Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Lillian-Violet:main
Branches Tags
Lillian-Violet:main
Lillian-Violet:stylix-fixed
Lillian-Violet:Desktop-changes
Lillian-Violet:bcachefs-update-broken-queen
Lillian-Violet:fcast
Lillian-Violet:2.0
Lillian-Violet:v1.0
..
compare: Lillian-Violet:stylix-fixed
Branches Tags
Lillian-Violet:main
Lillian-Violet:stylix-fixed
Lillian-Violet:Desktop-changes
Lillian-Violet:bcachefs-update-broken-queen
Lillian-Violet:fcast
Lillian-Violet:2.0
Lillian-Violet:v1.0

1 commit
main ... stylix-fix

Author SHA1 Message Date
Lillian-Violet
e4839e4d2e all the work to make stylix work again, just need to update the flake lock when it's time 2025-04-01 17:26:15 +02:00
60 changed files with 1011 additions and 2091 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake "git+https://git.lillianviolet.dev/Lillian-Violet/dev-templates.git?dir=nix"

17
README.md
View file

@ -18,11 +18,11 @@ if you don't want to use [sops](https://github.com/Mic92/sops-nix) secret manage
Upon any of the above changes; also remove/replace the secret files, they can be found under the host configuration folders in
``hosts/<hostname>/secrets/sops.yaml``
For the hosts EDI and GLaDOS, [lanzaboote](https://github.com/nix-community/lanzaboote) has to be disabled (and re-enabled if you want secure boot after install). You can first replace enabling lanzaboot with systemd-boot. You can do this by commenting out the lanzaboote configuration, and replace the line
For the hosts EDI and GLaDOS, [lanzaboot](https://github.com/nix-community/lanzaboote) has to be disabled (and re-enabled if you want secure boot after install). You can first replace enabling lanzaboot with systemd-boot. You can do this by commenting out the lanzaboot configuration, and replace the line
``boot.loader.systemd-boot.enable = lib.mkForce false;`` with ``boot.loader.systemd-boot.enable = true``
To turn secure boot back on again you can look at the [lanzaboote](https://github.com/nix-community/lanzaboote) repository and follow the install steps.
To turn secure boot back on again you can look at the [lanzaboot](https://github.com/nix-community/lanzaboote) repository and follow the install steps.
Then run this command with your cloned github repo (I put mine in /etc/nixos):
@ -46,16 +46,6 @@ To test if your build succeeds the basic checks and can start building the artif
Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run)
## Post installation
I have made a few commands for post installation (and for an iso installer to use) that make life a bit easier, they are automatically added to the [$PATH](https://en.wikipedia.org/wiki/PATH_(variable)). The commands will automatically inhibit sleep and standby so you don't have to worry about them getting interrupted.
| Command | Effect |
| ------------- | ------------- |
| rebuild | Use the latest version of the repo and do a nixos-rebuild switch on it to upgrade your system. |
| update | Update the flake lock in the repo, run a test to see if nothing breaks, and then push the flake lock update done to the repo. |
| upgrade | Run update and rebuild one after the other, useful for a quick upgrade. |
| install | Run a script that automatically lets you select a host to format the disks with disko, install nixos on that disk, and deploy the entire configuration. (useful for instal USBs) |
## Technical details
### [Home manager](https://github.com/nix-community/home-manager)
@ -67,6 +57,3 @@ The secrets are managed in sops files within the hosts folders, there is only on
``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"``
This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself.
### [Just](https://github.com/casey/just)
This repo uses just as a command runner for setting up and building the nixos files more easily. The programs needed to run all the commands are nix, just, and nom (nix output monitor). The commands you can use can be found in the justfile (named justfile in the root of this repo). This is purely for convenience, it doesn't add anything you could not manually do, it just automates a lot of steps.

43
disko/GLaDOS/default.nix
View file

@ -1,9 +1,9 @@
{
disko.devices = {
disk = {
main = {
sda1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1";
device = "/dev/disk/by-path/pci-0000:06:00.0-ata-6";
content = {
type = "gpt";
partitions = {
@ -14,14 +14,16 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
mountOptions = [
"defaults"
];
};
};
nvme_luks = {
luks = {
size = "100%";
content = {
type = "luks";
name = "nvme_crypted";
name = "crypted";
extraOpenArgs = [];
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
@ -29,30 +31,47 @@
#keyFile = "/tmp/secret.key";
allowDiscards = true;
};
#additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "lvm_pv";
vg = "nvme_pool";
vg = "pool";
};
};
};
};
};
};
#sdc = {
#device = "/dev/disk/by-path/pci-0000:06:00.0-ata-2";
#type = "disk";
#content = {
#type = "gpt";
#partitions = {
#root = {
#size = "100%";
#content = {
#type = "filesystem";
#format = "ext4";
#mountpoint = "/media";
#};
#};
#};
#};
#};
};
lvm_vg = {
nvme_pool = {
pool = {
type = "lvm_vg";
lvs = {
nvme_swap = {
size = "32G";
swap = {
size = "16G";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true; # resume from hiberation from this device
};
};
nvme_root = {
size = "100%";
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";

576
flake.lock generated
View file

File diff suppressed because it is too large Load diff

76
flake.nix
View file

@ -13,11 +13,11 @@
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
# bcachefs-tools = {
# url = "github:koverstreet/bcachefs-tools";
# inputs.nixpkgs.follows = "nixpkgs";
# inputs.flake-parts.follows = "flake-parts";
# };
bcachefs-tools = {
url = "github:koverstreet/bcachefs-tools";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
};
flake-parts = {
url = "github:hercules-ci/flake-parts"; # Flake parts for easy flake management
@ -33,7 +33,11 @@
# catpuccin theme
catppuccin.url = "github:catppuccin/nix";
# Conduwuit fork after it shut down
# Conduit fork without all the fuss and drama
# conduwuit = {
# url = "github:girlbossceo/conduwuit";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# Nix index database files
nix-index-database.url = "github:nix-community/nix-index-database";
@ -70,15 +74,12 @@
zjstatus.url = "github:dj95/zjstatus";
# preservation
preservation.url = "github:nix-community/preservation";
# Fix for steam cursor not being visible under wayland
# Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware";
# Stylix theming engine
stylix.url = "github:nix-community/stylix";
stylix.url = "github:danth/stylix";
};
outputs = {
@ -98,16 +99,10 @@
jovian,
nixos-hardware,
nix-index-database,
preservation,
# conduwuit,
stylix,
...
} @ inputs: let
supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];
forEachSupportedSystem = f:
nixpkgs.lib.genAttrs supportedSystems (system:
f {
pkgs = import nixpkgs {inherit system;};
});
inherit (self) outputs;
inherit (inputs) nixpkgs-edge;
# Supported systems for your flake packages, shell, etc.
@ -134,11 +129,9 @@
catppuccin.nixosModules.catppuccin
stylix.nixosModules.stylix
nix-index-database.nixosModules.nix-index
preservation.nixosModules.preservation
{programs.nix-index-database.comma.enable = true;}
{
home-manager.sharedModules = [
catppuccin.homeModules.catppuccin
inputs.catppuccin.homeModules.catppuccin
./home-manager/shared
sops-nix.homeManagerModules.sops
];
@ -149,18 +142,12 @@
./nixos/desktop
{
home-manager.sharedModules = [
inputs.plasma-manager.homeModules.plasma-manager
inputs.plasma-manager.homeManagerModules.plasma-manager
./home-manager/desktop
];
}
];
in {
devShells = forEachSupportedSystem ({pkgs}: {
default = pkgs.mkShell {
packages = with pkgs; [nom just git];
};
});
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system:
@ -185,18 +172,6 @@
# NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#your-hostname'
nixosConfigurations = {
# nixIso = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules =
# sharedModules
# ++ desktopModules
# ++ [
# ./nixos/hosts/iso/configuration.nix
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
# ];
# };
EDI = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -220,6 +195,7 @@
++ desktopModules
++ [
{_module.args = {inherit pkgs-edge;};}
jovian.nixosModules.jovian
# > Our main nixos configuration file <
./nixos/hosts/GLaDOS/configuration.nix
lanzaboote.nixosModules.lanzaboote
@ -244,7 +220,6 @@
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ desktopModules
++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
@ -253,22 +228,21 @@
jovian.nixosModules.jovian
{
home-manager.sharedModules = [
inputs.plasma-manager.homeModules.plasma-manager
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
# wheatley = nixpkgs.lib.nixosSystem {
# system = "aarch64-linux";
# specialArgs = {inherit inputs outputs;};
# modules =
# sharedModules
# ++ [
# {_module.args = {inherit pkgs-edge;};}
# ./nixos/hosts/wheatley/configuration.nix
# ];
# };
wheatley = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ [
./nixos/hosts/wheatley/configuration.nix
];
};
};
};
}

44
home-manager/desktop/default.nix
View file

@ -13,8 +13,8 @@
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
./package-configs/plasma-desktop
./package-configs/firefox
./package-configs/plasma-desktop.nix
./package-configs/firefox.nix
./package-configs/konsole
./package-configs/foot
./package-configs/freetube
@ -60,6 +60,7 @@
# })
];
config = {
permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"];
# Configure your nixpkgs instance
# Disable if you don't want unfree packages
@ -134,19 +135,6 @@
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.mozilla/firefox";
target = ".floorp";
};
librewolf = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.mozilla/firefox";
target = ".librewolf";
};
steam = {
source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.local/share/Steam/";
target = "Steam";
};
# instances = {
# source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/instances";
# target = ".local/share/PrismLauncher/instances";
# force = true;
# };
};
# Add stuff for your user as you see fit:
@ -158,8 +146,8 @@
direnv
git
git-credential-manager
git-credential-manager
ruff
devtoolbox
# Chat applications:
signal-desktop
@ -168,7 +156,8 @@
# Gaming:
prismlauncher
heroic
steam
gamescope
# Multimedia:
vlc
@ -176,7 +165,7 @@
fcast-client
# Office applications:
onlyoffice-desktopeditors
onlyoffice-bin
gimp
thunderbird
@ -185,8 +174,8 @@
flameshot
fzf
nextcloud-client
# nitrokey-app
# protonvpn-gui
nitrokey-app
protonvpn-gui
virtualbox
#watchmate
qbittorrent
@ -209,6 +198,7 @@
# Web browsing:
firefoxpwa
firefoxpwa
ungoogled-chromium
];
};
@ -233,12 +223,6 @@
# ];
# };
chromium = {
extensions = [
{id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";}
];
};
obs-studio.enable = true;
obs-studio.plugins = with pkgs.obs-studio-plugins; [
wlrobs
@ -250,11 +234,9 @@
home-manager.enable = true;
git = {
enable = true;
settings = {
user = {
name = "Lillian-Violet";
email = "git@lillianviolet.dev";
};
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
extraConfig = {
init = {
defaultBranch = "main";
};

45
home-manager/desktop/package-configs/firefox/default.nix → home-manager/desktop/package-configs/firefox.nix
View file

