Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Lillian-Violet:main
Branches Tags
Lillian-Violet:main
Lillian-Violet:stylix-fixed
Lillian-Violet:Desktop-changes
Lillian-Violet:bcachefs-update-broken-queen
Lillian-Violet:fcast
Lillian-Violet:2.0
Lillian-Violet:v1.0
..
compare: Lillian-Violet:Desktop-changes
Branches Tags
Lillian-Violet:main
Lillian-Violet:stylix-fixed
Lillian-Violet:Desktop-changes
Lillian-Violet:bcachefs-update-broken-queen
Lillian-Violet:fcast
Lillian-Violet:2.0
Lillian-Violet:v1.0

No commits in common. "main" and "Desktop-changes" have entirely different histories.
main ... Desktop-ch

80 changed files with 2540 additions and 3507 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake "git+https://git.lillianviolet.dev/Lillian-Violet/dev-templates.git?dir=nix"

15
README.md
View file

@ -46,16 +46,6 @@ To test if your build succeeds the basic checks and can start building the artif
Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run) Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run)
## Post installation
I have made a few commands for post installation (and for an iso installer to use) that make life a bit easier, they are automatically added to the [$PATH](https://en.wikipedia.org/wiki/PATH_(variable)). The commands will automatically inhibit sleep and standby so you don't have to worry about them getting interrupted.
| Command | Effect |
| ------------- | ------------- |
| rebuild | Use the latest version of the repo and do a nixos-rebuild switch on it to upgrade your system. |
| update | Update the flake lock in the repo, run a test to see if nothing breaks, and then push the flake lock update done to the repo. |
| upgrade | Run update and rebuild one after the other, useful for a quick upgrade. |
| install | Run a script that automatically lets you select a host to format the disks with disko, install nixos on that disk, and deploy the entire configuration. (useful for instal USBs) |
## Technical details ## Technical details
### [Home manager](https://github.com/nix-community/home-manager) ### [Home manager](https://github.com/nix-community/home-manager)
@ -66,7 +56,4 @@ The secrets are managed in sops files within the hosts folders, there is only on
``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"`` ``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"``
This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself. This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself.
### [Just](https://github.com/casey/just)
This repo uses just as a command runner for setting up and building the nixos files more easily. The programs needed to run all the commands are nix, just, and nom (nix output monitor). The commands you can use can be found in the justfile (named justfile in the root of this repo). This is purely for convenience, it doesn't add anything you could not manually do, it just automates a lot of steps.

53
disko/GLaDOS/default.nix
View file

@ -1,9 +1,9 @@
{ {
disko.devices = { disko.devices = {
disk = { disk = {
main = { sda1 = {
type = "disk"; type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1"; device = "/dev/disk/by-path/pci-0000:06:00.0-ata-6";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
@ -14,45 +14,64 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ "umask=0077" ]; mountOptions = [
"defaults"
];
}; };
}; };
nvme_luks = { luks = {
size = "100%"; size = "100%";
content = { content = {
type = "luks"; type = "luks";
name = "nvme_crypted"; name = "crypted";
extraOpenArgs = [ ]; extraOpenArgs = [];
settings = { settings = {
# if you want to use the key for interactive login be sure there is no trailing newline # if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key` # for example use `echo -n "password" > /tmp/secret.key`
#keyFile = "/tmp/secret.key"; #keyFile = "/tmp/secret.key";
allowDiscards = true; allowDiscards = true;
}; };
#additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = { content = {
type = "lvm_pv"; type = "lvm_pv";
vg = "nvme_pool"; vg = "pool";
}; };
}; };
}; };
}; };
}; };
}; };
#sdc = {
#device = "/dev/disk/by-path/pci-0000:06:00.0-ata-2";
#type = "disk";
#content = {
#type = "gpt";
#partitions = {
#root = {
#size = "100%";
#content = {
#type = "filesystem";
#format = "ext4";
#mountpoint = "/media";
#};
#};
#};
#};
#};
}; };
lvm_vg = { lvm_vg = {
nvme_pool = { pool = {
type = "lvm_vg"; type = "lvm_vg";
lvs = { lvs = {
nvme_swap = { swap = {
size = "32G"; size = "16G";
content = { content = {
type = "swap"; type = "swap";
discardPolicy = "both";
resumeDevice = true; # resume from hiberation from this device resumeDevice = true; # resume from hiberation from this device
}; };
}; };
nvme_root = { root = {
size = "100%"; size = "100%FREE";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
@ -65,5 +84,13 @@
}; };
}; };
}; };
nodev = {
"/home/lillian/Downloads" = {
fsType = "tmpfs";
mountOptions = [
"size=4G"
];
};
};
}; };
} }

47
disko/wheatley/default.nix
View file

@ -1,47 +0,0 @@
{
disko = {
devices = {
disk = {
disk1 = {
imageSize = "20G";
type = "disk";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
firmware = {
size = "30M";
priority = 1;
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/firmware";
};
};
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
extraArgs = [];
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

1381
flake.lock generated
View file

File diff suppressed because it is too large Load diff

234
flake.nix
View file

@ -13,11 +13,11 @@
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
# bcachefs-tools = { bcachefs-tools = {
# url = "github:koverstreet/bcachefs-tools"; url = "github:koverstreet/bcachefs-tools";
# inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# inputs.flake-parts.follows = "flake-parts"; inputs.flake-parts.follows = "flake-parts";
# }; };
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; # Flake parts for easy flake management url = "github:hercules-ci/flake-parts"; # Flake parts for easy flake management
@ -33,7 +33,11 @@
# catpuccin theme # catpuccin theme
catppuccin.url = "github:catppuccin/nix"; catppuccin.url = "github:catppuccin/nix";
# Conduwuit fork after it shut down # Conduit fork without all the fuss and drama
conduwuit = {
url = "github:girlbossceo/conduwuit";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix index database files # Nix index database files
nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.url = "github:nix-community/nix-index-database";
@ -74,8 +78,6 @@
# Add any other flake you might need # Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware"; # hardware.url = "github:nixos/nixos-hardware";
# Stylix theming engine
stylix.url = "github:nix-community/stylix";
}; };
outputs = { outputs = {
@ -95,21 +97,14 @@
jovian, jovian,
nixos-hardware, nixos-hardware,
nix-index-database, nix-index-database,
stylix, conduwuit,
... ...
} @ inputs: let } @ inputs: let
supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];
forEachSupportedSystem = f:
nixpkgs.lib.genAttrs supportedSystems (system:
f {
pkgs = import nixpkgs {inherit system;};
});
inherit (self) outputs; inherit (self) outputs;
inherit (inputs) nixpkgs-edge; inherit (inputs) nixpkgs-edge;
# Supported systems for your flake packages, shell, etc. # Supported systems for your flake packages, shell, etc.
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux"
]; ];
# This is a function that generates an attribute by calling a function you # This is a function that generates an attribute by calling a function you
# pass to it, with each system as an argument # pass to it, with each system as an argument
@ -121,41 +116,7 @@
allowUnfreePredicate = _: true; allowUnfreePredicate = _: true;
}; };
}; };
sharedModules = [
./nixos/shared
sops-nix.nixosModules.sops
disko.nixosModules.disko
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
stylix.nixosModules.stylix
nix-index-database.nixosModules.nix-index
{programs.nix-index-database.comma.enable = true;}
{
home-manager.sharedModules = [
catppuccin.homeModules.catppuccin
./home-manager/shared
sops-nix.homeManagerModules.sops
];
}
];
desktopModules = [
./nixos/desktop
{
home-manager.sharedModules = [
inputs.plasma-manager.homeModules.plasma-manager
./home-manager/desktop
];
}
];
in { in {
devShells = forEachSupportedSystem ({pkgs}: {
default = pkgs.mkShell {
packages = with pkgs; [nom just git];
};
});
# Your custom packages # Your custom packages
# Accessible through 'nix build', 'nix shell', etc # Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system: packages = forAllSystems (system:
@ -172,7 +133,7 @@
nixosModules = import ./modules/nixos; nixosModules = import ./modules/nixos;
# Reusable home-manager modules you might want to export # Reusable home-manager modules you might want to export
# These are usually stuff you would upstream into home-manager # These are usually stuff you would upstream into home-manager
# homeManagerModules = import ./modules/home-manager; homeManagerModules = import ./modules/home-manager;
# Your custom packages and modifications, exported as overlays # Your custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;}; overlays = import ./overlays {inherit inputs;};
@ -180,91 +141,132 @@
# NixOS configuration entrypoint # NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#your-hostname' # Available through 'nixos-rebuild --flake .#your-hostname'
nixosConfigurations = { nixosConfigurations = {
# nixIso = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules =
# sharedModules
# ++ desktopModules
# ++ [
# ./nixos/hosts/iso/configuration.nix
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
# ];
# };
EDI = nixpkgs.lib.nixosSystem { EDI = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = modules = [
sharedModules {_module.args = {inherit pkgs-edge;};}
++ desktopModules nixos-hardware.nixosModules.dell-xps-13-7390
++ [ # > Our main nixos configuration file <
{_module.args = {inherit pkgs-edge;};} ./nixos/hosts/EDI/configuration.nix
nixos-hardware.nixosModules.dell-xps-13-7390 sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
# > Our main nixos configuration file < disko.nixosModules.disko
./nixos/hosts/EDI/configuration.nix home-manager.nixosModules.home-manager
]; nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
}; };
GLaDOS = nixpkgs.lib.nixosSystem { GLaDOS = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = modules = [
sharedModules {_module.args = {inherit pkgs-edge;};}
++ desktopModules # > Our main nixos configuration file <
++ [ ./nixos/hosts/GLaDOS/configuration.nix
{_module.args = {inherit pkgs-edge;};} sops-nix.nixosModules.sops
jovian.nixosModules.jovian #lanzaboote.nixosModules.lanzaboote
# > Our main nixos configuration file < disko.nixosModules.disko
./nixos/hosts/GLaDOS/configuration.nix home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote nix-index-database.nixosModules.nix-index
]; catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
}; };
queen = nixpkgs.lib.nixosSystem { queen = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = modules = [
sharedModules {_module.args = {inherit pkgs-edge;};}
++ [ # > Our main nixos configuration file <
{_module.args = {inherit pkgs-edge;};} ./nixos/hosts/queen/configuration.nix
simple-nixos-mailserver.nixosModule sops-nix.nixosModules.sops
# > Our main nixos configuration file < disko.nixosModules.disko
./nixos/hosts/queen/configuration.nix simple-nixos-mailserver.nixosModule
]; catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
}; };
shodan = nixpkgs.lib.nixosSystem { shodan = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = modules = [
sharedModules {_module.args = {inherit pkgs-edge;};}
++ desktopModules # > Our main nixos configuration file <
++ [ ./nixos/hosts/shodan/configuration.nix
{_module.args = {inherit pkgs-edge;};} sops-nix.nixosModules.sops
# > Our main nixos configuration file < lanzaboote.nixosModules.lanzaboote
./nixos/hosts/shodan/configuration.nix disko.nixosModules.disko
lanzaboote.nixosModules.lanzaboote jovian.nixosModules.jovian
jovian.nixosModules.jovian home-manager.nixosModules.home-manager
{ catppuccin.nixosModules.catppuccin
home-manager.sharedModules = [ {
inputs.plasma-manager.homeModules.plasma-manager home-manager.sharedModules = [
]; inputs.catppuccin.homeManagerModules.catppuccin
} inputs.plasma-manager.homeManagerModules.plasma-manager
]; ];
}
];
}; };
wheatley = nixpkgs.lib.nixosSystem { # ISO = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; # system = "x86_64-linux";
specialArgs = {inherit inputs outputs;}; # specialArgs = {inherit inputs outputs;};
modules = # modules = [
sharedModules # {_module.args = {inherit pkgs-edge;};}
++ [ # "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
{_module.args = {inherit pkgs-edge;};} # "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
./nixos/hosts/wheatley/configuration.nix # ./nixos/hosts/iso/configuration.nix
]; # sops-nix.nixosModules.sops
}; # home-manager.nixosModules.home-manager
# nix-index-database.nixosModules.nix-index
# catppuccin.nixosModules.catppuccin
# {
# home-manager.sharedModules = [
# inputs.plasma-manager.homeManagerModules.plasma-manager
# inputs.catppuccin.homeManagerModules.catppuccin
# ];
# }
# ];
# };
# iso_server = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules = [
# {_module.args = {inherit pkgs-edge;};}
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
# ./nixos/hosts/iso_server/configuration.nix
# sops-nix.nixosModules.sops
# home-manager.nixosModules.home-manager
# nix-index-database.nixosModules.nix-index
# catppuccin.nixosModules.catppuccin
# {
# home-manager.sharedModules = [
# inputs.catppuccin.homeManagerModules.catppuccin
# ];
# }
# ];
# };
}; };
}; };
} }

358
home-manager/desktop/default.nix
View file

@ -1,6 +1,9 @@
{ {
pkgs, inputs,
outputs,
lib,
config, config,
pkgs,
... ...
}: { }: {
# You can import other home-manager modules here # You can import other home-manager modules here
@ -13,14 +16,13 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
./package-configs/plasma-desktop ./package-configs/plasma-desktop.nix
./package-configs/firefox ./package-configs/firefox.nix
./package-configs/konsole ./package-configs/konsole
./package-configs/foot ./package-configs/foot
./package-configs/freetube
./package-configs/vesktop
]; ];
nixpkgs = { nixpkgs = {
config.permittedInsecurePackages = ["cinny-4.2.2" "cinny-unwrapped-4.2.2" "cinny-4.2.1" "cinny-unwrapped-4.2.1"];
# You can add overlays here # You can add overlays here
overlays = [ overlays = [
# You can also add overlays exported from other flakes: # You can also add overlays exported from other flakes:
@ -32,244 +34,178 @@
# patches = [ ./change-hello-to-hi.patch ]; # patches = [ ./change-hello-to-hi.patch ];
# }); # });
# }) # })
# (final: prev: { (final: prev: {
# catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: { catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: {
# accent = "mauve"; accent = "mauve";
# boldKeywords = true; boldKeywords = true;
# italicComments = true; italicComments = true;
# italicKeywords = true; italicKeywords = true;
# extraBordersEnabled = false; extraBordersEnabled = false;
# workbenchMode = "default"; workbenchMode = "default";
# bracketMode = "rainbow"; bracketMode = "rainbow";
# colorOverrides = {}; colorOverrides = {};
# customUIColors = {}; customUIColors = {};
# }); });
# }) })
# (final: prev: { (final: prev: {
# catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: { catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: {
# accent = "mauve"; accent = "mauve";
# boldKeywords = true; boldKeywords = true;
# italicComments = true; italicComments = true;
# italicKeywords = true; italicKeywords = true;
# extraBordersEnabled = false; extraBordersEnabled = false;
# workbenchMode = "default"; workbenchMode = "default";
# bracketMode = "rainbow"; bracketMode = "rainbow";
# colorOverrides = {}; colorOverrides = {};
# customUIColors = {}; customUIColors = {};
# }); });
# }) })
]; ];
# Configure your nixpkgs instance
config = { config = {
permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"];
# Configure your nixpkgs instance
# Disable if you don't want unfree packages # Disable if you don't want unfree packages
allowUnfree = true; allowUnfree = true;
}; };
}; };
systemd.user = {
# services."nextcloud-autosync@" = {
# Unit = {
# Description = "Auto sync Nextcloud";
# After = "network-online.target";
# PartOf = ["nextcloud-autosyncs.target"];
# };
# Service = {
# Type = "simple";
# ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path /%i /home/lillian/%i https://nextcloud.gladtherescake.eu";
# TimeoutStopSec = "180";
# KillMode = "process";
# KillSignal = "SIGINT";
# };
# Install.WantedBy = ["multi-user.target"];
# };
# targets.nextcloud-autosyncs = {
# Unit = {
# Description = "workers";
# Requires = ["nextcloud-autosync@Music" "nextcloud-autosync@Pictures" "nextcloud-autosync@Scripts" "nextcloud-autosync@Videos" "nextcloud-autosync@Documents"];
# PartOf = "nextcloud-autosyncs.target";
# };
# Install.WantedBy = ["multi-user.target"];
# };
# timers.nextcloud-autosyncs = {
# Unit.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 60 minutes";
# Timer.OnBootSec = "5min";
# Timer.OnUnitActiveSec = "60min";
# Install.WantedBy = ["multi-user.target" "timers.target"];
# };
# Nicely reload system units when changing configs
startServices = "sd-switch";
};
home = { home = {
username = "lillian"; username = "lillian";
homeDirectory = "/home/lillian"; homeDirectory = "/home/lillian";
};
file = { # Add stuff for your user as you see fit:
Music = { # programs.neovim.enable = true;
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Music"; # home.packages = with pkgs; [ steam ];
target = "Music"; qt.style.catppuccin.apply = true;
}; programs.freetube.catppuccin.flavor = "macchiato";
Pictures = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Pictures";
target = "Pictures";
};
Screenshots = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Pictures/Screenshots";
target = "Screenshots";
};
Scripts = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Scripts";
target = "Scripts";
};
Videos = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Videos";
target = "Videos";
};
Documents = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Documents";
target = "Documents";
};
floorp = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.mozilla/firefox";
target = ".floorp";
};
librewolf = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.mozilla/firefox";
target = ".librewolf";
};
};
# Add stuff for your user as you see fit: home.packages = with pkgs; [
# programs.neovim.enable = true; # Coding:
# home.packages = with pkgs; [ steam ]; direnv
git
git-credential-manager
git-credential-manager
ruff
kate
packages = with pkgs; [ # Chat applications:
# Coding: signal-desktop
direnv vesktop
git cinny-desktop
git-credential-manager
ruff
devtoolbox
# Chat applications: # Gaming:
signal-desktop prismlauncher
vesktop steam
# cinny-desktop gamescope
# Gaming: # Multimedia:
prismlauncher freetube
steam vlc
gamescope
# Multimedia: # Office applications:
vlc onlyoffice-bin
fcast-receiver gimp
fcast-client thunderbird
# Office applications: # System tools:
onlyoffice-desktopeditors rage
gimp flameshot
thunderbird fzf
nextcloud-client
nitrokey-app
protonvpn-gui
virtualbox
#watchmate
qbittorrent
# System tools: # Theming:
rage catppuccin-cursors
flameshot (catppuccin-kde.override {
fzf flavour = ["macchiato"];
nextcloud-client accents = ["mauve"];
# nitrokey-app })
# protonvpn-gui catppuccin-sddm-corners
virtualbox
#watchmate
qbittorrent
# Theming: # Theming:
catppuccin-cursors catppuccin-cursors
(catppuccin-kde.override { (catppuccin-kde.override {
flavour = ["macchiato"]; flavour = ["macchiato"];
accents = ["mauve"]; accents = ["mauve"];
}) })
catppuccin-sddm-corners catppuccin-sddm-corners
# Theming: # Web browsing:
catppuccin-cursors firefoxpwa
(catppuccin-kde.override { firefoxpwa
flavour = ["macchiato"]; ungoogled-chromium
accents = ["mauve"]; ];
})
catppuccin-sddm-corners
# Web browsing: programs.vscode = {
firefoxpwa enable = true;
ungoogled-chromium package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
charliermarsh.ruff
eamodio.gitlens
github.vscode-pull-request-github
jnoortheen.nix-ide
kamadorueda.alejandra
mkhl.direnv
ms-toolsai.jupyter
ms-pyright.pyright
oderwat.indent-rainbow
rust-lang.rust-analyzer
yzhang.markdown-all-in-one
]; ];
}; };
programs = {
# vscode = {
# enable = true;
# package = pkgs.vscodium;
# extensions = with pkgs.vscode-extensions; [
# catppuccin.catppuccin-vsc
# catppuccin.catppuccin-vsc-icons
# charliermarsh.ruff
# eamodio.gitlens
# github.vscode-pull-request-github
# jnoortheen.nix-ide
# kamadorueda.alejandra
# mkhl.direnv
# ms-toolsai.jupyter
# ms-pyright.pyright
# oderwat.indent-rainbow
# rust-lang.rust-analyzer
# yzhang.markdown-all-in-one
# ];
# };
obs-studio.enable = true; programs.obs-studio = {
obs-studio.plugins = with pkgs.obs-studio-plugins; [ enable = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs wlrobs
obs-backgroundremoval obs-backgroundremoval
obs-pipewire-audio-capture obs-pipewire-audio-capture
]; ];
};
# Enable home-manager and git # Enable home-manager and git
home-manager.enable = true; programs.home-manager.enable = true;
git = { programs.git = {
enable = true; enable = true;
settings = { userEmail = "git@lillianviolet.dev";
user = { userName = "Lillian-Violet";
name = "Lillian-Violet"; extraConfig = {
email = "git@lillianviolet.dev"; init = {
}; defaultBranch = "main";
init = {
defaultBranch = "main";
};
}; };
ignores = [
"*.direnv"
"*.vscode"
".envrc"
"venv"
"venv"
];
signing.format = "ssh";
}; };
ignores = [
"*.direnv"
"*.vscode"
".envrc"
"venv"
"venv"
];
};
gpg.enable = true; programs.gpg.enable = true;
gpg.settings = { programs.gpg.settings = {
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d"; default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
default-recipient-self = true; default-recipient-self = true;
auto-key-locate = "local,wkd,keyserver"; auto-key-locate = "local,wkd,keyserver";
keyserver = "hkps://keys.openpgp.org"; keyserver = "hkps://keys.openpgp.org";
auto-key-retrieve = true; auto-key-retrieve = true;
auto-key-import = true; auto-key-import = true;
keyserver-options = "honor-keyserver-url"; keyserver-options = "honor-keyserver-url";
no-autostart = true; no-autostart = true;
};
}; };
services = {
kdeconnect.package = pkgs.kdePackages.kdeconnect-kde; services.kdeconnect = {
kdeconnect.enable = true; package = pkgs.kdePackages.kdeconnect-kde;
enable = true;
}; };
# Nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
} }

