nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Massive nixfmt reformatting

Browse source
This commit is contained in:
Natsu Kagami 2025-04-03 13:59:50 +02:00
parent fe4492f004
commit b29ddd5e65
Signed by: nki
GPG key ID: 55A032EB38B49ADB
109 changed files with 4323 additions and 2368 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cachix.nix
View file

@ -1,4 +1,3 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
@ -7,7 +6,8 @@ let
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
in
{
inherit imports;
nix.settings.substituters = ["https://cache.nixos.org/"];
nix.settings.substituters = [ "https://cache.nixos.org/" ];
}

1
cachix/natsukagami.nix
View file

@ -1,4 +1,3 @@
{
nix = {
settings = {

35
common.nix
View file

@ -1,16 +1,33 @@
let
# Default shell
defaultShell = { lib, pkgs, config, ... }: with lib; {
environment.shells = with pkgs; [ bash fish ];
users.users = mkMerge [
{ nki.shell = pkgs.bash; }
# (mkIf (builtins.hasAttr "natsukagami" config.users.users) { natsukagami.shell = pkgs.fish; })
];
};
defaultShell =
{
lib,
pkgs,
config,
...
}:
with lib;
{
environment.shells = with pkgs; [
bash
fish
];
users.users = mkMerge [
{ nki.shell = pkgs.bash; }
# (mkIf (builtins.hasAttr "natsukagami" config.users.users) { natsukagami.shell = pkgs.fish; })
];
};
in
# Common stuff
{ lib, pkgs, config, ... }:
with lib; {
{
lib,
pkgs,
config,
...
}:
with lib;
{
imports = [
# defaultShell
./modules/services/nix-cache

11
darwin/brew.nix
View file

@ -1,11 +1,14 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
homebrew.enable = true;
homebrew.brewPrefix =
if pkgs.stdenv.isAarch64 then "/opt/homebrew/bin"
else "/usr/local/bin";
homebrew.brewPrefix = if pkgs.stdenv.isAarch64 then "/opt/homebrew/bin" else "/usr/local/bin";
homebrew.onActivation.cleanup = "zap";
homebrew.onActivation.upgrade = true;

13
darwin/configuration.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
@ -7,8 +12,10 @@
];
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages =
with pkgs; [ podman qemu ];
environment.systemPackages = with pkgs; [
podman
qemu
];
environment.shells = with pkgs; [ fish ];

199
flake.nix
View file

@ -61,86 +61,120 @@
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
};
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, ... }@inputs:
outputs =
{
self,
darwin,
nixpkgs,
nixpkgs-unstable,
home-manager,
deploy-rs,
sops-nix,
...
}@inputs:
let
overlays = import ./overlay.nix inputs;
lib = nixpkgs.lib;
applyOverlays = { ... }: {
nixpkgs.overlays = lib.mkAfter overlays;
};
nixpkgsAsRegistry_ = stable: { lib, ... }: {
imports = [ applyOverlays ];
nix.registry.current-system.flake = self;
nix.registry.nixpkgs-unstable.flake = nixpkgs-unstable;
nixpkgs.config.allowUnfree = true;
nix.nixPath = lib.mkDefault [
"nixpkgs-unstable=${nixpkgs-unstable}"
];
};
osuStable = { pkgs, ... }: {
nix.settings = {
substituters = [ "https://nix-gaming.cachix.org" ];
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
applyOverlays =
{ ... }:
{
nixpkgs.overlays = lib.mkAfter overlays;
};
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
nixpkgsAsRegistry_ =
stable:
{ lib, ... }:
{
imports = [ applyOverlays ];
nix.registry.current-system.flake = self;
nix.registry.nixpkgs-unstable.flake = nixpkgs-unstable;
nixpkgs.config.allowUnfree = true;
nix.nixPath = lib.mkDefault [
"nixpkgs-unstable=${nixpkgs-unstable}"
];
};
osuStable =
{ pkgs, ... }:
{
nix.settings = {
substituters = [ "https://nix-gaming.cachix.org" ];
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
};
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
};
};
# Common Nix modules
common-nix = stable: { ... }: {
imports = [
(nixpkgsAsRegistry_ stable)
./common.nix
sops-nix.nixosModules.sops
inputs.lix-module.nixosModules.default
];
config.nix.settings.extra-deprecated-features = [ "url-literals" ]; # So lix won't complain
};
common-nixos = stable: { ... }: {
imports = [
./modules/my-tinc
./modules/common/linux
(common-nix stable)
inputs.secrets.nixosModules.common
inputs.nix-gaming.nixosModules.pipewireLowLatency
inputs.niri.nixosModules.niri
];
};
common-nix =
stable:
{ ... }:
{
imports = [
(nixpkgsAsRegistry_ stable)
./common.nix
sops-nix.nixosModules.sops
inputs.lix-module.nixosModules.default
];
config.nix.settings.extra-deprecated-features = [ "url-literals" ]; # So lix won't complain
};
common-nixos =
stable:
{ ... }:
{
imports = [
./modules/my-tinc
./modules/common/linux
(common-nix stable)
inputs.secrets.nixosModules.common
inputs.nix-gaming.nixosModules.pipewireLowLatency
inputs.niri.nixosModules.niri
];
};
mkPersonalSystem = nixpkgs-module: system: { configuration
, homeManagerUsers ? { }
, extraModules ? [ ]
, includeCommonModules ? true
,
}:
mkPersonalSystem =
nixpkgs-module: system:
{
configuration,
homeManagerUsers ? { },
extraModules ? [ ],
includeCommonModules ? true,
}:
let
home-manager-module =
if nixpkgs-module == inputs.nixpkgs then inputs.home-manager
else if nixpkgs-module == inputs.nixpkgs-unstable then inputs.home-manager-unstable
else builtins.abort "Unknown nixpkgs module, use `nixpkgs` or `nixpkgs-unstable`";
if nixpkgs-module == inputs.nixpkgs then
inputs.home-manager
else if nixpkgs-module == inputs.nixpkgs-unstable then
inputs.home-manager-unstable
else
builtins.abort "Unknown nixpkgs module, use `nixpkgs` or `nixpkgs-unstable`";
in
nixpkgs-module.lib.nixosSystem {
inherit system;
modules =
(if includeCommonModules then [
(common-nixos nixpkgs-module)
] else [ ]) ++ [
(
if includeCommonModules then
[
(common-nixos nixpkgs-module)
]
else
[ ]
)
++ [
configuration
# Home Manager
home-manager-module.nixosModules.home-manager
@ -149,7 +183,8 @@
home-manager.useUserPackages = true;
home-manager.users = homeManagerUsers;
}
] ++ extraModules;
]
++ extraModules;
};
in
@ -186,14 +221,17 @@
homeManagerUsers.nki = import ./home/nki-x1c1.nix;
extraModules = [
inputs.lanzaboote.nixosModules.lanzaboote
({ ... }: {
# Sets up secure boot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
})
(
{ ... }:
{
# Sets up secure boot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}
)
];
};
# framework configuration
@ -203,14 +241,17 @@
extraModules = [
inputs.lanzaboote.nixosModules.lanzaboote
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
({ ... }: {
# Sets up secure boot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
})
(
{ ... }:
{
# Sets up secure boot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}
)
];
};
# macbook nixos

93
home/common-linux.nix
View file

@ -1,24 +1,34 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
kwallet = { pkgs, lib, ... }: {
home.packages = with pkgs; [ kdePackages.kwallet kdePackages.ksshaskpass ];
home.sessionVariables = {
# https://wiki.archlinux.org/title/KDE_Wallet#Using_the_KDE_Wallet_to_store_ssh_key_passphrases
SSH_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass;
SSH_ASKPASS_REQUIRE = "prefer";
kwallet =
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
kdePackages.kwallet
kdePackages.ksshaskpass
];
home.sessionVariables = {
# https://wiki.archlinux.org/title/KDE_Wallet#Using_the_KDE_Wallet_to_store_ssh_key_passphrases
SSH_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass;
SSH_ASKPASS_REQUIRE = "prefer";
};
# Enable this for sway
wayland.windowManager.sway.config.startup = [
{ command = "${pkgs.kdePackages.kwallet-pam}/libexec/pam_kwallet_init"; }
];
# Automatic dbus activation
xdg.dataFile."dbus-1/services/org.freedesktop.secrets.service".text = ''
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=${pkgs.kdePackages.kwallet}/bin/kwalletd6
'';
};
# Enable this for sway
wayland.windowManager.sway.config.startup = [
{ command = "${pkgs.kdePackages.kwallet-pam}/libexec/pam_kwallet_init"; }
];
# Automatic dbus activation
xdg.dataFile."dbus-1/services/org.freedesktop.secrets.service".text = ''
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=${pkgs.kdePackages.kwallet}/bin/kwalletd6
'';
};
in
{
imports = [
@ -27,33 +37,34 @@ in
./modules/X11/xfce4-notifyd.nix
kwallet
];
config = (mkIf pkgs.stdenv.isLinux {
home.packages = with pkgs; [
psmisc # killall and friends
file # Query file type
zip
python3
config = (
mkIf pkgs.stdenv.isLinux {
home.packages = with pkgs; [
psmisc # killall and friends
file # Query file type
zip
python3
pinentry-gnome3 # until pinentry-qt introduces caching
];
pinentry-gnome3 # until pinentry-qt introduces caching
];
systemd.user.startServices = "sd-switch";
systemd.user.startServices = "sd-switch";
# Audio stuff!
# services.easyeffects.enable = true;
# Audio stuff!
# services.easyeffects.enable = true;
# Bluetooth controls
# services.mpris-proxy.enable = true;
# Bluetooth controls
# services.mpris-proxy.enable = true;
# Owncloud
services.owncloud-client.enable = true;
services.owncloud-client.package = pkgs.owncloud-client.overrideAttrs (attrs: {
buildInputs = attrs.buildInputs ++ [ pkgs.qt6.qtwayland ];
});
systemd.user.services.owncloud-client.Unit.After = [ "graphical-session.target" ];
# Owncloud
services.owncloud-client.enable = true;
services.owncloud-client.package = pkgs.owncloud-client.overrideAttrs (attrs: {
buildInputs = attrs.buildInputs ++ [ pkgs.qt6.qtwayland ];
});
systemd.user.services.owncloud-client.Unit.After = [ "graphical-session.target" ];
# UDisks automounter
services.udiskie.enable = true;
});
# UDisks automounter
services.udiskie.enable = true;
}
);
}

8
home/common.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
@ -52,7 +57,6 @@
$pdf_previewer = '${lib.getExe' pkgs.xdg-utils "xdg-open"}';
'';
home.sessionVariables = {
# Bat theme
BAT_THEME = "GitHub";

24
home/fish/fish.nix
View file

@ -1,4 +1,10 @@
{ config, options, pkgs, lib, ... }:
{
config,
options,
pkgs,
lib,
...
}:
with lib;
let
@ -157,7 +163,6 @@ in
};
};
tide = {
enable = true;
leftItems = options.programs.fish.tide.leftItems.default;
@ -172,10 +177,7 @@ in
};
everywhereAbbrs = {
lsports =
if pkgs.stdenv.isDarwin
then "lsof -i -P | grep LISTEN"
else "ss -tulp";
lsports = if pkgs.stdenv.isDarwin then "lsof -i -P | grep LISTEN" else "ss -tulp";
};
shellInit = ''
@ -234,11 +236,11 @@ in
bind -M default gl end-of-line
# Everywhere abbrs
${
concatStringsSep "\n"
(mapAttrsToList (k: v: "abbr --add --position anywhere -- ${k} ${escapeShellArg v}")
config.programs.fish.everywhereAbbrs)
}
${concatStringsSep "\n" (
mapAttrsToList (
k: v: "abbr --add --position anywhere -- ${k} ${escapeShellArg v}"
) config.programs.fish.everywhereAbbrs
)}
# Replace today with actual today
abbr --add --position anywhere today -f echo-today

48
home/fish/tide/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -42,25 +47,38 @@ in
leftItems = mkOption {
type = types.listOf types.str;
description = "The list of left-items. Note that `newline` and `character` is not included here and will always appear last";
default = [ "os" "context" "pwd" "git" ];
default = [
"os"
"context"
"pwd"
"git"
];
};
};
config.programs.fish =
let
tideItems = attrsets.mapAttrs' (name: def: { name = "_tide_item_${name}"; value = def; });
tideItems = attrsets.mapAttrs' (
name: def: {
name = "_tide_item_${name}";
value = def;
}
);
in
mkIf cfg.enable {
functions = tideItems ({
nix_shell = ''
# In a Nix Shell
if set -qx DIRENV_FILE && test -f $DIRENV_FILE && rg -q "^use flake" $DIRENV_FILE
set -U tide_nix_shell_color "FFA500"
set -U tide_nix_shell_bg_color normal
_tide_print_item nix_shell ""
end
'';
} // cfg.items);
functions = tideItems (
{
nix_shell = ''
# In a Nix Shell
if set -qx DIRENV_FILE && test -f $DIRENV_FILE && rg -q "^use flake" $DIRENV_FILE
set -U tide_nix_shell_color "FFA500"
set -U tide_nix_shell_bg_color normal
_tide_print_item nix_shell ""
end
'';
}
// cfg.items
);
plugins = [
{
name = "tide";
@ -78,7 +96,9 @@ in
config.xdg.configFile."fish/tide/init.fish" = {
text = ''
# Configure tide items
set -U tide_left_prompt_items ${concatMapStringsSep " " escapeShellArg cfg.leftItems} newline character
set -U tide_left_prompt_items ${
concatMapStringsSep " " escapeShellArg cfg.leftItems
} newline character
set -U tide_right_prompt_items ${concatMapStringsSep " " escapeShellArg cfg.rightItems} time
'';

85
home/kagami-pc-home.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
{
imports = [
@ -14,19 +19,22 @@
home.homeDirectory = "/home/nki";
# More packages
home.packages = (with pkgs; [
# Gaming stuff
wineWowPackages.full
# wine-lol
winetricks
lutris
steam
home.packages = (
with pkgs;
[
# Gaming stuff
wineWowPackages.full
# wine-lol
winetricks
lutris
steam
# Manage tlmc
flacon
ttaenc
picard
]);
# Manage tlmc
flacon
ttaenc
picard
]
);
# Enable X11 configuration
linux.graphical.type = "wayland";
@ -46,12 +54,24 @@
# 144hz adaptive refresh ON!
nki.programs.kitty.enable = true;
nki.programs.kitty.fontSize = 14;
programs.my-waybar.makeBars = with config.common.monitors; barWith: [
# For primary
(barWith { extraSettings = { output = [ home_4k.meta.connection ]; }; })
# For secondary, hide mpd
(barWith { showMedia = false; showConnectivity = false; extraSettings = { output = [ home_1440.meta.connection ]; }; })
];
programs.my-waybar.makeBars =
with config.common.monitors;
barWith: [
# For primary
(barWith {
extraSettings = {
output = [ home_4k.meta.connection ];
};
})
# For secondary, hide mpd
(barWith {
showMedia = false;
showConnectivity = false;
extraSettings = {
output = [ home_1440.meta.connection ];
};
})
];
# Yellow light!
services.wlsunset = {
@ -72,10 +92,28 @@
# ncmpcpp
programs.ncmpcpp.enable = true;
programs.ncmpcpp.bindings = [
{ key = "j"; command = "scroll_down"; }
{ key = "k"; command = "scroll_up"; }
{ key = "J"; command = [ "select_item" "scroll_down" ]; }
{ key = "K"; command = [ "select_item" "scroll_up" ]; }
{
key = "j";
command = "scroll_down";
}
{
key = "k";
command = "scroll_up";
}
{
key = "J";
command = [
"select_item"
"scroll_down"
];
}
{
key = "K";
command = [
"select_item"
"scroll_up"
];
}
];
programs.ncmpcpp.settings = {
# General
@ -133,4 +171,3 @@
# changes in each release.
home.stateVersion = "21.05";
}

60
home/kakoune.nix
View file

@ -68,7 +68,15 @@ in
in
{
grammar.src = src;
grammar.compile.args = [ "-c" "-fpic" "../parser.c" "../scanner.c" "../unicode.h" "-I" ".." ];
grammar.compile.args = [
"-c"
"-fpic"
"../parser.c"
"../scanner.c"
"../unicode.h"
"-I"
".."
];
queries.src = src;
queries.path = "queries";
};
@ -79,9 +87,24 @@ in
rev = "0e36bed171768908f331ff7dff9d956bae016efb";
hash = "sha256-bpiT3FraOZhJaoiFWAoVJX1O+plnIi8aXOW2LwyU23M=";
};
grammar.compile.args = [ "-c" "-fpic" "../scanner.cc" "../parser.c" "-I" ".." ];
grammar.link.args = [ "-shared" "-fpic" "scanner.o" "parser.o" ];
grammar.link.flags = [ "-O3" "-lstdc++" ];
grammar.compile.args = [
"-c"
"-fpic"
"../scanner.cc"
"../parser.c"
"-I"
".."
];
grammar.link.args = [
"-shared"
"-fpic"
"scanner.o"
"parser.o"
];
grammar.link.flags = [
"-O3"
"-lstdc++"
];
queries.src = pkgs.fetchFromGitHub {
owner = "helix-editor";
@ -115,8 +138,18 @@ in
go = {
grammar.src = tree-sitter-go;
grammar.compile.args = [ "-c" "-fpic" "../parser.c" "-I" ".." ];
grammar.link.args = [ "-shared" "-fpic" "parser.o" ];
grammar.compile.args = [
"-c"
"-fpic"
"../parser.c"
"-I"
".."
];
grammar.link.args = [
"-shared"
"-fpic"
"parser.o"
];
queries.src = tree-sitter-go;
queries.path = "queries";
};
@ -132,11 +165,20 @@ in
in
{
grammar.src = src;
grammar.compile.args = [ "-c" "-fpic" "../parser.c" "-I" ".." ];
grammar.link.args = [ "-shared" "-fpic" "parser.o" ];
grammar.compile.args = [
"-c"
"-fpic"
"../parser.c"
"-I"
".."
];
grammar.link.args = [
"-shared"
"-fpic"
"parser.o"
];
queries.src = src;
queries.path = "queries";
};
};
}

7
home/macbook-home.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [ ./common.nix ];

23
home/macbook-nixos.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
discord = pkgs.armcord.override { nss = pkgs.nss_latest; };
@ -30,15 +35,18 @@ in
'';
# More packages
home.packages = (with pkgs; [
mate.mate-terminal
home.packages = (
with pkgs;
[
mate.mate-terminal
firefox-wayland
firefox-wayland
discord
discord
typora
]);
typora
]
);
# Graphical set up
linux.graphical.type = "wayland";
@ -125,4 +133,3 @@ in
# changes in each release.
home.stateVersion = "21.05";
}

7
home/modules/X11/xfce4-notifyd.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let

18
home/modules/linux/graphical/alacritty.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -28,7 +33,10 @@ in
};
shell = {
program = "/bin/sh";
args = [ "-ic" "${config.programs.fish.package}/bin/fish" ];
args = [
"-ic"
"${config.programs.fish.package}/bin/fish"
];
};
colors = {
# Default colors
@ -57,7 +65,11 @@ in
};
key_bindings = [
{ key = "C"; mods = "Alt|Control"; action = "SpawnNewInstance"; }
{
key = "C";
mods = "Alt|Control";
action = "SpawnNewInstance";
}
];
};
};

166
home/modules/linux/graphical/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.linux.graphical;
@ -17,34 +22,56 @@ let
end
'';
mkPackageWithDesktopOption = opts: mkOption ({
type = types.submodule {
options = {
package = mkOption {
type = types.package;
description = "The package for " + description;
mkPackageWithDesktopOption =
opts:
mkOption (
{
type = types.submodule {
options = {
package = mkOption {
type = types.package;
description = "The package for " + description;
};
desktopFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "The desktop file name for " + description + ", defaults to [packagename].desktop";
};
};
};
desktopFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "The desktop file name for " + description + ", defaults to [packagename].desktop";
};
};
};
} // opts);
}
// opts
);
desktopFileOf = cfg: if cfg.desktopFile == null then "${cfg.package}/share/applications/${cfg.package.pname}.desktop" else cfg.desktopFile;
desktopFileOf =
cfg:
if cfg.desktopFile == null then
"${cfg.package}/share/applications/${cfg.package.pname}.desktop"
else
cfg.desktopFile;
in
{
imports = [ ./x11.nix ./wayland.nix ./alacritty.nix ];
imports = [
./x11.nix
./wayland.nix
./alacritty.nix
];
options.linux.graphical = {
type = mkOption {
type = types.nullOr (types.enum [ "x11" "wayland" ]);
type = types.nullOr (
types.enum [
"x11"
"wayland"
]
);
description = "Enable linux graphical configurations, with either 'x11' or 'wayland'";
default = null;
};
wallpaper = mkOption {
type = types.oneOf [ types.str types.path ];
type = types.oneOf [
types.str
types.path
];
description = "Path to the wallpaper file";
default = "";
};
@ -59,52 +86,61 @@ in
};
defaults = {
webBrowser = mkPackageWithDesktopOption { description = "default web browser"; };
terminal = mkPackageWithDesktopOption { description = "default terminal"; default.package = pkgs.kitty; };
discord = mkPackageWithDesktopOption { description = "Discord client"; default.package = pkgs.vesktop; };
terminal = mkPackageWithDesktopOption {
description = "default terminal";
default.package = pkgs.kitty;
};
discord = mkPackageWithDesktopOption {
description = "Discord client";
default.package = pkgs.vesktop;
};
};
};
config = mkIf (cfg.type != null) {
# Packages
home.packages = (with pkgs; [
cfg.defaults.webBrowser.package
cfg.defaults.terminal.package
home.packages = (
with pkgs;
[
cfg.defaults.webBrowser.package
cfg.defaults.terminal.package
## GUI stuff
evince # PDF reader
gparted
vscode
feh # For images?
deluge # Torrent client
pavucontrol # PulseAudio control panel
sublime-music # For navidrome
# cinny-desktop
gajim
vivaldi
# Audio
qpwgraph # Pipewire graph
audacity
vlc
## GUI stuff
evince # PDF reader
gparted
vscode
feh # For images?
deluge # Torrent client
pavucontrol # PulseAudio control panel
sublime-music # For navidrome
# cinny-desktop
gajim
vivaldi
# Audio
qpwgraph # Pipewire graph
audacity
vlc
unstable.zotero
libreoffice
unstable.zotero
libreoffice
mpv # for anki
anki-bin
mpv # for anki
anki-bin
# Chat stuff
tdesktop
whatsapp-for-linux
slack
zoom-us
# Chat stuff
tdesktop
whatsapp-for-linux
slack
zoom-us
## CLI stuff
dex # .desktop file management, startup
# sct # Display color temperature
xdg-utils # Open stuff
wifi-indicator
] ++ cfg.startup);
## CLI stuff
dex # .desktop file management, startup
# sct # Display color temperature
xdg-utils # Open stuff
wifi-indicator
]
++ cfg.startup
);
# OBS
programs.obs-studio = {
@ -129,7 +165,10 @@ in
xdg.mimeApps.enable = true;
xdg.mimeApps.associations.added = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" "org.gnome.Evolution.desktop" ];
"x-scheme-handler/mailto" = [
"thunderbird.desktop"
"org.gnome.Evolution.desktop"
];
"application/pdf" = [ "org.gnome.Evince.desktop" ];
"text/plain" = [ "kakoune.desktop" ];
@ -154,7 +193,10 @@ in
};
xdg.mimeApps.defaultApplications = {
# Email
"x-scheme-handler/mailto" = [ "thunderbird.desktop" "org.gnome.Evolution.desktop" ];
"x-scheme-handler/mailto" = [
"thunderbird.desktop"
"org.gnome.Evolution.desktop"
];
"x-scheme-handler/webcal" = [ "thunderbird.desktop" ];
"x-scheme-handler/webcals" = [ "thunderbird.desktop" ];
@ -246,7 +288,10 @@ in
## Qt
qt.enable = true;
qt.platformTheme.name = "kde";
qt.platformTheme.package = with pkgs.kdePackages; [ plasma-integration systemsettings ];
qt.platformTheme.package = with pkgs.kdePackages; [
plasma-integration
systemsettings
];
qt.style.package = [ pkgs.kdePackages.breeze ];
qt.style.name = "Breeze";
@ -267,7 +312,8 @@ in
};
autoStartup = listToAttrs (map f cfg.startup);
in
autoStartup // {
autoStartup
// {
## Polkit UI
"autostart/polkit.desktop".text = ''
${builtins.readFile "${pkgs.pantheon.pantheon-agent-polkit}/etc/xdg/autostart/io.elementary.desktop.agent-polkit.desktop"}
@ -304,5 +350,3 @@ in
};
};
}