@ -1,16 +1,11 @@
{pkgs, ...}: {
stylix.targets.firefox.profileNames = ["lillian"];
programs.firefox = {
enable = true;
nativeMessagingHosts = [pkgs.firefoxpwa];
package = pkgs.librewolf;
profiles.default = {isDefault = false;};
package = pkgs.floorp;
profiles.lillian = {
isDefault = true;
id = 1;
settings = {
"sidebar.verticalTabs" = true;
"sidebar.visibility" = "expand-on-hover";
"browser.aboutConfig.showWarning" = false;
"browser.bookmarks.addedImportButton" = true;
"browser.bookmarks.restore_default_bookmarks" = false;
@ -81,7 +76,7 @@
bookmarks = [
{
name = "PoE2 build sorceres";
tags = ["PoE" "PoE2" "path of exile" "path of exile 2" "games" "guides" "build" "sorcerer" "sorceress"];
tags = ["PoE" "PoE2" "path of exile" "path of exile 2" "games" "guides" "build" "sorcerer" "sorceres"];
url = "https://maxroll.gg/poe2/planner/caeye0hz";
}
{
@ -91,42 +86,6 @@
}
];
}
{
name = "Cooking";
toolbar = false;
bookmarks = [
{
name = "Maldivian chili paste";
tags = ["cooking" "maldives" "maldivian]" "chili paste" "chili" "spicy" "food" "sauce" "recipes"];
url = "https://maldivescook.com/recipe/lonumirus/";
}
{
name = "Samosas";
tags = ["cooking" "india" "fried" "baked" "snack" "pastry" "samosa"];
url = "https://www.indianhealthyrecipes.com/samosa-recipe-make-samosa/";
}
{
name = "Sticky Toffee Pudding";
tags = ["baking" "UK" "England" "dessert" "treat" "snack" "baked" "sweet" "treacle" "dates"];
url = "https://www.latimes.com/recipe/sticky-toffee-pudding-moju";
}
{
name = "Vegan Pumpkin Cheesecake";
tags = ["baking" "vegan" "US" "cheesecake" "cake" "dessert" "sweet" "baked" "pumpkin" "cream cheese"];
url = "https://www.karissasvegankitchen.com/vegan-pumpkin-cheesecake/";
}
{
name = "Vegan Cheesecake";
tags = ["baking" "US" "vegan" "cheesecake" "cake" "dessert" "sweet" "baked" "nut free" "cream cheese"];
url = "https://www.noracooks.com/vegan-cheesecake/";
}
{
name = "Biscotti";
tags = ["baking" "Italian" "cookies" "sweet" "dessert" "fruits" "nuts" "almonds" "cranberries" "lemon"];
url = "https://italianchef.org/the-ultimate-guide-to-homemade-italian-biscotti-recipes-tips-and-variations/";
}
];
}
];
};
};

1
home-manager/desktop/package-configs/foot/default.nix
View file

@ -4,6 +4,7 @@
# catppuccin.enable = true;
settings = {
main = {
font = "Atkinson Monolegible:size=12";
};
mouse = {

64
home-manager/desktop/package-configs/plasma-desktop/default.nix → home-manager/desktop/package-configs/plasma-desktop.nix
View file

@ -1,23 +1,4 @@
{
osConfig,
pkgs,
config,
...
}: {
#TODO: make the creation of the command file easier, for now this is a nice solution though
systemd.user.services."set-kde-connect-commands" = {
Install = {
WantedBy = ["default.target"];
};
Service = {
Type = "OneShot";
ExecStart = "${pkgs.writeShellScript "set-kde-connect-commands" ''
#!/run/current-system/sw/bin/bash
find ${config.home.homeDirectory}/.config/kdeconnect/ -type d -name \'kdeconnect_runcommand\' -execdir cp ${builtins.toPath ./kde-connect-commands} {}+"/config" \;
''}";
RemainAfterExit = true;
};
};
{osConfig, ...}: {
home.file.".config/kdeconnect/config" = {
text = ''
[General]
@ -28,30 +9,6 @@
target = ".config/kdeconnect/config";
force = true;
};
home.file."Games/.directory" = {
text = ''
[Desktop Entry]
Icon=folder-games
'';
target = "Games/.directory";
force = true;
};
home.file."Code/.directory" = {
text = ''
[Desktop Entry]
Icon=folder-script
'';
target = "Code/.directory";
force = true;
};
home.file."Writing/.directory" = {
text = ''
[Desktop Entry]
Icon=folder-notes
'';
target = "Writing/.directory";
force = true;
};
programs.plasma = {
enable = true;
@ -117,8 +74,6 @@
hidden = [
"Xwayland Video Bridge_pipewireToXProxy"
"org.kde.plasma.devicenotifier"
"org.kde.plasma.keyboardindicator"
"org.kde.plasma.keyboardlayout"
"org.kde.kscreen"
"org.kde.plasma.printmanager"
"chrome_status_icon_1"
@ -126,9 +81,8 @@
"Nitrokey App"
"qBittorrent"
"vlc"
"obs"
"steam"
"nitrokey-app"
"Thunderbird Daily"
];
};
}
@ -164,16 +118,18 @@
config = {
General = {
launchers = [
"applications:librewolf.desktop"
"applications:floorp.desktop"
"applications:systemsettings.desktop"
"applications:org.kde.dolphin.desktop"
"applications:signal.desktop"
"applications:signal-desktop.desktop"
"applications:vesktop.desktop"
"applications:thunderbird.desktop"
"applications:cinny.desktop"
"applications:steam.desktop"
"applications:noisetorch.desktop"
"applications:org.kde.plasma-systemmonitor.desktop"
"applications:foot.desktop"
"applications:nitrokey-app.desktop"
"applications:freetube.desktop"
];
};
@ -263,12 +219,12 @@
"mediacontrol"."previousmedia" = "Media Previous";
"mediacontrol"."stopmedia" = "Media Stop";
"org_kde_powerdevil"."Decrease Keyboard Brightness" = "Keyboard Brightness Down";
"org_kde_powerdevil"."Decrease Screen Brightness" = ["Monitor Brightness Down" "Ctrl+Volume Down"];
"org_kde_powerdevil"."Decrease Screen Brightness Small" = ["Monitor Brightness Down" "Ctrl+Shift+Volume Down"];
"org_kde_powerdevil"."Decrease Screen Brightness" = "Monitor Brightness Down";
"org_kde_powerdevil"."Decrease Screen Brightness Small" = "Shift+Monitor Brightness Down";
"org_kde_powerdevil"."Hibernate" = "Hibernate";
"org_kde_powerdevil"."Increase Keyboard Brightness" = "Keyboard Brightness Up";
"org_kde_powerdevil"."Increase Screen Brightness" = ["Monitor Brightness Up" "Ctrl+Volume Up"];
"org_kde_powerdevil"."Increase Screen Brightness Small" = ["Shift+Monitor Brightness Up" "Ctrl+Shift+Volume Up"];
"org_kde_powerdevil"."Increase Screen Brightness" = "Monitor Brightness Up";
"org_kde_powerdevil"."Increase Screen Brightness Small" = "Shift+Monitor Brightness Up";
"org_kde_powerdevil"."PowerDown" = "Power Down";
"org_kde_powerdevil"."PowerOff" = "Power Off";
"org_kde_powerdevil"."Sleep" = "Sleep";

2
home-manager/desktop/package-configs/plasma-desktop/kde-connect-commands
View file

@ -1,2 +0,0 @@
[General]
commands="@ByteArray({\"2574d457_7a99_40a3_8239_24407c7a074d\":{\"command\":\"loginctl unlock-session\",\"name\":\"unlock\"},\"2bbbb9cc_892a_44a1_b097_27b149387511\":{\"command\":\"bluetoothctl disconnect 38:18:4C:11:56:99\",\"name\":\"disconnect headset\"},\"35ad74aa_c1f0_4dd7_a392_2b2676105b62\":{\"command\":\"systemctl hibernate\",\"name\":\"hibernate\"},\"5dd755de_e098_4907_982d_bedba5c3511d\":{\"command\":\"loginctl lock-session\",\"name\":\"lock\"},\"6423946a_b13e_4127_a0d0_0ca38e79fa0f\":{\"command\":\"bluetoothctl connect 38:18:4C:11:56:99\",\"name\":\"connect headset\"},\"690a4134_162b_4851_83a4_bf75722c699a\":{\"command\":\"systemctl suspend\",\"name\":\"suspend\"},\"99ae3913_1757_4ed0_ad7e_91c6f5d740ef\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"mute\\\"\",\"name\":\"mute\"},\"b11480dd_19f7_49c0_9dcc_3065ddc5150b\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"mic_mute\\\"\",\"name\":\"mute mic\"},\"bd36530a_9ed5_4345_989d_189c27b3ce00\":{\"command\":\"systemctl reboot\",\"name\":\"reboot\"},\"cf6180f7_e4bd_4f15_a9d1_19ed14e99913\":{\"command\":\"file=\\\"$HOME/Images/WebcamImage_$(date \\\"+%Y%m%d_%H%M%S\\\").jpg\\\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \\\"${file}\\\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \\\"${file}\\\"\",\"name\":\"webcam to phone\"},\"d31a3cab_bb6a_459d_89fb_533d0d8fec61\":{\"command\":\"systemctl poweroff\",\"name\":\"shutdown\"},\"f08e1a64_53be_41da_b942_e05e45f1d69c\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"decrease_volume\\\"\",\"name\":\"volume down\"},\"fbd67152_2a58_4d5d_a210_982fa0eeb171\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"increase_volume\\\"\",\"name\":\"volume up\"},\"fc3adde9_7049_4166_bcda_a74d13ec91eb\":{\"command\":\"file=/tmp/$(hostname)_$(date \\\"+%Y%m%d_%H%M%S\\\").png; spectacle -bo \\\"${file}\\\" && while ! [ -f \\\"${file}\\\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \\\"${file}\\\"\",\"name\":\"screenshot to phone\"}})"

4
home-manager/hosts/EDI/lillian.nix
View file

@ -16,10 +16,8 @@
];
home.packages = with pkgs; [
lutris
android-tools
];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "26.05";
home.stateVersion = "25.05";
}

7
home-manager/hosts/GLaDOS/lillian.nix
View file

@ -17,11 +17,8 @@
home.packages = with pkgs; [
r2modman
ryubing
ryujinx
lutris
vscodium
intiface-central
unrar
];
programs.mangohud = {
@ -30,5 +27,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "26.05";
home.stateVersion = "25.05";
}

1
home-manager/hosts/iso/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS

4
home-manager/hosts/iso/lillian.nix
View file

@ -11,11 +11,13 @@
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../desktop
../../shared
];
home.packages = with pkgs; [
];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.11";
home.stateVersion = "25.05";
}

2
home-manager/hosts/queen/id_ed25519.pub
View file

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtwcWXnwOOI8G3NqAMfTeuSuDk9ly5xqwQDH2Iey3u+ lillian@queen
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS

2
home-manager/hosts/queen/lillian.nix
View file

@ -35,5 +35,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "26.05";
home.stateVersion = "25.05";
}

2
home-manager/hosts/shodan/id_ed25519.pub
View file

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL279XPFj1nzLDozFclntPh8rOcn3d1B5iJNGds9Ray6 lillian@shodan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS

76
home-manager/hosts/shodan/lillian.nix
View file

@ -12,8 +12,13 @@
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../desktop/package-configs/plasma-desktop.nix
../../desktop/package-configs/firefox.nix
../../desktop/package-configs/konsole
../../desktop/package-configs/foot
../../desktop/package-configs/freetube
../../desktop/package-configs/vesktop
../../shared
../../desktop
];
nixpkgs = {
# You can add overlays here
@ -28,17 +33,82 @@
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
home = {
username = "lillian";
homeDirectory = "/home/lillian";
};
home.packages = with pkgs; [
#Chat:
vesktop
#Gaming:
prismlauncher
r2modman
ryubing
ryujinx
# Multimedia:
freetube
obs-studio
vlc
fcast-receiver
fcast-client
# System tools:
rage
flameshot
fzf
nextcloud-client
nitrokey-app
protonvpn-gui
sops
#watchmate
qbittorrent
zsh
# Theming:
catppuccin-cursors
(catppuccin-kde.override {
flavour = ["macchiato"];
accents = ["mauve"];
})
catppuccin-plymouth
catppuccin-sddm-corners
# Web browsing:
firefox
ungoogled-chromium
];
programs = {
# # Automount services for user
# programs.bashmount.enable = true;
# services.udiskie = {
# enable = true;
# automount = true;
# notify = false;
# tray = "never";
# };
# Enable home-manager and git
home-manager.enable = true;
git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
signing.format = "ssh";
};
};
# Make the kde screenlock not require a password :)
programs.plasma.kscreenlocker.passwordRequired = false;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "26.05";
home.stateVersion = "25.05";
}