94
home-manager/desktop/package-configs/firefox/default.nix → home-manager/desktop/package-configs/firefox.nix
View file

@ -1,16 +1,11 @@
{pkgs, ...}: { {pkgs, ...}: {
stylix.targets.firefox.profileNames = ["lillian"];
programs.firefox = { programs.firefox = {
enable = true; enable = true;
nativeMessagingHosts = [pkgs.firefoxpwa]; nativeMessagingHosts = [pkgs.firefoxpwa];
package = pkgs.librewolf; package = pkgs.floorp;
profiles.default = {isDefault = false;};
profiles.lillian = { profiles.lillian = {
isDefault = true; isDefault = true;
id = 1;
settings = { settings = {
"sidebar.verticalTabs" = true;
"sidebar.visibility" = "expand-on-hover";
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
"browser.bookmarks.addedImportButton" = true; "browser.bookmarks.addedImportButton" = true;
"browser.bookmarks.restore_default_bookmarks" = false; "browser.bookmarks.restore_default_bookmarks" = false;
@ -29,70 +24,29 @@
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "DuckDuckGo"; "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "DuckDuckGo";
}; };
bookmarks = { bookmarks = [
force = true; {
settings = [ name = "estrogen production";
{ tags = ["chemistry" "oestrogen" "estrogen" "diy"];
name = "DIY HRT"; url = "https://crimethinc.com/2022/12/15/producing-transdermal-estrogen-a-do-it-yourself-guide";
toolbar = false; }
bookmarks = [ {
{ name = "Nix sites";
name = "estrogen production"; toolbar = false;
tags = ["chemistry" "oestrogen" "estrogen" "diy"]; bookmarks = [
url = "https://crimethinc.com/2022/12/15/producing-transdermal-estrogen-a-do-it-yourself-guide"; {
} name = "packages";
{ tags = ["packages" "basic" "nix"];
name = "DIY HRT info"; url = "https://search.nixos.org/";
tags = ["guides" "wiki" "information" "DIY" "HRT" "estrogen" "testosterone"]; }
url = "https://diyhrt.info/"; {
} name = "settings";
]; tags = ["settings" "services" "packages" "nix"];
} url = "https://mynixos.com";
{ }
name = "repair resources"; ];
toolbar = false; }
bookmarks = [ ];
{
name = "manuals library";
tags = ["repair" "manuals" "documentation"];
url = "https://manualslib.com/";
}
];
}
{
name = "Nix sites";
toolbar = false;
bookmarks = [
{
name = "packages";
tags = ["packages" "basic" "nix"];
url = "https://search.nixos.org/";
}
{
name = "settings";
tags = ["settings" "services" "packages" "nix"];
url = "https://mynixos.com";
}
];
}
{
name = "Games";
toolbar = false;
bookmarks = [
{
name = "PoE2 build sorceres";
tags = ["PoE" "PoE2" "path of exile" "path of exile 2" "games" "guides" "build" "sorcerer" "sorceres"];
url = "https://maxroll.gg/poe2/planner/caeye0hz";
}
{
name = "PoE2 build ranger";
tags = ["PoE" "PoE2" "path of exile" "path of exile 2" "games" "guides" "build" "bow" "ranger"];
url = "https://maxroll.gg/poe2/build-guides/deadeye-gas-arrow-leveling-guide";
}
];
}
];
};
}; };
}; };
} }

3
home-manager/desktop/package-configs/foot/default.nix
View file

@ -1,9 +1,10 @@
{...}: { {...}: {
programs.foot = { programs.foot = {
enable = true; enable = true;
# catppuccin.enable = true; catppuccin.enable = true;
settings = { settings = {
main = { main = {
font = "Fira Code:size=11";
}; };
mouse = { mouse = {

7
home-manager/desktop/package-configs/freetube/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
home.file."settings.db" = {
source = ./settings.db;
target = ".config/freetube/settings.db";
force = true;
};
}

24
home-manager/desktop/package-configs/freetube/settings.db
View file

@ -1,24 +0,0 @@
{"_id":"allowDashAv1Formats","value":true}
{"_id":"barColor","value":true}
{"_id":"baseTheme","value":"catppuccinMocha"}
{"_id":"bounds","value":{"x":0,"y":66,"width":2560,"height":1374,"maximized":true,"fullScreen":false}}
{"_id":"defaultQuality","value":"1080"}
{"_id":"fetchSubscriptionsAutomatically","value":false}
{"_id":"generalAutoLoadMorePaginatedItemsEnabled","value":true}
{"_id":"hideActiveSubscriptions","value":true}
{"_id":"hidePopularVideos","value":true}
{"_id":"hideRecommendedVideos","value":true}
{"_id":"hideSubscriptionsCommunity","value":true}
{"_id":"hideSubscriptionsLive","value":true}
{"_id":"hideSubscriptionsShorts","value":true}
{"_id":"hideSubscriptionsVideos","value":true}
{"_id":"hideTrendingVideos","value":true}
{"_id":"landingPage","value":"history"}
{"_id":"mainColor","value":"CatppuccinMochaMauve"}
{"_id":"playNextVideo","value":false}
{"_id":"quickBookmarkTargetPlaylistId","value":"favorites"}
{"_id":"secColor","value":"CatppuccinMochaMauve"}
{"_id":"showDistractionFreeTitles","value":true}
{"_id":"useDeArrowThumbnails","value":true}
{"_id":"useDeArrowTitles","value":true}
{"_id":"useSponsorBlock","value":true}

219
home-manager/desktop/package-configs/plasma-desktop/default.nix → home-manager/desktop/package-configs/plasma-desktop.nix
View file

