nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Compare commits

base: nki:master
Branches Tags
nki:master
nki:kakoune-package
nki:niri
nki:move-s3
nki:build-farm
nki:remove-macbook
nki:24.05
nki:peertube
nki:invi
nki:local-net
nki:test
..
compare: nki:remove-macbook
Branches Tags
nki:kakoune-package
nki:master
nki:niri
nki:move-s3
nki:build-farm
nki:remove-macbook
nki:24.05
nki:peertube
nki:invi
nki:local-net
nki:test

3 commits
master ... remove-mac

Author SHA1 Message Date
Natsu Kagami 777cc2f358
Remove static files 2024-07-23 18:05:03 +02:00
Natsu Kagami 7b38456c37
Remove asahi overlay 2024-07-23 17:59:45 +02:00
Natsu Kagami 509b44a31b
Remove macbook from repo 2024-07-23 17:58:52 +02:00
89 changed files with 1440 additions and 5375 deletions
Show stats Expand all files Collapse all files

15
.sops.yaml
View file

@ -4,8 +4,6 @@ keys:
- &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm - &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5 - &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36 - &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
- &nki_yoga age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
- &nki_framework age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
creation_rules: creation_rules:
- path_regex: kagami-air-m1/secrets\.yaml$ - path_regex: kagami-air-m1/secrets\.yaml$
key_groups: key_groups:
@ -18,20 +16,9 @@ creation_rules:
- *nki_pc - *nki_pc
- *nkagami_main - *nkagami_main
- *nkagami_do - *nkagami_do
- *nki_framework - path_regex: nki-home/secrets/secrets\.yaml$
- path_regex: nki-home/secrets\.yaml$
key_groups: key_groups:
- age: - age:
- *nki_pc - *nki_pc
- *nkagami_main - *nkagami_main
- *nkagami_do - *nkagami_do
- path_regex: nki-yoga-g8/secrets\.yaml$
key_groups:
- age:
- *nki_yoga
- age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv # The machine itself
- path_regex: nki-framework/secrets\.yaml$
key_groups:
- age:
- *nki_framework
- age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27 # The machine itself

2
common.nix
View file

@ -13,8 +13,6 @@ in
with lib; { with lib; {
imports = [ imports = [
# defaultShell # defaultShell
./modules/services/nix-cache
./modules/services/nix-build-farm
]; ];
## Packages ## Packages

82
darwin/brew.nix
View file

@ -1,82 +0,0 @@
{ pkgs, config, lib, ... }:
with lib;
{
homebrew.enable = true;
homebrew.brewPrefix =
if pkgs.stdenv.isAarch64 then "/opt/homebrew/bin"
else "/usr/local/bin";
homebrew.onActivation.cleanup = "zap";
homebrew.onActivation.upgrade = true;
# All needed taps
homebrew.taps = [
"homebrew/bundle"
"homebrew/cask"
"homebrew/core"
"homebrew/services"
];
homebrew.brews = [
# CLI tools
"pinentry-mac" # UI for Pin Entry on gpg Mac
{
name = "d-bus";
restart_service = "changed";
}
# U2F
"pam-u2f"
];
homebrew.casks = [
"blackhole-2ch"
"finicky"
"inkscape"
"yt-music"
"eloston-chromium"
# CLI, but doesn't yet work on Nix
# "sage"
];
# We don't really need to keep track of all these
homebrew.masApps = {
# # Safari Extensions
# "Keepa - Price Tracker" = 1533805339;
# "Vimari" = 1480933944;
# "Bitwarden" = 1352778147;
# "Save to Pocket" = 1477385213;
# "AdGuard for Safari" = 1440147259;
# "Refined GitHub" = 1519867270;
# # Productivity
# # "GoodNotes" = 1444383602;
# "Amphetamine" = 937984704; # Turns off auto display dimming and sleep for some time
# "Session Pal" = 1515213004;
# "Flow" = 1423210932;
# # "Taskheat" = 1431995750; # Always shown outdated!
# "Hidden Bar" = 1452453066;
# # Development
# "Developer" = 640199958;
# # "Xcode" = 497799835;
# # Chat
# "Messenger" = 1480068668;
# "LINE" = 539883307;
# "Slack" = 803453959;
# # Office
# "Keynote" = 409183694;
# "Microsoft Excel" = 462058435;
# "The Unarchiver" = 425424353;
# "Numbers" = 409203825;
# "Pages" = 409201541;
# ## Multimedia
# "DaVinci Resolve" = 571213070;
# "GarageBand" = 682658836;
# "iMovie" = 408981434;
};
}

70
darwin/configuration.nix
View file

@ -1,70 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
../modules/personal/fonts
./brew.nix
];
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages =
with pkgs; [ podman qemu ];
environment.shells = with pkgs; [ fish ];
# Use a custom configuration.nix location.
# $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
# Auto upgrade nix package and the daemon service.
# services.nix-daemon.enable = true;
# Create /etc/bashrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
programs.fish.enable = true;
## Networking related settings
networking.hostName = "nki-macbook";
environment.variables = {
EDITOR = ""; # don't set it by default
# Homebrew stuff
# LLVM!
# To use the bundled libc++ please add the following LDFLAGS:
LDFLAGS = lib.concatStringsSep " " [
"-L/opt/homebrew/opt/llvm/lib"
"-Wl,-rpath,/opt/homebrew/opt/llvm/lib"
"-L/opt/homebrew/opt/llvm/lib"
"$LDFLAGS"
];
CPPFLAGS = "-I/opt/homebrew/opt/llvm/include $CPPFLAGS";
};
environment.systemPath = lib.mkBefore [
# Missing from MacOS
"/usr/local/bin"
# LaTeX
"/usr/local/texlive/2021/bin/universal-darwin"
# Go
"/usr/local/go/bin"
# Ruby
"/opt/homebrew/opt/ruby@2.7/bin"
# .NET
"/usr/local/share/dotnet"
# LLVM!
"/opt/homebrew/opt/llvm/bin"
];
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
# Font configuration
users.users.nki = {
name = "nki";
home = "/Users/nki";
shell = "${config.home-manager.users.nki.programs.fish.package}/bin/fish";
};
}

725
flake.lock
View file

File diff suppressed because it is too large Load diff

71
flake.nix
View file

@ -2,12 +2,10 @@
description = "nki's systems"; description = "nki's systems";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
darwin.url = "github:lnl7/nix-darwin/master"; home-manager.url = "github:nix-community/home-manager/release-24.05";
darwin.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager-unstable.url = "github:nix-community/home-manager"; home-manager-unstable.url = "github:nix-community/home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -15,57 +13,50 @@
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs"; sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
deploy-rs.url = "github:Serokell/deploy-rs"; deploy-rs.url = "github:Serokell/deploy-rs";
nur.url = "github:nix-community/NUR";
# --- Secure boot # --- Secure boot
lanzaboote = { lanzaboote = {
url = github:nix-community/lanzaboote/v0.4.1; url = github:nix-community/lanzaboote/v0.3.0;
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# --- Build tools # --- Build tools
flake-utils.url = github:numtide/flake-utils; flake-utils.url = github:numtide/flake-utils;
crane.url = github:ipetkov/crane; crane.url = github:ipetkov/crane;
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
arion.url = github:hercules-ci/arion; arion.url = github:hercules-ci/arion;
lix-module = { lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# --- # ---
# Imported apps # Imported apps
youmubot.url = "github:natsukagami/youmubot/osu-commands"; youmubot.url = "github:natsukagami/youmubot";
# swayfx = { swayfx = {
# url = github:WillPower3309/swayfx; url = github:WillPower3309/swayfx;
# inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# }; };
mpd-mpris = { mpd-mpris = {
url = github:natsukagami/mpd-mpris; url = github:natsukagami/mpd-mpris;
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki-dtth/phanpy?ref=dtth-fork"; dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork";
conduit.url = "gitlab:famedly/conduit/v0.9.0"; conduit.url = "gitlab:famedly/conduit/v0.8.0";
nix-gaming.url = github:fufexan/nix-gaming; nix-gaming.url = github:fufexan/nix-gaming;
zen-browser.url = "github:youwen5/zen-browser-flake";
niri.url = "github:sodiboo/niri-flake";
# --- Sources # --- Sources
kakoune.url = github:mawww/kakoune; kakoune.url = github:mawww/kakoune;
kakoune.flake = false; kakoune.flake = false;
kak-lsp.url = github:kakoune-lsp/kakoune-lsp; kak-lsp.url = github:kakoune-lsp/kakoune-lsp;
kak-lsp.flake = false; kak-lsp.flake = false;
nixos-m1.url = github:tpwrules/nixos-apple-silicon;
nixos-m1.inputs.nixpkgs.follows = "nixpkgs";
# --- # ---
# DEPLOYMENT ONLY! secrets # DEPLOYMENT ONLY! secrets
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets"; secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
}; };
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, nur, ... }@inputs:
let let
overlays = import ./overlay.nix inputs; overlays = import ./overlay.nix inputs;
lib = nixpkgs.lib; lib = nixpkgs.lib;
@ -90,20 +81,6 @@
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ]; trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
}; };
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ]; environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
}; };
# Common Nix modules # Common Nix modules
@ -122,7 +99,6 @@
(common-nix stable) (common-nix stable)
inputs.secrets.nixosModules.common inputs.secrets.nixosModules.common
inputs.nix-gaming.nixosModules.pipewireLowLatency inputs.nix-gaming.nixosModules.pipewireLowLatency
inputs.niri.nixosModules.niri
]; ];
}; };
@ -162,21 +138,6 @@
packages.x86_64-linux.deploy-rs = deploy-rs.packages.x86_64-linux.default; packages.x86_64-linux.deploy-rs = deploy-rs.packages.x86_64-linux.default;
apps.x86_64-linux.deploy-rs = deploy-rs.apps.x86_64-linux.default; apps.x86_64-linux.deploy-rs = deploy-rs.apps.x86_64-linux.default;
# MacBook configuration: nix-darwin + home-manager
darwinConfigurations."nki-macbook" = darwin.lib.darwinSystem rec {
system = "aarch64-darwin";
modules = [
(common-nix nixpkgs-unstable)
./darwin/configuration.nix
inputs.home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.nki = import ./home/macbook-home.nix;
}
];
};
# Home configuration # Home configuration
nixosConfigurations."kagamiPC" = mkPersonalSystem nixpkgs-unstable "x86_64-linux" { nixosConfigurations."kagamiPC" = mkPersonalSystem nixpkgs-unstable "x86_64-linux" {
configuration = ./nki-home/configuration.nix; configuration = ./nki-home/configuration.nix;
@ -216,12 +177,6 @@
}) })
]; ];
}; };
# macbook nixos
nixosConfigurations."kagami-air-m1" = mkPersonalSystem nixpkgs "aarch64-linux" {
configuration = ./kagami-air-m1/configuration.nix;
homeManagerUsers.nki = import ./home/macbook-nixos.nix;
extraModules = [ inputs.nixos-m1.nixosModules.apple-silicon-support ];
};
# DigitalOcean node # DigitalOcean node
nixosConfigurations."nki-personal-do" = mkPersonalSystem nixpkgs "x86_64-linux" { nixosConfigurations."nki-personal-do" = mkPersonalSystem nixpkgs "x86_64-linux" {

2
home/common-linux.nix
View file

@ -39,7 +39,7 @@ in
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
# Audio stuff! # Audio stuff!
# services.easyeffects.enable = true; services.easyeffects.enable = true;
# Bluetooth controls # Bluetooth controls
# services.mpris-proxy.enable = true; # services.mpris-proxy.enable = true;

11
home/common.nix
View file

@ -5,9 +5,7 @@
./kakoune/kak.nix ./kakoune/kak.nix
./fish/fish.nix ./fish/fish.nix
./modules/programs/my-broot.nix ./modules/programs/my-broot.nix
./modules/programs/my-waybar.nix
./modules/programs/my-sway ./modules/programs/my-sway
./modules/programs/my-niri.nix
./modules/programs/my-kitty ./modules/programs/my-kitty
./modules/programs/openconnect-epfl.nix ./modules/programs/openconnect-epfl.nix
./common-linux.nix ./common-linux.nix
@ -16,9 +14,8 @@
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
programs.home-manager.enable = true; programs.home-manager.enable = true;
# Temporarily disable the manuals # Enable the manual so we don't have to load it
manual.html.enable = false; manual.html.enable = true;
# manual.manpage.enable = false;
# Packages that are not in programs section # Packages that are not in programs section
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -28,11 +25,9 @@
ripgrep ripgrep
openssh openssh
tea # gitea CLI (gh-like) tea # gitea CLI (gh-like)
glab # gitlab CLI
fx # JSON viewer fx # JSON viewer
glow # Markdown viewer glow # Markdown viewer
nix-output-monitor # Nice nix output formatting nix-output-monitor # Nice nix output formatting
unstable.scala-next
## PDF Processors ## PDF Processors
poppler_utils poppler_utils
## htop replacement ## htop replacement
@ -108,7 +103,7 @@
.kakrc .kakrc
''}"; ''}";
safe.directory = "*"; safe.directory = "*";
merge.conflictstyle = "zdiff3"; merge.conflictstyle = "diff3";
}; };
}; };

5
home/config.nix
View file

@ -1,3 +1,8 @@
{ {
allowUnfree = true; allowUnfree = true;
packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
} }

91
home/fish/fish.nix
View file

@ -13,9 +13,6 @@ let
if which sway &>/dev/null if which sway &>/dev/null
set -a CHOICES "sway" set -a CHOICES "sway"
end end
if which niri-session &>/dev/null
set -a CHOICES "Niri"
end
if which startplasma-wayland &>/dev/null if which startplasma-wayland &>/dev/null
set -a CHOICES "KDE Plasma" set -a CHOICES "KDE Plasma"
end end
@ -25,8 +22,6 @@ let
case "sway" case "sway"
systemctl --user unset-environment NIXOS_OZONE_WL systemctl --user unset-environment NIXOS_OZONE_WL
exec sway exec sway
case "Niri"
exec niri-session
case "KDE Plasma" case "KDE Plasma"
exec ${pkgs.kdePackages.plasma-workspace}/libexec/plasma-dbus-run-session-if-needed startplasma-wayland exec ${pkgs.kdePackages.plasma-workspace}/libexec/plasma-dbus-run-session-if-needed startplasma-wayland
case '*' case '*'
@ -58,7 +53,8 @@ in
functions = { functions = {
rebuild = { rebuild = {
body = '' body = ''
pls nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \ command sudo -v && \
command sudo nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \
&| ${pkgs.nix-output-monitor}/bin/nom --json &| ${pkgs.nix-output-monitor}/bin/nom --json
''; '';
wraps = "nixos-rebuild"; wraps = "nixos-rebuild";
@ -66,18 +62,19 @@ in
# Simplify nix usage! # Simplify nix usage!
nx = { nx = {
body = '' body = ''
argparse -s 'h/help' 'impure' 'u/unstable' 'g/git' -- $argv set impure
if set -q _flag_help || test (count $argv) -eq 0 if test $argv[1] = "--impure"
echo "nx [--impure] [-u/--unstable/-g/--git] {package} [args...]" set impure "--impure"
return 1 set argv $argv[2..]
end
if test (count $argv) -gt 0
nix run $impure nixpkgs#$argv[1] -- $argv[2..]
else else
set -q _flag_impure && set impure "--impure" echo "nx [--impure] {package} [args...]"
set nixpkgs "nixpkgs" return 1
set -q _flag_unstable && set nixpkgs "nixpkgs-unstable"
set -q _flag_git && set nixpkgs "github:nixOS/nixpkgs/nixpkgs-unstable"
nix run $impure $nixpkgs"#"$argv[1] -- $argv[2..]
end end
''; '';
wraps = "nix run";
description = "Runs an app from the nixpkgs store."; description = "Runs an app from the nixpkgs store.";
}; };
@ -85,35 +82,25 @@ in
description = "Spawns a shell from the given nixpkgs packages"; description = "Spawns a shell from the given nixpkgs packages";
wraps = "nix shell"; wraps = "nix shell";
body = '' body = ''
function help set impure
echo "nsh [--impure] [--impure] [-u/--unstable/-g/--git] {package}* [-c command args...]" if test $argv[1] = "--impure"
set impure "--impure"
set argv $argv[2..]
end end
argparse -s 'h/help' 'impure' 'u/unstable' 'g/git' -- $argv if test (count $argv) -gt 0
if set -q _flag_help || test (count $argv) -eq 0 set minusc (contains -i -- "-c" $argv)
help if test -z $minusc
return 0 nix shell $impure nixpkgs#$argv -c fish
end else if test $minusc -eq (count $argv)
set packages $argv echo "nsh [--impure] {packages} [-c command args...]"
set minusc (contains -i -- "-c" $argv)
if test -n "$minusc"
if test $minusc -eq 1
help
return 1 return 1
else
nix shell $impure nixpkgs#$argv[..(math $minusc - 1)] $argv[$minusc..]
end end
set packages $argv[..(math $minusc - 1)]
set argv $argv[(math $minusc + 1)..]
else else
set argv "fish" "-i" echo "nsh [--impure] {packages} [-c command args...]"
end
if test (count $packages) -eq 0
help
return 1 return 1
end end
set -q _flag_impure && set impure "--impure"
set nixpkgs "nixpkgs"
set -q _flag_unstable && set nixpkgs "nixpkgs-unstable"
set -q _flag_git && set nixpkgs "github:nixOS/nixpkgs/nixpkgs-unstable"
nix shell $impure $nixpkgs"#"$packages --command $argv
''; '';
}; };
# Grep stuff # Grep stuff
@ -131,30 +118,6 @@ in
}; };
echo-today = "date +%F"; echo-today = "date +%F";
newfile = "mkdir -p (dirname $argv[-1]) && touch $argv"; newfile = "mkdir -p (dirname $argv[-1]) && touch $argv";
# pls
pls = {
wraps = "sudo";
body = ''
set -l cmd "`"(string join " " -- $argv)"`"
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
# Send a notification on password prompt
if command sudo -vn 2>/dev/null
# nothing to do, user already authenticated
else
# throw a notification
set notif_id (kitten notify -P \
-p ${./haruka.png} \
-a "pls" \
-u critical \
"A-a command requires your p-password" \
(printf "I-I need your p-password to r-run the following c-command:\n\n%s" $cmd))
command sudo -v -p "P-password please: "
kitten notify -i $notif_id ""
end
command sudo $argv
'';
};
}; };
@ -290,8 +253,8 @@ in
target = ".config/fish/conf.d/change_cmd.fish"; target = ".config/fish/conf.d/change_cmd.fish";
}; };
"fish/pls.fish" = { "fish/pls.fish" = {
source = ./pls_extra.fish; source = ./. + "/pls.fish";
target = ".config/fish/conf.d/pls_extra.fish"; target = ".config/fish/conf.d/pls.fish";
}; };
}; };
} }

BIN
home/fish/haruka.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 30 KiB

155
home/fish/pls.fish Normal file
View file

@ -0,0 +1,155 @@
alias sue="pls -e"
function pls
set -l cmd "`"(string join " " -- $argv)"`"
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
# Send a notification on password prompt
if command sudo -vn 2>/dev/null
# nothing to do, user already authenticated
else
# throw a notification
# notify-send -t 3000 -u critical -i ~/Downloads/harukablush.jpg -h "STRING:command:"$cmd "A-a command requires your p-password" (printf "I-I need your p-password to r-run the following c-command: %s" $cmd)
end
command sudo $argv
end
function sudo
echo "Not polite enough."
end
function __fish_prepend_pls -d "Prepend 'pls ' to the beginning of the current commandline"
# If there is no commandline, insert the last item from history
# and *then* toggle
if not commandline | string length -q
commandline -r "$history[1]"
end
set -l cmd (commandline -po)
set -l cursor (commandline -C)
if test "$cmd[1]" = e
commandline -C 0
commandline -i "su"
commandline -C (math $cursor + 2)
else if test "$cmd[1]" = sue
commandline -r (string sub --start=3 (commandline -p))
commandline -C -- (math $cursor - 2)
else if test "$cmd[1]" != pls
commandline -C 0
commandline -i "pls "
commandline -C (math $cursor + 4)
else
commandline -r (string sub --start=5 (commandline -p))
commandline -C -- (math $cursor - 4)
end
end
bind --preset -e -M insert \es
bind -M insert \es __fish_prepend_pls
function __fish_man_page
# Get all commandline tokens not starting with "-"
set -l args (commandline -po | string match -rv '^-')
# If commandline is empty, exit.
if not set -q args[1]
printf \a
return
end
#Skip `pls` and display then manpage of following command
while set -q args[2]
and string match -qr -- '^(pls|.*=.*)$' $args[1]
set -e args[1]
end
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
# Try "man first-second" and fall back to "man first" if that doesn't work out.
set -l maincmd (basename $args[1])
if set -q args[2]
# HACK: If stderr is not attached to a terminal `less` (the default pager)
# wouldn't use the alternate screen.
# But since we don't know what pager it is, and because `man` is totally underspecified,
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
# See #7863.
if man "$maincmd-$args[2]" &>/dev/null
man "$maincmd-$args[2]"
else if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
else
if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
end
commandline -f repaint
end
#
# Completion for pls
#
function __fish_pls_print_remaining_args
set -l tokens (commandline -opc) (commandline -ct)
set -e tokens[1]
# These are all the options mentioned in the man page for Todd Miller's "pls.ws" pls (in that order).
# If any other implementation has different options, this should be harmless, since they shouldn't be used anyway.
set -l opts A/askpass b/background C/close-from= E/preserve-env='?'
# Note that "-h" is both "--host" (which takes an option) and "--help" (which doesn't).
# But `-h` as `--help` only counts when it's the only argument (`pls -h`),
# so any argument completion after that should take it as "--host".
set -a opts e/edit g/group= H/set-home h/host= 1-help
set -a opts i/login K/remove-timestamp k/reset-timestamp l/list n/non-interactive
set -a opts P/preserve-groups p/prompt= S/stdin s/shell U/other-user=
set -a opts u/user= T/command-timeout= V/version v/validate
argparse -s $opts -- $tokens 2>/dev/null
# The remaining argv is the subcommand with all its options, which is what
# we want.
if test -n "$argv"
and not string match -qr '^-' $argv[1]
string join0 -- $argv
return 0
else
return 1
end
end
function __fish_pls_no_subcommand
not __fish_pls_print_remaining_args >/dev/null
end
function __fish_complete_pls_subcommand
set -l args (__fish_pls_print_remaining_args | string split0)
set -lx -a PATH /usr/local/sbin /sbin /usr/sbin
__fish_complete_subcommand --commandline $args
end
# All these options should be valid for GNU and OSX pls
complete -c pls -n __fish_no_arguments -s h -d "Display help and exit"
complete -c pls -n __fish_no_arguments -s V -d "Display version information and exit"
complete -c pls -n __fish_pls_no_subcommand -s A -d "Ask for password via the askpass or \$SSH_ASKPASS program"
complete -c pls -n __fish_pls_no_subcommand -s C -d "Close all file descriptors greater or equal to the given number" -xa "0 1 2 255"
complete -c pls -n __fish_pls_no_subcommand -s E -d "Preserve environment"
complete -c pls -n __fish_pls_no_subcommand -s H -d "Set home"
complete -c pls -n __fish_pls_no_subcommand -s K -d "Remove the credential timestamp entirely"
complete -c pls -n __fish_pls_no_subcommand -s P -d "Preserve group vector"
complete -c pls -n __fish_pls_no_subcommand -s S -d "Read password from stdin"
complete -c pls -n __fish_pls_no_subcommand -s b -d "Run command in the background"
complete -c pls -n __fish_pls_no_subcommand -s e -rF -d Edit
complete -c pls -n __fish_pls_no_subcommand -s g -a "(__fish_complete_groups)" -x -d "Run command as group"
complete -c pls -n __fish_pls_no_subcommand -s i -d "Run a login shell"
complete -c pls -n __fish_pls_no_subcommand -s k -d "Reset or ignore the credential timestamp"
complete -c pls -n __fish_pls_no_subcommand -s l -d "List the allowed and forbidden commands for the given user"
complete -c pls -n __fish_pls_no_subcommand -s n -d "Do not prompt for a password - if one is needed, fail"
complete -c pls -n __fish_pls_no_subcommand -s p -d "Specify a custom password prompt"
complete -c pls -n __fish_pls_no_subcommand -s s -d "Run the given command in a shell"
complete -c pls -n __fish_pls_no_subcommand -s u -a "(__fish_complete_users)" -x -d "Run command as user"
complete -c pls -n __fish_pls_no_subcommand -s v -n __fish_no_arguments -d "Validate the credentials, extending timeout"
# Complete the command we are executed under pls
complete -c pls -x -n 'not __fish_seen_argument -s e' -a "(__fish_complete_pls_subcommand)"