2
home-manager/hosts/wheatley/id_ed25519.pub
View file

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxXVL6QAiMLwvUYBtXCbkHEh6ENgaEO/rkZWSPJrjLJ lillian@wheatley
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS

2
home-manager/hosts/wheatley/lillian.nix
View file

@ -35,5 +35,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "26.05";
home.stateVersion = "25.05";
}

46
home-manager/kde-connect-commands.json Normal file
View file

@ -0,0 +1,46 @@
[
{
"command": "systemctl poweroff",
"name": "shutdown"
},
{
"command": "systemctl reboot",
"name": "reboot"
},
{
"command": "systemctl suspend",
"name": "suspend"
},
{
"command": "systemctl hibernate",
"name": "hibernate"
},
{
"command": "loginctl lock-session",
"name": "lock"
},
{
"command": "loginctl unlock-session",
"name": "unlock"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
"name": "mute"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
"name": "mute mic"
},
{
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "screenshot to phone"
},
{
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "webcam to phone"
},
{
"command": "",
"name": ""
}
]

83
home-manager/shared/default.nix
View file

@ -1,6 +1,7 @@
{
pkgs,
osConfig,
lib,
...
}: {
imports = [
@ -12,7 +13,6 @@
./shell/eza.nix
./shell/hyfetch.nix
];
home = {
username = "lillian";
homeDirectory = "/home/lillian";
@ -21,8 +21,18 @@
target = ".ssh/id_ed25519.pub";
force = true;
};
};
packages = with pkgs; [
catppuccin = {
flavor = "macchiato";
btop.enable = true;
cache.enable = true;
chromium.enable = true;
freetube.enable = true;
freetube.flavor = "macchiato";
};
home.packages = with pkgs; [
# System tools:
vscode-langservers-extracted
sops
@ -35,16 +45,6 @@
nil
gh
];
};
catppuccin = {
flavor = "macchiato";
btop.enable = true;
cache.enable = true;
chromium.enable = true;
freetube.enable = true;
freetube.flavor = "macchiato";
};
programs = {
navi.enable = true;
yazi = {
@ -54,36 +54,33 @@
# };
};
};
# stylix.enable = true;
# qt.platformTheme.name = lib.mkForce "kvantum";
# qt.style.name = lib.mkForce "kvantum";
# stylix = {
# enable = true;
# autoEnable = true;
# base16Scheme = {
# scheme = "Catppuccin Macchiato";
# author = "https://github.com/catppuccin/catppuccin";
# base00 = "24273a";
# base01 = "1e2030";
# base02 = "363a4f";
# base03 = "494d64";
# base04 = "5b6078";
# base05 = "cad3f5";
# base06 = "f4dbd6";
# base07 = "b7bdf8";
# base08 = "ed8796";
# base09 = "f5a97f";
# base0A = "eed49f";
# base0B = "a6da95";
# base0C = "8bd5ca";
# base0D = "8aadf4";
# base0E = "c6a0f6";
# base0F = "f0c6c6";
# };
# image = ./background.jpg;
# cursor.package = pkgs.catppuccin-cursors;
# cursor.name = "catppuccin-macchiato-mauve-cursors";
# cursor.size = 16;
# };
stylix = {
enable = true;
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "8aadf4";
base0E = "c6a0f6";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 16;
};
}

50
home-manager/shared/kde-connect-commands.json
View file

@ -1,50 +0,0 @@
[
{
"command": "systemctl poweroff",
"name": "shutdown"
},
{
"command": "systemctl reboot",
"name": "reboot"
},
{
"command": "systemctl suspend",
"name": "suspend"
},
{
"command": "systemctl hibernate",
"name": "hibernate"
},
{
"command": "loginctl lock-session",
"name": "lock"
},
{
"command": "loginctl unlock-session",
"name": "unlock"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
"name": "mute"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
"name": "mute mic"
},
{
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "screenshot to phone"
},
{
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "webcam to phone"
},
{
"command": "bluetoothctl connect 38:18:4C:11:56:99",
"name": "connect headset"
},
{
"command": "bluetoothctl disconnect 38:18:4C:11:56:99",
"name": "disconnect headset"
}
]

3
home-manager/shared/shell/helix/helix.nix
View file

@ -7,7 +7,7 @@
}:
rustPlatform.buildRustPackage rec {
pname = "helix";
version = "25.01.1";
version = "24.07";
# This release tarball includes source code for the tree-sitter grammars,
# which is not ordinarily part of the repository.
@ -17,7 +17,6 @@ rustPlatform.buildRustPackage rec {
stripRoot = false;
};
useFetchCargoVendor = true;
cargoHash = "";
nativeBuildInputs = [git installShellFiles];

1
home-manager/shared/shell/hyfetch.nix
View file

@ -10,7 +10,6 @@
mode = "horizontal";
};
backend = "neofetch";
pride_month_disable = false;
};
};
}

24
home-manager/shared/shell/zellij/default.nix
View file

@ -55,23 +55,23 @@
default_tab_template {
pane size=1 borderless=true {
plugin location="file:${inputs.zjstatus.packages.${pkgs.stdenv.hostPlatform.system}.default}/bin/zjstatus.wasm" {
format_left "#[bg=#24273A,fg=#cad3f5,bold] {session} {mode} {tabs}"
format_right "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#1e2030,bold]{datetime}#[bg=#24273A,fg=#cad3f5]"
plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" {
format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}"
format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]"
mode_locked "#[fg=magenta,bold] {name} "
mode_normal "#[fg=green,bold] {name} "
mode_resize "#[fg=orange,bold] {name} "
mode_default_to_mode "resize"
tab_normal "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#24273A,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#cad3f5,fg=#cad3f5]#[bg=#24273A,fg=#cad3f5]"
tab_active "#[bg=#a6da95,fg=#24273A]#[bg=#a6da95,fg=#a6da95]#[bg=#a6da95,fg=#1e2030,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#a6da95,fg=#a6da95]#[bg=#24273A,fg=#a6da95]"
tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]"
tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]"
tab_sync_indicator " "
tab_fullscreen_indicator " "
tab_floating_indicator "󰉈 "
datetime "#[bg=#cad3f5,fg=#1e2030,bold]{format} "
datetime "#[bg=#C9D2F5,fg=#1D1D2E,bold]{format} "
datetime_format "%Y-%m-%d %H:%M"
datetime_timezone "Europe/Amsterdam"
}
@ -138,23 +138,23 @@
default_tab_template {
pane size=1 borderless=true {
plugin location="file:${inputs.zjstatus.packages.${pkgs.stdenv.hostPlatform.system}.default}/bin/zjstatus.wasm" {
format_left "#[bg=#24273A,fg=#cad3f5,bold] {session} {mode} {tabs}"
format_right "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#1e2030,bold]{datetime}#[bg=#24273A,fg=#cad3f5]"
plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" {
format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}"
format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]"
mode_locked "#[fg=magenta,bold] {name} "
mode_normal "#[fg=green,bold] {name} "
mode_resize "#[fg=orange,bold] {name} "
mode_default_to_mode "resize"
tab_normal "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#1e2030,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#cad3f5,fg=#cad3f5]#[bg=#24273A,fg=#cad3f5]"
tab_active "#[bg=#a6da95,fg=#24273A]#[bg=#a6da95,fg=#a6da95]#[bg=#a6da95,fg=#1e2030,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#a6da95,fg=#a6da95]#[bg=#24273A,fg=#a6da95]"
tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]"
tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]"
tab_sync_indicator " "
tab_fullscreen_indicator " "
tab_floating_indicator "󰉈 "
datetime "#[bg=#cad3f5,fg=#1e2030,bold]{format} "
datetime "#[bg=#C9D2F5,fg=#1D1D2E,bold]{format} "
datetime_format "%Y-%m-%d %H:%M"
datetime_timezone "Europe/Amsterdam"
}

2
home-manager/shared/shell/zsh.nix
View file

@ -61,7 +61,7 @@
];
};
# Extra commands that take more complex forms
initContent = ''
initExtra = ''
eval "$(zoxide init --cmd cd zsh)"
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }

28
justfile
View file

@ -1,44 +1,22 @@
# Build the nixos configuration and switch to it
build:
sudo echo "sudo check..." && sudo nixos-rebuild --fallback --log-format internal-json -v switch --flake .# --show-trace |& nom --json
sudo nixos-rebuild switch --flake .# --show-trace
# Build the nixos configuration bot don't switch to it until a reboot
boot:
sudo echo "sudo check..." && sudo nixos-rebuild --fallback --log-format internal-json -v boot --flake .# --show-trace |& nom --json
# Run the nix flake in the nix repl
run:
nix-repl -f flake:nixpkgs
# Check the nix configuration for errors
test:
sudo echo "sudo check..." && sudo nix flake check --show-trace --log-format internal-json -v |& nom --json
sudo nix flake check --show-trace
# Update the flake lock
update:
nix flake update --log-format internal-json -v |& nom --json && zsh
nix flake update
# Clean your nix store and optimize it
clean:
sudo nix-collect-garbage
sudo nix-store --optimise
# Set up the commit hook for testing before doing a commit
setup:
#!/run/current-system/sw/bin/bash -e
if [ -s ./.git/hooks/pre-commit ]; then
read -p $"This file already contains the following text:
$(<./.git/hooks/pre-commit)
Do you want to add the test hook (y/N)? (This will NOT delete data)" choice
case "$choice" in
y|Y ) echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit && echo "Added test hook to pre-commit.";;
* ) echo "No test added to pre-commit.";;
esac
else
echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit
fi
# Make sure all the git actions of pulling, adding all files, committing, and pushing are done in one command
push:
git pull
git add *

68
nixos/desktop/default.nix
View file

@ -28,15 +28,9 @@
allowUnfree = true;
};
};
services.udev.extraRules = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="057e", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
'';
environment.systemPackages = with pkgs;
[
environment.systemPackages =
(with pkgs; [
# Custom tools
dvd
dvt
@ -45,13 +39,9 @@
# System tools
aha
ttf-ms-win10
wineWowPackages.stable
bottles
tpm2-abrmd
jdk21_headless
#bcachefs-tools
clinfo
comma
direnv
exfat
exfatprogs
@ -72,12 +62,7 @@
zsh
# KDE/QT
kdePackages.plasma-desktop
kdePackages.plasma-wayland-protocols
kdePackages.libplasma
kdePackages.plasma-integration
kdePackages.plasma-activities
kdePackages.plasma-workspace
krunner-translator
kdePackages.discover
kdePackages.filelight
kdePackages.kcalc
@ -95,56 +80,45 @@
kdePackages.krdc
kdePackages.krfb
kdePackages.kate
kdePackages.xwaylandvideobridge
libportal-qt5
libportal
# User tools
freetube
noisetorch
qjackctl
wireplumber
intiface-central
#rustdesk
]
])
++ (with pkgs-edge; [
kdePackages.plasma-vault
freetube
# list of latest packages from nixpkgs master
# Can be used to install latest version of some packages
]);
fonts.packages = [pkgs.ttf-ms-win10];
sops = {
secrets."nextcloud-password" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.netrc";
};
secrets."prod.keys" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.config/Ryujinx/system/prod.keys";
};
secrets."title.keys" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.config/Ryujinx/system/title.keys";
};
};
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
# nix-index.enable = true;
nix-index.enable = true;
nix-index-database.comma.enable = true;
direnv = {
enable = true;
};
# steam = {
# enable = true;
# remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
# extest.enable = true;
# };
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
kdeconnect.enable = true;
noisetorch = {
@ -152,8 +126,6 @@
};
};
xdg.portal.enable = true;
# Enable networking
networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
@ -164,10 +136,10 @@
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
# displayManager.sddm = {
# enable = true;
# wayland.enable = true;
# };
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
displayManager.defaultSession = "plasma";
desktopManager.plasma6.enable = true;
desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;

