iv:izQUT/+HQqJZ48X5bXobFSaWcdcXQ/7eh+SCd9i4YYo=,tag:FJlR2wI4rWQ/SDfQGtQ7AQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

132
modules/hosts/canopus/config.nix
View File

@@ -1,132 +0,0 @@
{ config, ... }:
{
flake.modules.nixos.canopus =
{
pkgs,
hostName,
userName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
desktop
gaming
virtualisation
];
tnix = {
boot = {
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = {
docker.enable = true;
docker.nvidia.enable = false;
qemu.enable = true;
waydroid.enable = true;
distrobox.enable = true;
};
};
sops.secrets = {
tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
gemini-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
openrouter-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
opencode-go-api-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
netbird-key = {
sopsFile = ./secrets.yaml;
owner = userName;
};
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
};
Settings = {
AutoConnect = true;
};
};
};
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
davinci-resolve
telegram-desktop
];
# !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install.
system.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/default.nix
View File

@@ -1,30 +0,0 @@
{
inputs,
config,
...
}:
let
hostName = "canopus";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/canopus/disko.nix
View File

@@ -1,82 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.canopus =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "32G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

134
modules/hosts/canopus/hardware.nix
View File

@@ -1,134 +0,0 @@
{ inputs, config, ... }:
{
flake.modules.nixos.canopus =
{
lib,
system,
...
}@innerArgs:
{
imports =
with config.flake.modules.nixos;
[
hardware
]
++ [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware;
services = {
power-profiles-daemon.enable = true;
upower.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 80,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_profile_linked_epp: true,
platform_profile_on_battery: Quiet,
platform_profile_on_ac: Performance,
change_platform_profile_on_battery: true,
change_platform_profile_on_ac: true,
profile_quiet_epp: Power,
profile_balanced_epp: BalancePower,
profile_custom_epp: Performance,
profile_performance_epp: Performance,
ac_profile_tunings: {},
dc_profile_tunings: {},
armoury_settings: {},
)
'';
profileConfig.text = ''
(
active_profile: Quiet,
)
'';
fanCurvesConfig.text = ''
(
profiles: (
balanced: [
(
fan: CPU,
pwm: (2, 22, 45, 68, 91, 153, 153, 153),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (2, 25, 48, 71, 94, 165, 165, 165),
temp: (55, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
performance: [
(
fan: CPU,
pwm: (35, 68, 79, 91, 114, 175, 175, 175),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
(
fan: GPU,
pwm: (35, 71, 84, 94, 119, 188, 188, 188),
temp: (58, 62, 66, 70, 74, 78, 78, 78),
enabled: false,
),
],
quiet: [
(
fan: CPU,
pwm: (2, 12, 22, 35, 45, 58, 79, 79),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
(
fan: GPU,
pwm: (2, 12, 25, 35, 48, 61, 84, 84),
temp: (55, 62, 66, 70, 74, 78, 82, 82),
enabled: true,
),
],
custom: [],
),
)
'';
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

39
modules/hosts/canopus/home.nix
View File

@@ -1,39 +0,0 @@
{ config, ... }:
{
flake.modules.homeManager.canopus = {
imports = with config.flake.modules.homeManager; [
desktop
];
tnix = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:eDP-1, width:2560, height:1440, refresh:165, x:0, y:0, vrr:1"
];
tagRule = [
"id:1, layout_name:tile"
"id:2, layout_name:tile"
"id:3, layout_name:tile"
"id:4, layout_name:tile"
"id:5, layout_name:scroller"
];
};
};
services.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints = {
"f4:4b:17:61:f7:01:a4:a2:e1:c7:8c:1c:7a:f3:8b:87:14:3d:05:3d:a0:8b:cc:e7:88:d8:d8:d2:a4:c2:75:8b" =
"sirius";
};
};
};
};
home.stateVersion = "26.05";
};
}

