tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2025-12-17 07:29:49 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:e5091a1e00c1061d83a5416e9975979037702b9e
Branches Tags
tux:main tux:old
tux:25.11.2025
..
compare: tux:main
Branches Tags
tux:main tux:old
tux:25.11.2025

32 Commits
e5091a1e00 ... main

Author SHA1 Message Date
tux
86feafcc82 feat(sirius): enable interop 2025-12-17 03:01:41 +05:30
tux
7b085aa127 feat: update depreciated options 2025-12-17 02:53:16 +05:30
tux
8c17353315 chore: update flake inputs 2025-12-17 02:52:31 +05:30
tux
7772514fce feat: setup distrobox module 2025-11-22 06:13:15 +05:30
tux
71cc3c3e7f feat(node): enable firewall for additional ports 2025-11-14 20:37:51 +05:30
tux
f3063dd250 feat: add umami 2025-11-14 14:13:37 +05:30
tux
abd2134a2a feat: add aiostreams 2025-11-14 12:36:34 +05:30
tux
f033f3406a feat(canopus): change wallpaper 2025-11-14 04:05:04 +05:30
tux
eb95321b42 feat: add steam to persist dir 2025-11-14 04:04:52 +05:30
tux
50549a7ab3 feat: migrate node 2025-11-04 15:00:36 +05:30
tux
7b25ac4f30 feat: upgrade to nextcloud 32 2025-11-03 20:17:52 +05:30
tux
dbb226713d docs: update README.md 2025-10-29 23:29:15 +05:30
tux
b59a134631 feat(hosts): enable user linger for services 2025-10-29 13:37:35 +05:30
tux
b8209290f7 refactor(hosts): consolidate nvidia-container-toolkit configuration 2025-10-29 12:31:26 +05:30
tux
41a4eaa375 docs(readme): update host details in readme 2025-10-27 22:45:31 +05:30
tux
0f50de8d9a feat(node): add new host 2025-10-27 22:39:46 +05:30
tux
315b6f4c8f feat: update flake inputs 2025-10-27 21:43:16 +05:30
tux
da3f7101c0 feat: remove barrier 2025-10-27 21:42:57 +05:30
tux
967a163ae0 feat(sirius): add nvidia-container-toolkit support for driver assertion 2025-10-16 16:07:00 +05:30
tux
a793ff14c4 feat(docker): add nvidia-container-toolkit support 2025-10-15 18:28:21 +05:30
tux
19f271b4f9 feat(homelab): add api keys 2025-10-14 13:15:06 +05:30
tux
6a7decf5be docs: update installation instructions 2025-10-12 22:17:23 +05:30
tux
820e69f53c feat: set cursor size 2025-10-12 17:47:26 +05:30
tux
892f30dabe feat: add lan-mouse 2025-10-12 17:19:53 +05:30
tux
572ae61b3a chore: update tpanel flake input 2025-10-12 06:15:12 +05:30
tux
8a0383d327 feat: remove xserver configuration 2025-10-11 23:46:36 +05:30
tux
fbc415ee1b feat: update options 2025-10-11 23:46:04 +05:30
tux
c8e02ba847 refactor: remove unused modules 2025-10-11 23:45:49 +05:30
tux
0c69443c36 fix(brave): revert scale factor to default 2025-10-11 03:20:49 +05:30
tux
0bf00fc3c3 feat(sirius): add api keys for hyperbolic, gemini, and openrouter 2025-10-11 03:20:20 +05:30
tux
474901aa65 refactor(shell): replace aichat with opencode 2025-10-11 02:52:28 +05:30
tux
767b2f601a feat(hyrpland): bind workspaces to monitor 2025-10-10 19:42:45 +05:30
41 changed files with 1236 additions and 494 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@@ -9,6 +9,7 @@ keys:
- &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
- &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
- &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
- &node age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
- &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
creation_rules:
@@ -22,6 +23,7 @@ creation_rules:
- *arcturus
- *alpha
- *vega
- *node
- *capella
- path_regex: hosts/sirius/secrets.yaml$
key_groups:

130
README.md
View File

@@ -22,48 +22,132 @@
## Hosts
| | Hostname | Board | CPU | RAM | GPU | Purpose |
| --- | ---------- | ----------------- | ------------------ | ---- | ------------------------- | ---------------------------------------------------------------------------------- |
| 🖥️ | `sirius` | MSI X570-A Pro | Ryzen 7 5700X3D | 64GB | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux. |
| 💻 | `canopus` | Asus Zephyrus G15 | Ryzen 9 5900HS | 16GB | RTX 3060 | Optimized for productivity on the go and some gaming. |
| ☁️ | `homelab` | Minisforum MS-A1 | Ryzen 7 8700G | 32GB | Radeon 780M | WIP |
| ☁️ | `arcturus` | KVM | 4 Core | 8GB | | Primary server responsible for exposing my homelab applications to the internet. |
| ☁️ | `alpha` | KVM | 4 Core | 4GB | | Monitors uptime and health status of all services across the infrastructure. |
| 🥔 | `vega` | Raspberry Pi 3B+ | Cortex A53 | 1GB | | Running AdGuard Home for network-wide ad blocking. |
| 📱 | `capella` | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB | Adreno 830 | Primary mobile for daily usage. (Locked) |
| 📱 | `rigel` | Motorola Edge 30 | Snapdragon 778G+ | 8GB | Adreno 642L | Secondary mobile for some fun. (Rooted) |
| ☁️ | `node` | KVM | i9-13900 | 64GB | | Running Ethereum and BSC nodes. Currently in the process of migrating from Ubuntu. |
| | Hostname | Board | CPU | RAM | GPU | Purpose |
| --- | ---------- | ----------------- | ------------------ | ----- | ------------------------- | -------------------------------------------------------------------------------- |
| 🖥️ | `sirius` | MSI X570-A Pro | Ryzen 7 5700X3D | 64GB | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux. |
| 💻 | `canopus` | Asus Zephyrus G15 | Ryzen 9 5900HS | 16GB | RTX 3060 | Optimized for productivity on the go and some gaming. |
| ☁️ | `homelab` | Minisforum MS-A1 | Ryzen 7 8700G | 32GB | Radeon 780M | WIP |
| ☁️ | `arcturus` | KVM | 4 Core | 8GB | | Primary server responsible for exposing my homelab applications to the internet. |
| ☁️ | `alpha` | KVM | 4 Core | 4GB | | Monitors uptime and health status of all services across the infrastructure. |
| 🥔 | `vega` | Raspberry Pi 3B+ | Cortex A53 | 1GB | | Running AdGuard Home for network-wide ad blocking. |
| 📱 | `capella` | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB | Adreno 830 | Primary mobile for daily usage. (Locked) |
| 📱 | `rigel` | Motorola Edge 30 | Snapdragon 778G+ | 8GB | Adreno 642L | Secondary mobile for some fun. (Rooted) |
| ☁️ | `node` | ASRock B565D4 | Ryzen 9 5950X | 128GB | | Running Ethereum and BSC nodes. |
## Installation
Boot into NixOS bootable USB and then enter the following commands
> [!NOTE]
> This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.
### Prerequisites
Boot into the NixOS bootable USB before proceeding with the installation steps.
### Installation Steps
#### 1. Clone the repository
```bash
git clone https://github.com/tuxdotrs/nix-config.git
cd nix-config
```
#### 2. Gain root privileges
```bash
sudo su
```
# Clone this repositry
git clone https://github.com/tuxdotrs/nix-config.git
# Navigate to the repository directory
cd nix-config
#### 3. Set up disk partitioning
# Install disko for disk partitioning
nix-shell -p disko
Install the required tools:
# Partition the disk and make sure to replace DISK_PATH (eg. /dev/vda)
```bash
nix-shell -p disko neovim
```
Partition your disk using disko. **This will wipe your drive.** Replace `DISK_PATH` with your actual disk path (e.g., `/dev/vda` or `/dev/nvme0n1`):
```bash
disko --mode disko ./hosts/canopus/disko.nix --arg device '"DISK_PATH"'
```
# Generate the hardware.nix file for your system
#### 4. Configure your disk
Edit the configuration file:
```bash
nvim ./hosts/canopus/default.nix
```
In the imports statement, replace:
```nix
(import ./disko.nix {device = "/dev/nvme0n1";})
```
with:
```nix
(import ./disko.nix {device = "DISK_PATH";})
```
Make sure to replace `DISK_PATH` with your actual disk path.
#### 5. Generate hardware configuration
```bash
nixos-generate-config --no-filesystems --root /mnt
```
# Replace the hardware.nix with generated one
Copy the generated hardware configuration to the repository:
```bash
cp /mnt/etc/nixos/hardware-configuration.nix ./hosts/canopus/hardware.nix
```
# Install
#### 6. Install NixOS
```bash
nixos-install --root /mnt --flake .#canopus
```
# Reboot to your beautiful DE
#### 7. Enter into the new system
```bash
nixos-enter --root /mnt
```
#### 8. Set up directories and permissions
```bash
mkdir -p /persist/home
chown -R tux:users /persist/home
```
#### 9. Set passwords
Set the root password:
```bash
passwd root
```
Set the user password:
```bash
passwd tux
```
#### 10. Reboot
```bash
reboot
```
Your NixOS system should now boot into a beautiful DE.
## Components
| | Wayland | Xorg |