47
home/fish/pls_extra.fish
View file

@ -1,47 +0,0 @@
alias sue="pls -e"
function sudo
echo "Not polite enough."
end
bind --preset -M visual \es 'fish_commandline_prepend pls'
bind -M insert \es 'fish_commandline_prepend pls'
function __fish_man_page
# Get all commandline tokens not starting with "-", up to and including the cursor's
set -l args (string match -rv '^-|^$' -- (commandline -cpx && commandline -t))
# If commandline is empty, exit.
if not set -q args[1]
printf \a
return
end
# Skip leading commands and display the manpage of following command
while set -q args[2]
and string match -qr -- '^(and|begin|builtin|caffeinate|command|doas|entr|env|exec|if|mosh|nice|not|or|pipenv|prime-run|setsid|sudo|pls|systemd-nspawn|time|watch|while|xargs|.*=.*)$' $args[1]
set -e args[1]
end
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
# Try "man first-second" and fall back to "man first" if that doesn't work out.
set -l maincmd (path basename $args[1])
# HACK: If stderr is not attached to a terminal `less` (the default pager)
# wouldn't use the alternate screen.
# But since we don't know what pager it is, and because `man` is totally underspecified,
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
# See #7863.
if set -q args[2]
and not string match -q -- '*/*' $args[2]
and man "$maincmd-$args[2]" &>/dev/null
man "$maincmd-$args[2]"
else
if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
end
commandline -f repaint
end

BIN
home/images/wallpaper-macbook.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.4 MiB

29
home/kagami-pc-home.nix
View file

@ -37,24 +37,37 @@
# Enable X11 configuration # Enable X11 configuration
linux.graphical.type = "wayland"; linux.graphical.type = "wayland";
linux.graphical.wallpaper = ./images/pixiv_18776904.png; linux.graphical.wallpaper = ./images/pixiv_18776904.png;
linux.graphical.defaults.webBrowser.package = pkgs.zen-browser-bin; linux.graphical.defaults.webBrowser = "librewolf.desktop";
linux.graphical.defaults.webBrowser.desktopFile = "zen.desktop";
programs.my-niri.enable = true;
programs.my-sway.enable = true; programs.my-sway.enable = true;
programs.my-sway.fontSize = 15.0; programs.my-sway.fontSize = 15.0;
programs.my-sway.enableLaptop = true; programs.my-sway.enableLaptopBars = false;
programs.my-waybar.enableMpd = true; programs.my-sway.enableMpd = true;
# Keyboard options # Keyboard options
wayland.windowManager.sway.config.input."type:keyboard".xkb_layout = "jp"; wayland.windowManager.sway.config.input."type:keyboard".xkb_layout = "jp";
wayland.windowManager.sway.config.input."type:pointer".accel_profile = "flat"; wayland.windowManager.sway.config.input."type:pointer".accel_profile = "flat";
# 144hz adaptive refresh ON! # 144hz adaptive refresh ON!
wayland.windowManager.sway.config.output =
let
scale = 1.5;
top_x = builtins.ceil (3840 / scale);
top_y = 0;
in
with config.common.monitors; {
${home_4k.name} = {
scale = toString scale;
position = "0 0";
};
${home_1440.name} = {
position = "${toString top_x} ${toString top_y}";
};
};
nki.programs.kitty.enable = true; nki.programs.kitty.enable = true;
nki.programs.kitty.fontSize = 14; nki.programs.kitty.fontSize = 14;
programs.my-waybar.makeBars = with config.common.monitors; barWith: [ programs.my-sway.waybar.makeBars = with config.common.monitors; barWith: [
# For primary # For primary
(barWith { extraSettings = { output = [ home_4k.meta.connection ]; }; }) (barWith { extraSettings = { output = [ home_4k.name ]; }; })
# For secondary, hide mpd # For secondary, hide mpd
(barWith { showMedia = false; showConnectivity = false; extraSettings = { output = [ home_1440.meta.connection ]; }; }) (barWith { showMedia = false; showConnectivity = false; extraSettings = { output = [ home_1440.name ]; }; })
]; ];
# Yellow light! # Yellow light!

13
home/kakoune/kak.nix
View file

@ -117,7 +117,7 @@ in
programs.kak-lsp.languageServers.metals = { programs.kak-lsp.languageServers.metals = {
command = "metals"; command = "metals";
filetypes = [ "scala" ]; filetypes = [ "scala" ];
roots = [ "build.sbt" "build.sc" "build.mill" ]; roots = [ "build.sbt" "build.sc" ];
settings_section = "metals"; settings_section = "metals";
settings.metals = { settings.metals = {
enableSemanticHighlighting = true; enableSemanticHighlighting = true;
@ -156,14 +156,13 @@ in
}; };
package = pkgs.texlab; package = pkgs.texlab;
}; };
programs.kak-lsp.languageServers.tinymist = { programs.kak-lsp.languageServers.typst-lsp = {
command = "tinymist"; command = "typst-lsp";
filetypes = [ "typst" ]; filetypes = [ "typst" ];
roots = [ "main.typ" ".git" ]; roots = [ "main.typ" ".git" ];
settings_section = "tinymist"; settings_section = "typst-lsp";
settings.tinymist = { settings.typst-lsp = {
exportPdf = "onSave"; experimentalFormatterMode = "on";
formatterMode = "typstfmt";
}; };
}; };
programs.kak-lsp.languageServers.marksman = { programs.kak-lsp.languageServers.marksman = {

13
home/kakoune/kakrc
View file

@ -62,13 +62,7 @@ map global normal D ": delete-current-brackets<ret>"
# Tab sizes # Tab sizes
hook global InsertChar \t %{ exec -draft -itersel h@ } hook global InsertChar \t %{ exec -draft -itersel h@ }
set global tabstop 2 set global tabstop 2
set global indentwidth 2 set global indentwidth 2
# Language-specific tabstop with override
hook global WinSetOption filetype=(rust) %{
set window tabstop 4
set window indentwidth 4
}
# Ctrl + a in insert mode = esc # Ctrl + a in insert mode = esc
map global insert <c-a> '<esc>' map global insert <c-a> '<esc>'
@ -158,6 +152,9 @@ hook global WinSetOption filetype=(rust) %{
hook global WinSetOption filetype=(scala) %{ hook global WinSetOption filetype=(scala) %{
# Format the document if possible # Format the document if possible
hook -group scala-fmt window BufWritePre .* %{ lsp-formatting-sync } hook -group scala-fmt window BufWritePre .* %{ lsp-formatting-sync }
set window tabstop 2
set window indentwidth 2
} }
hook global WinSetOption filetype=(typst) %{ hook global WinSetOption filetype=(typst) %{
@ -206,7 +203,7 @@ hook global BufCreate .*[.]md %{
add-highlighter buffer/ wrap add-highlighter buffer/ wrap
} }
hook global BufCreate .*[.](sc|sbt|mill) %{ hook global BufCreate .*[.](sc|sbt) %{
set-option buffer filetype scala set-option buffer filetype scala
} }

78
home/macbook-home.nix
View file

@ -1,78 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [ ./common.nix ];
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "nki";
home.homeDirectory = "/Users/nki";
# Additional packages to be used only on this MacBook.
home.packages = with pkgs; [
anki-bin
];
# Additional settings for programs
programs.fish.shellAliases = {
brew64 = "arch -x86_64 /usr/local/bin/brew";
};
nki.programs.kitty.enable = true;
nki.programs.kitty.package = pkgs.hello; # We install kitty for ourselves
nki.programs.kitty.background = ./images/chise-bg.png;
home.sessionPath = [
# Personal .bin
"$HOME/.bin"
"$HOME/.local/bin"
# Rust
"$HOME/.cargo/bin"
# Haskell
"$HOME/.cabal/bin"
"$HOME/.ghcup/bin"
# Go
"$HOME/go/bin"
# Node.js
"$HOME/.local/opt/node/bin"
# Ruby
"$HOME/.gem/bin"
"$HOME/.gem/ruby/2.7.0/bin"
];
home.sessionVariables = {
VISUAL = "$EDITOR";
# Other C++ stuff
LIBRARY_PATH = lib.concatStringsSep ":" [
"$LIBRARY_PATH"
"$HOME/.local/share/lib"
];
CPATH = lib.concatStringsSep ":" [
"$CPATH"
"$HOME/.local/share/include"
];
# Ruby
GEM_HOME = "$HOME/.gem";
# .NET
DOTNET_CLI_TELEMETRY_OPTOUT = "true";
# Override home-manager package path to first
PATH = "/etc/profiles/per-user/${config.home.username}/bin:$PATH";
};
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.11";
}

132
home/macbook-nixos.nix
View file

@ -1,132 +0,0 @@
{ pkgs, config, lib, ... }:
let
discord = pkgs.armcord.override { nss = pkgs.nss_latest; };
in
{
imports = [
# Common configuration
./common.nix
# We use our own firefox
# ./firefox.nix
# osu!
# ./osu.nix
];
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "nki";
home.homeDirectory = "/home/nki";
nki.programs.kitty.enable = true;
nki.programs.kitty.fontSize = 16;
programs.fish.shellInit = lib.mkAfter ''
set -eg MESA_GL_VERSION_OVERRIDE
set -eg MESA_GLSL_VERSION_OVERRIDE
# export GNOME_KEYRING_CONTROL=/run/user/1001/keyring
# export SSH_AUTH_SOCK=/run/user/1001/keyring/ssh
'';
# More packages
home.packages = (with pkgs; [
# CLI stuff
python3
zip
# TeX
texlive.combined.scheme-full
mate.mate-terminal
firefox-wayland
discord
typora
]);
# Graphical set up
linux.graphical.type = "wayland";
linux.graphical.wallpaper = ./images/wallpaper-macbook.jpg;
# Enable sway
programs.my-sway.enable = true;
programs.my-sway.fontSize = 14.0;
programs.my-sway.enableLaptop = true;
programs.my-waybar.enableMpd = false;
programs.my-sway.discord = "${discord}/bin/armcord";
# Keyboard options
wayland.windowManager.sway.config.input."type:keyboard".xkb_layout = "jp";
wayland.windowManager.sway.config.output."eDP-1" = {
mode = "2560x1600@60Hz";
scale = "1.25";
subpixel = "vrgb";
};
wayland.windowManager.sway.config.input."1452:641:Apple_Internal_Keyboard_/_Trackpad" = {
# Keyboard stuff
xkb_layout = "jp";
repeat_delay = "300";
repeat_rate = "15";
# Trackpad stuff
accel_profile = "adaptive";
drag = "enabled";
dwt = "enabled";
middle_emulation = "enabled";
natural_scroll = "enabled";
scroll_factor = "2.5";
pointer_accel = "0.5";
tap = "disabled";
};
# Kitty
# nki.programs.kitty = {
# enable = true;
# fontSize = 22;
# enableTabs = false;
# };
# Yellow light!
services.wlsunset = {
enable = true;
# # Waterloo
# latitude = "43.3";
# longitude = "-80.3";
# Lausanne
latitude = "46.31";
longitude = "6.38";
};
home.file.".gnupg/gpg-agent.conf" = {
text = ''
pinentry-program ${pkgs.pinentry-gnome3}/bin/pinentry-gnome3
'';
onChange = ''
echo "Reloading gpg-agent"
echo RELOADAGENT | gpg-connect-agent
'';
};
# Autostart
xdg.configFile."autostart/input-remapper-autoload.desktop".source =
"${pkgs.input-remapper}/share/applications/input-remapper-autoload.desktop";
# Multiple screen setup
# services.kanshi = {
# enable = true;
# profiles.undocked.outputs = [{ criteria = "LVDS-1"; }];
# profiles.docked-hdmi.outputs = [
# { criteria = "LVDS-1"; status = "disable"; }
# { criteria = "HDMI-A-1"; }
# ];
# };
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.05";
}

100
home/modules/linux/graphical/default.nix
View file

@ -3,7 +3,6 @@ with lib;
let let
cfg = config.linux.graphical; cfg = config.linux.graphical;
thunderbird = pkgs.thunderbird-128;
vscode = with pkgs; if stdenv.isAarch64 then unstable.vscode else unstable.vscode-fhs; vscode = with pkgs; if stdenv.isAarch64 then unstable.vscode else unstable.vscode-fhs;
wifi-indicator = pkgs.writeScriptBin "wifi-indicator" '' wifi-indicator = pkgs.writeScriptBin "wifi-indicator" ''
@ -17,24 +16,6 @@ let
echo $wifi_output echo $wifi_output
end end
''; '';
mkPackageWithDesktopOption = opts: mkOption ({
type = types.submodule {
options = {
package = mkOption {
type = types.package;
description = "The package for " + description;
};
desktopFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "The desktop file name for " + description + ", defaults to [packagename].desktop";
};
};
};
} // opts);
desktopFileOf = cfg: if cfg.desktopFile == null then "${cfg.package}/share/applications/${cfg.package.pname}.desktop" else cfg.desktopFile;
in in
{ {
imports = [ ./x11.nix ./wayland.nix ./alacritty.nix ]; imports = [ ./x11.nix ./wayland.nix ./alacritty.nix ];
@ -53,23 +34,22 @@ in
type = types.listOf types.package; type = types.listOf types.package;
description = "List of packages to include in ~/.config/autostart"; description = "List of packages to include in ~/.config/autostart";
default = with pkgs; [ default = with pkgs; [
cfg.defaults.webBrowser.package librewolf
thunderbird thunderbird
vesktop vesktop
premid
]; ];
}; };
defaults = { defaults.webBrowser = mkOption {
webBrowser = mkPackageWithDesktopOption { description = "default web browser"; }; type = types.str;
terminal = mkPackageWithDesktopOption { description = "default terminal"; default.package = pkgs.kitty; }; default = "librewolf.desktop";
description = "Desktop file of the default web browser";
}; };
}; };
config = mkIf (cfg.type != null) { config = mkIf (cfg.type != null) {
# Packages # Packages
home.packages = (with pkgs; [ home.packages = (with pkgs; [
cfg.defaults.webBrowser.package
cfg.defaults.terminal.package
## GUI stuff ## GUI stuff
evince # PDF reader evince # PDF reader
gparted gparted
@ -77,32 +57,36 @@ in
feh # For images? feh # For images?
deluge # Torrent client deluge # Torrent client
pavucontrol # PulseAudio control panel pavucontrol # PulseAudio control panel
cinnamon.nemo # File manager
thunderbird # Email
sublime-music # For navidrome sublime-music # For navidrome
# cinny-desktop cinny-desktop
gajim gajim
vivaldi vivaldi
# Audio # Audio
qpwgraph # Pipewire graph qpwgraph # Pipewire graph
unstable.zotero zotero_7
libreoffice libreoffice
mpv # for anki mpv # for anki
anki-bin anki-bin
# Chat stuff
tdesktop tdesktop
whatsapp-for-linux whatsapp-for-linux
slack
zoom-us
librewolf
## CLI stuff ## CLI stuff
dex # .desktop file management, startup dex # .desktop file management, startup
# sct # Display color temperature # sct # Display color temperature
xdg-utils # Open stuff xdg-utils # Open stuff
wifi-indicator wifi-indicator
] ++ cfg.startup); ] ++ (if pkgs.stdenv.isAarch64 then [ ] else [
gnome.cheese # Webcam check, expensive
# Chat stuff
slack
]));
nki.programs.discord.enable = pkgs.stdenv.isx86_64; nki.programs.discord.enable = pkgs.stdenv.isx86_64;
nki.programs.discord.package = pkgs.vesktop; nki.programs.discord.package = pkgs.vesktop;
@ -117,6 +101,15 @@ in
]; ];
}; };
# Yellow light!
services.wlsunset = {
enable = true;
# Lausanne
latitude = "46.31";
longitude = "6.38";
};
# Cursor # Cursor
home.pointerCursor = { home.pointerCursor = {
package = pkgs.suwako-cursors; package = pkgs.suwako-cursors;
@ -142,8 +135,6 @@ in
"x-scheme-handler/feed" = [ "thunderbird.desktop" ]; "x-scheme-handler/feed" = [ "thunderbird.desktop" ];
"application/rss+xml" = [ "thunderbird.desktop" ]; "application/rss+xml" = [ "thunderbird.desktop" ];
"application/x-extension-rss" = [ "thunderbird.desktop" ]; "application/x-extension-rss" = [ "thunderbird.desktop" ];
"x-scheme-handler/tg2" = [ "org.telegram.desktop.desktop" ];
"x-scheme-handler/tonsite2" = [ "org.telegram.desktop.desktop" ];
}; };
xdg.mimeApps.defaultApplications = { xdg.mimeApps.defaultApplications = {
# Email # Email
@ -161,14 +152,14 @@ in
"application/x-extension-rss" = [ "thunderbird.desktop" ]; "application/x-extension-rss" = [ "thunderbird.desktop" ];
# Default web browser stuff # Default web browser stuff
"text/html" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "text/html" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/about" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/about" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/unknown" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/unknown" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/http" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/http" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/https" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/https" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/ftp" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/ftp" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/ftps" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/ftps" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/file" = [ (desktopFileOf cfg.defaults.webBrowser) ]; "x-scheme-handler/file" = [ cfg.defaults.webBrowser ];
# Torrent # Torrent
"application/x-bittorrent" = [ "deluge.desktop" ]; "application/x-bittorrent" = [ "deluge.desktop" ];
@ -180,10 +171,6 @@ in
# Files # Files
"inode/directory" = [ "dolphin.desktop" ]; "inode/directory" = [ "dolphin.desktop" ];
# Telegram
"x-scheme-handler/tg2" = "org.telegram.desktop.desktop";
"x-scheme-handler/tonsite2" = "org.telegram.desktop.desktop";
}; };
# Add one for kakoune # Add one for kakoune
@ -233,6 +220,7 @@ in
qt.style.package = [ pkgs.kdePackages.breeze ]; qt.style.package = [ pkgs.kdePackages.breeze ];
qt.style.name = "Breeze"; qt.style.name = "Breeze";
xdg.configFile = xdg.configFile =
let let
f = pkg: { f = pkg: {
@ -265,26 +253,6 @@ in
# dconf.settings."desktop/ibus/general/hotkey" = { # dconf.settings."desktop/ibus/general/hotkey" = {
# triggers = hm.gvariant.mkArray hm.gvariant.type.string [ "<Super>z" ]; # triggers = hm.gvariant.mkArray hm.gvariant.type.string [ "<Super>z" ];
# }; # };
# Some graphical targets
systemd.user.targets = {
# For system trays, usually after graphical-session and graphical-session-pre
tray = {
Unit.Description = lib.mkDefault "System tray";
Unit.After = [ "graphical-session-pre.target" ];
Unit.Before = [ "graphical-session.target" ];
Unit.BindsTo = [ "graphical-session.target" ];
Install.WantedBy = [ "graphical-session.target" ];
};
# XWayland target
xwayland = {
Unit.Description = "XWayland support";
Unit.After = [ "graphical-session-pre.target" ];
Unit.Before = [ "graphical-session.target" ];
Unit.BindsTo = [ "graphical-session.target" ];
Install.WantedBy = [ "graphical-session.target" ];
};
};
}; };
} }

39
home/modules/linux/graphical/wayland.nix
View file

@ -11,10 +11,10 @@ let
style = ./swaync.css; style = ./swaync.css;
}; };
systemd.user.services.swaync.Install.WantedBy = lib.mkForce [ "sway-session.target" ]; systemd.user.services.swaync.Install.WantedBy = lib.mkForce [ "sway-session.target" ];
systemd.user.services.swaync.Unit.PartOf = lib.mkForce [ "graphical-session.target" ]; systemd.user.services.swaync.Unit.PartOf = lib.mkForce [ "sway-session.target" ];
programs.my-waybar = { programs.my-sway.waybar = {
extraSettings = [{ extraSettings = {
modules-right = mkAfter [ "custom/swaync" ]; modules-right = mkAfter [ "custom/swaync" ];
modules."custom/swaync" = { modules."custom/swaync" = {
tooltip = false; tooltip = false;
@ -36,7 +36,7 @@ let
on-click-right = "${swaync}/bin/swaync-client -d -sw"; on-click-right = "${swaync}/bin/swaync-client -d -sw";
escape = true; escape = true;
}; };
}]; };
extraStyle = mkAfter '' extraStyle = mkAfter ''
#custom-swaync { #custom-swaync {
background: #F0FFFF; background: #F0FFFF;
@ -61,13 +61,6 @@ let
''; '';
xdg.dataFile."dbus-1/services/org.freedesktop.Notifications.service".source = "${pkgs.kdePackages.plasma-workspace}/share/dbus-1/services/org.kde.plasma.Notifications.service"; xdg.dataFile."dbus-1/services/org.freedesktop.Notifications.service".source = "${pkgs.kdePackages.plasma-workspace}/share/dbus-1/services/org.kde.plasma.Notifications.service";
}; };
rofi-rbw-script = pkgs.writeShellApplication {
name = "rofi-rbw-script";
runtimeInputs = with pkgs; [ rofi wtype rofi-rbw ];
text = "rofi-rbw";
meta.mainProgram = "rofi-rbw-script";
};
in in
with lib; with lib;
{ {
@ -76,7 +69,6 @@ with lib;
# Additional packages # Additional packages
home.packages = with pkgs; [ home.packages = with pkgs; [
wl-clipboard # Clipboard management wl-clipboard # Clipboard management
rofi-rbw-script
# Mimic the clipboard stuff in MacOS # Mimic the clipboard stuff in MacOS
(pkgs.writeShellScriptBin "pbcopy" '' (pkgs.writeShellScriptBin "pbcopy" ''
@ -87,30 +79,10 @@ with lib;
'') '')
]; ];
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
cycle = true;
font = "monospace";
terminal = "${lib.getExe config.programs.kitty.package}";
theme = "Paper";
plugins = with pkgs; [ rofi-bluetooth rofi-calc rofi-rbw rofi-power-menu ];
};
home.sessionVariables = { home.sessionVariables = {
ANKI_WAYLAND = "1"; ANKI_WAYLAND = "1";
}; };
# Yellow light!
services.wlsunset = {
enable = true;
# Lausanne
latitude = "46.31";
longitude = "6.38";
};
# Notification system # Notification system
# services.dunst = { # services.dunst = {
# enable = true; # enable = true;
@ -130,6 +102,9 @@ with lib;
# settings.experimental.per_monitor_dpi = "true"; # settings.experimental.per_monitor_dpi = "true";
# }; # };
# Forward wallpaper settings to sway
programs.my-sway.wallpaper = config.linux.graphical.wallpaper;
}; };
} }