30
modules/hosts/canopus/secrets.yaml
View File

@@ -1,30 +0,0 @@
tux-password: ENC[AES256_GCM,data:Xb4/JMAZCBnBheDCJdRRGXLnMJ1ej8HbN+AUqA/+2sdYESKeF1PFny4Iq2kqvzdK4D3mp+pdjd7GAGfJp4M7sOcvI3V/coyxPQ==,iv:h+S+MEwHj22uHaTzFoxGZtefNUAQNp3fbU+QRfgtKvQ=,tag:VHrIEIQivPFTfhmm7dWEyQ==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Q6+actg0oyUWiUJVy/9yZmea1QyGu2o8LfMsuAVFD6k7kp0dYIrl,iv:ukyouqrHxzVpBBE98KL6PW8P3j+seemm/e0Gl1urUcM=,tag:Z7MM3dJ414CmdxE72cdzNA==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:SalhWKR6artX/kOVKZGpKSmrgsQDU/heshrdkK3wotOZ3BRn/ZqZRBldvl1JPSenMAMvE2LWUdmBQmwG/id7L7JL1O/+lUHIQw==,iv:hLlHayFJgUkWOirVLfqP0pGRBZAqGKe+EE2yG1ELGNk=,tag:0qoo0tb+xWjjQXr4n1qGmw==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:zbeTcaXJZFVfYnM/7sgblJFU9WfeosX/44KsXvrzKwiLPfGLLYYo9AFaCvWzzG6jHuSZC5OYrBWfOZv4+3omfCgglQ==,iv:LscUQE+PNhXGim9PSqc9nZIZichWSgAn/zsNxQ/HM/o=,tag:MaBCobnRM42fopiibibe5Q==,type:str]
netbird-key: ENC[AES256_GCM,data:swmaa+RjxeUmEl8hS2riGrW4lP5jdks9HM3x57/FLpOuqFtR,iv:MrpVjiocrPi+dBGPk7pwgSUNlJ1eryRpMjC8+jkU+T0=,tag:j6sqpQ02apqc6FwkdDvk9g==,type:str]
vicinae-json: ENC[AES256_GCM,data:FarBf6l8pl3hF7kGKPIWztUhwiKoQXmyTufCuJ120K/bPh1Bfiyi+ETt4DLYOGI6FJXfpVz4BbZOA29bXTLhVPxH0QtyBu/F5uEqA015b/c8VevDJSyy9huR13qO9ksLbMBt8RfWbAd9j26t7A1C8/mMyiJOEXCCTV9CEIW3xWrsYmhwsT8RYM+PwrPSeN1gQXHSMyRUjf/kOdJoda8+iXpLfjo4II4r2ELpbqi8QxhrRdsJsoOfAymFM784NtlTjE+h6S4TMehmoF/9ARif6I5SGQ0WfIKt/8orTGCPllL+NupLziSnpIGRGSybdArD+o5NCw59GOAbVRADxq8rCESwEkq3cF+hm8HabfYbiQ==,iv:Y/hXLFTJT3gNF3B6tgKoAh7njVuneoUzjVTlsCZiySw=,tag:2hfrwph6IccJdRu/yGu3XA==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS2RZdVJaNTlRamZPMkll
MDRVSVl1b2x2LzZpdlBrdmZtdyt3UE15RldRCldXUXE2a1BFeHg5NGNPbW5IMDht
cHN1QituOU9uWFQwNS9udzNEbVhtUjQKLS0tIEtkTXhlYS9XSUlQRTY1eXBjeXZQ
bThQTFdZU29ISm93TWcwVk5ZTkhRWm8KCcprmLGhahgDkXCBpzjctHgao+gc+rKC
xLIwheUyFJOGK+ixqcdoZ/PC0kY68hVLt1YzLAyxFi4Ur1wltPrNug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVW13WFE1Ylh3Uk1HNU1i
bU9kRzFqTmhkQlRzMlRkM0VhMlNmMDUyK25NCkZYUStxM2tScGozRXJGekxGa1RX
b1VXK0Y2Z1U0YU9XRmxRUWdWem50L1EKLS0tIFovcHRlZ1JJd2lRN0RFbHdCdm9m
V1N3eUVjZ0VZRjBZdXRPNng3Y3JoUTAKQau9CG9XfvM+5JZVRwaJr/o/sXMaJiy2
wo2YcDb+4vfT4Wr+/8J3ccQgbLRZH916X5ZPL+A+nFyVXVKOCl3ENg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-12T06:33:00Z"
mac: ENC[AES256_GCM,data:htDJdEx34Q5NG8vwbBimnFENZawbLZ4FC0DkyG6J5RYP0BFnycKcKGsYR87SvIjcJZXvfZ0e6fXdtc78dd6I0sQtrQ7aNn4Iktbu/AkPmntsBwpIjVI99X9zUyQB87go/oX15yuyt8loB6ds2RkL/pfFsgLbFc10JHsBy+WcEzI=,iv:HvY+5LYzyHpRm8XCSKrN8ra/LJT9v23TPSsZg/4QVNU=,tag:k+d45+zgBYq4vlWmmc8ZkQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2