18
nixos/desktop/package-configs/firefox/default.nix
View file

@ -1,7 +1,11 @@
{pkgs, ...}: {
{
config,
pkgs,
...
}: {
programs.firefox = {
enable = true;
package = pkgs.librewolf;
package = pkgs.floorp;
policies = {
DisableTelemetry = true;
DisableFirefoxStudies = true;
@ -115,10 +119,10 @@
installation_mode = "force_installed";
};
# Tree Style Tabs
# "treestyletab@piro.sakura.ne.jp" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/tree-style-tab/latest.xpi";
# installation_mode = "force_installed";
# };
"treestyletab@piro.sakura.ne.jp" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/tree-style-tab/latest.xpi";
installation_mode = "force_installed";
};
# Adaptive Tab Bar Colour
"ATBC@EasonWong" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/Adaptive-Tab-Bar-Colour/latest.xpi";
@ -156,8 +160,6 @@
"floorp.tabbar.style" = 2;
"floorp.browser.user.interface" = 8;
"signon.rememberSignons" = true;
"browser.ml.chat.enabled" = false;
"browser.ml.chat.shortcuts" = false;
};
# TODO: switch to ManagedBookmarks as this will be dropped at some point https://mozilla.github.io/policy-templates/#managedbookmarks
# Bookmarks = [

52
nixos/hosts/EDI/configuration.nix
View file

@ -24,54 +24,8 @@
];
environment.systemPackages = with pkgs; [
gparted
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
programs.virt-manager.enable = true;
users.groups.libvirtd.members = ["lillian"];
virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"invalid users" = [
"root"
];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
public = {
browseable = "yes";
comment = "Public samba share.";
"guest ok" = "yes";
path = "/home/lillian/samba";
"read only" = "no";
};
};
};
users.groups.samba.members = ["lillian"];
services.vpn-ip = {
ip = "3";
};
@ -92,11 +46,9 @@
loader.systemd-boot.enable = lib.mkForce false;
initrd.systemd.enable = true;
binfmt.emulatedSystems = ["aarch64-linux"];
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
pkiBundle = "/etc/secureboot";
};
kernelModules = [
"iwlmvm"
@ -105,5 +57,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "26.05";
system.stateVersion = "25.05";
}

56
nixos/hosts/GLaDOS/configuration.nix
View file

@ -11,6 +11,7 @@
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
inputs.jovian.nixosModules.jovian
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -30,17 +31,8 @@
];
environment.systemPackages = with pkgs; [
gparted
];
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
services.vpn-ip = {
ip = "2";
};
@ -48,14 +40,17 @@
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"];
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
hardware = {
# Add vulkan support to GPU
graphics.extraPackages = with pkgs; [
amdvlk
];
# For 32 bit applications
graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
};
programs = {
# gamemode.enable = false;
# gamemode.settings = {
# general = {
@ -76,25 +71,32 @@
# };
};
jovian = {
steam = {
enable = true;
autoStart = false;
user = "lillian";
desktopSession = "plasma";
};
decky-loader = {
enable = true;
package = pkgs.decky-loader-prerelease;
extraPackages = [pkgs.python3];
};
hardware.has.amd.gpu = true;
};
boot = {
loader.systemd-boot.enable = false;
initrd.systemd.enable = true;
};
binfmt.emulatedSystems = ["aarch64-linux"];
lanzaboote = {
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
extraModprobeConfig = ''
#fix for https://gitlab.freedesktop.org/drm/amd/-/issues/4141
amdgpu.runpm=0
amdgpu.dcdebugmask=0x10
'';
};
users.users.lillian.extraGroups = ["gamemode"];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "26.05";
system.stateVersion = "25.05";
}

14
nixos/hosts/GLaDOS/secrets/sops.yaml
View file

File diff suppressed because one or more lines are too long

67
nixos/hosts/iso/configuration.nix
View file

@ -10,20 +10,20 @@
# outputs.homeManagerModules.example
# outputs.nixosModules.contabo.wan
inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.defaults
# Import shared settings
../../shared
];
# programs.command-not-found.enable = lib.mkForce false;
# programs.nix-index.enable = true;
# programs.nix-index-database.comma.enable = true;
programs.command-not-found.enable = lib.mkForce false;
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
# boot.tmp.cleanOnBoot = true;
# zramSwap.enable = false;
# networking.domain = "";
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.domain = "";
services.openssh = {
enable = true;
# require public key authentication for better security
@ -45,9 +45,7 @@
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
services.vpn-ip.enable = false;
# services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enable = true;
environment.systemPackages = with pkgs; [
# Custom tools
@ -67,9 +65,11 @@
sbctl
tpm2-tools
tpm2-tss
waydroid
zsh
# KDE/QT
krunner-translator
kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
@ -81,14 +81,13 @@
kdePackages.plasma-pa
kdePackages.sddm-kcm
kdePackages.dolphin-plugins
libportal-qt5
libportal
];
# Enable networking
networking.networkmanager.enable = true;
networking.hostName = "iso";
# Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
networking.firewall.enable = true;
@ -107,24 +106,24 @@
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
# security.tpm2.enable = true;
# security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
# security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# programs.git = {
# enable = true;
# };
programs.git = {
enable = true;
};
# programs.direnv = {
# enable = true;
# };
programs.direnv = {
enable = true;
};
# # Enable completion of system packages by zsh
# environment.pathsToLink = ["/share/zsh"];
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
# kde power settings do not turn off screen
systemd = {
@ -137,17 +136,17 @@
};
};
# home-manager = {
# extraSpecialArgs = {inherit inputs outputs;};
# users = {
# # Import your home-manager configuration
# lillian = import ../../../home-manager/hosts/iso;
# };
# };
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/iso;
};
};
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.11";
system.stateVersion = "24.11";
}

14
nixos/hosts/iso/secrets/sops.yaml
View file

@ -1,8 +1,9 @@
lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str]
ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str]
nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str]
wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
@ -13,7 +14,8 @@ sops:
dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh
yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-14T18:00:16Z"
mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str]
lastmodified: "2024-03-20T18:17:48Z"
mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.8.1

56
nixos/hosts/queen/configuration.nix
View file

@ -3,7 +3,6 @@
outputs,
lib,
pkgs,
config,
...
}: {
imports = [
@ -29,24 +28,6 @@
# Import disko
# ../../../disko/queen
];
preservation.enable = lib.mkForce false;
services.anubis.instances.default.settings.TARGET = "http://localhost:8123";
# required due to unix socket permissions
users.users.nginx.extraGroups = [config.users.groups.anubis.name];
services.nginx.virtualHosts."*.gladtherescake.eu" = {
locations = {
"/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}";
};
};
services.nginx.virtualHosts."*.lillianviolet.dev" = {
locations = {
"/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}";
};
};
zramSwap.enable = false;
services = {
openssh = {
@ -74,6 +55,7 @@
environment.systemPackages = with pkgs; [
fzf
matrix-conduit
docker
docker-compose
gitea
@ -86,53 +68,29 @@
#jellyfin
#jellyfin-web
#jellyfin-ffmpeg
nextcloud-spreed-signaling
nats-server
nginx
onlyoffice-documentserver
libressl
openssl
phanpy
postgresql_16
python310
# python310Packages.nbconvert
janus-gateway
jupyter
# rabbitmq-server
rabbitmq-server
roundcube
roundcubePlugins.contextmenu
roundcubePlugins.carddav
roundcubePlugins.custom_from
roundcubePlugins.persistent_login
roundcubePlugins.thunderbird_labels
youtube-dl
sqlite
rocksdb
];
services.vpn-ip = {
enable = false;
};
systemd = {
services."upgrade-nextcloud" = {
path = with pkgs; [nextcloud31];
enable = true;
unitConfig = {
after = "nextcloud-setup.service";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ upgrade";
RemainAfterExit = "yes";
};
};
timers."upgrade-nextcloud" = {
wantedBy = ["timers.target"];
partOf = ["upgrade-nextcloud.service"];
timerConfig = {
OnCalendar = "daily";
Unit = "nextcloud-setup.service";
};
};
};
networking = {
domain = "";
@ -235,5 +193,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "26.05";
system.stateVersion = "25.05";
}

14
nixos/hosts/queen/secrets/sops.yaml
View file

@ -8,8 +8,7 @@ mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str]
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
coturn-auth-secret: ENC[AES256_GCM,data:1K7WX5FGhF7+CRZs4SEVKogsGv/93IJVvLeMe6/d1dg3g5/6fQkRCVl1KicMUOsqUxMweUn5hUXSO1h/ruWvPA==,iv:0U/JoeVin2zTkyk60x2boUQRzGW+9swlbxP1ENCbAFQ=,tag:ll8WCgMNtun5Va0VpC81Tw==,type:str]
hpb-secret: ENC[AES256_GCM,data:I/64j3nA0BWW5YY4STMFzxnSKQ+TmiHvweIIGOMJvV4=,iv:zezsPPnKlVBVlrJeG4pGbtuiz1GEWLmQaZl1isNa+pk=,tag:YbTWLAjIIMDn5Jo43U0QtA==,type:str]
coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
@ -17,6 +16,10 @@ writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2J
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
@ -27,7 +30,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T13:04:56Z"
mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str]
lastmodified: "2025-01-14T13:43:37Z"
mac: ENC[AES256_GCM,data:GK+WcmMgDbZ5xeqMK06CuquR6/ptd2oXzVJ9V74+n6lBx4XsyPu17puKGKgsGsIHeRYdbwtQh8tm42/XJ0tK8qJz1yGvfQxPasd+ibRBHatWWHzQ/czR3NIRWYqGF9/mxi2uHrftaKtku1/huxjzjb69blopMzn2LEH0vCzXCkc=,iv:K6Fbhmz9FAzLd8KcjDSriVre8MhCYrGTVXh+u6oGLaQ=,tag:4Ylrs+Mm54vAKFQyyo8Njg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.2

