tux/tawm
1
0
Fork 0
mirror of https://github.com/tuxdotrs/tawm.git synced 2025-07-06 04:56:34 +05:30
Code Issues Packages Projects Releases Wiki Activity

feat: isolate awesomeWM config

Browse Source
This commit is contained in:
tux
2025-02-27 16:12:22 +05:30
parent e1553de0ad
commit 5f70161a19
376 changed files with 18 additions and 7933 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
.sops.yaml
View File

@ -1,55 +0,0 @@
keys:
- &users
- &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
- &hosts
- &sirius age1d3t78xlqd0erlqj2m9947l9eqwpge3zrperljw3xrshh0gjx4ghs8tuqcu
- &canopus age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
- &homelab age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
- &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
- &alpha age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx
- &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
- &capella age1sjnqsxdqyqngt52asc4cmrf0nkvmxvp8v4zrvrmtuftz3uffyskszjhqm5
creation_rules:
- path_regex: hosts/common/secrets.yaml$
key_groups:
- age:
- *tux
- *sirius
- *canopus
- *homelab
- *arcturus
- *alpha
- *vega
- *capella
- path_regex: hosts/sirius/secrets.yaml$
key_groups:
- age:
- *tux
- *sirius
- path_regex: hosts/canopus/secrets.yaml$
key_groups:
- age:
- *tux
- *canopus
- path_regex: hosts/arcturus/secrets.yaml$
key_groups:
- age:
- *tux
- *arcturus
- path_regex: hosts/alpha/secrets.yaml$
key_groups:
- age:
- *tux
- *alpha
- path_regex: hosts/capella/secrets.yaml$
key_groups:
- age:
- *tux
- *capella
- path_regex: hosts/homelab/secrets.yaml$
key_groups:
- age:
- *tux
- *homelab

6
pkgs/awesome/default.nix → default.nix
View File

@ -2,10 +2,10 @@
stdenv,
lib,
}: let
awesome = ./awesome;
awesome = ./src;
in
stdenv.mkDerivation {
pname = "tux-awesome-wm-config";
pname = "tawm";
version = "0.1.0";
buildCommand = ''
@ -14,7 +14,7 @@ in
'';
meta = with lib; {
description = "tux's awesome-wm config";
description = "tux's awesomeWM config";
homepage = "https://tux.rs";
platforms = platforms.all;
license = licenses.gpl3;

1125
flake.lock generated Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

147
flake.nix
View File

@ -1,148 +1,23 @@
{
description = "tux's Nix Flake";
description = "tux's awesomeWM configuration";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
outputs = {
self,
nixpkgs,
deploy-rs,
...
} @ inputs: let
inherit (self) outputs;
inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (inputs.nix-on-droid.lib) nixOnDroidConfiguration;
forAllSystems = nixpkgs.lib.genAttrs [
}: let
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
username = "tux";
email = "t@tux.rs";
mkNixOSConfig = host: {
specialArgs = {inherit inputs outputs username email;};
modules = [./hosts/${host}];
};
mkDroidConfig = host: {
pkgs = import nixpkgs {system = "aarch64-linux";};
extraSpecialArgs = {inherit inputs outputs username email;};
modules = [./hosts/${host}];
};
mkNixOSNode = hostname: {
inherit hostname;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname};
};
};
activateNixOnDroid = configuration:
deploy-rs.lib.aarch64-linux.activate.custom
configuration.activationPackage
"${configuration.activationPackage}/activate";
mkDroidNode = hostname: {
inherit hostname;
profiles.system = {
sshUser = "nix-on-droid";
user = "nix-on-droid";
magicRollback = true;
sshOpts = ["-p" "8022"];
path = activateNixOnDroid self.nixOnDroidConfigurations.${hostname};
};
};
forAllSystems = function: nixpkgs.lib.genAttrs systems (system: function nixpkgs.legacyPackages.${system});
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
# Custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;};
# NixOS configuration entrypoint
# 'nixos-rebuild switch --flake .#your-hostname'
nixosConfigurations = {
arcturus = nixosSystem (mkNixOSConfig "arcturus");
canopus = nixosSystem (mkNixOSConfig "canopus");
alpha = nixosSystem (mkNixOSConfig "alpha");
sirius = nixosSystem (mkNixOSConfig "sirius");
vega = nixosSystem (mkNixOSConfig "vega");
capella = nixosSystem (mkNixOSConfig "capella");
vps = nixosSystem (mkNixOSConfig "vps");
isoImage = nixosSystem (mkNixOSConfig "isoImage");
homelab = nixosSystem (mkNixOSConfig "homelab");
};
# NixOnDroid configuration entrypoint
# 'nix-on-droid switch --flake .#your-hostname'
nixOnDroidConfigurations = {
rigel = nixOnDroidConfiguration (mkDroidConfig "rigel");
};
deploy = {
nodes = {
arcturus = mkNixOSNode "arcturus";
canopus = mkNixOSNode "canopus";
alpha = mkNixOSNode "alpha";
sirius = mkNixOSNode "sirius";
vega = mkNixOSNode "vega";
capella = mkNixOSNode "capella";
homelab = mkNixOSNode "homelab";
rigel = mkDroidNode "rigel";
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/release-24.11";
nixos-wsl = {
url = "github:nix-community/nixos-wsl";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
wezterm-flake = {
url = "github:wez/wezterm/main?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-secrets = {
url = "git+ssh://git@github.com/tuxdotrs/nix-secrets.git?shallow=1";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
tfolio = {
url = "git+ssh://git@github.com/tuxdotrs/tfolio.git";
inputs.nixpkgs.follows = "nixpkgs";
};
cyber-tux = {
url = "git+ssh://git@github.com/tuxdotrs/cyber-tux.git";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
ghostty.url = "github:ghostty-org/ghostty";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs-f2k.url = "github:moni-dz/nixpkgs-f2k";
nur.url = "github:nix-community/nur";
sops-nix.url = "github:Mic92/sops-nix";
impermanence.url = "github:nix-community/impermanence";
deploy-rs.url = "github:serokell/deploy-rs";
packages = forAllSystems (pkgs: rec {
default = tawm;
tawm = pkgs.callPackage ./default.nix {};
});
};
}

103
hosts/alpha/default.nix
View File

@ -1,103 +0,0 @@
{
pkgs,
username,
config,
email,
inputs,
...
}: {
imports = [
./hardware.nix
../common
../../modules/nixos/selfhosted/uptime-kuma.nix
];
tux.services.openssh.enable = true;
tux.services.openssh.ports = [23];
tux.services.tfolio.enable = true;
sops.secrets = {
borg_encryption_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
};
boot = {
kernelPackages = pkgs.linuxPackages_zen;
initrd.systemd.enable = true;
loader = {
grub.device = "/dev/sda";
timeout = 1;
};
};
networking = {
hostName = "alpha";
firewall = {
enable = true;
allowedTCPPorts = [80 443 22];
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = "${email}";
certs = {
"tux.rs" = {
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
tux.services.nginxStreamProxy = {
enable = true;
upstreamServers = inputs.nix-secrets.proxy-servers;
};
services = {
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
programs = {
zsh.enable = true;
dconf.enable = true;
};
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "23.11";
}

33
hosts/alpha/hardware.nix
View File

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/471d0988-e57c-4767-a2b4-c93797a8c16f";
fsType = "ext4";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

3
hosts/alpha/home.nix
View File

@ -1,3 +0,0 @@
{...}: {
home.stateVersion = "23.11";
}

33
hosts/alpha/secrets.yaml
View File

@ -1,33 +0,0 @@
borg_encryption_key: ENC[AES256_GCM,data:4rS4RVUbSErLEVJuUluYOrw0m2LlYP7zEeYTL4yTmc4=,iv:epNhm2nSDF4Lp+Iu/vZuDiTna+1q59lY7Ztmpcpmb5o=,tag:7o0MwZBdiDSPaL07qVOfWg==,type:str]
cloudflare_credentials:
email: ENC[AES256_GCM,data:Re656wFjQWWNO/k=,iv:NsRdtzMbkOPS9kN/y/IYzRrBr+xmDXp87DTiNwHKesc=,tag:4hGnmto08H2MKxk/7QkI5w==,type:str]
dns_api_token: ENC[AES256_GCM,data:703Nk1PaePWYuKNVJkSVTplAvsSTLrYrWdhZlTqlMNRa6m2j5neahg==,iv:RHpz1O1TgFsooYGIJiI8Owwmk5hzd+x+DFADvt+k9C0=,tag:zlDnKbLbSBVXMaHOnk0AuQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTnRhZVg3MmNiOFpoeTE3
SXdtRXN1VS82S3AveDFMRjFYQVJpMDdyQWowCjJrQlIwN2VHQUlUazNaMERnRDJR
dFQ2VUpDMlJENVU5cWtIY3pZZU9wSmcKLS0tIEF1NzRkSHJ5cTQrM3RWdUtrYzkw
VXI3QzE5UlBhS2g1RUl0TEtaS0NPTW8KAQ+9Hk3HNMhwm33T3mzgkavs6mx4zKqZ
xjfB5d5W5UI+7uYC+RQNNA/cVxAgkMiW4OL4HAt2hXD6lrsjNzxzpQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4OHkvTk5JaWxLbmZ5VEtV
S2VkMVl0WGZOYk5WRTJISWMxU0tja0x6alFrCnJISFNTbDhNRXJjUDJDS1JmWmRK
aGhyaFBjNTlhanE3UGdQb0JFUWFCTWcKLS0tIDhVZ1JxcGJUcWsvWVFSWFZWYjdx
K2syUkFRb3F3aFFFeis3OFR4ZENielEKGrUQCi7xaPzJKypvy4tyoSG1a2/l5Le0
dVcheJcRJvoo89WWrciMhZ/MCs5kffI464RVW7q9BxbJRDO2Obm2dw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-13T09:10:11Z"
mac: ENC[AES256_GCM,data:GTzDXeEzRFmrX0PU0GKPF5JwscZUrzUmB90ThHPZ7oqflOPpZBrotOo4MZCcU37HEPAXVeFUzVnsjN5bOp5RFqs70r9upj2jXiIsbx/yskcPOML3GAFmVc9HbjOK9TLyie2bJWaFhT+b7CgiJvyIu0QEh43dqSI4d3H1T8Hqn1o=,iv:kcV3Xz276+PKrztSIDB2SiJjDV2iqCn2A90AjEO326M=,tag:3xu3sQeRB15Os06i484GFw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

215
hosts/arcturus/default.nix
View File

@ -1,215 +0,0 @@
{
modulesPath,
inputs,
username,
lib,
email,
config,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/sda";})
../common
../../modules/nixos/virtualisation/docker.nix
../../modules/nixos/selfhosted/postgresql.nix
../../modules/nixos/selfhosted/headscale.nix
../../modules/nixos/selfhosted/vaultwarden.nix
../../modules/nixos/selfhosted/gitea.nix
../../modules/nixos/selfhosted/plausible.nix
../../modules/nixos/selfhosted/monitoring/grafana.nix
../../modules/nixos/selfhosted/monitoring/loki.nix
../../modules/nixos/selfhosted/monitoring/promtail.nix
../../modules/nixos/selfhosted/ntfy-sh.nix
../../modules/nixos/selfhosted/searx.nix
../../modules/nixos/selfhosted/wakapi.nix
../../modules/nixos/selfhosted/nextcloud.nix
../../modules/nixos/selfhosted/silver-bullet.nix
../../modules/nixos/selfhosted/rustdesk-server.nix
../../modules/nixos/selfhosted/kasmweb.nix
];
tux.services.openssh.enable = true;
sops.secrets = {
borg_encryption_key = {
sopsFile = ./secrets.yaml;
};
searx_secret_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
plausible_key = {
sopsFile = ./secrets.yaml;
};
wakapi_salt = {
sopsFile = ./secrets.yaml;
};
nextcloud_password = {
sopsFile = ./secrets.yaml;
owner = "nextcloud";
};
silver_bullet = {
sopsFile = ./secrets.yaml;
};
"cs2_secrets/SRCDS_TOKEN" = {
sopsFile = ./secrets.yaml;
};
"cs2_secrets/CS2_RCONPW" = {
sopsFile = ./secrets.yaml;
};
"cs2_secrets/CS2_PW" = {
sopsFile = ./secrets.yaml;
};
};
nixpkgs = {
hostPlatform = "x86_64-linux";
};
boot = {
kernel.sysctl = {
"vm.swappiness" = 10;
};
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
configurationLimit = 10;
};
timeout = 1;
};
};
networking = {
hostName = "arcturus";
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 3333];
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = "${email}";
certs = {
"tux.rs" = {
group = "nginx";
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
services = {
nginx = {
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedZstdSettings = true;
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/acme"
"/var/lib/postgresql"
"/var/lib/headscale"
"/var/lib/vaultwarden"
"/var/lib/gitea"
"/var/lib/clickhouse"
"/var/lib/grafana"
"/var/lib/promtail"
"/var/lib/private"
"/var/lib/nextcloud"
"/var/lib/silverbullet"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

53
hosts/arcturus/disko.nix
View File

@ -1,53 +0,0 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

15
hosts/arcturus/home.nix
View File

@ -1,15 +0,0 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
"Stuff"
".ssh"
];
files = [
".zsh_history"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