82
modules/hosts/sirius/config.nix
View File

@@ -8,56 +8,15 @@
... ...
}: }:
{ {
imports = with config.flake.modules.nixos; [ imports = with config.flake.modules.nixos; [
boot
networking networking
desktop desktop
gaming
virtualisation virtualisation
]; ];
tnix = { tnix = {
boot = { services.openssh.enable = true;
secure-boot.enable = true;
impermanence = {
enable = true;
home = {
directories = [
"Distrobox"
".steam"
".cache/awww"
".config/BraveSoftware"
".config/zed"
".config/Vencord"
".config/vesktop"
".config/sops"
".config/obs-studio"
".config/easyeffects"
".config/DankMaterialShell"
".local/share/Steam"
".local/share/nvim"
".local/share/opencode"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
".local/share/vicinae"
".local/share/TelegramDesktop"
];
files = [
".wakatime.cfg"
".config/lan-mouse/lan-mouse.pem"
];
};
};
};
networking = {
openssh.enable = true;
netbird-client.enable = true;
};
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
@@ -74,30 +33,30 @@
neededForUsers = true; neededForUsers = true;
}; };
gemini-api-key = { openrouter_api_key = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = userName; owner = userName;
}; };
openrouter-api-key = { opencode_go_api_key = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = userName; owner = userName;
}; };
opencode-go-api-key = { "vicinae.json" = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
owner = userName; owner = userName;
}; };
};
netbird-key = { # --- Boot ---
sopsFile = ./secrets.yaml; boot = {
owner = userName; loader = {
}; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
vicinae-json = {
sopsFile = ./secrets.yaml;
owner = userName;
}; };
kernelPackages = pkgs.linuxKernel.packages.linux_zen;
kernelParams = [ "nvidia-drm.modeset=1" ];
}; };
# --- Networking --- # --- Networking ---
@@ -121,10 +80,17 @@
firewall.enable = false; firewall.enable = false;
}; };
environment.systemPackages = with pkgs; [ # --- Hardware / GPU ---
davinci-resolve hardware = {
telegram-desktop nvidia = {
]; modesetting.enable = true;
open = false;
nvidiaSettings = true;
};
};
nixpkgs.config.cudaSupport = true;
services.xserver.videoDrivers = [ "nvidia" ];
environment.systemPackages = with pkgs; [ nvtopPackages.full ];
# !!! DO NOT CHANGE THIS !!! # !!! DO NOT CHANGE THIS !!!
# This should match the version used at initial install. # This should match the version used at initial install.

9
modules/hosts/sirius/default.nix
View File

@@ -14,14 +14,7 @@ in
{ {
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem { flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { specialArgs = { inherit hostName userName userEmail; };
inherit
hostName
userName
userEmail
system
;
};
modules = [ modules = [
config.flake.modules.nixos.core config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName} config.flake.modules.nixos.${hostName}

82
modules/hosts/sirius/disko.nix
View File

@@ -1,82 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.sirius =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
swap = {
size = "70G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true;
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
};
};
};
};
}

53
modules/hosts/sirius/hardware.nix
View File

@@ -1,18 +1,11 @@
{ config, ... }:
{ {
flake.modules.nixos.sirius = flake.modules.nixos.sirius =
{ {
config,
lib, lib,
pkgs,
system,
... ...
}@innerArgs: }:
{ {
imports = with config.flake.modules.nixos; [
hardware
];
boot.kernelParams = [ "nvidia-drm.modeset=1" ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@@ -25,27 +18,31 @@
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
hardware = { fileSystems."/" = {
nvidia = { device = "/dev/disk/by-uuid/d856ed98-6841-4cbf-89be-e08c6f48b9ea";
modesetting.enable = true; fsType = "ext4";
open = false;
nvidiaSettings = true;
}; };
cpu.amd.updateMicrocode = lib.mkDefault innerArgs.config.hardware.enableRedistributableFirmware; fileSystems."/boot" = {
}; device = "/dev/disk/by-uuid/7FE1-55C5";
fsType = "vfat";
services = { options = [
xserver.videoDrivers = [ "nvidia" ]; "fmask=0077"
power-profiles-daemon.enable = true; "dmask=0077"
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.config.cudaSupport = true;
nixpkgs.hostPlatform = lib.mkDefault system;
environment.systemPackages = with pkgs; [
nvtopPackages.full
]; ];
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/69794aa5-51a9-4816-8d45-7791505165d4"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp10s0f3u2i2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