35
home/modules/monitors.nix
View file

@ -5,47 +5,32 @@ let
# Internal # Internal
"framework" = { "framework" = {
name = "BOE 0x0BCA Unknown"; name = "BOE 0x0BCA Unknown";
meta.mode = { width = 2256; height = 1504; refresh = 60.0; }; mode = "2256x1504@60Hz";
scale = 1.25; scale = 1.25;
}; };
"yoga" = {
name = "AU Optronics 0xD291 Unknown";
meta.connection = "eDP-1";
meta.mode = { width = 1920; height = 1080; refresh = 60.026; };
scale = 1;
};
# External # External
## Work @ EPFL ## Work @ EPFL
"work" = { "work" = {
name = "LG Electronics LG ULTRAFINE 301MAXSGHD10"; name = "LG Electronics LG ULTRAFINE 301MAXSGHD10";
meta.mode = { width = 3840; height = 2160; refresh = 60.0; }; mode = "3840x2160@60Hz";
scale = 1.25; scale = 1.25;
}; };
"home_4k" = { "home_4k" = {
name = "AOC U28G2G6B PPYP2JA000013"; name = "AOC U28G2G6B PPYP2JA000013";
mode = "3840x2160@60Hz";
scale = 1.5; scale = 1.5;
adaptive_sync = "on"; adaptive_sync = "on";
meta = { # render_bit_depth = "10";
connection = "DP-2";
mode = { width = 3840; height = 2160; refresh = 60.0; };
fixedPosition = { x = 0; y = 0; };
niriName = "PNP(AOC) U28G2G6B PPYP2JA000013";
};
}; };
"home_1440" = { "home_1440" = {
name = "AOC Q27G2G3R3B VXJP6HA000442"; name = "AOC Q27G2G3R3B VXJP6HA000442";
mode = "2560x1440@165Hz";
adaptive_sync = "on"; adaptive_sync = "on";
meta = {
connection = "DP-3";
mode = { width = 2560; height = 1440; refresh = 165.0; };
fixedPosition = { x = 2560; y = 0; };
niriName = "PNP(AOC) Q27G2G3R3B VXJP6HA000442";
};
}; };
"viewsonic_1080" = { "viewsonic_1080" = {
name = "ViewSonic Corporation XG2402 SERIES V4K182501054"; name = "ViewSonic Corporation XG2402 SERIES V4K182501054";
meta.mode = { width = 1920; height = 1080; refresh = 144.0; }; mode = "1920x1080@144Hz";
adaptive_sync = "on"; adaptive_sync = "on";
}; };
@ -53,13 +38,9 @@ let
eachMonitor = _name: monitor: { eachMonitor = _name: monitor: {
name = monitor.name; name = monitor.name;
value = builtins.removeAttrs monitor [ "scale" "name" "meta" ] // (lib.optionalAttrs (monitor ? scale) { value = builtins.removeAttrs monitor [ "scale" "name" ] // (if monitor ? scale then {
scale = toString monitor.scale; scale = toString monitor.scale;
}) // { } else { });
mode = with monitor.meta.mode; "${toString width}x${toString height}@${toString refresh}Hz";
} // (lib.optionalAttrs (monitor.meta ? fixedPosition) {
position = with monitor.meta.fixedPosition; "${toString x} ${toString y}";
});
}; };
in in
{ {

27
home/modules/programs/my-kitty/darwin.nix
View file

@ -1,27 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.nki.programs.kitty;
cmd = "cmd";
in
with lib; {
programs.kitty = mkIf (cfg.enable && pkgs.stdenv.isDarwin) {
# Darwin-specific setup
darwinLaunchOptions = [
"--single-instance"
"--start-as=fullscreen"
];
# Tabs and layouts keybindings
keybindings = {
# Backslash
"0x5d" = "send_text all \\u005c";
};
settings = {
# MacOS specific
macos_option_as_alt = "left";
};
};
}

25
home/modules/programs/my-kitty/default.nix
View file

@ -2,28 +2,13 @@
let let
cfg = config.nki.programs.kitty; cfg = config.nki.programs.kitty;
theme = { lib, options, config, ... }: {
programs.kitty = lib.mkIf config.nki.programs.kitty.enable (
if builtins.hasAttr "themeFile" options.programs.kitty then {
themeFile = "ayu_light";
} else {
theme = "Ayu Light";
}
);
};
in in
with lib; with lib;
{ {
imports = [ theme ./darwin.nix ./linux.nix ./tabs.nix ]; imports = [ ./linux.nix ./tabs.nix ];
options.nki.programs.kitty = { options.nki.programs.kitty = {
enable = mkEnableOption "Enable kitty"; enable = mkEnableOption "Enable kitty";
setDefault = mkOption {
type = types.bool;
description = "Set kitty as default terminal";
default = true;
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
@ -56,10 +41,6 @@ with lib;
}; };
}; };
config.linux.graphical = mkIf (cfg.enable && cfg.setDefault) {
defaults.terminal.package = cfg.package;
};
config.programs.kitty = mkIf cfg.enable { config.programs.kitty = mkIf cfg.enable {
enable = true; enable = true;
@ -69,12 +50,14 @@ with lib;
font.name = "Fantasque Sans Mono"; font.name = "Fantasque Sans Mono";
font.size = cfg.fontSize; font.size = cfg.fontSize;
theme = "Ayu Light";
settings = settings =
let let
# Background color and transparency # Background color and transparency
background = background =
if isNull cfg.background then { if isNull cfg.background then {
background_opacity = "0.93"; background_opacity = "0.85";
dynamic_background_opacity = true; dynamic_background_opacity = true;
} else { } else {
background_image = "${cfg.background}"; background_image = "${cfg.background}";

388
home/modules/programs/my-niri.nix
View file

@ -1,388 +0,0 @@
{ config, osConfig, lib, pkgs, ... }:
let
cfg = config.programs.my-niri;
sh = config.lib.niri.actions.spawn "sh" "-c";
playerctl = lib.getExe pkgs.playerctl;
amixer = lib.getExe' pkgs.alsa-utils "amixer";
brightnessctl = lib.getExe pkgs.brightnessctl;
app-menu = "${pkgs.dmenu}/bin/dmenu_path | ${pkgs.bemenu}/bin/bemenu | ${pkgs.findutils}/bin/xargs swaymsg exec --";
wallpaper = config.linux.graphical.wallpaper;
xwayland-display = ":0";
in
{
options.programs.my-niri = {
enable = lib.mkEnableOption "My own niri configuration";
enableLaptop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable laptop options";
};
lock-command = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "The command to lock the screen";
default = [ "${pkgs.swaylock}/bin/swaylock" ]
++ (if wallpaper == "" then [ "" ] else [ "-i" "${wallpaper}" "-s" "fill" ])
++ [ "-l" "-k" ];
};
workspaces = lib.mkOption {
type = lib.types.attrsOf
(lib.types.submodule {
options = {
name = lib.mkOption { type = lib.types.str; description = "workspace name"; };
fixed = lib.mkOption {
type = lib.types.bool;
default = true;
description = "whether workspace always exists";
};
monitor = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Default monitor to spawn workspace in";
};
};
});
description = "A mapping of ordering to workspace names, for fixed workspaces";
};
};
config = lib.mkIf cfg.enable {
programs.my-niri.workspaces = {
# Default workspaces, always there
"01" = { name = "🌏 web"; };
"02" = { name = "💬 chat"; };
"03" = { name = " code"; };
"04" = { name = "🎶 music"; };
"05" = { name = "🔧 extra"; };
"06" = { name = "🧰 6"; };
"07" = { name = "🔩 7"; };
"08" = { name = "🛠 8"; };
"09" = { name = "🔨 9"; };
"10" = { name = "🎲 misc"; };
"99" = { name = "📧 Email"; };
};
systemd.user.services.swaync.Install.WantedBy = [ "niri.service" ];
systemd.user.services.swaync.Unit.After = [ "niri.service" ];
systemd.user.targets.tray.Unit.After = [ "niri.service" ];
systemd.user.services.waybar.Unit.After = [ "niri.service" ];
systemd.user.services.waybar.Install.WantedBy = [ "niri.service" ];
systemd.user.targets.xwayland.Unit.After = [ "niri.service" ];
# xwayland-satellite
systemd.user.services.niri-xwayland-satellite = lib.mkIf cfg.enable {
Unit = {
Description = "XWayland Client for niri";
PartOf = [ "xwayland.target" ];
Before = [ "xwayland.target" "xdg-desktop-autostart.target" ];
After = [ "niri.service" ];
};
Install.UpheldBy = [ "niri.service" ];
Service.Slice = "session.slice";
Service.Type = "notify";
Service.ExecStart = "${lib.getExe pkgs.xwayland-satellite} ${xwayland-display}";
};
programs.niri.settings = {
environment = {
QT_QPA_PLATFORM = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_IM_MODULE = "fcitx";
GTK_IM_MODULE = "fcitx"; # Til text-input is merged
# export NIXOS_OZONE_WL=1 # Until text-input is merged
DISPLAY = xwayland-display;
} // lib.optionalAttrs osConfig.services.desktopManager.plasma6.enable {
XDG_MENU_PREFIX = "plasma-";
};
input.keyboard.xkb = { layout = "jp"; };
input.touchpad = lib.mkIf cfg.enableLaptop {
tap = true;
dwt = true;
natural-scroll = true;
middle-emulation = true;
};
input.mouse = {
accel-profile = "flat";
};
input.warp-mouse-to-focus = true;
input.focus-follows-mouse = {
enable = true;
max-scroll-amount = "0%";
};
outputs =
let
eachMonitor = _: monitor: {
name = monitor.meta.niriName or monitor.name; # Niri might not find the monitor by name
value = {
mode = monitor.meta.mode;
position = monitor.meta.fixedPosition or null;
scale = monitor.scale or 1;
variable-refresh-rate = (monitor.adaptive_sync or "off") == "on";
};
};
in
lib.mapAttrs' eachMonitor config.common.monitors;
spawn-at-startup = [
# Wallpaper
{ command = [ (lib.getExe pkgs.swaybg) "-i" "${wallpaper}" "-m" "fill" ]; }
# Waybar
{ command = [ "systemctl" "--user" "start" "xdg-desktop-portal-gtk.service" "xdg-desktop-portal.service" ]; }
];
layout = {
gaps = 16;
preset-column-widths = [
{ proportion = 1. / 3.; }
{ proportion = 1. / 2.; }
{ proportion = 2. / 3.; }
];
default-column-width.proportion = 1. / 2.;
focus-ring = {
width = 4;
active.gradient = { from = "#00447AFF"; to = "#71C4FFAA"; angle = 45; };
inactive.color = "#505050";
};
border.enable = false;
struts = let v = 8; in { left = v; right = v; bottom = v; top = v; };
};
prefer-no-csd = true;
workspaces =
let
fixedWorkspaces = lib.filterAttrs (_: w: w.fixed) cfg.workspaces;
workspaceConfig = lib.mapAttrs
(_: w: { inherit (w) name; } // (lib.optionalAttrs (w.monitor != null) {
open-on-output = w.monitor;
}))
fixedWorkspaces;
in
workspaceConfig;
window-rules = [
# Rounded Corners
{
geometry-corner-radius = let v = 8.0; in { bottom-left = v; bottom-right = v; top-left = v; top-right = v; };
clip-to-geometry = true;
}
# Workspace assignments
{
open-on-workspace = cfg.workspaces."01".name;
open-maximized = true;
matches = [
{ at-startup = true; app-id = "^firefox$"; }
{ at-startup = true; app-id = "^librewolf$"; }
{ at-startup = true; app-id = "^zen$"; }
];
}
{
open-on-workspace = cfg.workspaces."02".name;
open-maximized = true;
matches = [
{ title = "^((d|D)iscord|((A|a)rm(c|C)ord))$"; }
{ title = "VencordDesktop"; }
{ app-id = "VencordDesktop"; }
{ title = "vesktop"; }
{ app-id = "vesktop"; }
{ title = "Slack"; }
];
}
{
open-on-workspace = cfg.workspaces."99".name;
open-maximized = true;
matches = [
{ app-id = "thunderbird"; }
{ app-id = "evolution"; }
];
}
# Floating
{
open-floating = true;
matches = [
{ app-id = ".*float.*"; }
{ app-id = "org\\.freedesktop\\.impl\\.portal\\.desktop\\..*"; }
{ title = ".*float.*"; }
{ title = "Extension: .*Bitwarden.*"; }
{ app-id = "Rofi"; }
];
}
# xwaylandvideobridge
{
matches = [{ app-id = "^xwaylandvideobridge$"; }];
open-floating = true;
focus-ring.enable = false;
opacity = 0.0;
default-floating-position = {
x = 0;
y = 0;
relative-to = "bottom-right";
};
min-width = 1;
max-width = 1;
min-height = 1;
max-height = 1;
}
# Kitty dimming
{
matches = [{ app-id = "kitty"; }];
excludes = [{ is-focused = true; }];
opacity = 0.95;
}
];
layer-rules = [
{
matches = [{ namespace = "^swaync-.*"; }];
block-out-from = "screen-capture";
}
];
binds = with config.lib.niri.actions; {
# Mod-Shift-/, which is usually the same as Mod-?,
# shows a list of important hotkeys.
"Mod+Shift+Slash".action = show-hotkey-overlay;
# Some basic spawns
"Mod+Return".action = spawn (lib.getExe config.linux.graphical.defaults.terminal.package);
"Mod+Space".action = spawn (lib.getExe pkgs.rofi) "-show" "drun";
"Mod+R".action = sh app-menu;
"Mod+Semicolon".action = spawn cfg.lock-command;
"Mod+Shift+P".action = spawn "rofi-rbw-script";
# Audio and Volume
"XF86AudioPrev" = { action = spawn playerctl "previous"; allow-when-locked = true; };
"XF86AudioPlay" = { action = spawn playerctl "play-pause"; allow-when-locked = true; };
"Shift+XF86AudioPlay" = { action = spawn playerctl "stop"; allow-when-locked = true; };
"XF86AudioNext" = { action = spawn playerctl "next"; allow-when-locked = true; };
"XF86AudioRecord" = { action = spawn amixer "-q" "set" "Capture" "toggle"; allow-when-locked = true; };
"XF86AudioMute" = { action = spawn amixer "-q" "set" "Master" "toggle"; allow-when-locked = true; };
"XF86AudioLowerVolume" = { action = spawn amixer "-q" "set" "Master" "3%-"; allow-when-locked = true; };
"XF86AudioRaiseVolume" = { action = spawn amixer "-q" "set" "Master" "3%+"; allow-when-locked = true; };
# Backlight
"XF86MonBrightnessDown".action = spawn brightnessctl "s" "10%-";
"XF86MonBrightnessUp".action = spawn brightnessctl "s" "10%+";
"Shift+XF86MonBrightnessDown".action = spawn brightnessctl "-d" "kbd_backlight" "s" "25%-";
"Shift+XF86MonBrightnessUp".action = spawn brightnessctl "-d" "kbd_backlight" "s" "25%+";
"Mod+Shift+Q".action = close-window;
"Mod+Left".action = focus-column-or-monitor-left;
"Mod+Right".action = focus-column-or-monitor-right;
"Mod+Up".action = focus-window-or-workspace-up;
"Mod+Down".action = focus-window-or-workspace-down;
"Mod+H".action = focus-column-or-monitor-left;
"Mod+L".action = focus-column-or-monitor-right;
"Mod+K".action = focus-window-or-workspace-up;
"Mod+J".action = focus-window-or-workspace-down;
"Mod+Shift+Left".action = move-column-left-or-to-monitor-left;
"Mod+Shift+Right".action = move-column-right-or-to-monitor-right;
"Mod+Shift+Up".action = move-window-up-or-to-workspace-up;
"Mod+Shift+Down".action = move-window-down-or-to-workspace-down;
"Mod+Shift+H".action = move-column-left-or-to-monitor-left;
"Mod+Shift+L".action = move-column-right-or-to-monitor-right;
"Mod+Shift+K".action = move-window-up-or-to-workspace-up;
"Mod+Shift+J".action = move-window-down-or-to-workspace-down;
"Mod+Bracketleft".action = focus-column-first;
"Mod+Bracketright".action = focus-column-last;
"Mod+Shift+Bracketleft".action = move-column-to-first;
"Mod+Shift+Bracketright".action = move-column-to-last;
# For compat with my current sway
"Mod+Ctrl+H".action = move-workspace-to-monitor-left;
"Mod+Ctrl+L".action = move-workspace-to-monitor-right;
"Mod+I".action = focus-workspace-down;
"Mod+O".action = focus-workspace-up;
"Mod+Shift+I".action = move-column-to-workspace-down;
"Mod+Shift+O".action = move-column-to-workspace-up;
"Mod+Ctrl+I".action = move-workspace-down;
"Mod+Ctrl+O".action = move-workspace-up;
# Mouse bindings
"Mod+WheelScrollDown" = { action = focus-workspace-down; cooldown-ms = 150; };
"Mod+WheelScrollUp" = { action = focus-workspace-up; cooldown-ms = 150; };
"Mod+Ctrl+WheelScrollDown" = { action = move-column-to-workspace-down; cooldown-ms = 150; };
"Mod+Ctrl+WheelScrollUp" = { action = move-column-to-workspace-up; cooldown-ms = 150; };
"Mod+WheelScrollRight".action = focus-column-right;
"Mod+WheelScrollLeft".action = focus-column-left;
"Mod+Ctrl+WheelScrollRight".action = move-column-right;
"Mod+Ctrl+WheelScrollLeft".action = move-column-left;
# You can refer to workspaces by index. However, keep in mind that
# niri is a dynamic workspace system, so these commands are kind of
# "best effort". Trying to refer to a workspace index bigger than
# the current workspace count will instead refer to the bottommost
# (empty) workspace.
#
# For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
# will all refer to the 3rd workspace.
"Mod+1".action = focus-workspace (cfg.workspaces."01".name);
"Mod+2".action = focus-workspace (cfg.workspaces."02".name);
"Mod+3".action = focus-workspace (cfg.workspaces."03".name);
"Mod+4".action = focus-workspace (cfg.workspaces."04".name);
"Mod+5".action = focus-workspace (cfg.workspaces."05".name);
"Mod+6".action = focus-workspace (cfg.workspaces."06".name);
"Mod+7".action = focus-workspace (cfg.workspaces."07".name);
"Mod+8".action = focus-workspace (cfg.workspaces."08".name);
"Mod+9".action = focus-workspace (cfg.workspaces."09".name);
"Mod+0".action = focus-workspace (cfg.workspaces."10".name);
"Mod+Shift+1".action = move-column-to-workspace (cfg.workspaces."01".name);
"Mod+Shift+2".action = move-column-to-workspace (cfg.workspaces."02".name);
"Mod+Shift+3".action = move-column-to-workspace (cfg.workspaces."03".name);
"Mod+Shift+4".action = move-column-to-workspace (cfg.workspaces."04".name);
"Mod+Shift+5".action = move-column-to-workspace (cfg.workspaces."05".name);
"Mod+Shift+6".action = move-column-to-workspace (cfg.workspaces."06".name);
"Mod+Shift+7".action = move-column-to-workspace (cfg.workspaces."07".name);
"Mod+Shift+8".action = move-column-to-workspace (cfg.workspaces."08".name);
"Mod+Shift+9".action = move-column-to-workspace (cfg.workspaces."09".name);
"Mod+Shift+0".action = move-column-to-workspace (cfg.workspaces."10".name);
"Mod+asciicircum".action = focus-workspace (cfg.workspaces."99".name);
"Mod+Shift+asciicircum".action = move-column-to-workspace (cfg.workspaces."99".name);
"Mod+Tab".action = focus-workspace-previous;
"Mod+Comma".action = consume-or-expel-window-left;
"Mod+Period".action = consume-or-expel-window-right;
"Mod+W".action = switch-preset-column-width;
"Mod+Shift+W".action = switch-preset-window-height;
"Mod+Ctrl+W".action = reset-window-height;
"Mod+F".action = maximize-column;
"Mod+Shift+F".action = fullscreen-window;
"Mod+E".action = center-column;
"Mod+Minus".action = set-column-width "-10%";
"Mod+At".action = set-column-width "+10%";
"Mod+Shift+Minus".action = set-window-height "-10%";
"Mod+Shift+At".action = set-window-height "+10%";
"Mod+V".action = switch-focus-between-floating-and-tiling;
"Mod+Shift+V".action = toggle-window-floating;
"Mod+Shift+Space".action = toggle-window-floating; # Sway compat
"Print".action = screenshot;
"Ctrl+Print".action = screenshot-screen;
"Shift+Print".action = screenshot-window;
"Mod+Shift+E".action = quit;
};
};
};
}