636
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

3
flake.nix
View File

@@ -66,6 +66,7 @@
alpha = nixosSystem (mkNixOSConfig "alpha");
sirius = nixosSystem (mkNixOSConfig "sirius");
vega = nixosSystem (mkNixOSConfig "vega");
node = nixosSystem (mkNixOSConfig "node");
vps = nixosSystem (mkNixOSConfig "vps");
isoImage = nixosSystem (mkNixOSConfig "isoImage");
homelab = nixosSystem (mkNixOSConfig "homelab");
@@ -85,6 +86,7 @@
alpha = mkNixOSNode "alpha";
sirius = mkNixOSNode "sirius";
vega = mkNixOSNode "vega";
node = mkNixOSNode "node";
homelab = mkNixOSNode "homelab";
capella = mkDroidNode "capella";
rigel = mkDroidNode "rigel";
@@ -166,5 +168,6 @@
impermanence.url = "github:nix-community/impermanence";
deploy-rs.url = "github:serokell/deploy-rs";
nixcord.url = "github:kaylorben/nixcord";
lan-mouse.url = "github:feschber/lan-mouse";
};
}

1
hosts/alpha/default.nix
View File

@@ -153,6 +153,7 @@
];
};
users.users.${username} = {linger = true;};
home-manager.users.${username} = {
imports = [
./home.nix

33
hosts/arcturus/default.nix
View File

@@ -19,7 +19,7 @@
../../modules/nixos/selfhosted/headscale.nix
../../modules/nixos/selfhosted/vaultwarden.nix
../../modules/nixos/selfhosted/gitea.nix
../../modules/nixos/selfhosted/plausible.nix
../../modules/nixos/selfhosted/umami.nix
../../modules/nixos/selfhosted/monitoring/grafana.nix
../../modules/nixos/selfhosted/monitoring/loki.nix
../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -35,6 +35,18 @@
];
tux.services.openssh.enable = true;
tux.containers.aiostreams = {
enable = true;
port = 4567;
environment = {
ADDON_ID = "aiostreams.tux.rs";
BASE_URL = "https://aiostreams.tux.rs";
};
environmentFiles = [
config.sops.secrets."aiostreams".path
];
};
sops.secrets = {
borg_encryption_key = {
@@ -81,6 +93,14 @@
"cs2_secrets/CS2_PW" = {
sopsFile = ./secrets.yaml;
};
aiostreams = {
sopsFile = ./secrets.yaml;
};
umami = {
sopsFile = ./secrets.yaml;
};
};
nixpkgs = {
@@ -144,7 +164,13 @@
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 3333 8081];
allowedTCPPorts = [
80
443
22
3333
8081
];
};
};
@@ -207,6 +233,9 @@
];
};
users.users.${username} = {
linger = true;
};
home-manager.users.${username} = {
imports = [
./home.nix

13
hosts/arcturus/secrets.yaml
View File

@@ -11,11 +11,9 @@ cs2_secrets:
SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
@@ -35,8 +33,7 @@ sops:
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T12:59:25Z"
mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
pgp: []
lastmodified: "2025-11-14T08:22:34Z"
mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.3
version: 3.11.0

16
hosts/canopus/default.nix
View File

@@ -21,8 +21,9 @@
../../modules/nixos/steam.nix
];
hardware.nvidia-container-toolkit.enable = true;
tux.services.openssh.enable = true;
tux.packages.distrobox.enable = true;
nixpkgs.config.cudaSupport = true;
sops.secrets = {
@@ -60,7 +61,7 @@
];
# Facilitate firewall punching
allowedUDPPorts = [41641];
allowedUDPPorts = [41641 4242];
allowedTCPPortRanges = [
{
@@ -183,7 +184,6 @@
programs = {
ssh.startAgent = true;
xfconf.enable = true;
file-roller.enable = true;
thunar = {
enable = true;
plugins = with pkgs.xfce; [
@@ -193,7 +193,7 @@
};
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
package = pkgs.nix-ld;
};
nm-applet.enable = true;
noisetorch.enable = true;
@@ -235,14 +235,6 @@
openDefaultPorts = true;
};
xserver = {
enable = true;
xkb = {
layout = "in";
variant = "eng";
};
};
libinput.touchpad.naturalScrolling = true;
libinput.mouse.accelProfile = "flat";

6
hosts/canopus/home.nix
View File

@@ -11,7 +11,7 @@
../../modules/home/wezterm
../../modules/home/ghostty
../../modules/home/desktop/rofi
../../modules/home/barrier
../../modules/home/lan-mouse
../../modules/home/firefox
../../modules/home/brave
../../modules/home/vs-code
@@ -28,6 +28,7 @@
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
qt = {
@@ -76,7 +77,6 @@
copyq
vlc
tor-browser
distrobox
bluetui
impala
];
@@ -90,12 +90,14 @@
"Videos"
"Projects"
"Stuff"
"Distrobox"
"go"
".mozilla"
".ssh"
".wakatime"
".rustup"
".cargo"
".steam"
".cache/spotify-player"
".config/BraveSoftware"
".config/copyq"

