noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 22:30:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:324956c09158d044f7bc81cfc5fddf7a4f798773
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:sway
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

6 Commits
324956c091 ... sway

Author SHA1 Message Date
Noah Masur
cb15963270 clean up i3 sxhkd 2023-08-09 22:03:47 -04:00
Noah Masur
5efa1eb269 restored working i3 with sxhkd 2023-08-09 21:32:38 -04:00
Noah Masur
6ea3da93db partial success of i3 and sxhkd 2023-08-09 08:36:07 -04:00
Noah Masur
97c94e6b6a move keybinds between i3 and keybinds file 2023-08-08 22:13:38 -04:00
Noah Masur
f16ef49792 move keybinds to sxhkd 2023-08-08 22:13:38 -04:00
Noah Masur
cc0325b431 start to add sway config 2023-08-08 22:13:38 -04:00
113 changed files with 597 additions and 1509 deletions
Expand all files Collapse all files

27
.github/workflows/update.yml vendored
View File

@ -8,7 +8,6 @@ on:
permissions:
contents: write
pull-requests: write
checks: write
jobs:
lockfile:
@ -32,32 +31,8 @@ jobs:
dependencies
automated
- name: Check the Flake
id: check
run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge
if: success()
run: |
gh pr merge \
--rebase \
--auto \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}
- name: Close Pull Request If Failed
if: failure()
run: |
gh pr close \
--comment "Auto-closing pull request" \
--delete-branch \
${{ steps.update.outputs.pull-request-number }}
run: gh pr merge --rebase --auto ${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}

24
README.md
View File

@ -41,30 +41,6 @@ configuration may be difficult to translate to a non-Nix system.
| --- | --- | --- |
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/ed3e7202-09c4-4a9c-9b14-0272c01647f6)
- [flake.nix](./flake.nix)
- [hosts](./hosts/)
- [modules](./modules/)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
---
# Installation

1
apps/loadkey.nix
View File

@ -5,7 +5,6 @@
program = builtins.toString (pkgs.writeShellScript "loadkey" ''
printf "\nEnter the seed phrase for your SSH key...\n"
printf "\nThen press ^D when complete.\n\n"
mkdir -p ~/.ssh/
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
printf "\n\nContinuing activation.\n\n"
'');

17
docs/installation.md
View File

@ -49,24 +49,19 @@ move the `windows/alacritty.yml` file to
To get started on a bare macOS installation, first install Nix:
```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
sh -c "$(curl -L https://nixos.org/nix/install)"
```
Launch a new shell. Then use Nix to switch to the macOS configuration:
Then use Nix to build nix-darwin:
```bash
sudo rm /etc/bashrc
sudo rm /etc/nix/nix.conf
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
Once installed, you can continue to update the macOS configuration:
Then switch to the macOS configuration:
```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
```

361
flake.lock generated
View File

@ -17,31 +17,14 @@
"type": "github"
}
},
"age": {
"flake": false,
"locked": {
"lastModified": 1672087018,
"narHash": "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw=",
"owner": "FiloSottile",
"repo": "age",
"rev": "c6dcfa1efcaa27879762a934d5bea0d1b83a894c",
"type": "github"
},
"original": {
"owner": "FiloSottile",
"ref": "v1.1.1",
"repo": "age",
"type": "github"
}
},
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1704551058,
"narHash": "sha256-0NmiGzMFvL1awYOVtiaSd+O4sAR524x68xwWLgArlqs=",
"lastModified": 1681806450,
"narHash": "sha256-jxRlIzWbnSj89032msc5w+2TVt7zVyzlxdXxiH1dQqY=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "6d9cbdaca3a428bc7296f838fdfce3ad01ee7495",
"rev": "00bb4af31c8c3865b735d40ebefa6c3f07b2dd16",
"type": "github"
},
"original": {
@ -53,44 +36,28 @@
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1695205521,
"narHash": "sha256-MQMpXMgUpZA0E9TunzjXeOQxDWSCTogXbvi9VJnv4Kw=",
"lastModified": 1687763763,
"narHash": "sha256-wbOeylzjjScQXkrDbBU2HtrOZrp2YUK+wQ2aOkgxmRQ=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "6ecd37e0fa8b156099daedd2191130e083fb1490",
"rev": "bf2f6b7edd0abf6b0732f5e5c0a8f30e51611c75",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.4.0",
"ref": "v4.2.0",
"repo": "bufferline.nvim",
"type": "github"
}
},
"bypass-paywalls-clean": {
"flake": false,
"locked": {
"lastModified": 1705573187,
"narHash": "sha256-eDjesK2DON3pG9faUSTNPG1xWieV8LG75Rf+crGk3Lk=",
"owner": "magnolia1234",
"repo": "bpc-uploads",
"rev": "55af5ff1f6a7f8ea7fc57253029c07de8f481c62",
"type": "gitlab"
},
"original": {
"owner": "magnolia1234",
"repo": "bpc-uploads",
"type": "gitlab"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1702205473,
"narHash": "sha256-/0sh9vJBD9pUuD7q3tNSQ1YLvxFMNykdg5eG+LjZAA8=",
"lastModified": 1687494203,
"narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "5af77f54de1b16c34b23cba810150689a3a90312",
"rev": "44b16d11215dce86f253ce0c30949813c0a90765",
"type": "github"
},
"original": {
@ -106,11 +73,11 @@
]
},
"locked": {
"lastModified": 1705796049,
"narHash": "sha256-zkqbujNu3ixEar79QJTpJeOG5MYse1uJdcjl9f96uBg=",
"lastModified": 1691275315,
"narHash": "sha256-9WN0IA0vNZSNxKHpy/bYvPnCw4VH/nr5iBv7c+7KUts=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "3ac7acd32db4f7111015e8d5349ff6067df01bf6",
"rev": "829041cf10c4f6751a53c0a11ca2fd22ff0918d6",
"type": "github"
},
"original": {
@ -127,11 +94,11 @@
]
},
"locked": {
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"lastModified": 1690739034,
"narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=",
"owner": "nix-community",
"repo": "disko",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"rev": "4015740375676402a2ee6adebc3c30ea625b9a94",
"type": "github"
},
"original": {
@ -140,23 +107,6 @@
"type": "github"
}
},
"fidget-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1702031048,
"narHash": "sha256-wbjQuOFd/2339TIrUA97PYsV8N3PZsS+xbyMsyZmki8=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "300018af4abd00610a345e382ca1f4b7ba420f77",
"type": "github"
},
"original": {
"owner": "j-hui",
"ref": "v1.1.0",
"repo": "fidget.nvim",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": [
@ -164,11 +114,11 @@
]
},
"locked": {
"lastModified": 1705798126,
"narHash": "sha256-h+alhyRhMYDZmGk7pYDRdOF71Aa7NWG7Q5wcF6Ycf3I=",
"lastModified": 1691196340,
"narHash": "sha256-b1haFWCbFJkiUkeTQCkNjr8hFq/8JlMPaQwNpGlcvxI=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "51cc53fd6e6a1625a00565f110edc09f9ea7cfd9",
"rev": "6081c33185dba05da784d9f2a392861af025bf1a",
"type": "github"
},
"original": {
@ -180,11 +130,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -194,15 +144,12 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
@ -213,7 +160,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1685518550,
@ -231,14 +178,14 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
@ -250,11 +197,11 @@
"hmts-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1693226725,
"narHash": "sha256-jUuztOqNBltC3axa7s3CPJz9Cmukfwkf846+Z/gAxCU=",
"lastModified": 1691223193,
"narHash": "sha256-Zsl4s3e4upWiU2mXKqiQcUGxslPzzebKKXfzaHiNq48=",
"owner": "calops",
"repo": "hmts.nvim",
"rev": "14fd941d7ec2bb98314a1aacaa2573d97f1629ab",
"rev": "1d40963804925754672940d07ddb250d19efec2e",
"type": "github"
},
"original": {
@ -270,11 +217,11 @@
]
},
"locked": {
"lastModified": 1705794055,
"narHash": "sha256-mv/KrxEAZNhpPJcDqdQ709If9p2DTEYIDPo2r9xchlg=",
"lastModified": 1691225770,
"narHash": "sha256-O5slH8nW8msTAqVAS5rkvdHSkjmrO+JauuSDzZCmv2M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9b378afae72cb07471e19aefc30e8e05ef2d7a61",
"rev": "0a014a729cdd54d9919ff36b714d047909d7a4c8",
"type": "github"
},
"original": {
@ -287,53 +234,37 @@
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1702545935,
"narHash": "sha256-19LN1nYJJ0RMWj6DrYPvHzocTyhMfYdpdhBFch3fpHE=",
"narHash": "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1699624334,
"narHash": "sha256-RCL2RP5twRDLxI/KfAX6QLYQOzqZmSWsfrC5ZQIwTD4=",
"narHash": "sha256-gY1nxqK/pHfoxW/9mE7DFtNawgdEV7a4OXpscWY14yk=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.0/external-v5.2.0.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.0/external-v5.2.0.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1703426420,
"narHash": "sha256-AENBJH/bEob5JQvw4WEi864mdLYJ5Mqe78HJH6ceCpI=",
"narHash": "sha256-hhXPEITSbCiFs0o+TOsQnSasXBpjU9mA/OFsbzuaCPw=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/22.0.0/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
}
},
"nextcloud-snappymail": {
"flake": false,
"locked": {
"lastModified": 1705808478,
"narHash": "sha256-UeZXoZFEPJj7zEVNTXJ3IYNt/wI7VFq3Pjh1ubMHCBo=",
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/22.0.0/news.tar.gz"
}
},
"nil": {
@ -345,16 +276,16 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1691372739,
"narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
"lastModified": 1680544266,
"narHash": "sha256-d/TusDXmIo8IT5DNRA21lN+nOVSER8atIx9TJteR6LQ=",
"owner": "oxalica",
"repo": "nil",
"rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
"rev": "56a1fa87b98a9508920f4b0ab8fe36d5b54b2362",
"type": "github"
},
"original": {
"owner": "oxalica",
"ref": "2023-08-09",
"ref": "2023-04-03",
"repo": "nil",
"type": "github"
}
@ -382,11 +313,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1693701915,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"lastModified": 1689469483,
"narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
"type": "github"
},
"original": {
@ -403,11 +334,11 @@
]
},
"locked": {
"lastModified": 1705400161,
"narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=",
"lastModified": 1690133435,
"narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234",
"rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
"type": "github"
},
"original": {
@ -418,11 +349,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1705677747,
"narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=",
"lastModified": 1691186842,
"narHash": "sha256-wxBVCvZUwq+XS4N4t9NqsHV4E64cPVqQ2fdDISpjcw0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261",
"rev": "18036c0be90f4e308ae3ebcab0e14aae0336fe42",
"type": "github"
},
"original": {
@ -432,14 +363,30 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1690470004,
"narHash": "sha256-l57RmPhPz9r1LGDg/0v8bYgJO8R+GGTQZtkIxE7negU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9462344318b376e157c94fa60c20a25b913b2381",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"null-ls-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1691810493,
"narHash": "sha256-cWA0rzkOp/ekVKaFee7iea1lhnqKtWUIU+fW5M950wI=",
"lastModified": 1688652536,
"narHash": "sha256-6KJtj9pbvBm6fOVpnyzO2fEVC+cVrw2XtZHOgq9ieIw=",
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"rev": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7",
"rev": "db09b6c691def0038c456551e4e2772186449f35",
"type": "github"
},
"original": {
@ -450,11 +397,11 @@
},
"nur": {
"locked": {
"lastModified": 1705801736,
"narHash": "sha256-t+merRH3MW8ASSIf968SIJJxiRnhomFGapP/X4usTyc=",
"lastModified": 1691289987,
"narHash": "sha256-sbbDlVzxlP+bBTdhyyzJ6C0APUNU/sChuLmNU9ehkmg=",
"owner": "nix-community",
"repo": "nur",
"rev": "ff6497ef576a1d88ef7ecb7e40e3a7cd9a410b2b",
"rev": "cf2f5d8ad452795e5aca290c95eedc829d3da7ec",
"type": "github"
},
"original": {
@ -483,11 +430,11 @@
"nvim-tree-lua-src": {
"flake": false,
"locked": {
"lastModified": 1705793548,
"narHash": "sha256-/q/tfkHKnC2lYXhN0VLUXjaWzFt+c2n+8+aAP08CmI4=",
"lastModified": 1691292370,
"narHash": "sha256-YQRirmp8QerxwF9qdrSrUKJZiVrBb6ZWpUTfM8H7fl4=",