125
home/modules/linux/graphical/wayland.nix
View file

@ -1,40 +1,60 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
notificationModule = { config, pkgs, lib, ... }:
notificationModule =
{
config,
pkgs,
lib,
...
}:
let
swaync = pkgs.swaynotificationcenter;
in
with lib; mkIf (config.linux.graphical.type == "wayland") {
with lib;
mkIf (config.linux.graphical.type == "wayland") {
services.swaync = {
enable = true;
settings.widgets = [ "inhibitors" "title" "dnd" "mpris" "notifications" ];
settings.widgets = [
"inhibitors"
"title"
"dnd"
"mpris"
"notifications"
];
style = ./swaync.css;
};
programs.my-waybar = {
extraSettings = [{
modules-right = mkAfter [ "custom/swaync" ];
modules."custom/swaync" = {
tooltip = false;
format = "{icon} {}";
format-icons = {
notification = "<span foreground='red'><sup></sup></span>";
none = "";
dnd-notification = "<span foreground='red'><sup></sup></span>";
dnd-none = "";
inhibited-notification = "<span foreground='red'><sup></sup></span>";
inhibited-none = "";
dnd-inhibited-notification = "<span foreground='red'><sup></sup></span>";
dnd-inhibited-none = "";
extraSettings = [
{
modules-right = mkAfter [ "custom/swaync" ];
modules."custom/swaync" = {
tooltip = false;
format = "{icon} {}";
format-icons = {
notification = "<span foreground='red'><sup></sup></span>";
none = "";
dnd-notification = "<span foreground='red'><sup></sup></span>";
dnd-none = "";
inhibited-notification = "<span foreground='red'><sup></sup></span>";
inhibited-none = "";
dnd-inhibited-notification = "<span foreground='red'><sup></sup></span>";
dnd-inhibited-none = "";
};
return-type = "json";
# exec-if = "which swaync-client";
exec = "${swaync}/bin/swaync-client -swb";
on-click = "${swaync}/bin/swaync-client -t -sw";
on-click-right = "${swaync}/bin/swaync-client -d -sw";
escape = true;
};
return-type = "json";
# exec-if = "which swaync-client";
exec = "${swaync}/bin/swaync-client -swb";
on-click = "${swaync}/bin/swaync-client -t -sw";
on-click-right = "${swaync}/bin/swaync-client -d -sw";
escape = true;
};
}];
}
];
extraStyle = mkAfter ''
#custom-swaync {
background: #F0FFFF;
@ -44,32 +64,43 @@ let
};
};
plasmaModule = { pkgs, ... }: {
home.packages = with pkgs.kdePackages; [
discover
kmail
kontact
akonadi
kdepim-runtime
kmail-account-wizard
akonadi-import-wizard
];
xdg.configFile."plasma-workspace/env/wayland.sh".source = pkgs.writeScript "plasma-wayland-env.sh" ''
export NIXOS_OZONE_WL=1
'';
xdg.dataFile."dbus-1/services/org.freedesktop.Notifications.service".source = "${pkgs.kdePackages.plasma-workspace}/share/dbus-1/services/org.kde.plasma.Notifications.service";
};
plasmaModule =
{ pkgs, ... }:
{
home.packages = with pkgs.kdePackages; [
discover
kmail
kontact
akonadi
kdepim-runtime
kmail-account-wizard
akonadi-import-wizard
];
xdg.configFile."plasma-workspace/env/wayland.sh".source =
pkgs.writeScript "plasma-wayland-env.sh" ''
export NIXOS_OZONE_WL=1
'';
xdg.dataFile."dbus-1/services/org.freedesktop.Notifications.service".source =
"${pkgs.kdePackages.plasma-workspace}/share/dbus-1/services/org.kde.plasma.Notifications.service";
};
rofi-rbw-script = pkgs.writeShellApplication {
name = "rofi-rbw-script";
runtimeInputs = with pkgs; [ rofi wtype rofi-rbw ];
runtimeInputs = with pkgs; [
rofi
wtype
rofi-rbw
];
text = "rofi-rbw";
meta.mainProgram = "rofi-rbw-script";
};
in
with lib;
{
imports = [ notificationModule plasmaModule ];
imports = [
notificationModule
plasmaModule
];
config = mkIf (config.linux.graphical.type == "wayland") {
# Additional packages
home.packages = with pkgs; [
@ -92,7 +123,12 @@ with lib;
font = "monospace";
terminal = "${lib.getExe config.programs.kitty.package}";
theme = "Paper";
plugins = with pkgs; [ rofi-bluetooth rofi-calc rofi-rbw rofi-power-menu ];
plugins = with pkgs; [
rofi-bluetooth
rofi-calc
rofi-rbw
rofi-power-menu
];
};
home.sessionVariables = {
@ -129,4 +165,3 @@ with lib;
# };
};
}

13
home/modules/linux/graphical/x11.nix
View file

@ -1,10 +1,18 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.linux.graphical;
in
with lib;
{
imports = [ ./x11/hidpi.nix ./x11/i3.nix ];
imports = [
./x11/hidpi.nix
./x11/i3.nix
];
options.linux.graphical.hasDE = mkOption {
type = types.bool;
description = "When enabled, disable stuff that already comes with a DE";
@ -43,4 +51,3 @@ with lib;
};
};
}

7
home/modules/linux/graphical/x11/hidpi.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let

171
home/modules/linux/graphical/x11/i3.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -18,12 +23,14 @@ let
"10: 10"
];
wsAttrs = builtins.listToAttrs (
map
(i: { name = toString (remainder i 10); value = builtins.elemAt workspaces (i - 1); })
(range 1 11)
map (i: {
name = toString (remainder i 10);
value = builtins.elemAt workspaces (i - 1);
}) (range 1 11)
);
remainder = x: y: x - (builtins.div x y) * y;
range = from: to:
range =
from: to:
let
f = cur: if cur == to then [ ] else [ cur ] ++ f (cur + 1);
in
@ -40,27 +47,55 @@ in
xsession.windowManager.i3 = {
enable = true;
config.assigns = {
"${wsAttrs."1"}" = [{ class = "^firefox$"; }];
"${wsAttrs."2"}" = [{ class = "^discord$"; }];
"${wsAttrs."1"}" = [ { class = "^firefox$"; } ];
"${wsAttrs."2"}" = [ { class = "^discord$"; } ];
};
config.bars = [{
command = "${pkgs.i3-gaps}/bin/i3bar -t";
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-default.toml";
position = "top";
colors = {
background = "#00000080";
statusline = "#ffffff";
separator = "#666666";
config.bars = [
{
command = "${pkgs.i3-gaps}/bin/i3bar -t";
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-default.toml";
position = "top";
colors = {
background = "#00000080";
statusline = "#ffffff";
separator = "#666666";
focusedWorkspace = { background = "#4c7899"; border = "#285577"; text = "#ffffff"; };
activeWorkspace = { background = "#333333"; border = "#5f676a"; text = "#ffffff"; };
inactiveWorkspace = { background = "#333333"; border = "#222222"; text = "#888888"; };
urgentWorkspace = { background = "#2f343a"; border = "#900000"; text = "#ffffff"; };
bindingMode = { background = "#2f343a"; border = "#900000"; text = "#ffffff"; };
};
}];
focusedWorkspace = {
background = "#4c7899";
border = "#285577";
text = "#ffffff";
};
activeWorkspace = {
background = "#333333";
border = "#5f676a";
text = "#ffffff";
};
inactiveWorkspace = {
background = "#333333";
border = "#222222";
text = "#888888";
};
urgentWorkspace = {
background = "#2f343a";
border = "#900000";
text = "#ffffff";
};
bindingMode = {
background = "#2f343a";
border = "#900000";
text = "#ffffff";
};
};
}
];
config.focus.newWindow = "none";
config.fonts = { names = [ "FantasqueSansMono Nerd Font Mono" "monospace" ]; size = 11.0; };
config.fonts = {
names = [
"FantasqueSansMono Nerd Font Mono"
"monospace"
];
size = 11.0;
};
config.gaps.outer = 5;
config.gaps.inner = 5;
config.gaps.smartGaps = true;
@ -69,53 +104,57 @@ in
config.window.titlebar = false;
# Keybindings
config.keybindings = lib.mkOptionDefault ({
## vim-style movements
"${mod}+h" = "focus left";
"${mod}+j" = "focus down";
"${mod}+k" = "focus up";
"${mod}+l" = "focus right";
"${mod}+Shift+h" = "move left";
"${mod}+Shift+j" = "move down";
"${mod}+Shift+k" = "move up";
"${mod}+Shift+l" = "move right";
## Splits
"${mod}+v" = "split v";
"${mod}+Shift+v" = "split h";
## Run
"${mod}+r" = "exec ${pkgs.dmenu}/bin/dmenu_run";
"${mod}+d" = "exec i3-dmenu-desktop --dmenu='${pkgs.dmenu}/bin/dmenu -i'";
} // (
builtins.listToAttrs (lib.flatten (map
(key: [
{
name = "${mod}+${key}";
value = "workspace ${builtins.getAttr key wsAttrs}";
}
{
name = "${mod}+Shift+${key}";
value = "move to workspace ${builtins.getAttr key wsAttrs}";
}
])
(builtins.attrNames wsAttrs))
)));
config.keybindings = lib.mkOptionDefault (
{
## vim-style movements
"${mod}+h" = "focus left";
"${mod}+j" = "focus down";
"${mod}+k" = "focus up";
"${mod}+l" = "focus right";
"${mod}+Shift+h" = "move left";
"${mod}+Shift+j" = "move down";
"${mod}+Shift+k" = "move up";
"${mod}+Shift+l" = "move right";
## Splits
"${mod}+v" = "split v";
"${mod}+Shift+v" = "split h";
## Run
"${mod}+r" = "exec ${pkgs.dmenu}/bin/dmenu_run";
"${mod}+d" = "exec i3-dmenu-desktop --dmenu='${pkgs.dmenu}/bin/dmenu -i'";
}
// (builtins.listToAttrs (
lib.flatten (
map (key: [
{
name = "${mod}+${key}";
value = "workspace ${builtins.getAttr key wsAttrs}";
}
{
name = "${mod}+Shift+${key}";
value = "move to workspace ${builtins.getAttr key wsAttrs}";
}
]) (builtins.attrNames wsAttrs)
)
))
);
# Workspace
config.defaultWorkspace = "workspace ${builtins.getAttr "1" wsAttrs}";
config.startup = [
{ command = "firefox"; }
{ command = "discord"; }
{ command = "dex -ae i3"; }
{ command = "ibus-daemon -drxR"; }
] ++
(
if (config.linux.graphical.wallpaper != "")
then [{ command = "${pkgs.feh}/bin/feh --bg-fill ${config.linux.graphical.wallpaper}"; }]
else [ ]
);
config.startup =
[
{ command = "firefox"; }
{ command = "discord"; }
{ command = "dex -ae i3"; }
{ command = "ibus-daemon -drxR"; }
]
++ (
if (config.linux.graphical.wallpaper != "") then
[ { command = "${pkgs.feh}/bin/feh --bg-fill ${config.linux.graphical.wallpaper}"; } ]
else
[ ]
);
};
# i3status
programs.i3status-rust.enable = true;
programs.i3status-rust.bars.default = {
@ -154,5 +193,3 @@ in
};
};
}

9
home/modules/linux/graphical/x11/i3/screenshot.nix
View file

@ -1,9 +1,14 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
xsession.windowManager.i3.config = mkIf (config.linux.graphical.x11.enablei3) {
startup = [{ command = "${pkgs.flameshot}/bin/flameshot"; }];
startup = [ { command = "${pkgs.flameshot}/bin/flameshot"; } ];
keybindings = mkOptionDefault { "Print" = "exec ${pkgs.flameshot}/bin/flameshot gui"; };
};
}

77
home/modules/monitors.nix
View file

@ -1,24 +1,42 @@
# A monitor list and common sway set up
{ config, pkgs, lib, ... }: with lib;
{
config,
pkgs,
lib,
...
}:
with lib;
let
monitors = {
# Internal
"framework" = {
name = "BOE 0x0BCA Unknown";
meta.mode = { width = 2256; height = 1504; refresh = 60.0; };
meta.mode = {
width = 2256;
height = 1504;
refresh = 60.0;
};
scale = 1.25;
};
"yoga" = {
name = "AU Optronics 0xD291 Unknown";
meta.connection = "eDP-1";
meta.mode = { width = 1920; height = 1080; refresh = 60.026; };
meta.mode = {
width = 1920;
height = 1080;
refresh = 60.026;
};
scale = 1;
};
# External
## Work @ EPFL
"work" = {
name = "LG Electronics LG ULTRAFINE 301MAXSGHD10";
meta.mode = { width = 3840; height = 2160; refresh = 60.0; };
meta.mode = {
width = 3840;
height = 2160;
refresh = 60.0;
};
scale = 1.25;
};
"home_4k" = {
@ -27,8 +45,15 @@ let
adaptive_sync = "on";
meta = {
connection = "DP-2";
mode = { width = 3840; height = 2160; refresh = 60.0; };
fixedPosition = { x = 0; y = 0; };
mode = {
width = 3840;
height = 2160;
refresh = 60.0;
};
fixedPosition = {
x = 0;
y = 0;
};
niriName = "PNP(AOC) U28G2G6B PPYP2JA000013";
};
};
@ -37,15 +62,26 @@ let
adaptive_sync = "on";
meta = {
connection = "DP-3";
mode = { width = 2560; height = 1440; refresh = 165.0; };
fixedPosition = { x = 2560; y = 0; };
mode = {
width = 2560;
height = 1440;
refresh = 165.0;
};
fixedPosition = {
x = 2560;
y = 0;
};
niriName = "PNP(AOC) Q27G2G3R3B VXJP6HA000442";
};
};
"viewsonic_1080" = {
name = "ViewSonic Corporation XG2402 SERIES V4K182501054";
meta.mode = { width = 1920; height = 1080; refresh = 144.0; };
meta.mode = {
width = 1920;
height = 1080;
refresh = 144.0;
};
adaptive_sync = "on";
};
@ -53,13 +89,21 @@ let
eachMonitor = _name: monitor: {
name = monitor.name;
value = builtins.removeAttrs monitor [ "scale" "name" "meta" ] // (lib.optionalAttrs (monitor ? scale) {
scale = toString monitor.scale;
}) // {
mode = with monitor.meta.mode; "${toString width}x${toString height}@${toString refresh}Hz";
} // (lib.optionalAttrs (monitor.meta ? fixedPosition) {
position = with monitor.meta.fixedPosition; "${toString x} ${toString y}";
});
value =
builtins.removeAttrs monitor [
"scale"
"name"
"meta"
]
// (lib.optionalAttrs (monitor ? scale) {
scale = toString monitor.scale;
})
// {
mode = with monitor.meta.mode; "${toString width}x${toString height}@${toString refresh}Hz";
}
// (lib.optionalAttrs (monitor.meta ? fixedPosition) {
position = with monitor.meta.fixedPosition; "${toString x} ${toString y}";
});
};
in
{
@ -73,4 +117,3 @@ in
mapAttrs' eachMonitor config.common.monitors
);
}

18
home/modules/programs/my-broot.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -91,10 +96,13 @@ in
# Add an extra syntax_color config
xdg.configFile."broot/conf.toml".source = mkOverride 1 (
tomlFormat.generate "broot-config" (with config.programs.broot; {
inherit (settings) verbs modal skin;
syntax_theme = "base16-ocean.light";
})
tomlFormat.generate "broot-config" (
with config.programs.broot;
{
inherit (settings) verbs modal skin;
syntax_theme = "base16-ocean.light";
}
)
);
};
}

35
home/modules/programs/my-kakoune/default.nix
View file

@ -1,11 +1,20 @@
{ config, options, pkgs, lib, ... }:
{
config,
options,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.programs.my-kakoune;
in
{
imports = [ ./fish-session.nix ./tree-sitter.nix ];
imports = [
./fish-session.nix
./tree-sitter.nix
];
options.programs.my-kakoune = {
enable = mkEnableOption "My version of the kakoune configuration";
@ -38,7 +47,11 @@ in
let
kakouneFaces =
let
txt = strings.concatStringsSep "\n" (builtins.attrValues (builtins.mapAttrs (name: face: "face global ${name} \"${face}\"") cfg.extraFaces));
txt = strings.concatStringsSep "\n" (
builtins.attrValues (
builtins.mapAttrs (name: face: "face global ${name} \"${face}\"") cfg.extraFaces
)
);
in
pkgs.writeText "faces.kak" txt;
in
@ -51,15 +64,13 @@ in
# Load faces
source ${kakouneFaces}
'';
} // lib.mapAttrs'
(name: attrs: {
name = "kak/autoload/${name}";
value = attrs // {
target = "kak/autoload/${name}";
};
})
cfg.autoloadFile;
}
// lib.mapAttrs' (name: attrs: {
name = "kak/autoload/${name}";
value = attrs // {
target = "kak/autoload/${name}";
};
}) cfg.autoloadFile;
xdg.dataFile."kak".source = "${cfg.package}/share/kak";
};
}

7
home/modules/programs/my-kakoune/fish-session.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let

146
home/modules/programs/my-kakoune/tree-sitter.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.programs.my-kakoune.tree-sitter;
@ -14,14 +19,44 @@ let
default = "src";
};
grammar.compile = {
command = mkOption { type = types.str; default = "${pkgs.gcc}/bin/gcc"; };
args = mkOption { type = types.listOf types.str; default = [ "-c" "-fpic" "../parser.c" "../scanner.c" "-I" ".." ]; };
flags = mkOption { type = types.listOf types.str; default = [ "-O3" ]; };
command = mkOption {
type = types.str;
default = "${pkgs.gcc}/bin/gcc";
};
args = mkOption {
type = types.listOf types.str;
default = [
"-c"
"-fpic"
"../parser.c"
"../scanner.c"
"-I"
".."
];
};
flags = mkOption {
type = types.listOf types.str;
default = [ "-O3" ];
};
};
grammar.link = {
command = mkOption { type = types.str; default = "${pkgs.gcc}/bin/gcc"; };
args = mkOption { type = types.listOf types.str; default = [ "-shared" "-fpic" "parser.o" "scanner.o" ]; };
flags = mkOption { type = types.listOf types.str; default = [ "-O3" ]; };
command = mkOption {
type = types.str;
default = "${pkgs.gcc}/bin/gcc";
};
args = mkOption {
type = types.listOf types.str;
default = [
"-shared"
"-fpic"
"parser.o"
"scanner.o"
];
};
flags = mkOption {
type = types.listOf types.str;
default = [ "-O3" ];
};
};
queries.src = mkOption {
type = types.package;
@ -34,12 +69,27 @@ let
};
};
mkGrammarPackage =
{ name
, src
, grammarPath ? "src"
, grammarCompileArgs ? [ "-O3" "-c" "-fpic" "../parser.c" "../scanner.c" "-I" ".." ]
, grammarLinkArgs ? [ "-shared" "-fpic" "parser.o" "scanner.o" ]
}: pkgs.stdenv.mkDerivation {
{
name,
src,
grammarPath ? "src",
grammarCompileArgs ? [
"-O3"
"-c"
"-fpic"
"../parser.c"
"../scanner.c"
"-I"
".."
],
grammarLinkArgs ? [
"-shared"
"-fpic"
"parser.o"
"scanner.o"
],
}:
pkgs.stdenv.mkDerivation {
inherit src;
name = "kak-tree-sitter-grammar-${name}.so";
version = "latest";
@ -215,43 +265,54 @@ in
toTs = name: "ts_${strings.concatStringsSep "_" (strings.splitString "." name)}";
toScm = name: strings.concatStringsSep "." (strings.splitString "_" name);
definedFaces = attrsets.mapAttrs' (name: value: { inherit value; name = toTs name; }) allGroups;
aliasFaces = attrsets.mapAttrs' (name: value: { name = toTs name; value = "@${toTs value}"; }) aliases;
definedFaces = attrsets.mapAttrs' (name: value: {
inherit value;
name = toTs name;
}) allGroups;
aliasFaces = attrsets.mapAttrs' (name: value: {
name = toTs name;
value = "@${toTs value}";
}) aliases;
faces = attrsets.recursiveUpdate definedFaces aliasFaces;
toml = pkgs.formats.toml { };
toLanguageConf = name: lang: with lang; {
grammar = {
source.local.path = mkGrammarPackage {
inherit name;
src = grammar.src;
grammarPath = grammar.path;
grammarCompileArgs = grammar.compile.flags ++ grammar.compile.args;
grammarLinkArgs = grammar.link.flags ++ grammar.link.args;
toLanguageConf =
name: lang: with lang; {
grammar = {
source.local.path = mkGrammarPackage {
inherit name;
src = grammar.src;
grammarPath = grammar.path;
grammarCompileArgs = grammar.compile.flags ++ grammar.compile.args;
grammarLinkArgs = grammar.link.flags ++ grammar.link.args;
};
compile = grammar.compile.command;
compile_args = grammar.compile.args;
compile_flags = grammar.compile.flags;
link = grammar.link.command;
link_args = grammar.link.args ++ [
"-o"
"${name}.so"
];
link_flags = grammar.link.flags;
};
queries = rec {
path = if queries.path == null then "runtime/queries/${name}" else queries.path;
source.local.path = "${queries.src}/${path}";
};
compile = grammar.compile.command;
compile_args = grammar.compile.args;
compile_flags = grammar.compile.flags;
link = grammar.link.command;
link_args = grammar.link.args ++ [ "-o" "${name}.so" ];
link_flags = grammar.link.flags;
};
queries = rec {
path = if queries.path == null then "runtime/queries/${name}" else queries.path;
source.local.path = "${queries.src}/${path}";
};
};
in
mkIf cfg.enable {
assertions = with lib.asserts; ([ ]
++ attrsets.mapAttrsToList
(name: _: {
assertion = (! (builtins.hasAttr name allGroups));
message = "${name} was both defined and aliased";
})
aliases
);
assertions =
with lib.asserts;
(
[ ]
++ attrsets.mapAttrsToList (name: _: {
assertion = (!(builtins.hasAttr name allGroups));
message = "${name} was both defined and aliased";
}) aliases
);
home.packages = [ cfg.package ];
xdg.configFile."kak-tree-sitter/config.toml" = {
@ -271,4 +332,3 @@ in
};
}

11
home/modules/programs/my-kitty/darwin.nix
View file

@ -1,9 +1,15 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.nki.programs.kitty;
cmd = "cmd";
in
with lib; {
with lib;
{
programs.kitty = mkIf (cfg.enable && pkgs.stdenv.isDarwin) {
# Darwin-specific setup
@ -24,4 +30,3 @@ with lib; {
};
};
}

62
home/modules/programs/my-kitty/default.nix
View file

@ -1,21 +1,41 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.nki.programs.kitty;
theme = { lib, options, config, ... }: {
programs.kitty = lib.mkIf config.nki.programs.kitty.enable (
if builtins.hasAttr "themeFile" options.programs.kitty then {
themeFile = "ayu_light";
} else {
theme = "Ayu Light";
}
);
};
theme =
{
lib,
options,
config,
...
}:
{
programs.kitty = lib.mkIf config.nki.programs.kitty.enable (
if builtins.hasAttr "themeFile" options.programs.kitty then
{
themeFile = "ayu_light";
}
else
{
theme = "Ayu Light";
}
);
};
in
with lib;
{
imports = [ theme ./darwin.nix ./linux.nix ./tabs.nix ];
imports = [
theme
./darwin.nix
./linux.nix
./tabs.nix
];
options.nki.programs.kitty = {
enable = mkEnableOption "Enable kitty";
@ -73,14 +93,17 @@ with lib;
let
# Background color and transparency
background =
if isNull cfg.background then {
background_opacity = "0.93";
dynamic_background_opacity = true;
} else {
background_image = "${cfg.background}";
background_image_layout = "scaled";
background_tint = "0.85";
};
if isNull cfg.background then
{
background_opacity = "0.93";
dynamic_background_opacity = true;
}
else
{
background_image = "${cfg.background}";
background_image_layout = "scaled";
background_tint = "0.85";
};
in
mkMerge [
background
@ -123,4 +146,3 @@ with lib;
'';
};
}

7
home/modules/programs/my-kitty/linux.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nki.programs.kitty;
in