35
modules/hosts/sirius/home.nix
View File

@@ -5,39 +5,7 @@
desktop desktop
]; ];
tnix = { tnix.services.lan-mouse = {
desktop = {
mangowm = {
enable = true;
monitorRule = [
"name:DP-2, width:1440, height:2560, refresh:144, x:0, y:0, vrr:0, rr:1"
"name:DP-3, width:2560, height:1440, refresh:144, x:1440, y:0, vrr:0"
"name:DP-1, width:1080, height:1920, refresh:144, x:4000, y:0, vrr:0, rr:3"
];
tagRule = [
"id:1, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-2, no_hide:1"
"id:1, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:2, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:3, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:4, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:5, layout_name:tile, monitor_name:DP-3, no_hide:1"
"id:1, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:2, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:3, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:4, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
"id:5, layout_name:vertical_tile, monitor_name:DP-1, no_hide:1"
];
};
};
services.lan-mouse = {
enable = true; enable = true;
settings = { settings = {
clients = [ clients = [
@@ -50,7 +18,6 @@
]; ];
}; };
}; };
};
home.stateVersion = "26.05"; home.stateVersion = "26.05";
}; };

37
modules/hosts/sirius/secrets.yaml
View File

@@ -1,30 +1,29 @@
tux-password: ENC[AES256_GCM,data:JWQVd2MYX2U4UP4II62ixG9hWI5MtgHAFhl8aCmyrYPl1H/ig9ZYqfTiggJsOoXM9CUHmhUTrSWw7xRvbzztBrC7L4ABcWPbrQ==,iv:wY/RNJs7XaCsHHNX2MLBqzAgDCSo4rht10oiKrUlTHo=,tag:DcADVtEJs2KCeNS6AhO0SQ==,type:str] tux-password: ENC[AES256_GCM,data:EJFFMc0W1YvCLINg4kETlUbqMYSfRTsiRuoB5MybaVwl7bbBXyPFo/MspFFMXpAqSPrzRAPaM8Lxk9ndbjt7gZpSu1dPThq36Q==,iv:zn3UUMOcW09u6KTz87tDr1wfmsLMKIRBDpLfQhg0p14=,tag:AOs7NASXeo98mNKqsYP3Ww==,type:str]
gemini-api-key: ENC[AES256_GCM,data:Y9YgXp/tB3Q1Rb5YMsZLgWCq+bdeIjsXAVeO3Yh7nZ8MwDH7d5De,iv:FIXxJCn6JDYsHIoNn8f8Un3z9ZPVbxdjR48Ux88poRg=,tag:bMJ4i69HTspnhzsrsxkbrw==,type:str] gemini_api_key: ENC[AES256_GCM,data:agH39C8hXX1jKYq03Z70aHHfrKSbNnHJfndMB53YJgWEzban7uMA,iv:fnYOySXisW1n6Moad9xBoRQFtRa/J6zTcp0lAMEtguw=,tag:0ENL4uu+8OpNc9X+hy7SiQ==,type:str]
openrouter-api-key: ENC[AES256_GCM,data:HfZgZz4NyCLLM9woTZp2I6JGOlVcFblw2OMjx8k0TG5ZU2ycBCF6bKqp3wFibUxXcHy+nIfjI82fkLeSyIaGILRLYCJCc8BHKw==,iv:umUcn8MRaj7JXo6IFrGMXOu+jsFSCEikMxsQxfaFS/Q=,tag:l2s61C4EpJoKv8cc9nYGFA==,type:str] openrouter_api_key: ENC[AES256_GCM,data:VBhV4NcR+7O7X2/OpN2yAGnfcSS2o3Zbvr5g3LHjdUixNSq8OZupsT9SVJDGE/RJp6nunPnYo4K8qQP2+m3K3aeQYKIyT5KNTg==,iv:CVLnloUsobanpHOuP31eIGpGoJOODukGaEmQRF+RPGw=,tag:DdEtCHMPwIIbdwZis4lQgg==,type:str]
opencode-go-api-key: ENC[AES256_GCM,data:BGERcZg5Jpnznc4cXeYFMhPk9kKBkd9GvIuQBV9TW3JE1utgrLLYK6mKNCQqrEStRFiO2jUUnBm3opUNL4SuEHFLpw==,iv:fgFAwx6z9yruK27PvAJX/Q2CS9gU+LJ5zMUK/f/rzpo=,tag:BPu3M+jppPB8sLoLmfuY/Q==,type:str] opencode_go_api_key: ENC[AES256_GCM,data:F7WXUHDX+pESqQJ4Sg5lNXqHLvsCd1bDFPZOutuacDFu3wLHs8i0kD/rLZ+m78OmRBRv2P3kf/gJsggtkvLC/PADYQ==,iv:23soYOeKC+CvLqwvP0M+uXICBKLsOs3z8g6iUhxzrpY=,tag:2EhgRFUaHsyNJ6TqYXJYzw==,type:str]