11
hosts/common/default.nix
View File

@@ -15,7 +15,9 @@
../../modules/nixos/selfhosted/upstream-proxy.nix
../../modules/nixos/selfhosted/tfolio.nix
../../modules/nixos/selfhosted/cyber-tux.nix
../../modules/nixos/selfhosted/containers/aiostreams.nix
../../modules/nixos/networking/ssh.nix
../../modules/nixos/distrobox.nix
];
sops.secrets.tux-password = {
@@ -48,7 +50,14 @@
home-manager = {
backupFileExtension = "hm-backup";
useUserPackages = true;
extraSpecialArgs = {inherit inputs outputs username email;};
extraSpecialArgs = {
inherit
inputs
outputs
username
email
;
};
users.${username} = {
imports = [
./home.nix

97
hosts/common/secrets.yaml
View File

@@ -1,79 +1,88 @@
tux-password: ENC[AES256_GCM,data:68ZXKJMBBLV1mkNP9LFf+xC5arsARqKPFQAtmfag3ftip1suuZ1FmQICqsuCqXgGuwcSfH4ACkuiQ769u4aI7+jPxs0A62hFig==,iv:Yx9EfqChjBtgxxkWmayfKWoE498w4wUYoS353cMUMsI=,tag:Zr3KuIiXsi2VahRZ7Ncpig==,type:str]
tux-password: ENC[AES256_GCM,data:yAqMKsk7uz0F0k32PdYnqAmn+tdLyXl2krvMstdgFCvIUZH8TlATWCUMPUtnxQiTQqCUY+Q8LE+yYcFFGC3r5TskbF98igZTDA==,iv:hkE/21gdD2bCEdIITrhm9lhKRTHhCPeo8YaYS61/dEM=,tag:/tz2Xvy2ro9gGwKHrJuuzw==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWblJrWjErZC81d1IzTHV6
ZUkwTEhRdVdTTlJQb1pocnpnSkdZSWNTelVFCkJLR3VwT2dwM3IydCtkZ24yLzVF
ei9xMG51djNldnZkSnVqeEtsVFNSMkEKLS0tIGNEdi9OV0ZjVW93SUUyVURpT2tR
U3ZybTNac1JvVW9zTy9ocE5FUkpQTjAK2lAp5MC3B779uSWaOOxbnfdAa9xYDCL2
TloXlxfuYKe0j9Z2TIlYOa6z+/m8upOpE42Ux0qjZprE1LBq3g5uMA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXaTFZSENQZDcvczUrVFF6
Mm1GV3pqSzVPd2pQaUp3ZGRJS0kzMExXSmtJCkVwR1VxbUhCTTlKVHlLR0kvWkFO
R2VmQWhzSEsya3I4b1JRWnFSbXdUanMKLS0tIFR5bkU3cEVHL3BlUFRjL2l2ZDBK
WUVaZzFCQkc0KzRNQlRRdGNvWFdQNkUKhxAV3VavBzjSQHJPNn+Ghspi1scCq7dS
Qu81Q24kMK9sL7ddTjB7UqCgZ3LHq+Izzw5cSYVy+nq150oCBURnoA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZGdNSG5ER0JxbWhNanJU
WGlCZlIyT3JLWnFkSnBaakkyMXZBU0o0cjFVCml5VDB2d2dJTGkvVDh5M1NweXl1
ajl3R2RUWmtwWU5RUlpsVFIvM3R0cUUKLS0tIFNkbmtrRGdrcUFibDlldncrbjg2
TWJ1UFh5RnI2VDRocnZ0VVNmd2JRSVEKmqNV4dADO9ZxTjlDgMC5fNdioJrO6vrN
vTg3lTrwOTZ/TCg9PS2T5QEX9fZh2UthCEisPO7p1Q81Gyk7ySg2ow==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVGdJQTdBVHAxTmFoeThj
RWE0QjBiQUt5UkdDZzBRQm5vTUtGZmRxQ2xvCkRiUDIxUkV3ZW5Jd1ZoZWRzeE03
T0VPZE9pYXJGclVZSTJRM1JaVjM3VU0KLS0tIGFXQ3pRWXFYYWkrYngyZDJST2Jr
UlAzTFdxMENxckVpL05ReENjZHk3b1UK1NEgbZ5AMf9h6zlfIHL7ugNSyQ156T5r
x3l7nFrvxAWE9aTzn03hFjgRP72If6k/3pHJmT8h2494+K20qAmx6g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWRuaHIvT3BSZ2M0OUla
YWhSa2Q5SDJNbkRLQUZxaVFISmJENTIxc0hrCjlKTVBCK2g2WWNNNlNJQ25sMjVY
TURsSkNsbTQwRGlyU3NySis5azNvTVUKLS0tIGZHUEh3NHMyVXN5T0pXOWpOT1JP
UmZSM1J0elprbVBUZzU5QjVLRnVxNWsKFVdUQcKiHaSDR2+GqafXvoRQ0yyiKMcy
/UP/yCMoNUYIpiv4ocRhtDj4QrrO6NdJJTUifMkB9I1B6R7B7NG/gw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZE16cm5vNzhVSkY5K2hV
MWRaMHNIL1Q2cDZ0eHozbTJJWklKb09BK213CkFSazJGdnBWQnRvQ2Zlc1JQazZV
VWVMb1FpcUZMeURQSXJBTkJGeVdCeUkKLS0tIG1uRDJ4T2pRaVY1aERQOWhZdGl0
b3JVbHNpY1B5ekpodHp3ZXlrZFplNFEKiRPqPKh3g33a2/fQVrj8qGOcXheVaLgA
CAShzomubIQNFZUnl12hjH+ZcKlAwYFXzCrHUNdkEUWRIASqGa5oMA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeEpwakIyMkRYN1c0bUNy
eDFpUGlkTW02NWE1VlYxYnNsQTJ1NHIyWVY4ClI3VHlSWW1IK3I3SHY5YXN5S09q
OU5aSXVXU0FVU1VrNGlCTzFKWm95ZkkKLS0tIGV0Sy9LYlBuTm4xa2Zkc3JoaWo0
ZXllYnMwaXBXTW5vVVhoNXVFcEwvdlEKbuiT2/Isi3nsx/r3whpX6RiLEtsLMm6f
2A3bKpz1+MUupE6umEIBCXc+k58W6VhBkdrMxGtxZt1ZeA8ftz4bVA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQ3UybGxJaUU5ckdDak5F
d3RJdlR3VHNHZTJ0UXhXc08wSVVXZVFZb2lvClZGSzV6QmhqL01rYjhjdjNKT2RT
V3k1QUF4VXBNb2d6dnA0N2lNNnpXS00KLS0tICs3bWRHMGZiMmM4S3YyY0ttRWZ1
Snd1QTlRUndzK0RSUld1TlRkNU13cHMKTZsBN/4nBfEndip/vCUNtFZF89MKT8uA