42
hosts/arcturus/secrets.yaml
View File

@ -1,42 +0,0 @@
borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str]
searx_secret_key: ENC[AES256_GCM,data:Z49PJ2gNI5CI0IfzOta+r67VNUvjoPpMVv5lajGhUMPzSy1KWZC5wIM3d02jWwCOsNjXdU5hE3j9W0rkoy5ZhFPXBJRUEv5b6IcaLA==,iv:364zGZkD2LO189nkvizl8yjedi1IgYEEQMA67SexSSI=,tag:qPqefG6jUaBOpUy6d7E++w==,type:str]
plausible_key: ENC[AES256_GCM,data:Ynf2aJ6RLRdAkT9ltLpCXTl8zg/VESDchlf67PmKjc93rSfDgq9tFqv1q55Km2lDo7y9iLu5WyLLg24CSSwy8Q==,iv:yW5hgP4dhfkvunv3iYmXGEH9w29OOmrG4ourPagslVg=,tag:C5PVfEseP5gJdoQQL4gERQ==,type:str]
wakapi_salt: ENC[AES256_GCM,data:Vk5Lezv0f/0ehHqXXBCsQxWFYE2KFujTfII0r7Gd1BXFrwiPEdX62aZ+9LQx7s1RTHh0n+LP/5t0cmHO/fJhGw==,iv:ZUlRwNXUCQ53Lymi9fO4qoBWjLpHVWfTnYM0Z1I6F5o=,tag:dadkEKV7paH4+qAz7Bxxqg==,type:str]
cloudflare_credentials:
email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str]
dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str]
nextcloud_password: ENC[AES256_GCM,data:o37mq4YHQT5pbi+cXrk=,iv:8HiDwdHTozNM2lHpgqVhdsspuifppsL2I6Z31xEnYFI=,tag:xTnfn8HcubfiQwLYIkpxjw==,type:str]
silver_bullet: ENC[AES256_GCM,data:waEPGskjkkdX98PKzgZG1bzS+NwL6GR8kok=,iv:8a8IeXla8XSHFzjKcVY3QYUK5aFk2kPHVIRvs1y7So0=,tag:p++o6wvLtG5DbDmUusRQLg==,type:str]
cs2_secrets:
SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TGpVMzNDZjNQSkNDQmM3
eXpvZDRPZW9Kbm81Z2VVUVZIckFNUC9zTEZzCmliUkNWS01YMHVRaUoxTS84VmxQ
UDZtbkhmZmdZVWVsaHN3djkwSERGQ1kKLS0tIEh0ckhDTkQvcEM0UFI2MUVXVHI5
WnhEdnRqazdZWmczYXYxNy9BMHdwdEUKYgB34OOezF3iF706pIfDmQ0FJEHXBbGF
EJRNmA4Zl1AwyzkN3NSlctzvxx201T1GWL4qZeyVafRv5jQ9oSfK7g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHeXNrT3c1bENOK0lNZWNT
eFBqYm1BRHBhakFQMVVIKzR0SDRDOW9jUXdBCmFIQWZRSnBlOFBralVFakQ2clNY
Q1Nma0pRVHh4L3IwQm1GbTdqb1BUcWsKLS0tIFRQOVIxb1FRc29WSVVERWsxSDhq
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T12:59:25Z"
mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

332
hosts/canopus/default.nix
View File

@ -1,332 +0,0 @@
{
inputs,
username,
pkgs,
lib,
config,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/nvme0n1";})
./hardware.nix
../common
../../modules/nixos/desktop
../../modules/nixos/desktop/awesome
../../modules/nixos/desktop/hyprland
../../modules/nixos/virtualisation
../../modules/nixos/steam.nix
];
tux.services.openssh.enable = true;
nixpkgs.config.cudaSupport = true;
sops.secrets = {
hyperbolic_api_key = {
sopsFile = ./secrets.yaml;
owner = "${username}";
};
};
networking = {
hostName = "canopus";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 3000 6666 8081];
# Facilitate firewall punching
allowedUDPPorts = [41641];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
};
};
boot = {
binfmt.emulatedSystems = ["aarch64-linux"];
plymouth = {
enable = true;
theme = "spinner-monochrome";
themePackages = [
(pkgs.plymouth-spinner-monochrome.override {inherit (config.boot.plymouth) logo;})
];
};
kernelParams = [
"quiet"
"loglevel=3"
"systemd.show_status=auto"
"udev.log_level=3"
"rd.udev.log_level=3"
"vt.global_cursor_default=0"
];
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
supportedFilesystems = ["ntfs"];
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
timeout = 1;
};
};
hardware = {
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
graphics.enable32Bit = true;
};
security = {
polkit.enable = true;
rtkit.enable = true;
};
systemd = {
enableEmergencyMode = false;
user = {
services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = ["graphical-session.target"];
wants = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
};
programs = {
ssh.startAgent = true;
xfconf.enable = true;
file-roller.enable = true;
thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
};
nm-applet.enable = true;
noisetorch.enable = true;
};
services = {
resolved.enable = true;
flatpak.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
logind = {
extraConfig = "HandlePowerKey=suspend";
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
};
xrdp = {
enable = true;
openFirewall = true;
defaultWindowManager = "awesome";
audio.enable = true;
};
syncthing = {
enable = true;
user = "tux";
dataDir = "/home/tux/";
openDefaultPorts = true;
};
xserver = {
enable = true;
xkb = {
layout = "in";
variant = "eng";
};
};
libinput.touchpad.naturalScrolling = true;
# To use Auto-cpufreq we need to
# disable TLP because it's enabled by nixos-hardware
tlp.enable = false;
auto-cpufreq = {
enable = true;
settings = {
battery = {
governor = "powersave";
turbo = "never";
scaling_min_freq = 400000;
scaling_max_freq = 3800000;
};
charger = {
governor = "powersave";
turbo = "never";
scaling_max_freq = 3800000;
};
};
};
blueman.enable = true;
supergfxd = {
enable = true;
settings = {
mode = "Integrated";
vfio_enable = false;
vfio_save = false;
always_reboot = false;
no_logind = false;
logout_timeout_s = 180;
hotplug_type = "None";
};
};
asusd = {
enable = true;
enableUserService = true;
asusdConfig.text = ''
(
charge_control_end_threshold: 100,
panel_od: false,
mini_led_mode: false,
disable_nvidia_powerd_on_battery: true,
ac_command: "",
bat_command: "",
platform_policy_on_battery: Quiet,
platform_policy_on_ac: Quiet,
ppt_pl1_spl: None,
ppt_pl2_sppt: None,
ppt_fppt: None,
ppt_apu_sppt: None,
ppt_platform_sppt: None,
nv_dynamic_boost: None,
nv_temp_target: None,
)
'';
profileConfig.text = ''
(
active_profile: Quiet,
)
'';
};
gvfs.enable = true;
tumbler.enable = true;
gnome.gnome-keyring.enable = true;
tailscale = {
enable = true;
extraUpFlags = ["--login-server https://hs.tux.rs"];
};
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
};
fonts.packages = with pkgs.nerd-fonts; [
fira-code
jetbrains-mono
];
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/tailscale"
"/var/lib/nixos"
"/etc/NetworkManager/system-connections"
];
files = [
# "/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

48
hosts/canopus/disko.nix
View File

@ -1,48 +0,0 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

26
hosts/canopus/hardware.nix
View File

@ -1,26 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

102
hosts/canopus/home.nix
View File

@ -1,102 +0,0 @@
{
pkgs,
username,
...
}: {
imports = [
../../modules/home/desktop/awesome
../../modules/home/desktop/hyprland
../../modules/home/desktop/waybar
../../modules/home/picom
../../modules/home/alacritty
../../modules/home/wezterm
../../modules/home/ghostty
../../modules/home/desktop/rofi
../../modules/home/barrier
../../modules/home/firefox
../../modules/home/librewolf
../../modules/home/kdeconnect
../../modules/home/vs-code
../../modules/home/mopidy
../../modules/home/thunderbird
../../modules/home/floorp
];
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
};
qt.enable = true;
qt.platformTheme.name = "gtk";
qt.style.name = "adwaita-dark";
qt.style.package = pkgs.adwaita-qt;
gtk = {
enable = true;
theme = {
name = "Materia-dark";
package = pkgs.materia-theme;
};
iconTheme = {
package = pkgs.tela-icon-theme;
name = "Tela-black";
};
};
home.packages = with pkgs; [
discord
telegram-desktop
anydesk
rustdesk-flutter
rawtherapee
beekeeper-studio
obs-studio
flameshot
libreoffice-qt
spotify
stremio
galaxy-buds-client
copyq
vlc
tor-browser
];
home.persistence."/persist/home/${username}" = {
directories = [
"Downloads"
"Music"
"Wallpapers"
"Documents"
"Videos"
"Projects"
"Stuff"
".mozilla"
".ssh"
".wakatime"
".rustup"
".cargo"
".config/copyq"
".config/discord"
".config/Vencord"
".config/sops"
".config/obs-studio"
".config/rustdesk"
".config/spotify"
".local/share/nvim"
".local/share/zoxide"
".local/share/Smart\ Code\ ltd"
".local/share/GalaxyBudsClient"
".local/share/TelegramDesktop"
".local/state/lazygit"
".cache/spotify"
];
files = [
".zsh_history"
".wakatime.cfg"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

30
hosts/canopus/secrets.yaml
View File

@ -1,30 +0,0 @@
hyperbolic_api_key: ENC[AES256_GCM,data:FjDSbdutLa9hnVGRR+k2MznVfDGAx1/rNfjY/vaBuvKoBRj7aHqGpQ1cvhfxjyLMqPLqLnmimEtZeykvgkIIjKGzw5PewE23+lrN3oQyoYJvK+b8PRStjSaxOfzOnuLXi+YVnsU939nStLwnmSYKDabNWgFcWYsHwtHDafuWyovM9sVwasTn,iv:bxseG6GLKBL/CJOS8SrhgiLEyvMGSNQIMJSYLk2MqEo=,tag:4wxmkUwlcu23d7pMHbvIoQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUnhkNzR0TnNzL29xV3cv
R3lqYUtVWWlNOVFTZHhTMWJZL1ZJUDIxaG0wCnIvQnkxSWJxWTZYVEkvS1ZWSEhk
YmhuK2JtS3lmUjV6MW50SGZrTnpkeDAKLS0tIDkvbk5abnhkNlA0dmgwV0Z0L1BS
UUduZUV3OGcvaFdBOFFsc0xzVCtQcUUKrmZvR2onMD0snqPw8okxaK6Tz5sA/cmR
1ZczgwLslJA7kwGKYOslUGA7aGB4jyP+M74wBAVa71BqWatypp0RfA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEOE0xbDN0UmdVdE1DR1lo
dmNudDk2TjNQdHFGc0lJTSt0dVVRU3BPRlg0ClV1ZUdxRVNpSmhYQm80QjdhdFc5
SVI4bi93WDBDWHQvejJIV21Bc2NsMjgKLS0tIEduZ2hHSnI3UXlGU2ZFZkpTRDJo
K0tiZ0swMmpuVW02OHMrRThlOXBWUjQKYHyJZuvQABh+gJ+THQ5SakVEqsKkyBMb
k6KnjRATpdZlmm0GjbD4aasF/j/V2fuH327Z72jPWQuI1y5ZfbDhSg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-21T14:42:55Z"
mac: ENC[AES256_GCM,data:UoUa+ypzLAfl2dU7r0dPkddDKyL3d/jFYAUTBbo1828THBCIJPRxaBHmMI1+BjZ/TSvJsGFhJS6YbrQB0zKN/CrH/OGdZPpwJ3VXwFtBWcEc7v8VZCFeWoRnYA31j7uPBA/KxvxpijSEIyJDO4IO+885cyK+uI+5DY9OU9UkDrg=,iv:56K11zOXjZP2XWcz9Xe9Wzqu1XhTfm9Fqd4xNETs2vU=,tag:IssVEyR9AJDZ18+RBvR63Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

104
hosts/capella/default.nix
View File

@ -1,104 +0,0 @@
{
modulesPath,
inputs,
username,
lib,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/vda";})
../common
];
tux.services.openssh.enable = true;
nixpkgs = {
hostPlatform = "x86_64-linux";
};
boot = {
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
};
};
networking = {
hostName = "capella";
firewall.enable = false;
};
users = {
users.${username} = {
password = "${username}";
hashedPasswordFile = lib.mkForce null;
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

53
hosts/capella/disko.nix
View File

@ -1,53 +0,0 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

14
hosts/capella/home.nix
View File

@ -1,14 +0,0 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
".ssh"
];
files = [
".zsh_history"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

58
hosts/common/default.nix
View File

@ -1,58 +0,0 @@
{
username,
outputs,
inputs,
email,
...
}: {
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.home-manager
inputs.nix-index-database.nixosModules.nix-index
../../modules/base
../../modules/nixos/fail2ban.nix
../../modules/nixos/selfhosted/upstream-proxy.nix
../../modules/nixos/selfhosted/tfolio.nix
../../modules/nixos/selfhosted/cyber-tux.nix
../../modules/nixos/networking/ssh.nix
];
sops.secrets.tux-password = {
sopsFile = ./secrets.yaml;
neededForUsers = true;
};
time.timeZone = "Asia/Kolkata";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_IN";
LC_IDENTIFICATION = "en_IN";
LC_MEASUREMENT = "en_IN";
LC_MONETARY = "en_IN";
LC_NAME = "en_IN";
LC_NUMERIC = "en_IN";
LC_PAPER = "en_IN";
LC_TELEPHONE = "en_IN";
LC_TIME = "en_IN";
};
};
security.sudo.wheelNeedsPassword = false;
programs = {
zsh.enable = true;
};
home-manager = {
backupFileExtension = "hm-backup";
useUserPackages = true;
extraSpecialArgs = {inherit inputs outputs username email;};
users.${username} = {
imports = [
./home.nix
];
};
};
}

44
hosts/common/home.nix
View File

@ -1,44 +0,0 @@
{
outputs,
username,
inputs,
...
}: {
imports = [
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.nix-index-database.hmModules.nix-index
../../modules/home/shell
../../modules/home/git
../../modules/home/starship
../../modules/home/nvim
../../modules/home/tmux
../../modules/home/helix
../../modules/home/aria2
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.nur
outputs.overlays.nix-vscode-extensions
];
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
joypixels.acceptLicense = true;
};
};
home = {
username = "${username}";
homeDirectory = "/home/${username}";
};
programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch";
}