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"rev": "74525ac04760bf0d9fec2bf51474d2b05f36048e",
"rev": "904f95cd9db31d1800998fa428e78e418a50181d",
"type": "github"
},
"original": {
@ -499,51 +446,34 @@
"nvim-treesitter-src": {
"flake": false,
"locked": {
"lastModified": 1705769570,
"narHash": "sha256-KosjU476A7zzbhxSu7MEXvVfSZZrTwTO6GD5FJOnm0c=",
"lastModified": 1681121236,
"narHash": "sha256-iPsPDLhVKJ14iP1/2cCgcY9SCKK/DQz9Y0mQB1DqNiM=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "5cc562748729b6dc9563ea5a3d676ff102ab38b1",
"rev": "cc360a9beb1b30d172438f640e2c3450358c4086",
"type": "github"
},
"original": {
"owner": "nvim-treesitter",
"ref": "master",
"ref": "v0.9.0",
"repo": "nvim-treesitter",
"type": "github"
}
},
"proton-ge": {
"flake": false,
"locked": {
"lastModified": 1700610476,
"narHash": "sha256-IoClZ6hl2lsz9OGfFgnz7vEAGlSY2+1K2lDEEsJQOfU=",
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz"
}
},
"root": {
"inputs": {
"Comment-nvim-src": "Comment-nvim-src",
"age": "age",
"baleia-nvim-src": "baleia-nvim-src",
"bufferline-nvim-src": "bufferline-nvim-src",
"bypass-paywalls-clean": "bypass-paywalls-clean",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"darwin": "darwin",
"disko": "disko",
"fidget-nvim-src": "fidget-nvim-src",
"firefox-darwin": "firefox-darwin",
"hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nextcloud-snappymail": "nextcloud-snappymail",
"nil": "nil",
"nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
@ -553,16 +483,15 @@
"nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src",
"proton-ge": "proton-ge",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
"tree-sitter-bash": "tree-sitter-bash",
"tree-sitter-ini": "tree-sitter-ini",
"tree-sitter-lua": "tree-sitter-lua",
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"vscode-terraform-snippets": "vscode-terraform-snippets",
"wallpapers": "wallpapers",
"wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
@ -580,11 +509,11 @@
]
},
"locked": {
"lastModified": 1688783586,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
"lastModified": 1680488274,
"narHash": "sha256-0vYMrZDdokVmPQQXtFpnqA2wEgCCUXf5a3dDuDVshn0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176",
"rev": "7ec2ff598a172c6e8584457167575b3a1a5d80d8",
"type": "github"
},
"original": {
@ -623,34 +552,19 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telescope-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1697004956,
"narHash": "sha256-7SqYFnfCjotOBhuX6Wx1IOhgMKoxaoI1a4SKz1d5RVM=",
"lastModified": 1686302912,
"narHash": "sha256-fV3LLRwAPykVGc4ImOnUSP+WTrPp9Ad9OTfBJ6wqTMk=",
"owner": "nvim-telescope",
"repo": "telescope.nvim",
"rev": "7011eaae0ac1afe036e30c95cf80200b8dc3f21a",
"rev": "776b509f80dd49d8205b9b0d94485568236d1192",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"ref": "0.1.4",
"ref": "0.1.2",
"repo": "telescope.nvim",
"type": "github"
}
@ -658,11 +572,11 @@
"telescope-project-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1701464478,
"narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=",
"lastModified": 1682606566,
"narHash": "sha256-H6lrPjpOUVleKHB0ziI+6dthg9ymitHhEWtcgYJTrKo=",
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"rev": "1aaf16580a614601a7f7077d9639aeb457dc5559",
"rev": "7c64b181dd4e72deddcf6f319e3bf1e95b2a2f30",
"type": "github"
},
"original": {
@ -674,16 +588,16 @@
"toggleterm-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1695636777,
"narHash": "sha256-o8xzoo7OuYrPnKlfrupQ24Ja9hZy1qQVnvwO0FO+4zM=",
"lastModified": 1685434104,
"narHash": "sha256-oiCnBrvft6XxiQtQH8E4F842xhh348SaTpHzaeb+iDY=",
"owner": "akinsho",
"repo": "toggleterm.nvim",
"rev": "faee9d60428afc7857e0927fdc18daa6c409fa64",
"rev": "95204ece0f2a54c89c4395295432f9aeedca7b5f",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v2.8.0",
"ref": "v2.7.0",
"repo": "toggleterm.nvim",
"type": "github"
}
@ -691,28 +605,28 @@
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1705686017,
"narHash": "sha256-+Mpks0FyQLl26TX63J6WhaAl/QDUR1k9wSUY5SFwL+w=",
"lastModified": 1688032601,
"narHash": "sha256-gl5F3IeZa2VqyH/qFj8ey2pRbGq4X8DL5wiyvRrH56U=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "f7239f638d3dc16762563a9027faeee518ce1bd9",
"rev": "493646764e7ad61ce63ce3b8c59ebeb37f71b841",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-bash",
"rev": "493646764e7ad61ce63ce3b8c59ebeb37f71b841",
"type": "github"
}
},
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1699877527,
"narHash": "sha256-dYPeVTNWO4apY5dsjsKViavU7YtLeGTp6BzEemXhsEU=",
"lastModified": 1690815608,
"narHash": "sha256-IIpKzpA4q1jpYVZ75VZaxWHaqNt8TA427eMOui2s71M=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "bcb84a2d4bcd6f55b911c42deade75c8f90cb0c5",
"rev": "7f11a02fb8891482068e0fe419965d7bade81a68",
"type": "github"
},
"original": {
@ -721,23 +635,6 @@
"type": "github"
}
},
"tree-sitter-lua": {
"flake": false,
"locked": {
"lastModified": 1694072484,
"narHash": "sha256-5t5w8KqbefInNbA12/jpNzmky/uOUhsLjKdEqpl1GEc=",
"owner": "MunifTanjim",
"repo": "tree-sitter-lua",
"rev": "9668709211b2e683f27f414454a8b51bf0a6bda1",
"type": "github"
},
"original": {
"owner": "MunifTanjim",
"ref": "main",
"repo": "tree-sitter-lua",
"type": "github"
}
},
"tree-sitter-puppet": {
"flake": false,
"locked": {
@ -757,17 +654,17 @@
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1700218345,
"narHash": "sha256-hXNxa895SyNOG7PH2vAIkWbcMjZDjWYDsCafBZuvnT0=",
"lastModified": 1690493803,
"narHash": "sha256-2btd/NRE6NuGNlx4cq535OrwtWXihiP3VMCJjPCiDOk=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "4bfdd9033a2225cc95032ce77066b7aeca9e2efc",
"rev": "5af00f64af6bbf822f208243cce5cf75396fb6f5",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-python",
"rev": "5af00f64af6bbf822f208243cce5cf75396fb6f5",
"type": "github"
}
},
@ -787,6 +684,22 @@
"type": "github"
}
},
"vscode-terraform-snippets": {
"flake": false,
"locked": {
"lastModified": 1614849738,
"narHash": "sha256-v392tyzXV+zyBNt5OCB2NBCK7JcByrTa5Ne/nFtSCJI=",
"owner": "run-at-scale",
"repo": "vscode-terraform-doc-snippets",
"rev": "6ab3e44b566e660f38922cf908e6e547eaa5d4b4",
"type": "github"
},
"original": {
"owner": "run-at-scale",
"repo": "vscode-terraform-doc-snippets",
"type": "github"
}
},
"wallpapers": {
"flake": false,
"locked": {
@ -807,16 +720,14 @@
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1705359964,
"narHash": "sha256-ys1MDjIH6z5UP7gAciRfUAlf2FJV0t3yFib965N/S+I=",
"lastModified": 1690553050,
"narHash": "sha256-pK3kF30OykL3v6P8UP6ipihlS34KoGq9SryCj3tHrFw=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "bb3eeeb96ce059ae29309138874ccf58e796f4b1",
"rev": "f7a95a37306c46b42e9ce751977c44c752fd5eca",
"type": "github"
},
"original": {
@ -828,11 +739,11 @@
"zenyd-mpv-scripts": {
"flake": false,
"locked": {
"lastModified": 1705694835,
"narHash": "sha256-t5BV8+azCvGZG0hfx5nft013sZugrge3AC4VbUcRNOg=",
"lastModified": 1650625438,
"narHash": "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=",
"owner": "zenyd",
"repo": "mpv-scripts",
"rev": "3ad7502fe2d6575b395db5568afdf830872c85d0",
"rev": "19ea069abcb794d1bf8fac2f59b50d71ab992130",
"type": "github"
},
"original": {

87
flake.nix
View File

@ -9,15 +9,12 @@
# Used for MacOS system config
darwin = {
url = "github:lnl7/nix-darwin/master";
url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for Windows Subsystem for Linux compatibility
wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
wsl.url = "github:nix-community/NixOS-WSL";
# Used for user packages and dotfiles
home-manager = {
@ -61,13 +58,12 @@
# Nix language server
nil = {
url = "github:oxalica/nil/2023-08-09";
url = "github:oxalica/nil/2023-04-03";
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins
nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.6";
flake = false;
};
@ -80,7 +76,6 @@
flake = false;
};
baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim";
flake = false;
};
@ -89,12 +84,11 @@
flake = false;
};
nvim-treesitter-src = {
# https://github.com/nvim-treesitter/nvim-treesitter/tags
url = "github:nvim-treesitter/nvim-treesitter/master";
url = "github:nvim-treesitter/nvim-treesitter/v0.9.0";
flake = false;
};
telescope-nvim-src = {
url = "github:nvim-telescope/telescope.nvim/0.1.4";
url = "github:nvim-telescope/telescope.nvim/0.1.2";
flake = false;
};
telescope-project-nvim-src = {
@ -102,38 +96,39 @@
flake = false;
};
toggleterm-nvim-src = {
url = "github:akinsho/toggleterm.nvim/v2.8.0";
url = "github:akinsho/toggleterm.nvim/v2.7.0";
flake = false;
};
bufferline-nvim-src = {
url = "github:akinsho/bufferline.nvim/v4.4.0";
url = "github:akinsho/bufferline.nvim/v4.2.0";
flake = false;
};
nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua";
flake = false;
};
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
vscode-terraform-snippets = {
url = "github:run-at-scale/vscode-terraform-doc-snippets";
flake = false;
};
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.1.0";
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
url = "github:tree-sitter/tree-sitter-bash/master";
# Fix: bash highlighting doesn't work as of this commit:
# https://github.com/NixOS/nixpkgs/commit/49cce41b7c5f6b88570a482355d9655ca19c1029
url =
"github:tree-sitter/tree-sitter-bash/493646764e7ad61ce63ce3b8c59ebeb37f71b841";
flake = false;
};
tree-sitter-python = {
url = "github:tree-sitter/tree-sitter-python/master";
flake = false;
};
tree-sitter-lua = {
url = "github:MunifTanjim/tree-sitter-lua/main";
# Fix: invalid node in position. Broken as of this commit (replaced with newer):
# https://github.com/NixOS/nixpkgs/commit/8ec3627796ecc899e6f47f5bf3c3220856ead9c5
url =
"github:tree-sitter/tree-sitter-python/5af00f64af6bbf822f208243cce5cf75396fb6f5";
flake = false;
};
tree-sitter-ini = {
@ -155,51 +150,20 @@
flake = false;
};
# Age encryption (pin because of failed builds)
age = {
url = "github:FiloSottile/age/v1.1.1";
flake = false;
};
# GE version of Proton for game compatibility
# Alternatively, could consider using https://github.com/fufexan/nix-gaming
proton-ge = {
# https://github.com/GloriousEggroll/proton-ge-custom/releases
url =
"https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz";
flake = false;
};
# Firefox addon from outside the extension store
bypass-paywalls-clean = {
# https://gitlab.com/magnolia1234/bpc-uploads/-/commits/master/?ref_type=HEADS
url = "gitlab:magnolia1234/bpc-uploads";
flake = false;
};
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url =
"https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz";
"https://github.com/nextcloud/news/releases/download/22.0.0/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url =
"https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz";
"https://github.com/nextcloud-releases/external/releases/download/v5.2.0/external-v5.2.0.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
url =
"https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
url =
"https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz";
"https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
flake = false;
};
@ -222,10 +186,8 @@
dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
@ -246,11 +208,6 @@
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix)
(import ./overlays/age.nix inputs)
(import ./overlays/proton-ge.nix inputs)
(import ./overlays/gh-collaborators.nix)
(import ./overlays/bypass-paywalls-clean.nix inputs)
(import ./overlays/terraform.nix)
];
# System types to support.

12
hosts/README.md
View File

@ -12,15 +12,3 @@ These are the individual machines managed by this flake.