C/hKD33ycaLNzmgxz3VRSCxeALMspeobeOLfRHJLflusD9xGgXn73A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFUwbXoyUnZGMElMdldX
UkJseC9XWEU3Vks2eGdYbHFjUjZMUVVGbkY0ClNIWFMvWEl1eDRncEt1dy9iVS81
ZE1rN25lR0w0Wno2OHZDZTRhSTVXVDgKLS0tIG9jNmFkdGxoRmRCT1RJQjVlOUJa
R0kxbllzMXZML1J6MitXSGhSTkF0MEkK8g7s87t956UTDtQO+IUEXe2B6WNM+KfH
aRobwCjvXcv5I8G+gkNll23MYlLMBRZ1qkeq24R0xA7cMYXj5APUsA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmkrNXJvUjR5anlUcFVE
NExQTnAwZDVmWEl3c3B2bis1N00wQzF6MFFvCnpENVNJU1JWLyswNnZoUTBZNE16
V2ZtLzIzanZEOWhkYXFxaWVLaDZoUDAKLS0tIEs3SXRZU283dERkZEFabmtFZTEx
aUIwRTgzQklUZmlnS05MQ2o5QmJSQk0KVrx1ZHqnS3KQ9jB7yqVIWbrQAdqDt/c4
i3mst4a/rKjgZGUYugHMctJppPIpqqVZTpBHPgY5OiAGESMrUZE+Ig==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bTBEck44R2ZxS0M3Ris1
VllxeEgyTjRWcHp3RUdpMytFQ0podkxXT1JrCi9VU2U2SHFrd1dPb3RESkQ4OGhi
RjZVVTZWQUVXSUxqaG5KVkJxQ0RCQncKLS0tIDJiVGpIU0NjelVCZkloOGhxQTdV
eHlaVm9iUFk2YThXZnU5SVpHUVVHbkEKcmUvbINRqmkkvXyyskNJ4eYD7VdQnxqg
7VuWV7zUK5ZVPv9kJiUl3OB3vNU8U15sNIdAjCp8//RtNkRyDJMgEQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUhKNU5BYmNEdllkWU1R
QVIxMExuYit6ekNwVHFmd2dGNEJtTTlHd0IwCkxiZnAvSURQY2RyWnRVVGxtdlUv
bmNpNFB6OENqOFJSakQ2NGJ0cVJTQlkKLS0tIEt5QXBXNC9WaDdIdklTeTA3ZEp6
Y212bDZSRkttWjBqTEdkbjY4WHd5RTgK1Y779ogFUcr89gosqh7rra7Wg6G/Ez1o
/+48kxF2DTKZLJYX2AFEP5H0JjBDtt+isiO7H1644LjdAwO/sgFMSQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVjU1Vy9tMkp5MS96Si9v
bnB4OHpzdktPeStYZHFZTXVmSWphMkxFQkRZCjEvTEpZY1I4TWNlM0c4Wi9nUVhx
dktvOXdXQ0M1YzhVU3BlOUZ4Tjkrd28KLS0tIC9NT0NKZTd0VUVUQTB6UHhDSVVw
eFM1Q1JOVXZoSXltRVZpaTNTUWhNa3MKFoY5bWWQS9qh0j8sgIgRA4jT6sl0xRkC
Tu0WUz344TzkJFuy7MgOpviQMqAijmbyYjaRSdS3CLGHvTKY8GcpOA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQXFScVBqUDZHc3BDK3N4
T3BnSWk5SElzZllYRHdlMStPS2ZyMDZoZ3pnCm5KVnBYb1R6anRWd04rNllPSW1G
ZVMwMTQ5NjQvaEYwZUhOOE56ckJHb00KLS0tIEpCWmNQZzFlK3ZrRGFPMFVwZndG
ZStueWovUmtKdTk2enRJa3NSbFpJL1UKtzKYPJ6vy6+VjPkrsRvNTwUtV198oglr
cMqBSuwkqzgjDC09sRMnW5PRfJo8hG+5gkd6EPZ8uAbUhGC+kAyLrg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZU93NCtxODQ2YjA4TUcr
aWEyaW4zREZtVUpuZWhZSUw3TWhpMXBYWEVVCitDNGx1eWZQZGsvUDl0UzNCd0Zp
QndpMys5OVg1WXMrdXRDUkFZWDErcjAKLS0tIDBOZTBxM09INTIxZm9tQk10ZUc2
emExUmJZZk00WmxYK2Y3WCtmQXhSUmsKwMxI9I6kQYkvZ4TzJtv/MdGLwTbQdePx
XB+oFbc9Rp3IAEZfH1+VEtJRjyKk5hE7HQoIh92XxJvmbDIswOe/Rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYlpXRGNpQVZTQ3hZK2lr
L2xodmhycTlRczN1c2Zib3RoeGlxQTAwTVRRCkJ1aWc3bzAyNnlMbUhuK2YwTXBq
Q1VhUUtWWXU0RXY2NG5jMG90dis4bEUKLS0tIHlkRkdCV0ZvU2pLZDRlN2h6c0JO
TTNtbGY1UWV5K3VQWjk5WlgyNUd1UVkK+XeX8vK4K2DJaWtFE91YGg/58M09rwuj
VVcMIPPPO1+KD16HTe1b8bVPeNfpIj9p3ybew3ILducyrYiRrxzGwg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNUhPQThmWjJROW95SWsw
aFk4dGR3c0RJZTkwSHFXaWp2UCtQWS9xYjFnCnAxa0RMV0xsNnZ2cnVMbmRzRFYv
QmRZQVY1ME9zTmZtT1RxUmFQc2JYc2cKLS0tIGxUTjYwYXZUMU9FY3BFS04zQk1G
bFJwRno1a0pwVHpaV0haZjlZazNtZDAKxTvzsmLtx50sI2bZ3fFcB6j9ZLas4KmL
5bu9Z75hFi+N1sjvMpcK7oIFypGLIWU3xpTP//jv6RuiyjGuR2Dq2w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-10T10:14:47Z"
mac: ENC[AES256_GCM,data:fmBWLOOCvJLfKSNG14zd9cBEa9+M4dJ7UtR+SZfGEcoGtBPmX1c6ZR8OgB+I45WkpT+Ho8kwQMcnD0n6IWzg946OEzIZjNuCds/wM1cCd3LjjlqwKnN1QGL5DNSIyi5CFzrjvvFtZCsw2acNjxtK86JujhpOivdVKC/kGkJzF0M=,iv:g0jXzrtU53YpW/NIb8ulmOGSJIXMA1Wady6DlOMA9aU=,tag:zf7WmNNYcFO9Rtynm5vaUg==,type:str]
lastmodified: "2025-11-04T09:28:17Z"
mac: ENC[AES256_GCM,data:A+xfYhnoq/JWYGZOleieF5vjrsPOtkKnXPbd94iBAbnuuBKx8Vgkpuum+hJzVIBdDSCVm8hl2Tpcw7NqWLSkXtBR/NKixzk6eIwFvOZz4h7Qe1Zue10pB25IkIzR34sLnWSHtsxuRRG6fZnf0CNtp7baf4XU3doyDwy5A384Jf0=,iv:i0y0UEY7SSCOBIBc+97qIiq4obpUJYb3gFo1yEc5eUI=,tag:c5zONd6zTv3sq4bPqT73OQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