netbird-key: ENC[AES256_GCM,data:qXAnRnLM2TlzpOvWG4exJv0+pUvpe0FpRN5xOWx3+KNt+yhq,iv:X+yl4o1RSYMCMWdVXo1hpzy+6IdKXUpsKPtYNSiHiCY=,tag:I8HbnD5iw6EJ1TdsNrhvfw==,type:str] vicinae.json: ENC[AES256_GCM,data:qRv0EUwtS6bK9memOG3BqLf1uE5YNlpSC/p/05sb8Fw6skESaiymo584n5N8vkvGCn2Qjv/6ioJzwP4TieGtPoR1pHXkwTTGdzsnbRoU0bMuTUhD+NUBkjo2men7Yy3ljoNoopmgz9UFfps+EWuZSMmsNgIu/4sMXsNKcpDKcd8vLpXlPogwqUtbzuKw+u4RRzox0GB0QNEGcQ/F6dVKxJ2StDI8Bfy6qovEDUnK0snoCLhvAULwYwTKef8GpkCWVQRWxXk+dA4GjtgPuiABesv82gCsmsvzmfE3LLUqw+SfYgyQIXBL0IxFiULnkYZR7wmpUeWer3VCS1D8mv/0lvmcdvMqILgkV3UqXTrPqA==,iv:v7zh1tae6TFWOYms/7ihBdoJmw3z4jhcq9aV5y46aXc=,tag:2IKxst4I1XpAHp1wkOMYNA==,type:str]
vicinae-json: ENC[AES256_GCM,data:JjxolEgS6uakqR4eHOx3VyrOO5kaL4dj1jcEiLWsrktCU32UB7OmP1kJEVomA1rZjODpFHL89+FRpcNFspTFrc365WlANE81RLg/M2Ja1MiLYaDFNcBGtqMX9Yc1muor53Xl7t+rTSvDIj1oE1L7xPPcjCLfwC5QDzJjCBWj9FhCxnU5BwvoJNv9vgA6xnkzAOYSPZK/ihULMD0DxyqOUEa5ECGX62OPM9Gbr7jEviaItYzOOxaRs/yQVqizodGGl/BcK6fPqvOYSxip9ABYRVSI9ZvysY7ofAkeX91ardPwVG5VvEYfxZwBvGFjV7ZfTzVkK+BiUUNrvciAETHqwkjHftPpfJjxWsgLr8lbOA==,iv:HjDE/sqVDnxeww7r2upxH57rc1+LpuMKnhhyGXoc1Ms=,tag:d2kZeWkg17eVoNACIQ3Q9A==,type:str]
sops: sops:
age: age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGdHcDc4bTFkR0EyZlUr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyblpIWjNqeVBXWnFlSGxw
eXovR1lyeTZJTDg5R281MFFuMHVwOXZXYzNvCkpIT1g3K05WUUswaEVjVVJWQkJq WXhPYlFDNVV2QktKQ2dKdEgxY0dnR2JuRUdRCk5ZNTc0RGpZOG5SRCtRQ0JsdkZt
V20xODdoWlJMY3ZCcGo0czU1TXZFRE0KLS0tIGNTeXV2Mld2STRmRnFaM1MzT3Nk ZEZQSWswa1FTRU04Ky9vWDdOTWdZRncKLS0tIFg2SkJFK1JDVk5Uc2VJTzYyWk1h
Z0JwWWR0STUybjVhSXdDR3NiKzV1eDQK22HmMuyqYaR/eGuALkAPB1Y5bN2KwIt3 cFpmZ0h5SGJtd2JJR05CMkJISnBtbmcKLGKreXlu3YU6KsV8lTVnPYyn33BL2D0z
pamM8vbnjB//hXoyrv4vsoDk9WzLGFGjgiw2qsM2HQgzQqtrwF1/1A== tMpXdTw0hVilpmpZXjwnvV/3OvN6WybXydxaPOjKODBWIKpVxRthBQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc - recipient: age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N3ZBd1pHODFtZkZxaHNP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTWQ0OHhnN1p3dTBLeGxp
OXlXUzVFS0ZIam1IWVkxNldOdTEwY0s4aUNZCjVlcnF1aXJxUUlQSXhteXJ6OU1W N05yOUVicnYxU3NETlRQUVgrcWJlMEl3blhZCkl0OGhCN25KTEJaWGNpOVRJUDRX
L0crZzJOaHF2SnVhWVZnVEdqRlR0cjgKLS0tIFlFWHhaR3U2QTNxRGZRMnk3cmll bENKSDN3Z1Fab3lLLzVNMXlrSm5ZVTgKLS0tIHlycjZJUllsb0xvczFKMVFKaldD
M3JocWZJeXFxenhXOENBVWpvNkd3bm8KqhNLzCyEAI643jGWpZF/uTchHmBj8ozU UGpKTHZTT2JZU0xaTHhhRjk2bEhaU1EKutUEk+TMTATHEoM9+MOdkUnIoBMeeDfu
HtpOzKsshif66D0XOHeJQfQamJI4TyKsj3Sk3j9rstsLmN2lxTRGHg== +GGKvInVKkAOtujBtSMj+xM8AEcfaHAFtwTgP/HEk3Hu6v7gp14oew==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-10T00:35:50Z" lastmodified: "2026-05-07T13:21:48Z"
mac: ENC[AES256_GCM,data:u27zQ1PPnWy5Parbh/1DkVP3ICmHnLZJKaLbN3dZEVONgqOWi32LV3t0iNhtLWwVnzFPBusRWahQiqAkUdnQtrXF0OtjPCpLuIw86xB75QPGbet0GZlLNb8/xPshChZe4v520csdJMWiy3vYeKrk8LxMSViAGhmhYK2a5NbGhzI=,iv:/9vePmvCNqoP0kx24fP3HfCjS2FkjBmI5B+SycvKKW4=,tag:gE1/DnLolwhoyfMJYejGIQ==,type:str] mac: ENC[AES256_GCM,data:VWNmixzidftm4u0lUt5yL9rlvQXOXVT1+A6b/6IyO9WsWi5aM67t9l9phwRxLYad1lLL/epDmJyIJQ0ck01CzQ/hFm2mnMk87ofrwbph3GVdvrYj+2dDkzIBCwDUe/p4rkrTSo87FVJZ8NvrndbBLX3pq7Axjeo92b3Zxfxg+L8=,iv:IqCOBV5EICtO1hRO07Df0fgobO+/biS8O/4lva7NfEg=,tag:vPltr8g61OdKK4XXFyJdgQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.2 version: 3.12.2