61
home/modules/programs/my-kitty/tabs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nki.programs.kitty;
@ -7,33 +12,33 @@ in
with lib;
{
programs.kitty = mkIf cfg.enableTabs {
keybindings = {
"${cmd}+t" = "new_tab_with_cwd";
"${cmd}+shift+t" = "new_tab";
"${cmd}+shift+o" = "launch --cwd=current --location=vsplit";
"${cmd}+o" = "launch --cwd=current --location=hsplit";
"${cmd}+r" = "start_resizing_window";
"${cmd}+shift+r" = "layout_action rotate";
## Move the active window in the indicated direction
"${cmd}+shift+h" = "move_window left";
"${cmd}+shift+k" = "move_window up";
"${cmd}+shift+j" = "move_window down";
"${cmd}+shift+l" = "move_window right";
## Switch focus to the neighboring window in the indicated direction
"${cmd}+h" = "neighboring_window left";
"${cmd}+k" = "neighboring_window up";
"${cmd}+j" = "neighboring_window down ";
"${cmd}+l" = "neighboring_window right";
## Detach window to its own tab
"${cmd}+shift+d" = "detach_window new-tab";
## Change layout to fullscreen (stack) and back
"${cmd}+f" = "toggle_layout stack";
}
# Tab bindings
// builtins.listToAttrs
(map
(x: attrsets.nameValuePair "${cmd}+${toString x}" "goto_tab ${toString x}")
(lists.range 1 9));
keybindings =
{
"${cmd}+t" = "new_tab_with_cwd";
"${cmd}+shift+t" = "new_tab";
"${cmd}+shift+o" = "launch --cwd=current --location=vsplit";
"${cmd}+o" = "launch --cwd=current --location=hsplit";
"${cmd}+r" = "start_resizing_window";
"${cmd}+shift+r" = "layout_action rotate";
## Move the active window in the indicated direction
"${cmd}+shift+h" = "move_window left";
"${cmd}+shift+k" = "move_window up";
"${cmd}+shift+j" = "move_window down";
"${cmd}+shift+l" = "move_window right";
## Switch focus to the neighboring window in the indicated direction
"${cmd}+h" = "neighboring_window left";
"${cmd}+k" = "neighboring_window up";
"${cmd}+j" = "neighboring_window down ";
"${cmd}+l" = "neighboring_window right";
## Detach window to its own tab
"${cmd}+shift+d" = "detach_window new-tab";
## Change layout to fullscreen (stack) and back
"${cmd}+f" = "toggle_layout stack";
}
# Tab bindings
// builtins.listToAttrs (
map (x: attrsets.nameValuePair "${cmd}+${toString x}" "goto_tab ${toString x}") (lists.range 1 9)
);
settings = {
# Tab settings
tab_bar_edge = "top";

335
home/modules/programs/my-niri.nix
View file

@ -1,4 +1,10 @@
{ config, osConfig, lib, pkgs, ... }:
{
config,
osConfig,
lib,
pkgs,
...
}:
let
cfg = config.programs.my-niri;
@ -26,16 +32,33 @@ in
lock-command = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "The command to lock the screen";
default = [ "${pkgs.swaylock}/bin/swaylock" ]
++ (if wallpaper == "" then [ "" ] else [ "-i" "${wallpaper}" "-s" "fill" ])
++ [ "-l" "-k" ];
default =
[ "${pkgs.swaylock}/bin/swaylock" ]
++ (
if wallpaper == "" then
[ "" ]
else
[
"-i"
"${wallpaper}"
"-s"
"fill"
]
)
++ [
"-l"
"-k"
];
};
workspaces = lib.mkOption {
type = lib.types.attrsOf
(lib.types.submodule {
type = lib.types.attrsOf (
lib.types.submodule {
options = {
name = lib.mkOption { type = lib.types.str; description = "workspace name"; };
name = lib.mkOption {
type = lib.types.str;
description = "workspace name";
};
fixed = lib.mkOption {
type = lib.types.bool;
default = true;
@ -47,7 +70,8 @@ in
description = "Default monitor to spawn workspace in";
};
};
});
}
);
description = "A mapping of ordering to workspace names, for fixed workspaces";
};
};
@ -55,17 +79,39 @@ in
config = lib.mkIf cfg.enable {
programs.my-niri.workspaces = {
# Default workspaces, always there
"01" = { name = "🌏 web"; };
"02" = { name = "💬 chat"; };
"03" = { name = " code"; };
"04" = { name = "🎶 music"; };
"05" = { name = "🔧 extra"; };
"06" = { name = "🧰 6"; };
"07" = { name = "🔩 7"; };
"08" = { name = "🛠 8"; };
"09" = { name = "🔨 9"; };
"10" = { name = "🎲 misc"; };
"99" = { name = "📧 Email"; };
"01" = {
name = "🌏 web";
};
"02" = {
name = "💬 chat";
};
"03" = {
name = " code";
};
"04" = {
name = "🎶 music";
};
"05" = {
name = "🔧 extra";
};
"06" = {
name = "🧰 6";
};
"07" = {
name = "🔩 7";
};
"08" = {
name = "🛠 8";
};
"09" = {
name = "🔨 9";
};
"10" = {
name = "🎲 misc";
};
"99" = {
name = "📧 Email";
};
};
systemd.user.services.swaync.Install.WantedBy = [ "niri.service" ];
systemd.user.services.swaync.Unit.After = [ "niri.service" ];
@ -84,7 +130,10 @@ in
Unit = {
Description = "XWayland Client for niri";
PartOf = [ "xwayland.target" ];
Before = [ "xwayland.target" "xdg-desktop-autostart.target" ];
Before = [
"xwayland.target"
"xdg-desktop-autostart.target"
];
After = [ "niri.service" ];
};
Install.WantedBy = [ "niri.service" ];
@ -97,16 +146,20 @@ in
};
programs.niri.settings = {
environment = {
QT_QPA_PLATFORM = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_IM_MODULE = "fcitx";
# export NIXOS_OZONE_WL=1 # Until text-input is merged
DISPLAY = xwayland-display;
} // lib.optionalAttrs osConfig.services.desktopManager.plasma6.enable {
XDG_MENU_PREFIX = "plasma-";
environment =
{
QT_QPA_PLATFORM = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_IM_MODULE = "fcitx";
# export NIXOS_OZONE_WL=1 # Until text-input is merged
DISPLAY = xwayland-display;
}
// lib.optionalAttrs osConfig.services.desktopManager.plasma6.enable {
XDG_MENU_PREFIX = "plasma-";
};
input.keyboard.xkb = {
layout = "jp";
};
input.keyboard.xkb = { layout = "jp"; };
input.touchpad = lib.mkIf cfg.enableLaptop {
tap = true;
dwt = true;
@ -138,9 +191,25 @@ in
spawn-at-startup = [
# Wallpaper
{ command = [ (lib.getExe pkgs.swaybg) "-i" "${wallpaper}" "-m" "fill" ]; }
{
command = [
(lib.getExe pkgs.swaybg)
"-i"
"${wallpaper}"
"-m"
"fill"
];
}
# Waybar
{ command = [ "systemctl" "--user" "start" "xdg-desktop-portal-gtk.service" "xdg-desktop-portal.service" ]; }
{
command = [
"systemctl"
"--user"
"start"
"xdg-desktop-portal-gtk.service"
"xdg-desktop-portal.service"
];
}
];
layout = {
@ -154,11 +223,24 @@ in
focus-ring = {
width = 4;
active.gradient = { from = "#00447AFF"; to = "#71C4FFAA"; angle = 45; };
active.gradient = {
from = "#00447AFF";
to = "#71C4FFAA";
angle = 45;
};
inactive.color = "#505050";
};
border.enable = false;
struts = let v = 8; in { left = v; right = v; bottom = v; top = v; };
struts =
let
v = 8;
in
{
left = v;
right = v;
bottom = v;
top = v;
};
};
prefer-no-csd = true;
@ -166,18 +248,31 @@ in
workspaces =
let
fixedWorkspaces = lib.filterAttrs (_: w: w.fixed) cfg.workspaces;
workspaceConfig = lib.mapAttrs
(_: w: { inherit (w) name; } // (lib.optionalAttrs (w.monitor != null) {
workspaceConfig = lib.mapAttrs (
_: w:
{
inherit (w) name;
}
// (lib.optionalAttrs (w.monitor != null) {
open-on-output = w.monitor;
}))
fixedWorkspaces;
})
) fixedWorkspaces;
in
workspaceConfig;
window-rules = [
# Rounded Corners
{
geometry-corner-radius = let v = 8.0; in { bottom-left = v; bottom-right = v; top-left = v; top-right = v; };
geometry-corner-radius =
let
v = 8.0;
in
{
bottom-left = v;
bottom-right = v;
top-left = v;
top-right = v;
};
clip-to-geometry = true;
}
# Workspace assignments
@ -185,9 +280,18 @@ in
open-on-workspace = cfg.workspaces."01".name;
open-maximized = true;
matches = [
{ at-startup = true; app-id = "^firefox$"; }
{ at-startup = true; app-id = "^librewolf$"; }
{ at-startup = true; app-id = "^zen$"; }
{
at-startup = true;
app-id = "^firefox$";
}
{
at-startup = true;
app-id = "^librewolf$";
}
{
at-startup = true;
app-id = "^zen$";
}
];
}
{
@ -225,7 +329,7 @@ in
# xwaylandvideobridge
{
matches = [{ app-id = "^xwaylandvideobridge$"; }];
matches = [ { app-id = "^xwaylandvideobridge$"; } ];
open-floating = true;
focus-ring.enable = false;
opacity = 0.0;
@ -242,15 +346,15 @@ in
# Kitty dimming
{
matches = [{ app-id = "kitty"; }];
excludes = [{ is-focused = true; }];
matches = [ { app-id = "kitty"; } ];
excludes = [ { is-focused = true; } ];
opacity = 0.95;
}
];
layer-rules = [
{
matches = [{ namespace = "^swaync-.*"; }];
matches = [ { namespace = "^swaync-.*"; } ];
block-out-from = "screen-capture";
}
];
@ -268,14 +372,38 @@ in
"Mod+Shift+P".action = spawn "rofi-rbw-script";
# Audio and Volume
"XF86AudioPrev" = { action = spawn playerctl "previous"; allow-when-locked = true; };
"XF86AudioPlay" = { action = spawn playerctl "play-pause"; allow-when-locked = true; };
"Shift+XF86AudioPlay" = { action = spawn playerctl "stop"; allow-when-locked = true; };
"XF86AudioNext" = { action = spawn playerctl "next"; allow-when-locked = true; };
"XF86AudioRecord" = { action = spawn amixer "-q" "set" "Capture" "toggle"; allow-when-locked = true; };
"XF86AudioMute" = { action = spawn amixer "-q" "set" "Master" "toggle"; allow-when-locked = true; };
"XF86AudioLowerVolume" = { action = spawn amixer "-q" "set" "Master" "3%-"; allow-when-locked = true; };
"XF86AudioRaiseVolume" = { action = spawn amixer "-q" "set" "Master" "3%+"; allow-when-locked = true; };
"XF86AudioPrev" = {
action = spawn playerctl "previous";
allow-when-locked = true;
};
"XF86AudioPlay" = {
action = spawn playerctl "play-pause";
allow-when-locked = true;
};
"Shift+XF86AudioPlay" = {
action = spawn playerctl "stop";
allow-when-locked = true;
};
"XF86AudioNext" = {
action = spawn playerctl "next";
allow-when-locked = true;
};
"XF86AudioRecord" = {
action = spawn amixer "-q" "set" "Capture" "toggle";
allow-when-locked = true;
};
"XF86AudioMute" = {
action = spawn amixer "-q" "set" "Master" "toggle";
allow-when-locked = true;
};
"XF86AudioLowerVolume" = {
action = spawn amixer "-q" "set" "Master" "3%-";
allow-when-locked = true;
};
"XF86AudioRaiseVolume" = {
action = spawn amixer "-q" "set" "Master" "3%+";
allow-when-locked = true;
};
# Backlight
"XF86MonBrightnessDown".action = spawn brightnessctl "s" "10%-";
@ -320,10 +448,22 @@ in
"Mod+Ctrl+O".action = move-workspace-up;
# Mouse bindings
"Mod+WheelScrollDown" = { action = focus-workspace-down; cooldown-ms = 150; };
"Mod+WheelScrollUp" = { action = focus-workspace-up; cooldown-ms = 150; };
"Mod+Ctrl+WheelScrollDown" = { action = move-column-to-workspace-down; cooldown-ms = 150; };
"Mod+Ctrl+WheelScrollUp" = { action = move-column-to-workspace-up; cooldown-ms = 150; };
"Mod+WheelScrollDown" = {
action = focus-workspace-down;
cooldown-ms = 150;
};
"Mod+WheelScrollUp" = {
action = focus-workspace-up;
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollDown" = {
action = move-column-to-workspace-down;
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollUp" = {
action = move-column-to-workspace-up;
cooldown-ms = 150;
};
"Mod+WheelScrollRight".action = focus-column-right;
"Mod+WheelScrollLeft".action = focus-column-left;
@ -338,26 +478,66 @@ in
#
# For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
# will all refer to the 3rd workspace.
"Mod+1" = lib.mkIf cfg.workspaces."01".fixed { action = focus-workspace (cfg.workspaces."01".name); };
"Mod+2" = lib.mkIf cfg.workspaces."02".fixed { action = focus-workspace (cfg.workspaces."02".name); };
"Mod+3" = lib.mkIf cfg.workspaces."03".fixed { action = focus-workspace (cfg.workspaces."03".name); };
"Mod+4" = lib.mkIf cfg.workspaces."04".fixed { action = focus-workspace (cfg.workspaces."04".name); };
"Mod+5" = lib.mkIf cfg.workspaces."05".fixed { action = focus-workspace (cfg.workspaces."05".name); };
"Mod+6" = lib.mkIf cfg.workspaces."06".fixed { action = focus-workspace (cfg.workspaces."06".name); };
"Mod+7" = lib.mkIf cfg.workspaces."07".fixed { action = focus-workspace (cfg.workspaces."07".name); };
"Mod+8" = lib.mkIf cfg.workspaces."08".fixed { action = focus-workspace (cfg.workspaces."08".name); };
"Mod+9" = lib.mkIf cfg.workspaces."09".fixed { action = focus-workspace (cfg.workspaces."09".name); };
"Mod+0" = lib.mkIf cfg.workspaces."10".fixed { action = focus-workspace (cfg.workspaces."10".name); };
"Mod+Shift+1" = lib.mkIf cfg.workspaces."01".fixed { action = move-column-to-workspace (cfg.workspaces."01".name); };
"Mod+Shift+2" = lib.mkIf cfg.workspaces."02".fixed { action = move-column-to-workspace (cfg.workspaces."02".name); };
"Mod+Shift+3" = lib.mkIf cfg.workspaces."03".fixed { action = move-column-to-workspace (cfg.workspaces."03".name); };
"Mod+Shift+4" = lib.mkIf cfg.workspaces."04".fixed { action = move-column-to-workspace (cfg.workspaces."04".name); };
"Mod+Shift+5" = lib.mkIf cfg.workspaces."05".fixed { action = move-column-to-workspace (cfg.workspaces."05".name); };
"Mod+Shift+6" = lib.mkIf cfg.workspaces."06".fixed { action = move-column-to-workspace (cfg.workspaces."06".name); };
"Mod+Shift+7" = lib.mkIf cfg.workspaces."07".fixed { action = move-column-to-workspace (cfg.workspaces."07".name); };
"Mod+Shift+8" = lib.mkIf cfg.workspaces."08".fixed { action = move-column-to-workspace (cfg.workspaces."08".name); };
"Mod+Shift+9" = lib.mkIf cfg.workspaces."09".fixed { action = move-column-to-workspace (cfg.workspaces."09".name); };
"Mod+Shift+0" = lib.mkIf cfg.workspaces."10".fixed { action = move-column-to-workspace (cfg.workspaces."10".name); };
"Mod+1" = lib.mkIf cfg.workspaces."01".fixed {
action = focus-workspace (cfg.workspaces."01".name);
};
"Mod+2" = lib.mkIf cfg.workspaces."02".fixed {
action = focus-workspace (cfg.workspaces."02".name);
};
"Mod+3" = lib.mkIf cfg.workspaces."03".fixed {
action = focus-workspace (cfg.workspaces."03".name);
};
"Mod+4" = lib.mkIf cfg.workspaces."04".fixed {
action = focus-workspace (cfg.workspaces."04".name);
};
"Mod+5" = lib.mkIf cfg.workspaces."05".fixed {
action = focus-workspace (cfg.workspaces."05".name);
};
"Mod+6" = lib.mkIf cfg.workspaces."06".fixed {
action = focus-workspace (cfg.workspaces."06".name);
};
"Mod+7" = lib.mkIf cfg.workspaces."07".fixed {
action = focus-workspace (cfg.workspaces."07".name);
};
"Mod+8" = lib.mkIf cfg.workspaces."08".fixed {
action = focus-workspace (cfg.workspaces."08".name);
};
"Mod+9" = lib.mkIf cfg.workspaces."09".fixed {
action = focus-workspace (cfg.workspaces."09".name);
};
"Mod+0" = lib.mkIf cfg.workspaces."10".fixed {
action = focus-workspace (cfg.workspaces."10".name);
};
"Mod+Shift+1" = lib.mkIf cfg.workspaces."01".fixed {
action = move-column-to-workspace (cfg.workspaces."01".name);
};
"Mod+Shift+2" = lib.mkIf cfg.workspaces."02".fixed {
action = move-column-to-workspace (cfg.workspaces."02".name);
};
"Mod+Shift+3" = lib.mkIf cfg.workspaces."03".fixed {
action = move-column-to-workspace (cfg.workspaces."03".name);
};
"Mod+Shift+4" = lib.mkIf cfg.workspaces."04".fixed {
action = move-column-to-workspace (cfg.workspaces."04".name);
};
"Mod+Shift+5" = lib.mkIf cfg.workspaces."05".fixed {
action = move-column-to-workspace (cfg.workspaces."05".name);
};
"Mod+Shift+6" = lib.mkIf cfg.workspaces."06".fixed {
action = move-column-to-workspace (cfg.workspaces."06".name);
};
"Mod+Shift+7" = lib.mkIf cfg.workspaces."07".fixed {
action = move-column-to-workspace (cfg.workspaces."07".name);
};
"Mod+Shift+8" = lib.mkIf cfg.workspaces."08".fixed {
action = move-column-to-workspace (cfg.workspaces."08".name);
};
"Mod+Shift+9" = lib.mkIf cfg.workspaces."09".fixed {
action = move-column-to-workspace (cfg.workspaces."09".name);
};
"Mod+Shift+0" = lib.mkIf cfg.workspaces."10".fixed {
action = move-column-to-workspace (cfg.workspaces."10".name);
};
"Mod+asciicircum".action = focus-workspace (cfg.workspaces."99".name);
"Mod+Shift+asciicircum".action = move-column-to-workspace (cfg.workspaces."99".name);
@ -392,4 +572,3 @@ in
};
};
}