176
nixos/hosts/shodan/configuration.nix
View file

@ -17,7 +17,7 @@
outputs.nixosModules.vpn-ip
# Import the shared settings
../../desktop
../../desktop/package-configs/firefox
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
@ -46,17 +46,12 @@
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
pkiBundle = "/etc/secureboot";
};
consoleLogLevel = 0;
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
plymouth.enable = true;
};
services.udev.extraRules = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666"
'';
zramSwap.enable = false;
networking = {
domain = "";
@ -65,10 +60,8 @@
networkmanager.enable = true;
firewall.enable = true;
firewall.interfaces."wg0".allowedTCPPorts = [8080];
firewall.interfaces."wg0".allowedUDPPorts = [8080];
firewall.allowedTCPPorts = [22 8080 8091 9090 9777 46899 46898];
firewall.allowedUDPPorts = [22 8080 8091 9090 9777 46899 46898];
firewall.allowedTCPPorts = [22];
hostName = "shodan";
};
@ -76,19 +69,28 @@
ip = "4";
};
xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde];
services = {
openssh = {
openssh.enable = true; # Enables support for 32bit libs that steam uses
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
desktopManager.plasma6.enable = true;
avahi = {
nssmdns4 = true;
enable = true;
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
ipv4 = true;
ipv6 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
displayManager = {
# defaultSession = "plasma";
defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
@ -97,17 +99,76 @@
};
};
};
# Enable flatpak support
flatpak.enable = true;
packagekit.enable = true;
# Configure keymap in X11
xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Enable CUPS to print documents.
printing.enable = true;
# Enable fwupd daemon and user space client
fwupd.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
nixpkgs = {
# You can add overlays here
overlays = [
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
environment.systemPackages = with pkgs; [
# Custom tools
auto-mount
#System:
btrfs-progs
decky-loader
jre8
# jellyfin-media-player
efitools
jq
# noto-fonts
# noto-fonts-emoji-blob-bin
# noto-fonts-emoji
qjackctl
#rustdesk
sbctl
udisks
util-linux
waypipe
python3
protonup-qt
#KDE:
krunner-translator
# kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
kdePackages.kirigami
kdePackages.kdeconnect-kde
# kdePackages.krunner-ssh
# kdePackages.krunner-symbols
kdePackages.qtvirtualkeyboard
kdePackages.packagekit-qt
kdePackages.krdc
kdePackages.krfb
libportal
#Gaming:
heroic
@ -115,29 +176,6 @@
protontricks
rare
lutris
(kodi.withPackages (kodiPkgs:
with kodiPkgs; [
steam-controller
invidious
youtube
netflix
upnext
sponsorblock
sendtokodi
jellyfin
inputstream-adaptive
inputstreamhelper
inputstream-ffmpegdirect
upnext
sponsorblock
sendtokodi
routing
requests-cache
requests
plugin-cache
a4ksubtitles
]))
];
jovian = {
@ -150,7 +188,7 @@
decky-loader = {
enable = true;
package = pkgs.decky-loader-prerelease;
extraPackages = [pkgs.python3 pkgs.flatpak pkgs.uutils-findutils];
extraPackages = [pkgs.python3];
};
devices.steamdeck = {
enable = true;
@ -158,15 +196,59 @@
};
steamos = {
enableAutoMountUdevRules = true;
enableMesaPatches = true;
};
};
fonts.packages = [pkgs.ttf-ms-win10];
programs = {
steam = lib.mkForce {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
kdeconnect.enable = true;
noisetorch = {
enable = true;
};
git = {
enable = true;
};
};
# # Enable automounting of removable media
# services.udisks2.enable = true;
# services.devmon.enable = true;
# services.gvfs.enable = true;
# environment.variables.GIO_EXTRA_MODULES = lib.mkForce ["${pkgs.gvfs}/lib/gio/modules"];
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
hardware = {
graphics.enable32Bit = true;
# Enable bluetooth hardware
bluetooth.enable = true;
# Enable sound with pipewire.
};
services.pulseaudio.enable = false;
users.users.lillian.extraGroups = ["decky" "tss" "input"];
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
security = {
rtkit.enable = true;
tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "26.05";
system.stateVersion = "25.05";
}

12
nixos/hosts/shodan/secrets/sops.yaml
View file

@ -1,8 +1,11 @@
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
nextcloud-password: ENC[AES256_GCM,data:vA+L/7rTne16AZbibUAaLAcQKLoKPvM1ATNL/hbzjVt+qmxHhmuQq0cqKdoPOFlOftMNLo5HSKiHdLxh,iv:kw0IorbyjT/ocanJDcR3kuPCqHsPwSD4axIp2dfn1Fc=,tag:5QLl3xKq4a0EiImO07ardQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
@ -13,7 +16,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-22T13:25:05Z"
mac: ENC[AES256_GCM,data:qGLiJvoU+lyzMBr1jW3My5kNLCm59xVmdc3knyg64KMbAL65q7m5EJBC9uvRX0ZcxaNXWuRJWyUu1VV9tIKtSW+HLVJUZuTCi+0qswOL331LLuyDzhIkOKbPUPiDzKaMLif7EqENN9kN2aGSivpMVB5QkqRccmg6ya1Qkx5Ao7A=,iv:RiaIdq5Ve/PNVTD38Qh4YM+2x8fEU027r7hlmoNZI9A=,tag:jm9ZThwSVtpyed+kMIgaJw==,type:str]
lastmodified: "2024-12-22T22:35:15Z"
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.9.2

95
nixos/hosts/wheatley/configuration.nix
View file

@ -29,7 +29,7 @@
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
# nix-index.enable = true;
nix-index.enable = true;
nix-index-database.comma.enable = true;
};
services = {
@ -162,36 +162,6 @@
enable = false;
};
services.stubby = {
enable = true;
settings =
pkgs.stubby.passthru.settingsExample
// {
upstream_recursive_servers = [
{
address_data = "192.242.2.4";
tls_auth_name = "base.dns.mullvad.net";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
}
];
}
{
address_data = "2a07:e340::4";
tls_auth_name = "base.dns.mullvad.net";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
}
];
}
];
};
};
networking = {
hostName = "wheatley";
@ -207,8 +177,12 @@
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
# IPv6 DNS servers can be used here as well.
nameservers = [
"194.242.2.4"
"2a07:e340::4"
# "127.0.0.1"
# "::1"
"94.140.14.49"
"94.140.14.59"
"2a10:50c0:0:0:0:0:ded:ff"
"2a10:50c0:0:0:0:0:ded:ff"
];
wireguard.enable = true;
@ -246,36 +220,6 @@
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts
wg0 = {
address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"];
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
dns = ["100.64.0.7"];
extraOptions = {
FwMark = 51820;
};
listenPort = 51820;
postUp = ''
${pkgs.iproute2}/bin/ip rule add from 192.168.2.43 table main
${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -i end0 -j CONNMARK --set-mark 51820
${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820
'';
preDown = ''
${pkgs.iproute2}/bin/ip rule del from 192.168.2.43 table main
${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -i end0 -j CONNMARK --set-mark 51820
${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820
'';
peers = [
{
publicKey = "/wPQafVa/60OIp8KqhC1xTTG+nQXZF17uo8XfdUnz2E=";
allowedIPs = ["0.0.0.0/0" "::0/0"];
endpoint = "31.171.154.50:51820";
}
];
};
wg1 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
@ -285,26 +229,22 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
'';
# Undo the above
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
'';
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
extraOptions = {
FwMark = 51820;
};
peers = [
{
#GLaDOS public key
@ -334,7 +274,7 @@
# enable NAT
enable = true;
externalInterface = "end0";
internalInterfaces = ["wg1" "wg0"];
internalInterfaces = ["wg1"];
};
firewall = {
enable = true;
@ -346,7 +286,6 @@
80 # http
443 # https
51821 # wg
51820 # wg-mullvad
7878
53 # dnsmasq
];
@ -412,6 +351,6 @@
services.cage.enable = true;
nixpkgs.config.kodi.enableAdvancedLauncher = true;
system.stateVersion = "26.05";
system.stateVersion = "25.05";
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
}

10
nixos/server/package-configs/conduit/default.nix
View file

@ -29,11 +29,17 @@
'';
in {
# Configure Conduit itself
services.matrix-continuwuity = {
services.matrix-conduit = {
enable = true;
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgs.
# package = inputs.conduwuit.packages.${pkgs.system}.default;
package = pkgs.conduwuit;
settings.global = {
inherit server_name;
database_backend = "rocksdb";
allow_registration = false;
# emergency_password = "testpassword";
turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"];
@ -111,7 +117,6 @@ in {
locations."=/.well-known/matrix/client" = {
# Use the contents of the derivation built previously
alias = "${well_known_client}";
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${server_name}\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://${server_name}\"}}'";
extraConfig = ''
# Set the header since by default NGINX thinks it's just bytes
@ -125,7 +130,6 @@ in {
proxyPass = "http://matrix.gladtherescake.eu/client/unstable/org.matrix.msc3575/sync";
proxyWebsockets = true;
recommendedProxySettings = false;
return = "200 '{\"contacts\": [{\"matrix_id\": \"@admin:server.name\", \"email_address\": \"admin@server.name\", \"role\": \"m.role.admin\"}]}'";
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;

2
nixos/server/package-configs/coturn/default.nix
View file

@ -5,7 +5,7 @@
services.coturn = {
enable = true;
use-auth-secret = true;
static-auth-secret-file = config.sops.secrets."coturn-auth-secret".path;
static-auth-secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
realm = "turn.gladtherescake.eu";
relay-ips = [
"62.171.160.195"

5
nixos/server/package-configs/default.nix
View file

@ -5,15 +5,14 @@
./gotosocial
./mail-server
./nextcloud
# ./phanpy
./phanpy
./postgres
./roundcube
./coturn
# ./dashboard
./dashboard
#./cinny
#./firefox-sync
./writefreely
./mollysocket
./jellyfin
];
}

4
nixos/server/package-configs/jellyfin/default.nix
View file

@ -1,4 +1,6 @@
{...}: {
users.users.jellyfin.extraGroups = ["nextcloud" "aria2"];
services.nginx = {
virtualHosts = {
"video.gladtherescake.eu" = {
@ -14,7 +16,5 @@
services.jellyfin = {
enable = true;
user = "nextcloud";
group = "nextcloud";
};
}

8
nixos/server/package-configs/mail-server/default.nix
View file

@ -6,7 +6,6 @@
# services.dovecot2.sieve.extensions = ["fileinto"];
mailserver = {
stateVersion = 3;
enable = true;
enableImap = true;
enableSubmission = true;
@ -87,11 +86,8 @@
"no-reply@git.lillianviolet.dev"
"ongebonden@gladtherescake.eu"
];
x509.useACMEHost = config.mailserver.fqdn;
};
security.acme.certs.${config.mailserver.fqdn} = {
webroot = "/var/lib/acme/acme-challenge/";
extraDomainNames = [
certificateScheme = "acme-nginx";
certificateDomains = [
"imap.lillianviolet.dev"
"mail.lillianviolet.dev"
"pop3.lillianviolet.dev"

9
nixos/server/package-configs/nextcloud/default.nix
View file

@ -50,7 +50,7 @@
enable = true;
hostName = "nextcloud.gladtherescake.eu";
package = pkgs.nextcloud32;
package = pkgs.nextcloud30;
# Use HTTPS for links
https = true;
@ -69,7 +69,6 @@
overwriteprotocol = "https";
default_phone_region = "NL";
maintenance_window_start = 3;
log_type = "file";
};
appstoreEnable = true;
extraAppsEnable = true;
@ -102,9 +101,9 @@
# #jwtSecretFile = config.sops.secrets."local.json".path;
# };
# services.rabbitmq = {
# enable = true;
# };
services.rabbitmq = {
enable = true;
};
systemd.services."sops-nix.service" = {
before = [

2
nixos/server/package-configs/writefreely/default.nix
View file

@ -34,6 +34,6 @@
};
};
systemd.services.writefreely = {
path = [pkgs.libressl];
path = [pkgs.openssl];
};
}