84
hosts/common/secrets.yaml
View File

@ -1,84 +0,0 @@
tux-password: ENC[AES256_GCM,data:znZPP7d0z0bfp6pxPUFwbjRk4orY5luGe0yXDSrGmYLLn6GJIlhzJ199sQfTG2T1u5/0AmRNkw7Ev7TZSDwyp/fZkmh53Mv5aQ==,iv:v7PbW34T987bj4uovtexyrfqTmCZbB3ZVr/hankwlq4=,tag:r4yqBVS+4T8AU9OCTzb0qQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ODE2Sk8vWGZvUTdXaXJQ
NkxMZ2RwVWhRU2YwRmNZQkVITzN4SkxKL0JRCmJnM0M5ZDdFcW01dEpYQ2JLcFdV
aCs1RnNQcXFlQmRkR3ljQWNvejU5ODAKLS0tIFMyeWIyVUhsS1pjcXl4cWM1TXJH
OUdMd050ZWl5bEwzMjc2Q1h0ZTltOE0Kle5ASAQTtMX3Jx3B2z817MGhAi3EgzZj
Ef0QcB2ZH/VdBu4awdyL9XJQcdDGEb6IdLJcBd0hs2Sy1ZDB7pmvmA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d3t78xlqd0erlqj2m9947l9eqwpge3zrperljw3xrshh0gjx4ghs8tuqcu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWGpkTWEwWUMxd04rcTJv
VU9tMUExS01uZ1FaSjJ2UmUyNXBTQ05jVXp3ClExZDVCZEo5WHl4L25UdjE4dkdz
N0NsRUVwQ0ExWW9HWHphRVpzYTBVY28KLS0tIGZyNXFGc3ZxYkZIb2RRcHlxcFZ0
RnY4YVVCOFNubjk2R3BqMTMvcURpcHMK5wWDD91kf17SMHitd7ZcBnEYLpfvMBkz
5QZRIEyS+KQWn5Rj0Yc5avV10zynDhC1827Hqcrpg8vk042cA3f8Mw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSGhxaGhrdit3NGxudGhs
cHFNL002LzdKYUROL1pxRVFqQjY5SU5TOWtzCmZleUY0Q2E5TGVWL1I2Y0NhUVJM
c055VnJiTVdVQWYxblF1WjV4bXFzWXMKLS0tIFdZMy84VEFzbEhvbjVEQ1lOVm02
aGFFcXY0c21RbzdrRk9TcFh0QUJTSUUKj9FoEOzasV+vUMYVzaY1g8/F0K6sAVFe
kjPEuMR5s6JUWCrc/fgi3h2LS7ujd3HOAjpg1Ue9RlxH66vWgiRIdA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb0pCNis1eWIvaFBqVzdC
QVhaTStCdWNSZHM0bWpjYlZTNDdFcThBWjFRCmk2OC9xaElUaUduNzFUWTROVDZm
b1RoTGh5aXNaR1dUbjFPekVRSXdhRTgKLS0tIHBndUlsTGJNbUlwRDJoeTJRcjky
NUxoVWI3VkxESU1aa0t0Q3RTeFJMR0kK63MYcs4X6ZIJtMYtpXdjfZWqoF2vU1TL
4JO2d3PtAMbJDTShXU6LAIPAZkFS3alSLo7AemfaCJSEqfjm7p2J9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TndxTWJxWFdHMm5mMmxL
bjRkbm03N1lDOW1oV2FybStJMFR0bVh5WTNvCnp4NXdnVGFnVU5oWG1DczFnVDFD
dUthOVZLL2xZY3NsMzdEdzkwZmpvWTAKLS0tIE1McFQ2S0srUjJMdmhlczVwVk0r
RllNaysxN3BJbGRTeEdSQ0ZCTWJLS3cKrQLzrigUgT6TAwLh497bGsj8RPes8daP
bN+1TckQXdHEC7nHdanCljnq/EVp3Ant0GbtR/Xj0H01y3/wgydAoQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bGtlZkgwdzlNNXVKcEJr
V1lCRzljRlJka0g5SHRMNlNjVkRlQ0J0NjBvCnZtdVFuSlptb3Fkc0pFRm1xVDh5
dHZqMzN2RGc1dzNxc3lMOVJxZTlPYnMKLS0tIDBYMDVVUDYzR3h6UDBaOUFUU0Zo
MG1mMEZycmc5Q0NyOWlvM0NpQ0RVQm8KXwBINuKj8yf/GlAnftFiPV/CTddn5Q9e
6cfMXOUmu7maJ7ckftHh4McQn37KSRSvsUaDcfnJYi/+AP4xZVR2ew==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjM3U1TWRMcTBabFI0bzVP
cWE5eWZBQzk0MFdCQmd5UHpPaDdLbW8rVlJFCitOUkNoSDRkTnIyRDYzcmZTZXlS
ZldJckNncVBycjRNZ2gxc3NqYWtyUEUKLS0tIFNuTlVwR0tsSVE3bzhIeG5sbXhO
Q2VibU9DK0MvNm1sWjlZbE1RR1orU3MKMOM/nC+iCvWl6S1Deaj48PosHpICSGSq
E3rew2o2fDSorlEJQXQ1Hy5mU+QD6HUwD9Yf4Fj1avsWnfSUldbgLA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sjnqsxdqyqngt52asc4cmrf0nkvmxvp8v4zrvrmtuftz3uffyskszjhqm5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva0ZSd24xeXdFYi9MNEF1
MW9JaG1mVzJ2bERyZ0l6SzNHbzBnSmx4YURRCklPemVENXFzU1o1Sng0L0FHbjVm
aFJSeVorWmR3ZmVLbHpEQjZMa2gzWkUKLS0tIHV6REZXREVXbEhTeGs2NmdlZ1d1
R3k4cS9WN2d3ME95Y3dqZzdSdlkrVkEKefD2SOkoWUJLBJgMxs4/UhE9sgGbm7A7
NzrHzIUOdjrkMIo/nAOrEO7vSI0CUwE1NHIc+q4LXyR1WHVY+ozI7g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-25T21:19:20Z"
mac: ENC[AES256_GCM,data:gMrMUE0d6b0rNYUviNx7gwbrXW0S7YeKyUQTtKqfBICWdv2pr/pcf+Yad78x0YANKau4f5fri+HZvHDVAe8Wo43+udpEkQZO1UMv7iLpjXqrWMiTQ7xSC3sY27gnoKrq2l6vojUh6Z/HXvdwZFyZ+SEQOYOnHXLmugVuK5ACVvU=,iv:2Lqlp1O2SQLdU+h//WGizVVcV4VbxKzwbGABV6vspPE=,tag:oRqfQXcYrNZQkBMMuat/NQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

149
hosts/homelab/default.nix
View File

@ -1,149 +0,0 @@
{
inputs,
username,
pkgs,
lib,
config,
...
}: {
imports = [
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/nvme0n1";})
./hardware.nix
../common
../../modules/nixos/desktop
../../modules/nixos/virtualisation/docker.nix
../../modules/nixos/selfhosted/open-webui.nix
];
tux.services.openssh.enable = true;
sops.secrets = {
discord_token = {
sopsFile = ./secrets.yaml;
};
};
tux.services.cyber-tux = {
enable = true;
environmentFile = config.sops.secrets.discord_token.path;
};
networking = {
hostName = "homelab";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [22];
# Facilitate firewall punching
allowedUDPPorts = [41641];
};
};
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelPackages = pkgs.linuxPackages_zen;
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
timeout = 1;
};
};
hardware = {
graphics.enable32Bit = true;
};
security = {
rtkit.enable = true;
};
programs = {
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
};
};
services = {
tailscale = {
enable = true;
extraUpFlags = ["--login-server https://hs.tux.rs"];
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/tailscale"
"/var/lib/nixos"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

48
hosts/homelab/disko.nix
View File

@ -1,48 +0,0 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

26
hosts/homelab/hardware.nix
View File

@ -1,26 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

21
hosts/homelab/home.nix
View File

@ -1,21 +0,0 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
"Stuff"
".ssh"
".wakatime"
".config/sops"
".local/share/nvim"
".local/share/zoxide"
".local/state/lazygit"
];
files = [
".zsh_history"
".wakatime.cfg"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

30
hosts/homelab/secrets.yaml
View File

@ -1,30 +0,0 @@
discord_token: ENC[AES256_GCM,data:fZqz6LD3+Svtton5gNCXO5ddWAqW1IyxP3M2DAIXZEIYRHUfAq8h9LES2IHWepjl5qKimxB35zacE/TYK2fitngWtRGVoMDBzzU6VTKNulNV3yFWrPA=,iv:YOplYld+c9vHVC0Srfm89qrh4yUygDiW67X2TdwHKMc=,tag:Ioc2wNLX818fRQ/2PSO7Sw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YktFRE9KS0h0T0hDTlpF
ZEk0VzNTcVE0ampsWVRtSzJ3UHBXL2NlUUh3Cjk5ZnFKVENmTTJHQjgrVWlyOUE1
THUrTUFzdWhKejNUNXpsNVpvZVdJWm8KLS0tIDZ5bmYzSVBUVlVORHAzSGtCQmVo
a2JuSWVtMi9FMkova3BCd2F0U2VCRzQKonG/AkEn2X2l3vyr0UlJprGW2ZSwrczq
xHafyGiU/I1AO/HoB3BXyP8t/Sgn/dy42lspqZ3MoLLlmx7dQeTd+g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWUowUlB2cWVOclpRMENn
TU5za0Y2UHZ5eFNZMEdQWm9xdTZFYkVwS2hNCnRBUU1ndFdiQ09sQjBDb1greC93
ejl2OVZTTEtIcWpxUk5RRngrbjRWREEKLS0tIDVrSHhxbmJFdWwyQS9xeWlFZitJ
Y1RHaFdXaE9DODJtSTFCSVZWb0xVeUEK4qeBKg3u+vhBIM1dQ7BaOWi/C7Q8hk60
vu9Zr075n0+kb5Ab+RH24ZmEoP5PJXjwEfbAnmRTjn0reYn1nfcNYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T12:45:59Z"
mac: ENC[AES256_GCM,data:NLGe7L/oiG62x4PmQ6FobnuisFmMxYoGhxfqQ4qZdy9emYL/+FnrtFsKTKqZ9IHjrNnCmbk7y+Cds/azC1xGVcaj50jEox87vtqIZ3z0XsD1mJjCAdHkBVzzpQGwHas/5y0Inyj+oKsvQrqVacqYHVA/ES+zMvou8nD+EWIH2LE=,iv:fBVOnwih+QFkYZ8IfMBpQiT1XwSZtzo3VYaBOL3I5o4=,tag:p+ePQsrmcLcnLr2fgWQXQg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

84
hosts/isoImage/default.nix
View File

@ -1,84 +0,0 @@
{
pkgs,
modulesPath,
inputs,
username,
...
}: {
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
inputs.home-manager.nixosModules.home-manager
../../modules/nixos/default.nix
../../modules/nixos/desktop/awesome
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostName = "iso";
};
hardware = {
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
security = {
rtkit.enable = true;
};
programs = {
ssh.startAgent = true;
thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
nm-applet.enable = true;
};
services = {
resolved.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
logind = {
extraConfig = "HandlePowerKey=suspend";
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
};
xserver = {
enable = true;
xkb = {
layout = "in";
variant = "eng";
};
};
libinput.touchpad.naturalScrolling = true;
blueman.enable = true;
gvfs.enable = true;
tumbler.enable = true;
};
fonts.packages = with pkgs.nerd-fonts; [
fira-code
jetbrains-mono
];
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "23.11";
}

7
hosts/isoImage/home.nix
View File

@ -1,7 +0,0 @@
{...}: {
imports = [
../common/home.nix
];
home.stateVersion = "23.11";
}

62
hosts/rigel/default.nix
View File

@ -1,62 +0,0 @@
{
pkgs,
username,
outputs,
inputs,
email,
...
}: {
imports = [
../../modules/droid/sshd.nix
];
android-integration.am.enable = true;
android-integration.termux-open-url.enable = true;
android-integration.xdg-open.enable = true;
android-integration.termux-setup-storage.enable = true;
android-integration.termux-reload-settings.enable = true;
terminal.font = let
firacode = pkgs.nerd-fonts.fira-code;
fontPath = "share/fonts/truetype/NerdFonts/FiraCode/FiraCodeNerdFont-Regular.ttf";
in "${firacode}/${fontPath}";
time.timeZone = "Asia/Kolkata";
tux.services.openssh = {
enable = true;
ports = [8022];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D ${email}"
];
};
user = {
uid = 10559;
gid = 10559;
shell = "${pkgs.zsh}/bin/zsh";
};
environment.etcBackupExtension = ".backup";
environment.motd = '''';
environment.packages = with pkgs; [
nano
git
neovim
openssh
];
home-manager = {
config = ./home.nix;
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs outputs username email;};
useGlobalPkgs = true;
};
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
system.stateVersion = "24.05";
}

34
hosts/rigel/home.nix
View File

@ -1,34 +0,0 @@
{pkgs, ...}: {
imports = [
../../modules/home/git
../../modules/home/starship
];
programs = {
bat.enable = true;
zoxide = {
enable = true;
options = ["--cmd cd"];
};
zsh = {
enable = true;
shellAliases = {
ls = "lsd";
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
initExtra = ''
fastfetch
'';
};
};
home.packages = with pkgs; [
neovim
busybox
lsd
fastfetch
];
home.stateVersion = "24.05";
}

57
hosts/sirius/default.nix
View File

@ -1,57 +0,0 @@
{
pkgs,
inputs,
username,
config,
...
}: {
imports = [
inputs.nixos-wsl.nixosModules.wsl
../common
../../modules/nixos/virtualisation/docker.nix
];
tux.services.openssh.enable = true;
boot.binfmt.emulatedSystems = ["aarch64-linux"];
nixpkgs = {
config.cudaSupport = true;
hostPlatform = "x86_64-linux";
};
wsl = {
enable = true;
defaultUser = "${username}";
nativeSystemd = true;
useWindowsDriver = true;
};
networking.hostName = "sirius";
programs = {
ssh.startAgent = true;
zsh.enable = true;
nix-ld = {
enable = true;
libraries = config.hardware.graphics.extraPackages;
package = pkgs.nix-ld-rs;
};
dconf.enable = true;
};
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "23.11";
}