| [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

2
hosts/aws/main.tf
View File

@ -26,7 +26,7 @@ data "aws_iam_policy_document" "vmimport" {
actions = [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucket",
]
resources = [
"arn:aws:s3:::${aws_s3_object.image.bucket}",

4
hosts/flame/default.nix
View File

@ -1,8 +1,6 @@
# The Flame
# System configuration for an Oracle free server
# See [readme](../README.md) to explain how this file works.
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
@ -52,7 +50,6 @@ inputs.nixpkgs.lib.nixosSystem {
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
atuin.enable = true;
cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles
neovim.enable = true;
@ -61,7 +58,6 @@ inputs.nixpkgs.lib.nixosSystem {
services.grafana.enable = true;
services.openssh.enable = true;
services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server

2
hosts/hydra/default.nix
View File

@ -1,8 +1,6 @@
# The Hydra
# System configuration for WSL
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {

5
hosts/lookingglass/default.nix
View File

@ -4,7 +4,7 @@
{ inputs, globals, overlays, ... }:
inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin";
system = "x86_64-darwin";
specialArgs = { };
modules = [
../../modules/common
@ -25,7 +25,6 @@ inputs.darwin.lib.darwinSystem {
dark = true;
};
mail.user = globals.user;
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
mail.enable = true;
@ -38,9 +37,7 @@ inputs.darwin.lib.darwinSystem {
nixlang.enable = true;
terraform.enable = true;
python.enable = true;
rust.enable = true;
lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;

5
hosts/swan/default.nix
View File

@ -1,8 +1,6 @@
# The Swan
# System configuration for my home NAS server
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
@ -68,7 +66,6 @@ inputs.nixpkgs.lib.nixosSystem {
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
atuin.enable = true;
neovim.enable = true;
cloudflare.enable = true;
dotfiles.enable = true;
@ -82,8 +79,6 @@ inputs.nixpkgs.lib.nixosSystem {
services.prometheus.enable = false;
services.vmagent.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
# Allows private remote access over the internet
cloudflareTunnel = {

4
hosts/tempest/default.nix
View File

@ -1,8 +1,6 @@
# The Tempest
# System configuration for my desktop
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
@ -85,7 +83,6 @@ inputs.nixpkgs.lib.nixosSystem {
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
media.enable = true;
@ -102,7 +99,6 @@ inputs.nixpkgs.lib.nixosSystem {
keybase.enable = true;
mullvad.enable = false;
nixlang.enable = true;
rust.enable = true;
yt-dlp.enable = true;
gaming = {
dwarf-fortress.enable = true;

18
modules/common/applications/1password.nix
View File

@ -9,18 +9,12 @@
};
};
config = lib.mkIf (config.gui.enable && config._1password.enable) {
unfreePackages = [ "1password" "_1password-gui" "1password-cli" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
config = lib.mkIf
(config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
unfreePackages = [ "1password" "_1password-gui" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};
};
# https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
# Doesn't seem to fix the issue on macOS anyway
environment.etc."1password/custom_allowed_browsers".text = ''
${config.home-manager.users.${config.user}.programs.firefox.package}
firefox
'';
};
}

25
modules/common/applications/firefox.nix
View File

@ -16,7 +16,6 @@
unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin"
"wappalyzer"
];
home-manager.users.${config.user} = {
@ -29,23 +28,21 @@
id = 0;
name = "default";
isDefault = true;
# https://nur.nix-community.org/repos/rycee/
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager)
pkgs.bypass-paywalls-clean
darkreader
don-t-fuck-with-paste
facebook-container
markdownload
ublock-origin
vimium
multi-account-containers
facebook-container
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin
sponsorblock
reddit-enhancement-suite
return-youtube-dislikes
markdownload
darkreader
snowflake
sponsorblock
ublock-origin
ublacklist
vimium
don-t-fuck-with-paste
i-dont-care-about-cookies
wappalyzer
];
settings = {
@ -76,8 +73,6 @@
"media.ffmpeg.vaapi.enabled" =
true; # Enable hardware video acceleration
"cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
"devtools.command-button-screenshot.enabled" =
true; # Scrolling screenshot of entire page
"svg.context-properties.content.enabled" = true; # Sidebery styling
};
userChrome = ''
@ -119,7 +114,7 @@
background-color: ${config.theme.colors.base00};
color: ${config.theme.colors.base06} !important;
}
.tab-content[selected] {
.tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.theme.colors.base01} !important;
color: ${config.theme.colors.base07} !important;

15
modules/common/applications/kitty.nix
View File

@ -11,23 +11,10 @@
config = lib.mkIf (config.gui.enable && config.kitty.enable) {
# Set the Rofi-Systemd terminal for viewing logs
# Using optionalAttrs because only available in NixOS
environment = { } // lib.attrsets.optionalAttrs
(builtins.hasAttr "sessionVariables" config.environment) {
sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.kitty}/bin/kitty";
};
terminal = "${pkgs.kitty}/bin/kitty";
home-manager.users.${config.user} = {
# Set the i3 terminal
xsession.windowManager.i3.config.terminal =
lib.mkIf pkgs.stdenv.isLinux "kitty";
# Set the Rofi terminal for running programs
programs.rofi.terminal =
lib.mkIf pkgs.stdenv.isLinux "${pkgs.kitty}/bin/kitty";
# Display images in the terminal
programs.fish.shellAliases = {
icat = "kitty +kitten icat";

5
modules/common/applications/obsidian.nix
View File

@ -15,9 +15,8 @@
home.packages = with pkgs; [ obsidian ];
};
# Broken on 2023-12-11
# https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
# Broken on 2023-04-16
nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
};

8
modules/common/default.nix
View File

@ -75,18 +75,10 @@
type = lib.types.str;
description = "Hostname for metrics server.";
};
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
influxdb = lib.mkOption {
type = lib.types.str;
description = "Hostname for InfluxDB2 server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";

2
modules/common/mail/aerc.nix
View File

@ -68,7 +68,7 @@
"!" = ":term<space>";
"|" = ":pipe<space>";
"/" = ":search<space>-a<space>";
"/" = ":search<space>";
"\\" = ":filter <space>";
n = ":next-result<Enter>";
N = ":prev-result<Enter>";

17
modules/common/neovim/config/completion.nix
View File

@ -9,6 +9,7 @@
pkgs.vimPlugins.luasnip
pkgs.vimPlugins.cmp_luasnip
pkgs.vimPlugins.cmp-rg
pkgs.vimPlugins.friendly-snippets
];
use.cmp.setup = dsl.callWith {
@ -23,6 +24,13 @@
end
'';
# Enable Luasnip snippet completion
snippet.expand = dsl.rawLua ''
function(args)
require("luasnip").lsp_expand(args.body)
end
'';
# Basic completion keybinds
mapping = {
"['<C-n>']" = dsl.rawLua
@ -62,6 +70,7 @@
sources = [
{ name = "nvim_lua"; } # Fills in common Neovim lua functions
{ name = "nvim_lsp"; } # LSP results
{ name = "luasnip"; } # Snippets
{ name = "path"; } # Shell completion from current PATH
{
name = "buffer"; # Grep for text from the current text buffer
@ -110,6 +119,7 @@
}
vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
vim_item.menu = ({
luasnip = "[Snippet]",
buffer = "[Buffer]",
path = "[Path]",
rg = "[Grep]",
@ -129,6 +139,13 @@
};
lua = ''
-- Load snippets
-- Check status: :lua require("luasnip").log.open()
require("luasnip.loaders.from_vscode").lazy_load()
require("luasnip.loaders.from_vscode").lazy_load({ paths = { "${
builtins.toString pkgs.vscode-terraform-snippets
}" } })
-- Use buffer source for `/`
require('cmp').setup.cmdline("/", {
sources = {

14
modules/common/neovim/config/github.lua
View File

@ -1,14 +0,0 @@
-- Keymap to open file in GitHub web
vim.keymap.set("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
-- Pop a terminal to watch the current run
local gitwatch =
require("toggleterm.terminal").Terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
-- Set a toggle for this terminal
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
-- Keymap to toggle the run
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)

6
modules/common/neovim/config/kubernetes.lua
View File

@ -1,6 +0,0 @@
local k9s = require("toggleterm.terminal").Terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

162
modules/common/neovim/config/lsp.nix
View File

@ -1,110 +1,76 @@
{ pkgs, lib, config, dsl, ... }: {
{ pkgs, dsl, ... }: {
# Terraform optional because non-free
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP";
options.github = lib.mkEnableOption "Whether to enable GitHub features";
options.kubernetes =
lib.mkEnableOption "Whether to enable Kubernetes features";
plugins = [
pkgs.vimPlugins.nvim-lspconfig
pkgs.vimPlugins.lsp-colors-nvim
pkgs.vimPlugins.null-ls-nvim
];
config =
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
let
use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
};
terraformFormat = if config.terraform then ''
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
'' else
"";
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
in {
plugins = [
pkgs.vimPlugins.nvim-lspconfig
pkgs.vimPlugins.null-ls-nvim
pkgs.vimPlugins.fidget-nvim
];
use.lspconfig.terraformls.setup =
dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-ls" "serve" ]; };
setup.fidget = { };
vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
lua = ''
${builtins.readFile ./lsp.lua}
use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
};
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
require("null-ls").builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
require("null-ls").builtins.diagnostics.ruff.with({ command = "${pkgs.ruff}/bin/ruff" }),
require("null-ls").builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
require("null-ls").builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
require("null-ls").builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
require("null-ls").builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
require("null-ls").builtins.formatting.shfmt.with({
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
},
use.lspconfig.terraformls.setup = dsl.callWith {
cmd = if config.terraform then [
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
] else
[ "echo" ];
};
use.lspconfig.rust_analyzer.setup = dsl.callWith {
cmd = [ "${pkgs.rust-analyzer}/bin/rust-analyzer" ];
settings = {
"['rust-analyzer']" = { check = { command = "clippy"; }; };
};
};
vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
lua = ''
${builtins.readFile ./lsp.lua}
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
require("null-ls").builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
require("null-ls").builtins.diagnostics.ruff.with({ command = "${pkgs.ruff}/bin/ruff" }),
require("null-ls").builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
require("null-ls").builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
require("null-ls").builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
require("null-ls").builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
require("null-ls").builtins.formatting.shfmt.with({
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
${terraformFormat}
},
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
-- Auto-format on save
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
-- Use internal formatting for bindings like gq.
vim.api.nvim_create_autocmd("LspAttach", {
callback = function(args)
vim.bo[args.buf].formatexpr = nil
end,
})
end
end,
})
'';
};
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
-- Auto-format on save
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
-- Use internal formatting for bindings like gq.