107
nixos/shared/default.nix
View file

@ -4,18 +4,16 @@
lib,
config,
pkgs,
pkgs-edge,
...
}: {
imports = [
./locale
./packages
./preservation.nix
inputs.home-manager.nixosModules.home-manager
#../hosts/${config.networking.hostName}/hardware-configuration.nix
];
sops = {
age.keyFile = "var/secrets/keys.txt";
age.keyFile = ../../../../../../var/secrets/keys.txt;
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
@ -31,10 +29,11 @@
};
#TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [
"python3.12-youtube-dl-2021.12.17"
];
nix = {
package = pkgs-edge.lix;
package = pkgs.lix;
gc = {
automatic = true;
dates = "weekly";
@ -68,19 +67,6 @@
];
};
};
#TODO: ugly hardcoded delete, if it ever becomes a problem fix this, else just leave it I guess
system.userActivationScripts = {
removeConflictingFiles = {
text = ''
rm -f /home/lillian/.config/gtk-3.0/settings.ini.backup
rm -f /home/lillian/.config/gtk-3.0/gtk.css.backup
rm -f /home/lillian/.config/gtk-4.0/settings.ini.backup
rm -f /home/lillian/.config/gtk-4.0/gtk.css.backup
'';
};
};
catppuccin = {
flavor = "macchiato";
tty.enable = true;
@ -92,28 +78,17 @@
# grub.enable = false;
};
programs = {
zsh = {
programs.zsh = {
enable = true;
};
gnupg.agent = {
programs.gnupg.agent = {
enable = true;
enableBrowserSocket = true;
};
chromium = {
enable = true;
#Bet these options get renamed and put under a SearchProvider subheader...
defaultSearchProviderSearchURL = "https://noai.duckduckgo.com/?t=ftab&q={searchTerms}";
defaultSearchProviderEnabled = true;
extensions = ["cjpalhdlnbpafiamejdnhcphjbkeiagm" "gcbommkclmclpchllfjekcdonpmejbdp"];
};
};
stylix = {
# targets.qt.platform = lib.mkForce "kde";
enable = true;
# targets.qt.platform = "kde6";
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato";
@ -138,7 +113,7 @@
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 24;
cursor.size = 16;
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
@ -147,8 +122,8 @@
};
monospace = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans Mono";
package = pkgs.atkinson-monolegible;
name = "Atkinson Monolegible";
};
sansSerif = {
@ -163,60 +138,19 @@
};
};
services.scx.enable =
if (pkgs.stdenv.hostPlatform.system == "aarch64-linux")
then false
else true;
fonts.packages = [
pkgs.atkinson-hyperlegible
pkgs.atkinson-monolegible
pkgs.noto-fonts-emoji-blob-bin
pkgs.noto-fonts
pkgs.nerd-fonts.fira-mono
pkgs.font-awesome
pkgs.liberation_ttf
];
fonts.fontconfig = {
useEmbeddedBitmaps = true;
# defaultFonts = {
# fonts.fontconfig.defaultFonts = {
# emoji = ["Blobmoji"];
# monospace = ["Atkinson Monolegible"];
# sansSerif = ["Atkinson Hyperlegible"];
# };
};
systemd = {
services."shutdown-zellij-zsh" = {
path = with pkgs; [killall];
enable = true;
unitConfig = {
Before = "shutdown.target";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.killall}/bin/killall -SIGKILL zellij zsh";
RemainAfterExit = "yes";
};
};
services."start-vpn-wg" =
if config.services.vpn-ip.enable
then {
path = with pkgs; [systemd];
enable = true;
unitConfig = {
Wants = "network-online.target";
After = "network-online.target";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl start wg-quick-wg0.service";
RemainAfterExit = "yes";
};
}
else {};
};
networking =
if config.services.vpn-ip.enable
@ -225,7 +159,7 @@
wg-quick.interfaces = {
wg0 = {
autostart = false;
autostart = true;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
@ -243,15 +177,8 @@
}
else {};
environment = {
systemPackages = with pkgs; [
nix-output-monitor
usbutils
];
# Enable completion of system packages by zsh
pathsToLink = ["/share/zsh"];
};
environment.pathsToLink = ["/share/zsh"];
home-manager = {
backupFileExtension = "backup";
@ -266,22 +193,20 @@
};
users = {
users = {
lillian = {
users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"${builtins.readFile ../../home-manager/hosts/GLaDOS/id_ed25519.pub}"
"${builtins.readFile ../../home-manager/hosts/EDI/id_ed25519.pub}"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
mutableUsers = false;
root = {
users.root = {
hashedPassword = "*";
};
};
mutableUsers = false;
};
}

7
nixos/shared/packages/default.nix
View file

@ -22,13 +22,12 @@
install-nix-no-inhibit
update
upgrade
simple-completion-language-server
# simple-completion-language-server
# System tools
age
alejandra
e2fsprogs
# uutils-findutils
git
git-filter-repo
pre-commit
@ -43,10 +42,6 @@
wget
zsh
tldr
nmap
knot-dns
libressl
nettools
# System libraries
])

194
nixos/shared/preservation.nix
View file

@ -1,194 +0,0 @@
{...}: {
preservation = {
# the module doesn't do anything unless it is enabled
enable = true;
preserveAt."/persistent" = {
# preserve system directories
directories = [
#Shared
"/var/lib/sbctl"
"/var/lib/bluetooth"
"/var/lib/fprint"
"/var/lib/fwupd"
"/var/lib/libvirt"
"/var/lib/tpm2-tss"
"/var/lib/tpm2-udev-trigger"
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/coredump"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timers"
"/var/log"
#Desktop
"/var/lib/decky-loader"
"/var/lib/flatpak"
#Server
"/var/lib/continuwuity"
"/var/lib/dhcpcd"
"/var/lib/docker"
"/var/lib/dovecot"
"/var/lib/forgejo"
"/var/lib/gotosocial"
"/var/lib/grafana"
"/var/lib/jellyfin"
"/var/lib/media"
"/var/lib/mollysocket"
"/var/lib/private"
"/var/lib/mysql"
"/var/lib/nextcloud"
"/var/lib/onlyoffice"
"/var/lib/postfix"
"/var/lib/postgresql"
"/var/lib/prometheus2"
"/var/lib/rabbitmq"
"/var/lib/redis-nextcloud"
"/var/lib/redis-rspamd"
"/var/lib/secrets"
"/var/lib/writefreely"
"/var/db"
"/var/dkim"
"/var/secrets"
"/var/sieve"
"/var/vmail"
"/var/mysql"
{
directory = "/var/lib/nixos";
inInitrd = true;
}
];
# preserve system files
files = [
{
file = "/etc/machine-id";
inInitrd = true;
}
{
file = "/etc/ssh/ssh_host_rsa_key";
how = "symlink";
configureParent = true;
}
{
file = "/etc/ssh/ssh_host_ed25519_key";
how = "symlink";
configureParent = true;
}
"/var/lib/usbguard/rules.conf"
# creates a symlink on the volatile root
# creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd
# does not create an empty file at the symlink's target (would require `createLinkTarget = true`)
{
file = "/var/lib/systemd/random-seed";
how = "symlink";
inInitrd = true;
configureParent = true;
}
"/var/lib/systemd/tpm2-srk-public-key.pem"
"/var/lib/systemd/tpm2-srk-public-key.tpm2b_public"
];
# preserve user-specific files, implies ownership
users = {
lillian = {
commonMountOptions = [
"x-gvfs-hide"
];
directories = [
{
directory = ".ssh";
mode = "0700";
}
#Desktop
".local/state/wireplumber"
".local/share/direnv"
".local/state/nix"
".local/state/comma"
".local/state/home-manager"
".local/share/PrismLauncher"
".local/share/qBittorrent"
".local/share/kwalletd"
".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it
".local/share/lutris"
".local/share/Nextcloud"
".local/share/Steam"
".local/share/zoxide"
".local/share/flatpak"
".local/share/applications"
".local/share/firefoxpwa/"
".local/share/com.nonpolynomial.intiface_central"
".mozilla"
".steam"
".zsh"
".pki"
".tldrc"
".thunderbird"
"Code"
"Writing"
".config/kdeconnect"
".config/Nextcloud"
".config/noisetorch"
".config/qBittorrent"
".config/r2modman"
".config/r2modmanPlus-local"
".config/Ryujinx"
".config/Signal"
".config/sops"
".config/vesktop"
];
#Shared
files = [
".z"
".zsh_history"
];
};
root = {
# specify user home when it is not `/home/${user}`
home = "/root";
directories = [
{
directory = ".ssh";
mode = "0700";
}
];
};
};
};
};
# Create some directories with custom permissions.
#
# In this configuration the path `/home/butz/.local` is not an immediate parent
# of any persisted file, so it would be created with the systemd-tmpfiles default
# ownership `root:root` and mode `0755`. This would mean that the user `butz`
# could not create other files or directories inside `/home/butz/.local`.
#
# Therefore systemd-tmpfiles is used to prepare such directories with
# appropriate permissions.
#
# Note that immediate parent directories of persisted files can also be
# configured with ownership and permissions from the `parent` settings if
# `configureParent = true` is set for the file.
systemd.tmpfiles.settings.preservation = {
"/home/lillian/.config".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/share".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/state".d = {
user = "lillian";
group = "users";
mode = "0755";
};
};
}

110
overlays/flake.nix
View file

@ -1,110 +0,0 @@
{
description = "An overlay to remove fascist artifacts";
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
outputs = { self, nixpkgs }: {
overlays.antifa = final: prev:
let
patchSystemd = d: d.overrideAttrs (old: {
# https://github.com/systemd/systemd/pull/39285
patches = old.patches ++ [ ./systemd-detect-fash.patch ];
});
disableAuthor = author: throw ''
This package was disabled by nixpkgs-antifa because: it is authored by ${author}
'';
disableCorp = corp: throw ''
This package was disabled by nixpkgs-antifa because: it exclusively integrates with offerings from ${corp}
'';
# NB: not listing out culture names in code -- yet
disablePropaganda = throw ''
This package was disabled by nixpkgs-antifa because: it is ethnonationalist propaganda
'';
in rec {
# https://lix.systems/add-to-config/#flake-based-configurations
inherit (prev.lixPackageSets.stable) lix nixpkgs-review nix-eval-jobs nix-fast-build colmena;
nix = lix;
certmgr = disableAuthor "Cloudflare";
cf-terraforming = disableAuthor "Cloudflare";
cf-vault = disableCorp "Cloudflare";
cfdyndns = disableCorp "Cloudflare";
cfssl = disableAuthor "Cloudflare";
cloudflare-cli = disableCorp "Cloudflare";
cloudflare-dynamic-dns = disableCorp "Cloudflare";
cloudflare-dyndns = disableCorp "Cloudflare";
cloudflare-utils = disableCorp "Cloudflare";
cloudflare-warp = disableAuthor "Cloudflare";
cloudflared = disableAuthor "Cloudflare";
flarectl = disableAuthor "Cloudflare";
gortr = disableAuthor "Cloudflare";
prometheus-cloudflare-exporter = disableCorp "Cloudflare";
proski = disableCorp "Cloudflare";
wgcf = disableCorp "Cloudflare";
worker-build = disableAuthor "Cloudflare";
wrangler = disableAuthor "Cloudflare";
wrangler_1 = disableAuthor "Cloudflare";
gnomeExtensions.warp-toggle = disableCorp "Cloudflare";
octodns-providers.cloudflare = disableCorp "Cloudflare";
pythonPackages.certbot-dns-cloudflare = disableCorp "Cloudflare";
pythonPackages.cloudflare = disableAuthor "Cloudflare";
pythonPackages.pycfdns = disableCorp "Cloudflare";
terraform-providers.cloudflare = disableCorp "Cloudflare";
brave = disableAuthor "Brendan Eich";
ladybird = disableAuthor "Andreas Kling";
palemoon = disableAuthor "Moonchild Straver";
_9base = disableAuthor "suckless";
dmenu = disableAuthor "suckless";
dwm = disableAuthor "suckless";
farbfeld = disableAuthor "suckless";
ii = disableAuthor "suckless";
libgrapheme = disableAuthor "suckless";
quark = disableAuthor "suckless";
sent = disableAuthor "suckless";
sic = disableAuthor "suckless";
sinit = disableAuthor "suckless";
slock = disableAuthor "suckless";
slstatus = disableAuthor "suckless";
sselp = disableAuthor "suckless";
st = disableAuthor "suckless";
surf = disableAuthor "suckless";
svkbd = disableAuthor "suckless";
tabbed = disableAuthor "suckless";
wmname = disableAuthor "suckless";
xssstate = disableAuthor "suckless";
blink = disableAuthor "Justine Tunney";
cosmopolitan = disableAuthor "Justine Tunney";
jart-jsoncpp = disableAuthor "Justine Tunney";
pythonPackages.fabulous = disableAuthor "Justine Tunney";
hyprland = disableAuthor "Vaxry";
tailwindcss = disableAuthor "Adam Wathan";
urbit = disableAuthor "Curtis Yarvin";
bibletime = disablePropaganda;
biblesync = disablePropaganda;
grb = disablePropaganda;
kjv = disablePropaganda;
lukesmithxyz-bible-kjv = disablePropaganda;
sword = disablePropaganda;
vul = disablePropaganda;
xiphos = disablePropaganda;
gnomeExtensions.quran-player = disablePropaganda;
emacsPackages.holy-books = disablePropaganda;
systemd = patchSystemd prev.systemd;
};
nixosModules.antifa = { lib, pkgs, ... }: {
nix.package = lib.mkForce pkgs.lix;
};
};
}