394
home/modules/programs/my-sway/default.nix
View file

@ -1,4 +1,11 @@
{ pkgs, lib, options, config, osConfig, ... }:
{
pkgs,
lib,
options,
config,
osConfig,
...
}:
with lib;
let
cfg = config.programs.my-sway;
@ -22,12 +29,14 @@ let
mail = "📧 Email";
};
wsAttrs = builtins.listToAttrs (
map
(i: { name = toString (remainder i 10); value = builtins.elemAt workspaces (i - 1); })
(range 1 11)
map (i: {
name = toString (remainder i 10);
value = builtins.elemAt workspaces (i - 1);
}) (range 1 11)
);
remainder = x: y: x - (builtins.div x y) * y;
range = from: to:
range =
from: to:
let
f = cur: if cur == to then [ ] else [ cur ] ++ f (cur + 1);
in
@ -64,7 +73,10 @@ in
default = true;
};
wallpaper = mkOption {
type = types.oneOf [ types.path types.str ];
type = types.oneOf [
types.path
types.str
];
description = "Path to the wallpaper to be used";
default = config.linux.graphical.wallpaper;
};
@ -83,14 +95,20 @@ in
lockCmd = mkOption {
type = types.str;
description = "The screen lock command";
default = "${pkgs.swaylock}/bin/swaylock"
default =
"${pkgs.swaylock}/bin/swaylock"
+ (if cfg.wallpaper == "" then "" else " -i ${cfg.wallpaper} -s fill")
+ " -l -k";
};
};
config.systemd.user.targets.sway-session = mkIf cfg.enable {
Unit.Before = [ "tray.target" "xwayland.target" "xdg-desktop-portal.service" "xdg-desktop-autostart.target" ];
Unit.Before = [
"tray.target"
"xwayland.target"
"xdg-desktop-portal.service"
"xdg-desktop-autostart.target"
];
Unit.Upholds = [ "waybar.service" ];
Unit.Wants = [ "xdg-desktop-autostart.target" ];
};
@ -107,13 +125,16 @@ in
enable = true;
package = cfg.package;
systemd.enable = true;
systemd.variables = options.wayland.windowManager.sway.systemd.variables.default ++ [
"PATH" # for portals
"XDG_DATA_DIRS" # For extra icons
"XDG_DATA_HOME" # For extra icons
] ++ lib.optionals osConfig.services.desktopManager.plasma6.enable [
"XDG_MENU_PREFIX"
];
systemd.variables =
options.wayland.windowManager.sway.systemd.variables.default
++ [
"PATH" # for portals
"XDG_DATA_DIRS" # For extra icons
"XDG_DATA_HOME" # For extra icons
]
++ lib.optionals osConfig.services.desktopManager.plasma6.enable [
"XDG_MENU_PREFIX"
];
# systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default
# ++ [
# "systemctl --user restart xdg-desktop-portal.service"
@ -137,7 +158,8 @@ in
### Seats
#
# Cursor
seat."*".xcursor_theme = "${config.home.pointerCursor.name} ${toString config.home.pointerCursor.size}";
seat."*".xcursor_theme =
"${config.home.pointerCursor.name} ${toString config.home.pointerCursor.size}";
### Programs
#
@ -158,110 +180,120 @@ in
#
# Main modifier
modifier = mod;
keybindings = {
### Default Bindings
#
## App management
"${mod}+Return" = "exec ${swayCfg.config.terminal}";
"${mod}+Shift+q" = "kill";
"${mod}+d" = "exec ${swayCfg.config.menu}";
## Windowing
# Focus
"${mod}+${swayCfg.config.left}" = "focus left";
"${mod}+${swayCfg.config.down}" = "focus down";
"${mod}+${swayCfg.config.up}" = "focus up";
"${mod}+${swayCfg.config.right}" = "focus right";
"${mod}+Left" = "focus left";
"${mod}+Down" = "focus down";
"${mod}+Up" = "focus up";
"${mod}+Right" = "focus right";
# Move
"${mod}+Shift+${swayCfg.config.left}" = "move left";
"${mod}+Shift+${swayCfg.config.down}" = "move down";
"${mod}+Shift+${swayCfg.config.up}" = "move up";
"${mod}+Shift+${swayCfg.config.right}" = "move right";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Down" = "move down";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Right" = "move right";
# Toggles
"${mod}+f" = "fullscreen toggle";
"${mod}+a" = "focus parent";
# Layouts
"${mod}+s" = "layout stacking";
"${mod}+w" = "layout tabbed";
"${mod}+e" = "layout toggle split";
# Floating
"${mod}+Shift+space" = "floating toggle";
# Scratchpad
"${mod}+Shift+minus" = "move scratchpad";
# Resize
"${mod}+r" = "mode resize";
"${mod}+minus" = "scratchpad show";
## Reload and exit
"${mod}+Shift+c" = "reload";
"${mod}+Shift+e" =
"exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
# Launcher
"${mod}+space" = "exec rofi -show drun";
"${mod}+tab" = "exec ${./rofi-window.py}";
"${mod}+shift+p" = "exec rofi-rbw-script";
} // {
## Splits
"${mod}+v" = "split v";
"${mod}+Shift+v" = "split h";
## Run
"${mod}+r" = "exec ${config.wayland.windowManager.sway.config.menu}";
"${mod}+Shift+r" = "mode resize";
## Screenshot
"Print" = "exec ${screenshotScript}/bin/screenshot";
"Shift+Print" = "exec ${screenshotEditScript}/bin/screenshot";
## Locking
"${mod}+semicolon" = "exec ${cfg.lockCmd}";
## Multimedia
"XF86AudioPrev" = "exec ${playerctl} previous";
"XF86AudioPlay" = "exec ${playerctl} play-pause";
"Shift+XF86AudioPlay" = "exec ${playerctl} stop";
"XF86AudioNext" = "exec ${playerctl} next";
"XF86AudioRecord" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Capture toggle";
"XF86AudioMute" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Master toggle";
"XF86AudioLowerVolume" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Master 3%-";
"XF86AudioRaiseVolume" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Master 3%+";
## Backlight
"XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 10%-";
"XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 10%+";
"Shift+XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl -d kbd_backlight s 25%-";
"Shift+XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl -d kbd_backlight s 25%+";
} //
# Map the workspaces
(builtins.listToAttrs (lib.flatten (map
(key: [
keybindings =
{
### Default Bindings
#
## App management
"${mod}+Return" = "exec ${swayCfg.config.terminal}";
"${mod}+Shift+q" = "kill";
"${mod}+d" = "exec ${swayCfg.config.menu}";
## Windowing
# Focus
"${mod}+${swayCfg.config.left}" = "focus left";
"${mod}+${swayCfg.config.down}" = "focus down";
"${mod}+${swayCfg.config.up}" = "focus up";
"${mod}+${swayCfg.config.right}" = "focus right";
"${mod}+Left" = "focus left";
"${mod}+Down" = "focus down";
"${mod}+Up" = "focus up";
"${mod}+Right" = "focus right";
# Move
"${mod}+Shift+${swayCfg.config.left}" = "move left";
"${mod}+Shift+${swayCfg.config.down}" = "move down";
"${mod}+Shift+${swayCfg.config.up}" = "move up";
"${mod}+Shift+${swayCfg.config.right}" = "move right";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Down" = "move down";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Right" = "move right";
# Toggles
"${mod}+f" = "fullscreen toggle";
"${mod}+a" = "focus parent";
# Layouts
"${mod}+s" = "layout stacking";
"${mod}+w" = "layout tabbed";
"${mod}+e" = "layout toggle split";
# Floating
"${mod}+Shift+space" = "floating toggle";
# Scratchpad
"${mod}+Shift+minus" = "move scratchpad";
# Resize
"${mod}+r" = "mode resize";
"${mod}+minus" = "scratchpad show";
## Reload and exit
"${mod}+Shift+c" = "reload";
"${mod}+Shift+e" =
"exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
# Launcher
"${mod}+space" = "exec rofi -show drun";
"${mod}+tab" = "exec ${./rofi-window.py}";
"${mod}+shift+p" = "exec rofi-rbw-script";
}
// {
## Splits
"${mod}+v" = "split v";
"${mod}+Shift+v" = "split h";
## Run
"${mod}+r" = "exec ${config.wayland.windowManager.sway.config.menu}";
"${mod}+Shift+r" = "mode resize";
## Screenshot
"Print" = "exec ${screenshotScript}/bin/screenshot";
"Shift+Print" = "exec ${screenshotEditScript}/bin/screenshot";
## Locking
"${mod}+semicolon" = "exec ${cfg.lockCmd}";
## Multimedia
"XF86AudioPrev" = "exec ${playerctl} previous";
"XF86AudioPlay" = "exec ${playerctl} play-pause";
"Shift+XF86AudioPlay" = "exec ${playerctl} stop";
"XF86AudioNext" = "exec ${playerctl} next";
"XF86AudioRecord" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Capture toggle";
"XF86AudioMute" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Master toggle";
"XF86AudioLowerVolume" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Master 3%-";
"XF86AudioRaiseVolume" = "exec ${pkgs.alsa-utils}/bin/amixer -q set Master 3%+";
## Backlight
"XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 10%-";
"XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 10%+";
"Shift+XF86MonBrightnessDown" =
"exec ${pkgs.brightnessctl}/bin/brightnessctl -d kbd_backlight s 25%-";
"Shift+XF86MonBrightnessUp" =
"exec ${pkgs.brightnessctl}/bin/brightnessctl -d kbd_backlight s 25%+";
}
//
# Map the workspaces
(builtins.listToAttrs (
lib.flatten (
map (key: [
{
name = "${mod}+${key}";
value = "workspace ${builtins.getAttr key wsAttrs}";
}
{
name = "${mod}+Shift+${key}";
value = "move to workspace ${builtins.getAttr key wsAttrs}";
}
]) (builtins.attrNames wsAttrs)
)
))
// {
# Extra workspaces
"${mod}+asciicircum" = "workspace ${extraWorkspaces.mail}";
"${mod}+shift+asciicircum" = "move to workspace ${extraWorkspaces.mail}";
}
//
# Move workspaces between outputs
{
name = "${mod}+${key}";
value = "workspace ${builtins.getAttr key wsAttrs}";
}
{
name = "${mod}+Shift+${key}";
value = "move to workspace ${builtins.getAttr key wsAttrs}";
}
])
(builtins.attrNames wsAttrs))
)) //
{
# Extra workspaces
"${mod}+asciicircum" = "workspace ${extraWorkspaces.mail}";
"${mod}+shift+asciicircum" = "move to workspace ${extraWorkspaces.mail}";
} //
# Move workspaces between outputs
{
"${mod}+ctrl+h" = "move workspace to output left";
"${mod}+ctrl+l" = "move workspace to output right";
};
"${mod}+ctrl+h" = "move workspace to output left";
"${mod}+ctrl+l" = "move workspace to output right";
};
### Fonts
#
fonts = {
names = [ "monospace" "FontAwesome5Free" ];
names = [
"monospace"
"FontAwesome5Free"
];
size = cfg.fontSize;
};
@ -298,21 +330,31 @@ in
];
};
# Commands
window.commands = [
{ criteria = { title = ".*"; }; command = "inhibit_idle fullscreen"; }
] ++ (
# Floating assignments
let
criterias = [
{ app_id = ".*float.*"; }
{ app_id = "org\\.freedesktop\\.impl\\.portal\\.desktop\\..*"; }
{ class = ".*float.*"; }
{ title = "Extension: .*Bitwarden.*"; }
];
toCommand = criteria: { inherit criteria; command = "floating enable"; };
in
map toCommand criterias
);
window.commands =
[
{
criteria = {
title = ".*";
};
command = "inhibit_idle fullscreen";
}
]
++ (
# Floating assignments
let
criterias = [
{ app_id = ".*float.*"; }
{ app_id = "org\\.freedesktop\\.impl\\.portal\\.desktop\\..*"; }
{ class = ".*float.*"; }
{ title = "Extension: .*Bitwarden.*"; }
];
toCommand = criteria: {
inherit criteria;
command = "floating enable";
};
in
map toCommand criterias
);
# Focus
focus.followMouse = true;
focus.mouseWarping = true;
@ -334,36 +376,50 @@ in
# swaynag
swaynag.enable = true;
# Environment Variables
extraSessionCommands = ''
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
export QT_IM_MODULE=fcitx
export GTK_IM_MODULE=fcitx # Til text-input is merged
# export NIXOS_OZONE_WL=1 # Until text-input is merged
extraSessionCommands =
''
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
export QT_IM_MODULE=fcitx
export GTK_IM_MODULE=fcitx # Til text-input is merged
# export NIXOS_OZONE_WL=1 # Until text-input is merged
'' + (if config.services.gnome-keyring.enable then ''
# gnome-keyring
if type gnome-keyring-daemon >/dev/null; then
eval `gnome-keyring-daemon`
export SSH_AUTH_SOCK
fi
'' else "") + lib.optionalString osConfig.services.desktopManager.plasma6.enable ''
export XDG_MENU_PREFIX=plasma-
'';
''
+ (
if config.services.gnome-keyring.enable then
''
# gnome-keyring
if type gnome-keyring-daemon >/dev/null; then
eval `gnome-keyring-daemon`
export SSH_AUTH_SOCK
fi
''
else
""
)
+ lib.optionalString osConfig.services.desktopManager.plasma6.enable ''
export XDG_MENU_PREFIX=plasma-
'';
# Extra
wrapperFeatures.base = true;
wrapperFeatures.gtk = true;
extraConfig =
(if cfg.enableLaptop then ''
# Lock screen on lid close
bindswitch lid:off exec ${cfg.lockCmd}
(
if cfg.enableLaptop then
''
# Lock screen on lid close
bindswitch lid:off exec ${cfg.lockCmd}
# Gesture bindings
bindgesture swipe:3:right workspace prev
bindgesture swipe:3:left workspace next
bindgesture swipe:3:up exec ${./rofi-window.py}
'' else "") + ''
# Gesture bindings
bindgesture swipe:3:right workspace prev
bindgesture swipe:3:left workspace next
bindgesture swipe:3:up exec ${./rofi-window.py}
''
else
""
)
+ ''
## swayfx stuff
# Rounded corners
corner_radius 5
@ -378,10 +434,10 @@ in
# Blur
for_window [app_id=".*kitty.*"] blur enable
blur_xray disable
'' + ''
''
+ ''
# Enable portal stuff
exec ${pkgs.writeShellScript "start-portals.sh" ''
''}
exec ${pkgs.writeShellScript "start-portals.sh" ''''}
'';
};
@ -393,20 +449,28 @@ in
# { timeout = 15 * 60; command = cfg.lockCmd; }
];
events = [
{ event = "lock"; command = cfg.lockCmd; }
{ event = "before-sleep"; command = cfg.lockCmd; }
{
event = "lock";
command = cfg.lockCmd;
}
{
event = "before-sleep";
command = cfg.lockCmd;
}
];
};
config.home.packages = mkIf cfg.enable (with pkgs; [
# Needed for QT_QPA_PLATFORM
kdePackages.qtwayland
# For waybar
font-awesome
]);
config.home.packages = mkIf cfg.enable (
with pkgs;
[
# Needed for QT_QPA_PLATFORM
kdePackages.qtwayland
# For waybar
font-awesome
]
);
config.programs.rofi = mkIf cfg.enable {
font = lib.mkForce "monospace ${toString cfg.fontSize}";
};
}

31
home/modules/programs/my-sway/ibus.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.programs.my-sway;
@ -6,15 +11,22 @@ let
# Set up an ibus script
ibusNext = (
let
input-methods = [ "xkb:us::eng" "mozc-jp" "Bamboo" ];
next = m:
input-methods = [
"xkb:us::eng"
"mozc-jp"
"Bamboo"
];
next =
m:
let
nextRec = l:
if (length l == 1)
then head input-methods
else if (m == head l)
then (head (tail l))
else nextRec (tail l);
nextRec =
l:
if (length l == 1) then
head input-methods
else if (m == head l) then
(head (tail l))
else
nextRec (tail l);
in
nextRec input-methods;
changeTo = m: ''
@ -52,4 +64,3 @@ in
};
};
}

721
home/modules/programs/my-waybar.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.programs.my-waybar;
in
@ -47,382 +52,418 @@ in
};
config.programs.waybar =
let
barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: lib.mkMerge ([{
layer = "top";
position = "top";
modules-left = [
"sway/workspaces"
"sway/mode"
"sway/window"
"niri/workspaces"
"niri/window"
];
modules-center = [
];
modules-right =
lib.optional showMedia (if cfg.enableMpd then "mpd" else "custom/media")
++ [
"tray"
"pulseaudio"
] ++ lib.optionals showConnectivity [
"bluetooth"
"network"
] ++ [
"cpu"
"memory"
"temperature"
] ++ lib.optionals cfg.enableLaptopBars [ "battery" "battery#bat2" ]
++ [
"clock"
];
barWith =
{
showMedia ? true,
showConnectivity ? true,
extraSettings ? { },
...
}:
lib.mkMerge (
[
{
layer = "top";
position = "top";
modules-left = [
"sway/workspaces"
"sway/mode"
"sway/window"
"niri/workspaces"
"niri/window"
];
modules-center = [
];
modules-right =
lib.optional showMedia (if cfg.enableMpd then "mpd" else "custom/media")
++ [
"tray"
"pulseaudio"
]
++ lib.optionals showConnectivity [
"bluetooth"
"network"
]
++ [
"cpu"
"memory"
"temperature"
]
++ lib.optionals cfg.enableLaptopBars [
"battery"
"battery#bat2"
]
++ [
"clock"
];
modules = {
"sway/workspaces" = {
format = "{name}";
};
"sway/mode" = {
format = "<span style=\"italic\">{}</span>";
};
"sway/window" = {
max-length = 70;
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"niri/window" = {
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"tray" = {
icon-size = 21;
spacing = 10;
};
"clock" = {
# format = "{:📅 %Y-%m-%d | 🕰️ %H:%M [%Z]}";
format = "📅 {0:%Y-%m-%d} | 🕰 {0:%H:%M [%Z]}";
tooltip-format = "\n<span size='9pt' font_family='Noto Sans Mono CJK JP'>{calendar}</span>";
timezones = [
"Europe/Zurich"
"America/Toronto"
"Asia/Tokyo"
"Asia/Ho_Chi_Minh"
];
calendar = {
mode = "year";
mode-mon-col = 3;
weeks-pos = "right";
on-scroll = 1;
on-click-right = "mode";
format = {
months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>";
weeks = "<span color='#99ffdd'><b>W{}</b></span>";
weekdays = "<span color='#ffcc66'><b> </b></span>"; # See https://github.com/Alexays/Waybar/issues/3132
today = "<span color='#ff6699'><b><u>{}</u></b></span>";
modules = {
"sway/workspaces" = {
format = "{name}";
};
"sway/mode" = {
format = "<span style=\"italic\">{}</span>";
};
"sway/window" = {
max-length = 70;
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"niri/window" = {
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"tray" = {
icon-size = 21;
spacing = 10;
};
"clock" = {
# format = "{:📅 %Y-%m-%d | 🕰️ %H:%M [%Z]}";
format = "📅 {0:%Y-%m-%d} | 🕰 {0:%H:%M [%Z]}";
tooltip-format = "\n<span size='9pt' font_family='Noto Sans Mono CJK JP'>{calendar}</span>";
timezones = [
"Europe/Zurich"
"America/Toronto"
"Asia/Tokyo"
"Asia/Ho_Chi_Minh"
];
calendar = {
mode = "year";
mode-mon-col = 3;
weeks-pos = "right";
on-scroll = 1;
on-click-right = "mode";
format = {
months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>";
weeks = "<span color='#99ffdd'><b>W{}</b></span>";
weekdays = "<span color='#ffcc66'><b> </b></span>"; # See https://github.com/Alexays/Waybar/issues/3132
today = "<span color='#ff6699'><b><u>{}</u></b></span>";
};
};
actions = {
on-click-middle = "mode";
on-click-right = "tz_up";
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
"cpu" = {
format = "{usage}% ";
};
"memory" = {
format = "{}% ";
};
"temperature" = {
# thermal-zone = 2;
# hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
critical-threshold = 80;
# format-critical = "{temperatureC}°C ";
format = "{temperatureC}°C ";
};
"backlight" = {
# device = "acpi_video1";
format = "{percent}% {icon}";
states = [
0
50
];
format-icons = [
""
""
];
};
"battery" = lib.mkIf cfg.enableLaptopBars {
states = {
good = 95;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
# format-good = ""; # An empty format will hide the module
# format-full = "";
format-icons = [
""
""
""
""
""
];
};
"battery#bat2" = lib.mkIf cfg.enableLaptopBars {
bat = "BAT2";
};
"network" = {
# interface = wlp2s0 # (Optional) To force the use of this interface
format-wifi = "{essid} ({signalStrength}%) ";
format-ethernet = "{ifname} ";
format-disconnected = "Disconnected ";
interval = 7;
on-click = "${cfg.terminal} ${lib.getExe' pkgs.iwd "iwctl"}";
};
"bluetooth" = {
format = " {status}";
format-connected = " {device_alias}";
format-connected-battery = " {device_alias} {device_battery_percentage}%";
# format-device-preference= [ "device1", "device2" ], // preference list deciding the displayed devic;
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
on-click = "${pkgs.blueman}/bin/blueman-manager";
};
"pulseaudio" = {
# scroll-step = 1;
format = "{volume}% {icon}";
format-bluetooth = "{volume}% {icon}";
format-muted = "";
format-icons = {
headphones = "";
handsfree = "";
headset = "";
phone = "";
portable = "";
car = "";
default = [
""
""
];
};
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
};
"mpd" = {
"format" =
"{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) 🎧";
"format-disconnected" = "Disconnected 🎧";
"format-stopped" = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped 🎧";
"interval" = 2;
"consume-icons" = {
"on" = " "; # Icon shows only when "consume" is on
};
"random-icons" = {
"off" = "<span color=\"#f53c3c\"></span> "; # Icon grayed out when "random" is off;
"on" = " ";
};
"repeat-icons" = {
"on" = " ";
};
"single-icons" = {
"on" = "1 ";
};
"state-icons" = {
"paused" = "";
"playing" = "";
};
"tooltip-format" = "MPD (connected)";
"tooltip-format-disconnected" = "MPD (disconnected)";
"on-click" = "${pkgs.mpc_cli}/bin/mpc toggle";
"on-click-right" = "${pkgs.mpc_cli}/bin/mpc stop";
"on-click-middle" = "${cfg.terminal} --class=kitty_ncmpcpp ${pkgs.ncmpcpp}/bin/ncmpcpp";
};
"custom/media" = {
"format" = "{icon}{}";
"return-type" = "json";
"format-icons" = {
"Playing" = " ";
"Paused" = " ";
};
"max-length" = 80;
"exec" =
"${lib.getExe pkgs.playerctl} -a metadata --format '{\"text\": \"{{artist}} - {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F";
"on-click" = "${lib.getExe pkgs.playerctl} play-pause";
};
};
};
actions = {
on-click-middle = "mode";
on-click-right = "tz_up";
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
"cpu" = {
format = "{usage}% ";
};
"memory" = {
format = "{}% ";
};
"temperature" = {
# thermal-zone = 2;
# hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
critical-threshold = 80;
# format-critical = "{temperatureC}°C ";
format = "{temperatureC}°C ";
};
"backlight" = {
# device = "acpi_video1";
format = "{percent}% {icon}";
states = [ 0 50 ];
format-icons = [ "" "" ];
};
"battery" = lib.mkIf cfg.enableLaptopBars {
states = {
good = 95;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
# format-good = ""; # An empty format will hide the module
# format-full = "";
format-icons = [ "" "" "" "" "" ];
};
"battery#bat2" = lib.mkIf cfg.enableLaptopBars {
bat = "BAT2";
};
"network" = {
# interface = wlp2s0 # (Optional) To force the use of this interface
format-wifi = "{essid} ({signalStrength}%) ";
format-ethernet = "{ifname} ";
format-disconnected = "Disconnected ";
interval = 7;
on-click = "${cfg.terminal} ${lib.getExe' pkgs.iwd "iwctl"}";
};
"bluetooth" = {
format = " {status}";
format-connected = " {device_alias}";
format-connected-battery = " {device_alias} {device_battery_percentage}%";
# format-device-preference= [ "device1", "device2" ], // preference list deciding the displayed devic;
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
on-click = "${pkgs.blueman}/bin/blueman-manager";
};
"pulseaudio" = {
# scroll-step = 1;
format = "{volume}% {icon}";
format-bluetooth = "{volume}% {icon}";
format-muted = "";
format-icons = {
headphones = "";
handsfree = "";
headset = "";
phone = "";
portable = "";
car = "";
default = [ "" "" ];
};
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
};
"mpd" = {
"format" = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) 🎧";
"format-disconnected" = "Disconnected 🎧";
"format-stopped" = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped 🎧";
"interval" = 2;
"consume-icons" = {
"on" = " "; # Icon shows only when "consume" is on
};
"random-icons" = {
"off" = "<span color=\"#f53c3c\"></span> "; # Icon grayed out when "random" is off;
"on" = " ";
};
"repeat-icons" = {
"on" = " ";
};
"single-icons" = {
"on" = "1 ";
};
"state-icons" = {
"paused" = "";
"playing" = "";
};
"tooltip-format" = "MPD (connected)";
"tooltip-format-disconnected" = "MPD (disconnected)";
"on-click" = "${pkgs.mpc_cli}/bin/mpc toggle";
"on-click-right" = "${pkgs.mpc_cli}/bin/mpc stop";
"on-click-middle" = "${cfg.terminal} --class=kitty_ncmpcpp ${pkgs.ncmpcpp}/bin/ncmpcpp";
};
"custom/media" = {
"format" = "{icon}{}";
"return-type" = "json";
"format-icons" = {
"Playing" = " ";
"Paused" = " ";
};
"max-length" = 80;
"exec" = "${lib.getExe pkgs.playerctl} -a metadata --format '{\"text\": \"{{artist}} - {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F";
"on-click" = "${lib.getExe pkgs.playerctl} play-pause";
};
};
}] ++
cfg.extraSettings
++ [ extraSettings ]);
}
]
++ cfg.extraSettings
++ [ extraSettings ]
);
in
lib.mkIf cfg.enable {
enable = true;
systemd.enable = true;
systemd.target = "sway-session.target";
settings = cfg.makeBars barWith;
style = ''
* {
border: none;
border-radius: 0;
font-family: monospace, 'Font Awesome 5', 'Symbols Nerd Font Mono', 'SFNS Display', Helvetica, Arial, sans-serif;
font-size: ${toString (cfg.fontSize * 1.1)}px;
min-height: 0;
}
style =
''
* {
border: none;
border-radius: 0;
font-family: monospace, 'Font Awesome 5', 'Symbols Nerd Font Mono', 'SFNS Display', Helvetica, Arial, sans-serif;
font-size: ${toString (cfg.fontSize * 1.1)}px;
min-height: 0;
}
window#waybar {
background: rgba(43, 48, 59, 0.8);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
}
window#waybar {
background: rgba(43, 48, 59, 0.8);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
}
window#waybar.hidden {
opacity: 0.0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button {
padding: 0 5px;
background: transparent;
color: #ffffff;
border-bottom: 3px solid transparent;
}
window#waybar.hidden {
opacity: 0.0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button {
padding: 0 5px;
background: transparent;
color: #ffffff;
border-bottom: 3px solid transparent;
}
#workspaces button.focused {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
#workspaces button.focused {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#window, #sway, #sway-window {
padding-left: 1em;
margin-bottom: 0.4em;
}
#window, #sway, #sway-window {
padding-left: 1em;
margin-bottom: 0.4em;
}
#mode {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
#mode {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
/* #clock, #battery, #cpu, #memory, #temperature, #backlight, #network, #pulseaudio, #bluetooth, #custom-media, #tray, #mode, #idle_inhibitor, #mpd { */
.modules-right > * > * {
margin: 0.2em 0 0.4em 0;
padding: 0.2em 0.5em;
border: 1px solid rgba(0, 0, 0, 0.25);
border-radius: 0.3em;
}
/* #clock, #battery, #cpu, #memory, #temperature, #backlight, #network, #pulseaudio, #bluetooth, #custom-media, #tray, #mode, #idle_inhibitor, #mpd { */
.modules-right > * > * {
margin: 0.2em 0 0.4em 0;
padding: 0.2em 0.5em;
border: 1px solid rgba(0, 0, 0, 0.25);
border-radius: 0.3em;
}
.modules-right > *:not(:last-child) > * {
margin-right: 0.4em;
}
.modules-right > *:not(:last-child) > * {
margin-right: 0.4em;
}
#clock {
background-color: #64727D;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging {
color: #ffffff;
background-color: #26A65B;
}
#battery.charging {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#battery.critical:not(.charging) {
background: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#cpu {
background: #2ecc71;
color: #000000;
}
#cpu {
background: #2ecc71;
color: #000000;
}
#memory {
background: #9b59b6;
}
#memory {
background: #9b59b6;
}
#backlight {
background: #90b1b1;
}
#backlight {
background: #90b1b1;
}
#network {
background: #2980b9;
}
#network {
background: #2980b9;
}
#network.disconnected {
background: #f53c3c;
}
#network.disconnected {
background: #f53c3c;
}
#pulseaudio {
background: #f1c40f;
color: #000000;
}
#pulseaudio {
background: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background: #90b1b1;
}
#pulseaudio.muted {
background: #90b1b1;
}
#bluetooth {
background: DarkSlateBlue;
color: white;
}
#bluetooth {
background: DarkSlateBlue;
color: white;
}
#custom-media {
background: #66cc99;
color: #2a5c45;
}
#custom-media {
background: #66cc99;
color: #2a5c45;
}
.custom-spotify {
background: #66cc99;
}
.custom-spotify {
background: #66cc99;
}
.custom-vlc {
background: #ffa000;
}
.custom-vlc {
background: #ffa000;
}
#temperature {
background: #f0932b;
}
#temperature {
background: #f0932b;
}
#temperature.critical {
background: #eb4d4b;
}
#temperature.critical {
background: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#tray {
background-color: #2980b9;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
background-color: teal;
color: white;
}
'' + cfg.extraStyle;
#mpd {
background-color: teal;
color: white;
}
''
+ cfg.extraStyle;
};
}

13
home/modules/programs/openconnect-epfl.nix
View file

@ -1,8 +1,16 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
openconnect-epfl = pkgs.writeShellApplication {
name = "openconnect-epfl";
runtimeInputs = with pkgs; [ openconnect rbw ];
runtimeInputs = with pkgs; [
openconnect
rbw
];
text = ''
METHOD="Microsoft Entra ID"
RBW_ENTRY="EPFL Microsoft Auth"
@ -20,4 +28,3 @@ in
{
home.packages = [ openconnect-epfl ];
}

23
home/nki-framework.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
{
imports = [
@ -56,9 +61,11 @@
powerprofilesctl set $new_profile
'';
in
[{
modules."battery"."on-click" = change-mode;
}];
[
{
modules."battery"."on-click" = change-mode;
}
];
# input-remapping
xdg.configFile."autostart/input-remapper-autoload.desktop".source =
@ -75,7 +82,7 @@
settings = [
{
profile.name = "undocked";
profile.outputs = [{ criteria = "eDP-1"; }];
profile.outputs = [ { criteria = "eDP-1"; } ];
}
{
profile.name = "work-both";
@ -85,7 +92,10 @@
position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}";
status = "enable";
}
{ criteria = work.name; position = "1920,0"; }
{
criteria = work.name;
position = "1920,0";
}
];
}
{
@ -111,4 +121,3 @@
# changes in each release.
home.stateVersion = "21.05";
}