vim.api.nvim_create_autocmd("LspAttach", {
callback = function(args)
vim.bo[args.buf].formatexpr = nil
end,
})
end
end,
})
'';
}

6
modules/common/neovim/config/misc.nix
View File

@ -12,7 +12,7 @@
# Initialize some plugins
setup.Comment = { };
setup.colorizer = { user_default_options = { names = false; }; };
setup.colorizer = { };
setup.glow = { };
setup.which-key = { };
@ -69,6 +69,10 @@
" Remember last position when reopening file
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
" LaTeX options
au FileType tex inoremap ;bf \textbf{}<Esc>i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
" Flash highlight when yanking
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
'';

3
modules/common/neovim/config/syntax.nix
View File

@ -4,7 +4,6 @@
(pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins:
with pkgs.tree-sitter-grammars; [
tree-sitter-bash
# tree-sitter-c
tree-sitter-fish
tree-sitter-hcl
tree-sitter-ini
@ -25,7 +24,7 @@
pkgs.vimPlugins.vim-helm
pkgs.baleia-nvim # Clean ANSI from kitty scrollback
# pkgs.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPlugin {
(pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nmasur";
version = "0.1";
src = ../plugin;

12
modules/common/neovim/config/toggleterm.lua
View File

@ -26,5 +26,17 @@ function NIXPKGS_TOGGLE()
nixpkgs:toggle()
end
local gitwatch = terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
local k9s = terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>t", TERM_TOGGLE)
vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

8
modules/common/neovim/config/toggleterm.nix
View File

@ -1,4 +1,4 @@
{ pkgs, dsl, config, ... }: {
{ pkgs, dsl, ... }: {
# Toggleterm provides a floating terminal inside the editor for quick access
@ -10,10 +10,6 @@
direction = "float";
};
lua = ''
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
lua = builtins.readFile ./toggleterm.lua;
}

1
modules/common/neovim/config/tree.nix
View File

@ -63,6 +63,7 @@
'';
view = { # Set look and feel
width = 30;
hide_root_folder = false;
side = "left";
number = false;
relativenumber = false;

3
modules/common/neovim/default.nix
View File

@ -5,9 +5,6 @@ let
neovim = import ./package {
inherit pkgs;
colors = config.theme.colors;
terraform = config.terraform.enable;
github = true;
kubernetes = config.kubernetes.enable;
};
in {

7
modules/common/neovim/lua/keybinds.lua
View File

@ -39,6 +39,7 @@ key("n", "<Leader>fs", ":write<CR>")
key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true })
key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true })
key("n", "<Leader><Tab>", ":b#<CR>", { silent = true })
key("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]])
key("n", "<Leader>jj", ":!journal<CR>:e<CR>")
@ -64,12 +65,6 @@ key("n", "<C-Down>", ":resize -2<CR>", { silent = true })
key("n", "<C-Left>", ":vertical resize -2<CR>", { silent = true })
key("n", "<C-Right>", ":vertical resize +2<CR>", { silent = true })
-- Quickfix
key("n", "]q", ":cnext<CR>")
key("n", "[q", ":cprevious<CR>")
key("n", "co", ":copen<CR>")
key("n", "cq", ":cclose<CR>")
-- Other
key("n", "<A-CR>", ":noh<CR>", { silent = true }) --- Clear search in VimWiki
key("n", "Y", "y$") --- Copy to end of line

4
modules/common/neovim/package/default.nix
View File

@ -26,13 +26,13 @@
# ] ++ extraConfig;
# }
{ pkgs, colors, terraform ? false, github ? false, kubernetes ? false, ... }:
{ pkgs, colors, ... }:
# Comes from nix2vim overlay:
# https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix
pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped;
inherit colors terraform github kubernetes;
inherit colors;
imports = [
../config/align.nix
../config/bufferline.nix

1
modules/common/programming/default.nix
View File

@ -6,7 +6,6 @@
./lua.nix
./nix.nix
./python.nix
./rust.nix
./terraform.nix
];

17
modules/common/programming/rust.nix
View File

@ -1,17 +0,0 @@
{ config, pkgs, lib, ... }: {
options.rust.enable = lib.mkEnableOption "Rust programming language.";
config = lib.mkIf config.rust.enable {
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = { ca = "cargo"; };
home.packages = with pkgs; [ cargo rustc clippy gcc ];
};
};
}

1
modules/common/programming/terraform.nix
View File

@ -3,7 +3,6 @@
options.terraform.enable = lib.mkEnableOption "Terraform tools.";
config = lib.mkIf config.terraform.enable {
unfreePackages = [ "terraform" ];
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = {

39
modules/common/shell/atuin.nix
View File

@ -1,39 +0,0 @@
{ config, lib, ... }: {
# Shell history sync
options.atuin.enable = lib.mkEnableOption "Atuin";
config = {
home-manager.users.${config.user} = lib.mkIf config.atuin.enable {
programs.atuin = {
enable = true;
flags = [ "--disable-up-arrow" "--disable-ctrl-r" ];
settings = {
auto_sync = true;
update_check = false;
sync_address = "https://api.atuin.sh";
search_mode = "fuzzy";
filter_mode = "host"; # global, host, session, directory
search_mode_shell_up_key_binding = "fuzzy";
filter_mode_shell_up_key_binding = "session";
style = "compact"; # or auto,full
show_help = true;
history_filter = [ ];
secrets_filter = true;
enter_accept = false;
keymap_mode = "vim-normal";
};
};
};
# Give root user the same setup
home-manager.users.root.programs.atuin =
config.home-manager.users.${config.user}.programs.atuin;
};
}

1
modules/common/shell/charm.nix
View File

@ -10,7 +10,6 @@
glow # Markdown previews
skate # Key-value store
charm # Manage account and filesystem
pop # Send emails from a TUI
];
};

1
modules/common/shell/default.nix
View File

@ -1,6 +1,5 @@
{ ... }: {
imports = [
./atuin.nix
./bash
./charm.nix
./direnv.nix

16
modules/common/shell/direnv.nix
View File

@ -7,22 +7,6 @@
config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
};
# programs.direnv.direnvrcExtra = ''
# layout_postgres() {
# export PGDATA="$(direnv_layout_dir)/postgres"
# export PGHOST="$PGDATA"
#
# if [[ ! -d "PGDATA" ]]; then
# initdb
# cat >> "$PGDATA/postgres.conf" <<- EOF
# listen_addresses = '''
# unix_socket_directories = '$PGHOST'
# EOF
# echo "CREATE DATABASE $USER;" | postgres --single -E postgres
# fi
# }
# '';
# Prevent garbage collection
nix.extraOptions = ''
keep-outputs = true

9
modules/common/shell/fish/default.nix
View File

@ -6,7 +6,7 @@
home-manager.users.${config.user} = {
# Packages used in abbreviations and aliases
home.packages = with pkgs; [ curl ];
home.packages = with pkgs; [ curl exa ];
programs.fish = {
enable = true;
@ -15,8 +15,8 @@
# Version of bash which works much better on the terminal
bash = "${pkgs.bashInteractive}/bin/bash";
# Use eza (exa) instead of ls for fancier output
ls = "${pkgs.eza}/bin/eza --group";
# Use exa instead of ls for fancier output
ls = "exa --group";
# Move files to XDG trash on the commandline
trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put";
@ -123,6 +123,9 @@
dr = "docker run --rm -it";
db = "docker build . -t";
# Rust
ca = "cargo";
};
shellInit = "";
};

7
modules/common/shell/fzf.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ config, ... }: {
# FZF is a fuzzy-finder for the terminal
@ -16,9 +16,10 @@
--search-path $HOME/dev \
--type directory \
--exact-depth 2 \
| ${pkgs.proximity-sort}/bin/proximity-sort $PWD \
| sed 's/\\/$//' \
| fzf --tiebreak=index \
| fzf \
--delimiter '/' \
--with-nth 6.. \
)
and cd $projdir
and commandline -f execute

13
modules/common/shell/git.nix
View File

@ -35,20 +35,8 @@ in {
init = { defaultBranch = "master"; };
};
ignores = [ ".direnv/**" "result" ];
includes = [{
path = "~/.config/git/personal";
condition = "gitdir:~/dev/personal/";
}];
};
# Personal git config
# TODO: fix with variables
xdg.configFile."git/personal".text = ''
[user]
name = "Noah Masur"
email = "7386960+nmasur@users.noreply.github.com"
'';
programs.fish.shellAbbrs = {
g = "git";
gs = "git status";
@ -70,7 +58,6 @@ in {
git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)'';
gcob = "git switch -c";
gb = "git branch";
gpd = "git push origin -d";
gbd = "git branch -d";
gbD = "git branch -D";
gr = "git reset";

3
modules/common/shell/github.nix
View File

@ -7,7 +7,6 @@
enable = true;
gitCredentialHelper.enable = true;
settings.git_protocol = "https";
extensions = [ pkgs.gh-collaborators ];
};
programs.fish =
@ -15,7 +14,7 @@
shellAbbrs = {
ghr = "gh repo view -w";
gha =
"gh run list | head -1 | awk '{ print \\$\\(NF-2\\) }' | xargs gh run view";
"gh run list | head -1 | awk '{ print $(NF-2) }' | xargs gh run view";
grw = "gh run watch";
grf = "gh run view --log-failed";
grl = "gh run view --log";

16
modules/common/shell/nixpkgs.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.user} = {
programs.fish = {
@ -60,24 +60,12 @@
enableFishIntegration = true;
};
# Create nix-index if doesn't exist
home.activation.createNixIndex =
let cacheDir = "${config.homePath}/.cache/nix-index";
in lib.mkIf
config.home-manager.users.${config.user}.programs.nix-index.enable
(config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
if [ ! -d ${cacheDir} ]; then
$DRY_RUN_CMD ${pkgs.nix-index}/bin/nix-index -f ${pkgs.path}
fi
'');
};
nix = {
# Set channel to flake packages, used for nix-shell commands
nixPath = [{ nixpkgs = pkgs.path; }];
nixPath = [ "nixpkgs=${pkgs.path}" ];
# Set registry to this flake's packages, used for nix X commands
registry.nixpkgs.to = {

2
modules/common/shell/starship.nix
View File

@ -13,7 +13,7 @@
"$cmd_duration"
"$character"
];
right_format = "$nix_shell";
# right_format = "$nix_shell";
character = {
success_symbol = "[](bold green)";
error_symbol = "[](bold red)";

5
modules/common/shell/utilities.nix
View File

@ -25,8 +25,6 @@ in {
htop # Show system processes
killall # Force quit
inetutils # Includes telnet, whois
jless # JSON viewer
jo # JSON output
jq # JSON manipulation
lf # File viewer
qrencode # Generate qr codes
@ -46,11 +44,10 @@ in {
home.file = {
".rgignore".text = ignorePatterns;
".fdignore".text = ignorePatterns;
".digrc".text = "+noall +answer"; # Cleaner dig commands
};
xdg.configFile."fd/ignore".text = ignorePatterns;
programs.bat = {
enable = true; # cat replacement
config = {

4
modules/darwin/hammerspoon.nix
View File

@ -24,9 +24,9 @@
home.activation.reloadHammerspoon =
config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
$DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()"
$DRY_RUN_CMD /usr/local/bin/hs -c "hs.reload()"
$DRY_RUN_CMD sleep 1
$DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()"
$DRY_RUN_CMD /usr/local/bin/hs -c "hs.console.clearConsole()"
'';
};

15
modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
View File

@ -54,19 +54,14 @@ function obj:init()
end)
-- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end)
self.launcher:bind("ctrl", "space", function()
end)
self.launcher:bind("", "return", function()
self:switch("@kitty@")
end)
self.launcher:bind("", "C", function()
self:switch("Calendar.app")
end)
self.launcher:bind("shift", "D", function()
hs.execute("launchctl remove com.paloaltonetworks.gp.pangps")
hs.execute("launchctl remove com.paloaltonetworks.gp.pangpa")
hs.alert.show("Disconnected from GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "E", function()
self:switch("Mail.app")
end)
@ -85,12 +80,6 @@ function obj:init()
self.launcher:bind("", "P", function()
self:switch("System Preferences.app")
end)
self.launcher:bind("shift", "P", function()
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist")
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist")
hs.alert.show("Reconnecting to GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "R", function()
hs.console.clearConsole()
hs.reload()

9
modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
View File

@ -55,15 +55,6 @@ local function worklayout()
local layout = concat(left, right, laptop)
hs.layout.apply(layout)
end)
-- Reload Hammerspoon whenever layout changes
hs.screen.watcher.new(function()
-- Pause for 5 seconds to give time for layout to change
hs.timer.doAfter(5, function()
-- Perform the actual reload
hs.reload()
end)
end)
end
return worklayout

2
modules/darwin/hammerspoon/init.lua
View File

@ -1,5 +1,5 @@