468
home/modules/programs/my-sway/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, options, config, osConfig, ... }: { pkgs, lib, options, config, ... }:
with lib; with lib;
let let
cfg = config.programs.my-sway; cfg = config.programs.my-sway;
@ -44,7 +44,16 @@ let
${pkgs.grim}/bin/grim -g (${pkgs.slurp}/bin/slurp) - | ${pkgs.swappy}/bin/swappy -f - ${pkgs.grim}/bin/grim -g (${pkgs.slurp}/bin/slurp) - | ${pkgs.swappy}/bin/swappy -f -
''; '';
playerctl = "${pkgs.playerctl}/bin/playerctl";
rofi-rbw-script = pkgs.writeShellApplication {
name = "rofi-rbw-script";
runtimeInputs = with pkgs; [ rofi wtype rofi-rbw ];
text = "rofi-rbw";
};
ignored-devices = [ "Surface_Headphones" ];
playerctl = "${pkgs.playerctl}/bin/playerctl --ignore-player=${strings.concatStringsSep "," ignored-devices}";
in in
{ {
# imports = [ ./ibus.nix ]; # imports = [ ./ibus.nix ];
@ -63,23 +72,17 @@ in
wallpaper = mkOption { wallpaper = mkOption {
type = types.oneOf [ types.path types.str ]; type = types.oneOf [ types.path types.str ];
description = "Path to the wallpaper to be used"; description = "Path to the wallpaper to be used";
default = config.linux.graphical.wallpaper; default = "";
}; };
terminal = mkOption { terminal = mkOption {
type = types.str; type = types.str;
description = "The command to the terminal emulator to be used"; description = "The command to the terminal emulator to be used";
default = lib.getExe config.linux.graphical.defaults.terminal.package; default = "${config.programs.kitty.package}/bin/kitty";
}; };
browser = mkOption { browser = mkOption {
type = types.str; type = types.str;
description = "The command for the browser"; description = "The command for the browser";
default = lib.getExe config.linux.graphical.defaults.webBrowser.package; default = "${pkgs.firefox-wayland}/bin/firefox";
};
enableLaptop = lib.mkOption {
type = lib.types.bool;
description = "Whether to enable laptop-specific stuff";
default = true;
}; };
lockCmd = mkOption { lockCmd = mkOption {
@ -89,20 +92,34 @@ in
+ (if cfg.wallpaper == "" then "" else " -i ${cfg.wallpaper} -s fill") + (if cfg.wallpaper == "" then "" else " -i ${cfg.wallpaper} -s fill")
+ " -l -k"; + " -l -k";
}; };
}; enableLaptopBars = mkOption {
type = types.bool;
description = "Whether to enable laptop-specific bars (battery)";
default = true;
};
enableMpd = mkOption {
type = types.bool;
description = "Whether to enable mpd on waybar";
default = false;
};
config.systemd.user.targets.sway-session = mkIf cfg.enable { waybar = {
Unit.Before = [ "tray.target" "xwayland.target" "xdg-desktop-portal.service" "xdg-desktop-autostart.target" ]; makeBars = mkOption {
Unit.Upholds = [ "waybar.service" ]; type = types.raw;
Unit.Wants = [ "xdg-desktop-autostart.target" ]; description = "Create bars with the barWith function, return a list of bars";
}; default = barWith: [ (barWith { }) ];
};
# Enable waybar extraSettings = mkOption {
config.programs.my-waybar = mkIf cfg.enable { type = types.raw;
enable = true; description = "Extra settings to be included with every default bar";
fontSize = mkDefault cfg.fontSize; default = { };
enableLaptopBars = mkDefault cfg.enableLaptop; };
terminal = mkDefault cfg.terminal; extraStyle = mkOption {
type = types.str;
description = "Additional style for the default waybar";
default = "";
};
};
}; };
config.wayland.windowManager.sway = mkIf cfg.enable { config.wayland.windowManager.sway = mkIf cfg.enable {
@ -112,13 +129,10 @@ in
"PATH" # for portals "PATH" # for portals
"XDG_DATA_DIRS" # For extra icons "XDG_DATA_DIRS" # For extra icons
"XDG_DATA_HOME" # For extra icons "XDG_DATA_HOME" # For extra icons
] ++ lib.optionals osConfig.services.desktopManager.plasma6.enable [
"XDG_MENU_PREFIX"
]; ];
# systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default ++ [
# ++ [ "systemctl --user restart xdg-desktop-portal.service"
# "systemctl --user restart xdg-desktop-portal.service" ];
# ];
checkConfig = false; # Not working atm checkConfig = false; # Not working atm
config = { config = {
@ -147,10 +161,10 @@ in
menu = "${pkgs.dmenu}/bin/dmenu_path | ${pkgs.bemenu}/bin/bemenu | ${pkgs.findutils}/bin/xargs swaymsg exec --"; menu = "${pkgs.dmenu}/bin/dmenu_path | ${pkgs.bemenu}/bin/bemenu | ${pkgs.findutils}/bin/xargs swaymsg exec --";
# Startup # Startup
startup = [ startup = [
# # Dex for autostart # Dex for autostart
# { command = "${pkgs.dex}/bin/dex -ae sway"; } { command = "${pkgs.dex}/bin/dex -ae sway"; }
# # Waybar # Waybar
# { command = "systemctl --user restart waybar"; always = true; } { command = "systemctl --user restart waybar"; always = true; }
# IME # IME
{ command = "fcitx5"; } { command = "fcitx5"; }
]; ];
@ -206,7 +220,7 @@ in
# Launcher # Launcher
"${mod}+space" = "exec rofi -show drun"; "${mod}+space" = "exec rofi -show drun";
"${mod}+tab" = "exec ${./rofi-window.py}"; "${mod}+tab" = "exec ${./rofi-window.py}";
"${mod}+shift+p" = "exec rofi-rbw-script"; "${mod}+shift+p" = "exec ${lib.getExe rofi-rbw-script}";
} // { } // {
## Splits ## Splits
"${mod}+v" = "split v"; "${mod}+v" = "split v";
@ -280,9 +294,7 @@ in
# Assigning windows to workspaces # Assigning windows to workspaces
assigns = { assigns = {
"${builtins.elemAt workspaces 0}" = [ "${builtins.elemAt workspaces 0}" = [
{ app_id = "^firefox$"; } { class = "^firefox$"; }
{ app_id = "^librewolf$"; }
{ app_id = "^zen$"; }
]; ];
"${builtins.elemAt workspaces 1}" = [ "${builtins.elemAt workspaces 1}" = [
{ class = "^((d|D)iscord|((A|a)rm(c|C)ord))$"; } { class = "^((d|D)iscord|((A|a)rm(c|C)ord))$"; }
@ -290,8 +302,6 @@ in
{ app_id = "VencordDesktop"; } { app_id = "VencordDesktop"; }
{ class = "vesktop"; } { class = "vesktop"; }
{ app_id = "vesktop"; } { app_id = "vesktop"; }
{ class = "Slack"; }
]; ];
${extraWorkspaces.mail} = [ ${extraWorkspaces.mail} = [
{ app_id = "thunderbird"; } { app_id = "thunderbird"; }
@ -348,15 +358,13 @@ in
eval `gnome-keyring-daemon` eval `gnome-keyring-daemon`
export SSH_AUTH_SOCK export SSH_AUTH_SOCK
fi fi
'' else "") + lib.optionalString osConfig.services.desktopManager.plasma6.enable '' '' else "");
export XDG_MENU_PREFIX=plasma-
'';
# Extra # Extra
wrapperFeatures.base = true; wrapperFeatures.base = true;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
extraConfig = extraConfig =
(if cfg.enableLaptop then '' (if cfg.enableLaptopBars then ''
# Lock screen on lid close # Lock screen on lid close
bindswitch lid:off exec ${cfg.lockCmd} bindswitch lid:off exec ${cfg.lockCmd}
@ -399,15 +407,383 @@ in
]; ];
}; };
config.programs.waybar =
let
barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: (mkMerge [{
position = "top";
modules-left = [
"sway/workspaces"
"sway/mode"
"sway/window"
];
modules-center = [
];
modules-right =
lib.optional showMedia (if cfg.enableMpd then "mpd" else "custom/media")
++ [
"tray"
"pulseaudio"
] ++ lib.optionals showConnectivity [
"bluetooth"
"network"
] ++ [
"cpu"
"memory"
"temperature"
] ++ lib.optionals cfg.enableLaptopBars [ "battery" "battery#bat2" ]
++ [
"clock"
];
modules = {
"sway/workspaces" = {
format = "{name}";
};
"sway/mode" = {
format = "<span style=\"italic\">{}</span>";
};
"sway/window" = {
max-length = 70;
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"tray" = {
icon-size = 21;
spacing = 10;
};
"clock" = {
# format = "{:📅 %Y-%m-%d | 🕰️ %H:%M [%Z]}";
format = "📅 {0:%Y-%m-%d} | 🕰 {0:%H:%M [%Z]}";
tooltip-format = "\n<span size='9pt' font_family='Noto Sans Mono CJK JP'>{calendar}</span>";
timezones = [
"Europe/Zurich"
"America/Toronto"
"Asia/Tokyo"
"Asia/Ho_Chi_Minh"
];
calendar = {
mode = "year";
mode-mon-col = 3;
weeks-pos = "right";
on-scroll = 1;
on-click-right = "mode";
format = {
months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>";
weeks = "<span color='#99ffdd'><b>W{}</b></span>";
weekdays = "<span color='#ffcc66'><b> </b></span>"; # See https://github.com/Alexays/Waybar/issues/3132
today = "<span color='#ff6699'><b><u>{}</u></b></span>";
};
};
actions = {
on-click-middle = "mode";
on-click-right = "tz_up";
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
"cpu" = {
format = "{usage}% ";
};
"memory" = {
format = "{}% ";
};
"temperature" = {
# thermal-zone = 2;
# hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
critical-threshold = 80;
# format-critical = "{temperatureC}°C ";
format = "{temperatureC}°C ";
};
"backlight" = {
# device = "acpi_video1";
format = "{percent}% {icon}";
states = [ 0 50 ];
format-icons = [ "" "" ];
};
"battery" = mkIf cfg.enableLaptopBars {
states = {
good = 95;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
# format-good = ""; # An empty format will hide the module
# format-full = "";
format-icons = [ "" "" "" "" "" ];
};
"battery#bat2" = mkIf cfg.enableLaptopBars {
bat = "BAT2";
};
"network" = {
# interface = wlp2s0 # (Optional) To force the use of this interface
format-wifi = "{essid} ({signalStrength}%) ";
format-ethernet = "{ifname}: {ipaddr}/{cidr} ";
format-disconnected = "Disconnected ";
interval = 7;
};
"bluetooth" = {
format = " {status}";
format-connected = " {device_alias}";
format-connected-battery = " {device_alias} {device_battery_percentage}%";
# format-device-preference= [ "device1", "device2" ], // preference list deciding the displayed devic;
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
on-click = "${pkgs.blueman}/bin/blueman-manager";
};
"pulseaudio" = {
# scroll-step = 1;
format = "{volume}% {icon}";
format-bluetooth = "{volume}% {icon}";
format-muted = "";
format-icons = {
headphones = "";
handsfree = "";
headset = "";
phone = "";
portable = "";
car = "";
default = [ "" "" ];
};
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
};
"mpd" = {
"format" = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) 🎧";
"format-disconnected" = "Disconnected 🎧";
"format-stopped" = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped 🎧";
"interval" = 2;
"consume-icons" = {
"on" = " "; # Icon shows only when "consume" is on
};
"random-icons" = {
"off" = "<span color=\"#f53c3c\"></span> "; # Icon grayed out when "random" is off;
"on" = " ";
};
"repeat-icons" = {
"on" = " ";
};
"single-icons" = {
"on" = "1 ";
};
"state-icons" = {
"paused" = "";
"playing" = "";
};
"tooltip-format" = "MPD (connected)";
"tooltip-format-disconnected" = "MPD (disconnected)";
"on-click" = "${pkgs.mpc_cli}/bin/mpc toggle";
"on-click-right" = "${pkgs.mpc_cli}/bin/mpc stop";
"on-click-middle" = "${cfg.terminal} --class=kitty_ncmpcpp ${pkgs.ncmpcpp}/bin/ncmpcpp";
};
"custom/media" = {
"format" = "{icon}{}";
"return-type" = "json";
"format-icons" = {
"Playing" = " ";
"Paused" = " ";
};
"max-length" = 80;
"exec" = "${playerctl} -a metadata --format '{\"text\": \"{{artist}} - {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F";
"on-click" = "${playerctl} play-pause";
};
};
}
cfg.waybar.extraSettings
extraSettings]);
in
mkIf cfg.enable {
enable = true;
systemd.enable = true;
systemd.target = "sway-session.target";
settings = cfg.waybar.makeBars barWith;
style = ''
* {
border: none;
border-radius: 0;
font-family: monospace, 'Font Awesome 5', 'Symbols Nerd Font Mono', 'SFNS Display', Helvetica, Arial, sans-serif;
font-size: ${toString (cfg.fontSize * 1.1)}px;
min-height: 0;
}
window#waybar {
background: rgba(43, 48, 59, 0.8);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
}
window#waybar.hidden {
opacity: 0.0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button {
padding: 0 5px;
background: transparent;
color: #ffffff;
border-bottom: 3px solid transparent;
}
#workspaces button.focused {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#window, #sway, #sway-window {
padding-left: 1em;
margin-bottom: 0.4em;
}
#mode {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
/* #clock, #battery, #cpu, #memory, #temperature, #backlight, #network, #pulseaudio, #bluetooth, #custom-media, #tray, #mode, #idle_inhibitor, #mpd { */
.modules-right > * > * {
margin: 0.2em 0 0.4em 0;
padding: 0.2em 0.5em;
border: 1px solid rgba(0, 0, 0, 0.25);
border-radius: 0.3em;
}
.modules-right > *:not(:last-child) > * {
margin-right: 0.4em;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#cpu {
background: #2ecc71;
color: #000000;
}
#memory {
background: #9b59b6;
}
#backlight {
background: #90b1b1;
}
#network {
background: #2980b9;
}
#network.disconnected {
background: #f53c3c;
}
#pulseaudio {
background: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background: #90b1b1;
}
#bluetooth {
background: DarkSlateBlue;
color: white;
}
#custom-media {
background: #66cc99;
color: #2a5c45;
}
.custom-spotify {
background: #66cc99;
}
.custom-vlc {
background: #ffa000;
}
#temperature {
background: #f0932b;
}
#temperature.critical {
background: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
background-color: teal;
color: white;
}
'' + cfg.waybar.extraStyle;
};
config.home.packages = mkIf cfg.enable (with pkgs; [ config.home.packages = mkIf cfg.enable (with pkgs; [
# Needed for QT_QPA_PLATFORM # Needed for QT_QPA_PLATFORM
kdePackages.qtwayland kdePackages.qtwayland
# For waybar # For waybar
font-awesome font-awesome
]); ]);
config.programs.rofi = mkIf cfg.enable { config.programs.rofi = mkIf cfg.enable {
font = lib.mkForce "monospace ${toString cfg.fontSize}"; enable = true;
package = pkgs.rofi-wayland;
cycle = true;
font = "monospace ${toString cfg.fontSize}";
terminal = cfg.terminal;
theme = "Paper";
plugins = with pkgs; [ rofi-bluetooth rofi-calc rofi-rbw rofi-power-menu ];
}; };
} }

427
home/modules/programs/my-waybar.nix
View file

@ -1,427 +0,0 @@
{ lib, config, pkgs, ... }:
let
cfg = config.programs.my-waybar;
in
{
options.programs.my-waybar = {
enable = lib.mkEnableOption "custom configuration for waybar";
fontSize = lib.mkOption {
type = lib.types.float;
description = "The default font size";
};
terminal = lib.mkOption {
type = lib.types.str;
description = "The command to the terminal emulator to be used";
default = "${config.programs.kitty.package}/bin/kitty";
};
enableLaptopBars = lib.mkOption {
type = lib.types.bool;
description = "Whether to enable laptop-specific bars (battery)";
default = true;
};
enableMpd = lib.mkOption {
type = lib.types.bool;
description = "Whether to enable mpd on waybar";
default = false;
};
makeBars = lib.mkOption {
type = lib.types.raw;
description = "Create bars with the barWith function, return a list of bars";
default = barWith: [ (barWith { }) ];
};
extraSettings = lib.mkOption {
type = lib.types.listOf lib.types.raw;
description = "Extra settings to be included with every default bar";
default = [ ];
};
extraStyle = lib.mkOption {
type = lib.types.lines;
description = "Additional style for the default waybar";
default = "";
};
};
config.systemd.user.services.waybar = lib.mkIf cfg.enable {
Unit.Before = [ "tray.target" ];
};
config.programs.waybar =
let
barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: lib.mkMerge ([{
layer = "top";
position = "top";
modules-left = [
"sway/workspaces"
"sway/mode"
"sway/window"
"niri/workspaces"
"niri/window"
];
modules-center = [
];
modules-right =
lib.optional showMedia (if cfg.enableMpd then "mpd" else "custom/media")
++ [
"tray"
"pulseaudio"
] ++ lib.optionals showConnectivity [
"bluetooth"
"network"
] ++ [
"cpu"
"memory"
"temperature"
] ++ lib.optionals cfg.enableLaptopBars [ "battery" "battery#bat2" ]
++ [
"clock"
];
modules = {
"sway/workspaces" = {
format = "{name}";
};
"sway/mode" = {
format = "<span style=\"italic\">{}</span>";
};
"sway/window" = {
max-length = 70;
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"niri/window" = {
format = "{title}";
"rewrite" = {
"(.*) Mozilla Firefox" = "[🌎] $1";
"(.*) - Mozilla Thunderbird" = "[📧] $1";
"(.*) - Kakoune" = "[] $1";
"(.*) - fish" = "[>_] $1";
"(.*) - Discord" = "[🗨] $1";
# ArmCord thing
" Discord \\| (.*)" = "[🗨] $1";
"\\((\\d+)\\) Discord \\| (.*)" = "[🗨] {$1} $2";
};
};
"tray" = {
icon-size = 21;
spacing = 10;
};
"clock" = {
# format = "{:📅 %Y-%m-%d | 🕰️ %H:%M [%Z]}";
format = "📅 {0:%Y-%m-%d} | 🕰 {0:%H:%M [%Z]}";
tooltip-format = "\n<span size='9pt' font_family='Noto Sans Mono CJK JP'>{calendar}</span>";
timezones = [
"Europe/Zurich"
"America/Toronto"
"Asia/Tokyo"
"Asia/Ho_Chi_Minh"
];
calendar = {
mode = "year";
mode-mon-col = 3;
weeks-pos = "right";
on-scroll = 1;
on-click-right = "mode";
format = {
months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>";
weeks = "<span color='#99ffdd'><b>W{}</b></span>";
weekdays = "<span color='#ffcc66'><b> </b></span>"; # See https://github.com/Alexays/Waybar/issues/3132
today = "<span color='#ff6699'><b><u>{}</u></b></span>";
};
};
actions = {
on-click-middle = "mode";
on-click-right = "tz_up";
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
"cpu" = {
format = "{usage}% ";
};
"memory" = {
format = "{}% ";
};
"temperature" = {
# thermal-zone = 2;
# hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
critical-threshold = 80;
# format-critical = "{temperatureC}°C ";
format = "{temperatureC}°C ";
};
"backlight" = {
# device = "acpi_video1";
format = "{percent}% {icon}";
states = [ 0 50 ];
format-icons = [ "" "" ];
};
"battery" = lib.mkIf cfg.enableLaptopBars {
states = {
good = 95;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
# format-good = ""; # An empty format will hide the module
# format-full = "";
format-icons = [ "" "" "" "" "" ];
};
"battery#bat2" = lib.mkIf cfg.enableLaptopBars {
bat = "BAT2";
};
"network" = {
# interface = wlp2s0 # (Optional) To force the use of this interface
format-wifi = "{essid} ({signalStrength}%) ";
format-ethernet = "{ifname}: {ipaddr}/{cidr} ";
format-disconnected = "Disconnected ";
interval = 7;
};
"bluetooth" = {
format = " {status}";
format-connected = " {device_alias}";
format-connected-battery = " {device_alias} {device_battery_percentage}%";
# format-device-preference= [ "device1", "device2" ], // preference list deciding the displayed devic;
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
on-click = "${pkgs.blueman}/bin/blueman-manager";
};
"pulseaudio" = {
# scroll-step = 1;
format = "{volume}% {icon}";
format-bluetooth = "{volume}% {icon}";
format-muted = "";
format-icons = {
headphones = "";
handsfree = "";
headset = "";
phone = "";
portable = "";
car = "";
default = [ "" "" ];
};
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
};
"mpd" = {
"format" = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) 🎧";
"format-disconnected" = "Disconnected 🎧";
"format-stopped" = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped 🎧";
"interval" = 2;
"consume-icons" = {
"on" = " "; # Icon shows only when "consume" is on
};
"random-icons" = {
"off" = "<span color=\"#f53c3c\"></span> "; # Icon grayed out when "random" is off;
"on" = " ";
};
"repeat-icons" = {
"on" = " ";
};
"single-icons" = {
"on" = "1 ";
};
"state-icons" = {
"paused" = "";
"playing" = "";
};
"tooltip-format" = "MPD (connected)";
"tooltip-format-disconnected" = "MPD (disconnected)";
"on-click" = "${pkgs.mpc_cli}/bin/mpc toggle";
"on-click-right" = "${pkgs.mpc_cli}/bin/mpc stop";
"on-click-middle" = "${cfg.terminal} --class=kitty_ncmpcpp ${pkgs.ncmpcpp}/bin/ncmpcpp";
};
"custom/media" = {
"format" = "{icon}{}";
"return-type" = "json";
"format-icons" = {
"Playing" = " ";
"Paused" = " ";
};
"max-length" = 80;
"exec" = "${lib.getExe pkgs.playerctl} -a metadata --format '{\"text\": \"{{artist}} - {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F";
"on-click" = "${lib.getExe pkgs.playerctl} play-pause";
};
};
}] ++
cfg.extraSettings
++ [ extraSettings ]);
in
lib.mkIf cfg.enable {
enable = true;
systemd.enable = true;
systemd.target = "sway-session.target";
settings = cfg.makeBars barWith;
style = ''
* {
border: none;
border-radius: 0;
font-family: monospace, 'Font Awesome 5', 'Symbols Nerd Font Mono', 'SFNS Display', Helvetica, Arial, sans-serif;
font-size: ${toString (cfg.fontSize * 1.1)}px;
min-height: 0;
}
window#waybar {
background: rgba(43, 48, 59, 0.8);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
}
window#waybar.hidden {
opacity: 0.0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button {
padding: 0 5px;
background: transparent;
color: #ffffff;
border-bottom: 3px solid transparent;
}
#workspaces button.focused {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#window, #sway, #sway-window {
padding-left: 1em;
margin-bottom: 0.4em;
}
#mode {
background: #64727D;
border-bottom: 3px solid #ffffff;
}
/* #clock, #battery, #cpu, #memory, #temperature, #backlight, #network, #pulseaudio, #bluetooth, #custom-media, #tray, #mode, #idle_inhibitor, #mpd { */
.modules-right > * > * {
margin: 0.2em 0 0.4em 0;
padding: 0.2em 0.5em;
border: 1px solid rgba(0, 0, 0, 0.25);
border-radius: 0.3em;
}
.modules-right > *:not(:last-child) > * {
margin-right: 0.4em;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#cpu {
background: #2ecc71;
color: #000000;
}
#memory {
background: #9b59b6;
}
#backlight {
background: #90b1b1;
}
#network {
background: #2980b9;
}
#network.disconnected {
background: #f53c3c;
}
#pulseaudio {
background: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background: #90b1b1;
}
#bluetooth {
background: DarkSlateBlue;
color: white;
}
#custom-media {
background: #66cc99;
color: #2a5c45;
}
.custom-spotify {
background: #66cc99;
}
.custom-vlc {
background: #ffa000;
}
#temperature {
background: #f0932b;
}
#temperature.critical {
background: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
background-color: teal;
color: white;
}
'' + cfg.extraStyle;
};
}

12
home/modules/programs/openconnect-epfl.nix
View file

@ -4,15 +4,13 @@ let
name = "openconnect-epfl"; name = "openconnect-epfl";
runtimeInputs = with pkgs; [ openconnect rbw ]; runtimeInputs = with pkgs; [ openconnect rbw ];
text = '' text = ''
METHOD="Microsoft Entra ID" GASPAR_PASSWORD=$(rbw get gaspar)
RBW_ENTRY="EPFL Microsoft Auth" GASPAR_TOKEN=$(rbw code gaspar)
GASPAR_PASSWORD=$(rbw get "$RBW_ENTRY")
GASPAR_TOKEN=$(rbw code "$RBW_ENTRY")
printf "\n%s\n%s\n%s\n" "$METHOD" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | command sudo openconnect \ printf "%s\n%s\n" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | sudo openconnect \
--passwd-on-stdin \ --passwd-on-stdin \
-u "pham" \ -u pham \
--useragent='AnyConnect' \ --useragent='AnyConnect' \
"https://vpn.epfl.ch" "https://vpn.epfl.ch"
''; '';
}; };

59
home/nki-framework.nix
View file

@ -29,10 +29,12 @@
# Graphical set up # Graphical set up
linux.graphical.type = "wayland"; linux.graphical.type = "wayland";
linux.graphical.wallpaper = ./images/wallpaper_0.png; linux.graphical.wallpaper = ./images/wallpaper_0.png;
linux.graphical.defaults.webBrowser.package = pkgs.librewolf; linux.graphical.defaults.webBrowser = "librewolf.desktop";
# Enable sway # Enable sway
programs.my-sway.enable = true; programs.my-sway.enable = true;
programs.my-sway.fontSize = 14.0; programs.my-sway.fontSize = 14.0;
programs.my-sway.terminal = "${config.programs.kitty.package}/bin/kitty";
programs.my-sway.browser = "librewolf";
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {
# Keyboard support # Keyboard support
input."*".xkb_layout = "jp"; input."*".xkb_layout = "jp";
@ -46,25 +48,6 @@
tap = "enabled"; tap = "enabled";
}; };
}; };
programs.my-niri.enable = true;
programs.niri.settings = {
input.keyboard.xkb.options = "ctrl:swapcaps";
};
programs.my-waybar.extraSettings =
let
change-mode = pkgs.writeScript "change-mode" ''
#!/usr/bin/env ${lib.getExe pkgs.fish}
set -ax PATH ${lib.getBin pkgs.power-profiles-daemon} ${lib.getBin pkgs.rofi} ${lib.getBin pkgs.ripgrep}
set profiles (powerprofilesctl list | rg "^[ *] (\S+):" -r '$1')
set selected_index (math (contains -i (powerprofilesctl get) $profiles) - 1)
set new_profile (printf "%s\n" $profiles | rofi -dmenu -p "Switch to power profile" -a $selected_index)
powerprofilesctl set $new_profile
'';
in
[{
modules."battery"."on-click" = change-mode;
}];
# input-remapping # input-remapping
xdg.configFile."autostart/input-remapper-autoload.desktop".source = xdg.configFile."autostart/input-remapper-autoload.desktop".source =
@ -78,32 +61,16 @@
# Multiple screen setup # Multiple screen setup
services.kanshi = with config.common.monitors; { services.kanshi = with config.common.monitors; {
enable = true; enable = true;
settings = [ profiles.undocked.outputs = [{
{ criteria = "eDP-1";
profile.name = "undocked"; }];
profile.outputs = [{ criteria = "eDP-1"; }]; profiles.work-both.outputs = [
} { criteria = "eDP-1"; position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}"; status = "enable"; }
{ { criteria = work.name; position = "1920,0"; }
profile.name = "work-both"; ];
profile.outputs = [ profiles.work-one.outputs = [
{ { criteria = "eDP-1"; status = "disable"; }
criteria = "eDP-1"; { criteria = config.common.monitors.work.name; }
position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}";
status = "enable";
}
{ criteria = work.name; position = "1920,0"; }
];
}
{
profile.name = "work-one";
profile.outputs = [
{
criteria = "eDP-1";
status = "disable";
}
];
}
{ output.criteria = config.common.monitors.work.name; }
]; ];
}; };