3
hosts/sirius/home.nix
View File

@ -1,3 +0,0 @@
{...}: {
home.stateVersion = "23.11";
}

66
hosts/vega/default.nix
View File

@ -1,66 +0,0 @@
{
pkgs,
username,
...
}: {
imports = [
./hardware.nix
../common
../../modules/nixos/selfhosted/adguard.nix
];
tux.services.openssh.enable = true;
boot.initrd.availableKernelModules = [
"usbhid"
"usb_storage"
"vc4"
"pcie_brcmstb" # required for the pcie bus to work
"reset-raspberrypi" # required for vl805 firmware to load
];
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
hardware.enableRedistributableFirmware = true;
powerManagement.cpuFreqGovernor = "ondemand";
networking = {
hostName = "vega";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [22];
# Facilitate firewall punching
allowedUDPPorts = [41641];
};
};
services = {
tailscale = {
enable = true;
extraUpFlags = ["--login-server https://hs.tux.rs"];
};
};
environment.systemPackages = with pkgs; [go-wol];
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

32
hosts/vega/hardware.nix
View File

@ -1,32 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/vega/home.nix
View File

@ -1,3 +0,0 @@
{...}: {
home.stateVersion = "24.11";
}

101
hosts/vps/default.nix
View File

@ -1,101 +0,0 @@
{
modulesPath,
inputs,
username,
lib,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/sda";})
../common
];
tux.services.openssh.enable = true;
nixpkgs = {
hostPlatform = "x86_64-linux";
};
boot = {
initrd.systemd = {
enable = lib.mkForce true;
services.wipe-my-fs = {
wantedBy = ["initrd.target"];
after = ["initrd-root-device.target"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
};
};
networking.hostName = "vps";
users = {
users.${username} = {
password = "${username}";
hashedPasswordFile = lib.mkForce null;
};
};
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "24.11";
}

53
hosts/vps/disko.nix
View File

@ -1,53 +0,0 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices.disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt"; # GPT partitioning scheme
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# EFI Partition
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
# Btrfs Root Partition
root = {
size = "100%"; # Use remaining space
type = "8300"; # Linux filesystem type
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountOptions = ["compress=zstd"]; # Compression for better performance
mountpoint = "/"; # Root subvolume
};
"/persist" = {
mountOptions = ["compress=zstd"]; # Compression for persistent data
mountpoint = "/persist"; # Persistent subvolume
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
"noacl"
]; # Optimize for Nix store
mountpoint = "/nix"; # Nix subvolume
};
};
};
};
};
};
};
}

14
hosts/vps/home.nix
View File

@ -1,14 +0,0 @@
{username, ...}: {
home.persistence."/persist/home/${username}" = {
directories = [
"Projects"
".ssh"
];
files = [
".zsh_history"
];
allowOther = true;
};
home.stateVersion = "24.11";
}

11
modules/base/default.nix
View File

@ -1,11 +0,0 @@
{
imports = [
./nix.nix
./nixpkgs.nix
./nh.nix
./overlays.nix
./sops.nix
./substituters.nix
./user.nix
];
}

16
modules/base/nh.nix
View File

@ -1,16 +0,0 @@
{
config,
username,
...
}: {
programs.nh = {
enable = true;
clean = {
enable = !config.nix.gc.automatic;
dates = "weekly";
};
flake = "/home/${username}/Projects/nixos-config";
};
}

27
modules/base/nix.nix
View File

@ -1,27 +0,0 @@
{
pkgs,
username,
...
}: {
nix = {
package = pkgs.lix;
gc = {
automatic = true;
options = "--delete-older-than 3d";
};
channel.enable = false;
settings = {
extra-platforms = ["aarch64-linux" "arm-linux"];
auto-optimise-store = true;
allowed-users = ["${username}"];
trusted-users = ["${username}"];
experimental-features = "nix-command flakes";
keep-going = true;
warn-dirty = false;
http-connections = 50;
};
};
}

8
modules/base/nixpkgs.nix
View File

@ -1,8 +0,0 @@
{
nixpkgs = {
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
};
}

9
modules/base/overlays.nix
View File

@ -1,9 +0,0 @@
{outputs, ...}: {
nixpkgs.overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.nur
outputs.overlays.nix-vscode-extensions
];
}

20
modules/base/sops.nix
View File

@ -1,20 +0,0 @@
{
inputs,
config,
pkgs,
...
}: let
isEd25519 = k: k.type == "ed25519";
getKeyPath = k: k.path;
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in {
imports = [inputs.sops-nix.nixosModules.sops];
sops.age = {
sshKeyPaths = map getKeyPath keys;
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
environment.systemPackages = with pkgs; [sops];
}

27
modules/base/substituters.nix
View File

@ -1,27 +0,0 @@
{
nix.settings = {
substituters = [
"https://cache.nixos.org?priority=10"
"https://anyrun.cachix.org"
"https://fufexan.cachix.org"
"https://helix.cachix.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://nix-gaming.cachix.org"
"https://yazi.cachix.org"
"https://nix-on-droid.cachix.org"
];
trusted-substituters = ["https://nix-on-droid.cachix.org"];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"fufexan.cachix.org-1:LwCDjCJNJQf5XD2BV+yamQIMZfcKWR9ISIFy5curUsY="
"helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k="
"nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU="
];
};
}

20
modules/base/user.nix
View File

@ -1,20 +0,0 @@
{
config,
pkgs,
username,
email,
...
}: {
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.${username} = {
hashedPasswordFile = config.sops.secrets.tux-password.path;
isNormalUser = true;
extraGroups = ["networkmanager" "wheel" "storage"];
openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D ${email}''
];
};
};
}

106
modules/droid/sshd.nix
View File

@ -1,106 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
# utility functions
concatLines = list: builtins.concatStringsSep "\n" list;
prefixLines = mapper: list: concatLines (map mapper list);
# could be put in the config
configPath = "ssh/sshd_config";
keysFolder = "/etc/ssh";
authorizedKeysFolder = "/etc/ssh/authorized_keys.d";
supportedKeysTypes = [
"rsa"
"ed25519"
];
sshd-start-bin = "sshd-start";
# real config
cfg = config.tux.services.openssh;
pathOfKeyOf = type: "${keysFolder}/ssh_host_${type}_key";
generateKeyOf = type: ''
${lib.getExe' pkgs.openssh "ssh-keygen"} \
-t "${type}" \
-f "${pathOfKeyOf type}" \
-N ""
'';
generateKeyWhenNeededOf = type: ''
if [ ! -f ${pathOfKeyOf type} ]; then
mkdir --parents ${keysFolder}
${generateKeyOf type}
fi
'';
sshd-start = pkgs.writeScriptBin sshd-start-bin ''
#!${pkgs.runtimeShell}
${prefixLines generateKeyWhenNeededOf supportedKeysTypes}
mkdir --parents "${authorizedKeysFolder}"
echo "${lib.concatStringsSep "\n" cfg.authorizedKeys}" > ${authorizedKeysFolder}/${config.user.userName}
echo "Starting sshd in non-daemonized way on port ${lib.concatMapStrings toString cfg.ports}"
${lib.getExe' pkgs.openssh "sshd"} \
-f "/etc/${configPath}" \
-D # don't detach into a daemon process
'';
in {
options = {
tux.services.openssh = {
enable = lib.mkEnableOption ''
Whether to enable the OpenSSH secure shell daemon, which
allows secure remote logins.
'';
ports = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [22];
description = ''
Specifies on which ports the SSH daemon listens.
'';
};
authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = ''
Specify a list of public keys to be added to the authorized_keys file.
'';
};
};
};
config = lib.mkIf cfg.enable {
environment.etc = {
"${configPath}".text = ''
${prefixLines (port: "Port ${toString port}") cfg.ports}
AuthorizedKeysFile ${authorizedKeysFolder}/%u
LogLevel VERBOSE
'';
};
environment.packages = [
sshd-start
pkgs.openssh
];
build.activationAfter.sshd = ''
SERVER_PID=$(${lib.getExe' pkgs.procps "ps"} -a | ${lib.getExe' pkgs.toybox "grep"} sshd || true)
if [ -z "$SERVER_PID" ]; then
$DRY_RUN_CMD ${lib.getExe sshd-start}
fi
'';
};
}

69
modules/home/alacritty/default.nix
View File

@ -1,69 +0,0 @@
{...}: {
programs.alacritty = {
enable = true;
settings = {
font = {
normal.family = "JetBrainsMono Nerd Font";
bold.family = "JetBrainsMono Nerd Font";
italic.family = "JetBrainsMono Nerd Font";
bold_italic.family = "JetBrainsMono Nerd Font";
size = 16;
};
window = {
padding = {
x = 15;
y = 15;
};
decorations = "none";
opacity = 1.0;
dynamic_title = true;
};
selection.save_to_clipboard = false;
live_config_reload = true;
colors = {
primary = {
background = "#0d0f18";
foreground = "#a5b6cf";
};
normal = {
black = "#1c1e27";
blue = "#8baff1";
cyan = "#98d3ee";
green = "#95d3af";
magenta = "#c79bf0";
red = "#e26c7c";
white = "#d0d3d8";
yellow = "#f1d8a5";
};
bright = {
black = "#151720";
blue = "#86aaec";
cyan = "#93cee9";
green = "#90ceaa";
magenta = "#c296eb";
red = "#dd6777";
white = "#cbced3";
yellow = "#ecd3a0";
};
cursor = {
cursor = "#a5b6cf";
text = "CellForeground";
};
selection = {
text = "CellForeground";
background = "0x303340";
};
vi_mode_cursor = {
text = "CellBackground";
cursor = "CellForeground";
};
};
};
};
}

44
modules/home/aria2/default.nix
View File

@ -1,44 +0,0 @@
{...}: {
programs.aria2 = {
enable = true;
settings = {
file-allocation = "none";
log-level = "warn";
max-connection-per-server = 16;
min-split-size = "1M";
human-readable = true;
reuse-uri = true;
rpc-save-upload-metadata = true;
max-file-not-found = 0;
remote-time = true;
async-dns = true;
stop = 0;
allow-piece-length-change = true;
optimize-concurrent-downloads = true;
deferred-input = true;
continue = true;
check-integrity = true;
realtime-chunk-checksum = true;
piece-length = "1M";
split = 16;
# Seconds:
save-session-interval = 60;
# Caches in memory
disk-cache = "32M";
save-not-found = true;
download-result = "full";
truncate-console-readout = true;
retry-wait = 30;
max-tries = 15;
enable-color = true;
enable-http-keep-alive = true;
enable-http-pipelining = true;
http-accept-gzip = true;
follow-torrent = true;
bt-save-metadata = true;
seed-time = 0;
bt-load-saved-metadata = true;
metalink-preferred-protocol = "https";
};
};
}

7
modules/home/barrier/default.nix
View File

@ -1,7 +0,0 @@
{pkgs, ...}: {
# services.barrier.client.enable = true;
home.packages = with pkgs; [
barrier
];
}

17
modules/home/bitwarden/default.nix
View File

@ -1,17 +0,0 @@
{
pkgs,
email,
...
}: {
programs.rbw = {
enable = true;
settings = {
base_url = "https://bw.tux.rs";
email = "${email}";
};
};
home.packages = with pkgs; [
bitwarden
];
}

8
modules/home/desktop/awesome/default.nix
View File

@ -1,8 +0,0 @@
{pkgs, ...}: {
home.file = {
".config/awesome" = {
recursive = true;
source = "${pkgs.tux-awesome-wm-config}";
};
};
}