hs.ipc.cliInstall() -- Install Hammerspoon CLI program
hs.loadSpoon("ControlEscape"):start() -- Load Hammerspoon bits from https://github.com/jasonrudolph/ControlEscape.spoon
hs.loadSpoon("Launcher"):init()
hs.loadSpoon("DismissAlerts"):init()
hs.loadSpoon("MoveWindow"):init()
hs.ipc.cliInstall() -- Install Hammerspoon CLI program

18
modules/darwin/homebrew.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: {
{ config, pkgs, lib, ... }: {
# Homebrew - Mac-specific packages that aren't in Nix
config = lib.mkIf pkgs.stdenv.isDarwin {
@ -8,7 +8,7 @@
if ! xcode-select --version 2>/dev/null; then
$DRY_RUN_CMD xcode-select --install
fi
if ! /opt/homebrew/bin/brew --version 2>/dev/null; then
if ! /usr/local/bin/brew --version 2>/dev/null; then
$DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
fi
'';
@ -24,22 +24,24 @@
brewfile = true; # Run brew bundle from anywhere
lockfiles = false; # Don't save lockfile (since running from anywhere)
};
taps = [
"homebrew/cask" # Required for casks
"homebrew/cask-drivers" # Used for Logitech G-Hub
];
brews = [
"trash" # Delete files and folders to trash instead of rm
"openjdk" # Required by Apache Directory Studio
];
casks = [
"1password" # 1Password will not launch from Nix on macOS
"1password" # 1Password packaging on Nix is broken for macOS
"apache-directory-studio" # Packaging on Nix is not available for macOS
"gitify" # Git notifications in menu bar
"keybase" # GUI on Nix not available for macOS
# "logitech-g-hub" # Mouse and keyboard management
"logitune" # Logitech webcam firmware
"logitech-g-hub" # Mouse and keyboard management
"meetingbar" # Show meetings in menu bar
# "obsidian" # Obsidian packaging on Nix is not available for macOS
"obsidian" # Obsidian packaging on Nix is not available for macOS
"scroll-reverser" # Different scroll style for mouse vs. trackpad
# "steam" # Not packaged for Nix
# "epic-games" # Not packaged for Nix
"steam" # Not packaged for Nix
];
};

2
modules/darwin/networking.nix
View File

@ -2,7 +2,7 @@
config = lib.mkIf pkgs.stdenv.isDarwin {
networking = {
computerName = config.networking.hostName;
computerName = "${config.fullName}'\\''s Mac";
# Adjust if necessary
# hostName = "";
};

6
modules/darwin/system.nix
View File

@ -34,8 +34,8 @@
# Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)
AppleKeyboardUIMode = 3;
# Only hide menu bar in fullscreen
_HIHideMenuBar = false;
# Automatically show and hide the menu bar
_HIHideMenuBar = true;
# Expand save panel by default
NSNavPanelExpandedStateForSaveMode = true;
@ -180,7 +180,7 @@
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item ${pkgs.discord}/Applications/Discord.app)" \
"$(__dock_item ${pkgs.obsidian}/Applications/Obsidian.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item ${pkgs.kitty}/Applications/kitty.app)" \
"$(__dock_item /System/Applications/System\ Settings.app)"
'';

14
modules/darwin/user.nix
View File

@ -9,19 +9,13 @@
};
# Used for aerc
home-manager.users.${config.user} = {
# Default shell setting doesn't work
home.sessionVariables = { SHELL = "${pkgs.fish}/bin/fish"; };
# Used for aerc
xdg.enable = true;
home.sessionVariables = {
XDG_CONFIG_HOME = "${config.homePath}/.config";
};
};
# Fix for: 'Error: HOME is set to "/var/root" but we expect "/var/empty"'
home-manager.users.root.home.homeDirectory = lib.mkForce "/var/root";
};
}

6
modules/darwin/utilities.nix
View File

@ -2,8 +2,6 @@
{
unfreePackages = [ "consul" "vault-bin" ];
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
home.packages = with pkgs; [
@ -13,13 +11,11 @@
youtube-dl # Convert web videos
pandoc # Convert text documents
mpd # TUI slideshows
mpv # Video player
gnupg # Encryption
awscli2
awslogs
google-cloud-sdk
ansible
vault-bin
vault
consul
noti # Create notifications programmatically
ipcalc # Make IP network calculations

5
modules/nixos/gaming/steam.nix
View File

@ -22,11 +22,6 @@
];
# Adapted in part from: https://github.com/Shawn8901/nix-configuration/blob/1c48be94238a9f463cf0bbd1e1842a4454286514/modules/nixos/steam-compat-tools/default.nix
# Based on: https://github.com/NixOS/nixpkgs/issues/73323
environment.sessionVariables.STEAM_EXTRA_COMPAT_TOOLS_PATHS =
lib.makeBinPath [ pkgs.proton-ge-custom ];
# Seems like NetworkManager can help speed up Steam launch
# https://www.reddit.com/r/archlinux/comments/qguhco/steam_startup_time_arch_1451_seconds_fedora_34/hi8opet/
networking.networkmanager.enable = true;

29
modules/nixos/graphical/default.nix
View File

@ -5,6 +5,7 @@
./fonts.nix
./gtk.nix
./i3.nix
./keybinds.nix
./picom.nix
./polybar.nix
./rofi.nix
@ -13,14 +14,6 @@
options = {
launcherCommand = lib.mkOption {
type = lib.types.str;
description = "Command to use for launching";
};
systemdSearch = lib.mkOption {
type = lib.types.str;
description = "Command to use for interacting with systemd";
};
altTabCommand = lib.mkOption {
type = lib.types.str;
description = "Command to use for choosing windows";
@ -37,14 +30,30 @@
type = lib.types.str;
description = "Command to use for quick calculations";
};
toggleBarCommand = lib.mkOption {
launcherCommand = lib.mkOption {
type = lib.types.str;
description = "Command to hide and show the status bar.";
description = "Command to use for launching";
};
lockScreenCommand = lib.mkOption {
type = lib.types.str;
description = "Command to use to lock the screen";
};
powerCommand = lib.mkOption {
type = lib.types.str;
description = "Command to use for power options menu";
};
systemdSearch = lib.mkOption {
type = lib.types.str;
description = "Command to use for interacting with systemd";
};
terminal = lib.mkOption {
type = lib.types.str;
description = "Package to use for graphical terminal";
};
toggleBarCommand = lib.mkOption {
type = lib.types.str;
description = "Command to hide and show the status bar.";
};
wallpaper = lib.mkOption {
type = lib.types.path;
description = "Wallpaper background image file";

252
modules/nixos/graphical/i3.nix
View File

@ -2,11 +2,22 @@
let
lockCmd =
"${pkgs.betterlockscreen}/bin/betterlockscreen --lock --display 1 --blur 0.5 --span";
lockUpdate =
"${pkgs.betterlockscreen}/bin/betterlockscreen --update ${config.wallpaper} --display 1 --span";
workspaces = {
"1" = "1:I";
"2" = "2:II";
"3" = "3:III";
"4" = "4:IV";
"5" = "5:V";
"6" = "6:VI";
"7" = "7:VII";
"8" = "8:VIII";
"9" = "9:IX";
"10" = "10:X";
};
in {
config = lib.mkIf pkgs.stdenv.isLinux {
@ -23,29 +34,18 @@ in {
home-manager.users.${config.user} = {
xsession.windowManager.i3 = {
enable = config.services.xserver.enable;
config = let
modifier = "Mod4"; # Super key
ws1 = "1:I";
ws2 = "2:II";
ws3 = "3:III";
ws4 = "4:IV";
ws5 = "5:V";
ws6 = "6:VI";
ws7 = "7:VII";
ws8 = "8:VIII";
ws9 = "9:IX";
ws10 = "10:X";
config = let modifier = "Mod4"; # Super key
in {
modifier = modifier;
assigns = {
"${ws1}" = [{ class = "Firefox"; }];
"${ws2}" = [
"${workspaces."1"}" = [{ class = "Firefox"; }];
"${workspaces."2"}" = [
{ class = "kitty"; }
{ class = "aerc"; }
{ class = "obsidian"; }
];
"${ws3}" = [{ class = "discord"; }];
"${ws4}" = [ { class = "steam"; } { class = "Steam"; } ];
"${workspaces."3"}" = [{ class = "discord"; }];
"${workspaces."4"}" = [{ class = "Steam"; }];
};
bars = [{ command = "echo"; }]; # Disable i3bar
colors = let
@ -91,131 +91,7 @@ in {
newWindow = "urgent";
followMouse = false;
};
keybindings = {
# Adjust screen brightness
"Shift+F12" =
# Disable dynamic sleep
# https://github.com/rockowitz/ddcutil/issues/323
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
"Shift+F11" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30";
"XF86MonBrightnessUp" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
"XF86MonBrightnessDown" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30";
# Media player controls
"XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
"XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
"XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
"XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
# Launchers
"${modifier}+Return" =
"exec --no-startup-id kitty; workspace ${ws2}; layout tabbed";
"${modifier}+space" =
"exec --no-startup-id ${config.launcherCommand}";
"${modifier}+Shift+s" =
"exec --no-startup-id ${config.systemdSearch}";
"${modifier}+Shift+a" =
"exec --no-startup-id ${config.audioSwitchCommand}";
"Mod1+Tab" = "exec --no-startup-id ${config.altTabCommand}";
"${modifier}+Shift+period" =
"exec --no-startup-id ${config.powerCommand}";
"${modifier}+Shift+m" =
"exec --no-startup-id ${config.brightnessCommand}";
"${modifier}+c" =
"exec --no-startup-id ${config.calculatorCommand}";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+q" = ''
exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"'';
"${modifier}+Shift+x" = "exec ${lockCmd}";
"${modifier}+Mod1+h" =
"exec --no-startup-id kitty sh -c '${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
"${modifier}+Mod1+r" =
"exec --no-startup-id kitty sh -c 'doas nixos-rebuild switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
# Window options
"${modifier}+q" = "kill";
"${modifier}+b" = "exec ${config.toggleBarCommand}";
"${modifier}+f" = "fullscreen toggle";
"${modifier}+h" = "focus left";
"${modifier}+j" = "focus down";
"${modifier}+k" = "focus up";
"${modifier}+l" = "focus right";
"${modifier}+Left" = "focus left";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Right" = "focus right";
"${modifier}+Shift+h" = "move left";
"${modifier}+Shift+j" = "move down";
"${modifier}+Shift+k" = "move up";
"${modifier}+Shift+l" = "move right";
"${modifier}+Shift+Left" = "move left";
"${modifier}+Shift+Down" = "move down";
"${modifier}+Shift+Up" = "move up";
"${modifier}+Shift+Right" = "move right";
# Tiling
"${modifier}+i" = "split h";
"${modifier}+v" = "split v";
"${modifier}+s" = "layout stacking";
"${modifier}+t" = "layout tabbed";
"${modifier}+e" = "layout toggle split";
"${modifier}+Shift+space" = "floating toggle";
"${modifier}+Control+space" = "focus mode_toggle";
"${modifier}+a" = "focus parent";
# Workspaces
"${modifier}+1" = "workspace ${ws1}";
"${modifier}+2" = "workspace ${ws2}";
"${modifier}+3" = "workspace ${ws3}";
"${modifier}+4" = "workspace ${ws4}";
"${modifier}+5" = "workspace ${ws5}";
"${modifier}+6" = "workspace ${ws6}";
"${modifier}+7" = "workspace ${ws7}";
"${modifier}+8" = "workspace ${ws8}";
"${modifier}+9" = "workspace ${ws9}";
"${modifier}+0" = "workspace ${ws10}";
# Move windows
"${modifier}+Shift+1" =
"move container to workspace ${ws1}; workspace ${ws1}";
"${modifier}+Shift+2" =
"move container to workspace ${ws2}; workspace ${ws2}";
"${modifier}+Shift+3" =
"move container to workspace ${ws3}; workspace ${ws3}";
"${modifier}+Shift+4" =
"move container to workspace ${ws4}; workspace ${ws4}";
"${modifier}+Shift+5" =
"move container to workspace ${ws5}; workspace ${ws5}";
"${modifier}+Shift+6" =
"move container to workspace ${ws6}; workspace ${ws6}";
"${modifier}+Shift+7" =
"move container to workspace ${ws7}; workspace ${ws7}";
"${modifier}+Shift+8" =
"move container to workspace ${ws8}; workspace ${ws8}";
"${modifier}+Shift+9" =
"move container to workspace ${ws9}; workspace ${ws9}";
"${modifier}+Shift+0" =
"move container to workspace ${ws10}; workspace ${ws10}";
# Move screens
"${modifier}+Control+l" = "move workspace to output right";
"${modifier}+Control+h" = "move workspace to output left";
# Resizing
"${modifier}+r" = ''mode "resize"'';
"${modifier}+Control+Shift+h" =
"resize shrink width 10 px or 10 ppt";
"${modifier}+Control+Shift+j" =
"resize grow height 10 px or 10 ppt";
"${modifier}+Control+Shift+k" =
"resize shrink height 10 px or 10 ppt";
"${modifier}+Control+Shift+l" = "resize grow width 10 px or 10 ppt";
};
keybindings = { };
modes = { };
startup = [
{
@ -224,16 +100,15 @@ in {
notification = false;
}
{
command =
"i3-msg workspace ${ws2}, move workspace to output right";
command = "i3-msg focus right, workspace ${workspaces."2"}";
notification = false;
}
{
command =
"i3-msg workspace ${ws1}, move workspace to output left";
command = "i3-msg focus left, workspace ${workspaces."1"}";
notification = false;
}
];
terminal = config.terminal;
window = {
border = 0;