48
home/nki-x1c1.nix
View file

@ -1,4 +1,10 @@
{ pkgs, options, config, lib, ... }:
{
pkgs,
options,
config,
lib,
...
}:
let
iio-sway = pkgs.stdenv.mkDerivation {
@ -11,7 +17,11 @@ let
hash = "sha256-JGacKajslCOvd/BFfFSf7s1/hgF6rJqJ6H6xNnsuMb4=";
};
buildInputs = with pkgs; [ dbus ];
nativeBuildInputs = with pkgs; [ meson ninja pkg-config ];
nativeBuildInputs = with pkgs; [
meson
ninja
pkg-config
];
meta.mainProgram = "iio-sway";
};
in
@ -31,10 +41,13 @@ in
home.homeDirectory = "/home/nki";
# More packages
home.packages = (with pkgs; [
# Note-taking
rnote
]);
home.packages = (
with pkgs;
[
# Note-taking
rnote
]
);
# Graphical set up
linux.graphical.type = "wayland";
@ -65,7 +78,9 @@ in
programs.my-niri.enable = true;
programs.my-niri.enableLaptop = true;
# Assign some of the workspaces to big screen
programs.my-niri.workspaces = lib.genAttrs [ "06" "07" "08" "09" "10" ] (_: { monitor = config.common.monitors.work.name; });
programs.my-niri.workspaces = lib.genAttrs [ "06" "07" "08" "09" "10" ] (_: {
monitor = config.common.monitors.work.name;
});
programs.niri.settings = {
# input.keyboard.xkb.options = "ctrl:swapcaps";
input.mouse = lib.mkForce {
@ -110,19 +125,29 @@ in
settings = [
{
profile.name = "undocked";
profile.outputs = [{ criteria = "eDP-1"; }];
profile.outputs = [ { criteria = "eDP-1"; } ];
}
{
profile.name = "work-both";
profile.outputs = [
{ criteria = "eDP-1"; position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}"; status = "enable"; }
{ criteria = work.name; position = "1920,0"; }
{
criteria = "eDP-1";
position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}";
status = "enable";
}
{
criteria = work.name;
position = "1920,0";
}
];
}
{
profile.name = "work-one";
profile.outputs = [
{ criteria = "eDP-1"; status = "disable"; }
{
criteria = "eDP-1";
status = "disable";
}
{ criteria = work.name; }
];
}
@ -139,4 +164,3 @@ in
# changes in each release.
home.stateVersion = "21.05";
}

8
home/osu/default.nix
View file

@ -2,7 +2,9 @@
let
# osu-pkg = pkgs.unstable.osu-lazer-bin;
osu-pkg = with pkgs; with lib;
osu-pkg =
with pkgs;
with lib;
appimageTools.wrapType2 rec {
pname = "osu-lazer-bin";
version = "2025.321.0";
@ -13,7 +15,8 @@ let
extraPkgs = pkgs: with pkgs; [ icu ];
extraInstallCommands =
let contents = appimageTools.extract { inherit pname version src; };
let
contents = appimageTools.extract { inherit pname version src; };
in
''
mv -v $out/bin/${pname} $out/bin/osu\!
@ -30,4 +33,3 @@ in
xdg.mimeApps.defaultApplications."x-scheme-handler/osu" = "osu!.desktop";
# home.packages = [ pkgs.osu-lazer ];
}

48
kagami-air-m1/configuration.nix
View file

@ -2,25 +2,40 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Override base mesa
({ ... }: { nixpkgs.overlays = lib.mkBefore [ (final: prev: { mesa = prev.mesa.override { enableOpenCL = true; meson = final.unstable.meson; }; }) ]; })
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Override base mesa
(
{ ... }:
{
nixpkgs.overlays = lib.mkBefore [
(final: prev: {
mesa = prev.mesa.override {
enableOpenCL = true;
meson = final.unstable.meson;
};
})
];
}
)
];
# time.timeZone = lib.mkForce "Asia/Ho_Chi_Minh";
services.xserver.desktopManager.plasma5.enable = true;
# Asahi kernel configuration
hardware.asahi = {
peripheralFirmwareDirectory = ./firmware;
@ -46,9 +61,9 @@
hash = "sha256-IcKKe1RA8sCaUfWK71ELzF15YaBS3DjoYhNMIWiQ5Jw=";
};
patches = lib.forEach attrs.patches (p:
if lib.hasSuffix "opencl.patch" p
then ./mesa-asahi-edge/opencl.patch else p);
patches = lib.forEach attrs.patches (
p: if lib.hasSuffix "opencl.patch" p then ./mesa-asahi-edge/opencl.patch else p
);
});
})
];
@ -145,4 +160,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

38
kagami-air-m1/hardware-configuration.nix
View file

@ -1,33 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/ebb6bf2e-2d7f-4fa6-88cb-751fdd174ef9";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/ebb6bf2e-2d7f-4fa6-88cb-751fdd174ef9";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/19BC-1BE8";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/19BC-1BE8";
fsType = "vfat";
};
swapDevices = [
{ device = "/swap"; size = 16 * 1024; }
{
device = "/swap";
size = 16 * 1024;
}
];
# nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

36
modules/cloud/authentik/default.nix
View file

@ -1,11 +1,15 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.cloud.authentik;
mkImage =
{ imageName, imageDigest, ... }: "${imageName}@${imageDigest}";
mkImage = { imageName, imageDigest, ... }: "${imageName}@${imageDigest}";
# If we can pullImage we can just do
# mkImage = pkgs.dockerTools.pullImage;
@ -62,7 +66,10 @@ in
image = images.postgresql;
restart = "unless-stopped";
healthcheck = {
test = [ "CMD-SHELL" "pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}" ];
test = [
"CMD-SHELL"
"pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}"
];
start_period = "20s";
interval = "30s";
retries = 5;
@ -73,14 +80,20 @@ in
POSTGRES_USER = "authentik";
POSTGRES_DB = "authentik";
};
env_file = [ cfg.envFile "${postgresEnv}" ];
env_file = [
cfg.envFile
"${postgresEnv}"
];
};
services.redis.service = {
image = images.redis;
command = "--save 60 1 --loglevel warning";
restart = "unless-stopped";
healthcheck = {
test = [ "CMD-SHELL" "redis-cli ping | grep PONG" ];
test = [
"CMD-SHELL"
"redis-cli ping | grep PONG"
];
start_period = "20s";
interval = "30s";
retries = 5;
@ -102,7 +115,10 @@ in
AUTHENTIK_POSTGRESQL__USER = "authentik";
AUTHENTIK_POSTGRESQL__NAME = "authentik";
};
env_file = [ cfg.envFile "${authentikEnv}" ];
env_file = [
cfg.envFile
"${authentikEnv}"
];
ports = [
"127.0.0.1:${toString cfg.port}:9000"
];
@ -124,7 +140,10 @@ in
AUTHENTIK_POSTGRESQL__USER = "authentik";
AUTHENTIK_POSTGRESQL__NAME = "authentik";
};
env_file = [ cfg.envFile "${authentikEnv}" ];
env_file = [
cfg.envFile
"${authentikEnv}"
];
user = "root";
};
docker-compose.volumes = {
@ -134,4 +153,3 @@ in
};
};
}

7
modules/cloud/bitwarden/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
let

171
modules/cloud/conduit/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.cloud.conduit;
@ -33,95 +38,105 @@ with lib;
};
instances = mkOption {
type = types.attrsOf (types.submodule {
options = {
host = mkOption {
type = types.str;
type = types.attrsOf (
types.submodule {
options = {
host = mkOption {
type = types.str;
};
server_name = mkOption {
type = types.str;
default = "";
};
port = mkOption {
type = types.int;
};
noCloudflare = mkOption {
type = types.bool;
default = false;
};
allow_registration = mkOption {
type = types.bool;
default = false;
};
well-known_port = mkOption {
type = types.int;
};
};
server_name = mkOption {
type = types.str;
default = "";
};
port = mkOption {
type = types.int;
};
noCloudflare = mkOption {
type = types.bool;
default = false;
};
allow_registration = mkOption {
type = types.bool;
default = false;
};
well-known_port = mkOption {
type = types.int;
};
};
});
}
);
};
};
config.systemd.services = mkIf cfg.enable
(lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "matrix-conduit-${name}"
(
let
srvName = "matrix-conduit-${name}";
format = pkgs.formats.toml { };
server_name = if instance.server_name == "" then instance.host else instance.server_name;
configFile = format.generate "conduit.toml" (lib.attrsets.recursiveUpdate defaultConfig {
config.systemd.services = mkIf cfg.enable (
lib.attrsets.mapAttrs' (
name: instance:
lib.attrsets.nameValuePair "matrix-conduit-${name}" (
let
srvName = "matrix-conduit-${name}";
format = pkgs.formats.toml { };
server_name = if instance.server_name == "" then instance.host else instance.server_name;
configFile = format.generate "conduit.toml" (
lib.attrsets.recursiveUpdate defaultConfig {
global.server_name = server_name;
global.port = instance.port;
global.allow_registration = instance.allow_registration;
global.database_path = "/mnt/data/${srvName}/";
global.well_known_client = "https://${instance.host}";
global.well_known_server = "${instance.host}:443";
});
in
{
description = "Conduit Matrix Server (for ${server_name})";
documentation = [ "https://gitlab.com/famedly/conduit/" ];
wantedBy = [ "multi-user.target" ];
environment = { CONDUIT_CONFIG = configFile; };
serviceConfig = {
DynamicUser = true;
User = "${srvName}";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
# StateDirectory = "/mnt/data/${srvName}";
BindPaths = [ "/mnt/data/${srvName}" ];
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
};
}
))
cfg.instances);
}
);
in
{
description = "Conduit Matrix Server (for ${server_name})";
documentation = [ "https://gitlab.com/famedly/conduit/" ];
wantedBy = [ "multi-user.target" ];
environment = {
CONDUIT_CONFIG = configFile;
};
serviceConfig = {
DynamicUser = true;
User = "${srvName}";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
# StateDirectory = "/mnt/data/${srvName}";
BindPaths = [ "/mnt/data/${srvName}" ];
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
};
}
)
) cfg.instances
);
config.cloud.traefik.hosts = mkIf cfg.enable (
(lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
(lib.attrsets.mapAttrs' (
name: instance:
lib.attrsets.nameValuePair "conduit-${name}" ({
inherit (instance) host port noCloudflare;
}))
cfg.instances)
})
) cfg.instances)
);
}

44
modules/cloud/conduit/heisenbridge.nix
View file

@ -1,9 +1,15 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
cfg = config.cloud.conduit.heisenbridge;
cfgConduit = config.cloud.conduit;
in
with lib; {
with lib;
{
options.cloud.conduit.heisenbridge = {
enable = mkEnableOption "Enable heisenbridge for conduit";
package = mkPackageOption pkgs "heisenbridge" { };
@ -23,17 +29,26 @@ with lib; {
};
config = mkIf cfg.enable (
let
cfgFile = if cfg.port == null then cfg.appserviceFile else
pkgs.runCommand "heisenbridge-config" { } ''
cp ${cfg.appserviceFile} $out
${pkgs.sd}/bin/sd '^url: .*$' "url: http://127.0.0.1:${cfg.port}"
'';
listenArgs = lists.optionals (cfg.port != null) [ "--listen-port" (toString cfg.port) ];
cfgFile =
if cfg.port == null then
cfg.appserviceFile
else
pkgs.runCommand "heisenbridge-config" { } ''
cp ${cfg.appserviceFile} $out
${pkgs.sd}/bin/sd '^url: .*$' "url: http://127.0.0.1:${cfg.port}"
'';
listenArgs = lists.optionals (cfg.port != null) [
"--listen-port"
(toString cfg.port)
];
in
{
systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge";
requires = [ "matrix-conduit-nkagami.service" "matrix-synapse.service" ]; # So the registration file can be used by Synapse
requires = [
"matrix-conduit-nkagami.service"
"matrix-synapse.service"
]; # So the registration file can be used by Synapse
wantedBy = [ "multi-user.target" ];
serviceConfig = rec {
@ -77,12 +92,18 @@ with lib; {
RemoveIPC = true;
UMask = "0077";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port != null && cfg.port < 1024) "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = [
"CAP_CHOWN"
] ++ optional (cfg.port != null && cfg.port < 1024) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
SystemCallFilter = [ "@system-service" "~@privileged" "@chown" ];
SystemCallFilter = [
"@system-service"
"~@privileged"
"@chown"
];
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_INET AF_INET6";
};
@ -97,4 +118,3 @@ with lib; {
}
);
}

20
modules/cloud/firezone/default.nix
View file

@ -1,11 +1,15 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.cloud.firezone;
mkImage =
{ imageName, imageDigest, ... }: "${imageName}@${imageDigest}";
mkImage = { imageName, imageDigest, ... }: "${imageName}@${imageDigest}";
# If we can pullImage we can just do
# mkImage = pkgs.dockerTools.pullImage;
@ -48,7 +52,10 @@ in
image = images.postgresql;
restart = "unless-stopped";
healthcheck = {
test = [ "CMD-SHELL" "pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}" ];
test = [
"CMD-SHELL"
"pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}"
];
start_period = "20s";
interval = "30s";
retries = 5;
@ -89,7 +96,10 @@ in
driver = "bridge";
ipam.config = [
{ subnet = "172.25.0.0/16"; }
{ subnet = "2001:3990:3990::/64"; gateway = "2001:3990:3990::1"; }
{
subnet = "2001:3990:3990::/64";
gateway = "2001:3990:3990::1";
}
];
};
};

58
modules/cloud/gotosocial/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.cloud.gotosocial;
@ -41,13 +46,21 @@ in
# Postgres
cloud.postgresql.databases = [ dbUser ];
# Traefik
cloud.traefik.hosts = { gotosocial = { inherit (cfg) host port; }; } //
(if cfg.accountDomain != cfg.host && cfg.accountDomain != "" then {
gotosocial-wellknown = {
inherit (cfg) port;
filter = "Host(`${cfg.accountDomain}`) && (PathPrefix(`/.well-known/webfinger`) || PathPrefix(`/.well-known/nodeinfo`) || PathPrefix(`/.well-known/host-meta`))";
};
} else { });
cloud.traefik.hosts =
{
gotosocial = { inherit (cfg) host port; };
}
// (
if cfg.accountDomain != cfg.host && cfg.accountDomain != "" then
{
gotosocial-wellknown = {
inherit (cfg) port;
filter = "Host(`${cfg.accountDomain}`) && (PathPrefix(`/.well-known/webfinger`) || PathPrefix(`/.well-known/nodeinfo`) || PathPrefix(`/.well-known/host-meta`))";
};
}
else
{ }
);
# The service itself
services.gotosocial = {
enable = true;
@ -60,7 +73,10 @@ in
bind-address = "localhost";
port = cfg.port;
# Instance
instance-languages = [ "en-ca" "vi" ];
instance-languages = [
"en-ca"
"vi"
];
# Accounts
accounts-registration-open = false;
accounts-allow-custom-css = true;
@ -73,15 +89,23 @@ in
web-template-base-dir = "${cfg.package}/share/gotosocial/web/template";
web-asset-base-dir = "${cfg.package}/share/gotosocial/web/assets";
# Media
media-emoji-remote-max-size = 256 * 1024 /* bytes */;
media-emoji-local-max-size = 256 * 1024 /* bytes */;
media-emoji-remote-max-size =
256 * 1024 # bytes
;
media-emoji-local-max-size =
256 * 1024 # bytes
;
media-remote-cache-days = 7;
media-cleanup-from = "00:00";
media-cleanup-every = "24h";
# OIDC
oidc-enabled = true;
oidc-idp-name = "DTTH";
oidc-scopes = [ "openid" "email" "profile" ];
oidc-scopes = [
"openid"
"email"
"profile"
];
# HTTP Client
http-client.block-ips = [ "11.0.0.0/24" ];
# Advanced
@ -92,8 +116,14 @@ in
# instance-inject-mastodon-version = true;
};
};
systemd.services.gotosocial.requires = mkAfter [ "postgresql.service" "arion-authentik.service" ];
systemd.services.gotosocial.after = mkAfter [ "postgresql.service" "arion-authentik.service" ];
systemd.services.gotosocial.requires = mkAfter [
"postgresql.service"
"arion-authentik.service"
];
systemd.services.gotosocial.after = mkAfter [
"postgresql.service"
"arion-authentik.service"
];
systemd.services.gotosocial.unitConfig = {
RequiresMountsFor = [ storageLocation ];
ReadWritePaths = [ storageLocation ];

20
modules/cloud/mail/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -238,7 +243,12 @@ in
# MTA-STS server
services.nginx.enable = true;
services.nginx.virtualHosts.maddy-mta-sts = {
listen = [{ addr = "127.0.0.1"; port = mtaStsPort; }];
listen = [
{
addr = "127.0.0.1";
port = mtaStsPort;
}
];
root = mtaStsDir;
};
@ -273,7 +283,10 @@ in
# maddy itself
systemd.services."${name}" = {
after = [ "network.target" "traefik-certs-dumper.service" ];
after = [
"network.target"
"traefik-certs-dumper.service"
];
wantedBy = [ "multi-user.target" ];
requires = [ "postgresql.service" ];
@ -327,7 +340,6 @@ in
KillMode = "mixed";
KillSignal = "SIGTERM";
# Required to bind on ports lower than 1024.
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";

7
modules/cloud/postgresql/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let

7
modules/cloud/traefik/certs-dumper.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let

246
modules/cloud/traefik/config.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
let
@ -9,126 +14,169 @@ let
};
# Copied from traefik.nix
jsonValue = with types;
jsonValue =
with types;
let
valueType = nullOr
(oneOf [
valueType =
nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
description = "JSON value";
emptyValue.value = { };
};
])
// {
description = "JSON value";
emptyValue.value = { };
};
in
valueType;
hostType = with types; submodule {
options = {
host = mkOption {
type = str;
description = "The host for the router filter";
};
path = mkOption {
type = nullOr str;
default = null;
description = "The path for the router filter (exact path is matched)";
};
filter = mkOption {
type = nullOr str;
default = null;
description = "The filter syntax for the router. Overrides `host` and `path` if provided";
};
localHost = mkOption {
type = types.nullOr types.str;
description = "The local host of the service. Must be an IP if protocol is TCP. Default to localhost/127.0.0.1";
default = null;
};
port = mkOption {
type = types.port;
description = "The port that the service is listening on";
};
entrypoints = mkOption {
type = listOf (enum [ "http" "https" "smtp-submission" "smtp-submission-ssl" "imap" "wireguard" ]);
default = [ "https" ];
description = "The entrypoints that will serve the host";
};
middlewares = mkOption {
type = listOf jsonValue;
default = [ ];
description = "The middlewares to be used with the host.";
};
protocol = mkOption {
type = enum [ "http" "tcp" "udp" ];
default = "http";
description = "The protocol of the router and service";
};
tlsPassthrough = mkOption {
type = types.bool;
default = true;
description = "Sets the TCP passthrough value. Defaults to `true` if the connection is tcp";
};
noCloudflare = mkOption {
type = types.bool;
default = false;
description = "Bypasses the client cert requirement, enable if you don't route things through cloudflare";
hostType =
with types;
submodule {
options = {
host = mkOption {
type = str;
description = "The host for the router filter";
};
path = mkOption {
type = nullOr str;
default = null;
description = "The path for the router filter (exact path is matched)";
};
filter = mkOption {
type = nullOr str;
default = null;
description = "The filter syntax for the router. Overrides `host` and `path` if provided";
};
localHost = mkOption {
type = types.nullOr types.str;
description = "The local host of the service. Must be an IP if protocol is TCP. Default to localhost/127.0.0.1";
default = null;
};
port = mkOption {
type = types.port;
description = "The port that the service is listening on";
};
entrypoints = mkOption {
type = listOf (enum [
"http"
"https"
"smtp-submission"
"smtp-submission-ssl"
"imap"
"wireguard"
]);
default = [ "https" ];
description = "The entrypoints that will serve the host";
};
middlewares = mkOption {
type = listOf jsonValue;
default = [ ];
description = "The middlewares to be used with the host.";
};
protocol = mkOption {
type = enum [
"http"
"tcp"
"udp"
];
default = "http";
description = "The protocol of the router and service";
};
tlsPassthrough = mkOption {
type = types.bool;
default = true;
description = "Sets the TCP passthrough value. Defaults to `true` if the connection is tcp";
};
noCloudflare = mkOption {
type = types.bool;
default = false;
description = "Bypasses the client cert requirement, enable if you don't route things through cloudflare";
};
};
};
};
# Returns the filter given a host configuration
filterOfHost = host:
filterOfHost =
host:
let
hostFilter = if host.protocol == "http" then "Host" else "HostSNI";
in
if host.filter != null then host.filter
else if host.path == null then "${hostFilter}(`${host.host}`)"
else "${hostFilter}(`${host.host}`) && Path(`${host.path}`)";
if host.filter != null then
host.filter
else if host.path == null then
"${hostFilter}(`${host.host}`)"
else
"${hostFilter}(`${host.host}`) && Path(`${host.path}`)";
# Turns a host configuration into dynamic traefik configuration
hostToConfig = name: host: {
"${host.protocol}" = {
routers."${name}-router" = (if (host.protocol != "udp") then {
rule = filterOfHost host;
tls = { certResolver = "le"; }
// (if host.protocol == "tcp" then { passthrough = if (host ? tlsPassthrough) then host.tlsPassthrough else true; } else { })
// (if host.noCloudflare then tlsNoCloudflare else { });
} else { }) // {
entryPoints = host.entrypoints;
service = "${name}-service";
} // (
if host.protocol == "http" then
{ middlewares = lists.imap0 (id: m: "${name}-middleware-${toString id}") host.middlewares; }
else if host.middlewares == [ ] then
"${host.protocol}" =
{
routers."${name}-router" =
(
if (host.protocol != "udp") then
{
rule = filterOfHost host;
tls =
{
certResolver = "le";
}
// (
if host.protocol == "tcp" then
{ passthrough = if (host ? tlsPassthrough) then host.tlsPassthrough else true; }
else
{ }
)
// (if host.noCloudflare then tlsNoCloudflare else { });
}
else
{ }
)
// {
entryPoints = host.entrypoints;
service = "${name}-service";
}
// (
if host.protocol == "http" then
{ middlewares = lists.imap0 (id: m: "${name}-middleware-${toString id}") host.middlewares; }
else if host.middlewares == [ ] then
{ }
else
abort "Cannot have middlewares on non-http routers"
);
services."${name}-service".loadBalancer.servers = [
(
let
localhost =
if isNull host.localHost then
(if host.protocol == "http" then "localhost" else "127.0.0.1")
else
host.localHost;
in
if host.protocol == "http" then
{ url = "http://${localhost}:${toString host.port}"; }
else
{ address = "${localhost}:${toString host.port}"; }
)
];
}
// (
if (host.middlewares != [ ]) then
{
middlewares = builtins.listToAttrs (
lists.imap0 (id: v: {
name = "${name}-middleware-${toString id}";
value = v;
}) host.middlewares
);
}
else
{ }
else abort "Cannot have middlewares on non-http routers"
);
services."${name}-service".loadBalancer.servers = [
(
let
localhost =
if isNull host.localHost then
(
if host.protocol == "http" then "localhost"
else "127.0.0.1"
) else host.localHost;
in
if host.protocol == "http" then
{ url = "http://${localhost}:${toString host.port}"; }
else { address = "${localhost}:${toString host.port}"; }
)
];
} // (if (host.middlewares != [ ]) then {
middlewares = builtins.listToAttrs (lists.imap0
(id: v: {
name = "${name}-middleware-${toString id}";
value = v;
})
host.middlewares);
} else { });
};
tlsConfig = {

10
modules/cloud/traefik/dashboard.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -28,7 +33,8 @@ in
# Dynamic configuration
# ---------------------
## Middleware
services.traefik.dynamicConfigOptions.http.middlewares.dashboard-auth.basicAuth.usersFile = cfg.usersFile;
services.traefik.dynamicConfigOptions.http.middlewares.dashboard-auth.basicAuth.usersFile =
cfg.usersFile;
## Router
services.traefik.dynamicConfigOptions.http.routers.dashboard = {
rule = "Host(`${cfg.host}`)";