@ -1,80 +1,7 @@
{ {
osConfig,
pkgs,
config,
...
}: {
#TODO: make the creation of the command file easier, for now this is a nice solution though
systemd.user.services."set-kde-connect-commands" = {
Install = {
WantedBy = ["default.target"];
};
Service = {
Type = "OneShot";
ExecStart = "${pkgs.writeShellScript "set-kde-connect-commands" ''
#!/run/current-system/sw/bin/bash
find ${config.home.homeDirectory}/.config/kdeconnect/ -type d -name \'kdeconnect_runcommand\' -execdir cp ${builtins.toPath ./kde-connect-commands} {}+"/config" \;
''}";
RemainAfterExit = true;
};
};
home.file.".config/kdeconnect/config" = {
text = ''
[General]
keyAlgorithm=EC
name=${osConfig.networking.hostName}
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
'';
target = ".config/kdeconnect/config";
force = true;
};
home.file."Games/.directory" = {
text = ''
[Desktop Entry]
Icon=folder-games
'';
target = "Games/.directory";
force = true;
};
home.file."Code/.directory" = {
text = ''
[Desktop Entry]
Icon=folder-script
'';
target = "Code/.directory";
force = true;
};
programs.plasma = { programs.plasma = {
enable = true; enable = true;
desktop.mouseActions.verticalScroll = "switchVirtualDesktop"; desktop.mouseActions.verticalScroll = "switchVirtualDesktop";
kscreenlocker.appearance.wallpaper = "${osConfig.stylix.image}";
fonts = {
fixedWidth = {
pointSize = 11;
family = "${osConfig.stylix.fonts.monospace.name}";
};
general = {
pointSize = 11;
family = "${osConfig.stylix.fonts.serif.name}";
};
menu = {
pointSize = 11;
family = "${osConfig.stylix.fonts.sansSerif.name}";
};
small = {
pointSize = 11;
family = "${osConfig.stylix.fonts.sansSerif.name}";
};
toolbar = {
pointSize = 11;
family = "${osConfig.stylix.fonts.sansSerif.name}";
};
windowTitle = {
pointSize = 11;
family = "${osConfig.stylix.fonts.sansSerif.name}";
};
};
panels = [ panels = [
{ {
alignment = "left"; alignment = "left";
@ -109,8 +36,6 @@
hidden = [ hidden = [
"Xwayland Video Bridge_pipewireToXProxy" "Xwayland Video Bridge_pipewireToXProxy"
"org.kde.plasma.devicenotifier" "org.kde.plasma.devicenotifier"
"org.kde.plasma.keyboardindicator"
"org.kde.plasma.keyboardlayout"
"org.kde.kscreen" "org.kde.kscreen"
"org.kde.plasma.printmanager" "org.kde.plasma.printmanager"
"chrome_status_icon_1" "chrome_status_icon_1"
@ -118,9 +43,7 @@
"Nitrokey App" "Nitrokey App"
"qBittorrent" "qBittorrent"
"vlc" "vlc"
"obs"
"steam" "steam"
"nitrokey-app"
]; ];
}; };
} }
@ -156,18 +79,18 @@
config = { config = {
General = { General = {
launchers = [ launchers = [
"applications:librewolf.desktop" "applications:floorp.desktop"
"applications:systemsettings.desktop" "applications:systemsettings.desktop"
"applications:org.kde.dolphin.desktop" "applications:org.kde.dolphin.desktop"
"applications:signal.desktop" "applications:signal-desktop.desktop"
"applications:vesktop.desktop" "applications:vesktop.desktop"
"applications:thunderbird.desktop"
"applications:cinny.desktop" "applications:cinny.desktop"
"applications:steam.desktop" "applications:steam.desktop"
"applications:noisetorch.desktop" "applications:noisetorch.desktop"
"applications:org.kde.plasma-systemmonitor.desktop" "applications:org.kde.plasma-systemmonitor.desktop"
"applications:foot.desktop" "applications:org.codeberg.dnkl.foot.desktop"
"applications:nitrokey-app.desktop" "applications:nitrokey-app.desktop"
"applications:codium.desktop"
"applications:freetube.desktop" "applications:freetube.desktop"
]; ];
}; };
@ -205,15 +128,24 @@
"ksmserver"."Reboot Without Confirmation" = "none,,Reboot Without Confirmation"; "ksmserver"."Reboot Without Confirmation" = "none,,Reboot Without Confirmation";
"ksmserver"."Shut Down" = "none,,Shut Down"; "ksmserver"."Shut Down" = "none,,Shut Down";
"kwin"."Activate Window Demanding Attention" = "Meta+Ctrl+A"; "kwin"."Activate Window Demanding Attention" = "Meta+Ctrl+A";
"kwin"."Cycle Overview" = [];
"kwin"."Cycle Overview Opposite" = [];
"kwin"."Decrease Opacity" = "none,,Decrease Opacity of Active Window by 5%";
"kwin"."Edit Tiles" = "Meta+T"; "kwin"."Edit Tiles" = "Meta+T";
"kwin"."Expose" = "Ctrl+F9"; "kwin"."Expose" = "Ctrl+F9";
"kwin"."ExposeAll" = ["Ctrl+F10" "Launch (C),Ctrl+F10" "Launch (C),Toggle Present Windows (All desktops)"]; "kwin"."ExposeAll" = ["Ctrl+F10" "Launch (C),Ctrl+F10" "Launch (C),Toggle Present Windows (All desktops)"];
"kwin"."ExposeClass" = "Ctrl+F7"; "kwin"."ExposeClass" = "Ctrl+F7";
"kwin"."ExposeClassCurrentDesktop" = [];
"kwin"."Grid View" = "Meta+G"; "kwin"."Grid View" = "Meta+G";
"kwin"."Increase Opacity" = "none,,Increase Opacity of Active Window by 5%"; "kwin"."Increase Opacity" = "none,,Increase Opacity of Active Window by 5%";
"kwin"."Kill Window" = "Meta+Ctrl+Esc"; "kwin"."Kill Window" = "Meta+Ctrl+Esc";
"kwin"."Move Tablet to Next Output" = [];
"kwin"."MoveMouseToCenter" = "Meta+F6"; "kwin"."MoveMouseToCenter" = "Meta+F6";
"kwin"."MoveMouseToFocus" = "Meta+F5"; "kwin"."MoveMouseToFocus" = "Meta+F5";
"kwin"."MoveZoomDown" = [];
"kwin"."MoveZoomLeft" = [];
"kwin"."MoveZoomRight" = [];
"kwin"."MoveZoomUp" = [];
"kwin"."Overview" = "Meta+W"; "kwin"."Overview" = "Meta+W";
"kwin"."Setup Window Shortcut" = "none,,Setup Window Shortcut"; "kwin"."Setup Window Shortcut" = "none,,Setup Window Shortcut";
"kwin"."Show Desktop" = "Meta+D"; "kwin"."Show Desktop" = "Meta+D";
@ -226,47 +158,151 @@
"kwin"."Switch Window Right" = "Meta+Alt+Right"; "kwin"."Switch Window Right" = "Meta+Alt+Right";
"kwin"."Switch Window Up" = "Meta+Alt+Up"; "kwin"."Switch Window Up" = "Meta+Alt+Up";
"kwin"."Switch to Desktop 1" = "Ctrl+F1"; "kwin"."Switch to Desktop 1" = "Ctrl+F1";
"kwin"."Switch to Desktop 10" = "none,,Switch to Desktop 10";
"kwin"."Switch to Desktop 11" = "none,,Switch to Desktop 11";
"kwin"."Switch to Desktop 12" = "none,,Switch to Desktop 12";
"kwin"."Switch to Desktop 13" = "none,,Switch to Desktop 13";
"kwin"."Switch to Desktop 14" = "none,,Switch to Desktop 14";
"kwin"."Switch to Desktop 15" = "none,,Switch to Desktop 15";
"kwin"."Switch to Desktop 16" = "none,,Switch to Desktop 16";
"kwin"."Switch to Desktop 17" = "none,,Switch to Desktop 17";
"kwin"."Switch to Desktop 18" = "none,,Switch to Desktop 18";
"kwin"."Switch to Desktop 19" = "none,,Switch to Desktop 19";
"kwin"."Switch to Desktop 2" = "Ctrl+F2"; "kwin"."Switch to Desktop 2" = "Ctrl+F2";
"kwin"."Switch to Desktop 20" = "none,,Switch to Desktop 20";
"kwin"."Switch to Desktop 3" = "Ctrl+F3"; "kwin"."Switch to Desktop 3" = "Ctrl+F3";
"kwin"."Switch to Desktop 4" = "Ctrl+F4"; "kwin"."Switch to Desktop 4" = "Ctrl+F4";
"kwin"."Switch to Desktop 5" = "none,,Switch to Desktop 5";
"kwin"."Switch to Desktop 6" = "none,,Switch to Desktop 6";
"kwin"."Switch to Desktop 7" = "none,,Switch to Desktop 7";
"kwin"."Switch to Desktop 8" = "none,,Switch to Desktop 8";
"kwin"."Switch to Desktop 9" = "none,,Switch to Desktop 9";
"kwin"."Switch to Next Desktop" = "none,,Switch to Next Desktop";
"kwin"."Switch to Next Screen" = "none,,Switch to Next Screen";
"kwin"."Switch to Previous Desktop" = "none,,Switch to Previous Desktop";
"kwin"."Switch to Previous Screen" = "none,,Switch to Previous Screen";
"kwin"."Switch to Screen 0" = "none,,Switch to Screen 0";
"kwin"."Switch to Screen 1" = "none,,Switch to Screen 1";
"kwin"."Switch to Screen 2" = "none,,Switch to Screen 2";
"kwin"."Switch to Screen 3" = "none,,Switch to Screen 3";
"kwin"."Switch to Screen 4" = "none,,Switch to Screen 4";
"kwin"."Switch to Screen 5" = "none,,Switch to Screen 5";
"kwin"."Switch to Screen 6" = "none,,Switch to Screen 6";
"kwin"."Switch to Screen 7" = "none,,Switch to Screen 7";
"kwin"."Switch to Screen Above" = "none,,Switch to Screen Above";
"kwin"."Switch to Screen Below" = "none,,Switch to Screen Below";
"kwin"."Switch to Screen to the Left" = "none,,Switch to Screen to the Left";
"kwin"."Switch to Screen to the Right" = "none,,Switch to Screen to the Right";
"kwin"."Toggle Night Color" = [];
"kwin"."Toggle Window Raise/Lower" = "none,,Toggle Window Raise/Lower";
"kwin"."Walk Through Desktop List" = [];
"kwin"."Walk Through Desktop List (Reverse)" = [];
"kwin"."Walk Through Desktops" = [];
"kwin"."Walk Through Desktops (Reverse)" = [];
"kwin"."Walk Through Windows" = "Alt+Tab"; "kwin"."Walk Through Windows" = "Alt+Tab";
"kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab"; "kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
"kwin"."Walk Through Windows Alternative" = "none,,Walk Through Windows Alternative";
"kwin"."Walk Through Windows Alternative (Reverse)" = "none,,Walk Through Windows Alternative (Reverse)";
"kwin"."Walk Through Windows of Current Application" = "Alt+`"; "kwin"."Walk Through Windows of Current Application" = "Alt+`";
"kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~"; "kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~";
"kwin"."Walk Through Windows of Current Application Alternative" = "none,,Walk Through Windows of Current Application Alternative";
"kwin"."Walk Through Windows of Current Application Alternative (Reverse)" = "none,,Walk Through Windows of Current Application Alternative (Reverse)";
"kwin"."Window Above Other Windows" = "none,,Keep Window Above Others";
"kwin"."Window Below Other Windows" = "none,,Keep Window Below Others";
"kwin"."Window Close" = "Alt+F4"; "kwin"."Window Close" = "Alt+F4";
"kwin"."Window Fullscreen" = "none,,Make Window Fullscreen";
"kwin"."Window Grow Horizontal" = "none,,Expand Window Horizontally";
"kwin"."Window Grow Vertical" = "none,,Expand Window Vertically";
"kwin"."Window Lower" = "none,,Lower Window";
"kwin"."Window Maximize" = "Meta+PgUp"; "kwin"."Window Maximize" = "Meta+PgUp";
"kwin"."Window Maximize Horizontal" = "none,,Maximize Window Horizontally";
"kwin"."Window Maximize Vertical" = "none,,Maximize Window Vertically";
"kwin"."Window Minimize" = "Meta+PgDown"; "kwin"."Window Minimize" = "Meta+PgDown";
"kwin"."Window Move" = "none,,Move Window";
"kwin"."Window Move Center" = "none,,Move Window to the Center";
"kwin"."Window No Border" = "none,,Toggle Window Titlebar and Frame";
"kwin"."Window On All Desktops" = "none,,Keep Window on All Desktops";
"kwin"."Window One Desktop Down" = "Meta+Ctrl+Shift+Down"; "kwin"."Window One Desktop Down" = "Meta+Ctrl+Shift+Down";
"kwin"."Window One Desktop Up" = "Meta+Ctrl+Shift+Up"; "kwin"."Window One Desktop Up" = "Meta+Ctrl+Shift+Up";
"kwin"."Window One Desktop to the Left" = "Meta+Ctrl+Shift+Left"; "kwin"."Window One Desktop to the Left" = "Meta+Ctrl+Shift+Left";
"kwin"."Window One Desktop to the Right" = "Meta+Ctrl+Shift+Right"; "kwin"."Window One Desktop to the Right" = "Meta+Ctrl+Shift+Right";
"kwin"."Window One Screen Down" = "none,,Move Window One Screen Down";
"kwin"."Window One Screen Up" = "none,,Move Window One Screen Up";
"kwin"."Window One Screen to the Left" = "none,,Move Window One Screen to the Left";
"kwin"."Window One Screen to the Right" = "none,,Move Window One Screen to the Right";
"kwin"."Window Operations Menu" = "Alt+F3"; "kwin"."Window Operations Menu" = "Alt+F3";
"kwin"."Window Pack Down" = "none,,Move Window Down";
"kwin"."Window Pack Left" = "none,,Move Window Left";
"kwin"."Window Pack Right" = "none,,Move Window Right";
"kwin"."Window Pack Up" = "none,,Move Window Up";
"kwin"."Window Quick Tile Bottom" = "Meta+Down"; "kwin"."Window Quick Tile Bottom" = "Meta+Down";
"kwin"."Window Quick Tile Bottom Left" = "none,,Quick Tile Window to the Bottom Left";
"kwin"."Window Quick Tile Bottom Right" = "none,,Quick Tile Window to the Bottom Right";
"kwin"."Window Quick Tile Left" = "Meta+Left"; "kwin"."Window Quick Tile Left" = "Meta+Left";
"kwin"."Window Quick Tile Right" = "Meta+Right"; "kwin"."Window Quick Tile Right" = "Meta+Right";
"kwin"."Window Quick Tile Top" = "Meta+Up"; "kwin"."Window Quick Tile Top" = "Meta+Up";
"kwin"."Window Quick Tile Top Left" = "none,,Quick Tile Window to the Top Left";
"kwin"."Window Quick Tile Top Right" = "none,,Quick Tile Window to the Top Right";
"kwin"."Window Raise" = "none,,Raise Window";
"kwin"."Window Resize" = "none,,Resize Window";
"kwin"."Window Shade" = "none,,Shade Window";
"kwin"."Window Shrink Horizontal" = "none,,Shrink Window Horizontally";
"kwin"."Window Shrink Vertical" = "none,,Shrink Window Vertically";
"kwin"."Window to Desktop 1" = "none,,Window to Desktop 1";
"kwin"."Window to Desktop 10" = "none,,Window to Desktop 10";
"kwin"."Window to Desktop 11" = "none,,Window to Desktop 11";
"kwin"."Window to Desktop 12" = "none,,Window to Desktop 12";
"kwin"."Window to Desktop 13" = "none,,Window to Desktop 13";
"kwin"."Window to Desktop 14" = "none,,Window to Desktop 14";
"kwin"."Window to Desktop 15" = "none,,Window to Desktop 15";
"kwin"."Window to Desktop 16" = "none,,Window to Desktop 16";
"kwin"."Window to Desktop 17" = "none,,Window to Desktop 17";
"kwin"."Window to Desktop 18" = "none,,Window to Desktop 18";
"kwin"."Window to Desktop 19" = "none,,Window to Desktop 19";
"kwin"."Window to Desktop 2" = "none,,Window to Desktop 2";
"kwin"."Window to Desktop 20" = "none,,Window to Desktop 20";
"kwin"."Window to Desktop 3" = "none,,Window to Desktop 3";
"kwin"."Window to Desktop 4" = "none,,Window to Desktop 4";
"kwin"."Window to Desktop 5" = "none,,Window to Desktop 5";
"kwin"."Window to Desktop 6" = "none,,Window to Desktop 6";
"kwin"."Window to Desktop 7" = "none,,Window to Desktop 7";
"kwin"."Window to Desktop 8" = "none,,Window to Desktop 8";
"kwin"."Window to Desktop 9" = "none,,Window to Desktop 9";
"kwin"."Window to Next Desktop" = "none,,Window to Next Desktop";
"kwin"."Window to Next Screen" = "Meta+Shift+Right"; "kwin"."Window to Next Screen" = "Meta+Shift+Right";
"kwin"."Window to Previous Desktop" = "none,,Window to Previous Desktop"; "kwin"."Window to Previous Desktop" = "none,,Window to Previous Desktop";
"kwin"."Window to Previous Screen" = "Meta+Shift+Left"; "kwin"."Window to Previous Screen" = "Meta+Shift+Left";
"kwin"."Window to Screen 0" = "none,,Move Window to Screen 0";
"kwin"."Window to Screen 1" = "none,,Move Window to Screen 1";
"kwin"."Window to Screen 2" = "none,,Move Window to Screen 2";
"kwin"."Window to Screen 3" = "none,,Move Window to Screen 3";
"kwin"."Window to Screen 4" = "none,,Move Window to Screen 4";
"kwin"."Window to Screen 5" = "none,,Move Window to Screen 5";
"kwin"."Window to Screen 6" = "none,,Move Window to Screen 6";
"kwin"."Window to Screen 7" = "none,,Move Window to Screen 7";
"kwin"."view_actual_size" = "\\, Meta+0\\, ,Meta+0,Zoom to Actual Size"; "kwin"."view_actual_size" = "\\, Meta+0\\, ,Meta+0,Zoom to Actual Size";
"kwin"."view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"]; "kwin"."view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
"kwin"."view_zoom_out" = "Meta+-"; "kwin"."view_zoom_out" = "Meta+-";
"mediacontrol"."mediavolumedown" = [];
"mediacontrol"."mediavolumeup" = "none,,Media volume up";
"mediacontrol"."nextmedia" = "Media Next"; "mediacontrol"."nextmedia" = "Media Next";
"mediacontrol"."pausemedia" = "Media Pause"; "mediacontrol"."pausemedia" = "Media Pause";
"mediacontrol"."playmedia" = "none,,Play media playback";
"mediacontrol"."playpausemedia" = "Media Play"; "mediacontrol"."playpausemedia" = "Media Play";
"mediacontrol"."previousmedia" = "Media Previous"; "mediacontrol"."previousmedia" = "Media Previous";
"mediacontrol"."stopmedia" = "Media Stop"; "mediacontrol"."stopmedia" = "Media Stop";
"org_kde_powerdevil"."Decrease Keyboard Brightness" = "Keyboard Brightness Down"; "org_kde_powerdevil"."Decrease Keyboard Brightness" = "Keyboard Brightness Down";
"org_kde_powerdevil"."Decrease Screen Brightness" = ["Monitor Brightness Down" "Ctrl+Volume Down"]; "org_kde_powerdevil"."Decrease Screen Brightness" = "Monitor Brightness Down";
"org_kde_powerdevil"."Decrease Screen Brightness Small" = ["Monitor Brightness Down" "Ctrl+Shift+Volume Down"]; "org_kde_powerdevil"."Decrease Screen Brightness Small" = "Shift+Monitor Brightness Down";
"org_kde_powerdevil"."Hibernate" = "Hibernate"; "org_kde_powerdevil"."Hibernate" = "Hibernate";
"org_kde_powerdevil"."Increase Keyboard Brightness" = "Keyboard Brightness Up"; "org_kde_powerdevil"."Increase Keyboard Brightness" = "Keyboard Brightness Up";
"org_kde_powerdevil"."Increase Screen Brightness" = ["Monitor Brightness Up" "Ctrl+Volume Up"]; "org_kde_powerdevil"."Increase Screen Brightness" = "Monitor Brightness Up";
"org_kde_powerdevil"."Increase Screen Brightness Small" = ["Shift+Monitor Brightness Up" "Ctrl+Shift+Volume Up"]; "org_kde_powerdevil"."Increase Screen Brightness Small" = "Shift+Monitor Brightness Up";
"org_kde_powerdevil"."PowerDown" = "Power Down"; "org_kde_powerdevil"."PowerDown" = "Power Down";
"org_kde_powerdevil"."PowerOff" = "Power Off"; "org_kde_powerdevil"."PowerOff" = "Power Off";
"org_kde_powerdevil"."Sleep" = "Sleep"; "org_kde_powerdevil"."Sleep" = "Sleep";
"org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off"; "org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off";
"org_kde_powerdevil"."Turn Off Screen" = [];
"org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"]; "org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"];
"plasmashell"."activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"]; "plasmashell"."activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"];
"plasmashell"."activate task manager entry 1" = "Meta+1"; "plasmashell"."activate task manager entry 1" = "Meta+1";
@ -282,18 +318,29 @@
"plasmashell"."clear-history" = "none,,Clear Clipboard History"; "plasmashell"."clear-history" = "none,,Clear Clipboard History";
"plasmashell"."clipboard_action" = "Meta+Ctrl+X"; "plasmashell"."clipboard_action" = "Meta+Ctrl+X";
"plasmashell"."cycle-panels" = "Meta+Alt+P"; "plasmashell"."cycle-panels" = "Meta+Alt+P";
"plasmashell"."cycleNextAction" = "none,,Next History Item";
"plasmashell"."cyclePrevAction" = "none,,Previous History Item";
"plasmashell"."edit_clipboard" = []; "plasmashell"."edit_clipboard" = [];
"plasmashell"."manage activities" = "Meta+Q"; "plasmashell"."manage activities" = "Meta+Q";
"plasmashell"."next activity" = "\\, \\, ,none,Walk through activities";
"plasmashell"."previous activity" = ",none,Walk through activities (Reverse)";
"plasmashell"."repeat_action" = "Meta+Ctrl+R"; "plasmashell"."repeat_action" = "Meta+Ctrl+R";
"plasmashell"."show dashboard" = "Ctrl+F12"; "plasmashell"."show dashboard" = "Ctrl+F12";
"plasmashell"."show-barcode" = "none,,Show Barcode";
"plasmashell"."show-on-mouse-pos" = "Meta+V"; "plasmashell"."show-on-mouse-pos" = "Meta+V";
"plasmashell"."stop current activity" = "Meta+S"; "plasmashell"."stop current activity" = "Meta+S";
"plasmashell"."switch to next activity" = "none,,Switch to Next Activity";
"plasmashell"."switch to previous activity" = "none,,Switch to Previous Activity";
"plasmashell"."toggle do not disturb" = "none,,Toggle do not disturb";
"services/org.kde.krunner.desktop"."_launch" = ["Alt+Space" "Alt+F2" "Ctrl+Shift+Space" "Search"]; "services/org.kde.krunner.desktop"."_launch" = ["Alt+Space" "Alt+F2" "Ctrl+Shift+Space" "Search"];
"services/org.kde.plasma-systemmonitor.desktop"."_launch" = "Ctrl+Esc"; "services/org.kde.plasma-systemmonitor.desktop"."_launch" = "Ctrl+Esc";
"services/org.kde.spectacle.desktop"."ActiveWindowScreenShot" = ["Meta+Print" "Ctrl+!"]; "services/org.kde.spectacle.desktop"."ActiveWindowScreenShot" = ["Meta+Print" "Ctrl+!"];
"services/org.kde.spectacle.desktop"."CurrentMonitorScreenShot" = "Ctrl+#"; "services/org.kde.spectacle.desktop"."CurrentMonitorScreenShot" = "Ctrl+#";
"services/org.kde.spectacle.desktop"."FullScreenScreenShot" = ["Ctrl+$" "Shift+Print"]; "services/org.kde.spectacle.desktop"."FullScreenScreenShot" = ["Ctrl+$" "Shift+Print"];
"services/org.kde.spectacle.desktop"."OpenWithoutScreenshot" = "Ctrl+^"; "services/org.kde.spectacle.desktop"."OpenWithoutScreenshot" = "Ctrl+^";
"services/org.kde.spectacle.desktop"."RecordRegion" = [];
"services/org.kde.spectacle.desktop"."RecordScreen" = [];
"services/org.kde.spectacle.desktop"."RecordWindow" = [];
"services/org.kde.spectacle.desktop"."RectangularRegionScreenShot" = ["Ctrl+@" "Meta+Shift+Print"]; "services/org.kde.spectacle.desktop"."RectangularRegionScreenShot" = ["Ctrl+@" "Meta+Shift+Print"];
"services/org.kde.spectacle.desktop"."WindowUnderCursorScreenShot" = ["Meta+Ctrl+Print" "Ctrl+%"]; "services/org.kde.spectacle.desktop"."WindowUnderCursorScreenShot" = ["Meta+Ctrl+Print" "Ctrl+%"];
"services/org.kde.spectacle.desktop"."_launch" = "Print"; "services/org.kde.spectacle.desktop"."_launch" = "Print";
@ -1064,7 +1111,7 @@
"kwinrc"."NightColor"."LatitudeFixed" = 52.31865273558926; "kwinrc"."NightColor"."LatitudeFixed" = 52.31865273558926;
"kwinrc"."NightColor"."LongitudeFixed" = 5.44; "kwinrc"."NightColor"."LongitudeFixed" = 5.44;
"kwinrc"."NightColor"."Mode" = "Location"; "kwinrc"."NightColor"."Mode" = "Location";
"kwinrc"."NightColor"."NightTemperature" = 2000; "kwinrc"."NightColor"."NightTemperature" = 1400;
"kwinrc"."Plugins"."diminactiveEnabled" = true; "kwinrc"."Plugins"."diminactiveEnabled" = true;
"kwinrc"."Plugins"."dimscreenEnabled" = true; "kwinrc"."Plugins"."dimscreenEnabled" = true;
"kwinrc"."Plugins"."wobblywindowsEnabled" = true; "kwinrc"."Plugins"."wobblywindowsEnabled" = true;

2
home-manager/desktop/package-configs/plasma-desktop/kde-connect-commands
View file

@ -1,2 +0,0 @@
[General]
commands="@ByteArray({\"2574d457_7a99_40a3_8239_24407c7a074d\":{\"command\":\"loginctl unlock-session\",\"name\":\"unlock\"},\"2bbbb9cc_892a_44a1_b097_27b149387511\":{\"command\":\"bluetoothctl disconnect 38:18:4C:11:56:99\",\"name\":\"disconnect headset\"},\"35ad74aa_c1f0_4dd7_a392_2b2676105b62\":{\"command\":\"systemctl hibernate\",\"name\":\"hibernate\"},\"5dd755de_e098_4907_982d_bedba5c3511d\":{\"command\":\"loginctl lock-session\",\"name\":\"lock\"},\"6423946a_b13e_4127_a0d0_0ca38e79fa0f\":{\"command\":\"bluetoothctl connect 38:18:4C:11:56:99\",\"name\":\"connect headset\"},\"690a4134_162b_4851_83a4_bf75722c699a\":{\"command\":\"systemctl suspend\",\"name\":\"suspend\"},\"99ae3913_1757_4ed0_ad7e_91c6f5d740ef\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"mute\\\"\",\"name\":\"mute\"},\"b11480dd_19f7_49c0_9dcc_3065ddc5150b\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"mic_mute\\\"\",\"name\":\"mute mic\"},\"bd36530a_9ed5_4345_989d_189c27b3ce00\":{\"command\":\"systemctl reboot\",\"name\":\"reboot\"},\"cf6180f7_e4bd_4f15_a9d1_19ed14e99913\":{\"command\":\"file=\\\"$HOME/Images/WebcamImage_$(date \\\"+%Y%m%d_%H%M%S\\\").jpg\\\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \\\"${file}\\\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \\\"${file}\\\"\",\"name\":\"webcam to phone\"},\"d31a3cab_bb6a_459d_89fb_533d0d8fec61\":{\"command\":\"systemctl poweroff\",\"name\":\"shutdown\"},\"f08e1a64_53be_41da_b942_e05e45f1d69c\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"decrease_volume\\\"\",\"name\":\"volume down\"},\"fbd67152_2a58_4d5d_a210_982fa0eeb171\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"increase_volume\\\"\",\"name\":\"volume up\"},\"fc3adde9_7049_4166_bcda_a74d13ec91eb\":{\"command\":\"file=/tmp/$(hostname)_$(date \\\"+%Y%m%d_%H%M%S\\\").png; spectacle -bo \\\"${file}\\\" && while ! [ -f \\\"${file}\\\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \\\"${file}\\\"\",\"name\":\"screenshot to phone\"}})"

7
home-manager/desktop/package-configs/vesktop/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
home.file."settings.json" = {
source = ./settings.json;
target = ".config/vesktop/settings/settings.json";
force = true;
};
}