82
home/nki-x1c1.nix
View file

@ -1,20 +1,5 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let
iio-sway = pkgs.stdenv.mkDerivation {
name = "iio-sway";
version = "0.0.1";
src = pkgs.fetchFromGitHub {
owner = "okeri";
repo = "iio-sway";
rev = "e07477d1b2478fede1446e97424a94c80767819d";
hash = "sha256-JGacKajslCOvd/BFfFSf7s1/hgF6rJqJ6H6xNnsuMb4=";
};
buildInputs = with pkgs; [ dbus ];
nativeBuildInputs = with pkgs; [ meson ninja pkg-config ];
meta.mainProgram = "iio-sway";
};
in
{ {
imports = [ imports = [
# Common configuration # Common configuration
@ -44,12 +29,12 @@ in
# Graphical set up # Graphical set up
linux.graphical.type = "wayland"; linux.graphical.type = "wayland";
linux.graphical.wallpaper = ./images/wallpaper_0.png; linux.graphical.wallpaper = ./images/wallpaper_0.png;
linux.graphical.startup = with pkgs; [ zen-browser-bin thunderbird vesktop slack ]; linux.graphical.defaults.webBrowser = "librewolf.desktop";
linux.graphical.defaults.webBrowser.package = pkgs.zen-browser-bin;
linux.graphical.defaults.webBrowser.desktopFile = "zen.desktop";
# Enable sway # Enable sway
programs.my-sway.enable = true; programs.my-sway.enable = true;
programs.my-sway.fontSize = 14.0; programs.my-sway.fontSize = 14.0;
programs.my-sway.terminal = "${config.programs.kitty.package}/bin/kitty";
programs.my-sway.browser = "librewolf";
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {
# Keyboard support # Keyboard support
input."*".xkb_layout = "jp"; input."*".xkb_layout = "jp";
@ -64,25 +49,25 @@ in
startup = [ startup = [
# rotation # rotation
{ command = "${lib.getExe iio-sway}"; } (
let
iio-sway = pkgs.stdenv.mkDerivation {
name = "iio-sway";
version = "0.0.1";
src = pkgs.fetchFromGitHub {
owner = "okeri";
repo = "iio-sway";
rev = "e07477d1b2478fede1446e97424a94c80767819d";
hash = "sha256-JGacKajslCOvd/BFfFSf7s1/hgF6rJqJ6H6xNnsuMb4=";
};
buildInputs = with pkgs; [ dbus ];
nativeBuildInputs = with pkgs; [ meson ninja pkg-config ];
};
in
{ command = "${iio-sway}/bin/iio-sway"; }
)
]; ];
}; };
programs.my-niri.enable = true;
# Assign some of the workspaces to big screen
programs.my-niri.workspaces = lib.genAttrs [ "06" "07" "08" "09" "10" ] (_: { monitor = config.common.monitors.work.name; });
programs.niri.settings = {
# input.keyboard.xkb.options = "ctrl:swapcaps";
input.mouse = lib.mkForce {
# Make M575 fast for now
accel-profile = "adaptive";
accel-speed = 0.4;
};
input.touch.map-to-output = "eDP-1";
switch-events = with config.lib.niri.actions; {
tablet-mode-on.action = spawn "systemctl" "--user" "kill" "--signal" "SIGUSR2" "wvkbd";
tablet-mode-off.action = spawn "systemctl" "--user" "kill" "--signal" "SIGUSR1" "wvkbd";
};
};
## Virtual keyboard ## Virtual keyboard
systemd.user.services.wvkbd = { systemd.user.services.wvkbd = {
Unit = { Unit = {
@ -111,25 +96,14 @@ in
# Multiple screen setup # Multiple screen setup
services.kanshi = with config.common.monitors; { services.kanshi = with config.common.monitors; {
enable = true; enable = true;
settings = [ profiles.undocked.outputs = [{ criteria = "LVDS-1"; }];
{ profiles.work-both.outputs = [
profile.name = "undocked"; { criteria = "eDP-1"; position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}"; status = "enable"; }
profile.outputs = [{ criteria = "eDP-1"; }]; { criteria = work.name; position = "1920,0"; }
} ];
{ profiles.work-one.outputs = [
profile.name = "work-both"; { criteria = "eDP-1"; status = "disable"; }
profile.outputs = [ { criteria = config.common.monitors.work.name; }
{ criteria = "eDP-1"; position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}"; status = "enable"; }
{ criteria = work.name; position = "1920,0"; }
];
}
{
profile.name = "work-one";
profile.outputs = [
{ criteria = "eDP-1"; status = "disable"; }
{ criteria = work.name; }
];
}
]; ];
}; };

43
home/osu.nix
View file

@ -1,28 +1,29 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
# osu-pkg = pkgs.unstable.osu-lazer-bin; osu-pkg = pkgs.unstable.osu-lazer-bin;
osu-pkg = with pkgs; with lib; # osu-pkg = with pkgs; with lib;
appimageTools.wrapType2 rec { # appimageTools.wrapType2 rec {
pname = "osu-lazer-bin"; # pname = "osu-lazer-bin";
version = "2025.101.0"; # version = "2024.312.1";
src = fetchurl { # src = pkgs.fetchurl {
url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage"; # url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage";
hash = "sha256-GsnTxVpNk2RXHLET6Ugv0/ZOlq8RUkw2ZXqRjkU+dzw="; # hash = "sha256-1dzgs1p3/pf4eCdKvQ9JxowN+oBPBNaZv5e6qHeFPEM=";
}; # };
extraPkgs = pkgs: with pkgs; [ icu ];
extraInstallCommands = # extraPkgs = pkgs: with pkgs; [ icu ];
let contents = appimageTools.extract { inherit pname version src; };
in # extraInstallCommands =
'' # let contents = appimageTools.extract { inherit pname version src; };
mv -v $out/bin/${pname} $out/bin/osu\! # in
install -m 444 -D ${contents}/osu\!.desktop -t $out/share/applications # ''
for i in 16 32 48 64 96 128 256 512 1024; do # mv -v $out/bin/${pname}-${version} $out/bin/osu\!
install -D ${contents}/osu.png $out/share/icons/hicolor/''${i}x$i/apps/osu.png # install -m 444 -D ${contents}/osu\!.desktop -t $out/share/applications
done # for i in 16 32 48 64 96 128 256 512 1024; do
''; # install -D ${contents}/osu\!.png $out/share/icons/hicolor/''${i}x$i/apps/osu\!.png
}; # done
# '';
# };
in in
{ {
home.packages = [ osu-pkg ]; home.packages = [ osu-pkg ];

148
kagami-air-m1/configuration.nix
View file

@ -1,148 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
# Override base mesa
({ ... }: { nixpkgs.overlays = lib.mkBefore [ (final: prev: { mesa = prev.mesa.override { enableOpenCL = true; meson = final.unstable.meson; }; }) ]; })
];
# time.timeZone = lib.mkForce "Asia/Ho_Chi_Minh";
services.xserver.desktopManager.plasma5.enable = true;
# Asahi kernel configuration
hardware.asahi = {
peripheralFirmwareDirectory = ./firmware;
use4KPages = false;
withRust = true;
addEdgeKernelConfig = true;
useExperimentalGPUDriver = true;
experimentalGPUInstallMode = "overlay";
};
# Override mesa
nixpkgs.overlays = lib.mkAfter [
(final: prev: {
mesa-asahi-edge = prev.mesa-asahi-edge.overrideAttrs (attrs: {
version = "24.0.0";
# buildInputs = attrs.buildInputs ++ (with pkgslw; [ libclc cmake (spirv-llvm-translator.override { inherit (llvmPackages_15) llvm; }) ]);
# nativeBuildInputs = attrs.nativeBuildInputs ++ (with pkgs; [ pkgs.unstable.spirv-llvm-translator ]);
src = final.fetchFromGitLab {
# latest release
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20231121";
hash = "sha256-IcKKe1RA8sCaUfWK71ELzF15YaBS3DjoYhNMIWiQ5Jw=";
};
patches = lib.forEach attrs.patches (p:
if lib.hasSuffix "opencl.patch" p
then ./mesa-asahi-edge/opencl.patch else p);
});
})
];
## Additional mesa-related packages
environment.systemPackages = with pkgs; [ SDL2 ];
# Power Management
services.upower = {
enable = true;
criticalPowerAction = "PowerOff";
usePercentageForPolicy = true;
percentageCritical = 3;
percentageLow = 10;
};
services.logind.lidSwitch = "suspend";
# Printing
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# Keyboard
services.input-remapper.enable = true;
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
hardware.uinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
common.linux.username = "nki";
# Enable sway on login.
environment.loginShellInit = ''
if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then
exec sway
fi
'';
# Networking
common.linux.networking = {
hostname = "kagami-air-m1";
networks."10-wired".match = "enp*";
networks."20-wireless".match = "wlan*";
dnsServers = [ "127.0.0.1" ];
};
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
# Secrets
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
## tinc
sops.secrets."tinc/ed25519-private-key" = { };
services.my-tinc = {
enable = true;
hostName = "macbooknix";
ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
bindPort = 6565;
};
services.dbus.packages = with pkgs; [ gcr ];
# Power Management
powerManagement = {
enable = true;
# powerDownCommands = ''
# /run/current-system/sw/bin/rmmod brcmfmac # Disable wifi
# /run/current-system/sw/bin/rmmod hci_bcm4377 # Disable bluetooth
# '';
# resumeCommands = ''
# /run/current-system/sw/bin/modprobe brcmfmac # Enable wifi
# /run/current-system/sw/bin/modprobe hci_bcm4377 # Enable bluetooth
# /run/current-system/sw/bin/systemctl restart iwd
# /run/current-system/sw/bin/systemctl restart bluetooth
# '';
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

3
kagami-air-m1/extract_firmware.sh
View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
mkdir -p firmware && cp /boot/asahi/{all_firmware.tar.gz,kernelcache*} firmware

BIN
kagami-air-m1/firmware/all_firmware.tar.gz
View file

Binary file not shown.

BIN
kagami-air-m1/firmware/kernelcache.release.mac13g
View file

Binary file not shown.

35
kagami-air-m1/hardware-configuration.nix
View file

@ -1,35 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/ebb6bf2e-2d7f-4fa6-88cb-751fdd174ef9";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/19BC-1BE8";
fsType = "vfat";
};
swapDevices = [
{ device = "/swap"; size = 16 * 1024; }
];
# nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

66
kagami-air-m1/mesa-asahi-edge/opencl.patch
View file

@ -1,66 +0,0 @@
diff --git a/meson.build b/meson.build
index 04d89987311..babfe440973 100644
--- a/meson.build
+++ b/meson.build
@@ -1812,7 +1812,7 @@ endif
dep_clang = null_dep
if with_clc
- llvm_libdir = dep_llvm.get_variable(cmake : 'LLVM_LIBRARY_DIR', configtool: 'libdir')
+ llvm_libdir = get_option('clang-libdir')
dep_clang = cpp.find_library('clang-cpp', dirs : llvm_libdir, required : false)
diff --git a/meson_options.txt b/meson_options.txt
index e885ba61a8a..29ce0270479 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,6 +1,12 @@
# Copyright © 2017-2019 Intel Corporation
# SPDX-License-Identifier: MIT
+option(
+ 'clang-libdir',
+ type : 'string',
+ value : '',
+ description : 'Locations to search for clang libraries.'
+)
option(
'platforms',
type : 'array',
diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build
index 7c14135898e..74dc6850603 100644
--- a/src/gallium/targets/opencl/meson.build
+++ b/src/gallium/targets/opencl/meson.build
@@ -39,7 +39,8 @@ if dep_llvm.version().version_compare('>=10.0.0')
polly_isl_dep = cpp.find_library('PollyISL', dirs : llvm_libdir, required : false)
endif
-dep_clang = cpp.find_library('clang-cpp', dirs : llvm_libdir, required : false)
+clang_libdir = get_option('clang-libdir')
+dep_clang = cpp.find_library('clang-cpp', dirs : clang_libdir, required : false)
# meson will return clang-cpp from system dirs if it's not found in llvm_libdir
linker_rpath_arg = '-Wl,--rpath=@0@'.format(llvm_libdir)
@@ -123,7 +124,7 @@ if with_opencl_icd
configuration : _config,
input : 'mesa.icd.in',
output : 'mesa.icd',
- install : true,
+ install : false,
install_tag : 'runtime',
install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
)
diff --git a/src/gallium/targets/rusticl/meson.build b/src/gallium/targets/rusticl/meson.build
index b2963fe6dfa..99d6d801b94 100644
--- a/src/gallium/targets/rusticl/meson.build
+++ b/src/gallium/targets/rusticl/meson.build
@@ -76,7 +76,7 @@ configure_file(
configuration : _config,
input : 'rusticl.icd.in',
output : 'rusticl.icd',
- install : true,
+ install : false,
install_tag : 'runtime',
install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
)

31
kagami-air-m1/secrets.yaml
View file

@ -1,31 +0,0 @@
tinc:
ed25519-private-key: ENC[AES256_GCM,data:Cc86FPxUK+MEHTDKtbSOb4WE8WrK9sPI5fQ0oyYPkLzKqn0ZeHlTyeXZD9THTWDyW9Ky5q0rIk7HxjFkLZMid5x3d/EcovSvpx2dyIzYGX2EiVfAbkF4v2JqXrnfdF/EQSF+Z9G6P2elPdXlXu7dUEqe3XsFFdKwe80EIzItO+b3BE3P3Xt9NxbkCRj3zHSuVlt5v81WzLkUTtPLwOcQafwrZ3Engi9Yrjyh58ufGYQyBItTdwlKblv42XahiOqhJ8QXBGiMCFY=,iv:h88X3PT/G1QV4GcD07IvLcMyM7WLRMuBMMYQ6Z1YOgE=,tag:aK2dCizwThbJt8woLKS9UQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQ0ZFampRSm5BbTVpUk9o
MUhLenM0czVDM1NUWFFsTGxZUllKMjNOU3pZCm00eUZjRFU3bTZnbnNVR2RnMVl2
UEV2c1VXNDRhRklIZmpnN2dLczJPVGcKLS0tIGVlTkkrWXVTbFVJS1h4YnZRKzNn
dFJYaEErRWFJZXpnWVY1dk4zbnMxK3cKZ0aiD0ZusCWnjfhEsuVNO8XZrwupDANu
GUf03lwpLiOx6OehK2wR0pfMEfmbDOP6+o673Sw9PcreEPvUovh82Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraHhUUXlpb3UvNWdkc3ZP
bFdNU0NaaStxR2c4SEY2NFByKzVGa1BkWXpjCmVlMmF3eUdid3RSMjVTUlJOM0hS
eHByVGtiUzBEZGRVRjg1TENPQlpPNjQKLS0tIG11cWFUU3JNeFY4cCt3d2ZUWmpl
dnZKYUIvM1N2eGFubkgzdUVESEVCYm8KGIEl6MKIc7Xsg9MePOgLovSBWh7b0BX/
aUXZm+elav6a7dmPSXqA7/ZSUtxZqD3sYF06YnABEhO+wQ5McArkFg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-17T11:24:18Z"
mac: ENC[AES256_GCM,data:nJLJXWvJpZRzvDuIiXiFQE2V4IYKtkFLR0U0KnTz7V9e/k+i4x53rMf8HuvKCxbWiJl/YdmxAEj0j+K8UPQv2G5OCG84qO0AUUXik2rHsd8WAv3EweS9WWSu0lgzf5U9ZdUuwZacmoU2khDmfXeZ5NTF/+eVDSDp3hZ+hTiJDFM=,iv:iEW9jecRfiT7vLYffNsFSI4wE/Ok5aNjOZfV1dTtt5Q=,tag:Gw7VpSbn17O75jNN3t8deg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

15
modules/cloud/authentik/default.nix
View file

@ -22,8 +22,8 @@ let
}; };
authentik = mkImage { authentik = mkImage {
imageName = "ghcr.io/goauthentik/server"; imageName = "ghcr.io/goauthentik/server";
finalImageTag = "2024.1.0.4"; finalImageTag = "2024.4.2";
imageDigest = "sha256:5843c56a56be58dcee8927c705f8c9def0af7189511c0e8e687d430f543b0f6d"; imageDigest = "sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff";
}; };
}; };
authentikEnv = pkgs.writeText "authentik.env" '' authentikEnv = pkgs.writeText "authentik.env" ''
@ -48,14 +48,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.arion-authentik = { systemd.services.arion-authentik.serviceConfig.EnvironmentFile = cfg.envFile;
serviceConfig.EnvironmentFile = cfg.envFile;
serviceConfig.Type = "notify";
serviceConfig.NotifyAccess = "all";
script = lib.mkBefore ''
${lib.getExe pkgs.wait4x} http http://127.0.0.1:${toString cfg.port} --expect-status-code 200 -t 0 -q -- systemd-notify --ready &
'';
};
virtualisation.arion.projects.authentik.settings = { virtualisation.arion.projects.authentik.settings = {
services.postgresql.service = { services.postgresql.service = {
image = images.postgresql; image = images.postgresql;
@ -105,7 +98,6 @@ in
ports = [ ports = [
"127.0.0.1:${toString cfg.port}:9000" "127.0.0.1:${toString cfg.port}:9000"
]; ];
}; };
services.worker.service = { services.worker.service = {
image = images.authentik; image = images.authentik;
@ -124,7 +116,6 @@ in
AUTHENTIK_POSTGRESQL__NAME = "authentik"; AUTHENTIK_POSTGRESQL__NAME = "authentik";
}; };
env_file = [ cfg.envFile "${authentikEnv}" ]; env_file = [ cfg.envFile "${authentikEnv}" ];
user = "root";
}; };
docker-compose.volumes = { docker-compose.volumes = {
database.driver = "local"; database.driver = "local";

51
modules/cloud/conduit/default.nix
View file

@ -74,8 +74,6 @@ with lib;
global.port = instance.port; global.port = instance.port;
global.allow_registration = instance.allow_registration; global.allow_registration = instance.allow_registration;
global.database_path = "/mnt/data/${srvName}/"; global.database_path = "/mnt/data/${srvName}/";
global.well_known_client = "https://${instance.host}";
global.well_known_server = "${instance.host}:443";
}); });
in in
{ {
@ -116,12 +114,61 @@ with lib;
)) ))
cfg.instances); cfg.instances);
# Serving .well-known files
# This is a single .well-known/matrix/server file that points to the server,
# which is NOT on port 8448 since Cloudflare doesn't allow us to route HTTPS
# through that port.
config.services.nginx = mkIf cfg.enable
{
enable = true;
virtualHosts = lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" {
listen = [{ addr = "127.0.0.1"; port = instance.well-known_port; }];
# Check https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md
# for the file structure.
root = pkgs.symlinkJoin
{
name = "well-known-files-for-conduit-${name}";
paths = [
(pkgs.writeTextDir ".well-known/matrix/client" (builtins.toJSON {
"m.homeserver".base_url = "https://${instance.host}";
"org.matrix.msc3575.proxy".url = "https://${instance.host}";
}))
(pkgs.writeTextDir ".well-known/matrix/server" (builtins.toJSON {
"m.server" = "${instance.host}:443";
}))
];
};
extraConfig =
# Enable CORS from anywhere since we want all clients to find us out
''
add_header 'Access-Control-Allow-Origin' "*";
'' +
# Force returning values to be JSON data
''
default_type application/json;
'';
})
cfg.instances;
};
config.cloud.traefik.hosts = mkIf cfg.enable ( config.cloud.traefik.hosts = mkIf cfg.enable (
(lib.attrsets.mapAttrs' (lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({ (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
inherit (instance) host port noCloudflare; inherit (instance) host port noCloudflare;
})) }))
cfg.instances) cfg.instances)
// (lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" (
let
server_name = if instance.server_name == "" then instance.host else instance.server_name;
in
{
port = instance.well-known_port;
filter = "Host(`${server_name}`) && PathPrefix(`/.well-known`)";
}
))
cfg.instances)
); );
} }

2
modules/cloud/conduit/heisenbridge.nix
View file

@ -33,7 +33,7 @@ with lib; {
{ {
systemd.services.heisenbridge = { systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge"; description = "Matrix<->IRC bridge";
requires = [ "matrix-conduit-nkagami.service" "matrix-synapse.service" ]; # So the registration file can be used by Synapse requires = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = rec { serviceConfig = rec {

20
modules/cloud/gotosocial/default.nix
View file

@ -4,7 +4,6 @@ let
cfg = config.cloud.gotosocial; cfg = config.cloud.gotosocial;
dbUser = "gotosocial"; dbUser = "gotosocial";
storageLocation = "/mnt/data/gotosocial";
in in
{ {
options.cloud.gotosocial = { options.cloud.gotosocial = {
@ -75,9 +74,6 @@ in
# Media # Media
media-emoji-remote-max-size = 256 * 1024 /* bytes */; media-emoji-remote-max-size = 256 * 1024 /* bytes */;
media-emoji-local-max-size = 256 * 1024 /* bytes */; media-emoji-local-max-size = 256 * 1024 /* bytes */;
media-remote-cache-days = 7;
media-cleanup-from = "00:00";
media-cleanup-every = "24h";
# OIDC # OIDC
oidc-enabled = true; oidc-enabled = true;
oidc-idp-name = "DTTH"; oidc-idp-name = "DTTH";
@ -86,22 +82,10 @@ in
http-client.block-ips = [ "11.0.0.0/24" ]; http-client.block-ips = [ "11.0.0.0/24" ];
# Advanced # Advanced
advanced-rate-limit-requests = 0; advanced-rate-limit-requests = 0;
# Storage
storage-backend = "local";
storage-local-base-path = "${storageLocation}/storage";
# instance-inject-mastodon-version = true; # instance-inject-mastodon-version = true;
}; };
}; };
systemd.services.gotosocial.requires = mkAfter [ "postgresql.service" "arion-authentik.service" ]; systemd.services.gotosocial.requires = mkAfter [ "minio.service" "postgresql.service" ];
systemd.services.gotosocial.after = mkAfter [ "postgresql.service" "arion-authentik.service" ]; systemd.services.gotosocial.after = mkAfter [ "minio.service" "postgresql.service" ];
systemd.services.gotosocial.unitConfig = {
RequiresMountsFor = [ storageLocation ];
ReadWritePaths = [ storageLocation ];
};
systemd.tmpfiles.settings."10-gotosocial".${storageLocation}.d = {
user = dbUser;
group = dbUser;
mode = "0700";
};
}; };
} }