36
modules/cloud/traefik/default.nix
View file

@ -1,22 +1,29 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
# Copied from traefik.nix
jsonValue = with types;
jsonValue =
with types;
let
valueType = nullOr
(oneOf [
valueType =
nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
description = "JSON value";
emptyValue.value = { };
};
])
// {
description = "JSON value";
emptyValue.value = { };
};
in
valueType;
@ -41,7 +48,11 @@ let
cfg = config.cloud.traefik;
in
{
imports = [ ./config.nix ./dashboard.nix ./certs-dumper.nix ];
imports = [
./config.nix
./dashboard.nix
./certs-dumper.nix
];
options.cloud.traefik = {
cloudflareKeyFile = mkOption {
type = types.path;
@ -104,7 +115,12 @@ in
config.systemd.services.traefik.environment.CF_DNS_API_TOKEN_FILE = cfg.cloudflareKeyFile;
# Set up firewall to allow traefik traffic.
config.networking.firewall.allowedTCPPorts = [ 443 993 587 465 ];
config.networking.firewall.allowedTCPPorts = [
443
993
587
465
];
config.networking.firewall.allowedUDPPorts = [
443 # QUIC
51820 # Wireguard

8
modules/cloud/writefreely/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.cloud.writefreely;
@ -62,4 +67,3 @@ in
}
);
}

362
modules/common/linux/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -6,118 +11,142 @@ let
# Modules
modules = {
adb = { config, ... }: mkIf config.common.linux.enable {
services.udev.packages = with pkgs; [ android-udev-rules ];
programs.adb.enable = true;
users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ];
};
ios = { config, pkgs, ... }: mkIf config.common.linux.enable {
services.usbmuxd.enable = true;
services.usbmuxd.package = pkgs.usbmuxd2;
environment.systemPackages = with pkgs; [
libimobiledevice
ifuse
];
users.users.${config.common.linux.username}.extraGroups = [ config.services.usbmuxd.group ];
systemd.network.networks."05-ios-tethering" = {
matchConfig.Driver = "ipheth";
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = "no";
adb =
{ config, ... }:
mkIf config.common.linux.enable {
services.udev.packages = with pkgs; [ android-udev-rules ];
programs.adb.enable = true;
users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ];
};
};
graphics = { config, pkgs, ... }: {
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
# Monitor backlight
hardware.i2c.enable = true;
services.ddccontrol.enable = true;
environment.systemPackages = [ pkgs.luminance pkgs.ddcutil ];
};
accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
environment.systemPackages = [ pkgs.glib (pkgs.gnome-control-center or pkgs.gnome.gnome-control-center) ];
services.accounts-daemon.enable = true;
services.gnome.gnome-online-accounts.enable = true;
# programs.evolution.enable = true;
# programs.evolution.plugins = with pkgs; [ evolution-ews ];
# services.gnome.evolution-data-server.enable = true;
# services.gnome.evolution-data-server.plugins = with pkgs; [ evolution-ews ];
};
wlr = { lib, config, ... }: mkIf config.common.linux.enable {
# swaync disable notifications on screencast
xdg.portal.wlr.settings.screencast = {
exec_before = ''which swaync-client && swaync-client --inhibitor-add "xdg-desktop-portal-wlr" || true'';
exec_after = ''which swaync-client && swaync-client --inhibitor-remove "xdg-desktop-portal-wlr" || true'';
ios =
{ config, pkgs, ... }:
mkIf config.common.linux.enable {
services.usbmuxd.enable = true;
services.usbmuxd.package = pkgs.usbmuxd2;
environment.systemPackages = with pkgs; [
libimobiledevice
ifuse
];
users.users.${config.common.linux.username}.extraGroups = [ config.services.usbmuxd.group ];
systemd.network.networks."05-ios-tethering" = {
matchConfig.Driver = "ipheth";
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = "no";
};
};
# Niri stuff
# https://github.com/sodiboo/niri-flake/blob/main/docs.md
programs.niri.enable = true;
programs.niri.package = pkgs.niri-stable;
# Override gnome-keyring disabling
services.gnome.gnome-keyring.enable = lib.mkForce false;
};
logitech = { pkgs, ... }: mkIf cfg.enable {
services.ratbagd.enable = true;
environment.systemPackages = with pkgs; [ piper ];
};
kwallet = { pkgs, lib, ... }: mkIf cfg.enable {
environment.systemPackages = [ pkgs.kdePackages.kwallet ];
services.dbus.packages = [ pkgs.kdePackages.kwallet ];
xdg.portal = {
extraPortals = [ pkgs.kdePackages.kwallet ];
graphics =
{ config, pkgs, ... }:
{
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
# Monitor backlight
hardware.i2c.enable = true;
services.ddccontrol.enable = true;
environment.systemPackages = [
pkgs.luminance
pkgs.ddcutil
];
};
};
virtualisation = { pkgs, ... }: mkIf cfg.enable {
virtualisation.podman = {
accounts =
{ pkgs, ... }:
mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
environment.systemPackages = [
pkgs.glib
(pkgs.gnome-control-center or pkgs.gnome.gnome-control-center)
];
services.accounts-daemon.enable = true;
services.gnome.gnome-online-accounts.enable = true;
# programs.evolution.enable = true;
# programs.evolution.plugins = with pkgs; [ evolution-ews ];
# services.gnome.evolution-data-server.enable = true;
# services.gnome.evolution-data-server.plugins = with pkgs; [ evolution-ews ];
};
wlr =
{ lib, config, ... }:
mkIf config.common.linux.enable {
# swaync disable notifications on screencast
xdg.portal.wlr.settings.screencast = {
exec_before = ''which swaync-client && swaync-client --inhibitor-add "xdg-desktop-portal-wlr" || true'';
exec_after = ''which swaync-client && swaync-client --inhibitor-remove "xdg-desktop-portal-wlr" || true'';
};
# Niri stuff
# https://github.com/sodiboo/niri-flake/blob/main/docs.md
programs.niri.enable = true;
programs.niri.package = pkgs.niri-stable;
# Override gnome-keyring disabling
services.gnome.gnome-keyring.enable = lib.mkForce false;
};
logitech =
{ pkgs, ... }:
mkIf cfg.enable {
services.ratbagd.enable = true;
environment.systemPackages = with pkgs; [ piper ];
};
kwallet =
{ pkgs, lib, ... }:
mkIf cfg.enable {
environment.systemPackages = [ pkgs.kdePackages.kwallet ];
services.dbus.packages = [ pkgs.kdePackages.kwallet ];
xdg.portal = {
extraPortals = [ pkgs.kdePackages.kwallet ];
};
};
virtualisation =
{ pkgs, ... }:
mkIf cfg.enable {
virtualisation.podman = {
enable = true;
extraPackages = [ pkgs.slirp4netns ];
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
virtualisation.oci-containers.backend = "podman";
virtualisation.virtualbox.host.enable = false;
users.extraGroups.vboxusers.members = [ cfg.username ];
};
};
rt-audio =
{ pkgs, ... }:
mkIf cfg.enable {
services.pipewire.lowLatency = {
# enable this module
enable = true;
extraPackages = [ pkgs.slirp4netns ];
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
# defaults (no need to be set unless modified)
quantum = 32;
rate = 44100;
};
security.rtkit.enable = true;
virtualisation.oci-containers.backend = "podman";
virtualisation.virtualbox.host.enable = false;
users.extraGroups.vboxusers.members = [ cfg.username ];
# Real time configurations
boot.kernel.sysctl = {
"vm.swappiness" = 10;
"fs.inotify.max_user_watches" = 524288;
};
security.pam.loginLimits = [
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "90";
}
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
];
};
};
rt-audio = { pkgs, ... }: mkIf cfg.enable {
services.pipewire.lowLatency = {
# enable this module
enable = true;
# defaults (no need to be set unless modified)
quantum = 32;
rate = 44100;
};
security.rtkit.enable = true;
# Real time configurations
boot.kernel.sysctl = {
"vm.swappiness" = 10;
"fs.inotify.max_user_watches" = 524288;
};
security.pam.loginLimits = [
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "90";
}
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
];
};
in
{
imports = with modules; [
@ -155,23 +184,30 @@ in
dnsServers = mkOption {
type = types.listOf types.str;
description = "DNS server list";
default = [ "1.1.1.1" "2606:4700:4700:1111" ];
default = [
"1.1.1.1"
"2606:4700:4700:1111"
];
};
networks = mkOption {
type = types.attrsOf (types.submodule {
options.match = mkOption {
type = types.str;
description = "The interface name to match";
};
options.isRequired = mkOption {
type = types.bool;
description = "Require this interface to be connected for network-online.target";
default = false;
};
});
type = types.attrsOf (
types.submodule {
options.match = mkOption {
type = types.str;
description = "The interface name to match";
};
options.isRequired = mkOption {
type = types.bool;
description = "Require this interface to be connected for network-online.target";
default = false;
};
}
);
description = "Network configuration";
default = {
default = { match = "*"; };
default = {
match = "*";
};
};
};
};
@ -196,18 +232,16 @@ in
};
boot.initrd.systemd.enable = builtins.length (builtins.attrNames (cfg.luksDevices)) > 0;
# LUKS devices
boot.initrd.luks.devices = builtins.mapAttrs
(name: path: {
device = path;
preLVM = true;
allowDiscards = true;
boot.initrd.luks.devices = builtins.mapAttrs (name: path: {
device = path;
preLVM = true;
allowDiscards = true;
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
];
})
cfg.luksDevices;
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
];
}) cfg.luksDevices;
## Hardware-related
@ -251,7 +285,10 @@ in
];
shell = pkgs.fish;
};
nix.settings.trusted-users = [ "root" cfg.username ];
nix.settings.trusted-users = [
"root"
cfg.username
];
## Network configuration
systemd.network.enable = true;
@ -262,13 +299,11 @@ in
networking.hostName = cfg.networking.hostname;
networking.wireless.iwd.enable = true;
networking.wireless.iwd.settings.General.EnableNetworkConfiguration = true;
systemd.network.networks = builtins.mapAttrs
(name: cfg: {
matchConfig.Name = cfg.match;
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = if cfg.isRequired then "yes" else "no";
})
cfg.networking.networks;
systemd.network.networks = builtins.mapAttrs (name: cfg: {
matchConfig.Name = cfg.match;
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = if cfg.isRequired then "yes" else "no";
}) cfg.networking.networks;
# Leave DNS to systemd-resolved
services.resolved.enable = true;
services.resolved.domains = cfg.networking.dnsServers;
@ -285,19 +320,26 @@ in
console.keyMap = "jp106"; # Console key layout
i18n.defaultLocale = "ja_JP.UTF-8";
# Input methods (only fcitx5 works reliably on Wayland)
i18n.inputMethod = {
fcitx5.waylandFrontend = true;
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-unikey
fcitx5-gtk
];
} // (if config.system.nixos.release == "24.05" then {
enabled = "fcitx5";
} else {
enable = true;
type = "fcitx5";
});
i18n.inputMethod =
{
fcitx5.waylandFrontend = true;
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-unikey
fcitx5-gtk
];
}
// (
if config.system.nixos.release == "24.05" then
{
enabled = "fcitx5";
}
else
{
enable = true;
type = "fcitx5";
}
);
# Default packages
environment.systemPackages = with pkgs; [
@ -335,7 +377,10 @@ in
programs.gamescope = {
enable = true;
# capSysNice = true; # https://github.com/NixOS/nixpkgs/issues/351516
args = [ "--adaptive-sync" "--rt" ];
args = [
"--adaptive-sync"
"--rt"
];
};
## Services
@ -353,11 +398,22 @@ in
wlr.enable = true;
xdgOpenUsePortal = true;
# gtk portal needed to make gtk apps happy
extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde pkgs.xdg-desktop-portal-gtk ];
extraPortals = [
pkgs.kdePackages.xdg-desktop-portal-kde
pkgs.xdg-desktop-portal-gtk
];
config.sway.default = [ "wlr" "kde" "kwallet" ];
config.sway.default = [
"wlr"
"kde"
"kwallet"
];
config.niri = {
default = [ "kde" "gnome" "gtk" ];
default = [
"kde"
"gnome"
"gtk"
];
# "org.freedesktop.impl.portal.Access" = "gtk";
# "org.freedesktop.impl.portal.Notification" = "gtk";
"org.freedesktop.impl.portal.ScreenCast" = "gnome";

136
modules/my-tinc/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -36,72 +41,89 @@ in
};
};
config = mkIf cfg.enable (builtins.seq
(mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (builtins.abort "one of the keys must be defined"))
(
let
networkName = "my-tinc";
config = mkIf cfg.enable (
builtins.seq
(mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (
builtins.abort "one of the keys must be defined"
))
(
let
networkName = "my-tinc";
myHost = builtins.getAttr cfg.hostName hosts;
myMeshIp = myHost.subnetAddr;
in
{
# Scripts that set up the tinc services
environment.etc = {
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
#!${pkgs.stdenv.shell}
${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0
'';
"tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" ''
#!${pkgs.stdenv.shell}
/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
'';
};
myHost = builtins.getAttr cfg.hostName hosts;
myMeshIp = myHost.subnetAddr;
in
{
# Scripts that set up the tinc services
environment.etc = {
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
#!${pkgs.stdenv.shell}
${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0
'';
"tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" ''
#!${pkgs.stdenv.shell}
/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
'';
};
# Allow the tinc service to call ifconfig without sudo password.
security.sudo.extraRules = [
{
users = [ "tinc.${networkName}" ];
commands = [
# Allow the tinc service to call ifconfig without sudo password.
security.sudo.extraRules = [
{
users = [ "tinc.${networkName}" ];
commands = [
{
command = "${pkgs.nettools}/bin/ifconfig";
options = [ "NOPASSWD" ];
}
];
}
];
# simple interface setup
# ----------------------
networking.interfaces."tinc.${networkName}".ipv4.addresses = [
{
address = myMeshIp;
prefixLength = 24;
}
];
# firewall
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.interfaces."tinc.${networkName}" = {
allowedUDPPortRanges = [
{
command = "${pkgs.nettools}/bin/ifconfig";
options = [ "NOPASSWD" ];
from = 0;
to = 65535;
}
];
}
];
allowedTCPPortRanges = [
{
from = 0;
to = 65535;
}
];
};
# simple interface setup
# ----------------------
networking.interfaces."tinc.${networkName}".ipv4.addresses = [{ address = myMeshIp; prefixLength = 24; }];
# configure tinc service
# ----------------------
services.tinc.networks."${networkName}" = {
# firewall
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.interfaces."tinc.${networkName}" = {
allowedUDPPortRanges = [{ from = 0; to = 65535; }];
allowedTCPPortRanges = [{ from = 0; to = 65535; }];
};
name = cfg.hostName; # who are we in this network.
debugLevel = 3; # the debug level for journal -u tinc.private
chroot = false; # otherwise addresses can't be a DNS
interfaceType = "tap"; # tun might also work.
# configure tinc service
# ----------------------
services.tinc.networks."${networkName}" = {
bindToAddress = "* ${toString cfg.bindPort}";
name = cfg.hostName; # who are we in this network.
ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
rsaPrivateKeyFile = cfg.rsaPrivateKey;
debugLevel = 3; # the debug level for journal -u tinc.private
chroot = false; # otherwise addresses can't be a DNS
interfaceType = "tap"; # tun might also work.
bindToAddress = "* ${toString cfg.bindPort}";
ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
rsaPrivateKeyFile = cfg.rsaPrivateKey;
settings.ExperimentalProtocol = "yes";
};
}
)
settings.ExperimentalProtocol = "yes";
};
}
)
);
}

43
modules/my-tinc/hosts.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -6,30 +11,34 @@ let
cfg = config.services.my-tinc;
mapAttrs = f: attrs: builtins.listToAttrs (
map (name: { inherit name; value = f name (builtins.getAttr name attrs); }) (builtins.attrNames attrs)
);
mapAttrs =
f: attrs:
builtins.listToAttrs (
map (name: {
inherit name;
value = f name (builtins.getAttr name attrs);
}) (builtins.attrNames attrs)
);
in
{
config = mkIf cfg.enable {
# All hosts we know of
services.tinc.networks.my-tinc.hostSettings = mapAttrs
(name: host: {
addresses = if (host ? address) then [{ address = host.address; }] else [ ];
subnets = [{ address = host.subnetAddr; }];
rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey;
settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey;
})
hosts;
services.tinc.networks.my-tinc.hostSettings = mapAttrs (name: host: {
addresses = if (host ? address) then [ { address = host.address; } ] else [ ];
subnets = [ { address = host.subnetAddr; } ];
rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey;
settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey;
}) hosts;
# Add all of them to host
nki.services.edns = {
enable = true;
cloaking-rules =
(lib.attrsets.mapAttrs'
(name: host: { name = "${name}.tinc"; value = host.subnetAddr; })
hosts)
;
cloaking-rules = (
lib.attrsets.mapAttrs' (name: host: {
name = "${name}.tinc";
value = host.subnetAddr;
}) hosts
);
};
};
}

121
modules/personal/fonts/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
let
@ -11,46 +16,76 @@ in
{
imports = [ ./mounting.nix ];
# Fonts
config.fonts = {
packages = with pkgs; mkForce [
noto-fonts-emoji-blob-bin
ibm-plex
nerd-fonts
noto-fonts
(pkgs.noto-fonts-cjk-sans or pkgs.noto-fonts-cjk)
merriweather
corefonts
font-awesome
hack-font # for Plasma
];
} // (if pkgs.stdenv.isLinux then {
enableDefaultPackages = false;
fontconfig = {
defaultFonts = {
emoji = lib.mkBefore [ "Blobmoji" ];
serif = lib.mkBefore [ "IBM Plex Serif" "IBM Plex Sans JP" "IBM Plex Sans KR" "Blobmoji" ];
sansSerif = lib.mkBefore [ "IBM Plex Sans" "IBM Plex Sans JP" "IBM Plex Sans KR" "Blobmoji" ];
monospace = lib.mkBefore [ "IBM Plex Mono" "Font Awesome 6 Free" "Symbols Nerd Font" "Blobmoji" "IBM Plex Sans JP" ];
};
localConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
<fontconfig>
<alias binding="same">
<family>system-ui</family>
<prefer>
<family>IBM Plex Sans</family>
<family>IBM Plex Sans JP</family>
<family>IBM Plex Sans KR</family>
<family>Blobmoji</family>
</prefer>
</alias>
</fontconfig>
'';
};
fontDir.enable = true;
} else { }) // (if pkgs.stdenv.isDarwin then {
fontDir.enable = true;
} else { });
config.fonts =
{
packages =
with pkgs;
mkForce [
noto-fonts-emoji-blob-bin
ibm-plex
nerd-fonts
noto-fonts
(pkgs.noto-fonts-cjk-sans or pkgs.noto-fonts-cjk)
merriweather
corefonts
font-awesome
hack-font # for Plasma
];
}
// (
if pkgs.stdenv.isLinux then
{
enableDefaultPackages = false;
fontconfig = {
defaultFonts = {
emoji = lib.mkBefore [ "Blobmoji" ];
serif = lib.mkBefore [
"IBM Plex Serif"
"IBM Plex Sans JP"
"IBM Plex Sans KR"
"Blobmoji"
];
sansSerif = lib.mkBefore [
"IBM Plex Sans"
"IBM Plex Sans JP"
"IBM Plex Sans KR"
"Blobmoji"
];
monospace = lib.mkBefore [
"IBM Plex Mono"
"Font Awesome 6 Free"
"Symbols Nerd Font"
"Blobmoji"
"IBM Plex Sans JP"
];
};
localConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
<fontconfig>
<alias binding="same">
<family>system-ui</family>
<prefer>
<family>IBM Plex Sans</family>
<family>IBM Plex Sans JP</family>
<family>IBM Plex Sans KR</family>
<family>Blobmoji</family>
</prefer>
</alias>
</fontconfig>
'';
};
fontDir.enable = true;
}
else
{ }
)
// (
if pkgs.stdenv.isDarwin then
{
fontDir.enable = true;
}
else
{ }
);
}

13
modules/personal/fonts/mounting.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
lib.mkIf pkgs.stdenv.isLinux {
system.fsPackages = [ pkgs.bindfs ];
fileSystems =
@ -6,7 +11,11 @@ lib.mkIf pkgs.stdenv.isLinux {
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
options = [
"ro"
"resolve-symlinks"
"x-gvfs-hide"
];
};
aggregatedIcons = pkgs.buildEnv {
name = "system-icons";

7
modules/personal/u2f.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let

28
modules/services/edns/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -34,7 +39,10 @@ in
# Sources
sources.public_resolvers = {
urls = [ "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ];
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public_resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
@ -44,14 +52,22 @@ in
# Anonymized DNS
anonymized_dns.routes = [
{ server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; }
{
server_name = "*";
via = [
"anon-plan9-dns"
"anon-v.dnscrypt.up-ipv4"
];
}
];
anonymized_dns.skip_incompatible = true;
# Cloaking rules
cloaking_rules = pkgs.writeText "cloaking_rules.txt" (lib.strings.concatStringsSep
"\n"
(lib.attrsets.mapAttrsToList (name: ip: "${name} ${ip}") cfg.cloaking-rules));
cloaking_rules = pkgs.writeText "cloaking_rules.txt" (
lib.strings.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: ip: "${name} ${ip}") cfg.cloaking-rules
)
);
};
};
};

16
modules/services/nix-build-farm/default.nix
View file

@ -40,20 +40,24 @@ in
in
{
nix.distributedBuilds = true;
nix.buildMachines = lib.mapAttrsToList
(name: host: {
nix.buildMachines = lib.mapAttrsToList (
name: host:
{
hostName = host.host;
sshUser = build-user;
sshKey = cfg.privateKeyFile;
} // host.builder)
otherBuilders;
}
// host.builder
) otherBuilders;
users = mkIf (isBuilder host) {
users.${build-user} = {
description = "Nix build farm user";
group = build-user;
isNormalUser = true;
openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}'') otherHosts;
openssh.authorizedKeys.keys = lib.mapAttrsToList (
_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}''
) otherHosts;
};
groups.${build-user} = { };
};
@ -62,5 +66,3 @@ in
}
);
}

24
modules/services/nix-build-farm/hosts.nix
View file

@ -10,10 +10,18 @@
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUhiVTh2NlNBa0kyOTBCc1QzVG1IRVVJQWdXcVFyNm9jRmpjakRRczRoT2ggcm9vdEBrYWdhbWlQQwo=";
systems = [ "x86_64-linux" "aarch64-linux" ];
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
};
};
@ -28,10 +36,18 @@
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdOUlBCVFRkNTVVMXY1U1Jac0FjYVdhS3JGZTY0ZjIxOVViODVTQ2NWd28gcm9vdEBua2ktZnJhbWV3b3JrCg==";
systems = [ "x86_64-linux" "aarch64-linux" ];
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 16;
speedFactor = 3;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
};
};
}

16
modules/services/nix-cache/default.nix
View file

@ -1,6 +1,18 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with { inherit (lib) mkEnableOption mkOption types mkIf; };
with {
inherit (lib)
mkEnableOption
mkOption
types
mkIf
;
};
let
cfg = config.nki.services.nix-cache;

7
modules/services/swaylock.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.services.swaylock;

34
nki-framework/configuration.nix
View file

@ -2,26 +2,32 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Wireless card
./wireless.nix
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Wireless card
./wireless.nix
];
# Sops
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
sops.secrets."nix-build-farm/private-key" = {
mode = "0400";
};
services.nix-build-farm.hostname = "framework";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
@ -94,7 +100,6 @@
bindPort = 6565;
};
# Secrets
# sops.defaultSopsFile = ./secrets.yaml;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -129,4 +134,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

80
nki-framework/hardware-configuration.nix
View file

@ -1,15 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelParams = [
@ -18,12 +29,14 @@
"resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs";
options = [
"subvol=root"
"compress=zstd"
];
};
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
@ -31,28 +44,35 @@
common.linux.luksDevices."cryptroot" = "/dev/disk/by-uuid/94226aae-6d1c-401a-bfad-3aa5f371a365";
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs";
options = [
"subvol=home"
"compress=zstd"
];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs";
options = [
"subvol=nix"
"compress=zstd"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/6A0E-4D23";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6A0E-4D23";
fsType = "vfat";
};
swapDevices = [
{ device = "/var/swapfile"; size = 32 * 1024; priority = 10; }
{
device = "/var/swapfile";
size = 32 * 1024;
priority = 10;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

3
nki-framework/wireless.nix
View file

@ -1,4 +1,5 @@
{ pkgs, lib, ... }: {
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [ iw ];
# Disable power_save on boot
services.udev.packages = [

8
nki-home/audio/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
environment.etc = {
"wireplumber/wireplumber.conf.d/51-sdac.conf".source = ./sdac.conf.json;
};