602
home-manager/desktop/package-configs/vesktop/settings.json
View file

@ -1,602 +0,0 @@
{
"autoUpdate": true,
"autoUpdateNotification": false,
"useQuickCss": true,
"themeLinks": [],
"enabledThemes": [
"stylix.theme.css"
],
"enableReactDevtools": false,
"frameless": false,
"transparent": false,
"winCtrlQ": false,
"disableMinSize": false,
"winNativeTitleBar": false,
"plugins": {
"ChatInputButtonAPI": {
"enabled": true
},
"CommandsAPI": {
"enabled": true
},
"MemberListDecoratorsAPI": {
"enabled": false
},
"MessageAccessoriesAPI": {
"enabled": true
},
"MessageDecorationsAPI": {
"enabled": false
},
"MessageEventsAPI": {
"enabled": true
},
"MessagePopoverAPI": {
"enabled": false
},
"MessageUpdaterAPI": {
"enabled": false
},
"ServerListAPI": {
"enabled": false
},
"UserSettingsAPI": {
"enabled": true
},
"AccountPanelServerProfile": {
"enabled": false
},
"AlwaysAnimate": {
"enabled": false
},
"AlwaysExpandRoles": {
"enabled": false
},
"AlwaysTrust": {
"enabled": true,
"domain": true,
"file": true
},
"AnonymiseFileNames": {
"enabled": true,
"anonymiseByDefault": true,
"method": 0,
"randomisedLength": 7
},
"AppleMusicRichPresence": {
"enabled": false
},
"WebRichPresence (arRPC)": {
"enabled": false
},
"BANger": {
"enabled": false
},
"BetterFolders": {
"enabled": false
},
"BetterGifAltText": {
"enabled": false
},
"BetterGifPicker": {
"enabled": false
},
"BetterNotesBox": {
"enabled": false
},
"BetterRoleContext": {
"enabled": false
},
"BetterRoleDot": {
"enabled": false
},
"BetterSessions": {
"enabled": false
},
"BetterSettings": {
"enabled": false
},
"BetterUploadButton": {
"enabled": false
},
"BiggerStreamPreview": {
"enabled": false
},
"BlurNSFW": {
"enabled": false
},
"CallTimer": {
"enabled": false
},
"ClearURLs": {
"enabled": false
},
"ClientTheme": {
"enabled": false
},
"ColorSighted": {
"enabled": false
},
"ConsoleJanitor": {
"enabled": false
},
"ConsoleShortcuts": {
"enabled": false
},
"CopyEmojiMarkdown": {
"enabled": false
},
"CopyFileContents": {
"enabled": false
},
"CopyUserURLs": {
"enabled": false
},
"CrashHandler": {
"enabled": true
},
"CtrlEnterSend": {
"enabled": false
},
"CustomRPC": {
"enabled": false
},
"CustomIdle": {
"enabled": false
},
"Dearrow": {
"enabled": false
},
"Decor": {
"enabled": false
},
"DisableCallIdle": {
"enabled": false
},
"DontRoundMyTimestamps": {
"enabled": false
},
"EmoteCloner": {
"enabled": false
},
"Experiments": {
"enabled": false
},
"F8Break": {
"enabled": false
},
"FakeNitro": {
"enabled": true,
"enableEmojiBypass": true,
"emojiSize": 48,
"transformEmojis": true,
"enableStickerBypass": true,
"stickerSize": 160,
"transformStickers": true,
"transformCompoundSentence": false,
"enableStreamQualityBypass": true,
"useHyperLinks": true,
"hyperLinkText": "{{NAME}}",
"disableEmbedPermissionCheck": false
},
"FakeProfileThemes": {
"enabled": false
},
"FavoriteEmojiFirst": {
"enabled": false
},
"FavoriteGifSearch": {
"enabled": false
},
"FixCodeblockGap": {
"enabled": false
},
"FixSpotifyEmbeds": {
"enabled": false
},
"FixYoutubeEmbeds": {
"enabled": false
},
"ForceOwnerCrown": {
"enabled": false
},
"FriendInvites": {
"enabled": false
},
"FriendsSince": {
"enabled": false
},
"FullSearchContext": {
"enabled": false
},
"GameActivityToggle": {
"enabled": false
},
"GifPaste": {
"enabled": false
},
"GreetStickerPicker": {
"enabled": false
},
"HideAttachments": {
"enabled": false
},
"iLoveSpam": {
"enabled": false
},
"IgnoreActivities": {
"enabled": false
},
"ImageLink": {
"enabled": false
},
"ImageZoom": {
"enabled": false
},
"ImplicitRelationships": {
"enabled": false
},
"InvisibleChat": {
"enabled": false
},
"KeepCurrentChannel": {
"enabled": false
},
"LastFMRichPresence": {
"enabled": false
},
"LoadingQuotes": {
"enabled": false
},
"MemberCount": {
"enabled": true,
"memberList": true,
"toolTip": true
},
"MentionAvatars": {
"enabled": false
},
"MessageClickActions": {
"enabled": false
},
"MessageLatency": {
"enabled": false
},
"MessageLinkEmbeds": {
"enabled": false
},
"MessageLogger": {
"enabled": false
},
"MessageTags": {
"enabled": false
},
"MoreCommands": {
"enabled": false
},
"MoreKaomoji": {
"enabled": true
},
"MoreUserTags": {
"enabled": false
},
"Moyai": {
"enabled": false
},
"MutualGroupDMs": {
"enabled": false
},
"NewGuildSettings": {
"enabled": false
},
"NoBlockedMessages": {
"enabled": false
},
"NoDevtoolsWarning": {
"enabled": false
},
"NoF1": {
"enabled": false
},
"NoMaskedUrlPaste": {
"enabled": false
},
"NoMosaic": {
"enabled": false
},
"NoOnboardingDelay": {
"enabled": false
},
"NoPendingCount": {
"enabled": false
},
"NoProfileThemes": {
"enabled": false
},
"NoReplyMention": {
"enabled": false
},
"NoScreensharePreview": {
"enabled": false
},
"NoServerEmojis": {
"enabled": false
},
"NoTypingAnimation": {
"enabled": false
},
"NoUnblockToJump": {
"enabled": false
},
"NormalizeMessageLinks": {
"enabled": false
},
"NotificationVolume": {
"enabled": false
},
"NSFWGateBypass": {
"enabled": false
},
"OnePingPerDM": {
"enabled": false
},
"oneko": {
"enabled": false
},
"OpenInApp": {
"enabled": false
},
"OverrideForumDefaults": {
"enabled": false
},
"PartyMode": {
"enabled": false
},
"PauseInvitesForever": {
"enabled": false
},
"PermissionFreeWill": {
"enabled": false
},
"PermissionsViewer": {
"enabled": false
},
"petpet": {
"enabled": true
},
"PictureInPicture": {
"enabled": false
},
"PinDMs": {
"enabled": false
},
"PlainFolderIcon": {
"enabled": false
},
"PlatformIndicators": {
"enabled": false
},
"PreviewMessage": {
"enabled": false
},
"QuickMention": {
"enabled": false
},
"QuickReply": {
"enabled": false
},
"ReactErrorDecoder": {
"enabled": false
},
"ReadAllNotificationsButton": {
"enabled": false
},
"RelationshipNotifier": {
"enabled": false
},
"ReplaceGoogleSearch": {
"enabled": false
},
"ReplyTimestamp": {
"enabled": false
},
"RevealAllSpoilers": {
"enabled": false
},
"ReverseImageSearch": {
"enabled": false
},
"ReviewDB": {
"enabled": false
},
"RoleColorEverywhere": {
"enabled": false
},
"SecretRingToneEnabler": {
"enabled": false
},
"Summaries": {
"enabled": false
},
"SendTimestamps": {
"enabled": true,
"replaceMessageContents": true
},
"ServerInfo": {
"enabled": false
},
"ServerListIndicators": {
"enabled": false
},
"ShikiCodeblocks": {
"enabled": true,
"useDevIcon": "COLOR",
"theme": "https://raw.githubusercontent.com/shikijs/shiki/0b28ad8ccfbf2615f2d9d38ea8255416b8ac3043/packages/shiki/themes/dracula.json",
"tryHljs": "SECONDARY",
"bgOpacity": 100
},
"ShowAllMessageButtons": {
"enabled": false
},
"ShowConnections": {
"enabled": false
},
"ShowHiddenChannels": {
"enabled": false
},
"ShowHiddenThings": {
"enabled": false
},
"ShowMeYourName": {
"enabled": false
},
"ShowTimeoutDuration": {
"enabled": false
},
"SilentMessageToggle": {
"enabled": false
},
"SilentTyping": {
"enabled": false
},
"SortFriendRequests": {
"enabled": false
},
"SpotifyControls": {
"enabled": false
},
"SpotifyCrack": {
"enabled": false
},
"SpotifyShareCommands": {
"enabled": false
},
"StartupTimings": {
"enabled": false
},
"StickerPaste": {
"enabled": false
},
"StreamerModeOnStream": {
"enabled": false
},
"SuperReactionTweaks": {
"enabled": false
},
"TextReplace": {
"enabled": false
},
"ThemeAttributes": {
"enabled": false
},
"Translate": {
"enabled": false
},
"TypingIndicator": {
"enabled": false
},
"TypingTweaks": {
"enabled": false
},
"Unindent": {
"enabled": false
},
"UnlockedAvatarZoom": {
"enabled": false
},
"UnsuppressEmbeds": {
"enabled": false
},
"UserVoiceShow": {
"enabled": false
},
"USRBG": {
"enabled": false
},
"ValidReply": {
"enabled": false
},
"ValidUser": {
"enabled": false
},
"VoiceChatDoubleClick": {
"enabled": false
},
"VcNarrator": {
"enabled": false
},
"VencordToolbox": {
"enabled": false
},
"ViewIcons": {
"enabled": false
},
"ViewRaw": {
"enabled": false
},
"VoiceDownload": {
"enabled": false
},
"VoiceMessages": {
"enabled": false
},
"VolumeBooster": {
"enabled": false
},
"WebKeybinds": {
"enabled": true
},
"WebScreenShareFixes": {
"enabled": true
},
"WhoReacted": {
"enabled": false
},
"XSOverlay": {
"enabled": false
},
"YoutubeAdblock": {
"enabled": true
},
"NoTrack": {
"enabled": true,
"disableAnalytics": true
},
"WebContextMenus": {
"enabled": true,
"addBack": true
},
"Settings": {
"enabled": true,
"settingsLocation": "aboveNitro"
},
"SupportHelper": {
"enabled": true
},
"UserMessagesPronouns": {
"enabled": true,
"showInMessages": true,
"showSelf": true,
"pronounSource": 0,
"pronounsFormat": "LOWERCASE"
},
"DynamicImageModalAPI": {
"enabled": false
},
"FixImagesQuality": {
"enabled": false
}
},
"notifications": {
"timeout": 5000,
"position": "bottom-right",
"useNative": "not-focused",
"logLimit": 50
},
"cloud": {
"authenticated": false,
"url": "https://api.vencord.dev/",
"settingsSync": false,
"settingsSyncVersion": 1734993730812
}
}

1
home-manager/hosts/EDI/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI

4
home-manager/hosts/EDI/lillian.nix
View file

@ -16,10 +16,8 @@
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
lutris
android-tools
]; ];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.11"; home.stateVersion = "24.11";
} }

1
home-manager/hosts/GLaDOS/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS

8
home-manager/hosts/GLaDOS/lillian.nix
View file

@ -16,12 +16,8 @@
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
heroic
r2modman r2modman
ryubing
lutris
vscodium
intiface-central
unrar
]; ];
programs.mangohud = { programs.mangohud = {
@ -30,5 +26,5 @@
}; };
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.11"; home.stateVersion = "24.11";
} }

1
home-manager/hosts/iso/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS

4
home-manager/hosts/iso/lillian.nix
View file

@ -11,11 +11,13 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
../../desktop
../../shared
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.11"; home.stateVersion = "24.11";
} }

2
home-manager/hosts/iso_server/lillian.nix
View file

@ -18,5 +18,5 @@
]; ];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.05"; home.stateVersion = "24.11";
} }

1
home-manager/hosts/queen/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtwcWXnwOOI8G3NqAMfTeuSuDk9ly5xqwQDH2Iey3u+ lillian@queen

2
home-manager/hosts/queen/lillian.nix
View file

@ -35,5 +35,5 @@
}; };
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.05"; home.stateVersion = "24.11";
} }

1
home-manager/hosts/shodan/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL279XPFj1nzLDozFclntPh8rOcn3d1B5iJNGds9Ray6 lillian@shodan

72
home-manager/hosts/shodan/lillian.nix
View file

@ -12,8 +12,11 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
../../desktop/package-configs/plasma-desktop.nix
../../desktop/package-configs/firefox.nix
../../desktop/package-configs/konsole
../../desktop/package-configs/foot
../../shared ../../shared
../../desktop
]; ];
nixpkgs = { nixpkgs = {
# You can add overlays here # You can add overlays here
@ -28,17 +31,76 @@
# }); # });
# }) # })
]; ];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
home = {
username = "lillian";
homeDirectory = "/home/lillian";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
#Chat:
vesktop
#Gaming: #Gaming:
prismlauncher prismlauncher
r2modman r2modman
ryubing ryujinx
# Multimedia:
freetube
obs-studio
vlc
# System tools:
rage
discover
flameshot
fzf
nextcloud-client
nitrokey-app
protonvpn-gui
sops
#watchmate
qbittorrent
zsh
# Theming:
catppuccin-cursors
(catppuccin-kde.override {
flavour = ["macchiato"];
accents = ["mauve"];
})
catppuccin-plymouth
catppuccin-sddm-corners
# Web browsing:
firefox
ungoogled-chromium
]; ];
# Make the kde screenlock not require a password :)
programs.plasma.kscreenlocker.passwordRequired = false; # # Automount services for user
# programs.bashmount.enable = true;
# services.udiskie = {
# enable = true;
# automount = true;
# notify = false;
# tray = "never";
# };
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.11"; home.stateVersion = "24.11";
} }

1
home-manager/hosts/wheatley/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxXVL6QAiMLwvUYBtXCbkHEh6ENgaEO/rkZWSPJrjLJ lillian@wheatley

5
home-manager/hosts/wheatley/lillian.nix
View file

@ -11,7 +11,8 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
../../shared ../../package-configs/zsh.nix
../../package-configs/helix.nix
]; ];
nixpkgs = { nixpkgs = {
@ -35,5 +36,5 @@
}; };
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.11"; home.stateVersion = "24.05";
} }

BIN
home-manager/shared/background.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 158 KiB

87
home-manager/shared/default.nix
View file

@ -1,10 +1,5 @@
{ {pkgs, ...}: {
pkgs,
osConfig,
...
}: {
imports = [ imports = [
./ssh
./shell/helix ./shell/helix
./shell/zellij ./shell/zellij
./shell/zsh.nix ./shell/zsh.nix
@ -12,78 +7,28 @@
./shell/eza.nix ./shell/eza.nix
./shell/hyfetch.nix ./shell/hyfetch.nix
]; ];
home = { home = {
username = "lillian"; username = "lillian";
homeDirectory = "/home/lillian"; homeDirectory = "/home/lillian";
file."id_ed25519.pub" = {
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
target = ".ssh/id_ed25519.pub";
force = true;
};
packages = with pkgs; [
# System tools:
vscode-langservers-extracted
sops
zsh
bat
btop
broot
lazygit
navi
nil
gh
];
}; };
catppuccin = { catppuccin = {
enable = true;
flavor = "macchiato"; flavor = "macchiato";
btop.enable = true;
cache.enable = true;
chromium.enable = true;
freetube.enable = true;
freetube.flavor = "macchiato";
}; };
programs = {
navi.enable = true;
yazi = {
enable = true;
# package = pkgs.yazi.override {
# _7zz = pkgs._7zz.override {useUasm = true;};
# };
};
};
# stylix.enable = true;
# qt.platformTheme.name = lib.mkForce "kvantum";
# qt.style.name = lib.mkForce "kvantum";
# stylix = { home.packages = with pkgs; [
# enable = true; # System tools:
# autoEnable = true; vscode-langservers-extracted
# base16Scheme = { sops
# scheme = "Catppuccin Macchiato"; zsh
# author = "https://github.com/catppuccin/catppuccin"; bat
# base00 = "24273a"; btop
# base01 = "1e2030"; broot
# base02 = "363a4f"; lazygit
# base03 = "494d64"; navi
# base04 = "5b6078"; yazi
# base05 = "cad3f5"; nil
# base06 = "f4dbd6"; ];
# base07 = "b7bdf8"; programs.navi.enable = true;
# base08 = "ed8796";
# base09 = "f5a97f";
# base0A = "eed49f";
# base0B = "a6da95";
# base0C = "8bd5ca";
# base0D = "8aadf4";
# base0E = "c6a0f6";
# base0F = "f0c6c6";
# };
# image = ./background.jpg;
# cursor.package = pkgs.catppuccin-cursors;
# cursor.name = "catppuccin-macchiato-mauve-cursors";
# cursor.size = 16;
# };
} }

50
home-manager/shared/kde-connect-commands.json
View file

@ -1,50 +0,0 @@
[
{
"command": "systemctl poweroff",
"name": "shutdown"
},
{
"command": "systemctl reboot",
"name": "reboot"
},
{
"command": "systemctl suspend",
"name": "suspend"
},
{
"command": "systemctl hibernate",
"name": "hibernate"
},
{
"command": "loginctl lock-session",
"name": "lock"
},
{
"command": "loginctl unlock-session",
"name": "unlock"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
"name": "mute"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
"name": "mute mic"
},
{
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "screenshot to phone"
},
{
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "webcam to phone"
},
{
"command": "bluetoothctl connect 38:18:4C:11:56:99",
"name": "connect headset"
},
{
"command": "bluetoothctl disconnect 38:18:4C:11:56:99",
"name": "disconnect headset"
}
]

2
home-manager/shared/shell/bat.nix
View file

@ -2,6 +2,6 @@
programs.bat = { programs.bat = {
enable = true; enable = true;
extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch]; extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch];
# catppuccin.enable = true; catppuccin.enable = true;
}; };
} }

34
home-manager/shared/shell/helix/default.nix
View file

@ -16,21 +16,24 @@
'' ''
#! ~/.nix-profile/bin/zsh #! ~/.nix-profile/bin/zsh
is_new() { is_new() {
new=0; new=1;
mkdir -p /tmp/rjh; touch /tmp/rjh;
if [[ -a "/tmp/rjh/$(pwd | tr \"/\" -).json" ]]; then while IFS="" read -r p || [ -n "$p" ]; do
new=1 if [ $(pwd) = $p ]; then
fi new=0;
return $new fi
done < /tmp/rjh
return $new
} }
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh/$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && sleep 3 send_to_jupyter() {
rm -f /tmp/pipe-rjh is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh-$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && zellij action write 29 25 && zellij action write 17
mkfifo /tmp/pipe-rjh pwd >> /tmp/rjh
cat > /tmp/pipe-rjh zellij action write 29 25
zellij run -f -n "REPL" -- direnv exec . just send < /tmp/pipe-rjh zellij action write 17
rm /tmp/pipe-rjh cat | just send
}
send_to_jupyter
''; '';
in { in {
programs.helix = { programs.helix = {
@ -48,11 +51,6 @@ in {
j = ":pipe-to just jupyter"; j = ":pipe-to just jupyter";
}; };
editor = { editor = {
auto-save = {
focus-lost = true;
after-delay.enable = true;
after-delay.timeout = 3000;
};
line-number = "relative"; line-number = "relative";
lsp.display-messages = true; lsp.display-messages = true;
lsp.display-inlay-hints = true; lsp.display-inlay-hints = true;

46
home-manager/shared/shell/helix/helix.nix
View file

@ -1,46 +0,0 @@
{
fetchzip,
lib,
rustPlatform,
git,
installShellFiles,
}:
rustPlatform.buildRustPackage rec {
pname = "helix";
version = "25.01.1";
# This release tarball includes source code for the tree-sitter grammars,
# which is not ordinarily part of the repository.
src = fetchzip {
url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz";
hash = "";
stripRoot = false;
};
useFetchCargoVendor = true;
cargoHash = "";
nativeBuildInputs = [git installShellFiles];
env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime";
postInstall = ''
# not needed at runtime
rm -r runtime/grammars/sources
mkdir -p $out/lib
cp -r runtime $out/lib
installShellCompletion contrib/completion/hx.{bash,fish,zsh}
mkdir -p $out/share/{applications,icons/hicolor/256x256/apps}
cp contrib/Helix.desktop $out/share/applications
cp contrib/helix.png $out/share/icons/hicolor/256x256/apps
'';
meta = with lib; {
description = "Post-modern modal text editor";
homepage = "https://helix-editor.com";
license = licenses.mpl20;
mainProgram = "hx";
maintainers = with maintainers; [danth yusdacra zowoq];
};
}

1
home-manager/shared/shell/hyfetch.nix
View file

@ -10,7 +10,6 @@
mode = "horizontal"; mode = "horizontal";
}; };
backend = "neofetch"; backend = "neofetch";
pride_month_disable = false;
}; };
}; };
} }