hideEdgeBorders = "smart";
@ -241,22 +116,74 @@ in {
};
workspaceAutoBackAndForth = false;
workspaceOutputAssign = [ ];
# gaps = {
# bottom = 8;
# top = 8;
# left = 8;
# right = 8;
# horizontal = 15;
# vertical = 15;
# inner = 15;
# outer = 0;
# smartBorders = "off";
# smartGaps = false;
# };
};
extraConfig = "";
};
services.sxhkd.keybindings = let
# Shortcuts
i3-msg = "${pkgs.i3}/bin/i3-msg";
in {
# Window navigation
"super + {_,shift +}{h,j,k,l}" =
''${i3-msg} "{focus,move} {left,down,up,right}"'';
"super + {_,shift +}{Left,Down,Up,Right}" =
''${i3-msg} "{focus,move} {left,down,up,right}"'';
"super + q" = ''${i3-msg} "kill"'';
"super + f" = ''${i3-msg} "fullscreen toggle"'';
# Screen management
"super + control + l" = ''${i3-msg} "move workspace to output right"'';
"super + control + h" = ''${i3-msg} "move workspace to output left"'';
# Window layouts and tiling
"super + {i,v}" = ''${i3-msg} "split {h,v}"'';
"super + {s,t,e}" =
''${i3-msg} "layout {stacking,tabbed,toggle split}"'';
"super + shift + space" = ''${i3-msg} "floating toggle"'';
"super + control + space" = ''${i3-msg} "focus mode_toggle"'';
"super + a" = ''${i3-msg} "focus parent"'';
# Launch terminal
"super + Return" = ''
${i3-msg} "exec --no-startup-id ${config.terminal}; workspace ${
workspaces."2"
}; layout tabbed"'';
# Restart and reload
"super + shift + {c,r}" = ''${i3-msg} "{reload,restart}"'';
"super + shift + q" = ''
${pkgs.i3}/bin/i3-nagbar -t warning -m "Exit i3?" -B "Yes, exit i3" "${i3-msg} exit"'';
# Resize
"super + r : {h,j,k,l}" =
''${i3-msg} "resize {shrink,grow} width 10px or 10 ppt"'';
"super + r : {j,k}" =
''${i3-msg} "resize {shrink,grow} height 10px or 10 ppt"'';
} // (
# Bind navigation by number
let
bindWorkspace = num: workspace:
lib.attrsets.nameValuePair ("super + ${num}")
(''${i3-msg} "workspace ${workspace}"'');
in lib.mapAttrs' bindWorkspace workspaces
) // (
# Bind move container to workspace by number
let
bindWorkspace = num: workspace:
lib.attrsets.nameValuePair ("super + shift +${num}") (''
${i3-msg} "move container to workspace ${workspace}; workspace ${workspace}"'');
in lib.mapAttrs' bindWorkspace workspaces
);
programs.fish.functions = {
update-lock-screen = lib.mkIf config.services.xserver.enable {
description = "Update lockscreen with wallpaper";
@ -277,17 +204,20 @@ in {
};
lockScreenCommand =
"${pkgs.betterlockscreen}/bin/betterlockscreen --lock --display 1 --blur 0.5 --span";
# Ref: https://github.com/betterlockscreen/betterlockscreen/blob/next/system/betterlockscreen%40.service
systemd.services.lock = {
enable = config.services.xserver.enable;
description = "Lock the screen on resume from suspend";
description = "Lock the screen before suspend";
before = [ "sleep.target" "suspend.target" ];
serviceConfig = {
User = config.user;
Type = "simple";
Environment = "DISPLAY=:0";
TimeoutSec = "infinity";
ExecStart = lockCmd;
ExecStart = config.lockScreenCommand;
ExecStartPost = "${pkgs.coreutils-full}/bin/sleep 1";
};
wantedBy = [ "sleep.target" "suspend.target" ];

51
modules/nixos/graphical/keybinds.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, pkgs, ... }: {
home-manager.users.${config.user} = {
services.sxhkd = {
enable = true;
keybindings = {
# Adjust screen brightness (TODO: replace with pkgs.light?)
"shift + {F11,F12}" = ''
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 {- 30,+ 30} && sleep 1; \\
${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 {- 30,+ 30}
'';
"XF86MonBrightness{Down,Up}" = ''
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 {- 30,+ 30} && sleep 1; \\
${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 {- 30,+ 30}
'';
# Media controls
"XF86Audio{Play,Stop,Next,Prev}" =
"${pkgs.playerctl}/bin/playerctl {play-pause,stop,next,previous}";
# Toggle bar
"super + b" = config.toggleBarCommand;
# Launchers
"super + space" = config.launcherCommand;
"super + shift + s" = config.systemdSearch;
"super + shift + a" = config.audioSwitchCommand;
"alt + Tab" = config.altTabCommand;
"super + shift + period" = config.powerCommand;
"super + shift + m" = config.brightnessCommand;
"super + c" = config.calculatorCommand;
"super + shift + x" = config.lockScreenCommand;
"super + alt + h" =
"${config.terminal} sh -c '${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
"super + alt + r" =
"${config.terminal} sh -c 'doas nixos-rebuild switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
};
};
xsession.windowManager.i3.config.startup = [{
command = "pkill sxhkd; sxhkd";
always = true;
notification = false;
}];
};
}

2
modules/nixos/graphical/picom.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf (pkgs.stdenv.isLinux && config.services.xserver.enable) {
config = lib.mkIf config.services.xserver.enable {
home-manager.users.${config.user} = {
services.picom = {

11
modules/nixos/graphical/polybar.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf (pkgs.stdenv.isLinux && config.services.xserver.enable) {
config = lib.mkIf config.services.xserver.enable {
toggleBarCommand = "polybar-msg cmd toggle";
@ -36,7 +36,7 @@
module-margin = 1;
modules-left = "i3";
modules-center = "xwindow";
modules-right = "mailcount network pulseaudio date keyboard power";
modules-right = "mailcount network pulseaudio date power";
cursor-click = "pointer";
cursor-scroll = "ns-resize";
enable-ipc = true;
@ -200,17 +200,10 @@
label-foreground = config.theme.colors.base0A;
# format-background = colors.background;
};
"module/keyboard" = {
type = "custom/text";
content = "󰌌";
click-left = "doas systemctl restart keyd";
content-foreground = config.theme.colors.base04;
};
"module/power" = {
type = "custom/text";
content = " ";
click-left = config.powerCommand;
click-right = "polybar-msg cmd restart";
content-foreground = config.theme.colors.base04;
};
"settings" = {

22
modules/nixos/graphical/rofi.nix
View File

@ -8,11 +8,10 @@ in {
imports = [ ./rofi/power.nix ./rofi/brightness.nix ];
config = lib.mkIf (pkgs.stdenv.isLinux && config.services.xserver.enable) {
config = lib.mkIf config.services.xserver.enable {
# Set the Rofi-Systemd terminal for viewing logs
environment.sessionVariables.ROFI_SYSTEMD_TERM =
lib.mkIf config.kitty.enable "${pkgs.kitty}/bin/kitty";
environment.sessionVariables.ROFI_SYSTEMD_TERM = config.terminal;
home-manager.users.${config.user} = {
@ -24,6 +23,13 @@ in {
programs.rofi = {
enable = true;
cycle = true;
extraConfig = {
show-icons = true;
kb-cancel = "Escape,Super+space";
modi = "window,run,ssh,emoji,calc,systemd";
sort = true;
# levenshtein-sort = true;
};
location = "center";
pass = { };
plugins = [ pkgs.rofi-calc pkgs.rofi-emoji pkgs.rofi-systemd ];
@ -59,7 +65,7 @@ in {
border = mkLiteral "0px";
border-radius = mkLiteral "0px";
border-color = mkLiteral config.theme.colors.base04;
children = map mkLiteral [ "inputbar" "message" "listview" ];
children = map mkLiteral [ "inputbar" "listview" ];
spacing = mkLiteral "10px";
padding = mkLiteral "10px";
};
@ -143,15 +149,9 @@ in {
};
};
terminal = config.terminal;
xoffset = 0;
yoffset = -20;
extraConfig = {
show-icons = true;
kb-cancel = "Escape,Super+space";
modi = "window,run,ssh,emoji,calc,systemd";
sort = true;
# levenshtein-sort = true;
};
};
home.file.".local/share/rofi/themes" = {

7
modules/nixos/graphical/rofi/brightness.nix Executable file → Normal file
View File

@ -28,18 +28,17 @@ in {
-sep ';' \
-selected-row 1)
case "$chosen" in
"$dimmer")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 25
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 25
;;
"$medium")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 75
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 75
;;
"$brighter")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 100
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 100
;;
*) exit 1 ;;

12
modules/nixos/graphical/rofi/power.nix Executable file → Normal file
View File

@ -31,17 +31,15 @@ in {
-sep ';' \
-selected-row 2)
confirm () {
${builtins.readFile ./rofi-prompt.sh}
}
case "$chosen" in
"$power_off")
confirm 'Shutdown?' && doas shutdown now
${
builtins.toString ./rofi-prompt.sh
} 'Shutdown?' && doas shutdown now
;;
"$reboot")
confirm 'Reboot?' && doas reboot
${builtins.toString ./rofi-prompt.sh} 'Reboot?' && doas reboot
;;
"$lock")
@ -53,7 +51,7 @@ in {
;;
"$log_out")
confirm 'Logout?' && i3-msg exit
${builtins.toString ./rofi-prompt.sh} 'Logout?' && i3-msg exit
;;
*) exit 1 ;;

4
modules/nixos/graphical/rofi/rofi-prompt.sh
View File

@ -42,6 +42,6 @@ chosen=$(printf '%s;%s\n' "$yes" "$no" |
-selected-row 1)
case "$chosen" in
"$yes") return 0 ;;
*) return 1 ;;
"$yes") exit 0 ;;
*) exit 1 ;;
esac

25
modules/nixos/graphical/sway.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, ... }: {
config = lib.mkIf config.gui.enable {
programs.sway = {
enable = true;
package = null; # Use home-manager Sway instead
};
};
home-manager.users.${config.user} = {
wayland.windowManager.sway = {
enable = true;
config =
config.home-manager.users.${config.user}.xsession.windowManager.i3.config;
};
};
# TODO: swaybg
# TODO: swaylock
}

6
modules/nixos/hardware/keyboard.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ config, ... }: {
config = {
@ -23,10 +23,6 @@
};
};
# For some reason, keyd doesn't restart properly when updating
system.activationScripts.keyd.text =
"${pkgs.systemd}/bin/systemctl restart keyd.service";
# Enable num lock on login
home-manager.users.${config.user}.xsession.numlock.enable = true;

2
modules/nixos/hardware/networking.nix
View File

@ -12,7 +12,7 @@
domainName = "local";
ipv6 = false; # Should work either way
# Resolve local hostnames using Avahi DNS
nssmdns4 = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;

19
modules/nixos/services/arr.nix
View File

@ -2,7 +2,6 @@
let
# This config specifies ports for Prometheus to scrape information
arrConfig = {
radarr = {
exportarrPort = "9707";
@ -42,8 +41,6 @@ in {
sabnzbd = {
enable = true;
group = "media";
# The config file must be editable within the application
# It contains server configs and credentials
configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
};
sonarr = {
@ -56,23 +53,16 @@ in {
};
};
# Create a media group to be shared between services
users.groups.media = { };
# Give the human user access to the media group
users.users.${config.user}.extraGroups = [ "media" ];
# Allows media group to read/write the sabnzbd directory
users.users.sabnzbd.homeMode = "0770";
unfreePackages = [ "unrar" ]; # Required as a dependency for sabnzbd
unfreePackages = [ "unrar" ]; # Required for sabnzbd
# Requires updating the base_url config value in each service
# If you try to rewrite the URL, the service won't redirect properly
caddy.routes = [
{
# Group means that routes with the same name are mutually exclusive,
# so they are split between the appropriate services.
group = "download";
match = [{
host = [ config.hostnames.download ];
@ -80,7 +70,6 @@ in {
}];
handle = [{
handler = "reverse_proxy";
# We're able to reference the url and port of the service dynamically
upstreams = [{ dial = arrConfig.sonarr.url; }];
}];
}
@ -103,7 +92,6 @@ in {
}];
handle = [{
handler = "reverse_proxy";
# Prowlarr doesn't offer a dynamic config, so we have to hardcode it
upstreams = [{ dial = "localhost:9696"; }];
}];
}
@ -116,7 +104,6 @@ in {
handle = [{
handler = "reverse_proxy";
upstreams = [{
# Bazarr only dynamically sets the port, not the host
dial = "localhost:${
builtins.toString config.services.bazarr.listenPort
}";
@ -158,12 +145,10 @@ in {
Type = "simple";
DynamicUser = true;
ExecStart = let
# Sabnzbd doesn't accept the URI path, unlike the others
url = if name != "sabnzbd" then
"http://${attrs.url}/${name}"
else
"http://${attrs.url}";
# Exportarr is trained to pull from the arr services
in ''
${pkgs.exportarr}/bin/exportarr ${name} \
--url ${url} \
@ -212,7 +197,7 @@ in {
prefix = "API_KEY=";
};
# Prometheus scrape targets (expose Exportarr to Prometheus)
# Prometheus scrape targets
prometheus.scrapeTargets = map (key:
"127.0.0.1:${
lib.attrsets.getAttrFromPath [ key "exportarrPort" ] arrConfig

3
modules/nixos/services/backups.nix
View File