50
modules/hosts/vps/config.nix
View File

@@ -1,50 +0,0 @@
{ config, ... }:
{
flake.modules.nixos.vps =
{
hostName,
...
}:
{
imports = with config.flake.modules.nixos; [
boot
networking
virtualisation
services
];
tnix = {
boot = {
legacy.enable = true;
impermanence = {
enable = true;
home = {
directories = [
".local/share/nvim"
".local/share/zsh"
".local/share/zoxide"
".local/state/lazygit"
];
};
};
};
networking.openssh.enable = true;
virtualisation = {
docker.enable = true;
};
};
# --- Networking ---
networking = {
hostName = hostName;
networkmanager.enable = true;
firewall.enable = false;
};
system.stateVersion = "26.05";
};
}

30
modules/hosts/vps/default.nix
View File

@@ -1,30 +0,0 @@
{
inputs,
config,
...
}:
let
hostName = "vps";
userName = "tux";
userEmail = "t@tux.rs";
system = "x86_64-linux";
unstable = true;
nixpkgs = if unstable then inputs.nixpkgs else inputs.nixpkgs-stable;
in
{
flake.nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
hostName
userName
userEmail
system
;
};
modules = [
config.flake.modules.nixos.core
config.flake.modules.nixos.${hostName}
];
};
}