1
home-manager/shared/shell/starship.nix
View file

@ -35,6 +35,7 @@
git_branch.style = "bold blue"; git_branch.style = "bold blue";
directory.style = "bold blue"; directory.style = "bold blue";
direnv.disabled = false; direnv.disabled = false;
palette = "catppuccin_${flavor}";
} }
// builtins.fromTOML (builtins.readFile // builtins.fromTOML (builtins.readFile
(pkgs.fetchFromGitHub (pkgs.fetchFromGitHub

18
home-manager/shared/shell/zellij/default.nix
View file

@ -57,15 +57,15 @@
pane size=1 borderless=true { pane size=1 borderless=true {
plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" { plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" {
format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}" format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}"
format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]" format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]"
mode_locked "#[fg=magenta,bold] {name} " mode_locked "#[fg=magenta,bold] {name} "
mode_normal "#[fg=green,bold] {name} " mode_normal "#[fg=green,bold] {name} "
mode_resize "#[fg=orange,bold] {name} " mode_resize "#[fg=orange,bold] {name} "
mode_default_to_mode "resize" mode_default_to_mode "resize"
tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]" tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]"
tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]" tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]"
tab_sync_indicator " " tab_sync_indicator " "
tab_fullscreen_indicator " " tab_fullscreen_indicator " "
@ -140,15 +140,15 @@
pane size=1 borderless=true { pane size=1 borderless=true {
plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" { plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" {
format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}" format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}"
format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]" format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]"
mode_locked "#[fg=magenta,bold] {name} " mode_locked "#[fg=magenta,bold] {name} "
mode_normal "#[fg=green,bold] {name} " mode_normal "#[fg=green,bold] {name} "
mode_resize "#[fg=orange,bold] {name} " mode_resize "#[fg=orange,bold] {name} "
mode_default_to_mode "resize" mode_default_to_mode "resize"
tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]" tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]"
tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]" tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]"
tab_sync_indicator " " tab_sync_indicator " "
tab_fullscreen_indicator " " tab_fullscreen_indicator " "
@ -174,7 +174,7 @@ in {
enableZshIntegration = true; enableZshIntegration = true;
settings = { settings = {
session_serialization = true; session_serialization = true;
# theme = "catppuccin-macchiato"; theme = "catppuccin-macchiato";
themes = { themes = {
catppuccin-mocha = { catppuccin-mocha = {
@ -206,12 +206,14 @@ in {
}; };
}; };
}; };
home.file = { home.file = {
"layout" = { "layout" = {
source = "${layout}"; source = "${layout}";
target = ".config/zellij/layouts/default.kdl"; target = ".config/zellij/layouts/default.kdl";
}; };
};
home.file = {
"helix_zellij" = { "helix_zellij" = {
source = "${helix_zellij}"; source = "${helix_zellij}";
target = ".config/zellij/layouts/helix.kdl"; target = ".config/zellij/layouts/helix.kdl";

125
home-manager/shared/shell/zsh.nix
View file

@ -1,71 +1,70 @@
{pkgs, ...}: { {pkgs, ...}: {
programs = { programs.zoxide = {
zoxide = { enable = true;
enable = true; };
programs.zsh = {
enable = true;
shellAliases = {
cd = "z";
code = "codium ./";
ls = "eza";
lh = "ls -lah";
cat = "bat";
tree = "tre";
neofetch = "hyfetch";
shutdown = "shutdown 0";
reboot = "reboot 0";
}; };
zsh = { plugins = [
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.8.0";
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
};
}
{
name = "terraform";
src = pkgs.fetchFromGitHub {
owner = "macunha1";
repo = "zsh-terraform";
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
};
}
];
autosuggestion.enable = true;
enableCompletion = true;
historySubstringSearch.enable = true;
syntaxHighlighting.enable = true;
#zsh-abbr.enable = true;
oh-my-zsh = {
enable = true; enable = true;
shellAliases = {
cd = "z";
code = "codium ./";
ls = "eza";
lh = "ls -lah";
cat = "bat";
tree = "tre";
neofetch = "hyfetch";
shutdown = "shutdown 0";
reboot = "reboot 0";
};
plugins = [ plugins = [
{ "git"
name = "zsh-nix-shell"; "colored-man-pages"
file = "nix-shell.plugin.zsh"; "colorize"
src = pkgs.fetchFromGitHub { "dirhistory"
owner = "chisui"; "dirpersist"
repo = "zsh-nix-shell"; "history"
rev = "v0.8.0"; "history-substring-search"
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM="; "fancy-ctrl-z"
}; "git-flow"
} "isodate"
{ "z"
name = "terraform"; "zsh-interactive-cd"
src = pkgs.fetchFromGitHub { "zsh-navigation-tools"
owner = "macunha1";
repo = "zsh-terraform";
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
};
}
]; ];
autosuggestion.enable = true;
enableCompletion = true;
historySubstringSearch.enable = true;
syntaxHighlighting.enable = true;
#zsh-abbr.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"colored-man-pages"
"colorize"
"dirhistory"
"dirpersist"
"history"
"history-substring-search"
"fancy-ctrl-z"
"git-flow"
"isodate"
"z"
"zsh-interactive-cd"
"zsh-navigation-tools"
];
};
# Extra commands that take more complex forms
initContent = ''
eval "$(zoxide init --cmd cd zsh)"
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
'';
}; };
# Extra commands that take more complex forms
initExtra = ''
eval "$(zoxide init --cmd cd zsh)"
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
'';
}; };
} }

25
home-manager/shared/ssh/config
View file

@ -1,25 +0,0 @@
Host wheatley
HostName 10.0.0.1
User lillian
Port 22
Host GLaDOS
HostName 10.0.0.2
User lillian
Port 22
Host EDI
HostName 10.0.0.3
User lillian
Port 22
Host shodan
HostName 10.0.0.4
User lillian
Port 22
Host queen
HostName gladtherescake.eu
User lillian
Port 22

7
home-manager/shared/ssh/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
home.file."sshconfig" = {
source = ./config;
target = ".config/ssh/config";
force = true;
};
}

37
justfile
View file

@ -1,46 +1,15 @@
# Build the nixos configuration and switch to it
build: build:
sudo echo "sudo check..." && sudo nixos-rebuild --fallback --log-format internal-json -v switch --flake .# --show-trace |& nom --json sudo nixos-rebuild switch --flake .# --show-trace
# Build the nixos configuration bot don't switch to it until a reboot
boot:
sudo echo "sudo check..." && sudo nixos-rebuild --fallback --log-format internal-json -v boot --flake .# --show-trace |& nom --json
# Run the nix flake in the nix repl
run: run:
nix-repl -f flake:nixpkgs nix-repl -f flake:nixpkgs
# Check the nix configuration for errors
test: test:
sudo echo "sudo check..." && sudo nix flake check --show-trace --log-format internal-json -v |& nom --json sudo nix flake check --show-trace
# Update the flake lock
update: update:
nix flake update --log-format internal-json -v |& nom --json && zsh nix flake update
# Clean your nix store and optimize it
clean: clean:
sudo nix-collect-garbage sudo nix-collect-garbage
sudo nix-store --optimise sudo nix-store --optimise
# Set up the commit hook for testing before doing a commit
setup:
#!/run/current-system/sw/bin/bash -e
if [ -s ./.git/hooks/pre-commit ]; then
read -p $"This file already contains the following text:
$(<./.git/hooks/pre-commit)
Do you want to add the test hook (y/N)? (This will NOT delete data)" choice
case "$choice" in
y|Y ) echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit && echo "Added test hook to pre-commit.";;
* ) echo "No test added to pre-commit.";;
esac
else
echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit
fi
# Make sure all the git actions of pulling, adding all files, committing, and pushing are done in one command
push:
git pull
git add *
read -p "Commit message: " -r message && git commit -m "$message"
git push

3
modules/nixos/default.nix
View file

@ -1,5 +1,6 @@
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). # Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
# These should be stuff you would like to share with others, not your personal configurations. # These should be stuff you would like to share with others, not your personal configurations.
{ {
vpn-ip = import ./vpn-ip; # List your module files here
contabo.wan = import ./contabo/wan;
} }

18
modules/nixos/vpn-ip/default.nix
View file

@ -1,18 +0,0 @@
{lib, ...}:
with lib; {
# Declare what settings a user of this "hello.nix" module CAN SET.
options.services.vpn-ip = {
enable = mkOption {
type = types.bool;
default = true;
};
ip = mkOption {
type = types.str;
default = "0";
};
publicKey = mkOption {
type = types.str;
default = "";
};
};
}

234
nixos/desktop/default.nix
View file

@ -28,15 +28,14 @@
allowUnfree = true; allowUnfree = true;
}; };
}; };
services.udev.extraRules = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="057e", MODE="0660", TAG+="uaccess" # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess" programs.command-not-found.enable = lib.mkForce false;
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" programs.nix-index.enable = true;
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" programs.nix-index-database.comma.enable = true;
'';
environment.systemPackages = environment.systemPackages =
with pkgs; [ (with pkgs; [
# Custom tools # Custom tools
dvd dvd
dvt dvt
@ -45,11 +44,6 @@
# System tools # System tools
aha aha
ttf-ms-win10
wineWowPackages.stable
bottles
tpm2-abrmd
jdk23
#bcachefs-tools #bcachefs-tools
clinfo clinfo
comma comma
@ -69,17 +63,12 @@
# waydroid # waydroid
waypipe waypipe
wayland-utils wayland-utils
xwaylandvideobridge
yubikey-personalization yubikey-personalization
zsh zsh
# KDE/QT # KDE/QT
kdePackages.plasma-desktop krunner-translator
kdePackages.plasma-wayland-protocols
kdePackages.libplasma
kdePackages.plasma-integration
kdePackages.plasma-activities
kdePackages.plasma-workspace
kdePackages.plasma-vault
kdePackages.discover kdePackages.discover
kdePackages.filelight kdePackages.filelight
kdePackages.kcalc kdePackages.kcalc
@ -94,155 +83,114 @@
kdePackages.sddm-kcm kdePackages.sddm-kcm
kdePackages.dolphin-plugins kdePackages.dolphin-plugins
kdePackages.qtstyleplugin-kvantum kdePackages.qtstyleplugin-kvantum
kdePackages.krdc
kdePackages.krfb
kdePackages.kate
libportal-qt5 libportal-qt5
libportal libportal
# User tools # User tools
freetube
noisetorch noisetorch
qjackctl qjackctl
wireplumber wireplumber
#rustdesk #rustdesk
] ])
# ++ (with pkgs-edge; [ ++ (with pkgs-edge; [
# list of latest packages from nixpkgs master # list of latest packages from nixpkgs master
# Can be used to install latest version of some packages # Can be used to install latest version of some packages
# ]) ]);
;
fonts.packages = [pkgs.ttf-ms-win10]; programs.direnv = {
sops = { enable = true;
secrets."nextcloud-password" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.netrc";
};
}; };
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
# nix-index.enable = true;
nix-index-database.comma.enable = true;
direnv = {
enable = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
kdeconnect.enable = true;
noisetorch = {
enable = true;
};
};
xdg.portal.enable = true;
# Enable networking # Enable networking
networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses networking.networkmanager.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
services = {
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment. # Enable the X11 windowing system.
# displayManager.sddm = { services.xserver.enable = true;
# enable = true;
# wayland.enable = true;
# };
displayManager.defaultSession = "plasma";
desktopManager.plasma6.enable = true;
desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;
# Enable flatpak support # Enable the KDE Plasma Desktop Environment.
flatpak.enable = true; services.displayManager.sddm = {
packagekit.enable = true; enable = true;
wayland.enable = true;
# Configure keymap in X11
xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
# Enable CUPS to print documents.
printing.enable = true;
# Enable fwupd daemon and user space client
fwupd.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
avahi = {
nssmdns4 = true;
enable = true;
ipv4 = true;
ipv6 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
}; };
hardware = { services.displayManager.defaultSession = "plasma";
graphics.enable32Bit = true; services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
# Enable bluetooth hardware # Enable flatpak support
bluetooth.enable = true; services.flatpak.enable = true;
services.packagekit.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
}; };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
# Enable fwupd daemon and user space client
services.fwupd.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
programs.noisetorch = {
enable = true;
};
services.pulseaudio.enable = false;
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
}; };
security.tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"];
boot = {
# tss group has access to TPM devices
bootspec.enable = true;
binfmt.emulatedSystems = ["aarch64-linux"];
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
#boot.supportedFilesystems = ["bcachefs"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
kernelModules = [
# Virtual Camera
"v4l2loopback"
# Virtual Microphone, built-in
"snd-aloop"
];
# Set initial kernel module settings security.tpm2.enable = true;
extraModprobeConfig = '' security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" # FIXME: re-enable virtual camera loopback when it build again.
''; boot.bootspec.enable = true;
loader.systemd-boot.configurationLimit = 3; #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
loader.efi.canTouchEfiVariables = true; #boot.supportedFilesystems = ["bcachefs"];
}; boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
boot.kernelModules = [
# Virtual Camera
"v4l2loopback"
# Virtual Microphone, built-in
"snd-aloop"
];
# Set initial kernel module settings
boot.extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
} }

20
nixos/desktop/package-configs/firefox/default.nix
View file

@ -1,7 +1,11 @@
{pkgs, ...}: { {
config,
pkgs,
...
}: {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.librewolf; package = pkgs.floorp;
policies = { policies = {
DisableTelemetry = true; DisableTelemetry = true;
DisableFirefoxStudies = true; DisableFirefoxStudies = true;
@ -114,16 +118,6 @@
install_url = "https://addons.mozilla.org/firefox/downloads/file/4047136/wayback_machine_new-3.2.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/file/4047136/wayback_machine_new-3.2.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}; };
# Tree Style Tabs
# "treestyletab@piro.sakura.ne.jp" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/tree-style-tab/latest.xpi";
# installation_mode = "force_installed";
# };
# Adaptive Tab Bar Colour
"ATBC@EasonWong" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/Adaptive-Tab-Bar-Colour/latest.xpi";
installation_mode = "force_installed";
};
}; };
FirefoxHome = { FirefoxHome = {
Search = true; Search = true;
@ -156,8 +150,6 @@
"floorp.tabbar.style" = 2; "floorp.tabbar.style" = 2;
"floorp.browser.user.interface" = 8; "floorp.browser.user.interface" = 8;
"signon.rememberSignons" = true; "signon.rememberSignons" = true;
"browser.ml.chat.enabled" = false;
"browser.ml.chat.shortcuts" = false;
}; };
# TODO: switch to ManagedBookmarks as this will be dropped at some point https://mozilla.github.io/policy-templates/#managedbookmarks # TODO: switch to ManagedBookmarks as this will be dropped at some point https://mozilla.github.io/policy-templates/#managedbookmarks
# Bookmarks = [ # Bookmarks = [

95
nixos/hosts/EDI/configuration.nix
View file

@ -1,6 +1,7 @@
# This is your system's configuration file. # This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ {
inputs,
outputs, outputs,
lib, lib,
pkgs, pkgs,
@ -8,6 +9,8 @@
}: { }: {
# You can import other NixOS modules here # You can import other NixOS modules here
imports = [ imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
# If you want to use modules your own flake exports (from modules/nixos): # If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example # outputs.nixosModules.example
@ -18,85 +21,41 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./users.nix # ./users.nix
outputs.nixosModules.vpn-ip ../../desktop
../../../disko/EDI ../../../disko/EDI
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
]; ];
sops.defaultSopsFile = ./secrets/sops.yaml;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/EDI;
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gparted
]; ];
programs.virt-manager.enable = true; networking.hostName = "EDI";
users.groups.libvirtd.members = ["lillian"]; # Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
virtualisation.libvirtd.enable = true; boot.lanzaboote = {
virtualisation.spiceUSBRedirection.enable = true;
services.displayManager.sddm = {
enable = true; enable = true;
wayland.enable = true; pkiBundle = "/etc/secureboot";
};
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"invalid users" = [
"root"
];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
public = {
browseable = "yes";
comment = "Public samba share.";
"guest ok" = "yes";
path = "/home/lillian/samba";
"read only" = "no";
};
};
};
users.groups.samba.members = ["lillian"];
services.vpn-ip = {
ip = "3";
};
networking = {
hostName = "EDI";
networkmanager.enable = true;
};
hardware.enableAllFirmware = true;
hardware.enableRedistributableFirmware = true;
boot = {
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
loader.systemd-boot.enable = lib.mkForce false;
initrd.systemd.enable = true;
binfmt.emulatedSystems = ["aarch64-linux"];
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
kernelModules = [
"iwlmvm"
"iwlwifi"
];
}; };
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.11"; system.stateVersion = "24.11";
} }

9
nixos/hosts/EDI/secrets/sops.yaml
View file

@ -1,7 +1,4 @@
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str] lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str]
nextcloud-password: ENC[AES256_GCM,data:h93FmVY3XZdRZECEzz5ArBPnuRYyp0kJ6UUoxKmWVuVeFVkOzxQ5dGra6R/jZg8ofjhu+WosoDso3S/i,iv:J1K2NMAjv7Y26q91V/f11gNs82/UD6jbrMy0hVh81pw=,tag:/mQFulslQ3Mqabnc0mb1lQ==,type:str]
ssh-private-key: ENC[AES256_GCM,data:AYyOFlqcNrlTnKSewgb8B/XzegkJGB79gUT419n6aYiH0xom+DmxfRqQm46x/fldlSeN8u2mmzisC6xcRt3fnK4+0gN5Ywvr6hQEtKKxu2N6Pj7+tFLvFmbYPFplecyGBs1S092UXL65ozQs8aYbogoXxVTVu6/MuCsks9UO1JQWq5utCAyU8VGc0/Ft4OZN2qUbS+VZ0ONZ0WzBA+s+CFZ1FNKsr4tvltLXf8fgpsiSHLUigS4rojlxm84+w8omE1IwpAOxOa9n9X1EDuPxrQvZ+LvcJcgwqrtU2HVGis1GfytPM6vRAoVdBKX37enXelPBX2z9W7wPtmTxippD7yzcEJOggJ6ETMUessNKm3yBsMzTcojSWYzHo4v3San1I+ZiNxjvykuHmomRhXdzdM/2RsBpev8q2sC9YU4euzjzCQdwfoNqhbqyN/1X2BOkJMceMqw8fD8nLc3mIbczMFNO6ByVocZ+iC9BvaBYeLrFd3gncqGRRCJdBCD5CYiOYcdIAipNGL7NQVhM1tcv,iv:RZKsKCENIKhIWo4aKyDVj9xx0GfdjhYLP0B2Rad2LSM=,tag:XOOxsyGidnKWzgGlUPmvXw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +14,8 @@ sops:
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0 eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA== GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-09T23:59:45Z" lastmodified: "2024-02-21T10:15:11Z"
mac: ENC[AES256_GCM,data:DQ8uXsVkbzc1JrMDaTGHb9ijRB//6I6GN4bAU1LWnhyxGA2QjYEk5xwEI1950kroXVf1hDTw5fdh+MXvvEcNUL6BZOc4Ecl5lPliZ4aemjhz+O8FCkSbnW2o5JnV4m/rFe9CP6KaoFdr/tgSBVklzaUE4Qdo1DUWCfF7XssXECw=,iv:gb1b569ar5wlc2XMkLXnYfyVp/ZMsLjh9cXM85GrUz0=,tag:MGFgFcF4jIdJxteiFp2n/Q==,type:str] mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.8.1