18
hosts/homelab/default.nix
View File

@@ -23,6 +23,21 @@
discord_token = {
sopsFile = ./secrets.yaml;
};
hyperbolic_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
gemini_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
open_router_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
};
tux.services.cyber-tux = {
@@ -109,7 +124,7 @@
programs = {
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
package = pkgs.nix-ld;
};
};
@@ -141,6 +156,7 @@
];
};
users.users.${username} = {linger = true;};
home-manager.users.${username} = {
imports = [
./home.nix

14
hosts/homelab/secrets.yaml
View File

@@ -1,9 +1,8 @@
discord_token: ENC[AES256_GCM,data:fZqz6LD3+Svtton5gNCXO5ddWAqW1IyxP3M2DAIXZEIYRHUfAq8h9LES2IHWepjl5qKimxB35zacE/TYK2fitngWtRGVoMDBzzU6VTKNulNV3yFWrPA=,iv:YOplYld+c9vHVC0Srfm89qrh4yUygDiW67X2TdwHKMc=,tag:Ioc2wNLX818fRQ/2PSO7Sw==,type:str]
hyperbolic_api_key: ENC[AES256_GCM,data:t8xjjzhgvM9BXiB5jDc2RR384d+mL5zXr+/obDLMm2J+IN+Xw9fr4iz50CTQ5ZMWWMoPjxzY5vgiJ+h71BsDRM0TvBMWuXd2ihKOIZOVo6OQmCX/SeKUgkjunFqz+YKcxsLsF7ZG/tOgWGqMmxom8iGV7LELKG/8MLDCF50YgJNO568MJMUU,iv:Cf+mSG2dxsRclDy8k7gK+hi+Qd5J7wqfS9SQztRob80=,tag:Io4aAFa29SUsfuPFI2/+DA==,type:str]
gemini_api_key: ENC[AES256_GCM,data:GJWo7dXSaUbl2Q9h+Sc1sRF0g+82LyHk3mKFqDaBmRdalvyGwMvp,iv:odLpACXHVqxWIj7e/u6AY1pxjYX+e10Lezne1BlHl60=,tag:qO3zcz/93eHuEzG66zwwdA==,type:str]
open_router_api_key: ENC[AES256_GCM,data:ETiZEngQRnOrJtDXSDfBanzbUyThTAu9BSQCL1tuVv07CCWJaXUui9Y0kS9oIO5to655FON3C0RxovTGx6rWQwOMKeEn5bHUHA==,iv:ePJzHKFWddkLGfydPi6uEzvksm7Djln/DBV88Jc1ugA=,tag:Eb7eYPMC0DlqtT7OFK4UuA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
@@ -23,8 +22,7 @@ sops:
Y1RHaFdXaE9DODJtSTFCSVZWb0xVeUEK4qeBKg3u+vhBIM1dQ7BaOWi/C7Q8hk60
vu9Zr075n0+kb5Ab+RH24ZmEoP5PJXjwEfbAnmRTjn0reYn1nfcNYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T12:45:59Z"
mac: ENC[AES256_GCM,data:NLGe7L/oiG62x4PmQ6FobnuisFmMxYoGhxfqQ4qZdy9emYL/+FnrtFsKTKqZ9IHjrNnCmbk7y+Cds/azC1xGVcaj50jEox87vtqIZ3z0XsD1mJjCAdHkBVzzpQGwHas/5y0Inyj+oKsvQrqVacqYHVA/ES+zMvou8nD+EWIH2LE=,iv:fBVOnwih+QFkYZ8IfMBpQiT1XwSZtzo3VYaBOL3I5o4=,tag:p+ePQsrmcLcnLr2fgWQXQg==,type:str]
pgp: []
lastmodified: "2025-10-14T06:52:16Z"
mac: ENC[AES256_GCM,data:/p5Mbonr1YcrDgBIi+wFFPnNKsn74kuWf/EloNDnVWg59LuBy3nhrfXHUvbwlX7vLbSLozbuAHKTDcQ0+OUXJTYvMRApAGVh9HrvQFEQuOPOkwN8/qtdvwduInetX3t7PLWu4vbCVhl1v2BzJyEVQ9tzn7+8zEJhDDS7cPsZ9Is=,iv:GPJxjmOQPAqh0TulLhhX4UX+5FrZizCtDOkQa9xxaXY=,tag:Vv33D3wubWBDVOxdKOMENQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.10.2

20
hosts/isoImage/default.nix
View File

@@ -35,7 +35,10 @@
ssh.startAgent = true;
thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
};
nm-applet.enable = true;
};
@@ -51,16 +54,10 @@
};
logind = {
extraConfig = "HandlePowerKey=suspend";
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
};
xserver = {
enable = true;
xkb = {
layout = "in";
variant = "eng";
settings.Login = {
HandlePowerKey = "suspend";
HanldeLidSwitch = "suspend";
HandleLidSwitchExternalPower = "suspend";
};
};
@@ -76,6 +73,7 @@
fonts.packages = with pkgs.nerd-fonts; [
fira-code
jetbrains-mono
bigblue-terminal
];
home-manager.users.${username} = {

7
hosts/isoImage/home.nix
View File

@@ -3,21 +3,16 @@
../../modules/home/desktop/awesome
../../modules/home/desktop/hyprland
../../modules/home/picom
../../modules/home/alacritty
../../modules/home/wezterm
../../modules/home/ghostty
../../modules/home/desktop/rofi
../../modules/home/barrier
../../modules/home/firefox
../../modules/home/brave
../../modules/home/vs-code
../../modules/home/mopidy
../../modules/home/thunderbird
];
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 28;
};
home.stateVersion = "24.11";

55
hosts/node/default.nix Executable file
View File

@@ -0,0 +1,55 @@
{
inputs,
username,
...
}:
{
imports = [
inputs.disko.nixosModules.default
(import ./disko.nix {
device = "/dev/nvme0n1";
device2 = "/dev/nvme1n1";
device3 = "/dev/sda";
})
./hardware.nix
../common
];
tux.services.openssh.enable = true;
boot.loader.grub.enable = true;
networking = {
hostName = "node";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [
22
8545
8546
9545
9546
];
};
};
security.rtkit.enable = true;
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "25.05";
}

87
hosts/node/disko.nix Normal file
View File

@@ -0,0 +1,87 @@
{
device ? throw "Set this to the disk device, e.g. /dev/nvme0n1",
device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1",
device3 ? throw "Set this to the disk device3, e.g. /dev/nvme1n1",
...
}: {
disko.devices = {
disk = {
disk1 = {
type = "disk";
device = "${device}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
disk2 = {
type = "disk";
device = "${device2}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
hdd = {
type = "disk";
device = "${device3}";
content = {
type = "gpt";
partitions = {
data = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/mnt/hdd";
};
};
};
};
};
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