554
overlays/systemd-detect-fash.patch
View file

@ -1,554 +0,0 @@
From f09346dd2ceb30d0c7ea03bbd0099967e7e54be0 Mon Sep 17 00:00:00 2001
From: soscho2143 <mnovikov@mil.ru>
Date: Sun, 12 Oct 2025 13:52:36 -0400
Subject: [PATCH 1/2] detect-fash: implement systemd-detect-fash
---
man/systemd-detect-fash.xml | 131 +++++++++
shell-completion/bash/systemd-detect-fash | 40 +++
src/detect-fash/detect-fash.c | 312 ++++++++++++++++++++++
src/detect-fash/meson.build | 9 +
4 files changed, 492 insertions(+)
create mode 100644 man/systemd-detect-fash.xml
create mode 100644 shell-completion/bash/systemd-detect-fash
create mode 100644 src/detect-fash/detect-fash.c
create mode 100644 src/detect-fash/meson.build
diff --git a/man/systemd-detect-fash.xml b/man/systemd-detect-fash.xml
new file mode 100644
index 0000000000000..aaebf4e48650b
--- /dev/null
+++ b/man/systemd-detect-fash.xml
@@ -0,0 +1,131 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="systemd-detect-fash"
+ xmlns:xi="http://www.w3.org/2001/XInclude">
+
+ <refentryinfo>
+ <title>systemd-detect-fash</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd-detect-fash</refentrytitle>
+ <manvolnum>1</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd-detect-fash</refname>
+ <refpurpose>Detect execution in a fascist environment</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>systemd-detect-fash</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><command>systemd-detect-fash</command> detects execution in
+ a fascist environment. It identifies the fascist
+ technology and can distinguish full machine fascism from
+ installed fashware. <filename>systemd-detect-fash</filename>
+ exits with a return value of 0 (success) if a fascism
+ technology is detected, and non-zero (error) otherwise.
+
+ <para>When executed without <option>--quiet</option> will print a
+ short identifier for the detected fascist technology. The
+ following technologies are currently identified:</para>
+
+ <table>
+ <title>Known fascist technologies</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname="type" />
+ <colspec colname="id" />
+ <colspec colname="product" />
+ <thead>
+ <row>
+ <entry>Type</entry>
+ <entry>ID</entry>
+ <entry>Product</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><varname>omarchy</varname></entry>
+ <entry>Omarchy linux distro. Detected by checking os-release.</entry>
+ </row>
+
+ <row>
+ <entry><varname>ladybird</varname></entry>
+ <entry>Ladybird browser. Detected by checking for "ladybird" binary in path.</entry>
+ </row>
+
+ <row>
+ <entry><varname>hyprland</varname></entry>
+ <entry>Hyperland window manager. Detected by checking the existence of hyprland config files on disk.</entry>
+ </row>
+
+ <row>
+ <entry><varname>dhh</varname></entry>
+ <entry>Checks for DHH's public key on disk.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </refsect1>
+
+ <refsect1>
+ <title>Options</title>
+
+ <para>The following options are understood:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-o</option></term>
+ <term><option>--omarchy</option></term>
+
+ <listitem><para>Only detects if os-release is Omarchy.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-y</option></term>
+ <term><option>--hyprland</option></term>
+
+ <listitem><para>Only detects Hyprland.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-l</option></term>
+ <term><option>--ladybird</option></term>
+
+ <listitem><para>Only detects Ladybird.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-d</option></term>
+ <term><option>--dhh</option></term>
+
+ <listitem><para>Only detects DHH.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-q</option></term>
+ <term><option>--quiet</option></term>
+
+ <listitem><para>Suppress output of the fascist technology identifier.</para></listitem>
+ </varlistentry>
+ </refsect1>
+
+ <refsect1>
+ <title>Exit status</title>
+
+ <para>If a fascist technology is detected, 0 is returned, a
+ non-zero code otherwise.</para>
+ </refsect1>
+</refentry>
diff --git a/shell-completion/bash/systemd-detect-fash b/shell-completion/bash/systemd-detect-fash
new file mode 100644
index 0000000000000..dc2a7f5f4774a
--- /dev/null
+++ b/shell-completion/bash/systemd-detect-fash
@@ -0,0 +1,40 @@
+# shellcheck shell=bash
+# systemd-detect-fash(1) completion -*- shell-script -*-
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with systemd; If not, see <https://www.gnu.org/licenses/>.
+
+__contains_word() {
+ local w word=$1; shift
+ for w in "$@"; do
+ [[ $w = "$word" ]] && return
+ done
+}
+
+_systemd_detect_fash() {
+ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
+ local i verb comps
+
+ local -A OPTS=(
+ [STANDALONE]='-h --help --version -q --quiet -o --omarchy -l --ladybird -y --hyprland -d --dhh'
+ )
+
+ _init_completion || return
+
+ COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
+}
+
+complete -F _systemd_detect_fash systemd-detect-fash
diff --git a/src/detect-fash/detect-fash.c b/src/detect-fash/detect-fash.c
new file mode 100644
index 0000000000000..311547ec6a619
--- /dev/null
+++ b/src/detect-fash/detect-fash.c
@@ -0,0 +1,312 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <stdlib.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "alloc-util.h"
+#include "build.h"
+#include "log.h"
+#include "main-func.h"
+#include "pretty-print.h"
+#include "string-table.h"
+
+static bool arg_quiet = false;
+static enum {
+ ANY_FASCISM,
+ ONLY_LADYBIRD,
+ ONLY_OMARCHY,
+ ONLY_HYPRLAND,
+ ONLY_DHH
+} arg_mode = ANY_FASCISM;
+
+/* detects if os-release is omarchy */
+static int detect_omarchy(void) {
+ const char *term = "omarchy";
+ const int len = 256;
+
+ /* if we cannot access os-release we cannot check */
+ if (access("/etc/os-release", F_OK) != 0)
+ return -1;
+
+ FILE *osfile = fopen("/etc/os-release", "r");
+ char os[len];
+ fgets(os, len, osfile);
+ if (strcasestr(os, term) != NULL)
+ return 1;
+
+ return 0;
+}
+
+/*
+ detects if the LadyBird browser
+ has been built on this machine
+ or if the binary exists in $PATH
+*/
+static unsigned detect_ladybird(void) {
+
+ /* name of the ladybird binary */
+ const char* ladybird_bin = "/ladybird";
+
+ /* check if build variable is available */
+ char* LADYBIRD_SOURCE_DIR = getenv("LADYBIRD_SOURCE_DIR");
+ if (LADYBIRD_SOURCE_DIR != NULL)
+ return 1;
+
+ char* PATH = getenv("PATH");
+ if (PATH == NULL)
+ return 0;
+
+ /* this value will get mutated so we need to duplicate it */
+ char* path = strdup(PATH);
+ /* loop through PATH until we find a file named "ladybird" */
+ char* path_iter = strtok(path, ":");
+ char* abs_path = malloc(256);
+ while (path_iter != NULL) {
+ strncat(abs_path, path_iter, 128);
+ strncat(abs_path, ladybird_bin, 128);
+ /* if we do NOT find the binary at current path, keep going */
+ if (access(abs_path, F_OK) != 0){
+ path_iter = strtok(NULL, ":");
+ abs_path[0] = 0;
+ continue;
+ }
+ free(abs_path);
+ free(path);
+ return 1;
+ }
+ free(abs_path);
+ free(path);
+ return 0;
+}
+
+/* detects if hyprland is installed */
+static unsigned detect_hyprland(void) {
+ const char* hyprland_config = "/hypr/hyprland.conf";
+ const char* XDG_CONFIG_HOME = getenv("XDG_CONFIG_HOME");
+ const char* HOME = getenv("HOME");
+ int maxlen = 128;
+
+ char *hyprland_abs_path = malloc(maxlen);
+
+ if (XDG_CONFIG_HOME != NULL) {
+ strncat(hyprland_abs_path, XDG_CONFIG_HOME, maxlen - strlen(hyprland_config));
+ } else if (HOME != NULL) {
+ strncat(hyprland_abs_path, HOME, maxlen - strlen(hyprland_config));
+ strcat(hyprland_abs_path, "/.config");
+ } else {
+ return 0;
+ }
+ strcat(hyprland_abs_path, hyprland_config);
+ if (access(hyprland_abs_path, F_OK) == 0){
+ free(hyprland_abs_path);
+ return 1;
+ }
+ free(hyprland_abs_path);
+ return 0;
+}
+
+/* detects if this is dhh's computer using his ssh pubkey */
+static int detect_dhh(void) {
+ /* fingerprint of dhh's ssh public key */
+ const char *dhh_fingerprint = "SHA256:YCKX7xo5Hkihy/NVH5ang8Oty9q8Vvqu4sxI7EbDxPg";
+ /* path to ssh pubkey */
+ const char *ssh_pubkey = "/.ssh/id_ed25519.pub";
+ /* command to generate fingerprint */
+ const char *ssh_fingerpint_cmd = "ssh-keygen -E sha256 -lf ";
+
+ /* get the home directory */
+ char *HOME = getenv("HOME");
+
+ if (HOME == NULL)
+ return -1;
+ /* check if we have read access to the public key on disk */
+ char *ssh_pubkey_abs_path = (char *)malloc(strlen(HOME) + strlen(ssh_pubkey) + 1);
+ ssh_pubkey_abs_path[0] = 0;
+ strcat(ssh_pubkey_abs_path, HOME);
+ strcat(ssh_pubkey_abs_path, ssh_pubkey);
+ if (access(ssh_pubkey_abs_path, F_OK) != 0)
+ return 0;
+
+ /* generate a fingerprint of it */
+ char *get_fingerprint_cmd = (char *)malloc(strlen(ssh_fingerpint_cmd) + strlen(ssh_pubkey_abs_path) + 1);
+ get_fingerprint_cmd[0] = 0;
+ strcat(get_fingerprint_cmd, ssh_fingerpint_cmd);
+ strcat(get_fingerprint_cmd, ssh_pubkey_abs_path);
+
+ char fingerprint[70];
+ FILE *fingerprint_cmd_output = popen(get_fingerprint_cmd, "r");
+
+ if (fingerprint_cmd_output == NULL)
+ return -1;
+ fgets(fingerprint, 70, fingerprint_cmd_output);
+
+ /* free memory */
+ pclose(fingerprint_cmd_output);
+ free(ssh_pubkey_abs_path);
+ free(get_fingerprint_cmd);
+
+ /* comare it to DHH's fingerprint */
+ if (strstr(fingerprint, dhh_fingerprint) != NULL)
+ return 1;
+ return 0;
+}
+
+static int help(void) {
+ _cleanup_free_ char *link = NULL;
+ int r;
+
+ r = terminal_urlify_man("systemd-detect-fash", "1", &link);
+ if (r < 0)
+ return log_oom();
+
+ printf("%s [OPTIONS...]\n\n"
+ "Detect execution in a fascist environment.\n\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ " -q --quiet Quiet mode\n"
+ " -o --omarchy Only detect omarchy\n"
+ " -l --ladybird Only detect ladybird\n"
+ " -y --hyprland Only detect hyprland\n"
+ " -d --dhh Only detect dhh\n"
+ "\nSee the %s for details.\n",
+ program_invocation_short_name,
+ link);
+
+ return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+ enum {
+ ARG_VERSION = 0x100,
+ ARG_OMARCHY,
+ ARG_LADYBIRD,
+ ARG_HYPRLAND,
+ ARG_DHH
+ };
+
+ static const struct option options[] = {
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "omarchy", no_argument, NULL, 'o' },
+ { "ladybird", no_argument, NULL, 'l' },
+ { "hyprland", no_argument, NULL, 'y' },
+ { "dhh", no_argument, NULL, 'd' },
+ {}
+ };
+
+ int c;
+
+ assert(argc >= 0);
+ assert(argv);
+
+ while ((c = getopt_long(argc, argv, "hqolyd", options, NULL)) >= 0)
+
+ switch (c) {
+
+ case 'h':
+ return help();
+
+ case ARG_VERSION:
+ return version();
+
+ case 'q':
+ arg_quiet = true;
+ break;
+
+ case 'l':
+ arg_mode = ONLY_LADYBIRD;
+ break;
+
+ case 'o':
+ arg_mode = ONLY_OMARCHY;
+ break;
+
+ case 'y':
+ arg_mode = ONLY_HYPRLAND;
+ break;
+
+ case 'd':
+ arg_mode = ONLY_DHH;
+ break;
+
+ case '?':
+ return -EINVAL;
+
+ default:
+ assert_not_reached();
+ }
+ return 1;
+}
+
+static int run(int argc, char *argv[]) {
+ int dhh = 0;
+ int hyprland = 0;
+ int ladybird = 0;
+ int omarchy = 0;
+ int fascism = 0;
+ int r;
+
+ /* This is mostly intended to be used for scripts which want
+ * to detect whether we are being run in a fascist
+ * environment or not */
+
+ log_setup();
+
+ r = parse_argv(argc, argv);
+ if (r <= 0)
+ return r;
+
+ switch (arg_mode) {
+ case ONLY_OMARCHY:
+ omarchy = detect_omarchy();
+ fascism = omarchy;
+ if (omarchy < 0)
+ return log_error_errno(fascism, "Failed to check for omarchy: %m");
+ break;
+
+ case ONLY_LADYBIRD:
+ ladybird = detect_ladybird();
+ fascism = ladybird;
+ if (ladybird < 0)
+ return log_error_errno(fascism, "Failed to check for ladybird: %m");
+ break;
+
+ case ONLY_HYPRLAND:
+ hyprland = detect_hyprland();
+ fascism = hyprland;
+ if (hyprland < 0)
+ return log_error_errno(fascism, "Failed to check for hyprland: %m");
+ break;
+
+ case ONLY_DHH:
+ dhh = detect_dhh();
+ fascism = dhh;
+ if (dhh < 0)
+ return log_error_errno(fascism, "Failed to check for dhh: %m");
+ break;
+
+ case ANY_FASCISM:
+ default:
+ ladybird = detect_ladybird();
+ omarchy = detect_omarchy();
+ hyprland = detect_hyprland();
+ dhh = detect_dhh();
+ fascism = (ladybird | omarchy | hyprland | dhh);
+ if (fascism < 0)
+ return log_error_errno(fascism, "Failed to check for fascism: %m");
+ }
+
+ if (!arg_quiet) {
+ if (ladybird) puts("ladybird");
+ if (omarchy) puts("omarchy");
+ if (dhh) puts("dhh");
+ if (hyprland) puts("hyprland");
+ }
+ return fascism;
+}
+
+DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);
diff --git a/src/detect-fash/meson.build b/src/detect-fash/meson.build
new file mode 100644
index 0000000000000..f4cca34117e7b
--- /dev/null
+++ b/src/detect-fash/meson.build
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+executables += [
+ executable_template + {
+ 'name' : 'systemd-detect-fash',
+ 'public' : true,
+ 'sources' : files('detect-fash.c'),
+ },
+]
From 825072a331cb6d7464eb4479c4998ab0d020e32f Mon Sep 17 00:00:00 2001
From: soscho2143 <mnovikov@mil.ru>
Date: Sun, 12 Oct 2025 14:18:49 -0400
Subject: [PATCH 2/2] detect-fash: added to meson.build
---
meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/meson.build b/meson.build
index c67e7b6c30de4..76c625d22080d 100644
--- a/meson.build
+++ b/meson.build
@@ -2353,6 +2353,7 @@ subdir('src/cryptenroll')
subdir('src/cryptsetup')
subdir('src/debug-generator')
subdir('src/delta')
+subdir('src/detect-fash')
subdir('src/detect-virt')
subdir('src/dissect')
subdir('src/environment-d-generator')