133
nki-home/configuration.nix
View file

@ -2,33 +2,39 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
with lib;
let
openrazer = { pkgs, ... }: {
# Razer stuff
hardware.openrazer = {
enable = true;
users = [ "nki" ];
openrazer =
{ pkgs, ... }:
{
# Razer stuff
hardware.openrazer = {
enable = true;
users = [ "nki" ];
};
environment.systemPackages = with pkgs; [ polychromatic ];
};
environment.systemPackages = with pkgs; [ polychromatic ];
};
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Other services
../modules/personal/u2f.nix
./peertube-runner.nix
openrazer
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Other services
../modules/personal/u2f.nix
./peertube-runner.nix
openrazer
];
# Kernel
boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable;
@ -43,35 +49,48 @@ in
common.linux.sops.file = ./secrets.yaml;
# Nix cache server
sops.secrets."nix-cache/private-key" = { owner = "harmonia"; group = "harmonia"; mode = "0600"; };
sops.secrets."nix-cache/private-key" = {
owner = "harmonia";
group = "harmonia";
mode = "0600";
};
nki.services.nix-cache = {
enableServer = true;
privateKeyFile = config.sops.secrets."nix-cache/private-key".path;
};
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
sops.secrets."nix-build-farm/private-key" = {
mode = "0400";
};
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Networking
common.linux.networking =
{
hostname = "kagamiPC"; # Define your hostname.
networks = {
"10-wired" = {
match = "enp*";
isRequired = true;
};
"20-wireless".match = "wlan*";
common.linux.networking = {
hostname = "kagamiPC"; # Define your hostname.
networks = {
"10-wired" = {
match = "enp*";
isRequired = true;
};
dnsServers = [ "127.0.0.1" ];
"20-wireless".match = "wlan*";
};
dnsServers = [ "127.0.0.1" ];
};
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
## DTTH Wireguard
#
sops.secrets."dtth-wg/private-key" = { owner = "root"; group = "systemd-network"; mode = "0640"; };
sops.secrets."dtth-wg/preshared-key" = { owner = "root"; group = "systemd-network"; mode = "0640"; };
sops.secrets."dtth-wg/private-key" = {
owner = "root";
group = "systemd-network";
mode = "0640";
};
sops.secrets."dtth-wg/preshared-key" = {
owner = "root";
group = "systemd-network";
mode = "0640";
};
systemd.network.netdevs."10-dtth-wg" = {
netdevConfig = {
Kind = "wireguard";
@ -81,25 +100,36 @@ in
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path;
};
wireguardPeers = [{
PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ];
Endpoint = "vpn.dtth.ch:51820";
PersistentKeepalive = 25;
}];
wireguardPeers = [
{
PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
AllowedIPs = [
"100.64.0.0/10"
"fd00::/106"
];
Endpoint = "vpn.dtth.ch:51820";
PersistentKeepalive = 25;
}
];
};
systemd.network.networks."dtth-wg" = {
matchConfig.Name = "dtth-wg";
address = [ "100.73.146.80/32" "fd00::33:105b/128" ];
address = [
"100.73.146.80/32"
"fd00::33:105b/128"
];
DHCP = "no";
routes = [
{ Destination = "100.64.0.0/10"; Scope = "link"; }
{
Destination = "100.64.0.0/10";
Scope = "link";
}
{ Destination = "fd00::/106"; }
];
};
# Define a user account.
# Define a user account.
common.linux.username = "nki";
services.getty.autologinUser = "nki";
@ -117,7 +147,11 @@ in
ntfsMount = path: {
device = path;
fsType = "ntfs";
options = [ "rw" "uid=${toString config.users.users.nki.uid}" "nofail" ];
options = [
"rw"
"uid=${toString config.users.users.nki.uid}"
"nofail"
];
};
in
{
@ -149,7 +183,6 @@ in
bindPort = 6565;
};
# Music server
services.navidrome.enable = true;
services.navidrome.settings = {
@ -157,7 +190,10 @@ in
MusicFolder = "/mnt/Stuff/Music";
};
systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = lib.mkAfter [ "/etc" ];
networking.firewall.allowedTCPPorts = [ 4533 8000 ];
networking.firewall.allowedTCPPorts = [
4533
8000
];
# Printers
services.printing.enable = true;
@ -201,4 +237,3 @@ in
virtualisation.spiceUSBRedirection.enable = true;
}

68
nki-home/hardware-configuration.nix
View file

@ -1,42 +1,57 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
./audio
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./audio
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [
"dm-snapshot"
"amdgpu"
];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/32a74827-4624-43ef-b066-b52e1f11793d";
fsType = "ext4";
};
fileSystems."/home/nki/Projects" =
{
device = "/dev/disk/by-uuid/025cb533-e21b-47f2-b7d5-322b7b95b831";
fsType = "btrfs";
options = [ "compress=zstd" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/32a74827-4624-43ef-b066-b52e1f11793d";
fsType = "ext4";
};
fileSystems."/home/nki/Projects" = {
device = "/dev/disk/by-uuid/025cb533-e21b-47f2-b7d5-322b7b95b831";
fsType = "btrfs";
options = [ "compress=zstd" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/549C-7877";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/549C-7877";
fsType = "vfat";
};
fileSystems."/mnt/steam" = {
device = "/dev/disk/by-uuid/d1db9f65-6add-4714-b9d7-16e16f687396";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=steam" ];
options = [
"compress=zstd"
"subvol=steam"
];
encrypted = {
enable = true;
label = "encdata";
@ -45,8 +60,7 @@
};
};
swapDevices =
[{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; } ];
# bluetooth usb
hardware.firmware = [ pkgs.rtl8761b-firmware ];

44
nki-home/peertube-runner.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
user = "peertube-runner-nodejs";
instance = "systemd-instance";
@ -27,8 +32,8 @@ in
runnerName = "kagamipc"
'';
environment.etc."${user}/${instance}/config.toml".source = config.sops.templates."peertube-config.toml".path;
environment.etc."${user}/${instance}/config.toml".source =
config.sops.templates."peertube-config.toml".path;
systemd.services.peertube-runner = {
description = "PeerTube runner daemon";
@ -36,20 +41,19 @@ in
after = [ "network.target" ];
requires = [ ];
serviceConfig =
{
ExecStart = "${lib.getExe' pkgs.peertube.runner "peertube-runner"} server --id ${instance}";
User = user;
RuntimeDirectory = user;
StateDirectory = user;
CacheDirectory = user;
# Hardening
ProtectSystem = "full";
PrivateDevices = false;
NoNewPrivileges = true;
ProtectHome = true;
CapabilityBoundingSet = "~CAP_SYS_ADMIN";
};
serviceConfig = {
ExecStart = "${lib.getExe' pkgs.peertube.runner "peertube-runner"} server --id ${instance}";
User = user;
RuntimeDirectory = user;
StateDirectory = user;
CacheDirectory = user;
# Hardening
ProtectSystem = "full";
PrivateDevices = false;
NoNewPrivileges = true;
ProtectHome = true;
CapabilityBoundingSet = "~CAP_SYS_ADMIN";
};
environment = {
NODE_ENV = "production";
@ -61,7 +65,9 @@ in
XDG_STATE_HOME = "/var/lib";
};
path = with pkgs; [ nodejs ffmpeg ];
path = with pkgs; [
nodejs
ffmpeg
];
};
}

66
nki-personal-do/configuration.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
@ -88,13 +94,19 @@
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
sops.secrets."nix-build-farm/private-key" = {
mode = "0400";
};
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Set up traefik
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
sops.secrets.cloudflare-dns-api-token = {
owner = "traefik";
};
sops.secrets.traefik-dashboard-users = {
owner = "traefik";
};
cloud.traefik.cloudflareKeyFile = config.sops.secrets.cloudflare-dns-api-token.path;
cloud.traefik.dashboard = {
enable = true;
@ -108,9 +120,19 @@
settings.HOST = "127.0.0.1";
settings.PORT = "16904";
};
cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; noCloudflare = true; };
cloud.traefik.hosts.uptime-kuma-dtth = { host = "status.dtth.ch"; port = 16904; };
cloud.traefik.hosts.uptime-kuma-codefun = { host = "status.codefun.vn"; port = 16904; };
cloud.traefik.hosts.uptime-kuma = {
host = "status.nkagami.me";
port = 16904;
noCloudflare = true;
};
cloud.traefik.hosts.uptime-kuma-dtth = {
host = "status.dtth.ch";
port = 16904;
};
cloud.traefik.hosts.uptime-kuma-codefun = {
host = "status.codefun.vn";
port = 16904;
};
# Bitwarden
sops.secrets.vaultwarden-env = { };
@ -120,7 +142,9 @@
virtualisation.arion.backend = "docker";
# Conduit
sops.secrets.heisenbridge = { owner = "heisenbridge"; };
sops.secrets.heisenbridge = {
owner = "heisenbridge";
};
cloud.conduit.enable = true;
cloud.conduit.instances = {
"nkagami" = {
@ -155,7 +179,10 @@
};
# Mail
sops.secrets.mail-users = { owner = "maddy"; reloadUnits = [ "maddy.service" ]; };
sops.secrets.mail-users = {
owner = "maddy";
reloadUnits = [ "maddy.service" ];
};
cloud.mail = {
enable = true;
debug = true;
@ -177,7 +204,10 @@
sops.secrets.authentik-env = { };
cloud.authentik.enable = true;
cloud.authentik.envFile = config.sops.secrets.authentik-env.path;
cloud.traefik.hosts.authentik = { host = "auth.dtth.ch"; port = config.cloud.authentik.port; };
cloud.traefik.hosts.authentik = {
host = "auth.dtth.ch";
port = config.cloud.authentik.port;
};
# Firezone
sops.secrets.firezone-env = { };
@ -197,14 +227,18 @@
};
# GoToSocial
sops.secrets.gts-env = { restartUnits = [ "gotosocial.service" ]; };
sops.secrets.gts-env = {
restartUnits = [ "gotosocial.service" ];
};
cloud.gotosocial = {
enable = true;
envFile = config.sops.secrets.gts-env.path;
};
# Grist
sops.secrets."grist/env" = { restartUnits = [ "arion-grist.service" ]; };
sops.secrets."grist/env" = {
restartUnits = [ "arion-grist.service" ];
};
cloud.grist = {
enable = true;
envFile = config.sops.secrets."grist/env".path;
@ -212,9 +246,12 @@
dataDir = "/mnt/data/grist";
};
# ntfy
cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; };
cloud.traefik.hosts.ntfy-sh = {
host = "ntfy.nkagami.me";
port = 11161;
noCloudflare = true;
};
services.ntfy-sh = {
enable = true;
settings = {
@ -238,4 +275,3 @@
mkdir -p /var/lib/ntfy-sh/attachments
'';
}

38
nki-personal-do/gitea.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
user = "gitea";
@ -126,7 +131,11 @@ in
};
repository = {
DEFAULT_PRIVATE = "private";
PREFERRED_LICENSES = strings.concatStringsSep "," [ "AGPL-3.0-or-later" "GPL-3.0-or-later" "Apache-2.0" ];
PREFERRED_LICENSES = strings.concatStringsSep "," [
"AGPL-3.0-or-later"
"GPL-3.0-or-later"
"Apache-2.0"
];
# DISABLE_HTTP_GIT = true;
DEFAULT_BRANCH = "master";
ENABLE_PUSH_CREATE_USER = true;
@ -216,18 +225,17 @@ in
environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg";
# https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
preStart =
''
# Import the signing subkey
if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
echo "Keys already imported"
# imported
else
echo "Import your keys!"
${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
echo "trusted-key ${signingKey}" >> ${config.services.forgejo.stateDir}/.gnupg/gpg.conf
exit 1
fi
'';
preStart = ''
# Import the signing subkey
if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
echo "Keys already imported"
# imported
else
echo "Import your keys!"
${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
echo "trusted-key ${signingKey}" >> ${config.services.forgejo.stateDir}/.gnupg/gpg.conf
exit 1
fi
'';
};
}

29
nki-personal-do/grist.nix
View file

@ -1,11 +1,15 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.cloud.grist;
mkImage =
{ imageName, imageDigest, ... }: "${imageName}@${imageDigest}";
mkImage = { imageName, imageDigest, ... }: "${imageName}@${imageDigest}";
# If we can pullImage we can just do
# mkImage = pkgs.dockerTools.pullImage;
@ -24,7 +28,12 @@ let
};
};
defaultEnv = {
GRIST_HIDE_UI_ELEMENTS = lib.concatStringsSep "," [ "helpCenter" "billing" "multiAccounts" "supportGrist" ];
GRIST_HIDE_UI_ELEMENTS = lib.concatStringsSep "," [
"helpCenter"
"billing"
"multiAccounts"
"supportGrist"
];
GRIST_PAGE_TITLE_SUFFIX = " - DTTH Grist";
GRIST_FORCE_LOGIN = "true";
GRIST_WIDGET_LIST_URL = "https://github.com/gristlabs/grist-widget/releases/download/latest/manifest.json";
@ -60,7 +69,11 @@ in
allowedWebhookDomains = mkOption {
type = types.listOf types.str;
description = "List of domains to be allowed in webhooks";
default = [ "dtth.ch" "nkagami.me" "discord.com" ];
default = [
"dtth.ch"
"nkagami.me"
"discord.com"
];
};
defaultEmail = mkOption {
type = types.str;
@ -105,7 +118,10 @@ in
command = "--save 60 1 --loglevel warning";
restart = "unless-stopped";
healthcheck = {
test = [ "CMD-SHELL" "valkey-cli ping | grep PONG" ];
test = [
"CMD-SHELL"
"valkey-cli ping | grep PONG"
];
start_period = "20s";
interval = "30s";
retries = 5;
@ -124,4 +140,3 @@ in
};
};
}

20
nki-personal-do/hardware-configuration.nix
View file

@ -2,11 +2,25 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
# swap
swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }];
swapDevices = [
{
device = "/var/swapfile";
size = 4 * 1024;
priority = 1024;
}
];
zramSwap.enable = true;
# volumes
services.btrfs.autoScrub.enable = true;

26
nki-personal-do/headscale.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
secrets = config.sops.secrets;
@ -7,9 +12,14 @@ let
webuiPort = 19877;
in
rec {
sops.secrets."headscale/client_secret" = { owner = "headscale"; };
sops.secrets."headscale/client_secret" = {
owner = "headscale";
};
sops.secrets."headscale/webui-env" = { };
sops.secrets."headscale/derp-servers/vnm" = { owner = "headscale"; name = "headscale/derp-servers/vnm.yaml"; };
sops.secrets."headscale/derp-servers/vnm" = {
owner = "headscale";
name = "headscale/derp-servers/vnm.yaml";
};
# database
cloud.postgresql.databases = [ "headscale" ];
# traefik
@ -27,8 +37,14 @@ rec {
noCloudflare = true;
};
systemd.services.headscale.requires = [ "postgresql.service" "arion-authentik.service" ];
systemd.services.headscale.after = [ "postgresql.service" "arion-authentik.service" ];
systemd.services.headscale.requires = [
"postgresql.service"
"arion-authentik.service"
];
systemd.services.headscale.after = [
"postgresql.service"
"arion-authentik.service"
];
services.headscale = {
enable = true;
inherit port;

39
nki-personal-do/invidious.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
ipv6-rotator =
let
@ -11,7 +16,14 @@ let
in
pkgs.writeShellApplication {
name = "smart-ipv6-rotator";
runtimeInputs = [ (pkgs.python3.withPackages (p: with p; [ pyroute2 requests ])) ];
runtimeInputs = [
(pkgs.python3.withPackages (
p: with p; [
pyroute2
requests
]
))
];
text = ''
if [ -z "$IPV6_ROTATOR_RANGE" ]; then
echo "Range required"
@ -22,10 +34,17 @@ let
};
in
{
sops.secrets."invidious" = { mode = "0444"; };
sops.secrets."invidious-rotator-env" = { mode = "0444"; };
sops.secrets."invidious" = {
mode = "0444";
};
sops.secrets."invidious-rotator-env" = {
mode = "0444";
};
cloud.postgresql.databases = [ "invidious" ];
cloud.traefik.hosts.invidious = { host = "invi.dtth.ch"; port = 61191; };
cloud.traefik.hosts.invidious = {
host = "invi.dtth.ch";
port = 61191;
};
services.invidious = {
enable = true;
domain = "invi.dtth.ch";
@ -54,8 +73,13 @@ in
};
systemd.timers.smart-ipv6-rotator = {
description = "Rotate ipv6 routes to Google";
timerConfig = { OnCalendar = "*-*-* 00,06,12,18:00:00"; };
wantedBy = [ "invidious.service" "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 00,06,12,18:00:00";
};
wantedBy = [
"invidious.service"
"timers.target"
];
unitConfig = { };
};
systemd.services.smart-ipv6-rotator = {
@ -68,4 +92,3 @@ in
};
};
}

24
nki-personal-do/miniflux.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
user = "miniflux";
@ -42,7 +47,10 @@ in
systemd.services.miniflux = {
description = "Miniflux service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ];
after = [
"network.target"
"postgresql.service"
];
requires = [ "postgresql.service" ];
serviceConfig = {
@ -72,16 +80,22 @@ in
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" ];
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
environment = configEnv;
};
}

11
nki-personal-do/n8n.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
secrets = config.sops.secrets;
@ -12,7 +17,9 @@ let
plugins = pkgs.callPackage ./n8n/plugins/package.nix { };
in
{
sops.secrets."n8n/env" = { reloadUnits = [ "n8n.service" ]; };
sops.secrets."n8n/env" = {
reloadUnits = [ "n8n.service" ];
};
cloud.postgresql.databases = [ db ];
cloud.traefik.hosts.n8n = {
inherit port host;

3
nki-personal-do/n8n/plugins/package.nix
View file

@ -1,4 +1,5 @@
{ nodejs, importNpmLock }: importNpmLock.buildNodeModules {
{ nodejs, importNpmLock }:
importNpmLock.buildNodeModules {
inherit nodejs;
npmRoot = ./.;
}

20
nki-personal-do/outline.nix
View file

@ -1,7 +1,14 @@
{ config, pkgs, ... }: {
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
sops.secrets."outline/s3-secret-key" = { owner = "outline"; };
{ config, pkgs, ... }:
{
sops.secrets.authentik-oidc-client-secret = {
owner = "outline";
};
sops.secrets."outline/smtp-password" = {
owner = "outline";
};
sops.secrets."outline/s3-secret-key" = {
owner = "outline";
};
services.outline = {
enable = true;
@ -52,5 +59,8 @@
AWS_S3_R2 = "true";
AWS_S3_R2_PUBLIC_URL = "https://s3.wiki.dtth.ch";
};
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
cloud.traefik.hosts.outline = {
host = "wiki.dtth.ch";
port = 18729;
};
}

7
nki-personal-do/owncast.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
host = "owncast.nkagami.me";
port = 61347;

27
nki-personal-do/peertube.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
secrets = config.sops.secrets;
cfg = config.services.peertube;
@ -9,8 +14,14 @@ let
port = 19878;
in
{
sops.secrets."peertube" = { owner = cfg.user; restartUnits = [ "peertube.service" ]; };
sops.secrets."peertube-env" = { owner = cfg.user; restartUnits = [ "peertube.service" ]; };
sops.secrets."peertube" = {
owner = cfg.user;
restartUnits = [ "peertube.service" ];
};
sops.secrets."peertube-env" = {
owner = cfg.user;
restartUnits = [ "peertube.service" ];
};
# database
cloud.postgresql.databases = [ "peertube" ];
# traefik
@ -61,7 +72,9 @@ in
};
# Trust proxy
settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;
settings.trust_proxy = [
"loopback"
] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;
# Federation
settings.federation = {
@ -70,7 +83,10 @@ in
videos.cleanup_remote_interactions = true;
};
dataDirs = [ "/var/lib/peertube" "/mnt/data/peertube" ];
dataDirs = [
"/var/lib/peertube"
"/mnt/data/peertube"
];
};
systemd.services.peertube = {
@ -90,4 +106,3 @@ in
};
};
}

18
nki-personal-do/phanpy.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
host = "social.dtth.ch";
port = 61010;
@ -6,11 +11,12 @@ in
{
cloud.traefik.hosts.phanpy = { inherit host port; };
services.nginx.virtualHosts.phanpy = {
listen = [{
inherit port;
addr = "127.0.0.1";
}];
listen = [
{
inherit port;
addr = "127.0.0.1";
}
];
root = "${pkgs.dtth-phanpy}/lib/phanpy";
};
}

73
nki-personal-do/synapse.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
port = 61001;
user = "matrix-synapse";
@ -10,7 +15,9 @@ in
{
sops.secrets."matrix-synapse-dtth/oidc-config".owner = user;
sops.secrets."matrix-synapse-dtth/appservice-discord".owner = user;
sops.secrets.matrix-discord-bridge = { mode = "0644"; };
sops.secrets.matrix-discord-bridge = {
mode = "0644";
};
cloud.postgresql.databases = [ user ];
cloud.traefik.hosts.matrix-synapse = {
@ -29,20 +36,33 @@ in
enable = true;
withJemalloc = true;
dataDir = "${config.fileSystems.data.mountPoint}/matrix-synapse-dtth";
extras = [ "systemd" "url-preview" "oidc" "postgres" ];
extras = [
"systemd"
"url-preview"
"oidc"
"postgres"
];
settings = {
server_name = "dtth.ch";
enable_registration = false;
public_baseurl = "https://${host}/";
listeners = [{
inherit port;
x_forwarded = true;
tls = false;
resources = [
{ names = [ "client" "federation" ]; compress = false; }
];
}];
listeners = [
{
inherit port;
x_forwarded = true;
tls = false;
resources = [
{
names = [
"client"
"federation"
];
compress = false;
}
];
}
];
database = {
name = "psycopg2";
args = {
@ -96,25 +116,32 @@ in
};
services.nginx.virtualHosts.synapse-dtth-wellknown = {
listen = [{ addr = "127.0.0.1"; port = port + 1; }];
listen = [
{
addr = "127.0.0.1";
port = port + 1;
}
];
# Check https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md
# for the file structure.
root = pkgs.symlinkJoin
{
name = "well-known-files-for-synapse";
paths = [
(pkgs.writeTextDir ".well-known/matrix/client" (builtins.toJSON {
root = pkgs.symlinkJoin {
name = "well-known-files-for-synapse";
paths = [
(pkgs.writeTextDir ".well-known/matrix/client" (
builtins.toJSON {
"m.homeserver".base_url = "https://${host}";
}))
(pkgs.writeTextDir ".well-known/matrix/server" (builtins.toJSON {
}
))
(pkgs.writeTextDir ".well-known/matrix/server" (
builtins.toJSON {
"m.server" = "${host}:443";
}))
];
};
}
))
];
};
# Enable CORS from anywhere since we want all clients to find us out
extraConfig = ''
add_header 'Access-Control-Allow-Origin' "*";
'';
};
}

23
nki-personal-do/vikunja.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
secrets = config.sops.secrets;
@ -9,8 +14,12 @@ let
storageMount = "/mnt/data/vikunja";
in
{
sops.secrets."vikunja/env" = { restartUnits = [ "vikunja.service" ]; };
sops.secrets."vikunja/provider-clientsecret" = { restartUnits = [ "vikunja.service" ]; };
sops.secrets."vikunja/env" = {
restartUnits = [ "vikunja.service" ];
};
sops.secrets."vikunja/provider-clientsecret" = {
restartUnits = [ "vikunja.service" ];
};
cloud.postgresql.databases = [ user ];
cloud.traefik.hosts.vikunja = {
inherit port host;
@ -23,7 +32,6 @@ in
};
users.groups."${user}" = { };
services.vikunja = {
inherit port;
enable = true;
@ -81,7 +89,11 @@ in
};
systemd.services.vikunja = {
serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ];
serviceConfig.LoadCredential = [
"VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${
secrets."vikunja/provider-clientsecret".path
}"
];
serviceConfig.User = user;
serviceConfig.DynamicUser = lib.mkForce false;
serviceConfig.ReadWritePaths = [ storageMount ];
@ -96,4 +108,3 @@ in
mode = "0700";
};
}

19
nki-personal-do/writefreely.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
host = "blog.dtth.ch";
@ -11,7 +16,9 @@ in
# traefik
cloud.traefik.hosts.writefreely-dtth = { inherit host port; };
sops.secrets."writefreely-oauth-secret" = { owner = user; };
sops.secrets."writefreely-oauth-secret" = {
owner = user;
};
users.users.${user} = {
isSystemUser = true;
@ -65,16 +72,18 @@ in
tokenEndpoint = "/application/o/token/";
inspectEndpoint = "/application/o/userinfo/";
authEndpoint = "/application/o/authorize/";
scopes = [ "email" "openid" "profile" ];
scopes = [
"email"
"openid"
"profile"
];
mapUserId = "nickname";
mapUsername = "preferred_username";
mapDisplayName = "name";
};
database.type = "sqlite3";
admin.name = "nki";
};
}