96
nixos/hosts/GLaDOS/configuration.nix
View file

@ -10,8 +10,6 @@
imports = [ imports = [
# Import home-manager's NixOS module # Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
inputs.jovian.nixosModules.jovian
# If you want to use modules your own flake exports (from modules/nixos): # If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example # outputs.nixosModules.example
@ -30,69 +28,63 @@
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gparted
]; ];
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
services.vpn-ip = {
ip = "2";
};
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"]; services.xserver.videoDrivers = ["amdgpu"];
programs = {
# gamemode.enable = false;
# gamemode.settings = {
# general = {
# renice = 10;
# };
# # Warning: GPU optimisations have the potential to damage hardware # Add vulkan support to GPU
# # gpu = { hardware.graphics.extraPackages = with pkgs; [
# # apply_gpu_optimisations = "accept-responsibility"; amdvlk
# # gpu_device = 0; ];
# # amd_performance_level = "high"; # For 32 bit applications
# # }; hardware.graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
# custom = { programs.gamemode = {
# start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; enable = true;
# end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; settings = {
# }; general = {
# }; renice = 10;
}; };
jovian = { # Warning: GPU optimisations have the potential to damage hardware
steamos = { gpu = {
enableAutoMountUdevRules = true; apply_gpu_optimisations = "accept-responsibility";
}; gpu_device = 0;
decky-loader = { amd_performance_level = "high";
enable = true; };
package = pkgs.decky-loader-prerelease;
extraPackages = [pkgs.python3]; custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
}; };
}; };
boot = {
loader.systemd-boot.enable = false;
binfmt.emulatedSystems = ["aarch64-linux"]; boot.loader.systemd-boot.enable = true;
lanzaboote = { # boot.lanzaboote = {
enable = true; # enable = true;
pkiBundle = "/var/lib/sbctl"; # pkiBundle = "/etc/secureboot";
}; # };
};
users.users.lillian.extraGroups = ["gamemode"]; users.users.lillian.extraGroups = ["gamemode"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/GLaDOS;
};
};
# virtualisation.waydroid.enable = false;
networking.hostName = "GLaDOS";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.11"; system.stateVersion = "24.11";
} }

9
nixos/hosts/GLaDOS/secrets/sops.yaml
View file

@ -1,7 +1,4 @@
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str] lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str]
nextcloud-password: ENC[AES256_GCM,data:ClQk7M7BTeIhgWTWsgjTFb0Um8qZ901530dI9xnbs63ZGIni4+bWjLPetOmM3+PPsg33vF6r0xiwu0Ff,iv:jDy8miUoPcua3sraRQWOHWrhNacKEgf6nGsi8PVTYaY=,tag:ldGta+DdUmoajtAE6HLtkw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +14,8 @@ sops:
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w== +DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-01T15:48:15Z" lastmodified: "2024-02-22T11:58:42Z"
mac: ENC[AES256_GCM,data:64DmkqcYlLtzL+9WcgvnSOjF25MiZFkbEsgKP/xLrBBvhqqqm4ev9tk8QGoA5NJPHen+GItX7D3lJgfTyjX6LXn6vLFQWemrEP2+A9hZxnwvtdBjSD5dEl6wHGgY4mvqTJupmpv6Gg8zXP1kh5vsO82Un03TcfyPHVVgmfagpOw=,iv:j/6jJjRoiTUfTW2SJ0Ui6dAVQO9Ij8zN2mrKEhIt7fY=,tag:6r/GNnG/lw42KbWgIBoIzQ==,type:str] mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.8.1

67
nixos/hosts/iso/configuration.nix
View file

@ -10,20 +10,20 @@
# outputs.homeManagerModules.example # outputs.homeManagerModules.example
# outputs.nixosModules.contabo.wan # outputs.nixosModules.contabo.wan
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
# Or modules exported from other flakes (such as nix-colors): # Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.defaults # inputs.nix-colors.homeManagerModules.defaults
# Import shared settings # Import shared settings
../../shared
]; ];
# programs.command-not-found.enable = lib.mkForce false; programs.command-not-found.enable = lib.mkForce false;
# programs.nix-index.enable = true; programs.nix-index.enable = true;
# programs.nix-index-database.comma.enable = true; programs.nix-index-database.comma.enable = true;
# boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
# zramSwap.enable = false; zramSwap.enable = false;
# networking.domain = ""; networking.domain = "";
services.openssh = { services.openssh = {
enable = true; enable = true;
# require public key authentication for better security # require public key authentication for better security
@ -45,9 +45,7 @@
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml; sops.defaultSopsFile = ./secrets/sops.yaml;
services.vpn-ip.enable = false; services.desktopManager.plasma6.enable = true;
# services.desktopManager.plasma6.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Custom tools # Custom tools
@ -67,9 +65,11 @@
sbctl sbctl
tpm2-tools tpm2-tools
tpm2-tss tpm2-tss
waydroid
zsh zsh
# KDE/QT # KDE/QT
krunner-translator
kdePackages.discover kdePackages.discover
kdePackages.kcalc kdePackages.kcalc
kdePackages.kdepim-addons kdePackages.kdepim-addons
@ -81,14 +81,13 @@
kdePackages.plasma-pa kdePackages.plasma-pa
kdePackages.sddm-kcm kdePackages.sddm-kcm
kdePackages.dolphin-plugins kdePackages.dolphin-plugins
libportal-qt5
libportal libportal
]; ];
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.hostName = "iso";
# Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53" # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
networking.firewall.enable = true; networking.firewall.enable = true;
@ -107,24 +106,24 @@
# Enable bluetooth hardware # Enable bluetooth hardware
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
# security.tpm2.enable = true; security.tpm2.enable = true;
# security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
# security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
# programs.git = { programs.git = {
# enable = true; enable = true;
# }; };
# programs.direnv = { programs.direnv = {
# enable = true; enable = true;
# }; };
# # Enable completion of system packages by zsh # Enable completion of system packages by zsh
# environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = ["/share/zsh"];
# kde power settings do not turn off screen # kde power settings do not turn off screen
systemd = { systemd = {
@ -137,17 +136,17 @@
}; };
}; };
# home-manager = { home-manager = {
# extraSpecialArgs = {inherit inputs outputs;}; extraSpecialArgs = {inherit inputs outputs;};
# users = { users = {
# # Import your home-manager configuration # Import your home-manager configuration
# lillian = import ../../../home-manager/hosts/iso; lillian = import ../../../home-manager/hosts/iso;
# }; };
# }; };
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.11"; system.stateVersion = "24.11";
} }

14
nixos/hosts/iso/secrets/sops.yaml
View file

@ -1,8 +1,9 @@
lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str] lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str]
ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str]
nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str]
wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: | enc: |
@ -13,7 +14,8 @@ sops:
dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh
yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg== yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-14T18:00:16Z" lastmodified: "2024-03-20T18:17:48Z"
mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str] mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.8.1

190
nixos/hosts/queen/configuration.nix
View file

@ -3,7 +3,6 @@
outputs, outputs,
lib, lib,
pkgs, pkgs,
config,
... ...
}: { }: {
imports = [ imports = [
@ -14,8 +13,6 @@
# Or modules exported from other flakes (such as nix-colors): # Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default # inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -29,17 +26,16 @@
# Import disko # Import disko
# ../../../disko/queen # ../../../disko/queen
]; ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false; zramSwap.enable = false;
services = { networking.domain = "";
openssh = { services.openssh = {
enable = true; enable = true;
settings = { # require public key authentication for better security
# require public key authentication for better security settings.PasswordAuthentication = false;
PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false;
KbdInteractiveAuthentication = false; settings.PermitRootLogin = "no";
PermitRootLogin = "no";
};
};
}; };
nixpkgs = { nixpkgs = {
@ -54,8 +50,12 @@
}; };
}; };
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fzf fzf
matrix-conduit
docker docker
docker-compose docker-compose
gitea gitea
@ -68,113 +68,78 @@
#jellyfin #jellyfin
#jellyfin-web #jellyfin-web
#jellyfin-ffmpeg #jellyfin-ffmpeg
nextcloud-spreed-signaling nextcloud28
nats-server
nginx nginx
onlyoffice-documentserver onlyoffice-documentserver
openssl openssl
phanpy
postgresql_16 postgresql_16
python310 python310
# python310Packages.nbconvert python310Packages.nbconvert
janus-gateway
jupyter jupyter
# rabbitmq-server rabbitmq-server
roundcube roundcube
roundcubePlugins.contextmenu roundcubePlugins.contextmenu
roundcubePlugins.carddav roundcubePlugins.carddav
roundcubePlugins.custom_from roundcubePlugins.custom_from
roundcubePlugins.persistent_login roundcubePlugins.persistent_login
roundcubePlugins.thunderbird_labels roundcubePlugins.thunderbird_labels
youtube-dl
sqlite sqlite
rocksdb
]; ];
services.vpn-ip = {
enable = false; # Create an auto-update systemd service that runs every day
# system.autoUpgrade = {
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
# dates = "daily";
# enable = true;
# };
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
# Enable networking
# networking.networkmanager.enable = true;
# networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
# networking.nat.externalInterface = "ens18";
networking.enableIPv6 = lib.mkForce true;
networking.nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
# networking.interfaces.ens18.ipv4.addresses = [
# {
# address = "62.171.160.195";
# prefixLength = 32;
# }
# ];
networking.interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
}; };
systemd = { # Open ports in the firewall.
services."upgrade-nextcloud" = { networking.firewall = {
path = with pkgs; [nextcloud31]; enable = true;
enable = true; allowPing = false;
unitConfig = { allowedTCPPorts = [
after = "nextcloud-setup.service"; 22 # SSH
}; 5349 # STUN tls
serviceConfig = { 5350 # STUN tls alt
Type = "oneshot"; 80 # http
ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ upgrade"; 443 # https
RemainAfterExit = "yes"; ];
}; allowedUDPPortRanges = [
}; {
from = 49152;
timers."upgrade-nextcloud" = { to = 49999;
wantedBy = ["timers.target"]; } # TURN relay
partOf = ["upgrade-nextcloud.service"];
timerConfig = {
OnCalendar = "daily";
Unit = "nextcloud-setup.service";
};
};
};
networking = {
domain = "";
# Create an auto-update systemd service that runs every day
# system.autoUpgrade = {
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
# dates = "daily";
# enable = true;
# };
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
# Enable networking
# networking.networkmanager.enable = true;
# networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
# networking.nat.externalInterface = "ens18";
enableIPv6 = lib.mkForce true;
nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
# networking.interfaces.ens18.ipv4.addresses = [
# {
# address = "62.171.160.195";
# prefixLength = 32;
# }
# ];
interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
]; ];
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
# Open ports in the firewall.
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
];
allowedUDPPortRanges = [
{
from = 49152;
to = 49999;
} # TURN relay
];
};
hostName = "queen";
# Disable the server going through wireguard vpn for now
wireguard.enable = lib.mkForce false;
}; };
# networking.useNetworkd = true; # networking.useNetworkd = true;
@ -207,15 +172,20 @@
# Enable completion of system packages by zsh # Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = ["/share/zsh"];
boot = { home-manager = {
tmp.cleanOnBoot = true; extraSpecialArgs = {inherit inputs outputs;};
loader.grub = { users = {
enable = true; # Import your home-manager configuration
configurationLimit = 3; lillian = import ../../../home-manager/hosts/queen;
}; };
loader.efi.canTouchEfiVariables = true;
}; };
networking.hostName = "queen";
boot.loader.grub.enable = true;
boot.loader.grub.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.11"; system.stateVersion = "24.11";
} }

18
nixos/hosts/queen/secrets/sops.yaml
View file

@ -6,17 +6,18 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str] mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str] mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str] rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str] wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str] lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
coturn-auth-secret: ENC[AES256_GCM,data:1K7WX5FGhF7+CRZs4SEVKogsGv/93IJVvLeMe6/d1dg3g5/6fQkRCVl1KicMUOsqUxMweUn5hUXSO1h/ruWvPA==,iv:0U/JoeVin2zTkyk60x2boUQRzGW+9swlbxP1ENCbAFQ=,tag:ll8WCgMNtun5Va0VpC81Tw==,type:str] coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
hpb-secret: ENC[AES256_GCM,data:I/64j3nA0BWW5YY4STMFzxnSKQ+TmiHvweIIGOMJvV4=,iv:zezsPPnKlVBVlrJeG4pGbtuiz1GEWLmQaZl1isNa+pk=,tag:YbTWLAjIIMDn5Jo43U0QtA==,type:str]
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str] grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: | enc: |
@ -27,7 +28,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T13:04:56Z" lastmodified: "2024-08-16T13:34:43Z"
mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str] mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.0

250
nixos/hosts/shodan/configuration.nix
View file

@ -14,10 +14,9 @@
# Or modules exported from other flakes (such as nix-colors): # Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default # inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# Import the shared settings # Import the shared settings
../../desktop ../../shared
../../desktop/package-configs/firefox
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
@ -25,110 +24,66 @@
../../../disko/shodan ../../../disko/shodan
# ./auto-mount.nix ./auto-mount.nix
]; ];
boot = {
tmp.cleanOnBoot = true;
loader = {
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
# Lanzaboote currently replaces the systemd-boot module. boot.tmp.cleanOnBoot = true;
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
systemd-boot.enable = lib.mkForce false;
systemd-boot.configurationLimit = 3;
timeout = 0;
efi.canTouchEfiVariables = true;
};
initrd.systemd.enable = true;
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
consoleLogLevel = 0;
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
plymouth.enable = true;
};
services.udev.extraRules = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666"
'';
zramSwap.enable = false; zramSwap.enable = false;
networking = { networking.domain = "";
domain = ""; services.openssh.enable = true;
# Enable networking nixpkgs = {
networkmanager.enable = true; # You can add overlays here
overlays = [
firewall.enable = true; ];
firewall.interfaces."wg0".allowedTCPPorts = [8080]; # Configure your nixpkgs instance
firewall.interfaces."wg0".allowedUDPPorts = [8080]; config = {
firewall.allowedTCPPorts = [22 8080 8091 9090 9777 46899 46898]; # Disable if you don't want unfree packages
firewall.allowedUDPPorts = [22 8080 8091 9090 9777 46899 46898]; allowUnfree = true;
hostName = "shodan";
};
services.vpn-ip = {
ip = "4";
};
xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde];
services = {
displayManager = {
# defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
}; };
}; };
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Custom tools # Custom tools
auto-mount
#System: #System:
btrfs-progs
decky-loader decky-loader
jre8 efitools
# jellyfin-media-player jq
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
#rustdesk #rustdesk
sbctl
udisks
util-linux
waypipe
python3
protonup-qt
#KDE:
krunner-translator
kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
kdePackages.kirigami
kdePackages.kdeconnect-kde
# kdePackages.krunner-ssh
# kdePackages.krunner-symbols
kdePackages.qtvirtualkeyboard
kdePackages.packagekit-qt
libportal
#Gaming: #Gaming:
heroic heroic
legendary-gl legendary-gl
protontricks protontricks
rare rare
lutris
(kodi.withPackages (kodiPkgs:
with kodiPkgs; [
steam-controller
invidious
youtube
netflix
upnext
sponsorblock
sendtokodi
jellyfin
inputstream-adaptive
inputstreamhelper
inputstream-ffmpegdirect
upnext
sponsorblock
sendtokodi
routing
requests-cache
requests
plugin-cache
a4ksubtitles
]))
]; ];
jovian = { jovian = {
@ -141,23 +96,130 @@
decky-loader = { decky-loader = {
enable = true; enable = true;
package = pkgs.decky-loader-prerelease; package = pkgs.decky-loader-prerelease;
extraPackages = [pkgs.python3 pkgs.flatpak pkgs.uutils-findutils]; extraPackages = [pkgs.python3];
}; };
devices.steamdeck = { devices.steamdeck = {
enable = true; enable = true;
autoUpdate = true; autoUpdate = true;
}; enableGyroDsuService = true;
steamos = {
enableAutoMountUdevRules = true;
}; };
}; };
fonts.packages = [pkgs.ttf-ms-win10];
programs.steam = lib.mkForce {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.wayland.enable = lib.mkForce true;
services.displayManager.sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
# Enable flatpak support
services.flatpak.enable = true;
services.packagekit.enable = true;
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Enable networking
networking.networkmanager.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22];
# # Enable automounting of removable media # # Enable automounting of removable media
# services.udisks2.enable = true; # services.udisks2.enable = true;
# services.devmon.enable = true; # services.devmon.enable = true;
# services.gvfs.enable = true; # services.gvfs.enable = true;
# environment.variables.GIO_EXTRA_MODULES = lib.mkForce ["${pkgs.gvfs}/lib/gio/modules"]; # environment.variables.GIO_EXTRA_MODULES = lib.mkForce ["${pkgs.gvfs}/lib/gio/modules"];
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
# Enable fwupd daemon and user space client
services.fwupd.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
programs.noisetorch = {
enable = true;
};
programs.git = {
enable = true;
};
users.users.lillian.extraGroups = ["decky" "tss" "input"];
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/shodan;
};
};
networking.hostName = "shodan";
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;
boot.consoleLogLevel = 0;
boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
boot.plymouth.enable = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.11"; system.stateVersion = "24.11";
} }

14
nixos/hosts/shodan/secrets/sops.yaml
View file

@ -1,8 +1,9 @@
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str] lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
nextcloud-password: ENC[AES256_GCM,data:vA+L/7rTne16AZbibUAaLAcQKLoKPvM1ATNL/hbzjVt+qmxHhmuQq0cqKdoPOFlOftMNLo5HSKiHdLxh,iv:kw0IorbyjT/ocanJDcR3kuPCqHsPwSD4axIp2dfn1Fc=,tag:5QLl3xKq4a0EiImO07ardQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: | enc: |
@ -13,7 +14,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-22T13:25:05Z" lastmodified: "2024-03-19T00:42:59Z"
mac: ENC[AES256_GCM,data:qGLiJvoU+lyzMBr1jW3My5kNLCm59xVmdc3knyg64KMbAL65q7m5EJBC9uvRX0ZcxaNXWuRJWyUu1VV9tIKtSW+HLVJUZuTCi+0qswOL331LLuyDzhIkOKbPUPiDzKaMLif7EqENN9kN2aGSivpMVB5QkqRccmg6ya1Qkx5Ao7A=,iv:RiaIdq5Ve/PNVTD38Qh4YM+2x8fEU027r7hlmoNZI9A=,tag:jm9ZThwSVtpyed+kMIgaJw==,type:str] mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.8.1