273
modules/home/desktop/hyprland/default.nix
View File

@ -1,273 +0,0 @@
{pkgs, ...}: {
programs = {
waybar = {
enable = true;
};
};
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
settings = let
# Notify
notifycmd = "notify-send -h string:x-canonical-private-synchronous:hypr-cfg -u low";
# Elements
hypr_border_size = 2;
hypr_gaps_in = 5;
hypr_gaps_out = 10;
hypr_gaps_ws = -10;
hypr_rounding = 10;
groupbar_font_family = "Iosevka";
groupbar_font_size = 10;
# Colors
active_border_col = "rgba(90ceaaff) rgba(ecd3a0ff) 45deg";
inactive_border_col = "rgba(86aaeccc) rgba(93cee9cc) 45deg";
active_shadow_col = "0x66000000";
inactive_shadow_col = "0x66000000";
group_border_active_col = "rgba(90ceaaff) rgba(ecd3a0ff) 45deg";
group_border_inactive_col = "rgba(86aaeccc) rgba(93cee9cc) 45deg";
group_border_locked_active_col = "rgba(90ceaaff) rgba(ecd3a0ff) 45deg";
group_border_locked_inactive_col = "rgba(86aaeccc) rgba(93cee9cc) 45deg";
groupbar_text_color = "0xFFf1fcf9";
in {
#-- General
general = {
border_size = hypr_border_size;
gaps_in = hypr_gaps_in;
gaps_out = hypr_gaps_out;
gaps_workspaces = hypr_gaps_ws;
"col.active_border" = active_border_col;
"col.inactive_border" = inactive_border_col;
layout = "master";
resize_on_border = true;
};
#-- Decoration
decoration = {
rounding = hypr_rounding;
active_opacity = 0.75;
inactive_opacity = 0.75;
fullscreen_opacity = 1.0;
drop_shadow = true;
shadow_range = 25;
shadow_render_power = 3;
"col.shadow" = active_shadow_col;
"col.shadow_inactive" = inactive_shadow_col;
blur = {
enabled = true;
size = 5;
passes = 4;
ignore_opacity = true;
xray = true;
special = true;
};
};
#-- Animations
animations = {
enabled = true;
first_launch_animation = true;
animation = [
"windowsIn,1,5,default,popin 0%"
"windowsOut,1,5,default,popin"
"windowsMove,1,5,default,slide"
"fadeIn,1,8,default"
"fadeOut,1,8,default"
"fadeSwitch,1,8,default"
"fadeShadow,1,8,default"
"fadeDim,1,8,default"
"border,1,10,default"
"borderangle,1,10,default"
"workspaces,1,5,default,slide"
"specialWorkspace,1,5,default,fade"
];
};
#-- Input: Keyboard, Mouse, Touchpad
input = {
sensitivity = 0.5;
scroll_method = "2 fg";
natural_scroll = true;
touchpad = {
natural_scroll = true;
clickfinger_behavior = false;
};
};
#-- Group
group = {
"col.border_active" = group_border_active_col;
"col.border_inactive" = group_border_inactive_col;
"col.border_locked_active" = group_border_locked_active_col;
"col.border_locked_inactive" = group_border_locked_inactive_col;
groupbar = {
enabled = true;
font_family = groupbar_font_family;
font_size = groupbar_font_size;
text_color = groupbar_text_color;
"col.active" = group_border_active_col;
"col.inactive" = group_border_inactive_col;
"col.locked_active" = group_border_locked_active_col;
"col.locked_inactive" = group_border_locked_inactive_col;
};
};
#-- Miscellaneous
misc = {
disable_hyprland_logo = true;
force_default_wallpaper = 0;
focus_on_activate = true;
};
#-- Output
monitor = ",preferred,auto,1";
#-- Layout : Dwindle
dwindle = {
pseudotile = false;
force_split = 0;
preserve_split = false;
smart_split = false;
smart_resizing = true;
permanent_direction_override = false;
special_scale_factor = 0.8;
split_width_multiplier = 1.0;
no_gaps_when_only = false;
use_active_for_splits = true;
default_split_ratio = 1.0;
};
#-- Layout : Master
master = {
allow_small_split = false;
special_scale_factor = 0.8;
mfact = 0.5;
new_on_top = false;
no_gaps_when_only = false;
orientation = "left";
inherit_fullscreen = true;
always_center_master = false;
smart_resizing = true;
drop_at_cursor = true;
};
#-- Window Rules
windowrule = [];
#-- Keybindings
bind = let
terminal = "alacritty";
browser = "firefox";
filemanager = "thunar";
editor = "geany";
in [
# groups
"SUPER, G, togglegroup"
"SUPER, G, exec, ${notifycmd} 'Toggled Group Mode'"
"SUPER, H, changegroupactive, b"
"SUPER, L, changegroupactive, f"
"SUPER_SHIFT, L, lockactivegroup, toggle"
"SUPER_SHIFT, L, exec, ${notifycmd} 'Toggled Group Lock'"
# terminal
"SUPER, Return, exec, ${terminal}"
# apps
"SUPER_SHIFT, F, exec, ${filemanager}"
"SUPER_SHIFT, E, exec, ${editor}"
"SUPER_SHIFT, B, exec, ${browser}"
# hyprland
"SUPER, Q, killactive,"
"SUPER, C, killactive,"
"CTRL_ALT, Delete, exit,"
"SUPER, F, fullscreen, 0"
"SUPER, F, exec, ${notifycmd} 'Fullscreen Mode'"
"SUPER, S, pseudo,"
"SUPER, S, exec, ${notifycmd} 'Pseudo Mode'"
"SUPER, Space, togglefloating,"
"SUPER, Space, centerwindow,"
# change focus
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# move active
"SUPER_SHIFT, left, movewindow, l"
"SUPER_SHIFT, right, movewindow, r"
"SUPER_SHIFT, up, movewindow, u"
"SUPER_SHIFT, down, movewindow, d"
# switch between windows
"SUPER,Tab,cyclenext,"
"SUPER,Tab,bringactivetotop,"
# workspaces
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
# send to workspaces
"SUPER_SHIFT, 1, movetoworkspace, 1"
"SUPER_SHIFT, 2, movetoworkspace, 2"
"SUPER_SHIFT, 3, movetoworkspace, 3"
"SUPER_SHIFT, 4, movetoworkspace, 4"
"SUPER_SHIFT, 5, movetoworkspace, 5"
"SUPER_SHIFT, 6, movetoworkspace, 6"
"SUPER_SHIFT, 7, movetoworkspace, 7"
"SUPER_SHIFT, 8, movetoworkspace, 8"
# seamless workspace switching
"CTRL_ALT, left, workspace, e-1"
"CTRL_ALT, right, workspace, e+1"
"CTRL_ALT_SHIFT, left, movetoworkspace, e-1"
"CTRL_ALT_SHIFT, right, movetoworkspace, e+1"
# change workspace mode
"SUPER_CTRL, F, workspaceopt, allfloat"
"SUPER_CTRL, F, exec, ${notifycmd} 'Toggled All Float Mode'"
"SUPER_CTRL, S, workspaceopt, allpseudo"
"SUPER_CTRL, S, exec, ${notifycmd} 'Toggled All Pseudo Mode'"
# misc
"SUPER_SHIFT, P, pin,"
"SUPER_SHIFT, P, exec, ${notifycmd} 'Toggled Pin'"
"SUPER_SHIFT, S, swapnext"
];
binde = [
# resize active
"SUPER_CTRL, left, resizeactive, -20 0"
"SUPER_CTRL, right, resizeactive, 20 0"
"SUPER_CTRL, up, resizeactive, 0 -20"
"SUPER_CTRL, down, resizeactive, 0 20"
# move active (Floating Only)
"SUPER_ALT, left, moveactive, -20 0"
"SUPER_ALT, right, moveactive, 20 0"
"SUPER_ALT, up, moveactive, 0 -20"
"SUPER_ALT, down, moveactive, 0 20"
];
bindm = [
# mouse buttons
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
"exec-once" = [
"${pkgs.swaybg}/bin/swaybg -i ~/Wallpapers/moments_before_desk.png"
"waybar"
];
};
};
}

317
modules/home/desktop/rofi/default.nix
View File

@ -1,317 +0,0 @@
{config, ...}: {
programs.rofi = {
enable = true;
extraConfig = {
terminal = "alacritty";
modes = "combi,keys";
display-window = "window";
display-drun = "run";
display-windowcd = "windowcd";
display-run = "run";
display-ssh = "ssh";
display-combi = "combi";
display-keys = "keys";
display-filebrowser = "filebrowser";
combi-modes = "window,drun";
combi-hide-mode-prefix = false;
combi-display-format = "<i>{mode}</i> {text}";
window-format = "<span fgalpha='65%'>[{w=-1}] </span><b>{c=-1}</b> <span weight='light' fgalpha='65%' size='small'>{t=-1}</span>";
window-thumbnail = false;
drun-url-launcher = "xdg-open";
drun-match-fields = "name,generic,exec,categories,keywords";
drun-display-format = "<b>{name}</b>[ <span weight='light' size='small'><i>({generic})</i></span>][ <span weight='light' fgalpha='65%' size='small'>{exec}</span>]";
drun-show-actions = true;
run-command = "{cmd}";
run-list-command = "";
run-shell-command = "{terminal} -e {cmd}";
matching = "normal";
font = "JetBrains Mono 11";
show-icons = true;
scroll-method = 0;
cycle = false;
fixed-num-lines = false;
};
theme = let
inherit (config.lib.formats.rasi) mkLiteral;
in {
"*" = {
font = "JetBrains Mono 11";
black = mkLiteral "#1d1f21";
white = mkLiteral "#c5c8c6";
red = mkLiteral "#cc6666";
orange = mkLiteral "#de935f";
yellow = mkLiteral "#f0c674";
green = mkLiteral "#7cb36b";
cyan = mkLiteral "#78bab9";
blue = mkLiteral "#81a2be";
magenta = mkLiteral "#b294bb";
black-bright = mkLiteral "#3c4044";
white-bright = mkLiteral "#eaeaea";
red-bright = mkLiteral "#d54e53";
orange-bright = mkLiteral "#e78c45";
yellow-bright = mkLiteral "#e7c547";
green-bright = mkLiteral "#71c464";
cyan-bright = mkLiteral "#6acdcc";
blue-bright = mkLiteral "#7aa6da";
magenta-bright = mkLiteral "#c397d8";
black-66 = mkLiteral "#131415";
white-66 = mkLiteral "#828382";
red-66 = mkLiteral "#864343";
orange-66 = mkLiteral "#92613e";
yellow-66 = mkLiteral "#9e824c";
green-66 = mkLiteral "#517646";
cyan-66 = mkLiteral "#4f7a7a";
blue-66 = mkLiteral "#556a7d";
magenta-66 = mkLiteral "#75617b";
black-33 = mkLiteral "#090a0a";
white-33 = mkLiteral "#414141";
red-33 = mkLiteral "#432121";
orange-33 = mkLiteral "#49301f";
yellow-33 = mkLiteral "#4f4126";
green-33 = mkLiteral "#283b23";
cyan-33 = mkLiteral "#273d3d";
blue-33 = mkLiteral "#2a353e";
magenta-33 = mkLiteral "#3a303d";
common-background = mkLiteral "@black";
common-background-bright = mkLiteral "@black-bright";
common-background-66 = " @black-66";
common-foreground = mkLiteral "@white";
common-foreground-bright = mkLiteral "@white-bright";
common-foreground-66 = mkLiteral "@white-66";
common-primary = mkLiteral "@yellow";
common-primary-bright = mkLiteral "@yellow-bright";
common-primary-66 = mkLiteral "@yellow-66";
common-primary-33 = mkLiteral "@yellow-33";
common-secondary = mkLiteral "@blue";
common-secondary-bright = mkLiteral "@blue-bright";
common-secondary-66 = mkLiteral "@blue-66";
common-secondary-33 = mkLiteral "@blue-33";
common-urgent = mkLiteral "@red";
common-urgent-bright = mkLiteral "@red-bright";
common-urgent-66 = mkLiteral "@red-66";
common-urgent-33 = mkLiteral "@red-33";
background-color = mkLiteral "transparent";
normal-normal-background = mkLiteral "transparent";
normal-normal-foreground = mkLiteral "@common-foreground";
normal-normal-border-color = mkLiteral "transparent";
normal-active-background = mkLiteral "transparent";
normal-active-foreground = mkLiteral "@common-secondary-bright";
normal-active-border-color = mkLiteral "transparent";
normal-urgent-background = mkLiteral "transparent";
normal-urgent-foreground = mkLiteral "@common-urgent-bright";
normal-urgent-border-color = mkLiteral "transparent";
selected-normal-background = mkLiteral "@common-primary-33";
selected-normal-foreground = mkLiteral "@common-primary-bright";
selected-normal-border-color = mkLiteral "@common-primary-66";
selected-active-background = mkLiteral "@common-secondary-33";
selected-active-foreground = mkLiteral "@common-secondary-bright";
selected-active-border-color = mkLiteral "@common-secondary-66";
selected-urgent-background = mkLiteral "@common-urgent-33";
selected-urgent-foreground = mkLiteral "@common-urgent-bright";
selected-urgent-border-color = mkLiteral "@common-urgent-66";
alternate-normal-background = mkLiteral "@normal-normal-background";
alternate-normal-foreground = mkLiteral "@normal-normal-foreground";
alternate-normal-border-color = mkLiteral "@normal-normal-border-color";
alternate-active-background = mkLiteral "@normal-active-background";
alternate-active-foreground = mkLiteral "@normal-active-foreground";
alternate-active-border-color = mkLiteral "@normal-active-border-color";
alternate-urgent-background = mkLiteral "@normal-urgent-background";
alternate-urgent-foreground = mkLiteral "@normal-urgent-foreground";
alternate-urgent-border-color = mkLiteral "@normal-urgent-border-color";
};
"window" = {
background-color = mkLiteral "#1d1f21e6"; #// @black + 0.85 alpha
border = 3;
border-color = mkLiteral "@black-bright";
border-radius = 16;
width = 1024;
height = 460;
};
"mainbox" = {
padding = 16;
spacing = 16;
};
"inputbar" = {
background-color = mkLiteral "#333537"; #// @black-110
border = 1;
border-color = mkLiteral "#606263"; #// @black-130
border-radius = 8;
padding = mkLiteral "12 16";
spacing = 0;
text-color = mkLiteral "@common-foreground";
children = mkLiteral "[ entry, case-indicator, num-filtered-rows, textbox-num-sep, num-rows ]";
};
"prompt" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "@common-foreground-bright";
spacing = 0;
text-transform = mkLiteral "bold";
};
"textbox-prompt-colon" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
margin = mkLiteral "0 0.3em 0 0";
expand = false;
str = "=";
};
"entry" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "@common-foreground-bright";
cursor = "text";
placeholder-color = mkLiteral "@common-foreground-66";
placeholder = "Type to filter";
};
"case-indicator" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
};
"num-filtered-rows" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
expand = false;
};
"textbox-num-sep" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
expand = false;
str = "/";
};
"num-rows" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
expand = false;
};
"message" = {
background-color = mkLiteral "@cyan-33";
border = 1;
border-color = mkLiteral "@cyan-66";
border-radius = 8;
padding = 16;
};
"textbox" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "@cyan-bright";
};
"listview" = {
dynamic = true;
scrollbar = true;
spacing = 0;
};
"scrollbar" = {
background-color = mkLiteral "transparent";
padding = 0;
margin = mkLiteral "0 0 0 4";
handle-width = 8;
border = 0;
handle-color = mkLiteral "#626463"; #// @white-50
};
"element" = {
border = 1;
border-radius = 8;
padding = mkLiteral "6 12";
margin = mkLiteral "1 0";
spacing = 12;
children = mkLiteral "[ element-icon, element-text ]";
};
"element-icon" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
size = mkLiteral "1.0em";
cursor = mkLiteral "inherit";
};
"element-text" = {
background-color = mkLiteral "transparent";
text-color = mkLiteral "inherit";
highlight = mkLiteral "inherit";
cursor = mkLiteral "inherit";
};
"element normal.normal" = {
background-color = mkLiteral "@normal-normal-background";
text-color = mkLiteral "@normal-normal-foreground";
border-color = mkLiteral "@normal-normal-border-color";
};
"element normal.urgent" = {
background-color = mkLiteral "@normal-urgent-background";
text-color = mkLiteral "@normal-urgent-foreground";
border-color = mkLiteral "@normal-urgent-border-color";
};
"element normal.active" = {
background-color = mkLiteral "@normal-active-background";
text-color = mkLiteral "@normal-active-foreground";
border-color = mkLiteral "@normal-active-border-color";
};
"element selected.normal" = {
background-color = mkLiteral "@selected-normal-background";
text-color = mkLiteral "@selected-normal-foreground";
border-color = mkLiteral "@selected-normal-border-color";
};
"element selected.urgent" = {
background-color = mkLiteral "@selected-urgent-background";
text-color = mkLiteral "@selected-urgent-foreground";
border-color = mkLiteral "@selected-urgent-border-color";
};
"element selected.active" = {
background-color = mkLiteral "@selected-active-background";
text-color = mkLiteral "@selected-active-foreground";
border-color = mkLiteral "@selected-active-border-color";
};
"element alternate.normal" = {
background-color = mkLiteral "@alternate-normal-background";
text-color = mkLiteral "@alternate-normal-foreground";
border-color = mkLiteral "@alternate-normal-border-color";
};
"element alternate.urgent" = {
background-color = mkLiteral "@alternate-urgent-background";
text-color = mkLiteral "@alternate-urgent-foreground";
border-color = mkLiteral "@alternate-urgent-border-color";
};
"element alternate.active" = {
background-color = mkLiteral "@alternate-active-background";
text-color = mkLiteral "@alternate-active-foreground";
border-color = mkLiteral "@alternate-active-border-color";
};
};
};
}