25
hosts/node/hardware.nix Normal file
View File

@@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
hosts/node/home.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
home.stateVersion = "25.05";
}

25
hosts/sirius/default.nix
View File

@@ -12,8 +12,30 @@
../../modules/nixos/virtualisation/docker.nix
];
hardware.nvidia-container-toolkit = {
enable = true;
suppressNvidiaDriverAssertion = true;
};
tux.services.openssh.enable = true;
sops.secrets = {
hyperbolic_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
gemini_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
open_router_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
nixpkgs = {
@@ -25,6 +47,7 @@
enable = true;
defaultUser = "${username}";
useWindowsDriver = true;
interop.register = true;
};
networking.hostName = "sirius";
@@ -36,7 +59,7 @@
nix-ld = {
enable = true;
libraries = config.hardware.graphics.extraPackages;
package = pkgs.nix-ld-rs;
package = pkgs.nix-ld;
};
dconf.enable = true;

27
hosts/sirius/secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
hyperbolic_api_key: ENC[AES256_GCM,data:3E4oWt65AU3anVUEU52r7vpRddDgXdqKgvc/URQmJGbA0nu6sbRmw3lD44SG0L5tMubi20+gkKlyFV3i8q2U148eo582Sxh8eXshvvjZ+gr9W9Eg0Tk9kQWycrE+N3r3g1AC+CWtbkRFDxQLuVAYf9W4mTw2Yg1VLV7H3BUCSYv3Rg5EPb9c,iv:Z+72Bk+5ZnHVR+SHXgM5mwfsIp4zZf9Iv8cAaZQB3Mg=,tag:phqWkpOCKnfiCBvR/f3flw==,type:str]
gemini_api_key: ENC[AES256_GCM,data:S9DEgF4xIDXaOqs+3vdRbFb4Z8eAV1hVg8PwEfasWu9XGH3CTXV8,iv:LvUFg6dzlzC3feGh//d2rmxvVq5TJQDEBQWfxNa259Y=,tag:juLXnsiXz7OmYvyKfAv66Q==,type:str]
open_router_api_key: ENC[AES256_GCM,data:tUtkVER9ZlhSeb0bDbA1nRi1lkRX/ofosV+mcHnaNQmAZXWXiyn8WDfemxxNuvU86YctURxL4TckfsQv7RmMjY7esB1Pmmwf9Q==,iv:elT8JJu48cgu4Q1YWxiL4ePNkP+EGhI8blqfUB/nmz8=,tag:bMvUXUegE+GJ6WdypTxLyw==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVUx5VWlHekQ1ZlBWb1cv
aWpXQ0NUaDVudENNRWhPdXlhekhwZW9zbjNNCkRzTlVOZm53MnJmckp6d3FsTU9D
M2pZYUs2aHJzWjQzM01BMUVaZHlsdm8KLS0tIG04Rjc3VXM1eFhvTGhpMVlJdE9K
dkYwdGZMRmZ1MFFTVlI4T0MrNytsV00KmdCXJ/EBZhLN/NXuOf36LjwmGTze46Ou
kQtKSpdzLdo/bdS6sbUGVHqDLeS7GwGtVciMh9zBHCsGBCAAkQHxIA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSXhQdEpJZHBGbjlZTnhD
U0Zwc1pwbGtHdkRFbWJRVzRNWUdqakhzM2pJCmYyYlMwQVZEbzkxcnRKVERyeExB
Z0hXcTdyMHMwREExdlJmR3JHTldvRnMKLS0tIFNMczN6QmI3cUR6clBDU2dKQTVF
U1dpRkttaURwSkgySVdiR25iZk50b2cKrrNfeAV73W3+kWM0diIFj08+koBVySVx
U3tYYrePi7qQxDSrNo4a14yOopjktj/ABKpxI5cfza6aS5NQxErq2Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-10T21:30:12Z"
mac: ENC[AES256_GCM,data:IxGSaYj3PLV+RA4G+A3yep0RkcPr9xd6X7yKJP3QVthzGinm0KRNs8wyMdDgdSrK/e0AlzN594VOMTRRgxLV9oPqEPqufWDGGCpiKuW+q2mJSv3i3f1dUbO/l+OSTEFqeeKb8rWEhbJ3qcjEhI/eFB+RNkDtJvSzDlJsS4uDB9A=,iv:VlvTI3AHyBKpwr9b29YqN8V1Tjq2E8oAOAPA7LuAKps=,tag:+BFt/T4ep66WFz9Y2a7a9w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

1
hosts/vega/default.nix
View File

@@ -56,6 +56,7 @@
enable = false;
};
users.users.${username} = {linger = true;};
home-manager.users.${username} = {
imports = [
./home.nix

1
hosts/vps/default.nix
View File

@@ -91,6 +91,7 @@
];
};
users.users.${username} = {linger = true;};
home-manager.users.${username} = {
imports = [
./home.nix

7
modules/home/barrier/default.nix
View File

@@ -1,7 +0,0 @@
{pkgs, ...}: {
# services.barrier.client.enable = true;
home.packages = with pkgs; [
barrier
];
}

2
modules/home/brave/default.nix
View File

@@ -25,7 +25,7 @@ in {
package = pkgs.brave;
commandLineArgs = [
"--disable-features=WebRtcAllowInputVolumeAdjustment"
"--force-device-scale-factor=1.05"
"--force-device-scale-factor=1.0"
];
};

8
modules/home/desktop/hyprland/default.nix
View File

@@ -259,6 +259,14 @@
"SUPER_SHIFT, 5, movetoworkspacesilent, 5"
];
workspace = [
"1, monitor:HDMI-A-1"
"2, monitor:HDMI-A-1"
"3, monitor:HDMI-A-1"
"4, monitor:eDP-1"
"5, monitor:eDP-1"
];
binde = [
# resize active
"SUPER_CTRL, left, resizeactive, -20 0"

4
modules/home/desktop/hyprland/hyprpaper.nix
View File

@@ -8,11 +8,11 @@
splash_offset = 2.0;
preload = [
"~/Wallpapers/mountain.jpg"
"~/Wallpapers/new/sunset-pixel.png"
];
wallpaper = [
", ~/Wallpapers/mountain.jpg"
", ~/Wallpapers/new/sunset-pixel.png"
];
};
};

8
modules/home/git/default.nix
View File

@@ -5,13 +5,15 @@
}: {
programs.git = {
enable = true;
userName = "${username}";
userEmail = "${email}";
signing = {
key = "~/.ssh/id_ed25519.pub";
signByDefault = true;
};
extraConfig = {
settings = {
user = {
name = "${username}";
email = "${email}";
};
init.defaultBranch = "main";
commit.gpgSign = true;
gpg.format = "ssh";

19
modules/home/lan-mouse/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{inputs, ...}: {
imports = [
inputs.lan-mouse.homeManagerModules.default
];
programs.lan-mouse = {
enable = true;
systemd = true;
settings = {
# release_bind = ["KeyA" "KeyS" "KeyD" "KeyF"];
port = 4242;
authorized_fingerprints = {
"30:66:b3:95:dc:6b:55:a4:9f:30:31:9c:3e:4d:70:03:33:c3:f0:6f:df:31:35:58:36:6e:80:2f:32:b2:ce:48" = "pc";
};
};
};
}