183
modules/cloud/outline/r2.patch
View file

@ -1,183 +0,0 @@
commit 8c7f8c28fabc174a71499a4737579b24b5c4b244
Author: Natsu Kagami <nki@nkagami.me>
Date: Mon Oct 21 02:17:36 2024 +0200
Support R2
diff --git a/.env.sample b/.env.sample
index eb57ad85c..94ffcee07 100644
--- a/.env.sample
+++ b/.env.sample
@@ -66,6 +66,8 @@ AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
AWS_S3_FORCE_PATH_STYLE=true
AWS_S3_ACL=private
+AWS_S3_R2=true
+AWS_S3_R2_PUBLIC_URL=http://s3:4569
# AUTHENTICATION
diff --git a/app/utils/files.ts b/app/utils/files.ts
index 6607a6b12..5138f68ad 100644
--- a/app/utils/files.ts
+++ b/app/utils/files.ts
@@ -63,8 +63,13 @@ export const uploadFile = async (
xhr.addEventListener("loadend", () => {
resolve(xhr.readyState === 4 && xhr.status >= 200 && xhr.status < 400);
});
- xhr.open("POST", data.uploadUrl, true);
- xhr.send(formData);
+ xhr.open(data.method, data.uploadUrl, true);
+ xhr.setRequestHeader("Content-Type", file.type);
+ if (data.method === "POST") {
+ xhr.send(formData);
+ } else {
+ xhr.send(file);
+ }
});
if (!success) {
diff --git a/server/env.ts b/server/env.ts
index 5b420f2e1..4ea1e8d3c 100644
--- a/server/env.ts
+++ b/server/env.ts
@@ -519,6 +519,14 @@ export class Environment {
environment.AWS_S3_UPLOAD_BUCKET_NAME
);
+ @IsOptional()
+ public AWS_S3_R2 = this.toBoolean(environment.AWS_S3_R2 ?? "false");
+
+ @IsOptional()
+ public AWS_S3_R2_PUBLIC_URL = this.toOptionalString(
+ environment.AWS_S3_R2_PUBLIC_URL
+ );
+
/**
* Whether to force path style URLs for S3 objects, this is required for some
* S3-compatible storage providers.
diff --git a/server/routes/api/attachments/attachments.ts b/server/routes/api/attachments/attachments.ts
index 5e6c27594..b7620f440 100644
--- a/server/routes/api/attachments/attachments.ts
+++ b/server/routes/api/attachments/attachments.ts
@@ -3,6 +3,7 @@ import { v4 as uuidv4 } from "uuid";
import { AttachmentPreset } from "@shared/types";
import { bytesToHumanReadable } from "@shared/utils/files";
import { AttachmentValidation } from "@shared/validations";
+import env from "@server/env";
import { AuthorizationError, ValidationError } from "@server/errors";
import auth from "@server/middlewares/authentication";
import { rateLimiter } from "@server/middlewares/rateLimiter";
@@ -90,16 +91,30 @@ router.post(
{ transaction }
);
- const presignedPost = await FileStorage.getPresignedPost(
- key,
- acl,
- maxUploadSize,
- contentType
- );
+ let uploadUrl;
+ let method;
+ let presignedPost = {
+ fields: {},
+ };
+ if (env.AWS_S3_R2) {
+ uploadUrl = await FileStorage.getPresignedPut(key);
+ method = "PUT";
+ } else {
+ uploadUrl = FileStorage.getUploadUrl();
+ method = "POST";
+
+ presignedPost = await FileStorage.getPresignedPost(
+ key,
+ acl,
+ maxUploadSize,
+ contentType
+ );
+ }
ctx.body = {
data: {
- uploadUrl: FileStorage.getUploadUrl(),
+ uploadUrl,
+ method,
form: {
"Cache-Control": "max-age=31557600",
"Content-Type": contentType,
diff --git a/server/storage/files/BaseStorage.ts b/server/storage/files/BaseStorage.ts
index ce0287ebc..a1931c83d 100644
--- a/server/storage/files/BaseStorage.ts
+++ b/server/storage/files/BaseStorage.ts
@@ -26,6 +26,8 @@ export default abstract class BaseStorage {
contentType: string
): Promise<Partial<PresignedPost>>;
+ public abstract getPresignedPut(key: string): Promise<string>;
+
/**
* Returns a promise that resolves with a stream for reading a file from the storage provider.
*
diff --git a/server/storage/files/LocalStorage.ts b/server/storage/files/LocalStorage.ts
index 83cf98c50..324e60dd9 100644
--- a/server/storage/files/LocalStorage.ts
+++ b/server/storage/files/LocalStorage.ts
@@ -30,6 +30,10 @@ export default class LocalStorage extends BaseStorage {
});
}
+ public async getPresignedPut(key: string) {
+ return this.getUrlForKey(key);
+ }
+
public getUploadUrl() {
return "/api/files.create";
}
diff --git a/server/storage/files/S3Storage.ts b/server/storage/files/S3Storage.ts
index a42442e0c..d55ef5472 100644
--- a/server/storage/files/S3Storage.ts
+++ b/server/storage/files/S3Storage.ts
@@ -4,6 +4,7 @@ import {
S3Client,
DeleteObjectCommand,
GetObjectCommand,
+ PutObjectCommand,
ObjectCannedACL,
} from "@aws-sdk/client-s3";
import { Upload } from "@aws-sdk/lib-storage";
@@ -58,6 +59,16 @@ export default class S3Storage extends BaseStorage {
return createPresignedPost(this.client, params);
}
+ public async getPresignedPut(key: string) {
+ const params = {
+ Bucket: env.AWS_S3_UPLOAD_BUCKET_NAME,
+ Key: key,
+ };
+
+ const command = new PutObjectCommand(params);
+ return await getSignedUrl(this.client, command, { expiresIn: 3600 });
+ }
+
private getPublicEndpoint(isServerUpload?: boolean) {
if (env.AWS_S3_ACCELERATE_URL) {
return env.AWS_S3_ACCELERATE_URL;
@@ -137,10 +148,17 @@ export default class S3Storage extends BaseStorage {
);
}
+ public getR2ObjectUrl = async (key: string) =>
+ env.AWS_S3_R2_PUBLIC_URL + "/" + key;
+
public getSignedUrl = async (
key: string,
expiresIn = S3Storage.defaultSignedUrlExpires
) => {
+ if (env.AWS_S3_R2) {
+ return this.getR2ObjectUrl(key);
+ }
+
const isDocker = env.AWS_S3_UPLOAD_BUCKET_URL.match(/http:\/\/s3:/);
const params = {
Bucket: this.getBucket(),

7
modules/cloud/postgresql/default.nix
View file

@ -31,13 +31,6 @@ in
ensureDatabases = cfg.databases; ensureDatabases = cfg.databases;
ensureUsers = (map userFromDatabase cfg.databases); ensureUsers = (map userFromDatabase cfg.databases);
dataDir = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
};
config.systemd.services.postgresql.serviceConfig = {
StateDirectory = "postgresql postgresql ${config.services.postgresql.dataDir}";
StateDirectoryMode = "0750";
}; };
# Backup settings # Backup settings

63
modules/common/linux/default.nix
View file

@ -12,6 +12,7 @@ let
users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ]; users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ];
}; };
ios = { config, pkgs, ... }: mkIf config.common.linux.enable { ios = { config, pkgs, ... }: mkIf config.common.linux.enable {
services.avahi.enable = true;
services.usbmuxd.enable = true; services.usbmuxd.enable = true;
services.usbmuxd.package = pkgs.usbmuxd2; services.usbmuxd.package = pkgs.usbmuxd2;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -26,17 +27,8 @@ let
}; };
}; };
graphics = { config, pkgs, ... }: {
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
# Monitor backlight
hardware.i2c.enable = true;
services.ddccontrol.enable = true;
environment.systemPackages = [ pkgs.luminance pkgs.ddcutil ];
};
accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) { accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
environment.systemPackages = [ pkgs.glib (pkgs.gnome-control-center or pkgs.gnome.gnome-control-center) ]; environment.systemPackages = with pkgs.gnome; [ pkgs.glib gnome-control-center ];
services.accounts-daemon.enable = true; services.accounts-daemon.enable = true;
services.gnome.gnome-online-accounts.enable = true; services.gnome.gnome-online-accounts.enable = true;
# programs.evolution.enable = true; # programs.evolution.enable = true;
@ -45,19 +37,12 @@ let
# services.gnome.evolution-data-server.plugins = with pkgs; [ evolution-ews ]; # services.gnome.evolution-data-server.plugins = with pkgs; [ evolution-ews ];
}; };
wlr = { lib, config, ... }: mkIf config.common.linux.enable { wlr = { ... }: mkIf config.common.linux.enable {
# swaync disable notifications on screencast # swaync disable notifications on screencast
xdg.portal.wlr.settings.screencast = { xdg.portal.wlr.settings.screencast = {
exec_before = ''which swaync-client && swaync-client --inhibitor-add "xdg-desktop-portal-wlr" || true''; exec_before = ''which swaync-client && swaync-client --inhibitor-add "xdg-desktop-portal-wlr" || true'';
exec_after = ''which swaync-client && swaync-client --inhibitor-remove "xdg-desktop-portal-wlr" || true''; exec_after = ''which swaync-client && swaync-client --inhibitor-remove "xdg-desktop-portal-wlr" || true'';
}; };
# Niri stuff
# https://github.com/sodiboo/niri-flake/blob/main/docs.md
programs.niri.enable = true;
programs.niri.package = pkgs.niri-stable;
# Override gnome-keyring disabling
services.gnome.gnome-keyring.enable = lib.mkForce false;
}; };
logitech = { pkgs, ... }: mkIf cfg.enable { logitech = { pkgs, ... }: mkIf cfg.enable {
@ -93,7 +78,7 @@ let
enable = true; enable = true;
# defaults (no need to be set unless modified) # defaults (no need to be set unless modified)
quantum = 32; quantum = 32;
rate = 44100; rate = 48000;
}; };
security.rtkit.enable = true; security.rtkit.enable = true;
@ -119,19 +104,7 @@ let
}; };
in in
{ {
imports = with modules; [ imports = with modules; [ adb ios wlr logitech kwallet virtualisation accounts rt-audio ];
./sops.nix
adb
ios
graphics
wlr
logitech
kwallet
virtualisation
accounts
rt-audio
];
options.common.linux = { options.common.linux = {
enable = mkOption { enable = mkOption {
@ -245,8 +218,6 @@ in
"wheel" # Enable sudo for the user. "wheel" # Enable sudo for the user.
"plugdev" # Enable openrazer-daemon privileges "plugdev" # Enable openrazer-daemon privileges
"audio" "audio"
"video"
"input"
]; ];
shell = pkgs.fish; shell = pkgs.fish;
}; };
@ -279,24 +250,20 @@ in
services.tailscale.enable = true; services.tailscale.enable = true;
## Time and Region ## Time and Region
time.timeZone = lib.mkDefault "Europe/Zurich"; time.timeZone = "Europe/Zurich";
# Select internationalisation properties. # Select internationalisation properties.
console.keyMap = "jp106"; # Console key layout console.keyMap = "jp106"; # Console key layout
i18n.defaultLocale = "ja_JP.UTF-8"; i18n.defaultLocale = "ja_JP.UTF-8";
# Input methods (only fcitx5 works reliably on Wayland) # Input methods (only fcitx5 works reliably on Wayland)
i18n.inputMethod = { i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.waylandFrontend = true; fcitx5.waylandFrontend = true;
fcitx5.addons = with pkgs; [ fcitx5.addons = with pkgs; [
fcitx5-mozc fcitx5-mozc
fcitx5-unikey fcitx5-unikey
fcitx5-gtk fcitx5-gtk
]; ];
} // (if config.system.nixos.release == "24.05" then { };
enabled = "fcitx5";
} else {
enable = true;
type = "fcitx5";
});
# Default packages # Default packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -322,15 +289,12 @@ in
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
# Flatpaks are useful... sometimes... # Flatpaks are useful... sometimes...
services.flatpak.enable = true; services.flatpak.enable = true;
# AppImages should run
programs.appimage = {
enable = true;
binfmt = true;
};
# DConf for GNOME configurations # DConf for GNOME configurations
programs.dconf.enable = true; programs.dconf.enable = true;
# Gaming! (not for ARM64) # Gaming! (not for ARM64)
programs.steam.enable = !pkgs.stdenv.isAarch64; programs.steam.enable = !pkgs.stdenv.isAarch64;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = !pkgs.stdenv.isAarch64; # For 32 bit applications
## Services ## Services
# OpenSSH so you can SSH to me # OpenSSH so you can SSH to me
@ -350,13 +314,6 @@ in
extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde pkgs.xdg-desktop-portal-gtk ]; extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde pkgs.xdg-desktop-portal-gtk ];
config.sway.default = [ "wlr" "kde" "kwallet" ]; config.sway.default = [ "wlr" "kde" "kwallet" ];
config.niri = {
default = [ "gnome" "gtk" ];
"org.freedesktop.impl.portal.Access" = "gtk";
"org.freedesktop.impl.portal.Notification" = "gtk";
"org.freedesktop.impl.portal.Secret" = "kwallet";
"org.freedesktop.impl.portal.FileChooser" = "kde";
};
}; };
# D-Bus # D-Bus
services.dbus.packages = with pkgs; [ gcr ]; services.dbus.packages = with pkgs; [ gcr ];

18
modules/common/linux/sops.nix
View file

@ -1,18 +0,0 @@
{ config, lib, ... }:
with { inherit (lib) types mkOption mkEnableOption; };
let
cfg = config.common.linux.sops;
in
{
options.common.linux.sops = {
enable = mkEnableOption "Enable sops configuration";
file = mkOption {
type = types.path;
description = "Path to the default sops file";
};
};
config = lib.mkIf cfg.enable {
sops.defaultSopsFile = cfg.file;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
}

11
modules/my-tinc/default.nix
View file

@ -34,6 +34,11 @@ in
default = 655; default = 655;
description = "The port to listen on"; description = "The port to listen on";
}; };
meshIp = mkOption {
type = types.str;
description = "The mesh ip to be assigned by hostname";
};
}; };
config = mkIf cfg.enable (builtins.seq config = mkIf cfg.enable (builtins.seq
@ -46,6 +51,7 @@ in
myMeshIp = myHost.subnetAddr; myMeshIp = myHost.subnetAddr;
in in
{ {
services.my-tinc.meshIp = myMeshIp;
# Scripts that set up the tinc services # Scripts that set up the tinc services
environment.etc = { environment.etc = {
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" '' "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
@ -78,11 +84,6 @@ in
# firewall # firewall
networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.interfaces."tinc.${networkName}" = {
allowedUDPPortRanges = [{ from = 0; to = 65535; }];
allowedTCPPortRanges = [{ from = 0; to = 65535; }];
};
# configure tinc service # configure tinc service
# ---------------------- # ----------------------

13
modules/my-tinc/hosts.nix
View file

@ -23,13 +23,10 @@ in
hosts; hosts;
# Add all of them to host # Add all of them to host
nki.services.edns = { networking.extraHosts = lib.strings.concatStringsSep
enable = true; "\n"
cloaking-rules = (lib.attrsets.mapAttrsToList
(lib.attrsets.mapAttrs' (name: host: "${host.subnetAddr} ${name}.tinc")
(name: host: { name = "${name}.tinc"; value = host.subnetAddr; }) hosts);
hosts)
;
};
}; };
} }

20
modules/my-tinc/hosts/default.nix
View file

@ -12,24 +12,4 @@
rsaPublicKey = builtins.readFile ./nki-home.pub; rsaPublicKey = builtins.readFile ./nki-home.pub;
ed25519PublicKey = "Ts5OdPtBNLIRfosoYRcb6Z2iwWyOz/VKTKB9J0p5LlH"; ed25519PublicKey = "Ts5OdPtBNLIRfosoYRcb6Z2iwWyOz/VKTKB9J0p5LlH";
}; };
macbook = {
subnetAddr = "11.0.0.3";
rsaPublicKey = builtins.readFile ./nki-macbook.pub;
ed25519PublicKey = "lkNkBTl5GmcQFrtA7F1nN2gq5gFK7KuGqHUN8fiJU7H";
};
macbooknix = {
subnetAddr = "11.0.0.4";
ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
};
yoga = {
subnetAddr = "11.0.0.5";
ed25519PublicKey = "n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI";
};
framework = {
subnetAddr = "11.0.0.6";
ed25519PublicKey = "YL7NA6Ydv/3FBfSzOPvyHlGweAViPvsG3b0Zh8L0NzF";
};
} }

25
modules/my-tinc/hosts/nki-macbook.pub
View file

@ -1,25 +0,0 @@
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArruSM+4etKvZ2dWeBP8nA1lQeY/T3gBD7JMdHqG/BlEmEkEW2jrq
1UpABXEh5MyZ2ekSG5xr9awmVdybxauC0NPiDGxfknctS4F23asK0q5XjcnPtnln
cBhq7RPKdX1oGDyWrL4pVHOX+6cRZ6IsQemxfXlm3chl/5ore9b728wrU/FpkBBL
5gnzI3vtPWlBhrGxQOVobdLI4EYtFfbXV/IOqoe+5po8iYCliUQGF88R0V57YYpK
YXjuVtANMvoRsT5N7OJgoLjGeHEVXB0Umjfci+gbt+u+bKt0eBODFsawFWJCxxpY
cgbHtAViHZLSL5MTOlSBaW6tKsR/LrDUOCKu27Ccf7ZGG6U3O32ZI95+rsmuo+y7
DicZuW/YnvLomy+/XxzBvMYhDgQAMrOZTzCj6fjyie3FsdUHB2ydUhAkpvQMgBZM
6m0F5kancKNXaSXv82AaJrEclqo3DjAAtOy8jS/t7JyjwUh6LdKjjt68dmbq8weK
y9IZxQun/X+fEK4W2YVxm/nftJSPv/j1qsxakzuSHOAeQggLiOIcJi2aMftrfJJS
9DNqoDHy1cf0I9hH6VLcwx+fk4RkDdr7+SupKjFmhSz0ZlL80uc3I4yJg+cN+4rW
E5HFS+nxDQ1fwbH/pC5fXgvNTyepzqs+zTOKCjzezqGP4fgfCTODt6uXpuc52smY
agUfYd5fOW+RLrAP/Z1vvFBI26RBrOpfIFYEgAsRfx5iHI/SUxu3FDSl+cewiQ3k
AIvD+wGEpTI64nZr7sgF/rUR5mTrS51+3eWm9SHLF9R5hYHHe2HWILBvNu9YLQdI
pQmNmu4H32/gNP8HnSm8I1zDChB84o+FnjyZ0EhTDOdg6BemssvoWnuQ+CoUsmyZ
lB+A8bUIaFYaGtx46ESdSzHJVWV25P6vVgXbqS2OqC2Slkc8RWYKfoHLvJg28zT0
A5naep3YWymXXhzsUXeEuyc68GZvF8BFV13XTiiULy3ZCjlBGA9xZoc4lLKdKXNk
Y/q908RHu2BUB3z6eeVKGDCGD9E/jiK+NpBWtrPmuBNTz4cC2cbjhx17j7dLF/wa
JY2iCeRCfNhTkE7oP9uWf5nUrUU/DlUdz4DC6JNHeo2hmLNjNQLBx+2ExtAdcF1g
4WhDnuKtrMTedRqwQLVE7FNW9iwBDpCQlmGkg+JE0+qdQBaoKDco/l2npSVVWjCU
5eeB+xCZd25gPFDUQtGYt6Pux/6E0+3wLr2flGODfYHEGLsGlUIisIEs2WrISxcd
5bSDrFh23GUsOZdruUA1GDgXu5+DUFhEriZDDWYzl5Zf83qqLgYP/RZuX5VWQ8Ge
PGw+fTnj/IneKgrhg8YgZCmK9j4hh+KMPwIDAQAB
-----END RSA PUBLIC KEY-----

13
modules/personal/fonts/default.nix
View file

@ -1,13 +1,6 @@
{ pkgs, lib, config, ... }: { pkgs, lib, ... }:
with lib; with lib;
let
nerd-fonts =
if builtins.hasAttr "nerd-fonts" pkgs then
pkgs.nerd-fonts.symbols-only
else
pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; };
in
{ {
imports = [ ./mounting.nix ]; imports = [ ./mounting.nix ];
# Fonts # Fonts
@ -15,9 +8,9 @@ in
packages = with pkgs; mkForce [ packages = with pkgs; mkForce [
noto-fonts-emoji-blob-bin noto-fonts-emoji-blob-bin
ibm-plex ibm-plex
nerd-fonts (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
noto-fonts noto-fonts
(pkgs.noto-fonts-cjk-sans or pkgs.noto-fonts-cjk) noto-fonts-cjk
merriweather merriweather
corefonts corefonts
font-awesome font-awesome

2
modules/personal/fonts/mounting.nix
View file

@ -12,7 +12,7 @@ lib.mkIf pkgs.stdenv.isLinux {
name = "system-icons"; name = "system-icons";
paths = with pkgs; [ paths = with pkgs; [
#libsForQt5.breeze-qt5 # for plasma #libsForQt5.breeze-qt5 # for plasma
(pkgs.gnome-themes-extra or gnome.gnome-themes-extra) # Until 24.11 gnome.gnome-themes-extra
]; ];
pathsToLink = [ "/share/icons" ]; pathsToLink = [ "/share/icons" ];
}; };

2
modules/personal/u2f.nix
View file

@ -16,7 +16,7 @@ in
security.pam = mkIf pkgs.stdenv.isLinux { security.pam = mkIf pkgs.stdenv.isLinux {
u2f = { u2f = {
enable = true; enable = true;
settings.cue = true; cue = true;
}; };
# Services # Services

10
modules/services/edns/default.nix
View file

@ -8,11 +8,6 @@ in
options.nki.services.edns = { options.nki.services.edns = {
enable = mkEnableOption "Enable encrypted DNS"; enable = mkEnableOption "Enable encrypted DNS";
ipv6 = mkEnableOption "Enable ipv6"; ipv6 = mkEnableOption "Enable ipv6";
cloaking-rules = mkOption {
type = types.attrsOf types.str;
default = { };
description = "A set of domain -> ip mapping for cloaking_rules";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -47,11 +42,6 @@ in
{ server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; } { server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; }
]; ];
anonymized_dns.skip_incompatible = true; anonymized_dns.skip_incompatible = true;
# Cloaking rules
cloaking_rules = pkgs.writeText "cloaking_rules.txt" (lib.strings.concatStringsSep
"\n"
(lib.attrsets.mapAttrsToList (name: ip: "${name} ${ip}") cfg.cloaking-rules));
}; };
}; };
}; };

66
modules/services/nix-build-farm/default.nix
View file

@ -1,66 +0,0 @@
{ config, lib, ... }:
with { inherit (lib) mkOption types mkIf; };
let
cfg = config.services.nix-build-farm;
hosts = import ./hosts.nix;
build-user = "nix-builder";
isBuilder = host: host ? "builder";
allBuilders = lib.filterAttrs (_: isBuilder) hosts;
in
{
options.services.nix-build-farm = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable nix-build-farm as a client";
};
hostname = mkOption {
type = types.enum (builtins.attrNames hosts);
description = "The hostname as listed in ./hosts.nix file";
};
privateKeyFile = mkOption {
type = types.path;
description = "The path to the private SSH key file";
};
ipAddrs = mkOption {
type = types.str;
description = "The ip addresses to limit access to";
default = "11.0.0.*";
};
};
config = mkIf cfg.enable (
let
host = hosts.${cfg.hostname};
otherHosts = lib.filterAttrs (name: _: name != cfg.hostname) hosts;
otherBuilders = lib.filterAttrs (name: _: name != cfg.hostname) allBuilders;
in
{
nix.distributedBuilds = true;
nix.buildMachines = lib.mapAttrsToList
(name: host: {
hostName = host.host;
sshUser = build-user;
sshKey = cfg.privateKeyFile;
} // host.builder)
otherBuilders;
users = mkIf (isBuilder host) {
users.${build-user} = {
description = "Nix build farm user";
group = build-user;
isNormalUser = true;
openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}'') otherHosts;
};
groups.${build-user} = { };
};
nix.settings.trusted-users = mkIf (isBuilder host) [ build-user ];
}
);
}

37
modules/services/nix-build-farm/hosts.nix
View file

@ -1,37 +0,0 @@
{
cloud = {
host = "cloud.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE87ddj0fTH0NuvJz0dT5ln7v7zbafXqDVdM2A4ddOb0 root@nki-personal-do";
};
home = {
host = "home.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6N1uTxnbo73tyzD9X7d7OgPeoOpY7JmQaHASjSWFPI nki@kagamiPC";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUhiVTh2NlNBa0kyOTBCc1QzVG1IRVVJQWdXcVFyNm9jRmpjakRRczRoT2ggcm9vdEBrYWdhbWlQQwo=";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
};
};
yoga = {
host = "yoga.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6ZrO/xIdmwBCUx80cscBSpJBBTp55OHGrXYBGRXKAw nki@nki-yoga-g8";
};
framework = {
host = "framework.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/g472MaT7YySUhBjxClfmMjpn98qYnKXDKlzWHYwuO nki@nki-framework";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdOUlBCVFRkNTVVMXY1U1Jac0FjYVdhS3JGZTY0ZjIxOVViODVTQ2NWd28gcm9vdEBua2ktZnJhbWV3b3JrCg==";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 3;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
};
};
}

1
modules/services/nix-cache/cache-pub-key.pem
View file

@ -1 +0,0 @@
nix.home.tinc:zG2uDy0MbLY0wLuoVH/qKzTD6hTfKZufA2cWDSTCZMA=

60
modules/services/nix-cache/default.nix
View file

@ -1,60 +0,0 @@
{ config, pkgs, lib, ... }:
with { inherit (lib) mkEnableOption mkOption types mkIf; };
let
cfg = config.nki.services.nix-cache;
bindAddr = "127.0.0.1:5000";
in
{
options.nki.services.nix-cache = {
enableClient = mkOption {
type = types.bool;
default = !cfg.enableServer;
description = "Enable nix-cache client";
};
enableServer = mkEnableOption "Enable nix-cache server";
host = mkOption {
type = types.str;
default = "nix.home.tinc";
};
publicKey = mkOption {
type = types.str;
default = builtins.readFile ./cache-pub-key.pem;
};
privateKeyFile = mkOption {
type = types.path;
description = "Path to the private key .pem file";
};
};
config = {
nix.settings = mkIf cfg.enableClient {
substituters = lib.mkAfter [ "http://${cfg.host}" ];
trusted-public-keys = [ cfg.publicKey ];
};
services.harmonia = mkIf cfg.enableServer {
enable = true;
signKeyPaths = [ cfg.privateKeyFile ];
settings = {
bind = bindAddr;
priority = 45;
};
};
services.nginx = mkIf cfg.enableServer {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
# ... existing hosts config etc. ...
"${cfg.host}" = {
locations."/".proxyPass = "http://${bindAddr}";
};
};
};
};
}