338
modules/home/desktop/waybar/default.nix
View File

@ -1,338 +0,0 @@
{...}: {
programs = {
waybar = {
enable = true;
settings = {
mainBar = {
position = "top";
layer = "top";
height = 35;
margin-top = 0;
margin-bottom = 0;
margin-left = 0;
margin-right = 0;
exclusive = true;
passthrough = false;
modules-left = [
"custom/l_end"
"cpu"
"memory"
"custom/r_end"
];
modules-center = [
"custom/l_end"
"hyprland/workspaces"
"custom/r_end"
];
modules-right = [
"custom/l_end"
"network"
"bluetooth"
"battery"
"tray"
"custom/r_end"
];
"hyprland/workspaces" = {
"disable-scroll" = true;
"all-outputs" = true;
"active-only" = false;
"on-click" = "activate";
"persistent-workspaces" = {
"1" = [];
"2" = [];
"3" = [];
"4" = [];
};
};
"network" = {
"tooltip" = true;
"format-wifi" = " <span foreground='#99ffdd'> {bandwidthDownBytes}</span> <span foreground='#ffcc66'> {bandwidthUpBytes}</span>";
"format-ethernet" = "󰈀 <span foreground='#99ffdd'> {bandwidthDownBytes}</span> <span foreground='#ffcc66'> {bandwidthUpBytes}</span>";
"tooltip-format" = "Network= <big><b>{essid}</b></big>\nSignal strength= <b>{signaldBm}dBm ({signalStrength}%)</b>\nFrequency= <b>{frequency}MHz</b>\nInterface= <b>{ifname}</b>\nIP= <b>{ipaddr}/{cidr}</b>\nGateway= <b>{gwaddr}</b>\nNetmask= <b>{netmask}</b>";
"format-linked" = "󰈀 {ifname} (No IP)";
"format-disconnected" = "󰖪 ";
"tooltip-format-disconnected" = "Disconnected";
"interval" = 2;
};
"battery" = {
"states" = {
"good" = 95;
"warning" = 30;
"critical" = 20;
};
"format" = "{icon} {capacity}%";
"format-charging" = " {capacity}%";
"format-plugged" = " {capacity}%";
"format-alt" = "{time} {icon}";
"format-icons" = ["󰂎" "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹"];
};
"bluetooth" = {
"format" = "";
"format-disabled" = "";
"format-connected" = " {num_connections}";
"format-connected-battery" = "{icon} {num_connections}";
# "format-connected-battery"= "{icon} {device_alias}-{device_battery_percentage}%";
"format-icons" = ["󰥇" "󰤾" "󰤿" "󰥀" "󰥁" "󰥂" "󰥃" "󰥄" "󰥅" "󰥆" "󰥈"];
# "format-device-preference"= [ "device1"; "device2" ]; // preference list deciding the displayed device If this config option is not defined or none of the devices in the list are connected; it will fall back to showing the last connected device.
"tooltip-format" = "{controller_alias}\n{num_connections} connected";
"tooltip-format-connected" = "{controller_alias}\n{num_connections} connected\n\n{device_enumerate}";
"tooltip-format-enumerate-connected" = "{device_alias}";
"tooltip-format-enumerate-connected-battery" = "{device_alias}\t{icon} {device_battery_percentage}%";
};
"memory" = {
"states" = {
"c" = 90; # critical
"h" = 60; # high
"m" = 30; # medium
};
"interval" = 30;
"format" = "󰾆 {used}GB";
"format-m" = "󰾅 {used}GB";
"format-h" = "󰓅 {used}GB";
"format-c" = " {used}GB";
"format-alt" = "󰾆 {percentage}%";
"max-length" = 10;
"tooltip" = true;
"tooltip-format" = "󰾆 {percentage}%\n {used=0.1f}GB/{total=0.1f}GB";
};
"cpu" = {
"interval" = 10;
"format" = "󰍛 {usage}%";
"format-alt" = "{icon0}{icon1}{icon2}{icon3}";
"format-icons" = ["" "" "" "" "" "" "" ""];
};
"tray" = {
"icon-size" = 14;
"spacing" = 5;
};
"custom/l_end" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
"custom/r_end" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
"custom/sl_end" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
"custom/sr_end" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
"custom/rl_end" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
"custom/rr_end" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
"custom/padd" = {
"format" = " ";
"interval" = "once";
"tooltip" = false;
};
};
};
style = let
bar_bg = "rgba(23, 28, 34, 0.95)";
main_bg = "#101419";
main_fg = "#93cee9";
wb_act_bg = "#90ceaa";
wb_act_fg = "#1f2328";
wb_hvr_bg = "#90ceaa";
wb_hvr_fg = "#1f2328";
in ''
* {
border: none;
border-radius: 0px;
font-family: "JetBrainsMono Nerd Font";
font-weight: bold;
font-size: 20px;
min-height: 10px;
}
window#waybar {
background: ${bar_bg};
}
tooltip {
background: ${main_bg};
color: ${main_fg};
border-radius: 7px;
border-width: 0px;
}
#workspaces button {
box-shadow: none;
text-shadow: none;
padding: 0px;
border-radius: 9px;
margin-top: 3px;
margin-bottom: 3px;
margin-left: 0px;
padding-left: 3px;
padding-right: 3px;
margin-right: 0px;
color: ${main_fg};
animation: ws_normal 20s ease-in-out 1;
}
#workspaces button.active {
background: ${wb_act_bg};
color: ${wb_act_fg};
margin-left: 3px;
padding-left: 12px;
padding-right: 12px;
margin-right: 3px;
animation: ws_active 20s ease-in-out 1;
transition: all 0.4s cubic-bezier(.55,-0.68,.48,1.682);
}
#workspaces button:hover {
background: ${wb_hvr_bg};
color: ${wb_hvr_fg};
animation: ws_hover 20s ease-in-out 1;
transition: all 0.3s cubic-bezier(.55,-0.68,.48,1.682);
}
#taskbar button {
box-shadow: none;
text-shadow: none;
padding: 0px;
border-radius: 9px;
margin-top: 3px;
margin-bottom: 3px;
margin-left: 0px;
padding-left: 3px;
padding-right: 3px;
margin-right: 0px;
color: @wb-color;
animation: tb_normal 20s ease-in-out 1;
}
#taskbar button.active {
background: ${wb_act_bg};
color: @wb-act-color;
margin-left: 3px;
padding-left: 12px;
padding-right: 12px;
margin-right: 3px;
animation: tb_active 20s ease-in-out 1;
transition: all 0.4s cubic-bezier(.55,-0.68,.48,1.682);
}
#taskbar button:hover {
background: ${wb_hvr_bg};
color: @wb-hvr-color;
animation: tb_hover 20s ease-in-out 1;
transition: all 0.3s cubic-bezier(.55,-0.68,.48,1.682);
}
#backlight,
#battery,
#bluetooth,
#custom-cliphist,
#clock,
#custom-cpuinfo,
#cpu,
#custom-gpuinfo,
#idle_inhibitor,
#language,
#memory,
#custom-mode,
#mpris,
#network,
#custom-power,
#pulseaudio,
#custom-spotify,
#taskbar,
#tray,
#custom-updates,
#custom-wallchange,
#custom-wbar,
#window,
#workspaces,
#custom-l_end,
#custom-r_end,
#custom-sl_end,
#custom-sr_end,
#custom-rl_end,
#custom-rr_end {
color: ${main_fg};
background: ${main_bg};
opacity: 1;
margin: 4px 0px 4px 0px;
padding-left: 4px;
padding-right: 4px;
}
#workspaces,
#taskbar {
padding: 0px;
}
#custom-r_end {
border-radius: 0px 21px 21px 0px;
margin-right: 9px;
padding-right: 3px;
}
#custom-l_end {
border-radius: 21px 0px 0px 21px;
margin-left: 9px;
padding-left: 3px;
}
#custom-sr_end {
border-radius: 0px;
margin-right: 9px;
padding-right: 3px;
}
#custom-sl_end {
border-radius: 0px;
margin-left: 9px;
padding-left: 3px;
}
#custom-rr_end {
border-radius: 0px 7px 7px 0px;
margin-right: 9px;
padding-right: 3px;
}
#custom-rl_end {
border-radius: 7px 0px 0px 7px;
margin-left: 9px;
padding-left: 3px;
}
'';
};
};
}

73
modules/home/firefox/default.nix
View File

@ -1,73 +0,0 @@
{
pkgs,
username,
...
}: {
home.file.".mozilla/firefox/${username}/chrome".source = pkgs.firefox-mod-blur;
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
extraPolicies = {
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxAccounts = false;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = true;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
profiles = {
${username} = {
id = 0;
name = "tux";
search = {
force = true;
default = "Google";
};
settings = {
"general.smoothScroll" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"layout.css.prefers-color-scheme.content-override" = 0;
"browser.compactmode.show" = true;
"browser.tabs.firefox-view" = false;
"browser.bookmarks.addedImportButton" = false;
"extensions.pocket.enabled" = false;
"browser.fullscreen.autohide" = false;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
facebook-container
metamask
darkreader
bitwarden
wappalyzer
clearurls
];
};
};
};
}

46
modules/home/floorp/default.nix
View File

@ -1,46 +0,0 @@
{
username,
pkgs,
...
}: {
programs.floorp = {
enable = true;
profiles = {
${username} = {
id = 0;
name = "${username}";
search = {
force = true;
default = "Google";
};
settings = {
"general.smoothScroll" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"layout.css.prefers-color-scheme.content-override" = 0;
"browser.compactmode.show" = true;
"browser.tabs.firefox-view" = false;
"browser.bookmarks.addedImportButton" = false;
"extensions.pocket.enabled" = false;
"browser.fullscreen.autohide" = false;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
facebook-container
metamask
darkreader
bitwarden
wappalyzer
clearurls
];
};
};
};
}

39
modules/home/ghostty/default.nix
View File

@ -1,39 +0,0 @@
{pkgs, ...}: {
home.file = {
".config/ghostty/config" = {
text = ''
gtk-titlebar = false
window-padding-x = 10
window-padding-y = 10
background-opacity = 0.9
font-size = 14
palette = 0=#252b37
palette = 1=#d0679d
palette = 2=#5de4c7
palette = 3=#fffac2
palette = 4=#89ddff
palette = 5=#fae4fc
palette = 6=#add7ff
palette = 7=#ffffff
palette = 8=#a6accd
palette = 9=#d0679d
palette = 10=#5de4c7
palette = 11=#fffac2
palette = 12=#add7ff
palette = 13=#89ddff
palette = 14=#fcc5e9
palette = 15=#ffffff
background = #0f0f0f
foreground = #a6accd
cursor-color = #f2eacf
selection-background = #1a1a1a
selection-foreground = #f1f1f1
'';
};
};
home.packages = with pkgs; [
ghostty
];
}

20
modules/home/git/default.nix
View File

@ -1,20 +0,0 @@
{
email,
username,
...
}: {
programs.git = {
enable = true;
userName = "${username}";
userEmail = "${email}";
signing = {
key = "~/.ssh/id_ed25519.pub";
signByDefault = true;
};
extraConfig = {
init.defaultBranch = "main";
commit.gpgSign = true;
gpg.format = "ssh";
};
};
}

37
modules/home/helix/default.nix
View File

@ -1,37 +0,0 @@
{pkgs, ...}: {
programs.helix = {
enable = true;
settings = {
theme = "gruvbox";
editor = {
line-number = "relative";
cursorline = true;
color-modes = true;
bufferline = "multiple";
"cursor-shape" = {
insert = "bar";
normal = "block";
select = "underline";
};
};
};
languages = {
language = [
{
name = "nix";
auto-format = true;
}
];
language-server = {
nil = {
command = "${pkgs.nil}/bin/nil";
config.nil.formatting = {
command = "${pkgs.alejandra}/bin/alejandra";
};
};
};
};
};
}

6
modules/home/kdeconnect/default.nix
View File

@ -1,6 +0,0 @@
{...}: {
services.kdeconnect = {
enable = true;
indicator = true;
};
}

5
modules/home/librewolf/default.nix
View File

@ -1,5 +0,0 @@
{...}: {
programs.librewolf = {
enable = true;
};
}

39
modules/home/mopidy/default.nix
View File

@ -1,39 +0,0 @@
{pkgs, ...}: {
programs.ncmpcpp = {
enable = true;
package = pkgs.ncmpcpp.override {
visualizerSupport = true;
clockSupport = true;
};
mpdMusicDir = "~/Music/";
settings = {
mpd_host = "127.0.0.1";
mpd_port = 6600;
mpd_connection_timeout = 20;
visualizer_data_source = "localhost:5555";
visualizer_fps = 60;
visualizer_output_name = "feed";
visualizer_in_stereo = "yes";
visualizer_type = "spectrum";
visualizer_look = "";
visualizer_spectrum_smooth_look = "yes";
visualizer_sync_interval = 0;
song_status_format = "$b$7 $2%a $4$3 $8%t $4$3 $5%b ";
header_visibility = "no";
color1 = "white";
color2 = "green";
};
};
services.mopidy = {
enable = true;
extensionPackages = with pkgs; [
mopidy-mpd
mopidy-spotify
mopidy-soundcloud
mopidy-iris
];
};
}