@ -1,6 +1,3 @@
# This is my setup for backing up SQlite databases and other systems to S3 or
# S3-equivalent services (like Backblaze B2).
{ config, lib, ... }: {
options = {

16
modules/nixos/services/bind.nix
View File

@ -1,10 +1,3 @@
# Bind is a DNS service. This allows me to resolve public domains locally so
# when I'm at home, I don't have to travel over the Internet to reach my
# server.
# To set this on all home machines, I point my router's DNS resolver to the
# local IP address of the machine running this service (swan).
{ config, pkgs, lib, ... }:
let
@ -23,19 +16,11 @@ in {
config = lib.mkIf config.services.bind.enable {
# Normally I block all requests not coming from Cloudflare, so I have to also
# allow my local network.
caddy.cidrAllowlist = [ "192.168.0.0/16" ];
services.bind = {
# Allow requests coming from these IPs. This way I don't somehow get
# spammed with DNS requests coming from the Internet.
cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
# When making normal DNS requests, forward them to Cloudflare to resolve.
forwarders = [ "1.1.1.1" "1.0.0.1" ];
ipv4Only = true;
# Use rpz zone as an override
@ -62,7 +47,6 @@ in {
};
# We must allow DNS traffic to hit our machine as well
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];

28
modules/nixos/services/caddy.nix
View File

@ -1,14 +1,3 @@
# Caddy is a reverse proxy, like Nginx or Traefik. This creates an ingress
# point from my local network or the public (via Cloudflare). Instead of a
# Caddyfile, I'm using the more expressive JSON config file format. This means
# I can source routes from other areas in my config and build the JSON file
# using the result of the expression.
# Caddy helpfully provides automatic ACME cert generation and management, but
# it requires a form of validation. We are using a custom build of Caddy
# (compiled with an overlay) to insert a plugin for managing DNS validation
# with Cloudflare's DNS API.
{ config, pkgs, lib, ... }: {
options = {
@ -53,17 +42,12 @@
configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
apps.http.servers.main = {
listen = [ ":443" ];
# These routes are pulled from the rest of this repo
routes = config.caddy.routes;
errors.routes = config.caddy.blocks;
logs = { }; # Uncommenting collects access logs
logs = { }; # Uncomment to collect access logs
};
apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies;
# Setup logging to file
logging.logs.main = {
encoder = { format = "console"; };
writer = {
@ -74,23 +58,13 @@
};
level = "INFO";
};
});
};
# Allows Caddy to serve lower ports (443, 80)
systemd.services.caddy.serviceConfig.AmbientCapabilities =
"CAP_NET_BIND_SERVICE";
# Required for web traffic to reach this machine
networking.firewall.allowedTCPPorts = [ 80 443 ];
# HTTP/3 QUIC uses UDP (not sure if being used)
networking.firewall.allowedUDPPorts = [ 443 ];
# Caddy exposes Prometheus metrics with the admin API
# https://caddyserver.com/docs/api
prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
};

9
modules/nixos/services/calibre.nix
View File

@ -1,9 +1,3 @@
# Calibre-web is an E-Book library and management tool.
# - Exposed to the public via Caddy.
# - Hostname defined with config.hostnames.books
# - File directory backed up to S3 on a cron schedule.
{ config, pkgs, lib, ... }:
let
@ -32,7 +26,6 @@ in {
};
};
# Allow web traffic to Caddy
caddy.routes = [{
match = [{ host = [ config.hostnames.books ]; }];
handle = [{
@ -42,8 +35,6 @@ in {
builtins.toString config.services.calibre-web.listen.port
}";
}];
# This is required when calibre-web is behind a reverse proxy
# https://github.com/janeczku/calibre-web/issues/19
headers.request.add."X-Script-Name" = [ "/calibre-web" ];
}];
}];

16
modules/nixos/services/cloudflare-tunnel.nix
View File

@ -1,12 +1,3 @@
# Cloudflare Tunnel is a service for accessing the network even behind a
# firewall, through outbound-only requests. It works by installing an agent on
# our machines that exposes services through Cloudflare Access (Zero Trust),
# similar to something like Tailscale.
# In this case, we're using Cloudflare Tunnel to enable SSH access over a web
# browser even when outside of my network. This is probably not the safest
# choice but I feel comfortable enough with it anyway.
{ config, lib, ... }:
# First time setup:
@ -49,28 +40,23 @@
tunnels = {
"${config.cloudflareTunnel.id}" = {
credentialsFile = config.secrets.cloudflared.dest;
# Catch-all if no match (should never happen anyway)
default = "http_status:404";
# Match from ingress of any valid server name to SSH access
ingress = { "*.masu.rs" = "ssh://localhost:22"; };
};
};
};
# Grant Cloudflare access to SSH into this server
environment.etc = {
"ssh/ca.pub".text = ''
${config.cloudflareTunnel.ca}
'';
# Must match the username portion of the email address in Cloudflare
# Access
# Must match the username of the email address in Cloudflare Access
"ssh/authorized_principals".text = ''
${config.user}
'';
};
# Adjust SSH config to allow access from Cloudflare's certificate
services.openssh.extraConfig = ''
PubkeyAuthentication yes
TrustedUserCAKeys /etc/ssh/ca.pub

13
modules/nixos/services/cloudflare.nix
View File

@ -1,13 +1,5 @@
# This module is necessary for hosts that are serving through Cloudflare.
# Cloudflare is a CDN service that is used to serve the domain names and
# caching for my websites and services. Since Cloudflare acts as our proxy, we
# must allow access over the Internet from Cloudflare's IP ranges.
# We also want to validate our HTTPS certificates from Caddy. We'll use Caddy's
# DNS validation plugin to connect to Cloudflare and automatically create
# validation DNS records for our generated certificates.
{ config, pkgs, lib, ... }:
let
@ -67,9 +59,10 @@ in {
};
}];
}];
# Allow Caddy to read Cloudflare API key for DNS validation
systemd.services.caddy.serviceConfig.EnvironmentFile =
config.secrets.cloudflareApi.dest;
systemd.services.caddy.serviceConfig.AmbientCapabilities =
"CAP_NET_BIND_SERVICE";
# API key must have access to modify Cloudflare DNS records
secrets.cloudflareApi = {
@ -80,7 +73,7 @@ in {
};
# Allows Nextcloud to trust Cloudflare IPs
services.nextcloud.extraOptions.trusted_proxies = cloudflareIpRanges;
services.nextcloud.config.trustedProxies = cloudflareIpRanges;
};
}

6
modules/nixos/services/default.nix
View File

@ -1,6 +1,3 @@
# This file imports all the other files in this directory for use as modules in
# my config.
{ ... }: {
imports = [
@ -16,15 +13,12 @@
./gnupg.nix
./grafana.nix
./honeypot.nix
./influxdb2.nix
./jellyfin.nix
./keybase.nix
./mullvad.nix
./n8n.nix
./netdata.nix
./nextcloud.nix
./paperless.nix
./postgresql.nix
./prometheus.nix
./samba.nix
./secrets.nix

6
modules/nixos/services/gitea-runner.nix
View File

@ -1,9 +1,3 @@
# Gitea Actions is a CI/CD service for the Gitea source code server, meaning it
# allows us to run code operations (such as testing or deploys) when our git
# repositories are updated. Any machine can act as a Gitea Action Runner, so
# the Runners don't necessarily need to be running Gitea. All we need is an API
# key for Gitea to connect to it and register ourselves as a Runner.
{ config, pkgs, lib, ... }:
{

21
modules/nixos/services/gitea.nix
View File

@ -11,21 +11,11 @@ in {
actions.ENABLED = true;
metrics.ENABLED = true;
repository = {
# Pushing to a repo that doesn't exist automatically creates one as
# private.
DEFAULT_PUSH_CREATE_PRIVATE = true;
# Allow git over HTTP.
DISABLE_HTTP_GIT = false;
# Allow requests hitting the specified hostname.
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
# Automatically create viable users/orgs on push.
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
# Default when creating new repos.
DEFAULT_BRANCH = "main";
};
server = {
@ -35,15 +25,11 @@ in {
SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false;
# SSH_LISTEN_HOST = "0.0.0.0";
# SSH_LISTEN_PORT = 122;
};
# Don't allow public users to register accounts.
service.DISABLE_REGISTRATION = true;
# Force using HTTPS for all session access.
session.COOKIE_SECURE = true;
# Hide users' emails.
ui.SHOW_USER_EMAIL = false;
};
extraConfig = null;
@ -53,7 +39,6 @@ in {
users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [
# Prevent public access to Prometheus metrics.
{
match = [{
host = [ config.hostnames.git ];
@ -64,7 +49,6 @@ in {
status_code = "403";
}];
}
# Allow access to primary server.
{
match = [{ host = [ config.hostnames.git ]; }];
handle = [{
@ -79,7 +63,6 @@ in {
}
];
# Scrape the metrics endpoint for Prometheus.
prometheus.scrapeTargets = [
"127.0.0.1:${
builtins.toString config.services.gitea.settings.server.HTTP_PORT

2
modules/nixos/services/gnupg.nix
View File

@ -1,5 +1,3 @@
# GPG is an encryption tool. This isn't really in use for me at the moment.
{ config, pkgs, lib, ... }: {
options.gpg.enable = lib.mkEnableOption "GnuPG encryption.";

1
modules/nixos/services/grafana.nix
View File

@ -7,7 +7,6 @@ in {
config = lib.mkIf config.services.grafana.enable {
# Allow Grafana to connect to email service
secrets.mailpass-grafana = {
source = ../../../private/mailpass-grafana.age;
dest = "${config.secretsDirectory}/mailpass-grafana";

5
modules/nixos/services/honeypot.nix
View File

@ -1,10 +1,7 @@
# This is a tool for blocking IPs of anyone who attempts to scan all of my
# ports.
{ config, lib, pkgs, ... }:
# Currently has some issues that don't make this viable.
{ config, lib, pkgs, ... }:
# Taken from:
# https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html

61
modules/nixos/services/influxdb2.nix
View File