82
modules/hosts/vps/disko.nix
View File

@@ -1,82 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.vps =
{ config, lib, ... }:
let
hasOptinPersistence = config.tnix.boot.impermanence.enable;
isLegacy = config.tnix.boot.legacy.enable;
in
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices.disk.primary = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
"umask=0077"
];
};
};
root = {
size = "100%";
type = "8300";
content = {
type = "btrfs";
# Base subvolumes that always exist
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
"space_cache=v2"
];
mountpoint = "/nix";
};
}
# Conditionally merge /persist only when impermanence is enabled
// lib.optionalAttrs hasOptinPersistence {
"/persist" = {
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
];
mountpoint = "/persist";
};
};
};
};
}
// lib.optionalAttrs isLegacy {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
};
};
};
};
}

17
modules/hosts/vps/hardware.nix
View File

@@ -1,17 +0,0 @@
{
flake.modules.nixos.vps =
{
lib,
modulesPath,
system,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault system;
};
}

6
modules/hosts/vps/home.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
flake.modules.homeManager.vps = {
home.stateVersion = "26.05";
};
}

121
modules/nixos/boot/impermanence.nix
View File

@@ -1,121 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
userName,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.tnix.boot.impermanence = {
enable = lib.mkEnableOption "Enable impermanence";
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
options.tnix.boot.impermanence.home = {
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
files = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = lib.mkIf cfg.impermanence.enable {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib"
"/etc/NetworkManager/system-connections"
]
++ cfg.impermanence.directories;
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
]
++ cfg.impermanence.files;
};
home-manager.users.${userName} = {
home.persistence."/persist" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
".ssh"
]
++ cfg.impermanence.home.directories;
files = cfg.impermanence.home.files;
};
};
boot.initrd.systemd = {
enable = true;
services.wipe-my-fs = {
wantedBy = [ "initrd.target" ];
after = [ "initrd-root-device.target" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
};
};
}

29
modules/nixos/boot/loader.nix
View File

@@ -1,29 +0,0 @@
{
flake.modules.nixos.boot =
{ config, lib, ... }:
let
cfg = config.tnix.boot;
in
{
options.tnix.boot.legacy = {
enable = lib.mkEnableOption "legacy boot (GRUB) instead of systemd-boot";
};
config = lib.mkMerge [
{
boot.loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
};
}
(lib.mkIf (!cfg.legacy.enable && !cfg.secure-boot.enable) {
boot.loader.systemd-boot.enable = true;
})
(lib.mkIf cfg.legacy.enable {
boot.loader.grub.enable = true;
})
];
};
}

11
modules/nixos/boot/misc.nix
View File

@@ -1,11 +0,0 @@
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
};
};
}

43
modules/nixos/boot/secure-boot.nix
View File

@@ -1,43 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.boot =
{
config,
lib,
pkgs,
...
}:
let
cfg = config.tnix.boot;
in
{
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
options.tnix.boot.secure-boot = {
enable = lib.mkEnableOption "Enable secure-boot";
};
config = lib.mkIf cfg.secure-boot.enable {
assertions = [
{
assertion = !cfg.legacy.enable;
message = "secure-boot and legacy boot (GRUB) cannot be enabled at the same time";
}
];
environment.systemPackages = [ pkgs.sbctl ];
# Lanzaboote replaces systemd-boot, so force it off
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
autoGenerateKeys.enable = true;
autoEnrollKeys.enable = true;
configurationLimit = 10;
pkiBundle = "/var/lib/sbctl";
};
};
};
}

6
modules/nixos/core/users.nix
View File

@@ -8,9 +8,6 @@
userEmail, userEmail,
... ...
}: }:
let
hasPasswordSecret = lib.hasAttrByPath [ "sops" "secrets" "tux-password" ] config;
in
{ {
programs.zsh.enable = true; programs.zsh.enable = true;
@@ -34,8 +31,7 @@
mutableUsers = false; mutableUsers = false;
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users.${userName} = { users.${userName} = {
hashedPasswordFile = lib.mkIf hasPasswordSecret config.sops.secrets.tux-password.path; hashedPasswordFile = config.sops.secrets.tux-password.path;
initialPassword = lib.mkIf (!hasPasswordSecret) userName;
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"

3
modules/nixos/hardware/audio.nix → modules/nixos/desktop/audio.nix
View File

@@ -1,5 +1,6 @@
{ {
flake.modules.nixos.hardware = { flake.modules.nixos.desktop = {
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