24
nki-framework/configuration.nix
View file

@ -17,18 +17,10 @@
./wireless.nix ./wireless.nix
]; ];
# Sops
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "framework";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# services.xserver.enable = true; # services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true; # services.xserver.displayManager.sddm.enable = true;
# services.xserver.displayManager.sddm.wayland.enable = true; # services.xserver.displayManager.sddm.wayland.enable = true;
services.desktopManager.plasma6.enable = true; services.xserver.desktopManager.plasma6.enable = true;
# Power Management # Power Management
services.upower = { services.upower = {
@ -42,13 +34,13 @@
services.power-profiles-daemon.enable = true; services.power-profiles-daemon.enable = true;
# powerManagement.enable = true; # powerManagement.enable = true;
# powerManagement.powertop.enable = true; # powerManagement.powertop.enable = true;
services.logind.lidSwitch = "suspend-then-hibernate"; services.logind.lidSwitch = "suspend";
# Printing # Printing
services.printing.drivers = with pkgs; [ epfl-cups-drivers ]; services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true; services.xserver.libinput.enable = true;
# Keyboard # Keyboard
services.input-remapper.enable = true; services.input-remapper.enable = true;
services.input-remapper.serviceWantedBy = [ "multi-user.target" ]; services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
@ -85,16 +77,6 @@
security.pam.services.swaylock.fprintAuth = true; security.pam.services.swaylock.fprintAuth = true;
security.pam.services.login.fprintAuth = true; security.pam.services.login.fprintAuth = true;
# tinc network
sops.secrets."tinc-private-key" = { };
services.my-tinc = {
enable = true;
hostName = "framework";
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
bindPort = 6565;
};
# Secrets # Secrets
# sops.defaultSopsFile = ./secrets.yaml; # sops.defaultSopsFile = ./secrets.yaml;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

3
nki-framework/hardware-configuration.nix
View file

@ -12,7 +12,10 @@
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ boot.kernelParams = [
# See https://community.frame.work/t/tracking-graphical-corruption-in-fedora-39-amd-3-03-bios/39073/143
"amdgpu.sg_display=0"
# Hibernation # Hibernation
"resume=UUID=fa8aaf51-b99f-4fb4-9230-8c0957d8af3f" "resume=UUID=fa8aaf51-b99f-4fb4-9230-8c0957d8af3f"
"resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile "resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile

32
nki-framework/secrets.yaml
View file

@ -1,32 +0,0 @@
tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:w56sobHrhvVcKbuK15Yj20EqgFrR/5pNy/rcQjlZCiFEfgPC6ZrbsxziIdMTOX+Q4DyllKCKo+g/MIKm5S+s+nIff509ODlILhTtXlZvZlnT9+wvm5oN3WQCdkkqOr1gNnErPupfMxA6V35tNvNBCeomYuM8Xb7TuH4I1fXa5GFeT0Tnp5A2WqWoS1MzXz34CxlKXvoL6i4w7nUngt5zaGr9oMZbSa0pHxEzIhXk6h/lE864QlJid7q/mDok9gh2R80WvArGtNNj9PrT6cNKYIFuXo7vITkSkT3vo9BLflg5sgRxy4+7rBaRla0ziihQvZLtworwo6aNDvEqPqYfiX0TMYPpEWvJpp/HGDJy+Po7b0ZZkwSza+tB0J79vFH2h11Px1XSwXdq757Bn9G4OTb5oKWS5ycBU4xTnnHQBjYTSooFxYyTAvfKNEsB8AHKSuQRZgtVhWoOSPpJ6YL94ClUIT+DTaNmQjwouqNatf/nif+N/FCar8JWZDE+FX1TBu0yLmJie/f0LCdCQx+6IVdyXg7oVCoNiGg0,iv:TeSxlVc0WlOMMUtv/uq3f7JvW/kNCM7LjguhZxL51a4=,tag:m1iuk4pAX/yugM0ObzkJHQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL2Z1RzBWaTI1TDl6WDNa
NTNVdEhTSFU5enNlTGVNWTI5anBZb1BtaVhjCm1BRnJDSXl1cWdBRUs1VnREVjBU
QWZxdkgzdm9JL0k5WmhDL1RCNTltdm8KLS0tIFhvQTlKMDZiVklTRWd4TzVmc2ll
bmpjcWdBV1doZml2NjlzQzdQczJ3alEKBMRP3POxtPIqBWnrvxY/++5jtVE70Uxa
EVfhsUO76A/hzyxfzpLEy1QGFE+DB/zlU0CK7HkNGPD2TrBHbzkPJA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MUxQU0dZOGRaekF4MWdo
T0krcERtRTJndFR1RHZmL0t6MjBxMW5PSENNCkR6SUhxQ0FoaEhuaWpiUzJ0MnJE
RXRERzVhL0lRVW1iRUlac0c5OHZsckEKLS0tIC9VM1dNZTNzdkFnMWk2YUwvcDNB
TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1
rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-17T14:58:10Z"
mac: ENC[AES256_GCM,data:ZCrzXDttLxYUvdLiqM5I17Ys6O3zoOVKq8xP78VaLb3AAoV4RGGQxixKVQ6K9h84e8bFymh512BR7xKa9fqebxTyL1XCqPkRaSZy0aWjbc6QCaK+JD4yqivgO/x5x2xgMpX/ZhPFzKNLpMga61bnm6plvF8ocG+wOqYvj3vL0Ss=,iv:QZ8YJD7h2QD2jqVKo4bg0rwpZSTyyNw6zZDcBfClKPo=,tag:PH2XnTqxV2irymg2+Z+Egg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
nki-home/audio/default.nix
View file

@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
environment.etc = { environment.etc = {
"wireplumber/wireplumber.conf.d/51-sdac.conf".source = ./sdac.conf.json; "wireplumber/main.lua.d/51-sdac.lua".source = ./sdac.lua;
}; };
} }

19
nki-home/audio/sdac.conf.json
View file

@ -1,19 +0,0 @@
monitor.alsa.rules = [
{
matches = [
{
device.name = "alsa_output.usb-Grace_Design_SDAC-00.*"
}
]
actions = {
update-props = {
# audio.format = "S24_3LE"
audio.rate = 88200
api.alsa.period-size = 2
api.alsa.headroom = 0
api.alsa.disable-batch = true
}
}
}
]

2
nki-home/audio/sdac.lua
View file

@ -6,7 +6,7 @@ rule = {
}, },
apply_properties = { apply_properties = {
["audio.format"] = "S24_3LE", ["audio.format"] = "S24_3LE",
["audio.rate"] = 44100, ["audio.rate"] = 96000,
["api.alsa.period-size"] = 2, ["api.alsa.period-size"] = 2,
["api.alsa.headroom"] = 0, ["api.alsa.headroom"] = 0,
["api.alsa.disable-batch"] = true ["api.alsa.disable-batch"] = true

51
nki-home/configuration.nix
View file

@ -5,21 +5,13 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib; with lib;
let
openrazer = { pkgs, ... }: {
# Razer stuff
hardware.openrazer = {
enable = true;
users = [ "nki" ];
};
environment.systemPackages = with pkgs; [ polychromatic ];
};
in
{ {
imports = imports =
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
# secret management
./secrets
# Fonts # Fonts
../modules/personal/fonts ../modules/personal/fonts
# Encrypted DNS # Encrypted DNS
@ -27,7 +19,6 @@ in
# Other services # Other services
../modules/personal/u2f.nix ../modules/personal/u2f.nix
./peertube-runner.nix ./peertube-runner.nix
openrazer
]; ];
# Kernel # Kernel
@ -36,22 +27,10 @@ in
# Plasma! # Plasma!
services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enable = true;
## Encryption ## Encryption
# Kernel modules needed for mounting USB VFAT devices in initrd stage # Kernel modules needed for mounting USB VFAT devices in initrd stage
common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892"; common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892";
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
# Nix cache server
sops.secrets."nix-cache/private-key" = { owner = "harmonia"; group = "harmonia"; mode = "0600"; };
nki.services.nix-cache = {
enableServer = true;
privateKeyFile = config.sops.secrets."nix-cache/private-key".path;
};
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Networking # Networking
common.linux.networking = common.linux.networking =
@ -82,11 +61,13 @@ in
PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path; PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path;
}; };
wireguardPeers = [{ wireguardPeers = [{
PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ="; wireguardPeerConfig = {
PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path; PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ]; PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
Endpoint = "vpn.dtth.ch:51820"; AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ];
PersistentKeepalive = 25; Endpoint = "vpn.dtth.ch:51820";
PersistentKeepalive = 25;
};
}]; }];
}; };
systemd.network.networks."dtth-wg" = { systemd.network.networks."dtth-wg" = {
@ -94,8 +75,8 @@ in
address = [ "100.73.146.80/32" "fd00::33:105b/128" ]; address = [ "100.73.146.80/32" "fd00::33:105b/128" ];
DHCP = "no"; DHCP = "no";
routes = [ routes = [
{ Destination = "100.64.0.0/10"; Scope = "link"; } { routeConfig = { Destination = "100.64.0.0/10"; Scope = "link"; }; }
{ Destination = "fd00::/106"; } { routeConfig.Destination = "fd00::/106"; }
]; ];
}; };
@ -192,13 +173,5 @@ in
passwordFile = config.sops.secrets."scrobble/listenbrainz".path; passwordFile = config.sops.secrets."scrobble/listenbrainz".path;
}; };
}; };
programs.virt-manager.enable = true;
users.groups.libvirtd.members = [ "nki" ];
virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
} }

4
nki-home/hardware-configuration.nix
View file

@ -36,6 +36,10 @@
swapDevices = swapDevices =
[{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }]; [{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }];
# GPU options
services.xserver.videoDrivers = [ "amdgpu" ];
hardware.opengl.enable = true;
# bluetooth usb # bluetooth usb
hardware.firmware = [ pkgs.rtl8761b-firmware ]; hardware.firmware = [ pkgs.rtl8761b-firmware ];
} }

6
nki-home/secrets/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, pkgs, ... }:
{
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}

10
nki-home/secrets.yaml → nki-home/secrets/secrets.yaml
View file

@ -13,10 +13,6 @@ dtth-wg:
preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str] preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str]
peertube: peertube:
dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str] dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str]
nix-cache:
private-key: ENC[AES256_GCM,data:4sbfIQb10Y50CrZbgjN+1iXEbXTpDqMbIB/yA3WlaAqhLtb8HKib5aZX3DLoxFbVihJcztQsvBBgEAhT9iMijoksaT9qzBQ5yIn4NGCfFem1DK8DQdjhTLMCVTyMFCT7hQHu/2Sd7w==,iv:zTSxuKOtOLekOBKBvl9MScD/Bo1Hviqq/n8Saa+1Cgo=,tag:fx73fCDPY9d07V3KKMw3DA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:m5neeWCEdaZ1MRhNwTptfDIgv3ABNlYyNil3oTD81Jbe/6WxWaS5Q++CRlHCjc2hOoHsWsZixw8iGZVTA+QXgH6B9C6A4oOAhgR9m92EGTEfFw0qxQbdzs7U98Yonx/N8SApUycZZB/EU81+MrDNY4GGzCiO6s00/vZLkDTYnqRFgbo+8KTG0BQTl4q+VYP2q3l0wy+Ivz5CWPmbz42Xdin/sBnjeFHKDuof4iZZnN3i8gUJ/mMw3lbdiHd6A8DL0G5Ut46ljzMC2aMsZOATCID3mPOPgI0xIetDofPJLDqVsNqptRHo8WB+KwDidvl222f5F7JqdSqgAMOJYPscrX0odufApiJfg5bbXBygvrDfAlPSruW7GsWGoKAhw0qC4NC/j+qYCwhS0qdorCLnIy3zzMtA6HkHtE675hy7/7oLj7k9Y8MhE4PxztjXTmDazaVCtKhnA/DpaxP2mH84gfCkJFD1YF9jtPm+P3e+46FwkW+WnHaA2L+H7Evava30DLEBhh5y9Gd1A3JN4isn,iv:7KUWg7+GWgmGJkbIvsy9gtccZBb+1Y5uDWhXQFk0obk=,tag:qJdM684XPHxecLVxVb5pgw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -50,8 +46,8 @@ sops:
bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA== hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T13:59:20Z" lastmodified: "2024-04-18T13:34:51Z"
mac: ENC[AES256_GCM,data:ncT8fbtEb9ZcLcftXwgAKJRPPSG4TRHFMArtVgWNmIjDRcCNNT7ICa+9Dl8DAYKRJ+8pgelV9StIg2f7rvypHYlckontEP5nwSFzEApLItG3AZXewTC8VPoDYb4T8/OWKDoa5kBMvGrDr1bFP/CZz7H8No+k5TV7fVExsw0PHpg=,iv:vxbkeJtHkOAq7NcaZEIOMV3qGEqBUg/vpJYumBBfY70=,tag:T0yw2x1O5Tp0UllLpcFryg==,type:str] mac: ENC[AES256_GCM,data:cinVE1pHSgjCRPIDwANzR0oHw7zdN8DVDQKkhXT5j+dGiaFzNvLoYyMcEsjoxAjEdup3YMo+Vg6I4C94AUCrTn7N9BGjnGFVQz3m9q13zORi1+HWam0VItBzJm1iIo8x0PPs79OBaIHVUFAz8r4DW46P/LQISl9MQSDpCCTjVVk=,iv:2VAehWaoh2lNZM8jlmt+dqo5eeHfcr++eAdQfm/tCcM=,tag:QSnbObe3046AnFpK3Y01Eg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.8.1

87
nki-personal-do/configuration.nix
View file

@ -12,9 +12,6 @@
../modules/cloud/conduit ../modules/cloud/conduit
../modules/cloud/gotosocial ../modules/cloud/gotosocial
# Encrypted DNS
../modules/services/edns
./headscale.nix ./headscale.nix
./gitea.nix ./gitea.nix
./miniflux.nix ./miniflux.nix
@ -24,13 +21,8 @@
./invidious.nix ./invidious.nix
./owncast.nix ./owncast.nix
./peertube.nix ./peertube.nix
./outline.nix
./vikunja.nix
./n8n.nix
]; ];
system.stateVersion = "21.11";
common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine. common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine.
# Personal user # Personal user
@ -62,19 +54,21 @@
]; ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.extraOptions = "--data-root /mnt/data/docker";
services.do-agent.enable = true; services.do-agent.enable = true;
system.autoUpgrade = {
enable = true;
allowReboot = true;
flake = "github:natsukagami/nix-home#nki-personal-do";
};
nix = { nix = {
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
}; };
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
# Secret management # Secret management
sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -87,10 +81,6 @@
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path; services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path; services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Set up traefik # Set up traefik
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; }; sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
sops.secrets.traefik-dashboard-users = { owner = "traefik"; }; sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
@ -154,7 +144,7 @@
}; };
# Mail # Mail
sops.secrets.mail-users = { owner = "maddy"; reloadUnits = [ "maddy.service" ]; }; sops.secrets.mail-users = { owner = "maddy"; };
cloud.mail = { cloud.mail = {
enable = true; enable = true;
debug = true; debug = true;
@ -195,13 +185,74 @@
protocol = "udp"; protocol = "udp";
}; };
# Outline
sops.secrets.minio-secret-key = { owner = "root"; mode = "0444"; };
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
services.outline = {
enable = true;
package = pkgs.outline.overrideAttrs (attrs: {
patches = if builtins.hasAttr "patches" attrs then attrs.patches else [ ] ++ [ ../modules/cloud/outline/dtth-wiki.patch ];
});
databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable";
redisUrl = "local";
publicUrl = "https://wiki.dtth.ch";
port = 18729;
storage = {
accessKey = "minio";
secretKeyFile = config.sops.secrets.minio-secret-key.path;
region = config.services.minio.region;
uploadBucketUrl = "https://s3.dtth.ch";
uploadBucketName = "dtth-outline";
uploadMaxSize = 50 * 1024 * 1000;
};
maximumImportSize = 50 * 1024 * 1000;
oidcAuthentication = {
clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7";
clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path;
authUrl = "https://auth.dtth.ch/application/o/authorize/";
tokenUrl = "https://auth.dtth.ch/application/o/token/";
userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/";
displayName = "DTTH Account";
};
smtp = {
fromEmail = "DTTH Wiki <dtth.wiki@nkagami.me>";
replyEmail = "";
host = "mx1.nkagami.me";
username = "dtth.wiki@nkagami.me";
passwordFile = config.sops.secrets."outline/smtp-password".path;
port = 465;
secure = true;
};
forceHttps = false;
};
cloud.postgresql.databases = [ "outline" ];
systemd.services.outline.requires = [ "postgresql.service" ];
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
# GoToSocial # GoToSocial
sops.secrets.gts-env = { restartUnits = [ "gotosocial.service" ]; }; sops.secrets.gts-env = { };
cloud.gotosocial = { cloud.gotosocial = {
enable = true; enable = true;
envFile = config.sops.secrets.gts-env.path; envFile = config.sops.secrets.gts-env.path;
}; };
# Minio
sops.secrets.minio-credentials = { };
services.minio = {
enable = true;
listenAddress = ":61929";
consoleAddress = ":62929";
rootCredentialsFile = config.sops.secrets.minio-credentials.path;
dataDir = lib.mkForce [ "/mnt/data/minio" ];
};
cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
system.stateVersion = "21.11";
# ntfy # ntfy
cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; }; cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; };
services.ntfy-sh = { services.ntfy-sh = {

45
nki-personal-do/gitea.nix
View file

@ -98,7 +98,6 @@ in
}; };
users.groups.${user} = { }; users.groups.${user} = { };
sops.secrets."gitea/signing-key".owner = user; sops.secrets."gitea/signing-key".owner = user;
sops.secrets."gitea/minio-secret-key".owner = user;
sops.secrets."gitea/mailer-password".owner = user; sops.secrets."gitea/mailer-password".owner = user;
# database # database
cloud.postgresql.databases = [ user ]; cloud.postgresql.databases = [ user ];
@ -115,6 +114,8 @@ in
inherit user; inherit user;
appName = "DTTHgit";
settings = { settings = {
server = { server = {
DOMAIN = host; DOMAIN = host;
@ -135,7 +136,7 @@ in
}; };
"repository.signing" = { "repository.signing" = {
SIGNING_KEY = signingKey; SIGNING_KEY = signingKey;
SIGNING_NAME = "DTTHgit"; SIGNING_NAME = "DTTHGit";
SIGNING_EMAIL = "dtth-gitea@nkagami.me"; SIGNING_EMAIL = "dtth-gitea@nkagami.me";
}; };
ui.THEMES = default-themes + "," + themes; ui.THEMES = default-themes + "," + themes;
@ -175,24 +176,13 @@ in
PATH = "${pkgs.git}/bin/git"; PATH = "${pkgs.git}/bin/git";
}; };
storage = {
STORAGE_TYPE = "minio";
MINIO_USE_SSL = "true";
MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
MINIO_BUCKET = "dtth-gitea";
MINIO_LOCATION = "auto";
MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
};
federation.ENABLED = true; federation.ENABLED = true;
DEFAULT.APP_NAME = "DTTHGit";
}; };
stateDir = "/mnt/data/gitea"; stateDir = "/mnt/data/gitea";
secrets.mailer.PASSWD = secrets."gitea/mailer-password".path; mailerPasswordFile = secrets."gitea/mailer-password".path;
secrets.storage.MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/minio-secret-key".path;
database = { database = {
inherit user; inherit user;
@ -215,18 +205,17 @@ in
environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg"; environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg";
# https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7 # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
preStart = preStart = ''
'' # Import the signing subkey
# Import the signing subkey if cat ${config.services.gitea.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then echo "Keys already imported"
echo "Keys already imported" # imported
# imported else
else echo "Import your keys!"
echo "Import your keys!" ${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path} echo "trusted-key ${signingKey}" >> ${config.services.gitea.stateDir}/.gnupg/gpg.conf
echo "trusted-key ${signingKey}" >> ${config.services.forgejo.stateDir}/.gnupg/gpg.conf exit 1
exit 1 fi
fi '';
'';
}; };
} }

6
nki-personal-do/hardware-configuration.nix
View file

@ -9,11 +9,9 @@
swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }]; swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }];
zramSwap.enable = true; zramSwap.enable = true;
# volumes # volumes
services.btrfs.autoScrub.enable = true;
fileSystems.data = { fileSystems.data = {
device = "/dev/disk/by-id/scsi-0HC_Volume_101470796"; device = "/dev/disk/by-id/scsi-0HC_Volume_31812942";
fsType = "btrfs"; fsType = "ext4";
mountPoint = "/mnt/data"; mountPoint = "/mnt/data";
options = [ "compress=zstd" ];
}; };
} }

25
nki-personal-do/headscale.nix
View file

@ -27,8 +27,7 @@ rec {
noCloudflare = true; noCloudflare = true;
}; };
systemd.services.headscale.requires = [ "postgresql.service" "arion-authentik.service" ]; systemd.services.headscale.requires = [ "postgresql.service" ];
systemd.services.headscale.after = [ "postgresql.service" "arion-authentik.service" ];
services.headscale = { services.headscale = {
enable = true; enable = true;
inherit port; inherit port;
@ -36,25 +35,23 @@ rec {
settings = { settings = {
server_url = "https://hs.dtth.ch"; server_url = "https://hs.dtth.ch";
database.type = "postgres"; db_type = "postgres";
database.postgres = { db_host = "/var/run/postgresql"; # find out yourself
host = "/var/run/postgresql"; # find out yourself db_user = "headscale";
user = "headscale"; db_name = "headscale";
name = "headscale";
};
dns = { dns_config = {
base_domain = "dtth.ts"; base_domain = host;
}; };
noise = { noise = {
private_key_path = "/var/lib/headscale/noise_private.key"; private_key_path = "/var/lib/headscale/noise_private.key";
}; };
prefixes = { ip_prefixes = [
v6 = "fd7a:115c:a1e0::/48"; "fd7a:115c:a1e0::/48"
v4 = "100.64.0.0/10"; "100.64.0.0/10"
}; ];
derp.paths = [ derp.paths = [
secrets."headscale/derp-servers/vnm".path secrets."headscale/derp-servers/vnm".path

2
nki-personal-do/miniflux.nix
View file

@ -42,7 +42,7 @@ in
systemd.services.miniflux = { systemd.services.miniflux = {
description = "Miniflux service"; description = "Miniflux service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ]; after = [ "network.target" ];
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {

78
nki-personal-do/n8n.nix
View file

@ -1,78 +0,0 @@
{ config, lib, pkgs, ... }:
let
secrets = config.sops.secrets;
host = "n8n.dtth.ch";
db = "n8n";
user = db;
port = 23412;
dataFolder = "/mnt/data/n8n";
plugins = pkgs.callPackage ./n8n/plugins/package.nix { };
in
{
sops.secrets."n8n/env" = { reloadUnits = [ "n8n.service" ]; };
cloud.postgresql.databases = [ db ];
cloud.traefik.hosts.n8n = {
inherit port host;
};
# users
users.users."${user}" = {
group = "${user}";
isSystemUser = true;
};
users.groups."${user}" = { };
services.n8n = {
enable = true;
webhookUrl = "https://${host}";
};
systemd.services.n8n = {
environment = {
# Database
DB_TYPE = "postgresdb";
DB_POSTGRESDB_DATABASE = db;
DB_POSTGRESDB_HOST = "/var/run/postgresql";
DB_POSTGRESDB_USER = db;
# Deployment
N8N_EDITOR_BASE_URL = "https://${host}";
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "true";
N8N_USER_FOLDER = lib.mkForce dataFolder;
HOME = lib.mkForce dataFolder;
N8N_HOST = host;
N8N_PORT = toString port;
N8N_LISTEN_ADDRESS = "127.0.0.1";
N8N_HIRING_BANNER_ENABLED = "false";
N8N_PROXY_HOPS = "1";
# Logs
N8N_LOG_LEVEL = "debug";
# License
N8N_HIDE_USAGE_PAGE = "true";
# Security
N8N_BLOCK_ENV_ACCESS_IN_NODE = "true";
# Timezone
GENERIC_TIMEZONE = "Europe/Berlin";
};
serviceConfig = {
EnvironmentFile = [ secrets."n8n/env".path ];
User = user;
DynamicUser = lib.mkForce false;
ReadWritePaths = [ dataFolder ];
# ReadOnlyPaths = [ "/var/run/postgresql" ];
};
unitConfig.RequiresMountsFor = [ dataFolder ];
};
systemd.tmpfiles.settings."10-n8n" = {
${dataFolder}.d = {
user = user;
group = user;
mode = "0700";
};
"${dataFolder}/.n8n/nodes"."L+" = {
argument = "${plugins}";
};
};
}