500
nixos/hosts/wheatley/configuration.nix
View file

@ -1,417 +1,127 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
lib, inputs,
pkgs,
outputs, outputs,
lib,
config, config,
modulesPath, pkgs,
... ...
}: { }: {
imports = [ imports = [
# inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.home-manager.nixosModules.home-manager
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
outputs.nixosModules.vpn-ip
./armv7l.nix
./hardware-configuration.nix ./hardware-configuration.nix
# Import shared settings # Import shared configurations
../../shared
]; ];
hardware.enableRedistributableFirmware = true; boot.loader.generic-extlinux-compatible.enable = true;
powerManagement.cpuFreqGovernor = "ondemand"; boot.loader.generic-extlinux-compatible.configurationLimit = 5;
hardware.graphics.enable = true; boot.loader.grub.enable = false;
boot.tmp.cleanOnBoot = true;
nixpkgs.overlays = [ # boot.extraModulePackages = [
(final: super: { # (pkgs.callPackage ./rtl8189es.nix {
makeModulesClosure = x: # kernel = config.boot.kernelPackages.kernel;
super.makeModulesClosure (x // {allowMissing = true;}); # })
}) # ];
]; nixpkgs = {
programs = { # You can add overlays here
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently overlays = [
command-not-found.enable = lib.mkForce false;
# nix-index.enable = true;
nix-index-database.comma.enable = true;
};
services = {
automatic-timezoned.enable = true;
# stubby = {
# enable = true;
# settings =
# pkgs.stubby.passthru.settingsExample
# // {
# upstream_recursive_servers = [
# {
# address_data = "94.140.14.49";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "94.140.14.59";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "2a10:50c0:0:0:0:0:ded:ff";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "2a10:50c0:0:0:0:0:dad:ff";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# ];
# };
# };
openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
davfs2.enable = true;
aria2 = {
enable = true;
settings = {
dir = "/var/lib/media";
rpc-listen-port = 6969;
};
rpcSecretFile = config.sops.secrets."rpcSecret".path;
};
dnsmasq = {
enable = true;
settings = {
interface = "wg1";
};
};
};
sops = {
# users.users = {
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
# };
# services.ombi = {
# enable = true;
# port = 2368;
# };
# users.users = {
# radarr.extraGroups = ["aria2"];
# sonarr.extraGroups = ["aria2"];
# };
# services = {
# #uses port 7878
# radarr.enable = true;
# #uses port 8989
# sonarr.enable = true;
# prowlarr.enable = true;
# };
secrets."webdav-secret" = {
mode = "0600";
path = "/etc/davfs2/secrets";
owner = config.users.users.root.name;
};
secrets."rpcSecret".mode = "0440";
secrets."rpcSecret".owner = config.users.users.aria2.name;
secrets."protonvpn-priv-key".mode = "0440";
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0" "reset-raspberrypi"];
kernelParams = ["video=HDMI-A-1:1920x1080@60D"];
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
sdImage.compressImage = false;
services.vpn-ip = {
enable = false;
};
services.stubby = {
enable = true;
settings =
pkgs.stubby.passthru.settingsExample
// {
upstream_recursive_servers = [
{
address_data = "192.242.2.4";
tls_auth_name = "base.dns.mullvad.net";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
}
];
}
{
address_data = "2a07:e340::4";
tls_auth_name = "base.dns.mullvad.net";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
}
];
}
];
};
};
networking = {
hostName = "wheatley";
networkmanager.enable = true;
# Disable NetworkManager's internal DNS resolution
networkmanager.dns = "none";
# These options are unnecessary when managing DNS ourselves
useDHCP = false;
dhcpcd.enable = false;
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
# IPv6 DNS servers can be used here as well.
nameservers = [
"194.242.2.4"
"2a07:e340::4"
]; ];
# Configure your nixpkgs instance
wireguard.enable = true; config = {
# Disable if you don't want unfree packages
wg-quick.interfaces = { allowUnfree = true;
# # "wg0" is the network interface name. You can name the interface arbitrarily.
# wg0 = {
# autostart = true;
# # Determines the IP address and subnet of the server's end of the tunnel interface.
# address = ["10.2.0.2/32"];
# # The port that WireGuard listens to. Must be accessible by the client.
# listenPort = 51820;
# dns = ["10.2.0.1"];
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
# peers = [
# # List of allowed peers.
# {
# # Feel free to give a meaning full name
# # Public key of the peer (not a file path).
# publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
# allowedIPs = ["0.0.0.0/0"];
# endpoint = "146.70.86.114:51820";
# }
# ];
# };
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts
wg0 = {
address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"];
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
dns = ["100.64.0.7"];
extraOptions = {
FwMark = 51820;
};
listenPort = 51820;
postUp = ''
${pkgs.iproute2}/bin/ip rule add from 192.168.2.43 table main
${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -i end0 -j CONNMARK --set-mark 51820
${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820
'';
preDown = ''
${pkgs.iproute2}/bin/ip rule del from 192.168.2.43 table main
${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -i end0 -j CONNMARK --set-mark 51820
${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820
'';
peers = [
{
publicKey = "/wPQafVa/60OIp8KqhC1xTTG+nQXZF17uo8XfdUnz2E=";
allowedIPs = ["0.0.0.0/0" "::0/0"];
endpoint = "31.171.154.50:51820";
}
];
};
wg1 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51821;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
'';
# Undo the above
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
'';
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
extraOptions = {
FwMark = 51820;
};
peers = [
{
#GLaDOS public key
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
}
{
#EDI public key
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
}
{
#Shodan public key
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
allowedIPs = ["10.0.0.4/32" "fdc9:281f:04d7:9ee9::3/128"];
}
{
#ADA public key
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
allowedIPs = ["10.0.0.5/32" "fdc9:281f:04d7:9ee9::3/128"];
}
#Queen public key: FVTrYM7S2Ev2rGrYrHsG2et1/SU3UjEBQH2AOen4+04=
];
};
};
nat = {
# enable NAT
enable = true;
externalInterface = "end0";
internalInterfaces = ["wg1" "wg0"];
};
firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
51821 # wg
51820 # wg-mullvad
7878
53 # dnsmasq
];
allowedUDPPorts = [
53 #dnsmasq
];
allowedUDPPortRanges = [
{
from = 51820;
to = 51822; # wg
}
{
from = 49152;
to = 49999;
} # TURN relay
];
}; };
}; };
systemd.mounts = [
{
enable = true;
description = "Webdav mount point";
after = ["network-online.target"];
wants = ["network-online.target"];
what = "https://nextcloud.gladtherescake.eu/remote.php/dav/files/GLaDTheresCake"; sops.defaultSopsFile = ./secrets/sops.yaml;
where = "/home/kodi/nextcloud";
options = "uid=1002,gid=100,file_mode=0664,dir_mode=2775"; sops.secrets."wireless.env".mode = "0440";
type = "davfs"; sops.secrets."wireless.env".owner = config.users.users.root.name;
}
environment.systemPackages = with pkgs; [
age
git
htop
]; ];
environment.systemPackages = [ boot.kernelParams = [
pkgs.mpv-unwrapped "console=ttyS0,115200n8"
# (pkgs.kodi.withPackages (kodiPkgs:
# with kodiPkgs; [
# steam-controller
# invidious
# youtube
# netflix
# upnext
# sponsorblock
# sendtokodi
# jellyfin
# inputstream-adaptive
# inputstreamhelper
# inputstream-ffmpegdirect
# upnext
# sponsorblock
# sendtokodi
# routing
# requests-cache
# requests
# plugin-cache
# a4ksubtitles
# ]))
pkgs.iptables
]; ];
users.extraUsers.kodi.isNormalUser = true; nix = {
services.cage.user = "kodi"; gc = {
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; automatic = true;
services.cage.enable = true; dates = "weekly";
nixpkgs.config.kodi.enableAdvancedLauncher = true; options = "--delete-older-than 7d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
system.stateVersion = "25.11"; # This will additionally add your inputs to the system's legacy channels
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; # Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
};
};
networking.wireless.enable = true;
networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
networking.wireless.networks."KPNAA6306" = {
hidden = true;
auth = ''
key_mgmt=WPA-PSK
password="@PSK_HOME@"
'';
};
networking.firewall.enable = true;
networking.firewall = {
allowedTCPPorts = [22 80 443 5335 8080];
allowedUDPPorts = [5335];
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.zsh = {
enable = true;
};
programs.git = {
enable = true;
};
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/wheatley;
};
};
networking.hostName = "wheatley"; # Define your hostname
networking.wireless.interfaces = ["enu1u1"];
# powerManagement.cpuFreqGovernor = "powersave";
powerManagement.cpufreq.max = 648000;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "unstable"; # Did you read the comment?
} }

34
nixos/hosts/wheatley/hardware-configuration.nix
View file

@ -10,26 +10,40 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci"]; boot.initrd.availableKernelModules = ["usbhid"];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
swapDevices = [ fileSystems = {
{ # Prior to 19.09, the boot partition was hosted on the smaller first partition
device = "/swapfile"; # Starting with 19.09, the /boot folder is on the main bigger partition.
size = 16 * 1024; # The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed
}
]; # "/boot" = {
# device = "/dev/disk/by-label/FIRMWARE";
# fsType = "vfat";
# };
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/b299ad0d-37a0-43d6-9647-5f717aca7b3";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true; # networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.ip6tnl0.useDHCP = lib.mkDefault true;
# networking.interfaces.sit0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true; # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; nixpkgs.hostPlatform = lib.mkDefault "armv7l-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
} }

11
nixos/hosts/wheatley/secrets/sops.yaml
View file

@ -1,10 +1,5 @@
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str] wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str] lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -20,8 +15,8 @@ sops:
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA== bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-22T22:37:02Z" lastmodified: "2024-02-22T11:57:45Z"
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str] mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.8.1

56
nixos/server/package-configs/caddy/default.nix
View file

@ -1,56 +0,0 @@
{config, ...}: {
services.phpfpm.pools.nextcloud.settings = {
"listen.owner" = config.services.caddy.user;
"listen.group" = config.services.caddy.group;
};
users.users.caddy.extraGroups = ["nextcloud"];
services.caddy = {
enable = true;
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"${config.services.nextcloud.hostName}" = {
useACMEHost = "${config.services.nextcloud.hostName}";
extraConfig = ''
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
encode gzip
reverse_proxy localhost:9000
header Strict-Transport-Security max-age=31536000;
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
handle @forbidden {
respond 404
}
handle {
root * /var/www/html
php_fastcgi 127.0.0.1:9000 {
# Tells nextcloud to remove /index.php from URLs in links
env front_controller_active true
}
file_server
}
'';
};
"onlyoffice.gladtherescake.eu" = {
};
};
};
}

11
nixos/server/package-configs/conduit/default.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
pkgs, pkgs,
inputs,
... ...
}: let }: let
# You'll need to edit these values # You'll need to edit these values
@ -29,13 +30,17 @@
''; '';
in { in {
# Configure Conduit itself # Configure Conduit itself
services.matrix-continuwuity = { services.matrix-conduit = {
enable = true; enable = true;
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgs.
package = inputs.conduwuit.packages.${pkgs.system}.default;
settings.global = { settings.global = {
inherit server_name; inherit server_name;
database_backend = "rocksdb";
allow_registration = false; allow_registration = false;
# emergency_password = "testpassword";
turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"];
turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT"; turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
well_known = { well_known = {
@ -111,7 +116,6 @@ in {
locations."=/.well-known/matrix/client" = { locations."=/.well-known/matrix/client" = {
# Use the contents of the derivation built previously # Use the contents of the derivation built previously
alias = "${well_known_client}"; alias = "${well_known_client}";
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${server_name}\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://${server_name}\"}}'";
extraConfig = '' extraConfig = ''
# Set the header since by default NGINX thinks it's just bytes # Set the header since by default NGINX thinks it's just bytes
@ -125,7 +129,6 @@ in {
proxyPass = "http://matrix.gladtherescake.eu/client/unstable/org.matrix.msc3575/sync"; proxyPass = "http://matrix.gladtherescake.eu/client/unstable/org.matrix.msc3575/sync";
proxyWebsockets = true; proxyWebsockets = true;
recommendedProxySettings = false; recommendedProxySettings = false;
return = "200 '{\"contacts\": [{\"matrix_id\": \"@admin:server.name\", \"email_address\": \"admin@server.name\", \"role\": \"m.role.admin\"}]}'";
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_buffering off; proxy_buffering off;

2
nixos/server/package-configs/coturn/default.nix
View file

@ -5,7 +5,7 @@
services.coturn = { services.coturn = {
enable = true; enable = true;
use-auth-secret = true; use-auth-secret = true;
static-auth-secret-file = config.sops.secrets."coturn-auth-secret".path; static-auth-secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
realm = "turn.gladtherescake.eu"; realm = "turn.gladtherescake.eu";
relay-ips = [ relay-ips = [
"62.171.160.195" "62.171.160.195"

14
nixos/server/package-configs/dashboard/grafana/default.nix
View file

@ -18,13 +18,13 @@
url = "http://localhost:${toString config.services.prometheus.port}"; url = "http://localhost:${toString config.services.prometheus.port}";
isDefault = true; isDefault = true;
} }
{ # {
name = "Loki"; # name = "Loki";
type = "loki"; # type = "loki";
access = "proxy"; # access = "proxy";
url = "http://localhost:3100"; # url = "http://localhost:${config.services.loki.port}";
isDefault = true; # isDefault = true;
} # }
]; ];
}; };
}; };

20
nixos/server/package-configs/dashboard/prometheus/default.nix
View file

@ -1,4 +1,4 @@
{config, ...}: { {...}: {
services.prometheus = { services.prometheus = {
enable = true; enable = true;
port = 9001; port = 9001;
@ -16,19 +16,19 @@
job_name = "GrafanaService system"; job_name = "GrafanaService system";
static_configs = [ static_configs = [
{ {
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; targets = ["127.0.0.1:9002"];
} }
]; ];
} }
# Scrape the Loki service # Scrape the Loki service
{ # {
job_name = "Loki service"; # job_name = "Loki service";
static_configs = [ # static_configs = [
{ # {
targets = ["127.0.0.1:3100"]; # targets = ["127.0.0.1:3100"];
} # }
]; # ];
} # }
]; ];
}; };
} }

4
nixos/server/package-configs/default.nix
View file

@ -5,7 +5,7 @@
./gotosocial ./gotosocial
./mail-server ./mail-server
./nextcloud ./nextcloud
# ./phanpy ./phanpy
./postgres ./postgres
./roundcube ./roundcube
./coturn ./coturn
@ -13,7 +13,5 @@
#./cinny #./cinny
#./firefox-sync #./firefox-sync
./writefreely ./writefreely
./mollysocket
./jellyfin
]; ];
} }

4
nixos/server/package-configs/jellyfin/default.nix
View file

@ -1,4 +1,6 @@
{...}: { {...}: {
users.users.jellyfin.extraGroups = ["nextcloud" "aria2"];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"video.gladtherescake.eu" = { "video.gladtherescake.eu" = {
@ -14,7 +16,5 @@
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
user = "nextcloud";
group = "nextcloud";
}; };
} }

15
nixos/server/package-configs/mail-server/default.nix
View file

@ -3,10 +3,9 @@
sops.secrets."mailpass".owner = config.users.users.virtualMail.name; sops.secrets."mailpass".owner = config.users.users.virtualMail.name;
#Fix for the dovecot update #Fix for the dovecot update
# services.dovecot2.sieve.extensions = ["fileinto"]; services.dovecot2.sieve.extensions = ["fileinto"];
mailserver = { mailserver = {
stateVersion = 3;
enable = true; enable = true;
enableImap = true; enableImap = true;
enableSubmission = true; enableSubmission = true;
@ -15,21 +14,11 @@
"nextcloud.gladtherescake.eu" "nextcloud.gladtherescake.eu"
"akkoma.gladtherescake.eu" "akkoma.gladtherescake.eu"
"social.gladtherescake.eu" "social.gladtherescake.eu"
"gladtherescake.eu"
"lillianviolet.dev" "lillianviolet.dev"
"git.lillianviolet.dev" "git.lillianviolet.dev"
]; ];
loginAccounts = { loginAccounts = {
"me@gladtherescake.eu" = {
hashedPasswordFile = config.sops.secrets."mailpass".path;
aliases = [
"@gladtherescake.eu"
];
catchAll = [
"gladtherescake.eu"
];
};
"no-reply@nextcloud.gladtherescake.eu" = { "no-reply@nextcloud.gladtherescake.eu" = {
hashedPasswordFile = config.sops.secrets."mailpass".path; hashedPasswordFile = config.sops.secrets."mailpass".path;
}; };
@ -85,7 +74,6 @@
"no-reply@akkoma.gladtherescake.eu" "no-reply@akkoma.gladtherescake.eu"
"no-reply@social.gladtherescake.eu" "no-reply@social.gladtherescake.eu"
"no-reply@git.lillianviolet.dev" "no-reply@git.lillianviolet.dev"
"ongebonden@gladtherescake.eu"
]; ];
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
certificateDomains = [ certificateDomains = [
@ -93,7 +81,6 @@
"mail.lillianviolet.dev" "mail.lillianviolet.dev"
"pop3.lillianviolet.dev" "pop3.lillianviolet.dev"
"lillianviolet.dev" "lillianviolet.dev"
"gladtherescake.eu"
"mail.gladtherescake.eu" "mail.gladtherescake.eu"
]; ];
}; };

25
nixos/server/package-configs/mollysocket/default.nix
View file

@ -1,25 +0,0 @@
{config, ...}: {
sops.secrets."mollysocket-vapid-key".mode = "0440";
services.mollysocket = {
enable = true;
environmentFile = config.sops.secrets."mollysocket-vapid-key".path;
settings = {
port = 4381;
allowed_endpoints = ["https://molly.gladtherescake.eu" "https://nextcloud.gladtherescake.eu"];
allowed_uuids = ["db639f29-b7e7-431a-9c75-bcdcb87b6bdf"];
webserver = true;
};
};
services.nginx = {
virtualHosts = {
"molly.gladtherescake.eu" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:4381";
};
};
};
};
}

36
nixos/server/package-configs/nextcloud/default.nix
View file

@ -7,14 +7,13 @@
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name; sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
sops.secrets."nextclouddb".mode = "0440"; sops.secrets."nextclouddb".mode = "0440";
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name; sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
# sops.secrets."local.json".mode = "0440"; sops.secrets."local.json".mode = "0440";
# sops.secrets."local.json".owner = config.users.users.onlyoffice.name; sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
users.users = { users.users = {
# nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name]; nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
nextcloud.extraGroups = [config.users.groups.keys.name];
#aria2.extraGroups = ["nextcloud"]; #aria2.extraGroups = ["nextcloud"];
# onlyoffice.extraGroups = [config.users.users.nextcloud.name]; onlyoffice.extraGroups = [config.users.users.nextcloud.name];
}; };
# Enable Nginx # Enable Nginx
@ -50,7 +49,7 @@
enable = true; enable = true;
hostName = "nextcloud.gladtherescake.eu"; hostName = "nextcloud.gladtherescake.eu";
package = pkgs.nextcloud32; package = pkgs.nextcloud30;
# Use HTTPS for links # Use HTTPS for links
https = true; https = true;
@ -69,7 +68,6 @@
overwriteprotocol = "https"; overwriteprotocol = "https";
default_phone_region = "NL"; default_phone_region = "NL";
maintenance_window_start = 3; maintenance_window_start = 3;
log_type = "file";
}; };
appstoreEnable = true; appstoreEnable = true;
extraAppsEnable = true; extraAppsEnable = true;
@ -92,19 +90,19 @@
}; };
}; };
# services.onlyoffice = { services.onlyoffice = {
# port = 16783; port = 16783;
# enable = true; enable = true;
# hostname = "onlyoffice.gladtherescake.eu"; hostname = "onlyoffice.gladtherescake.eu";
# #postgresHost = "/run/postgesql"; #postgresHost = "/run/postgesql";
# #postgresUser = "onlyoffice"; #postgresUser = "onlyoffice";
# #postgresName = "onlyoffice"; #postgresName = "onlyoffice";
# #jwtSecretFile = config.sops.secrets."local.json".path; #jwtSecretFile = config.sops.secrets."local.json".path;
# }; };
# services.rabbitmq = { services.rabbitmq = {
# enable = true; enable = true;
# }; };
systemd.services."sops-nix.service" = { systemd.services."sops-nix.service" = {
before = [ before = [

BIN
nixos/shared/background.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 158 KiB