40
modules/home/nvim/default.nix
View File

@ -1,40 +0,0 @@
{pkgs, ...}: {
home.file = {
".config/nvim" = {
recursive = true;
source = "${pkgs.tux-nvim-config}";
};
};
programs = {
neovim = {
enable = true;
defaultEditor = true;
vimAlias = true;
withPython3 = true;
withNodeJs = true;
};
};
home = {
packages = with pkgs; [
gcc
neovide
# nix
nil # Language Server
statix # Lints and suggestions
deadnix # Find and remove unused
alejandra # Code Formatter
# lua
luarocks
# ts
typescript
gdu
ripgrep
];
};
}

64
modules/home/picom/default.nix
View File

@ -1,64 +0,0 @@
{pkgs, ...}: {
services.picom = {
enable = true;
package = pkgs.picom-next;
backend = "glx";
vSync = true;
fade = true;
fadeDelta = 10;
fadeSteps = [0.05 0.05];
fadeExclude = [
"window_type *= 'menu'"
];
activeOpacity = 1;
inactiveOpacity = 1;
opacityRules = [
"90:class_g = 'rofi'"
"90:class_g = 'thunar'"
"90:class_g = 'spotify'"
"90:class_g = 'discord'"
"90:class_g = 'code'"
"90:class_g = 'org.wezfurlong.wezterm'"
"90:class_g = 'wezterm-floating'"
];
settings = {
glx-no-stencil = true;
glx-copy-from-font = false;
use-damage = false;
frame-opacity = 1;
blur-background = true;
blur-method = "dual_kawase";
blur-strength = 10;
corner-radius = 8;
rounded-corners-exclude = [
"window_type = 'dock'"
];
# pijulius specifics
animations = true;
animation-stiffness = 500;
animation-window-mass = 1.0;
animation-dampening = 26;
animation-delta = 10;
animation-force_steps = false;
animation-clamping = true;
animation-for-open-window = "slide-up";
animation-for-menu-window = "slide-down";
animation-for-transient-window = "slide-down";
animation-for-unmap-window = "slide-up";
animation-for-next-tag = "slide-right";
animation-for-prev-tag = "slide-left";
enable-fading-next-tag = true;
enable-fading-prev-tag = true;
};
};
}

79
modules/home/shell/default.nix
View File

@ -1,79 +0,0 @@
{pkgs, ...}: {
programs = {
bat.enable = true;
zsh = {
enable = true;
shellAliases = {
ls = "lsd";
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
initExtra = ''
nitch
export WINIT_X11_SCALE_FACTOR=1
bindkey "^A" vi-beginning-of-line
bindkey "^E" vi-end-of-line
PATH=$PATH:~/.cargo/bin:~/.local/bin
'';
};
lazygit.enable = true;
zoxide = {
enable = true;
options = ["--cmd cd"];
};
ripgrep.enable = true;
btop = {
enable = true;
settings = {
theme_background = false;
update_ms = 1000;
presets = "cpu:0:default mem:0:default net:0:default";
};
};
go.enable = true;
yazi = {
enable = true;
enableZshIntegration = true;
};
};
home.packages = with pkgs; [
service-wrapper
lsd
nitch
ranger
wget
portal
bore-cli
zip
unzip
pciutils
gnumake
nvtopPackages.full
zellij
nix-output-monitor
fzf
duf
jq
atac
termshark
solc
dig
python312
python312Packages.pipx
nodejs
nodePackages.pnpm
nodePackages.yarn
rustup
bun
nixpkgs-fmt
hunspell
hunspellDicts.en_US
air
templ
ffmpeg
deploy-rs
];
}

48
modules/home/starship/default.nix
View File

@ -1,48 +0,0 @@
{...}: {
programs.starship = {
enable = true;
settings = {
format = ''$os$hostname$directory$rust$golang$solidity$nodejs(bold blue)$git_branch$git_status[](bold yellow)[](bold purple)[](bold blue) '';
scan_timeout = 60;
add_newline = false;
line_break.disabled = true;
os = {
format = "[$symbol ]($style)";
style = "bold green";
disabled = false;
symbols.NixOS = "󰊠";
symbols.Linux = "󰊠";
};
directory = {
format = "[$path]($style)[$read_only ]($read_only_style)";
read_only = " 󰌾";
style = "bold blue";
};
git_branch.format = "[$symbol$branch]($style) ";
hostname = {
ssh_only = false;
format = "[$ssh_symbol$hostname]($style) ";
style = "bold green";
ssh_symbol = "󰇧 ";
disabled = false;
};
rust = {
format = "[$symbol]($style)";
symbol = " ";
};
golang = {
format = "[$symbol]($style)";
symbol = " ";
};
solidity = {
format = "[$symbol]($style)";
symbol = "󰡪 ";
};
nodejs = {
format = "[$symbol]($style)";
symbol = "󰎙 ";
};
};
};
}

9
modules/home/thunderbird/default.nix
View File

@ -1,9 +0,0 @@
{username, ...}: {
programs.thunderbird = {
enable = true;
profiles."${username}" = {
isDefault = true;
};
};
}

38
modules/home/tmux/default.nix
View File

@ -1,38 +0,0 @@
{...}: {
programs.tmux = {
enable = true;
extraConfig = "
set-option -sa terminal-overrides \",xterm*:Tc\"
set -g mouse on
set-option -g status-position top
set-option -g allow-rename off
unbind r
bind r source-file ~/.config/tmux/tmux.conf
# remap prefix from C-b to C-Space
# unbind C-b
# set -g prefix C-Space
# bind C-Space send-prefix
# split panes using | and -
unbind '\"'
unbind %
bind | split-window -h
bind - split-window -v
# Start windows and panes at 1, not 0
set -g base-index 1
set -g pane-base-index 1
set-window-option -g pane-base-index 1
set-option -g renumber-windows on
# switch panes using Alt-arrow without prefix
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
";
};
}

74
modules/home/vs-code/default.nix
View File

@ -1,74 +0,0 @@
{pkgs, ...}: {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
keybindings = [
{
"key" = "f7";
"command" = "-editor.action.wordHighlight.next";
"when" = "editorTextFocus && hasWordHighlights";
}
{
"key" = "f7";
"command" = "-editor.action.accessibleDiffViewer.next";
"when" = "isInDiffEditor";
}
{
"key" = "f7";
"command" = "workbench.action.terminal.toggleTerminal";
"when" = "terminal.active";
}
{
"key" = "ctrl+`";
"command" = "-workbench.action.terminal.toggleTerminal";
"when" = "terminal.active";
}
];
userSettings = {
"window.zoomLevel" = 2;
"window.menuBarVisibility" = "toggle";
"workbench.colorTheme" = "Poimandres Alternate";
"workbench.startupEditor" = "none";
"editor.fontFamily" = "FiraCode NF, FiraCode Nerd Font";
"editor.fontLigatures" = true;
"editor.cursorBlinking" = "smooth";
"editor.minimap.enabled" = false;
"terminal.integrated.fontFamily" = "FiraCode NF, FiraCode Nerd Font , FiraCode";
};
extensions =
(with pkgs.vscode-extensions; [
wakatime.vscode-wakatime
ms-dotnettools.csharp
naumovs.color-highlight
ms-vscode-remote.remote-containers
ms-azuretools.vscode-docker
mikestead.dotenv
golang.go
wix.vscode-import-cost
sumneko.lua
yzhang.markdown-all-in-one
jnoortheen.nix-ide
esbenp.prettier-vscode
prisma.prisma
ms-python.python
ms-vscode-remote.remote-ssh
humao.rest-client
bradlc.vscode-tailwindcss
gruntfuggly.todo-tree
])
++ (with pkgs.vscode-marketplace; [
danielpriestley.poimandres-alternate
pufferbommy.pretty-poimandres
yoavbls.pretty-ts-errors
formulahendry.auto-rename-tag
chakrounanas.turbo-console-log
streetsidesoftware.code-spell-checker
]);
};
}

31
modules/home/wezterm/default.nix
View File

@ -1,31 +0,0 @@
{
inputs,
pkgs,
...
}: {
programs.wezterm = {
enable = true;
package = inputs.wezterm-flake.packages."${pkgs.system}".default;
enableZshIntegration = false;
extraConfig = ''
local wezterm = require 'wezterm'
local config = {}
config.window_close_confirmation = 'NeverPrompt'
config.color_scheme = 'Poimandres'
config.colors = {
background = "#0f0f0f"
}
config.enable_tab_bar = false
config.font = wezterm.font_with_fallback {
'JetBrainsMono Nerd Font',
}
config.font_size = 14.0
config.window_background_opacity = 1
config.audible_bell = "Disabled"
return config
'';
};
}

69
modules/nixos/desktop/awesome/default.nix
View File

@ -1,69 +0,0 @@
{
lib,
pkgs,
...
}: {
services = {
displayManager = {
defaultSession = "none+awesome";
sddm = {
package = pkgs.libsForQt5.sddm;
extraPackages = with pkgs; [libsForQt5.qt5.qtgraphicaleffects];
enable = true;
theme = "sugar-dark";
};
};
xserver = {
enable = true;
windowManager.awesome = {
enable = true;
luaModules = lib.attrValues {
inherit
(pkgs.luajitPackages)
lgi
ldbus
luadbi-mysql
luaposix
dkjson
;
};
};
};
acpid.enable = true;
picom.enable = true;
upower.enable = true;
blueman.enable = true;
};
programs.dconf.enable = true;
environment.systemPackages = with pkgs; [
luajit
acpi
linuxKernel.packages.linux_zen.acpi_call
lxappearance
inotify-tools
polkit_gnome
xdotool
xclip
xorg.xbacklight
stable.gpick
alsa-utils
pavucontrol
brightnessctl
libnotify
feh
maim
mpdris2
python311Packages.mutagen
xdg-utils
playerctl
pulsemixer
procps
sct
slop
sddm-sugar-dark
];
}

14
modules/nixos/desktop/default.nix
View File

@ -1,14 +0,0 @@
{...}: {
xdg.mime = {
enable = true;
defaultApplications = {
"application/pdf" = ["firefox.desktop"];
"default-web-browser" = ["firefox.desktop"];
"text/html" = ["firefox.desktop"];
"x-scheme-handler/http" = ["firefox.desktop"];
"x-scheme-handler/https" = ["firefox.desktop"];
"x-scheme-handler/about" = ["firefox.desktop"];
"x-scheme-handler/unknown" = ["firefox.desktop"];
};
};
}

3
modules/nixos/desktop/hyprland/default.nix
View File

@ -1,3 +0,0 @@
{...}: {
programs.hyprland.enable = true;
}

32
modules/nixos/fail2ban.nix
View File

@ -1,32 +0,0 @@
{config, ...}: let
isFirewallEnabled = config.networking.firewall.enable;
in {
services.fail2ban = {
enable = isFirewallEnabled;
maxretry = 5;
banaction = "iptables-multiport[blocktype=DROP]";
ignoreIP = [
"127.0.0.0/8"
"10.0.0.0/8"
"192.168.0.0/16"
];
bantime = "24h";
bantime-increment = {
enable = true;
rndtime = "12m";
overalljails = true;
multipliers = "4 8 16 32 64 128 256 512 1024 2048";
maxtime = "192h";
};
jails = {
sshd.settings = {
enabled = true;
port = toString config.services.openssh.ports;
mode = "aggressive";
filter = "sshd";
};
};
};
}

69
modules/nixos/networking/ssh.nix
View File

@ -1,69 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.tux.services.openssh;
# Sops needs acess to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = config.environment.persistence."/persist".enable;
in {
options.tux.services.openssh = {
enable = mkEnableOption "Enable OpenSSH server";
ports = mkOption {
type = types.listOf types.port;
default = [22];
description = ''
Specifies on which ports the SSH daemon listens.
'';
};
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
startWhenNeeded = true;
allowSFTP = true;
ports = cfg.ports;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AuthenticationMethods = "publickey";
PubkeyAuthentication = "yes";
ChallengeResponseAuthentication = "no";
UsePAM = false;
UseDns = false;
X11Forwarding = false;
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com"
"diffie-hellman-group-exchange-sha256"
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
};
hostKeys = [
{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
};
}

8
modules/nixos/selfhosted/adguard.nix
View File

@ -1,8 +0,0 @@
{...}: {
services = {
adguardhome = {
enable = true;
openFirewall = true;
};
};
}

61
modules/nixos/selfhosted/containers/cs2.nix
View File

@ -1,61 +0,0 @@
{config, ...}: {
virtualisation.oci-containers.containers.cs2-server = {
image = "joedwards32/cs2";
environmentFiles = [
config.sops.secrets."cs2_secrets/SRCDS_TOKEN".path
config.sops.secrets."cs2_secrets/CS2_RCONPW".path
config.sops.secrets."cs2_secrets/CS2_PW".path
];
environment = {
# Server configuration
STEAMAPPVALIDATE = "0";
CS2_SERVERNAME = "tux's CS-2 Server";
CS2_CHEATS = "0";
CS2_PORT = "27015";
CS2_SERVER_HIBERNATE = "1";
CS2_RCON_PORT = "";
CS2_LAN = "0";
CS2_MAXPLAYERS = "10";
CS2_ADDITIONAL_ARGS = "";
CS2_CFG_URL = "";
# Game modes
CS2_GAMEALIAS = "competitive";
CS2_GAMETYPE = "0";
CS2_GAMEMODE = "1";
CS2_MAPGROUP = "mg_active";
CS2_STARTMAP = "de_mirage";
# Workshop Maps
CS2_HOST_WORKSHOP_COLLECTION = "";
CS2_HOST_WORKSHOP_MAP = "";
# Bots
CS2_BOT_DIFFICULTY = "3";
CS2_BOT_QUOTA = "";
CS2_BOT_QUOTA_MODE = "";
# TV
TV_AUTORECORD = "0";
TV_ENABLE = "0";
TV_PORT = "27020";
TV_PW = "changeme";
TV_RELAY_PW = "changeme";
TV_MAXRATE = "0";
TV_DELAY = "0";
# Logs
CS2_LOG = "on";
CS2_LOG_MONEY = "0";
CS2_LOG_DETAIL = "0";
CS2_LOG_ITEMS = "0";
};
volumes = [
"cs2:/home/steam/cs2-dedicated"
];
ports = [
"27015:27015/tcp"
"27015:27015/udp"
"27020:27020/udp"
];
extraOptions = [
"--interactive"
];
};
}