@ -1,61 +0,0 @@
# InfluxDB is a timeseries database similar to Prometheus. While
# VictoriaMetrics can also act as an InfluxDB, this version of it allows for
# infinite retention separate from our other metrics, which can be nice for
# recording health information, for example.
{ config, lib, ... }: {
config = {
services.influxdb2 = {
provision = {
enable = true;
initialSetup = {
bucket = "default";
organization = "main";
passwordFile = config.secrets.influxdb2Password.dest;
retention = 0; # Keep data forever
tokenFile = config.secrets.influxdb2Token.dest;
username = "admin";
};
};
settings = { };
};
# Create credentials file for InfluxDB admin
secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
source = ../../../private/influxdb2-password.age;
dest = "${config.secretsDirectory}/influxdb2-password";
owner = "influxdb2";
group = "influxdb2";
permissions = "0440";
};
systemd.services.influxdb2Password-secret =
lib.mkIf config.services.influxdb2.enable {
requiredBy = [ "influxdb2.service" ];
before = [ "influxdb2.service" ];
};
secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
source = ../../../private/influxdb2-token.age;
dest = "${config.secretsDirectory}/influxdb2-token";
owner = "influxdb2";
group = "influxdb2";
permissions = "0440";
};
systemd.services.influxdb2Token-secret =
lib.mkIf config.services.influxdb2.enable {
requiredBy = [ "influxdb2.service" ];
before = [ "influxdb2.service" ];
};
caddy.routes = lib.mkIf config.services.influxdb2.enable [{
match = [{ host = [ config.hostnames.influxdb ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8086"; }];
}];
}];
};
}

8
modules/nixos/services/jellyfin.nix
View File

@ -1,6 +1,3 @@
# Jellyfin is a self-hosted video streaming service. This means I can play my
# server's videos from a webpage, mobile app, or TV client.
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.services.jellyfin.enable {
@ -9,7 +6,6 @@
users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [
# Prevent public access to Prometheus metrics.
{
match = [{
host = [ config.hostnames.stream ];
@ -20,7 +16,6 @@
status_code = "403";
}];
}
# Allow access to normal route.
{
match = [{ host = [ config.hostnames.stream ]; }];
handle = [{
@ -52,9 +47,6 @@
users.users.jellyfin.extraGroups =
[ "render" "video" ]; # Access to /dev/dri
# Fix issue where Jellyfin-created directories don't allow access for media group
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
prometheus.scrapeTargets = [ "127.0.0.1:8096" ];

26
modules/nixos/services/keybase.nix
View File

@ -1,23 +1,23 @@
# Keybase is an encrypted communications tool with a synchronized encrypted
# filestore that can be mounted onto a machine's filesystem.
{ config, pkgs, lib, ... }: {
options.keybase.enable = lib.mkEnableOption "Keybase.";
config = lib.mkIf config.keybase.enable {
home-manager.users.${config.user} = lib.mkIf config.keybase.enable {
services.keybase.enable = true;
services.kbfs = {
enable = true;
mountPoint = "keybase";
};
# https://github.com/nix-community/home-manager/issues/4722
systemd.user.services.kbfs.Service.PrivateTmp = lib.mkForce false;
services.keybase.enable = true;
services.kbfs = {
enable = true;
# enableRedirector = true;
mountPoint = "/run/user/1000/keybase/kbfs";
};
security.wrappers.keybase-redirector = {
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.kbfs}/bin/redirector";
};
home-manager.users.${config.user} = {
home.packages = [ (lib.mkIf config.gui.enable pkgs.keybase-gui) ];
home.file = let
ignorePatterns = ''

2
modules/nixos/services/mullvad.nix
View File

@ -1,5 +1,3 @@
# Mullvad is a VPN service. This isn't currently in use for me at the moment.
{ config, pkgs, lib, ... }: {
options.mullvad.enable = lib.mkEnableOption "Mullvad VPN.";

3
modules/nixos/services/n8n.nix
View File

@ -1,6 +1,3 @@
# n8n is an automation integration tool for connecting data from services
# together with triggers.
{ config, lib, ... }: {
options = {

3
modules/nixos/services/netdata.nix
View File

@ -1,6 +1,3 @@
# Netdata is an out-of-the-box monitoring tool that exposes many different
# metrics. Not currently in use, in favor of VictoriaMetrics and Grafana.
{ config, lib, ... }: {
options.netdata.enable = lib.mkEnableOption "Netdata metrics.";

30
modules/nixos/services/nextcloud.nix
View File

@ -3,7 +3,7 @@
config = lib.mkIf config.services.nextcloud.enable {
services.nextcloud = {
package = pkgs.nextcloud28; # Required to specify
package = pkgs.nextcloud27; # Required to specify
configureRedis = true;
datadir = "/data/nextcloud";
database.createLocally = true;
@ -13,26 +13,18 @@
config = {
adminpassFile = config.secrets.nextcloud.dest;
dbtype = "mysql";
extraTrustedDomains = [ config.hostnames.content ];
trustedProxies = [ "127.0.0.1" ];
};
extraOptions = {
default_phone_region = "US";
# Allow access when hitting either of these hosts or IPs
trusted_domains = [ config.hostnames.content ];
trusted_proxies = [ "127.0.0.1" ];
};
extraOptions = { default_phone_region = "US"; };
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts;
# These apps are defined and pinned by overlay in flake.
news = pkgs.nextcloudApps.news;
external = pkgs.nextcloudApps.external;
cookbook = pkgs.nextcloudApps.cookbook;
snappymail = pkgs.nextcloudApps.snappymail;
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
"output_buffering" = "0";
};
phpOptions = { "opcache.interned_strings_buffer" = "16"; };
};
# Don't let Nginx use main ports (using Caddy instead)
@ -55,10 +47,7 @@
handle = [
{
handler = "vars";
# Grab the webroot out of the written config
# The webroot is a symlinked combined Nextcloud directory
root =
config.services.nginx.virtualHosts.${config.services.nextcloud.hostName}.root;
root = config.services.nextcloud.package;
}
{
handler = "headers";
@ -67,6 +56,13 @@
}
];
}
{
match = [{ path = [ "/nix-apps*" "/store-apps*" ]; }];
handle = [{
handler = "vars";
root = config.services.nextcloud.home;
}];
}
# Reroute carddav and caldav traffic
{
match =

71
modules/nixos/services/paperless.nix
View File

@ -1,71 +0,0 @@
# Paperless-ngx is a document scanning and management solution.
{ config, lib, ... }: {
config = lib.mkIf config.services.paperless.enable {
services.paperless = {
mediaDir = "/data/generic/paperless";
passwordFile = config.secrets.paperless.dest;
settings = {
PAPERLESS_OCR_USER_ARGS =
builtins.toJSON { invalidate_digital_signatures = true; };
# Enable if changing the path name in Caddy
# PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";
# PAPERLESS_STATIC_URL = "/paperless/static/";
};
};
# Allow Nextcloud and user to see files
users.users.nextcloud.extraGroups =
lib.mkIf config.services.nextcloud.enable [ "paperless" ];
users.users.${config.user}.extraGroups = [ "paperless" ];
caddy.routes = [{
match = [{
host = [ config.hostnames.paperless ];
# path = [ "/paperless*" ]; # Change path name in Caddy
}];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial =
"localhost:${builtins.toString config.services.paperless.port}";
}];
}];
}];
secrets.paperless = {
source = ../../../private/prometheus.age;
dest = "${config.secretsDirectory}/paperless";
owner = "paperless";
group = "paperless";
permissions = "0440";
};
systemd.services.paperless-secret = {
requiredBy = [ "paperless.service" ];
before = [ "paperless.service" ];
};
# Fix permissions on a regular schedule
systemd.timers.paperless-permissions = {
timerConfig = {
OnCalendar = "*-*-* *:0/5"; # Every 5 minutes
Unit = "paperless-permissions.service";
};
wantedBy = [ "timers.target" ];
};
# Fix paperless shared permissions
systemd.services.paperless-permissions = {
description = "Allow group access to paperless files";
serviceConfig = { Type = "oneshot"; };
script = ''
find ${config.services.paperless.mediaDir} -type f -exec chmod 640 -- {} +
'';
};
};
}

22
modules/nixos/services/postgresql.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, lib, ... }: {
services.postgresql = {
package = pkgs.postgresql_15;
settings = { };
identMap = "";
ensureUsers = [{
name = config.user;
ensureClauses = {
createdb = true;
createrole = true;
login = true;
};
}];
};
home-manager.users.${config.user}.home.packages =
lib.mkIf config.services.postgresql.enable [
pkgs.pgcli # Postgres client with autocomplete
];
}

6
modules/nixos/services/prometheus.nix
View File

@ -1,9 +1,3 @@
# Prometheus is a timeseries database that exposes system and service metrics
# for use in visualizing, monitoring, and alerting (with Grafana).
# Instead of running traditional Prometheus, I generally run VictoriaMetrics as
# a more efficient drop-in replacement.
{ config, pkgs, lib, ... }: {
options.prometheus = {

2
modules/nixos/services/samba.nix
View File

@ -1,5 +1,3 @@
# Samba is a Windows-compatible file-sharing service.
{ config, lib, ... }: {
config = {

9
modules/nixos/services/sshd.nix
View File

@ -1,6 +1,4 @@
# SSHD service for allowing SSH access to my machines.
{ config, pkgs, lib, ... }: {
{ config, lib, ... }: {
options = {
publicKey = lib.mkOption {
@ -34,10 +32,7 @@
services.sshguard.enable = true;
# Add terminfo for SSH from popular terminal emulators
# Fix: terminfo now installs contour, which is broken on ARM
# - https://github.com/NixOS/nixpkgs/pull/253334
# - Will disable until fixed
environment.enableAllTerminfo = pkgs.stdenv.isLinux && pkgs.stdenv.isx86_64;
environment.enableAllTerminfo = true;
};
}

3
modules/nixos/services/transmission.nix
View File

@ -1,6 +1,3 @@
# Transmission is a bittorrent client, which can run in the background for
# automated downloads with a web GUI.
{ config, pkgs, lib, ... }: {
options = {

4
modules/nixos/services/vaultwarden.nix
View File

@ -1,7 +1,3 @@
# Vaultwarden is an implementation of the Bitwarden password manager backend
# service, which allows for self-hosting the synchronization of a Bitwarden
# password manager client.
{ config, pkgs, lib, ... }:
let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory

3
modules/nixos/services/victoriametrics.nix
View File

@ -1,6 +1,3 @@
# VictoriaMetrics is a more efficient drop-in replacement for Prometheus and
# InfluxDB (timeseries databases built for monitoring system metrics).
{ config, pkgs, lib, ... }:
let

3
modules/nixos/services/wireguard.nix
View File

@ -1,6 +1,3 @@
# Wireguard is a VPN protocol that can be setup to create a mesh network
# between machines on different LANs. This is currently not in use in my setup.
{ config, pkgs, lib, ... }: {
options.wireguard.enable = lib.mkEnableOption "Wireguard VPN setup.";

11
modules/nixos/system/doas.nix
View File

@ -26,14 +26,9 @@
};
};
home-manager.users.${config.user}.programs = {
# Alias sudo to doas for convenience
fish.shellAliases = { sudo = "doas"; };
# Disable overriding our sudo alias with a TERMINFO alias
kitty.settings.shell_integration = "no-sudo";
# Alias sudo to doas for convenience
home-manager.users.${config.user}.programs.fish.shellAliases = {
sudo = "doas";
};
};

9
overlays/age.nix
View File

@ -1,9 +0,0 @@
# Pin age because it is failing to build
# https://github.com/NixOS/nixpkgs/pull/265753
inputs: _final: prev: {
age = prev.age.overrideAttrs (old: {
src = inputs.age;
doCheck = false; # https://github.com/FiloSottile/age/issues/517
});
}

20
overlays/bypass-paywalls-clean.nix
View File

@ -1,20 +0,0 @@
inputs: _final: prev: {
# Based on:
# https://git.sr.ht/~rycee/nur-expressions/tree/master/item/pkgs/firefox-addons/default.nix#L34
bypass-paywalls-clean = let addonId = "magnolia@12.34";
in prev.stdenv.mkDerivation rec {
pname = "bypass-paywalls-clean";
version = "3.4.9.0";
src = inputs.bypass-paywalls-clean + "/bypass_paywalls_clean-latest.xpi";
preferLocalBuild = true;
allowSubstitutes = true;
buildCommand = ''
dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
mkdir -p "$dst"
install -v -m644 "${src}" "$dst/${addonId}.xpi"
'';
};
}

4
overlays/caddy.nix
View File

@ -22,7 +22,7 @@ let
'';
in {
caddy-cloudflare = prev.buildGo120Module {
caddy-cloudflare = prev.buildGo118Module {
pname = "caddy-cloudflare";
version = prev.caddy.version;
runVend = true;
@ -31,7 +31,7 @@ in {
src = prev.caddy.src;
vendorHash = "sha256:pr2MI2Nv9y357lCEEh6aNdmD9FiCaJIkRfHaoWgdQIE=";
vendorSha256 = "sha256:CrHqJcJ0knX+txQ5qvzW4JrU8vfi3FO3M/xtislIC1M=";
overrideModAttrs = (_: {
preBuild = ''

Some files were not shown because too many files have changed in this diff Show More