2
modules/nixos/hardware/graphics.nix → modules/nixos/desktop/graphics.nix
View File

@@ -1,5 +1,5 @@
{ {
flake.modules.nixos.hardware = { flake.modules.nixos.desktop = {
hardware = { hardware = {
graphics = { graphics = {
enable = true; enable = true;

2
modules/nixos/desktop/ly.nix
View File

@@ -3,7 +3,7 @@
services.displayManager.ly = { services.displayManager.ly = {
enable = true; enable = true;
settings = { settings = {
session_log = "null"; # session_log = "null";
}; };
}; };
}; };

7
modules/nixos/desktop/misc.nix
View File

@@ -1,7 +0,0 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ brightnessctl ];
};
}

18
modules/nixos/desktop/thunar.nix
View File

@@ -1,18 +0,0 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
services = {
gvfs.enable = true;
tumbler.enable = true;
};
programs.thunar = {
enable = true;
plugins = with pkgs; [
thunar-archive-plugin
thunar-volman
];
};
};
}

7
modules/nixos/desktop/tpanel.nix
View File

@@ -1,7 +0,0 @@
{
flake.modules.nixos.desktop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ tpanel ];
};
}

11
modules/nixos/gaming/steam.nix
View File

@@ -1,11 +0,0 @@
{
flake.modules.nixos.gaming =
{ pkgs, ... }:
{
programs.steam = {
enable = true;
protontricks.enable = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
};
};
}

7
modules/nixos/hardware/bluetooth.nix
View File

@@ -1,7 +0,0 @@
{
flake.modules.nixos.hardware = {
hardware.bluetooth = {
enable = true;
};
};
}

31
modules/nixos/networking/netbird-client.nix
View File

@@ -1,31 +0,0 @@
{
flake.modules.nixos.networking =
{
config,
lib,
hostName,
...
}:
with lib;
let
cfg = config.tnix.networking.netbird-client;
in
{
options.tnix.networking.netbird-client = {
enable = mkEnableOption "Enable netbird client";
};
config = mkIf cfg.enable {
services.netbird.clients = {
${hostName} = {
port = 51820;
login = {
enable = true;
setupKeyFile = config.sops.secrets.netbird-key.path;
};
bin.suffix = "";
};
};
};
};
}

15
modules/nixos/networking/ssh.nix
View File

@@ -7,14 +7,10 @@
}: }:
with lib; with lib;
let let
cfg = config.tnix.networking.openssh; cfg = config.tnix.services.openssh;
# Sops needs acess to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = config.tnix.boot.impermanence.enable;
in in
{ {
options.tnix.networking.openssh = { options.tnix.services.openssh = {
enable = mkEnableOption "Enable OpenSSH server"; enable = mkEnableOption "Enable OpenSSH server";
ports = mkOption { ports = mkOption {
@@ -63,13 +59,6 @@
ClientAliveCountMax = 5; ClientAliveCountMax = 5;
ClientAliveInterval = 60; ClientAliveInterval = 60;
}; };
hostKeys = [
{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
}; };
}; };
}; };

105
modules/nixos/services/cyber-tux.nix
View File

@@ -1,105 +0,0 @@
{
flake.modules.nixos.services =
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.tnix.services.cyber-tux;
in
{
options.tnix.services.cyber-tux = {
enable = mkEnableOption "CyberTux Discord bot";
user = mkOption {
type = types.str;
default = "cyber-tux";
description = "User under which the CyberTux service runs.";
};
group = mkOption {
type = types.str;
default = "cyber-tux";
description = "Group under which the CyberTux service runs.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/cyber-tux";
description = "Directory where CyberTux stores its data.";
};
environmentFile = mkOption {
type = types.path;
description = "Environment file containing the Discord bot token.";
};
};
config = mkIf cfg.enable {
systemd.services.cyber-tux = {
description = "CyberTux Discord bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = cfg.environmentFile;
ExecStart = getExe pkgs.cyber-tux;
Restart = "always";
RestartSec = 5;
WorkingDirectory = cfg.dataDir;
StateDirectory = baseNameOf cfg.dataDir;
StateDirectoryMode = "0700";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = [
"uts"
"ipc"
"pid"
"user"
"cgroup"
];
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0077";
};
};
users.users = mkIf (cfg.user == "cyber-tux") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "CyberTux service user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = mkIf (cfg.group == "cyber-tux") {
${cfg.group} = { };
};
};
};
}