86
modules/nixos/selfhosted/cyber-tux.nix
View File

@ -1,86 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.tux.services.cyber-tux;
in {
options.tux.services.cyber-tux = {
enable = mkEnableOption "Enable CyberTux Discord bot";
user = mkOption {
type = types.str;
default = "cyber-tux";
description = "User under which the CyberTux service runs.";
};
group = mkOption {
type = types.str;
default = "cyber-tux";
description = "Group under which the CyberTux service runs.";
};
environmentFile = mkOption {
type = types.path;
description = "Environment file containing DISCORD_TOKEN";
};
};
config = mkIf cfg.enable {
systemd.services = {
cyber-tux = {
description = "A discord bot for my server";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
User = "cyber-tux";
Group = "cyber-tux";
EnvironmentFile = cfg.environmentFile;
ExecStart = getExe pkgs.cyber-tux;
Restart = "always";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = "uts ipc pid user cgroup";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = ["@system-service"];
UMask = "0077";
};
};
};
# Ensure the user and group exist
users.users = mkIf (cfg.user == "cyber-tux") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "CyberTux service user";
home = "/var/lib/cyber-tux";
createHome = true;
};
};
users.groups = mkIf (cfg.group == "cyber-tux") {
${cfg.group} = {};
};
};
}

29
modules/nixos/selfhosted/gitea.nix
View File

@ -1,29 +0,0 @@
{lib, ...}: {
services = {
gitea = {
enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
server = {
DOMAIN = "git.tux.rs";
ROOT_URL = "https://git.tux.rs";
};
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"git.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3000";
};
};
};
};
};
};
}

65
modules/nixos/selfhosted/headscale.nix
View File

@ -1,65 +0,0 @@
{
config,
pkgs,
lib,
email,
...
}: {
security = {
acme = {
defaults.email = "${email}";
acceptTerms = true;
};
};
services = {
headscale = {
enable = true;
port = 8080;
address = "0.0.0.0";
settings = {
dns = {
base_domain = "hs.tux.rs";
search_domains = ["tux.rs"];
magic_dns = true;
nameservers.global = [
"9.9.9.9"
];
};
# server_url = "https://hs.tux.rs:443";
metrics_listen_addr = "0.0.0.0:8095";
logtail = {
enabled = false;
};
log = {
level = "warn";
};
ip_prefixes = [
"100.64.0.0/10"
"fd7a:115c:a1e0::/48"
];
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"hs.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
"/metrics" = {
proxyPass = "http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
};
};
};
};
};
};
environment.systemPackages = with pkgs; [headscale];
}

24
modules/nixos/selfhosted/kasmweb.nix
View File

@ -1,24 +0,0 @@
{lib, ...}: {
services = {
kasmweb = {
enable = true;
listenPort = 8843;
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"kasm.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "https://127.0.0.1:8843";
proxyWebsockets = true;
};
};
};
};
};
};
}

45
modules/nixos/selfhosted/monitoring/grafana.nix
View File

@ -1,45 +0,0 @@
{
lib,
username,
email,
...
}: {
services = {
grafana = {
enable = true;
settings = {
server.http_port = 8888;
security = {
admin_user = "${username}";
admin_email = "${email}";
};
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"grafana.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:8888";
proxyWebsockets = true;
};
"/api/live/" = {
proxyPass = "http://localhost:8888";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
'';
};
};
};
};
};
};
}

77
modules/nixos/selfhosted/monitoring/loki.nix
View File

@ -1,77 +0,0 @@
{lib, ...}: {
services = {
loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
};
common = {
ring = {
instance_addr = "127.0.0.1";
kvstore = {
store = "inmemory";
};
};
replication_factor = 1;
path_prefix = "/tmp/loki";
};
schema_config = {
configs = [
{
from = "2020-05-15";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
filesystem = {
directory = "/tmp/loki/chunks";
};
};
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"loki.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3100";
extraConfig = ''
proxy_http_version 1.1;
proxy_read_timeout 1800s;
proxy_connect_timeout 1600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_redirect off;
'';
};
"/ready" = {
proxyPass = "http://localhost:3100";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_redirect off;
'';
};
};
};
};
};
};
}

55
modules/nixos/selfhosted/monitoring/promtail.nix
View File

@ -1,55 +0,0 @@
{lib, ...}: {
services = {
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
positions = {
filename = "/var/lib/promtail/positions.yaml";
};
clients = [
{
url = "https://loki.tux.rs/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
};
};
relabel_configs = [
{
source_labels = [
"__journal__systemd_unit"
];
target_label = "unit";
}
];
}
];
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"promtail.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:9080";
};
};
};
};
};
};
}

48
modules/nixos/selfhosted/nextcloud.nix
View File

@ -1,48 +0,0 @@
{
config,
pkgs,
lib,
username,
...
}: {
services = {
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"cloud.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
};
};
};
nextcloud = {
enable = true;
hostName = "cloud.tux.rs";
package = pkgs.nextcloud30;
database.createLocally = true;
configureRedis = true;
maxUploadSize = "16G";
https = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit mail spreed;
};
config = {
dbtype = "sqlite";
adminuser = "${username}";
adminpassFile = config.sops.secrets.nextcloud_password.path;
};
settings = {
overwriteProtocol = "https";
default_phone_region = "IN";
};
};
};
environment.systemPackages = with pkgs; [nextcloud30];
}

28
modules/nixos/selfhosted/ntfy-sh.nix
View File

@ -1,28 +0,0 @@
{lib, ...}: {
services = {
ntfy-sh = {
enable = true;
settings = {
listen-http = ":7070";
base-url = "https://ntfy.tux.rs";
behind-proxy = true;
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"ntfy.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:7070";
proxyWebsockets = true;
};
};
};
};
};
};
}

11
modules/nixos/selfhosted/open-webui.nix
View File

@ -1,11 +0,0 @@
{...}: {
services.open-webui = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
environment = {
ENABLE_OLLAMA_API = "True";
OLLAMA_BASE_URL = "http://pc:11434";
};
};
}

39
modules/nixos/selfhosted/plausible.nix
View File

@ -1,39 +0,0 @@
{
config,
lib,
...
}: {
services = {
plausible = {
enable = true;
server = {
baseUrl = "https://plausible.tux.rs";
port = 2100;
disableRegistration = true;
secretKeybaseFile = config.sops.secrets.plausible_key.path;
};
database.postgres = {
dbname = "plausible";
socket = "/run/postgresql";
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"plausible.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:2100";
proxyWebsockets = true;
};
};
};
};
};
};
}

97
modules/nixos/selfhosted/postgresql.nix
View File

@ -1,97 +0,0 @@
{
lib,
pkgs,
...
}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
ensureDatabases = [
"plausible"
"wakapi"
];
ensureUsers = [
{
name = "postgres";
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
{
name = "plausible";
ensureDBOwnership = true;
}
{
name = "wakapi";
ensureDBOwnership = true;
}
];
checkConfig = true;
enableTCPIP = false;
settings = {
max_connections = 100;
superuser_reserved_connections = 3;
shared_buffers = "1024 MB";
work_mem = "32 MB";
maintenance_work_mem = "320 MB";
huge_pages = "off";
effective_cache_size = "3 GB";
effective_io_concurrency = 100;
random_page_cost = 1.25;
shared_preload_libraries = "pg_stat_statements";
track_io_timing = "on";
track_functions = "pl";
wal_level = "replica";
max_wal_senders = 0;
synchronous_commit = "on";
checkpoint_timeout = "15 min";
checkpoint_completion_target = 0.9;
max_wal_size = "1024 MB";
min_wal_size = "512 MB";
wal_compression = "on";
wal_buffers = -1;
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
max_worker_processes = 3;
max_parallel_workers_per_gather = 2;
max_parallel_maintenance_workers = 2;
max_parallel_workers = 3;
parallel_leader_participation = "on";
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
log_destination = lib.mkForce "syslog";
};
};
}

9
modules/nixos/selfhosted/rustdesk-server.nix
View File

@ -1,9 +0,0 @@
{...}: {
services = {
rustdesk-server = {
enable = true;
openFirewall = true;
signal.relayHosts = ["156.67.105.203"];
};
};
}

43
modules/nixos/selfhosted/searx.nix
View File

@ -1,43 +0,0 @@
{
pkgs,
lib,
config,
...
}: {
services = {
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = config.sops.secrets.searx_secret_key.path;
settings = {
general = {
instance_name = "SearXNG";
};
server = {
bind_address = "0.0.0.0";
port = 3415;
base_url = "https://sx.tux.rs";
secret_key = "@secret_key@";
};
search = {
autocomplete = "google";
};
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"sx.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3415";
};
};
};
};
};
};
}

28
modules/nixos/selfhosted/silver-bullet.nix
View File

@ -1,28 +0,0 @@
{
lib,
config,
...
}: {
services = {
silverbullet = {
enable = true;
listenPort = 9876;
envFile = config.sops.secrets.silver_bullet.path;
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"notes.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:9876";
};
};
};
};
};
};
}

102
modules/nixos/selfhosted/tfolio.nix
View File

@ -1,102 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.tux.services.tfolio;
in {
options.tux.services.tfolio = {
enable = mkEnableOption "Enable tfolio";
host = mkOption {
type = lib.types.str;
default = "0.0.0.0";
description = "IP address or hostname on which the tfolio service will listen.";
};
port = mkOption {
type = lib.types.port;
default = 22;
description = "Port number on which the tfolio service will listen.";
};
dataDir = mkOption {
type = lib.types.str;
default = "/var/lib/tfolio/";
description = "Directory where tfolio will store its data files.";
};
user = mkOption {
type = types.str;
default = "tfolio";
description = "User under which the tfolio service runs.";
};
group = mkOption {
type = types.str;
default = "tfolio";
description = "Group under which the tfolio service runs.";
};
};
config = mkIf cfg.enable {
systemd.services = {
tfolio = {
description = "my portfolio in a ssh session";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStart = "${getExe pkgs.tfolio} -l ${cfg.host} -p ${toString cfg.port} -d ${cfg.dataDir}";
Restart = "always";
StateDirectory = "tfolio";
# Allow binding to privileged ports
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = "read-only";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "full";
RestrictNamespaces = "uts ipc pid user cgroup";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = ["@system-service"];
UMask = "0077";
};
};
};
# Ensure the user and group exist
users.users = mkIf (cfg.user == "tfolio") {
${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "tfolio service user";
home = "/var/lib/tfolio";
createHome = true;
};
};
users.groups = mkIf (cfg.group == "tfolio") {
${cfg.group} = {};
};
};
}

60
modules/nixos/selfhosted/upstream-proxy.nix
View File

@ -1,60 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.tux.services.nginxStreamProxy;
upstreamServerType = lib.types.submodule ({config, ...}: {
options = {
address = lib.mkOption {
type = lib.types.str;
description = "IP address or hostname of the upstream server";
};
port = lib.mkOption {
type = lib.types.port;
default = 9999;
description = "Port number of the upstream server";
};
listenPort = lib.mkOption {
type = lib.types.port;
default = config.port;
defaultText = lib.literalExpression "port";
description = "Local port to listen for incoming connections (defaults to port)";
};
};
});
in {
options.tux.services.nginxStreamProxy = {
enable = lib.mkEnableOption "Enable nginx TCP stream proxy";
upstreamServers = lib.mkOption {
type = lib.types.listOf upstreamServerType;
default = [
{
address = "0.0.0.0";
port = 9999;
}
];
description = "List of upstream servers to proxy to, each with its own listen port";
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = map (server: server.listenPort) cfg.upstreamServers;
services.nginx = {
enable = lib.mkForce true;
package = pkgs.nginx.override {withStream = true;};
streamConfig =
lib.concatMapStringsSep "\n" (server: ''
server {
listen ${toString server.listenPort};
proxy_pass ${server.address}:${toString server.port};
}
'')
cfg.upstreamServers;
};
};
}

22
modules/nixos/selfhosted/uptime-kuma.nix
View File

@ -1,22 +0,0 @@
{lib, ...}: {
services = {
uptime-kuma = {
enable = true;
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"uptime.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3001";
};
};
};
};
};
};
}

29
modules/nixos/selfhosted/vaultwarden.nix
View File

@ -1,29 +0,0 @@
{lib, ...}: {
services = {
vaultwarden = {
enable = true;
config = {
domain = "https://bw.tux.rs";
enableWebsocket = true;
signupsAllowed = true;
disableIconDownload = true;
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"bw.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:8000";
proxyWebsockets = true;
};
};
};
};
};
};
}

50
modules/nixos/selfhosted/wakapi.nix
View File

@ -1,50 +0,0 @@
{
lib,
config,
...
}: {
services = {
wakapi = {
enable = true;
passwordSaltFile = config.sops.secrets.wakapi_salt.path;
database.createLocally = true;
settings = {
app.avatar_url_template = "https://www.gravatar.com/avatar/{email_hash}.png";
server = {
port = 15999;
public_url = "https://wakapi.tux.rs";
};
db = {
dialect = "postgres";
host = "/run/postgresql";
port = 5432;
name = "wakapi";
user = "wakapi";
};
security = {
allow_signup = false;
disable_frontpage = true;
};
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"wakapi.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:15999";
proxyWebsockets = true;
};
};
};
};
};
};
}

Some files were not shown because too many files have changed in this diff Show More