1
nki-personal-do/n8n/plugins/.gitignore vendored
View file

@ -1 +0,0 @@
node_modules

1678
nki-personal-do/n8n/plugins/package-lock.json generated
View file

File diff suppressed because it is too large Load diff

8
nki-personal-do/n8n/plugins/package.json
View file

@ -1,8 +0,0 @@
{
"name": "n8n-plugins",
"version": "1.0.0",
"dependencies": {
"n8n-nodes-turndown-html-to-markdown": "^1.0.5",
"n8n-nodes-vikunja": "^0.2.0"
}
}

4
nki-personal-do/n8n/plugins/package.nix
View file

@ -1,4 +0,0 @@
{ nodejs, importNpmLock }: importNpmLock.buildNodeModules {
inherit nodejs;
npmRoot = ./.;
}

67
nki-personal-do/nextcloud.nix Normal file
View file

@ -0,0 +1,67 @@
{ lib, pkgs, config, ... }:
with lib;
let
user = "nextcloud";
host = "cloud.dtth.ch";
port = 61155;
secrets = config.sops.secrets;
in
{
sops.secrets."nextcloud/admin-password" = { owner = user; };
sops.secrets."nextcloud/minio-secret-key" = { owner = user; key = "minio-secret-key"; };
# database
cloud.postgresql.databases = [ user ];
# traefik
cloud.traefik.hosts.nextcloud = {
inherit port host;
};
systemd.services.nextcloud.requires = [ "postgresql.service" ];
services.nextcloud = {
enable = true;
hostName = host;
package = pkgs.nextcloud26;
enableBrokenCiphersForSSE = false;
home = "/mnt/data/nextcloud";
https = true;
database.createLocally = false;
extraApps = with pkgs.nextcloud26Packages.apps; {
inherit calendar contacts deck forms groupfolders news tasks;
sociallogin = pkgs.fetchNextcloudApp rec {
url = "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.4.3/release.tar.gz";
sha256 = "sha256-ZKwtF9j9WFIk3MZgng9DmN00A73S2Rb4qbehL9adaZo=";
};
};
config = {
# Database
dbtype = "pgsql";
dbname = user;
dbuser = user;
dbhost = "/run/postgresql";
# User
adminuser = "nki";
adminpassFile = secrets."nextcloud/admin-password".path;
# General
overwriteProtocol = "https";
defaultPhoneRegion = "VN";
objectstore.s3 = {
enable = true;
bucket = "nextcloud-dtth";
autocreate = true;
key = "minio";
secretFile = config.sops.secrets."nextcloud/minio-secret-key".path;
hostname = "s3.dtth.ch";
port = 443;
useSsl = true;
usePathStyle = true;
region = "us-east-1";
};
};
};
services.nginx.virtualHosts.${host}.listen = [{ inherit port; addr = "127.0.0.1"; }];
}

56
nki-personal-do/outline.nix
View file

@ -1,56 +0,0 @@
{ config, pkgs, ... }: {
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
sops.secrets."outline/s3-secret-key" = { owner = "outline"; };
services.outline = {
enable = true;
package = pkgs.outline.overrideAttrs (attrs: {
patches = attrs.patches or [ ] ++ [
../modules/cloud/outline/dtth-wiki.patch
../modules/cloud/outline/r2.patch
];
});
databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable";
redisUrl = "local";
publicUrl = "https://wiki.dtth.ch";
port = 18729;
storage = {
accessKey = "6ef730e13f172d2ed6ed77f0b5b9bad9";
secretKeyFile = config.sops.secrets."outline/s3-secret-key".path;
region = "auto";
uploadBucketUrl = "https://60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
uploadBucketName = "dtth-outline";
uploadMaxSize = 50 * 1024 * 1000;
};
maximumImportSize = 50 * 1024 * 1000;
oidcAuthentication = {
clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7";
clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path;
authUrl = "https://auth.dtth.ch/application/o/authorize/";
tokenUrl = "https://auth.dtth.ch/application/o/token/";
userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/";
displayName = "DTTH Account";
};
smtp = {
fromEmail = "DTTH Wiki <dtth.wiki@nkagami.me>";
replyEmail = "";
host = "mx1.nkagami.me";
username = "dtth.wiki@nkagami.me";
passwordFile = config.sops.secrets."outline/smtp-password".path;
port = 465;
secure = true;
};
forceHttps = false;
};
cloud.postgresql.databases = [ "outline" ];
systemd.services.outline.requires = [ "postgresql.service" ];
systemd.services.outline.environment = {
AWS_S3_R2 = "true";
AWS_S3_R2_PUBLIC_URL = "https://s3.wiki.dtth.ch";
};
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
}

25
nki-personal-do/peertube.nix
View file

@ -3,9 +3,7 @@ let
secrets = config.sops.secrets; secrets = config.sops.secrets;
cfg = config.services.peertube; cfg = config.services.peertube;
user = "peertube";
host = "peertube.dtth.ch"; host = "peertube.dtth.ch";
dataFolder = "/mnt/data/peertube";
port = 19878; port = 19878;
in in
{ {
@ -59,6 +57,12 @@ in
settings.client.videos = { settings.client.videos = {
resumable_upload.max_chunk_size = "90MB"; resumable_upload.max_chunk_size = "90MB";
}; };
settings.storage = {
storyboards = "/var/lib/peertube/storage/storyboards/";
tmp = "/mnt/data/peertube/tmp/";
tmp_persistent = "/mnt/data/peertube/tmp_persistent/";
web_videos = "/mnt/data/peertube/web-videos/";
};
# Trust proxy # Trust proxy
settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs; settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;
@ -72,22 +76,5 @@ in
dataDirs = [ "/var/lib/peertube" "/mnt/data/peertube" ]; dataDirs = [ "/var/lib/peertube" "/mnt/data/peertube" ];
}; };
systemd.services.peertube = {
requires = [ "arion-authentik.service" ];
after = [ "arion-authentik.service" ];
unitConfig.RequiresMountsFor = [ dataFolder ];
};
systemd.tmpfiles.settings."10-peertube" = {
# The service hard-codes a lot of paths here, so it's nicer if we just symlink
"/var/lib/peertube"."L+" = {
argument = dataFolder;
};
${dataFolder}."d" = {
user = user;
group = user;
mode = "0700";
};
};
} }

21
nki-personal-do/secrets/secrets.yaml
View file

File diff suppressed because one or more lines are too long

99
nki-personal-do/vikunja.nix
View file

@ -1,99 +0,0 @@
{ pkgs, lib, config, ... }:
let
secrets = config.sops.secrets;
host = "kanban.dtth.ch";
user = "vikunja";
port = 12785;
storageMount = "/mnt/data/vikunja";
in
{
sops.secrets."vikunja/env" = { restartUnits = [ "vikunja.service" ]; };
sops.secrets."vikunja/provider-clientsecret" = { restartUnits = [ "vikunja.service" ]; };
cloud.postgresql.databases = [ user ];
cloud.traefik.hosts.vikunja = {
inherit port host;
};
# users
users.users."${user}" = {
group = "${user}";
isSystemUser = true;
};
users.groups."${user}" = { };
services.vikunja = {
inherit port;
enable = true;
frontendScheme = "https";
frontendHostname = host;
environmentFiles = [ secrets."vikunja/env".path ];
database = {
type = "postgres";
host = "/var/run/postgresql";
user = user;
database = user;
};
settings = {
service = {
publicurl = "https://${host}";
enableregistration = false;
enablepublicteams = true;
};
mailer = {
enabled = true;
host = "mx1.nkagami.me";
port = 465;
forcessl = true;
};
files.basepath = lib.mkForce storageMount;
migration = {
todoist.enable = true;
trello.enable = true;
};
backgrounds.providers.unsplash.enabled = true;
auth = {
local.enabled = false;
openid = {
enabled = true;
providers.authentik = {
name = "DTTH Discord Account";
authurl = "https://auth.dtth.ch/application/o/vikunja/";
logouturl = "https://auth.dtth.ch/application/o/vikunja/end-session/";
clientid = "GvCIBtdE2ZRbAo5BJzw4FbZjer7umJlaROT1Pvlp";
scope = "openid profile email vikunja_scope";
};
};
};
defaultsettings = {
avatar_provider = "gravatar";
week_start = 1;
language = "VN";
timezone = "Asia/Ho_Chi_Minh";
};
};
};
systemd.services.vikunja = {
serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ];
serviceConfig.User = user;
serviceConfig.DynamicUser = lib.mkForce false;
serviceConfig.ReadWritePaths = [ storageMount ];
environment.VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE = "%d/VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE";
unitConfig = {
RequiresMountsFor = [ storageMount ];
};
};
systemd.tmpfiles.settings."10-vikunja".${storageMount}.d = {
user = user;
group = user;
mode = "0700";
};
}

2
nki-x1c1/hardware-configuration.nix
View file

@ -36,4 +36,6 @@
[{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }]; [{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl.enable = true;
} }

31
nki-yoga-g8/configuration.nix
View file

@ -4,14 +4,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
vmware = { pkgs, ... }: {
environment.systemPackages = [ pkgs.vmware-horizon-client ];
virtualisation.vmware.host = {
enable = true;
};
};
in
{ {
imports = imports =
[ [
@ -21,28 +13,9 @@ in
../modules/personal/fonts ../modules/personal/fonts
# Encrypted DNS # Encrypted DNS
../modules/services/edns ../modules/services/edns
vmware
]; ];
# Secrets services.xserver.desktopManager.plasma6.enable = true;
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
# Build farm
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "yoga";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
## tinc
sops.secrets."tinc-private-key" = { };
services.my-tinc = {
enable = true;
hostName = "yoga";
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
};
services.desktopManager.plasma6.enable = true;
# Power Management # Power Management
services.upower = { services.upower = {
@ -80,7 +53,7 @@ in
services.printing.drivers = with pkgs; [ epfl-cups-drivers ]; services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true; services.xserver.libinput.enable = true;
# Keyboard # Keyboard
services.input-remapper.enable = true; services.input-remapper.enable = true;
services.input-remapper.serviceWantedBy = [ "multi-user.target" ]; services.input-remapper.serviceWantedBy = [ "multi-user.target" ];

32
nki-yoga-g8/secrets.yaml
View file

@ -1,32 +0,0 @@
tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:etqFl2T2atN2djxqktFRtrTGqsC61A+ZUd2yS0PLm5KPO2s2/k6XqQGac9rUWP86C1YGpTJhUMzYuOPGW4yNc0YmoeHVslxBR7nX8pubXabZNdB2YMm/yAgsdeeflo4slbxJ6+00eH0iCrtWcHtWbZafHnxojborZABOvCsODdx/ahJ4J9aHqf22cAqe9iJY3L0TgE+iazKS8OO+C/PTaQiV02NZjP8GajRMXzPVoYT7wz3u0t0q0m/t8FkhMIDl9QKL+kFUDeLEGoCBzR57JXLZiW1gJsRxbkP8hVIB3s4TQnhasxqQQlCJuqBSNFl/cGdBm/ADm/yi78VHQG7rUxUrFVDL4Aoidjp6GyoojLIEpdQjtlvC7RCLNpTibV6B71EB3obpjMmmIwfoDLT4jEWhXNx3b8DnMoa0Qh4ba+HBJf+XKA93B0qOJWwJzj4qH9uqBK3xPOGTkqQMmd9M1HYrStTcI/JUX0WvEMwk8xI8MZN/TsLij4w5i6NCwSqa8Dn2lyLK0BGp5C8RT8R4k6U2ieyY6lmxsGIe,iv:703rM/FQz65upd1JWTHNsjAXh2BeoknkALShKuHUsis=,tag:yAB6KJqpm1mOFT5GzKRPBw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseVN3ODV1YkZnNms0Y09l
dUFBK1EyOTEydWg5KzAwcjZVSG8yYlRDWlhRCklLS2ZJNlBvSlEyOGF2ZFg2UGVW
UC9LN0hxdmtGN3JlOWJaTU5hbGwvc2MKLS0tIGM1NGZxd1NoTXNacEJqMVlsbTdi
MytuNUNydmJYWFYyQk9DaHVuVk85cjAKScucMPO8pyMlSxFw09NqzqVmDYVEh5xT
4fSTAsMwIiuOyV7jvHYORxKWNMLr5t6fnj8+OFq5qUc//jNWf9pVuA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNXp6MWZGb2dGdW1ML2xq
ZWMvSVdWalQ5Z2NzTWd3Z1AweXlXZnRwUWtRCkY1VFhPS0NtbFZKU0VCMlAvSmhG
N2NmdWxTUEpMb05Ld3p6MzhhRkdBc3cKLS0tIGQ0TmFxdk1GV205azRzZ0hUWitj
eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T14:17:07Z"
mac: ENC[AES256_GCM,data:qrMyVDLhtK4URqrHFBx+08PMrFyfib4iH0y7iAeVB/oFGazjm3O5MeS9fNYJeONghuelux69nh2FRfSJHG/moEBcWlL68R4xbCb4he528P+n7mQnR54BNFJdT2oOra4bqO9n/4m2UA8jmA0veoqSrZUVjnmjftqOedjnRESY1L8=,iv:jql79ItwPcJg/nnbsUywOzWz/UJy0ZpY04pvEF290c4=,tag:XKrToym2dXdippnivoK1/Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

88
overlay.nix
View file

@ -1,7 +1,6 @@
{ nixpkgs, nixpkgs-unstable, ... }@inputs: { nixpkgs, nixpkgs-unstable, nur, ... }@inputs:
let let
overlay-unstable = final: prev: { overlay-unstable = final: prev: {
stable = import nixpkgs { config.allowUnfree = true; system = prev.system; };
unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; }; unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; };
x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; }; x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; };
}; };
@ -9,6 +8,9 @@ let
# Typst updates really quickly. # Typst updates really quickly.
typst = final.unstable.typst; typst = final.unstable.typst;
typst-lsp = final.unstable.typst-lsp; typst-lsp = final.unstable.typst-lsp;
# Until 0.35 is in
kitty = final.unstable.kitty;
}; };
overlay-imported = final: prev: { overlay-imported = final: prev: {
sway = prev.sway.override { sway-unwrapped = final.swayfx-unwrapped; }; sway = prev.sway.override { sway-unwrapped = final.swayfx-unwrapped; };
@ -22,7 +24,7 @@ let
overlay-versioning = final: prev: { overlay-versioning = final: prev: {
gotosocial = prev.gotosocial.overrideAttrs (attrs: rec { gotosocial = prev.gotosocial.overrideAttrs (attrs: rec {
version = "0.17.1"; version = "0.16.0";
ldflags = [ ldflags = [
"-s" "-s"
"-w" "-w"
@ -32,13 +34,13 @@ let
web-assets = final.fetchurl { web-assets = final.fetchurl {
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz"; url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz";
hash = "sha256-rGntLlIbgfCtdqpD7tnvAY8qwF+BpYbQWfAGMhdOTgY="; hash = "sha256-aZQpd5KvoZvXEMVzGbWrtGsc+P1JStjZ6U5mX6q7Vb0=";
}; };
src = final.fetchFromGitHub { src = final.fetchFromGitHub {
owner = "superseriousbusiness"; owner = "superseriousbusiness";
repo = "gotosocial"; repo = "gotosocial";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-oWWsCs9jgd244yzWhgLkuHp7kY0BQ8+Ay6KpuBVG+U8="; hash = "sha256-QoG09+jmq5e5vxDVtkhY35098W/9B1HsYTuUnz43LV4=";
}; };
postInstall = '' postInstall = ''
tar xf ${web-assets} tar xf ${web-assets}
@ -71,18 +73,19 @@ let
nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ]; nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ];
}); });
vikunja = # Add desktop file to premid
# builtins.seq premid = final.symlinkJoin {
# (final.lib.assertMsg (prev.vikunja.version == "0.24.5") "Vikunja probably doesn't need custom versions anymore") name = prev.premid.name;
(final.callPackage ./packages/common/vikunja.nix { }); paths = [
prev.premid
luminance = prev.luminance.overrideAttrs (attrs: { (final.makeDesktopItem {
nativeBuildInputs = attrs.nativeBuildInputs ++ [ final.wrapGAppsHook ]; name = prev.premid.name;
buildInputs = attrs.buildInputs ++ [ final.glib ]; desktopName = "PreMID";
postInstall = attrs.postInstall + '' exec = "${final.lib.getExe prev.premid} --no-sandbox %U";
glib-compile-schemas $out/share/glib-2.0/schemas icon = "premid";
''; })
}); ];
};
}; };
overlay-libs = final: prev: { overlay-libs = final: prev: {
@ -99,40 +102,55 @@ let
in in
final.libs.crane.buildPackage { final.libs.crane.buildPackage {
inherit src cargoArtifacts; inherit src cargoArtifacts;
buildInputs = (with final; buildInputs = with final; [ libiconv ];
lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ Security SystemConfiguration CoreServices ])
) ++ (with final; [ libiconv ]);
}; };
zen-browser-bin = final.callPackage inputs.zen-browser.packages.${final.stdenv.system}.zen-browser.override {
wrap-firefox = opts: final.wrapFirefox (opts // {
nativeMessagingHosts = with final; [ kdePackages.plasma-browser-integration ];
});
zen-browser-unwrapped = final.callPackage inputs.zen-browser.packages.${final.stdenv.system}.zen-browser-unwrapped.override {
sources = inputs.zen-browser.inputs;
};
};
}; };
overlay-aarch64-linux = final: prev:
let
optionalOverride = pkg: alt:
if prev.stdenv.isLinux && prev.stdenv.isAarch64 then alt else pkg;
in
{
# See https://github.com/sharkdp/fd/issues/1085
fd = optionalOverride prev.fd (prev.fd.overrideAttrs (attrs: {
preBuild = ''
export JEMALLOC_SYS_WITH_LG_PAGE=16
'';
}));
# See https://www.reddit.com/r/AsahiLinux/comments/zqejue/kitty_not_working_with_mesaasahiedge/
kitty = optionalOverride prev.kitty (final.writeShellApplication {
name = "kitty";
runtimeInputs = [ ];
text = ''
MESA_GL_VERSION_OVERRIDE=3.3 MESA_GLSL_VERSION_OVERRIDE=330 ${prev.kitty}/bin/kitty "$@"
'';
});
# Zotero does not have their own aarch64-linux build
zotero = optionalOverride prev.zotero (final.callPackage ./packages/aarch64-linux/zotero.nix { });
# Typora for aarch64-linux only
typora = optionalOverride
(builtins.abort "no support for non-aarch64-linux")
(final.callPackage ./packages/aarch64-linux/typora.nix { });
};
in in
[ [
# inputs.swayfx.inputs.scenefx.overlays.override inputs.swayfx.overlays.default
# inputs.swayfx.overlays.override
inputs.mpd-mpris.overlays.default inputs.mpd-mpris.overlays.default
inputs.rust-overlay.overlays.default
inputs.youmubot.overlays.default inputs.youmubot.overlays.default
inputs.niri.overlays.niri
(import ./overlays/openrazer)
overlay-unstable overlay-unstable
overlay-needs-unstable overlay-needs-unstable
overlay-packages overlay-packages
overlay-imported overlay-imported
overlay-versioning overlay-versioning
overlay-libs overlay-libs
overlay-aarch64-linux
nur.overlay
(import ./packages/common) (import ./packages/common)
# Bug fixes # Bug fixes
] # we assign the overlay created before to the overlays of nixpkgs. ] # we assign the overlay created before to the overlays of nixpkgs.

31
overlays/openrazer/default.nix Normal file
View file

@ -0,0 +1,31 @@
final: prev:
let
version = "3.3.0";
src = final.fetchFromGitHub {
owner = "openrazer";
repo = "openrazer";
rev = "v${version}";
sha256 = "sha256-lElE1nIiJ5fk2DupHu43tmxRjRsS5xeL1Yz/LuRlgtM=";
};
in
rec
{
openrazer-daemon = prev.openrazer-daemon.overrideAttrs (old: {
inherit src version;
});
python3 = prev.python3.override {
packageOverrides = self: super: {
openrazer-daemon = super.openrazer-daemon.overrideAttrs (old: {
inherit src version;
});
};
};
python3Packages = python3.pkgs;
linuxPackages_latest = prev.linuxPackages_latest.extend (self: super: {
openrazer = super.openrazer.overrideAttrs (old: {
inherit src version;
});
});
}

128
packages/common/vikunja.nix
View file

@ -1,128 +0,0 @@
{ lib, fetchFromGitHub, stdenv, nodejs, pnpm, buildGoModule, mage, writeShellScriptBin, nixosTests, autoPatchelfHook, musl }:
let
version = "0.24.5-git";
src = fetchFromGitHub {
owner = "go-vikunja";
repo = "vikunja";
rev = "e57f04ec23e9ff8aa9877d2ea7d571c2a44790b0";
hash = "sha256-W6o1h6XBPvT1lH1zO5N7HcodksKill5eqSuaFl2kfuY=";
};
frontend = stdenv.mkDerivation (finalAttrs: {
pname = "vikunja-frontend";
inherit version src;
sourceRoot = "${finalAttrs.src.name}/frontend";
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs) pname version src sourceRoot;
hash = "sha256-sOCaJDBgEMID+lN5plQpSqaGBIUs5h2tAwDzhtOH53o=";
};
nativeBuildInputs = [
nodejs
pnpm.configHook
autoPatchelfHook
];
buildInputs = [
musl # For sass-embedded
];
doCheck = true;
dontAutoPatchelf = true;
# See https://github.com/sass/embedded-host-node/issues/334
preBuild = ''
autoPatchelf node_modules/.pnpm/sass-embedded*
'';
postBuild = ''
pnpm run build
'';
checkPhase = ''
pnpm run test:unit --run
'';
installPhase = ''
cp -r dist/ $out
'';
});
# Injects a `t.Skip()` into a given test since there's apparently no other way to skip tests here.
skipTest = lineOffset: testCase: file:
let
jumpAndAppend = lib.concatStringsSep ";" (lib.replicate (lineOffset - 1) "n" ++ [ "a" ]);
in
''
sed -i -e '/${testCase}/{
${jumpAndAppend} t.Skip();
}' ${file}
'';
in
buildGoModule {
inherit src version;
pname = "vikunja";
nativeBuildInputs =
let
fakeGit = writeShellScriptBin "git" ''
if [[ $@ = "describe --tags --always --abbrev=10" ]]; then
echo "${version}"
else
>&2 echo "Unknown command: $@"
exit 1
fi
'';
in
[ fakeGit mage ];
vendorHash = "sha256-UWjlivF9ySXCAr84A1trCJ/n9pB98ZhEyG11qz3PL7g=";
inherit frontend;
prePatch = ''
cp -r ${frontend} frontend/dist
'';
postConfigure = ''
# These tests need internet, so we skip them.
${skipTest 1 "TestConvertTrelloToVikunja" "pkg/modules/migration/trello/trello_test.go"}
${skipTest 1 "TestConvertTodoistToVikunja" "pkg/modules/migration/todoist/todoist_test.go"}
'';
buildPhase = ''
runHook preBuild
# Fixes "mkdir /homeless-shelter: permission denied" - "Error: error compiling magefiles" during build
export HOME=$(mktemp -d)
mage build:build
runHook postBuild
'';
checkPhase = ''
mage test:unit
mage test:integration
'';
installPhase = ''
runHook preInstall
install -Dt $out/bin vikunja
runHook postInstall
'';
passthru.tests.vikunja = nixosTests.vikunja;
meta = {
changelog = "https://kolaente.dev/vikunja/api/src/tag/v${version}/CHANGELOG.md";
description = "Todo-app to organize your life";
homepage = "https://vikunja.io/";
license = lib.licenses.agpl3Plus;
maintainers = with lib.maintainers; [ leona ];
mainProgram = "vikunja";
platforms = lib.platforms.linux;
};
}