0
pkgs/altsendme/default.nix
View file

2
pkgs/default.nix
View file

@ -14,6 +14,4 @@ pkgs: {
phanpy = pkgs.callPackage ./phanpy {};
auto-mount = pkgs.callPackage ./auto-mount {};
simple-completion-language-server = pkgs.callPackage ./simple-completion-language-server {};
freetube-0236 = pkgs.callPackage ./freetube-0.23.6 {};
ttf-ms-win10 = pkgs.callPackage ./ttf-ms-win10 {};
}

121
pkgs/freetube-0.23.6/default.nix
View file

@ -1,121 +0,0 @@
{
lib,
stdenvNoCC,
fetchFromGitHub,
fetchYarnDeps,
replaceVars,
makeDesktopItem,
nodejs,
yarnConfigHook,
yarnBuildHook,
makeShellWrapper,
copyDesktopItems,
electron,
nixosTests,
}:
let
description = "Open Source YouTube app for privacy";
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "freetube";
version = "0.23.6";
src = fetchFromGitHub {
owner = "FreeTubeApp";
repo = "FreeTube";
tag = "v${finalAttrs.version}-beta";
hash = "sha256-Z1L45RHlmylfqKBY37PC5TQ3ubOgH0AHFGM7VkmtkZ0=";
};
# Darwin requires writable Electron dist
postUnpack =
if stdenvNoCC.hostPlatform.isDarwin then
''
cp -r ${electron.dist} electron-dist
chmod -R u+w electron-dist
''
else
''
ln -s ${electron.dist} electron-dist
'';
patches = [
(replaceVars ./patch-build-script.patch {
electron-version = electron.version;
})
];
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${finalAttrs.src}/yarn.lock";
hash = "sha256-ia5wLRt3Hmo4/dsB1/rhGWGJ7LMnVR9ju9lSlQZDTTg=";
};
nativeBuildInputs = [
nodejs
yarnConfigHook
yarnBuildHook
makeShellWrapper
copyDesktopItems
];
installPhase = ''
runHook preInstall
''
+ lib.optionalString stdenvNoCC.hostPlatform.isLinux ''
mkdir -p $out/share/freetube
cp -r build/*-unpacked/{locales,resources{,.pak}} -t $out/share/freetube
makeWrapper ${lib.getExe electron} $out/bin/freetube \
--add-flags "$out/share/freetube/resources/app.asar" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime=true}}"
install -D _icons/icon.svg $out/share/icons/hicolor/scalable/apps/freetube.svg
''
+ lib.optionalString stdenvNoCC.hostPlatform.isDarwin ''
mkdir -p $out/Applications
cp -r build/mac*/FreeTube.app $out/Applications
ln -s "$out/Applications/FreeTube.app/Contents/MacOS/FreeTube" $out/bin/freetube
''
+ ''
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "freetube";
desktopName = "FreeTube";
comment = description;
exec = "freetube %U";
terminal = false;
type = "Application";
icon = "freetube";
startupWMClass = "FreeTube";
mimeTypes = [ "x-scheme-handler/freetube" ];
categories = [ "Network" ];
})
];
passthru.tests = nixosTests.freetube;
meta = {
inherit description;
homepage = "https://freetubeapp.io/";
license = lib.licenses.agpl3Only;
maintainers = with lib.maintainers; [
ryneeverett
pentane
ryand56
sigmasquadron
ddogfoodd
];
badPlatforms = [
# output app is called "Electron.app" while derivation expects "FreeTube.app"
#see: https://github.com/NixOS/nixpkgs/pull/384596#issuecomment-2677141349
lib.systems.inspect.patterns.isDarwin
];
inherit (electron.meta) platforms;
mainProgram = "freetube";
};
})

13
pkgs/freetube-0.23.6/patch-build-script.patch
View file

@ -1,13 +0,0 @@
diff --git a/_scripts/ebuilder.config.js b/_scripts/ebuilder.config.js
index 5b79d961..9f5945d2 100644
--- a/_scripts/ebuilder.config.js
+++ b/_scripts/ebuilder.config.js
@@ -1,6 +1,8 @@
const { name, productName } = require('../package.json')
const config = {
+ electronVersion: "@electron-version@",
+ electronDist: "electron-dist",
appId: `io.freetubeapp.${name}`,
copyright: 'Copyleft © 2020-2024 freetubeapp@protonmail.com',
// asar: false,

7
pkgs/install-nix-no-inhibit/default.nix
View file

@ -1,6 +1,5 @@
{
git,
nix-output-monitor,
gum,
writeShellApplication,
}:
@ -8,7 +7,7 @@ writeShellApplication
{
name = "install-nix-no-inhibit";
runtimeInputs = [git gum nix-output-monitor];
runtimeInputs = [git gum];
text = ''
# An install script for NixOS installation to /tmp
@ -37,8 +36,8 @@ writeShellApplication
--mode zap_create_mount \
"./disko/''${dir}/default.nix"
echo "NixOS Installing..."
sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json
sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json
sudo nixos-install --flake .#"''${dir}"
sudo nixos-install --flake .#"''${dir}"
popd > /dev/null
echo "Cleaning up repository in '/tmp/install-nix'..."
rm -rf ./install-nix

14
pkgs/rebuild-no-inhibit/default.nix
View file

@ -1,13 +1,9 @@
{
writeShellApplication,
nix-output-monitor,
just,
}:
{writeShellApplication}:
writeShellApplication
{
name = "rebuild-no-inhibit";
runtimeInputs = [nix-output-monitor just];
runtimeInputs = [];
text = ''
# A rebuild script for NixOS
@ -18,11 +14,7 @@ writeShellApplication
git clone https://codeberg.org/Lillian-Violet/NixOS-Config.git ./rebuild
pushd ./rebuild > /dev/null
echo "NixOS Rebuilding..."
if [ "''$HOSTNAME" = shodan ]; then
just boot
else
just build
fi
sudo nixos-rebuild switch --flake .#
popd > /dev/null
echo "Cleaning up repository in '/tmp/rebuild'..."
rm -rf ./rebuild

6
pkgs/simple-completion-language-server/default.nix
View file

@ -5,16 +5,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "simple-completion-language-server";
version = "6c797949ad5a6e9548b60b5475d1c9977f26c811";
version = "ff9f90bc96c347f284571bc6310bc31f95508d55";
src = fetchFromGitHub {
owner = "estin";
repo = pname;
rev = version;
hash = "sha256-cITZdlDB03i7gOYbahV99wZOQ7tisnqdT/N2Z12oLFM=";
hash = "sha256-qybbZXjKzKcc6UXfAjwmkkB+qEUuGQXABRbMj7bNksM=";
};
cargoHash = "sha256-nannF4BKRLCcsS7VznzEHqrhLHYvN4X22t8jud87XEM=";
cargoHash = "sha256-VTz2Fm+PRUPM5+u9D+2TzGGIEQwb1j0Lz0WRaQ5/Yzo=";
meta = with lib; {
description = "Language server to enable word completion and snippets for Helix editor";
homepage = "https://github.com/estin/simple-completion-language-server";

29
pkgs/ttf-ms-win10/default.nix
View file

@ -1,29 +0,0 @@
{
lib,
stdenvNoCC,
fetchzip,
}:
stdenvNoCC.mkDerivation rec {
pname = "ttf-ms-win10";
version = "1.0";
src = fetchzip {
url = "https://github.com/streetsamurai00mi/ttf-ms-win10/archive/refs/heads/build.zip";
hash = "sha256-UwkHlrSRaXhfoMlimyXFETV9yq1SbvUXykrhigf+wP8=";
};
installPhase = ''
runHook preInstall
install -Dm644 *.ttf -t $out/share/fonts/truetype
runHook postInstall
'';
meta = with lib; {
homepage = "https://github.com/streetsamurai00mi/ttf-ms-win10";
description = "Windows 10 ttf Fonts";
license = licenses.unfree;
maintainers = [];
};
}