276
nki-personal-do/writefreely/module.nix
View file

@ -1,21 +1,36 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
inherit (builtins) toString;
inherit (lib) types mkIf mkOption mkDefault;
inherit (lib) optional optionals optionalAttrs optionalString;
inherit (lib)
types
mkIf
mkOption
mkDefault
;
inherit (lib)
optional
optionals
optionalAttrs
optionalString
;
inherit (pkgs) sqlite;
format = pkgs.formats.ini {
mkKeyValue = key: value:
mkKeyValue =
key: value:
let
value' = lib.optionalString (value != null)
(if builtins.isBool value then
if value == true then "true" else "false"
else
toString value);
in "${key} = ${value'}";
value' = lib.optionalString (value != null) (
if builtins.isBool value then if value == true then "true" else "false" else toString value
);
in
"${key} = ${value'}";
};
cfg = config.nki.services.writefreely;
@ -31,49 +46,58 @@ let
host = cfg.settings.app.host or "${hostProtocol}://${cfg.host}";
};
database = if cfg.database.type == "sqlite3" then {
type = "sqlite3";
filename = cfg.settings.database.filename or "writefreely.db";
database = cfg.database.name;
} else {
type = "mysql";
username = cfg.database.user;
password = "#dbpass#";
database = cfg.database.name;
host = cfg.database.host;
port = cfg.database.port;
tls = cfg.database.tls;
};
database =
if cfg.database.type == "sqlite3" then
{
type = "sqlite3";
filename = cfg.settings.database.filename or "writefreely.db";
database = cfg.database.name;
}
else
{
type = "mysql";
username = cfg.database.user;
password = "#dbpass#";
database = cfg.database.name;
host = cfg.database.host;
port = cfg.database.port;
tls = cfg.database.tls;
};
server = cfg.settings.server or { } // {
bind = cfg.settings.server.bind or "localhost";
gopher_port = cfg.settings.server.gopher_port or 0;
autocert = !cfg.nginx.enable && cfg.acme.enable;
templates_parent_dir =
cfg.settings.server.templates_parent_dir or cfg.package.src;
templates_parent_dir = cfg.settings.server.templates_parent_dir or cfg.package.src;
static_parent_dir = cfg.settings.server.static_parent_dir or assets;
pages_parent_dir =
cfg.settings.server.pages_parent_dir or cfg.package.src;
pages_parent_dir = cfg.settings.server.pages_parent_dir or cfg.package.src;
keys_parent_dir = cfg.settings.server.keys_parent_dir or cfg.stateDir;
};
"oauth.generic" = cfg.settings."oauth.generic" or { } // (if cfg.oauth.enable then {
client_id = cfg.oauth.clientId;
client_secret = "#oauth_client_secret#";
host = cfg.oauth.host;
display_name = cfg.oauth.displayName;
callback_proxy = cfg.oauth.callbackProxy;
callback_proxy_api = cfg.oauth.callbackProxyApi;
token_endpoint = cfg.oauth.tokenEndpoint;
inspect_endpoint = cfg.oauth.inspectEndpoint;
auth_endpoint = cfg.oauth.authEndpoint;
scope = lib.concatStringsSep " " cfg.oauth.scopes;
allow_disconnect = cfg.oauth.allowDisconnect;
map_user_id = cfg.oauth.mapUserId;
map_username = cfg.oauth.mapUsername;
map_display_name = cfg.oauth.mapDisplayName;
map_email = cfg.oauth.mapEmail;
} else { });
"oauth.generic" =
cfg.settings."oauth.generic" or { }
// (
if cfg.oauth.enable then
{
client_id = cfg.oauth.clientId;
client_secret = "#oauth_client_secret#";
host = cfg.oauth.host;
display_name = cfg.oauth.displayName;
callback_proxy = cfg.oauth.callbackProxy;
callback_proxy_api = cfg.oauth.callbackProxyApi;
token_endpoint = cfg.oauth.tokenEndpoint;
inspect_endpoint = cfg.oauth.inspectEndpoint;
auth_endpoint = cfg.oauth.authEndpoint;
scope = lib.concatStringsSep " " cfg.oauth.scopes;
allow_disconnect = cfg.oauth.allowDisconnect;
map_user_id = cfg.oauth.mapUserId;
map_username = cfg.oauth.mapUsername;
map_display_name = cfg.oauth.mapDisplayName;
map_email = cfg.oauth.mapEmail;
}
else
{ }
);
};
configFile = format.generate "config.ini" settings;
@ -104,13 +128,9 @@ let
withConfigFile = text: ''
db_pass=${
optionalString (cfg.database.passwordFile != null)
"$(head -n1 ${cfg.database.passwordFile})"
}
oauth_client_secret=${
optionalString cfg.oauth.enable
"$(head -n1 ${cfg.oauth.clientSecretFile})"
optionalString (cfg.database.passwordFile != null) "$(head -n1 ${cfg.database.passwordFile})"
}
oauth_client_secret=${optionalString cfg.oauth.enable "$(head -n1 ${cfg.oauth.clientSecretFile})"}
cp -f ${configFile} '${cfg.stateDir}/config.ini'
sed -e "s,#dbpass#,$db_pass,g" -i '${cfg.stateDir}/config.ini'
@ -120,7 +140,8 @@ let
${text}
'';
withMysql = text:
withMysql =
text:
withConfigFile ''
query () {
local result=$(${config.services.mysql.package}/bin/mysql \
@ -139,7 +160,8 @@ let
${text}
'';
withSqlite = text:
withSqlite =
text:
withConfigFile ''
query () {
local result=$(${sqlite}/bin/sqlite3 \
@ -152,10 +174,10 @@ let
${text}
'';
in {
in
{
options.nki.services.writefreely = {
enable =
lib.mkEnableOption "Writefreely, build a digital writing community";
enable = lib.mkEnableOption "Writefreely, build a digital writing community";
package = lib.mkOption {
type = lib.types.package;
@ -223,7 +245,10 @@ in {
database = {
type = mkOption {
type = types.enum [ "sqlite3" "mysql" ];
type = types.enum [
"sqlite3"
"mysql"
];
default = "sqlite3";
description = "The database provider to use.";
};
@ -416,13 +441,11 @@ in {
}
{
assertion = isMysqlLocal -> cfg.database.passwordFile != null;
message =
"services.writefreely.database.passwordFile must be set if services.writefreely.database.createLocally is set to true";
message = "services.writefreely.database.passwordFile must be set if services.writefreely.database.createLocally is set to true";
}
{
assertion = isSqlite -> !cfg.database.createLocally;
message =
"services.writefreely.database.createLocally has no use when services.writefreely.database.type is set to sqlite3";
message = "services.writefreely.database.createLocally has no use when services.writefreely.database.type is set to sqlite3";
}
];
@ -435,8 +458,7 @@ in {
};
};
groups =
optionalAttrs (cfg.group == "writefreely") { writefreely = { }; };
groups = optionalAttrs (cfg.group == "writefreely") { writefreely = { }; };
};
systemd.tmpfiles.settings."10-writefreely".${cfg.stateDir}.d = {
@ -445,7 +467,8 @@ in {
};
systemd.services.writefreely = {
after = [ "network.target" ]
after =
[ "network.target" ]
++ optional isSqlite "writefreely-sqlite-init.service"
++ optional isMysql "writefreely-mysql-init.service"
++ optional isMysqlLocal "mysql.service";
@ -458,10 +481,8 @@ in {
WorkingDirectory = cfg.stateDir;
Restart = "always";
RestartSec = 20;
ExecStart =
"${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' serve";
AmbientCapabilities =
optionalString (settings.server.port < 1024) "cap_net_bind_service";
ExecStart = "${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' serve";
AmbientCapabilities = optionalString (settings.server.port < 1024) "cap_net_bind_service";
};
preStart = ''
@ -485,31 +506,32 @@ in {
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.stateDir;
ReadOnlyPaths = optional (cfg.admin.initialPasswordFile != null)
cfg.admin.initialPasswordFile;
ReadOnlyPaths = optional (cfg.admin.initialPasswordFile != null) cfg.admin.initialPasswordFile;
};
script = let
migrateDatabase = optionalString cfg.database.migrate ''
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db migrate
'';
script =
let
migrateDatabase = optionalString cfg.database.migrate ''
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db migrate
'';
createAdmin = optionalString (cfg.admin.name != null) ''
if [[ $(query "SELECT COUNT(*) FROM users") == 0 ]]; then
admin_pass=$(head -n1 ${cfg.admin.initialPasswordFile})
createAdmin = optionalString (cfg.admin.name != null) ''
if [[ $(query "SELECT COUNT(*) FROM users") == 0 ]]; then
admin_pass=$(head -n1 ${cfg.admin.initialPasswordFile})
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' --create-admin ${cfg.admin.name}:$admin_pass
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' --create-admin ${cfg.admin.name}:$admin_pass
fi
'';
in
withSqlite ''
if ! test -f '${settings.database.filename}'; then
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db init
fi
${migrateDatabase}
${createAdmin}
'';
in withSqlite ''
if ! test -f '${settings.database.filename}'; then
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db init
fi
${migrateDatabase}
${createAdmin}
'';
};
systemd.services.writefreely-mysql-init = mkIf isMysql {
@ -521,57 +543,61 @@ in {
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.stateDir;
ReadOnlyPaths = optional isMysqlLocal cfg.database.passwordFile
++ optional (cfg.admin.initialPasswordFile != null)
cfg.admin.initialPasswordFile;
ReadOnlyPaths =
optional isMysqlLocal cfg.database.passwordFile
++ optional (cfg.admin.initialPasswordFile != null) cfg.admin.initialPasswordFile;
};
script = let
updateUser = optionalString isMysqlLocal ''
# WriteFreely currently *requires* a password for authentication, so we
# need to update the user in MySQL accordingly. By default MySQL users
# authenticate with auth_socket or unix_socket.
# See: https://github.com/writefreely/writefreely/issues/568
${config.services.mysql.package}/bin/mysql --skip-column-names --execute "ALTER USER '${cfg.database.user}'@'localhost' IDENTIFIED VIA unix_socket OR mysql_native_password USING PASSWORD('$db_pass'); FLUSH PRIVILEGES;"
'';
script =
let
updateUser = optionalString isMysqlLocal ''
# WriteFreely currently *requires* a password for authentication, so we
# need to update the user in MySQL accordingly. By default MySQL users
# authenticate with auth_socket or unix_socket.
# See: https://github.com/writefreely/writefreely/issues/568
${config.services.mysql.package}/bin/mysql --skip-column-names --execute "ALTER USER '${cfg.database.user}'@'localhost' IDENTIFIED VIA unix_socket OR mysql_native_password USING PASSWORD('$db_pass'); FLUSH PRIVILEGES;"
'';
migrateDatabase = optionalString cfg.database.migrate ''
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db migrate
'';
migrateDatabase = optionalString cfg.database.migrate ''
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db migrate
'';
createAdmin = optionalString (cfg.admin.name != null) ''
if [[ $(query 'SELECT COUNT(*) FROM users') == 0 ]]; then
admin_pass=$(head -n1 ${cfg.admin.initialPasswordFile})
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' --create-admin ${cfg.admin.name}:$admin_pass
createAdmin = optionalString (cfg.admin.name != null) ''
if [[ $(query 'SELECT COUNT(*) FROM users') == 0 ]]; then
admin_pass=$(head -n1 ${cfg.admin.initialPasswordFile})
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' --create-admin ${cfg.admin.name}:$admin_pass
fi
'';
in
withMysql ''
${updateUser}
if [[ $(query "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = '${cfg.database.name}'") == 0 ]]; then
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db init
fi
${migrateDatabase}
${createAdmin}
'';
in withMysql ''
${updateUser}
if [[ $(query "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = '${cfg.database.name}'") == 0 ]]; then
${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db init
fi
${migrateDatabase}
${createAdmin}
'';
};
services.mysql = mkIf isMysqlLocal {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = {
"${cfg.database.name}.*" = "ALL PRIVILEGES";
# WriteFreely requires the use of passwords, so we need permissions
# to `ALTER` the user to add password support and also to reload
# permissions so they can be used.
"*.*" = "CREATE USER, RELOAD";
};
}];
ensureUsers = [
{
name = cfg.database.user;
ensurePermissions = {
"${cfg.database.name}.*" = "ALL PRIVILEGES";
# WriteFreely requires the use of passwords, so we need permissions
# to `ALTER` the user to add password support and also to reload
# permissions so they can be used.
"*.*" = "CREATE USER, RELOAD";
};
}
];
};
services.nginx = lib.mkIf cfg.nginx.enable {

29
nki-x1c1/configuration.nix
View file

@ -5,15 +5,14 @@
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Some PAM stuff
../modules/services/swaylock.nix
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Some PAM stuff
../modules/services/swaylock.nix
];
# Use the latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
@ -54,7 +53,6 @@
services.xserver.enable = true;
services.xserver.autorun = false;
# Enable the Plasma 5 Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
@ -65,13 +63,18 @@
fi
'';
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
i18n.inputMethod.enabled = "ibus";
i18n.inputMethod.ibus.engines = (with pkgs.ibus-engines; [ bamboo mozc libpinyin ]);
i18n.inputMethod.ibus.engines = (
with pkgs.ibus-engines;
[
bamboo
mozc
libpinyin
]
);
# Enable CUPS to print documents.
# services.printing.enable = true;

54
nki-x1c1/hardware-configuration.nix
View file

@ -1,39 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/bc8b0807-c3d6-4893-bcc2-02f059a51a80";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/bc8b0807-c3d6-4893-bcc2-02f059a51a80";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/885D-D058";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/885D-D058";
fsType = "vfat";
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/a981870f-db1d-4441-81da-f1bab1ecc37c";
fsType = "btrfs";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a981870f-db1d-4441-81da-f1bab1ecc37c";
fsType = "btrfs";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; } ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
nki-yoga-g8/configuration.nix
View file

@ -5,22 +5,23 @@
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
];
# Secrets
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
# Build farm
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
sops.secrets."nix-build-farm/private-key" = {
mode = "0400";
};
services.nix-build-farm.hostname = "yoga";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
@ -141,4 +142,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

45
nki-yoga-g8/hardware-configuration.nix
View file

@ -1,15 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@ -19,11 +28,10 @@
"resume_offset=9731998" # btrfs inspect-internal map-swapfile -r /var/swapfile
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/b32d27bf-9df6-43c1-8b93-c0693811bf5b";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/b32d27bf-9df6-43c1-8b93-c0693811bf5b";
fsType = "btrfs";
};
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
@ -31,14 +39,17 @@
common.linux.luksDevices."nixroot" = "/dev/disk/by-uuid/09114015-79bc-4a40-bf60-b4022e969acb";
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/E820-D6C7";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E820-D6C7";
fsType = "vfat";
};
swapDevices = [
{ device = "/var/swapfile"; size = 32 * 1024; priority = 10; }
{
device = "/var/swapfile";
size = 32 * 1024;
priority = 10;
}
];
boot.blacklistedKernelModules = [

73
overlay.nix
View file

@ -1,9 +1,18 @@
{ nixpkgs, nixpkgs-unstable, ... }@inputs:
let
overlay-unstable = final: prev: {
stable = import nixpkgs { config.allowUnfree = true; system = prev.system; };
unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; };
x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; };
stable = import nixpkgs {
config.allowUnfree = true;
system = prev.system;
};
unstable = import nixpkgs-unstable {
config.allowUnfree = true;
system = prev.system;
};
x86 = import nixpkgs-unstable {
system = prev.system;
config.allowUnsupportedSystem = true;
};
};
overlay-needs-unstable = final: prev: {
# Typst updates really quickly.
@ -50,19 +59,20 @@ let
input-remapper = final.unstable.input-remapper;
kakoune-unwrapped =
prev.kakoune-unwrapped.overrideAttrs (attrs: {
version = "r${builtins.substring 0 6 inputs.kakoune.rev}";
src = inputs.kakoune;
patches = [
# patches in the original package was already applied
];
});
librewolf = (prev.librewolf.override {
nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ];
kakoune-unwrapped = prev.kakoune-unwrapped.overrideAttrs (attrs: {
version = "r${builtins.substring 0 6 inputs.kakoune.rev}";
src = inputs.kakoune;
patches = [
# patches in the original package was already applied
];
});
librewolf = (
prev.librewolf.override {
nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ];
}
);
vikunja =
# builtins.seq
# (final.lib.assertMsg (prev.vikunja.version == "0.24.5") "Vikunja probably doesn't need custom versions anymore")
@ -71,20 +81,28 @@ let
luminance = prev.luminance.overrideAttrs (attrs: {
nativeBuildInputs = attrs.nativeBuildInputs ++ [ final.wrapGAppsHook ];
buildInputs = attrs.buildInputs ++ [ final.glib ];
postInstall = attrs.postInstall + ''
glib-compile-schemas $out/share/glib-2.0/schemas
'';
postInstall =
attrs.postInstall
+ ''
glib-compile-schemas $out/share/glib-2.0/schemas
'';
});
vesktop = prev.vesktop.overrideAttrs (attrs: {
postFixup =
let
flagToReplace = if final.lib.hasInfix "--enable-wayland-ime=true" attrs.postFixup then "--enable-wayland-ime=true" else "--enable-wayland-ime";
flagToReplace =
if final.lib.hasInfix "--enable-wayland-ime=true" attrs.postFixup then
"--enable-wayland-ime=true"
else
"--enable-wayland-ime";
in
builtins.replaceStrings [ "NIXOS_OZONE_WL" flagToReplace ] [ "WAYLAND_DISPLAY" "${flagToReplace} --wayland-text-input-version=3" ] attrs.postFixup;
builtins.replaceStrings
[ "NIXOS_OZONE_WL" flagToReplace ]
[ "WAYLAND_DISPLAY" "${flagToReplace} --wayland-text-input-version=3" ]
attrs.postFixup;
});
editline-lix =
assert final.lib.assertMsg (final.lix.version == "2.92.0") "we only need to patch this for 2.92";
final.editline.overrideAttrs (prev: {
@ -106,7 +124,9 @@ let
};
overlay-packages = final: prev: {
kak-tree-sitter = final.callPackage ./packages/common/kak-tree-sitter { rustPlatform = final.unstable.rustPlatform; };
kak-tree-sitter = final.callPackage ./packages/common/kak-tree-sitter {
rustPlatform = final.unstable.rustPlatform;
};
kak-lsp = final.unstable.rustPlatform.buildRustPackage {
name = "kak-lsp";
@ -129,9 +149,14 @@ let
zen-browser-bin = inputs.zen-browser.packages.${final.stdenv.system}.zen-browser.override {
inherit (inputs.zen-browser.packages.${final.stdenv.system}) zen-browser-unwrapped;
wrapFirefox = opts: final.wrapFirefox (opts // {
nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ];
});
wrapFirefox =
opts:
final.wrapFirefox (
opts
// {
nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ];
}
);
# zen-browser-unwrapped = final.callPackage inputs.zen-browser.packages.${final.stdenv.system}.zen-browser-unwrapped.override {
# sources = inputs.zen-browser.inputs;
# };

70
packages/aarch64-linux/typora.nix
View file

@ -1,4 +1,10 @@
{ pkgs, runCommand, zstd, lib, buildFHSEnvChroot }:
{
pkgs,
runCommand,
zstd,
lib,
buildFHSEnvChroot,
}:
let
typora-tar = builtins.fetchurl {
@ -13,35 +19,39 @@ let
in
buildFHSEnvChroot {
name = "typora";
targetPkgs = pkgs: with pkgs; [
glib
nss
nspr
at-spi2-atk
cups
dbus
gtk3
pango
cairo
mesa
expat
libdrm
libxkbcommon
alsa-lib
freefont_ttf
liberation_ttf
wayland
libglvnd
electron
] ++ (with pkgs.xorg; [
libX11
libXcomposite
libXdamage
libXext
libXfixes
libXrandr
libxcb
]);
targetPkgs =
pkgs:
with pkgs;
[
glib
nss
nspr
at-spi2-atk
cups
dbus
gtk3
pango
cairo
mesa
expat
libdrm
libxkbcommon
alsa-lib
freefont_ttf
liberation_ttf
wayland
libglvnd
electron
]
++ (with pkgs.xorg; [
libX11
libXcomposite
libXdamage
libXext
libXfixes
libXrandr
libxcb
]);
extraBuildCommands = ''
# ldd ${typora-src}/bin/Typora-linux-arm64/Typora && false
'';

22
packages/aarch64-linux/zotero.nix
View file

@ -1,4 +1,10 @@
{ pkgs, runCommandLocal, zstd, lib, buildFHSEnvChroot }:
{
pkgs,
runCommandLocal,
zstd,
lib,
buildFHSEnvChroot,
}:
let
zotero-tar = builtins.fetchurl {
@ -14,7 +20,19 @@ let
in
buildFHSEnvChroot {
name = "zotero";
targetPkgs = pkgs: with pkgs; [ gtk3 dbus-glib libstartup_notification libpaper ] ++ (with pkgs.xorg; [ libX11 libXt ]);
targetPkgs =
pkgs:
with pkgs;
[
gtk3
dbus-glib
libstartup_notification
libpaper
]
++ (with pkgs.xorg; [
libX11
libXt
]);
runScript = "env QT_SCALE_FACTOR=2 ${zotero-src}/usr/lib/zotero/zotero";
extraInstallCommands = ''

4
packages/common/epfl-cups-drivers/default.nix
View file

@ -1,6 +1,6 @@
{ pkgs, runCommand, ... }: runCommand "epfl-cups-drivers" { } ''
{ pkgs, runCommand, ... }:
runCommand "epfl-cups-drivers" { } ''
mkdir -p $out/share/cups/model
cp ${./PPD-C5860-bw-EN.PPD} $out/share/cups/model
cp ${./PPD-C5860-color-EN.PPD} $out/share/cups/model
''

26
packages/common/kak-tree-sitter/default.nix
View file

@ -1,4 +1,13 @@
{ lib, rustPlatform, fetchFromSourcehut, symlinkJoin, clang, git, writeText, ... }:
{
lib,
rustPlatform,
fetchFromSourcehut,
symlinkJoin,
clang,
git,
writeText,
...
}:
let
src = fetchFromSourcehut {
owner = "~hadronized";
@ -12,9 +21,17 @@ let
pname = "kak-tree-sitter";
version = "1.1.3";
cargoHash = "sha256-1OwPfl1446SYt1556jwR9mvWOWEv+ab+wH7GZQeS4/E=";
cargoBuildOptions = [ "--package" "kak-tree-sitter" "--package" "ktsctl" ];
cargoBuildOptions = [
"--package"
"kak-tree-sitter"
"--package"
"ktsctl"
];
nativeBuildInputs = [ clang git ];
nativeBuildInputs = [
clang
git
];
patches = [
# Allow absolute-path style repos
@ -31,7 +48,7 @@ let
+ .trim_start_matches(":/")
+ .trim_start_matches("/"),
);
self.runtime_dir.join("sources").join(url_dir)
'')
];
@ -40,4 +57,3 @@ let
};
in
kak-tree-sitter

43
packages/common/nki-kakoune/default.nix
View file

@ -1,25 +1,32 @@
{ callPackage, kakoune, kakoune-unwrapped, ... }:
{
callPackage,
kakoune,
kakoune-unwrapped,
...
}:
let
lsp = callPackage ./lsp.nix { };
rc = (callPackage ./rc.nix { });
in
(kakoune.override {
plugins = callPackage ./plugins.nix { }
plugins =
callPackage ./plugins.nix { }
++ callPackage ./themes.nix { }
++ [
(callPackage ./kaktex { })
(callPackage ./faces.nix { })
rc
lsp.plugin
];
}).overrideAttrs (attrs: {
buildCommand = ''
${attrs.buildCommand or ""}
# location of kak binary is used to find ../share/kak/autoload,
# unless explicitly overriden with KAKOUNE_RUNTIME
rm "$out/bin/kak"
makeWrapper "${kakoune-unwrapped}/bin/kak" "$out/bin/kak" \
--set KAKOUNE_RUNTIME "$out/share/kak" \
--suffix PATH ":" "${lsp.extraPaths}"
'';
})
(callPackage ./kaktex { })
(callPackage ./faces.nix { })
rc
lsp.plugin
];
}).overrideAttrs
(attrs: {
buildCommand = ''
${attrs.buildCommand or ""}
# location of kak binary is used to find ../share/kak/autoload,
# unless explicitly overriden with KAKOUNE_RUNTIME
rm "$out/bin/kak"
makeWrapper "${kakoune-unwrapped}/bin/kak" "$out/bin/kak" \
--set KAKOUNE_RUNTIME "$out/share/kak" \
--suffix PATH ":" "${lsp.extraPaths}"
'';
})

11
packages/common/nki-kakoune/faces.nix
View file

@ -1,7 +1,7 @@
{ callPackage, ... } :
{ callPackage, ... }:
let
utils = callPackage ./utils.nix { };
faces = {
utils = callPackage ./utils.nix { };
faces = {
Default = "%opt{text},%opt{base}";
BufferPadding = "%opt{base},%opt{base}";
MenuForeground = "%opt{blue},white+bF";
@ -27,5 +27,6 @@ faces = {
format_specifier = "+i@string";
mutable_variable = "+i@variable";
class = "+b@variable";
};
in utils.mkFacesScript "default-faces" faces
};
in
utils.mkFacesScript "default-faces" faces

Some files were not shown because too many files have changed in this diff Show more