252
nixos/shared/default.nix
View file

@ -1,39 +1,23 @@
{ {
inputs, inputs,
outputs,
lib, lib,
config, config,
pkgs, pkgs,
pkgs-edge,
... ...
}: { }: {
imports = [ imports = [
./locale ./locale
./packages ./packages
inputs.home-manager.nixosModules.home-manager
#../hosts/${config.networking.hostName}/hardware-configuration.nix
]; ];
sops = { sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
age.keyFile = "var/secrets/keys.txt"; sops.secrets."lillian-password".neededForUsers = true;
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
#TODO: remove this when unneeded for freetube #TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"python3.12-youtube-dl-2021.12.17"
]; ];
nix = { nix = {
package = pkgs-edge.lix; package = pkgs.lix;
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
@ -48,7 +32,6 @@
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = { settings = {
trusted-users = ["root" "lillian"];
# Enable flakes and new 'nix' command # Enable flakes and new 'nix' command
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store # Deduplicate and optimize nix store
@ -58,229 +41,46 @@
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org" "https://nixpkgs-unfree.cachix.org"
"https://0uptime.cachix.org" "https://0uptime.cachix.org"
"https://attic.kennel.juneis.dog/conduit"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs=" "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE=" "0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
"conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk="
]; ];
}; };
}; };
#TODO: ugly hardcoded delete, if it ever becomes a problem fix this, else just leave it I guess catppuccin.flavor = "macchiato";
system.userActivationScripts = { catppuccin.enable = true;
removeConflictingFiles = {
text = ''
rm -f /home/lillian/.config/gtk-3.0/settings.ini.backup
rm -f /home/lillian/.config/gtk-3.0/gtk.css.backup
rm -f /home/lillian/.config/gtk-4.0/settings.ini.backup
rm -f /home/lillian/.config/gtk-4.0/gtk.css.backup
'';
};
};
catppuccin = { console.catppuccin.enable = true;
flavor = "macchiato";
tty.enable = true;
sddm.enable = true;
sddm.flavor = "macchiato";
forgejo.enable = true;
forgejo.flavor = "macchiato";
# plymouth.enable = false;
# grub.enable = false;
};
programs = { home-manager.backupFileExtension = "backup";
zsh = {
enable = true;
};
gnupg.agent = { users.users.lillian = {
enable = true; isNormalUser = true;
enableBrowserSocket = true; extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
}; shell = pkgs.zsh;
chromium = { hashedPasswordFile = config.sops.secrets."lillian-password".path;
enable = true; openssh.authorizedKeys.keys = [
#Bet these options get renamed and put under a SearchProvider subheader... "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
defaultSearchProviderSearchURL = "https://noai.duckduckgo.com/?t=ftab&q={searchTerms}"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
defaultSearchProviderEnabled = true;
extensions = ["cjpalhdlnbpafiamejdnhcphjbkeiagm" "gcbommkclmclpchllfjekcdonpmejbdp"];
};
};
stylix = {
targets.qt.platform = lib.mkForce "kde";
enable = true;
# targets.qt.platform = "kde6";
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "8aadf4";
base0E = "c6a0f6";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 24;
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible";
};
monospace = {
package = pkgs.atkinson-monolegible;
name = "Atkinson Monolegible";
};
sansSerif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible";
};
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
};
};
};
services.scx.enable =
if (pkgs.system == "aarch64-linux")
then false
else true;
fonts.packages = [
pkgs.atkinson-hyperlegible
pkgs.atkinson-monolegible
pkgs.noto-fonts-emoji-blob-bin
pkgs.noto-fonts
pkgs.nerd-fonts.fira-mono
pkgs.font-awesome
pkgs.liberation_ttf
];
fonts.fontconfig = {
useEmbeddedBitmaps = true;
# defaultFonts = {
# emoji = ["Blobmoji"];
# monospace = ["Atkinson Monolegible"];
# sansSerif = ["Atkinson Hyperlegible"];
# };
};
systemd = {
services."shutdown-zellij-zsh" = {
path = with pkgs; [killall];
enable = true;
unitConfig = {
Before = "shutdown.target";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.killall}/bin/killall -SIGKILL zellij zsh";
RemainAfterExit = "yes";
};
};
services."start-vpn-wg" =
if config.services.vpn-ip.enable
then {
path = with pkgs; [systemd];
enable = true;
unitConfig = {
Wants = "network-online.target";
After = "network-online.target";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl start wg-quick-wg0.service";
RemainAfterExit = "yes";
};
}
else {};
};
networking =
if config.services.vpn-ip.enable
then {
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = false;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
}
else {};
environment = {
systemPackages = with pkgs; [
nix-output-monitor
usbutils
]; ];
# Enable completion of system packages by zsh
pathsToLink = ["/share/zsh"];
}; };
home-manager = { programs.zsh = {
backupFileExtension = "backup"; enable = true;
extraSpecialArgs = {
inputs = inputs;
outputs = outputs;
};
users = {
# Import your home-manager configuration
lillian = import ../../home-manager/hosts/${config.networking.hostName};
};
}; };
users = { # Enable completion of system packages by zsh
users = { environment.pathsToLink = ["/share/zsh"];
lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
root = { users.mutableUsers = false;
hashedPassword = "*";
}; users.users.root = {
}; hashedPassword = "*";
mutableUsers = false;
}; };
} }

48
nixos/shared/packages/default.nix
View file

@ -22,16 +22,14 @@
install-nix-no-inhibit install-nix-no-inhibit
update update
upgrade upgrade
simple-completion-language-server # simple-completion-language-server
# System tools # System tools
age age
alejandra alejandra
e2fsprogs e2fsprogs
uutils-findutils
git git
git-filter-repo git-filter-repo
pre-commit
helix helix
home-manager home-manager
htop htop
@ -43,10 +41,6 @@
wget wget
zsh zsh
tldr tldr
nmap
knot-dns
libressl
nettools
# System libraries # System libraries
]) ])
@ -55,24 +49,24 @@
# Can be used to install latest version of some packages # Can be used to install latest version of some packages
]); ]);
# fonts = { fonts = {
# packages = with pkgs; [ packages = with pkgs; [
# noto-fonts-emoji-blob-bin noto-fonts-emoji-blob-bin
# cantarell-fonts cantarell-fonts
# dejavu_fonts dejavu_fonts
# fira-code fira-code
# noto-fonts noto-fonts
# noto-fonts-cjk-sans noto-fonts-cjk-sans
# noto-fonts-cjk-serif noto-fonts-cjk-serif
# paratype-pt-sans paratype-pt-sans
# paratype-pt-mono paratype-pt-mono
# paratype-pt-serif paratype-pt-serif
# roboto roboto
# twemoji-color-font twemoji-color-font
# font-awesome font-awesome
# atkinson-hyperlegible atkinson-hyperlegible
# fira-code-nerdfont fira-code-nerdfont
# ]; ];
# enableDefaultPackages = false; enableDefaultPackages = false;
# }; };
} }

2
pkgs/default.nix
View file

@ -14,6 +14,4 @@ pkgs: {
phanpy = pkgs.callPackage ./phanpy {}; phanpy = pkgs.callPackage ./phanpy {};
auto-mount = pkgs.callPackage ./auto-mount {}; auto-mount = pkgs.callPackage ./auto-mount {};
simple-completion-language-server = pkgs.callPackage ./simple-completion-language-server {}; simple-completion-language-server = pkgs.callPackage ./simple-completion-language-server {};
freetube-0236 = pkgs.callPackage ./freetube-0.23.6 {};
ttf-ms-win10 = pkgs.callPackage ./ttf-ms-win10 {};
} }

202
pkgs/fcast/default.nix Normal file
View file

@ -0,0 +1,202 @@
{
lib,
buildNpmPackage,
cargo,
copyDesktopItems,
dbus,
electron_28,
fetchFromGitLab,
glib,
gnome,
gtk3,
jq,
libsecret,
makeDesktopItem,
makeWrapper,
moreutils,
napi-rs-cli,
nodejs_18,
patchutils_0_4_2,
pkg-config,
python3,
runCommand,
rustc,
rustPlatform,
}: let
description = "A secure and free password manager for all of your devices";
icon = "bitwarden";
electron = electron_28;
in
buildNpmPackage rec {
pname = "bitwarden-desktop";
version = "2024.3.0";
src = fetchFromGitLab {
owner = "videostreaming";
repo = "fcast";
rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539";
hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g=";
};
patches = [
./electron-builder-package-lock.patch
];
# The nested package-lock.json from upstream is out-of-date, so copy the
# lock metadata from the root package-lock.json.
postPatch = ''
cat {,apps/desktop/src/}package-lock.json \
| ${lib.getExe jq} -s '
.[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2
| .[0].packages."" = .[1].packages.""
| .[1].packages = .[0].packages
| .[1]
' \
| ${moreutils}/bin/sponge apps/desktop/src/package-lock.json
'';
nodejs = nodejs_18;
makeCacheWritable = true;
npmFlags = ["--legacy-peer-deps"];
npmWorkspace = "apps/desktop";
npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc=";
cargoDeps = rustPlatform.fetchCargoTarball {
name = "${pname}-${version}";
inherit src;
patches =
map
(
patch:
runCommand
(builtins.baseNameOf patch)
{nativeBuildInputs = [patchutils_0_4_2];}
''
< ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out
''
)
patches;
patchFlags = ["-p4"];
sourceRoot = "${src.name}/${cargoRoot}";
hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI=";
};
cargoRoot = "apps/desktop/desktop_native";
env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
nativeBuildInputs = [
cargo
copyDesktopItems
jq
makeWrapper
moreutils
napi-rs-cli
pkg-config
python3
rustc
rustPlatform.cargoCheckHook
rustPlatform.cargoSetupHook
];
buildInputs = [
glib
gtk3
libsecret
];
preBuild = ''
if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then
echo 'ERROR: electron version mismatch'
exit 1
fi
'';
postBuild = ''
pushd apps/desktop
# desktop_native/index.js loads a file of that name regarldess of the libc being used
mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node
npm exec electron-builder -- \
--dir \
-c.electronDist=${electron}/libexec/electron \
-c.electronVersion=${electron.version}
popd
'';
doCheck = true;
nativeCheckInputs = [
dbus
(gnome.gnome-keyring.override {useWrappedDaemon = false;})
];
checkFlags = [
"--skip=password::password::tests::test"
];
checkPhase = ''
runHook preCheck
pushd ${cargoRoot}
export HOME=$(mktemp -d)
export -f cargoCheckHook runHook _eval _callImplicitHook
export cargoCheckType=release
dbus-run-session \
--config-file=${dbus}/share/dbus-1/session.conf \
-- bash -e -c cargoCheckHook
popd
runHook postCheck
'';
installPhase = ''
runHook preInstall
mkdir $out
pushd apps/desktop/dist/linux-unpacked
mkdir -p $out/opt/Bitwarden
cp -r locales resources{,.pak} $out/opt/Bitwarden
popd
makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \
--add-flags $out/opt/Bitwarden/resources/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--set-default ELECTRON_IS_DEV 0 \
--inherit-argv0
pushd apps/desktop/resources/icons
for icon in *.png; do
dir=$out/share/icons/hicolor/"''${icon%.png}"/apps
mkdir -p "$dir"
cp "$icon" "$dir"/${icon}.png
done
popd
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "bitwarden";
exec = "bitwarden %U";
inherit icon;
comment = description;
desktopName = "Bitwarden";
categories = ["Utility"];
})
];
meta = {
changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}";
inherit description;
homepage = "https://bitwarden.com";
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [amarshall kiwi];
platforms = ["x86_64-linux"];
mainProgram = "bitwarden";
};
}

121
pkgs/freetube-0.23.6/default.nix
View file

@ -1,121 +0,0 @@
{
lib,
stdenvNoCC,
fetchFromGitHub,
fetchYarnDeps,
replaceVars,
makeDesktopItem,
nodejs,
yarnConfigHook,
yarnBuildHook,
makeShellWrapper,
copyDesktopItems,
electron,
nixosTests,
}:
let
description = "Open Source YouTube app for privacy";
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "freetube";
version = "0.23.6";
src = fetchFromGitHub {
owner = "FreeTubeApp";
repo = "FreeTube";
tag = "v${finalAttrs.version}-beta";
hash = "sha256-Z1L45RHlmylfqKBY37PC5TQ3ubOgH0AHFGM7VkmtkZ0=";
};
# Darwin requires writable Electron dist
postUnpack =
if stdenvNoCC.hostPlatform.isDarwin then
''
cp -r ${electron.dist} electron-dist
chmod -R u+w electron-dist
''
else
''
ln -s ${electron.dist} electron-dist
'';
patches = [
(replaceVars ./patch-build-script.patch {
electron-version = electron.version;
})
];
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${finalAttrs.src}/yarn.lock";
hash = "sha256-ia5wLRt3Hmo4/dsB1/rhGWGJ7LMnVR9ju9lSlQZDTTg=";
};
nativeBuildInputs = [
nodejs
yarnConfigHook
yarnBuildHook
makeShellWrapper
copyDesktopItems
];
installPhase = ''
runHook preInstall
''
+ lib.optionalString stdenvNoCC.hostPlatform.isLinux ''
mkdir -p $out/share/freetube
cp -r build/*-unpacked/{locales,resources{,.pak}} -t $out/share/freetube
makeWrapper ${lib.getExe electron} $out/bin/freetube \
--add-flags "$out/share/freetube/resources/app.asar" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime=true}}"
install -D _icons/icon.svg $out/share/icons/hicolor/scalable/apps/freetube.svg
''
+ lib.optionalString stdenvNoCC.hostPlatform.isDarwin ''
mkdir -p $out/Applications
cp -r build/mac*/FreeTube.app $out/Applications
ln -s "$out/Applications/FreeTube.app/Contents/MacOS/FreeTube" $out/bin/freetube
''
+ ''
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "freetube";
desktopName = "FreeTube";
comment = description;
exec = "freetube %U";
terminal = false;
type = "Application";
icon = "freetube";
startupWMClass = "FreeTube";
mimeTypes = [ "x-scheme-handler/freetube" ];
categories = [ "Network" ];
})
];
passthru.tests = nixosTests.freetube;
meta = {
inherit description;
homepage = "https://freetubeapp.io/";
license = lib.licenses.agpl3Only;
maintainers = with lib.maintainers; [
ryneeverett
pentane
ryand56
sigmasquadron
ddogfoodd
];
badPlatforms = [
# output app is called "Electron.app" while derivation expects "FreeTube.app"
#see: https://github.com/NixOS/nixpkgs/pull/384596#issuecomment-2677141349
lib.systems.inspect.patterns.isDarwin
];
inherit (electron.meta) platforms;
mainProgram = "freetube";
};
})

13
pkgs/freetube-0.23.6/patch-build-script.patch
View file

@ -1,13 +0,0 @@
diff --git a/_scripts/ebuilder.config.js b/_scripts/ebuilder.config.js
index 5b79d961..9f5945d2 100644
--- a/_scripts/ebuilder.config.js
+++ b/_scripts/ebuilder.config.js
@@ -1,6 +1,8 @@
const { name, productName } = require('../package.json')
const config = {
+ electronVersion: "@electron-version@",
+ electronDist: "electron-dist",
appId: `io.freetubeapp.${name}`,
copyright: 'Copyleft © 2020-2024 freetubeapp@protonmail.com',
// asar: false,

7
pkgs/install-nix-no-inhibit/default.nix
View file

@ -1,6 +1,5 @@
{ {
git, git,
nix-output-monitor,
gum, gum,
writeShellApplication, writeShellApplication,
}: }:
@ -8,7 +7,7 @@ writeShellApplication
{ {
name = "install-nix-no-inhibit"; name = "install-nix-no-inhibit";
runtimeInputs = [git gum nix-output-monitor]; runtimeInputs = [git gum];
text = '' text = ''
# An install script for NixOS installation to /tmp # An install script for NixOS installation to /tmp
@ -37,8 +36,8 @@ writeShellApplication
--mode zap_create_mount \ --mode zap_create_mount \
"./disko/''${dir}/default.nix" "./disko/''${dir}/default.nix"
echo "NixOS Installing..." echo "NixOS Installing..."
sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json sudo nixos-install --flake .#"''${dir}"
sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json sudo nixos-install --flake .#"''${dir}"
popd > /dev/null popd > /dev/null
echo "Cleaning up repository in '/tmp/install-nix'..." echo "Cleaning up repository in '/tmp/install-nix'..."
rm -rf ./install-nix rm -rf ./install-nix

14
pkgs/rebuild-no-inhibit/default.nix
View file

@ -1,13 +1,9 @@
{ {writeShellApplication}:
writeShellApplication,
nix-output-monitor,
just,
}:
writeShellApplication writeShellApplication
{ {
name = "rebuild-no-inhibit"; name = "rebuild-no-inhibit";
runtimeInputs = [nix-output-monitor just]; runtimeInputs = [];
text = '' text = ''
# A rebuild script for NixOS # A rebuild script for NixOS
@ -18,11 +14,7 @@ writeShellApplication
git clone https://codeberg.org/Lillian-Violet/NixOS-Config.git ./rebuild git clone https://codeberg.org/Lillian-Violet/NixOS-Config.git ./rebuild
pushd ./rebuild > /dev/null pushd ./rebuild > /dev/null
echo "NixOS Rebuilding..." echo "NixOS Rebuilding..."
if [ "''$HOSTNAME" = shodan ]; then sudo nixos-rebuild switch --flake .#
just boot
else
just build
fi
popd > /dev/null popd > /dev/null
echo "Cleaning up repository in '/tmp/rebuild'..." echo "Cleaning up repository in '/tmp/rebuild'..."
rm -rf ./rebuild rm -rf ./rebuild

6
pkgs/simple-completion-language-server/default.nix
View file

@ -5,16 +5,16 @@
}: }:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "simple-completion-language-server"; pname = "simple-completion-language-server";
version = "6c797949ad5a6e9548b60b5475d1c9977f26c811"; version = "ff9f90bc96c347f284571bc6310bc31f95508d55";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "estin"; owner = "estin";
repo = pname; repo = pname;
rev = version; rev = version;
hash = "sha256-cITZdlDB03i7gOYbahV99wZOQ7tisnqdT/N2Z12oLFM="; hash = "sha256-qybbZXjKzKcc6UXfAjwmkkB+qEUuGQXABRbMj7bNksM=";
}; };
cargoHash = "sha256-nannF4BKRLCcsS7VznzEHqrhLHYvN4X22t8jud87XEM="; cargoHash = "sha256-VTz2Fm+PRUPM5+u9D+2TzGGIEQwb1j0Lz0WRaQ5/Yzo=";
meta = with lib; { meta = with lib; {
description = "Language server to enable word completion and snippets for Helix editor"; description = "Language server to enable word completion and snippets for Helix editor";
homepage = "https://github.com/estin/simple-completion-language-server"; homepage = "https://github.com/estin/simple-completion-language-server";

1
pkgs/simple-completion-language-server/result Symbolic link
View file

@ -0,0 +1 @@
/nix/store/3l0wgxsvf5sz2q9sgyj0blc1ivzg808b-simple-completion-language-server-ff9f90bc96c347f284571bc6310bc31f95508d55

29
pkgs/ttf-ms-win10/default.nix
View file

@ -1,29 +0,0 @@
{
lib,
stdenvNoCC,
fetchzip,
}:
stdenvNoCC.mkDerivation rec {
pname = "ttf-ms-win10";
version = "1.0";
src = fetchzip {
url = "https://github.com/streetsamurai00mi/ttf-ms-win10/archive/refs/heads/build.zip";
hash = "sha256-UwkHlrSRaXhfoMlimyXFETV9yq1SbvUXykrhigf+wP8=";
};
installPhase = ''
runHook preInstall
install -Dm644 *.ttf -t $out/share/fonts/truetype
runHook postInstall
'';
meta = with lib; {
homepage = "https://github.com/streetsamurai00mi/ttf-ms-win10";
description = "Windows 10 ttf Fonts";
license = licenses.unfree;
maintainers = [];
};
}