2
modules/home/picom/default.nix
View File

@@ -1,7 +1,7 @@
{pkgs, ...}: {
services.picom = {
enable = true;
package = pkgs.picom-next;
package = pkgs.picom;
backend = "glx";
vSync = true;

15
modules/home/shell/aichat.nix
View File

@@ -1,15 +0,0 @@
{...}: {
programs = {
aichat = {
enable = true;
settings = {
model = "gemini:gemini-2.0-flash-lite";
clients = [
{
type = "gemini";
}
];
};
};
};
}

1
modules/home/shell/default.nix
View File

@@ -1,7 +1,6 @@
{pkgs, ...}: {
imports = [
./lazygit.nix
./aichat.nix
./superfile.nix
./open-code.nix
];

198
modules/home/shell/lazygit.nix
View File

@@ -9,69 +9,161 @@
customCommands = [
{
key = "<c-a>";
description = "Pick AI commit";
command = ''
aichat "Please suggest 10 commit messages, given the following diff:
description = "AI-powered conventional commit";
context = "global";
command = "git commit -m \"{{.Form.CommitMsg}}\"";
loadingText = "Generating commit messages...";
prompts = [
{
type = "menu";
key = "Type";
title = "Type of change";
options = [
{
name = "AI defined";
description = "Let AI analyze and determine the best commit type";
value = "ai-defined";
}
{
name = "build";
description = "Changes that affect the build system or external dependencies";
value = "build";
}
{
name = "feat";
description = "A new feature";
value = "feat";
}
{
name = "fix";
description = "A bug fix";
value = "fix";
}
{
name = "chore";
description = "Other changes that don't modify src or test files";
value = "chore";
}
{
name = "ci";
description = "Changes to CI configuration files and scripts";
value = "ci";
}
{
name = "docs";
description = "Documentation only changes";
value = "docs";
}
{
name = "perf";
description = "A code change that improves performance";
value = "perf";
}
{
name = "refactor";
description = "A code change that neither fixes a bug nor adds a feature";
value = "refactor";
}
{
name = "revert";
description = "Reverts a previous commit";
value = "revert";
}
{
name = "style";
description = "Changes that do not affect the meaning of the code";
value = "style";
}
{
name = "test";
description = "Adding missing tests or correcting existing tests";
value = "test";
}
];
}
{
type = "menuFromCommand";
title = "AI Generated Commit Messages";
key = "CommitMsg";
command = ''
bash -c "
# Check for staged changes
diff=\$(git diff --cached | head -n 10)
if [ -z \"\$diff\" ]; then
echo \"No changes in staging. Add changes first.\"
exit 1
fi
\`\`\`diff
$(git diff --cached)
\`\`\`
SELECTED_TYPE=\"{{.Form.Type}}\"
COMMITS_TO_SUGGEST=8
**Criteria:**
opencode run -m \"google/gemini-2.5-flash-lite\" \"
You are an expert at writing Git commits. Your job is to write commit messages that follow the Conventional Commits format.
1. **Format:** Each commit message must follow the conventional commits format, which is \`<type>(<scope>): <description>\`.
2. **Relevance:** Avoid mentioning a module name unless it's directly relevant to the change.
3. **Enumeration:** List the commit messages from 1 to 10.
4. **Clarity and Conciseness:** Each message should clearly and concisely convey the change made.
The user has selected: \$SELECTED_TYPE
**Commit Message Examples:**
Your task is to:
1. Analyze the code changes
2. Determine the most appropriate commit type (if user selected 'ai-defined')
3. Determine an appropriate scope (component/area affected)
4. Decide if this is a breaking change
5. Write clear, concise commit messages
- fix(app): add password regex pattern
- test(unit): add new test cases
- style: remove unused imports
- refactor(pages): extract common code to \`utils/wait.ts\`
Available commit types:
- feat: A new feature
- fix: A bug fix
- docs: Documentation only changes
- style: Changes that do not affect the meaning of the code
- refactor: A code change that neither fixes a bug nor adds a feature
- perf: A code change that improves performance
- test: Adding missing tests or correcting existing tests
- build: Changes that affect the build system or external dependencies
- ci: Changes to CI configuration files and scripts
- chore: Other changes that don't modify src or test files
- revert: Reverts a previous commit
**Recent Commits on Repo for Reference:**
Follow these guidelines:
- Structure: <type>(<scope>): <description>
- If user selected 'ai-defined', analyze the changes and pick the most suitable type
- If user selected a specific type, use that type: \$SELECTED_TYPE
- Add scope in parentheses if applicable (e.g., auth, api, ui, config)
- Use exclamation mark (!) after type/scope for breaking changes: type(scope)!: description
- Use lowercase for description (except proper nouns)
- Use imperative mood (\\\"add\\\", not \\\"added\\\")
- Keep description under 50 characters when possible
- No period at the end of subject line
\`\`\`
$(git log -n 10 --pretty=format:'%h %s')
\`\`\`
Examples:
- feat(auth): add OAuth login support
- fix(api): handle null response in user endpoint
- docs(readme): update installation instructions
- style(ui): improve button spacing consistency
- refactor(database): simplify query builder logic
- test(auth): add unit tests for login flow
- build(deps): upgrade React to version 18
- ci(github): fix deployment workflow
- chore(config): update ESLint rules
- perf(api)!: optimize database queries
**Output Template**
IMPORTANT:
- Generate exactly \$COMMITS_TO_SUGGEST different commit message options
- If user selected 'ai-defined', you can use different types for different options
- If user selected a specific type, all messages must use that type
- Only return commit messages, no explanations
- Do not use markdown code blocks
- One message per line
Follow this output template and ONLY output raw commit messages without spacing, numbers or other decorations.
Previous commits for context:
\$(git log --oneline -10)
fix(app): add password regex pattern
test(unit): add new test cases
style: remove unused imports
refactor(pages): extract common code to \`utils/wait.ts\`
**Instructions:**
- Take a moment to understand the changes made in the diff.
- Think about the impact of these changes on the project (e.g., bug fixes, new features, performance improvements, code refactoring, documentation updates). It's critical to my career you abstract the changes to a higher level and not just describe the code changes.
- Generate commit messages that accurately describe these changes, ensuring they are helpful to someone reading the project's history.
- Remember, a well-crafted commit message can significantly aid in the maintenance and understanding of the project over time.
- If multiple changes are present, make sure you capture them all in each commit message.
Keep in mind you will suggest 10 commit messages. Only 1 will be used. It's better to push yourself (esp to synthesize to a higher level) and maybe wrong about some of the 10 commits because only one needs to be good. I'm looking for your best commit, not the best average commit. It's better to cover more scenarios than include a lot of overlap.
Write your 10 commit messages below in the format shown in Output Template section above." \
| fzf --height 40% --border --ansi --preview "echo {}" --preview-window=up:wrap \
| xargs -I {} bash -c '
COMMIT_MSG_FILE=$(mktemp)
echo "{}" > "$COMMIT_MSG_FILE"
''${EDITOR:-vim} "$COMMIT_MSG_FILE"
if [ -s "$COMMIT_MSG_FILE" ]; then
git commit -F "$COMMIT_MSG_FILE"
else
echo "Commit message is empty, commit aborted."
fi
rm -f "$COMMIT_MSG_FILE"'
'';
context = "files";
output = "terminal";
Changes to analyze:
\$(git diff --cached --stat)
\$(git diff --cached)
\"
"
'';
}
];
}
];
};

8
modules/home/wezterm/default.nix
View File

@@ -1,11 +1,7 @@
{
inputs,
pkgs,
...
}: {
{pkgs, ...}: {
programs.wezterm = {
enable = true;
package = inputs.wezterm-flake.packages."${pkgs.system}".default;
package = pkgs.wezterm-git;
enableZshIntegration = false;
extraConfig = ''

112
modules/nixos/distrobox.nix Normal file
View File

@@ -0,0 +1,112 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.tux.packages.distrobox;
in {
options.tux.packages.distrobox = {
enable = mkEnableOption "Enable DistroBox";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
distrobox
(writeShellScriptBin "dbox-create" ''
#!/usr/bin/env bash
# 1. Initialize variables
IMAGE=""
NAME=""
# Array to hold optional arguments (like volumes)
declare -a EXTRA_ARGS
# 2. Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
-i|--image)
IMAGE="$2"
shift 2
;;
-n|--name)
NAME="$2"
shift 2
;;
-p|--profile)
echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
# Add volume flags to the array
EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
shift 1
;;
*)
echo "Unknown option $1"
exit 1
;;
esac
done
if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
echo "Usage: dbox-create -i <image> -n <name> [-p]"
exit 1
fi
# 3. Define the custom home path
CUSTOM_HOME="$HOME/Distrobox/$NAME"
echo "------------------------------------------------"
echo "Creating Distrobox: $NAME"
echo "Location: $CUSTOM_HOME"
echo "------------------------------------------------"
# 4. Run Distrobox Create
# We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
${pkgs.distrobox}/bin/distrobox create \
--image "$IMAGE" \
--name "$NAME" \
--home "$CUSTOM_HOME" \
"''${EXTRA_ARGS[@]}"
# Check exit code
if [ $? -ne 0 ]; then
echo "Error: Distrobox creation failed."
exit 1
fi
# 5. Post-Creation: Symlink Config Files
echo "--> Linking configurations to $NAME..."
# Helper function to symlink
link_config() {
SRC="$1"
DEST="$2"
DEST_DIR=$(dirname "$DEST")
# Create parent directory if it doesn't exist
mkdir -p "$DEST_DIR"
if [ -e "$SRC" ]; then
# ln -sf: symbolic link, force overwrite
ln -sf "$SRC" "$DEST"
echo " [LINK] $DEST -> $SRC"
else
echo " [SKIP] $SRC not found on host"
fi
}
# Create Symlinks
link_config "$HOME/.zshrc" "$CUSTOM_HOME/.zshrc"
link_config "$HOME/.zshenv" "$CUSTOM_HOME/.zshenv"
link_config "$HOME/.config/fastfetch" "$CUSTOM_HOME/.config/fastfetch"
link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
echo "--> Done! Enter via: distrobox enter $NAME"
'')
];
};
}

52
modules/nixos/selfhosted/containers/aiostreams.nix Normal file
View File

@@ -0,0 +1,52 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.tux.containers.aiostreams;
in {
options.tux.containers.aiostreams = {
enable = mkEnableOption "Enable AIOStreams";
port = mkOption {
type = types.int;
default = 3000;
};
environment = mkOption {
type = with types; attrsOf str;
default = {};
};
environmentFiles = mkOption {
type = with types; listOf path;
default = [];
};
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.aiostreams = {
autoStart = true;
image = "ghcr.io/viren070/aiostreams:latest";
ports = [
"${toString cfg.port}:3000"
];
environment = cfg.environment;
environmentFiles = cfg.environmentFiles;
};
services.nginx.virtualHosts = {
"${cfg.environment.ADDON_ID}" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString cfg.port}";
};
};
};
};
};
}

2
modules/nixos/selfhosted/nextcloud.nix
View File

@@ -19,7 +19,7 @@
nextcloud = {
enable = true;
hostName = "cloud.tux.rs";
package = pkgs.nextcloud31;
package = pkgs.nextcloud32;
database.createLocally = true;
configureRedis = true;
maxUploadSize = "16G";

32
modules/nixos/selfhosted/umami.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
config,
...
}: {
services = {
umami = {
enable = true;
settings = {
APP_SECRET_FILE = config.sops.secrets.umami.path;
PORT = 4645;
};
createPostgresqlDatabase = true;
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"umami.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
proxyWebsockets = true;
};
};
};
};
};
};
}

2
modules/nixos/virtualisation/qemu.nix
View File

@@ -8,8 +8,6 @@
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
};

25
overlays/default.nix
View File

@@ -2,24 +2,25 @@
additions = final: _prev: import ../pkgs {pkgs = final;};
modifications = final: prev: {
awesome = inputs.nixpkgs-f2k.packages.${prev.system}.awesome-git;
ghostty = inputs.ghostty.packages.${prev.system}.default;
tawm = inputs.tawm.packages.${prev.system}.default;
tnvim = inputs.tnvim.packages.${prev.system}.default;
tpanel = inputs.tpanel.packages.${prev.system}.default;
ags = inputs.tpanel.packages.${prev.system}.ags.default;
tfolio = inputs.tfolio.packages.${prev.system}.default;
trok = inputs.trok.packages.${prev.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.system};
hyprland-plugins = inputs.hyprland-plugins.packages.${prev.system};
awesome = inputs.nixpkgs-f2k.packages.${prev.stdenv.hostPlatform.system}.awesome-git;
ghostty = inputs.ghostty.packages.${prev.stdenv.hostPlatform.system}.default;
tawm = inputs.tawm.packages.${prev.stdenv.hostPlatform.system}.default;
tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
tfolio = inputs.tfolio.packages.${prev.stdenv.hostPlatform.system}.default;
trok = inputs.trok.packages.${prev.stdenv.hostPlatform.system}.default;
cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
hyprland-plugins = inputs.hyprland-plugins.packages.${prev.stdenv.hostPlatform.system};
wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
};
# When applied, the stable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.stable'
stable-packages = final: _prev: {
stable = import inputs.nixpkgs-stable {
system = final.system;
system = final.stdenv.hostPlatform.system;
config.allowUnfree = true;
};
};

2
pkgs/firefox-mod-blur/default.nix
View File

@@ -11,7 +11,7 @@ stdenv.mkDerivation {
owner = "datguypiko";
repo = "Firefox-Mod-Blur";
rev = "refs/heads/master";
sha256 = "sha256-BZ1NvKQwUDTMxQHEKX61PvD99cTDmBURSUKEKZNQDR4=";
sha256 = "sha256-J/SBMxDWxDC7o8P0t/3surUod52uUwy+xaD5dzZPGq0=";
};
installPhase = ''